Modifier and Type | Class and Description |
---|---|
class |
ApplicationRoleInUseException
This exception is thrown when an application role to be deleted is referenced by other application roles.
|
class |
ExternalPolicyObjectException |
class |
PolicyObjectAlreadyExistsException
This exception is thrown when a specific policy object (grantee, role etc) already exists in the policy store
|
class |
PolicyObjectNotFoundException
This exception is thrown when a policy object (grantee, role etc) does not exist in the policy store.
|
class |
PolicyStoreConfigException |
class |
PolicyStoreConnectivityException
This exception is thrown when an underlying connectivity issue happens.
|
class |
PolicyStoreContainerNotReadyException |
class |
PolicyStoreOperationNotAllowedException
An exception thrown by the PolicyStore M-APIs that indicate the store operation was not allowed.
|
class |
ResourceFinderException
This is a resource finder related exception that is thrown when a
ResourceFinder cannot be instantiated or invoked by JPS. |
Modifier and Type | Method and Description |
---|---|
void |
ApplicationPolicy.addPrincipalToAppRole(PrincipalEntry principalEntry, java.lang.String appRoleName)
Adds this principal as member to this app role
|
void |
ApplicationPolicy.addPrincipalToAppRole(java.security.Principal principal, java.lang.String appRoleName)
Adds this principal as member to this app role
|
void |
ApplicationPolicy.alterAppRole(java.lang.String appRoleName, java.lang.String newDescription, java.lang.String newDisplayName)
Alters an application Role's display Name and description These paramters are not used to compare two application roles for similarity An application Role's name or GUID are unique/ immutable properties NOTE: Supplying "null" to Description or Display Name will replace previous Description/ Display Name with "null"
|
void |
ApplicationPolicy.alterAppRoleCategory(java.lang.String appRoleName, java.lang.String newCategory)
Alters an application Role's category An application Role's name or GUID are unique/ immutable properties NOTE: Supplying "null" to category will replace previous category with "null"
|
java.util.Set<ResourceActionsEntry> |
PolicyStore.checkBulkAuthorization(javax.security.auth.Subject subject, java.util.Set<ResourceActionsEntry> requestedResources)
Determines whether the subject has access one or more Resource Actions.
|
boolean |
ApplicationPolicy.containsAppRole(java.lang.String appRoleName)
checks if this app role exists.
|
boolean |
ApplicationPolicy.containsPrincipalAsMember(java.lang.String appRoleName, java.security.Principal principal)
Checks if this principal is a member of this app role
|
ApplicationPolicy |
PolicyStore.createApplicationPolicy(java.lang.String appId)
Creates an application policy given the application name -
appid . |
void |
ApplicationPolicy.createAppRole(java.lang.String appRoleName, java.lang.String displayName, java.lang.String desc, ExtendedProperty appRoleAttributes)
Creates the requested application role in the policy store with extended attributes.
|
void |
ApplicationPolicy.createAppRole(java.lang.String appRoleName, java.lang.String displayName, java.lang.String desc, java.lang.String guid)
Creates the requested application role in policy store.
|
void |
ApplicationPolicy.createAppRole(java.lang.String appRoleName, java.lang.String displayName, java.lang.String desc, java.lang.String guid, ExtendedProperty appRoleAttributes)
Creates the requested application role in the policy store with extended attributes.
|
void |
PolicyStore.deleteApplicationPolicy(java.lang.String appId)
Delete an application policy given the application name -
appid . |
java.util.List<AppRoleEntry> |
ApplicationPolicy.getAllAppRoleEntries()
Returns all app role entries
|
java.util.List<JpsApplicationRole> |
ApplicationPolicy.getAllAppRoles()
Returns the list of all the application roles in this application context.
|
java.util.List<AppRoleEntry> |
ApplicationPolicy.getAllGrantedAppRoleEntries(java.security.Principal principal)
Returns all the granted app role entries for this principal where the principal is either a direct member or indirect member through other app roles.
|
java.util.List<JpsApplicationRole> |
ApplicationPolicy.getAllGrantedAppRoles(java.security.Principal principal)
Returns all the granted app roles for this principal where the principal is either a direct member or indirect member through other app roles.
|
java.util.Map<java.lang.String,ApplicationPolicy> |
PolicyStore.getApplicationPolicies()
Deprecated.
Use
getApplicationPolicy(String appId) Returns a map of applications and their policies managed by this PolicyStore This may in turn be queried for application roles, and policies provisioned for a given application |
ApplicationPolicy |
PolicyStore.getApplicationPolicy(java.lang.String appId)
Returns a application policy for the given application by this PolicyStore
|
java.util.List<AppRoleEntry> |
PolicyStore.getAppRoles(StoreAppRoleSearchQuery query)
Search ApplicationRoles across one or more Applications based upon user specified criteria (query)
Caller should have PolicyStoreAccessPermission ("context=APPLICATION,name=Queried Applicaiton's stripe Id" , "getApplicationPolicy") permission to search for roles.If the caller does not supply an application name (or supplies a partial application name with some MATCHER other than EXACT) then they should have PolicyStoreAccessPermission ("context=APPLICATION, name=*" , "getApplicationPolicy") to search for app roles. |
java.util.List<java.security.Principal> |
ApplicationPolicy.getAppRolesMembers(java.lang.String appRoleName)
Returns the list of principals granted to this application role.
|
java.util.List<java.lang.String> |
PolicyStore.getConfiguredApplications()
Deprecated.
|
java.util.List<JpsApplicationRole> |
ApplicationPolicy.getGrantedAppRoles(java.security.Principal principal)
Returns all the granted app roles for this principal where the principal is a direct member of the App Role.
|
java.util.List<GrantEntry> |
PolicyMgmt.getGrantEntries()
Get all the grants defined in this scope (system or application).
|
JavaPolicy |
PolicyStore.getSystemPolicy()
Returns the "system" or "non-app-specific" or "global" policy
|
void |
PolicyMgmt.grant(java.util.List<PrincipalEntry> principalEntries, CodeSourceEntry csEntry, java.util.List<PermissionEntry> permissionEntries)
Grant a set of permissions to this group of principals and code source, or otherwise collectively known as the grantee.
|
void |
PolicyMgmt.grant(java.security.Principal[] principals, java.security.CodeSource cs, java.security.Permission[] perms)
Grant a set of permissions to this group of principals and code source, or otherwise collectively known as the grantee.
|
void |
PolicyStore.modifyApplicationPolicy(ApplicationPolicy app)
Modify an application policy in the persistence store.
|
void |
PolicyMgmt.modifyGrant(java.util.List<PrincipalEntry> principalEntries, CodeSourceEntry csEntry, PermissionEntry oldpermissionEntry, PermissionEntry newPermissionEntry)
Modifies a grant by replacing the permission in an existing grant with a given permission if not already present.
|
void |
ApplicationPolicy.removeAppRole(java.lang.String appRoleName)
Removes the application role from policy store.
|
void |
ApplicationPolicy.removeAppRole(java.lang.String appRoleName, boolean force)
Removes the application role from policy store.
|
void |
ApplicationPolicy.removePrincipalFromAppRole(PrincipalEntry principalEntry, java.lang.String appRoleName)
Removes this principal from this appRoleName
|
void |
ApplicationPolicy.removePrincipalFromAppRole(java.security.Principal principal, java.lang.String appRoleName)
Removes this principal from this appRoleName
|
void |
PolicyMgmt.revoke(java.util.List<PrincipalEntry> principalEntries, CodeSourceEntry csEntry, java.util.List<PermissionEntry> permissionEntries)
Revoke a grant of permissions from this set of principals and codesource combination
|
void |
PolicyMgmt.revoke(java.security.Principal[] principals, java.security.CodeSource cs, java.security.Permission[] perms)
Revoke a grant of permissions from this set of principals and codesource combination.
|
java.util.List<AppRoleEntry> |
ApplicationPolicy.searchAppRoles(java.lang.String appRoleName)
This method returns a list of application roles by an app role name.
|
java.util.List<AppRoleEntry> |
ApplicationPolicy.searchAppRoles(java.lang.String roleAttrName, java.lang.String roleAttrNameVal, boolean inequality)
This method searches application roles by an attribute and its value.
|
Modifier and Type | Method and Description |
---|---|
EntryReference |
PermissionSetManager.createPermissionSet(PermissionSetEntry permSet)
Create a PermissionSet
|
EntryReference |
ResourceManager.createResource(ResourceEntry resrc)
Create a Resource
|
EntryReference |
ResourceTypeManager.createResourceType(ResourceTypeEntry entry)
Validates and creates the given resource type in the backend data store.
|
EntryReference |
RoleCategoryManager.createRoleCategory(RoleCategoryEntry entry)
Validates and creates the given role category in the backend data store.
|
void |
PermissionSetManager.deletePermissionSet(EntryReference ref, boolean cascade)
Delete a PermissionSet
|
void |
ResourceManager.deleteResource(EntryReference res, boolean cascadeDelete)
Deletes a Resource
|
void |
ResourceTypeManager.deleteResourceType(EntryReference rtRef, boolean cascadeDelete)
Deletes the resource type.
|
void |
RoleCategoryManager.deleteRoleCategory(EntryReference rcRef)
Deletes the role category.
|
java.util.List<AppRoleEntry> |
ChangeLogManager.getApplicationRoles(ChangeLogSearchQuery query)
Returns the added AND modified roles in the current application policy after the timestamp specified in the query The timestamp must be obtained from the API:
ChangeLogManager.getLastModifiedTimeStamp(String, ChangeLogEntity) Note that the returned list may contain duplicates of Application Roles returned earlier. |
java.util.List<AppRoleEntry> |
ChangeLogManager.getDeletedAppRoles(ChangeLogSearchQuery query)
Returns all approles deleted from the current application policy after the supplied timestamp
|
java.util.List<PermissionEntry> |
ChangeLogManager.getDeletedPermissions(ChangeLogSearchQuery query)
Returns all permissions deleted from the current application policy after the supplied timestamp.
|
java.util.List<GrantEntry> |
GrantManager.getGrants(GrantSearchQuery query)
Query the store to retrieve Grants based upon a search criteria.
|
java.util.List<GrantEntry> |
GrantManager.getGrantsForApplicationRoles(java.util.List<AppRoleEntry> appRoleNameEntries, boolean order)
Search for Grants based on one or more Application Roles.
|
java.util.List<GrantEntry> |
GrantManager.getGrantsForApplicationRolesAndPermissionSets(java.util.List<AppRoleEntry> appRoleNameEntries, boolean appRoleOrder, java.util.List<PermissionSetEntry> permissionSetEntries, boolean permSetOrder)
Search for Grants based on Application Roles AND Permission Sets.
|
java.util.List<GrantEntry> |
GrantManager.getGrantsForPermissionSets(java.util.List<PermissionSetEntry> permissionSetEntries, boolean order)
Search for Grants based on a PermissionSet.
|
java.lang.String |
ChangeLogManager.getLastModifiedTimeStamp(java.lang.String oldtimeStamp, ChangeLogManager.ChangeLogEntity ent)
Gets the last known time stamp (of change) to the ChangeLogEntity ent after the timeStamp provided.
|
PermissionSetEntry |
PermissionSetManager.getPermissionSet(java.lang.String permissionSetName)
Get a PermissionSet by Name.
|
java.util.List<PermissionSetEntry> |
PermissionSetManager.getPermissionSets(PermissionSetSearchQuery query)
Query PermissionSets based upon a search criteria.
|
java.util.List<GrantEntry> |
ChangeLogManager.getPolicies(ChangeLogSearchQuery query)
Returns the added AND modified policies (grant entries) in the current application policy after the timestamp specified in the query The timestamp must be obtained from the API:
ChangeLogManager.getLastModifiedTimeStamp(String, ChangeLogEntity) Note that the returned list may contain duplicates of grantes already returned earlier. |
ResourceEntry |
ResourceFinder.getResource(java.lang.String resourceTypeName, java.lang.String name)
Get the resource given the name and the type of the resource.
|
java.util.List<ResourceEntry> |
ResourceFinder.getResources(java.lang.String resourceTypeName, ResourceSearchQuery query)
Search for resources based on SearchQuery.
|
ResourceTypeEntry |
ResourceTypeManager.getResourceType(java.lang.String name)
Get the resource type entry given name of the resource type.
|
java.util.List<ResourceTypeEntry> |
ResourceTypeManager.getResourceTypes(ResourceTypeSearchQuery query)
Gets all the resource types satisfying the query in the current scope (system/ application).
|
java.util.List<RoleCategoryEntry> |
RoleCategoryManager.getRoleCategories(RoleCategorySearchQuery query)
Gets all the role categories satisfying the query in the current scope (system/ application).
|
RoleCategoryEntry |
RoleCategoryManager.getRoleCategory(java.lang.String name)
Get the role category entry given name of the role category.
|
void |
GrantManager.grant(java.util.Set<PrincipalEntry> principalEntries, CodeSourceEntry csEntry, java.lang.String permissionSetName)
Grant a named PermissionSet to this group of principals and code source, or otherwise collectively known as the grantee.
|
void |
PermissionSetManager.modifyPermissionSet(EntryReference ref, javax.naming.directory.ModificationItem[] modItems)
Modify the PermissionSet.
|
void |
PermissionSetManager.modifyPermissionSet(EntryReference ref, ResourceActionsEntry resourceActionsToAdd, ResourceActionsEntry resourceActionsToDelete)
Modify the PermissionSet
|
void |
ResourceManager.modifyResource(EntryReference res, javax.naming.directory.ModificationItem[] modItems)
Modifies a Resource
|
void |
ResourceTypeManager.modifyResourceType(EntryReference rtRef, javax.naming.directory.ModificationItem[] modItems)
Modifies the resource type referred by rtRef.
|
void |
RoleCategoryManager.modifyRoleCategory(EntryReference rcRef, javax.naming.directory.ModificationItem[] modItems)
Modifies the role category referred by rcRef.
|
<T> T |
EntityManager.resolveReference(EntryReference reference, java.lang.Class<T> klass)
Given a reference to an entity, return a copy from the persistent store.
|
void |
GrantManager.revoke(java.util.Set<PrincipalEntry> principalEntries, CodeSourceEntry csEntry, java.lang.String permissionSetName)
Revoke a grant of a PermissionSet from this set of principals and codesource combination
|
Modifier and Type | Method and Description |
---|---|
void |
PermissionSetEntry.addResourceActions(ResourceActionsEntry resAct)
Add a ResourceActions.
|
Modifier and Type | Class and Description |
---|---|
class |
InvalidArgumentException |
Modifier and Type | Class and Description |
---|---|
class |
ResourceWithoutTypeException |
Modifier and Type | Method and Description |
---|---|
static java.util.Set<ResourceActionsEntry> |
JpsAuth.checkBulkAuthorization(javax.security.auth.Subject subject, java.util.Set<ResourceActionsEntry> requestedResources)
Determines whether the subject has access one or more Resource Actions.
|
static java.util.Set<JpsApplicationRole> |
JpsAuth.getAllGrantedAppRoles(javax.security.auth.Subject subject, java.util.Set<java.lang.String> applications)
Returns a set of application roles that have been granted to a subject, directly or indirectly, for the specified application stripes.
|