Skip navigation links

oracle.idm.provisioning.approval
Class ApprovalStrategy

java.lang.Object
oracle.idm.provisioning.approval.ApprovalStrategy

Direct Known Subclasses:

ExtProcApprovalStrategy

public abstract class ApprovalStrategy

extends java.lang.Object

Field Summary

static java.lang.String	APPROVER_ROLE
static java.lang.String	CONTEXT_KEY_DEBUG
static java.lang.String	CONTEXT_KEY_SESSION
static java.lang.String	DATA_FROM_APPROVED_REQ
protected boolean	m_cache
protected java.util.Hashtable	m_cachedPolicies
protected javax.naming.directory.DirContext	m_dirctx
protected java.lang.String	m_source
static java.lang.String	ORIGINATOR_ROLE
protected static java.lang.String	requestBase
static java.lang.String	SYSTEM_APPROVER
static java.lang.String	USER_ACTION_APPROVE
static java.lang.String	USER_ACTION_CANCEL
static java.lang.String	USER_ACTION_REJECT

Constructor Summary

ApprovalStrategy()

Method Summary

abstract ModRequest	approveForLevel(java.lang.String id, java.lang.String app, java.lang.String processorID, int atlevel, int nextlevel) Approve a given request at the given level.
abstract void	approveRequest(java.lang.String id, java.lang.String app, java.lang.String processorID) Approve a given request.
void	cachePolicies(boolean mode) Sets the caching mode.
void	cancelRequest(java.lang.String id, java.lang.String app, java.lang.String processor) Cancel a given request.
protected void	changeRequestProcessingStatus(java.lang.String id, java.lang.String app, java.lang.String status)
protected void	changeRequestStatus(java.lang.String id, java.lang.String app, java.lang.String status, java.lang.String approver)
protected void	changeRequestStatuses(java.lang.String id, java.lang.String app, java.lang.String status, java.lang.String approver, java.lang.String procstatus)
abstract ApprovalCheckContext	checkForApproval(RequestOperationData rdata, java.lang.Object dataCtx) If approval is needed for this request, starts the approval process.
protected boolean	checkUserAccess(java.lang.String user, Request req)
boolean	clearCache(java.lang.String key) Clear elemet(s) in cache.
protected java.util.List	getAllActions(java.lang.String user, Request req)
abstract java.util.List	getAllApprovers(java.lang.String user, java.lang.String id, java.lang.String app) Gets approver lists for all levels of a given request.
abstract java.util.List	getAllowedActions(java.lang.String user, java.lang.String id, java.lang.String app) Returns actions a user can perform on a given request.
protected java.util.List	getApprovalPolicies(java.lang.String toApp, java.lang.String operation)
protected java.util.List	getApprovers(java.lang.String policyUid)
protected Approvers	getApproversForLevel(java.lang.String policyUid, int level)
abstract Approvers	getApproversForLevel(java.lang.String user, java.lang.String id, java.lang.String app, int level) Gets approver list for a given request for a given level.
protected java.util.List	getCreatedRequests(java.lang.String user, RequestSearchCriteria criteria, int flags)
protected java.util.List	getPendingRequestsToApprove(java.lang.String user, int flags)
protected Request	getRequest(java.lang.String id, java.lang.String app, int flags)
abstract Request	getRequest(java.lang.String user, java.lang.String id, java.lang.String app) Gets a given request only if user is a requestor/ valid approver for the request at its current approval level.
abstract java.util.List	getRequestsForUser(java.lang.String user, RequestSearchCriteria criteria, java.lang.String userrole) Gets requests created by this user/ pending for this user that meet the specified criteria.
java.lang.String	getRequestStatus(java.lang.String id, java.lang.String app) Given a request, gets its status.
abstract java.util.List	getRequestsToNotify(java.lang.String app, java.lang.Object ctx) Get all the requests that need to be sent to this app, in a format understood by the caller.
protected java.util.List	getRequestsWCriteria(RequestSearchCriteria criteria, int flags)
protected java.util.List	getRequestsWProcStatus(java.lang.String app, java.lang.String procstatus)
protected boolean	isAdmin(java.lang.String user)
protected boolean	isApprovalNeeded(RequestOperationData req)
protected boolean	isApprovalNeeded(RequestOperationData req, java.util.List policies)
protected boolean	isComplete(java.lang.String status)
protected boolean	isMatch(ApprovalPolicy pol, RequestOperationData opdata)
protected boolean	isValidApprover(Request req, java.lang.String approverDN)
abstract java.lang.Object	processRequest(java.lang.Object evt, java.lang.String targetApp, java.lang.String sourceApp, java.lang.Object evtCtx) Process request based on given object.
abstract void	rejectRequest(java.lang.String id, java.lang.String app, java.lang.String processorID) Reject a given request.
protected java.lang.String	resolveApproverRole(java.lang.String name, java.lang.String userKey, java.util.List userInfo)
void	setApprovalStrategyContext(java.lang.String key, java.lang.Object ctx) Sets an approver context.
void	setDirectoryCtx(javax.naming.directory.DirContext ctx) Sets the directory context for approval strategy.
protected java.lang.String	storeRequest(Request req)
abstract void	updateNotifiedRequest(java.lang.String id, java.lang.String app) Update status of requests.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

SYSTEM_APPROVER

public static java.lang.String SYSTEM_APPROVER

CONTEXT_KEY_DEBUG

public static java.lang.String CONTEXT_KEY_DEBUG

CONTEXT_KEY_SESSION

public static java.lang.String CONTEXT_KEY_SESSION

ORIGINATOR_ROLE

public static java.lang.String ORIGINATOR_ROLE

APPROVER_ROLE

public static java.lang.String APPROVER_ROLE

USER_ACTION_APPROVE

public static java.lang.String USER_ACTION_APPROVE

USER_ACTION_REJECT

public static java.lang.String USER_ACTION_REJECT

USER_ACTION_CANCEL

public static java.lang.String USER_ACTION_CANCEL

DATA_FROM_APPROVED_REQ

public static java.lang.String DATA_FROM_APPROVED_REQ

requestBase

protected static java.lang.String requestBase

m_dirctx

protected javax.naming.directory.DirContext m_dirctx

m_cache

protected boolean m_cache

m_cachedPolicies

protected java.util.Hashtable m_cachedPolicies

m_source

protected java.lang.String m_source

Constructor Detail

ApprovalStrategy

public ApprovalStrategy()

Method Detail

checkForApproval

public abstract ApprovalCheckContext checkForApproval(RequestOperationData rdata,
                                                      java.lang.Object dataCtx)
                                               throws javax.naming.NamingException,
                                                      InvalidRequestException,
                                                      ApprovalProcessException

If approval is needed for this request, starts the approval process.

Parameters:

rdata - Operational data for the request.

dataCtx - Optional: Specifies a context for the data that may be used by some strategies for additional checks.

Returns:

ApprovalCheckContext for the approval check. If approval is needed and a request was created, the context will include information about the request.

Throws:

javax.naming.NamingException

InvalidRequestException

ApprovalProcessException

See Also:

RequestOperationData

processRequest

public abstract java.lang.Object processRequest(java.lang.Object evt,
                                                java.lang.String targetApp,
                                                java.lang.String sourceApp,
                                                java.lang.Object evtCtx)
                                         throws java.lang.IllegalArgumentException,
                                                javax.naming.NamingException,
                                                ApprovalProcessException

Process request based on given object. This method is useful for approval strategies that interact with other applications and may exchange data in a different format.

Parameters:

evt - Event or request information that needs to be processed.

targetApp - Target application against which this event/ request is taking place.

sourceApp - Source application from which this event/ request originated.

evtCtx - Optional argument depending on specific strategy implementation.

Returns:

A status object if event processed, else returns null.

Throws:

java.lang.IllegalArgumentException

javax.naming.NamingException

ApprovalProcessException

approveForLevel

public abstract ModRequest approveForLevel(java.lang.String id,
                                           java.lang.String app,
                                           java.lang.String processorID,
                                           int atlevel,
                                           int nextlevel)
                                    throws java.lang.IllegalArgumentException,
                                           javax.naming.NamingException,
                                           ApprovalProcessException

Approve a given request at the given level. Throws ApprovalProcessException if: 1. The request is already approved or rejected or cancelled 2. The user does not have permission to approve the request 3. Current level of request > level at which the request is being approved.

Parameters:

id - Id of the request to be approved.

app - Target application of the request.

processorID - Identity of the user trying to approve the

atlevel - Level at which the request needs to be approved.

nextlevel - Next approval level for the request. Note, nextLevel is required for externalized approval processes, in case for whatever reasons, in-between approval levels are skipped (by escalating/ changing processing logic.). This gives the external process flexibility and doesn't restrict it to approve a request for each level.

Returns:

A ModRequest object with a record of all changes made to the request.

Throws:

java.lang.IllegalArgumentException

javax.naming.NamingException

ApprovalProcessException

approveRequest

public abstract void approveRequest(java.lang.String id,
                                    java.lang.String app,
                                    java.lang.String processorID)
                             throws java.lang.IllegalArgumentException,
                                    javax.naming.NamingException,
                                    ApprovalProcessException

Approve a given request. If the request is already approved or rejected or if the user does not have permission to approve the request, throws ApprovalProcessException.

Parameters:

id - Id of the request to be approved.

app - Target application of the request.

processorID - Identity of the user trying to approve the request.

Throws:

java.lang.IllegalArgumentException

javax.naming.NamingException

ApprovalProcessException

rejectRequest

public abstract void rejectRequest(java.lang.String id,
                                   java.lang.String app,
                                   java.lang.String processorID)
                            throws java.lang.IllegalArgumentException,
                                   javax.naming.NamingException,
                                   ApprovalProcessException

Reject a given request. If the request is already approved or rejected or if the user does not have permission to approve the request, throws ApprovalProcessException.

Parameters:

id - Id of the request to be rejected.

app - Target application of the request.

processorID - Identity of the user trying to reject the request.

Throws:

java.lang.IllegalArgumentException

javax.naming.NamingException

ApprovalProcessException

getRequestsToNotify

public abstract java.util.List getRequestsToNotify(java.lang.String app,
                                                   java.lang.Object ctx)
                                            throws java.lang.IllegalArgumentException,
                                                   javax.naming.NamingException,
                                                   ApprovalProcessException

Get all the requests that need to be sent to this app, in a format understood by the caller. This method can simply return a List of Requests or transform the requests into application specific format.

Parameters:

app - Application to which the requests are notified.

ctx - Application specific context. The format of context is left to subclasses.

Returns:

A list of requests that should be notified to the application.

Throws:

java.lang.IllegalArgumentException

javax.naming.NamingException

ApprovalProcessException

See Also:

Request

updateNotifiedRequest

public abstract void updateNotifiedRequest(java.lang.String id,
                                           java.lang.String app)
                                    throws javax.naming.NamingException,
                                           ApprovalProcessException

Update status of requests. The format of object in the list is left to the implementation.

Parameters:

reqObjects - A collection of requests/ objects corresponding to requests that need to be updated.

status - Status with which the requests need to be updated.

Throws:

javax.naming.NamingException

ApprovalProcessException

getRequestsForUser

public abstract java.util.List getRequestsForUser(java.lang.String user,
                                                  RequestSearchCriteria criteria,
                                                  java.lang.String userrole)
                                           throws javax.naming.NamingException,
                                                  ApprovalProcessException

Gets requests created by this user/ pending for this user that meet the specified criteria.

Parameters:

user - Identity of the user for whom the requests are to be obtained.

attrs - A map specifying further criteria for the requests. The key to the map is one of the SRCH_* public strings defined in the Request object. The value is a collection of Strings, specifying search criteria.

userrole - One of the REQUSTOR_ROLE/ APPROVER_ROLE.

Returns:

A collection of requests meeting the specified criteria.

Throws:

javax.naming.NamingException

ApprovalProcessException

See Also:

Request

getRequest

public abstract Request getRequest(java.lang.String user,
                                   java.lang.String id,
                                   java.lang.String app)
                            throws javax.naming.NamingException,
                                   ApprovalProcessException

Gets a given request only if user is a requestor/ valid approver for the request at its current approval level.

Parameters:

user - Id of the user doing the get operation.

id - Id of the request to be obtained.

app - Target application for the request.

Returns:

Request matching the id and app.

Throws:

javax.naming.NamingException

ApprovalProcessException

See Also:

Request

getApproversForLevel

public abstract Approvers getApproversForLevel(java.lang.String user,
                                               java.lang.String id,
                                               java.lang.String app,
                                               int level)
                                        throws javax.naming.NamingException,
                                               ApprovalProcessException

Gets approver list for a given request for a given level. This method is abstract so that in case approvals are entirely handled by a another application (such as APS), then we won't maintain approver information.

Parameters:

user - Identity of the user doing this operation.

id - Id of the request for which approvers are needed.

app - Target application for the request.

level - Level for which the approver list is required.

Returns:

Approvers for the given request for the given level.

Throws:

javax.naming.NamingException

ApprovalProcessException

See Also:

Approvers

getAllApprovers

public abstract java.util.List getAllApprovers(java.lang.String user,
                                               java.lang.String id,
                                               java.lang.String app)
                                        throws javax.naming.NamingException,
                                               ApprovalProcessException

Gets approver lists for all levels of a given request. This method is abstract so that in case approvals are entirely handled by a another application (such as APS), then we won't maintain approver information.

Parameters:

user - Identity of the user doing this operation.

id - Id of the request for which approvers are needed.

app - Target application for the request.

Returns:

A collection of Approvers for the given request, sorted by approval level in ascending order.

Throws:

javax.naming.NamingException

ApprovalProcessException

See Also:

Approvers

getAllowedActions

public abstract java.util.List getAllowedActions(java.lang.String user,
                                                 java.lang.String id,
                                                 java.lang.String app)
                                          throws javax.naming.NamingException,
                                                 ApprovalProcessException

Returns actions a user can perform on a given request. Returns an empty list if the request is already approved/ rejected or cancelled.

Parameters:

user - Identity of the user doing this operation.

id - Id of the request for which approvers are needed.

app - Target application for the request.

Returns:

A list of allowed actions (as defined in USER_ACTION* public strings).

Throws:

javax.naming.NamingException

ApprovalProcessException

setDirectoryCtx

public void setDirectoryCtx(javax.naming.directory.DirContext ctx)

Sets the directory context for approval strategy. No approval strategy opens its own connection to the directory. This allows better connection management.

Parameters:

ctx - A valid directory context. This context is used to retrieve or store all information related to approval, so it should have necessary read and write permissions.

cachePolicies

public void cachePolicies(boolean mode)

Sets the caching mode. If cache is turned on, all policies that are fetched will be cached in a hash table. The key to the table At this time, no internal cache timeout strategy is implemented but callers can explicitly clear one/ all elements of the cache.

Parameters:

mode - Policies are cached if mode is true.

clearCache

public boolean clearCache(java.lang.String key)

Clear elemet(s) in cache. If key is null, all elements are cleared.

Parameters:

key - Key for which all cached policies will be cleared. If key is null, all elements in the cache are cleared.

Returns:

true if element(s) cleared, false if not (this will happen if the given key does not exist in the hashtable).

setApprovalStrategyContext

public void setApprovalStrategyContext(java.lang.String key,
                                       java.lang.Object ctx)

Sets an approver context. By design, no specific type is specified for context. This allows the approval strategy and its caller to use their own objects. This method is a no-op for base ApprovalStrategy. Subclasses may over-ride it.

Parameters:

key - Key/ name for the context.

ctx - Strategy specific context object.

getRequestStatus

public java.lang.String getRequestStatus(java.lang.String id,
                                         java.lang.String app)
                                  throws javax.naming.NamingException,
                                         java.lang.IllegalArgumentException,
                                         ApprovalProcessException

Given a request, gets its status.

Parameters:

id - Request id.

app - Target application for the request.

Returns:

The status of given request.

Throws:

javax.naming.NamingException

java.lang.IllegalArgumentException

ApprovalProcessException

cancelRequest

public void cancelRequest(java.lang.String id,
                          java.lang.String app,
                          java.lang.String processor)
                   throws java.lang.IllegalArgumentException,
                          javax.naming.NamingException,
                          ApprovalProcessException

Cancel a given request. The request is cancelled only if processor is the creator of the request and request is not already approved/ rejected/ cancelled.

Parameters:

id - Id of the request to be cancelled.

app - Target application for the request.

processor - Identity of the user that wants to cancel the request. For LDAP based metadata storage, this is expected to be a DN.

Throws:

java.lang.IllegalArgumentException

javax.naming.NamingException

ApprovalProcessException

getRequest

protected Request getRequest(java.lang.String id,
                             java.lang.String app,
                             int flags)
                      throws java.lang.IllegalArgumentException,
                             javax.naming.NamingException,
                             ApprovalProcessException

Throws:

java.lang.IllegalArgumentException

javax.naming.NamingException

ApprovalProcessException

isApprovalNeeded

protected boolean isApprovalNeeded(RequestOperationData req)
                            throws javax.naming.NamingException,
                                   InvalidRequestException

Throws:

javax.naming.NamingException

InvalidRequestException

checkUserAccess

protected boolean checkUserAccess(java.lang.String user,
                                  Request req)
                           throws javax.naming.NamingException,
                                  InvalidRequestException

Throws:

javax.naming.NamingException

InvalidRequestException

isValidApprover

protected boolean isValidApprover(Request req,
                                  java.lang.String approverDN)
                           throws javax.naming.NamingException,
                                  InvalidRequestException

Throws:

javax.naming.NamingException

InvalidRequestException

getCreatedRequests

protected java.util.List getCreatedRequests(java.lang.String user,
                                            RequestSearchCriteria criteria,
                                            int flags)
                                     throws javax.naming.NamingException,
                                            ApprovalProcessException

Throws:

javax.naming.NamingException

ApprovalProcessException

getRequestsWCriteria

protected java.util.List getRequestsWCriteria(RequestSearchCriteria criteria,
                                              int flags)
                                       throws javax.naming.NamingException,
                                              ApprovalProcessException

Throws:

javax.naming.NamingException

ApprovalProcessException

getPendingRequestsToApprove

protected java.util.List getPendingRequestsToApprove(java.lang.String user,
                                                     int flags)
                                              throws javax.naming.NamingException,
                                                     ApprovalProcessException

Throws:

javax.naming.NamingException

ApprovalProcessException

getRequestsWProcStatus

protected java.util.List getRequestsWProcStatus(java.lang.String app,
                                                java.lang.String procstatus)
                                         throws javax.naming.NamingException,
                                                ApprovalProcessException

Throws:

javax.naming.NamingException

ApprovalProcessException

isApprovalNeeded

protected boolean isApprovalNeeded(RequestOperationData req,
                                   java.util.List policies)
                            throws javax.naming.NamingException

Throws:

javax.naming.NamingException

isComplete

protected boolean isComplete(java.lang.String status)

getApproversForLevel

protected Approvers getApproversForLevel(java.lang.String policyUid,
                                         int level)
                                  throws javax.naming.NamingException,
                                         java.lang.IllegalArgumentException

Throws:

javax.naming.NamingException

java.lang.IllegalArgumentException

getApprovers

protected java.util.List getApprovers(java.lang.String policyUid)
                               throws javax.naming.NamingException,
                                      java.lang.IllegalArgumentException

Throws:

javax.naming.NamingException

java.lang.IllegalArgumentException

getApprovalPolicies

protected java.util.List getApprovalPolicies(java.lang.String toApp,
                                             java.lang.String operation)
                                      throws javax.naming.NamingException,
                                             java.lang.IllegalArgumentException

Throws:

javax.naming.NamingException

java.lang.IllegalArgumentException

storeRequest

protected java.lang.String storeRequest(Request req)
                                 throws InvalidRequestException,
                                        javax.naming.NamingException,
                                        ApprovalProcessException

Throws:

InvalidRequestException

javax.naming.NamingException

ApprovalProcessException

changeRequestStatus

protected void changeRequestStatus(java.lang.String id,
                                   java.lang.String app,
                                   java.lang.String status,
                                   java.lang.String approver)
                            throws InvalidRequestException,
                                   javax.naming.NamingException,
                                   ApprovalProcessException

Throws:

InvalidRequestException

javax.naming.NamingException

ApprovalProcessException

changeRequestProcessingStatus

protected void changeRequestProcessingStatus(java.lang.String id,
                                             java.lang.String app,
                                             java.lang.String status)
                                      throws InvalidRequestException,
                                             javax.naming.NamingException,
                                             ApprovalProcessException

Throws:

InvalidRequestException

javax.naming.NamingException

ApprovalProcessException

changeRequestStatuses

protected void changeRequestStatuses(java.lang.String id,
                                     java.lang.String app,
                                     java.lang.String status,
                                     java.lang.String approver,
                                     java.lang.String procstatus)
                              throws InvalidRequestException,
                                     javax.naming.NamingException,
                                     ApprovalProcessException

Throws:

InvalidRequestException

javax.naming.NamingException

ApprovalProcessException

isAdmin

protected boolean isAdmin(java.lang.String user)

isMatch

protected boolean isMatch(ApprovalPolicy pol,
                          RequestOperationData opdata)
                   throws javax.naming.NamingException

Throws:

javax.naming.NamingException

resolveApproverRole

protected java.lang.String resolveApproverRole(java.lang.String name,
                                               java.lang.String userKey,
                                               java.util.List userInfo)
                                        throws javax.naming.NamingException,
                                               ApprovalProcessException

Throws:

javax.naming.NamingException

ApprovalProcessException

getAllActions

protected java.util.List getAllActions(java.lang.String user,
                                       Request req)
                                throws javax.naming.NamingException,
                                       ApprovalProcessException

Throws:

javax.naming.NamingException

ApprovalProcessException

Skip navigation links