com.metamatrix.platform.security.authorization.spi
Interface AuthorizationSourceTransaction

All Superinterfaces:

TransactionInterface

All Known Implementing Classes:

JDBCAuthorizationTransaction

public interface AuthorizationSourceTransaction
extends TransactionInterface

Method Summary

void	addPermissionsWithResourcesToParent(java.lang.String parent, java.util.Collection resources, AuthorizationRealm realm) Add the given resources as AuthorizationPermissions to existing AuthorizationPolicies that have a permission with the given parent as a resource.
void	close() A method that is called before this transaction is closed, giving the transaction a chance to release any resources.
boolean	containsPolicy(AuthorizationPolicyID id) Return whether there is an existing policy with the specified ID.
java.util.Set	executeActions(AuthorizationPolicyID target, java.util.List actions, java.lang.String grantor) Execute the actions on given object.
java.util.Collection	findAllPolicyIDs() Locate the IDs of all of the policies that are accessible by the caller.
java.util.Collection	findPolicyIDs(java.util.Collection principals) Locate the IDs of all of the policies that apply to the specified principal and that are accessible by the caller in all known realms.
java.util.Collection	findPolicyIDs(java.util.Collection principals, AuthorizationRealm realm) Locate the IDs of all of the policies that apply to the specified principal and that are accessible by the caller in the given realm.
java.util.Collection	getDependantPermissions(AuthorizationPermission request) Get the collection of permissions whose resources are dependant on the given permision.
java.util.Map	getElementEntitlements(AuthorizationRealm realm, java.lang.String elementNamePattern) Returns a compound List of entitlements to the given fully qualified element in the given realm.
java.util.Map	getGroupEntitlements(AuthorizationRealm realm, java.lang.String fullyQualifiedGroupName) Returns a compound List of entitlements to the given fully qualified group in the given realm.
java.util.Set	getPermissionsForPolicy(AuthorizationPolicyID policyID) Find and create all AuthorizationPermissions known to a policy.
java.util.Collection	getPolicies(java.util.Collection policyIDs) Locate the policies that have the specified IDs.
AuthorizationPolicy	getPolicy(AuthorizationPolicyID policyID) Locate the policy that has the specified ID.
java.util.Collection	getPolicyIDsForResourceInRealm(AuthorizationRealm realm, java.lang.String resourceName) Returns a Collection of AuthorizationPolicyIDs that have AuthorizationPermissions on the given resource that exists in the given AuthorizationRealm.
java.util.Collection	getPolicyIDsInPartialRealm(AuthorizationRealm realm) Returns a Collection of AuthorizationPolicyIDs that have AuthorizationPermissions that exist in the given partial AuthorizationRealm. The implementation is such that all AuthorizationPolicyIDs whose AuthorizationRealm starts with the given AuthorizationRealm are returned.
java.util.Collection	getPolicyIDsInRealm(AuthorizationRealm realm) Returns a Collection of AuthorizationPolicyIDs in the given AuthorizationRealm.
java.util.Collection	getPolicyIDsWithPermissionsInRealm(AuthorizationRealm realm) Returns a Collection of AuthorizationPolicyIDs that have AuthorizationPermissions in the given AuthorizationRealm. NOTE: It is the responsibility of the caller to determine which of the AuthorizationPolicy's AuthorizationPermissions are actually in the given AuthorizationRealm.
java.util.Collection	getPrincipalsForRole(java.lang.String roleName) Returns a collection MetaMatrixPrincipalName objects containing the name of the principal along with its type which belong to the given role.
java.util.Collection	getRealmNames() Obtain the names of all of the realms known to the system.
java.util.Map	getRoleDescriptions() Obtain the names of all of the roles and their descriptions known to the system.
java.util.Collection	getRoleNamesForPrincipal(java.util.Collection principals) Returns a Collection of String names of MetaMatrix roles which the given principal belongs to
void	removePermissionsWithResources(java.util.Collection resources, AuthorizationRealm realm) Remove all permissions in the system that are on the given resources.
boolean	removePrincipalFromAllPolicies(MetaMatrixPrincipalName principal) Remove given Principal from ALL AuthorizationPolicies to which he belongs.
void	removePrincipalsAndPoliciesForRealm(AuthorizationRealm realm) Remove entries from AUTHREALM, AUTHPERMISSIONS, AUTHPOLICIES, AUTHPRINCIPALS for the specified realm

Methods inherited from interface com.metamatrix.common.connection.TransactionInterface

commit, isClosed, isReadonly, rollback

Method Detail

getGroupEntitlements

java.util.Map getGroupEntitlements(AuthorizationRealm realm,
                                   java.lang.String fullyQualifiedGroupName)
                                   throws AuthorizationSourceConnectionException,
                                          AuthorizationSourceException

Returns a compound List of entitlements to the given fully qualified group in the given realm. The returned List will be comprised of a Lists of 6 elements.
They are, in order:

0. VDB Name
1. VDB Version
2. Group Name (fully qualified)
3. Grantor
4. Grantee
5. Allowed Action (one or more of {CREATE, READ, UPDATE, DELETE})

Parameters:

realm - The realm in which the group must live.

fullyQualifiedGroupName - The resource for which to look up permissions.

Returns:

The List of entitlements to the given group in the given realm - May be empty but never null.

Throws:

AuthorizationSourceConnectionException - if there is an error communicating with the source.

AuthorizationSourceException - if there is an unspecified error.

getElementEntitlements

java.util.Map getElementEntitlements(AuthorizationRealm realm,
                                     java.lang.String elementNamePattern)
                                     throws AuthorizationSourceConnectionException,
                                            AuthorizationSourceException

Returns a compound List of entitlements to the given fully qualified element in the given realm. The returned List will be comprised of a Lists of 7 elements.
They are, in order:

0. VDB Name
1. VDB Version
2. Group Name (fully qualified)
3. Element
4. Grantor
5. Grantee
6. Allowed Action (one or more of {CREATE, READ, UPDATE, DELETE})

Parameters:

realm - The realm in which the element must live.

elementNamePattern - The resource for which to look up permissions.

Returns:

The List of entitlements to the given element in the given realm - May be empty but never null.

Throws:

AuthorizationSourceConnectionException - if there is an error communicating with the source.

AuthorizationSourceException - if there is an unspecified error.

getRealmNames

java.util.Collection getRealmNames()
                                   throws AuthorizationSourceConnectionException,
                                          AuthorizationSourceException

Obtain the names of all of the realms known to the system.

Returns:

the collection of realm names

Throws:

AuthorizationSourceConnectionException

AuthorizationSourceException

containsPolicy

boolean containsPolicy(AuthorizationPolicyID id)
                       throws AuthorizationSourceConnectionException,
                              AuthorizationSourceException

Return whether there is an existing policy with the specified ID.

Parameters:

id - the ID that is to be checked

Returns:

true if a policy with the specified ID exists

Throws:

AuthorizationSourceConnectionException - if there is an connection or communication error with the data source, signifying that the method should be retried with a different connection.

AuthorizationSourceException - if there is an unspecified or unknown error with the data source.

findAllPolicyIDs

java.util.Collection findAllPolicyIDs()
                                      throws AuthorizationSourceConnectionException,
                                             AuthorizationSourceException

Locate the IDs of all of the policies that are accessible by the caller.

Returns:

the set of all policy IDs

Throws:

AuthorizationSourceConnectionException - if there is an connection or communication error with the data source, signifying that the method should be retried with a different connection.

AuthorizationSourceException - if there is an unspecified or unknown error with the data source.

findPolicyIDs

java.util.Collection findPolicyIDs(java.util.Collection principals,
                                   AuthorizationRealm realm)
                                   throws AuthorizationSourceConnectionException,
                                          AuthorizationSourceException

Locate the IDs of all of the policies that apply to the specified principal and that are accessible by the caller in the given realm.

Parameters:

principals - the Set of UserGroupIDs and/or UserAccountIDs to whom the returned policies should apply to (may not null, empty or invalid, all of which would result in an empty result).

realm - The applicable realm in which to search for policies.

Returns:

the set of all policy IDs; never null but possibly empty

Throws:

AuthorizationSourceConnectionException - if there is an connection or communication error with the data source, signifying that the method should be retried with a different connection.

AuthorizationSourceException - if there is an unspecified or unknown error with the data source.

findPolicyIDs

java.util.Collection findPolicyIDs(java.util.Collection principals)
                                   throws AuthorizationSourceConnectionException,
                                          AuthorizationSourceException

Locate the IDs of all of the policies that apply to the specified principal and that are accessible by the caller in all known realms.

Parameters:

principals - the Set of UserGroupIDs and/or UserAccountIDs to whom the returned policies should apply to (may not null, empty or invalid, all of which would result in an empty result).

Returns:

the set of all policy IDs; never null but possibly empty

Throws:

AuthorizationSourceConnectionException - if there is an connection or communication error with the data source, signifying that the method should be retried with a different connection.

AuthorizationSourceException - if there is an unspecified or unknown error with the data source.

getPolicies

java.util.Collection getPolicies(java.util.Collection policyIDs)
                                 throws AuthorizationSourceConnectionException,
                                        AuthorizationSourceException

Locate the policies that have the specified IDs. Any ID that is invalid is simply ignored.

Parameters:

policyIDs - the policy IDs for which the policies are to be obtained

Returns:

the set of entitlements that correspond to those specified IDs that are valid

Throws:

AuthorizationSourceConnectionException - if there is an connection or communication error with the data source, signifying that the method should be retried with a different connection.

AuthorizationSourceException - if there is an unspecified or unknown error with the data source.

getPolicy

AuthorizationPolicy getPolicy(AuthorizationPolicyID policyID)
                              throws AuthorizationSourceConnectionException,
                                     AuthorizationSourceException

Locate the policy that has the specified ID. Any ID that is invalid is simply ignored. specified policies

Parameters:

policyID - the ID of the policy to be obtained

Returns:

the policy that correspond to the specified ID

Throws:

AuthorizationSourceConnectionException - if there is an connection or communication error with the data source, signifying that the method should be retried with a different connection.

AuthorizationSourceException - if there is an unspecified or unknown error with the data source.

close

void close()

A method that is called before this transaction is closed, giving the transaction a chance to release any resources.

Specified by:

close in interface TransactionInterface

executeActions

java.util.Set executeActions(AuthorizationPolicyID target,
                             java.util.List actions,
                             java.lang.String grantor)
                             throws AuthorizationSourceConnectionException,
                                    AuthorizationSourceException,
                                    AuthorizationMgmtException

Execute the actions on given object.

Parameters:

target - The ID of the policy on which to execute the transactions.

actions - The list of actions to execute.

grantor - The principal name of the policy grantor.

Returns:

The set of objects effected by this method.

Throws:

AuthorizationSourceConnectionException - if there is an connection or communication error with the data source, signifying that the method should be retried with a different connection.

AuthorizationSourceException - if there is an unspecified or unknown error with the data source.

AuthorizationMgmtException

getRoleDescriptions

java.util.Map getRoleDescriptions()
                                  throws AuthorizationSourceConnectionException,
                                         AuthorizationSourceException

Obtain the names of all of the roles and their descriptions known to the system.

Returns:

a Map of role descriptions key by the role's name.

Throws:

AuthorizationSourceConnectionException - if there is an connection or communication error with the data source, signifying that the method should be retried with a different connection.

AuthorizationSourceException - if there is an unspecified or unknown error with the data source.

getPrincipalsForRole

java.util.Collection getPrincipalsForRole(java.lang.String roleName)
                                          throws AuthorizationSourceConnectionException,
                                                 AuthorizationSourceException

Returns a collection MetaMatrixPrincipalName objects containing the name of the principal along with its type which belong to the given role. MetaMatrixPrincipalName

Parameters:

roleName - String name of MetaMatrix role for which principals are sought

Returns:

The collection of MetaMatrixPrincipalNames who are in the given role, possibly enpty, never null.

Throws:

AuthorizationSourceConnectionException - if there is an connection or communication error with the data source, signifying that the method should be retried with a different connection.

AuthorizationSourceException - if there is an unspecified or unknown error with the data source.

getRoleNamesForPrincipal

java.util.Collection getRoleNamesForPrincipal(java.util.Collection principals)
                                              throws AuthorizationSourceConnectionException,
                                                     AuthorizationSourceException

Returns a Collection of String names of MetaMatrix roles which the given principal belongs to

Parameters:

principals - MetaMatrixPrincipalNames of a principal and any group memberships for which roles are sought

Returns:

The collection of role names belonging to the given principal, possibly enpty, never null.

Throws:

AuthorizationSourceConnectionException - if there is an connection or communication error with the data source, signifying that the method should be retried with a different connection.

AuthorizationSourceException - if there is an unspecified or unknown error with the data source.

removePrincipalFromAllPolicies

boolean removePrincipalFromAllPolicies(MetaMatrixPrincipalName principal)
                                       throws AuthorizationSourceConnectionException,
                                              AuthorizationSourceException

Remove given Principal from ALL AuthorizationPolicies to which he belongs.

Parameters:

principal - MetaMatrixPrincipalName which should be deleted.

Returns:

true if at least one policy in which the principal had authorization was found and deleted, false otherwise.

Throws:

AuthorizationSourceConnectionException - if there is an connection or communication error with the data source, signifying that the method should be retried with a different connection.

AuthorizationSourceException - if there is an unspecified or unknown error with the data source.

getPolicyIDsWithPermissionsInRealm

java.util.Collection getPolicyIDsWithPermissionsInRealm(AuthorizationRealm realm)
                                                        throws AuthorizationSourceConnectionException,
                                                               AuthorizationSourceException

Returns a Collection of AuthorizationPolicyIDs that have AuthorizationPermissions in the given AuthorizationRealm.
NOTE: It is the responsibility of the caller to determine which of the AuthorizationPolicy's AuthorizationPermissions are actually in the given AuthorizationRealm. The AuthorizationPolicy may span AuthorizationRealms.

Parameters:

realm - The realm in which to search for AuthorizationPermissions.

Returns:

The collection of AuthorizationPolicyIDs that have permissions in the given realm - possibly empty but never null.

Throws:

AuthorizationSourceConnectionException - if there is an connection or communication error with the data source, signifying that the method should be retried with a different connection.

AuthorizationSourceException - if there is an unspecified or unknown error with the data source.

getPolicyIDsInRealm

java.util.Collection getPolicyIDsInRealm(AuthorizationRealm realm)
                                         throws AuthorizationSourceConnectionException,
                                                AuthorizationSourceException

Returns a Collection of AuthorizationPolicyIDs in the given AuthorizationRealm.
This method will only work for Data Access Authorizations because the realm is encoded in a Data Access policy name. NOTE: It is the responsibility of the caller to determine which of the AuthorizationPolicy's AuthorizationPermissions are actually in the given AuthorizationRealm. The AuthorizationPolicy may span AuthorizationRealms.

Parameters:

realm - The realm in which to search for AuthorizationPermissions.

Returns:

The collection of AuthorizationPolicyIDs that have permissions in the given realm - possibly empty but never null.

Throws:

AuthorizationSourceConnectionException - if there is an connection or communication error with the data source, signifying that the method should be retried with a different connection.

AuthorizationSourceException - if there is an unspecified or unknown error with the data source.

getPolicyIDsInPartialRealm

java.util.Collection getPolicyIDsInPartialRealm(AuthorizationRealm realm)
                                                throws AuthorizationSourceConnectionException,
                                                       AuthorizationSourceException

Returns a Collection of AuthorizationPolicyIDs that have AuthorizationPermissions that exist in the given partial AuthorizationRealm.
The implementation is such that all AuthorizationPolicyIDs whose AuthorizationRealm starts with the given AuthorizationRealm are returned.

Parameters:

realm - The partial realm in which to search for AuthorizationPermissions whose realm name starts with the given realm.

Returns:

The collection of AuthorizationPolicyIDs that have permissions in the given partial realm - possibly empty but never null.

Throws:

AuthorizationSourceConnectionException - if there is an connection or communication error with the data source, signifying that the method should be retried with a different connection.

AuthorizationSourceException - if there is an unspecified or unknown error with the data source.

getPolicyIDsForResourceInRealm

java.util.Collection getPolicyIDsForResourceInRealm(AuthorizationRealm realm,
                                                    java.lang.String resourceName)
                                                    throws AuthorizationSourceConnectionException,
                                                           AuthorizationSourceException

Returns a Collection of AuthorizationPolicyIDs that have AuthorizationPermissions on the given resource that exists in the given AuthorizationRealm.

Parameters:

realm - The realm in which to search for AuthorizationPermissions.

resourceName - The resource for which to search for AuthorizationPermissions.

Returns:

The collection of AuthorizationPolicyIDs that have permissions on the given resource - possibly empty but never null.

Throws:

AuthorizationSourceConnectionException - if there is an connection or communication error with the data source, signifying that the method should be retried with a different connection.

AuthorizationSourceException - if there is an unspecified or unknown error with the data source.

getPermissionsForPolicy

java.util.Set getPermissionsForPolicy(AuthorizationPolicyID policyID)
                                      throws AuthorizationSourceConnectionException,
                                             AuthorizationSourceException

Find and create all AuthorizationPermissions known to a policy.

Parameters:

policyID - The policy indentifier.

Returns:

The set of all permissions that belong to the given policy.

Throws:

AuthorizationSourceConnectionException

AuthorizationSourceException

addPermissionsWithResourcesToParent

void addPermissionsWithResourcesToParent(java.lang.String parent,
                                         java.util.Collection resources,
                                         AuthorizationRealm realm)
                                         throws AuthorizationSourceConnectionException,
                                                AuthorizationSourceException

Add the given resources as AuthorizationPermissions to existing AuthorizationPolicies that have a permission with the given parent as a resource. Use the parent's AuthorizationActions to create the permission for each resource.

Parameters:

parent - The uuid of the resource that will be the parent of the given resources.

resources - The uuids of the newly added resources.

realm - Confine the resources to this realm.

Throws:

AuthorizationSourceConnectionException

AuthorizationSourceException

removePrincipalsAndPoliciesForRealm

void removePrincipalsAndPoliciesForRealm(AuthorizationRealm realm)
                                         throws AuthorizationSourceConnectionException,
                                                AuthorizationSourceException

Remove entries from AUTHREALM, AUTHPERMISSIONS, AUTHPOLICIES, AUTHPRINCIPALS for the specified realm

Parameters:

realm -

Throws:

AuthorizationSourceException

AuthorizationSourceConnectionException

Since:

4.3

removePermissionsWithResources

void removePermissionsWithResources(java.util.Collection resources,
                                    AuthorizationRealm realm)
                                    throws AuthorizationSourceConnectionException,
                                           AuthorizationSourceException

Remove all permissions in the system that are on the given resources.

Parameters:

resources - The IDs of the resources to be removed.

realm - The AuthorizationRealm in which the resources reside.

Throws:

AuthorizationSourceConnectionException

AuthorizationSourceException

getDependantPermissions

java.util.Collection getDependantPermissions(AuthorizationPermission request)
                                             throws AuthorizationSourceConnectionException,
                                                    AuthorizationSourceException

Get the collection of permissions whose resources are dependant on the given permision. The returned collection will contain a permission for each dependant resource all having the actions of the original request. The search is scoped to the AuthorizationRealm of the given request.

Parameters:

request - The permission for which to find dependants.

Returns:

A Collection of dependant permissions all with the actions of the given request.

Throws:

AuthorizationSourceConnectionException

AuthorizationSourceException