Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.metamatrix.platform.admin.api
Interface AuthorizationAdminAPI

All Superinterfaces:
java.io.Serializable, SubSystemAdminAPI
All Known Implementing Classes:
AuthorizationAdminAPIImpl
public interface AuthorizationAdminAPI
extends SubSystemAdminAPI

Method Summary
 void addPrincipalsToRole(java.util.Set principals, java.lang.String roleName)
          Add the given set of principals to the given role.
 java.lang.Boolean containsPolicy(AuthorizationPolicyID policyID)
          Return whether there is an existing policy with the specified ID.
 AuthorizationEditor createEditor()
          Returns a AuthorizationObjectEditor to perform editing operations on a entitlement type object.
 java.util.Set executeTransaction(java.util.List actions)
          Execute as a single transaction with the specified actions, and return the set of IDs for the objects that were affected/modified by the action.
 java.util.Collection findAllPolicyIDs()
          Locate the IDs of all of the policies that are accessible by the caller.
 java.util.Collection findPolicyIDs(java.util.Collection principals)
          Locate the IDs of all of the policies that apply to the specified principal and that are accessible by the caller.
 java.util.List getElementEntitlements(AuthorizationRealm realm, java.lang.String elementNamePattern)
          Returns a List of entitlements to the given element pattern in the given realm.
 java.util.List getGroupEntitlements(AuthorizationRealm realm, java.lang.String fullyQualifiedGroupName)
          Returns a List of entitlements to the given fully qualified group name in the given realm.
 java.util.Collection getPolicies(java.util.Collection policyIDs)
          Locate the policies that have the specified IDs.
 AuthorizationPolicy getPolicy(AuthorizationPolicyID policyID)
          Locate the policy that has the specified ID.
 java.util.Collection getPolicyIDsForResourceInRealm(AuthorizationRealm realm, java.lang.String resourceName)
          Returns a Collection of AuthorizationPolicyIDs that have AuthorizationPermissions on the given resource that exists in the given AuthorizationRealm.
 java.util.Collection getPolicyIDsInPartialRealm(AuthorizationRealm realm)
          Returns a Collection of AuthorizationPolicyIDs that have AuthorizationPermissions that exist in the given partial AuthorizationRealm.
The implementation is such that all AuthorizationPolicyIDs whose AuthorizationRealm starts with the given AuthorizationRealm are returned.
 java.util.Collection getPolicyIDsInRealm(AuthorizationRealm realm)
          Returns a Collection of AuthorizationPolicyIDs in the given AuthorizationRealm.
 java.util.Collection getPolicyIDsWithPermissionsInRealm(AuthorizationRealm realm)
          Returns a Collection of AuthorizationPolicyIDs that have AuthorizationPermissions in the given AuthorizationRealm.
NOTE: It is the responsibility of the caller to determine which of the AuthorizationPolicy's AuthorizationPermissions are actually in the given AuthorizationRealm.
 java.util.Collection getPrincipalsForRole(java.lang.String roleName)
          Returns a collection MetaMatrixPrincipalName objects containing the name of the principal along with its type which belong to the given role.
 java.util.Collection getRealmNames()
          Obtain the names of all of the realms known to the system.
 java.util.Map getRoleDescriptions()
          Obtain the names of all of the roles and their descriptions known to the system.
 java.util.Collection getRoleNamesForPrincipal(MetaMatrixPrincipalName principal)
          Returns a Collection of String names of MetaMatrix roles to which the given principal is assigned.
 boolean isCallerInRole(SessionToken caller, java.lang.String roleName)
          Verify that caller is in the specified logical role.
 boolean isSuperUser(java.lang.String username)
          Returns true if the given username matches the current membership security.membership.admin.username from the current config
 void removePolicy(AuthorizationPolicyID policyID)
          Remove the policy with the specified ID.
 java.lang.Boolean removePrincipalFromAllPolicies(MetaMatrixPrincipalName principal)
          Remove given Principal from ALL AuthorizationPolicies to which he belongs.
 void removePrincipalsFromRole(java.util.Set principals, java.lang.String roleName)
          Remove the given set of principals from the given role.
 

Method Detail

createEditor

AuthorizationEditor createEditor()
                                 throws InvalidSessionException,
                                        AuthorizationException,
                                        MetaMatrixComponentException
Returns a AuthorizationObjectEditor to perform editing operations on a entitlement type object. The editing process will create actions for each specific type of editing operation. Those actions are what need to be submitted to the AuthorizationService for actual updates to occur.

Returns:
AuthorizationObjectEditor
Throws:
InvalidSessionException
AuthorizationException
MetaMatrixComponentException

getRealmNames

java.util.Collection getRealmNames()
                                   throws InvalidSessionException,
                                          AuthorizationException,
                                          MetaMatrixComponentException
Obtain the names of all of the realms known to the system.

Returns:
the set of realm names
Throws:
InvalidSessionException - if the SessionToken is not valid or is expired
AuthorizationException - if the caller is unable to perform this operation
MetaMatrixComponentException - if this service has trouble communicating.

getRoleDescriptions

java.util.Map getRoleDescriptions()
                                  throws AuthorizationException,
                                         InvalidSessionException,
                                         MetaMatrixComponentException
Obtain the names of all of the roles and their descriptions known to the system.

Returns:
a Map of role descriptions key by the role's name.
Throws:
InvalidSessionException - if the SessionToken is not valid or is expired
AuthorizationException - if the caller is unable to perform this operation
MetaMatrixComponentException - if this service has trouble communicating.

getPrincipalsForRole

java.util.Collection getPrincipalsForRole(java.lang.String roleName)
                                          throws AuthorizationException,
                                                 InvalidSessionException,
                                                 MetaMatrixComponentException
Returns a collection MetaMatrixPrincipalName objects containing the name of the principal along with its type which belong to the given role. com.metamatrix.security.api.MetaMatrixPrincipalName

Parameters:
roleName - String name of MetaMatrix role for which principals are sought
Throws:
InvalidSessionException - if the administrative session is invalid
AuthorizationException - if admninistrator does not have the authority to perform the requested operation.
MetaMatrixComponentException - if this service has trouble communicating.

getRoleNamesForPrincipal

java.util.Collection getRoleNamesForPrincipal(MetaMatrixPrincipalName principal)
                                              throws AuthorizationException,
                                                     InvalidSessionException,
                                                     MetaMatrixComponentException
Returns a Collection of String names of MetaMatrix roles to which the given principal is assigned.

Parameters:
principal - MetaMatrixPrincipalName for which roles are sought
explicitOnly - If true, only return roles assigned directly to given principal. If false, return all roles directly assigned and inherited.
Returns:
The Collection of role names the principal is assigned.
Throws:
InvalidSessionException - if the administrative session is invalid
AuthorizationException - if admninistrator does not have the authority to perform the requested operation.
MetaMatrixComponentException - if this service has trouble communicating.

addPrincipalsToRole

void addPrincipalsToRole(java.util.Set principals,
                         java.lang.String roleName)
                         throws AuthorizationException,
                                InvalidSessionException,
                                MetaMatrixComponentException
Add the given set of principals to the given role.

Parameters:
principals - Set of MetaMatrixPrincipalNames to which to add.
roleName - The name of the role to which to add the principals.
Throws:
InvalidSessionException - if the administrative session is invalid
AuthorizationException - if admninistrator does not have the authority to perform the requested operation.
MetaMatrixComponentException - if this service has trouble communicating.

isSuperUser

boolean isSuperUser(java.lang.String username)
                    throws MembershipServiceException,
                           MetaMatrixComponentException
Returns true if the given username matches the current membership security.membership.admin.username from the current config

Parameters:
username - the username to compare to the current super user
Returns:
Throws:
ServiceException - for generic service errors
MembershipServiceException - If there are issues within the membership service
MetaMatrixComponentException - if this service has trouble communicating.

removePrincipalsFromRole

void removePrincipalsFromRole(java.util.Set principals,
                              java.lang.String roleName)
                              throws AuthorizationException,
                                     InvalidSessionException,
                                     MetaMatrixComponentException
Remove the given set of principals from the given role.

Parameters:
principals - Set of MetaMatrixPrincipalNames to remove.
roleName - The name of the role from which to remove the principals.
Throws:
InvalidSessionException - if the administrative session is invalid
AuthorizationException - if admninistrator does not have the authority to perform the requested operation.
MetaMatrixComponentException - if this service has trouble communicating.

removePolicy

void removePolicy(AuthorizationPolicyID policyID)
                  throws AuthorizationException,
                         InvalidSessionException,
                         MetaMatrixComponentException
Remove the policy with the specified ID.

Parameters:
policyID - the ID of the policy that is to be removed.
Throws:
InvalidSessionException - if the sessionToken is not valid or is expired
AuthorizationException - if the caller is unable to perform this operation
MetaMatrixComponentException - if this service is unable to locate resources required for this operation

findAllPolicyIDs

java.util.Collection findAllPolicyIDs()
                                      throws AuthorizationException,
                                             InvalidSessionException,
                                             MetaMatrixComponentException
Locate the IDs of all of the policies that are accessible by the caller.

Parameters:
caller - the session token of the principal that is attempting to access the policies.
Returns:
the set of all policy IDs
Throws:
InvalidSessionException - if the SessionToken is not valid or is expired
AuthorizationException - if the caller is unable to perform this operation
AuthorizationMgmtException - if this service has trouble connecting to services it uses.
MetaMatrixComponentException - if this service has trouble communicating.

findPolicyIDs

java.util.Collection findPolicyIDs(java.util.Collection principals)
                                   throws AuthorizationException,
                                          InvalidSessionException,
                                          MetaMatrixComponentException
Locate the IDs of all of the policies that apply to the specified principal and that are accessible by the caller.

Parameters:
principals - the Set of UserGroupIDs and/or UserAccountIDs to whom the returned policies should apply to (may not null, empty or invalid, all of which would result in an empty result)
Returns:
the set of all policy IDs; never null but possibly empty
Throws:
InvalidSessionException - if the SessionToken is not valid or is expired
AuthorizationException - if the caller is unable to perform this operation
MetaMatrixComponentException - if this service has trouble communicating.

getPolicies

java.util.Collection getPolicies(java.util.Collection policyIDs)
                                 throws AuthorizationException,
                                        InvalidSessionException,
                                        MetaMatrixComponentException
Locate the policies that have the specified IDs. Any ID that is invalid is simply ignored.

Parameters:
policyIDs - the policy IDs for which the policies are to be obtained
Returns:
the set of entitlements that correspond to those specified IDs that are valid
Throws:
InvalidSessionException - if the SessionToken is not valid or is expired
AuthorizationException - if the caller is unable to perform this operation
MetaMatrixComponentException - if this service has trouble communicating.

containsPolicy

java.lang.Boolean containsPolicy(AuthorizationPolicyID policyID)
                                 throws AuthorizationException,
                                        InvalidSessionException,
                                        MetaMatrixComponentException
Return whether there is an existing policy with the specified ID.

Parameters:
id - the ID that is to be checked
Returns:
true if a policy with the specified ID exists
Throws:
InvalidSessionException - if the SessionToken is not valid or is expired
AuthorizationException - if the caller is unable to perform this operation
MetaMatrixComponentException - if this service has trouble communicating.

getPolicy

AuthorizationPolicy getPolicy(AuthorizationPolicyID policyID)
                              throws AuthorizationException,
                                     AuthorizationMgmtException,
                                     InvalidSessionException,
                                     MetaMatrixComponentException
Locate the policy that has the specified ID. Any ID that is invalid is simply ignored.

Parameters:
policyID - the ID of the policy to be obtained
Returns:
the policy that correspond to the specified ID
Throws:
InvalidSessionException - if the SessionToken is not valid or is expired
AuthorizationException - if the caller is unable to perform this operation
MetaMatrixComponentException - if this service has trouble communicating.
AuthorizationMgmtException

executeTransaction

java.util.Set executeTransaction(java.util.List actions)
                                 throws AuthorizationException,
                                        AuthorizationMgmtException,
                                        InvalidSessionException,
                                        MetaMatrixComponentException
Execute as a single transaction with the specified actions, and return the set of IDs for the objects that were affected/modified by the action.

Parameters:
actions - the ordered list of actions that are to be performed on metamodel within the repository.
Returns:
The set of objects that were affected by this transaction.
Throws:
InvalidSessionException - if the SessionToken is not valid or has expired.
AuthorizationException - if the caller is unable to perform this operation.
MetaMatrixComponentException - if this service has trouble communicating.
AuthorizationMgmtException

removePrincipalFromAllPolicies

java.lang.Boolean removePrincipalFromAllPolicies(MetaMatrixPrincipalName principal)
                                                 throws AuthorizationException,
                                                        AuthorizationMgmtException,
                                                        InvalidSessionException,
                                                        MetaMatrixComponentException
Remove given Principal from ALL AuthorizationPolicies to which he belongs.

Parameters:
principal - MetaMatrixPrincipalName which should be deleted.
Returns:
true if at least one policy in which the principal had authorization was found and deleted, false otherwise.
Throws:
AuthorizationException - if admninistrator does not have the authority to preform the action.
MetaMatrixComponentException - if this service has trouble communicating.
AuthorizationMgmtException
InvalidSessionException

getPolicyIDsWithPermissionsInRealm

java.util.Collection getPolicyIDsWithPermissionsInRealm(AuthorizationRealm realm)
                                                        throws AuthorizationException,
                                                               AuthorizationMgmtException,
                                                               InvalidSessionException,
                                                               MetaMatrixComponentException
Returns a Collection of AuthorizationPolicyIDs that have AuthorizationPermissions in the given AuthorizationRealm.
NOTE: It is the responsibility of the caller to determine which of the AuthorizationPolicy's AuthorizationPermissions are actually in the given AuthorizationRealm. The AuthorizationPolicy may span AuthorizationRealms.

Parameters:
realm - The realm in which to search for AuthorizationPermissions.
Returns:
The collection of AuthorizationPolicyIDs that have permissions in the given realm - possibly empty but never null.
Throws:
AuthorizationException - if admninistrator does not have the authority to preform the action.
AuthorizationMgmtException - if an error occurs in the Authorization store.
MetaMatrixComponentException - if this service has trouble communicating.
InvalidSessionException

getPolicyIDsInRealm

java.util.Collection getPolicyIDsInRealm(AuthorizationRealm realm)
                                         throws AuthorizationException,
                                                AuthorizationMgmtException,
                                                InvalidSessionException,
                                                MetaMatrixComponentException
Returns a Collection of AuthorizationPolicyIDs in the given AuthorizationRealm.
This method will only work for Data Access Authorizations because the realm is encoded in a Data Access policy name. NOTE: It is the responsibility of the caller to determine which of the AuthorizationPolicy's AuthorizationPermissions are actually in the given AuthorizationRealm. The AuthorizationPolicy may span AuthorizationRealms.

Parameters:
realm - The realm in which to search for AuthorizationPermissions.
Returns:
The collection of AuthorizationPolicyIDs that have permissions in the given realm - possibly empty but never null.
Throws:
AuthorizationException - if admninistrator does not have the authority to preform the action.
AuthorizationMgmtException - if an error occurs in the Authorization store.
MetaMatrixComponentException - if this service has trouble communicating.
InvalidSessionException

getPolicyIDsInPartialRealm

java.util.Collection getPolicyIDsInPartialRealm(AuthorizationRealm realm)
                                                throws AuthorizationException,
                                                       AuthorizationMgmtException,
                                                       InvalidSessionException,
                                                       MetaMatrixComponentException
Returns a Collection of AuthorizationPolicyIDs that have AuthorizationPermissions that exist in the given partial AuthorizationRealm.
The implementation is such that all AuthorizationPolicyIDs whose AuthorizationRealm starts with the given AuthorizationRealm are returned.

Parameters:
realm - The partial realm in which to search for AuthorizationPermissions whose realm name starts with the given realm.
Returns:
The collection of AuthorizationPolicyIDs that have permissions in the given partial realm - possibly empty but never null.
Throws:
AuthorizationException - if admninistrator does not have the authority to preform the action.
AuthorizationMgmtException - if an error occurs in the Authorization store.
MetaMatrixComponentException - if this service has trouble communicating.
InvalidSessionException

getPolicyIDsForResourceInRealm

java.util.Collection getPolicyIDsForResourceInRealm(AuthorizationRealm realm,
                                                    java.lang.String resourceName)
                                                    throws AuthorizationException,
                                                           AuthorizationMgmtException,
                                                           InvalidSessionException,
                                                           MetaMatrixComponentException
Returns a Collection of AuthorizationPolicyIDs that have AuthorizationPermissions on the given resource that exists in the given AuthorizationRealm.

Parameters:
realm - The realm in which to search for AuthorizationPermissions.
resourceName - The resource for which to search for AuthorizationPermissions.
Returns:
The collection of AuthorizationPolicyIDs that have permissions on the given resource - possibly empty but never null.
Throws:
AuthorizationException - if admninistrator does not have the authority to preform the action.
AuthorizationMgmtException - if an error occurs in the Authorization store.
MetaMatrixComponentException - if this service has trouble communicating.
InvalidSessionException

isCallerInRole

boolean isCallerInRole(SessionToken caller,
                       java.lang.String roleName)
                       throws AuthorizationException,
                              AuthorizationMgmtException,
                              InvalidSessionException,
                              MetaMatrixComponentException
Verify that caller is in the specified logical role.

Parameters:
caller - The session token of the MetaMatrix principle involking an administrative method.
Returns:
true if caller's session token is valid and he is a MetaMatrix administrator.
Throws:
AuthorizationMgmtException - if this service has trouble connecting to services it uses.
AuthorizationException
InvalidSessionException
MetaMatrixComponentException

getGroupEntitlements

java.util.List getGroupEntitlements(AuthorizationRealm realm,
                                    java.lang.String fullyQualifiedGroupName)
                                    throws AuthorizationException,
                                           AuthorizationMgmtException,
                                           InvalidSessionException,
                                           MetaMatrixComponentException
Returns a List of entitlements to the given fully qualified group name in the given realm.

The list contains objects of type UserEntitlementInfo which will contain all user entitlement information for each group found. Each of these objects will contain 1 or more objects of type GranteeEntitlementEntry which contain the Grantee's name the entitlement Grantor or entity specifying the Grantee is entitled and the Allowed Actions the Grantee is entitled to perform on the group.

The attributes availible are:
  1. VDB Name
  2. VDB Version
  3. Group Name (fully qualified)
    • Grantee Name; Grantor Name; Allowed Actions (A String[] of one or more of {CREATE, READ, UPDATE, DELETE})
    • ...

Parameters:
realm - The realm in which the element must live.
fullyQualifiedGroupName - The resource for which to look up permissions.
Returns:
The List of entitlements to the given element in the given realm - May be empty but never null.
Throws:
AuthorizationException - if admninistrator does not have the authority to preform the action.
AuthorizationMgmtException - if an error occurs in the Authorization store.
MetaMatrixComponentException - if this service has trouble communicating.
InvalidSessionException

getElementEntitlements

java.util.List getElementEntitlements(AuthorizationRealm realm,
                                      java.lang.String elementNamePattern)
                                      throws AuthorizationException,
                                             AuthorizationMgmtException,
                                             InvalidSessionException,
                                             MetaMatrixComponentException
Returns a List of entitlements to the given element pattern in the given realm.

The list contains objects of type UserEntitlementInfo which will contain all user entitlement information for each element found. Each of these objects will contain 1 or more objects of type GranteeEntitlementEntry which contain the Grantee's name the entitlement Grantor or entity specifying the Grantee is entitled and the Allowed Actions the Grantee is entitled to perform on the element.

The attributes availible are:
  1. VDB Name
  2. VDB Version
  3. Group Name (fully qualified)
  4. Element Name (fully qualified)
    • Grantee Name; Grantor Name; Allowed Actions (A String[] of one or more of {CREATE, READ, UPDATE, DELETE})
    • ...

Parameters:
realm - The realm in which the element must live.
elementNamePattern - The resource for which to look up permissions. SQL '%' pattern matching may be used.
Returns:
The List of entitlements to the given element in the given realm - May be empty but never null.
Throws:
AuthorizationMgmtException - if this service is unable to locate resources required for this operation.
ServiceStateException - if the Authorization service is not taking requests.
AuthorizationException
InvalidSessionException
MetaMatrixComponentException
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2009. All Rights Reserved.