com.metamatrix.platform.security.api.service
Interface AuthorizationServiceInterface

All Superinterfaces:

ServiceInterface

All Known Implementing Classes:

AuthorizationServiceImpl

public interface AuthorizationServiceInterface
extends ServiceInterface

This interface represents the API to the Authorization Service and it defines the functionality that is accessible to clients.

Field Summary

static java.lang.String

NAME

Fields inherited from interface com.metamatrix.platform.service.api.ServiceInterface

WAIT_TO_DIE_TIME

Method Summary

boolean	checkAccess(SessionToken sessionToken, java.lang.String contextName, AuthorizationPermission request) Return whether the specified account has authorization to access the specified resource.
boolean	checkAccess(SessionToken sessionToken, java.lang.String contextName, AuthorizationPermission request, boolean fetchDependants) Return whether the specified account has authorization to access the specified resource and all its dependent resources.
boolean	containsPolicy(SessionToken caller, AuthorizationPolicyID id) Return whether there is an existing policy with the specified ID.
java.util.Set	executeTransaction(SessionToken caller, java.util.List actions) Execute as a single transaction with the specified actions, and return the set of IDs for the objects that were affected/modified by the action.
PermissionDataNode	fillPermissionNodeTree(PermissionDataNode root, AuthorizationPolicyID policyID) Takes a tree of PermissionDataNodeImpls that have their Resources filled in and fills in all permissions on resources that are found in the given AuthorizationPolicyID. If any permissions are found that have no corresponding data node, a AuthorizationMgmtException is thrown noting the missing resource name(s).
java.util.Collection	findAllPolicyIDs(SessionToken caller) Locate the IDs of all of the policies that are accessible by the caller.
java.util.Collection	findPolicyIDs(SessionToken caller, java.util.Collection principals) Locate the IDs of all of the policies that apply to the specified principal and that are accessible by the caller.
java.util.List	getElementEntitlements(AuthorizationRealm realm, java.util.Collection elementNames) Returns a List of entitlements to the given element pattern in the given realm.
java.util.List	getElementEntitlements(AuthorizationRealm realm, java.lang.String elementName) Returns a List of entitlements to the given element pattern in the given realm.
java.util.List	getGroupEntitlements(AuthorizationRealm realm, java.util.Collection groupNames) Returns a List of entitlements to the given element pattern in the given realm.
java.util.List	getGroupEntitlements(AuthorizationRealm realm, java.lang.String fullyQualifiedGroupName) Returns a List of entitlements to the given element pattern in the given realm.
java.util.Collection	getInaccessibleResources(SessionToken sessionToken, java.lang.String contextName, java.util.Collection requests) Of those resources specified, return the subset for which the specified account does not have authorization to access.
java.util.Collection	getPolicIDsForResourceInRealm(SessionToken caller, AuthorizationRealm realm, java.lang.String resourceName) Returns a Collection of AuthorizationPolicyIDs that have AuthorizationPermissions on the given resource that exists in the given AuthorizationRealm.
java.util.Collection	getPolicies(SessionToken caller, java.util.Collection policyIDs) Locate the policies that have the specified IDs.
java.util.Collection	getPoliciesInRealm(SessionToken caller, AuthorizationRealm realm) Returns a Collection of AuthorizationPolicys that have AuthorizationPermissions in the given AuthorizationRealm. NOTE: It is the responsibility of the caller to determine which of the AuthorizationPolicy's AuthorizationPermissions are actually in the given AuthorizationRealm.
AuthorizationPolicy	getPolicy(SessionToken caller, AuthorizationPolicyID policyID) Locate the policy that has the specified ID.
java.util.Collection	getPolicyIDsInPartialRealm(SessionToken caller, AuthorizationRealm realm) Returns a Collection of AuthorizationPolicyIDs that have AuthorizationPermissions that exist in the given partial AuthorizationRealm. The implementation is such that all AuthorizationPolicyIDs whose AuthorizationRealm starts with the given AuthorizationRealm are returned.
java.util.Collection	getPolicyIDsInRealm(SessionToken caller, AuthorizationRealm realm) Returns a Collection of AuthorizationPolicyIDs in the given AuthorizationRealm.
java.util.Collection	getPolicyIDsWithPermissionsInRealm(SessionToken caller, AuthorizationRealm realm) Returns a Collection of AuthorizationPolicyIDs that have AuthorizationPermissions in the given AuthorizationRealm. NOTE: It is the responsibility of the caller to determine which of the AuthorizationPolicy's AuthorizationPermissions are actually in the given AuthorizationRealm.
java.util.Collection	getPrincipalsForRole(SessionToken caller, java.lang.String roleName) Returns a collection MetaMatrixPrincipalName objects containing the name of the principal along with its type which belong to the given role.
java.util.Collection	getRealmNames(SessionToken caller) Obtain the names of all of the realms known to the system.
java.util.Map	getRoleDescriptions(SessionToken caller) Obtain the names of all of the roles and their descriptions known to the system.
java.util.Collection	getRoleNamesForPrincipal(SessionToken caller, MetaMatrixPrincipalName principal) Returns a Collection of String names of MetaMatrix roles to which the given principal is assigned.
boolean	hasPolicy(SessionToken caller, AuthorizationRealm realm, java.lang.String policyName)
boolean	isCallerInRole(SessionToken caller, java.lang.String roleName) Verify that caller is in the specified logical role.
void	migratePolicies(SessionToken token, EntitlementMigrationReport rpt, java.lang.String targetVDBName, java.lang.String targetVDBVersion, java.util.Set targetNodes, java.util.Collection sourcePolicies, AdminOptions options)
boolean	removePrincipalFromAllPolicies(SessionToken caller, MetaMatrixPrincipalName principal) Remove given Principal from ALL AuthorizationPolicies to which he belongs.

Methods inherited from interface com.metamatrix.platform.service.api.ServiceInterface

checkState, die, dieNow, getCurrentState, getHostname, getID, getInitException, getProcessName, getProperties, getQueueStatistics, getQueueStatistics, getServiceType, getStartTime, getStateChangeTime, init, isAlive, setInitException, updateState

Field Detail

NAME

static final java.lang.String NAME

See Also:

Constant Field Values

Method Detail

checkAccess

boolean checkAccess(SessionToken sessionToken,
                    java.lang.String contextName,
                    AuthorizationPermission request)
                    throws InvalidSessionException,
                           AuthorizationMgmtException

Return whether the specified account has authorization to access the specified resource. This method returns false immediately upon encountering the first resource to which the account does not have access.

Parameters:

sessionToken - the session token of the principal whose access is being checked

contextName - the name of the context for the caller (@see AuditContext)

request - the permission that details the resource and the desired form of access

Returns:

true if the specified principal is granted access to the requested resource, or false otherwise

Throws:

InvalidSessionException - if the session token for this cache is not valid

AuthorizationMgmtException - if this service is unable to locate resources required for this operation

checkAccess

boolean checkAccess(SessionToken sessionToken,
                    java.lang.String contextName,
                    AuthorizationPermission request,
                    boolean fetchDependants)
                    throws InvalidSessionException,
                           AuthorizationMgmtException

Return whether the specified account has authorization to access the specified resource and all its dependent resources. This method returns false immediately upon encountering the first resource to which the account does not have access.

Parameters:

sessionToken - the session token of the principal whose access is being checked

contextName - the name of the context for the caller (@see AuditContext)

request - the permission that details the resource and the desired form of access

fetchDependants - If true, search authorization store for all dependent Permissions of the given request. Access is checked for all resources - the given request and all dependents.

Returns:

true if the specified principal is granted access to the requested resources, or false otherwise

Throws:

InvalidSessionException - if the session token for this cache is not valid

AuthorizationMgmtException - if this service is unable to locate resources required for this operation

getInaccessibleResources

java.util.Collection getInaccessibleResources(SessionToken sessionToken,
                                              java.lang.String contextName,
                                              java.util.Collection requests)
                                              throws InvalidSessionException,
                                                     AuthorizationMgmtException

Of those resources specified, return the subset for which the specified account does not have authorization to access.

Parameters:

sessionToken - the session token of the principal that is calling this method

contextName - the name of the context for the caller (@see AuditContext)

requests - the permissions that detail the resources and the desired form of access

Returns:

the subset of requests that the account does not have access to

Throws:

InvalidSessionException - if the session token for this cache is not valid

AuthorizationMgmtException - if this service is unable to locate resources required for this operation

getGroupEntitlements

java.util.List getGroupEntitlements(AuthorizationRealm realm,
                                    java.util.Collection groupNames)
                                    throws AuthorizationMgmtException

Returns a List of entitlements to the given element pattern in the given realm.

The list contains objects of type UserEntitlementInfo which will contain all user entitlement information for each element found. Each of these objects will contain 1 or more objects of type GranteeEntitlementEntry which contain the Grantee's name the entitlement Grantor or entity specifying the Grantee is entitled and the Allowed Actions the Grantee is entitled to perform on the element.

The attributes availible are:

1. VDB Name
2. VDB Version
3. Group Name (fully qualified)
4. Element Name (fully qualified)
• Grantee Name; Grantor Name; Allowed Actions (A String[] of one or more of {CREATE, READ, UPDATE, DELETE})
• ...

Parameters:

realm - The realm in which the element must live.

groupNames - the fully qualified group names - the resources - for which to look up permissions. Collection of String.

Returns:

The List of entitlements to the given element in the given realm - May be empty but never null.

Throws:

AuthorizationMgmtException - if this service is unable to locate resources required for this operation.

ServiceStateException - if the Authorization service is not taking requests.

getGroupEntitlements

java.util.List getGroupEntitlements(AuthorizationRealm realm,
                                    java.lang.String fullyQualifiedGroupName)
                                    throws AuthorizationMgmtException

Returns a List of entitlements to the given element pattern in the given realm.

The list contains objects of type UserEntitlementInfo which will contain all user entitlement information for each element found. Each of these objects will contain 1 or more objects of type GranteeEntitlementEntry which contain the Grantee's name the entitlement Grantor or entity specifying the Grantee is entitled and the Allowed Actions the Grantee is entitled to perform on the element.

The attributes availible are:

1. VDB Name
2. VDB Version
3. Group Name (fully qualified)
4. Element Name (fully qualified)
• Grantee Name; Grantor Name; Allowed Actions (A String[] of one or more of {CREATE, READ, UPDATE, DELETE})
• ...

Parameters:

realm - The realm in which the element must live.

fullyQualifiedGroupName - The resource for which to look up permissions.

Returns:

The List of entitlements to the given element in the given realm - May be empty but never null.

Throws:

AuthorizationMgmtException - if this service is unable to locate resources required for this operation.

getElementEntitlements

java.util.List getElementEntitlements(AuthorizationRealm realm,
                                      java.util.Collection elementNames)
                                      throws AuthorizationMgmtException

Returns a List of entitlements to the given element pattern in the given realm.

The list contains objects of type UserEntitlementInfo which will contain all user entitlement information for each element found. Each of these objects will contain 1 or more objects of type GranteeEntitlementEntry which contain the Grantee's name the entitlement Grantor or entity specifying the Grantee is entitled and the Allowed Actions the Grantee is entitled to perform on the element.

The attributes availible are:

1. VDB Name
2. VDB Version
3. Group Name (fully qualified)
4. Element Name (fully qualified)
• Grantee Name; Grantor Name; Allowed Actions (A String[] of one or more of {CREATE, READ, UPDATE, DELETE})
• ...

Parameters:

realm - The realm in which the element must live.

elementNames - The fully qualified element resource for which to look up permissions. Collection of String.

Returns:

The List of entitlements to the given element in the given realm - May be empty but never null.

Throws:

AuthorizationMgmtException - if this service is unable to locate resources required for this operation.

getElementEntitlements

java.util.List getElementEntitlements(AuthorizationRealm realm,
                                      java.lang.String elementName)
                                      throws AuthorizationMgmtException

Returns a List of entitlements to the given element pattern in the given realm.

The list contains objects of type UserEntitlementInfo which will contain all user entitlement information for each element found. Each of these objects will contain 1 or more objects of type GranteeEntitlementEntry which contain the Grantee's name the entitlement Grantor or entity specifying the Grantee is entitled and the Allowed Actions the Grantee is entitled to perform on the element.

The attributes availible are:

1. VDB Name
2. VDB Version
3. Group Name (fully qualified)
4. Element Name (fully qualified)
• Grantee Name; Grantor Name; Allowed Actions (A String[] of one or more of {CREATE, READ, UPDATE, DELETE})
• ...

Parameters:

realm - The realm in which the element must live.

elementName - The fully qualified element resource for which to look up permissions.

Returns:

The List of entitlements to the given element in the given realm - May be empty but never null.

Throws:

AuthorizationMgmtException - if this service is unable to locate resources required for this operation.

getRealmNames

java.util.Collection getRealmNames(SessionToken caller)
                                   throws InvalidSessionException,
                                          AuthorizationException,
                                          AuthorizationMgmtException

Obtain the names of all of the realms known to the system.

Parameters:

caller - the session token of the principal that is attempting to access the realms.

Returns:

the set of realm names

Throws:

InvalidSessionException - if the SessionToken is not valid or is expired

AuthorizationException - if the caller is unable to perform this operation

AuthorizationMgmtException - if this service has trouble connecting to services it uses.

containsPolicy

boolean containsPolicy(SessionToken caller,
                       AuthorizationPolicyID id)
                       throws InvalidSessionException,
                              AuthorizationException,
                              AuthorizationMgmtException

Return whether there is an existing policy with the specified ID.

Parameters:

caller - the session token of the principal that is attempting to access the policies.

id - the ID that is to be checked

Returns:

true if a policy with the specified ID exists

Throws:

InvalidSessionException - if the SessionToken is not valid or is expired

AuthorizationException - if the caller is unable to perform this operation

AuthorizationMgmtException - if this service has trouble connecting to services it uses.

See Also:

AuthorizationDomain.containsPolicy

findAllPolicyIDs

java.util.Collection findAllPolicyIDs(SessionToken caller)
                                      throws InvalidSessionException,
                                             AuthorizationException,
                                             AuthorizationMgmtException

Locate the IDs of all of the policies that are accessible by the caller.

Parameters:

caller - the session token of the principal that is attempting to access the policies.

Returns:

the set of all policy IDs

Throws:

InvalidSessionException - if the SessionToken is not valid or is expired

AuthorizationException - if the caller is unable to perform this operation

AuthorizationMgmtException - if this service has trouble connecting to services it uses.

See Also:

AuthorizationDomain.findAllPolicyIDs

findPolicyIDs

java.util.Collection findPolicyIDs(SessionToken caller,
                                   java.util.Collection principals)
                                   throws InvalidSessionException,
                                          AuthorizationException,
                                          AuthorizationMgmtException

Locate the IDs of all of the policies that apply to the specified principal and that are accessible by the caller.

Parameters:

caller - the session token of the principal that is attempting to access the policies.

principals - the Set of UserGroupIDs and/or UserAccountIDs to whom the returned policies should apply to (may not null, empty or invalid, all of which would result in an empty result)

Returns:

the set of all policy IDs; never null but possibly empty

Throws:

InvalidSessionException - if the SessionToken is not valid or is expired

AuthorizationException - if the caller is unable to perform this operation

AuthorizationMgmtException - if this service has trouble connecting to services it uses.

See Also:

AuthorizationModel.findAllPolicyIDs

getPolicies

java.util.Collection getPolicies(SessionToken caller,
                                 java.util.Collection policyIDs)
                                 throws InvalidSessionException,
                                        AuthorizationException,
                                        AuthorizationMgmtException

Locate the policies that have the specified IDs. Any ID that is invalid is simply ignored.

Parameters:

caller - the session token of the principal that is attempting to access the specified policies

policyIDs - the policy IDs for which the policies are to be obtained

Returns:

the set of entitlements that correspond to those specified IDs that are valid

Throws:

InvalidSessionException - if the SessionToken is not valid or is expired

AuthorizationException - if the caller is unable to perform this operation

AuthorizationMgmtException - if this service has trouble connecting to services it uses.

See Also:

AuthorizationDomain.getPolicies

getPolicy

AuthorizationPolicy getPolicy(SessionToken caller,
                              AuthorizationPolicyID policyID)
                              throws InvalidSessionException,
                                     AuthorizationException,
                                     AuthorizationMgmtException

Locate the policy that has the specified ID. Any ID that is invalid is simply ignored.

Parameters:

caller - the session token of the principal that is attempting to access the specified policies

policyID - the ID of the policy to be obtained

Returns:

the policy that correspond to the specified ID

Throws:

InvalidSessionException - if the SessionToken is not valid or is expired

AuthorizationException - if the caller is unable to perform this operation

AuthorizationMgmtException - if this service has trouble connecting to services it uses.

See Also:

AuthorizationDomain.getPolicy

executeTransaction

java.util.Set executeTransaction(SessionToken caller,
                                 java.util.List actions)
                                 throws InvalidSessionException,
                                        AuthorizationException,
                                        AuthorizationMgmtException

Execute as a single transaction with the specified actions, and return the set of IDs for the objects that were affected/modified by the action.

Parameters:

caller - the session token of the principal that is attempting to access the policies.

actions - the ordered list of actions that are to be performed on metamodel within the repository.

Returns:

The set of objects that were affected by this transaction.

Throws:

InvalidSessionException - if the SessionToken is not valid or has expired.

AuthorizationException - if the caller is unable to perform this operation.

AuthorizationMgmtException - if there were errors with the SPI. Causes rollback.

java.lang.IllegalArgumentException - if the action is null.

isCallerInRole

boolean isCallerInRole(SessionToken caller,
                       java.lang.String roleName)
                       throws AuthorizationMgmtException

Verify that caller is in the specified logical role.

Parameters:

caller - The session token of the MetaMatrix principle involking an administrative method.

Returns:

true if caller's session token is valid and he is a MetaMatrix administrator.

Throws:

AuthorizationMgmtException - if this service has trouble connecting to services it uses.

getRoleDescriptions

java.util.Map getRoleDescriptions(SessionToken caller)
                                  throws InvalidSessionException,
                                         AuthorizationException,
                                         AuthorizationMgmtException

Obtain the names of all of the roles and their descriptions known to the system.

Parameters:

caller - the session token of the principal that is attempting to access the roles.

Returns:

a Map of role descriptions key by the role's name.

Throws:

InvalidSessionException - if the SessionToken is not valid or is expired

AuthorizationException - if the caller is unable to perform this operation

AuthorizationMgmtException - if this service has trouble connecting to services it uses.

getPrincipalsForRole

java.util.Collection getPrincipalsForRole(SessionToken caller,
                                          java.lang.String roleName)
                                          throws InvalidSessionException,
                                                 AuthorizationException,
                                                 AuthorizationMgmtException

Returns a collection MetaMatrixPrincipalName objects containing the name of the principal along with its type which belong to the given role. com.metamatrix.security.api.MetaMatrixPrincipalName

Parameters:

caller - the session token of the principal that is attempting to access the roles.

roleName - String name of MetaMatrix role for which principals are sought

Throws:

InvalidSessionException - if the administrative session is invalid

MetaMatrixSecurityException - if there is a problem internally with the MembershipService

AuthorizationException - if administrator does not have the authority to see the requested information

ComponentNotFoundException - if a component required by this method could not be found within the server

AuthorizationMgmtException

getRoleNamesForPrincipal

java.util.Collection getRoleNamesForPrincipal(SessionToken caller,
                                              MetaMatrixPrincipalName principal)
                                              throws InvalidSessionException,
                                                     AuthorizationException,
                                                     AuthorizationMgmtException

Returns a Collection of String names of MetaMatrix roles to which the given principal is assigned.

Parameters:

caller - the session token of the principal that is attempting to access the roles.

principal - MetaMatrixPrincipalName for which roles are sought

Returns:

The Collection of role names the principal is assigned.

Throws:

InvalidSessionException - if the administrative session is invalid

MetaMatrixSecurityException - if there is a problem internally with the MembershipService

AuthorizationException - if administrator does not have the authority to see the requested information

ComponentNotFoundException - if a component required by this method could not be found within the server

AuthorizationMgmtException

removePrincipalFromAllPolicies

boolean removePrincipalFromAllPolicies(SessionToken caller,
                                       MetaMatrixPrincipalName principal)
                                       throws AuthorizationException,
                                              AuthorizationMgmtException

Remove given Principal from ALL AuthorizationPolicies to which he belongs.

Parameters:

caller - the session token of the principal that is attempting to remove the Principal.

principal - MetaMatrixPrincipalName which should be deleted.

Returns:

true if at least one policy in which the principal had authorization was found and deleted, false otherwise.

Throws:

AuthorizationException - if administrator does not have the authority to perform the action.

AuthorizationMgmtException - if an error occurs in the Authorization store.

getPolicyIDsWithPermissionsInRealm

java.util.Collection getPolicyIDsWithPermissionsInRealm(SessionToken caller,
                                                        AuthorizationRealm realm)
                                                        throws AuthorizationException,
                                                               AuthorizationMgmtException

Returns a Collection of AuthorizationPolicyIDs that have AuthorizationPermissions in the given AuthorizationRealm.
NOTE: It is the responsibility of the caller to determine which of the AuthorizationPolicy's AuthorizationPermissions are actually in the given AuthorizationRealm. The AuthorizationPolicy may span AuthorizationRealms.

Parameters:

caller - The session token of the principal that is attempting to retrieve the policies.

realm - The realm in which to search for AuthorizationPermissions.

Returns:

The collection of AuthorizationPolicyIDs that have permissions in the given realm - possibly empty but never null.

Throws:

AuthorizationException - if administrator does not have the authority to perform the action.

AuthorizationMgmtException - if an error occurs in the Authorization store.

getPolicyIDsInRealm

java.util.Collection getPolicyIDsInRealm(SessionToken caller,
                                         AuthorizationRealm realm)
                                         throws AuthorizationException,
                                                AuthorizationMgmtException

Returns a Collection of AuthorizationPolicyIDs in the given AuthorizationRealm.
This method will only work for Data Access Authorizations because the realm is encoded in a Data Access policy name. NOTE: It is the responsibility of the caller to determine which of the AuthorizationPolicy's AuthorizationPermissions are actually in the given AuthorizationRealm. The AuthorizationPolicy may span AuthorizationRealms.

Parameters:

caller - The session token of the principal that is attempting to retrieve the policies.

realm - The realm in which to search for AuthorizationPermissions.

Returns:

The collection of AuthorizationPolicyIDs that have permissions in the given realm - possibly empty but never null.

Throws:

AuthorizationException - if administrator does not have the authority to perform the action.

AuthorizationMgmtException - if an error occurs in the Authorization store.

getPoliciesInRealm

java.util.Collection getPoliciesInRealm(SessionToken caller,
                                        AuthorizationRealm realm)
                                        throws AuthorizationException,
                                               AuthorizationMgmtException

Returns a Collection of AuthorizationPolicys that have AuthorizationPermissions in the given AuthorizationRealm.
NOTE: It is the responsibility of the caller to determine which of the AuthorizationPolicy's AuthorizationPermissions are actually in the given AuthorizationRealm. The AuthorizationPolicy may span AuthorizationRealms.

Parameters:

caller - The session token of the principal that is attempting to retrieve the policies.

realm - The realm in which to search for AuthorizationPermissions.

Returns:

The collection of AuthorizationPolicys that have permissions in the given realm - possibly empty but never null.

Throws:

AuthorizationException - if administrator does not have the authority to perform the action.

AuthorizationMgmtException - if an error occurs in the Authorization store.

getPolicyIDsInPartialRealm

java.util.Collection getPolicyIDsInPartialRealm(SessionToken caller,
                                                AuthorizationRealm realm)
                                                throws AuthorizationException,
                                                       AuthorizationMgmtException

Returns a Collection of AuthorizationPolicyIDs that have AuthorizationPermissions that exist in the given partial AuthorizationRealm.
The implementation is such that all AuthorizationPolicyIDs whose AuthorizationRealm starts with the given AuthorizationRealm are returned.

Parameters:

caller - The session token of the principal that is attempting to retrieve the policies.

realm - The partial realm in which to search for AuthorizationPermissions whose realm name starts with the given realm.

Returns:

The collection of AuthorizationPolicyIDs that have permissions in the given partial realm - possibly empty but never null.

Throws:

AuthorizationException - if administrator does not have the authority to perform the action.

AuthorizationMgmtException - if an error occurs in the Authorization store.

getPolicIDsForResourceInRealm

java.util.Collection getPolicIDsForResourceInRealm(SessionToken caller,
                                                   AuthorizationRealm realm,
                                                   java.lang.String resourceName)
                                                   throws AuthorizationException,
                                                          AuthorizationMgmtException

Returns a Collection of AuthorizationPolicyIDs that have AuthorizationPermissions on the given resource that exists in the given AuthorizationRealm.

Parameters:

caller - The session token of the principal that is attempting to retrieve the policies.

realm - The realm in which to search for AuthorizationPermissions.

resourceName - The resource for which to search for AuthorizationPermissions.

Returns:

The collection of AuthorizationPolicyIDs that have permissions on the given resource - possibly empty but never null.

Throws:

AuthorizationException - if administrator does not have the authority to perform the action.

AuthorizationMgmtException - if an error occurs in the Authorization store.

hasPolicy

boolean hasPolicy(SessionToken caller,
                  AuthorizationRealm realm,
                  java.lang.String policyName)
                  throws AuthorizationMgmtException,
                         InvalidUserException,
                         MembershipServiceException

Throws:

AuthorizationMgmtException

InvalidUserException

MembershipServiceException

migratePolicies

void migratePolicies(SessionToken token,
                     EntitlementMigrationReport rpt,
                     java.lang.String targetVDBName,
                     java.lang.String targetVDBVersion,
                     java.util.Set targetNodes,
                     java.util.Collection sourcePolicies,
                     AdminOptions options)
                     throws MetaMatrixComponentException,
                            InvalidSessionException,
                            AuthorizationException,
                            AuthorizationMgmtException

Throws:

MetaMatrixComponentException

InvalidSessionException

AuthorizationException

AuthorizationMgmtException

fillPermissionNodeTree

PermissionDataNode fillPermissionNodeTree(PermissionDataNode root,
                                          AuthorizationPolicyID policyID)
                                          throws AuthorizationMgmtException

Takes a tree of PermissionDataNodeImpls that have their Resources filled in and fills in all permissions on resources that are found in the given AuthorizationPolicyID.

If any permissions are found that have no corresponding data node, a AuthorizationMgmtException is thrown noting the missing resource name(s).

Parameters:

root - The node containing the resource (group or element full name) for which to search for permission(s).

realm - The realm in which to search.

tree - The tree of PermissionDataNodes to fill in permissions for.

Returns:

The root of the filled in tree. If no permissions exist, the original is returned as the sole element in the list.

Throws:

AuthorizationMgmtException - if there is a connection or communication error with the data source, signifying that the method should be retried with a different connection; if there is an unspecified or unknown error with the data source; or one or more permissions were found but a corresponding PermissionDataNodeImpl could not be found.