Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.metamatrix.platform.security.authorization.spi.jdbc
Class JDBCAuthorizationTransaction

java.lang.Object
  extended by com.metamatrix.common.connection.BaseTransaction
      extended by com.metamatrix.platform.security.authorization.spi.jdbc.JDBCAuthorizationTransaction
All Implemented Interfaces:
TransactionInterface, AuthorizationSourceTransaction
public class JDBCAuthorizationTransaction
extends BaseTransaction
implements AuthorizationSourceTransaction

Method Summary
 void addPermissionsWithResourcesToParent(java.lang.String parent, java.util.Collection resources, AuthorizationRealm realm)
          Add the given resources as AuthorizationPermissions to existing AuthorizationPolicies that have a permission with the given parent as a resource.
 boolean containsPolicy(AuthorizationPolicyID id)
          Return whether there is an existing policy with the specified ID.
 java.util.Set executeActions(AuthorizationPolicyID targetPolicyID, java.util.List actions, java.lang.String grantor)
          Execute the actions on given object.
 void executeBatch(java.lang.String sql, java.util.List paramData)
           
 java.util.Collection findAllPolicyIDs()
          Locate the IDs of all of the policies that are accessible by the caller.
 java.util.Collection findPolicyIDs(java.util.Collection principals)
          Locate the IDs of all of the policies that apply to the specified principals.
 java.util.Collection findPolicyIDs(java.util.Collection principals, AuthorizationRealm realm)
          Locate the IDs of all of the policies that apply to the specified principals and are in the given realm.
 java.util.Collection getDependantPermissions(AuthorizationPermission request)
          Get the collection of permissions whose resources are dependant on the given permision.
 java.util.Map getElementEntitlements(AuthorizationRealm realm, java.lang.String elementNamePattern)
          Returns a compound List of entitlements to the given fully qualified element in the given realm.
 java.util.Map getGroupEntitlements(AuthorizationRealm realm, java.lang.String fullyQualifiedGroupName)
          Returns a compound List of entitlements to the given fully qualified group in the given realm.
 java.util.Set getPermissionsForPolicy(AuthorizationPolicyID policyID)
          Find and create all AuthorizationPermissionsImpl known to a policy.
 java.util.Collection getPolicies(java.util.Collection policyIDs)
          Locate the policies that have the specified IDs.
 AuthorizationPolicy getPolicy(AuthorizationPolicyID policyID)
          Locate the policy that has the specified ID.
 java.util.Collection getPolicyIDsForResourceInRealm(AuthorizationRealm realm, java.lang.String resourceName)
          Returns a Collection of AuthorizationPolicyIDs that have AuthorizationPermissionsImpl on the given resource that exists in the given AuthorizationRealm.
 java.util.Collection getPolicyIDsInPartialRealm(AuthorizationRealm realm)
          Returns a Collection of AuthorizationPolicyIDs that have AuthorizationPermissionsImpl that exist in the given partial AuthorizationRealm.
The implementation is such that all AuthorizationPolicyIDs whose AuthorizationRealm starts with the given AuthorizationRealm are returned.
 java.util.Collection getPolicyIDsInRealm(AuthorizationRealm realm)
          Returns a Collection of AuthorizationPolicyIDs in the given AuthorizationRealm.
 java.util.Collection getPolicyIDsWithPermissionsInRealm(AuthorizationRealm realm)
          Returns a Collection of AuthorizationPolicyIDs that have AuthorizationPermissions in the given AuthorizationRealm.
NOTE: It is the responsibility of the caller to determine which of the AuthorizationPolicy's AuthorizationPermissions are actually in the given AuthorizationRealm.
protected  java.lang.Number getPolicyUID(AuthorizationPolicyID policyID)
          Get the Database UID for the given policID.
 java.util.Collection getPrincipalsForRole(java.lang.String roleName)
          Returns a collection MetaMatrixPrincipalName objects containing the name of the principal along with its type which belong to the given role.
 java.util.Collection getRealmNames()
          Obtain the names of all of the realms known to the system.
protected  java.lang.Number getRealmUID(AuthorizationRealm realm)
           
 java.util.Map getRoleDescriptions()
          Returns a Map of String Metamatrix role names to String descriptions of each role.
 java.util.Collection getRoleNamesForPrincipal(java.util.Collection principals)
          Returns a Collection of String names of MetaMatrix roles which the given principal belongs to
protected  void removePermissionsForRealm(java.lang.Number realmUID)
          Remove entries from AUTHPERMISSIONS for the specified realm
 void removePermissionsWithResources(java.util.Collection resources, AuthorizationRealm realm)
          Remove all permissions in the system that are on the given resources.
protected  void removePoliciesForRealm(AuthorizationRealm realm)
          Remove entries from AUTHPOLICIES for the specified realm
 boolean removePrincipalFromAllPolicies(MetaMatrixPrincipalName principal)
          Remove given Principal from ALL AuthorizationPolicies to which he belongs.
 void removePrincipalsAndPoliciesForRealm(AuthorizationRealm realm)
          Remove entries from AUTHREALM, AUTHPERMISSIONS, AUTHPOLICIES, AUTHPRINCIPALS for the specified realm
protected  void removePrincipalsForRealm(AuthorizationRealm realm)
          Remove entries from AUTHPRINCIPALS for the specified realm
protected  void removeRealm(java.lang.Number realmUID)
          Remove the specified entry from AUTHREALM
 
Methods inherited from class com.metamatrix.common.connection.BaseTransaction
close, commit, finalize, getConnection, getRollbackOnFinalize, isClosed, isEnded, isReadonly, rollback, setRollbackOnFinalize
 
Methods inherited from class java.lang.Object
clone, equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface com.metamatrix.platform.security.authorization.spi.AuthorizationSourceTransaction
close
 
Methods inherited from interface com.metamatrix.common.connection.TransactionInterface
commit, isClosed, isReadonly, rollback
 

Method Detail

addPermissionsWithResourcesToParent

public void addPermissionsWithResourcesToParent(java.lang.String parent,
                                                java.util.Collection resources,
                                                AuthorizationRealm realm)
                                         throws AuthorizationSourceConnectionException,
                                                AuthorizationSourceException
Add the given resources as AuthorizationPermissions to existing AuthorizationPolicies that have a permission with the given parent as a resource. Use the parent's AuthorizationActions to create the permission for each resource.

Specified by:
addPermissionsWithResourcesToParent in interface AuthorizationSourceTransaction
Parameters:
parent - The uuid of the resource that will be the parent of the given resources.
resources - The uuids of the newly added resources.
realm - Confine the resources to this realm.
Throws:
AuthorizationSourceConnectionException
AuthorizationSourceException

removePermissionsWithResources

public void removePermissionsWithResources(java.util.Collection resources,
                                           AuthorizationRealm realm)
                                    throws AuthorizationSourceConnectionException,
                                           AuthorizationSourceException
Remove all permissions in the system that are on the given resources.

Specified by:
removePermissionsWithResources in interface AuthorizationSourceTransaction
Parameters:
resources - The resource names of the resources to be removed.
realm - Confines the resource names to this realm.
Throws:
AuthorizationSourceConnectionException
AuthorizationSourceException

getDependantPermissions

public java.util.Collection getDependantPermissions(AuthorizationPermission request)
                                             throws AuthorizationSourceConnectionException,
                                                    AuthorizationSourceException
Get the collection of permissions whose resources are dependant on the given permision. The returned collection will contain a permission for each dependant resource all having the actions of the original request. The search is scoped to the AuthorizationRealm of the given request.

Specified by:
getDependantPermissions in interface AuthorizationSourceTransaction
Parameters:
request - The permission for which to find dependants.
Returns:
A Collection of dependant permissions all with the actions of the given request. Note: always contains the original permission.
Throws:
AuthorizationSourceConnectionException
AuthorizationSourceException

getGroupEntitlements

public java.util.Map getGroupEntitlements(AuthorizationRealm realm,
                                          java.lang.String fullyQualifiedGroupName)
                                   throws AuthorizationSourceConnectionException,
                                          AuthorizationSourceException
Returns a compound List of entitlements to the given fully qualified group in the given realm. The returned List will be comprised of a Lists of 6 elements.
They are, in order:
  1. VDB Name
  2. VDB Version
  3. Group Name (fully qualified)
  4. Grantor
  5. Grantee - of type MetaMatrixPrincipalName
  6. Allowed Action (one or more of {CREATE, READ, UPDATE, DELETE})

Specified by:
getGroupEntitlements in interface AuthorizationSourceTransaction
Parameters:
realm - The realm in which the group must live.
fullyQualifiedGroupName - The resource for which to look up permissions.
Returns:
The List of entitlements to the given group in the given realm - May be empty but never null.
Throws:
AuthorizationSourceConnectionException - if there is an error communicating with the source.
AuthorizationSourceException - if there is an unspecified error.

getElementEntitlements

public java.util.Map getElementEntitlements(AuthorizationRealm realm,
                                            java.lang.String elementNamePattern)
                                     throws AuthorizationSourceConnectionException,
                                            AuthorizationSourceException
Returns a compound List of entitlements to the given fully qualified element in the given realm. The returned List will be comprised of a Lists of 7 elements.
They are, in order:
  1. VDB Name
  2. VDB Version
  3. Group Name (fully qualified)
  4. Element
  5. Grantor
  6. Grantee - of type MetaMatrixPrincipalName
  7. Allowed Action (one or more of {CREATE, READ, UPDATE, DELETE})

Specified by:
getElementEntitlements in interface AuthorizationSourceTransaction
Parameters:
realm - The realm in which the element must live.
elementNamePattern - The resource for which to look up permissions.
Returns:
The List of entitlements to the given element in the given realm - May be empty but never null.
Throws:
AuthorizationSourceConnectionException - if there is an error communicating with the source.
AuthorizationSourceException - if there is an unspecified error.

getRealmNames

public java.util.Collection getRealmNames()
                                   throws AuthorizationSourceConnectionException,
                                          AuthorizationSourceException
Obtain the names of all of the realms known to the system.

Specified by:
getRealmNames in interface AuthorizationSourceTransaction
Returns:
the collection of realm names
Throws:
AuthorizationSourceConnectionException
AuthorizationSourceException

getRoleDescriptions

public java.util.Map getRoleDescriptions()
                                  throws AuthorizationSourceConnectionException,
                                         AuthorizationSourceException
Returns a Map of String Metamatrix role names to String descriptions of each role.

Specified by:
getRoleDescriptions in interface AuthorizationSourceTransaction
Returns:
Map of String role names to String role descriptions
Throws:
AuthorizationSourceConnectionException - if there is an error communicating with the source.
AuthorizationSourceException - if there is an unspecified error.

getPrincipalsForRole

public java.util.Collection getPrincipalsForRole(java.lang.String roleName)
                                          throws AuthorizationSourceConnectionException,
                                                 AuthorizationSourceException
Returns a collection MetaMatrixPrincipalName objects containing the name of the principal along with its type which belong to the given role. MetaMatrixPrincipalName

Specified by:
getPrincipalsForRole in interface AuthorizationSourceTransaction
Parameters:
roleName - String name of MetaMatrix role for which principals are sought
Returns:
The collection of MetaMatrixPrincipalNames who are in the given role, possibly enpty, never null.
Throws:
AuthorizationSourceConnectionException - if there is an connection or communication error with the data source, signifying that the method should be retried with a different connection.
AuthorizationSourceException - if there is an unspecified or unknown error with the data source.

getRoleNamesForPrincipal

public java.util.Collection getRoleNamesForPrincipal(java.util.Collection principals)
                                              throws AuthorizationSourceConnectionException,
                                                     AuthorizationSourceException
Returns a Collection of String names of MetaMatrix roles which the given principal belongs to

Specified by:
getRoleNamesForPrincipal in interface AuthorizationSourceTransaction
Parameters:
principals - MetaMatrixPrincipalNames of a principal and any group memberships for which roles are sought
Returns:
The collection of role names belonging to the given principal, possibly enpty, never null.
Throws:
AuthorizationSourceConnectionException - if there is an connection or communication error with the data source, signifying that the method should be retried with a different connection.
AuthorizationSourceException - if there is an unspecified or unknown error with the data source.

containsPolicy

public boolean containsPolicy(AuthorizationPolicyID id)
                       throws AuthorizationSourceConnectionException,
                              AuthorizationSourceException
Return whether there is an existing policy with the specified ID.

Specified by:
containsPolicy in interface AuthorizationSourceTransaction
Parameters:
id - the ID that is to be checked
Returns:
true if a policy with the specified ID exists
Throws:
AuthorizationSourceConnectionException - if there is an connection or communication error with the data source, signifying that the method should be retried with a different connection.
AuthorizationSourceException - if there is an unspecified or unknown error with the data source.

findAllPolicyIDs

public java.util.Collection findAllPolicyIDs()
                                      throws AuthorizationSourceConnectionException,
                                             AuthorizationSourceException
Locate the IDs of all of the policies that are accessible by the caller.

Specified by:
findAllPolicyIDs in interface AuthorizationSourceTransaction
Returns:
the set of all policy IDs
Throws:
AuthorizationSourceConnectionException - if there is an connection or communication error with the data source, signifying that the method should be retried with a different connection.
AuthorizationSourceException - if there is an unspecified or unknown error with the data source.

getPolicyIDsWithPermissionsInRealm

public java.util.Collection getPolicyIDsWithPermissionsInRealm(AuthorizationRealm realm)
                                                        throws AuthorizationSourceConnectionException,
                                                               AuthorizationSourceException
Returns a Collection of AuthorizationPolicyIDs that have AuthorizationPermissions in the given AuthorizationRealm.
NOTE: It is the responsibility of the caller to determine which of the AuthorizationPolicy's AuthorizationPermissions are actually in the given AuthorizationRealm. The AuthorizationPolicy may span AuthorizationRealms.

Specified by:
getPolicyIDsWithPermissionsInRealm in interface AuthorizationSourceTransaction
Parameters:
realm - The realm in which to search for AuthorizationPermissions.
Returns:
The collection of AuthorizationPolicyIDs that have permissions in the given realm - possibly empty but never null.
Throws:
AuthorizationSourceConnectionException - if there is an connection or communication error with the data source, signifying that the method should be retried with a different connection.
AuthorizationSourceException - if there is an unspecified or unknown error with the data source.

getPolicyIDsInRealm

public java.util.Collection getPolicyIDsInRealm(AuthorizationRealm realm)
                                         throws AuthorizationSourceConnectionException,
                                                AuthorizationSourceException
Returns a Collection of AuthorizationPolicyIDs in the given AuthorizationRealm.
This method will only work for Data Access Authorizations because the realm is encoded in a Data Access policy name. NOTE: It is the responsibility of the caller to determine which of the AuthorizationPolicy's AuthorizationPermissions are actually in the given AuthorizationRealm. The AuthorizationPolicy may span AuthorizationRealms.

Specified by:
getPolicyIDsInRealm in interface AuthorizationSourceTransaction
Parameters:
realm - The realm in which to search for AuthorizationPermissions.
Returns:
The collection of AuthorizationPolicyIDs that have permissions in the given realm - possibly empty but never null.
Throws:
AuthorizationSourceConnectionException - if there is an connection or communication error with the data source, signifying that the method should be retried with a different connection.
AuthorizationSourceException - if there is an unspecified or unknown error with the data source.

getPolicyIDsInPartialRealm

public java.util.Collection getPolicyIDsInPartialRealm(AuthorizationRealm realm)
                                                throws AuthorizationSourceConnectionException,
                                                       AuthorizationSourceException
Returns a Collection of AuthorizationPolicyIDs that have AuthorizationPermissionsImpl that exist in the given partial AuthorizationRealm.
The implementation is such that all AuthorizationPolicyIDs whose AuthorizationRealm starts with the given AuthorizationRealm are returned.

Specified by:
getPolicyIDsInPartialRealm in interface AuthorizationSourceTransaction
Parameters:
realm - The partial realm in which to search for AuthorizationPermissions whose realm name starts with the given realm.
Returns:
The collection of AuthorizationPolicyIDs that have permissions in the given partial realm - possibly empty but never null.
Throws:
AuthorizationSourceConnectionException - if there is an connection or communication error with the data source, signifying that the method should be retried with a different connection.
AuthorizationSourceException - if there is an unspecified or unknown error with the data source.

findPolicyIDs

public java.util.Collection findPolicyIDs(java.util.Collection principals,
                                          AuthorizationRealm realm)
                                   throws AuthorizationSourceConnectionException,
                                          AuthorizationSourceException
Locate the IDs of all of the policies that apply to the specified principals and are in the given realm.

Specified by:
findPolicyIDs in interface AuthorizationSourceTransaction
Parameters:
principals - the Set of MetaMatrixPrincipalName to whom the returned policies should apply to (may not null, empty or invalid, all of which would result in an empty result).
realm - The applicable realm in which to search for policies.
Returns:
the set of all policy IDs; never null but possibly empty
Throws:
AuthorizationSourceConnectionException - if there is an connection or communication error with the data source, signifying that the method should be retried with a different connection.
AuthorizationSourceException - if there is an unspecified or unknown error with the data source.

findPolicyIDs

public java.util.Collection findPolicyIDs(java.util.Collection principals)
                                   throws AuthorizationSourceConnectionException,
                                          AuthorizationSourceException
Locate the IDs of all of the policies that apply to the specified principals.

Specified by:
findPolicyIDs in interface AuthorizationSourceTransaction
Parameters:
principals - the Set of MetaMatrixPrincipalName to whom the returned policies should apply to (may not null, empty or invalid, all of which would result in an empty result).
Returns:
the set of all policy IDs; never null but possibly empty
Throws:
AuthorizationSourceConnectionException - if there is an connection or communication error with the data source, signifying that the method should be retried with a different connection.
AuthorizationSourceException - if there is an unspecified or unknown error with the data source.

getPolicyIDsForResourceInRealm

public java.util.Collection getPolicyIDsForResourceInRealm(AuthorizationRealm realm,
                                                           java.lang.String resourceName)
                                                    throws AuthorizationSourceConnectionException,
                                                           AuthorizationSourceException
Returns a Collection of AuthorizationPolicyIDs that have AuthorizationPermissionsImpl on the given resource that exists in the given AuthorizationRealm.

Specified by:
getPolicyIDsForResourceInRealm in interface AuthorizationSourceTransaction
Parameters:
realm - The realm in which to search for AuthorizationPermissions.
resourceName - The resource for which to search for AuthorizationPermissions.
Returns:
The collection of AuthorizationPolicyIDs that have permissions on the given resource - possibly empty but never null.
Throws:
AuthorizationSourceConnectionException - if there is an connection or communication error with the data source, signifying that the method should be retried with a different connection.
AuthorizationSourceException - if there is an unspecified or unknown error with the data source.

getPolicies

public java.util.Collection getPolicies(java.util.Collection policyIDs)
                                 throws AuthorizationSourceConnectionException,
                                        AuthorizationSourceException
Locate the policies that have the specified IDs. Any ID that is invalid is simply ignored.

Specified by:
getPolicies in interface AuthorizationSourceTransaction
Parameters:
policyIDs - the policy IDs for which the policies are to be obtained
Returns:
the set of entitlements that correspond to those specified IDs that are valid
Throws:
AuthorizationSourceConnectionException - if there is an connection or communication error with the data source, signifying that the method should be retried with a different connection.
AuthorizationSourceException - if there is an unspecified or unknown error with the data source.

getPolicy

public AuthorizationPolicy getPolicy(AuthorizationPolicyID policyID)
                              throws AuthorizationSourceConnectionException,
                                     AuthorizationSourceException
Locate the policy that has the specified ID. Any ID that is invalid is simply ignored. specified policies

Specified by:
getPolicy in interface AuthorizationSourceTransaction
Parameters:
policyID - the ID of the policy to be obtained
Returns:
the policy that correspond to the specified ID
Throws:
AuthorizationSourceConnectionException - if there is an connection or communication error with the data source, signifying that the method should be retried with a different connection.
AuthorizationSourceException - if there is an unspecified or unknown error with the data source.

getPermissionsForPolicy

public java.util.Set getPermissionsForPolicy(AuthorizationPolicyID policyID)
                                      throws AuthorizationSourceConnectionException,
                                             AuthorizationSourceException
Find and create all AuthorizationPermissionsImpl known to a policy.

Specified by:
getPermissionsForPolicy in interface AuthorizationSourceTransaction
Parameters:
policyID - The policy indentifier.
Returns:
The set of all permissions that belong to the given policy.
Throws:
AuthorizationSourceConnectionException
AuthorizationSourceException

removePrincipalFromAllPolicies

public boolean removePrincipalFromAllPolicies(MetaMatrixPrincipalName principal)
                                       throws AuthorizationSourceConnectionException,
                                              AuthorizationSourceException
Remove given Principal from ALL AuthorizationPolicies to which he belongs.

Specified by:
removePrincipalFromAllPolicies in interface AuthorizationSourceTransaction
Parameters:
principal - MetaMatrixPrincipalName which should be deleted.
Returns:
true if at least one policy in which the principal had authorization was found and deleted, false otherwise.
Throws:
AuthorizationSourceConnectionException - if there is an connection or communication error with the data source, signifying that the method should be retried with a different connection.
AuthorizationSourceException - if there is an unspecified or unknown error with the data source.

executeActions

public java.util.Set executeActions(AuthorizationPolicyID targetPolicyID,
                                    java.util.List actions,
                                    java.lang.String grantor)
                             throws AuthorizationSourceConnectionException,
                                    AuthorizationSourceException,
                                    AuthorizationSourceException
Execute the actions on given object.

Specified by:
executeActions in interface AuthorizationSourceTransaction
Parameters:
targetPolicyID - The ID of the policy on which to execute the transactions.
actions - The list of actions to execute.
grantor - The principal name of the policy grantor.
Returns:
The set of objects effected by this method.
Throws:
AuthorizationSourceConnectionException - if there is an connection or communication error with the data source, signifying that the method should be retried with a different connection.
AuthorizationSourceException - if there is an unspecified or unknown error with the data source.

removePrincipalsAndPoliciesForRealm

public void removePrincipalsAndPoliciesForRealm(AuthorizationRealm realm)
                                         throws AuthorizationSourceException
Remove entries from AUTHREALM, AUTHPERMISSIONS, AUTHPOLICIES, AUTHPRINCIPALS for the specified realm

Specified by:
removePrincipalsAndPoliciesForRealm in interface AuthorizationSourceTransaction
Parameters:
realm -
Throws:
java.sql.SQLException
AuthorizationSourceException
Since:
4.3

removePermissionsForRealm

protected void removePermissionsForRealm(java.lang.Number realmUID)
                                  throws java.sql.SQLException
Remove entries from AUTHPERMISSIONS for the specified realm

Parameters:
realmUID -
Throws:
java.sql.SQLException
Since:
4.3

removeRealm

protected void removeRealm(java.lang.Number realmUID)
                    throws java.sql.SQLException
Remove the specified entry from AUTHREALM

Parameters:
realmUID -
Throws:
java.sql.SQLException
Since:
4.3

removePrincipalsForRealm

protected void removePrincipalsForRealm(AuthorizationRealm realm)
                                 throws java.sql.SQLException
Remove entries from AUTHPRINCIPALS for the specified realm

Parameters:
realmUID -
Throws:
java.sql.SQLException
Since:
4.3

removePoliciesForRealm

protected void removePoliciesForRealm(AuthorizationRealm realm)
                               throws java.sql.SQLException
Remove entries from AUTHPOLICIES for the specified realm

Parameters:
realmUID -
Throws:
java.sql.SQLException
Since:
4.3

getPolicyUID

protected java.lang.Number getPolicyUID(AuthorizationPolicyID policyID)
                                 throws AuthorizationSourceException,
                                        java.sql.SQLException
Get the Database UID for the given policID.

Throws:
AuthorizationSourceException
java.sql.SQLException

getRealmUID

protected java.lang.Number getRealmUID(AuthorizationRealm realm)
                                throws AuthorizationSourceException
Throws:
AuthorizationSourceException

executeBatch

public void executeBatch(java.lang.String sql,
                         java.util.List paramData)
                  throws java.sql.SQLException
Throws:
java.sql.SQLException
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2009. All Rights Reserved.