com.bea.p13n.entitlements.management
Class RolePolicyManager

java.lang.Object
  com.bea.p13n.entitlements.management.RolePolicyManager

public class RolePolicyManager

extends Object

Provides access to methods for performing role policy management including create, read, modify, and delete actions. Adds methods for managing custom predicate extensions of the entitlements engine. Eases the management of scoped role policies for application controlled scope.

Constructor Summary

RolePolicyManager()

Method Summary

static void	createRolePolicy(RolePolicyItem aRolePolicyItem) Creates a new role policy.
static RolePolicyItem	getRolePolicy(RolePolicyItem aRolePolicyItem) Retrieves an existing role policy.
static Object[][]	listRolesForResource(int aResourceScope, String anEntAppName, String aWebAppName, String aResourceId) Finds all available role policies given a resourceId and a scope.
static String[]	listRolesForResource(String anEntAppName, String aWebAppName, String aResourceId) Finds all available role policies given a resourceId.
static void	removeRolePolicy(RolePolicyItem aRolePolicyItem) Removes an existing role policy.
static boolean	rolePolicyExists(RolePolicyItem aRolePolicyItem) Tests for an existing role policy.
static boolean	rolePolicyHasRefs(RolePolicyItem aRolePolicyItem) Checks whether a given Role Policy is currently referenced (i.e. being used by) any Security Policies.
static void	setRolePolicy(RolePolicyItem aRolePolicyItem) Updates an existing role policy.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

RolePolicyManager

public RolePolicyManager()

Method Detail

createRolePolicy

public static void createRolePolicy(RolePolicyItem aRolePolicyItem)
                             throws com.bea.p13n.entitlements.common.PolicyExistsException,
                                    com.bea.p13n.entitlements.common.PolicyCreateException,
                                    com.bea.p13n.entitlements.common.PolicyNotFoundException,
                                    com.bea.p13n.entitlements.common.PolicyException

Creates a new role policy. A role policy may be predicated on one or more user ids, user group names, and/or a custom predicate. Prior to trying to persist a new role policy, this method will check the RolePolicyItem to insure all mandatory fields have been initialized. Mandatory fields are: 1) aResourceScope, 2) (depending on the value of aResourceScope) anEntAppName, aWebAppName, aResourceId, 3) (at least one of) aUserList, aGroupList, aRoleSegmentName, 4) aRoleName.

Parameters:

aRolePolicyItem - The object containing the required and optional role policy attributes

Throws:

com.bea.p13n.entitlements.common.InvalidArgsException

com.bea.p13n.entitlements.common.PolicyExistsException

com.bea.p13n.entitlements.common.PolicyCreateException

com.bea.p13n.entitlements.common.PolicyNotFoundException

com.bea.p13n.entitlements.common.PolicyException

getRolePolicy

public static RolePolicyItem getRolePolicy(RolePolicyItem aRolePolicyItem)
                                    throws com.bea.p13n.entitlements.common.PolicyNotFoundException,
                                           com.bea.p13n.entitlements.common.PolicyException

Retrieves an existing role policy. Prior to trying to retrieve the role policy, this method will check the RolePolicyItem to insure all mandatory fields have been initialized. Mandatory fields are: 1) aResourceScope, 2) (depending on the value of aResourceScope) anEntAppName, aWebAppName, aResourceId, 3) aRoleName.

The returned RolePolicyItem may be used to hold local updates to user lists, group lists, and role segment name changes prior to persisting changes using the setRolePolicy() method.

Parameters:

aRolePolicyItem - The object containing the required and optional role policy attributes

Returns:

RolePolicyItem or null if none found

Throws:

com.bea.p13n.entitlements.common.InvalidArgsException

com.bea.p13n.entitlements.common.PolicyNotFoundException

com.bea.p13n.entitlements.common.PolicyException

listRolesForResource

public static Object[][] listRolesForResource(int aResourceScope,
                                              String anEntAppName,
                                              String aWebAppName,
                                              String aResourceId)

Finds all available role policies given a resourceId and a scope. Instead of just returning role policies associated at the resource Id (leaf) node, this method may be used to get a full list of role policy names associated with the resource taxonomy given as an input scope.

Parameters:

aResourceScope - A global, enterprise, webapp, or application scope defined by the EntitlementConstants class.

anEntAppName - Enterprise Application name

aWebAppName - Webapp name. Unused for Global role inheritance

aResourceId - Application defined resource ID

Returns:

An 2D array of all the role policy names that have been persisted against the given resource id and those also inherited by the resource given its taxonomy. The zero'th element [i][0] contains the P13nResource where the String role name (elements [i][1..n]) were found.

listRolesForResource

public static String[] listRolesForResource(String anEntAppName,
                                            String aWebAppName,
                                            String aResourceId)

Finds all available role policies given a resourceId. Returns role policies associated at the resource Id node, only (i.e. the leaf role scope).

Parameters:

anEntAppName - Enterprise Application name

aResourceId - Application defined resource ID

aWebAppName - Webapp name. Unused for Global role inheritance

Returns:

An 2D array of all the role policy names that have been persisted against the given resource id and those also inherited by the resource given its taxonomy. The zero'th element [i][0] contains the P13nResource where the String role name (elements [i][1..n]) were found.

removeRolePolicy

public static void removeRolePolicy(RolePolicyItem aRolePolicyItem)
                             throws com.bea.p13n.entitlements.common.PolicyRemoveException,
                                    com.bea.p13n.entitlements.common.PolicyNotFoundException

Removes an existing role policy. Prior to trying to remove the role policy, this method will check the RolePolicyItem to insure all mandatory fields have been initialized. Mandatory fields are: 1) aResourceScope, 2) (depending on the value of aResourceScope) anEntAppName, aWebAppName, aResourceId, 3) aRoleName. This method should not be called if there are security policies in existence that refer to the role to be deleted. Check for policy references first using rolePolicyHasRefs().

Parameters:

aRolePolicyItem - The object containing the required role policy attributes

Throws:

com.bea.p13n.entitlements.common.InvalidArgsException

com.bea.p13n.entitlements.common.PolicyNotFoundException

com.bea.p13n.entitlements.common.PolicyRemoveException

rolePolicyExists

public static boolean rolePolicyExists(RolePolicyItem aRolePolicyItem)

Tests for an existing role policy. This method will check the RolePolicyItem to insure all mandatory fields have been initialized. Mandatory fields are: 1) aResourceScope, 2) (depending on the value of aResourceScope) anEntAppName, aWebAppName, aResourceId, 3) aRoleName.

Parameters:

aRolePolicyItem - The object containing the required role policy attributes

Returns:

True if policy exists, otherwise false

Throws:

com.bea.p13n.entitlements.common.InvalidArgsException

rolePolicyHasRefs

public static boolean rolePolicyHasRefs(RolePolicyItem aRolePolicyItem)
                                 throws com.bea.p13n.entitlements.common.PolicyRefException

Checks whether a given Role Policy is currently referenced (i.e. being used by) any Security Policies.

Parameters:

aRolePolicyItem - The object containing the required and optional role policy attributes

Returns:

boolean True if any Security Policies reference the Role Policy

Throws:

com.bea.p13n.entitlements.common.InvalidArgsException

com.bea.p13n.entitlements.common.PolicyRefException

setRolePolicy

public static void setRolePolicy(RolePolicyItem aRolePolicyItem)
                          throws com.bea.p13n.entitlements.common.PolicyExpressionException,
                                 com.bea.p13n.entitlements.common.PolicyNotFoundException,
                                 com.bea.p13n.entitlements.common.PolicyExistsException,
                                 com.bea.p13n.entitlements.common.PolicyCreateException,
                                 com.bea.p13n.entitlements.common.PolicyException

Updates an existing role policy. Prior to trying to update the role policy, this method will check the RolePolicyItem to insure all mandatory fields have been initialized. Mandatory fields are: 1) aResourceScope, 2) (depending on the value of aResourceScope) anEntAppName, aWebAppName, aResourceId, 3) (at least one of) aUserList, aGroupList, aRoleSegmentName, 4) aRoleName.

Note that if the aRolePolicyItem instance was retrieved using getRolePolicy(), all mandatory fields will already be initialized. The only fields that are updateable in the persisted role policy are the aUserList, aGroupList, and aRoleSegmentName.

Parameters:

aRolePolicyItem - The object containing the required and optional role policy attributes

Throws:

com.bea.p13n.entitlements.common.InvalidArgsException

com.bea.p13n.entitlements.common.PolicyExpressionException

com.bea.p13n.entitlements.common.PolicyNotFoundException

com.bea.p13n.entitlements.common.PolicyExistsException

com.bea.p13n.entitlements.common.PolicyCreateException

com.bea.p13n.entitlements.common.PolicyException