RolePolicyManager Class
- public class RolePolicyManager
extends Object
Provides access to methods for performing role policy management
including create, read, modify, and delete actions. Adds
methods for managing custom predicate extensions of the
entitlements engine. Eases the management of scoped role policies
for application controlled scope.
-
Hierarchy
-
Object
RolePolicyManager
Methods from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
RolePolicyManager
public RolePolicyManager()
createRolePolicy(RolePolicyItem) Method
public static void createRolePolicy(RolePolicyItem
aRolePolicyItem)
Creates a new role policy. A role policy may
be predicated on one or more user ids, user group names,
and/or a custom predicate. Prior to trying to persist
a new role policy, this method will check the RolePolicyItem
to insure all mandatory fields have been initialized.
Mandatory fields are: 1) aResourceScope, 2) (depending on the value
of aResourceScope) anEntAppName, aWebAppName, aResourceId, 3)
(at least one of) aUserList, aGroupList, aRoleSegmentName, 4) aRoleName.
Parameters
-
aRolePolicyItem
- The object containing the required and optional
role policy attributes
getRolePolicy(RolePolicyItem) Method
public static RolePolicyItem
getRolePolicy(RolePolicyItem
aRolePolicyItem)
Retrieves an existing role policy. Prior to trying to retrieve
the role policy, this method will check the RolePolicyItem
to insure all mandatory fields have been initialized.
Mandatory fields are: 1) aResourceScope, 2) (depending on the value
of aResourceScope) anEntAppName, aWebAppName, aResourceId, 3) aRoleName.
The returned RolePolicyItem may be used to hold local updates to
user lists, group lists, and role segment name changes prior to
persisting changes using the setRolePolicy() method.
Parameters
-
aRolePolicyItem
- The object containing the required and optional
role policy attributes
Returns
- RolePolicyItem or null if none found
listRolesForResource(int, String, String, String) Method
public static Object
[][] listRolesForResource(int aResourceScope,
String
anEntAppName,
String
aWebAppName,
String
aResourceId)
Finds all available role policies
given a resourceId and a scope. Instead of just
returning role policies associated at the resource Id
(leaf) node, this method may be used to get a full list of role
policy names associated with the resource taxonomy given
as an input scope.
Parameters
-
aResourceScope
- A global, enterprise, webapp,
or application scope defined by the EntitlementConstants class.
-
anEntAppName
- Enterprise Application name
-
aWebAppName
- Webapp name. Unused for Global role inheritance
-
aResourceId
- Application defined resource ID
Returns
- An 2D array of all the role policy names that have
been persisted against the given resource id and those
also inherited by the resource given its taxonomy. The zero'th
element [i][0] contains the P13nResource where the String role name
(elements [i][1..n]) were found.
listRolesForResource(String, String, String) Method
public static String
[] listRolesForResource(String
anEntAppName,
String
aWebAppName,
String
aResourceId)
Finds all available role policies
given a resourceId. Returns role policies associated
at the resource Id node, only (i.e. the leaf role scope).
Parameters
-
anEntAppName
- Enterprise Application name
-
aWebAppName
- Application defined resource ID
-
aResourceId
- Webapp name. Unused for Global role inheritance
Returns
- An 2D array of all the role policy names that have
been persisted against the given resource id and those
also inherited by the resource given its taxonomy. The zero'th
element [i][0] contains the P13nResource where the String role name
(elements [i][1..n]) were found.
removeRolePolicy(RolePolicyItem) Method
public static void removeRolePolicy(RolePolicyItem
aRolePolicyItem)
Removes an existing role policy. Prior to trying to remove
the role policy, this method will check the RolePolicyItem
to insure all mandatory fields have been initialized.
Mandatory fields are: 1) aResourceScope, 2) (depending on the value
of aResourceScope) anEntAppName, aWebAppName, aResourceId, 3) aRoleName.
This method should not be called if there are security policies
in existence that refer to the role to be deleted. Check for
policy references first using rolePolicyHasRefs()
.
Parameters
-
aRolePolicyItem
- The object containing the required
role policy attributes
rolePolicyExists(RolePolicyItem) Method
public static boolean rolePolicyExists(RolePolicyItem
aRolePolicyItem)
Tests for an existing role policy. This method will check the RolePolicyItem
to insure all mandatory fields have been initialized.
Mandatory fields are: 1) aResourceScope, 2) (depending on the value
of aResourceScope) anEntAppName, aWebAppName, aResourceId, 3) aRoleName.
Parameters
-
aRolePolicyItem
- The object containing the required
role policy attributes
Returns
- True if policy exists, otherwise false
rolePolicyHasRefs(RolePolicyItem) Method
public static boolean rolePolicyHasRefs(RolePolicyItem
aRolePolicyItem)
Checks whether a given Role Policy is currently referenced
(i.e. being used by) any Security Policies.
Parameters
-
aRolePolicyItem
- The object containing the required and optional
role policy attributes
Returns
- boolean True if any Security Policies reference the Role Policy
setRolePolicy(RolePolicyItem) Method
public static void setRolePolicy(RolePolicyItem
aRolePolicyItem)
Updates an existing role policy. Prior to trying to update
the role policy, this method will check the RolePolicyItem
to insure all mandatory fields have been initialized.
Mandatory fields are: 1) aResourceScope, 2) (depending on the value
of aResourceScope) anEntAppName, aWebAppName, aResourceId, 3)
(at least one of) aUserList, aGroupList, aRoleSegmentName, 4) aRoleName.
Note that if the aRolePolicyItem instance was retrieved using
getRolePolicy(), all mandatory fields will already be initialized.
The only fields that are updateable in the persisted role policy
are the aUserList, aGroupList, and aRoleSegmentName.
Parameters
-
aRolePolicyItem
- The object containing the required and optional
role policy attributes