Package oracle.tip.pc.services.identity

Interface BPMAuthorizationService

All Superinterfaces:
Service
All Known Subinterfaces:
BPMIdentityService
public interface BPMAuthorizationService extends Service
BPMAuthorizationService defines BPEL Process Manager Authorization Service An instance can be obtained from the ServiceFactory. For example: BPMAuthenticationService service = ServiceFactory.getAuthorizationServiceInstance(); BPMAuthenticationService service = ServiceFactory.getAuthorizationServiceInstance("myRealm"); This method will fetch the service instance as configured in the identity service configuration.

  • Method Details

    • getUserAttribute

      Attribute getUserAttribute(String userName, String attrName) throws BPMIdentityException, BPMIdentityNotFoundException
      Gets BPMUser's attribute value given the attribute name
      Parameters:
      userName - The name of the user.
      attrName - The name of the attribute.
      Returns:
      A Attribute</> instance.
      Throws:
      BPMIdentityNotFoundException - If the user is not found.
      BPMIdentityException - If an exception condition occurs.

    • getGroupAttribute

      Attribute getGroupAttribute(String groupName, String attrName) throws BPMIdentityException, BPMIdentityNotFoundException
      Gets BPMGroup's attribute value given the attribute name
      Parameters:
      groupName - The name of the group.
      attrName - The name of the attribute.
      Returns:
      A Attribute</> instance.
      Throws:
      BPMIdentityNotFoundException - If the group is not found.
      BPMIdentityException - If an exception condition occurs.

    • lookupUser

      BPMUser lookupUser(String userName) throws BPMIdentityException, BPMIdentityNotFoundException
      Looks up BPMUser by name in the system.
      Parameters:
      userName - The name of the user.
      Returns:
      A BPMUser</> instance.
      Throws:
      BPMIdentityNotFoundException - If the user is not found.
      BPMIdentityException - If an exception condition occurs.

    • searchUsers

      List searchUsers(String attrName, String attrValue) throws BPMIdentityException, BPMUnsupportedAttributeException
      Searches BPMUser objects by an attribute's name-value pair
      Parameters:
      attrName - The attribute name to be used in the search.
      attrValue - The attribute value to be used in the search.
      Returns:
      A List of BPMUser objects
      Throws:
      BPMUnsupportedAttributeException - If the attribute is not supported by the implementation of BPMUser.
      BPMIdentityException - If an exception condition occurs.

    • searchUsers

      List searchUsers(SearchFilter searchFilter) throws BPMIdentityException, BPMUnsupportedAttributeException
      Searches users by the criteria defined in the search filter
      Parameters:
      searchFilter - An instance of the SearchFilter
      Returns:
      List of BPMUser objects
      Throws:
      BPMUnsupportedAttributeException - If the attribute is not supported by the implementation of BPMUser.
      BPMIdentityException - If an exception condition occurs.

    • getLocaleSpecificUserNames

      List<String> getLocaleSpecificUserNames(List<String> userNames, Locale locale) throws BPMIdentityException, BPMIdentityNotFoundException
      gets locale specific userNames
      Parameters:
      List - of userNames
      Locale -
      Returns:
      List of locale specific Names for the users For each entry in the input list (userNames) the corresponding localeName is returned in the same position in the ouput list
      Throws:
      BPMIdentityNotFoundException - If the user is not found.
      BPMIdentityException - If an exception condition occurs.

    • getLocalizedUserNames

      Map<String,Map<Locale,String>> getLocalizedUserNames(List<String> usersNames, List<Locale> locales) throws BPMIdentityException
      Gets map of localized user's display name for given local list
      Parameters:
      usersNames - List of userNames
      locales - List of Locale
      Returns:
      Map of user's display name for given local list
      Throws:
      BPMIdentityException

    • getLocaleSpecificGroupNames

      List<String> getLocaleSpecificGroupNames(List<String> groupNames, Locale locale) throws BPMIdentityException, BPMIdentityNotFoundException
      gets locale specific groupNames
      Parameters:
      List - of groupNames
      Locale -
      Returns:
      List of locale specific Names for the groups For each entry in the input list (groupNames) the corresponding localeName is returned in the same position in the ouput list
      Throws:
      BPMIdentityNotFoundException - If the group is not found.
      BPMIdentityException - If an exception condition occurs.

    • getLocalizedGroupNames

      Map<String,Map<Locale,String>> getLocalizedGroupNames(List<String> groupsNames, List<Locale> locales) throws BPMIdentityException
      Gets map of localized user's display name for given local list
      Parameters:
      groupsNames - List of userNames
      locales - List of Locale
      Returns:
      Map of user's display name for given local list
      Throws:
      BPMIdentityException

    • lookupRole

      BPMRole lookupRole(String groupName) throws BPMIdentityException, BPMIdentityNotFoundException
      Deprecated.
      since release 11. Use lookupGroup(String) instead. To lookup BPMAppRole use #lookupAppRole(String)
      Looks up BPMRole by role name
      Parameters:
      groupName - The name of the role.
      Throws:
      BPMIdentityNotFoundException - If the role is not found.
      BPMIdentityException - If an exception condition occurs.

    • lookupAppRole

      BPMAppRole lookupAppRole(String appRoleName, String appID) throws BPMIdentityException, BPMIdentityNotFoundException
      Looks up BPMAppRole by name
      Parameters:
      appRoleName - The name of the ApplicationRole
      Throws:
      BPMIdentityNotFoundException - If the application role is not found
      BPMIdentityException - If an exception condition occurs.

    • lookupGroup

      BPMGroup lookupGroup(String groupName) throws BPMIdentityException, BPMIdentityNotFoundException
      Looks up BPMGroup by group name
      Parameters:
      groupName - The name of the group.
      Throws:
      BPMIdentityNotFoundException - If the group is not found.
      BPMIdentityException - If an exception condition occurs.

    • searchGroups

      List searchGroups(String attrName, String attrValue) throws BPMIdentityException, BPMUnsupportedAttributeException
      Searches BPMGroup objects by an attribute's name-value pair
      Parameters:
      attrName - The attribute name to be used in the search.
      attrValue - The attribute value to be used in the search.
      Returns:
      List of BPMGroup objects
      Throws:
      BPMUnsupportedAttributeException - If the attribute is not supported by the implementation of BPMGroup.
      BPMIdentityException - If an exception condition occurs

    • searchGroups

      List searchGroups(SearchFilter searchFilter) throws BPMIdentityException, BPMUnsupportedAttributeException
      Searches groups by criterias defined in searchFilter
      Parameters:
      searchFilter - a search filter object
      Returns:
      List of BPMGroup objects
      Throws:
      BPMUnsupportedAttributeException - if attribute is unsupported
      BPMIdentityException - If exception condition occurs

    • searchAppRoles

      List<BPMAppRole> searchAppRoles(String namePattern, String appName) throws BPMIdentityException
      Searches Application roles for the given app id and namePattern
      Parameters:
      namePattern - A regular expression which can contain wildcard ('*')
      appName - an application name
      Returns:
      List of BPMAppRole
      Throws:
      BPMIdentityException - If an exception condition occurs

    • getUsers

      List getUsers() throws BPMIdentityException
      Deprecated.
      since release 11. Use searchUsers(String, String) instead
      Gets all users name in realm
      Returns:
      List of user names in realm
      Throws:
      BPMIdentityException - If exception condition occurs

    • getGroups

      List getGroups() throws BPMIdentityException
      Deprecated.
      since release 11. Use searchGroups(String, String) instead
      Gets all group name in realm
      Returns:
      List of groupname in realm
      Throws:
      BPMIdentityException - If exception condition occurs

    • getRoles

      List getRoles(RoleClassifier classifier) throws BPMIdentityException
      Deprecated.
      since release 11. Use // TODO (String, String) or #searchAppRole(String, String) instead
      Gets all roles in realm
      Parameters:
      classifier - a role classifier
      Throws:
      BPMIdentityException - If exception condition occurs

    • getAppRoles

      List getAppRoles() throws BPMIdentityException
      Gets all application roles for all application
      Returns:
      List of BPMAppRole objects
      Throws:
      BPMIdentityException - If exception condition occurs deprecated since release 11. Use instead

    • getAppRoles

      List<BPMAppRole> getAppRoles(String appName) throws BPMIdentityException
      Gets all application roles for given application ID.
      Parameters:
      appName - is an application name
      Returns:
      List of BPMAppRole objects
      Throws:
      BPMIdentityException - If an exception condition occurs
      Since:
      11

    • getGrantedRolesToUser

      Set getGrantedRolesToUser(String userName, boolean direct) throws BPMIdentityException
      Gets a set of all granted roles for the given user
      Parameters:
      userName - The user name
      direct - a boolean flag. If it is true method returns only direct granted roles, else all roles are returned.
      Returns:
      List of granted BPMRoles objects
      Throws:
      BPMIdentityException
      Since:
      10.1.3

    • getGrantedRolesToUser

      Set getGrantedRolesToUser(String userName, String appName, boolean direct) throws BPMIdentityException
      Gets a set of all granted roles for the given user for a given application
      Parameters:
      userName - The user name
      direct - a boolean flag. If it is true method returns only direct granted roles, else all roles are returned.
      appName - is an application name
      Returns:
      List of granted BPMRoles objects
      Throws:
      BPMIdentityException
      Since:
      10.1.3

    • getGrantedRolesToAppRole

      Set<BPMRole> getGrantedRolesToAppRole(String roleName, String appName, boolean direct) throws BPMIdentityException
      Gets granted roles for the given application role
      Parameters:
      roleName - The name of application role
      appName - an application name
      direct - a boolean flag. Method returns direct grantees if direct flag is true, else all roles are returned.
      Returns:
      Set of BPMRole objects
      Throws:
      BPMIdentityException - If exception condition occurs
      Since:
      11

    • getGrantedRolesToGroup

      Set<BPMRole> getGrantedRolesToGroup(String groupName, boolean direct) throws BPMIdentityException
      Gets granted roles for the given group.
      Parameters:
      groupName - The group name
      direct - a boolean flag. Method returns direct granted roles if direct flag is true, else all
      Returns:
      Set of BPMRole objects
      Throws:
      BPMIdentityException - If exception condition occurs
      Since:
      11

    • getGranteesToAppRole

      Set<BPMIdentity> getGranteesToAppRole(String roleName, String appName, boolean direct) throws BPMIdentityException
      Gets all grantees for given application role
      Parameters:
      appRole - The name of application role
      appName - an application name
      direct - a boolean flag. The method returns direct grantees if direct flag is true, else all
      Returns:
      Set of BPMIdentity objects
      Throws:
      BPMIdentityException - If exception condition occurs
      Since:
      11

    • getGranteesToGroup

      Set<BPMIdentity> getGranteesToGroup(String roleName, boolean direct) throws BPMIdentityException
      Gets all grantees for given group
      Parameters:
      roleName - The application role name
      direct - a boolean flag. The method returns direct grantees if it's true, else all grantees
      Returns:
      Set of BPMIdentity objects
      Throws:
      BPMIdentityException - If exception condition occurs
      Since:
      11

    • getGrantedRolesToRole

      Set getGrantedRolesToRole(String roleName, boolean direct) throws BPMIdentityException
      Deprecated.
      since release 11. Use getGrantedRolesToGroup(String, boolean) instead
      Gets granted roles for the given role
      Parameters:
      groupName - The role name
      direct - a boolean flag. If it is true method returns only direct granted roles, else all roles
      Returns:
      List of granted BPMRoles objects
      Throws:
      BPMIdentityException
      Since:
      10.1.3

    • getParticipantsToGroup

      List<BPMUser> getParticipantsToGroup(String groupName, boolean direct) throws BPMIdentityException
      Gets participants (Users), grantees to group
      Parameters:
      groupName - The group name
      direct - a boolean flag. If it is true method returns only direct granted roles, else all roles
      Returns:
      List of BPMUser objects
      Throws:
      BPMIdentityException

    • getParticipantsToAppRole

      List<BPMUser> getParticipantsToAppRole(String roleName, String appName, boolean direct) throws BPMIdentityException
      Gets participants(Users), grantees to application role
      Parameters:
      roleName - an application role name
      appName - an name
      direct - a boolean flag. The method returns direct user grantees if it's true, else all user grantees
      Returns:
      List of BPMUser objects
      Throws:
      BPMIdentityException
      Since:
      11

    • getParticipants

      List getParticipants(String groupName, boolean direct) throws BPMIdentityException
      Deprecated.
      since release 11. Use getParticipantsToGroup(String, boolean) for group participants and #getParticipantsToAppRole(String, boolean) for application role participants
      Gets user participants, the grantee for given group name
      Parameters:
      groupName - a group name
      direct - a boolean flag. If true method return direct participants, else all.
      Returns:
      List of BPMUser objects, the grantees for given group name
      Throws:
      BPMIdentityNotFoundException - if group is not found
      BPMIdentityException - If exception condition occurs

    • getGrantees

      Set getGrantees(String name, boolean direct) throws BPMIdentityException
      Deprecated.
      since release 11. Use getGranteesToGroup(String, boolean) instead
      Gets all grantees for given group/role name
      Parameters:
      groupName - a group name
      direct - a boolean flag. If true method return direct participans, elase all.
      Returns:
      List of all BPMPrincipal objects, the grantees for given group/role name
      Throws:
      BPMIdentityNotFoundException - if group/role is not found
      BPMIdentityException - If exception condition occurs

    • getReportees

      List getReportees(String managerName, int maxReporteeLevel) throws BPMIdentityException
      Gets reportees for the user up to given level in the hierarchical structure
      Parameters:
      managerName - a manager name
      maxReporteeLevel - - reportees included into result up to maxReporteeLevel from the manager in hierarchical structure are included into result If level equals 1, method returns only one level of reportees, direct reportees, for the user, ; if level equals 2, method return only two levels of reportees for the user; if level equals 3, method returns only treee levels reportees for the user; etc; if 0 or any negative value is specified , it assumes all reportees for given user.
      Returns:
      List of reportees, BPMUser.
      Throws:
      BPMIdentityException - If exception condition occurs

    • getManager

      BPMUser getManager(String userName) throws BPMIdentityException
      Gets manager name for given user name
      Parameters:
      userName - The user name whose manager is requried.
      Returns:
      manager, BPMUser object
      Throws:
      BPMIdentityException - If exception condition occurs

    • getManagementChain

      List getManagementChain(String userName, String upToUser, String upToTitle, int level) throws BPMIdentityException
      Gets Management Chain for given user in realm.
      Parameters:
      userName - a user name. The user for whom the Management chain has requested.
      upToUser - a user name which limits chain result. If this name is the same as that of the current user, then an empty list is returned. Otherwise the list till this particular user is returned.
      upToTitle - a title which limits chain result If this title is the same as that of the current user, then an empty list is returned. Otherwise the list till this particular title is returned.
      level - a level, limits size of chain result This sets a limit on the number of entries in the list. If 0, then an empty list is returned. If negative, then the complete hierarchy is returned.
      Returns:
      List of Users who are in management chain for given user
      Throws:
      BPMIdentityException - If exception condition occurs

    • getOwnedRolesByUser

      Set getOwnedRolesByUser(String userName, boolean direct) throws BPMIdentityException
      Gets set of roles owned by given user
      Parameters:
      userName - The name of user
      direct - a boolean flag. If it true, the method returns direct owned roles, else all
      Returns:
      Set of BPMRole objects
      Throws:
      BPMIdentityException - If exception condition occurs
      Since:
      10.1.3

    • getOwnedRolesByRole

      Set getOwnedRolesByRole(String roleName, boolean direct) throws BPMIdentityException
      Gets set of roles owned by given group. Since 11.1.1 role ownership is supported only for group.
      Parameters:
      groupName - The group name. Since 11.1.1 the method assumes that only group names are passed.
      direct - a boolean flag. If it true, the method returns direct owned roles, else all
      Returns:
      Set of BPMRole objects. Since 11.1.1 result is a set of BPMGroup objects
      Throws:
      BPMIdentityException - If exception condition occurs
      Since:
      10.1.3

    • getRoleOwners

      Set getRoleOwners(String roleName, boolean direct) throws BPMIdentityException
      Gets owners of the given role
      Parameters:
      roleName - The role name
      direct - a boolean flag. If it true, the method returns direct owned roles, else all
      Returns:
      Set of BPMUser objects
      Throws:
      BPMIdentityException - If exception condition occurs

    • getRoleManagers

      List getRoleManagers(String roleName, boolean direct) throws BPMIdentityException
      Gets managers of the given role
      Parameters:
      roleName - The role name
      direct - a boolean flag. If it true, the method returns direct managers, else all
      Returns:
      Set of BPMIdentity objects
      Throws:
      BPMIdentityException - If exception condition occurs

    • getManagedRolesByUser

      List getManagedRolesByUser(String userName, boolean direct) throws BPMIdentityException
      Gets managed roles by the given user
      Parameters:
      userName - The user name
      direct - a boolean flag. If it true, the method returns direct managed roles, else all
      Returns:
      Set of BPMRole objects
      Throws:
      BPMIdentityException - If exception condition occurs

    • getManagedRolesByRole

      List getManagedRolesByRole(String roleName, boolean direct) throws BPMIdentityException
      Gets managed roles by the given role
      Parameters:
      roleName - The role name
      direct - a boolean flag. If it true, the method returns direct managed roles, else all
      Returns:
      Set of BPMRole objects
      Throws:
      BPMIdentityException - If exception condition occurs

    • getConfiguration

      Configuration getConfiguration() throws BPMIdentityException
      Gets Configuration object associated with this service.
      Throws:
      BPMIdentityException
      Since:
      10.1.3

    • getRealmName

      String getRealmName() throws BPMIdentityException
      Gets realm name assocaited with this service.
      Returns:
      realm name
      Throws:
      BPMIdentityException

    • whoAmI

      BPMUser whoAmI(javax.servlet.http.HttpServletRequest request) throws BPMIdentityException, BPMIdentityNotFoundException
      Who am I
      Parameters:
      request - a HttpServletRequest object
      Returns:
      BPMUser object
      Throws:
      BPMIdentityNotFoundException - if object is not found
      BPMIdentityException - If exception condition occurs

    • hasPermission

      boolean hasPermission(String userName, Permission perm, String appName) throws BPMIdentityException
      Checks whether the user has a specified permission
      Parameters:
      userName - The name of the user for whom the permission is to be checked.
      perm - a Permission object
      appName - an application name
      Returns:
      true if user has specified permission, else false
      Throws:
      BPMIdentityException - If exception condition occurs
      Since:
      11

    • getPermissions

      PermissionCollection getPermissions(String userName) throws BPMIdentityException
      Gets Permissions associated with the user
      Parameters:
      userName - The name of the user for whom the permissions are to be fetched
      Returns:
      PermissionCollection
      Throws:
      BPMIdentityException - If exception condition occurs

    • getPermissions

      PermissionCollection getPermissions(String userName, String appName) throws BPMIdentityException
      Gets Permissions associated with the user for a given application
      Parameters:
      userName - The name of the user for whom the permissions are to be fetched
      appName - an application name
      Returns:
      PermissionCollection
      Throws:
      BPMIdentityException - If exception condition occurs

    • hasPermissionForAppRole

      boolean hasPermissionForAppRole(String appRole, Permission perm, String appName) throws BPMIdentityException
      Checks whether the appRole has a specified permission
      Parameters:
      userName - The name of the appRole for which the permission is to be checked.
      perm - a Permission object
      appName - an application name
      Returns:
      true if appRole has specified permission, else false
      Throws:
      BPMIdentityException - If exception condition occurs
      Since:
      11

    • getPermissionsForAppRole

      PermissionCollection getPermissionsForAppRole(String appRole, String appName) throws BPMIdentityException
      Gets Permissions associated with the appRole for a given application
      Parameters:
      userName - The name of the appRole for which the permissions are to be fetched
      appName - an application name
      Returns:
      PermissionCollection
      Throws:
      BPMIdentityException - If exception condition occurs

    • getAllPermissions

      PermissionCollection getAllPermissions() throws BPMIdentityException
      Gets all Permissions associated with all the applications
      Returns:
      PermissionCollection
      Throws:
      BPMIdentityException - If exception condition occurs

    • getAllPermissions

      PermissionCollection getAllPermissions(String appName) throws BPMIdentityException
      Gets all the Permissions associated with the given application
      Parameters:
      appName - an application name
      Returns:
      PermissionCollection
      Throws:
      BPMIdentityException - If exception condition occurs

    • getProvider

      BPMProvider getProvider()
      Gets provider assocaited with this service instance
      Returns:
      BPMProvider instance

    • getSearchFilterInstance

      ComplexSearchFilter getSearchFilterInstance(Class classifier, Element filterElement) throws BPMIdentityException
      Factory method for Search Filter
      Parameters:
      classifier - an interface. It can be BPMUser, BPMGroup or BPMAppRole interfaces
      filterElement - an XML element describing the filter. It must conform to the Identity Serivce schema.
      Returns:
      SearchFilter - a search filter instance
      Throws:
      Exception - If exception condition occurs
      BPMIdentityException
      Since:
      10.1.3

    • getSearchFilterInstance

      ComplexSearchFilter getSearchFilterInstance(Class classifier, String attrName, String operator, String attrPattrnValue) throws BPMIdentityException
      Factory method for Search Filter
      Parameters:
      classifier -
      attrName -
      operator -
      attrPattrnValue -
      Returns:
      SearchFilter - a search filter instance
      Throws:
      BPMIdentityException
      Since:
      10.1.3

    • getGranteesToPosition

      Set<BPMUser> getGranteesToPosition(String positionId) throws BPMIdentityException
      Gets users that are granted a given position in the system.
      Parameters:
      positionId -
      Returns:
      set of BPMUsers that are granted the position.
      Throws:
      BPMIdentityException

    • getGrantedPositionsToUser

      Set<BPMPosition> getGrantedPositionsToUser(String user) throws BPMIdentityException
      Gets all the position the given user is granted in the system. A valid BPMUser object with userid and guid is required as input parameter.
      Parameters:
      user -
      Returns:
      Set of positions granted to a given user.
      Throws:
      BPMIdentityException

    • getPositionDisplayNames

      Map<String,String> getPositionDisplayNames(List<String> positions, String language, String country) throws BPMIdentityException
      Gets the display name of the positions based on country and language. If country and language is not specified default locale of the JVM is used. If the language is not specified country code is used to build the locale.
      Parameters:
      positions -
      language -
      country -
      Returns:
      map of position id and position display name specific to the input language and country.
      Throws:
      BPMIdentityException

    • getSearchableUserAttributes

      List<String> getSearchableUserAttributes() throws BPMIdentityException
      Gets list of all the searchable BPMUser attributes
      Returns:
      A list of Attribute names. The list of attribute names returned includes name,displayName,description,firstName,middleName,lastName,workNumber,homePhone,mobile,pager,fax,email,and title.
      Throws:
      BPMIdentityException - If an exception condition occurs.