com.ibm.itim.apps.identity
Class RoleManager
java.lang.Object
|
+--com.ibm.itim.apps.identity.RoleManager
- public class RoleManager
- extends java.lang.Object
Provides aggregate role management capabilities. These capabilities include
the creation of roles and validation of (dynamic) roles.
- See Also:
RoleMO
Constructor Summary |
RoleManager(PlatformContext platform,
javax.security.auth.Subject subject)
Constructs the manager with a platform context and a subject. |
Method Summary |
Request |
createRole(OrganizationalContainerMO container,
Role subject,
java.util.Date scheduledTime)
Creates a role in the provisioning platform with the specified
attributes within the given container. |
java.util.Collection |
getRoles(OrganizationalContainerMO container,
java.lang.String name)
Returns the role(s) with the the name within the given parent
container. |
java.util.Collection |
getRoles(OrganizationalContainerMO parent,
java.lang.String attributeName,
java.lang.Object attributeValue)
Returns the role(s) matching the given attribute within the given
parent container. |
void |
getRoles(OrganizationalContainerMO parent,
java.lang.String attributeName,
java.lang.Object attributeValue,
SearchResultsMO results)
Returns the role(s) matching the given attribute within the given
container. |
Methods inherited from class java.lang.Object |
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
RoleManager
public RoleManager(PlatformContext platform,
javax.security.auth.Subject subject)
- Constructs the manager with a platform context and a subject.
- Parameters:
platform
- PlatformContext holding platform connection information.subject
- Subject representing the authenticated caller.
createRole
public Request createRole(OrganizationalContainerMO container,
Role subject,
java.util.Date scheduledTime)
throws java.rmi.RemoteException,
AuthorizationException,
SchemaViolationException,
ApplicationException
- Creates a role in the provisioning platform with the specified
attributes within the given container.
- Parameters:
container
- OrganizationalContainerMO within which the the
role will be placed.subject
- Role value object defining the attributes the role will
have.scheduledTime
- Date holding the time the operation is to be
executed. Only applicable to dynamic role.- Returns:
- Request object representing the operation's status. NULL when it's an
organizational role creation.
- Throws:
java.rmi.RemoteException
- Thrown if unable to communicate with platform.AuthorizationException
- Thrown if client is unauthorized to
create the role in the given
container.SchemaViolationException
- Thrown if any of the attributes
in the value object are violate the
managed object's schema. This
may be caused by an invalid attribute
or if a required attribute is missing
entirely.ApplicationException
- Thrown if unable to submit the request.
This may possibly be caused by
the container being removed by another
client previous to this call.
getRoles
public java.util.Collection getRoles(OrganizationalContainerMO container,
java.lang.String name)
throws java.rmi.RemoteException,
ApplicationException
- Returns the role(s) with the the name within the given parent
container. Note, if the client is unauthorized to view (search) a
role that matches this criteria, it will be filtered out of the return
list and no AuthorizationException will be thrown.
- Parameters:
parent
- OrganizationalContainerMO representing the parent container
to scope the search. In a single-tenant deployment, null
can be specified to indicate the entire tree should be
searched. In a multi-tenant deployment, an
OrganizationalContainerMO object must be provided that
represents the root of the tenant.name
- Name of the role(s) to return.- Returns:
- Collection of RoleMO's representing the matching roles.
- Throws:
java.rmi.RemoteException
- Thrown if unable to communicate with platform.ApplicationException
- Thrown if unable to obtain the
roles. This may possibly
be caused by the container being removed
by another client previous to this call.
getRoles
public java.util.Collection getRoles(OrganizationalContainerMO parent,
java.lang.String attributeName,
java.lang.Object attributeValue)
throws java.rmi.RemoteException,
ApplicationException
- Returns the role(s) matching the given attribute within the given
parent container. Note, if the client is unauthorized to view (search)
a role that matches this criteria, it will be filtered out of the
return list and no AuthorizationException will be thrown.
- Parameters:
parent
- OrganizationalContainerMO representing the parent container
to scope the search. In a single-tenant deployment, null
can be specified to indicate the entire tree should be
searched. In a multi-tenant deployment, an
OrganizationalContainerMO object must be provided that
represents the root of the tenant.attributeName
- Name of attribute to match with.attributeValue
- Value of the attribute to match with. A * can be
used as the first and/or last character of a
String value if a "contains" expression is wished.- Returns:
- Collection of RoleMO's representing the matching role(s).
- Throws:
java.rmi.RemoteException
- Thrown if unable to communicate with platform.ApplicationException
- Thrown if unable to obtain the
role. This may possibly
be caused by the parent container being
removed by another client previous to
this call.
getRoles
public void getRoles(OrganizationalContainerMO parent,
java.lang.String attributeName,
java.lang.Object attributeValue,
SearchResultsMO results)
throws java.rmi.RemoteException,
ApplicationException
- Returns the role(s) matching the given attribute within the given
container. Note, if the client is unauthorized to view (search) a role
that matches this criteria, it will be filtered out of the return list
and no AuthorizationException will be thrown.
- Parameters:
parent
- OrganizationalContainerMO representing the parent container
to scope the search. In a single-tenant deployment, null
can be specified to indicate the entire tree should be
searched. In a multi-tenant deployment, an
OrganizationalContainerMO object must be provided that
represents the root of the tenant.attributeName
- Name of attribute to match with.attributeValue
- Value of the attribute to match with. A * can be
used as the first and/or last character of a
String value if a "contains" expression is wished.results
- SearchResultsMO to hold the results of the search. The
objet will be filled with Role value objects that
match the given criteria. Note, if the SearchResultsMO
object was constructed using a different user context,
that context will be changed to match the context of this
object.- Throws:
java.rmi.RemoteException
- Thrown if unable to communicate with platform.ApplicationException
- Thrown if unable to obtain the
roles. This may possibly
be caused by the parent container being
removed by another client previous to
this call.