com.ibm.sec.authz.jaccplus.config
Interface RoleMappingConfiguration

All Known Implementing Classes:
RoleMappingImpl

public interface RoleMappingConfiguration

Interface for adding user / group to role mappings to policy.

Usage examples for manipulating users / groups to role mappings:

   rc.addUsersToRole( "role-1", userList );
   rc.addGroupsToRole( "role-2", groupList );
   rc.addRoleToRole( "role-2", "role-3" );
   rc.setAuthenticatedUsersToRole( "role-4" );
   rc.setEveryoneToRole( "role-5" );
 

See Also:
RoleMappingConfigurationFactory

Method Summary
 void addGroupsToRole(java.lang.String role, java.util.List<java.lang.String> groups)
          This method is used to add one or more groups to a given role.
 void addRoleToRole(java.lang.String role, java.lang.String mappedRole)
          This method is used to map a role to a specified role.
 void addUsersToRole(java.lang.String role, java.util.List<java.lang.String> users)
          This method is used to add one or more users to a given role.
 void commit()
          This method is used to commit all changes to the underlying policy.
 void delete()
          This method is used to delete the currently configured user/group to role mappings.
 java.lang.String getContextID()
          This method is used to get the context identifier that we are configuring policy for.
 java.util.List<java.lang.String> getGroupsInRole(java.lang.String role)
          This method is used to get a list of groups that are currently in the specified role.
 java.util.Set<java.lang.String> getRoles()
          This method is used to get a Set of all currently configured roles
 java.util.List<java.lang.String> getRolesInRole(java.lang.String role)
          This method is used to get a list of roles that are currently mapped to the specified role.
 java.util.List<java.lang.String> getUsersInRole(java.lang.String role)
          This method is used to get a list of users that are currently in the specified role.
 boolean isAuthenticatedUsersInRole(java.lang.String role)
          This method is used to check if all authenticated users have access to the specified role.
 boolean isEveryoneInRole(java.lang.String role)
          This method is used to check if all users have access to the specified role.
 boolean isRequiredRole(java.lang.String role)
          This method is used to determine if a given role is required by other modules (such as in a J2EE application) and therefore cannot be removed using the removeRole method.
 void removeAuthenticatedUsersFromRole(java.lang.String role)
          This method is used to remove the all authenticated meta-user from a given role.
 void removeEveryoneFromRole(java.lang.String role)
          This method is to remove the everyone meta-user from a given role.
 void removeGroupsFromRole(java.lang.String role, java.util.List<java.lang.String> groups)
          This method is used to remove one or more groups from a given role.
 boolean removeRole(java.lang.String role)
          This method is used to remove a role.
 void removeRoleFromRole(java.lang.String role, java.lang.String mappedRole)
          This method is used to remove a mapped role from the specified role.
 void removeUsersFromRole(java.lang.String role, java.util.List<java.lang.String> users)
          This method is used to remove one or more users from a given role.
 void setAuthenticatedUsersToRole(java.lang.String role)
          This method is used to add all users that have been authenticated to a given role.
 void setEveryoneToRole(java.lang.String role)
          This method is used to add all users, authenticated or not, to a given role.
 

Method Detail

getContextID

java.lang.String getContextID()
This method is used to get the context identifier that we are configuring policy for.

Returns:
context A string identifying a policy context.

setAuthenticatedUsersToRole

void setAuthenticatedUsersToRole(java.lang.String role)
                                 throws javax.security.jacc.PolicyContextException
This method is used to add all users that have been authenticated to a given role.

Parameters:
role - The role to add all authenticated users to.
Throws:
javax.security.jacc.PolicyContextException

setEveryoneToRole

void setEveryoneToRole(java.lang.String role)
                       throws javax.security.jacc.PolicyContextException
This method is used to add all users, authenticated or not, to a given role.

Parameters:
role - The role to add everyone to.
Throws:
javax.security.jacc.PolicyContextException

addGroupsToRole

void addGroupsToRole(java.lang.String role,
                     java.util.List<java.lang.String> groups)
                     throws javax.security.jacc.PolicyContextException
This method is used to add one or more groups to a given role.

Parameters:
role - The role to add groups to.
groups - A list containing the String names of groups to be added to the specified role.
Throws:
javax.security.jacc.PolicyContextException

addUsersToRole

void addUsersToRole(java.lang.String role,
                    java.util.List<java.lang.String> users)
                    throws javax.security.jacc.PolicyContextException
This method is used to add one or more users to a given role.

Parameters:
role - The role to add users to.
users - A list containing the String names of users to be added to the specified role.
Throws:
javax.security.jacc.PolicyContextException

addRoleToRole

void addRoleToRole(java.lang.String role,
                   java.lang.String mappedRole)
                   throws javax.security.jacc.PolicyContextException
This method is used to map a role to a specified role. Any users that are granted the mapped role will have all the permissions of the role it was mapped to.

For example, using two roles 'manager' and 'employee', calling addRoleToRole( 'employee', 'manager' ) will ensure that managers can do anything employees can do since they will have all the permissions associated with employees.

Parameters:
role - The role whose permissions we want to map to.
mappedRole - This is the role to be mapped to the specified role.
Throws:
javax.security.jacc.PolicyContextException

removeAuthenticatedUsersFromRole

void removeAuthenticatedUsersFromRole(java.lang.String role)
                                      throws javax.security.jacc.PolicyContextException
This method is used to remove the all authenticated meta-user from a given role.

Parameters:
role - The specified role from which to remove the all authenticated meta-user.
Throws:
javax.security.jacc.PolicyContextException

removeEveryoneFromRole

void removeEveryoneFromRole(java.lang.String role)
                            throws javax.security.jacc.PolicyContextException
This method is to remove the everyone meta-user from a given role.

Parameters:
role - The specified role from which to remove the everyone meta-user.
Throws:
javax.security.jacc.PolicyContextException

removeGroupsFromRole

void removeGroupsFromRole(java.lang.String role,
                          java.util.List<java.lang.String> groups)
                          throws javax.security.jacc.PolicyContextException
This method is used to remove one or more groups from a given role.

Parameters:
role - The role from which to remove groups from.
groups - A list containing the String names of groups to be removed from the specified role.
Throws:
javax.security.jacc.PolicyContextException

removeUsersFromRole

void removeUsersFromRole(java.lang.String role,
                         java.util.List<java.lang.String> users)
                         throws javax.security.jacc.PolicyContextException
This method is used to remove one or more users from a given role.

Parameters:
role - The role from which to remove users from.
users - A list containing the String names of users to be removed from the specified role.
Throws:
javax.security.jacc.PolicyContextException

removeRoleFromRole

void removeRoleFromRole(java.lang.String role,
                        java.lang.String mappedRole)
                        throws javax.security.jacc.PolicyContextException
This method is used to remove a mapped role from the specified role.

Parameters:
role - The role to remove a mapped role from.
mappedRole - The mapped role to remove from the specified role.
Throws:
javax.security.jacc.PolicyContextException

isAuthenticatedUsersInRole

boolean isAuthenticatedUsersInRole(java.lang.String role)
This method is used to check if all authenticated users have access to the specified role.

Parameters:
role - The role to check if all authenticated users have access to.
Returns:
true if all authenticated users have access to the specified role, false otherwise.

isEveryoneInRole

boolean isEveryoneInRole(java.lang.String role)
This method is used to check if all users have access to the specified role.

Parameters:
role - The role to check if everyone has access to.
Returns:
true if everyone has access to the specified role, false otherwise.

getUsersInRole

java.util.List<java.lang.String> getUsersInRole(java.lang.String role)
This method is used to get a list of users that are currently in the specified role.

Parameters:
role - The role to look up to return a list of users for.
Returns:
A List containing the String names of all users found in the specified role.

getGroupsInRole

java.util.List<java.lang.String> getGroupsInRole(java.lang.String role)
This method is used to get a list of groups that are currently in the specified role.

Parameters:
role - The role to return a list of groups for.
Returns:
A List containing the String names of all groups found in the specified role.

commit

void commit()
            throws javax.security.jacc.PolicyContextException
This method is used to commit all changes to the underlying policy.

Throws:
javax.security.jacc.PolicyContextException

delete

void delete()
            throws javax.security.jacc.PolicyContextException
This method is used to delete the currently configured user/group to role mappings.

Throws:
javax.security.jacc.PolicyContextException

getRoles

java.util.Set<java.lang.String> getRoles()
This method is used to get a Set of all currently configured roles

Returns:
A Set containing the String names of all configured roles.

getRolesInRole

java.util.List<java.lang.String> getRolesInRole(java.lang.String role)
This method is used to get a list of roles that are currently mapped to the specified role.

Parameters:
role - The role to look up to return a list of roles for.
Returns:
A List containing the String names of all roles found mapped to the specified role.

removeRole

boolean removeRole(java.lang.String role)
                   throws javax.security.jacc.PolicyContextException
This method is used to remove a role. It cannot be used to remove J2EE deployed roles. Use the method isRequiredRole to determine if a role can be removed.

Parameters:
role - The role to remove
Returns:
boolean true if the role existed and was removed or else false
Throws:
javax.security.jacc.PolicyContextException - If the role is a J2EE deployed and therefore required role

isRequiredRole

boolean isRequiredRole(java.lang.String role)
This method is used to determine if a given role is required by other modules (such as in a J2EE application) and therefore cannot be removed using the removeRole method.

Parameters:
role - The role to check
Returns:
boolean true if the role is a required role else false


Copyright © 2009 IBM Corp. All Rights Reserved.