com.adobe.idp.um.api
Interface AuthorizationManager

All Known Implementing Classes:
AuthorizationManagerServiceClient

public interface AuthorizationManager

This is the primary interface for authorization.


Method Summary
 java.util.Map areUsersInRole(java.lang.String roleId, java.util.List principalOid)
          Determines whether the specified principals have been assigned the given role.
 void assignPermToPrincipalForRes(java.lang.String principalOid, java.lang.String resourceId, java.util.List permissionOid)
          Assigns the specified permissions to the principal for the given resource instance.
 void assignPermToPrincipalsForRes(java.lang.String resourceId, java.util.Map principalPermissionMap)
          Assigns the specified permissions to the principals for the given resource instance.
 void assignRole(java.lang.String roleId, java.lang.String[] principalOids)
          Assigns the role to the specified principals.
 void assignRoles(java.lang.String[] roleId, java.lang.String[] principalOids)
          Assigns the specified roles to the given principals.
 java.lang.String createPermission(Permission perm)
          Creates a permission for a resource type.
 java.lang.String createReliantApplication(ReliantApplication relApp)
          Creates a reliant application.
 java.lang.String createResourceType(ResourceType resType)
          Creates a resource type.
 void createRole(Role role)
          Creates a role.
 void createRole(Role role, java.util.List addPermissionOids)
          Creates a role with specific permissions.
 void deletePermsForPrincipalForRes(java.lang.String principalOid, java.lang.String resourceId, java.util.List permList)
          Removes the specified permissions from the principal for the given resource instance.
 void deletePermsForPrincipalsForRes(java.util.List principalOid, java.lang.String resourceId, java.util.List permList)
          Removes the specified permissions from the List of principals for the given resource instance.
 void deleteRole(java.lang.String roleId)
          Deletes the role.
 java.util.Map findPriPermInfoForRes(java.lang.String resourceId)
          Retrieves a Map of permissions and principals for a given resource instance.
 Role findRole(java.lang.String roleId)
          Retrieves a role.
 java.util.List findRoleMembership(RoleMembershipSearchFilter rmb)
          Retrieves a List of roles based on specified membership search criteria.
 java.util.List findRoles(RoleSearchFilter rsf)
          Retrieves a List of roles based on specified search criteria.
 java.util.Set findRolesForPrincipal(java.lang.String principalOid)
          Finds the roles for a given principal.
 java.util.Map findRolesForPrincipals(java.util.List principalOid)
          Retrieves a Map containing sets of roles assigned to the specified principals.
 java.util.List getAllRolePermissions(java.lang.String roleId)
          Retrieves a List of permissions related to the specified role.
 java.util.List getPermissions(PermissionSearchFilter psf)
          Retrieves a List of permissions related to the specified search filter.
 java.util.List getPermissions(java.lang.String ResourceTypeOid)
          Retrieves a List of permissions related to the resource type.
 java.util.Set getPermsForPrincipalOverRes(java.lang.String principalOid, java.lang.String resourceId)
          Retrieves a Set of permissions for the specified principal and resource instance.
 java.util.Map getPermsForPrincipalsOverRes(java.util.List principalOidList, java.lang.String resourceId)
          Retrieves a Map of permissions for the List of specified principals and resource instance.
 ReliantApplication getReliantApplication(java.lang.String reliantApplicationName)
          Retrieves a reliant application.
 java.util.Set getResourcesForPrincipal(java.lang.String principalOid, java.lang.String permissionOid)
          Retrieves a Set of resource identifiers for which the principal has the specified permission.
 java.util.Map getResourcesForPrincipals(java.util.List principalOid, java.lang.String permissionOid)
          Retrieves a Map of resource identifiers for which the principals have the specified permission.
 java.util.List getResourceType(ResourceTypeSearchFilter rtsf)
          Searches for resource types.
 java.util.List getSystemPermissions(PermissionSearchFilter psf)
          Retrieves a List of all the permissions belonging to all the resource types in the system, according to the specified search filter.
 java.util.Map hasPermission(java.util.List principalOid, java.lang.String resourceId, Permission perm)
          Determines whether the List of principals have the specified permission for the given resource instance.
 java.util.Map hasPermission(java.util.List principalOid, java.lang.String resourceId, java.lang.String permissionOid)
          Determines whether the List of principals have the specified permission for the given resource instance.
 PermissionInfo hasPermission(java.lang.String principalOid, java.lang.String resourceId, Permission perm)
          Determines whether the principal has the permission assigned to it for the specified resource instance.
 PermissionInfo hasPermission(java.lang.String principalOid, java.lang.String resourceId, java.lang.String permissionOid)
          Determines whether the principal has the permission assigned to it for the specified resource instance.
 boolean isMutable(java.lang.String roleId)
          Determines whether the specified role is mutable.
 boolean isUserInRole(java.lang.String roleId)
          This determines whether the currently authenticated user is in the specified role.
 boolean isUserInRole(java.lang.String roleId, java.lang.String principalOid)
          This determines whether the principal has an assigned role.
 void modifyDefaultACL(ResourceTypeACL addRtDefACL, ResourceTypeACL delRtDefACL)
          Defines a set of default permissions to be assigned to a set of principals (cross product) over a resource, when a resource of given resource type is registered.
 void modifyPermsToPrincipalForRes(java.lang.String principalOid, java.lang.String resourceId, java.util.List desiredPerms)
          Assigns the specified permissions to the principal for the given resource instance.
 void modifyPermsToPrincipalForRes(java.lang.String principalOid, java.lang.String resourceId, java.util.List delPerm, java.util.List addPerm)
          Assigns and removes the specified permissions from the principal for the given resource instance.
 void modifyPermsToPrincipalsForRes(java.util.List principalOid, java.lang.String resourceId, java.util.List delPerm, java.util.List addPerm)
          Assigns and removes the specified permissions from the List of principals for the given resource instance.
 void modifyRole(java.lang.String roleName, java.util.List addPermissionOids, java.util.List removePermissionOids)
          Modifies the definition of a role by adding and removing a set of permissions from the definition of the role.
 void registerResInstance(java.lang.String resType, java.util.List resIdList)
          Assigns the default access control list (ACL) of the specified resource type to the given resource instances.
 void setDefaultACL(ResourceTypeACL rtDefACL)
          Specifies the default access control list (ACL) for the given resource type.
 void unassignRole(java.lang.String roleId, java.lang.String[] principalOids)
          Unassigns the role from the specified principals.
 void unassignRoles(java.lang.String[] roleId, java.lang.String[] principalOids)
          Removes the specified roles from the given principals.
 

Method Detail

isUserInRole

boolean isUserInRole(java.lang.String roleId,
                     java.lang.String principalOid)
                     throws UMException
This determines whether the principal has an assigned role.

Parameters:
roleId - The assigned role's identifier.
principalOid - The principal's identifier.
Returns:
true if the principal has the assigned role, false otherwise.
Throws:
UMException

isUserInRole

boolean isUserInRole(java.lang.String roleId)
                     throws UMException
This determines whether the currently authenticated user is in the specified role. It gathers the information from the context passed into this AuthorizationManger when it was instantiated. If you need to change roles, you must re-authenticate, create a new context, and instantiate a new AuthorizationManager object.

Parameters:
roleId - The role's identifier.
Returns:
true if the currently authenticated user has the specified role, false otherwise.
Throws:
UMException

createRole

void createRole(Role role)
                throws UMException
Creates a role. Use the factory object to create a role with a unique role identifier. It is recommended that you create a localized name string to be shown in the user interface. Pass that role into this method. This method creates an immutable role if role.setMutableStatus(true) is not specifically invoked by the caller.

Parameters:
role - The role to be created.
Throws:
UMException

createRole

void createRole(Role role,
                java.util.List addPermissionOids)
                throws UMException
Creates a role with specific permissions. Use the factory object to create a role with a unique role identifier. It is recommended that you create a localized name string to be shown in the user interface. Pass that role into this method. This method creates an immutable role if role.setMutableStatus(true) is not specifically invoked by the caller.

Parameters:
role - The role to be created.
addPermissionOids - A List of permissions the principal will have.
Throws:
UMException

deleteRole

void deleteRole(java.lang.String roleId)
                throws UMException
Deletes the role.

Parameters:
roleId - The role identifier.
Throws:
UMException - could be thrown, for example, in cases where an attempt to delete an immutable role has been made.

assignRole

void assignRole(java.lang.String roleId,
                java.lang.String[] principalOids)
                throws UMException
Assigns the role to the specified principals. No exception is raised if the same role is reassigned to a given principal. Either all or none of the principals will be assigned the role.

Parameters:
roleId - The role to be assigned.
principalOids - The principals to which the role is to be assigned.
Throws:
UMException

unassignRole

void unassignRole(java.lang.String roleId,
                  java.lang.String[] principalOids)
                  throws UMException
Unassigns the role from the specified principals. No exception is raised if the same role is unassigned from a given principal. Either all or none of the principals will be unassigned from the role.

Parameters:
roleId - The role to be assigned.
principalOids - The principals from which the role is to be unassigned.
Throws:
UMException

findRole

Role findRole(java.lang.String roleId)
              throws UMException
Retrieves a role.

Parameters:
roleId - The role to be retrieved.
Returns:
The role.
Throws:
UMException

findRoles

java.util.List findRoles(RoleSearchFilter rsf)
                         throws UMException
Retrieves a List of roles based on specified search criteria.

Parameters:
rsf - A search filter that allows you to set multiple clauses for the roles to be retrieved.
Returns:
The List of roles that were found based on the search filter.
Throws:
UMException

findRolesForPrincipal

java.util.Set findRolesForPrincipal(java.lang.String principalOid)
                                    throws UMException
Finds the roles for a given principal.

Parameters:
principalOid - The principal's identifier.
Returns:
The Set of roles associated with the specified principal.
Throws:
UMException

findRoleMembership

java.util.List findRoleMembership(RoleMembershipSearchFilter rmb)
                                  throws UMException
Retrieves a List of roles based on specified membership search criteria.

Parameters:
rmb - A search filter that allows you to set multiple clauses for the roles to be retrieved.
Returns:
A List of principals (User/Group objects).
Throws:
UMException

getReliantApplication

ReliantApplication getReliantApplication(java.lang.String reliantApplicationName)
                                         throws UMException
Retrieves a reliant application.

Parameters:
reliantApplicationName - The name of the reliant application.
Returns:
The reliant application.
Throws:
UMException

createReliantApplication

java.lang.String createReliantApplication(ReliantApplication relApp)
                                          throws UMException
Creates a reliant application.

Parameters:
relApp - The reliant application to be created.
Returns:
A String identifier of the reliant application that was created.
Throws:
UMException - to indicate if the same reliant application is being created again with the same or different system attributes.

getResourceType

java.util.List getResourceType(ResourceTypeSearchFilter rtsf)
                               throws UMException
Searches for resource types.

Parameters:
rtsf - A filter that encapsulates search parameters, as well as global parameters such as the offset and range of returned values.
Returns:
A List containing the resource types.
Throws:
UMException

createResourceType

java.lang.String createResourceType(ResourceType resType)
                                    throws UMException
Creates a resource type.

Parameters:
resType - The resource type to be created.
Returns:
A String identifier of the resource type that was created.
Throws:
UMException - to indicate if the same resource type is being created again with the same or different system attributes.

createPermission

java.lang.String createPermission(Permission perm)
                                  throws UMException
Creates a permission for a resource type.

Parameters:
perm - The permission to be assigned.
Returns:
A String identifier of the permission that was created.
Throws:
UMException

getPermissions

java.util.List getPermissions(java.lang.String ResourceTypeOid)
                              throws UMException
Retrieves a List of permissions related to the resource type. The reliant application can use this method to populate its user interface with the relevant permissions on the permission assignment page. A list of size zero is returned if no relevant permissions are found.

Parameters:
ResourceTypeOid - The resource type identifier.
Returns:
A List of permissions for the specified resource type.
Throws:
UMException

getPermissions

java.util.List getPermissions(PermissionSearchFilter psf)
                              throws UMException
Retrieves a List of permissions related to the specified search filter. A list of size zero is returned if no relevant permissions are found.

Parameters:
psf - A search filter that allows you to set multiple clauses for the permissions to be retrieved.
Returns:
A List of permissions that were found.
Throws:
UMException

getSystemPermissions

java.util.List getSystemPermissions(PermissionSearchFilter psf)
                                    throws UMException
Retrieves a List of all the permissions belonging to all the resource types in the system, according to the specified search filter. This method is used in the creation of roles. A role may consist of any number of permissions that have been potentially defined on various resource types. A list of size zero is returned if no relevant permissions are found.

Parameters:
psf - A search filter that allows you to set multiple clauses for the permissions to be retrieved.
Returns:
A List of permissions that were found for all the system resource types.
Throws:
UMException

setDefaultACL

void setDefaultACL(ResourceTypeACL rtDefACL)
                   throws UMException
Specifies the default access control list (ACL) for the given resource type.

Parameters:
rtDefACL - An object containing the permission and principal identifiers.
Throws:
UMException

modifyDefaultACL

void modifyDefaultACL(ResourceTypeACL addRtDefACL,
                      ResourceTypeACL delRtDefACL)
                      throws UMException
Defines a set of default permissions to be assigned to a set of principals (cross product) over a resource, when a resource of given resource type is registered.

Parameters:
addRtDefACL - The ACL to be added.
delRtDefACL - The ACL to be removed.
Throws:
UMException
See Also:
AuthorizationManager.registerResInstance(java.lang.String, java.util.List)

modifyRole

void modifyRole(java.lang.String roleName,
                java.util.List addPermissionOids,
                java.util.List removePermissionOids)
                throws UMException
Modifies the definition of a role by adding and removing a set of permissions from the definition of the role. Only mutable roles may be modified.

Parameters:
roleName - The name of the role.
addPermissionOids - The identifiers of the permissions to be added.
removePermissionOids - The identifiers of the permissions to be removed.
Throws:
UMException

getAllRolePermissions

java.util.List getAllRolePermissions(java.lang.String roleId)
                                     throws UMException
Retrieves a List of permissions related to the specified role. The reliant application can use this method to dynamically ascertain the permissions for a role. A list of size zero is returned if no relevant permissions are found. It is possible that all the permissions in the role definition may be deleted. This role can still be assigned to principals. However, it would not have any underlying permissions. In such cases it is assumed that the client will be able to make necessary access-related decisions gracefully, based on assignment of the role only, and not on its underlying permissions.

Parameters:
roleId - The role identifier.
Returns:
The List of permissions related to the specified role.
Throws:
UMException

isMutable

boolean isMutable(java.lang.String roleId)
                  throws UMException
Determines whether the specified role is mutable.

Parameters:
roleId - The role identifier.
Returns:
true if the role is mutable, false otherwise.
Throws:
UMException

registerResInstance

void registerResInstance(java.lang.String resType,
                         java.util.List resIdList)
                         throws UMException
Assigns the default access control list (ACL) of the specified resource type to the given resource instances.

Parameters:
resType - The resource type.
resIdList - The resource identifiers to which default permissions must be applied.
Throws:
UMException

assignPermToPrincipalForRes

void assignPermToPrincipalForRes(java.lang.String principalOid,
                                 java.lang.String resourceId,
                                 java.util.List permissionOid)
                                 throws UMException
Assigns the specified permissions to the principal for the given resource instance.

Parameters:
principalOid - The principal identifier.
resourceId - The resource identifier.
permissionOid - A List of permissions identifiers that will be assigned to the principal for the given resource.
Throws:
UMException

assignPermToPrincipalsForRes

void assignPermToPrincipalsForRes(java.lang.String resourceId,
                                  java.util.Map principalPermissionMap)
                                  throws UMException
Assigns the specified permissions to the principals for the given resource instance.

Parameters:
resourceId - The resource identifier.
principalPermissionMap - A Map whose keys are principal identifiers and whose values are ArrayList objects containing permission identifiers to be assigned to the principal for the given resource instance.
Throws:
UMException

getPermsForPrincipalOverRes

java.util.Set getPermsForPrincipalOverRes(java.lang.String principalOid,
                                          java.lang.String resourceId)
                                          throws UMException
Retrieves a Set of permissions for the specified principal and resource instance. A Set of size zero is returned if no relevant permissions are found.

Parameters:
principalOid - The principal identifier.
resourceId - The resource identifier.
Returns:
A Set of permissions for the specified principal and resource instance.
Throws:
UMException

getPermsForPrincipalsOverRes

java.util.Map getPermsForPrincipalsOverRes(java.util.List principalOidList,
                                           java.lang.String resourceId)
                                           throws UMException
Retrieves a Map of permissions for the List of specified principals and resource instance.

Parameters:
principalOidList - The List of principal identifiers.
resourceId - The resource identifier.
Returns:
A Map whose keys are principal identifiers and whose values are Set objects containing permission identifiers to be assigned to the principal for the given resource instance.
Throws:
UMException

modifyPermsToPrincipalForRes

void modifyPermsToPrincipalForRes(java.lang.String principalOid,
                                  java.lang.String resourceId,
                                  java.util.List delPerm,
                                  java.util.List addPerm)
                                  throws UMException
Assigns and removes the specified permissions from the principal for the given resource instance.

Parameters:
principalOid - The principal identifier.
resourceId - The resource identifier.
delPerm - The permissions to be removed from the principal.
addPerm - The permissions to be assigned to the principal.
Throws:
UMException

modifyPermsToPrincipalsForRes

void modifyPermsToPrincipalsForRes(java.util.List principalOid,
                                   java.lang.String resourceId,
                                   java.util.List delPerm,
                                   java.util.List addPerm)
                                   throws UMException
Assigns and removes the specified permissions from the List of principals for the given resource instance.

Parameters:
principalOid - The List of principal identifiers.
resourceId - The resource identifier.
delPerm - The permissions to be removed from the principal.
addPerm - The permissions to be assigned to the principal.
Throws:
UMException

deletePermsForPrincipalForRes

void deletePermsForPrincipalForRes(java.lang.String principalOid,
                                   java.lang.String resourceId,
                                   java.util.List permList)
                                   throws UMException
Removes the specified permissions from the principal for the given resource instance.

Parameters:
principalOid - The principal identifier.
resourceId - The resource identifier.
permList - The permissions to be removed.
Throws:
UMException

deletePermsForPrincipalsForRes

void deletePermsForPrincipalsForRes(java.util.List principalOid,
                                    java.lang.String resourceId,
                                    java.util.List permList)
                                    throws UMException
Removes the specified permissions from the List of principals for the given resource instance.

Parameters:
principalOid - The List of principal identifiers.
resourceId - The resource identifier.
permList - The list of permission oids to be removed.
Throws:
UMException

findRolesForPrincipals

java.util.Map findRolesForPrincipals(java.util.List principalOid)
                                     throws UMException
Retrieves a Map containing sets of roles assigned to the specified principals. A Map of size zero is returned if no relevant roles are found.

Parameters:
principalOid - The principal identifiers.
Returns:
A Map of principals whose keys are principal identifiers and whose values are Set objects of roles assigned to the principal either through direct assignment or indirectly via the principal's lineage.
Throws:
UMException

assignRoles

void assignRoles(java.lang.String[] roleId,
                 java.lang.String[] principalOids)
                 throws UMException
Assigns the specified roles to the given principals. Either all the principals or no principals are assigned the roles.

Parameters:
roleId - An array of role names.
principalOids - The principal identifiers.
Throws:
UMException

unassignRoles

void unassignRoles(java.lang.String[] roleId,
                   java.lang.String[] principalOids)
                   throws UMException
Removes the specified roles from the given principals. Either all the principals or no principals are unassigned the roles.

Parameters:
roleId - An array of role names.
principalOids - The principal identifiers.
Throws:
UMException

areUsersInRole

java.util.Map areUsersInRole(java.lang.String roleId,
                             java.util.List principalOid)
                             throws UMException
Determines whether the specified principals have been assigned the given role.

Parameters:
principalOid - The principal identifiers.
roleId - The role identifier.
Returns:
A Map of principals whose keys are principal identifiers and whose values are boolean values.
Throws:
UMException

hasPermission

PermissionInfo hasPermission(java.lang.String principalOid,
                             java.lang.String resourceId,
                             java.lang.String permissionOid)
                             throws UMException
Determines whether the principal has the permission assigned to it for the specified resource instance.

Parameters:
principalOid - The principal identifier.
resourceId - The resource identifier.
permissionOid - The permission identifier.
Returns:
A PermissionInfo object containing a flag that indicates whether the permission has been assigned to the principal.
Throws:
UMException

hasPermission

PermissionInfo hasPermission(java.lang.String principalOid,
                             java.lang.String resourceId,
                             Permission perm)
                             throws UMException
Determines whether the principal has the permission assigned to it for the specified resource instance.

Parameters:
principalOid - The principal identifier.
resourceId - The resource identifier.
perm - The permission object.
Returns:
A PermissionInfo object containing a flag that indicates whether the permission has been assigned to the principal.
Throws:
UMException

hasPermission

java.util.Map hasPermission(java.util.List principalOid,
                            java.lang.String resourceId,
                            java.lang.String permissionOid)
                            throws UMException
Determines whether the List of principals have the specified permission for the given resource instance.

Parameters:
principalOid - The principal identifiers.
resourceId - The resource identifier.
permissionOid - The permission identifier.
Returns:
A Map whose keys are the principal identifiers and values are boolean values indicating whether the principal has the permission assigned to it for the specified resource instance.
Throws:
UMException

hasPermission

java.util.Map hasPermission(java.util.List principalOid,
                            java.lang.String resourceId,
                            Permission perm)
                            throws UMException
Determines whether the List of principals have the specified permission for the given resource instance.

Parameters:
principalOid - The principal identifiers.
resourceId - The resource identifier.
perm - The permission object.
Returns:
A Map whose keys are the principal identifiers and values are boolean values indicating whether the principal has the permission assigned to it for the specified resource instance.
Throws:
UMException

getResourcesForPrincipal

java.util.Set getResourcesForPrincipal(java.lang.String principalOid,
                                       java.lang.String permissionOid)
                                       throws UMException
Retrieves a Set of resource identifiers for which the principal has the specified permission. An empty Set is returned if no relevant resources exist.

Parameters:
principalOid - The principal identifier.
permissionOid - The permission identifier.
Returns:
A Set of resource identifiers for which the principal has the specified permission.
Throws:
UMException

getResourcesForPrincipals

java.util.Map getResourcesForPrincipals(java.util.List principalOid,
                                        java.lang.String permissionOid)
                                        throws UMException
Retrieves a Map of resource identifiers for which the principals have the specified permission.

Parameters:
principalOid - The principal identifiers.
permissionOid - The permission identifier.
Returns:
A Map whose keys are the principal identifiers and values are Set objects containing resource instances for which the principals have the specified permission.
Throws:
UMException

modifyPermsToPrincipalForRes

void modifyPermsToPrincipalForRes(java.lang.String principalOid,
                                  java.lang.String resourceId,
                                  java.util.List desiredPerms)
                                  throws UMException
Assigns the specified permissions to the principal for the given resource instance. It will delete any extra permissions already assigned directly to the principal. Permissions that are unassigned will be assigned.

Parameters:
principalOid - The principal identifier.
resourceId - The resource identifier.
desiredPerms - The permissions that the principal will have.
Throws:
UMException

findPriPermInfoForRes

java.util.Map findPriPermInfoForRes(java.lang.String resourceId)
                                    throws UMException
Retrieves a Map of permissions and principals for a given resource instance. Return the map where each key value pair is (principal, permission List for the resource instance). The principal-permssions-Set returned are direct assignments. The api will not do an explicit explosion of groups. The end client can find all the children for a principal (by calling directoryManager.getAllChildren(principalOid)) *if required*. All the children will inherit the mentioned permission List for the principal by virtue of lineage key = PrincipalOid Value = List of Permission objects

Parameters:
resourceId - The resource identifier.
Returns:
A Map whose keys are the principal identifiers and whose values are List obejcts containing of permissions.
Throws:
IDPException
IDPSystemException
UMException