Hyperic HQ Plugin API v. 4.4.0.2

org.hyperic.hq.authz.server.session
Class RoleManagerEJBImpl

java.lang.Object
  extended by org.hyperic.hq.authz.server.session.AuthzSession
      extended by org.hyperic.hq.authz.server.session.RoleManagerEJBImpl
All Implemented Interfaces:
java.io.Serializable, javax.ejb.EnterpriseBean, javax.ejb.SessionBean

public class RoleManagerEJBImpl
extends AuthzSession
implements javax.ejb.SessionBean

Use this session bean to manipulate Roles and Subjects associated with them. All arguments and return values are value-objects.

See Also:
Serialized Form

Field Summary
 
Fields inherited from class org.hyperic.hq.authz.server.session.AuthzSession
ctx, log
 
Constructor Summary
RoleManagerEJBImpl()
           
 
Method Summary
 void addOperations(AuthzSubject whoami, Role role, Operation[] operations)
          Associate operations with this role.
 void addResourceGroupRoles(AuthzSubject whoami, java.lang.Integer gid, java.lang.Integer[] ids)
          Associate ResourceGroup with list of roles.
 void addResourceGroups(AuthzSubject whoami, java.lang.Integer rid, java.lang.Integer[] gids)
          Associate ResourceGroups with this role.
 void addRoles(AuthzSubject whoami, AuthzSubject subject, java.lang.Integer[] roles)
          Associate roles with this subject.
 void addSubjects(AuthzSubject whoami, java.lang.Integer id, java.lang.Integer[] sids)
          Add subjects to this role.
 void changeOwner(AuthzSubject whoami, java.lang.Integer id, AuthzSubject owner)
          Change the owner of the role.
 RoleCalendar createCalendar(AuthzSubject whoami, Role r, java.lang.String calendarName, RoleCalendarType type)
          Create a calendar under a role for a specific type.
 java.lang.Integer createOwnedRole(AuthzSubject whoami, RoleValue role, Operation[] operations, java.lang.Integer[] subjectIds, java.lang.Integer[] groupIds)
          Create a role.
 void ejbActivate()
           
 void ejbCreate()
           
 void ejbPassivate()
           
 void ejbRemove()
           
 java.util.Collection findAllOperations()
          Find all Operation objects
 OwnedRoleValue findOwnedRoleById(AuthzSubject whoami, java.lang.Integer id)
          Find the owned role that has the given ID.
 Role findRoleById(int id)
           
 Role findRoleByName(java.lang.String name)
           
 PageList getAllNonSystemOwnedRoles(AuthzSubject subject, java.lang.Integer[] excludeIds, PageControl pc)
          List all Roles in the system, except system roles.
 java.util.List getAllOwnedRoles(AuthzSubject subject, PageControl pc)
          List all OwnedRoles in the system
 java.util.Collection getAllRoles()
           
 java.util.List getAllRoles(AuthzSubject subject, PageControl pc)
          List all Roles in the system
 PageList getAvailableGroupRoles(AuthzSubject whoami, java.lang.Integer groupId, java.lang.Integer[] roleIds, PageControl pc)
          List the roles that this subject is not in and that are not one of the specified roles.
 PageList getAvailableResourceGroups(AuthzSubject whoami, java.lang.Integer roleId, java.lang.Integer[] groupIds, PageControl pc)
          List the groups not in this role and not one of the specified groups.
 PageList getAvailableRoles(AuthzSubject whoami, boolean system, java.lang.Integer subjectId, java.lang.Integer[] roleIds, PageControl pc)
          List the roles that this subject is not in and that are not one of the specified roles.
 PageList getAvailableSubjects(AuthzSubject whoami, java.lang.Integer roleId, java.lang.Integer[] subjectIds, PageControl pc)
          List the subjects not in this role and not one of the specified subjects.
 PageList getNonSystemOwnedRoles(AuthzSubject callerSubjectValue, AuthzSubject intendedSubjectValue, java.lang.Integer[] excludeIds, PageControl pc)
          Get the owned roles for a subject, except system roles.
 PageList getNonSystemOwnedRoles(AuthzSubject callerSubjectValue, AuthzSubject intendedSubjectValue, PageControl pc)
          Get the owned roles for a subject, except system roles.
static org.hyperic.hq.authz.shared.RoleManagerLocal getOne()
           
 java.util.List getOwnedRoles(AuthzSubject subject, PageControl pc)
          Get the owned roles for a subject.
 PageList getResourceGroupRoles(AuthzSubject whoami, java.lang.Integer groupId, PageControl pc)
          Return the roles of a group
 java.util.Collection getResourceGroupsByRole(AuthzSubject subject, Role role)
          Get the resource groups applicable to a given role.
 PageList getResourceGroupsByRoleIdAndSystem(AuthzSubject subject, java.lang.Integer roleId, boolean system, PageControl pc)
          Get the resource groups applicable to a given role
 Role getRoleById(int id)
          Get a Role by id
 java.lang.Number getRoleCount()
          Get the # of roles within HQ inventory
 java.util.List getRoleOperations(AuthzSubject subject, java.lang.Integer roleId)
          Get operations For a given role id, find the resource types and permissions which are supported by it
 java.util.List getRoles(AuthzSubject subjectValue, PageControl pc)
          Get the roles for a subject
 PageList getRolesById(AuthzSubject whoami, java.lang.Integer[] ids, PageControl pc)
          Get the roles with the specified ids
 java.lang.Number getSubjectCount()
          Get the # of subjects within HQ inventory
 PageList getSubjects(AuthzSubject whoami, java.lang.Integer roleId, PageControl pc)
          List the subjects in this role.
 boolean isRootRoleMember(AuthzSubject subject)
           
 void removeAllOperations(AuthzSubject whoami, Role role)
          Disassociate all operations from this role.
 void removeAllResourceGroups(AuthzSubject whoami, Role role)
          Disassociate all ResourceGroups of this role from this role.
 boolean removeCalendar(RoleCalendar c)
           
 void removeResourceGroupRoles(AuthzSubject whoami, java.lang.Integer gid, java.lang.Integer[] ids)
          Disassociate roles from this ResourceGroup.
 void removeResourceGroups(AuthzSubject whoami, java.lang.Integer id, java.lang.Integer[] gids)
          Disassociate ResourceGroups from this role.
 void removeRole(AuthzSubject whoami, java.lang.Integer rolePk)
          Delete the specified role.
 void removeRoles(AuthzSubject whoami, AuthzSubject subject, java.lang.Integer[] roles)
          Disassociate roles from this subject.
 void removeSubjects(AuthzSubject whoami, java.lang.Integer id, java.lang.Integer[] ids)
          Remove subjects from this role.
 void saveRole(AuthzSubject whoami, RoleValue role)
          Write the specified entity out to permanent storage.
 void setOperations(AuthzSubject whoami, java.lang.Integer id, Operation[] operations)
          Set the operations for this role.
 void setSessionContext(javax.ejb.SessionContext ctx)
           
 
Methods inherited from class org.hyperic.hq.authz.server.session.AuthzSession
findPrototype, findSubjectByAuth, getContainmentRelation, getInitialContext, getNetworkRelation, getOperationDAO, getResourceDAO, getResourceGroupDAO, getResourceTypeDAO, getRoleDAO, getRootResourceType, getSessionContext, getSubjectDAO, getVirtualRelation, lookupSubject, toPojos
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

RoleManagerEJBImpl

public RoleManagerEJBImpl()
Method Detail

isRootRoleMember

public boolean isRootRoleMember(AuthzSubject subject)

createOwnedRole

public java.lang.Integer createOwnedRole(AuthzSubject whoami,
                                         RoleValue role,
                                         Operation[] operations,
                                         java.lang.Integer[] subjectIds,
                                         java.lang.Integer[] groupIds)
                                  throws javax.ejb.FinderException,
                                         AuthzDuplicateNameException,
                                         PermissionException
Create a role.

Parameters:
whoami - The current running user.
role - The to be created.
operations - Operations to associate with the new role. Use null if you want to associate operations later.
subjectIds - Ids of subjects to add to the new role. Use null to add subjects later.
groupIds - Ids of resource groups to add to the new role. Use null to add subjects later.
Returns:
OwnedRoleValue for the role.
Throws:
javax.ejb.CreateException - Unable to create the specified entity.
javax.ejb.FinderException - Unable to find a given or dependent entities.
PermissionException - whoami may not perform createResource on the covalentAuthzRole ResourceType.
AuthzDuplicateNameException

removeRole

public void removeRole(AuthzSubject whoami,
                       java.lang.Integer rolePk)
                throws javax.ejb.RemoveException,
                       PermissionException
Delete the specified role.

Parameters:
whoami - The current running user.
role - The role to delete.
Throws:
javax.ejb.RemoveException - Unable to delete the specified entity.
PermissionException

saveRole

public void saveRole(AuthzSubject whoami,
                     RoleValue role)
              throws AuthzDuplicateNameException,
                     PermissionException
Write the specified entity out to permanent storage.

Parameters:
whoami - The current running user.
role - The role to save.
Throws:
PermissionException - whoami may not perform modifyRole on this role.
AuthzDuplicateNameException

changeOwner

public void changeOwner(AuthzSubject whoami,
                        java.lang.Integer id,
                        AuthzSubject owner)
                 throws PermissionException
Change the owner of the role.

Parameters:
whoami - The current running user.
id - The ID of the role to change
ownerVal - The new owner of the role..
Throws:
PermissionException - whoami may not perform modifyRole on this role.

addOperations

public void addOperations(AuthzSubject whoami,
                          Role role,
                          Operation[] operations)
                   throws PermissionException
Associate operations with this role.

Parameters:
whoami - The current running user.
role - The role.
operations - The operations to associate with the role.
Throws:
javax.ejb.FinderException - Unable to find a given or dependent entities.
PermissionException - whoami may not perform addOperation on this role.

removeAllOperations

public void removeAllOperations(AuthzSubject whoami,
                                Role role)
                         throws PermissionException
Disassociate all operations from this role.

Parameters:
whoami - The current running user.
role - The role.
Throws:
javax.ejb.FinderException - Unable to find a given or dependent entities.
PermissionException - whoami may not perform removeOperation on this role.

setOperations

public void setOperations(AuthzSubject whoami,
                          java.lang.Integer id,
                          Operation[] operations)
                   throws PermissionException
Set the operations for this role. To get the operations call getOperations() on the value-object.

Parameters:
whoami - The current running user.
id - The ID of the role.
operations - Operations to associate with this role.
Throws:
javax.ejb.FinderException - Unable to find a given or dependent entities.
PermissionException - whoami is not allowed to perform setOperations on this role.

addResourceGroups

public void addResourceGroups(AuthzSubject whoami,
                              java.lang.Integer rid,
                              java.lang.Integer[] gids)
                       throws PermissionException
Associate ResourceGroups with this role.

Parameters:
whoami - The current running user.
role - This role.
gids - The ids of the groups to associate with this role.
Throws:
javax.ejb.FinderException - Unable to find a given or dependent entities.
PermissionException - whoami is not allowed to perform addResourceGroup on this role.

addResourceGroupRoles

public void addResourceGroupRoles(AuthzSubject whoami,
                                  java.lang.Integer gid,
                                  java.lang.Integer[] ids)
                           throws PermissionException,
                                  javax.ejb.FinderException
Associate ResourceGroup with list of roles.

Parameters:
whoami - The current running user.
roles - The roles.
ids - The id of the group to associate with the roles.
Throws:
PermissionException - whoami is not allowed to perform addResourceGroup on this role.
javax.ejb.FinderException - SQL error looking up roles scope

removeResourceGroups

public void removeResourceGroups(AuthzSubject whoami,
                                 java.lang.Integer id,
                                 java.lang.Integer[] gids)
                          throws PermissionException
Disassociate ResourceGroups from this role.

Parameters:
whoami - The current running user.
id - This role.
gids - The ids of the groups to disassociate.
Throws:
javax.ejb.FinderException - Unable to find a given or dependent entities.
PermissionException - whoami is not allowed to perform modifyRole on this role.

removeResourceGroupRoles

public void removeResourceGroupRoles(AuthzSubject whoami,
                                     java.lang.Integer gid,
                                     java.lang.Integer[] ids)
                              throws PermissionException
Disassociate roles from this ResourceGroup.

Parameters:
whoami - The current running user.
role - This role.
ids - The ids of the groups to disassociate.
Throws:
javax.ejb.FinderException - Unable to find a given or dependent entities.
PermissionException - whoami is not allowed to perform modifyRole on this role.

removeAllResourceGroups

public void removeAllResourceGroups(AuthzSubject whoami,
                                    Role role)
                             throws PermissionException
Disassociate all ResourceGroups of this role from this role.

Parameters:
whoami - The current running user.
role - This role.
Throws:
javax.ejb.FinderException - Unable to find a given or dependent entities.
javax.naming.NamingException
PermissionException - whoami is not allowed to perform modifyRole on this role.

getRoleCount

public java.lang.Number getRoleCount()
Get the # of roles within HQ inventory


getSubjectCount

public java.lang.Number getSubjectCount()
Get the # of subjects within HQ inventory


getRoleById

public Role getRoleById(int id)
Get a Role by id


findRoleById

public Role findRoleById(int id)

findRoleByName

public Role findRoleByName(java.lang.String name)

createCalendar

public RoleCalendar createCalendar(AuthzSubject whoami,
                                   Role r,
                                   java.lang.String calendarName,
                                   RoleCalendarType type)
                            throws PermissionException
Create a calendar under a role for a specific type. Calendars created in this manner are tied directly to the role and should not be used by other roles.

Throws:
PermissionException - if user is not allowed to modify role

removeCalendar

public boolean removeCalendar(RoleCalendar c)

findOwnedRoleById

public OwnedRoleValue findOwnedRoleById(AuthzSubject whoami,
                                        java.lang.Integer id)
                                 throws PermissionException
Find the owned role that has the given ID.

Parameters:
id - The ID of the role you're looking for.
Returns:
The owned value-object of the role of the given ID.
Throws:
javax.ejb.FinderException - Unable to find a given or dependent entities.
PermissionException

getRoleOperations

public java.util.List getRoleOperations(AuthzSubject subject,
                                        java.lang.Integer roleId)
                                 throws PermissionException
Get operations For a given role id, find the resource types and permissions which are supported by it

Parameters:
subject -
roleId -
Returns:
list - values are lists of operation
Throws:
PermissionException

getAllRoles

public java.util.Collection getAllRoles()
Returns:
a list of Roles

getAllRoles

public java.util.List getAllRoles(AuthzSubject subject,
                                  PageControl pc)
                           throws javax.ejb.FinderException
List all Roles in the system

Parameters:
pc - Paging information for the request
Returns:
List a list of RoleValues
Throws:
javax.ejb.FinderException

getAllOwnedRoles

public java.util.List getAllOwnedRoles(AuthzSubject subject,
                                       PageControl pc)
List all OwnedRoles in the system

Parameters:
subject -
pc - Paging and sorting information.
Returns:
List a list of OwnedRoleValues

getAllNonSystemOwnedRoles

public PageList getAllNonSystemOwnedRoles(AuthzSubject subject,
                                          java.lang.Integer[] excludeIds,
                                          PageControl pc)
                                   throws PermissionException,
                                          javax.ejb.FinderException
List all Roles in the system, except system roles.

Returns:
List a list of OwnedRoleValues that are not system roles
Throws:
javax.ejb.FinderException - if sort attribute is unrecognized
PermissionException

getRolesById

public PageList getRolesById(AuthzSubject whoami,
                             java.lang.Integer[] ids,
                             PageControl pc)
                      throws PermissionException,
                             javax.ejb.FinderException
Get the roles with the specified ids

Parameters:
subject -
ids - the role ids
pc - Paging information for the request
Throws:
javax.ejb.FinderException
PermissionException

addRoles

public void addRoles(AuthzSubject whoami,
                     AuthzSubject subject,
                     java.lang.Integer[] roles)
              throws PermissionException
Associate roles with this subject.

Parameters:
whoami - The current running user.
subject - The subject.
roles - The roles to associate with the subject.
Throws:
PermissionException - whoami may not perform addRole on this subject.

removeRoles

public void removeRoles(AuthzSubject whoami,
                        AuthzSubject subject,
                        java.lang.Integer[] roles)
                 throws PermissionException,
                        javax.ejb.FinderException
Disassociate roles from this subject.

Parameters:
whoami - The current running user.
subject - The subject.
roles - The subjects to disassociate.
Throws:
PermissionException - whoami may not perform removeRole on this subject.
javax.ejb.FinderException

getRoles

public java.util.List getRoles(AuthzSubject subjectValue,
                               PageControl pc)
                        throws PermissionException
Get the roles for a subject

Parameters:
whoami -
subject -
pc - Paging and sorting information.
Returns:
Set of Roles
Throws:
PermissionException

getOwnedRoles

public java.util.List getOwnedRoles(AuthzSubject subject,
                                    PageControl pc)
                             throws PermissionException
Get the owned roles for a subject.

Parameters:
whoami -
subject -
pc - Paging and sorting information.
Returns:
Set of Roles
Throws:
PermissionException

getNonSystemOwnedRoles

public PageList getNonSystemOwnedRoles(AuthzSubject callerSubjectValue,
                                       AuthzSubject intendedSubjectValue,
                                       PageControl pc)
                                throws PermissionException,
                                       javax.ejb.FinderException
Get the owned roles for a subject, except system roles.

Parameters:
callerSubjectValue - is the subject of caller.
intendedSubjectValue - is the subject of intended subject.
pc - The PageControl object for paging results.
Returns:
List a list of OwnedRoleValues that are not system roles
Throws:
javax.ejb.CreateException - indicating ejb creation / container failure.
javax.ejb.FinderException - Unable to find a given or dependent entities.
PermissionException - caller is not allowed to perform listRoles on this role.
javax.ejb.FinderException - SQL error looking up roles scope

getNonSystemOwnedRoles

public PageList getNonSystemOwnedRoles(AuthzSubject callerSubjectValue,
                                       AuthzSubject intendedSubjectValue,
                                       java.lang.Integer[] excludeIds,
                                       PageControl pc)
                                throws PermissionException,
                                       javax.ejb.FinderException
Get the owned roles for a subject, except system roles.

Parameters:
callerSubjectValue - is the subject of caller.
intendedSubjectValue - is the subject of intended subject.
pc - The PageControl object for paging results.
Returns:
List a list of OwnedRoleValues that are not system roles
Throws:
javax.ejb.CreateException - indicating ejb creation / container failure.
javax.ejb.FinderException - Unable to find a given or dependent entities.
PermissionException - caller is not allowed to perform listRoles on this role.
javax.ejb.FinderException - SQL error looking up roles scope

getAvailableRoles

public PageList getAvailableRoles(AuthzSubject whoami,
                                  boolean system,
                                  java.lang.Integer subjectId,
                                  java.lang.Integer[] roleIds,
                                  PageControl pc)
                           throws PermissionException,
                                  javax.ejb.FinderException
List the roles that this subject is not in and that are not one of the specified roles.

Parameters:
whoami - The current running user.
system - If true, then only system roles are returned. If false, then only non-system roles are returned.
subjectId - The id of the subject.
Returns:
List of roles.
Throws:
javax.ejb.FinderException - Unable to find a given or dependent entities.
PermissionException - whoami is not allowed to perform listRoles on this role.
javax.ejb.FinderException

getAvailableGroupRoles

public PageList getAvailableGroupRoles(AuthzSubject whoami,
                                       java.lang.Integer groupId,
                                       java.lang.Integer[] roleIds,
                                       PageControl pc)
                                throws PermissionException,
                                       javax.ejb.FinderException
List the roles that this subject is not in and that are not one of the specified roles.

Parameters:
whoami - The current running user.
system - If true, then only system roles are returned. If false, then only non-system roles are returned.
groupId - The id of the subject.
Returns:
List of roles.
Throws:
javax.ejb.FinderException - Unable to find a given or dependent entities.
PermissionException - whoami is not allowed to perform listRoles on this role.
javax.ejb.FinderException - if the sort attribute was not recognized

getResourceGroupsByRole

public java.util.Collection getResourceGroupsByRole(AuthzSubject subject,
                                                    Role role)
                                             throws PermissionException,
                                                    javax.ejb.FinderException
Get the resource groups applicable to a given role.

Throws:
PermissionException
javax.ejb.FinderException

getResourceGroupsByRoleIdAndSystem

public PageList getResourceGroupsByRoleIdAndSystem(AuthzSubject subject,
                                                   java.lang.Integer roleId,
                                                   boolean system,
                                                   PageControl pc)
                                            throws PermissionException,
                                                   javax.ejb.FinderException
Get the resource groups applicable to a given role

Throws:
PermissionException
javax.ejb.FinderException

getResourceGroupRoles

public PageList getResourceGroupRoles(AuthzSubject whoami,
                                      java.lang.Integer groupId,
                                      PageControl pc)
                               throws PermissionException
Return the roles of a group

Throws:
PermissionException

getAvailableResourceGroups

public PageList getAvailableResourceGroups(AuthzSubject whoami,
                                           java.lang.Integer roleId,
                                           java.lang.Integer[] groupIds,
                                           PageControl pc)
                                    throws PermissionException,
                                           javax.ejb.FinderException
List the groups not in this role and not one of the specified groups.

Parameters:
whoami - The current running user.
roleId - The id of the role.
Returns:
List of groups in this role.
Throws:
PermissionException - whoami is not allowed to perform listGroups on this role.
javax.ejb.FinderException

getSubjects

public PageList getSubjects(AuthzSubject whoami,
                            java.lang.Integer roleId,
                            PageControl pc)
                     throws PermissionException,
                            javax.ejb.FinderException
List the subjects in this role.

Parameters:
whoami - The current running user.
roleId - The id of the role.
Returns:
List of subjects in this role.
Throws:
PermissionException - whoami is not allowed to perform listSubjects on this role.
javax.ejb.FinderException - if the sort attribute is not recognized

getAvailableSubjects

public PageList getAvailableSubjects(AuthzSubject whoami,
                                     java.lang.Integer roleId,
                                     java.lang.Integer[] subjectIds,
                                     PageControl pc)
                              throws PermissionException,
                                     javax.ejb.FinderException
List the subjects not in this role and not one of the specified subjects.

Parameters:
whoami - The current running user.
roleId - The id of the role.
Returns:
List of subjects in this role.
Throws:
javax.ejb.FinderException - Unable to find a given or dependent entities.
PermissionException - whoami is not allowed to perform listSubjects on this role.
javax.ejb.FinderException - if the sort attribute is not recognized

addSubjects

public void addSubjects(AuthzSubject whoami,
                        java.lang.Integer id,
                        java.lang.Integer[] sids)
                 throws PermissionException
Add subjects to this role.

Parameters:
whoami - The current running user.
id - The ID of the role.
sids - Ids of ubjects to add to role.
Throws:
PermissionException - whoami is not allowed to perform addSubject on this role.

removeSubjects

public void removeSubjects(AuthzSubject whoami,
                           java.lang.Integer id,
                           java.lang.Integer[] ids)
                    throws PermissionException
Remove subjects from this role.

Parameters:
whoami - The current running user.
id - The ID of the role.
ids - The ids of the subjects to remove.
Throws:
PermissionException - whoami is not allowed to perform removeSubject on this role.

findAllOperations

public java.util.Collection findAllOperations()
Find all Operation objects


getOne

public static org.hyperic.hq.authz.shared.RoleManagerLocal getOne()

ejbPassivate

public void ejbPassivate()
Specified by:
ejbPassivate in interface javax.ejb.SessionBean

ejbActivate

public void ejbActivate()
Specified by:
ejbActivate in interface javax.ejb.SessionBean

ejbRemove

public void ejbRemove()
Specified by:
ejbRemove in interface javax.ejb.SessionBean

ejbCreate

public void ejbCreate()
               throws javax.ejb.CreateException
Throws:
javax.ejb.CreateException

setSessionContext

public void setSessionContext(javax.ejb.SessionContext ctx)
Specified by:
setSessionContext in interface javax.ejb.SessionBean
Overrides:
setSessionContext in class AuthzSession

Hyperic HQ Plugin API v. 4.4.0.2

Copyright © 2004-2006 Hyperic, Inc. support@hyperic.net, All Rights Reserved.