Hyperic HQ Plugin API v. 4.4.0.2

org.hyperic.hq.appdef.server.session
Class AppdefSessionEJB

java.lang.Object
  extended by org.hyperic.hq.appdef.server.session.AppdefSessionUtil
      extended by org.hyperic.hq.appdef.server.session.AppdefSessionEJB
Direct Known Subclasses:
AgentManagerEJBImpl, AIQueueManagerEJBImpl, AppdefManagerEJBImpl, AppdefStatManagerEJBImpl, ApplicationManagerEJBImpl, CloningBossEJBImpl, ConfigManagerEJBImpl, DashboardPortletBossEJBImpl, PlatformManagerEJBImpl, ServerManagerEJBImpl, ServiceManagerEJBImpl, VirtualManagerEJBImpl

public abstract class AppdefSessionEJB
extends AppdefSessionUtil

Parent abstract class of all appdef session ejbs


Field Summary
protected  javax.ejb.SessionContext _ctx
           
protected  javax.naming.InitialContext _ic
           
protected  org.apache.commons.logging.Log log
           
 
Constructor Summary
AppdefSessionEJB()
           
 
Method Summary
 void changeOwner(AuthzSubject who, AppdefResource res, AuthzSubject newOwner)
          Change appdef entity owner
 void checkAIScanPermission(AuthzSubject subject, AppdefEntityID id)
          Check to see if the subject can perform an autoinventory scan on the specified resource.
 void checkAlertingPermission(AuthzSubject subject, AppdefEntityID id)
          Check for manage alerts permission for a given resource
 java.util.List checkAlertingScope(AuthzSubject subj)
          Check the scope of alertable resources for a give subject
 void checkControlPermission(AuthzSubject subject, AppdefEntityID id)
          Check for control permission for a given resource
 void checkCreateChildPermission(AuthzSubject subject, AppdefEntityID id)
          Check for create child object permission for a given resource Child Resources: Platforms -> servers Servers -> services Any other resource will throw an InvalidAppdefTypeException since no other resources have this parent->child relationship with respect to their permissions
 void checkCreatePlatformPermission(AuthzSubject subject)
          Check for createPlatform permission for a resource
 void checkModifyPermission(AuthzSubject subject, AppdefEntityID id)
          Check for modify permission for a given resource
 void checkMonitorPermission(AuthzSubject subject, AppdefEntityID id)
          Check for monitor permission for a given resource
protected  void checkPermission(AuthzSubject subject, AppdefEntityID id, java.lang.String operation)
          Check a permission
protected  void checkPermission(AuthzSubject subject, ResourceType rtV, java.lang.Integer id, java.lang.String operation)
          Check a permission
 void checkRemovePermission(AuthzSubject subject, AppdefEntityID id)
          Check for control permission for a given resource
 void checkViewPermission(AuthzSubject subject, AppdefEntityID id)
          Check for view permission for a given resource
protected  Resource createAuthzResource(AuthzSubject who, ResourceType resType, Resource prototype, java.lang.Integer id, java.lang.String name, boolean fsystem, Resource parent)
          Create an authz resource
protected  Resource createAuthzResource(AuthzSubject who, ResourceType resType, Resource prototype, java.lang.Integer id, java.lang.String name, Resource parent)
          Create an authz resource
protected  void deleteCustomProperties(AppdefEntityID aeid)
           
protected  java.util.Collection filterResourceTypes(java.util.Collection resources)
          builds a list of resource types from the list of resources
protected  java.util.List filterViewableServers(java.util.Collection servers, AuthzSubject who)
          Filter a list of Servers by their viewability by the subject
protected  ResourceType getApplicationPrototypeResourceType()
           
protected  ResourceType getApplicationResourceType()
          Get the application resource type
protected  ResourceType getAuthzResourceType(AppdefEntityID id)
          Get the authz resource type by AppdefEntityId
 ResourceType getGroupResourceType()
          Get the Authz Resource Type for a Group
protected  javax.naming.InitialContext getInitialContext()
           
protected  Operation getOperationByName(ResourceType rtV, java.lang.String opName)
          Find an operation by name inside a ResourcetypeValue object
protected  AuthzSubject getOverlord()
          Get the overlord.
protected  ResourceType getPlatformPrototypeResourceType()
           
protected  ResourceType getPlatformResourceType()
          Get the platform resource type
 AppdefResourcePermissions getResourcePermissions(AuthzSubject who, AppdefEntityID eid)
          Deprecated. Use the individual check*Permission methods instead.
protected  ResourceType getResourceType(java.lang.String resType)
          Get the authz resource type
protected  ResourceType getRootResourceType()
          Get the root resourceType object.
protected  ResourceType getServerPrototypeResourceType()
           
protected  ResourceType getServerResourceType()
          Get the Server Resource Type
protected  ServiceCluster getServiceCluster(ResourceGroup group)
          Map a ResourceGroup to ServiceCluster, just temporary, should be able to remove when done with the ServiceCluster to ResourceGroup Migration
protected  ResourceType getServicePrototypeResourceType()
           
protected  ResourceType getServiceResourceType()
          Get the Service Resource Type
 javax.ejb.SessionContext getSessionContext()
           
protected  java.util.List getViewableApplications(AuthzSubject whoami)
          Get the scope of viewable apps for a given user
protected  java.util.List getViewableGroups(AuthzSubject whoami)
          Get the scope of viewable groups for a given user
protected  java.util.List getViewablePlatformPKs(AuthzSubject who)
           
protected  java.util.Collection getViewablePlatforms(AuthzSubject whoami, PageControl pc)
          Get the scope of viewable platforms for a given user
protected  java.util.List getViewableServers(AuthzSubject whoami)
          Get the scope of viewable servers for a given user
protected  java.util.List getViewableServiceInventory(AuthzSubject whoami)
           
protected  java.util.List getViewableServices(AuthzSubject whoami)
          Get the scope of viewable services for a given user
protected  void removeAuthzResource(AuthzSubject subject, AppdefEntityID aeid, Resource r)
          remove the authz resource entry
protected  void rollback()
           
 void setSessionContext(javax.ejb.SessionContext ctx)
           
 
Methods inherited from class org.hyperic.hq.appdef.server.session.AppdefSessionUtil
findResourceType, findResourceType, getAgentDAO, getAIQManagerLocal, getApplicationDAO, getApplicationManager, getConfigManager, getConfigResponseDAO, getCPropManager, getPlatformDAO, getPlatformManager, getPlatformTypeDAO, getResourceManager, getServerDAO, getServerManager, getServerTypeDAO, getServiceDAO, getServiceManager, getServiceTypeDAO
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

_ctx

protected javax.ejb.SessionContext _ctx

_ic

protected javax.naming.InitialContext _ic

log

protected org.apache.commons.logging.Log log
Constructor Detail

AppdefSessionEJB

public AppdefSessionEJB()
Method Detail

getResourceType

protected ResourceType getResourceType(java.lang.String resType)
                                throws javax.ejb.FinderException
Get the authz resource type

Parameters:
resType - - the constant indicating the resource type (from AuthzConstants)
Throws:
javax.ejb.FinderException

filterResourceTypes

protected java.util.Collection filterResourceTypes(java.util.Collection resources)
builds a list of resource types from the list of resources

Parameters:
resources - - Collection of AppdefResource
{@link - Collection} of AppdefResourceType

createAuthzResource

protected Resource createAuthzResource(AuthzSubject who,
                                       ResourceType resType,
                                       Resource prototype,
                                       java.lang.Integer id,
                                       java.lang.String name,
                                       Resource parent)
Create an authz resource

Parameters:
resTypeVal - - the type
id - - the id of the object

createAuthzResource

protected Resource createAuthzResource(AuthzSubject who,
                                       ResourceType resType,
                                       Resource prototype,
                                       java.lang.Integer id,
                                       java.lang.String name,
                                       boolean fsystem,
                                       Resource parent)
Create an authz resource

Parameters:
resTypeVal - - the type
who - - who
id - - the id of the object
name - - the name of the resource
fsystem - - true if the resource should be non-visible

getAuthzResourceType

protected ResourceType getAuthzResourceType(AppdefEntityID id)
                                     throws javax.ejb.FinderException
Get the authz resource type by AppdefEntityId

Throws:
javax.ejb.FinderException

removeAuthzResource

protected void removeAuthzResource(AuthzSubject subject,
                                   AppdefEntityID aeid,
                                   Resource r)
                            throws javax.ejb.RemoveException,
                                   PermissionException,
                                   VetoException
remove the authz resource entry

Throws:
javax.ejb.RemoveException
PermissionException
VetoException

checkPermission

protected void checkPermission(AuthzSubject subject,
                               ResourceType rtV,
                               java.lang.Integer id,
                               java.lang.String operation)
                        throws PermissionException
Check a permission

Parameters:
subject - - who
rtV - - type of resource
id - - the id of the object
operation - - the name of the operation to perform
Throws:
PermissionException

checkPermission

protected void checkPermission(AuthzSubject subject,
                               AppdefEntityID id,
                               java.lang.String operation)
                        throws PermissionException
Check a permission

Throws:
PermissionException

checkCreatePlatformPermission

public void checkCreatePlatformPermission(AuthzSubject subject)
                                   throws PermissionException
Check for createPlatform permission for a resource

Parameters:
subject -
Throws:
PermissionException

checkModifyPermission

public void checkModifyPermission(AuthzSubject subject,
                                  AppdefEntityID id)
                           throws PermissionException
Check for modify permission for a given resource

Throws:
PermissionException

checkViewPermission

public void checkViewPermission(AuthzSubject subject,
                                AppdefEntityID id)
                         throws PermissionException
Check for view permission for a given resource

Throws:
PermissionException

checkControlPermission

public void checkControlPermission(AuthzSubject subject,
                                   AppdefEntityID id)
                            throws PermissionException
Check for control permission for a given resource

Throws:
PermissionException

checkRemovePermission

public void checkRemovePermission(AuthzSubject subject,
                                  AppdefEntityID id)
                           throws PermissionException
Check for control permission for a given resource

Throws:
PermissionException

checkMonitorPermission

public void checkMonitorPermission(AuthzSubject subject,
                                   AppdefEntityID id)
                            throws PermissionException
Check for monitor permission for a given resource

Throws:
PermissionException

checkAlertingPermission

public void checkAlertingPermission(AuthzSubject subject,
                                    AppdefEntityID id)
                             throws PermissionException
Check for manage alerts permission for a given resource

Throws:
PermissionException

checkAlertingScope

public java.util.List checkAlertingScope(AuthzSubject subj)
Check the scope of alertable resources for a give subject

Returns:
a list of AppdefEntityIds

checkAIScanPermission

public void checkAIScanPermission(AuthzSubject subject,
                                  AppdefEntityID id)
                           throws PermissionException,
                                  GroupNotCompatibleException
Check to see if the subject can perform an autoinventory scan on the specified resource. For platforms, the user must have modify platform permissions on the platform, and add server permissions on the platform. For a group, the user must have these permission on every platform in the group.

Parameters:
subject - The user to check permissions on.
id - An ID of a platform or a group of platforms.
Throws:
GroupNotCompatibleException - If the group is not a compatible group.
SystemException - If the group is empty or is not a group of platforms.
PermissionException

checkCreateChildPermission

public void checkCreateChildPermission(AuthzSubject subject,
                                       AppdefEntityID id)
                                throws PermissionException
Check for create child object permission for a given resource Child Resources: Platforms -> servers Servers -> services Any other resource will throw an InvalidAppdefTypeException since no other resources have this parent->child relationship with respect to their permissions

Parameters:
subject -
id - - what
subject - - who
Throws:
PermissionException

getResourcePermissions

public AppdefResourcePermissions getResourcePermissions(AuthzSubject who,
                                                        AppdefEntityID eid)
                                                 throws javax.ejb.FinderException
Deprecated. Use the individual check*Permission methods instead.

Get the AppdefResourcePermissions for a given resource

Throws:
javax.ejb.FinderException

getRootResourceType

protected ResourceType getRootResourceType()
                                    throws javax.ejb.FinderException
Get the root resourceType object. Used to check permissions such as createPlatform which are associated with the root resourceType

Returns:
rootResTypeValue - the root resource type
Throws:
javax.ejb.FinderException

getOperationByName

protected Operation getOperationByName(ResourceType rtV,
                                       java.lang.String opName)
                                throws PermissionException
Find an operation by name inside a ResourcetypeValue object

Throws:
PermissionException

getPlatformResourceType

protected ResourceType getPlatformResourceType()
                                        throws javax.ejb.FinderException
Get the platform resource type

Returns:
platformResType
Throws:
javax.ejb.FinderException

getApplicationResourceType

protected ResourceType getApplicationResourceType()
                                           throws javax.ejb.FinderException
Get the application resource type

Returns:
applicationResType
Throws:
javax.ejb.FinderException

getServerResourceType

protected ResourceType getServerResourceType()
                                      throws javax.ejb.FinderException
Get the Server Resource Type

Returns:
ResourceTypeValye
Throws:
javax.ejb.FinderException

getServiceResourceType

protected ResourceType getServiceResourceType()
                                       throws javax.ejb.FinderException
Get the Service Resource Type

Returns:
ResourceTypeValye
Throws:
javax.ejb.FinderException

getGroupResourceType

public ResourceType getGroupResourceType()
                                  throws javax.ejb.FinderException
Get the Authz Resource Type for a Group

Returns:
ResourceTypeValue
Throws:
javax.ejb.FinderException

getPlatformPrototypeResourceType

protected ResourceType getPlatformPrototypeResourceType()
                                                 throws javax.ejb.FinderException
Throws:
javax.ejb.FinderException

getServerPrototypeResourceType

protected ResourceType getServerPrototypeResourceType()
                                               throws javax.ejb.FinderException
Throws:
javax.ejb.FinderException

getServicePrototypeResourceType

protected ResourceType getServicePrototypeResourceType()
                                                throws javax.ejb.FinderException
Throws:
javax.ejb.FinderException

getApplicationPrototypeResourceType

protected ResourceType getApplicationPrototypeResourceType()
                                                    throws javax.ejb.FinderException
Throws:
javax.ejb.FinderException

getViewableServices

protected java.util.List getViewableServices(AuthzSubject whoami)
                                      throws javax.ejb.FinderException,
                                             PermissionException
Get the scope of viewable services for a given user

Parameters:
whoami - - the user
Returns:
List of ServicePK's for which subject has AuthzConstants.serviceOpViewService
Throws:
javax.ejb.FinderException
PermissionException

getViewableServiceInventory

protected java.util.List getViewableServiceInventory(AuthzSubject whoami)
                                              throws javax.ejb.FinderException,
                                                     PermissionException
Returns:
List of AppdefEntityIDs that represent the total set of service inventory that the subject is authorized to see. This includes all services as well as all clusters
Throws:
javax.ejb.FinderException
PermissionException

getViewableApplications

protected java.util.List getViewableApplications(AuthzSubject whoami)
                                          throws javax.ejb.FinderException,
                                                 PermissionException
Get the scope of viewable apps for a given user

Parameters:
whoami -
Returns:
list of ApplicationPKs for which the subject has AuthzConstants.applicationOpViewApplication
Throws:
javax.ejb.FinderException
PermissionException

getViewableServers

protected java.util.List getViewableServers(AuthzSubject whoami)
                                     throws javax.ejb.FinderException,
                                            PermissionException
Get the scope of viewable servers for a given user

Parameters:
whoami - - the user
Returns:
List of ServerPK's for which subject has AuthzConstants.serverOpViewServer
Throws:
javax.ejb.FinderException
PermissionException

filterViewableServers

protected java.util.List filterViewableServers(java.util.Collection servers,
                                               AuthzSubject who)
Filter a list of Servers by their viewability by the subject


getViewablePlatforms

protected java.util.Collection getViewablePlatforms(AuthzSubject whoami,
                                                    PageControl pc)
                                             throws javax.ejb.FinderException,
                                                    PermissionException,
                                                    javax.naming.NamingException
Get the scope of viewable platforms for a given user

Parameters:
whoami - - the user
Returns:
List of PlatformLocals for which subject has AuthzConstants.platformOpViewPlatform XXX scottmf, this needs to be completely rewritten. It should not query all the platforms and mash that list together with the viewable resources. This will potentially bloat the session with useless pojos, not to mention the poor performance implications. Instead it should get the viewable resources then select those platform where id in (:pids) OR look them up from cache.
Throws:
javax.ejb.FinderException
PermissionException
javax.naming.NamingException

getViewablePlatformPKs

protected java.util.List getViewablePlatformPKs(AuthzSubject who)
                                         throws javax.ejb.FinderException,
                                                PermissionException
Throws:
javax.ejb.FinderException
PermissionException

getViewableGroups

protected java.util.List getViewableGroups(AuthzSubject whoami)
                                    throws javax.ejb.FinderException,
                                           AppdefGroupNotFoundException,
                                           PermissionException
Get the scope of viewable groups for a given user

Parameters:
whoami - - the user
Returns:
List of AppdefGroup value objects for which subject has AuthzConstants.groupOpViewResourceGroup
Throws:
javax.ejb.FinderException
AppdefGroupNotFoundException
PermissionException

deleteCustomProperties

protected void deleteCustomProperties(AppdefEntityID aeid)

setSessionContext

public void setSessionContext(javax.ejb.SessionContext ctx)

getSessionContext

public javax.ejb.SessionContext getSessionContext()

rollback

protected void rollback()

getOverlord

protected AuthzSubject getOverlord()
Get the overlord. This method should be used by any bizapp session bean which wants to call an authz bound method while bypassing the check.


getInitialContext

protected javax.naming.InitialContext getInitialContext()

getServiceCluster

protected ServiceCluster getServiceCluster(ResourceGroup group)
Map a ResourceGroup to ServiceCluster, just temporary, should be able to remove when done with the ServiceCluster to ResourceGroup Migration


changeOwner

public void changeOwner(AuthzSubject who,
                        AppdefResource res,
                        AuthzSubject newOwner)
                 throws PermissionException,
                        ServerNotFoundException
Change appdef entity owner

Throws:
PermissionException
ServerNotFoundException

Hyperic HQ Plugin API v. 4.4.0.2

Copyright © 2004-2006 Hyperic, Inc. support@hyperic.net, All Rights Reserved.