org.rhq.enterprise.server.authz

Class RoleManagerBean

java.lang.Object

org.rhq.enterprise.server.authz.RoleManagerBean

All Implemented Interfaces:

RoleManagerLocal, RoleManagerRemote

public class RoleManagerBean
extends Object
implements RoleManagerLocal, RoleManagerRemote

This bean provides functionality to manipulate the security roles. That is, adding/modifying/deleting roles and their associated subjects and permissions is performed by this manager.

Author:

John Mazzitelli

Constructor Summary

Constructors

Constructor and Description
RoleManagerBean()

Method Summary

Methods

Modifier and Type	Method and Description
void	addBundleGroupsToRole(org.rhq.core.domain.auth.Subject subject, int roleId, int[] bundleGroupIds) Adds the given bundle groups to the given role.
void	addResourceGroupsToRole(org.rhq.core.domain.auth.Subject subject, int roleId, int[] groupIds) Adds the given resource groups to the given role.
void	addRolesToBundleGroup(org.rhq.core.domain.auth.Subject subject, int bundleGroupId, int[] roleIds)
void	addRolesToResourceGroup(org.rhq.core.domain.auth.Subject subject, int groupId, int[] roleIds)
void	addRolesToSubject(org.rhq.core.domain.auth.Subject subject, int subjectId, int[] roleIds) Assigns a set of roles to a subject which authorizes the subject to do anything the roles permit.
void	addRolesToSubject(org.rhq.core.domain.auth.Subject subject, int subjectId, int[] roleIds, boolean isLdap)
void	addSubjectsToRole(org.rhq.core.domain.auth.Subject subject, int roleId, int[] subjectIds) Assigns a set of subjects to a role which authorizes the subjects to do anything the role permits.
org.rhq.core.domain.authz.Role	createRole(org.rhq.core.domain.auth.Subject whoami, org.rhq.core.domain.authz.Role newRole) Persists the new role to the database.
void	deleteRoles(org.rhq.core.domain.auth.Subject subject, int[] doomedRoleIds) Removes a set of roles from the database.
org.rhq.core.domain.util.PageList<org.rhq.core.domain.authz.Role>	findAvailableRolesForSubject(org.rhq.core.domain.auth.Subject subject, Integer subjectId, Integer[] pendingRoleIds, org.rhq.core.domain.util.PageControl pc) This returns a list of roles that are available to be assigned to a given subject but not yet assigned to that subject.
org.rhq.core.domain.util.PageList<org.rhq.core.domain.authz.Role>	findRoles(org.rhq.core.domain.util.PageControl pc) Returns a list of all roles in the system.
org.rhq.core.domain.util.PageList<org.rhq.core.domain.authz.Role>	findRolesByCriteria(org.rhq.core.domain.auth.Subject subject, org.rhq.core.domain.criteria.RoleCriteria criteria)
org.rhq.core.domain.util.PageList<org.rhq.core.domain.authz.Role>	findRolesByIds(Integer[] roleIds, org.rhq.core.domain.util.PageControl pc) Given a set of role Ids, this returns a list of all the roles.
org.rhq.core.domain.util.PageList<org.rhq.core.domain.authz.Role>	findRolesBySubject(int subjectId, org.rhq.core.domain.util.PageControl pc) This returns a page list of all the roles that a subject is authorized to access.
org.rhq.core.domain.util.PageList<org.rhq.core.domain.authz.Role>	findSubjectAssignedRoles(org.rhq.core.domain.auth.Subject subject, int subjectId, org.rhq.core.domain.util.PageControl pc) Get all roles assigned for a certain subject
org.rhq.core.domain.util.PageList<org.rhq.core.domain.auth.Subject>	findSubjectsByRole(Integer roleId, org.rhq.core.domain.util.PageControl pc) Get all subjects that have been assigned the given role.
org.rhq.core.domain.util.PageList<org.rhq.core.domain.auth.Subject>	findSubjectsByRole(org.rhq.core.domain.auth.Subject subject, Integer roleId, org.rhq.core.domain.util.PageControl pc)
org.rhq.core.domain.util.PageList<org.rhq.core.domain.authz.Role>	findSubjectUnassignedRoles(org.rhq.core.domain.auth.Subject subject, int subjectId, org.rhq.core.domain.util.PageControl pc) Get all roles eligible to be assigned to the user.
Set<org.rhq.core.domain.authz.Permission>	getPermissions(Integer roleId) Given a role ID, this will return the complete set of authorized permissions for that role.
org.rhq.core.domain.authz.Role	getRole(org.rhq.core.domain.auth.Subject subject, int roleId) Returns the role with the given ID
org.rhq.core.domain.authz.Role	getRoleById(Integer roleId) Returns the role with the given ID
void	removeBundleGroupsFromRole(org.rhq.core.domain.auth.Subject subject, int roleId, int[] bundleGroupIds) Removes the given bundle groups from the given role.
void	removeResourceGroupsFromRole(org.rhq.core.domain.auth.Subject subject, int roleId, int[] groupIds) Removes the given resource groups from the given role.
void	removeRolesFromBundleGroup(org.rhq.core.domain.auth.Subject subject, int bundleGroupId, int[] roleIds) Remove the bundle group from the specified roles.
void	removeRolesFromResourceGroup(org.rhq.core.domain.auth.Subject subject, int groupId, int[] roleIds) Remove the resource group from the specified roles.
void	removeRolesFromSubject(org.rhq.core.domain.auth.Subject subject, int subjectId, int[] roleIds) Remove particular roles from a subject.
void	removeSubjectsFromRole(org.rhq.core.domain.auth.Subject subject, int roleId, int[] subjectIds) Dissociate particular subjects from a role.
void	setAssignedBundleGroups(org.rhq.core.domain.auth.Subject subject, int roleId, int[] bundleGroupIds) Set the specified bundle groups on the role, replacing the previous set of bundle groups.
void	setAssignedResourceGroups(org.rhq.core.domain.auth.Subject subject, int roleId, int[] groupIds) Set the specified resource groups on the role, replacing the previous set of resource groups.
void	setAssignedSubjectRoles(org.rhq.core.domain.auth.Subject subject, int subjectId, int[] roleIds) Sets the set of roles assigned to a subject.
void	setAssignedSubjects(org.rhq.core.domain.auth.Subject subject, int roleId, int[] subjectIds)
void	setPermissions(org.rhq.core.domain.auth.Subject subject, Integer roleId, Set<org.rhq.core.domain.authz.Permission> permissions) Sets the permissions for the specified role.
org.rhq.core.domain.authz.Role	updateRole(org.rhq.core.domain.auth.Subject whoami, org.rhq.core.domain.authz.Role role) Updates the given role including permissions.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

RoleManagerBean

public RoleManagerBean()

Method Detail

findRolesBySubject

public org.rhq.core.domain.util.PageList<org.rhq.core.domain.authz.Role> findRolesBySubject(int subjectId,
                                                                                   org.rhq.core.domain.util.PageControl pc)

Description copied from interface: RoleManagerLocal

This returns a page list of all the roles that a subject is authorized to access.

Specified by:

findRolesBySubject in interface RoleManagerLocal

Parameters:

subjectId - the id of the subject whose roles are to be returned

Returns:

page list of all subject's roles

See Also:

RoleManagerLocal.findRolesBySubject(int subjectId,PageControl pageControl)

findRoles

public org.rhq.core.domain.util.PageList<org.rhq.core.domain.authz.Role> findRoles(org.rhq.core.domain.util.PageControl pc)

Description copied from interface: RoleManagerLocal

Returns a list of all roles in the system.

Specified by:

findRoles in interface RoleManagerLocal

Returns:

list of all roles

See Also:

RoleManagerLocal.findRoles(PageControl)

createRole

public org.rhq.core.domain.authz.Role createRole(org.rhq.core.domain.auth.Subject whoami,
                                        org.rhq.core.domain.authz.Role newRole)

Description copied from interface: RoleManagerRemote

Persists the new role to the database.

Specified by:

createRole in interface RoleManagerRemote

Parameters:

whoami - The user attempting to create the role

newRole - The new role being created

Returns:

The persisted role with the primary key populated

See Also:

RoleManagerRemote.createRole(Subject, Role)

deleteRoles

public void deleteRoles(org.rhq.core.domain.auth.Subject subject,
               int[] doomedRoleIds)

Description copied from interface: RoleManagerRemote

Removes a set of roles from the database. The subjects assigned to the roles are no longer authorized with the deleted roles. Groups attached to the deleted roles are left alone.

Specified by:

deleteRoles in interface RoleManagerRemote

Parameters:

subject - The user attempting to delete the role

doomedRoleIds - The IDs of the roles to delete

See Also:

RoleManagerRemote.deleteRoles(Subject, int[])

addRolesToSubject

public void addRolesToSubject(org.rhq.core.domain.auth.Subject subject,
                     int subjectId,
                     int[] roleIds)

Description copied from interface: RoleManagerRemote

Assigns a set of roles to a subject which authorizes the subject to do anything the roles permit.

Specified by:

addRolesToSubject in interface RoleManagerRemote

Parameters:

subject - The logged in user's subject.

subjectId - the subject who is to be authorized with the given roles

roleIds - the roles to assign

See Also:

RoleManagerRemote.addRolesToSubject(Subject, int, int[])

addRolesToSubject

public void addRolesToSubject(org.rhq.core.domain.auth.Subject subject,
                     int subjectId,
                     int[] roleIds,
                     boolean isLdap)

See Also:

RoleManagerRemote.addRolesToSubject(Subject, int, int[])

addSubjectsToRole

public void addSubjectsToRole(org.rhq.core.domain.auth.Subject subject,
                     int roleId,
                     int[] subjectIds)

Description copied from interface: RoleManagerRemote

Assigns a set of subjects to a role which authorizes the subjects to do anything the role permits.

Specified by:

addSubjectsToRole in interface RoleManagerRemote

Parameters:

subject - the user attempting to assign the roles to the subject

roleId - the role who will authorized with the given subjects

subjectIds - the subjects to assign the role

See Also:

RoleManagerRemote.addSubjectsToRole(Subject, int, int[])

removeRolesFromSubject

public void removeRolesFromSubject(org.rhq.core.domain.auth.Subject subject,
                          int subjectId,
                          int[] roleIds)

Description copied from interface: RoleManagerRemote

Remove particular roles from a subject. Once complete, the subject will no longer be authorized with the given roles.

Specified by:

removeRolesFromSubject in interface RoleManagerRemote

Parameters:

subject - The logged in user's subject.

subjectId - the user that is to have the roles unassigned from it

roleIds - list of role IDs that are to be removed from user

See Also:

RoleManagerRemote.removeRolesFromSubject(Subject, int, int[])

setAssignedSubjectRoles

public void setAssignedSubjectRoles(org.rhq.core.domain.auth.Subject subject,
                           int subjectId,
                           int[] roleIds)

Description copied from interface: RoleManagerRemote

Sets the set of roles assigned to a subject. Requires SECURITY_ADMIN

Specified by:

setAssignedSubjectRoles in interface RoleManagerRemote

getRoleById

public org.rhq.core.domain.authz.Role getRoleById(Integer roleId)

Description copied from interface: RoleManagerLocal

Returns the role with the given ID

Specified by:

getRoleById in interface RoleManagerLocal

Returns:

the role or null if it wasn't found

See Also:

RoleManagerLocal.getRoleById(Integer)

setPermissions

public void setPermissions(org.rhq.core.domain.auth.Subject subject,
                  Integer roleId,
                  Set<org.rhq.core.domain.authz.Permission> permissions)

Description copied from interface: RoleManagerLocal

Sets the permissions for the specified role. Any currently existing role permissions are overwritten - that is, permissions will be the complete set of permissions the role will now be authorized with.

Specified by:

setPermissions in interface RoleManagerLocal

Parameters:

subject - the user attempting to peform the set

roleId - the ID of the role to modify

permissions - a set of permissions to give to the role

See Also:

RoleManagerLocal.setPermissions(Subject, Integer, Set)

getPermissions

public Set<org.rhq.core.domain.authz.Permission> getPermissions(Integer roleId)

Description copied from interface: RoleManagerLocal

Given a role ID, this will return the complete set of authorized permissions for that role.

Specified by:

getPermissions in interface RoleManagerLocal

Returns:

set of permissions that the given role explicitly authorize

See Also:

RoleManagerLocal.getPermissions(Integer)

updateRole

public org.rhq.core.domain.authz.Role updateRole(org.rhq.core.domain.auth.Subject whoami,
                                        org.rhq.core.domain.authz.Role role)

Description copied from interface: RoleManagerRemote

Updates the given role including permissions. To update subjects, resource groups, ldap groups or bundle groups pass a non-null value.

Specified by:

updateRole in interface RoleManagerRemote

Parameters:

whoami - The user updating the role

role - The role being updated

Returns:

The updated role

See Also:

RoleManagerRemote.updateRole(Subject, Role)

findSubjectsByRole

public org.rhq.core.domain.util.PageList<org.rhq.core.domain.auth.Subject> findSubjectsByRole(org.rhq.core.domain.auth.Subject subject,
                                                                                     Integer roleId,
                                                                                     org.rhq.core.domain.util.PageControl pc)

See Also:

RoleManagerLocal.findSubjectsByRole(Integer roleId,PageControl pageControl)

findSubjectsByRole

public org.rhq.core.domain.util.PageList<org.rhq.core.domain.auth.Subject> findSubjectsByRole(Integer roleId,
                                                                                     org.rhq.core.domain.util.PageControl pc)

Description copied from interface: RoleManagerLocal

Get all subjects that have been assigned the given role.

Specified by:

findSubjectsByRole in interface RoleManagerLocal

Returns:

list of all subjects assigned the role

See Also:

RoleManagerLocal.findSubjectsByRole(Integer,PageControl)

findRolesByIds

public org.rhq.core.domain.util.PageList<org.rhq.core.domain.authz.Role> findRolesByIds(Integer[] roleIds,
                                                                               org.rhq.core.domain.util.PageControl pc)

Description copied from interface: RoleManagerLocal

Given a set of role Ids, this returns a list of all the roles.

Specified by:

findRolesByIds in interface RoleManagerLocal

Returns:

all the roles with the given ID

See Also:

RoleManagerLocal.findRolesByIds(Integer[],PageControl)

findAvailableRolesForSubject

public org.rhq.core.domain.util.PageList<org.rhq.core.domain.authz.Role> findAvailableRolesForSubject(org.rhq.core.domain.auth.Subject subject,
                                                                                             Integer subjectId,
                                                                                             Integer[] pendingRoleIds,
                                                                                             org.rhq.core.domain.util.PageControl pc)

Description copied from interface: RoleManagerLocal

This returns a list of roles that are available to be assigned to a given subject but not yet assigned to that subject. This excludes roles already assigned to the subject. The returned list will not include the roles identified by pendingRoleIds since it is assumed the pending roles will be assigned to the user.

Specified by:

findAvailableRolesForSubject in interface RoleManagerLocal

Parameters:

subject - user attempting to make this call

subjectId - the subject whose list of available roles are to be returned

pendingRoleIds - the list of roles that are planned to be given to the subject

Returns:

the list of roles that can be assigned to the given user, not including the pending roles

findSubjectUnassignedRoles

public org.rhq.core.domain.util.PageList<org.rhq.core.domain.authz.Role> findSubjectUnassignedRoles(org.rhq.core.domain.auth.Subject subject,
                                                                                           int subjectId,
                                                                                           org.rhq.core.domain.util.PageControl pc)

Description copied from interface: RoleManagerRemote

Get all roles eligible to be assigned to the user.

Specified by:

findSubjectUnassignedRoles in interface RoleManagerRemote

Returns:

not null

addBundleGroupsToRole

public void addBundleGroupsToRole(org.rhq.core.domain.auth.Subject subject,
                         int roleId,
                         int[] bundleGroupIds)

Description copied from interface: RoleManagerRemote

Adds the given bundle groups to the given role.

Specified by:

addBundleGroupsToRole in interface RoleManagerRemote

Parameters:

subject - The logged in user's subject.

addResourceGroupsToRole

public void addResourceGroupsToRole(org.rhq.core.domain.auth.Subject subject,
                           int roleId,
                           int[] groupIds)

Description copied from interface: RoleManagerRemote

Adds the given resource groups to the given role.

Specified by:

addResourceGroupsToRole in interface RoleManagerRemote

Parameters:

subject - The logged in user's subject.

See Also:

RoleManagerRemote.addResourceGroupsToRole(Subject, int, int[])

removeBundleGroupsFromRole

public void removeBundleGroupsFromRole(org.rhq.core.domain.auth.Subject subject,
                              int roleId,
                              int[] bundleGroupIds)

Description copied from interface: RoleManagerRemote

Removes the given bundle groups from the given role.

Specified by:

removeBundleGroupsFromRole in interface RoleManagerRemote

Parameters:

subject - user attempting to remove the groups from the role

removeResourceGroupsFromRole

public void removeResourceGroupsFromRole(org.rhq.core.domain.auth.Subject subject,
                                int roleId,
                                int[] groupIds)

Description copied from interface: RoleManagerRemote

Removes the given resource groups from the given role.

Specified by:

removeResourceGroupsFromRole in interface RoleManagerRemote

Parameters:

subject - user attempting to remove the groups from the role

See Also:

RoleManagerRemote.removeResourceGroupsFromRole(Subject, int, int[])

setAssignedBundleGroups

public void setAssignedBundleGroups(org.rhq.core.domain.auth.Subject subject,
                           int roleId,
                           int[] bundleGroupIds)

Description copied from interface: RoleManagerRemote

Set the specified bundle groups on the role, replacing the previous set of bundle groups.

Specified by:

setAssignedBundleGroups in interface RoleManagerRemote

setAssignedResourceGroups

public void setAssignedResourceGroups(org.rhq.core.domain.auth.Subject subject,
                             int roleId,
                             int[] groupIds)

Description copied from interface: RoleManagerRemote

Set the specified resource groups on the role, replacing the previous set of resource groups.

Specified by:

setAssignedResourceGroups in interface RoleManagerRemote

findSubjectAssignedRoles

public org.rhq.core.domain.util.PageList<org.rhq.core.domain.authz.Role> findSubjectAssignedRoles(org.rhq.core.domain.auth.Subject subject,
                                                                                         int subjectId,
                                                                                         org.rhq.core.domain.util.PageControl pc)

Description copied from interface: RoleManagerRemote

Get all roles assigned for a certain subject

Specified by:

findSubjectAssignedRoles in interface RoleManagerRemote

Parameters:

subject - The logged in user's subject

subjectId - The subject ID to find the associated roles for

pc - PageControl

Returns:

A page list of assigned

removeSubjectsFromRole

public void removeSubjectsFromRole(org.rhq.core.domain.auth.Subject subject,
                          int roleId,
                          int[] subjectIds)

Description copied from interface: RoleManagerRemote

Dissociate particular subjects from a role.

Specified by:

removeSubjectsFromRole in interface RoleManagerRemote

Parameters:

subject - The logged in user's subject.

roleId - The role ID to dissociate the roles from

subjectIds - The IDs of the subjects to remove from the specified Role

setAssignedSubjects

public void setAssignedSubjects(org.rhq.core.domain.auth.Subject subject,
                       int roleId,
                       int[] subjectIds)

Specified by:

setAssignedSubjects in interface RoleManagerLocal

removeRolesFromBundleGroup

public void removeRolesFromBundleGroup(org.rhq.core.domain.auth.Subject subject,
                              int bundleGroupId,
                              int[] roleIds)

Description copied from interface: RoleManagerRemote

Remove the bundle group from the specified roles.

Specified by:

removeRolesFromBundleGroup in interface RoleManagerRemote

removeRolesFromResourceGroup

public void removeRolesFromResourceGroup(org.rhq.core.domain.auth.Subject subject,
                                int groupId,
                                int[] roleIds)

Description copied from interface: RoleManagerRemote

Remove the resource group from the specified roles.

Specified by:

removeRolesFromResourceGroup in interface RoleManagerRemote

getRole

public org.rhq.core.domain.authz.Role getRole(org.rhq.core.domain.auth.Subject subject,
                                     int roleId)

Description copied from interface: RoleManagerRemote

Returns the role with the given ID

Specified by:

getRole in interface RoleManagerRemote

Returns:

the role or null if it wasn't found

addRolesToBundleGroup

public void addRolesToBundleGroup(org.rhq.core.domain.auth.Subject subject,
                         int bundleGroupId,
                         int[] roleIds)

Specified by:

addRolesToBundleGroup in interface RoleManagerRemote

addRolesToResourceGroup

public void addRolesToResourceGroup(org.rhq.core.domain.auth.Subject subject,
                           int groupId,
                           int[] roleIds)

Specified by:

addRolesToResourceGroup in interface RoleManagerRemote

findRolesByCriteria

public org.rhq.core.domain.util.PageList<org.rhq.core.domain.authz.Role> findRolesByCriteria(org.rhq.core.domain.auth.Subject subject,
                                                                                    org.rhq.core.domain.criteria.RoleCriteria criteria)

Specified by:

findRolesByCriteria in interface RoleManagerRemote

Returns:

not null