Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.rhq.enterprise.server.authz
Class RoleManagerBean

java.lang.Object
  extended by org.rhq.enterprise.server.authz.RoleManagerBean
All Implemented Interfaces:
RoleManagerLocal, RoleManagerRemote
public class RoleManagerBean
extends Object
implements RoleManagerLocal, RoleManagerRemote

This bean provides functionality to manipulate the security roles. That is, adding/modifying/deleting roles and their associated subjects and permissions is performed by this manager.

Author:
John Mazzitelli

Constructor Summary
RoleManagerBean()
           
 
Method Summary
 void addResourceGroupsToRole(org.rhq.core.domain.auth.Subject subject, int roleId, int[] groupIds)
          Adds the given resource groups to the given role.
 void addRolesToResourceGroup(org.rhq.core.domain.auth.Subject subject, int groupId, int[] roleIds)
           
 void addRolesToSubject(org.rhq.core.domain.auth.Subject subject, int subjectId, int[] roleIds)
          Assigns a set of roles to a subject which authorizes the subject to do anything the roles permit.
 void addRolesToSubject(org.rhq.core.domain.auth.Subject subject, int subjectId, int[] roleIds, boolean isLdap)
           
 void addSubjectsToRole(org.rhq.core.domain.auth.Subject subject, int roleId, int[] subjectIds)
          Assigns a set of subjects to a role which authorizes the subjects to do anything the role permits.
 org.rhq.core.domain.authz.Role createRole(org.rhq.core.domain.auth.Subject whoami, org.rhq.core.domain.authz.Role newRole)
          Persists the new role to the database.
 void deleteRoles(org.rhq.core.domain.auth.Subject subject, int[] doomedRoleIds)
          Removes a set of roles from the database.
 org.rhq.core.domain.util.PageList<org.rhq.core.domain.authz.Role> findAvailableRolesForSubject(org.rhq.core.domain.auth.Subject subject, Integer subjectId, Integer[] pendingRoleIds, org.rhq.core.domain.util.PageControl pc)
          This returns a list of roles that are available to be assigned to a given subject but not yet assigned to that subject.
 org.rhq.core.domain.util.PageList<org.rhq.core.domain.authz.Role> findRoles(org.rhq.core.domain.util.PageControl pc)
          Returns a list of all roles in the system.
 org.rhq.core.domain.util.PageList<org.rhq.core.domain.authz.Role> findRolesByCriteria(org.rhq.core.domain.auth.Subject subject, org.rhq.core.domain.criteria.RoleCriteria criteria)
           
 org.rhq.core.domain.util.PageList<org.rhq.core.domain.authz.Role> findRolesByIds(Integer[] roleIds, org.rhq.core.domain.util.PageControl pc)
          Given a set of role Ids, this returns a list of all the roles.
 org.rhq.core.domain.util.PageList<org.rhq.core.domain.authz.Role> findRolesBySubject(int subjectId, org.rhq.core.domain.util.PageControl pc)
          This returns a page list of all the roles that a subject is authorized to access.
 org.rhq.core.domain.util.PageList<org.rhq.core.domain.authz.Role> findSubjectAssignedRoles(org.rhq.core.domain.auth.Subject subject, int subjectId, org.rhq.core.domain.util.PageControl pc)
          Get all roles assigned for a certain subject
 org.rhq.core.domain.util.PageList<org.rhq.core.domain.auth.Subject> findSubjectsByRole(Integer roleId, org.rhq.core.domain.util.PageControl pc)
          Get all subjects that have been assigned the given role.
 org.rhq.core.domain.util.PageList<org.rhq.core.domain.auth.Subject> findSubjectsByRole(org.rhq.core.domain.auth.Subject subject, Integer roleId, org.rhq.core.domain.util.PageControl pc)
           
 org.rhq.core.domain.util.PageList<org.rhq.core.domain.authz.Role> findSubjectUnassignedRoles(org.rhq.core.domain.auth.Subject subject, int subjectId, org.rhq.core.domain.util.PageControl pc)
           
 Set<org.rhq.core.domain.authz.Permission> getPermissions(Integer roleId)
          Given a role ID, this will return the complete set of authorized permissions for that role.
 org.rhq.core.domain.authz.Role getRole(org.rhq.core.domain.auth.Subject subject, int roleId)
          Returns the role with the given ID
 org.rhq.core.domain.authz.Role getRoleById(Integer roleId)
          Returns the role with the given ID
 void removeResourceGroupsFromRole(org.rhq.core.domain.auth.Subject subject, int roleId, int[] groupIds)
          Removes the given resource groups from the given role.
 void removeRolesFromResourceGroup(org.rhq.core.domain.auth.Subject subject, int groupId, int[] roleIds)
           
 void removeRolesFromSubject(org.rhq.core.domain.auth.Subject subject, int subjectId, int[] roleIds)
          Disassociates particular roles from a subject.
 void removeSubjectsFromRole(org.rhq.core.domain.auth.Subject subject, int roleId, int[] subjectIds)
          Dissociate particular subjects from a role.
 void setAssignedResourceGroups(org.rhq.core.domain.auth.Subject subject, int roleId, int[] groupIds)
           
 void setAssignedSubjectRoles(org.rhq.core.domain.auth.Subject subject, int subjectId, int[] roleIds)
          Sets the set of roles assigned to a subject.
 void setAssignedSubjects(org.rhq.core.domain.auth.Subject subject, int roleId, int[] subjectIds)
           
 void setPermissions(org.rhq.core.domain.auth.Subject subject, Integer roleId, Set<org.rhq.core.domain.authz.Permission> permissions)
          Sets the permissions for the specified role.
 org.rhq.core.domain.authz.Role updateRole(org.rhq.core.domain.auth.Subject whoami, org.rhq.core.domain.authz.Role role)
          Updates the given role, excluding the subjects and groups.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

RoleManagerBean

public RoleManagerBean()
Method Detail

findRolesBySubject

public org.rhq.core.domain.util.PageList<org.rhq.core.domain.authz.Role> findRolesBySubject(int subjectId,
                                                                                            org.rhq.core.domain.util.PageControl pc)
Description copied from interface: RoleManagerLocal
This returns a page list of all the roles that a subject is authorized to access.

Specified by:
findRolesBySubject in interface RoleManagerLocal
Parameters:
subjectId - the id of the subject whose roles are to be returned
Returns:
page list of all subject's roles
See Also:
RoleManagerLocal.findRolesBySubject(int subjectId,PageControl pageControl)

findRoles

public org.rhq.core.domain.util.PageList<org.rhq.core.domain.authz.Role> findRoles(org.rhq.core.domain.util.PageControl pc)
Description copied from interface: RoleManagerLocal
Returns a list of all roles in the system.

Specified by:
findRoles in interface RoleManagerLocal
Returns:
list of all roles
See Also:
RoleManagerLocal.findRoles(PageControl)

createRole

public org.rhq.core.domain.authz.Role createRole(org.rhq.core.domain.auth.Subject whoami,
                                                 org.rhq.core.domain.authz.Role newRole)
Description copied from interface: RoleManagerLocal
Persists the new role to the database. The subjects assigned to the role are ignored - this only creates the role entity with 0 subjects initially assigned to it.

Specified by:
createRole in interface RoleManagerLocal
Specified by:
createRole in interface RoleManagerRemote
Parameters:
whoami - the user attempting to create the role
newRole - the new role to persist
Returns:
the persisted role with the primary key populated
See Also:
RoleManagerLocal.createRole(Subject, Role)

deleteRoles

public void deleteRoles(org.rhq.core.domain.auth.Subject subject,
                        int[] doomedRoleIds)
Description copied from interface: RoleManagerLocal
Removes a set of roles from the database. The subjects assigned to the roles are no longer authorized with the deleted roles. Groups attached to the deleted roles are left alone.

Specified by:
deleteRoles in interface RoleManagerLocal
Specified by:
deleteRoles in interface RoleManagerRemote
Parameters:
subject - the user attempting to delete the role
doomedRoleIds - the IDs of the roles to delete
See Also:
RoleManagerLocal.deleteRoles(Subject, int[])

addRolesToSubject

public void addRolesToSubject(org.rhq.core.domain.auth.Subject subject,
                              int subjectId,
                              int[] roleIds)
Description copied from interface: RoleManagerLocal
Assigns a set of roles to a subject which authorizes the subject to do anything the roles permit.

Specified by:
addRolesToSubject in interface RoleManagerLocal
Specified by:
addRolesToSubject in interface RoleManagerRemote
Parameters:
subject - the user attempting to assign the roles to the subject
subjectId - the subject who is to be authorized with the given roles
roleIds - the roles to assign
See Also:
RoleManagerLocal.addRolesToSubject(Subject, int, int[])

addRolesToSubject

public void addRolesToSubject(org.rhq.core.domain.auth.Subject subject,
                              int subjectId,
                              int[] roleIds,
                              boolean isLdap)
See Also:
RoleManagerLocal.addRolesToSubject(Subject, int, int[])

addSubjectsToRole

public void addSubjectsToRole(org.rhq.core.domain.auth.Subject subject,
                              int roleId,
                              int[] subjectIds)
Description copied from interface: RoleManagerRemote
Assigns a set of subjects to a role which authorizes the subjects to do anything the role permits.

Specified by:
addSubjectsToRole in interface RoleManagerLocal
Specified by:
addSubjectsToRole in interface RoleManagerRemote
Parameters:
subject - the user attempting to assign the roles to the subject
roleId - the role who will authorized with the given subjects
subjectIds - the subjects to assign the role
See Also:
RoleManagerLocal.addSubjectsToRole(Subject, int, int[])

removeRolesFromSubject

public void removeRolesFromSubject(org.rhq.core.domain.auth.Subject subject,
                                   int subjectId,
                                   int[] roleIds)
Description copied from interface: RoleManagerLocal
Disassociates particular roles from a subject. Once complete, the subject will no longer be authorized with the given roles.

Specified by:
removeRolesFromSubject in interface RoleManagerLocal
Specified by:
removeRolesFromSubject in interface RoleManagerRemote
Parameters:
subject - the user that is attempting to perform the remove
subjectId - the user that is to have the roles unassigned from it
roleIds - list of role IDs that are to be removed from user
See Also:
RoleManagerLocal.removeRolesFromSubject(Subject, int, int[])

setAssignedSubjectRoles

public void setAssignedSubjectRoles(org.rhq.core.domain.auth.Subject subject,
                                    int subjectId,
                                    int[] roleIds)
Description copied from interface: RoleManagerRemote
Sets the set of roles assigned to a subject. Requires SECURITY_ADMIN

Specified by:
setAssignedSubjectRoles in interface RoleManagerLocal
Specified by:
setAssignedSubjectRoles in interface RoleManagerRemote

getRoleById

public org.rhq.core.domain.authz.Role getRoleById(Integer roleId)
Description copied from interface: RoleManagerLocal
Returns the role with the given ID

Specified by:
getRoleById in interface RoleManagerLocal
Returns:
the role or null if it wasn't found
See Also:
RoleManagerLocal.getRoleById(Integer)

setPermissions

public void setPermissions(org.rhq.core.domain.auth.Subject subject,
                           Integer roleId,
                           Set<org.rhq.core.domain.authz.Permission> permissions)
Description copied from interface: RoleManagerLocal
Sets the permissions for the specified role. Any currently existing role permissions are overwritten - that is, permissions will be the complete set of permissions the role will now be authorized with.

Specified by:
setPermissions in interface RoleManagerLocal
Parameters:
subject - the user attempting to peform the set
roleId - the ID of the role to modify
permissions - a set of permissions to give to the role
See Also:
RoleManagerLocal.setPermissions(Subject, Integer, Set)

getPermissions

public Set<org.rhq.core.domain.authz.Permission> getPermissions(Integer roleId)
Description copied from interface: RoleManagerLocal
Given a role ID, this will return the complete set of authorized permissions for that role.

Specified by:
getPermissions in interface RoleManagerLocal
Returns:
set of permissions that the given role explicitly authorize
See Also:
RoleManagerLocal.getPermissions(Integer)

updateRole

public org.rhq.core.domain.authz.Role updateRole(org.rhq.core.domain.auth.Subject whoami,
                                                 org.rhq.core.domain.authz.Role role)
Description copied from interface: RoleManagerLocal
Updates the given role, excluding the subjects and groups. This updates permissions, name, description, etc.

Specified by:
updateRole in interface RoleManagerLocal
Specified by:
updateRole in interface RoleManagerRemote
Parameters:
whoami - user asking to update the role
role - The role being updated
Returns:
the updated role
See Also:
RoleManagerLocal.updateRole(Subject, Role)

findSubjectsByRole

public org.rhq.core.domain.util.PageList<org.rhq.core.domain.auth.Subject> findSubjectsByRole(org.rhq.core.domain.auth.Subject subject,
                                                                                              Integer roleId,
                                                                                              org.rhq.core.domain.util.PageControl pc)
See Also:
RoleManagerLocal.findSubjectsByRole(Integer roleId,PageControl pageControl)

findSubjectsByRole

public org.rhq.core.domain.util.PageList<org.rhq.core.domain.auth.Subject> findSubjectsByRole(Integer roleId,
                                                                                              org.rhq.core.domain.util.PageControl pc)
Description copied from interface: RoleManagerLocal
Get all subjects that have been assigned the given role.

Specified by:
findSubjectsByRole in interface RoleManagerLocal
Returns:
list of all subjects assigned the role
See Also:
RoleManagerLocal.findSubjectsByRole(Integer,PageControl)

findRolesByIds

public org.rhq.core.domain.util.PageList<org.rhq.core.domain.authz.Role> findRolesByIds(Integer[] roleIds,
                                                                                        org.rhq.core.domain.util.PageControl pc)
Description copied from interface: RoleManagerLocal
Given a set of role Ids, this returns a list of all the roles.

Specified by:
findRolesByIds in interface RoleManagerLocal
Returns:
all the roles with the given ID
See Also:
RoleManagerLocal.findRolesByIds(Integer[],PageControl)

findAvailableRolesForSubject

public org.rhq.core.domain.util.PageList<org.rhq.core.domain.authz.Role> findAvailableRolesForSubject(org.rhq.core.domain.auth.Subject subject,
                                                                                                      Integer subjectId,
                                                                                                      Integer[] pendingRoleIds,
                                                                                                      org.rhq.core.domain.util.PageControl pc)
Description copied from interface: RoleManagerLocal
This returns a list of roles that are available to be assigned to a given subject but not yet assigned to that subject. This excludes roles already assigned to the subject. The returned list will not include the roles identified by pendingRoleIds since it is assumed the pending roles will be assigned to the user.

Specified by:
findAvailableRolesForSubject in interface RoleManagerLocal
Parameters:
subject - user attempting to make this call
subjectId - the subject whose list of available roles are to be returned
pendingRoleIds - the list of roles that are planned to be given to the subject
Returns:
the list of roles that can be assigned to the given user, not including the pending roles

findSubjectUnassignedRoles

public org.rhq.core.domain.util.PageList<org.rhq.core.domain.authz.Role> findSubjectUnassignedRoles(org.rhq.core.domain.auth.Subject subject,
                                                                                                    int subjectId,
                                                                                                    org.rhq.core.domain.util.PageControl pc)
Specified by:
findSubjectUnassignedRoles in interface RoleManagerLocal
Specified by:
findSubjectUnassignedRoles in interface RoleManagerRemote

addResourceGroupsToRole

public void addResourceGroupsToRole(org.rhq.core.domain.auth.Subject subject,
                                    int roleId,
                                    int[] groupIds)
Description copied from interface: RoleManagerLocal
Adds the given resource groups to the given role.

Specified by:
addResourceGroupsToRole in interface RoleManagerLocal
Specified by:
addResourceGroupsToRole in interface RoleManagerRemote
Parameters:
subject - user attempting to add the groups to the role
See Also:
RoleManagerLocal.addResourceGroupsToRole(Subject, int, int[])

removeResourceGroupsFromRole

public void removeResourceGroupsFromRole(org.rhq.core.domain.auth.Subject subject,
                                         int roleId,
                                         int[] groupIds)
Description copied from interface: RoleManagerLocal
Removes the given resource groups from the given role.

Specified by:
removeResourceGroupsFromRole in interface RoleManagerLocal
Specified by:
removeResourceGroupsFromRole in interface RoleManagerRemote
Parameters:
subject - user attempting to remove the groups from the role
See Also:
RoleManagerLocal.removeResourceGroupsFromRole(Subject, int, int[])

setAssignedResourceGroups

public void setAssignedResourceGroups(org.rhq.core.domain.auth.Subject subject,
                                      int roleId,
                                      int[] groupIds)
Specified by:
setAssignedResourceGroups in interface RoleManagerLocal
Specified by:
setAssignedResourceGroups in interface RoleManagerRemote

findSubjectAssignedRoles

public org.rhq.core.domain.util.PageList<org.rhq.core.domain.authz.Role> findSubjectAssignedRoles(org.rhq.core.domain.auth.Subject subject,
                                                                                                  int subjectId,
                                                                                                  org.rhq.core.domain.util.PageControl pc)
Description copied from interface: RoleManagerRemote
Get all roles assigned for a certain subject

Specified by:
findSubjectAssignedRoles in interface RoleManagerLocal
Specified by:
findSubjectAssignedRoles in interface RoleManagerRemote
Parameters:
subject - The logged in user's subject
subjectId - The subject ID to find the associated roles for
pc - PageControl
Returns:
A page list of assigned

removeSubjectsFromRole

public void removeSubjectsFromRole(org.rhq.core.domain.auth.Subject subject,
                                   int roleId,
                                   int[] subjectIds)
Description copied from interface: RoleManagerRemote
Dissociate particular subjects from a role.

Specified by:
removeSubjectsFromRole in interface RoleManagerLocal
Specified by:
removeSubjectsFromRole in interface RoleManagerRemote
Parameters:
subject - The logged in user's subject.
roleId - The role ID to dissociate the roles from
subjectIds - The IDs of the subjects to remove from the specified Role

setAssignedSubjects

public void setAssignedSubjects(org.rhq.core.domain.auth.Subject subject,
                                int roleId,
                                int[] subjectIds)
Specified by:
setAssignedSubjects in interface RoleManagerLocal

removeRolesFromResourceGroup

public void removeRolesFromResourceGroup(org.rhq.core.domain.auth.Subject subject,
                                         int groupId,
                                         int[] roleIds)
Specified by:
removeRolesFromResourceGroup in interface RoleManagerLocal
Specified by:
removeRolesFromResourceGroup in interface RoleManagerRemote

getRole

public org.rhq.core.domain.authz.Role getRole(org.rhq.core.domain.auth.Subject subject,
                                              int roleId)
Description copied from interface: RoleManagerRemote
Returns the role with the given ID

Specified by:
getRole in interface RoleManagerLocal
Specified by:
getRole in interface RoleManagerRemote
Returns:
the role or null if it wasn't found

addRolesToResourceGroup

public void addRolesToResourceGroup(org.rhq.core.domain.auth.Subject subject,
                                    int groupId,
                                    int[] roleIds)
Specified by:
addRolesToResourceGroup in interface RoleManagerLocal
Specified by:
addRolesToResourceGroup in interface RoleManagerRemote

findRolesByCriteria

public org.rhq.core.domain.util.PageList<org.rhq.core.domain.authz.Role> findRolesByCriteria(org.rhq.core.domain.auth.Subject subject,
                                                                                             org.rhq.core.domain.criteria.RoleCriteria criteria)
Specified by:
findRolesByCriteria in interface RoleManagerLocal
Specified by:
findRolesByCriteria in interface RoleManagerRemote
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2008-2012 Red Hat, Inc.. All Rights Reserved.