com.tivoli.pd.jadmin
Class PDAcl

java.lang.Object
  com.tivoli.pd.jutil.PDEnvironmentObject
      com.tivoli.pd.jadmin.PDAcl

All Implemented Interfaces:

java.io.Serializable, java.lang.Cloneable

public class PDAcl
extends com.tivoli.pd.jutil.PDEnvironmentObject
implements java.lang.Cloneable

Security Access Manager Access Control List (ACL) class.

An ACL is list of ACL entries. Each entry corresponds to a particular subject: user, group, any-other, or unauthenticated. Each entry also contains the permissions of that subject. Each ACL is uniquely identified by its ID. Each ACL also can have one or more attributes, each of which could have one or more string values. Modes: Local,Remote

See Also:

Serialized Form

Field Summary

static java.lang.String	PDACL_ALLPATTERN Constant used to match all names when listing acls.
static int	PDACL_MAXRETURN Constant used to return the maximum number possible when listing acls.

Constructor Summary

PDAcl(PDContext context, java.lang.String id, PDMessages messages)
Constructs a local object of an ACL that already exists in the policy server.

Method Summary

java.lang.Object	clone() Returns a copy of this object.
static void	createAcl(PDContext context, java.lang.String id, java.lang.String description, java.util.HashMap aclEntriesUser, java.util.HashMap aclEntriesGroup, PDAclEntryAnyOther aclEntryAnyOther, PDAclEntryUnAuth aclEntryUnAuth, PDAttrs attributes, PDMessages messages) Creates an ACL in the policy server.
static void	createAcl(PDContext context, java.lang.String id, java.lang.String description, java.util.HashMap aclEntriesUser, java.util.HashMap aclEntriesGroup, PDAclEntryAnyOther aclEntryAnyOther, PDAclEntryUnAuth aclEntryUnAuth, PDAttrs attributes, PDMessages messages) Deprecated. As of IBM Tivoli Access Manager for e-business v5.1, this method is replaced with the createAcl(PDContext,String,String,HashMap,HashMap,PDAclEntryAnyOther,PDAclEntryUnAuth,com.tivoli.pd.jutil.PDAttrs,PDMessages) method.
static void	deleteAcl(PDContext context, java.lang.String id, PDMessages messages) Deletes the specified ACL from the policy server.
void	deleteAttribute(PDContext context, java.lang.String attributeName, PDMessages messages) Deletes an extended attribute from this object and also in the policy server.
static void	deleteAttribute(PDContext context, java.lang.String id, java.lang.String attributeName, PDMessages messages) Deletes the extended attribute for the specified ACL in the policy server.
void	deleteAttributeValue(PDContext context, java.lang.String attributeName, java.lang.String attributeValue, PDMessages messages) Deletes a value for an extended attribute from the local ACL object and also in the policy server.
static void	deleteAttributeValue(PDContext context, java.lang.String id, java.lang.String attributeName, java.lang.String attributeValue, PDMessages messages) Deletes a value for an extended attribute for the specified ACL in the policy server.
boolean	equals(java.lang.Object obj) Determines whether this PDAcl is equivalent to the input object.
java.util.ArrayList	getAttributeNames() Gets the names of the extended attributes from this object.
java.util.ArrayList	getAttributeValues(java.lang.String attributeName) Gets the values of an extended attribute from this object.
java.lang.String	getDescription() Gets the ACL description from this object.
java.lang.String	getId() Gets the ACL name from this object.
java.util.HashMap	getPDAclEntriesGroup() Gets a HashMap of group ACL entries from this object.
java.util.HashMap	getPDAclEntriesUser() Gets a HashMap of user ACL entries from this object.
PDAclEntryAnyOther	getPDAclEntryAnyOther() Gets the any-other ACL entry from this object.
PDAclEntryUnAuth	getPDAclEntryUnAuth() Gets the permission for the unauthenticated ACL entry from this object.
static java.util.ArrayList	listAcls(PDContext context, PDMessages messages) Returns a list of IDs of all ACLs existing in the policy server.
static java.util.ArrayList	listAcls(PDContext context, java.lang.String pattern, long maxReturn, PDMessages messages) Returns a list of IDs of all ACLs existing in the policy server.
void	removePDAclEntryAnyOther(PDContext context, PDMessages messages) Removes the any-other ACL entry from this object and also in the policy server.
static void	removePDAclEntryAnyOther(PDContext context, java.lang.String id, PDMessages messages) Removes the any-other ACL entry from the specified ACL in the policy server.
void	removePDAclEntryGroup(PDContext context, java.lang.String groupId, PDMessages messages) Removes a group ACL entry from this object and also in the policy server.
static void	removePDAclEntryGroup(PDContext context, java.lang.String id, java.lang.String groupId, PDMessages messages) Removes a group ACL entry from the specified ACL in the policy server.
void	removePDAclEntryUnAuth(PDContext context, PDMessages messages) Removes the unauthenticated ACL entry from ACL object and also in the policy server.
static void	removePDAclEntryUnAuth(PDContext context, java.lang.String id, PDMessages messages) Removes the unauthenticated ACL entry from the specified ACL in the policy server.
void	removePDAclEntryUser(PDContext context, java.lang.String userId, PDMessages messages) Removes a user ACL entry from this object and also in the policy server.
static void	removePDAclEntryUser(PDContext context, java.lang.String id, java.lang.String userId, PDMessages messages) Removes a user ACL entry from the specified ACL in the policy server.
void	setAttributeValue(PDContext context, java.lang.String attributeName, java.lang.String attributeValue, PDMessages messages) Sets the value of an extended attribute in this object and also in the policy server.
static void	setAttributeValue(PDContext context, java.lang.String id, java.lang.String attributeName, java.lang.String attributeValue, PDMessages messages) Sets the value of an extended attribute for the specified ACL in the policy server.
void	setDescription(PDContext context, java.lang.String newDescription, PDMessages messages) Sets the descriptive string for this ACL object and also in the policy server.
static void	setDescription(PDContext context, java.lang.String id, java.lang.String newDescription, PDMessages messages) Sets the descriptive string for the specified ACL in the policy server.
void	setPDAclEntryAnyOther(PDContext context, PDAclEntryAnyOther aclEntryAnyOther, PDMessages messages) Sets the any-other ACL entry in this object and also in the policy server.
static void	setPDAclEntryAnyOther(PDContext context, java.lang.String id, PDAclEntryAnyOther aclEntryAnyOther, PDMessages messages) Sets the any-other ACL entry in the specified ACL in the policy server.
void	setPDAclEntryGroup(PDContext context, PDAclEntryGroup aclEntryGroup, PDMessages messages) Sets the ACL entry for a group in this object and also in the policy server.
static void	setPDAclEntryGroup(PDContext context, java.lang.String id, PDAclEntryGroup aclEntryGroup, PDMessages messages) Sets the ACL entry for a group in the specified ACL in the policy server.
void	setPDAclEntryUnAuth(PDContext context, PDAclEntryUnAuth aclEntryUnAuth, PDMessages messages) Sets the unauthenticated ACL entry in this object and also in the policy server.
static void	setPDAclEntryUnAuth(PDContext context, java.lang.String id, PDAclEntryUnAuth aclEntryUnAuth, PDMessages messages) Sets the unauthenticated ACL entry in the specified ACL in the policy server.
void	setPDAclEntryUser(PDContext context, PDAclEntryUser aclEntryUser, PDMessages messages) Sets the ACL entry for a user in this object and also in the policy server.
static void	setPDAclEntryUser(PDContext context, java.lang.String id, PDAclEntryUser aclEntryUser, PDMessages messages) Sets the ACL entry for a user in the specified ACL in the policy server.
java.lang.String	toString() Returns a String representation of this object.

Methods inherited from class com.tivoli.pd.jutil.PDEnvironmentObject

getContext, setContext

Methods inherited from class java.lang.Object

getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

PDACL_ALLPATTERN

public static final java.lang.String PDACL_ALLPATTERN

Constant used to match all names when listing acls.

See Also:

Constant Field Values

PDACL_MAXRETURN

public static final int PDACL_MAXRETURN

Constant used to return the maximum number possible when listing acls.

See Also:

Constant Field Values

Constructor Detail

PDAcl

public PDAcl(PDContext context,
             java.lang.String id,
             PDMessages messages)
      throws PDException

Constructs a local object of an ACL that already exists in the policy server. Returns an error if the ACL does not exist already.

This constructor corresponds to the ivadmin_acl_get() C API.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

id - name of the ACL to be constructed. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

Method Detail

setDescription

public void setDescription(PDContext context,
                           java.lang.String newDescription,
                           PDMessages messages)
                    throws PDException

Sets the descriptive string for this ACL object and also in the policy server.

This method implements the function provided by the ivadmin_acl_setdescription() C API. In addition it sets the value of the description in the current object.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

newDescription - descriptive string for the ACL. Cannot be null; use the empty String to clear the existing description.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

setPDAclEntryUser

public void setPDAclEntryUser(PDContext context,
                              PDAclEntryUser aclEntryUser,
                              PDMessages messages)
                       throws PDException

Sets the ACL entry for a user in this object and also in the policy server.

This method implements the function provided by the ivadmin_acl_setuser() C API. In addition it sets the ACL entry for the specified user in the current object.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

aclEntryUser - PDAclEntryUser object. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

setPDAclEntryGroup

public void setPDAclEntryGroup(PDContext context,
                               PDAclEntryGroup aclEntryGroup,
                               PDMessages messages)
                        throws PDException

Sets the ACL entry for a group in this object and also in the policy server.

This method implements the function provided by the ivadmin_acl_setgroup() C API. In addition it sets the ACL entry for the specified group in the current object.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

aclEntryGroup - a PDAclEntryGroup object. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

setPDAclEntryAnyOther

public void setPDAclEntryAnyOther(PDContext context,
                                  PDAclEntryAnyOther aclEntryAnyOther,
                                  PDMessages messages)
                           throws PDException

Sets the any-other ACL entry in this object and also in the policy server.

This method implements the function provided by the ivadmin_acl_setanyother() C API. In addition it sets the ACL entry for the specified group in the current object.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

aclEntryAnyOther - a PDAclEntryAnyOther object. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

setPDAclEntryUnAuth

public void setPDAclEntryUnAuth(PDContext context,
                                PDAclEntryUnAuth aclEntryUnAuth,
                                PDMessages messages)
                         throws PDException

Sets the unauthenticated ACL entry in this object and also in the policy server.

This method implements the function provided by the ivadmin_acl_setunauth() C API. In addition it sets the ACL entry for the specified group in the current object.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

aclEntryUnAuth - a PDAclEntryUnAuth object. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

removePDAclEntryUser

public void removePDAclEntryUser(PDContext context,
                                 java.lang.String userId,
                                 PDMessages messages)
                          throws PDException

Removes a user ACL entry from this object and also in the policy server.

This method implements the function provided by the ivadmin_acl_removeuser() C API. In addition it removes the ACL entry for this user from the current object.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

userId - user whose ACL entry needs to be removed. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

removePDAclEntryGroup

public void removePDAclEntryGroup(PDContext context,
                                  java.lang.String groupId,
                                  PDMessages messages)
                           throws PDException

Removes a group ACL entry from this object and also in the policy server.

This method implements the function provided by the ivadmin_acl_removegroup() C API. In addition it removes the ACL entry for this group from the current object.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

groupId - group whose ACL entry needs to be removed. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

removePDAclEntryAnyOther

public void removePDAclEntryAnyOther(PDContext context,
                                     PDMessages messages)
                              throws PDException

Removes the any-other ACL entry from this object and also in the policy server.

This method implements the function provided by the ivadmin_acl_removeanyother() C API. In addition it removes the any-other ACL entry from the current object.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

removePDAclEntryUnAuth

public void removePDAclEntryUnAuth(PDContext context,
                                   PDMessages messages)
                            throws PDException

Removes the unauthenticated ACL entry from ACL object and also in the policy server.

This method implements the function provided by the ivadmin_acl_removeunauth() C API. In addition it removes the unauthenticated ACL entry from the current object.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

setAttributeValue

public void setAttributeValue(PDContext context,
                              java.lang.String attributeName,
                              java.lang.String attributeValue,
                              PDMessages messages)
                       throws PDException

Sets the value of an extended attribute in this object and also in the policy server.

This method implements the function provided by the ivadmin_acl_attrput() C API. In addition it sets the value of an extended attribute in the current object.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

attributeName - Name of the extended attribute. Cannot be null.

attributeValue - String value of the attribute. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

deleteAttribute

public void deleteAttribute(PDContext context,
                            java.lang.String attributeName,
                            PDMessages messages)
                     throws PDException

Deletes an extended attribute from this object and also in the policy server. Returns error if the attribute does not exist.

This method implements the function provided by the ivadmin_acl_attrdelkey() C API. In addition it deletes an extended attribute from the current object.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

attributeName - name of the extended attribute. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

deleteAttributeValue

public void deleteAttributeValue(PDContext context,
                                 java.lang.String attributeName,
                                 java.lang.String attributeValue,
                                 PDMessages messages)
                          throws PDException

Deletes a value for an extended attribute from the local ACL object and also in the policy server. Returns error if the attribute does not exist.

This method implements the function provided by the ivadmin_acl_attrdelval() C API. In addition it deletes a value for an extended attribute from the current object.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

attributeName - name of the extended attribute. Cannot be null.

attributeValue - String value of the extended attribute. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

getId

public java.lang.String getId()
                       throws PDException

Gets the ACL name from this object.

This method implements the function provided by the ivadmin_acl_getid() C API.

Returns:

name of the ACL from this object.

Throws:

PDException - if an error occurs.

getDescription

public java.lang.String getDescription()
                                throws PDException

Gets the ACL description from this object.

This method implements the function provided by the ivadmin_acl_getdescription() C API.

Returns:

description for the ACL from this object. Cannot be null. Will return an empty string if no description was set prior to this call.

Throws:

PDException - if an error occurs.

getPDAclEntriesUser

public java.util.HashMap getPDAclEntriesUser()
                                      throws PDException

Gets a HashMap of user ACL entries from this object. The HashMap is keyed by the user name.

This method implements the function provided by the ivadmin_acl_listusers() and ivadmin_acl_getuser() C APIs.

Returns:

HashMap of PDAclEntryUser objects. Cannot be null. Returns empty HashMap when this ACL has no user ACL entries.

Throws:

PDException - if an error occurs.

getPDAclEntriesGroup

public java.util.HashMap getPDAclEntriesGroup()
                                       throws PDException

Gets a HashMap of group ACL entries from this object. The HashMap is keyed by the group name.

This method implements the function provided by the ivadmin_acl_listgroups() and ivadmin_acl_getgroup() C APIs.

Returns:

HashMap of PDAclEntryGroup objects. Cannot be null. Returns empty HashMap when this ACL has no group ACL entries.

Throws:

PDException - if an error occurs.

getPDAclEntryAnyOther

public PDAclEntryAnyOther getPDAclEntryAnyOther()
                                         throws PDException

Gets the any-other ACL entry from this object.

This method implements the function provided by the ivadmin_acl_getanyother() C API.

Returns:

PDAclEntryAnyOther object. Returns null if no permission is set yet for the AnyOther user.

Throws:

PDException - if an error occurs.

getPDAclEntryUnAuth

public PDAclEntryUnAuth getPDAclEntryUnAuth()
                                     throws PDException

Gets the permission for the unauthenticated ACL entry from this object.

This method implements the function provided by the ivadmin_acl_getunauth() C API.

Returns:

PDAclEntryUnAuth object. Returns null if no permission is set yet for the UnAuth user.

Throws:

PDException - if an error occurs.

getAttributeNames

public java.util.ArrayList getAttributeNames()
                                      throws PDException

Gets the names of the extended attributes from this object.

This method implements the function provided by the ivadmin_acl_attrlist() C API.

Returns:

an ArrayList of strings that are the names of the extended attributes from this object. Empty ArrayList if this object has no extended attributes.

Throws:

PDException - if an error occurs.

getAttributeValues

public java.util.ArrayList getAttributeValues(java.lang.String attributeName)
                                       throws PDException

Gets the values of an extended attribute from this object.

This method implements the function provided by the ivadmin_acl_attrget() C API.

Parameters:

attributeName - name of the extended attribute.

Returns:

an ArrayList of strings that are the values of the specified extended attribute name in this object. Empty ArrayList if there are no values for the specified attribute name.

Throws:

PDException - if an error occurs.

toString

public java.lang.String toString()

Returns a String representation of this object.

Overrides:

toString in class java.lang.Object

clone

public java.lang.Object clone()

Returns a copy of this object.

Overrides:

clone in class java.lang.Object

equals

public boolean equals(java.lang.Object obj)

Determines whether this PDAcl is equivalent to the input object.

Overrides:

equals in class java.lang.Object

createAcl

public static void createAcl(PDContext context,
                             java.lang.String id,
                             java.lang.String description,
                             java.util.HashMap aclEntriesUser,
                             java.util.HashMap aclEntriesGroup,
                             PDAclEntryAnyOther aclEntryAnyOther,
                             PDAclEntryUnAuth aclEntryUnAuth,
                             PDAttrs attributes,
                             PDMessages messages)
                      throws PDException

Creates an ACL in the policy server.

This method is equivalent to the ivadmin_acl_create() C API.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

id - name of the ACL to be created. Cannot be null.

description - description of the ACL to be created. If null, an empty string is assumed. The input parameter is not changed.

aclEntriesUser - HashMap of PDAclEntryUser objects keyed by the user id. Can be null.

aclEntriesGroup - HashMap of PDAclEntryGroup objects keyed by the group id. Can be null.

aclEntryAnyOther - a PDAclEntryAnyOther object. Can be null.

aclEntryUnAuth - a PDAclEntryUnAuth object. Can be null.

attributes - Extended attributes for this ACL, implemented as PDAttrs objects. Will be supported in the future. For now, pass a null value for this parameter. Use the setAttributeValue() method to set the attributes for the ACL.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

createAcl

public static void createAcl(PDContext context,
                             java.lang.String id,
                             java.lang.String description,
                             java.util.HashMap aclEntriesUser,
                             java.util.HashMap aclEntriesGroup,
                             PDAclEntryAnyOther aclEntryAnyOther,
                             PDAclEntryUnAuth aclEntryUnAuth,
                             PDAttrs attributes,
                             PDMessages messages)
                      throws PDException

Deprecated. As of IBM Tivoli Access Manager for e-business v5.1, this method is replaced with the createAcl(PDContext,String,String,HashMap,HashMap,PDAclEntryAnyOther,PDAclEntryUnAuth,com.tivoli.pd.jutil.PDAttrs,PDMessages) method.

Creates an ACL in the policy server.

This method is equivalent to the ivadmin_acl_create() C API.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

id - name of the ACL to be created. Cannot be null.

description - description of the ACL to be created. If null, an empty string is assumed. The input parameter is not changed.

aclEntriesUser - HashMap of PDAclEntryUser objects keyed by the user id. Can be null.

aclEntriesGroup - HashMap of PDAclEntryGroup objects keyed by the group id. Can be null.

aclEntryAnyOther - a PDAclEntryAnyOther object. Can be null.

aclEntryUnAuth - a PDAclEntryUnAuth object. Can be null.

attributes - Extended attributes for this ACL, implemented as PDAttrs objects. Will be supported in the future. For now, pass a null value for this parameter. Use the setAttributeValue() method to set the attributes for the ACL.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

listAcls

public static java.util.ArrayList listAcls(PDContext context,
                                           java.lang.String pattern,
                                           long maxReturn,
                                           PDMessages messages)
                                    throws PDException

Returns a list of IDs of all ACLs existing in the policy server.

This method is equivalent to the ivadmin_acl_list() C API.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

pattern - the pattern for acl names to match. This pattern is interpreted as a literal string, with the exception of the asterisk ('*') character, which is interpreted as a metacharacter that matches zero or more characters. Asterisks can be located at the beginning, in the middle or at the end of the pattern, and the pattern can contain multiple asterisks. PDACL_ALLPATTERN matches all names.

maxReturn - the maximum number of user names to return. This argument must be greater than or equal to 0. The value of 0 or PDACL_MAXRETURN means return all acls.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Returns:

an ArrayList of strings that correspond to the names of all the ACLs. Cannot be empty because it will contain at least the ACLs that are created by default by Policy Director.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

listAcls

public static java.util.ArrayList listAcls(PDContext context,
                                           PDMessages messages)
                                    throws PDException

Returns a list of IDs of all ACLs existing in the policy server.

This method is equivalent to the ivadmin_acl_list() C API.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Returns:

an ArrayList of strings that correspond to the names of all the ACLs. Cannot be empty because it will contain at least the ACLs that are created by default by Policy Director.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

deleteAcl

public static void deleteAcl(PDContext context,
                             java.lang.String id,
                             PDMessages messages)
                      throws PDException

Deletes the specified ACL from the policy server.

This method is equivalent to the ivadmin_acl_delete() C API.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

id - name of the ACL to be deleted. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

setDescription

public static void setDescription(PDContext context,
                                  java.lang.String id,
                                  java.lang.String newDescription,
                                  PDMessages messages)
                           throws PDException

Sets the descriptive string for the specified ACL in the policy server.

This method implements the function provided by the ivadmin_acl_setdescription() C API.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

id - name of the ACL. Cannot be null.

newDescription - descriptive string for the ACL. Cannot be null; use the empty String to clear the existing description.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

setPDAclEntryUser

public static void setPDAclEntryUser(PDContext context,
                                     java.lang.String id,
                                     PDAclEntryUser aclEntryUser,
                                     PDMessages messages)
                              throws PDException

Sets the ACL entry for a user in the specified ACL in the policy server.

This method implements the function provided by the ivadmin_acl_setuser() C API.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

id - Name of the ACL. Cannot be null.

aclEntryUser - a PDAclEntryUser object. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

setPDAclEntryGroup

public static void setPDAclEntryGroup(PDContext context,
                                      java.lang.String id,
                                      PDAclEntryGroup aclEntryGroup,
                                      PDMessages messages)
                               throws PDException

Sets the ACL entry for a group in the specified ACL in the policy server.

This method implements the function provided by the ivadmin_acl_setgroup() C API.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

id - Name of the ACL. Cannot be null.

aclEntryGroup - a PDAclEntryGroup object. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

setPDAclEntryAnyOther

public static void setPDAclEntryAnyOther(PDContext context,
                                         java.lang.String id,
                                         PDAclEntryAnyOther aclEntryAnyOther,
                                         PDMessages messages)
                                  throws PDException

Sets the any-other ACL entry in the specified ACL in the policy server.

This method implements the function provided by the ivadmin_acl_setanyother() C API.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

id - Name of the ACL. Cannot be null.

aclEntryAnyOther - a PDAclEntryAnyOther object. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

setPDAclEntryUnAuth

public static void setPDAclEntryUnAuth(PDContext context,
                                       java.lang.String id,
                                       PDAclEntryUnAuth aclEntryUnAuth,
                                       PDMessages messages)
                                throws PDException

Sets the unauthenticated ACL entry in the specified ACL in the policy server.

This method implements the function provided by the ivadmin_acl_setunauth() C API.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

id - Name of the ACL. Cannot be null.

aclEntryUnAuth - a PDAclEntryUnAuth object. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

removePDAclEntryUser

public static void removePDAclEntryUser(PDContext context,
                                        java.lang.String id,
                                        java.lang.String userId,
                                        PDMessages messages)
                                 throws PDException

Removes a user ACL entry from the specified ACL in the policy server.

This method implements the function provided by the ivadmin_acl_removeuser() C API.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

id - name of the ACL. Cannot be null.

userId - user whose ACL entry needs to be removed. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

removePDAclEntryGroup

public static void removePDAclEntryGroup(PDContext context,
                                         java.lang.String id,
                                         java.lang.String groupId,
                                         PDMessages messages)
                                  throws PDException

Removes a group ACL entry from the specified ACL in the policy server.

This method implements the function provided by the ivadmin_acl_removegroup() C API.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

id - name of the ACL. Cannot be null.

groupId - group whose ACL entry needs to be removed. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

removePDAclEntryAnyOther

public static void removePDAclEntryAnyOther(PDContext context,
                                            java.lang.String id,
                                            PDMessages messages)
                                     throws PDException

Removes the any-other ACL entry from the specified ACL in the policy server.

This method implements the function provided by the ivadmin_acl_removeanyother() C API.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

id - name of the ACL. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

removePDAclEntryUnAuth

public static void removePDAclEntryUnAuth(PDContext context,
                                          java.lang.String id,
                                          PDMessages messages)
                                   throws PDException

Removes the unauthenticated ACL entry from the specified ACL in the policy server.

This method implements the function provided by the ivadmin_acl_removeunauth() C API.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

id - name of the ACL. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

setAttributeValue

public static void setAttributeValue(PDContext context,
                                     java.lang.String id,
                                     java.lang.String attributeName,
                                     java.lang.String attributeValue,
                                     PDMessages messages)
                              throws PDException

Sets the value of an extended attribute for the specified ACL in the policy server.

This method implements the function provided by the ivadmin_acl_attrput() C API.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

id - name of the ACL. Cannot be null.

attributeName - name of the extended attribute. Cannot be null.

attributeValue - value of the attribute. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

deleteAttribute

public static void deleteAttribute(PDContext context,
                                   java.lang.String id,
                                   java.lang.String attributeName,
                                   PDMessages messages)
                            throws PDException

Deletes the extended attribute for the specified ACL in the policy server. Returns error if the attribute does not exist.

This method implements the function provided by the ivadmin_acl_attrdelkey() C API.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

id - name of the ACL. Cannot be null.

attributeName - name of the extended attribute. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

deleteAttributeValue

public static void deleteAttributeValue(PDContext context,
                                        java.lang.String id,
                                        java.lang.String attributeName,
                                        java.lang.String attributeValue,
                                        PDMessages messages)
                                 throws PDException

Deletes a value for an extended attribute for the specified ACL in the policy server. Returns error if the attribute does not exist.

This method implements the function provided by the ivadmin_acl_attrdelval() C API.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

id - name of the ACL. Cannot be null.

attributeName - name of the extended attribute. Cannot be null.

attributeValue - value of the extended attribute. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.