com.tivoli.pd.jadmin
Class PDAuthzRule

java.lang.Object
  com.tivoli.pd.jutil.PDEnvironmentObject
      com.tivoli.pd.jadmin.PDAuthzRule

All Implemented Interfaces:

java.io.Serializable, java.lang.Cloneable

public class PDAuthzRule
extends com.tivoli.pd.jutil.PDEnvironmentObject
implements java.lang.Cloneable

This class represents an authorization rule in the Security Access Manager policy server. An authorization rule can be attached to a PDProtObject, along with a PDPop, and a PDAcl. As part of the resource authorization process, the Security Access Manager policy server uses a rules evaluator to evaluate credential and application context data to aid in the determination of whether access to a particular protected object is authorized.

Modes: Local,Remote

While authzrules can be defined in either local or remote modes, the PDPermission's implies method will not evaluate the rules as part of the access decision in local mode. Note that PDProtObject's access method and PDPrincipal's getEntitlements result in remote calls to the pdacld server regardless of the java applications's mode. All of these remote calls do evaluate the authzrules as part of the access decision.

AuthzRule Considered during Access Decision

		Mode
Class	Method	Local	Remote
PDPermission	implies	NO	YES
PDProtObject	access	YES	YES
PDPrincipal	getEntitlements	YES	YES

See Also:

Serialized Form

Constructor Summary

PDAuthzRule(PDContext context, java.lang.String ruleName, PDMessages messages)
Creates a PDAuthzRule object by retrieving the specified authorization rule information from the Security Access Manager policy server.

Method Summary

java.lang.Object	clone() Returns a copy of this object.
static void	createAuthzRule(PDContext context, java.lang.String ruleName, java.lang.String description, java.lang.String ruleText, java.lang.String failReason, PDMessages messages) Creates an authorization rule in the Security Access Manager policy server.
static void	deleteAuthzRule(PDContext context, java.lang.String ruleName, PDMessages messages) Deletes an authorization rule from the Security Access Manager policy server.
boolean	equals(java.lang.Object obj) Determines whether this PDAuthzRule object is equivalent to the input object.
java.lang.String	getDescription() Returns the rule description for this object.
java.lang.String	getFailReason() Returns the rule fail reason for this object.
java.lang.String	getId() Returns the ID for this rule as defined by Security Access Manager.
java.lang.String	getRuleText() Returns the rule text for this object.
static java.util.ArrayList	listAuthzRules(PDContext context, PDMessages messages) Lists all of the authorization rules in the Security Access Manager policy server.
void	setDescription(PDContext context, java.lang.String newDesc, PDMessages messages) Modifies this authorization rule's description in the Security Access Manager policy server, and in this object.
static void	setDescription(PDContext context, java.lang.String ruleName, java.lang.String newDesc, PDMessages messages) Modifies this authorization rule's description in the Security Access Manager policy server.
void	setFailReason(PDContext context, java.lang.String fReason, PDMessages messages) Modifies this authorization fail reason in the Security Access Manager policy server, and in this object.
static void	setFailReason(PDContext context, java.lang.String ruleName, java.lang.String failReason, PDMessages messages) Modifies this authorization fail reason in the Security Access Manager policy server.
void	setRuleText(PDContext context, java.lang.String text, PDMessages messages) Modifies this authorization rule's text in the Security Access Manager policy server, and in this object.
static void	setRuleText(PDContext context, java.lang.String ruleName, java.lang.String ruleText, PDMessages messages) Modifies this authorization rule's text in the Security Access Manager policy server.
java.lang.String	toString() Returns a String representation of this object.

Methods inherited from class com.tivoli.pd.jutil.PDEnvironmentObject

getContext, setContext

Methods inherited from class java.lang.Object

getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

PDAuthzRule

public PDAuthzRule(PDContext context,
                   java.lang.String ruleName,
                   PDMessages messages)
            throws PDException

Creates a PDAuthzRule object by retrieving the specified authorization rule information from the Security Access Manager policy server.

This constructor corresponds to the ivadmin_authzrule_get() C API.

Parameters:

context - the context for communicating with the Security Access Manager policy server.

ruleName - the name of the rule to instantiate. This value cannot be null and must have a non-zero length.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

Method Detail

getId

public java.lang.String getId()
                       throws PDException

Returns the ID for this rule as defined by Security Access Manager.

This method corresponds to the ivadmin_authzrule_getid() C API.

Throws:

PDException

getDescription

public java.lang.String getDescription()
                                throws PDException

Returns the rule description for this object. The return value will never be null, but it may be an empty String if the description has not been set.

This method corresponds to the ivadmin_authzrule_getdescription() C API.

Throws:

PDException

getRuleText

public java.lang.String getRuleText()
                             throws PDException

Returns the rule text for this object. The return value will never be null.

This method corresponds to the ivadmin_authzrule_getruletext() C API.

Throws:

PDException

getFailReason

public java.lang.String getFailReason()
                               throws PDException

Returns the rule fail reason for this object. The return value will never be null, but it may be an empty String if no fail reason has been set.

This method corresponds to the ivadmin_authzrule_getfailreason() C API.

Throws:

PDException

setDescription

public void setDescription(PDContext context,
                           java.lang.String newDesc,
                           PDMessages messages)
                    throws PDException

Modifies this authorization rule's description in the Security Access Manager policy server, and in this object.

This method corresponds to the ivadmin_authzrule_setdescription() C API.

Parameters:

context - the context for communicating with the Security Access Manager policy server.

newDesc - the new description. Set the description to the empty string "" to clear the existing description. This value cannot be null.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

setRuleText

public void setRuleText(PDContext context,
                        java.lang.String text,
                        PDMessages messages)
                 throws PDException

Modifies this authorization rule's text in the Security Access Manager policy server, and in this object.

This method corresponds to the ivadmin_authzrule_setruletext() C API.

Parameters:

context - the context for communicating with the Security Access Manager policy server.

text - the text of the authorization rule, in XSL format. This value cannot be null.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

setFailReason

public void setFailReason(PDContext context,
                          java.lang.String fReason,
                          PDMessages messages)
                   throws PDException

Modifies this authorization fail reason in the Security Access Manager policy server, and in this object.

This method corresponds to the ivadmin_authzrule_setfailreason() C API.

Parameters:

context - the context for communicating with the Security Access Manager policy server.

fReason - a String representing a fail reason code. If authorization is denied as a result of this rule's evaluation, but other authorization checks (i.e pop, acl) succeed, this reason code will be returned to the application making the authorization check. Set the failReason to the empty string "" to clear the fail reason code. This value cannot be null.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

toString

public java.lang.String toString()

Returns a String representation of this object.

Overrides:

toString in class java.lang.Object

clone

public java.lang.Object clone()

Returns a copy of this object.

Overrides:

clone in class java.lang.Object

equals

public boolean equals(java.lang.Object obj)

Determines whether this PDAuthzRule object is equivalent to the input object.

Overrides:

equals in class java.lang.Object

setDescription

public static void setDescription(PDContext context,
                                  java.lang.String ruleName,
                                  java.lang.String newDesc,
                                  PDMessages messages)
                           throws PDException

Modifies this authorization rule's description in the Security Access Manager policy server.

This method corresponds to the ivadmin_authzrule_setdescription() C API.

Parameters:

context - the context for communicating with the Security Access Manager policy server.

ruleName - the authorization rule name. This value cannot be null and must have a non-zero length.

newDesc - the new description. Set the description to the empty string "" to clear the existing description. This value cannot be null.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

setRuleText

public static void setRuleText(PDContext context,
                               java.lang.String ruleName,
                               java.lang.String ruleText,
                               PDMessages messages)
                        throws PDException

Modifies this authorization rule's text in the Security Access Manager policy server.

This method corresponds to the ivadmin_authzrule_setruletext() C API.

Parameters:

context - the context for communicating with the Security Access Manager policy server.

ruleName - the authorization rule name. This value cannot be null and must have a non-zero length.

ruleText - the text of the authorization rule, in XSL format. This value cannot be null and must have a non-zero length.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

setFailReason

public static void setFailReason(PDContext context,
                                 java.lang.String ruleName,
                                 java.lang.String failReason,
                                 PDMessages messages)
                          throws PDException

Modifies this authorization fail reason in the Security Access Manager policy server.

This method corresponds to the ivadmin_authzrule_setfailreason() C API.

Parameters:

context - the context for communicating with the Security Access Manager policy server.

ruleName - the authorization rule name. This value cannot be null and must have a non-zero length.

failReason - a String representing a fail reason code. If authorization is denied as a result of this rule's evaluation, but other authorization checks (i.e pop, acl) succeed, this reason code will be returned to the application making the authorization check. Set the failReason to the empty string "" to clear the existing fail reason code. This value cannot be null.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

createAuthzRule

public static void createAuthzRule(PDContext context,
                                   java.lang.String ruleName,
                                   java.lang.String description,
                                   java.lang.String ruleText,
                                   java.lang.String failReason,
                                   PDMessages messages)
                            throws PDException

Creates an authorization rule in the Security Access Manager policy server.

This method corresponds to the ivadmin_authzrule_create() C API.

Parameters:

context - the context for communicating with the Security Access Manager policy server.

ruleName - the authorization rule name. This value cannot be null and must have a non-zero length.

description - the description of the rule. This value can be null.

ruleText - the text of the authorization rule, in XSL format. This value cannot be null and must have a non-zero length.

failReason - a String representing a fail reason code. If authorization is denied as a result of this rule's evaluation, but other authorization checks (i.e pop, acl) succeed, this reason code will be returned to the application making the authorization check. This value can be null.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

deleteAuthzRule

public static void deleteAuthzRule(PDContext context,
                                   java.lang.String ruleName,
                                   PDMessages messages)
                            throws PDException

Deletes an authorization rule from the Security Access Manager policy server.

This method corresponds to the ivadmin_authzrule_delete() C API.

Parameters:

context - the context for communicating with the Security Access Manager policy server.

ruleName - the authorization rule name. This value cannot be null and must have a non-zero length.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.

listAuthzRules

public static java.util.ArrayList listAuthzRules(PDContext context,
                                                 PDMessages messages)
                                          throws PDException

Lists all of the authorization rules in the Security Access Manager policy server. The returned list may be empty but it will never be null.

This method corresponds to the ivadmin_authzrule_list() C API.

Parameters:

context - the context for communicating with the Security Access Manager policy server.

messages - in/out parameter; empty PDMessages on input; may contain zero or more informational or warning messages on output.

Returns:

an ArrayList of strings that represent the names of the authorization rules. The returned list will never be null.

Throws:

PDException - if an error occurs. This exception may contain error and message codes defined in the product Error Message Reference document.