com.ibm.itim.apps.identity
Class RoleManager

java.lang.Object
  |
  +--com.ibm.itim.apps.identity.RoleManager

public class RoleManager
extends java.lang.Object

Provides aggregate role management capabilities. These capabilities include the creation of roles and validation of (dynamic) roles. In general it should be noted that the value object for a static role is represented by the Role class, and the value object for a dynamic role is represented by the DynamicRole class.

See Also:
RoleMO, Role, DynamicRole

Constructor Summary
RoleManager(PlatformContext platform, javax.security.auth.Subject subject)
          Constructs the manager with a platform context and a subject.
 
Method Summary
 Request createRole(OrganizationalContainerMO container, Role subject, java.util.Date scheduledTime)
          Creates a role in the provisioning platform with the specified attributes within the given container.
 java.util.Collection getRoles(OrganizationalContainerMO container, java.lang.String name)
          Returns the role(s) with the name within the given parent container.
 java.util.Collection getRoles(OrganizationalContainerMO parent, java.lang.String attributeName, java.lang.Object attributeValue)
          Returns the role(s) matching the given attribute within the given parent container.
 void getRoles(OrganizationalContainerMO parent, java.lang.String attributeName, java.lang.Object attributeValue, SearchResultsMO results)
          Returns the role(s) matching the given attribute within the given container.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

RoleManager

public RoleManager(PlatformContext platform,
                   javax.security.auth.Subject subject)
Constructs the manager with a platform context and a subject.

Parameters:
platform - PlatformContext holding platform connection information.
subject - Subject representing the authenticated caller.
Method Detail

createRole

public Request createRole(OrganizationalContainerMO container,
                          Role subject,
                          java.util.Date scheduledTime)
                   throws java.rmi.RemoteException,
                          AuthorizationException,
                          SchemaViolationException,
                          ApplicationException
Creates a role in the provisioning platform with the specified attributes within the given container.

Parameters:
container - OrganizationalContainerMO within which the the role will be placed.
subject - Role value object defining the attributes the role will have. Note that this can be a Role for a static role, or a DynamicRole for a dynamic role.
scheduledTime - The scheduled starting time of the process. If null, the process will start immediately. In case this method is invoked remotely, passing this parameter as the current data/time of the client machine is not a safe technique to use, since the date/time of the client machine may not be the same as the date/time of the ITIM server machine. Only applicable to dynamic role. May be null if Role represents a static role.
Returns:
Request object representing the operation's status. NULL when it's an organizational role creation.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
AuthorizationException - Thrown if client is unauthorized to create the role in the given container.
SchemaViolationException - Thrown if any of the attributes in the value object are violate the managed object's schema. This may be caused by an invalid attribute or if a required attribute is missing entirely.
ApplicationException - Thrown if unable to submit the request. This may possibly be caused by the container being removed by another client previous to this call.

getRoles

public java.util.Collection getRoles(OrganizationalContainerMO container,
                                     java.lang.String name)
                              throws java.rmi.RemoteException,
                                     ApplicationException
Returns the role(s) with the name within the given parent container. Note, if the client is unauthorized to view (search) a role that matches this criteria, it will be filtered out of the return list and no AuthorizationException will be thrown.

Parameters:
container - OrganizationalContainerMO representing the parent container to scope the search. In a single-tenant deployment, null can be specified to indicate the entire tree should be searched. In a multi-tenant deployment, an OrganizationalContainerMO object must be provided that represents the root of the tenant.
name - Name of the role(s) to return.
Returns:
Collection of RoleMO's representing the matching roles.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
ApplicationException - Thrown if unable to obtain the roles. This may possibly be caused by the container being removed by another client previous to this call.

getRoles

public java.util.Collection getRoles(OrganizationalContainerMO parent,
                                     java.lang.String attributeName,
                                     java.lang.Object attributeValue)
                              throws java.rmi.RemoteException,
                                     ApplicationException
Returns the role(s) matching the given attribute within the given parent container. Note, if the client is unauthorized to view (search) a role that matches this criteria, it will be filtered out of the return list and no AuthorizationException will be thrown.

Parameters:
parent - OrganizationalContainerMO representing the parent container to scope the search. In a single-tenant deployment, null can be specified to indicate the entire tree should be searched. In a multi-tenant deployment, an OrganizationalContainerMO object must be provided that represents the root of the tenant.
attributeName - Name of attribute to match with.
attributeValue - Value of the attribute to match with. A * can be used as the first and/or last character of a String value if a "contains" expression is wished.
Returns:
Collection of RoleMO's representing the matching role(s).
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
ApplicationException - Thrown if unable to obtain the role. This may possibly be caused by the parent container being removed by another client previous to this call.

getRoles

public void getRoles(OrganizationalContainerMO parent,
                     java.lang.String attributeName,
                     java.lang.Object attributeValue,
                     SearchResultsMO results)
              throws java.rmi.RemoteException,
                     ApplicationException
Returns the role(s) matching the given attribute within the given container. Note, if the client is unauthorized to view (search) a role that matches this criteria, it will be filtered out of the return list and no AuthorizationException will be thrown.

Parameters:
parent - OrganizationalContainerMO representing the parent container to scope the search. In a single-tenant deployment, null can be specified to indicate the entire tree should be searched. In a multi-tenant deployment, an OrganizationalContainerMO object must be provided that represents the root of the tenant.
attributeName - Name of attribute to match with.
attributeValue - Value of the attribute to match with. A '*' can be used as the first and/or last character of a String value to perform substring searches for Role.
results - SearchResultsMO to hold the results of the search. SearchResultsMO provides a page by page view of the results. The objet will be filled with Role value objects that match the given criteria. Note, if the SearchResultsMO object was constructed using a different user context, that context will be changed to match the context of this object.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
ApplicationException - Thrown if unable to obtain the roles. This may possibly be caused by the parent container being removed by another client previous to this call.
See Also:
SearchMO, SearchResultsMO


IBM Tivoli Identity Manager 4.6
© Copyright International Business Machines Corporation 2005. All rights reserved. US Government Users Restricted Rights Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.