Overview  Package   Class  Use  Tree  Serialized  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.ibm.itim.apps.acl
Class AccessControlListManager

java.lang.Object
  extended by com.ibm.itim.apps.acl.AccessControlListManager

public class AccessControlListManager
extends java.lang.Object

Provides an interface to manage the system's Access Control List on a container by container basis. Exposes basic add, list, modify and delete operations for a remote client.

Constructor Summary
AccessControlListManager(PlatformContext platform, javax.security.auth.Subject subject, DistinguishedName containerDN)
          Creates a new AccessControlListManager.
 
Method Summary
 void addAccessRight(AccessRight aRight)
          Adds an AccessRight to the ACL currently associated with a container, namely the container identified by the containerDN used to create this AccessControlListManager.
 void addAuthorizationOwner(AuthorizationOwner authOwner)
          Adds an AuthorizationOwner to the container identified by the containerDN used to create this AccessControlListManager.
 void deleteAccessRight(AccessRight accessRight)
          Deletes an AccessRight from the container identified by the containerDN used to create this AccessControlListManager.
 void deleteAuthorizationOwner(AuthorizationOwner authOwner)
          Removes an AuthorizationOwner from the container identified by the containerDN used to create this AccessControlListManager.
 java.util.Collection listAccessRights()
          Returns the full ACL on the container identified by the containerDN used to create this AccessControlListManager.
 java.util.Collection listAuthorizationOwners()
          Returns a Collection of AuthorizationOwner associated with the container identified by the containerDN used to create this AccessControlListManager.
 void modifyAccessRight(java.lang.String name, AccessRight newAccessRight)
          Modifies (replaces) an AccessRight on the container identified by the containerDN used to create this AccessControlListManager.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

AccessControlListManager

public AccessControlListManager(PlatformContext platform,
                                javax.security.auth.Subject subject,
                                DistinguishedName containerDN)
Creates a new AccessControlListManager.

Parameters:
platform - PlatformContext used to connect to the system.
subject - Subject represents an authenticated caller.
containerDN - the DistinguishedName of the container whose ACL to manage through this instance of AccessControlListManager.
Method Detail

addAccessRight

public void addAccessRight(AccessRight aRight)
                    throws java.rmi.RemoteException,
                           AuthorizationException,
                           ApplicationException
Adds an AccessRight to the ACL currently associated with a container, namely the container identified by the containerDN used to create this AccessControlListManager.

Parameters:
aRight - The new AccessRight object to add to the ACL. The new AccessRight object being added should be semantically valid.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
AuthorizationException - Thrown if the client is unauthorized to manage/view the ACL for the container.
ApplicationException - Thrown if a low-level error such as accessing data services API prevents adding the AccessRight to the container. This exception is also thrown in case name is blank.

listAccessRights

public java.util.Collection listAccessRights()
                                      throws java.rmi.RemoteException,
                                             AuthorizationException,
                                             ApplicationException
Returns the full ACL on the container identified by the containerDN used to create this AccessControlListManager. Returns a Collection of AccessRight.

Returns:
Collection of AccessRight.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
AuthorizationException - Thrown if the client is unauthorized to manage/view the ACL for the container.
ApplicationException - Thrown if a low-level error such as accessing data services API prevents returning the container's ACL.

modifyAccessRight

public void modifyAccessRight(java.lang.String name,
                              AccessRight newAccessRight)
                       throws java.rmi.RemoteException,
                              AuthorizationException,
                              ApplicationException
Modifies (replaces) an AccessRight on the container identified by the containerDN used to create this AccessControlListManager.

Parameters:
name - The old AccessRight's name.
newAccessRight - The new AccessRight object containing changes to commit which may include a new name. If the new AccessRight object contains changes that are not semantically valid, the changes will be ignored and no exception may be raised. For example, if the new AccessRight object contains a Permission with an action but no associated attribute rights or class rights, the Permission will be ignored.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
AuthorizationException - Thrown if the client is unauthorized to manage/view the ACL for the container.
ApplicationException - Thrown if a low-level error such as accessing data services API prevents modifying the AccessRight on the container. This exception is also thrown in case name is blank.

deleteAccessRight

public void deleteAccessRight(AccessRight accessRight)
                       throws java.rmi.RemoteException,
                              AuthorizationException,
                              ApplicationException
Deletes an AccessRight from the container identified by the containerDN used to create this AccessControlListManager.

Parameters:
accessRight - The AccessRight to delete
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
AuthorizationException - Thrown if the client is unauthorized to manage/view the ACL for the container.
ApplicationException - Thrown if a low-level error such as accessing data services API prevents deleting the AccessRight from the container. This exception is also thrown in case name is blank in the input AccessRight object.

addAuthorizationOwner

public void addAuthorizationOwner(AuthorizationOwner authOwner)
                           throws java.rmi.RemoteException,
                                  AuthorizationException,
                                  ApplicationException
Adds an AuthorizationOwner to the container identified by the containerDN used to create this AccessControlListManager. If the authOwner is already an AuthorizationOwner duplicate AuthorizationOwner is not created, and no exception is thrown.

Parameters:
authOwner - the AuthorizationOwner to add.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
AuthorizationException - Thrown if the client is unauthorized to manage/view the ACL for the container.
ApplicationException - Thrown if a low-level error such as accessing data services API prevents adding the AuthorizationOwner to the container.

listAuthorizationOwners

public java.util.Collection listAuthorizationOwners()
                                             throws java.rmi.RemoteException,
                                                    AuthorizationException,
                                                    ApplicationException
Returns a Collection of AuthorizationOwner associated with the container identified by the containerDN used to create this AccessControlListManager.

Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
AuthorizationException - Thrown if the client is unauthorized to manage/view the ACL for the container.
ApplicationException - Thrown if a low-level error such as accessing data services API prevents listing the AuthorizationOwners on the container.

deleteAuthorizationOwner

public void deleteAuthorizationOwner(AuthorizationOwner authOwner)
                              throws java.rmi.RemoteException,
                                     AuthorizationException,
                                     ApplicationException
Removes an AuthorizationOwner from the container identified by the containerDN used to create this AccessControlListManager.

Parameters:
authOwner - the AuthorizationOwner to add.
Throws:
java.rmi.RemoteException - Thrown if unable to communicate with platform.
AuthorizationException - Thrown if the client is unauthorized to manage/view the ACL for the container.
ApplicationException - Thrown if a low-level error such as accessing data services API prevents removing the AuthorizationOwner from the container.
Overview  Package   Class  Use  Tree  Serialized  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
IBM Security Identity Manager 6.0.0
© Copyright International Business Machines Corporation 2007, 2012. All rights reserved. US Government Users Restricited Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.