PolicyManagement (WSO2 SOA Enablement Server for Java 6.6 API)

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.systinet.wasp.admin
Interface PolicyManagement

public interface PolicyManagement

This interface represents service which is able to manage UpdatablePolicy (security policy)

Modification to the policy are made permanent after the call finishes.

Note that if the WSO2 SOA Enablement Server for Java is running in secure mode, then Policy Management web service is protected by both authorization and authentication.

In general, to access the Policy the caller must have ACLPermission.

To get informations about permissions the caller must have ACLPermission with name perm and actions get. To modify permissions you need ACLPermission with name perm and actions modify. Similar rules applies to the management of roles. To get informations about roles the caller must have ACLPermission with name role and actions get. To modify roles you need ACLPermission with name role and actions modify.

If you are not granted with the permissions mentioned above you can still grant or revoke permissions for "your own objects". You own an object if you have DelegatePermission for it.

Since:: 4.0
Component:: Security-Services

Method Summary
`boolean`	`addPermission(java.security.CodeSource cs, java.security.Principal principal, java.security.Permission permission)` Adds a single permission to specified principal.
`void`	`addPermissions(java.security.CodeSource cs, java.security.Principal principal, java.security.PermissionCollection collection)` Adds collection of permissions to specified principal.
`boolean`	`addPermissionToRole(java.lang.String roleName, java.security.Permission permission)` Adds permission to role.
`PrincipalEntries`	`getPrincipalEntries()` Returns enumeration of principal entries.
`PrincipalEntries`	`getPrincipalEntries(java.security.Permission perm)` Returns iterator of principals that are granted with specified atomic permission.
`java.security.PermissionCollection`	`getPrincipalPermissions(java.security.CodeSource cs, java.security.Principal principal)` Returns permissions associated with the principal only (typically supplied by a grant entry for this principal).
`java.security.PermissionCollection`	`getPrincipalPermissions(java.security.CodeSource cs, java.security.Principal principal, boolean roleInheritted)` Returns permissions associated with the principal only (typically supplied by a grant entry for this principal).
`PrincipalEntries[]`	`getPrincipalsEntries(java.security.Permission[] perms)` This method is similar to `getPrincipalEntries(Permission)`, but allows to process more request in one batch.
`PrincipalEntries`	`getPrincipalsOwningPermission(java.security.Permission perm)` Returns iterator of principals, which own specified atomic permission.
`java.util.Iterator`	`getRoleNames()` Returns iterator of role names.
`java.security.PermissionCollection`	`getRolePermissions(java.lang.String roleName)` Get permissions of the role.
`boolean`	`isRoleManager()` Test whether this policy can manage roles.
`boolean`	`isUpdatable()` Test whether this policy is really updatable or read-only.
`boolean`	`removePermission(java.security.CodeSource cs, java.security.Principal principal, java.security.Permission permission)` Removes permission from specified user.
`boolean`	`removePermissionFromRole(java.lang.String roleName, java.security.Permission permission)` Removes permission from role.

Method Detail

isUpdatable

public boolean isUpdatable()

Test whether this policy is really updatable or read-only.

Returns:: false if it is read-only, true if it is updatable

addPermissions

public void addPermissions(java.security.CodeSource cs,
                           java.security.Principal principal,
                           java.security.PermissionCollection collection)
                    throws java.security.AccessControlException

Adds collection of permissions to specified principal.
(Authorization: To use this method you must have permission to modify permissions (ACLPermission) or you must have delegate permission for each permission which you are trying to add - name of the deletage permissions must match name of the permission which you are trying to add).

Parameters:: principal - principal; cs - codesource for this permission (can be null); collection - collection of permission to be added to a principal
Throws:: java.security.AccessControlException - Description of the Exception

addPermission

public boolean addPermission(java.security.CodeSource cs,
                             java.security.Principal principal,
                             java.security.Permission permission)
                      throws java.security.AccessControlException

Adds a single permission to specified principal.
(Authorization: To use this method you must have permission to modify permissions (ACLPermission) or you must have delegate permission for the permission which you are trying to add - name of the deletage permissions must match name of the permission which you are trying to add)

Parameters:: cs - codesource for this permission (can be null); principal - principal; permission - permission to add
Returns:: true if the permission was added, false if it cannot be added, because the principal already owns the permission.
Throws:: java.security.AccessControlException - Description of the Exception

removePermission

public boolean removePermission(java.security.CodeSource cs,
                                java.security.Principal principal,
                                java.security.Permission permission)
                         throws java.security.AccessControlException

Removes permission from specified user.
(Authorization: With this method you can remove permission only to yourself or you must have permission to modify permissions (ACLPermission) or you must have delegate permission for the permission which you are trying to remove - name of the deletage permissions must match name of the permission which you are trying to remove)

Parameters:: cs - codesource for this permission (can be null); principal - principal; permission - the permission has to match exactly (tested through equals method) to one of the permissions already assigned to the principal.
Returns:: true if the permission was removed, false if it cannot be remove, because the principal does not own the permission.
Throws:: java.security.AccessControlException - Description of the Exception

getPrincipalPermissions

public java.security.PermissionCollection getPrincipalPermissions(java.security.CodeSource cs,
                                                                  java.security.Principal principal)
                                                           throws java.security.AccessControlException

Returns permissions associated with the principal only (typically supplied by a grant entry for this principal).
(Authorization: With this method you can get permissions for yourself or you must have permission to get permissions (ACLPermission)).

Parameters:: cs - codesource for this permission (can be null); principal - principal (can be null )
Returns:: principal collection associated only with the given principal
Throws:: java.security.AccessControlException - Description of the Exception

getPrincipalPermissions

public java.security.PermissionCollection getPrincipalPermissions(java.security.CodeSource cs,
                                                                  java.security.Principal principal,
                                                                  boolean roleInheritted)
                                                           throws java.security.AccessControlException

Returns permissions associated with the principal only (typically supplied by a grant entry for this principal).
(Authorization: To use this method you can get permissions for yourself or you must have permission to get permissions (ACLPermission)).

Parameters:: cs - codesource for this permission (can be null); principal - principal (can be null); roleInheritted - true means that the returned permissions also contains this inheritted from contained roles
Returns:: principal collection associated only with the given principal
Throws:: java.security.AccessControlException - the caller is not authorized to invoke this method

getPrincipalEntries

public PrincipalEntries getPrincipalEntries(java.security.Permission perm)
                                     throws java.security.AccessControlException

Returns iterator of principals that are granted with specified atomic permission. The permission is atomic if both its name and actions are not composed values.
(Authorization: To use this method you must have permission to get permissions (ACLPermission) or you must own some object (e.g. deployed package) or you must have permission to deploy packages).

Parameters:: perm - permission acts as filter for the constructed result
Returns:: principalEnumeration enumeration of principal entries contained in the principal enumeration
Throws:: java.security.AccessControlException - Description of the Exception

getPrincipalsOwningPermission

public PrincipalEntries getPrincipalsOwningPermission(java.security.Permission perm)
                                               throws java.security.AccessControlException

Returns iterator of principals, which own specified atomic permission. If the principal owns permission, which implies given atomic permission, the return value will not include it. Typicall usecase of this method is for management of permission, policy allows to remove only permission, which are directly owned by principal (i.e. not inheritted). The permission is atomic if both its name and actions are not composed values.
(Authorization: To use this method you must have permission to get permissions (ACLPermission) or you must own some object (e.g. deployed package) or you must have permission to deploy packages).

Parameters:: perm - permission act as filter for the constructed result
Returns:: principalEnumeration enumeration of principal entries contained in the principal enumeration
Throws:: java.security.AccessControlException - Description of the Exception
Since:: 4.5

getPrincipalsEntries

public PrincipalEntries[] getPrincipalsEntries(java.security.Permission[] perms)

This method is similar to getPrincipalEntries(Permission), but allows to process more request in one batch.

Parameters:: perms - permissions act as filter for the constructed result
Returns:: principalEnumeration enumeration of principal entries contained in the principal enumeration
Throws:: java.security.AccessControlException - Description of the Exception

getPrincipalEntries

public PrincipalEntries getPrincipalEntries()
                                     throws java.security.AccessControlException

Returns enumeration of principal entries.
(Authorization: To use this method you must have permission to get permissions (ACLPermission) or you must own some object (e.g. deployed package) or you must have permission to deploy packages).

Returns:: principalEnumeration enumeration of principal entries contained in the principal enumeration
Throws:: java.security.AccessControlException - Description of the Exception

isRoleManager

public boolean isRoleManager()

Test whether this policy can manage roles.

Returns:: false

getRoleNames

public java.util.Iterator getRoleNames()

Returns iterator of role names.
(Authorization: To use this method you must have permission to get roles (ACLPermission).

Returns:: iterator of role names (strings)

addPermissionToRole

public boolean addPermissionToRole(java.lang.String roleName,
                                   java.security.Permission permission)

Adds permission to role.
(Authorization: To use this method you must have permission to modify roles (ACLPermission).

Parameters:: roleName - name of the role; permission - permission to add, can be null ro cteate empty role entry
Returns:: true if the permission was added, false if it cannot be added

removePermissionFromRole

public boolean removePermissionFromRole(java.lang.String roleName,
                                        java.security.Permission permission)

Removes permission from role.
(Authorization: To use this method you must have permission to modify roles (ACLPermission).

Parameters:: roleName - name of the role; permission - permission to add
Returns:: true if the permission was removed, false if it cannot be added

getRolePermissions

public java.security.PermissionCollection getRolePermissions(java.lang.String roleName)

Get permissions of the role.
(Authorization: To use this method you must have permission to get roles (ACLPermission).

Parameters:: roleName - name of the role
Returns:: permission collection containing enumeration of role permissions
Throws:: java.security.AccessControlException - the caller is not authorized to invoke this method

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.systinet.wasp.admin Interface PolicyManagement

isUpdatable

addPermissions

addPermission

removePermission

getPrincipalPermissions

getPrincipalPermissions

getPrincipalEntries

getPrincipalsOwningPermission

getPrincipalsEntries

getPrincipalEntries

isRoleManager

getRoleNames

addPermissionToRole

removePermissionFromRole

getRolePermissions

org.systinet.wasp.admin
Interface PolicyManagement