com.sun.identity.delegation

Class DelegationManager

java.lang.Object

com.sun.identity.delegation.DelegationManager

public final class DelegationManager
extends Object

The DelegationManager class manages delegation privileges for a specific realm. This class is the starting point for delegation management, and provides methods to create/remove/get delegation privileges.

It is a final class and hence cannot be further extended.

Field Summary

Fields

Modifier and Type	Field and Description
static Debug	debug
static String	DELEGATION_SERVICE

Constructor Summary

Constructors

Constructor and Description
DelegationManager(SSOToken token, String orgName) Constructor of DelegationManager for the specified realm.

Method Summary

Modifier and Type	Method and Description
void	addPrivilege(DelegationPrivilege privilege) Adds a delegation privilege to a specific realm.
Set	getConfiguredPrivilegeNames() Returns all the names of the delegation privileges that are configured with the realm.
Set	getManageableOrganizationNames(Set organizationNames) Returns a set of realm names, based on the input parameter organizationNames, in which the "user" has some delegation permissions.
Set	getPrivileges() Returns all the delegation privileges associated with the realm.
Set	getPrivileges(String universalId) Returns all the delegation privileges associated with the realm and applicable to a subject.
Set	getSubjects(String pattern) Returns a set of selected subjects matching the pattern in the given realm.
void	removePrivilege(String privilegeName) Removes a delegation privilege to the realm.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DELEGATION_SERVICE

public static final String DELEGATION_SERVICE

See Also:

Constant Field Values

debug

public static final Debug debug

Constructor Detail

DelegationManager

public DelegationManager(SSOToken token,
                         String orgName)
                  throws SSOException,
                         DelegationException

Constructor of DelegationManager for the specified realm. It requires a SSOToken which will be used to perform delegation operations. The user needs to have "delegation" privilege in the specified realm, or DelegationException will be thrown.

Parameters:

token - of the user delegating privileges.

orgName - The name of the realm for which the user delegates privileges.

Throws:

SSOException - if invalid or expired single-sign-on token

DelegationException - for any other abnormal condition

Method Detail

getConfiguredPrivilegeNames

public Set getConfiguredPrivilegeNames()
                                throws DelegationException

Returns all the names of the delegation privileges that are configured with the realm.

Returns:

Set of DelegationPrivilege names configured with the realm.

Throws:

DelegationException - for any abnormal condition

getPrivileges

public Set getPrivileges()
                  throws DelegationException

Returns all the delegation privileges associated with the realm.

Returns:

Set of DelegationPrivilege objects associated with the realm.

Throws:

DelegationException - for any abnormal condition

getPrivileges

public Set getPrivileges(String universalId)
                  throws DelegationException

Returns all the delegation privileges associated with the realm and applicable to a subject.

Parameters:

universalId - The universal ID of the subject

Returns:

Set of applicable DelegationPrivilege objects.

Throws:

DelegationException - for any abnormal condition

addPrivilege

public void addPrivilege(DelegationPrivilege privilege)
                  throws DelegationException

Adds a delegation privilege to a specific realm. The permission will be added to the existing privilege in the event that this method is trying to add to an existing privilege.

Parameters:

privilege - The delegation privilege to be added.

Throws:

DelegationException - if any abnormal condition occurred.

removePrivilege

public void removePrivilege(String privilegeName)
                     throws DelegationException

Removes a delegation privilege to the realm.

Parameters:

privilegeName - The name of the DelegationPrivilege to be removed.

Throws:

DelegationException - for any abnormal condition

getSubjects

public Set getSubjects(String pattern)
                throws DelegationException

Returns a set of selected subjects matching the pattern in the given realm. The pattern accepts "*" as the wild card for searching subjects. For example, "a*c" matches with any subject starting with a and ending with c.

Parameters:

pattern - a filter used to select the subjects.

Returns:

a Set of subjects associated with the realm.

Throws:

DelegationException - for any abnormal condition

getManageableOrganizationNames

public Set getManageableOrganizationNames(Set organizationNames)
                                   throws DelegationException

Returns a set of realm names, based on the input parameter organizationNames, in which the "user" has some delegation permissions.

Parameters:

organizationNames - a Set of realm names.

Returns:

a Set of realm names in which the user has some delegation permissions. It is a subset of organizationNames

Throws:

DelegationException - for any abnormal condition