Package com.sun.identity.entitlement

Class ApplicationPrivilegeManager

java.lang.Object

com.sun.identity.entitlement.ApplicationPrivilegeManager

Direct Known Subclasses:

OpenSSOApplicationPrivilegeManager

public abstract class ApplicationPrivilegeManager
extends Object

This class manages the delegation of application privileges.

Field Summary

Fields

Modifier and Type	Field	Description
static String	ACTION_DELEGATE
static String	ACTION_MODIFY
static String	ACTION_READ

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	ApplicationPrivilegeManager()

Method Summary

Modifier and Type	Method	Description
abstract void	addPrivilege(ApplicationPrivilege appPrivilege)	Adds a delegation privilege.
abstract boolean	canCreateApplication(String realm)	Returns true if subject can create application.
abstract Set<String>	getApplications(ApplicationPrivilege.Action action)	Returns application names for a given action.
static ApplicationPrivilegeManager	getInstance(String realm, Subject caller)	Returns an instance of application privilege manager.
abstract ApplicationPrivilege	getPrivilege(String name)	Returns the application privilege object.
abstract Set<String>	getResources(String applicationName, ApplicationPrivilege.Action action)	Returns a set of resources for an application and an action.
abstract boolean	hasPrivilege(Application app, ApplicationPrivilege.Action action)
abstract boolean	hasPrivilege(Privilege p, ApplicationPrivilege.Action action)	Returns true if the subject has permission to a privilege of a given action.
abstract boolean	hasPrivilege(ReferralPrivilege p, ApplicationPrivilege.Action action)	Returns true if the subject has permission to a referral privilege of a given action.
abstract void	removePrivilege(String name)	Removes a privilege.
abstract void	replacePrivilege(ApplicationPrivilege appPrivilege)	Replaces (or modifies) an existing privilege.
abstract Set<String>	search(Set<SearchFilter> filters)	Returns a set of privilege names that the administrator can delegate.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ACTION_READ

public static final String ACTION_READ

ACTION_MODIFY

public static final String ACTION_MODIFY

ACTION_DELEGATE

public static final String ACTION_DELEGATE

Constructor Detail

ApplicationPrivilegeManager

protected ApplicationPrivilegeManager()

Method Detail

addPrivilege

public abstract void addPrivilege(ApplicationPrivilege appPrivilege)
                           throws EntitlementException

Adds a delegation privilege.

Parameters:

appPrivilege - Application Privilege to be added

Throws:

EntitlementException - if privilege cannot be added.

replacePrivilege

public abstract void replacePrivilege(ApplicationPrivilege appPrivilege)
                               throws EntitlementException

Replaces (or modifies) an existing privilege.

Parameters:

appPrivilege - New privilege.

Throws:

EntitlementException - if privilege cannot be replaced.

removePrivilege

public abstract void removePrivilege(String name)
                              throws EntitlementException

Removes a privilege.

Parameters:

name - Name of privilege to remove

Throws:

EntitlementException - if privilege cannot be removed.

search

public abstract Set<String> search(Set<SearchFilter> filters)

Returns a set of privilege names that the administrator can delegate.

Parameters:

filters - Set of search filters.

Returns:

Set of privilege names that the administrator can delegate.

getPrivilege

public abstract ApplicationPrivilege getPrivilege(String name)
                                           throws EntitlementException

Returns the application privilege object.

Parameters:

name - Name of application privilege.

Returns:

the application privilege object.

Throws:

EntitlementException - if privilege cannot be returned.

hasPrivilege

public abstract boolean hasPrivilege(Privilege p,
                                     ApplicationPrivilege.Action action)
                              throws EntitlementException

Returns true if the subject has permission to a privilege of a given action.

Parameters:

p - Privilege.

action - Privilege action.

Returns:

true if the subject has permission to a privilege of a given action.

Throws:

EntitlementException

hasPrivilege

public abstract boolean hasPrivilege(Application app,
                                     ApplicationPrivilege.Action action)
                              throws EntitlementException

Throws:

EntitlementException

hasPrivilege

public abstract boolean hasPrivilege(ReferralPrivilege p,
                                     ApplicationPrivilege.Action action)
                              throws EntitlementException

Returns true if the subject has permission to a referral privilege of a given action.

Parameters:

p - Referral Privilege.

action - Privilege action.

Returns:

true if the subject has permission to a referral privilege of a given action.

Throws:

EntitlementException

getResources

public abstract Set<String> getResources(String applicationName,
                                         ApplicationPrivilege.Action action)

Returns a set of resources for an application and an action.

Parameters:

applicationName - Application name.

action - Privilege action.

Returns:

set of resources for an application and an action.

getApplications

public abstract Set<String> getApplications(ApplicationPrivilege.Action action)

Returns application names for a given action.

Parameters:

action - Privilege action.

Returns:

application names for a given action.

canCreateApplication

public abstract boolean canCreateApplication(String realm)

Returns true if subject can create application.

Parameters:

realm - Realm where application is to be created.

getInstance

public static ApplicationPrivilegeManager getInstance(String realm,
                                                      Subject caller)

Returns an instance of application privilege manager.

Parameters:

realm - Realm name.

caller - Administrator subject.

Returns:

an instance of application privilege manager.