|
![]() |
||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.openpermis.subject.MutableSubject<T>
T
- the context of this subject.public final class MutableSubject<T extends RoleAssignmentContext>
Mutable subject implementation that uses a role assignment context to manage its state.
The mutable subject uses a role assignment controller to initialize its internal state from, to write new role assignments with and to revoke role assignments.
The mutable subject itself is defined by a list of RoleAssignment
that describe
the actual roles (and issuers, validity) that the subject has.
Constructor Summary | |
---|---|
MutableSubject(RoleAssignmentController<T> controller,
SubjectFinder subjectFinder,
URI identity)
Creates a mutable subject with an identity that identifies it, with a controller to manage role assignments, and a subject finder to find other subjects. |
Method Summary | |
---|---|
void |
assignRole(Subject issuer,
Role role,
Date validFrom,
Date validTo)
Assigns this subject the specified role that is valid from validFrom to validTo issued by the specified issuer. |
void |
assignRole(Subject issuer,
RoleDefinition role,
Date validFrom,
Date validTo)
Assigns this subject the specified role with the specified validity issued by the specified issuer. |
Set<RoleDefinition> |
getAssignedRoleDefinitions(TimeStamp timeStamp,
TimePeriodConstraint constraint)
Returns a set of role definitions held by this subject at the current time. |
Set<Role> |
getAssignedRoles(TimeStamp timeStamp,
TimePeriodConstraint constraint,
Set<Role> roles)
Returns a subset of all roles held by this subject at the current time. |
URI |
getIdentity()
Returns the identity of this part. |
Set<Subject> |
getIssuersOf(Role role)
Returns the subjects who issued the role to this. |
void |
revokeRole(Role role)
Revokes the specified role of this subject. |
void |
revokeRole(RoleDefinition role)
Revokes the specified role definition of this subject. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public MutableSubject(RoleAssignmentController<T> controller, SubjectFinder subjectFinder, URI identity)
identity
- the identity of this subject.controller
- to manage role assignments.subjectFinder
- to find other subjects.Method Detail |
---|
public void assignRole(Subject issuer, Role role, Date validFrom, Date validTo) throws SubjectException
issuer
- the issuer of the role.role
- the role that is issued to this subject.validFrom
- validity start.validTo
- validity end.
SubjectException
- signals that the assignment failed.public void assignRole(Subject issuer, RoleDefinition role, Date validFrom, Date validTo) throws SubjectException
issuer
- the issuer of the role.role
- the role that is issued to this subject.validFrom
- validity start.validTo
- validity end.
SubjectException
- signals that the assignment failed.public void revokeRole(RoleDefinition role) throws SubjectException
This implementation deletes all role assignments that contains the specified role. In case of assignments that contains more than one role, this method has the serious side effect that other roles of this subject may also be revoked. Therefore it is strongly recommended that role assignments should only contain one role.
Future implementations will support different strategies for revoking role assignments (E. g. revocation list).
role
- to revoke from this subject.
SubjectException
- signals that the revocation failed.public void revokeRole(Role role) throws SubjectException
role
- to revoke from this subject.for details.
SubjectException
- signals that the revocation failed.public URI getIdentity()
Identifiable
getIdentity
in interface Identifiable
public Set<RoleDefinition> getAssignedRoleDefinitions(TimeStamp timeStamp, TimePeriodConstraint constraint)
Subject
getAssignedRoleDefinitions
in interface Subject
timeStamp
- the current time, a TimeStamp
.constraint
- to constrain the time period of the role assignment.
null
but may be empty if the subject does not hold any roles.public Set<Role> getAssignedRoles(TimeStamp timeStamp, TimePeriodConstraint constraint, Set<Role> roles)
Subject
getAssignedRoles
in interface Subject
timeStamp
- the current time, a TimeStamp
.constraint
- to constrain the time period of the role assignment.roles
- a set of Role
s.
roles
containing only those roles that have
been assigned to this subject.public Set<Subject> getIssuersOf(Role role) throws SubjectException
Subject
getIssuersOf
in interface Subject
role
- a Role
. The subject assumes that it previously confirmed
with Subject.getAssignedRoles(TimeStamp, TimePeriodConstraint, Set)
to have this role.
SubjectException
- signals a problem in finding an issuer.
|
![]() |
||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
OpenPermis Role Based Access Control 0.9.0 (Build 16)
2009/08/13 07:16:59
Copyright (c) 2002-2007 Ergon Informatik AG