org.openpermis.subject
Class MutableSubject<T extends RoleAssignmentContext>

java.lang.Object
  extended by org.openpermis.subject.MutableSubject<T>
Type Parameters:
T - the context of this subject.
All Implemented Interfaces:
Serializable, Identifiable, Subject

public final class MutableSubject<T extends RoleAssignmentContext>
extends Object
implements Subject

Mutable subject implementation that uses a role assignment context to manage its state.

The mutable subject uses a role assignment controller to initialize its internal state from, to write new role assignments with and to revoke role assignments.

The mutable subject itself is defined by a list of RoleAssignment that describe the actual roles (and issuers, validity) that the subject has.

See Also:
Serialized Form
Since:
0.9.0

Constructor Summary
MutableSubject(RoleAssignmentController<T> controller, SubjectFinder subjectFinder, URI identity)
          Creates a mutable subject with an identity that identifies it, with a controller to manage role assignments, and a subject finder to find other subjects.
 
Method Summary
 void assignRole(Subject issuer, Role role, Date validFrom, Date validTo)
          Assigns this subject the specified role that is valid from validFrom to validTo issued by the specified issuer.
 void assignRole(Subject issuer, RoleDefinition role, Date validFrom, Date validTo)
          Assigns this subject the specified role with the specified validity issued by the specified issuer.
 Set<RoleDefinition> getAssignedRoleDefinitions(TimeStamp timeStamp, TimePeriodConstraint constraint)
          Returns a set of role definitions held by this subject at the current time.
 Set<Role> getAssignedRoles(TimeStamp timeStamp, TimePeriodConstraint constraint, Set<Role> roles)
          Returns a subset of all roles held by this subject at the current time.
 URI getIdentity()
          Returns the identity of this part.
 Set<Subject> getIssuersOf(Role role)
          Returns the subjects who issued the role to this.
 void revokeRole(Role role)
          Revokes the specified role of this subject.
 void revokeRole(RoleDefinition role)
          Revokes the specified role definition of this subject.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

MutableSubject

public MutableSubject(RoleAssignmentController<T> controller,
                      SubjectFinder subjectFinder,
                      URI identity)
Creates a mutable subject with an identity that identifies it, with a controller to manage role assignments, and a subject finder to find other subjects.

Parameters:
identity - the identity of this subject.
controller - to manage role assignments.
subjectFinder - to find other subjects.
Since:
0.9.0
Method Detail

assignRole

public void assignRole(Subject issuer,
                       Role role,
                       Date validFrom,
                       Date validTo)
                throws SubjectException
Assigns this subject the specified role that is valid from validFrom to validTo issued by the specified issuer.

Parameters:
issuer - the issuer of the role.
role - the role that is issued to this subject.
validFrom - validity start.
validTo - validity end.
Throws:
SubjectException - signals that the assignment failed.
Since:
0.9.0

assignRole

public void assignRole(Subject issuer,
                       RoleDefinition role,
                       Date validFrom,
                       Date validTo)
                throws SubjectException
Assigns this subject the specified role with the specified validity issued by the specified issuer.

Parameters:
issuer - the issuer of the role.
role - the role that is issued to this subject.
validFrom - validity start.
validTo - validity end.
Throws:
SubjectException - signals that the assignment failed.
Since:
0.9.0

revokeRole

public void revokeRole(RoleDefinition role)
                throws SubjectException
Revokes the specified role definition of this subject.

This implementation deletes all role assignments that contains the specified role. In case of assignments that contains more than one role, this method has the serious side effect that other roles of this subject may also be revoked. Therefore it is strongly recommended that role assignments should only contain one role.

Future implementations will support different strategies for revoking role assignments (E. g. revocation list).

Parameters:
role - to revoke from this subject.
Throws:
SubjectException - signals that the revocation failed.
Since:
0.9.0

revokeRole

public void revokeRole(Role role)
                throws SubjectException
Revokes the specified role of this subject.

Parameters:
role - to revoke from this subject.
See Also:
for details.
Throws:
SubjectException - signals that the revocation failed.
Since:
0.9.0

getIdentity

public URI getIdentity()
Description copied from interface: Identifiable
Returns the identity of this part.

Specified by:
getIdentity in interface Identifiable
Returns:
the identity of this part.
Since:
0.9.0

getAssignedRoleDefinitions

public Set<RoleDefinition> getAssignedRoleDefinitions(TimeStamp timeStamp,
                                                      TimePeriodConstraint constraint)
Description copied from interface: Subject
Returns a set of role definitions held by this subject at the current time.

Specified by:
getAssignedRoleDefinitions in interface Subject
Parameters:
timeStamp - the current time, a TimeStamp.
constraint - to constrain the time period of the role assignment.
Returns:
the set of role definitions held by this subject at the current time, never null but may be empty if the subject does not hold any roles.
Since:
0.9.0

getAssignedRoles

public Set<Role> getAssignedRoles(TimeStamp timeStamp,
                                  TimePeriodConstraint constraint,
                                  Set<Role> roles)
Description copied from interface: Subject
Returns a subset of all roles held by this subject at the current time.

Specified by:
getAssignedRoles in interface Subject
Parameters:
timeStamp - the current time, a TimeStamp.
constraint - to constrain the time period of the role assignment.
roles - a set of Roles.
Returns:
a subset of roles containing only those roles that have been assigned to this subject.
Since:
0.9.0

getIssuersOf

public Set<Subject> getIssuersOf(Role role)
                          throws SubjectException
Description copied from interface: Subject
Returns the subjects who issued the role to this.

Specified by:
getIssuersOf in interface Subject
Parameters:
role - a Role. The subject assumes that it previously confirmed with Subject.getAssignedRoles(TimeStamp, TimePeriodConstraint, Set) to have this role.
Returns:
the subjects who issued the role to this.
Throws:
SubjectException - signals a problem in finding an issuer.
Since:
0.9.0


OpenPermis Role Based Access Control 0.9.0 (Build 16)
2009/08/13 07:16:59
Copyright (c) 2002-2007 Ergon Informatik AG