Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
Project Aristotle - ArisID Attribute Services
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.openliberty.arisid
Class Interaction

java.lang.Object
  extended by org.openliberty.arisid.Interaction
All Implemented Interfaces:
IAddInteraction, ICompareInteraction, IDeleteInteraction, IFindInteraction, IInteraction, IModifyInteraction, IReadInteraction, ISearchInteraction
public class Interaction
extends java.lang.Object
implements IAddInteraction, ICompareInteraction, IReadInteraction, ISearchInteraction, IFindInteraction, IDeleteInteraction, IModifyInteraction, IInteraction

An Interaction is used to define a single transaction operation and its related schema. The Interaction object is also used to invoke the desired operations implemented by the IAttrSvcStack provider.

Field Summary
static int OP_ADD
          A constant indicating that an Interaction is an Add operation.
static int OP_COMPARE
          A constant indicating that the Interaction is for a Compare operation.
static int OP_DELETE
          A constant indicating that an Interaction is a Delete operation.
static int OP_FIND
          A constant indicating that an Interaction is for a Find operation.
static int OP_MODIFY
          A constant indicating that an Interaction is a Modify operation.
static int OP_READ
          A constant indicating that an Interaction is a Read operation.
static int OP_SEARCH
          A constant indicating that the Interaction is for a Search operation.
 
Method Summary
 org.w3c.dom.Node appendNode(org.w3c.dom.Node parent)
           
 IPrincipalIdentifier doAdd(IAttributeValue[] attrVals, java.lang.String[] roles, javax.security.auth.Subject user)
          Method to allow client code to add a new Identity through the attribute services.
 boolean doCompare(IPrincipalIdentifier subjectIdentifierKey, java.util.List<IAttributeValue> attrFilterVals, javax.security.auth.Subject user)
          The compareIdentity method is used to test a set of PredicateDef conditions (declared in the Interaction) against a subject user and return a boolean response.
 void doDelete(IPrincipalIdentifier subjectIdentifierKey, IPolicy dynamicConstraints, javax.security.auth.Subject user)
          Method to delete a subject from the attribute service.
 void doDelete(IPrincipalIdentifier subjectIdentifierKey, javax.security.auth.Subject user)
          Method to delete a subject from the attribute service.
 IDigitalSubject doFind(java.util.List<IAttributeValue> attrFilterVals, java.util.Map<java.lang.String,IPolicy> dynamicConstraintsMap, javax.security.auth.Subject user)
          Method to find a single subject.
 IDigitalSubject doFind(java.util.List<IAttributeValue> attrFilterVals, javax.security.auth.Subject user)
          Method to find a single subject.
 IDigitalSubject doGet(IPrincipalIdentifier subjectIdentifierKey, java.util.Map<java.lang.String,IPolicy> dynamicConstraintsMap, javax.security.auth.Subject user)
          The getIdentity method is used to retrieve attributes and properties about individuals based on the declared interaction and a subject index value.
 IDigitalSubject doGet(IPrincipalIdentifier subjectIdentifierKey, javax.security.auth.Subject user)
          The getIdentity method is used to retrieve attributes and properties about individuals based on the declared interaction and a subject index value.
 IDigitalSubject doGetByRequest(javax.servlet.http.HttpServletRequest request, java.util.Map<java.lang.String,IPolicy> dynamicConstraintsMap, javax.security.auth.Subject user)
          This getIdentityByServletReq allows the attribute service to locate information using content from the ServletRequest object such as form input, or SAML assertions to process a lookup defined in the Interaction.
 IDigitalSubject doGetByRequest(javax.servlet.http.HttpServletRequest request, javax.security.auth.Subject user)
          This getIdentityByServletReq allows the attribute service to locate information using content from the ServletRequest object such as form input, or SAML assertions to process a lookup defined in the Interaction.
 void doModify(IPrincipalIdentifier subjectIdentifierKey, IAttributeValue[] modVals, java.lang.String[] roleVals, javax.security.auth.Subject user)
          The modify method allows attributes of a Subject to be modified within the attribute service.
 IResultSet doSearch(java.util.List<IAttributeValue> attrFilterVals, java.util.Map<java.lang.String,IPolicy> dynamicConstraintsMap, javax.security.auth.Subject user)
          The search operation can be used for reporting purposes to locate a set of subjects that match a particular condition.
 IResultSet doSearch(java.util.List<IAttributeValue> attrFilterVals, javax.security.auth.Subject user)
          The search operation can be used for reporting purposes to locate a set of subjects that match a particular condition.
 AttributeDef getAttributeDef(java.lang.String nameId)
          Get an AttributeDef used in an Interaction.
 java.util.Set<java.lang.String> getAttributeIds()
           
 IPolicy getAttributePolicyDef(java.lang.String attrNameId)
           
 AttributeRef getAttributeRef(java.lang.String nameId)
           
 java.util.Collection<AttributeRef> getAttributeRefs()
           
 ArisIdService getAttributeService()
           
 java.lang.String getDescription()
           
 java.lang.String getEntityName()
           
 Filter getFilter()
           
 IPolicy getInteractionPolicyDef()
           
 int getMaxReturns()
          Gets the maximum count of subjects that the client expects to process.
 java.lang.String getNameId()
           
 int getOperationType()
           
 int getPageSize()
          Preferred page size for those service providers that can optimize traffic and buffering.
 PredicateDef getPredicateDef(java.lang.String name)
          Returns a PredicateDef used in an Interaction
 java.util.Set<java.lang.String> getPredicateIds()
           
 IPolicy getPredicatePolicyDef(java.lang.String predNameId)
           
 PredicateRef getPredicateRef(java.lang.String nameId)
           
 java.util.Collection<PredicateRef> getPredicateRefs()
           
 RoleDef getRoleDef(java.lang.String name)
           
 java.util.Set<java.lang.String> getRoleIds()
           
 IPolicy getRolePolicyDef(java.lang.String roleNameId)
           
 RoleRef getRoleRef(java.lang.String nameId)
           
 java.util.Collection<RoleRef> getRoleRefs()
           
 IPolicy getTransactionPolicy()
           
 boolean isAdd()
           
 boolean isCompare()
           
 boolean isDelete()
           
 boolean isFind()
           
 boolean isModify()
           
 boolean isRead()
           
 boolean isSearch()
           
 java.lang.String toString()
           
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

OP_READ

public static final int OP_READ
A constant indicating that an Interaction is a Read operation.

See Also:
Constant Field Values

OP_MODIFY

public static final int OP_MODIFY
A constant indicating that an Interaction is a Modify operation.

See Also:
Constant Field Values

OP_ADD

public static final int OP_ADD
A constant indicating that an Interaction is an Add operation.

See Also:
Constant Field Values

OP_DELETE

public static final int OP_DELETE
A constant indicating that an Interaction is a Delete operation.

See Also:
Constant Field Values

OP_FIND

public static final int OP_FIND
A constant indicating that an Interaction is for a Find operation.

See Also:
Constant Field Values

OP_SEARCH

public static final int OP_SEARCH
A constant indicating that the Interaction is for a Search operation.

See Also:
Constant Field Values

OP_COMPARE

public static final int OP_COMPARE
A constant indicating that the Interaction is for a Compare operation.

See Also:
Constant Field Values
Method Detail

appendNode

public org.w3c.dom.Node appendNode(org.w3c.dom.Node parent)
Specified by:
appendNode in interface IInteraction

getAttributeService

public ArisIdService getAttributeService()
Specified by:
getAttributeService in interface IInteraction

getAttributeDef

public AttributeDef getAttributeDef(java.lang.String nameId)
Get an AttributeDef used in an Interaction.

Specified by:
getAttributeDef in interface IInteraction
Parameters:
nameId - of an AttibuteDef (baseAttribute.getNameId()).
Returns:
AttributeDef

getAttributeIds

public java.util.Set<java.lang.String> getAttributeIds()
Specified by:
getAttributeIds in interface IInteraction

getAttributeRefs

public java.util.Collection<AttributeRef> getAttributeRefs()
Specified by:
getAttributeRefs in interface IInteraction

getAttributeRef

public AttributeRef getAttributeRef(java.lang.String nameId)
Specified by:
getAttributeRef in interface IInteraction

getPredicateDef

public PredicateDef getPredicateDef(java.lang.String name)
Returns a PredicateDef used in an Interaction

Specified by:
getPredicateDef in interface IInteraction
Parameters:
name - of a PredicateDef (baseAttribute.getNameId()).
Returns:
PredicateDef

getPredicateIds

public java.util.Set<java.lang.String> getPredicateIds()
Specified by:
getPredicateIds in interface IInteraction

getPredicateRefs

public java.util.Collection<PredicateRef> getPredicateRefs()
Specified by:
getPredicateRefs in interface IInteraction

getPredicateRef

public PredicateRef getPredicateRef(java.lang.String nameId)
Specified by:
getPredicateRef in interface IInteraction

getRoleDef

public RoleDef getRoleDef(java.lang.String name)
Specified by:
getRoleDef in interface IInteraction

getRoleIds

public java.util.Set<java.lang.String> getRoleIds()
Specified by:
getRoleIds in interface IInteraction

getRoleRefs

public java.util.Collection<RoleRef> getRoleRefs()
Specified by:
getRoleRefs in interface IInteraction

getRoleRef

public RoleRef getRoleRef(java.lang.String nameId)
Specified by:
getRoleRef in interface IInteraction

getFilter

public Filter getFilter()
Specified by:
getFilter in interface IInteraction

getDescription

public java.lang.String getDescription()
Specified by:
getDescription in interface IInteraction

getOperationType

public int getOperationType()
Specified by:
getOperationType in interface IInteraction
Returns:
The operation type for the transaction (e.g. OP_ADD, OP_READ).

getNameId

public java.lang.String getNameId()
Specified by:
getNameId in interface IInteraction
Returns:
the String name of the Interaction.

getTransactionPolicy

public IPolicy getTransactionPolicy()
Specified by:
getTransactionPolicy in interface IInteraction

getMaxReturns

public int getMaxReturns()
Description copied from interface: ISearchInteraction
Gets the maximum count of subjects that the client expects to process. Once maxSubjects have been returned, the results should terminate with the result set indicating partial results received if more were available.

Specified by:
getMaxReturns in interface ISearchInteraction

getPageSize

public int getPageSize()
Description copied from interface: ISearchInteraction
Preferred page size for those service providers that can optimize traffic and buffering. Page size means that the client would like to retrieve pageSize entries at a time from memory.

Specified by:
getPageSize in interface ISearchInteraction

isAdd

public boolean isAdd()
Specified by:
isAdd in interface IAddInteraction
Specified by:
isAdd in interface IInteraction

isFind

public boolean isFind()
Specified by:
isFind in interface IFindInteraction
Specified by:
isFind in interface IInteraction

isCompare

public boolean isCompare()
Specified by:
isCompare in interface ICompareInteraction
Specified by:
isCompare in interface IInteraction

isDelete

public boolean isDelete()
Specified by:
isDelete in interface IDeleteInteraction
Specified by:
isDelete in interface IInteraction

isModify

public boolean isModify()
Specified by:
isModify in interface IInteraction
Specified by:
isModify in interface IModifyInteraction

isSearch

public boolean isSearch()
Specified by:
isSearch in interface IInteraction
Specified by:
isSearch in interface ISearchInteraction

isRead

public boolean isRead()
Specified by:
isRead in interface IInteraction
Specified by:
isRead in interface IReadInteraction

doAdd

public IPrincipalIdentifier doAdd(IAttributeValue[] attrVals,
                                  java.lang.String[] roles,
                                  javax.security.auth.Subject user)
                           throws ConnectionException,
                                  PolicyException,
                                  NoSuchContextException,
                                  SubjectNotUniqueException,
                                  SchemaException,
                                  MappingException,
                                  DeclarationException,
                                  NoSuchSubjectException
Description copied from interface: IAddInteraction
Method to allow client code to add a new Identity through the attribute services. The IAttrSvcStack will map the correct authority and add the entity and its values as appropriate. Note that while the application may view a subject as a new Identity, it is quite possible that the attribute service will re-map the add to be a modify function in the event of a record that already exists depending on configured policy.

Specified by:
doAdd in interface IAddInteraction
Parameters:
attrVals - An array of IAttributeValue objects defining the attributes of the Subject to be added. Note: Dynamic policy constraints may also be specified by adding them to specific IAttributeValue values.
roles - The roles (of the declared roles) that should be set. If a declared value is not present, that is treated as a clear. A null value means no changes for roles are to be made.
user - the Subject credential under which the add operation is to be performed or null if the transaction is to be done using the application credential context alone.
Returns:
a principal identifier representing the subject added.
Throws:
ConnectionException - Occurs when there was a connection error trying to connect to the appropriate attribute authority.
PolicyException - Occurs when the add is refused due to policy restrictions
NoSuchContextException - Occurs when the Subject cannot be mapped to an appropriate attribute authority context.
SubjectNotUniqueException - Is thrown when a subject already exists and policy has determined that the add may not be converted to a modify.
SchemaException - Is thrown when the attributes being added cannot be mapped to the schema within the attribute authority. This may or may not indicate a partial add was completed. Exception should indicate details.
MappingException - Is thrown when an error has occurred mapping attribute values to the attribute authority schema.
DeclarationException - The Interaction was not declared as an Add Interaction.
NoSuchSubjectException - if the non-null value of the user parameter does not exist.
See Also:
IAttrSvcStack.doAdd(IAddInteraction, IAttributeValue[], String[], Subject)

doFind

public IDigitalSubject doFind(java.util.List<IAttributeValue> attrFilterVals,
                              javax.security.auth.Subject user)
                       throws ConnectionException,
                              PolicyException,
                              NoSuchContextException,
                              NoSuchSubjectException,
                              SubjectNotUniqueException,
                              DeclarationException,
                              InvalidFilterException,
                              SchemaException,
                              MappingException
Description copied from interface: IFindInteraction
Method to find a single subject.

Specified by:
doFind in interface IFindInteraction
Parameters:
attrFilterVals - An array of IFilterValue and/or IAttributeValue objects that specify the comparison values for any AttrFilter objects contained in the declared filter for the transaction. The number of values specified must correspond exactly to the number specified in the declared filter. Use Filter.getCompareAttrValues() to obtain the values that need to be set.
IFilterValue allows for the capability for runtime setting of the comparison operator (contains, beginswith, etc).
user - The security credential under which the operation is to be performed
Returns:
String containing the mapped and authenticated subject key
Throws:
ConnectionException - Occurs when there was a connection error trying to connect to the appropriate attribute authority.
PolicyException - Occurs when the authentication is refused due to policy restrictions
NoSuchContextException - Occurs when the Subject cannot be mapped to an appropriate attribute authority context.
NoSuchSubjectException - Occurs when no Subject was located for the authenticate operation.
SubjectNotUniqueException - Occurs when the when more than one Subject is located and could not be uniquely authenticated.
DeclarationException - The interaction was not declared as a Authenticate Interaction.
InvalidFilterException - There is a problem with the declared filter or the provided filter values.
SchemaException - is thrown when a filter or role cannot be matched or used appropriately.
MappingException - is thrown when an error has occurred in mapping a filter or role to an appropriate search filter or in mapping a result.

doFind

public IDigitalSubject doFind(java.util.List<IAttributeValue> attrFilterVals,
                              java.util.Map<java.lang.String,IPolicy> dynamicConstraintsMap,
                              javax.security.auth.Subject user)
                       throws ConnectionException,
                              PolicyException,
                              NoSuchContextException,
                              NoSuchSubjectException,
                              SubjectNotUniqueException,
                              DeclarationException,
                              InvalidFilterException,
                              SchemaException,
                              MappingException
Description copied from interface: IFindInteraction
Method to find a single subject.

Specified by:
doFind in interface IFindInteraction
Parameters:
attrFilterVals - An array of IFilterValue and/or IAttributeValue objects that specify the comparison values for any AttrFilter objects contained in the declared filter for the transaction. The number of values specified must correspond exactly to the number specified in the declared filter. Use Filter.getCompareAttrValues() to obtain the values that need to be set.
IFilterValue allows for the capability for runtime setting of the comparison operator (contains, beginswith, etc).
dynamicConstraintsMap - A map containing a set of dynamic constraints relevant to the transaction. The map index is either an attribute, predicate, or role name, or interaction name (to define policy at the interaction level). This parameter is used for things like specifying a localization constraint on an attribute.
user - The security credential under which the operation is to be performed
Returns:
String containing the mapped and authenticated subject key
Throws:
ConnectionException - Occurs when there was a connection error trying to connect to the appropriate attribute authority.
PolicyException - Occurs when the authentication is refused due to policy restrictions
NoSuchContextException - Occurs when the Subject cannot be mapped to an appropriate attribute authority context.
NoSuchSubjectException - Occurs when no Subject was located for the authenticate operation.
SubjectNotUniqueException - Occurs when the when more than one Subject is located and could not be uniquely authenticated.
DeclarationException - The interaction was not declared as a Authenticate Interaction.
InvalidFilterException - There is a problem with the declared filter or the provided filter values.
SchemaException - is thrown when a filter or role cannot be matched or used appropriately.
MappingException - is thrown when an error has occurred in mapping a filter or role to an appropriate search filter or in mapping a result.

doCompare

public boolean doCompare(IPrincipalIdentifier subjectIdentifierKey,
                         java.util.List<IAttributeValue> attrFilterVals,
                         javax.security.auth.Subject user)
                  throws IGFException
Description copied from interface: ICompareInteraction
The compareIdentity method is used to test a set of PredicateDef conditions (declared in the Interaction) against a subject user and return a boolean response.

It is anticipated that this method is the preferred method of querying since it reduces information actually transferred from federated attribute sources.

Specified by:
doCompare in interface ICompareInteraction
Parameters:
subjectIdentifierKey - the unique subject to be compared
attrFilterVals - An array of AIAttributeValue or IFilterValue objects that specify the comparison values for any AttrFilter objects contained in the declared filter for the transaction. The number of values specified must correspond exactly to the number specified in the declared filter. Use Filter.getCompareAttrValues() to obtain the values that need to be set. Note: Dynamic policy constraints may also be specified by adding them to specific IAttributeValue values.
user - the credential context performing the compare or null if the transaction is to be done using the application credential context alone.
Returns:
true if Identity and conditions are matched.
Throws:
IGFException
See Also:
IAttrSvcStack.doCompare(ICompareInteraction, IPrincipalIdentifier, List, Subject)

doDelete

public void doDelete(IPrincipalIdentifier subjectIdentifierKey,
                     javax.security.auth.Subject user)
              throws ConnectionException,
                     PolicyException,
                     NoSuchContextException,
                     NoSuchSubjectException,
                     SubjectNotUniqueException,
                     DeclarationException
Description copied from interface: IDeleteInteraction
Method to delete a subject from the attribute service. Note that depending on policy the delete may not actually occur. From the perspective of the attribute authority, the delete is simply indicating that the client application is deleting the subject.

Specified by:
doDelete in interface IDeleteInteraction
Parameters:
subjectIdentifierKey - the subject to be deleted
user - The Subject credential under which the delete operation is to be performed or null if the transaction is to be done using the application credential context alone.
Throws:
ConnectionException - Occurs when there was a connection error trying to connect to the appropriate attribute authority.
PolicyException - Occurs when the delete is refused due to policy restrictions
NoSuchContextException - Occurs when the Subject cannot be mapped to an appropriate attribute authority context.
NoSuchSubjectException - Occurs when no Subject was located for the delete operation.
SubjectNotUniqueException - Occurs when the delete would impact more than one Subject.
DeclarationException - The interaction was not declared as a Delete Interaction.

doDelete

public void doDelete(IPrincipalIdentifier subjectIdentifierKey,
                     IPolicy dynamicConstraints,
                     javax.security.auth.Subject user)
              throws ConnectionException,
                     PolicyException,
                     NoSuchContextException,
                     NoSuchSubjectException,
                     SubjectNotUniqueException,
                     DeclarationException
Description copied from interface: IDeleteInteraction
Method to delete a subject from the attribute service. Note that depending on policy the delete may not actually occur. From the perspective of the attribute authority, the delete is simply indicating that the client application is deleting the subject.

Specified by:
doDelete in interface IDeleteInteraction
Parameters:
subjectIdentifierKey - the subject to be deleted
dynamicConstraints - A IPolicy object containing any transaction related constraints or null.
user - The Subject credential under which the delete operation is to be performed or null if the transaction is to be done using the application credential context alone.
Throws:
ConnectionException - Occurs when there was a connection error trying to connect to the appropriate attribute authority.
PolicyException - Occurs when the delete is refused due to policy restrictions
NoSuchContextException - Occurs when the Subject cannot be mapped to an appropriate attribute authority context.
NoSuchSubjectException - Occurs when no Subject was located for the delete operation.
SubjectNotUniqueException - Occurs when the delete would impact more than one Subject.
DeclarationException - The interaction was not declared as a Delete Interaction.

doGet

public IDigitalSubject doGet(IPrincipalIdentifier subjectIdentifierKey,
                             javax.security.auth.Subject user)
                      throws ConnectionException,
                             PolicyException,
                             NoSuchContextException,
                             NoSuchSubjectException,
                             SubjectNotUniqueException,
                             SchemaException,
                             MappingException,
                             DeclarationException
Description copied from interface: IReadInteraction
The getIdentity method is used to retrieve attributes and properties about individuals based on the declared interaction and a subject index value.

Specified by:
doGet in interface IReadInteraction
Parameters:
subjectIdentifierKey - the unique of the user to be retrieved
user - the credential context performing the read or null if the transaction is to be done using the application credential context alone.
Returns:
the DigitalSubject requested. An exception should be thrown if not matched.
Throws:
ConnectionException - is thrown when a network or other connection problem has occurred causing the transaction to fail.
PolicyException - is thrown when the the transaction has failed due to policy or consent failure.
NoSuchContextException - is thrown when the subject cannot be mapped to an available context. This is usually suggestive of a configuration problem.
NoSuchSubjectException - is thrown when the user cannot be mapped within a context to perform the operation.
SubjectNotUniqueException - is thrown when the subject or user cannot be uniquely mapped to a single context or is not unique within a context.
SchemaException - is thrown when an attribute is not successfully matched to a context. This can be due to a missing attribute or a non-compatible syntax error.
MappingException - is thrown when an error has occurred in mapping a value to a particular schema. In this case, the schema was valid, but the value was either invalid or not mappable.
DeclarationException
See Also:
IAttrSvcStack.doRead(IReadInteraction, IPrincipalIdentifier, Map, Subject)

doGet

public IDigitalSubject doGet(IPrincipalIdentifier subjectIdentifierKey,
                             java.util.Map<java.lang.String,IPolicy> dynamicConstraintsMap,
                             javax.security.auth.Subject user)
                      throws ConnectionException,
                             PolicyException,
                             NoSuchContextException,
                             NoSuchSubjectException,
                             SubjectNotUniqueException,
                             SchemaException,
                             MappingException,
                             DeclarationException
Description copied from interface: IReadInteraction
The getIdentity method is used to retrieve attributes and properties about individuals based on the declared interaction and a subject index value.

Specified by:
doGet in interface IReadInteraction
Parameters:
subjectIdentifierKey - the unique of the user to be retrieved
dynamicConstraintsMap - A map containing a set of dynamic constraints relevant to the transaction. The map index is either an attribute, predicate, or role name, or interaction name (to define policy at the interaction level). This parameter is used for things like specifying a localization constraint on an attribute.
user - the credential context performing the read or null if the transaction is to be done using the application credential context alone.
Returns:
the DigitalSubject requested. An exception should be thrown if not matched.
Throws:
ConnectionException - is thrown when a network or other connection problem has occurred causing the transaction to fail.
PolicyException - is thrown when the the transaction has failed due to policy or consent failure.
NoSuchContextException - is thrown when the subject cannot be mapped to an available context. This is usually suggestive of a configuration problem.
NoSuchSubjectException - is thrown when the user cannot be mapped within a context to perform the operation.
SubjectNotUniqueException - is thrown when the subject or user cannot be uniquely mapped to a single context or is not unique within a context.
SchemaException - is thrown when an attribute is not successfully matched to a context. This can be due to a missing attribute or a non-compatible syntax error.
MappingException - is thrown when an error has occurred in mapping a value to a particular schema. In this case, the schema was valid, but the value was either invalid or not mappable.
DeclarationException
See Also:
IAttrSvcStack.doRead(IReadInteraction, IPrincipalIdentifier, Map, Subject)

doGetByRequest

public IDigitalSubject doGetByRequest(javax.servlet.http.HttpServletRequest request,
                                      javax.security.auth.Subject user)
                               throws ConnectionException,
                                      PolicyException,
                                      NoSuchContextException,
                                      NoSuchSubjectException,
                                      SubjectNotUniqueException,
                                      SchemaException,
                                      MappingException,
                                      DeclarationException
Description copied from interface: IReadInteraction
This getIdentityByServletReq allows the attribute service to locate information using content from the ServletRequest object such as form input, or SAML assertions to process a lookup defined in the Interaction.

Specified by:
doGetByRequest in interface IReadInteraction
Parameters:
request - the ServletRequest object to be parsed for a Subject context
user - the credential context performing the read or null if the transaction is to be done using the application credential context alone.
Returns:
the DigitalSubject requested. An exception should be thrown if not matched.
Throws:
ConnectionException - is thrown when a network or other connection problem has occurred causing the transaction to fail.
PolicyException - is thrown when the the transaction has failed due to policy or consent failure.
NoSuchContextException - is thrown when the subject cannot be mapped to an available context. This is usually suggestive of a configuration problem.
NoSuchSubjectException - is thrown when the user cannot be mapped within a context to perform the operation.
SubjectNotUniqueException - is thrown when the subject or user cannot be uniquely mapped to a single context or is not unique within a context.
SchemaException - is thrown when an attribute is not successfully matched to a context. This can be due to a missing attribute or a non-compatible syntax error.
MappingException - is thrown when an error has occurred in mapping a value to a particular schema. In this case, the schema was valid, but the value was either invalid or not mappable.
DeclarationException
See Also:
IAttrSvcStack.doRead(IReadInteraction, HttpServletRequest, Map, Subject)

doGetByRequest

public IDigitalSubject doGetByRequest(javax.servlet.http.HttpServletRequest request,
                                      java.util.Map<java.lang.String,IPolicy> dynamicConstraintsMap,
                                      javax.security.auth.Subject user)
                               throws ConnectionException,
                                      PolicyException,
                                      NoSuchContextException,
                                      NoSuchSubjectException,
                                      SubjectNotUniqueException,
                                      SchemaException,
                                      MappingException,
                                      DeclarationException
Description copied from interface: IReadInteraction
This getIdentityByServletReq allows the attribute service to locate information using content from the ServletRequest object such as form input, or SAML assertions to process a lookup defined in the Interaction.

Specified by:
doGetByRequest in interface IReadInteraction
Parameters:
request - the ServletRequest object to be parsed for a Subject context
dynamicConstraintsMap - A map containing a set of dynamic constraints relevant to the transaction. The map index is either an attribute, predicate, or role name, or interaction name (to define policy at the interaction level). This parameter is used for things like specifying a localization constraint on an attribute.
user - the credential context performing the read or null if the transaction is to be done using the application credential context alone.
Returns:
the DigitalSubject requested. An exception should be thrown if not matched.
Throws:
ConnectionException - is thrown when a network or other connection problem has occurred causing the transaction to fail.
PolicyException - is thrown when the the transaction has failed due to policy or consent failure.
NoSuchContextException - is thrown when the subject cannot be mapped to an available context. This is usually suggestive of a configuration problem.
NoSuchSubjectException - is thrown when the user cannot be mapped within a context to perform the operation.
SubjectNotUniqueException - is thrown when the subject or user cannot be uniquely mapped to a single context or is not unique within a context.
SchemaException - is thrown when an attribute is not successfully matched to a context. This can be due to a missing attribute or a non-compatible syntax error.
MappingException - is thrown when an error has occurred in mapping a value to a particular schema. In this case, the schema was valid, but the value was either invalid or not mappable.
DeclarationException
See Also:
IAttrSvcStack.doRead(IReadInteraction, HttpServletRequest, Map, Subject)

doSearch

public IResultSet doSearch(java.util.List<IAttributeValue> attrFilterVals,
                           javax.security.auth.Subject user)
                    throws ConnectionException,
                           PolicyException,
                           NoSuchContextException,
                           NoSuchSubjectException,
                           SubjectNotUniqueException,
                           SchemaException,
                           MappingException,
                           DeclarationException,
                           InvalidFilterException
The search operation can be used for reporting purposes to locate a set of subjects that match a particular condition. The result set returns a List of SubjectKeys that match the filter and role conditions specified. Note that if reporting is desired, the caller may then issue doRead requests to pull back attributes, predicates, and roles of particular subjects returned from this method.

Specified by:
doSearch in interface ISearchInteraction
Parameters:
attrFilterVals - An array of IAttributeValue objects that specify the comparison values for any AttrFilter objects contained in the declared filter for the transaction. The number of values specified must correspond exactly to the number specified in the declared filter. Use Filter.getCompareAttrValues() to obtain the values that need to be set.
user - The security context of the user performing the search or null.
Returns:
A IResultSet of entries that were found in the search.
Throws:
ConnectionException - is thrown when a network or other connection problem has occurred causing the transaction to fail.
PolicyException - is thrown when the the transaction has failed due to policy or consent failure.
NoSuchContextException - is thrown when the subject cannot be mapped to an available context. This is usually suggestive of a configuration problem.
NoSuchSubjectException - is thrown when the user cannot be mapped within a context to perform the operation.
SubjectNotUniqueException - is thrown when the subject or user cannot be uniquely mapped to a single context or is not unique within a context.
SchemaException - is thrown when a filter or role cannot be matched or used appropriately.
MappingException - is thrown when an error has occurred in mapping a filter or role to an appropriate search filter.
DeclarationException - is thrown if this method is called but the Interaction is not declared as a search.
InvalidFilterException - is thrown if an invalid filter or filter value has been specified

doSearch

public IResultSet doSearch(java.util.List<IAttributeValue> attrFilterVals,
                           java.util.Map<java.lang.String,IPolicy> dynamicConstraintsMap,
                           javax.security.auth.Subject user)
                    throws ConnectionException,
                           PolicyException,
                           NoSuchContextException,
                           NoSuchSubjectException,
                           SubjectNotUniqueException,
                           SchemaException,
                           MappingException,
                           DeclarationException,
                           InvalidFilterException
Description copied from interface: ISearchInteraction
The search operation can be used for reporting purposes to locate a set of subjects that match a particular condition. The result set returns a List of SubjectKeys that match the filter and role conditions specified. Note that if reporting is desired, the caller may then issue doRead requests to pull back attributes, predicates, and roles of particular subjects returned from this method.

Specified by:
doSearch in interface ISearchInteraction
Parameters:
attrFilterVals - An array of IFilterValue or IAttributeValue objects that specify the comparison values for any AttrFilter objects contained in the declared filter for the transaction. The number of values specified must correspond exactly to the number specified in the declared filter. Use Filter.getCompareAttrValues() to obtain the values that need to be set.
IFilterValue allows for the capability for runtime setting of the comparison operator (contains, beginswith, etc).
dynamicConstraintsMap - A map containing a set of dynamic constraints relevant to the transaction. The map index is either an attribute, predicate, or role name, or interaction name (to define policy at the interaction level). This parameter is used for things like specifying a localization constraint on an attribute.
user - The user context under which the operation is to be performed or null.
Returns:
A IResultSet of entries that were found in the search.
Throws:
ConnectionException - is thrown when a network or other connection problem has occurred causing the transaction to fail.
PolicyException - is thrown when the the transaction has failed due to policy or consent failure.
NoSuchContextException - is thrown when the subject cannot be mapped to an available context. This is usually suggestive of a configuration problem.
NoSuchSubjectException - is thrown when the user cannot be mapped within a context to perform the operation.
SubjectNotUniqueException - is thrown when the subject or user cannot be uniquely mapped to a single context or is not unique within a context.
SchemaException - is thrown when a filter or role cannot be matched or used appropriately.
MappingException - is thrown when an error has occurred in mapping a filter or role to an appropriate search filter or in mapping a result.
DeclarationException - is thrown if this method is called but the Interaction is not declared as a search.
InvalidFilterException - is thrown if an invalid filter or filter value has been specified.

doModify

public void doModify(IPrincipalIdentifier subjectIdentifierKey,
                     IAttributeValue[] modVals,
                     java.lang.String[] roleVals,
                     javax.security.auth.Subject user)
              throws ConnectionException,
                     PolicyException,
                     NoSuchContextException,
                     NoSuchSubjectException,
                     SubjectNotUniqueException,
                     SchemaException,
                     MappingException,
                     DeclarationException
Description copied from interface: IModifyInteraction
The modify method allows attributes of a Subject to be modified within the attribute service.

Specified by:
doModify in interface IModifyInteraction
Parameters:
subjectIdentifierKey - The subject to be modified.
modVals - modVals an array of IAttributeValue to be applied to the subject. Note: Dynamic policy constraints may also be specified by adding them to specific IAttributeValue values.
roleVals - The roles (of the declared roles) that should be set. If a declared value is not present, that is treated as a clear. A null value means no changes for roles are to be made.
user - The user context under which the modify is to be performed or null if the transaction is to be done using the application credential context alone.
Throws:
ConnectionException - Occurs when there was a connection error trying to connect to the appropriate attribute authority.
PolicyException - Occurs when the modify is refused due to policy restrictions
NoSuchContextException - Occurs when the Subject cannot be mapped to an appropriate attribute authority context.
NoSuchSubjectException - Occurs when no subject could be located for the modify request.
SubjectNotUniqueException - Is thrown when the subject index maps to more than 1 logical subject.
SchemaException - Is thrown when the attributes being modified cannot be mapped to the schema within the attribute service. This may or may not indicate a partial modify was completed. Exception should indicate details.
MappingException - Is thrown when an error has occurred mapping attribute values to the attribute authority schema.
DeclarationException - The Interaction was not declared as an Modify Interaction.

getInteractionPolicyDef

public IPolicy getInteractionPolicyDef()
Specified by:
getInteractionPolicyDef in interface IInteraction

getAttributePolicyDef

public IPolicy getAttributePolicyDef(java.lang.String attrNameId)
Specified by:
getAttributePolicyDef in interface IInteraction

getPredicatePolicyDef

public IPolicy getPredicatePolicyDef(java.lang.String predNameId)
Specified by:
getPredicatePolicyDef in interface IInteraction

getRolePolicyDef

public IPolicy getRolePolicyDef(java.lang.String roleNameId)
Specified by:
getRolePolicyDef in interface IInteraction

toString

public java.lang.String toString()
Overrides:
toString in class java.lang.Object

getEntityName

public java.lang.String getEntityName()
Specified by:
getEntityName in interface IInteraction
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
OpenLiberty.org - Licensed under Apache APL 2.0
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD