org.safehaus.triplesec.guardian
Class Profile

java.lang.Object
  org.safehaus.triplesec.guardian.Profile

All Implemented Interfaces:

java.io.Serializable, java.lang.Cloneable, java.lang.Comparable

public class Profile
extends java.lang.Object
implements java.lang.Comparable, java.lang.Cloneable, java.io.Serializable

A user's application authorization profile. Authorization policy is used to manage access controls for user profiles associated with applications. Profiles associate users with applications. This class models that profile by linking the user with an application and allowing the assignment of application specific Roles and Permissions to the profile.

Profiles contain three sets of Permissions and a set of Roles used for managing an authorization policy of a user. A Role Based Access Control (RBAC) model is used to easily manage the Profile. The three Permission sets are: grants, denials and the effective calculated permissions for the profile. Roles assigned to the Profile lead to the inheritance of Permissions granted to Role. Besides Role based Permission inheritence, additional Permissions may be granted or denied to influence the total effective Permissions. The grants Permissions set contains extra granted Permissions which may not be inherited by assigned Roles. The denials Permissions set contains Permissions that are denied whether they are inherited by assigned Roles or granted through the grants Permissions set. Denials take precedence. For more information take a look at the documentation here:

• Guardian User's Guide

Version:

$Rev: 74 $, $Date: 2005-11-11 02:03:22 -0500 (Fri, 11 Nov 2005) $

Author:

Alex Karasulu, Trustin Lee

See Also:

Serialized Form

Constructor Summary

Profile(ApplicationPolicy store, java.lang.String profileId, java.lang.String userName, Roles roles, Permissions grants, Permissions denials)
Creates a default User Profile for an ApplicationPolicyStore.

Profile(ApplicationPolicy store, java.lang.String profileId, java.lang.String userName, Roles roles, Permissions grants, Permissions denials, java.lang.String description)
Creates a default User Profile for an ApplicationPolicyStore.

Method Summary

void	checkPermission(Permission permission) Assertive permission check to test if this Profile has the effective permission.
void	checkPermission(Permission permission, java.lang.String message) Assertive permission check to test if this Profile has the effective permission.
void	checkPermission(java.lang.String permissionName) Assertive check to test if this Profile has the effective Permission.
void	checkPermission(java.lang.String permissionName, java.lang.String message) Assertive permission check to test if this Profile has the effective permission.
java.lang.Object	clone()
int	compareTo(java.lang.Object that)
boolean	equals(java.lang.Object that)
java.lang.String	getApplicationName() Gets the name of the application this Profile is associated with.
Permissions	getDenials() Gets a set of permissions explicitly denied by this profile.
java.lang.String	getDescription() Gets a brief description for this Profile if one exists.
Permissions	getEffectivePermissions() Gets the set of effective (net calculated) permissions for this Profile.
Permissions	getGrants() Gets the set of Permissions granted to this Profile.
java.lang.String	getProfileId() Gets the id of the this Profile.
Roles	getRoles() Gets a set of Roles which are assigned to this Profile.
java.lang.String	getUserName() Gets the name of the user who owns this Profile.
int	hashCode()
boolean	hasPermission(Permission permission) Get's whether or not this Profile has the permission.
boolean	hasPermission(java.lang.String permissionName) Get's whether or not this Profile has the permission.
boolean	isInRole(java.lang.String roleName) Checks to see if the user according to this Profile is in a Role.
java.lang.String	toString()

Methods inherited from class java.lang.Object

finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Detail

Profile

public Profile(ApplicationPolicy store,
               java.lang.String profileId,
               java.lang.String userName,
               Roles roles,
               Permissions grants,
               Permissions denials)

Creates a default User Profile for an ApplicationPolicyStore.

Parameters:

profileId - the id of this Profile

userName - the name of the User this Profile is for

store - the store this Profile is for

roles - the roles assigned to this Profile

grants - the permissions granted to this Profile

denials - the permissions denied by this Profile

Profile

public Profile(ApplicationPolicy store,
               java.lang.String profileId,
               java.lang.String userName,
               Roles roles,
               Permissions grants,
               Permissions denials,
               java.lang.String description)

Creates a default User Profile for an ApplicationPolicyStore.

Parameters:

profileId - the name of the User this Profile is for

store - the store this Profile is for

roles - the roles assigned to this Profile

grants - the permissions granted to this Profile

denials - the permissions denied by this Profile

description - a brief description for this Profile

Method Detail

getProfileId

public java.lang.String getProfileId()

Gets the id of the this Profile.

Returns:

the id of this Profile

getUserName

public java.lang.String getUserName()

Gets the name of the user who owns this Profile.

Returns:

the name of the user associated with this Profile

getDescription

public java.lang.String getDescription()

Gets a brief description for this Profile if one exists.

Returns:

a description for this Profile

getApplicationName

public java.lang.String getApplicationName()

Gets the name of the application this Profile is associated with.

Returns:

the name of the application this Profile is associated with

getRoles

public Roles getRoles()

Gets a set of Roles which are assigned to this Profile.

Returns:

a container of Role objects which are assigned to this Profile

isInRole

public boolean isInRole(java.lang.String roleName)

Checks to see if the user according to this Profile is in a Role.

Parameters:

roleName - the name of the Role to check for

Returns:

true if the user is in the Role, false otherwise

getGrants

public Permissions getGrants()

Gets the set of Permissions granted to this Profile.

Returns:

a container of granted Permission objects

getDenials

public Permissions getDenials()

Gets a set of permissions explicitly denied by this profile. This is the only time and place where negative permissions will ever be found.

Returns:

a container of denied Permission objects

getEffectivePermissions

public Permissions getEffectivePermissions()

Gets the set of effective (net calculated) permissions for this Profile. An effective permission is calculated from the assigned Roles, granted Permissions and denied Permissions of this Profile.

Returns:

a container of effective Permission objects for this profile.

checkPermission

public void checkPermission(java.lang.String permissionName)

Assertive check to test if this Profile has the effective Permission.

Parameters:

permissionName - the permission name to check for

Throws:

java.security.AccessControlException - if the permission is not granted or inherited from an assigned Role

hasPermission

public boolean hasPermission(Permission permission)

Get's whether or not this Profile has the permission.

Parameters:

permission - the permission to check for

Returns:

true if the permission is granted, false otherwise

hasPermission

public boolean hasPermission(java.lang.String permissionName)

Get's whether or not this Profile has the permission.

Parameters:

permissionName - the permission to check for

Returns:

true if the permission is granted, false otherwise

checkPermission

public void checkPermission(Permission permission)

Assertive permission check to test if this Profile has the effective permission.

Parameters:

permission - the permission to check for

Throws:

java.security.AccessControlException - if the permission is not granted or inherited from an assigned Role

checkPermission

public void checkPermission(java.lang.String permissionName,
                            java.lang.String message)

Assertive permission check to test if this Profile has the effective permission.

Parameters:

permissionName - the permission name to check for

message - to use for AccessControlException if it is thrown

Throws:

java.security.AccessControlException - if the permission is not granted or inherited from an assigned Role

checkPermission

public void checkPermission(Permission permission,
                            java.lang.String message)

Assertive permission check to test if this Profile has the effective permission.

Parameters:

permission - the permission to check for

message - to use for AccessControlException if it is thrown

Throws:

java.security.AccessControlException - if the permission is not granted or inherited from an assigned Role

hashCode

public int hashCode()

Overrides:

hashCode in class java.lang.Object

equals

public boolean equals(java.lang.Object that)

Overrides:

equals in class java.lang.Object

compareTo

public int compareTo(java.lang.Object that)

Specified by:

compareTo in interface java.lang.Comparable

clone

public java.lang.Object clone()

Overrides:

clone in class java.lang.Object

toString

public java.lang.String toString()

Overrides:

toString in class java.lang.Object