com.ibm.dse.applsrv.aa
Class SecurityUser

java.lang.Object
  |
  +--com.ibm.dse.applsrv.aa.SecurityObject
        |
        +--com.ibm.dse.applsrv.aa.SecurityUser

public class SecurityUser
extends SecurityObject
implements java.io.Serializable

This class represents a user to the security system.

See Also:
Serialized Form

Fields inherited from class com.ibm.dse.applsrv.aa.SecurityObject
fs
 
Constructor Summary
protected SecurityUser(java.lang.String user, java.lang.String password)
          Configure a new user with the specified name and password.
 
Method Summary
protected  void _save()
          A hack to force inheritence of a static method.
 void addLimit(SecurityLimit aLimit)
          Adds limit to the current user.
 void addRight(java.lang.String right)
          Add a right to the current user.
 void addRights(java.lang.String[] namesOfRights)
          Add rights to the current user.
 void addRole(java.lang.String role)
          Add a role to the current user.
static void controller(SecurityController ctrl)
          Set the security controller.
 boolean delete()
          Delete this user.
protected static boolean delete(java.lang.String user)
          Delete the named user.
 boolean deleteRight(java.lang.String right)
          Delete a right from the current user.
 void deleteRights(java.lang.String[] namesOfRights)
          Delete the rights from the current user.
 boolean deleteRole(java.lang.String role)
          Delete a role from the current user.
protected static boolean disablePersist()
          Disable persistence for users.
protected static EncryptionInterface encrypter()
          Return the encryption engine of this database.
protected static void encrypter(EncryptionInterface anEncrypter)
          Set the encryption engine for use by this database.
protected static java.util.Enumeration enumerationOverUsers()
          Return an enumeration over the users.
protected static void forceSave()
          Force a save of the current state of the configured users to the database.
protected static SecurityUser get(java.lang.String nameOfUser, java.lang.String password)
          Return the user with the specified name.
 Array getAccessibleServices()
          Return a list of all services accessible by this user.
 Array getAccessibleServicesOrNull()
          Return a list of all services accessible by this user.
 long getActivation()
          Return this user's activation time as milliseconds since January 1, 1970, 00:00:00 GMT.
 Array getAllContexts()
          Return the list of contexts for this user.
 Dictionary getAllInheritedData()
          Return a dictionary of all data set for this user and data inherited from group memberships.
 Array getAllRights()
          Return the list of all rights assigned to this user either directly or indirectly via roles/groups or subroles/subgroups thereof.
 Dictionary getAttributes()
          Return a dictionary containing all of the attributes of this user.
protected static SecurityPersistence getDB()
          Return the persistence controller for this class.
 long getDuration()
          Return this user's duration of activation in milliseconds.
 java.lang.String getInheritedData(java.lang.String key)
          Return the value of specified key for this user.
 Array getLimits()
          Returns a copy of the list of limits associated with this user.
 boolean getLock()
          Return this user's lockout status.
 java.lang.String getPassword()
          Return the password associated with this user.
protected static java.lang.String getPathName()
          Return the pathname of this database of users.
protected static boolean getPersist()
          Return the persistence state for users.
 Array getRights()
          Return a copy of the list of rights associated with this user.
 java.lang.String[] getRightsAsArray()
          Return a copy of the list of rights associated with this user.
 java.lang.String[] getRightsAsArrayOrNull()
          Return a copy of the list of rights associated with this user.
 Array getRoles()
          Return a copy of the list of roles associated with this user.
 java.lang.String[] getRolesAsArray()
          Return a copy of the list of roles associated with this user.
 java.lang.String[] getRolesAsArrayOrNull()
          Return a copy of the list of roles associated with this user.
 boolean getTimeLock()
          Return this user's interval lockout status.
 Dictionary getTimesForRights()
          Return a copy of the times associated with the rights.
 Dictionary getTimesForRightsOrNull()
          Return a copy of the times associated with the rights.
 Dictionary getTimesForRoles()
          Return a copy of the times associated with the roles.
 Dictionary getTimesForRolesOrNull()
          Return a copy of the times associated with the roles.
protected static java.lang.String[] getUserIds()
          Return the list of names of the users.
 boolean hasRight(java.lang.String right)
          Check if this user has the specified right either in its list of rights or in one of its roles or subroles thereof.
 boolean hasRole(java.lang.String role)
          Query if this user has a role with the specified name.
 boolean hasRole2(java.lang.String role)
          Query if this user has a role with the specified name or a reference to it in the timeout table.
 boolean hasRoles()
          Query if this user has roles.
 boolean isDirectlyReferencingRight(java.lang.String right)
          Return true if the specified right is being directly referenced by this user.
 boolean isLoggedOn()
          Return the logon status of this user.
 boolean isReferencingRight(java.lang.String right)
          Return true if the specified right is being referenced (directly or indirectly).
 boolean isReferencingRole(java.lang.String role)
          Return true if the specified role is being referenced (directly or indirectly).
 boolean isRightActive(java.lang.String right)
          Return true if the specified right is active else return false.
 boolean limitAccess()
          Limit access of this user for the specified interval.
protected static void load()
          Load the current state of the configured users from the database.
protected static Dictionary loadr()
          Load and return the current state of the configured users from the database.
 boolean lock()
          Lockout this user.
protected static int numberOfUsers()
          Return the number of users that are currently defined.
protected static boolean passwordAccess()
          Return the password access control flag.
protected static void passwordAccess(boolean access)
          Enable or disable password access for users.
protected static void reset()
          Reset the configured users.
protected static void resetAdm()
          Recreate user "admin" with all of its default attributes.
 void resetAttributes()
          Reset all attributes of this user with the exception of the user's name.
protected static void resetPrimitive()
          Reset the configured users.
protected static void save()
          Save the current state of the configured users to the database.
 void setActivation(long time)
          Set this user's activation time as milliseconds since January 1, 1970, 00:00:00 GMT.
 void setAttributes(Dictionary attributes, boolean set)
          Set the attributes of this user.
protected static void setDB(SecurityPersistence securityPersistence)
          Set the persistence controller for this class.
 void setDuration(long time)
          Set this user's duration of activation in milliseconds.
protected static void setFileName(java.lang.String fileName)
          Set the filename of this database.
 void setPassword(java.lang.String password)
          Set the password for this user.
protected static void setPersist(boolean persistence)
          Enable or disable persistence for users.
 void setRightInterval(java.lang.String right, long start, long duration)
          Set the start and duration of the specified right.
 void setRights(Array rights)
          Set the rights for this user.
 void setRights(java.lang.String[] rights)
          Set the rights for this user.
 void setRightsInterval(Array nameOfRights, long start, long duration)
          Set the start and duration of the specified rights.
 void setRoleInterval(java.lang.String role, long start, long duration)
          Set the start and duration of the specified role.
 void setRoles(Array roles)
          Set the roles for this user.
 void setRoles(java.lang.String[] roles)
          Set the roles for this user.
 void setRolesInterval(Array nameOfRoles, long start, long duration)
          Set the start and duration of the specified roles.
protected static void shutdown()
          Shutdown the security component.
 java.lang.String toString()
          Returns a string representation of this object.
 boolean unlimitedAccess()
          Grant unlimited access of this user (if not otherwise restricted).
 boolean unlock()
          Unlock this user.
protected static Dictionary users()
          Return a copy of the dictionary of configured users.
 void verify()
          Verify this user.
protected static void verifyAll()
          Verify the consistancy of this database.
 
Methods inherited from class com.ibm.dse.applsrv.aa.SecurityObject
getData, getData, getDataOrNull, getName, home, prefix, putData, putData, setName
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Constructor Detail

SecurityUser

protected SecurityUser(java.lang.String user,
                       java.lang.String password)
                throws DSESecurityException
Configure a new user with the specified name and password.
Parameters:
user - String - the login id of this user.
password - String - the password.
Throws:
DSESecurityException - - error in the request.
Method Detail

_save

protected void _save()
              throws DSESecurityException
A hack to force inheritence of a static method.
Overrides:
_save in class SecurityObject
Throws:
DSESecurityException - - abstract method.

addLimit

public void addLimit(SecurityLimit aLimit)
              throws DSESecurityException
Adds limit to the current user.
Parameters:
aLimit - SecurityLimit - the limit to add to the user.
Throws:
DSESecurityException - - error in the request.

addRight

public void addRight(java.lang.String right)
              throws DSESecurityException
Add a right to the current user.
Parameters:
right - String - the name of the right.
Throws:
DSESecurityException - - error in the request.

addRights

public void addRights(java.lang.String[] namesOfRights)
               throws DSESecurityException
Add rights to the current user.
Parameters:
namesOfRights - String[] - the names of the rights.
Throws:
DSESecurityException - - error in the request.

addRole

public void addRole(java.lang.String role)
             throws DSESecurityException
Add a role to the current user.
Parameters:
role - String - the name of the role.
Throws:
DSESecurityException - - error in the request. NOTE: A role can be included BOTH directly AND indirectly as a child of an included role.

controller

public static void controller(SecurityController ctrl)
Set the security controller.
Parameters:
ctrl - SecurityController - the security controller.

delete

public boolean delete()
               throws DSESecurityException
Delete this user.
Returns:
boolean - true if the delete succeeded else false.
Throws:
DSESecurityException - - database error.

delete

protected static boolean delete(java.lang.String user)
                         throws DSESecurityException
Delete the named user.
Parameters:
user - String - the name of the user to delete.
Returns:
boolean - true if the delete succeeded else false.
Throws:
DSESecurityException - - database error.

deleteRight

public boolean deleteRight(java.lang.String right)
                    throws DSESecurityException
Delete a right from the current user.
Parameters:
right - String - the name of the right.
Returns:
boolean - true if the delete succeeded else false.
Throws:
DSESecurityException - - database error.

deleteRights

public void deleteRights(java.lang.String[] namesOfRights)
                  throws DSESecurityException
Delete the rights from the current user.
Parameters:
namesOfRights - String[] - the names of the rights.
Throws:
DSESecurityException - - error in the request.

deleteRole

public boolean deleteRole(java.lang.String role)
                   throws DSESecurityException
Delete a role from the current user.
Parameters:
role - String - the name of the role.
Returns:
boolean - true if the delete succeeded else false.
Throws:
DSESecurityException - - database error.

disablePersist

protected static boolean disablePersist()
Disable persistence for users.
Returns:
boolean - true if users were persisting else false.

encrypter

protected static EncryptionInterface encrypter()
Return the encryption engine of this database.
Returns:
EncryptionInterface - the encryption engine.

encrypter

protected static void encrypter(EncryptionInterface anEncrypter)
Set the encryption engine for use by this database.
Parameters:
anEncrypter - EncryptionInterface - the encryption engine.

enumerationOverUsers

protected static java.util.Enumeration enumerationOverUsers()
Return an enumeration over the users.
Returns:
Enumeration - the enumeration over the users.

forceSave

protected static void forceSave()
                         throws DSESecurityException
Force a save of the current state of the configured users to the database.
Throws:
DSESecurityException - - database error.

get

protected static SecurityUser get(java.lang.String nameOfUser,
                                  java.lang.String password)
                           throws DSESecurityException
Return the user with the specified name. If the user doesn't exist & the password is null then return null else create & return a new user with the specified name & password.
Parameters:
nameOfUser - String - the name of the user.
password - String - if not null then this will be the password of the newly created user.
Returns:
SecurityUser - the user.
Throws:
DSESecurityException - - error in the request.

getAccessibleServices

public Array getAccessibleServices()
Return a list of all services accessible by this user.
Returns:
Array - the list of accessible services.

getAccessibleServicesOrNull

public Array getAccessibleServicesOrNull()
Return a list of all services accessible by this user.
Returns:
Array - the list of accessible services or null if none.

getActivation

public long getActivation()
Return this user's activation time as milliseconds since January 1, 1970, 00:00:00 GMT.
Returns:
long - this user's activation time as milliseconds since January 1, 1970, 00:00:00 GMT.

getAllContexts

public Array getAllContexts()
Return the list of contexts for this user.
Returns:
Array - the list of contexts for this user.

getAllInheritedData

public Dictionary getAllInheritedData()
Return a dictionary of all data set for this user and data inherited from group memberships. Note: closer definitions take precedence over further definitions in each inheritance hierarchy (which is processed from left to right).
Returns:
Dictionary - the data dictionary.

getAllRights

public Array getAllRights()
                   throws DSESecurityException
Return the list of all rights assigned to this user either directly or indirectly via roles/groups or subroles/subgroups thereof.
Returns:
Array - the list of all rights.
Throws:
DSESecurityException - - database error.

getAttributes

public Dictionary getAttributes()
                         throws DSESecurityException
Return a dictionary containing all of the attributes of this user.
Returns:
Dictionary - a dictionary containing all of the attributes of this user.
Throws:
DSESecurityException - - database error.

getDB

protected static SecurityPersistence getDB()
Return the persistence controller for this class.
Returns:
SecurityPersistence - the persistence controller.

getDuration

public long getDuration()
Return this user's duration of activation in milliseconds.
Returns:
long - this user's duration of activation in milliseconds.

getInheritedData

public java.lang.String getInheritedData(java.lang.String key)
Return the value of specified key for this user. If not found then check for values inherited from group memberships. Note: closer definitions take precedence over further definitions in each inheritance hierarchy (which is processed from left to right).
Parameters:
key - String - the name of the data item.
Returns:
String - the associated value or null if the key is not found.

getLimits

public Array getLimits()
Returns a copy of the list of limits associated with this user.
Returns:
Array - a copy of the list of limits.

getLock

public boolean getLock()
Return this user's lockout status.
Returns:
boolean - true if user is locked, false if user is unlocked.

getPassword

public java.lang.String getPassword()
Return the password associated with this user.
Returns:
String - the password.

getPathName

protected static java.lang.String getPathName()
Return the pathname of this database of users.
Returns:
String - the pathname of this database or null if its not configured.

getPersist

protected static boolean getPersist()
Return the persistence state for users.
Returns:
boolean - true if users are persisting else false.

getRights

public Array getRights()
Return a copy of the list of rights associated with this user.
Returns:
Array - a copy of the list of rights.

getRightsAsArray

public java.lang.String[] getRightsAsArray()
Return a copy of the list of rights associated with this user.
Returns:
String[] - a copy of the list of rights.

getRightsAsArrayOrNull

public java.lang.String[] getRightsAsArrayOrNull()
Return a copy of the list of rights associated with this user.
Returns:
String[] - a copy of the list of rights.

getRoles

public Array getRoles()
Return a copy of the list of roles associated with this user.
Returns:
Array - a copy of the list of roles.

getRolesAsArray

public java.lang.String[] getRolesAsArray()
Return a copy of the list of roles associated with this user.
Returns:
String[] - a copy of the list of roles.

getRolesAsArrayOrNull

public java.lang.String[] getRolesAsArrayOrNull()
Return a copy of the list of roles associated with this user.
Returns:
String[] - a copy of the list of roles.

getTimeLock

public boolean getTimeLock()
Return this user's interval lockout status.
Returns:
boolean - true if user is interval locked, false otherwise.

getTimesForRights

public Dictionary getTimesForRights()
Return a copy of the times associated with the rights.
Returns:
Dictionary - the copy of the times dictionary.

getTimesForRightsOrNull

public Dictionary getTimesForRightsOrNull()
Return a copy of the times associated with the rights.
Returns:
Dictionary - the copy of the times dictionary.

getTimesForRoles

public Dictionary getTimesForRoles()
Return a copy of the times associated with the roles.
Returns:
Dictionary - the copy of the times dictionary.

getTimesForRolesOrNull

public Dictionary getTimesForRolesOrNull()
Return a copy of the times associated with the roles.
Returns:
Dictionary - the copy of the times dictionary.

getUserIds

protected static java.lang.String[] getUserIds()
Return the list of names of the users.
Returns:
String[] - the list of names of the users.

hasRight

public boolean hasRight(java.lang.String right)
Check if this user has the specified right either in its list of rights or in one of its roles or subroles thereof.
Parameters:
right - String - the right to check for [dont validate the right itself].
Returns:
boolean - true if user has the right else false.

hasRole

public boolean hasRole(java.lang.String role)
Query if this user has a role with the specified name.
Returns:
boolean - true if this user has the specified role else false.

hasRole2

public boolean hasRole2(java.lang.String role)
Query if this user has a role with the specified name or a reference to it in the timeout table.
Returns:
boolean - true if this user has the specified role else false.

hasRoles

public boolean hasRoles()
Query if this user has roles.
Returns:
boolean - true if this user has at least one role else false.

isDirectlyReferencingRight

public boolean isDirectlyReferencingRight(java.lang.String right)
Return true if the specified right is being directly referenced by this user. Do NOT check if the right is valid or active.
Parameters:
right - String - the name of the right.
Returns:
boolean - true if the right is being referenced else false.

isLoggedOn

public boolean isLoggedOn()
Return the logon status of this user.
Returns:
boolean - true if this user is logged on (at least once) else false.

isReferencingRight

public boolean isReferencingRight(java.lang.String right)
Return true if the specified right is being referenced (directly or indirectly). Do NOT check if the right is valid or active.
Parameters:
right - String - the name of the right.
Returns:
boolean - true if the right is being referenced else false.

isReferencingRole

public boolean isReferencingRole(java.lang.String role)
Return true if the specified role is being referenced (directly or indirectly). Do NOT check if the role is valid.
Parameters:
role - String - the name of the role.
Returns:
boolean - true if the role is being referenced else false.

isRightActive

public boolean isRightActive(java.lang.String right)
Return true if the specified right is active else return false.
Parameters:
right - String - the name of the right.
Returns:
boolean - the active state of the right.

limitAccess

public boolean limitAccess()
                    throws DSESecurityException
Limit access of this user for the specified interval.
Returns:
boolean - true if successful, false if the user was already locked.
Throws:
DSESecurityException - - database error.

load

protected static void load()
                    throws DSESecurityException
Load the current state of the configured users from the database.
Throws:
DSESecurityException - - database error.

loadr

protected static Dictionary loadr()
                           throws DSESecurityException
Load and return the current state of the configured users from the database.
Returns:
Dictionary - the database.
Throws:
DSESecurityException - - database error.

lock

public boolean lock()
             throws DSESecurityException
Lockout this user.
Returns:
boolean - true if successful, false if the user was already locked.
Throws:
DSESecurityException - - database error.

numberOfUsers

protected static int numberOfUsers()
Return the number of users that are currently defined.
Returns:
int - the number of users that are currently defined.

passwordAccess

protected static boolean passwordAccess()
Return the password access control flag.
Returns:
boolean - true if the password is accessible else false.

passwordAccess

protected static void passwordAccess(boolean access)
Enable or disable password access for users.
Parameters:
access - boolean - true to enable access, false to disable it.

reset

protected static void reset()
                     throws DSESecurityException
Reset the configured users.
Throws:
DSESecurityException - - database error.

resetAdm

protected static void resetAdm()
                        throws DSESecurityException
Recreate user "admin" with all of its default attributes.
Throws:
DSESecurityException - - database error.

resetAttributes

public void resetAttributes()
                     throws DSESecurityException
Reset all attributes of this user with the exception of the user's name.
Throws:
DSESecurityException - - error during save.

resetPrimitive

protected static void resetPrimitive()
Reset the configured users. THIS IS NOT AN API !!
Throws:
SecurityPersistenceException - - database error.

save

protected static void save()
                    throws DSESecurityException
Save the current state of the configured users to the database.
Throws:
DSESecurityException - - database error.

setActivation

public void setActivation(long time)
                   throws DSESecurityException
Set this user's activation time as milliseconds since January 1, 1970, 00:00:00 GMT.
Parameters:
time - long - this user's activation time as milliseconds since January 1, 1970, 00:00:00 GMT.
Throws:
DSESecurityException - - database error.

setAttributes

public void setAttributes(Dictionary attributes,
                          boolean set)
                   throws DSESecurityException
Set the attributes of this user.
Parameters:
attributes - Dictionary - the new attributes.
set - boolean - if true then set all the attributes else change the specified attributes only.
Throws:
DSESecurityException - - error in the request.

setDB

protected static void setDB(SecurityPersistence securityPersistence)
Set the persistence controller for this class.
Parameters:
securityPersistence - SecurityPersistence - the persistence controller.

setDuration

public void setDuration(long time)
                 throws DSESecurityException
Set this user's duration of activation in milliseconds.
Parameters:
time - long - this user's duration of activation in milliseconds.
Throws:
DSESecurityException - - database error.

setFileName

protected static void setFileName(java.lang.String fileName)
Set the filename of this database.
Parameters:
fileName - String - the name of this database.

setPassword

public void setPassword(java.lang.String password)
                 throws DSESecurityException
Set the password for this user.
Parameters:
password - String - the password.
Throws:
DSESecurityException - - the password was null.

setPersist

protected static void setPersist(boolean persistence)
Enable or disable persistence for users.
Parameters:
persistence - boolean - true to enable persistence, false to disable it.

setRightInterval

public void setRightInterval(java.lang.String right,
                             long start,
                             long duration)
                      throws DSESecurityException
Set the start and duration of the specified right. If the duration is not positive then remove these attributes.
Parameters:
right - String - the name of the right.
start - long - the starting millisecond.
duration - long - the duration in milliseconds.
Throws:
DSESecurityException - - error in the request.

setRights

public void setRights(java.lang.String[] rights)
               throws DSESecurityException
Set the rights for this user.
Parameters:
rights - String[] - the rights.
Throws:
DSESecurityException - - one of the rights does not exist.

setRights

public void setRights(Array rights)
               throws DSESecurityException
Set the rights for this user.
Parameters:
rights - Array - the rights.
Throws:
DSESecurityException - - one of the rights does not exist.

setRightsInterval

public void setRightsInterval(Array nameOfRights,
                              long start,
                              long duration)
                       throws DSESecurityException
Set the start and duration of the specified rights.
Parameters:
nameOfRights - Array - the list of the rights.
start - long - the starting millisecond.
duration - long - the duration in milliseconds.
Throws:
DSESecurityException - - error in the request.

setRoleInterval

public void setRoleInterval(java.lang.String role,
                            long start,
                            long duration)
                     throws DSESecurityException
Set the start and duration of the specified role. If the duration is not positive then remove these attributes.
Parameters:
role - String - the name of the role.
start - long - the starting millisecond.
duration - long - the duration in milliseconds.
Throws:
DSESecurityException - - error in the request.

setRoles

public void setRoles(java.lang.String[] roles)
              throws DSESecurityException
Set the roles for this user.
Parameters:
roles - String[] - the roles.
Throws:
DSESecurityException - - one of the roles does not exist.

setRoles

public void setRoles(Array roles)
              throws DSESecurityException
Set the roles for this user.
Parameters:
roles - Array - the roles.
Throws:
DSESecurityException - - one of the roles does not exist.

setRolesInterval

public void setRolesInterval(Array nameOfRoles,
                             long start,
                             long duration)
                      throws DSESecurityException
Set the start and duration of the specified roles.
Parameters:
nameOfRoles - Array - the list of the roles.
start - long - the starting millisecond.
duration - long - the duration in milliseconds.
Throws:
DSESecurityException - - error in the request.

shutdown

protected static void shutdown()
                        throws DSESecurityException
Shutdown the security component.
Throws:
DSESecurityException - - error in the request.

toString

public java.lang.String toString()
Returns a string representation of this object.
Overrides:
toString in class java.lang.Object
Returns:
String - a string representation of this object.

unlimitedAccess

public boolean unlimitedAccess()
                        throws DSESecurityException
Grant unlimited access of this user (if not otherwise restricted).
Returns:
boolean - true if successful, false if the user was already interval unlocked.
Throws:
DSESecurityException - - database error.

unlock

public boolean unlock()
               throws DSESecurityException
Unlock this user.
Returns:
boolean - true if successful, false if the user was already unlocked.
Throws:
DSESecurityException - - database error.

users

protected static Dictionary users()
Return a copy of the dictionary of configured users.
Returns:
Dictionary - the copy of the users.

verify

public void verify()
            throws DSESecurityException
Verify this user.
Throws:
DSESecurityException - - error in the request.

verifyAll

protected static void verifyAll()
                         throws DSESecurityException
Verify the consistancy of this database.
Throws:
DSESecurityException - - error in the request.