org.apache.geronimo.security.jacc
Interface ModuleConfiguration

All Known Implementing Classes:
AbstractModuleConfiguration

public interface ModuleConfiguration

Version:
$Revision: 1.3 $ $Date: 2004/03/10 09:59:25 $

Method Summary
 void addRoleMapping(String role, Collection principals)
          Add a mapping from a module's security roles to physical principals.
 void commit()
          This method is used to set to "inService" the state of the policy context whose interface is this PolicyConfiguration Object.
 void delete()
          Causes all policy statements to be deleted from this PolicyConfiguration and sets its internal state such that calling any method, other than delete, getContextID, or inService on the PolicyConfiguration will be rejected and cause an UnsupportedOperationException to be thrown.
 String getContextID()
          This method returns this modules's policy context identifier.
 HashSet getRoles()
          This method returns the module's set of roles.
 boolean inService()
          This method is used to determine if the policy context whose interface is this PolicyConfiguration Object is in the "inService" state.
 void linkConfiguration(ModuleConfiguration link)
          Creates a relationship between this configuration and another such that they share the same principal-to-role mappings.
 

Method Detail

getContextID

public String getContextID()
This method returns this modules's policy context identifier.

Returns:
this object's policy context identifier.

getRoles

public HashSet getRoles()
This method returns the module's set of roles.

Returns:
the set of roles that are being used for this module.

addRoleMapping

public void addRoleMapping(String role,
                           Collection principals)
                    throws GeronimoSecurityException
Add a mapping from a module's security roles to physical principals. Mapping principals to the same role twice will cause a PolicyContextException to be thrown.

Parameters:
role - The role that is to be mapped to a set of principals.
principals - The set of principals that are to be mapped to to role.
Throws:
GeronimoSecurityException - if the mapping principals to the same role twice occurs.

linkConfiguration

public void linkConfiguration(ModuleConfiguration link)
                       throws GeronimoSecurityException

Creates a relationship between this configuration and another such that they share the same principal-to-role mappings. PolicyConfigurations are linked to apply a common principal-to-role mapping to multiple seperately manageable PolicyConfigurations, as is required when an application is composed of multiple modules.

Note that the policy statements which comprise a role, or comprise the excluded or unchecked policy collections in a PolicyConfiguration are unaffected by the configuration being linked to another.

Parameters:
link - a reference to a different PolicyConfiguration than this PolicyConfiguration.

The relationship formed by this method is symetric, transitive and idempotent. If the argument PolicyConfiguration does not have a different Policy context identifier than this PolicyConfiguration no relationship is formed, and an exception, as described below, is thrown.

Throws:
SecurityException - if called by an AccessControlContext that has not been granted the "setPolicy" SecurityPermission.
UnsupportedOperationException - if the state of the policy context whose interface is this EjbModuleConfigurationMBean Object is "deleted" or "inService" when this method is called.
IllegalArgumentException - if called with an argument EjbModuleConfigurationMBean whose Policy context is equivalent to that of this EjbModuleConfigurationMBean.
GeronimoSecurityException - if the implementation throws a checked exception that has not been accounted for by the linkConfiguration method signature. The exception thrown by the implementation class will be encapsulated (during construction) in the thrown GeronimoSecurityException.

delete

public void delete()
            throws GeronimoSecurityException

Causes all policy statements to be deleted from this PolicyConfiguration and sets its internal state such that calling any method, other than delete, getContextID, or inService on the PolicyConfiguration will be rejected and cause an UnsupportedOperationException to be thrown.

This operation has no affect on any linked PolicyConfigurations other than removing any links involving the deleted PolicyConfiguration.

Throws:
SecurityException - if called by an AccessControlContext that has not been granted the "setPolicy" SecurityPermission.
GeronimoSecurityException - if the implementation throws a checked exception that has not been accounted for by the delete method signature. The exception thrown by the implementation class will be encapsulated (during construction) in the thrown GeronimoSecurityException.

commit

public void commit()
            throws GeronimoSecurityException

This method is used to set to "inService" the state of the policy context whose interface is this PolicyConfiguration Object. Only those policy contexts whose state is "inService" will be included in the policy contexts processed by the Policy.refresh method. A policy context whose state is "inService" may be returned to the "open" state by calling the getPolicyConfiguration method of the PolicyConfiguration factory with the policy context identifier of the policy context.

When the state of a policy context is "inService", calling any method other than commit, delete, getContextID, or inService on its PolicyConfiguration Object will cause an UnsupportedOperationException to be thrown.

Throws:
SecurityException - if called by an AccessControlContext that has not been granted the "setPolicy" SecurityPermission.
UnsupportedOperationException - if the state of the policy context whose interface is this PolicyConfiguration Object is "deleted" when this method is called.
GeronimoSecurityException - if the implementation throws a checked exception that has not been accounted for by the commit method signature. The exception thrown by the implementation class will be encapsulated (during construction) in the thrown GeronimoSecurityException.

inService

public boolean inService()
                  throws GeronimoSecurityException
This method is used to determine if the policy context whose interface is this PolicyConfiguration Object is in the "inService" state.

Returns:
true if the state of the associated policy context is "inService"; false otherwise.
Throws:
SecurityException - if called by an AccessControlContext that has not been granted the "setPolicy" SecurityPermission.
GeronimoSecurityException - if the implementation throws a checked exception that has not been accounted for by the inService method signature. The exception thrown by the implementation class will be encapsulated (during construction) in the thrown GeronimoSecurityException.


Copyright © 2003-2005 Apache Software Foundation. All Rights Reserved.