Google Git
Sign in
apache / directory-fortress-core / 18b1b16a2d3a9903f05fb0245c8431a9b2f1375a / . / src / main / java / org / apache / directory / fortress / core / model / Constraint.java
blob: 7f6d26d57ae556c5f87d37f7274b5ea464f9a542 [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.apache.directory.fortress.core.model;
import java.util.List;
/**
* The Fortress Constraint interface prescribes attributes that are used to store, process and retrieve temporal validation attributes on
* {@link org.apache.directory.fortress.core.model.User}, {@link org.apache.directory.fortress.core.model.UserRole}, {@link org.apache.directory.fortress.core.model.Role},
* {@link org.apache.directory.fortress.core.model.AdminRole}, {@link org.apache.directory.fortress.core.model.UserAdminRole} entities.
* <p>
* <img src="../../doc-files/TemporalRbac.png" alt="">
* <p>
* <h3>Temporal Constraints on User and Role Assignments</h3>
* In addition to the standard RBAC support, Fortress provides coverage for temporal constraints on role and user activation into session.
* Temporal constraints affect when Users may activate Roles within runtime system at a particular point in time. For example a nurse may be assigned to the "ChargeNurse" role but be limited as to when she is permitted to perform those duties, i.e. weekend graveyard shift. Another example is a bank teller who is assigned to a "Teller" role but may only act within role between the hours of 9:00 to 5:00 on Monday thru Friday during normal business hours.
* Additionally Fortress temporal constraints are checked during user authentication to control when a user is actually permitted to sign-on to a system. The constraints may also be applied to enforce temporary blackout periods to cover vacations, leave of absences, sabbaticals, etc.
* <p>
* <h4>Constraint Schema</h4>
* The entity maps to Fortress LDAP Schema object classes:
* <p>
* 1. ftRls Structural objectclass is used to store the Role information like name and temporal constraint attributes.
* <ul>
* <li> ------------------------------------------
* <li> <code>objectclass ( 1.3.6.1.4.1.38088.2.1</code>
* <li> <code>NAME 'ftRls'</code>
* <li> <code>DESC 'Fortress Role Object Class'</code>
* <li> <code>SUP organizationalrole</code>
* <li> <code>STRUCTURAL</code>
* <li> <code>MUST ( ftId $ ftRoleName )</code>
* <li> <code>MAY ( description $ ftCstr ) )</code>
* <li> ------------------------------------------
* </ul>
* <p>
* 2. ftUserAttrs is used to store user RBAC and Admin role assignment and other security attributes on User entity.
* <ul>
* <li> ------------------------------------------
* <li> <code>objectclass ( 1.3.6.1.4.1.38088.3.1</code>
* <li> <code>NAME 'ftUserAttrs'</code>
* <li> <code>DESC 'Fortress User Attribute AUX Object Class'</code>
* <li> <code>AUXILIARY</code>
* <li> <code>MUST ( ftId )</code>
* <li> <code>MAY ( ftRC $ ftRA $ ftARC $ ftARA $ ftCstr</code>
* <li> ------------------------------------------
* </ul>
* <p>
*
* @author <a href="mailto:dev@directory.apache.org">Apache Directory Project</a>
*/
public interface Constraint
{
/**
* temporal boolean flag is used by internal Fortress components.
*
* @return boolean indicating if temporal constraints are placed on user.
*/
boolean isTemporalSet();
/**
* Set the integer timeout that contains max time ((in minutes)) that entity may remain inactive.
* This attribute is optional but if set will be validated for reasonableness.
*
* @param timeout maps to {@code ftCstr}, {@code ftRC}, {@code ftARC} attributes in {@code ftUserAttrs} object class and {@code ftCstr} attribute in {@code ftRls} object class.
*/
void setTimeout( Integer timeout );
/**
* Set the begin time of day entity is allowed to be activated in system. The format is military time - HHMM, i.e. 0800 (8:00 am) or 1700 (5:00 p.m.).
* This attribute is optional but if set will be validated for reasonableness.
*
* @param beginTime maps to {@code ftCstr}, {@code ftRC}, {@code ftARC} attributes in {@code ftUserAttrs} object class and {@code ftCstr} attribute in {@code ftRls} object class.
*/
void setBeginTime( String beginTime );
/**
* Set the end time of day entity is allowed to be activated in system. The format is military time - HHMM, i.e. 0000 (12:00 am) or 2359 (11:59 p.m.).
* This attribute is optional but if set will be validated for reasonableness.
*
* @param endTime maps to {@code ftCstr}, {@code ftRC}, {@code ftARC} attributes in {@code ftUserAttrs} object class and {@code ftCstr} attribute in {@code ftRls} object class.
*/
void setEndTime( String endTime );
/**
* Set the beginDate when entity is allowed to be activated in system. The format is - YYYYMMDD, i.e. 20100101 (January 1, 2001).
* This attribute is optional but if set will be validated for reasonableness.
*
* @param beginDate maps to {@code ftCstr}, {@code ftRC}, {@code ftARC} attributes in {@code ftUserAttrs} object class and {@code ftCstr} attribute in {@code ftRls} object class.
*/
void setBeginDate( String beginDate );
/**
* Set the end date when entity is not allowed to be activated in system. The format is - YYYYMMDD, i.e. 20100101 (January 1, 2010).
* This attribute is optional but if set will be validated for reasonableness.
*
* @param endDate maps to {@code ftCstr}, {@code ftRC}, {@code ftARC} attributes in {@code ftUserAttrs} object class and {@code ftCstr} attribute in {@code ftRls} object class.
*/
void setEndDate( String endDate );
/**
* Set the daymask that specifies what days of week entity is allowed to be activated in system. The format is 1234567, i.e. 23456 (Monday, Tuesday, Wednesday, Thursday, Friday).
* This attribute is optional but if set will be validated for reasonableness.
*
* @param dayMask maps to {@code ftCstr}, {@code ftRC}, {@code ftARC} attributes in {@code ftUserAttrs} object class and {@code ftCstr} attribute in {@code ftRls} object class.
*/
void setDayMask( String dayMask );
/**
* Set the begin lock date when entity is temporarily not allowed to be activated in system. The format is - YYYYMMDD, 20100101 (January 1, 2010).
* This attribute is optional but if set will be validated for reasonableness.
*
* @param beginLockDate maps to {@code ftCstr}, {@code ftRC}, {@code ftARC} attributes in {@code ftUserAttrs} object class and {@code ftCstr} attribute in {@code ftRls} object class.
*/
void setBeginLockDate( String beginLockDate );
/**
* Set the end lock date when entity is allowed to be activated in system once again. The format is - YYYYMMDD, i.e. 20100101 (January 1, 2010).
* This attribute is optional but if set will be validated for reasonableness.
*
* @param endLockDate maps to {@code ftCstr}, {@code ftRC}, {@code ftARC} attributes in {@code ftUserAttrs} object class and {@code ftCstr} attribute in {@code ftRls} object class.
*/
void setEndLockDate( String endLockDate );
/**
* This is used internally by Fortress for Constraint operations. Values set here by external caller will be ignored.
*
* @param name contains attribute used internally for constraint checking.
*/
void setName( String name );
/**
* Required on DAO classes convert from raw data to object format. Not intended for external use.
*
* @return String that maps to {@code ftCstr}, {@code ftRC}, {@code ftARC} attributes in {@code ftUserAttrs} object class and {@code ftCstr} attribute in {@code ftRls} object class.
*/
String getRawData();
/**
* Return the integer timeout that contains total time ((in minutes)) that entity may remain inactive.
* This attribute is optional but if set will be validated for reasonableness.
*
* @return int that maps to {@code ftCstr}, {@code ftRC}, {@code ftARC} attributes in {@code ftUserAttrs} object class and {@code ftCstr} attribute in {@code ftRls} object class.
*/
Integer getTimeout();
/**
* Contains the begin time of day entity is allowed to be activated in system. The format is military time - HHMM, i.e. 0800 (8:00 am) or 1700 (5:00 p.m.).
* This attribute is optional but if set will be validated for reasonableness.
*
* @return String that maps to 'ftCstr', 'ftRC', 'ftARC' attributes in 'ftUserAttrs' object class and 'ftCstr' attribute in 'ftRls' object class.
*/
String getBeginTime();
/**
* Contains the end time of day entity is allowed to be activated in system. The format is military time - HHMM, i.e. 0000 (12:00 am) or 2359 (11:59 p.m.).
* This attribute is optional but if set will be validated for reasonableness.
*
* @return String that maps to {@code ftCstr}, {@code ftRC}, {@code ftARC} attributes in {@code ftUserAttrs} object class and {@code ftCstr} attribute in {@code ftRls} object class.
*/
String getEndTime();
/**
* Contains the begin date when entity is allowed to be activated in system. The format is - YYYYMMDD, i.e. 20100101 (January 1, 2010).
* This attribute is optional but if set will be validated for reasonableness.
*
* @return String that maps to {@code ftCstr}, {@code ftRC}, {@code ftARC} attributes in {@code ftUserAttrs} object class and {@code ftCstr} attribute in {@code ftRls} object class.
*/
String getBeginDate();
/**
* Contains the end date when entity is allowed to be activated in system. The format is - YYYYMMDD, i.e. 20101231 (December 31, 2011).
* This attribute is optional but if set will be validated for reasonableness.
*
* @return String that maps to {@code ftCstr}, {@code ftRC}, {@code ftARC} attributes in {@code ftUserAttrs} object class and {@code ftCstr} attribute in {@code ftRls} object class.
*/
String getEndDate();
/**
* Contains the begin lock date when entity is temporarily not allowed to activated in system. The format is - YYYYMMDD, i.e. 20100101 (January 1, 2010).
* This attribute is optional but if set will be validated for reasonableness.
*
* @return String that maps to {@code ftCstr}, {@code ftRC}, {@code ftARC} attributes in {@code ftUserAttrs} object class and {@code ftCstr} attribute in {@code ftRls} object class.
*/
String getBeginLockDate();
/**
* Contains the end lock date when entity is allowed to be activated in system once again. The format is - YYYYMMDD, i.e. 20100101 (January 1, 2010).
* This attribute is optional but if set will be validated for reasonableness.
*
* @return String that maps to {@code ftCstr}, {@code ftRC}, {@code ftARC} attributes in {@code ftUserAttrs} object class and {@code ftCstr} attribute in {@code ftRls} object class.
*/
String getEndLockDate();
/**
* Get the daymask that indicates what days of week entity is allowed to be activated in system. The format is 1234567, i.e. 23456 (Monday, Tuesday, Wednesday, Thursday, Friday).
* This attribute is optional but if set will be validated for reasonableness.
*
* @return String that maps to {@code ftCstr}, {@code ftRC}, {@code ftARC} attributes in {@code ftUserAttrs} object class and {@code ftCstr} attribute in {@code ftRls} object class.
*/
String getDayMask();
/**
* This is used internally by Fortress for Constraint operations.
*
* @return String that maps to {@code ftCstr}, {@code ftRC}, {@code ftARC} attributes in {@code ftUserAttrs} object class and {@code ftCstr} attribute in {@code ftRls} object class.
*/
String getName();
/**
* Return a list of role constraints on entity.
*
* @return
*/
List<RoleConstraint> getConstraints();
}