com.pega.pegarules.pub.context

Interface PRAuthorization

public interface PRAuthorization

The Security object encapsulates access to a single PRThread authorization and authentication data

Field Summary

Fields

Modifier and Type	Field and Description
static int	ABAC_ACCESS_DELETE
static int	ABAC_ACCESS_DISCOVER
static int	ABAC_ACCESS_DISCOVER_AND_READ
static int	ABAC_ACCESS_NOT_READ_BUT_DISCOVER
static int	ABAC_ACCESS_READ Attribute based access control operations
static int	ABAC_ACCESS_UPDATE
static java.lang.String	ABAC_ENABLED
static java.lang.String	ABAC_OPER_DELETE
static java.lang.String	ABAC_OPER_DISCOVER
static java.lang.String	ABAC_OPER_DISCOVER_AND_READ
static java.lang.String	ABAC_OPER_NOT_READ_BUT_DISCOVER
static java.lang.String	ABAC_OPER_PROP_READ
static java.lang.String	ABAC_OPER_READ
static java.lang.String	ABAC_OPER_UPDATE
static int	ACCESS_DELETE Access constant permitting use of Obj-Delete
static int	ACCESS_DELETE_RULE Access constant permitting Obj-Delete of a Rule
static int	ACCESS_EXECUTE Access constant permitting execution of Rule-Obj-Activity instances
static int	ACCESS_MODIFY Access constant permitting use of Obj-Save
static int	ACCESS_MODIFY_RULE Access constant permitting Obj-Save of a Rule
static int	ACCESS_OPEN Access constant permitting use of Obj-Open
static int	ACCESS_OPEN_RULE Access constant permitting Obj-Open of a Rule
static int	ACCESS_PERFORM
static int	ACCESS_SEARCH Access constant permitting use of Obj-List
static java.lang.String	COPYRIGHT
static int	UPDATE_APPEND Update action: append to existing list
static int	UPDATE_DELETE Update action: delete specified entries
static int	UPDATE_DELETE_UPTO Update action: delete this entry and all preceeding entries
static int	UPDATE_PREPEND Update action: prepend to existing list
static int	UPDATE_REPLACE Update action: replace all existing entries with new values
static java.lang.String	VERSION

Method Summary

Modifier and Type	Method and Description
boolean	canUpdateRuleSet(java.lang.String aRuleSetName, ClassDefinition aInstanceClass) Determine if a user is permitted to update a specified ruleset This comes into effect on a MT setup.
boolean	canUpdateRuleSet(java.lang.String aRuleSetName, java.lang.String aRuleSetVersion) Determine if a user is permitted to update a specified ruleset version
boolean	doesCyclicDependencyExist(ClipboardPage rolePage) Checks if there is cyclic dependency among the roles
boolean	enableUpdateRuleSet(PublicAPI aCaller, java.lang.String aRuleSetName, java.lang.String aRuleSetVersion, java.lang.String aPassword) Enable the user to update the specified ruleset version
ABACSecurityPolicyEngine	getABACSecurityPolicyEngine()
java.util.List<java.lang.String>	getAllDependentRole(java.lang.String roleName) Get all dependent role for a given role name.
java.lang.String	getEncodedRuleSetList() This is a unique string (hash) that identifies the requestor's complete rulesetlist.
IOTPManager	getOTPManager()
java.lang.String	getPersonalRuleSetName() Return the name of this user's personal ruleset list, if they're allowed to check instances out into their personal ruleset
java.util.Date	getSettingAsDate(java.lang.String aClassName, java.lang.String aSettingName) This method returns the value of a Rule-Access-Setting for the current user.
double	getSettingAsDouble(java.lang.String aClassName, java.lang.String aSettingName) This method returns the value of a Rule-Access-Setting for the current user.
int	getSettingAsInt(java.lang.String aClassName, java.lang.String aSettingName) This method returns the value of a Rule-Access-Setting for the current user.
java.lang.String	getSettingAsString(java.lang.String aClassName, java.lang.String aSettingName) This method returns the value of a Rule-Access-Setting for the current user as an Integer.
java.lang.String	getSettingType(java.lang.String aClassName, java.lang.String aSettingName) This method returns the type of a Rule-Access-Setting for the current user.
boolean	hasABACAccess(java.lang.String aClassName, java.lang.String actionName, ClipboardPage aPage, boolean openInstanceFromDB, PublicAPI tools) Returns true if specified access is permitted based on the Policy and Combine Criteria evaluation
boolean	haveAccess(java.lang.Object aCaller, java.lang.String aClassName, int aAccessCode, ClipboardPage aPage) Return true if specified access is permitted Similar logic is used to evaluate pre-defined access types and application-specific privileges.
boolean	haveAuthorization(java.lang.Object aCaller, java.lang.String aClassName, java.lang.String aRoles, java.lang.String aPrivileges, java.lang.String aConditions, ClipboardPage aPage) Return true if specified roles, privileges are held, or if specified conditions are satisfied
boolean	havePrivilege(java.lang.Object aCaller, java.lang.String aPrivilegeName, java.lang.String aClassName, ClipboardPage aPage) Return true if specified privileges are held
boolean	havePrivilege(java.lang.Object aCaller, java.lang.String aPrivilegeName, java.lang.String aClassName, ClipboardPage aPage, boolean aCheckForAccessManagerPrivilege) Return true if specified privileges are held
boolean	haveRole(java.lang.String aRoleName) Return true if specifed role is held
boolean	restoreRuleSetList() Restore the RuleSet list of this requestor to its previous state.
boolean	setRoles(PublicAPI aCaller, int aAction, ClipboardProperty aRefValue) Set the roles to be used in this authorization context
boolean	setRoles(PublicAPI aCaller, int aAction, java.util.List aRoleList)
boolean	setRuleSets(ClipboardProperty aOriginals, ClipboardProperty aReplacements) Apply a change (or list of changes) to the RuleSet list.
boolean	setRuleSets(ClipboardProperty aOriginals, ClipboardProperty aReplacements, ClipboardProperty aEffectiveAsOfDate) Apply a change (or list of changes) to the RuleSet list, but make sure the replacements are valid starting on a certain date.
boolean	setRuleSets(PublicAPI aCaller, int aAction, ClipboardProperty aRefValue) Set the rulesets to be used in this authorization context
boolean	setRuleSets(PublicAPI aCaller, int aAction, ClipboardProperty aRefValue, ClipboardProperty aEffectiveAsOfDate) Set the rulesets to be used in this authorization context.

Field Detail

VERSION

static final java.lang.String VERSION

COPYRIGHT

static final java.lang.String COPYRIGHT

See Also:

Constant Field Values

ACCESS_OPEN

static final int ACCESS_OPEN

Access constant permitting use of Obj-Open

See Also:

Constant Field Values

ACCESS_MODIFY

static final int ACCESS_MODIFY

Access constant permitting use of Obj-Save

See Also:

Constant Field Values

ACCESS_DELETE

static final int ACCESS_DELETE

Access constant permitting use of Obj-Delete

See Also:

Constant Field Values

ACCESS_SEARCH

static final int ACCESS_SEARCH

Access constant permitting use of Obj-List

See Also:

Constant Field Values

ACCESS_EXECUTE

static final int ACCESS_EXECUTE

Access constant permitting execution of Rule-Obj-Activity instances

See Also:

Constant Field Values

ACCESS_OPEN_RULE

static final int ACCESS_OPEN_RULE

Access constant permitting Obj-Open of a Rule

See Also:

Constant Field Values

ACCESS_MODIFY_RULE

static final int ACCESS_MODIFY_RULE

Access constant permitting Obj-Save of a Rule

See Also:

Constant Field Values

ACCESS_DELETE_RULE

static final int ACCESS_DELETE_RULE

Access constant permitting Obj-Delete of a Rule

See Also:

Constant Field Values

ACCESS_PERFORM

static final int ACCESS_PERFORM

See Also:

Constant Field Values

UPDATE_PREPEND

static final int UPDATE_PREPEND

Update action: prepend to existing list

See Also:

Constant Field Values

UPDATE_APPEND

static final int UPDATE_APPEND

Update action: append to existing list

See Also:

Constant Field Values

UPDATE_DELETE

static final int UPDATE_DELETE

Update action: delete specified entries

See Also:

Constant Field Values

UPDATE_DELETE_UPTO

static final int UPDATE_DELETE_UPTO

Update action: delete this entry and all preceeding entries

See Also:

Constant Field Values

UPDATE_REPLACE

static final int UPDATE_REPLACE

Update action: replace all existing entries with new values

See Also:

Constant Field Values

ABAC_ENABLED

static final java.lang.String ABAC_ENABLED

See Also:

Constant Field Values

ABAC_OPER_READ

static final java.lang.String ABAC_OPER_READ

See Also:

Constant Field Values

ABAC_OPER_UPDATE

static final java.lang.String ABAC_OPER_UPDATE

See Also:

Constant Field Values

ABAC_OPER_DELETE

static final java.lang.String ABAC_OPER_DELETE

See Also:

Constant Field Values

ABAC_OPER_DISCOVER

static final java.lang.String ABAC_OPER_DISCOVER

See Also:

Constant Field Values

ABAC_OPER_DISCOVER_AND_READ

static final java.lang.String ABAC_OPER_DISCOVER_AND_READ

See Also:

Constant Field Values

ABAC_OPER_NOT_READ_BUT_DISCOVER

static final java.lang.String ABAC_OPER_NOT_READ_BUT_DISCOVER

See Also:

Constant Field Values

ABAC_ACCESS_READ

static final int ABAC_ACCESS_READ

Attribute based access control operations

See Also:

Constant Field Values

ABAC_ACCESS_UPDATE

static final int ABAC_ACCESS_UPDATE

See Also:

Constant Field Values

ABAC_ACCESS_DELETE

static final int ABAC_ACCESS_DELETE

See Also:

Constant Field Values

ABAC_ACCESS_DISCOVER

static final int ABAC_ACCESS_DISCOVER

See Also:

Constant Field Values

ABAC_ACCESS_DISCOVER_AND_READ

static final int ABAC_ACCESS_DISCOVER_AND_READ

See Also:

Constant Field Values

ABAC_ACCESS_NOT_READ_BUT_DISCOVER

static final int ABAC_ACCESS_NOT_READ_BUT_DISCOVER

See Also:

Constant Field Values

ABAC_OPER_PROP_READ

static final java.lang.String ABAC_OPER_PROP_READ

See Also:

Constant Field Values

Method Detail

canUpdateRuleSet

boolean canUpdateRuleSet(java.lang.String aRuleSetName,
                         java.lang.String aRuleSetVersion)
                  throws PRSecurityException

Determine if a user is permitted to update a specified ruleset version

Parameters:

aRuleSetName - name of ruleset for which update access is requested

aRuleSetVersion - version of ruleset for which update access is requested

Returns:

true if ruleset may be updated

Throws:

PRSecurityException

canUpdateRuleSet

boolean canUpdateRuleSet(java.lang.String aRuleSetName,
                         ClassDefinition aInstanceClass)
                  throws PRSecurityException

Determine if a user is permitted to update a specified ruleset This comes into effect on a MT setup. A tenant user should not be able to create/edit rules in shared rulesets

Parameters:

aRuleSetName - name of ruleset for which update access is requested

aInstanceClass - Class defintion of the instance type

Returns:

true if ruleset may be updated

Throws:

PRSecurityException

enableUpdateRuleSet

boolean enableUpdateRuleSet(PublicAPI aCaller,
                            java.lang.String aRuleSetName,
                            java.lang.String aRuleSetVersion,
                            java.lang.String aPassword)
                     throws PRSecurityException

Enable the user to update the specified ruleset version

Parameters:

aCaller - "executable" element to verify caller may make this request

aRuleSetName - name of ruleset for which update access is requested

aRuleSetVersion - version of ruleset for which update access is requested

aPassword - cleartext password for the ruleset version

Returns:

true if update access granted

Throws:

PRSecurityException

getPersonalRuleSetName

java.lang.String getPersonalRuleSetName()

Return the name of this user's personal ruleset list, if they're allowed to check instances out into their personal ruleset

Returns:

ruleset name

haveAccess

boolean haveAccess(java.lang.Object aCaller,
                   java.lang.String aClassName,
                   int aAccessCode,
                   ClipboardPage aPage)
            throws PRSecurityException

Return true if specified access is permitted Similar logic is used to evaluate pre-defined access types and application-specific privileges. Pre-defined access types, available for any class, and for which the PegaRULES engine implicitly checks, are specified using one of the pre-defined access constants as the access code.

Parameters:

aCaller - Object PRTHread or Executable instance that called this method

aClassName - class (pxObjClass) on which access is requested

aAccessCode - one of the pre-defined access constants

aPage - instance on which access is requested

Returns:

true if access is permitted

Throws:

PRSecurityException

haveAuthorization

boolean haveAuthorization(java.lang.Object aCaller,
                          java.lang.String aClassName,
                          java.lang.String aRoles,
                          java.lang.String aPrivileges,
                          java.lang.String aConditions,
                          ClipboardPage aPage)
                   throws PRSecurityException

Return true if specified roles, privileges are held, or if specified conditions are satisfied

Parameters:

aCaller - Object PRThread or Executable instance that called this method

aClassName - class on which access is requested

aRoles - comma-separated list of role names

aPrivileges - comma-separated list of privileges in the format class-name.privilege-name or in the format privilege-name. In the latter case the aClassName is assumed.

aConditions - comma-separated list of Rule-Access-When conditions

aPage - instance on which authorization is requested; this page must be of class aClassName

Returns:

true if privilege is held

Throws:

PRSecurityException

havePrivilege

boolean havePrivilege(java.lang.Object aCaller,
                      java.lang.String aPrivilegeName,
                      java.lang.String aClassName,
                      ClipboardPage aPage)
               throws PRSecurityException

Return true if specified privileges are held

Parameters:

aCaller - Object PRThread or Executable instance that called this method

aPrivilegeName - comma-separated privileges in the format class-name.privilege-name or privilege-name

aClassName - class defining the privilege name (if null use pxObjClass of aPage)

aPage - instance on which privilege is requested, or null if none

Returns:

true if privilege is held

Throws:

PRSecurityException

havePrivilege

boolean havePrivilege(java.lang.Object aCaller,
                      java.lang.String aPrivilegeName,
                      java.lang.String aClassName,
                      ClipboardPage aPage,
                      boolean aCheckForAccessManagerPrivilege)
               throws PRSecurityException

Return true if specified privileges are held

Parameters:

aCaller - Object PRThread or Executable instance that called this method

aPrivilegeName - comma-separated privileges in the format class-name.privilege-name or privilege-name

aClassName - class defining the privilege name (if null use pxObjClass of aPage)

aPage - instance on which privilege is requested, or null if none

aCheckForAccessManagerPrivilege - - true if no privileges are required on rule && rule security mode is NOT Deny

Returns:

true if privilege is held

Throws:

PRSecurityException

haveRole

boolean haveRole(java.lang.String aRoleName)
          throws PRSecurityException

Return true if specifed role is held

Parameters:

aRoleName -

Returns:

true if role is held

Throws:

PRSecurityException

setRoles

boolean setRoles(PublicAPI aCaller,
                 int aAction,
                 ClipboardProperty aRefValue)
          throws PRSecurityException

Set the roles to be used in this authorization context

Parameters:

aCaller - "executable" element to verify caller may make this request

aAction - one of the UPDATE_* constants

aRefValue - role name or list

Returns:

true if successfully updated

Throws:

PRSecurityException

setRoles

boolean setRoles(PublicAPI aCaller,
                 int aAction,
                 java.util.List aRoleList)
          throws PRSecurityException

Throws:

PRSecurityException

setRuleSets

boolean setRuleSets(PublicAPI aCaller,
                    int aAction,
                    ClipboardProperty aRefValue)
             throws PRSecurityException

Set the rulesets to be used in this authorization context

Parameters:

aCaller - "executable" element to verify caller may make this request

aAction - one of the UPDATE_* constants

aRefValue - ruleset name or list

Returns:

true if successfully updated

Throws:

PRSecurityException

getSettingType

java.lang.String getSettingType(java.lang.String aClassName,
                                java.lang.String aSettingName)

This method returns the type of a Rule-Access-Setting for the current user. Returns null if setting doesn't exist. type.

Parameters:

aClassName - The rule class.

aSettingName - The setting name.

Returns:

The current value of the setting.

getSettingAsString

java.lang.String getSettingAsString(java.lang.String aClassName,
                                    java.lang.String aSettingName)

This method returns the value of a Rule-Access-Setting for the current user as an Integer. Returns null if setting doesn't exist or is not a string-type setting.

Parameters:

aClassName - The rule class.

aSettingName - The setting name.

Returns:

The current value of the setting.

getSettingAsInt

int getSettingAsInt(java.lang.String aClassName,
                    java.lang.String aSettingName)
             throws PRSecurityException

This method returns the value of a Rule-Access-Setting for the current user. Returns null if setting does not exist or if it is not an integer-type setting.

Parameters:

aClassName - The rule class.

aSettingName - The setting name.

Returns:

The current value of the setting.

Throws:

PRSecurityException - If setting is of a different type.

getSettingAsDouble

double getSettingAsDouble(java.lang.String aClassName,
                          java.lang.String aSettingName)
                   throws PRSecurityException

This method returns the value of a Rule-Access-Setting for the current user. Returns null if setting doesn't exist or if it is not a decimal-type setting.

Parameters:

aClassName - The rule class.

aSettingName - The setting name.

Returns:

The current value of the setting.

Throws:

PRSecurityException - If setting is of a different type.

getSettingAsDate

java.util.Date getSettingAsDate(java.lang.String aClassName,
                                java.lang.String aSettingName)
                         throws PRSecurityException

This method returns the value of a Rule-Access-Setting for the current user. Returns null if the setting doesn't exist of if it is not a datetime-type setting.

Parameters:

aClassName - The rule class.

aSettingName - The setting name.

Returns:

The current value of the setting.

Throws:

PRSecurityException - If setting is of a different type.

setRuleSets

boolean setRuleSets(ClipboardProperty aOriginals,
                    ClipboardProperty aReplacements)

Apply a change (or list of changes) to the RuleSet list. The two parameters must both be either scalar strings, or string lists. The value(s) of aOriginals will be found in the RuleSet list, and replaced with the value(s) or aReplacements (in the case of a list, the value at the corresponding index will be used).

If for some reasons this fails, a message will appear on the console, and this function will return false. When the function fails, the RuleSet list will be the same as it was before the function call.

Warning: No effort is made to validate the RuleSet list after these changes.

Parameters:

aOriginals - A Scalar or String List ClipboardProperty, with entries that should appear in the RuleSet list

aReplacements - A Scalar or String List ClipboardProperty, with entries that will replace contents in the RuleSet List

Returns:

true if the operation completes as expected, false otherwise.

setRuleSets

boolean setRuleSets(ClipboardProperty aOriginals,
                    ClipboardProperty aReplacements,
                    ClipboardProperty aEffectiveAsOfDate)

Apply a change (or list of changes) to the RuleSet list, but make sure the replacements are valid starting on a certain date. The first two parameters must both be either scalar strings, or string lists. The value(s) of aOriginals will be found in the RuleSet list, and replaced with the value(s) or aReplacements (in the case of a list, the value at the corresponding index will be used).

The third parameter specifies an effective date, where partial RuleSet specifications (i.e. YourRuleSet:07-02) are refined to specific versions based on their pyRuleSetVersionEffectiveDate or pxCreateDateTime, in that order.

If for some reasons this fails, a message will appear on the console, and this function will return false. When the function fails, the RuleSet list will be the same as it was before the function call.

Warning: No effort is made to validate the RuleSet list after these changes.

Parameters:

aOriginals - A Scalar or String List ClipboardProperty, with entries that should appear in the RuleSet list

aReplacements - A Scalar or String List ClipboardProperty, with entries that will replace contents in the RuleSet List

aEffectiveAsOfDate -

Returns:

true if the operation completes as expected, false otherwise.

Throws:

java.lang.IllegalArgumentException - on bad input

PRSecurityException - on an internal error

setRuleSets

boolean setRuleSets(PublicAPI aCaller,
                    int aAction,
                    ClipboardProperty aRefValue,
                    ClipboardProperty aEffectiveAsOfDate)
             throws PRSecurityException

Set the rulesets to be used in this authorization context. The fourth parameter specifies an effective date, where partial RuleSet specifications (i.e. YourRuleSet:07-02) are refined to specific versions based on their pyRuleSetVersionEffectiveDate or pxCreateDateTime, in that order.

Parameters:

aCaller - "executable" element to verify caller may make this request

aAction - one of the UPDATE_* constants

aRefValue - ruleset name or list

aEffectiveAsOfDate - ruleset effective date

Returns:

true if successfully updated

Throws:

java.lang.IllegalArgumentException - on bad inputs

PRSecurityException - on error

restoreRuleSetList

boolean restoreRuleSetList()

Restore the RuleSet list of this requestor to its previous state. The RuleSet list of this requestor will be restored to its previous state - for unauthenticated users, that is the RuleSet set when the requstor is created. For authenticated users, that is the RuleSet that was established as part of authroization.

Returns:

true if list has been restored, false otherwise.

getEncodedRuleSetList

java.lang.String getEncodedRuleSetList()

This is a unique string (hash) that identifies the requestor's complete rulesetlist.

Returns:

value of hash

getOTPManager

IOTPManager getOTPManager()

Returns:

OTPManger object reference

getAllDependentRole

java.util.List<java.lang.String> getAllDependentRole(java.lang.String roleName)

Get all dependent role for a given role name.

Parameters:

roleName - RoleName

Returns:

set of all dependent roles

doesCyclicDependencyExist

boolean doesCyclicDependencyExist(ClipboardPage rolePage)

Checks if there is cyclic dependency among the roles

Parameters:

rolePage - rolePage

Returns:

is cyclic dependency exists or not

getABACSecurityPolicyEngine

ABACSecurityPolicyEngine getABACSecurityPolicyEngine()

hasABACAccess

boolean hasABACAccess(java.lang.String aClassName,
                      java.lang.String actionName,
                      ClipboardPage aPage,
                      boolean openInstanceFromDB,
                      PublicAPI tools)
               throws BadInputException,
                      DatabaseException

Returns true if specified access is permitted based on the Policy and Combine Criteria evaluation

Parameters:

tools -

aClassName -

actionName -

aPage - instance page or page with class keys and values populated when openInstanceFromDB is true

openInstanceFromDB - opens the instance from DB using the keys populated in aPage parameter

Returns:

true if access is permitted

Throws:

BadInputException

DatabaseException