|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectcom.waveset.provision.WorkflowServices
A WorkflowApplication that can perform various operations related to provisioning accounts and accessing resource objects.
Field Summary | |
static java.lang.String |
APPROVAL_APPROVERS
|
static java.lang.String |
APPROVAL_AUTH_TYPE
|
static java.lang.String |
APPROVAL_DELEGATORS
|
static java.lang.String |
APPROVAL_ESCALATORS
|
static java.lang.String |
APPROVAL_LISTENERS
|
static java.lang.String |
APPROVAL_NAME
|
static java.lang.String |
APPROVAL_OBJECT_NAME
|
static java.lang.String |
APPROVAL_OBJECT_TYPE
|
static java.lang.String |
APPROVAL_TIMEOUT
|
static java.lang.String |
APPROVAL_TIMEOUT_TASK
|
static java.lang.String |
ARG_ACCOUNT_GUID
|
static java.lang.String |
ARG_ACCOUNT_ID
|
static java.lang.String |
ARG_ACCOUNT_ID_LIST
|
static java.lang.String |
ARG_ACCOUNT_PASSWORD
|
static java.lang.String |
ARG_ADDITIONAL_APPROVERS
Deprecated. - this should be removed when 'query' is supported in #deriveUsers(com.waveset.object.GenericObject, com.waveset.workflow.WorkflowContext)
Optional recognized by getAdditionalApprovers to indicate any additional
approvers to be included in the set of approvers. If not specified,
no 'additional' approvals will be generated. |
static java.lang.String |
ARG_ADDITIONAL_ESCALATORS
Deprecated. - this should be removed when 'query' is supported in #deriveUsers(com.waveset.object.GenericObject, com.waveset.workflow.WorkflowContext)
Optional recognized by getAdditionalApprovers to indicate any admins
to which the approval will be escalated after a timeout. |
static java.lang.String |
ARG_ALL_APPROVALS
Option recognized by getApprovers to indiciate that an entire approver set should be calcuated even if the user already exists, and presumably has gone through an approval process once. |
static java.lang.String |
ARG_ALLOW_PASSWORD_GENERATION
|
static java.lang.String |
ARG_APPROVAL_PENDING
|
static java.lang.String |
ARG_ATTRIBUTE_CHANGES
|
static java.lang.String |
ARG_CACHE
|
static java.lang.String |
ARG_CACHE_TIMEOUT
|
static java.lang.String |
ARG_CATCH
|
static java.lang.String |
ARG_CLEAR_CACHE
|
static java.lang.String |
ARG_CONDITIONS
|
static java.lang.String |
ARG_DEASSIGN
|
static java.lang.String |
ARG_DO_RESOURCES
|
static java.lang.String |
ARG_FORCE
|
static java.lang.String |
ARG_FORMATTED_CHANGES
|
static java.lang.String |
ARG_MAX_ERRORS
|
static java.lang.String |
ARG_NEW_ATTRIBUTES
|
static java.lang.String |
ARG_NEW_VALIDATOR
|
static java.lang.String |
ARG_NOTIFICATIONS
|
static java.lang.String |
ARG_OBJECT
|
static java.lang.String |
ARG_OBJECT_ID
|
static java.lang.String |
ARG_OBJECT_TYPE
|
static java.lang.String |
ARG_OP
|
static java.lang.String |
ARG_ORGANIZATION
|
static java.lang.String |
ARG_ORGANIZATIONS
|
static java.lang.String |
ARG_PREV_ATTRIBUTES
|
static java.lang.String |
ARG_REJECTOR
|
static java.lang.String |
ARG_RESOURCE
|
static java.lang.String |
ARG_RESOURCE_ID
|
static java.lang.String |
ARG_RESOURCE_IDS_LIST
|
static java.lang.String |
ARG_RESOURCE_NAME
|
static java.lang.String |
ARG_RESOURCES
|
static java.lang.String |
ARG_RESOURCES_TO_UNLINK
|
static java.lang.String |
ARG_RETRY_ENABLE
Set to "true" if processing should be done for retries. |
static java.lang.String |
ARG_ROLE
|
static java.lang.String |
ARG_ROLES
|
static java.lang.String |
ARG_RUN_AS_PASSWORD
|
static java.lang.String |
ARG_RUN_AS_USER
|
static java.lang.String |
ARG_SAVE_RESULTS
|
static java.lang.String |
ARG_SEARCH_ATTRS
|
static java.lang.String |
ARG_SEARCH_CONTEXT
|
static java.lang.String |
ARG_SEARCH_FILTER
|
static java.lang.String |
ARG_SEARCH_SCOPE
|
static java.lang.String |
ARG_SEARCH_TIME_LIMIT
|
static java.lang.String |
ARG_SERVICES
|
static java.lang.String |
ARG_SUBJECT
Argument that may be passed into most methods to specify an alternate subject. |
static java.lang.String |
ARG_SUBJECT_INTERNAL
Special value for the ARG_SUBJECT argument that indicates that this is a request by the Idm system internals (e.g. |
static java.lang.String |
ARG_SUBJECT_NONE
Special value for the ARG_SUBJECT argument that indicates that no authorization is to be performed. |
static java.lang.String |
ARG_TARGETS
|
static java.lang.String |
ARG_UNLINK_TARGETS
|
static java.lang.String |
ARG_USER
|
static java.lang.String |
AUTHZ_BYPASS_AUDITED
|
static java.lang.String |
code_id
|
static java.lang.String |
OP_APPROVE
|
static java.lang.String |
OP_AUDIT_RESOURCE_ACCOUNT
|
static java.lang.String |
OP_AUTHENTICATE_USER_CREDENTIALS
|
static java.lang.String |
OP_BULKREPROVISION
|
static java.lang.String |
OP_CHANGE_RESOURCE_ACCOUNT_PASSWORD
|
static java.lang.String |
OP_CHECK_DEPROVISION
|
static java.lang.String |
OP_CLEANUP_RESULT
|
static java.lang.String |
OP_CREATE_RESOURCE_OBJECT
|
static java.lang.String |
OP_DELETE_RESOURCE_ACCOUNT
|
static java.lang.String |
OP_DELETE_RESOURCE_OBJECT
|
static java.lang.String |
OP_DELETE_USER
|
static java.lang.String |
OP_DEPROVISION
|
static java.lang.String |
OP_DISABLE
|
static java.lang.String |
OP_ENABLE
|
static java.lang.String |
OP_GET_APPROVALS
|
static java.lang.String |
OP_GET_APPROVERS
|
static java.lang.String |
OP_GET_DELEGATES
|
static java.lang.String |
OP_GET_NOTIFICATIONS
|
static java.lang.String |
OP_GET_RESOURCE_OBJECT
|
static java.lang.String |
OP_LIST_RESOURCE_OBJECTS
|
static java.lang.String |
OP_LOCK
|
static java.lang.String |
OP_NOTIFY
|
static java.lang.String |
OP_PROVISION
|
static java.lang.String |
OP_QUESTION_LOCK
|
static java.lang.String |
OP_REJECT
|
static java.lang.String |
OP_REPROVISION
|
static java.lang.String |
OP_RUN_RESOURCE_ACTION
|
static java.lang.String |
OP_UNLINK_RESOURCE_ACCOUNTS_FROM_USER
|
static java.lang.String |
OP_UNLOCK
|
static java.lang.String |
OP_UPDATE_RESOURCE_OBJECT
|
static java.lang.String |
OP_VALIDATE
|
static java.lang.String |
RET_ACCOUNT_CREATED
Variable we set set to indicate that the Waveset user was created. |
static java.lang.String |
RET_APPROVALS
Variable set by getApprovals that holds an object describing a set of approvals to perform. |
static java.lang.String |
RET_DELEGATES
Variable set by getDelegatees that holds a List containing the set of delegatees registered for a user. |
static java.lang.String |
RET_FAILURES
|
static java.lang.String |
RET_NOTIFICATIONS
Variable set by getApprovals that holds an object describing a set of approvals to perform. |
static java.lang.String |
RET_PASSWORD_IS_VALID
|
static java.lang.String |
RET_RESOURCE_OBJECT
|
static java.lang.String |
RET_RESOURCE_OBJECTS
|
static java.lang.String |
RET_SUCCESSES
|
protected static Trace |
trace
|
static java.lang.String |
VAR_ACCOUNT_ID
Variables we set as a side effect of validation. |
static java.lang.String |
VAR_EMAIL
|
static java.lang.String |
VAR_FULLNAME
|
static java.lang.String |
VAR_NEXT_RETRY_COUNT
|
static java.lang.String |
VAR_NEXT_RETRY_TIME
|
static java.lang.String |
VAR_NOTIFICATION_LISTENERS
Variable where we store the list of admins that want to be notified after provisioning. |
static java.lang.String |
VAR_ORGANIZATION
|
static java.lang.String |
VAR_ORGANIZATION_APPROVERS
Variable where we store the list of org approvers. |
static java.lang.String |
VAR_PRIVATE_RESOURCES
|
static java.lang.String |
VAR_RESOURCES
Variable where we store the resource approver list. |
static java.lang.String |
VAR_RETRY_ACCOUNTID
|
static java.lang.String |
VAR_RETRY_EMAIL
|
static java.lang.String |
VAR_RETRY_EMAIL_THRESHOLD
|
static java.lang.String |
VAR_RETRY_INFO
Variable where we store information about retries for resources. |
static java.lang.String |
VAR_RETRY_LAST_ERROR
|
static java.lang.String |
VAR_RETRY_OP
|
static java.lang.String |
VAR_RETRY_REFERENCED
|
static java.lang.String |
VAR_RETRY_RESOURCE
|
static java.lang.String |
VAR_RETRY_RESOURCES
|
static java.lang.String |
VAR_RETRY_TEMPID
|
static java.lang.String |
VAR_RETRY_TIMEOUT
|
static java.lang.String |
VAR_ROLE
|
static java.lang.String |
VAR_ROLE_APPROVERS
Variable where we store the list of role approvers. |
static java.lang.String |
VAR_ROLES
|
static java.lang.String |
VAR_USER
Name of the variable holding the user view. |
Constructor Summary | |
WorkflowServices()
|
Method Summary | |
WavesetResult |
call(WorkflowContext context)
Called by the workflow engine when it wants us to do something. |
WSUser |
checkForwarding(WorkflowContext context,
PersistentObject obj,
WSUser start,
WavesetResult result,
boolean checkApproverRights)
Given an administator, check for forwarding. |
void |
destroy()
Called by the workflow engine when it no longer needs us. |
WavesetResult |
getApprovers(WorkflowContext context)
Given the account ID of an existing user, determine the approvers for objects associated with the user. |
java.util.Map |
getAuthenticationResources(WorkflowContext context,
boolean includeLighthouse)
This is a handy utility that exists in a few places. |
static java.lang.String |
getCaseOwner(WorkflowContext context)
Return the workflow case owner. |
static java.lang.String |
getLoginAppName(WorkflowContext context)
Determine the login app name for loging. |
protected ResourceResult |
getMatchingResourceResult(ResourceResult rrToMatch,
WavesetResult wavesetResult)
Find the ResourceResource result in wavesetResult that is for the resource resourceName. |
protected ResourceInfo |
getProvisioningTarget(java.lang.String resName,
java.lang.String accountId,
EncryptedData password,
boolean isReset,
WorkflowContext context)
Utility to create a "provisioning target" object that corresponds to an account object in the view. |
protected GenericObject |
getRetryInfo(WorkflowContext context)
Retrieve the retrry info from the context. |
static Subject |
getSubject(WorkflowContext context)
Get the effective subject to be used for this application call. |
static com.waveset.server.ViewMaster |
getViewMaster(WorkflowContext context)
Get a view master for use with this operation. |
void |
init()
Initializes the object for use as a Workflow application. |
boolean |
isApprover(WorkflowContext context,
PersistentObject obj,
WSUser admin)
Check to see if an administrator has approval rights without propagating an exception. |
protected void |
mergeResourceResults(ResourceResult masterResult,
ResourceResult result)
Add result to masterResult, but add it inside its own WavesetResult so the ResultItems associated with the added result are kept together. |
WavesetResult |
notify(WorkflowContext context)
Send a notification. |
protected void |
processResultsForRetry(WorkflowContext context,
WavesetResult result)
If the operation just completed was a retry of a previous operation merge the results with the previous resource result and remove them from the result returned from this operation. |
WavesetResult |
validate(WorkflowContext context)
|
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
public static final java.lang.String code_id
protected static final Trace trace
public static final java.lang.String OP_VALIDATE
public static final java.lang.String OP_GET_APPROVALS
public static final java.lang.String OP_GET_NOTIFICATIONS
public static final java.lang.String OP_PROVISION
public static final java.lang.String OP_REPROVISION
public static final java.lang.String OP_BULKREPROVISION
public static final java.lang.String OP_DEPROVISION
public static final java.lang.String OP_APPROVE
public static final java.lang.String OP_REJECT
public static final java.lang.String OP_CHECK_DEPROVISION
public static final java.lang.String OP_DELETE_USER
public static final java.lang.String OP_GET_APPROVERS
public static final java.lang.String OP_GET_DELEGATES
public static final java.lang.String OP_AUDIT_RESOURCE_ACCOUNT
public static final java.lang.String OP_DELETE_RESOURCE_ACCOUNT
public static final java.lang.String OP_UNLINK_RESOURCE_ACCOUNTS_FROM_USER
public static final java.lang.String OP_DISABLE
public static final java.lang.String OP_ENABLE
public static final java.lang.String OP_LOCK
public static final java.lang.String OP_UNLOCK
public static final java.lang.String OP_QUESTION_LOCK
public static final java.lang.String OP_CREATE_RESOURCE_OBJECT
public static final java.lang.String OP_UPDATE_RESOURCE_OBJECT
public static final java.lang.String OP_DELETE_RESOURCE_OBJECT
public static final java.lang.String OP_CLEANUP_RESULT
public static final java.lang.String OP_NOTIFY
public static final java.lang.String OP_CHANGE_RESOURCE_ACCOUNT_PASSWORD
public static final java.lang.String OP_AUTHENTICATE_USER_CREDENTIALS
public static final java.lang.String OP_GET_RESOURCE_OBJECT
public static final java.lang.String OP_LIST_RESOURCE_OBJECTS
public static final java.lang.String OP_RUN_RESOURCE_ACTION
public static final java.lang.String ARG_OP
public static final java.lang.String ARG_SUBJECT
public static final java.lang.String ARG_SUBJECT_NONE
public static final java.lang.String ARG_SUBJECT_INTERNAL
public static final java.lang.String ARG_ALL_APPROVALS
public static final java.lang.String ARG_ADDITIONAL_APPROVERS
#deriveUsers(com.waveset.object.GenericObject, com.waveset.workflow.WorkflowContext)
Optional recognized by getAdditionalApprovers to indicate any additional
approvers to be included in the set of approvers. If not specified,
no 'additional' approvals will be generated.
public static final java.lang.String ARG_ADDITIONAL_ESCALATORS
#deriveUsers(com.waveset.object.GenericObject, com.waveset.workflow.WorkflowContext)
Optional recognized by getAdditionalApprovers to indicate any admins
to which the approval will be escalated after a timeout.
public static final java.lang.String ARG_DO_RESOURCES
public static final java.lang.String ARG_APPROVAL_PENDING
public static final java.lang.String ARG_ALLOW_PASSWORD_GENERATION
public static final java.lang.String ARG_TARGETS
public static final java.lang.String ARG_UNLINK_TARGETS
public static final java.lang.String ARG_SERVICES
public static final java.lang.String ARG_DEASSIGN
public static final java.lang.String ARG_RESOURCES_TO_UNLINK
public static final java.lang.String ARG_RESOURCE
public static final java.lang.String ARG_RESOURCES
public static final java.lang.String ARG_RESOURCE_NAME
public static final java.lang.String ARG_PREV_ATTRIBUTES
public static final java.lang.String ARG_NEW_ATTRIBUTES
public static final java.lang.String ARG_ATTRIBUTE_CHANGES
public static final java.lang.String ARG_FORMATTED_CHANGES
public static final java.lang.String ARG_REJECTOR
public static final java.lang.String ARG_FORCE
public static final java.lang.String ARG_ACCOUNT_ID
public static final java.lang.String ARG_ACCOUNT_ID_LIST
public static final java.lang.String ARG_ACCOUNT_GUID
public static final java.lang.String ARG_USER
public static final java.lang.String ARG_NEW_VALIDATOR
public static final java.lang.String ARG_CATCH
public static final java.lang.String ARG_ROLE
public static final java.lang.String ARG_ROLES
public static final java.lang.String ARG_ORGANIZATION
public static final java.lang.String ARG_ORGANIZATIONS
public static final java.lang.String ARG_CONDITIONS
public static final java.lang.String ARG_MAX_ERRORS
public static final java.lang.String ARG_SAVE_RESULTS
public static final java.lang.String RET_SUCCESSES
public static final java.lang.String RET_FAILURES
public static final java.lang.String ARG_NOTIFICATIONS
public static final java.lang.String AUTHZ_BYPASS_AUDITED
public static final java.lang.String ARG_ACCOUNT_PASSWORD
public static final java.lang.String RET_PASSWORD_IS_VALID
public static final java.lang.String ARG_RESOURCE_ID
public static final java.lang.String ARG_OBJECT_ID
public static final java.lang.String ARG_SEARCH_ATTRS
public static final java.lang.String RET_RESOURCE_OBJECT
public static final java.lang.String ARG_RESOURCE_IDS_LIST
public static final java.lang.String RET_RESOURCE_OBJECTS
public static final java.lang.String ARG_SEARCH_CONTEXT
public static final java.lang.String ARG_SEARCH_FILTER
public static final java.lang.String ARG_SEARCH_SCOPE
public static final java.lang.String ARG_SEARCH_TIME_LIMIT
public static final java.lang.String ARG_RUN_AS_USER
public static final java.lang.String ARG_RUN_AS_PASSWORD
public static final java.lang.String ARG_CACHE
public static final java.lang.String ARG_CACHE_TIMEOUT
public static final java.lang.String ARG_CLEAR_CACHE
public static final java.lang.String VAR_USER
public static final java.lang.String VAR_ACCOUNT_ID
public static final java.lang.String VAR_ROLE
public static final java.lang.String VAR_ROLES
public static final java.lang.String VAR_PRIVATE_RESOURCES
public static final java.lang.String VAR_ORGANIZATION
public static final java.lang.String VAR_EMAIL
public static final java.lang.String VAR_FULLNAME
public static final java.lang.String VAR_ROLE_APPROVERS
public static final java.lang.String VAR_ORGANIZATION_APPROVERS
public static final java.lang.String VAR_RESOURCES
In the older "NewValidator" class, this was a list of lists.
public static final java.lang.String VAR_NOTIFICATION_LISTENERS
public static final java.lang.String VAR_RETRY_INFO
public static final java.lang.String VAR_RETRY_TIMEOUT
public static final java.lang.String VAR_RETRY_RESOURCES
public static final java.lang.String VAR_NEXT_RETRY_TIME
public static final java.lang.String VAR_NEXT_RETRY_COUNT
public static final java.lang.String VAR_RETRY_EMAIL
public static final java.lang.String VAR_RETRY_EMAIL_THRESHOLD
public static final java.lang.String VAR_RETRY_RESOURCE
public static final java.lang.String VAR_RETRY_LAST_ERROR
public static final java.lang.String VAR_RETRY_OP
public static final java.lang.String VAR_RETRY_ACCOUNTID
public static final java.lang.String VAR_RETRY_TEMPID
public static final java.lang.String VAR_RETRY_REFERENCED
public static final java.lang.String ARG_RETRY_ENABLE
public static final java.lang.String RET_ACCOUNT_CREATED
public static final java.lang.String RET_APPROVALS
public static final java.lang.String RET_DELEGATES
public static final java.lang.String RET_NOTIFICATIONS
public static final java.lang.String APPROVAL_NAME
public static final java.lang.String APPROVAL_OBJECT_TYPE
public static final java.lang.String APPROVAL_OBJECT_NAME
public static final java.lang.String APPROVAL_AUTH_TYPE
public static final java.lang.String APPROVAL_APPROVERS
public static final java.lang.String APPROVAL_DELEGATORS
public static final java.lang.String APPROVAL_LISTENERS
public static final java.lang.String APPROVAL_ESCALATORS
public static final java.lang.String APPROVAL_TIMEOUT
public static final java.lang.String APPROVAL_TIMEOUT_TASK
public static final java.lang.String ARG_OBJECT_TYPE
public static final java.lang.String ARG_OBJECT
Constructor Detail |
public WorkflowServices() throws WavesetException
Method Detail |
public static java.lang.String getCaseOwner(WorkflowContext context) throws WavesetException
WavesetException
public static java.lang.String getLoginAppName(WorkflowContext context) throws WavesetException
WavesetException
public static Subject getSubject(WorkflowContext context) throws WavesetException
WavesetException
public static com.waveset.server.ViewMaster getViewMaster(WorkflowContext context) throws WavesetException
NOTE: Now that we have to have access to a LocalSession to run form expressions, we may as well just create it here rather than deferring it to ViewMaster.prepareViewSession.
WavesetException
public void init()
init
in interface WorkflowApplication
public void destroy()
destroy
in interface WorkflowApplication
public WavesetResult call(WorkflowContext context)
We first look at the "op" argument and dispatch to a handler method.
call
in interface WorkflowApplication
protected GenericObject getRetryInfo(WorkflowContext context) throws WavesetException
WavesetException
protected void processResultsForRetry(WorkflowContext context, WavesetResult result) throws WavesetException
WavesetException
protected ResourceResult getMatchingResourceResult(ResourceResult rrToMatch, WavesetResult wavesetResult)
protected void mergeResourceResults(ResourceResult masterResult, ResourceResult result)
public WSUser checkForwarding(WorkflowContext context, PersistentObject obj, WSUser start, WavesetResult result, boolean checkApproverRights) throws WavesetException
WavesetException
public boolean isApprover(WorkflowContext context, PersistentObject obj, WSUser admin) throws WavesetException
WavesetException
public WavesetResult validate(WorkflowContext context) throws WavesetException
WavesetException
public WavesetResult getApprovers(WorkflowContext context) throws WavesetException
WavesetException
public java.util.Map getAuthenticationResources(WorkflowContext context, boolean includeLighthouse) throws WavesetException
Return information about all the currently configured pass-through authentication resources. A map is returned whose keys are the resource names. The values in the map are the "control" flags defined for this resource, one of the constants: optional, required, requisite, or sufficient.
WavesetException
protected ResourceInfo getProvisioningTarget(java.lang.String resName, java.lang.String accountId, EncryptedData password, boolean isReset, WorkflowContext context) throws WavesetException
WavesetException
public WavesetResult notify(WorkflowContext context)
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |