com.waveset.session
Class LocalSession

java.lang.Object
  extended bycom.waveset.session.LocalSession
All Implemented Interfaces:
CacheConsistencyNumberLoader, com.sun.idm.idmx.api.IDMXConstants, com.sun.idm.idmx.api.IDMXContext, LighthouseContext, ObjectLoader, ObjectSource, RuleExecutor, Session

public class LocalSession
extends java.lang.Object
implements Session

An implementation of the Session interface that directly access the internal Server components to carry out requests. This is a "local" or in-process implementation of the server API.

We will manage a Server object which itself packages the other internal objects that implement the API.


Nested Class Summary
 
Nested classes inherited from class com.waveset.session.Session
Session.Scope
 
Field Summary
static java.lang.String code_id
           
static java.lang.String DEFAULT_PROVISIONING_TASK
          Temporary: the name of the default provisioning task, recognized by runTask.
protected static Trace trace
           
 
Fields inherited from interface com.waveset.object.LighthouseContext
COMP_ACCESS_POLICY, COMP_AUTH_CACHE, COMP_LOGIN_CONFIG_INFO, COMP_PROVISIONER, COMP_RECONCILER, COMP_REPOSITORY, COMP_SUBJECT_AUTH_CACHE, COMP_TASK_MANAGER, COMP_WORKFLOW, OP_CACHE, OP_CACHE_TIMEOUT, OP_CLEAR_CACHE, OP_NO_RESULT
 
Fields inherited from interface com.waveset.object.ObjectSource
HIGH_VALUES, OP_ALLOW_NOT_FOUND, OP_ATTRIBUTES, OP_BLOCK_SIZE, OP_BUFFERED, OP_CONDITIONS, OP_END_BEFORE, OP_FAST, OP_FILTER, OP_FORCE, OP_KEEP_LOCK, OP_MAX_ROWS, OP_NO_CACHE, OP_NO_RULE_DRIVEN_MEMBERS, OP_ONLY_NAMES, OP_ORDER_BY, OP_START_AFTER, OP_SUBJECT, OP_SUBTYPES, OP_USER
 
Fields inherited from interface com.sun.idm.idmx.api.IDMXConstants
COMP_AUTHENTICATOR, COMP_CHANGE_NOTIFIER, COMP_PERSISTENT_TRANSACTION_STORE, COMP_TRANSACTION_MANAGER, CONFIGURATION_ID, LOCAL_HOST, OP_ATTRS_TO_GET, OP_AUDIT, OP_NO_TRANSACTIONS, PRE_AUTHENTICATED_USER_LOGIN_TYPE, SPE_LOGIN_USER_INTERFACE, USER_LOGIN_TYPE
 
Constructor Summary
LocalSession()
           
LocalSession(LoginInfo loginInfo)
           
LocalSession(LoginInfo loginInfo, java.util.Locale locale)
           
LocalSession(java.lang.String appName, ObjectRef lmgRef, java.lang.String appType, java.lang.String loginMode)
           
LocalSession(java.lang.String appName, java.lang.String appType, java.lang.String loginMode)
          Build a session for use by logins in progress
LocalSession(Subject subject, java.lang.String appName, java.lang.String appType)
          Build a session for a predetermined subject.
 
Method Summary
 void approveWorkItem(java.lang.String id)
          Approve a work item.
 boolean breakLock(java.lang.Object typeid, java.lang.String id, java.util.Map options)
          Break a lock held on an object.
 void breakLock(Type type, java.lang.String id)
          Break a lock held on an object.
 void cacheObject(PersistentObject obj)
          Add an object to the session cache.
 java.lang.Object callResourceMethod(java.lang.String resourceId, java.lang.String methodName, java.util.Map args)
          This method will invoke the specified method on the specified resource, passing the given Map of arguments into the method, if the current subject has view access to the specified resource.
 java.lang.Object callRule(ExState state, java.lang.String name, java.util.Map args)
          Execute a rule.
 void changeAdminPassword(java.lang.String name, EncryptedData newPassword)
          Change the password of an administrator.
 WavesetResult changePassword(EncryptedData newPassword)
          Change the password of the currently authenticated administrator.
 WavesetResult checkinObject(PersistentObject obj)
          Checkin changes to an object.
protected  WavesetResult checkinObject(PersistentObject obj, boolean keepLock)
          Checkin changes to an object.
 WavesetResult checkinObject(PersistentObject obj, java.util.Map options)
          Store changes to an object and release the logical lock.
 WavesetResult checkinView(GenericObject view, java.util.Map options)
          Checkin a view.
 PersistentObject checkoutObject(java.lang.Object typeid, java.lang.String id, java.util.Map options)
          Checkout a persistent object for editing.
 PersistentObject checkoutObject(Type type, java.lang.String id)
          Standard checkout interface that handles authorization.
 PersistentObject checkoutObject(Type type, java.lang.String id, java.util.Map options)
          Standard checkout interface that handles authorization.
 GenericObject checkoutView(java.lang.String id, java.util.Map options)
          Checkout a view.
 void checkPermission(PersistentObject obj, Right right)
          Check permissions for the curent subject against the given object and right.
 void checkPermission(Type type, Right right)
          Check permissions for the current subject, against the given type and right.
 void checkPermissionToAnyAuthTypeSubType(Type type, Right right)
          Check permissions for the given subject, against the given type or any of its authtype subtypes and right.
 void checkReferencePermissions(PersistentObject obj)
          Check connect/disconnect permissions to objects referenced by another object.
 void clearCache()
          Initialize the client cache.
 void clearListCache(Type type, java.lang.String ogNameOrId)
          Initialize the list cache.
 void clearResourceObjectGetCache(java.util.Map options)
          Clear specified resource object lists from the cache
 void clearResourceObjectGetCache(java.lang.String subjectName, java.lang.String objectType, java.lang.String resId)
          Clear all resource object lists from the cache for all users including default
 void clearResourceObjectListCache(java.util.Map options)
          Clear specified resource object lists from the cache
 void clearResourceObjectListCache(java.lang.String subjectName, java.lang.String objectType, java.lang.String resId)
          Clear all resource object lists from the cache for all users including default
 void clearServerCache()
          Initialize the server cache.
 void clearSubject()
          Clear out any current credentials / settings in this session's subject
 WavesetResult commitView(GenericObject view, java.util.Map options)
          Commit a view.
 boolean controlsTop()
           
 boolean controlsTop(Subject subject)
           
 int countObjects(java.lang.Object typeid, java.util.Map options)
          This method returns an integer which represents the number of objects that exist in the repository which match the given attribute conditions.
 int countObjects(RepositoryResult rr)
          Intended for internal use by RepositoryResult.
 void createObject(PersistentObject obj)
          Creates a new object in the repository.
 GenericObject createView(java.lang.String id, java.util.Map options)
          Create a view.
 void decacheObject(Type type, java.lang.String id)
          Remove an object from the session cache.
 WavesetResult deleteAccount(java.lang.String userName, boolean force)
          Delete an account.
 void deleteAccountImmediate(java.lang.String userName, boolean force)
          Delete an account.
 void deleteObject(java.lang.Object typeid, java.lang.String id, java.util.Map options)
          Delete an object.
 void deleteObject(Type type, java.lang.String id)
          Delete an object from the repository, and remove it from any caches.
 void deleteObject(Type type, java.lang.String id, boolean force)
          Delete an object from the repository, and remove it from any caches.
 void deleteObjects(java.lang.Object typeid, java.util.Map options)
          Delete all objects matching certain conditions.
 void deleteObjects(Type type, java.lang.String objectGroupName, Session.Scope scope)
          Delete objects of the specified type which are members of the specified object group
 void deleteObjects(Type type, java.lang.String objectGroupName, Session.Scope scope, boolean force)
           
 void deleteTask(java.lang.String taskId)
          Delete a finished task.
 WavesetResult deleteView(java.lang.String id, java.util.Map options)
          Delete the repository objects that are associated with the view id.
 WavesetResult deProvision(java.lang.String userName)
          Deprovision accounts for an existing user.
 WavesetResult deProvision(java.lang.String objectGroupName, Session.Scope scope)
          DeProvision accounts for user's which are members of the specified object group
 WavesetResult deProvisionImmediate(java.lang.String userName)
           
 void dump()
          Dump session status.
 void exportObjects(java.lang.String typeSet, java.io.OutputStream stream, BulkMonitor monitor)
          Exports the objects whose types are within the specified type set.
 void exportObjects(java.lang.String typeSet, java.lang.String filename, BulkMonitor monitor)
          Exports the objects whose types are within the specified type set.
 void exportObjects(java.lang.String typeSet, java.io.Writer wrt, BulkMonitor monitor)
          Exports the objects whose types are within the specified type set.
 void exportObjects(Type[] types, java.io.OutputStream stream, BulkMonitor monitor)
          Exports the objects of the specified types to a stream.
 void exportObjects(Type[] types, java.lang.String filename, BulkMonitor monitor)
          Exports the objects of the specified types to a file.
 void exportObjects(Type[] types, java.io.Writer wrt, BulkMonitor monitor)
          Exports the objects of the specified types to a writer.
 java.lang.Object extendedOperation(java.lang.String op, java.util.Map arguments)
          No extended operations allowed at this time, but may need some.
 com.waveset.security.authz.AccessPolicy getAccessPolicy()
          Return the access policy for this session.
 java.lang.String getAdminApprovalForwardRef(java.lang.String adminName)
          Get your own approval reference, or one of an administrator that you control.
 QueryResult getAdministrators(java.util.Map options)
          Deprecated. - use com.waveset.view.WorkItemUtil.getAdministrators
 java.util.List getAdmins()
          Helper method that returns a filtered list of WSUsers that have one or more capabilities (are members of one or more AdminGroups) and control one or more Organizations (ObjectGroups)
 java.lang.String getAppName()
          Return the application associated with the session
 Attribute[] getAttributeArray(java.util.List src)
          Convert a List containing either Strings or Attribute objects into an array of Attribute objects.
 com.waveset.server.SubjectAuthCache getAuthCache()
           
 LighthouseContext getAuthenticatedContext(IDMXUser user)
          Derive a LighthouseContext from this one, that is configured to perform operations on behalf of a user specified with an IDMXUser
 LighthouseContext getAuthenticatedContext(java.lang.String user)
          Derive a LighthouseContext from this one, that is configured to perform operations on behalf of the named user.
 LighthouseContext getAuthenticatedContext(Subject subject)
          Derive a LighthouseContext from this one, that is configured to perform operations on behalf of a user specified with a Subject.
 LighthouseContext getAuthenticatedContext(WSUser user)
          Derive a LighthouseContext from this one, that is configured to perform operations on behalf of a user specified with a WSUser
 ObjectCache getCache()
          Return the cache managed by this session.
 long getCacheConsistencyNumber()
           
 long getCacheConsistencyNumber(Type type)
          Return a Cache Consistency Number.
 java.lang.Object getComponent(java.lang.String name)
          No internal component access is allowed here.
 java.util.ArrayList getDebugCommands()
          return a collection of string arrays of debug commands & params.
 long getDeleteDestroyInterval(Type type)
          Gets the minimum interval in milliseconds after which a deleted object of the specified time will be destroyed.
 Permission getEffectivePermission(Principal p, PersistentObject o)
           
 Permission getEffectivePermission(Subject s, PersistentObject o)
           
 Right[] getEffectiveTypeRights(Principal principal, java.lang.String typeName)
           
 Right[] getEffectiveTypeRights(Principal principal, Type type)
           
 Right[] getEffectiveTypeRights(Subject subject, java.lang.String typeName)
           
 Right[] getEffectiveTypeRights(Subject subject, Type type)
           
 Type[] getEffectiveTypes(Principal principal)
           
 Type[] getEffectiveTypes(Subject subject)
           
 int getFailedPasswordLoginAttempts()
           
 int getFailedQuestionLoginAttempts()
           
 Form getForm(GenericObject view, java.util.Map options)
          Get the form to be used with a view.
 java.util.HashMap getInitialInstanceInfo()
          Build up a map of initial instance info for use when importing full exchange files.
 java.util.Locale getLocale()
          Get the locale from the subject.
 LockInfo getLock(java.lang.Object typeid, java.lang.String id)
          Obtain current lock status.
 LockInfo getLockInfo(Type type, java.lang.String id)
          Return information about a lock held on this object if any.
 LoginConfig getLoginConfig()
           
 java.lang.String[] getLoginExceptions()
           
 LoginInfo getLoginInfo()
          Return the login information associated with this Session.
 ObjectRef getLoginModGrp()
          Return the application associated with the session
 int getLoginModuleIndex()
           
 boolean[] getLoginPasswordExpired()
           
 WavesetResult getLoginResult()
          Returns the login result messages, if any.
 java.lang.String[] getLoginSucceeded()
           
 long getModificationCounter(Type type)
          Return the modification counter for a type.
 PersistentObject getObject(java.lang.Object typeid, java.lang.String id)
          Retrieve an object from the repository.
 PersistentObject getObject(java.lang.Object typeid, java.lang.String id, java.util.Map options)
          Get a read-only copy of an object.
 java.lang.String getObjectGroupHandle(ObjectRef oref)
          Assumed input is an object ref to an ObjectGroup.
 PersistentObject getObjectIfExists(java.lang.Object typeid, java.lang.String id)
          Retrieve an object from the repository if it exists.
 PersistentObject getObjectIfExists(java.lang.Object typeid, java.lang.String id, java.util.Map options)
          Get a read-only object copy of an object, but do not throw an exception if it does not exist.
 java.lang.String[] getObjectNamesInObjectGroup(java.lang.String objectGroupName, Type type, Session.Scope scope)
          Return a list of objects of the given type which are members of the given object group.
 QueryResult getObjects(java.lang.Object typeid, java.util.Map options)
          The older getObjects methods always used the session cache.
 java.util.ArrayList getObjects(Type type)
          Retrieves all of the objects of a certain type.
 java.util.ArrayList getObjects(Type type, AttributeCondition[] attrConds)
          Return a list of objects of the given type and whose attribute values match those specified in the list of atts.
 java.util.List getObjects(Type type, java.util.List conditions)
          New canonical 'getObjects' method.
 java.util.ArrayList getObjects(Type type, WSAttributes atts)
          Original one that takes WSAttributes.
 Policy[] getPolicyTypes()
          Returns an array of prototype instances for the currently available id & password validation policies.
 java.lang.String getResourceIdentity(java.lang.String subjectName, java.lang.String resId)
           
 GenericObject getResourceObject(java.lang.String resourceId, java.lang.String objectType, java.lang.String objectId, java.util.Map options)
          Returns the requested objectId of the requested objectType from the resource
 java.util.List getResourceObjects(java.lang.String objectType, java.lang.String resId, java.util.Map options)
          Returns a list of GenericObjects where each object contains a set of attributes including type, name, and id (fully qualified name - e.g.
 java.util.List getResourceObjects(java.lang.String objectType, java.lang.String resId, java.util.Map options, java.lang.String subjectName, boolean cacheList, long cacheTimeout, boolean clearCacheIfExists)
          Returns a list of GenericObjects where each object contains a set of attributes including type, name, and id (fully qualified name - e.g.
 java.util.List getResourceTypeNames()
          Return a list of resource types for which the authenticated subject has access to at least one resource of that type.
 Resource[] getResourceTypes()
          Returns an array of prototype instances for the currently available resources.
 java.lang.String getStatus()
          Return session status.
 Subject getSubject()
          Returns the subject that is authenticated for this session.
 GenericObject getSystemConfiguration()
          Obtain the system configuration object.
 TaskDefinition getTaskDefinition(java.lang.String name)
          Get a task definition by name.
 java.util.List getTaskDefinitions()
          Return all task definitions.
 RepositoryResult getTaskExtendedResult(java.lang.String taskId, java.util.Map options)
          Get all extended results for a task.
 RepositoryResult getTaskExtendedResult(java.lang.String taskId, java.util.Map options, int fromSequence, int toSequence)
          Get a subset of extended task results.
 RepositoryResult getTaskInstances(TaskState state, java.lang.String owner, java.lang.String definition)
          Get the tasks currently in the queue.
 ObjectGroup[] getTopControlledObjectGroups(Principal p)
           
 ObjectGroup[] getTopControlledObjectGroups(java.lang.String pname)
           
 ObjectGroup[] getTopControlledObjectGroups(Subject subject)
          Get Top Controlled Object Groups for a Subject
 java.lang.String getUser()
          Get the name of the administrator or end-user that has authenticated to this session.
static WSUser getUserByResourceAccount(com.waveset.repository.Repository repo, java.lang.String accountId, boolean supportsCaseInsensitiveAccountIds)
          Try to find user by resource accountId.
static WSUser getUserByResourceAccount(com.waveset.repository.Repository repo, java.lang.String accountId, Resource r, boolean supportsCaseInsensitiveAccountIds)
          Try to find user by accountId and resource.
static java.util.List getUsersWithResourceAccount(com.waveset.repository.Repository repo, java.lang.String accountId, boolean supportsCaseInsensitiveAccountIds)
           
static java.util.List getUsersWithResourceAccount(com.waveset.repository.Repository repo, java.lang.String accountId, Resource r, boolean supportsCaseInsensitiveAccountIds)
           
static java.util.List getUsersWithResourceAccount(com.waveset.repository.Repository repo, java.lang.String accountId, java.lang.String guid, Resource r, boolean supportsCaseInsensitiveAccountIds)
           
 GenericObject getView(java.lang.String id, java.util.Map options)
          Get a view.
 Form getViewForm(GenericObject view, java.lang.String formId, java.util.Map options)
          This is the original signature, the new ObjectSource signature doesn't have a formId argument since that was never used and can be accomplished with the "Form" option.
 WorkItem getWorkItem(java.lang.String id)
          Retrieves a single workflow work item.
 WorkItem[] getWorkItems()
          Retrieve the workflow work items assigned to the currently authenticated user.
 WorkItem[] getWorkItems(java.lang.String owner)
          Return the work items for a particular user.
 void importObjects(java.io.InputStream input, BulkMonitor monitor, boolean force)
          Import objects from a stream.
 void importObjects(java.lang.String file, BulkMonitor monitor, boolean force)
          Import a collection of objects defined in an import file.
 void importXml(java.lang.String xml, BulkMonitor monitor)
          Import a collection of objects defined in an XML string.
 PersistentObject.InitialInstance isInitialInstance(PersistentObject obj)
          Test to see if this is the id of an "initial instance", one that is created automatically by the repository and is not allowed to be modified.
 RepositoryResult listAdmins(AttributeCondition[] conds)
          Helper method that returns a filtered list of WSUser names that have one or more capabilities (are members of one or more AdminGroups) and control one or more Organizations (ObjectGroups)
 java.lang.String[] listApprovers()
          Deprecated. - Use getAdministrators with the following values in the map: "type", "approver"
 java.lang.String[] listControlledApprovers()
          Deprecated. - Use getAdministrators with the following values in the map: "scope", "current" "type", "approver"
 RepositoryResult listObjects()
          List every object in the known universe, except instances of suppressed (i.e., non-cached) types.
 QueryResult listObjects(java.lang.Object typeid, java.util.Map options)
          The new canonical interface for running object queries.
 RepositoryResult listObjects(Type type)
          Returns information about objects in the repository.
 RepositoryResult listObjects(Type type, AttributeCondition[] attrConds)
          Returns information about objects in the repository.
 RepositoryResult listObjects(Type type, AttributeCondition[] attrConds, Attribute[] orderBy)
          Lists all of the objects of a certain type currently stored in the repository that meet the specified set of attribute conditions.
 RepositoryResult listObjects(Type type, AttributeCondition[] attrConds, Attribute[] orderBy, int blockSize)
          Not exposed in the Session interface, until we know whether we want to support it forever.
 RepositoryResult listObjects(Type type, java.util.List conditions, java.util.List orderBy, boolean bufferResult)
          This was the "preferred" interface until we introduced LighthouseContext.
protected  RepositoryResult listObjects(Type type, java.util.List conditions, java.util.List orderBy, boolean bufferResult, int blockSize)
          Internal method all of the other listObjects methods returning RepositoryResult call.
 RepositoryResult listObjects(Type type, WSAttributes atts)
          Returns information about objects in the repository.
 java.util.ArrayList listResourceObjects(java.lang.String objectType, java.util.ArrayList resourceList, java.util.Map options, java.lang.String subjectName, boolean cacheList, long cacheTimeout, boolean clearCacheIfExists)
          This method returns a list of resource object names of the specified resource object type from the specified list of resources (resourceList of Ids or names).
 java.util.List listResourceObjects(java.lang.String objectType, java.util.List resourceList, java.util.Map options)
          Return a List of object names of a given type and a list of resources
 java.util.List listResourceObjects(java.lang.String objectType, java.lang.String resourceId, java.util.Map options)
          Return a List of object names of a given type on a resource.
 java.util.ArrayList listResourceObjects(java.lang.String objectType, java.lang.String resId, java.util.Map options, java.lang.String subjectName, boolean cacheList, long cacheTimeout, boolean clearCacheIfExists)
          This method returns a list of resource object names of the specified resource object type from the specified resourceId.
 java.lang.String[] listSimilarApprovers(java.lang.String adminName)
          Deprecated. - Use getAdministrators with the following values in the map: "similarTo", adminName "type", "approver"
 RepositoryResult listTaskExtendedResult(java.lang.String taskId, java.util.Map options)
          Get all extended results for a task.
 RepositoryResult listUsers(AttributeCondition[] conds)
          Helper method that returns a filtered list of WSUser names that have no capabilities (are not members of one or more AdminGroups) and control no Organizations (ObjectGroups)
 RepositoryResult listWorkItems(java.lang.String owner)
          Return a list of work items for a particular user.
 WavesetResult load(LoadConfig config, Monitor monitor)
          Perform a bulk load.
 PersistentObject loadObject(Type type, java.lang.String id, boolean tolerateMissing, boolean tolerateAuthzFailure, java.util.Map options)
          Load an object from the storage manager.
 java.util.ArrayList loadObjects(Type type, AttributeCondition[] attrConds)
          Load all objects of a given type.
 LockInfo lockObject(java.lang.Object typeid, java.lang.String id, java.util.Map options)
          Acquire a logical lock an object, without retrieving it.
 LockInfo lockObject(Type type, java.lang.String id)
          Lock an object.
 void log(AuditEvent event)
          Log an event fully specified with an AuditEvent object.
 void logFailure(PersistentObject obj, java.lang.String action, java.lang.String reason)
          Log a failure event for an object.
 void logFailure(java.lang.String objectName, java.lang.String objType, java.lang.String action, java.lang.String reason)
          Log a failure event with an object name and type mask.
 void login()
          Perform authentication of the subject (user or administrator) that was specified using the the LoginInfo object given to the Session constructor.
 void login(boolean tolerateExpiredPassword)
          This method should NOT be called by any method other than the change password view handler used when a user's waveset password expires
 boolean loginConfigContainsAppLoginModule(java.lang.String appName, java.lang.String loginModuleName)
          Checks to determine if login config for the specified appName contains the specified login module name or not.
 void logout()
          Remove authentication credentials from this session, and release resources held by the session.
 void logResultErrors(PersistentObject obj, java.lang.String action, WavesetResult result)
          Log any errors found within a WavesetResult.
 void logSuccess(PersistentObject obj, java.lang.String action)
          Log a success event for an object.
 void logSuccess(PersistentObject obj, java.lang.String action, java.util.Map oldValues, java.util.Map newValues)
          Log a success event for an object, include new and old values that will be stored in the blob of the audit table.
 void nextBlock(RepositoryResult result)
          Return information about objects in the repository.
 boolean obfuscateLoginErrors()
           
 void previousBlock(RepositoryResult result)
          Return information about objects in the repository.
 void println(java.lang.String msg)
           
 WavesetResult provision(WSUser userdef)
          DEPRECATED
 GenericObject refreshView(GenericObject view, java.util.Map options)
          Refresh a view.
 void rejectWorkItem(java.lang.String id)
          Rejects a workflow work item.
 void renameObject(java.lang.Object typeid, java.lang.String id, java.lang.String newName, java.util.Map options)
          Rename an object.
 void renameObject(Type type, java.lang.String id, java.lang.String newName)
          Rename an object.
 WavesetResult reProvision(ProvisioningOptions ops)
          New reprovision with full options.
 WavesetResult reProvision(java.lang.String userName, boolean getUserFromResources)
          Original reprovision with default options.
 WavesetResult reProvision(java.lang.String objectGroupName, Session.Scope scope, boolean getUserFromResources)
          ReProvision accounts for user's which are members of the specified object group
 WavesetResult reProvisionImmediate(ProvisioningOptions ops)
          New reprovision with full options.
 void resetOptions()
          Resets runtime options to their default state.
 java.lang.String resolveName(Type type, java.lang.String id)
          Given an ID, determine the name.
 void resourceAuthenticate(java.lang.String resId, java.util.HashMap loginProps)
          Authenticate's against a resource using the resource adapter's authenticate method.
 void resumeTask(java.lang.String taskId)
          Resume a task that is suspended or waiting.
 void runScheduler()
          Request that the scheduler run now.
 void runScheduler(long waitMillis)
          Request that the scheduler run now and wait for it to finish processing tasks.
 TaskInstance runTask(java.lang.String templateName, java.lang.String taskName, java.lang.String description, boolean templateSubject)
          Run a task defined by a persistent template.
 TaskInstance runTask(TaskDefinition def, java.util.Map variables, java.lang.String taskName, java.lang.String description, TaskDefinition.ExecMode execMode)
          Deprecated runTask signature.
 TaskInstance runTask(TaskTemplate template)
          Run a task defined by a template.
 void setCache(PersistentObject obj)
          Set the cache pointer of an object, but don't make the object appear in the cache.
 void setCurrentTime(java.util.Date d)
          Set what the system considers the current date and time to a fixed value.
 void setDeleteDestroyInterval(Type type, long deleteDestroyInterval)
          Sets the minimum interval in milliseconds after which a deleted object of the specified type will be destroyed.
 void setFailedPasswordLoginAttempts(int passwordAttempts)
           
 void setFailedQuestionLoginAttempts(int questionAttempts)
           
 void setLocale(java.util.Locale locale)
          Set the locale on the subject of this session.
 void setLoginExceptions(java.lang.String[] loginExceptions)
           
 void setLoginInfo(LoginInfo loginInfo)
           
 void setLoginInProgress(boolean loginInProgress)
           
 void setLoginModuleIndex(int loginModuleIndex)
           
 void setLoginPasswordExpired(boolean[] loginPasswordExpired)
           
 void setLoginResult(WavesetResult loginResult)
           
 void setLoginSucceeded(java.lang.String[] loginSucceeded)
           
 void setObfuscateLoginErrors(boolean obfuscateLoginErrors)
           
 void setOption(java.lang.String option, java.lang.String value)
          Sets a runtime session option.
 void setSchedulerCycleTime(TaskState state, int seconds)
          Sets the scheduler cycle time.
 void setSubject(Subject subject)
          Change the effective user for logical locking.
 void setSubjectOptions(java.util.Map map)
          Set the subject that has authenticated to this session.
 void setUser(java.lang.String name)
          Change the effective user for logical locking.
 void startScheduler()
          Test method to request that the task scheduler be started.
 void stopScheduler()
          Test method to request that the task scheduler be suspended.
 boolean subjectControlsObjectGroup(java.util.List objectgroups)
          This method will return true if the current subject controls any one of the organizations in the list; otherwise, returns false.
 boolean subjectHasRight(java.lang.String typeName, Right right)
          This method will return true if the subject has the specified right to the specified type.
 boolean subjectHasRight(Type type, Right right)
          This method will return true if the subject has the specified right to the specified type.
 boolean subjectHasRightToAnyAuthTypeSubType(java.lang.String type, Right right)
          This method will return true if the subject has the specified right to the specified type or any of its authtype subtypes.
 boolean subjectIsAssignedAdminGroups(java.util.List admingroups)
          This method will return true if the current subject has the specified capabilities; otherwise, returns false.
 void suspendTask(java.lang.String taskId)
          Suspend a task.
 void terminateTask(java.lang.String taskId)
          Terminate a task.
 boolean testPermission(PersistentObject obj, Right right)
          Test permissions without throwing an exception.
 boolean testPermission(Type type, java.lang.String id, Right right)
          Test permissions without throwing an exception.
 void unlockObject(java.lang.Object typeid, java.lang.String id, java.util.Map options)
          Unlock a previously locked object.
 void unlockObject(Type type, java.lang.String id)
          Unlock an object.
 void unlockView(GenericObject view, java.util.Map options)
          Unlock a view.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

code_id

public static final java.lang.String code_id
See Also:
Constant Field Values

trace

protected static Trace trace

DEFAULT_PROVISIONING_TASK

public static final java.lang.String DEFAULT_PROVISIONING_TASK
Temporary: the name of the default provisioning task, recognized by runTask. Necessary for some older unit tests, need to weed those out.

See Also:
Constant Field Values
Constructor Detail

LocalSession

public LocalSession()
             throws WavesetException

LocalSession

public LocalSession(LoginInfo loginInfo,
                    java.util.Locale locale)
             throws WavesetException

LocalSession

public LocalSession(LoginInfo loginInfo)
             throws WavesetException

LocalSession

public LocalSession(Subject subject,
                    java.lang.String appName,
                    java.lang.String appType)
             throws WavesetException
Build a session for a predetermined subject.

Applications should use this constructor to create a session subsequent to the initial authentication... will avoid having to challenge user for authentication information again after initial authentication.

If local session is successfully constructed, then user can begin invoking local session methods immeadiately; there is no need to invoke session.login again since the user has already authenticated once in the past.

First validate the Subject by checking that it has one or more Principals associated with it. jsl - temporarliy had to make this public to allow Provisioner to call this, need to sort this out...


LocalSession

public LocalSession(java.lang.String appName,
                    ObjectRef lmgRef,
                    java.lang.String appType,
                    java.lang.String loginMode)
             throws WavesetException

LocalSession

public LocalSession(java.lang.String appName,
                    java.lang.String appType,
                    java.lang.String loginMode)
             throws WavesetException
Build a session for use by logins in progress

Method Detail

getSystemConfiguration

public GenericObject getSystemConfiguration()
                                     throws WavesetException
Description copied from interface: ObjectSource
Obtain the system configuration object. It is read-only. // This could also be done with getObject, but that would require // we publish a constant object id, and assume everyone knows // what Type to use. Since this is becomming a common place to // store component options, a more direct interface is warranted, // similar to WavesetProperties.

Specified by:
getSystemConfiguration in interface ObjectSource
Throws:
WavesetException

getObject

public PersistentObject getObject(java.lang.Object typeid,
                                  java.lang.String id,
                                  java.util.Map options)
                           throws WSAuthorizationException,
                                  ItemNotFound,
                                  WavesetException
Description copied from interface: ObjectSource
Get a read-only copy of an object. Options may may be used to specify the OP_NO_CACHE or OP_SUBTYPES option.

Specified by:
getObject in interface ObjectSource
Throws:
WSAuthorizationException
ItemNotFound
WavesetException

getObject

public PersistentObject getObject(java.lang.Object typeid,
                                  java.lang.String id)
                           throws WSAuthorizationException,
                                  ItemNotFound,
                                  WavesetException
Description copied from interface: Session
Retrieve an object from the repository.

For most types, caching is employed, and the returned object will be stored in this session's cache. For others types, notably Type.USER, and Type.WORK_ITEM, the object will not be cached. In either case, the object is considered to be owned by the application, the server will not maintain any references to the object. It is possible to modify the object, but it should normally be considered read-only, since there will be no write lock held in the repository.

Specified by:
getObject in interface Session
Parameters:
typeid - the type of the object.
id - the object id or name.
Returns:
an object
Throws:
ItemNotFound - if the object did not exist in the repository.
WSAuthorizationException - if the user is not authorized to view this object.
WavesetException - if an internal server error was encountered.
See Also:
Session.checkoutObject(com.waveset.object.Type, java.lang.String)

getObjectIfExists

public PersistentObject getObjectIfExists(java.lang.Object typeid,
                                          java.lang.String id,
                                          java.util.Map options)
                                   throws WSAuthorizationException,
                                          WavesetException
Description copied from interface: ObjectSource
Get a read-only object copy of an object, but do not throw an exception if it does not exist. Options may may be used to specify the OP_NO_CACHE or OP_SUBTYPES option.

Specified by:
getObjectIfExists in interface ObjectSource
Throws:
WSAuthorizationException
WavesetException

getObjectIfExists

public PersistentObject getObjectIfExists(java.lang.Object typeid,
                                          java.lang.String id)
                                   throws WSAuthorizationException,
                                          ItemNotFound,
                                          WavesetException
Description copied from interface: Session
Retrieve an object from the repository if it exists.

This is similar to the getObject method, except that it will not throw an exception if the object does not exist.

This method is preferred over getObject if the application is prepared to handle non-existant objects. Use this rather and test for a null return value rather than catching the ItemNotFound exception.

Specified by:
getObjectIfExists in interface Session
Parameters:
typeid - the type of the object.
id - the object id or name.
Returns:
an object or null if the object did not exist
Throws:
WavesetException - if an internal server error was encountered.
WSAuthorizationException - if the user is not authorized to view this object.
ItemNotFound
See Also:
Session.getObject(java.lang.Object, java.lang.String)

lockObject

public LockInfo lockObject(java.lang.Object typeid,
                           java.lang.String id,
                           java.util.Map options)
                    throws ItemNotFound,
                           LockedByAnother,
                           WavesetException
Description copied from interface: ObjectSource
Acquire a logical lock an object, without retrieving it.

The OP_USER option may be used to specify the name of the user considered to be acquiring the lock.

Specified by:
lockObject in interface ObjectSource
Throws:
ItemNotFound
LockedByAnother
WavesetException

unlockObject

public void unlockObject(java.lang.Object typeid,
                         java.lang.String id,
                         java.util.Map options)
                  throws ItemNotFound,
                         ItemNotLocked,
                         LockedByAnother,
                         WavesetException
Description copied from interface: ObjectSource
Unlock a previously locked object. The object must already be locked by the current user.

The OP_USER option may be used to specify the name of the user considered to be releasing the lock.

Specified by:
unlockObject in interface ObjectSource
Throws:
ItemNotFound
ItemNotLocked
LockedByAnother
WavesetException

getLock

public LockInfo getLock(java.lang.Object typeid,
                        java.lang.String id)
                 throws ItemNotFound,
                        WavesetException
Description copied from interface: ObjectSource
Obtain current lock status.

Specified by:
getLock in interface ObjectSource
Throws:
ItemNotFound
WavesetException

breakLock

public boolean breakLock(java.lang.Object typeid,
                         java.lang.String id,
                         java.util.Map options)
                  throws ItemNotFound,
                         WavesetException
Description copied from interface: ObjectSource
Break a lock held on an object.

There is no guarentee a lock will be broken, you normally must have authority over the user that is currently holding the lock.

The OP_USER option may be used to specify the name of the user considered to be breaking the lock.

Specified by:
breakLock in interface ObjectSource
Throws:
ItemNotFound
WavesetException

checkoutObject

public PersistentObject checkoutObject(java.lang.Object typeid,
                                       java.lang.String id,
                                       java.util.Map options)
                                throws ItemNotFound,
                                       LockedByAnother,
                                       WavesetException
Description copied from interface: ObjectSource
Checkout a persistent object for editing. This typically reads the object from the persistent store, acquires a logical lock, and adds the object to a cache.

It is usually more efficient to call checkoutObject rather than make individual calls to lockObject and getObject

The OP_USER option may be used to specify the name of the user considered to be checking out the object.

The OP_ALLOW_NOT_FOUND option may be passed to return null if cannot find the specified object. Otherwise, this method throws ItemNotFound.

Specified by:
checkoutObject in interface ObjectSource
Throws:
ItemNotFound
LockedByAnother
WavesetException

checkinObject

public WavesetResult checkinObject(PersistentObject obj,
                                   java.util.Map options)
                            throws ItemNotFound,
                                   ItemNotLocked,
                                   LockedByAnother,
                                   WavesetException
Description copied from interface: ObjectSource
Store changes to an object and release the logical lock. If the object did not exist it will be created. If the object does exist, the persistent store may require that a lock be held.

The OP_USER option may be used to specify the name of the user considered to be checkin in the object.

The OP_FORCE option may be passed to inhibit any constraint checking that would ordinarilly be done prior to storage. This is normally off, but since constraint checking can be expensive, there may be performance reasons for turning it on if you can ensure that the object is correct.

The OP_KEEP_LOCK option may be passed to preserve the caller's logical lock on the specified object. Otherwise, this method releases any lock after updating the object.

Specified by:
checkinObject in interface ObjectSource
Throws:
ItemNotFound
ItemNotLocked
LockedByAnother
WavesetException

deleteObject

public void deleteObject(java.lang.Object typeid,
                         java.lang.String id,
                         java.util.Map options)
                  throws ItemNotFound,
                         LockedByAnother,
                         WavesetException
Description copied from interface: ObjectSource
Delete an object.

The OP_FORCE option may be passed to inhibit any constraint checking that would ordinarilly be done. This may be used to delete a WSUser object that has provisioned resource accounts, normally a WSUser cannot be deleted until it has been fully deprovisioned.

Specified by:
deleteObject in interface ObjectSource
Throws:
ItemNotFound
LockedByAnother
WavesetException

deleteObjects

public void deleteObjects(java.lang.Object typeid,
                          java.util.Map options)
                   throws LockedByAnother,
                          WavesetException
Description copied from interface: ObjectSource
Delete all objects matching certain conditions. Used only by Scheduler, options map has the same structure as that for the listObjects and getObjects methods, and is typically passed as a QueryOptions object.

Specified by:
deleteObjects in interface ObjectSource
Throws:
LockedByAnother
WavesetException

renameObject

public void renameObject(java.lang.Object typeid,
                         java.lang.String id,
                         java.lang.String newName,
                         java.util.Map options)
                  throws ItemNotFound,
                         LockedByAnother,
                         AlreadyExists,
                         WavesetException
Description copied from interface: ObjectSource
Rename an object.

The object must unlocked, or locked by the current user. It will be implicitly locked to perform the rename.

The OP_USER option may be used to specify the name of the user considered to be renaming the object.

Specified by:
renameObject in interface ObjectSource
Throws:
ItemNotFound
LockedByAnother
AlreadyExists
WavesetException

listObjects

public QueryResult listObjects(java.lang.Object typeid,
                               java.util.Map options)
                        throws WavesetException
The new canonical interface for running object queries. The Session API has historically supported a bunch of other signatures these will all now end up here.

Specified by:
listObjects in interface ObjectSource
Throws:
WavesetException

getObjects

public QueryResult getObjects(java.lang.Object typeid,
                              java.util.Map options)
                       throws WavesetException
The older getObjects methods always used the session cache. InternalSession always hits the repository. Since the results have to be auth fitered, use the cache here too. We support OP_CONDITIONS but none of the others.

Specified by:
getObjects in interface ObjectSource
Throws:
WavesetException

createView

public GenericObject createView(java.lang.String id,
                                java.util.Map options)
                         throws WavesetException
Description copied from interface: ObjectSource
Create a view.

Specified by:
createView in interface ObjectSource
Throws:
WavesetException

getView

public GenericObject getView(java.lang.String id,
                             java.util.Map options)
                      throws WavesetException
Description copied from interface: ObjectSource
Get a view.

Specified by:
getView in interface ObjectSource
Throws:
WavesetException

getForm

public Form getForm(GenericObject view,
                    java.util.Map options)
             throws WavesetException
Description copied from interface: ObjectSource
Get the form to be used with a view.

Specified by:
getForm in interface ObjectSource
Throws:
WavesetException

getViewForm

public Form getViewForm(GenericObject view,
                        java.lang.String formId,
                        java.util.Map options)
                 throws WavesetException
This is the original signature, the new ObjectSource signature doesn't have a formId argument since that was never used and can be accomplished with the "Form" option.

Specified by:
getViewForm in interface Session
Throws:
WavesetException

checkoutView

public GenericObject checkoutView(java.lang.String id,
                                  java.util.Map options)
                           throws WavesetException
Description copied from interface: ObjectSource
Checkout a view.

Specified by:
checkoutView in interface ObjectSource
Throws:
WavesetException

checkinView

public WavesetResult checkinView(GenericObject view,
                                 java.util.Map options)
                          throws WavesetException
Description copied from interface: ObjectSource
Checkin a view.

Specified by:
checkinView in interface ObjectSource
Throws:
WavesetException

commitView

public WavesetResult commitView(GenericObject view,
                                java.util.Map options)
                         throws WavesetException
Description copied from interface: ObjectSource
Commit a view.

Specified by:
commitView in interface ObjectSource
Throws:
WavesetException

unlockView

public void unlockView(GenericObject view,
                       java.util.Map options)
                throws WavesetException
Description copied from interface: ObjectSource
Unlock a view.

Specified by:
unlockView in interface ObjectSource
Throws:
WavesetException

refreshView

public GenericObject refreshView(GenericObject view,
                                 java.util.Map options)
                          throws WavesetException
Description copied from interface: ObjectSource
Refresh a view.

Specified by:
refreshView in interface ObjectSource
Throws:
WavesetException

deleteView

public WavesetResult deleteView(java.lang.String id,
                                java.util.Map options)
                         throws WavesetException
Description copied from interface: ObjectSource
Delete the repository objects that are associated with the view id. This usually doesn't do much more than the deleteObject method, but some objects need to perform special processing when they are deleted, such as launching a workflow. Since workflows are hooked into the create, modify, and update operations through the view handlers, it makes sense to encapsulate delete behavior here too, even though there isn't a view object being exchanged.

Specified by:
deleteView in interface ObjectSource
Throws:
WavesetException

getAuthenticatedContext

public LighthouseContext getAuthenticatedContext(java.lang.String user)
                                          throws WavesetException
Description copied from interface: LighthouseContext
Derive a LighthouseContext from this one, that is configured to perform operations on behalf of the named user. An authenticated context does not need to pass the OP_USER option to methods such as checkinObject.

Specified by:
getAuthenticatedContext in interface LighthouseContext
Throws:
WavesetException

getAuthenticatedContext

public LighthouseContext getAuthenticatedContext(Subject subject)
                                          throws WavesetException
Description copied from interface: LighthouseContext
Derive a LighthouseContext from this one, that is configured to perform operations on behalf of a user specified with a Subject.

Specified by:
getAuthenticatedContext in interface LighthouseContext
Throws:
WavesetException

getAuthenticatedContext

public LighthouseContext getAuthenticatedContext(WSUser user)
                                          throws WavesetException
Description copied from interface: LighthouseContext
Derive a LighthouseContext from this one, that is configured to perform operations on behalf of a user specified with a WSUser

Specified by:
getAuthenticatedContext in interface LighthouseContext
Throws:
WavesetException

getAuthenticatedContext

public LighthouseContext getAuthenticatedContext(IDMXUser user)
                                          throws WavesetException
Description copied from interface: LighthouseContext
Derive a LighthouseContext from this one, that is configured to perform operations on behalf of a user specified with an IDMXUser

Specified by:
getAuthenticatedContext in interface LighthouseContext
Throws:
WavesetException

setUser

public void setUser(java.lang.String name)
             throws WavesetException
Description copied from interface: LighthouseContext
Change the effective user for logical locking. This should only be called if you know this is a private context that won't be shared by another thread. Here the user is specified by name.

Specified by:
setUser in interface LighthouseContext
Throws:
WavesetException

setSubject

public void setSubject(Subject subject)
                throws WavesetException
Description copied from interface: LighthouseContext
Change the effective user for logical locking. This should only be called if you know this is a private context that won't be shared by another thread. Here the user is specified by Subject.

Specified by:
setSubject in interface LighthouseContext
Throws:
WavesetException

getUser

public java.lang.String getUser()
Description copied from interface: Session
Get the name of the administrator or end-user that has authenticated to this session.

This can be used as an alternative to getSubject if all you need is the name.

Specified by:
getUser in interface Session
See Also:
Session.getSubject()

getSubject

public Subject getSubject()
Description copied from interface: Session
Returns the subject that is authenticated for this session.

This will be either an Administrator or a WSUser object. Applications will have to use the Java operator instanceof to perform the appropriate downcast.

If the goal is to obtain the name of the administrator or end-user that has authenticated to this session, you may use the convenience method getUser instead.

Specified by:
getSubject in interface Session
See Also:
Session.getUser(), Subject, WSUser, Administrator

getComponent

public java.lang.Object getComponent(java.lang.String name)
No internal component access is allowed here.

Specified by:
getComponent in interface LighthouseContext

extendedOperation

public java.lang.Object extendedOperation(java.lang.String op,
                                          java.util.Map arguments)
                                   throws WavesetException
No extended operations allowed at this time, but may need some.

Specified by:
extendedOperation in interface LighthouseContext
Throws:
WavesetException

checkPermission

public void checkPermission(PersistentObject obj,
                            Right right)
                     throws WSAuthorizationException,
                            WavesetException
Description copied from interface: LighthouseContext
Check permissions for the curent subject against the given object and right.

Specified by:
checkPermission in interface LighthouseContext
Throws:
WSAuthorizationException
WavesetException

checkPermission

public void checkPermission(Type type,
                            Right right)
                     throws WSAuthorizationException,
                            WavesetException
Description copied from interface: LighthouseContext
Check permissions for the current subject, against the given type and right.

Specified by:
checkPermission in interface LighthouseContext
Throws:
WSAuthorizationException
WavesetException

checkPermissionToAnyAuthTypeSubType

public void checkPermissionToAnyAuthTypeSubType(Type type,
                                                Right right)
                                         throws WSAuthorizationException,
                                                WavesetException
Check permissions for the given subject, against the given type or any of its authtype subtypes and right.

Specified by:
checkPermissionToAnyAuthTypeSubType in interface LighthouseContext
Throws:
WSAuthorizationException
WavesetException

testPermission

public boolean testPermission(PersistentObject obj,
                              Right right)
                       throws WSAuthorizationException,
                              WavesetException
Description copied from interface: LighthouseContext
Test permissions without throwing an exception.

Specified by:
testPermission in interface LighthouseContext
Throws:
WSAuthorizationException
WavesetException

testPermission

public boolean testPermission(Type type,
                              java.lang.String id,
                              Right right)
                       throws WSAuthorizationException,
                              WavesetException
Description copied from interface: LighthouseContext
Test permissions without throwing an exception.

Specified by:
testPermission in interface LighthouseContext
Throws:
WSAuthorizationException
WavesetException

checkReferencePermissions

public void checkReferencePermissions(PersistentObject obj)
                               throws WSAuthorizationException,
                                      WavesetException
Description copied from interface: LighthouseContext
Check connect/disconnect permissions to objects referenced by another object.

We might be able to assume this is done by checkinObject, but then we would want this disabled by default in most of the context implemetations.

Specified by:
checkReferencePermissions in interface LighthouseContext
Throws:
WSAuthorizationException
WavesetException

log

public void log(AuditEvent event)
         throws WavesetException
Description copied from interface: LighthouseContext
Log an event fully specified with an AuditEvent object.

Specified by:
log in interface LighthouseContext
Throws:
WavesetException

logFailure

public void logFailure(PersistentObject obj,
                       java.lang.String action,
                       java.lang.String reason)
                throws WavesetException
Description copied from interface: LighthouseContext
Log a failure event for an object.

Specified by:
logFailure in interface LighthouseContext
Throws:
WavesetException

logFailure

public void logFailure(java.lang.String objectName,
                       java.lang.String objType,
                       java.lang.String action,
                       java.lang.String reason)
                throws WavesetException
Description copied from interface: LighthouseContext
Log a failure event with an object name and type mask.

Specified by:
logFailure in interface LighthouseContext
Throws:
WavesetException

logSuccess

public void logSuccess(PersistentObject obj,
                       java.lang.String action)
                throws WavesetException
Description copied from interface: LighthouseContext
Log a success event for an object.

Specified by:
logSuccess in interface LighthouseContext
Throws:
WavesetException

logResultErrors

public void logResultErrors(PersistentObject obj,
                            java.lang.String action,
                            WavesetResult result)
                     throws WavesetException
Description copied from interface: LighthouseContext
Log any errors found within a WavesetResult.

Specified by:
logResultErrors in interface LighthouseContext
Throws:
WavesetException

logSuccess

public void logSuccess(PersistentObject obj,
                       java.lang.String action,
                       java.util.Map oldValues,
                       java.util.Map newValues)
                throws WavesetException
Description copied from interface: LighthouseContext
Log a success event for an object, include new and old values that will be stored in the blob of the audit table.

Specified by:
logSuccess in interface LighthouseContext
Throws:
WavesetException

listResourceObjects

public java.util.List listResourceObjects(java.lang.String objectType,
                                          java.util.List resourceList,
                                          java.util.Map options)
                                   throws WavesetException
Description copied from interface: LighthouseContext
Return a List of object names of a given type and a list of resources

Specified by:
listResourceObjects in interface LighthouseContext
Throws:
WavesetException

listResourceObjects

public java.util.List listResourceObjects(java.lang.String objectType,
                                          java.lang.String resourceId,
                                          java.util.Map options)
                                   throws WavesetException
Description copied from interface: LighthouseContext
Return a List of object names of a given type on a resource.

Specified by:
listResourceObjects in interface LighthouseContext
Throws:
WavesetException

callResourceMethod

public java.lang.Object callResourceMethod(java.lang.String resourceId,
                                           java.lang.String methodName,
                                           java.util.Map args)
                                    throws WavesetException
This method will invoke the specified method on the specified resource, passing the given Map of arguments into the method, if the current subject has view access to the specified resource. NOTE: This is restricted to only call resource methods which have take a single argument that is a Map. If the resource method takes more than one argument or the argument required by the resource method is not a Map this method cannot be used to call it.

Specified by:
callResourceMethod in interface LighthouseContext
Throws:
WavesetException

runTask

public TaskInstance runTask(TaskTemplate template)
                     throws WavesetException
Run a task defined by a template. Here the template is constructed above the session simply as a convenient container of task launch parameters. We ignore the Subject and Owner names if they are set.

Specified by:
runTask in interface Session
Throws:
WavesetException
See Also:
TaskTemplate

getLoginConfig

public LoginConfig getLoginConfig()
                           throws WavesetException
Specified by:
getLoginConfig in interface Session
Throws:
WavesetException

getLoginInfo

public LoginInfo getLoginInfo()
Return the login information associated with this Session. This call is primarily used when login is a sequence of challenge and responses

Specified by:
getLoginInfo in interface Session

setLoginInfo

public void setLoginInfo(LoginInfo loginInfo)
Specified by:
setLoginInfo in interface Session

setLoginInProgress

public void setLoginInProgress(boolean loginInProgress)
Specified by:
setLoginInProgress in interface Session

getLoginSucceeded

public java.lang.String[] getLoginSucceeded()
Specified by:
getLoginSucceeded in interface Session

setLoginSucceeded

public void setLoginSucceeded(java.lang.String[] loginSucceeded)
Specified by:
setLoginSucceeded in interface Session

getLoginExceptions

public java.lang.String[] getLoginExceptions()
Specified by:
getLoginExceptions in interface Session

setLoginExceptions

public void setLoginExceptions(java.lang.String[] loginExceptions)
Specified by:
setLoginExceptions in interface Session

obfuscateLoginErrors

public boolean obfuscateLoginErrors()
Specified by:
obfuscateLoginErrors in interface Session

setObfuscateLoginErrors

public void setObfuscateLoginErrors(boolean obfuscateLoginErrors)
Specified by:
setObfuscateLoginErrors in interface Session

getLoginPasswordExpired

public boolean[] getLoginPasswordExpired()
Specified by:
getLoginPasswordExpired in interface Session

setLoginPasswordExpired

public void setLoginPasswordExpired(boolean[] loginPasswordExpired)
Specified by:
setLoginPasswordExpired in interface Session

getLoginModuleIndex

public int getLoginModuleIndex()
Specified by:
getLoginModuleIndex in interface Session

setLoginModuleIndex

public void setLoginModuleIndex(int loginModuleIndex)
Specified by:
setLoginModuleIndex in interface Session

getFailedPasswordLoginAttempts

public int getFailedPasswordLoginAttempts()

setFailedPasswordLoginAttempts

public void setFailedPasswordLoginAttempts(int passwordAttempts)

getFailedQuestionLoginAttempts

public int getFailedQuestionLoginAttempts()

setFailedQuestionLoginAttempts

public void setFailedQuestionLoginAttempts(int questionAttempts)

login

public void login()
           throws WSLoginException,
                  WavesetException
Description copied from interface: Session
Perform authentication of the subject (user or administrator) that was specified using the the LoginInfo object given to the Session constructor.

When using the SessionFactory, the login call happens automatically, there is no need for the application to explicitly call login.

Specified by:
login in interface Session
Throws:
WSLoginException - The credentials specified in the LoginInfo were not correct.
WavesetException - if an internal error was encountered.
See Also:
SessionFactory

login

public void login(boolean tolerateExpiredPassword)
           throws WSLoginException,
                  WavesetException
Description copied from interface: Session
This method should NOT be called by any method other than the change password view handler used when a user's waveset password expires

Specified by:
login in interface Session
Throws:
WSLoginException
WavesetException

logout

public void logout()
            throws WavesetException
Description copied from interface: Session
Remove authentication credentials from this session, and release resources held by the session.

After a logout call, the session object may no longer be used. It is important that an application call logout() when they know that the user's session has completed. For web applications, the servlet or JSP may call SessionFactory.poolSession to keep the authenticated session alive for some period of time. But the application should also support the concept of an explicit logout, and call the logout method.

Specified by:
logout in interface Session
Throws:
WavesetException - if an internal error was encountered.
See Also:
SessionFactory

setSubjectOptions

public void setSubjectOptions(java.util.Map map)
Set the subject that has authenticated to this session.

Specified by:
setSubjectOptions in interface Session

clearSubject

public void clearSubject()
                  throws WavesetException
Clear out any current credentials / settings in this session's subject

Specified by:
clearSubject in interface Session
Throws:
WavesetException - if an internal error was encountered.

listUsers

public RepositoryResult listUsers(AttributeCondition[] conds)
                           throws WavesetException
Helper method that returns a filtered list of WSUser names that have no capabilities (are not members of one or more AdminGroups) and control no Organizations (ObjectGroups)

Specified by:
listUsers in interface Session
Throws:
WavesetException

getAdmins

public java.util.List getAdmins()
                         throws WavesetException
Helper method that returns a filtered list of WSUsers that have one or more capabilities (are members of one or more AdminGroups) and control one or more Organizations (ObjectGroups)

Specified by:
getAdmins in interface Session
Throws:
WavesetException

listAdmins

public RepositoryResult listAdmins(AttributeCondition[] conds)
                            throws WavesetException
Helper method that returns a filtered list of WSUser names that have one or more capabilities (are members of one or more AdminGroups) and control one or more Organizations (ObjectGroups)

Specified by:
listAdmins in interface Session
Throws:
WavesetException

loginConfigContainsAppLoginModule

public boolean loginConfigContainsAppLoginModule(java.lang.String appName,
                                                 java.lang.String loginModuleName)
                                          throws WavesetException
Checks to determine if login config for the specified appName contains the specified login module name or not.

Specified by:
loginConfigContainsAppLoginModule in interface Session
Throws:
WavesetException

getUsersWithResourceAccount

public static java.util.List getUsersWithResourceAccount(com.waveset.repository.Repository repo,
                                                         java.lang.String accountId,
                                                         boolean supportsCaseInsensitiveAccountIds)
                                                  throws WavesetException
Returns:
a list of users with the specified accountId (on any resource).
Throws:
WavesetException

getUsersWithResourceAccount

public static java.util.List getUsersWithResourceAccount(com.waveset.repository.Repository repo,
                                                         java.lang.String accountId,
                                                         Resource r,
                                                         boolean supportsCaseInsensitiveAccountIds)
                                                  throws WavesetException
Returns:
a list of users with the specified accountId on the specified resource.
Throws:
WavesetException

getUsersWithResourceAccount

public static java.util.List getUsersWithResourceAccount(com.waveset.repository.Repository repo,
                                                         java.lang.String accountId,
                                                         java.lang.String guid,
                                                         Resource r,
                                                         boolean supportsCaseInsensitiveAccountIds)
                                                  throws WavesetException
Returns:
a list of users with the specified accountId on the specified resource.
Throws:
WavesetException

getUserByResourceAccount

public static WSUser getUserByResourceAccount(com.waveset.repository.Repository repo,
                                              java.lang.String accountId,
                                              boolean supportsCaseInsensitiveAccountIds)
                                       throws WSFailedLoginException,
                                              WavesetException
Try to find user by resource accountId.

Throws:
WSFailedLoginException - if more than one user matches.
WavesetException

getUserByResourceAccount

public static WSUser getUserByResourceAccount(com.waveset.repository.Repository repo,
                                              java.lang.String accountId,
                                              Resource r,
                                              boolean supportsCaseInsensitiveAccountIds)
                                       throws WSFailedLoginException,
                                              WavesetException
Try to find user by accountId and resource.

Throws:
WSFailedLoginException - if more than one user matches.
WavesetException

getLoginResult

public WavesetResult getLoginResult()
Description copied from interface: Session
Returns the login result messages, if any.

Null if no messages. Otherwise contains message (e.g. Password will expire in 'n' day(s).

Specified by:
getLoginResult in interface Session

setLoginResult

public void setLoginResult(WavesetResult loginResult)
Specified by:
setLoginResult in interface Session

getAccessPolicy

public com.waveset.security.authz.AccessPolicy getAccessPolicy()
Return the access policy for this session.


getAuthCache

public com.waveset.server.SubjectAuthCache getAuthCache()

getEffectiveTypes

public Type[] getEffectiveTypes(Subject subject)
                         throws WavesetException
Specified by:
getEffectiveTypes in interface Session
Throws:
WavesetException

getEffectiveTypes

public Type[] getEffectiveTypes(Principal principal)
                         throws WavesetException
Specified by:
getEffectiveTypes in interface Session
Throws:
WavesetException

getEffectiveTypeRights

public Right[] getEffectiveTypeRights(Subject subject,
                                      Type type)
                               throws WavesetException
Specified by:
getEffectiveTypeRights in interface Session
Throws:
WavesetException

getEffectiveTypeRights

public Right[] getEffectiveTypeRights(Subject subject,
                                      java.lang.String typeName)
                               throws WavesetException
Specified by:
getEffectiveTypeRights in interface Session
Throws:
WavesetException

getEffectiveTypeRights

public Right[] getEffectiveTypeRights(Principal principal,
                                      Type type)
                               throws WavesetException
Specified by:
getEffectiveTypeRights in interface Session
Throws:
WavesetException

getEffectiveTypeRights

public Right[] getEffectiveTypeRights(Principal principal,
                                      java.lang.String typeName)
                               throws WavesetException
Specified by:
getEffectiveTypeRights in interface Session
Throws:
WavesetException

getEffectivePermission

public Permission getEffectivePermission(Subject s,
                                         PersistentObject o)
                                  throws WavesetException
Specified by:
getEffectivePermission in interface Session
Throws:
WavesetException

getEffectivePermission

public Permission getEffectivePermission(Principal p,
                                         PersistentObject o)
                                  throws WavesetException
Specified by:
getEffectivePermission in interface Session
Throws:
WavesetException

subjectHasRight

public boolean subjectHasRight(Type type,
                               Right right)
                        throws WavesetException
This method will return true if the subject has the specified right to the specified type. It does not imply that the subject has the specified right to all objects of the specified type, since a given object may or may not be in the subject's scope of control or if it is the subject may not have the specified right to the object in that scope. Therefore, this method is primarily used to determine if the subject has the specified right to at least one object of the specified type.

Specified by:
subjectHasRight in interface Session
Throws:
WavesetException

subjectHasRight

public boolean subjectHasRight(java.lang.String typeName,
                               Right right)
                        throws WavesetException
This method will return true if the subject has the specified right to the specified type. It does not imply that the subject has the specified right to all objects of the specified type, since a given object may or may not be in the subject's scope of control or if it is the subject may not have the specified right to the object in that scope. Therefore, this method is primarily used to determine if the subject has the specified right to at least one object of the specified type.

Specified by:
subjectHasRight in interface Session
Throws:
WavesetException

subjectHasRightToAnyAuthTypeSubType

public boolean subjectHasRightToAnyAuthTypeSubType(java.lang.String type,
                                                   Right right)
                                            throws WavesetException
This method will return true if the subject has the specified right to the specified type or any of its authtype subtypes. It does not imply that the subject has the specified right to all objects of the specified type or any of its authtype subtypes, since a given object may or may not be in the subject's scope of control or if it is the subject may not have the specified right to the object in that scope.

Therefore, this method is primarily used to determine if the subject has the specified right to at least one object of the specified type or any of its authtype subtypes. For example, this method is called by the UI to determine if the current subject should be able to view a given page or not. If the subject has the specified right to the specified type or one of the type's authtype subtypes, then they can view the page.

Specified by:
subjectHasRightToAnyAuthTypeSubType in interface Session
Throws:
WavesetException

subjectIsAssignedAdminGroups

public boolean subjectIsAssignedAdminGroups(java.util.List admingroups)
                                     throws WavesetException
This method will return true if the current subject has the specified capabilities; otherwise, returns false. The supported list of capabilities include those returned by listing all objects of type AdminGroup (e.g. "Account Administrator")

Specified by:
subjectIsAssignedAdminGroups in interface Session
Throws:
WavesetException

subjectControlsObjectGroup

public boolean subjectControlsObjectGroup(java.util.List objectgroups)
                                   throws WavesetException
This method will return true if the current subject controls any one of the organizations in the list; otherwise, returns false. The supported list of organizations include those returned by listing all objects of type ObjectGroup

Specified by:
subjectControlsObjectGroup in interface Session
Throws:
WavesetException

controlsTop

public boolean controlsTop()
Returns:
true if this session's subject controls the entire "tree" of Lighthouse organizations; otherwise false.

controlsTop

public boolean controlsTop(Subject subject)
Returns:
true if the specified subject controls the entire "tree" of Lighthouse organizations; otherwise false.

getTopControlledObjectGroups

public ObjectGroup[] getTopControlledObjectGroups(Principal p)
                                           throws WavesetException
Specified by:
getTopControlledObjectGroups in interface Session
Throws:
WavesetException

getTopControlledObjectGroups

public ObjectGroup[] getTopControlledObjectGroups(java.lang.String pname)
                                           throws WavesetException
Specified by:
getTopControlledObjectGroups in interface Session
Throws:
WavesetException

getTopControlledObjectGroups

public ObjectGroup[] getTopControlledObjectGroups(Subject subject)
                                           throws WavesetException
Description copied from interface: LighthouseContext
Get Top Controlled Object Groups for a Subject

Returns the set of 0 or more object groups controlled by the specified principal, each of which has no object group parent that is also controlled by the principal.

Specified by:
getTopControlledObjectGroups in interface Session
Throws:
WavesetException

resolveName

public java.lang.String resolveName(Type type,
                                    java.lang.String id)
                             throws WSAuthorizationException,
                                    ItemNotFound,
                                    WavesetException
Given an ID, determine the name. This will be called in loops, so it must be very fast. Do not log this.

Specified by:
resolveName in interface Session
Parameters:
type - the type of the object.
id - the object.
Throws:
ItemNotFound - if the object does not exist in the repository.
WSAuthorizationException - if the user is not authorized to view the object's name.
WavesetException - if an internal server error was encountered.

lockObject

public LockInfo lockObject(Type type,
                           java.lang.String id)
                    throws WSAuthorizationException,
                           ItemNotFound,
                           LockedByAnother,
                           WavesetException
Lock an object.

This will have the side effect of removing the object from both the session cache, since we're normally going to turn around and get the object, and expect it to be up to date. We also remove it from the server cache, for the same reason.

Specified by:
lockObject in interface Session
Parameters:
type - the type of the object.
id - the object id or name.
Returns:
a LockInfo object containing information about the lock.
Throws:
LockedByAnother - if the object is already locked by someone else.
WavesetException - if an internal server error was encountered.
WSAuthorizationException - if the user is not authorized to view this object.
ItemNotFound
See Also:
Session.checkoutObject(com.waveset.object.Type, java.lang.String), Session.getObject(java.lang.Object, java.lang.String), Session.unlockObject(com.waveset.object.Type, java.lang.String), LockInfo

getLockInfo

public LockInfo getLockInfo(Type type,
                            java.lang.String id)
                     throws WSAuthorizationException,
                            ItemNotFound,
                            WavesetException
Return information about a lock held on this object if any.

Specified by:
getLockInfo in interface Session
Parameters:
type - the type of the object.
id - the object id or name.
Returns:
a LockInfo object containing information about the lock or null if there is no lock.
Throws:
ItemNotFound - if the object does not exist in the repository.
WavesetException - if an internal server error was encountered.
WSAuthorizationException - if the user is not authorized to view this object.
See Also:
Session.lockObject(com.waveset.object.Type, java.lang.String), Session.unlockObject(com.waveset.object.Type, java.lang.String), Session.checkoutObject(com.waveset.object.Type, java.lang.String), LockInfo

breakLock

public void breakLock(Type type,
                      java.lang.String id)
               throws WSAuthorizationException,
                      ItemNotFound,
                      WavesetException
Break a lock held on an object.

!! Should have a new log type for this.

Specified by:
breakLock in interface Session
Parameters:
type - the type of the object.
id - the object id or name.
Throws:
WavesetException - if an internal server error was encountered.
WSAuthorizationException - if the user is not authorized to modify this object.
ItemNotFound - if the object does not exist in the repository.

createObject

public void createObject(PersistentObject obj)
                  throws WSAuthorizationException,
                         AlreadyExists,
                         WavesetException
Description copied from interface: Session
Creates a new object in the repository.

Objects are created by first instantiating a subclass of PersistentObject, then calling appropriate accessor methods to specify the object's attributes, and finally calling the createObject method to store the object in the repository.

The new object must be given a name that is unique within the repository. If an object with this name already exist, an exception is thrown.

Other type specific validation may also be performed before the object is stored in the repository. If any of these validation tests fail, a ValidationFailed exception will be thrown describing the nature of the failure.

After the method returns, the supplied object will be in the session's cache, but the server will not retain any references to this object.

Specified by:
createObject in interface Session
Throws:
WSAuthorizationException - if the user is not authorized to create objects of this type.
WavesetException - if an internal server error was encountered.
AlreadyExists - if the object with this name already exists in the repository.

checkoutObject

public PersistentObject checkoutObject(Type type,
                                       java.lang.String id)
                                throws WSAuthorizationException,
                                       ItemNotFound,
                                       LockedByAnother,
                                       WavesetException
Standard checkout interface that handles authorization.

Specified by:
checkoutObject in interface Session
Parameters:
type - the type of the object.
id - the object id or name.
Returns:
a PersistentObject instance representing the contents of the requested object.
Throws:
WavesetException - if an internal server error was encountered.
ItemNotFound - if the object does not exist in the repository.
LockedByAnother - if the object is already locked by someone else.
WSAuthorizationException - if the user is not authorized to modify this object.
See Also:
Session.checkinObject(com.waveset.object.PersistentObject), Session.unlockObject(com.waveset.object.Type, java.lang.String)

checkoutObject

public PersistentObject checkoutObject(Type type,
                                       java.lang.String id,
                                       java.util.Map options)
                                throws WSAuthorizationException,
                                       ItemNotFound,
                                       LockedByAnother,
                                       WavesetException
Standard checkout interface that handles authorization.

Throws:
WSAuthorizationException
ItemNotFound
LockedByAnother
WavesetException

checkinObject

public WavesetResult checkinObject(PersistentObject obj)
                            throws WSAuthorizationException,
                                   ItemNotFound,
                                   ItemNotLocked,
                                   LockedByAnother,
                                   WavesetException
Checkin changes to an object.

Specified by:
checkinObject in interface Session
Returns:
a WavesetResult containing additional information about the processing of the object.
Throws:
WSAuthorizationException - if the user is not authorized to modify this object.
WavesetException - if an internal server error was encountered.
ItemNotLocked - if the object is not locked.
ItemNotFound - if the object does not exist in the repository.
LockedByAnother
See Also:
Session.checkoutObject(com.waveset.object.Type, java.lang.String), Session.unlockObject(com.waveset.object.Type, java.lang.String)

checkinObject

protected WavesetResult checkinObject(PersistentObject obj,
                                      boolean keepLock)
                               throws WSAuthorizationException,
                                      ItemNotFound,
                                      ItemNotLocked,
                                      LockedByAnother,
                                      WavesetException
Checkin changes to an object.

Throws:
WSAuthorizationException
ItemNotFound
ItemNotLocked
LockedByAnother
WavesetException

unlockObject

public void unlockObject(Type type,
                         java.lang.String id)
                  throws WSAuthorizationException,
                         ItemNotFound,
                         ItemNotLocked,
                         LockedByAnother,
                         WavesetException
Unlock an object.

Specified by:
unlockObject in interface Session
Parameters:
type - the type of the object.
id - the object id or name.
Throws:
ItemNotLocked - if the object is not locked.
WavesetException - if an internal server error was encountered.
WSAuthorizationException - if the user is not authorized to modify this object.
ItemNotFound - if the object does not exist in the repository.
LockedByAnother - if the object is locked by someone else.
See Also:
Session.lockObject(com.waveset.object.Type, java.lang.String), Session.checkoutObject(com.waveset.object.Type, java.lang.String)

deleteObject

public void deleteObject(Type type,
                         java.lang.String id)
                  throws WSAuthorizationException,
                         ItemNotFound,
                         LockedByAnother,
                         WavesetException
Delete an object from the repository, and remove it from any caches.

Specified by:
deleteObject in interface Session
Parameters:
type - the type of the object.
id - the object id or name.
Throws:
WavesetException - if an internal server error was encountered.
LockedByAnother - if the object is locked by someone else.
ItemNotFound - if the object does not exist in the repository.
WSAuthorizationException - if the user is not authorized to delete this object.

deleteObject

public void deleteObject(Type type,
                         java.lang.String id,
                         boolean force)
                  throws WSAuthorizationException,
                         ItemNotFound,
                         LockedByAnother,
                         WavesetException
Delete an object from the repository, and remove it from any caches.

Specified by:
deleteObject in interface Session
Throws:
WSAuthorizationException
ItemNotFound
LockedByAnother
WavesetException

deleteObjects

public void deleteObjects(Type type,
                          java.lang.String objectGroupName,
                          Session.Scope scope)
                   throws PolicyViolation,
                          WavesetException
Delete objects of the specified type which are members of the specified object group

Objects which are members of the specified object group will be deleted. The set of objects is determined by the scope argument, where scope can be Scope.IMMEDIATE or Scope.ALL.

Scope.IMMEDIATE means to only delete objects which are immeadiate or direct members of the specified object group.

Scope.ALL means to delete objects which are members of the specified object group as well as member objects of object groups contained within the specified object group.

Specified by:
deleteObjects in interface Session
Throws:
PolicyViolation
WavesetException

deleteObjects

public void deleteObjects(Type type,
                          java.lang.String objectGroupName,
                          Session.Scope scope,
                          boolean force)
                   throws PolicyViolation,
                          WavesetException
Specified by:
deleteObjects in interface Session
Throws:
PolicyViolation
WavesetException

getDeleteDestroyInterval

public long getDeleteDestroyInterval(Type type)
                              throws WavesetException
Gets the minimum interval in milliseconds after which a deleted object of the specified time will be destroyed.

NOTE: Currently, only objects of Type.USER are not destroyed immediately.

Specified by:
getDeleteDestroyInterval in interface Session
Throws:
WavesetException

setDeleteDestroyInterval

public void setDeleteDestroyInterval(Type type,
                                     long deleteDestroyInterval)
                              throws WavesetException
Sets the minimum interval in milliseconds after which a deleted object of the specified type will be destroyed.

NOTE: Currently, only objects of Type.USER are not destroyed immediately.

Specified by:
setDeleteDestroyInterval in interface Session
Throws:
WavesetException

renameObject

public void renameObject(Type type,
                         java.lang.String id,
                         java.lang.String newName)
                  throws WSAuthorizationException,
                         ItemNotFound,
                         LockedByAnother,
                         AlreadyExists,
                         WavesetException
Rename an object.

The object must unlocked, or locked by the current user. It will be implicitly locked to perform the rename. Some types may not allow rename, we should have a RenameNotAllowed exception.

Specified by:
renameObject in interface Session
Parameters:
type - the type of the object.
id - the object id or name.
newName - the new object name.
Throws:
WavesetException - if an internal server error was encountered.
LockedByAnother - if the object is locked by someone else.
ItemNotFound - if the object does not exist in the repository.
WSAuthorizationException - if the user is not authorized to modify this object.
AlreadyExists - if the new name has already been assigned to another object.

cacheObject

public void cacheObject(PersistentObject obj)
                 throws WavesetException
Add an object to the session cache.

Throws:
WavesetException

setCache

public void setCache(PersistentObject obj)
              throws WavesetException
Set the cache pointer of an object, but don't make the object appear in the cache.

Specified by:
setCache in interface Session
Throws:
WavesetException - if an internal error is encountered.

decacheObject

public void decacheObject(Type type,
                          java.lang.String id)
                   throws WavesetException
Remove an object from the session cache.

Call this if you had formerly cached the object manually using cacheObject and no longer want it to appear in the cache.

Throws:
WavesetException

getCache

public ObjectCache getCache()
Return the cache managed by this session.

Specified by:
getCache in interface Session

getAdministrators

public QueryResult getAdministrators(java.util.Map options)
                              throws WavesetException
Deprecated. - use com.waveset.view.WorkItemUtil.getAdministrators

A more general interface for listing administrators. The options argument is currently used to specify general options like ("type", "approver"). We need to come up with a way to model this as a normal LighthouseContext.getObjects call with either implicit filtering, or some post processing pass on the result that doesn't require access to _authCache and _accessPolicy. This can't be pushed into InternalSession until we decide whether it should have access to a SubjectAuthCache. Then we have a Principal and not a Subject, so there are no LighthouseContext interfaces for testing permissions on a Principal.

Specified by:
getAdministrators in interface Session
Parameters:
options - future use to specify query options.
Throws:
WavesetException
See Also:
UPDATE: This is now supported in the InternalSession implementation of the LighthouseContext interface. The option names are slighthly different though. This is the last remaining caller of WorkItemUtil.getAdministrators, need to migrate! - jsl

listSimilarApprovers

public java.lang.String[] listSimilarApprovers(java.lang.String adminName)
                                        throws WavesetException
Deprecated. - Use getAdministrators with the following values in the map: "similarTo", adminName "type", "approver"

Like listApprovers, below - this lists all administrators that control at least the object groups that the specified administrator controls. Any admin can be passed in, but it must be either the currently authenticated admin or one in a group that he controls. The names returned may not be accessible to the caller as they come from objects resolved out of the server cache.

Specified by:
listSimilarApprovers in interface Session
Throws:
WavesetException
See Also:
getAdministrators(Map)

listControlledApprovers

public java.lang.String[] listControlledApprovers()
                                           throws WavesetException
Deprecated. - Use getAdministrators with the following values in the map: "scope", "current" "type", "approver"

Like listApprovers, below - this lists all administrators in groups that the current administrator controls.

Specified by:
listControlledApprovers in interface Session
Throws:
WavesetException
See Also:
getAdministrators(Map)

listApprovers

public java.lang.String[] listApprovers()
                                 throws WavesetException
Deprecated. - Use getAdministrators with the following values in the map: "type", "approver"

Returns a list of Administrator names that have the necessary rights to be a Role, Resource, or ObjectGroup Approver

Specified by:
listApprovers in interface Session
Throws:
WavesetException
See Also:
getAdministrators(Map)

getAdminApprovalForwardRef

public java.lang.String getAdminApprovalForwardRef(java.lang.String adminName)
                                            throws WavesetException
Get your own approval reference, or one of an administrator that you control.

Specified by:
getAdminApprovalForwardRef in interface Session
Throws:
WavesetException

getAttributeArray

public Attribute[] getAttributeArray(java.util.List src)
                              throws WavesetException
Convert a List containing either Strings or Attribute objects into an array of Attribute objects.

Throws:
WavesetException

listObjects

public RepositoryResult listObjects(Type type,
                                    java.util.List conditions,
                                    java.util.List orderBy,
                                    boolean bufferResult)
                             throws WavesetException
This was the "preferred" interface until we introduced LighthouseContext.

Specified by:
listObjects in interface Session
Throws:
WavesetException - if there is an internal error.
See Also:
Session.listObjects(Type, WSAttributes), Session.getObjects(Type), Session.getObjects(Type, WSAttributes), RepositoryResult

listObjects

public RepositoryResult listObjects(Type type,
                                    AttributeCondition[] attrConds)
                             throws WavesetException
Description copied from interface: Session
Returns information about objects in the repository.

This is similar to listObjects(Type, List, List), but the AttributeCondition objects may be specified in an array rather than a list.

This is implemented by the listObjects(Type, List, List) method by converting the WSAttributes object into a list of AttributeCondition objects.

Specified by:
listObjects in interface Session
Throws:
WavesetException - if there is an internal error locating the objects.
See Also:
#listObjects(Type, List, List), Session.getObjects(Type, List), Session.getObjects(Type, WSAttributes), RepositoryResult

listObjects

public RepositoryResult listObjects(Type type,
                                    AttributeCondition[] attrConds,
                                    Attribute[] orderBy)
                             throws WavesetException
Description copied from interface: Session
Lists all of the objects of a certain type currently stored in the repository that meet the specified set of attribute conditions.

This is the sema as listObjects(Type, List, List) except that the AttributeCondition objects may be specified in an array, and the orderBy attributes may be specified as an array of Attribute objects.

Specified by:
listObjects in interface Session
Throws:
WavesetException - if there is an internal error
See Also:
#listObjects(Type, List, List)

listObjects

public RepositoryResult listObjects(Type type,
                                    AttributeCondition[] attrConds,
                                    Attribute[] orderBy,
                                    int blockSize)
                             throws WavesetException
Not exposed in the Session interface, until we know whether we want to support it forever. jsl - no we don't can we take it out?

Throws:
WavesetException

listObjects

public RepositoryResult listObjects(Type type)
                             throws WavesetException
Description copied from interface: Session
Returns information about objects in the repository.

If the type argument is specified, information for objects of that type is returned. If type is null, information for all listable objects in the repository is returned.

Specified by:
listObjects in interface Session
Throws:
WavesetException - if there is an internal error locating the policy objects.
See Also:
#listObjects(Type, List, List), Session.getObjects(Type), Session.getObjects(Type, List), RepositoryResult

listObjects

public RepositoryResult listObjects(Type type,
                                    WSAttributes atts)
                             throws WavesetException
Description copied from interface: Session
Returns information about objects in the repository.

This is similar to listObjects(Type), but the additonal WSAttributes argument can be used to filter the result so that it contains information for only those objects with matching attributes.

This is implemented by the listObjects(Type, List, List) method by converting the WSAttributes object into a list of AttributeCondition objects.

Specified by:
listObjects in interface Session
Throws:
WavesetException - if there is an internal error locating the objects.
See Also:
#listObjects(Type, List, List), Session.getObjects(Type, List), Session.getObjects(Type, WSAttributes), RepositoryResult

listObjects

protected RepositoryResult listObjects(Type type,
                                       java.util.List conditions,
                                       java.util.List orderBy,
                                       boolean bufferResult,
                                       int blockSize)
                                throws WavesetException
Internal method all of the other listObjects methods returning RepositoryResult call. We now forward up to the new cannonical listObjects method defined by the LighthouseContext interface. This will eventually call InternalSession to do the repository query, and will filter the result for authorization.

Throws:
WavesetException

listObjects

public RepositoryResult listObjects()
                             throws WavesetException
List every object in the known universe, except instances of suppressed (i.e., non-cached) types.

Throws:
WavesetException

countObjects

public int countObjects(RepositoryResult rr)
                 throws WavesetException
Intended for internal use by RepositoryResult. Public as an implementation side-effect. // * (Required by ObjectLoader interface.)

Specified by:
countObjects in interface ObjectLoader
Returns:
the estimated number of rows in the "virtual result" of the specified RepositoryResult. That is, the number of rows the result would contain if it were unbuffered.
Throws:
WavesetException - if an internal error was encountered.

nextBlock

public void nextBlock(RepositoryResult result)
               throws WavesetException
Return information about objects in the repository.

Specified by:
nextBlock in interface ObjectLoader
Throws:
WavesetException - if an internal error was encountered.

previousBlock

public void previousBlock(RepositoryResult result)
                   throws WavesetException
Return information about objects in the repository.

Specified by:
previousBlock in interface ObjectLoader
Throws:
WavesetException - if an internal error was encountered.

getObjectGroupHandle

public java.lang.String getObjectGroupHandle(ObjectRef oref)
                                      throws WavesetException
Assumed input is an object ref to an ObjectGroup.

Returns the handle (either org path or org displayname) for the object group ref.

Authorization checking is not done since the caller may not have access to all member object groups up to "Top" (e.g. delegated admins)

Specified by:
getObjectGroupHandle in interface Session
Throws:
WavesetException

getObjects

public java.util.List getObjects(Type type,
                                 java.util.List conditions)
                          throws WavesetException
New canonical 'getObjects' method.

Specified by:
getObjects in interface Session
Throws:
WavesetException - if there is an internal error
See Also:
#listObjects(Type, List, List)

getObjects

public java.util.ArrayList getObjects(Type type,
                                      WSAttributes atts)
                               throws WavesetException
Original one that takes WSAttributes.

Specified by:
getObjects in interface Session
Throws:
WavesetException - if there is an internal error
See Also:
#listObjects(Type, List), Session.getObjects(Type, List)

getObjects

public java.util.ArrayList getObjects(Type type)
                               throws WavesetException
Description copied from interface: Session
Retrieves all of the objects of a certain type.

This is the same as getObjects(Type, List) except there is no argument to specify attribute conditions.

Specified by:
getObjects in interface Session
Throws:
WavesetException - if there is an internal error
See Also:
Session.listObjects(Type), Session.getObjects(Type, List)

getObjectNamesInObjectGroup

public java.lang.String[] getObjectNamesInObjectGroup(java.lang.String objectGroupName,
                                                      Type type,
                                                      Session.Scope scope)
                                               throws WavesetException
Return a list of objects of the given type which are members of the given object group. This method enables a query filtered by object group on a specific object type.

The scope specifies how far down the object group hierarchy to search for object's of the specified type. Valid values are Scope.IMMEDIATE and Scope.ALL:

The common method for authorization checking is in the local session listObjects method.

Specified by:
getObjectNamesInObjectGroup in interface Session
Throws:
WavesetException

getObjects

public java.util.ArrayList getObjects(Type type,
                                      AttributeCondition[] attrConds)
                               throws WavesetException
Return a list of objects of the given type and whose attribute values match those specified in the list of atts. This method enables a filtered query on a specific object type.

This method could directly hit the repository via the _repo.get(type, atts) method, but then it would bypass authorization checking. If this proves to be a performance problem, we can always revert to calling the repository directly and putting explicit authorization checking in this method.

The common method for authorization checking is in the local session loadObject and loadObjects methods

If the type of objects being requested are Users and the attrConds include a request for members of a given ObjectGroup, and if the ObjectGroup has a userMemberRule specified, then we need to include any rule driven members in the list of objects returned

Specified by:
getObjects in interface Session
Throws:
WavesetException - if there is an internal error
See Also:
Session.getObjects(Type, List), Session.getObjects(Type, WSAttributes)

getPolicyTypes

public Policy[] getPolicyTypes()
                        throws WavesetException
Description copied from interface: Session
Returns an array of prototype instances for the currently available id & password validation policies.

The prototype instances are immutable objects created at runtime by their respective policy implementation classes. They are not stored in the repository and cannot be locked or checked in.

The prototype instances describe the "types" of policy objects that may be created. Fresh repositories typically contain no policy objects. To create a new policy object, an application selects one of the prototype instances, clones it, adjusts the name and attributes, then calls createObject.

Specified by:
getPolicyTypes in interface Session
Throws:
WavesetException - if there is an internal error locating the policy objects.

getResourceTypes

public Resource[] getResourceTypes()
                            throws WavesetException
Description copied from interface: Session
Returns an array of prototype instances for the currently available resources.

The prototype instances are immutable objects created at runtime by their respective ResourceAdapter classes. They are not stored in the repository and cannot be locked or checked in.

The prototype instances describe the "types" of resource objects that may be created. Fresh repositories typically contain no resource objects. To create a new resource object, an application selects one of the prototype instances, clones it, adjusts the name and attributes, then calls createObject.

Specified by:
getResourceTypes in interface Session
Throws:
WavesetException - if there is an internal error locating the policy objects.

getResourceTypeNames

public java.util.List getResourceTypeNames()
                                    throws WavesetException
Return a list of resource types for which the authenticated subject has access to at least one resource of that type. The type strings are the internal resource type names. Use ResourceManager.getTypeDisplayString() to get the display name for a given type.

Specified by:
getResourceTypeNames in interface Session
Throws:
WavesetException

importObjects

public void importObjects(java.lang.String file,
                          BulkMonitor monitor,
                          boolean force)
                   throws WavesetException
Import a collection of objects defined in an import file. The XML is expected to be a document, that contains one or more PersistentObject serializations.

The implementation has been broken out into the Importer class.

You must be "Configurator" to run this method. Since there is no particular object this applies to, we can't use the usual object-centric access check methods. It might be worth introducing a global "system" object at some point on which we could define permissions for things like this.

Specified by:
importObjects in interface Session
Parameters:
file - the name of the import file.
monitor - an optional object that will receive callbacks as the import progresses.
force - will force the update of objects even if they have not changed. This is useful when the summary, queryable, or attributes or "inline" attributes change
Throws:
WavesetException - if an internal server error was encountered.

importObjects

public void importObjects(java.io.InputStream input,
                          BulkMonitor monitor,
                          boolean force)
                   throws WavesetException
Import objects from a stream.

Specified by:
importObjects in interface Session
Parameters:
input - the input stream to import
monitor - an optional object that will receive callbacks as the import progresses.
force - will force the update of objects even if they have not changed. This is useful when the summary, queryable, or attributes or "inline" attributes change
Throws:
WavesetException - if an internal server error was encountered.

importXml

public void importXml(java.lang.String xml,
                      BulkMonitor monitor)
               throws WavesetException
Import a collection of objects defined in an XML string. The XML is expected to be a document, that contains one or more PersistentObject serializations.

We'll assume that with the string interface we can use the DOM parser.

Specified by:
importXml in interface Session
Parameters:
xml - the XML string to import.
Throws:
WavesetException - if an internal server error was encountered.

getInitialInstanceInfo

public java.util.HashMap getInitialInstanceInfo()
                                         throws InternalError
Build up a map of initial instance info for use when importing full exchange files. This is only done if an import or export is performed, we leave it hanging on the LocalSession in case we need it again.

Throws:
InternalError

isInitialInstance

public PersistentObject.InitialInstance isInitialInstance(PersistentObject obj)
                                                   throws WavesetException
Test to see if this is the id of an "initial instance", one that is created automatically by the repository and is not allowed to be modified.

Formerly we didn't include these in the export file, but now we do, provided they're modifiable.

We used to detect this using a naming convention on the ID, now we can use the _initialInstances map that gets created by getInitialInstanceInfo.

Throws:
WavesetException

exportObjects

public void exportObjects(Type[] types,
                          java.lang.String filename,
                          BulkMonitor monitor)
                   throws WavesetException
Exports the objects of the specified types to a file.

Specified by:
exportObjects in interface Session
Throws:
WavesetException - if an internal server error was encountered.

exportObjects

public void exportObjects(Type[] types,
                          java.io.OutputStream stream,
                          BulkMonitor monitor)
                   throws WavesetException
Exports the objects of the specified types to a stream.

Specified by:
exportObjects in interface Session
Throws:
WavesetException

exportObjects

public void exportObjects(Type[] types,
                          java.io.Writer wrt,
                          BulkMonitor monitor)
                   throws WavesetException
Exports the objects of the specified types to a writer.

Specified by:
exportObjects in interface Session
Throws:
WavesetException

exportObjects

public void exportObjects(java.lang.String typeSet,
                          java.lang.String filename,
                          BulkMonitor monitor)
                   throws WavesetException
Exports the objects whose types are within the specified type set.

We have hard wired support for a few common type sets, should make this extensible.

Specified by:
exportObjects in interface Session
Throws:
WavesetException - if an internal server error was encountered.

exportObjects

public void exportObjects(java.lang.String typeSet,
                          java.io.OutputStream stream,
                          BulkMonitor monitor)
                   throws WavesetException
Exports the objects whose types are within the specified type set.

We have hard wired support for a few common type sets, should make this extensible.

Specified by:
exportObjects in interface Session
Throws:
WavesetException

exportObjects

public void exportObjects(java.lang.String typeSet,
                          java.io.Writer wrt,
                          BulkMonitor monitor)
                   throws WavesetException
Exports the objects whose types are within the specified type set.

We have hard wired support for a few common type sets, should make this extensible.

Specified by:
exportObjects in interface Session
Throws:
WavesetException

getTaskDefinitions

public java.util.List getTaskDefinitions()
                                  throws WavesetException
Return all task definitions. This is more complicated than just calling getObjects since there are several subtypes to collate. Might want to generalize this so getObjects always does subtype iteration?

Defined in terms of the new getAllObjects cache method which will do the traversal.

Specified by:
getTaskDefinitions in interface Session
Throws:
WavesetException - if there is an internal error determine the list of definitions.

getTaskDefinition

public TaskDefinition getTaskDefinition(java.lang.String name)
                                 throws WavesetException
Get a task definition by name. This is a convenience method to ease the transition to task subtypes. Note that since each type has its own namespace, there could be name collisions. We'll return the first definition with this name we find. If we intend to support methods like this, they probably should return a list.

Specified by:
getTaskDefinition in interface Session
Throws:
WavesetException - if there is an internal error determine the list of definitions.

runTask

public TaskInstance runTask(TaskDefinition def,
                            java.util.Map variables,
                            java.lang.String taskName,
                            java.lang.String description,
                            TaskDefinition.ExecMode execMode)
                     throws WavesetException
Deprecated runTask signature. Construct a TaskTemplate and call the real method.

Specified by:
runTask in interface Session
Throws:
WavesetException
See Also:
TaskSchedule

runTask

public TaskInstance runTask(java.lang.String templateName,
                            java.lang.String taskName,
                            java.lang.String description,
                            boolean templateSubject)
                     throws WavesetException
Run a task defined by a persistent template. Here the authorization is performed on the template object, and if sucessful, we will use the Subject & Owner stored in the template.

Specified by:
runTask in interface Session
Throws:
WavesetException
See Also:
TaskTemplate

getTaskInstances

public RepositoryResult getTaskInstances(TaskState state,
                                         java.lang.String owner,
                                         java.lang.String definition)
                                  throws WavesetException
Get the tasks currently in the queue. Note that the stored owner attribute may have a prefix for non-administrator owners. You must already have included this prefix.

Specified by:
getTaskInstances in interface Session
Throws:
WavesetException - if there is an internal error determine the list of tasks.

suspendTask

public void suspendTask(java.lang.String taskId)
                 throws WavesetException
Suspend a task.

Specified by:
suspendTask in interface Session
Throws:
WavesetException

resumeTask

public void resumeTask(java.lang.String taskId)
                throws WavesetException
Resume a task that is suspended or waiting.

Specified by:
resumeTask in interface Session
Throws:
WavesetException

terminateTask

public void terminateTask(java.lang.String taskId)
                   throws WavesetException
Terminate a task.

Specified by:
terminateTask in interface Session
Throws:
WavesetException

deleteTask

public void deleteTask(java.lang.String taskId)
                throws WavesetException
Delete a finished task. NOTE: Now that we're not expecting to have more than one Type associated with TaskInstance objects, this should be removed and applications can call deleteObject instead.

Specified by:
deleteTask in interface Session
Throws:
WavesetException

listTaskExtendedResult

public RepositoryResult listTaskExtendedResult(java.lang.String taskId,
                                               java.util.Map options)
                                        throws WavesetException
Get all extended results for a task.

Specified by:
listTaskExtendedResult in interface Session
Throws:
WavesetException

getTaskExtendedResult

public RepositoryResult getTaskExtendedResult(java.lang.String taskId,
                                              java.util.Map options)
                                       throws WavesetException
Get all extended results for a task.

Specified by:
getTaskExtendedResult in interface Session
Throws:
WavesetException

getTaskExtendedResult

public RepositoryResult getTaskExtendedResult(java.lang.String taskId,
                                              java.util.Map options,
                                              int fromSequence,
                                              int toSequence)
                                       throws WavesetException
Description copied from interface: Session
Get a subset of extended task results.

Specified by:
getTaskExtendedResult in interface Session
Returns:
extended results within a sequence number range for a task. A convenience method that specifies the range in the options map.
Throws:
WavesetException

runScheduler

public void runScheduler()
                  throws WSAuthorizationException,
                         WavesetException
Request that the scheduler run now. An internal method that is not exposed through the GUI. We could try to prevent anyone from Configurator from calling this, but its relatively harmless.

Specified by:
runScheduler in interface Session
Throws:
WSAuthorizationException
WavesetException

runScheduler

public void runScheduler(long waitMillis)
                  throws WSAuthorizationException,
                         WavesetException
Request that the scheduler run now and wait for it to finish processing tasks.

Parameters:
waitMillis - - wait this long. (If -1, wait forever.) An internal method that is not exposed through the GUI. We could try to prevent anyone from Configurator from calling this, but its relatively harmless.
Throws:
WSAuthorizationException
WavesetException

stopScheduler

public void stopScheduler()
                   throws WSAuthorizationException,
                          WavesetException
Test method to request that the task scheduler be suspended. An internal method that is not exposed through the GUI. We could try to prevent anyone from Configurator from calling this, but its relatively harmless.

Specified by:
stopScheduler in interface Session
Throws:
WSAuthorizationException
WavesetException

startScheduler

public void startScheduler()
                    throws WSAuthorizationException,
                           WavesetException
Test method to request that the task scheduler be started. An internal method that is not exposed through the GUI. We could try to prevent anyone from Configurator from calling this, but its relatively harmless.

Specified by:
startScheduler in interface Session
Throws:
WSAuthorizationException
WavesetException

setSchedulerCycleTime

public void setSchedulerCycleTime(TaskState state,
                                  int seconds)
Sets the scheduler cycle time. An internal method that is not exposed through the GUI. We could try to prevent anyone from Configurator from calling this, but its relatively harmless.

Specified by:
setSchedulerCycleTime in interface Session

getWorkItems

public WorkItem[] getWorkItems()
                        throws WSAuthorizationException,
                               ItemNotFound,
                               WavesetException
Description copied from interface: Session
Retrieve the workflow work items assigned to the currently authenticated user.

This would be used by a workflow management application, where tasks for users other than the current user need to be displayed.

The current user must have the necessary permissions to access the item list for other users.

Specified by:
getWorkItems in interface Session
Throws:
WSAuthorizationException - if the user does not have access to the requested items.
ItemNotFound - if the user did not exist.
WavesetException - if an internal error is encountered.
See Also:
WorkItem

getWorkItems

public WorkItem[] getWorkItems(java.lang.String owner)
                        throws WSAuthorizationException,
                               ItemNotFound,
                               WavesetException
Return the work items for a particular user.

We don't check authorization on the list, since we query for just those that belong to he user.

We SHOULD however ensure that the current subject has access to the named user!

Note that the stored work item owner may now have a prefix if it is owned by a non-administrator. You must include this prefix in the owner argument.

Specified by:
getWorkItems in interface Session
Throws:
ItemNotFound - if the user did not exist.
WSAuthorizationException - if the user does not have access to the requested items.
WavesetException - if an internal error is encountered.
See Also:
WorkItem

listWorkItems

public RepositoryResult listWorkItems(java.lang.String owner)
                               throws WSAuthorizationException,
                                      ItemNotFound,
                                      WavesetException
Return a list of work items for a particular user.

We don't check authorization on the list, since we query for just those that belong tot he user.

We SHOULD however ensure that the current subject has access to the named user!

Note that the stored work item owner may now have a prefix if it is owned by a non-administrator. You must include this prefix in the owner argument.

Specified by:
listWorkItems in interface Session
Throws:
WSAuthorizationException
ItemNotFound
WavesetException

getWorkItem

public WorkItem getWorkItem(java.lang.String id)
                     throws WSAuthorizationException,
                            ItemNotFound,
                            WavesetException
Description copied from interface: Session
Retrieves a single workflow work item.

Applications may wish to call this method rather than getWorkItems if only a single object needs to be examined.

Work items are usually referenced by their system generated id. They will also have names, but the names are also system generated and are not meaningful.

Specified by:
getWorkItem in interface Session
Throws:
WavesetException - if an internal error is encountered.
WSAuthorizationException - if the user does not have access to the requested item.
ItemNotFound - if the task did not exist.
See Also:
Session.getWorkItems(java.lang.String), WorkItem

approveWorkItem

public void approveWorkItem(java.lang.String id)
                     throws WavesetException
Approve a work item. Authorization is styled after approveTask, even though "approval" is really just a checkout/checkin operation.

Specified by:
approveWorkItem in interface Session
Throws:
WavesetException - if an internal error is encountered.
See Also:
Session.rejectWorkItem(String), Session.getWorkItems(java.lang.String), Session.getWorkItem(java.lang.String)

rejectWorkItem

public void rejectWorkItem(java.lang.String id)
                    throws WSAuthorizationException,
                           ItemNotFound,
                           WavesetException
Description copied from interface: Session
Rejects a workflow work item.

After an item has been rejected, the task scheduler will eventually notice the change and advance the workflow case. Unlike the older approveTask method, there is no "async" option here, the operation is always asynchronous.

Specified by:
rejectWorkItem in interface Session
Throws:
WavesetException - if an internal error is encountered.
WSAuthorizationException - if the user does not have permission to modify the item.
ItemNotFound - if the item did not exist.
See Also:
Session.approveWorkItem(String), Session.getWorkItems(java.lang.String), Session.getWorkItem(java.lang.String)

provision

public WavesetResult provision(WSUser userdef)
                        throws MissingAttribute,
                               PolicyViolation,
                               WavesetException
DEPRECATED

Specified by:
provision in interface Session
Throws:
MissingAttribute
PolicyViolation
WavesetException

changeAdminPassword

public void changeAdminPassword(java.lang.String name,
                                EncryptedData newPassword)
                         throws WavesetException
Description copied from interface: Session
Change the password of an administrator.

This method is used to change another administrator's password. To change the password of the administrator authenticated to this session, use the changePassword(EncryptedData) method.

To change an end-user's password use the ChangeUserPassword view.

Specified by:
changeAdminPassword in interface Session
Throws:
WavesetException - if an internal error is encountered.
See Also:
Session.changePassword(EncryptedData)

reProvision

public WavesetResult reProvision(java.lang.String objectGroupName,
                                 Session.Scope scope,
                                 boolean getUserFromResources)
                          throws PolicyViolation,
                                 WavesetException
ReProvision accounts for user's which are members of the specified object group

Users which are members of the specified object group will be reprovisioned. The set of users is determined by the scope argument, where scope can be Scope.IMMEDIATE or Scope.ALL.

Scope.IMMEDIATE means to only reprovision users which are immeadiate or direct members of the specified object group.

Scope.ALL means to reprovision users which are members of the specified object group as well as member users of object groups contained within the specified object group.

Specified by:
reProvision in interface Session
Throws:
PolicyViolation
WavesetException

reProvision

public WavesetResult reProvision(java.lang.String userName,
                                 boolean getUserFromResources)
                          throws PolicyViolation,
                                 WavesetException
Original reprovision with default options.

Specified by:
reProvision in interface Session
Throws:
WavesetException - if an internal error is encountered.
PolicyViolation - if the password currently set for this user fails the policy defined by one of the resources.

reProvision

public WavesetResult reProvision(ProvisioningOptions ops)
                          throws PolicyViolation,
                                 WavesetException
New reprovision with full options. Need an organization iterator option somehow.

Specified by:
reProvision in interface Session
Throws:
PolicyViolation - if the password currently set for this user fails the policy defined by one of the resources.
WavesetException - if an internal error is encountered.

reProvisionImmediate

public WavesetResult reProvisionImmediate(ProvisioningOptions ops)
                                   throws PolicyViolation,
                                          WavesetException
New reprovision with full options. Need an organization iterator option somehow.

Throws:
PolicyViolation
WavesetException

deProvision

public WavesetResult deProvision(java.lang.String userName)
                          throws WavesetException
Description copied from interface: Session
Deprovision accounts for an existing user.

Deprovisioning consists of deleting all of the resource accounts that have been created for this user.

This is may be done to clean up accounts for a user that has become dormant. It must also be performed before the Waveset user object can be deleted.

Since deprovisioning may impact many resources, status of the deprovisioning is returned in a WavesetResult object.

NOTE: Need to document the items in the result object.

If any of the resources could not be contacted, this status will be returned in the result object, but no exception will be thrown. This means that "succesfull" completion of the method does not necessarily mean that deprovisioning has been completed.

NOTE: I'm not sure I like this, we might want to say that if any of the resources fail to deprovision, that we expose that as an exception.

Specified by:
deProvision in interface Session
Throws:
WavesetException - if an internal error is encountered.

deProvisionImmediate

public WavesetResult deProvisionImmediate(java.lang.String userName)
                                   throws WavesetException
Throws:
WavesetException

deProvision

public WavesetResult deProvision(java.lang.String objectGroupName,
                                 Session.Scope scope)
                          throws PolicyViolation,
                                 WavesetException
DeProvision accounts for user's which are members of the specified object group

Users which are members of the specified object group will be deprovisioned. The set of users is determined by the scope argument, where scope can be Scope.IMMEDIATE or Scope.ALL.

Scope.IMMEDIATE means to only reprovision users which are immeadiate or direct members of the specified object group.

Scope.ALL means to reprovision users which are members of the specified object group as well as member users of object groups contained within the specified object group.

Specified by:
deProvision in interface Session
Throws:
PolicyViolation
WavesetException

deleteAccount

public WavesetResult deleteAccount(java.lang.String userName,
                                   boolean force)
                            throws DeprovisionRequired,
                                   WavesetException
Delete an account.

Specified by:
deleteAccount in interface Session
Throws:
DeprovisionRequired - if resource accounts still exist.
WavesetException - if an internal error is encountered.
See Also:
Session.deProvision(java.lang.String)

deleteAccountImmediate

public void deleteAccountImmediate(java.lang.String userName,
                                   boolean force)
                            throws DeprovisionRequired,
                                   WavesetException
Delete an account.

Parameters:
userName - - the user to delete
force - - delete even if it has resource accounts attached
Throws:
DeprovisionRequired
WavesetException

changePassword

public WavesetResult changePassword(EncryptedData newPassword)
                             throws WavesetException
Change the password of the currently authenticated administrator.

This bypasses the usual authentication checking because our own Administrator is often not in a group we control.

Specified by:
changePassword in interface Session
Throws:
WavesetException - if an internal error is encountered.

callRule

public java.lang.Object callRule(ExState state,
                                 java.lang.String name,
                                 java.util.Map args)
                          throws WavesetException
Execute a rule. We implement the RuleExecutor interface in order to provide more sophisticated authorization for rules. The rule whose name is passed to this method is authorized using normal Lighthouse object authorization. Once "inside" the rule however, references to other rules are allowed without authorization checking. This allows a rule providing a restricted interface to "call up" to another more powerful rule that would not otherwise be directly accessible.

Specified by:
callRule in interface Session
Throws:
WavesetException

load

public WavesetResult load(LoadConfig config,
                          Monitor monitor)
                   throws WavesetException
Description copied from interface: Session
Perform a bulk load.

Bulk loading is a complex operation with many options. All the options are specified using a single LoadConfig object that may be created by the application, or stored in the repository.

While the load is being performed, the application may receive status events by supplying a Monitor object. This in effect defines a set of "callback" methods, that will be called periodically during the load.

A full description of the bulk load process is beyond the scope of Javadoc.

NOTE: Will have to refine the set of recoverable exceptions that bulk load may produce.

Specified by:
load in interface Session
Throws:
WavesetException
See Also:
LoadConfig, Monitor

setOption

public void setOption(java.lang.String option,
                      java.lang.String value)
               throws WavesetException
Sets a runtime session option. This was added mostly for tesing, but might grow to have other uses?

Specified by:
setOption in interface Session
Throws:
WavesetException - if an unknown option was specified, or an internal error was encountered.
See Also:
Session.resetOptions()

resetOptions

public void resetOptions()
Resets runtime options to their default state. Typically used at the start of a test to clear out any lingering runtime options that may still be set by a failed test.

Specified by:
resetOptions in interface Session
See Also:
Session.setOption(java.lang.String, java.lang.String)

clearCache

public void clearCache()
                throws WavesetException
Initialize the client cache.

Specified by:
clearCache in interface Session
Throws:
WavesetException - if an internal error is encountered.

clearServerCache

public void clearServerCache()
                      throws WavesetException
Initialize the server cache.

Used in a few unit tests, though we might be able to switch to the more powerful initServer method now?

Specified by:
clearServerCache in interface Session
Throws:
WavesetException - if an internal error is encountered.
See Also:
Session.clearCache()

clearListCache

public void clearListCache(Type type,
                           java.lang.String ogNameOrId)
                    throws WavesetException
Initialize the list cache.

Only used for the debug UI - and maybe the user UI

Specified by:
clearListCache in interface Session
Throws:
WavesetException

getAppName

public java.lang.String getAppName()
Return the application associated with the session

Specified by:
getAppName in interface Session

getLoginModGrp

public ObjectRef getLoginModGrp()
Return the application associated with the session


getModificationCounter

public long getModificationCounter(Type type)
                            throws WavesetException
Return the modification counter for a type.

Specified by:
getModificationCounter in interface Session
Throws:
WavesetException

getStatus

public java.lang.String getStatus()
Return session status.

Intended only for debugging, calls various status dumpers for internal objects. Might be better if we returned an XML string with a defined syntax.

Specified by:
getStatus in interface Session

dump

public void dump()
Dump session status.

Intended only for debugging, calls various status dumpers for internal objects.

Specified by:
dump in interface Session

println

public void println(java.lang.String msg)

setCurrentTime

public void setCurrentTime(java.util.Date d)
Set what the system considers the current date and time to a fixed value. Used only for unit tests.

Since setting this can circumvent security features like password reset limits, we only allow this to be set if the CONFIGURATOR has authenticated.

Specified by:
setCurrentTime in interface Session

getDebugCommands

public java.util.ArrayList getDebugCommands()
                                     throws WavesetException
return a collection of string arrays of debug commands & params. The arrays have a fixed format: [0] - name, [1..n] - parameter names. The commands will turn around and call jsps in the debug directory of the same name, posting the parameters with the names command_param.

Specified by:
getDebugCommands in interface Session
Throws:
WavesetException

getCacheConsistencyNumber

public long getCacheConsistencyNumber()
                               throws WavesetException
Throws:
WavesetException

getCacheConsistencyNumber

public long getCacheConsistencyNumber(Type type)
                               throws WavesetException
Description copied from interface: CacheConsistencyNumberLoader
Return a Cache Consistency Number. This will be called by the ObjectCache prior to any operation that wants to keep the cache up to date. The number returned will be stored in the cache, when it changes, the cache will be flushed.

The loader typically runs a database query after some number of calls to this method, and returns the current CCN. The loader typically does NOT query the database on every call to this method. While that would ensure that the cache is always up to date, it would slow things down, defeating some of the purpose of the cache. The loader should maintain a timestamp of the last database query, and reissue the query after a configurable number of seconds has passed. This behavior is put into the loader rather than the cache so we have fewer objects to update in case the CCN "polling interval" changes.

Specified by:
getCacheConsistencyNumber in interface CacheConsistencyNumberLoader
Throws:
WavesetException

loadObject

public PersistentObject loadObject(Type type,
                                   java.lang.String id,
                                   boolean tolerateMissing,
                                   boolean tolerateAuthzFailure,
                                   java.util.Map options)
                            throws WavesetException
Description copied from interface: ObjectLoader
Load an object from the storage manager. If tolerateMissing is true, silently return null if the object did not exist. If tolerateAuthzFailure is true, silently return null if the requesting admin doesn't have access to the requested object

Specified by:
loadObject in interface ObjectLoader
Throws:
WavesetException - if the object was not found in the storage manager, or an internal error was encountered.

loadObjects

public java.util.ArrayList loadObjects(Type type,
                                       AttributeCondition[] attrConds)
                                throws WavesetException
Description copied from interface: ObjectLoader
Load all objects of a given type. If the optional attribute list is specified, only those objects with matching "query" attributes is returned.

Specified by:
loadObjects in interface ObjectLoader
Throws:
WavesetException - if an internal error was encountered.

resourceAuthenticate

public void resourceAuthenticate(java.lang.String resId,
                                 java.util.HashMap loginProps)
                          throws WavesetException
Authenticate's against a resource using the resource adapter's authenticate method. resId is the id of the resource object and loginProps is a HashMap of the login properties (the required properties can be found on the LoginConfig object. If no exception is thrown, the authentication was successful.

Specified by:
resourceAuthenticate in interface Session
Throws:
WavesetException

getResourceObject

public GenericObject getResourceObject(java.lang.String resourceId,
                                       java.lang.String objectType,
                                       java.lang.String objectId,
                                       java.util.Map options)
                                throws WavesetException
Returns the requested objectId of the requested objectType from the resource

Specified by:
getResourceObject in interface LighthouseContext
Parameters:
objectId - - a valid fully qualified object identifier on this resource (e.g. "dn")
options - - not currently used since the objectId/objectType provide a unique identifier of the object being requested
Throws:
WavesetException

listResourceObjects

public java.util.ArrayList listResourceObjects(java.lang.String objectType,
                                               java.util.ArrayList resourceList,
                                               java.util.Map options,
                                               java.lang.String subjectName,
                                               boolean cacheList,
                                               long cacheTimeout,
                                               boolean clearCacheIfExists)
                                        throws WavesetException
This method returns a list of resource object names of the specified resource object type from the specified list of resources (resourceList of Ids or names). In addition, one can specify a set of one or more key / string value pairs specific to the resource from which the object list is being requested. For example, - context ==> dn from where to start collecting list of object names to return - shortname ==> if true, only common name will be returned for dn type object names Note that there is no Waveset authorization check in this method since we are not returning any data controlled by Waveset. Instead, the caller can optionally, pass a runAsUser and runAsPassword for the method to be invoked with by the adapter / agent. The default is that the method will run as the administrator identity specified in the Waveset resource definition. This method will first attempt to get the list of resource objects of the specified type (e.g. group, distlist, etc.) from the server's resourceObjectListCache. If found, this list will be returned. If not found, the method will invoke the listResourceObjects method on each resource, merge, sort, and remove duplicates on the resulting lists, and finally cache this new list in the server's resourceObjectListCache for any subsequent requests for the same resource object type from the same resource(s). If the caller wants to ensure they are getting the resource object list from the resources and not from the server's cache, they should first invoke the clearResourceObjectListCache() method or set the cacheList argument to 'false'. Same function as getResourceObjects above, plus the ability to cache and manage the cache of the returned objects
    cachList - "true" to have the returned list of objects cached by the server; otherwise "false"
  1. cacheTimeout - if cacheList is true, this can set the number of milliseconds before the cache times out. When the cache times out, the object will automatically be retrieved from the resource the next time they are requested
  2. clearCacheIfExists - force the cache to be cleared and the objects to be re fetched from the resource the next time they are requested

Specified by:
listResourceObjects in interface Session
Throws:
WavesetException

listResourceObjects

public java.util.ArrayList listResourceObjects(java.lang.String objectType,
                                               java.lang.String resId,
                                               java.util.Map options,
                                               java.lang.String subjectName,
                                               boolean cacheList,
                                               long cacheTimeout,
                                               boolean clearCacheIfExists)
                                        throws WavesetException
This method returns a list of resource object names of the specified resource object type from the specified resourceId. Note that there is no Waveset authorization check in this method since we are not returning any data controlled by Waveset. Instead, the caller can optionally, pass a runAsUser and runAsPassword for the method to be invoked with by the adapter / agent. The default is that the method will run as the administrator identity specified in the Waveset resource definition.

Specified by:
listResourceObjects in interface Session
Parameters:
objectType - - the name of a valid object class for this specified "resourceId". If null, will return objects of all object types defined by the specified resId found within the specified search container and scope and the search filter is specified.
options - - several options can be specified which control the behavior of the search. They include:
    "searchContext" - the value of this option determines within what context to perform search (ResourceAdapter.RA_SEARCH_CONTEXT). If not specified, will attempt to get a value from RA_BASE_CONTEXT. If no value, will assume search should be done from logical top.
  1. "searchFilter" - optional specification, in LDAP search filter format as specified in RFC 1558, of one or more object tuples either and'ed or or'ed together. If not specified, a filter will be constructed using the specified objectType. (ResourceAdapter.SEARCH_FILTER).
  2. "searchScope" - specifies whether the search should be done on the current object, only within the context of the specified "searchContext", or in all subcontext within the specified "searchContext" (ResourceAdapter.RA_SEARCH_SCOPE). Valid values are "object", "oneLevel", or "subTree" indicates that the search should be performed on all sub contexts within the specified "searchContext".
  3. "searchTimeLimit" - the timelimit in milliseconds a search should not exceed (ResourceAdapter.RA_SEARCH_TIME_LIMIT).
  4. "searchAttrsToGet" - the list of objectType specific attribute names to get per object
  5. "runAsUser" - user name this request is to be run as. If not specified, defaults to resource proxy admin user.
  6. "runAsPassword" - password of runAsUser. Required to authenticate with resource in order to run the list request as the specified user
  7. "cache" - "true" to have the returned list of objects cached by the server; otherwise "false"
  8. "cacheTimeout" - if cacheList is true, this can set the number of milliseconds before the cache times out. When the cache times out, the object will automatically be retrieved from the resource the next time they are requested
  9. "clearCache" - force the cache to be cleared and the objects to be refetched from the resource the next time they are requested
Throws:
WavesetException

clearResourceObjectListCache

public void clearResourceObjectListCache(java.lang.String subjectName,
                                         java.lang.String objectType,
                                         java.lang.String resId)
                                  throws WavesetException
Clear all resource object lists from the cache for all users including default

Specified by:
clearResourceObjectListCache in interface Session
Throws:
WavesetException

clearResourceObjectListCache

public void clearResourceObjectListCache(java.util.Map options)
                                  throws WavesetException
Clear specified resource object lists from the cache

Specified by:
clearResourceObjectListCache in interface Session
Throws:
WavesetException

getResourceIdentity

public java.lang.String getResourceIdentity(java.lang.String subjectName,
                                            java.lang.String resId)
                                     throws WavesetException
Specified by:
getResourceIdentity in interface Session
Throws:
WavesetException

getResourceObjects

public java.util.List getResourceObjects(java.lang.String objectType,
                                         java.lang.String resId,
                                         java.util.Map options,
                                         java.lang.String subjectName,
                                         boolean cacheList,
                                         long cacheTimeout,
                                         boolean clearCacheIfExists)
                                  throws WavesetException
Returns a list of GenericObjects where each object contains a set of attributes including type, name, and id (fully qualified name - e.g. dn) as well as any requested searchAttrsToGet

Specified by:
getResourceObjects in interface Session
Parameters:
objectType - - the name of a valid object class for this specified "resourceId". If null, will return objects of all object types defined by the specified resId found within the specified search container and scope and the search filter is specified.
options - - several options can be specified which control the behavior of the search. They include:
    "searchContext" - the value of this option determines within what context to perform search (ResourceAdapter.RA_SEARCH_CONTEXT). If not specified, will attempt to get a value from RA_BASE_CONTEXT. If no value, will assume search should be done from logical top.
  1. "searchFilter" - optional specification, in LDAP search filter format as specified in RFC 1558, of one or more object tuples either and'ed or or'ed together. If not specified, a filter will be constructed using the specified objectType. (ResourceAdapter.SEARCH_FILTER).
  2. "searchScope" - specifies whether the search should be done on the current object, only within the context of the specified "searchContext", or in all subcontext within the specified "searchContext" (ResourceAdapter.RA_SEARCH_SCOPE). Valid values are "object", "oneLevel", or "subTree" indicates that the search should be performed on all sub contexts within the specified "searchContext".
  3. "searchTimeLimit" - the timelimit in milliseconds a search should not exceed (ResourceAdapter.RA_SEARCH_TIME_LIMIT).
  4. "searchAttrsToGet" - the list of objectType specific attribute names to get per object
  5. "runAsUser" - user name this request is to be run as. If not specified, defaults to resource proxy admin user.
  6. "runAsPassword" - password of runAsUser. Required to authenticate with resource in order to run the list request as the specified user
Same function as getResourceObjects, plus the ability to cache and manage the cache of the returned objects
    cachList - "true" to have the returned list of objects cached by the server; otherwise "false"
  1. cacheTimeout - if cacheList is true, this can set the number of milliseconds before the cache times out. When the cache times out, the object will automatically be retrieved from the resource the next time they are requested
  2. clearCacheIfExists - force the cache to be cleared and the objects to be re fetched from the resource the next time they are requested
resId - - the resource from which to get the objects
Throws:
WavesetException

getResourceObjects

public java.util.List getResourceObjects(java.lang.String objectType,
                                         java.lang.String resId,
                                         java.util.Map options)
                                  throws WavesetException
Returns a list of GenericObjects where each object contains a set of attributes including type, name, and id (fully qualified name - e.g. dn) as well as any requested searchAttrsToGet

Specified by:
getResourceObjects in interface LighthouseContext
Parameters:
objectType - - the name of a valid object class for this specified "resourceId". If null, will return objects of all object types defined by the specified resId found within the specified search container and scope and the search filter is specified.
resId - - the resource from which to get the objects
options - - several options can be specified which control the behavior of the search. They include:
    "searchContext" - the value of this option determines within what context to perform search (ResourceAdapter.RA_SEARCH_CONTEXT). If not specified, will attempt to get a value from RA_BASE_CONTEXT. If no value, will assume search should be done from logical top.
  1. "searchFilter" - optional specification, in LDAP search filter format as specified in RFC 1558, of one or more object tuples either and'ed or or'ed together. If not specified, a filter will be constructed using the specified objectType. (ResourceAdapter.SEARCH_FILTER).
  2. "searchScope" - specifies whether the search should be done on the current object, only within the context of the specified "searchContext", or in all subcontext within the specified "searchContext" (ResourceAdapter.RA_SEARCH_SCOPE). Valid values are "object", "oneLevel", or "subTree" indicates that the search should be performed on all sub contexts within the specified "searchContext".
  3. "searchTimeLimit" - the timelimit in milliseconds a search should not exceed (ResourceAdapter.RA_SEARCH_TIME_LIMIT).
  4. "searchAttrsToGet" - the list of objectType specific attribute names to get per object
  5. "runAsUser" - user name this request is to be run as. If not specified, defaults to resource proxy admin user.
  6. "runAsPassword" - password of runAsUser. Required to authenticate with resource in order to run the list request as the specified user
  7. "cache" - "true" to have the returned list of objects cached by the server; otherwise "false"
  8. "cacheTimeout" - if cacheList is true, this can set the number of milliseconds before the cache times out. When the cache times out, the object will automatically be retrieved from the resource the next time they are requested
  9. "clearCache" - force the cache to be cleared and the objects to be re fetched from the resource the next time they are requested
Throws:
WavesetException

clearResourceObjectGetCache

public void clearResourceObjectGetCache(java.lang.String subjectName,
                                        java.lang.String objectType,
                                        java.lang.String resId)
                                 throws WavesetException
Clear all resource object lists from the cache for all users including default

Specified by:
clearResourceObjectGetCache in interface Session
Throws:
WavesetException

clearResourceObjectGetCache

public void clearResourceObjectGetCache(java.util.Map options)
                                 throws WavesetException
Clear specified resource object lists from the cache

Specified by:
clearResourceObjectGetCache in interface Session
Throws:
WavesetException

getLocale

public java.util.Locale getLocale()
Get the locale from the subject.

Specified by:
getLocale in interface Session

setLocale

public void setLocale(java.util.Locale locale)
Set the locale on the subject of this session. Use the subject so components that create sessions using the Subject don't loose the locale.

Specified by:
setLocale in interface Session

countObjects

public int countObjects(java.lang.Object typeid,
                        java.util.Map options)
                 throws WavesetException
This method returns an integer which represents the number of objects that exist in the repository which match the given attribute conditions.

Specified by:
countObjects in interface ObjectSource
Throws:
WavesetException