You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@directory.apache.org by gi...@apache.org on 2022/07/25 21:21:01 UTC
[directory-site] branch asf-site updated: Updated site from master (2692731443d9919cc0d10c9ff46953e2a29ffc17)
This is an automated email from the ASF dual-hosted git repository.
git-site-role pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/directory-site.git
The following commit(s) were added to refs/heads/asf-site by this push:
new e220c680 Updated site from master (2692731443d9919cc0d10c9ff46953e2a29ffc17)
e220c680 is described below
commit e220c680723b815476cdc1feeda0cb7d1b6e4ab8
Author: jenkins <bu...@apache.org>
AuthorDate: Mon Jul 25 21:20:57 2022 +0000
Updated site from master (2692731443d9919cc0d10c9ff46953e2a29ffc17)
---
content/fortress/index.xml | 27 +++++++++++++------
.../fortress/user-guide/4.1-create-session.html | 20 +++++++++-----
content/fortress/user-guide/4.2-check-access.html | 31 +++++++++++++++-------
.../user-guide/4.3-session-permissions.html | 21 ++++++++++-----
content/fortress/user-guide/4.4-activate-role.html | 30 ++++++++++++---------
.../fortress/user-guide/4.5-deactivate-role.html | 23 +++++++++++-----
.../fortress/user-guide/4.6-authorized-roles.html | 21 ++++++++++-----
content/index.xml | 27 +++++++++++++------
content/sitemap.xml | 14 +++++-----
9 files changed, 142 insertions(+), 72 deletions(-)
diff --git a/content/fortress/index.xml b/content/fortress/index.xml
index 103a116e..6836c25b 100644
--- a/content/fortress/index.xml
+++ b/content/fortress/index.xml
@@ -147,7 +147,8 @@ More info here on how it works:
<guid>https://directory.apache.org/fortress/user-guide/4.1-create-session.html</guid>
<description>4.1 - CreateSession Session createSession(User user, boolean isTrusted) throws SecurityException Perform user authentication and role activations in one method. This method must be called once per user prior to calling other methods within this class. The successful result is Session that contains target user&rsquo;s RBAC roles. In addition to checking user password validity it will apply configured password policy checks.
-Parameters: user - Contains User.userId, User.password (optional if isTrusted is &lsquo;true&rsquo;), optional User.</description>
+Parameters:
+ user - Contains User.userId, User.password (optional if isTrusted is &lsquo;true&rsquo;), optional User.</description>
</item>
<item>
@@ -156,7 +157,9 @@ Parameters: user - Contains User.userId, User.password (optional if isTrusted is
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>https://directory.apache.org/fortress/user-guide/4.2-check-access.html</guid>
- <description>4.2 - Check Access boolean checkAccess(Session session, Permission perm) throws SecurityException Perform user RBAC authorization. This function returns a Boolean value meaning whether the subject of a given session is allowed not to perform a given operation on a given object. The function is valid if and only if the session is a valid Fortress session, the object is a member of the OBJS data set, and the operation is a member of the OPS data set.</description>
+ <description>4.2 - Check Access boolean checkAccess(Session session, Permission perm) throws SecurityException Perform user RBAC authorization. This function returns a Boolean value meaning whether the subject of a given session is allowed not to perform a given operation on a given object.
+The function is valid if and only if:
+ the session is a valid Fortress session the object is a member of the OBJS data set the operation is a member of the OPS data set.</description>
</item>
<item>
@@ -165,8 +168,10 @@ Parameters: user - Contains User.userId, User.password (optional if isTrusted is
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>https://directory.apache.org/fortress/user-guide/4.3-session-permissions.html</guid>
- <description>4.3 - Session Permissions List&lt;Permission&gt; sessionPermissions( Session session ) throws SecurityException This function returns the permissions of the session, i.e., the permissions assigned to its authorized roles. The function is valid if and only if the session is a valid Fortress session.
-Parameters: session - This object must be instantiated by calling createSession(org.apache.directory.fortress.core.model.User, boolean) method before passing into the method. No variables need to be set by client after returned from createSession.</description>
+ <description>4.3 - Session Permissions List&lt;Permission&gt; sessionPermissions( Session session ) throws SecurityException This function returns the permissions of the session, i.e., the permissions assigned to its authorized roles.
+The function is valid if and only if the session is a valid Fortress session.
+Parameters:
+ session - This object must be instantiated by calling createSession(org.apache.directory.fortress.core.model.User, boolean) method before passing into the method. No variables need to be set by client after returned from createSession.</description>
</item>
<item>
@@ -176,7 +181,8 @@ Parameters: session - This object must be instantiated by calling createSession(
<guid>https://directory.apache.org/fortress/user-guide/4.4-activate-role.html</guid>
<description>4.4 - Add Active Role void addActiveRole(Session session, UserRole role) throws SecurityException This function adds a role as an active role of a session whose owner is a given user.
-The function is valid if and only if: the user is a member of the USERS data set the role is a member of the ROLES data set the role inclusion does not violate Dynamic Separation of Duty Relationships the session is a valid Fortress session the user is authorized to that role the session is owned by that user.</description>
+The function is valid if and only if:
+ the user is a member of the USERS data set the role is a member of the ROLES data set the role inclusion does not violate Dynamic Separation of Duty Relationships the session is a valid Fortress session the user is authorized to that role the session is owned by that user Parameters:</description>
</item>
<item>
@@ -185,7 +191,9 @@ The function is valid if and only if: the user is a member of the USERS data set
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>https://directory.apache.org/fortress/user-guide/4.5-deactivate-role.html</guid>
- <description>4.5 - Drop Active Role void dropActiveRole(Session session, UserRole role) throws SecurityException This function deletes a role from the active role set of a session owned by a given user. The function is valid if and only if the user is a member of the USERS data set, the session object contains a valid Fortress session, the session is owned by the user, and the role is an active role of that session.</description>
+ <description>4.5 - Drop Active Role void dropActiveRole(Session session, UserRole role) throws SecurityException This function deletes a role from the active role set of a session owned by a given user.
+The function is valid if and only if:
+ the user is a member of the USERS data set the session object contains a valid Fortress session the session is owned by the user the role is an active role of that session Parameters:</description>
</item>
<item>
@@ -194,8 +202,11 @@ The function is valid if and only if: the user is a member of the USERS data set
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>https://directory.apache.org/fortress/user-guide/4.6-authorized-roles.html</guid>
- <description>4.6 - Authorized Roles Set&lt;String&gt; authorizedRoles(Session session) throws SecurityException This function returns the authorized roles associated with a session based on hierarchical relationships. The function is valid if and only if the session is a valid Fortress session.
-Parameters: session - object contains the user&rsquo;s returned RBAC session from the createSession method. Returns: Set containing all roles active in user&rsquo;s session. This will contain inherited roles. Throws: SecurityException - is thrown if session invalid or system.</description>
+ <description>4.6 - Authorized Roles Set&lt;String&gt; authorizedRoles(Session session) throws SecurityException This function returns the authorized roles associated with a session based on hierarchical relationships.
+The function is valid if and only if the session is a valid Fortress session.
+Parameters:
+ session - object contains the user&rsquo;s returned RBAC session from the createSession method. Returns:
+ Set containing all roles active in user&rsquo;s session. This will contain inherited roles. Throws:</description>
</item>
<item>
diff --git a/content/fortress/user-guide/4.1-create-session.html b/content/fortress/user-guide/4.1-create-session.html
index 7ca35670..909850bc 100644
--- a/content/fortress/user-guide/4.1-create-session.html
+++ b/content/fortress/user-guide/4.1-create-session.html
@@ -157,13 +157,19 @@
</code></pre></div><p>Perform user authentication and role activations in one method.
This method must be called once per user prior to calling other methods within this class. The successful result is Session that contains target user’s RBAC roles.
In addition to checking user password validity it will apply configured password policy checks.</p>
-<p>Parameters:
-user - Contains User.userId, User.password (optional if isTrusted is ‘true’), optional User.roles, optional User.adminRoles
-isTrusted - if true password is not required.
-Returns:
-Session object will contain authentication result code Session.errorId, RBAC role activations Session.getRoles(), Admin Role activations Session.getAdminRoles(), Password policy codes Session.warnings, Session.expirationSeconds, Session.graceLogins and more.
-Throws:
-SecurityException - in the event of data validation failure, security policy violation or DAO error.</p>
+<p>Parameters:</p>
+<ul>
+<li>user - Contains User.userId, User.password (optional if isTrusted is ‘true’), optional User.roles, optional User.adminRoles</li>
+<li>isTrusted - if true password is not required.</li>
+</ul>
+<p>Returns:</p>
+<ul>
+<li>Session object will contain authentication result code Session.errorId, RBAC role activations Session.getRoles(), Admin Role activations Session.getAdminRoles(), Password policy codes Session.warnings, Session.expirationSeconds, Session.graceLogins and more.</li>
+</ul>
+<p>Throws:</p>
+<ul>
+<li>SecurityException - in the event of data validation failure, security policy violation or DAO error.</li>
+</ul>
<h2 id="simple-createsession">Simple createSession</h2>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-java" data-lang="java"><span style="color:#a2f">@test</span>
<span style="color:#a2f;font-weight:bold">public</span> <span style="color:#0b0;font-weight:bold">void</span> <span style="color:#00a000">createSessionTest</span><span style="color:#666">(</span>String userId<span style="color:#666">,</span> String password<span style="color:#666">,</span> <span style="color:#0b0;font-weight:bold">int</span> expectedRoles<span style="color:#666">)</span>
diff --git a/content/fortress/user-guide/4.2-check-access.html b/content/fortress/user-guide/4.2-check-access.html
index 491ea7bb..463bb3a9 100644
--- a/content/fortress/user-guide/4.2-check-access.html
+++ b/content/fortress/user-guide/4.2-check-access.html
@@ -155,17 +155,28 @@
<h1 id="42---check-access">4.2 - Check Access</h1>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-java" data-lang="java"><span style="color:#0b0;font-weight:bold">boolean</span> <span style="color:#00a000">checkAccess</span><span style="color:#666">(</span>Session session<span style="color:#666">,</span> Permission perm<span style="color:#666">)</span> <span style="color:#a2f;font-weight:bold">throws</span> SecurityException
</code></pre></div><p>Perform user RBAC authorization. This function returns a Boolean value meaning whether the subject of a given session is allowed
-not to perform a given operation on a given object. The function is valid if and only if the session is a valid Fortress session,
-the object is a member of the OBJS data set, and the operation is a member of the OPS data set. The session’s subject has the permission
-to perform the operation on that object if and only if that permission is assigned to (at least) one of the session’s active roles.
+not to perform a given operation on a given object.</p>
+<p>The function is valid if and only if:</p>
+<ul>
+<li>the session is a valid Fortress session</li>
+<li>the object is a member of the OBJS data set</li>
+<li>the operation is a member of the OPS data set.</li>
+</ul>
+<p>The session’s subject has the permission to perform the operation on that object if and only if that permission is assigned to (at least) one of the session’s active roles.
This implementation will verify the roles or userId correspond to the subject’s active roles are registered in the object’s access control list.</p>
-<p>Parameters:
-perm - must contain the object, Permission.objName, and operation, Permission.opName, of permission User is trying to access.
-session - This object must be instantiated by calling createSession(org.apache.directory.fortress.core.model.User, boolean) method before passing into the method. No variables need to be set by client after returned from createSession.
-Returns:
-True if user has access, false otherwise.
-Throws:
-SecurityException - in the event of data validation failure, security policy violation or DAO error.</p>
+<p>Parameters:</p>
+<ul>
+<li>perm - must contain the object, Permission.objName, and operation, Permission.opName, of permission User is trying to access.</li>
+<li>session - This object must be instantiated by calling createSession(org.apache.directory.fortress.core.model.User, boolean) method before passing into the method. No variables need to be set by client after returned from createSession.</li>
+</ul>
+<p>Returns:</p>
+<ul>
+<li>True if user has access, False otherwise.</li>
+</ul>
+<p>Throws:</p>
+<ul>
+<li>SecurityException - in the event of data validation failure, security policy violation or DAO error.</li>
+</ul>
<h2 id="checkaccess">checkAccess</h2>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-java" data-lang="java"><span style="color:#a2f">@test</span>
<span style="color:#a2f;font-weight:bold">public</span> <span style="color:#a2f;font-weight:bold">static</span> <span style="color:#0b0;font-weight:bold">void</span> <span style="color:#00a000">testCheckAccess</span><span style="color:#666">(</span> Session session<span style="color:#666">,</span> String objectName<span style="color:#666">,</span> String operationName <span style="color:#666">)</span>
diff --git a/content/fortress/user-guide/4.3-session-permissions.html b/content/fortress/user-guide/4.3-session-permissions.html
index 6d4b5db7..0180ddd9 100644
--- a/content/fortress/user-guide/4.3-session-permissions.html
+++ b/content/fortress/user-guide/4.3-session-permissions.html
@@ -154,13 +154,20 @@
<h1 id="43---session-permissions">4.3 - Session Permissions</h1>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-java" data-lang="java">List<span style="color:#666"><</span>Permission<span style="color:#666">></span> <span style="color:#00a000">sessionPermissions</span><span style="color:#666">(</span> Session session <span style="color:#666">)</span> <span style="color:#a2f;font-weight:bold">throws</span> SecurityException
-</code></pre></div><p>This function returns the permissions of the session, i.e., the permissions assigned to its authorized roles. The function is valid if and only if the session is a valid Fortress session.</p>
-<p>Parameters:
-session - This object must be instantiated by calling createSession(org.apache.directory.fortress.core.model.User, boolean) method before passing into the method. No variables need to be set by client after returned from createSession.
-Returns:
-List<Permission> containing permissions (op, obj) active for user’s session.
-Throws:
-SecurityException - is thrown if runtime error occurs with system.</p>
+</code></pre></div><p>This function returns the permissions of the session, i.e., the permissions assigned to its authorized roles.</p>
+<p>The function is valid if and only if the session is a valid Fortress session.</p>
+<p>Parameters:</p>
+<ul>
+<li>session - This object must be instantiated by calling createSession(org.apache.directory.fortress.core.model.User, boolean) method before passing into the method. No variables need to be set by client after returned from createSession.</li>
+</ul>
+<p>Returns:</p>
+<ul>
+<li>List<Permission> containing permissions (op, obj) active for user’s session.</li>
+</ul>
+<p>Throws:</p>
+<ul>
+<li>SecurityException - is thrown if runtime error occurs with system.</li>
+</ul>
<h2 id="sessionpermissions">sessionPermissions</h2>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-java" data-lang="java"><span style="color:#a2f">@test</span>
<span style="color:#a2f;font-weight:bold">public</span> <span style="color:#a2f;font-weight:bold">static</span> <span style="color:#0b0;font-weight:bold">void</span> <span style="color:#00a000">testSessionPermissions</span><span style="color:#666">(</span> Session session <span style="color:#666">)</span>
diff --git a/content/fortress/user-guide/4.4-activate-role.html b/content/fortress/user-guide/4.4-activate-role.html
index 7e20630e..f31e6df6 100644
--- a/content/fortress/user-guide/4.4-activate-role.html
+++ b/content/fortress/user-guide/4.4-activate-role.html
@@ -155,18 +155,24 @@
<h1 id="44---add-active-role">4.4 - Add Active Role</h1>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-java" data-lang="java"><span style="color:#0b0;font-weight:bold">void</span> <span style="color:#00a000">addActiveRole</span><span style="color:#666">(</span>Session session<span style="color:#666">,</span> UserRole role<span style="color:#666">)</span> <span style="color:#a2f;font-weight:bold">throws</span> SecurityException
</code></pre></div><p>This function adds a role as an active role of a session whose owner is a given user.</p>
-<p>The function is valid if and only if:
-the user is a member of the USERS data set
-the role is a member of the ROLES data set
-the role inclusion does not violate Dynamic Separation of Duty Relationships
-the session is a valid Fortress session
-the user is authorized to that role
-the session is owned by that user.</p>
-<p>Parameters:
-session - object contains the user’s returned RBAC session from the createSession method.
-role - object contains the role name, UserRole.name, to be activated into session.
-Throws:
-SecurityException - is thrown if user is not allowed to activate or runtime error occurs with system.</p>
+<p>The function is valid if and only if:</p>
+<ul>
+<li>the user is a member of the USERS data set</li>
+<li>the role is a member of the ROLES data set</li>
+<li>the role inclusion does not violate Dynamic Separation of Duty Relationships</li>
+<li>the session is a valid Fortress session</li>
+<li>the user is authorized to that role</li>
+<li>the session is owned by that user</li>
+</ul>
+<p>Parameters:</p>
+<ul>
+<li>session - object contains the user’s returned RBAC session from the createSession method.</li>
+<li>role - object contains the role name, UserRole.name, to be activated into session.</li>
+</ul>
+<p>Throws:</p>
+<ul>
+<li>SecurityException - is thrown if user is not allowed to activate or runtime error occurs with system.</li>
+</ul>
<h2 id="addactiverole">addActiveRole</h2>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-java" data-lang="java"><span style="color:#a2f">@test</span>
<span style="color:#a2f;font-weight:bold">public</span> <span style="color:#a2f;font-weight:bold">static</span> <span style="color:#0b0;font-weight:bold">void</span> <span style="color:#00a000">testAddActiveRole</span><span style="color:#666">(</span> Session session<span style="color:#666">,</span> String roleName <span style="color:#666">)</span>
diff --git a/content/fortress/user-guide/4.5-deactivate-role.html b/content/fortress/user-guide/4.5-deactivate-role.html
index 42df76d5..0ff1aca9 100644
--- a/content/fortress/user-guide/4.5-deactivate-role.html
+++ b/content/fortress/user-guide/4.5-deactivate-role.html
@@ -154,12 +154,23 @@
<h1 id="45---drop-active-role">4.5 - Drop Active Role</h1>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-java" data-lang="java"><span style="color:#0b0;font-weight:bold">void</span> <span style="color:#00a000">dropActiveRole</span><span style="color:#666">(</span>Session session<span style="color:#666">,</span> UserRole role<span style="color:#666">)</span> <span style="color:#a2f;font-weight:bold">throws</span> SecurityException
-</code></pre></div><p>This function deletes a role from the active role set of a session owned by a given user. The function is valid if and only if the user is a member of the USERS data set, the session object contains a valid Fortress session, the session is owned by the user, and the role is an active role of that session.</p>
-<p>Parameters:
-session - object contains the user’s returned RBAC session from the createSession method.
-role - object contains the role name, UserRole.name, to be deactivated.
-Throws:
-SecurityException - is thrown if user is not allowed to deactivate or runtime error occurs with system.</p>
+</code></pre></div><p>This function deletes a role from the active role set of a session owned by a given user.</p>
+<p>The function is valid if and only if:</p>
+<ul>
+<li>the user is a member of the USERS data set</li>
+<li>the session object contains a valid Fortress session</li>
+<li>the session is owned by the user</li>
+<li>the role is an active role of that session</li>
+</ul>
+<p>Parameters:</p>
+<ul>
+<li>session - object contains the user’s returned RBAC session from the createSession method.</li>
+<li>role - object contains the role name, UserRole.name, to be deactivated.</li>
+</ul>
+<p>Throws:</p>
+<ul>
+<li>SecurityException - is thrown if user is not allowed to deactivate or runtime error occurs with system.</li>
+</ul>
<h2 id="dropactiverole">dropActiveRole</h2>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-java" data-lang="java"><span style="color:#a2f">@test</span>
<span style="color:#a2f;font-weight:bold">public</span> <span style="color:#a2f;font-weight:bold">static</span> <span style="color:#0b0;font-weight:bold">void</span> <span style="color:#00a000">testDropActiveRole</span><span style="color:#666">(</span> Session session<span style="color:#666">,</span> String roleName <span style="color:#666">)</span>
diff --git a/content/fortress/user-guide/4.6-authorized-roles.html b/content/fortress/user-guide/4.6-authorized-roles.html
index 347e987f..ac6eb2e4 100644
--- a/content/fortress/user-guide/4.6-authorized-roles.html
+++ b/content/fortress/user-guide/4.6-authorized-roles.html
@@ -153,13 +153,20 @@
<h1 id="46---authorized-roles">4.6 - Authorized Roles</h1>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-java" data-lang="java">Set<span style="color:#666"><</span>String<span style="color:#666">></span> <span style="color:#00a000">authorizedRoles</span><span style="color:#666">(</span>Session session<span style="color:#666">)</span> <span style="color:#a2f;font-weight:bold">throws</span> SecurityException
-</code></pre></div><p>This function returns the authorized roles associated with a session based on hierarchical relationships. The function is valid if and only if the session is a valid Fortress session.</p>
-<p>Parameters:
-session - object contains the user’s returned RBAC session from the createSession method.
-Returns:
-Set<String> containing all roles active in user’s session. This will contain inherited roles.
-Throws:
-SecurityException - is thrown if session invalid or system. error.</p>
+</code></pre></div><p>This function returns the authorized roles associated with a session based on hierarchical relationships.</p>
+<p>The function is valid if and only if the session is a valid Fortress session.</p>
+<p>Parameters:</p>
+<ul>
+<li>session - object contains the user’s returned RBAC session from the createSession method.</li>
+</ul>
+<p>Returns:</p>
+<ul>
+<li>Set<String> containing all roles active in user’s session. This will contain inherited roles.</li>
+</ul>
+<p>Throws:</p>
+<ul>
+<li>SecurityException - is thrown if session invalid or system. error.</li>
+</ul>
<h2 id="authorizedroles">authorizedRoles</h2>
<div class="highlight"><pre style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4"><code class="language-java" data-lang="java"><span style="color:#a2f">@test</span>
<span style="color:#a2f;font-weight:bold">public</span> <span style="color:#a2f;font-weight:bold">static</span> <span style="color:#0b0;font-weight:bold">void</span> <span style="color:#00a000">testAuthorizedRoles</span><span style="color:#666">(</span> Session session <span style="color:#666">)</span>
diff --git a/content/index.xml b/content/index.xml
index 8cf80911..b6309b8b 100644
--- a/content/index.xml
+++ b/content/index.xml
@@ -1540,7 +1540,8 @@ A minimal /etc/krb5.conf file looks as follows (make sure the port and host name
<guid>https://directory.apache.org/fortress/user-guide/4.1-create-session.html</guid>
<description>4.1 - CreateSession Session createSession(User user, boolean isTrusted) throws SecurityException Perform user authentication and role activations in one method. This method must be called once per user prior to calling other methods within this class. The successful result is Session that contains target user&rsquo;s RBAC roles. In addition to checking user password validity it will apply configured password policy checks.
-Parameters: user - Contains User.userId, User.password (optional if isTrusted is &lsquo;true&rsquo;), optional User.</description>
+Parameters:
+ user - Contains User.userId, User.password (optional if isTrusted is &lsquo;true&rsquo;), optional User.</description>
</item>
<item>
@@ -1733,7 +1734,9 @@ Chapter content 4.2.1 - Introduction 4.2.2 - Definitions 4.2.3 - Enabling acces
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>https://directory.apache.org/fortress/user-guide/4.2-check-access.html</guid>
- <description>4.2 - Check Access boolean checkAccess(Session session, Permission perm) throws SecurityException Perform user RBAC authorization. This function returns a Boolean value meaning whether the subject of a given session is allowed not to perform a given operation on a given object. The function is valid if and only if the session is a valid Fortress session, the object is a member of the OBJS data set, and the operation is a member of the OPS data set.</description>
+ <description>4.2 - Check Access boolean checkAccess(Session session, Permission perm) throws SecurityException Perform user RBAC authorization. This function returns a Boolean value meaning whether the subject of a given session is allowed not to perform a given operation on a given object.
+The function is valid if and only if:
+ the session is a valid Fortress session the object is a member of the OBJS data set the operation is a member of the OPS data set.</description>
</item>
<item>
@@ -2104,8 +2107,10 @@ Partition and Access Control Area Setup For this example we presume you have set
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>https://directory.apache.org/fortress/user-guide/4.3-session-permissions.html</guid>
- <description>4.3 - Session Permissions List&lt;Permission&gt; sessionPermissions( Session session ) throws SecurityException This function returns the permissions of the session, i.e., the permissions assigned to its authorized roles. The function is valid if and only if the session is a valid Fortress session.
-Parameters: session - This object must be instantiated by calling createSession(org.apache.directory.fortress.core.model.User, boolean) method before passing into the method. No variables need to be set by client after returned from createSession.</description>
+ <description>4.3 - Session Permissions List&lt;Permission&gt; sessionPermissions( Session session ) throws SecurityException This function returns the permissions of the session, i.e., the permissions assigned to its authorized roles.
+The function is valid if and only if the session is a valid Fortress session.
+Parameters:
+ session - This object must be instantiated by calling createSession(org.apache.directory.fortress.core.model.User, boolean) method before passing into the method. No variables need to be set by client after returned from createSession.</description>
</item>
<item>
@@ -2126,7 +2131,8 @@ Enforcing a strict password policy is extremely punitive to users. It may leads
<guid>https://directory.apache.org/fortress/user-guide/4.4-activate-role.html</guid>
<description>4.4 - Add Active Role void addActiveRole(Session session, UserRole role) throws SecurityException This function adds a role as an active role of a session whose owner is a given user.
-The function is valid if and only if: the user is a member of the USERS data set the role is a member of the ROLES data set the role inclusion does not violate Dynamic Separation of Duty Relationships the session is a valid Fortress session the user is authorized to that role the session is owned by that user.</description>
+The function is valid if and only if:
+ the user is a member of the USERS data set the role is a member of the ROLES data set the role inclusion does not violate Dynamic Separation of Duty Relationships the session is a valid Fortress session the user is authorized to that role the session is owned by that user Parameters:</description>
</item>
<item>
@@ -2135,7 +2141,9 @@ The function is valid if and only if: the user is a member of the USERS data set
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>https://directory.apache.org/fortress/user-guide/4.5-deactivate-role.html</guid>
- <description>4.5 - Drop Active Role void dropActiveRole(Session session, UserRole role) throws SecurityException This function deletes a role from the active role set of a session owned by a given user. The function is valid if and only if the user is a member of the USERS data set, the session object contains a valid Fortress session, the session is owned by the user, and the role is an active role of that session.</description>
+ <description>4.5 - Drop Active Role void dropActiveRole(Session session, UserRole role) throws SecurityException This function deletes a role from the active role set of a session owned by a given user.
+The function is valid if and only if:
+ the user is a member of the USERS data set the session object contains a valid Fortress session the session is owned by the user the role is an active role of that session Parameters:</description>
</item>
<item>
@@ -2144,8 +2152,11 @@ The function is valid if and only if: the user is a member of the USERS data set
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>https://directory.apache.org/fortress/user-guide/4.6-authorized-roles.html</guid>
- <description>4.6 - Authorized Roles Set&lt;String&gt; authorizedRoles(Session session) throws SecurityException This function returns the authorized roles associated with a session based on hierarchical relationships. The function is valid if and only if the session is a valid Fortress session.
-Parameters: session - object contains the user&rsquo;s returned RBAC session from the createSession method. Returns: Set containing all roles active in user&rsquo;s session. This will contain inherited roles. Throws: SecurityException - is thrown if session invalid or system.</description>
+ <description>4.6 - Authorized Roles Set&lt;String&gt; authorizedRoles(Session session) throws SecurityException This function returns the authorized roles associated with a session based on hierarchical relationships.
+The function is valid if and only if the session is a valid Fortress session.
+Parameters:
+ session - object contains the user&rsquo;s returned RBAC session from the createSession method. Returns:
+ Set containing all roles active in user&rsquo;s session. This will contain inherited roles. Throws:</description>
</item>
<item>
diff --git a/content/sitemap.xml b/content/sitemap.xml
index 59b2dbbe..5fed23cf 100644
--- a/content/sitemap.xml
+++ b/content/sitemap.xml
@@ -754,7 +754,7 @@
<url>
<loc>https://directory.apache.org/fortress/user-guide/4.1-create-session.html</loc>
- <lastmod>2022-07-25T16:08:02-05:00</lastmod>
+ <lastmod>2022-07-25T16:19:42-05:00</lastmod>
</url>
<url>
@@ -849,7 +849,7 @@
<url>
<loc>https://directory.apache.org/fortress/user-guide/4.2-check-access.html</loc>
- <lastmod>2022-07-25T16:08:02-05:00</lastmod>
+ <lastmod>2022-07-25T16:19:42-05:00</lastmod>
</url>
<url>
@@ -1039,7 +1039,7 @@
<url>
<loc>https://directory.apache.org/fortress/user-guide/4.3-session-permissions.html</loc>
- <lastmod>2022-07-25T16:08:02-05:00</lastmod>
+ <lastmod>2022-07-25T16:19:42-05:00</lastmod>
</url>
<url>
@@ -1049,17 +1049,17 @@
<url>
<loc>https://directory.apache.org/fortress/user-guide/4.4-activate-role.html</loc>
- <lastmod>2022-07-25T16:08:02-05:00</lastmod>
+ <lastmod>2022-07-25T16:19:42-05:00</lastmod>
</url>
<url>
<loc>https://directory.apache.org/fortress/user-guide/4.5-deactivate-role.html</loc>
- <lastmod>2022-07-25T16:08:02-05:00</lastmod>
+ <lastmod>2022-07-25T16:19:42-05:00</lastmod>
</url>
<url>
<loc>https://directory.apache.org/fortress/user-guide/4.6-authorized-roles.html</loc>
- <lastmod>2022-07-25T16:08:02-05:00</lastmod>
+ <lastmod>2022-07-25T16:19:42-05:00</lastmod>
</url>
<url>
@@ -1834,7 +1834,7 @@
<url>
<loc>https://directory.apache.org/fortress.html</loc>
- <lastmod>2022-07-25T16:08:02-05:00</lastmod>
+ <lastmod>2022-07-25T16:19:42-05:00</lastmod>
</url>
<url>