com.ibm.di.api.security
Class Registry
java.lang.Object
com.ibm.di.api.security.Registry
public class Registry
- extends Object
The Registry class is used by the Server API to parse the User Registry file
and hold all the user identities with their corresponding permissions. After
initialization of the Registry the Identites are accessed through the
getIdentity(String aUserID) method. From 7.0 this method also returns
Identities for userIDs which are members of groups specified in the registry.
Method Summary |
Identity |
getIdentity(String aUserID)
The method searches for Identities with userId corresponding to the
supplied parameter. |
void |
initialize(String aRegistryFileName,
RS.ConfigInstanceNamingPolicy configInstanceNamingPolicy)
Parses the User Registry file and creates a vector with all Identities
found in it with their corresponding permissions. |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Registry
public Registry()
initialize
public void initialize(String aRegistryFileName,
RS.ConfigInstanceNamingPolicy configInstanceNamingPolicy)
throws DIException
- Parses the User Registry file and creates a vector with all Identities
found in it with their corresponding permissions.
If the server API user registry encryption is turned on the file is
decrypted using the CryptoUtils class.
All the tags are read line by line. This parsing traverses the Registry
tags tree in depth and all authorization elements found are added as
corresponding vectors to their parent object.
- Parameters:
aRegistryFileName
- the full path to the user registry file nameconfigInstanceNamingPolicy
- this policy is used when parsing the tags that define which
configurations the user is authorized access to
- Throws:
DIException
- if an Exception occurs during the reading, decrypting or
parsing the file
getIdentity
public Identity getIdentity(String aUserID)
- The method searches for Identities with userId corresponding to the
supplied parameter. It distinguishes two cases: simple - when only user
name is supplied. In this case the Identity with matching userId is
returned. In the other case, when the LDAP authentication with group
support is performed, as parameter is supplied not only the user, but
also the users' groups separated by ";".The first in this sequience must
be the authenticating user. In this case new Identity is created, which
posseses all the roles assigned to the user as well to the groups in the
user registry.
- Parameters:
aUserID
- String object containing the authenticating user or the user
and the users' groups each one separated by ";" by the others.
- Returns:
- Identity object
- Since:
- 7.0