Class OpenMetadataServerSecurityConnector
java.lang.Object
org.odpi.openmetadata.frameworks.connectors.Connector
org.odpi.openmetadata.frameworks.connectors.ConnectorBase
org.odpi.openmetadata.metadatasecurity.connectors.OpenMetadataServerSecurityConnector
- All Implemented Interfaces:
AuditLoggingComponent
,SecureConnectorExtension
,VirtualConnectorExtension
- Direct Known Subclasses:
CocoPharmaServerSecurityConnector
public class OpenMetadataServerSecurityConnector
extends ConnectorBase
implements AuditLoggingComponent
OpenMetadataServerSecurityConnector provides the base class for an Open Metadata Security Connector for
a server. This connector is configured in an OMAG Configuration Document. Its default behavior
is to reject every request. It generates well-defined exceptions and audit log
messages.
Override these to define the required access for the deployment environment. The methods
in this base class can be called if access is to be denied as a way of making use of the message
logging and exceptions.
-
Nested Class Summary
Nested classes/interfaces inherited from class org.odpi.openmetadata.frameworks.connectors.ConnectorBase
ConnectorBase.ProtectedConnection
-
Field Summary
Modifier and TypeFieldDescriptionprotected AuditLog
protected String
protected String
protected String
protected final String
Fields inherited from class org.odpi.openmetadata.frameworks.connectors.ConnectorBase
connectedAssetProperties, connectionBean, connectionProperties, connectorInstanceId, embeddedConnectors, messageFormatter, secretsStoreConnectorMap
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
Free up any resources held since the connector is no longer needed.protected String
getAssetGUID
(Asset asset) Return a string representing the unique identifier for the asset.protected String
getConnectionQualifiedName
(Connection connection) Return a string representing the unique identifier for the connection.Return the component description that is used by this connector in the audit log.protected String
getInstanceGUID
(InstanceHeader instance) Return a string representing the unique identifier for a repository instance.protected void
Write an audit log message to say that the connector is stopping.protected void
Write an audit log message to say that the connector is initializing.protected String
printZoneList
(List<String> zones) Return a string representing the list of zones.setAssetZonesToDefault
(List<String> defaultZones, Asset asset) Determine the appropriate setting for the asset zones depending on the content of the asset and the default zones.void
setAuditLog
(AuditLog auditLog) Receive an audit log object that can be used to record audit log messages.void
setLocalServerUserId
(String userId) Provide the local server's userId.void
setServerName
(String serverName) Set the name of the server that this connector is supporting.setSupportedZonesForUser
(List<String> supportedZones, String serviceName, String user) Determine the appropriate setting for the supported zones depending on the user and the default supported zones set up for the service.void
start()
Indicates that the connector is completely configured and can begin processing.protected void
throwIncompleteAsset
(String userId, Asset asset, String propertyName, String methodName) Write an audit log message and throw exception to record an unauthorized access.protected void
throwMissingGlossary
(String userId, String operation, String methodName) Write an audit log message and throw exception to record an unauthorized access.protected void
throwUnauthorizedAssetAccess
(String userId, Asset asset, String methodName) Write an audit log message and throw exception to record an unauthorized access.protected void
throwUnauthorizedAssetChange
(String userId, Asset asset, String methodName) Write an audit log message and throw exception to record an unauthorized access.protected void
throwUnauthorizedAssetCreate
(String userId, Asset asset, String methodName) Write an audit log message and throw exception to record an unauthorized access.protected void
throwUnauthorizedAssetFeedback
(String userId, Asset asset, String methodName) Write an audit log message and throw exception to record an unauthorized access.protected void
throwUnauthorizedConnectionAccess
(String userId, Connection connection, String methodName) Write an audit log message and throw exception to record an unauthorized access.protected void
throwUnauthorizedGlossaryAccess
(String userId, String operation, Glossary glossary, String methodName) Write an audit log message and throw exception to record an unauthorized access.protected void
throwUnauthorizedInstanceAccess
(String userId, String instanceGUID, String typeName, String methodName) Write an audit log message and throw exception to record an unauthorized access.protected void
throwUnauthorizedInstanceChange
(String userId, String instanceGUID, String typeName, String methodName) Write an audit log message and throw exception to record an unauthorized access.protected void
throwUnauthorizedInstanceCreate
(String userId, String typeGUID, String methodName) Write an audit log message and throw exception to record an unauthorized access.protected void
throwUnauthorizedServerAccess
(String userId, String methodName) Write an audit log message and throw exception to record an unauthorized access.protected void
throwUnauthorizedServiceAccess
(String userId, String serviceName, String serviceOperationName, String methodName) Write an audit log message and throw exception to record an unauthorized access.protected void
throwUnauthorizedTypeAccess
(String userId, String typeGUID, String typeName, String methodName) Write an audit log message and throw exception to record an unauthorized access.protected void
throwUnauthorizedTypeChange
(String userId, String typeGUID, String typeName, String methodName) Write an audit log message and throw exception to record an unauthorized access.protected void
throwUnauthorizedZoneChange
(String userId, Asset asset, List<String> originalZones, List<String> newZones, String methodName) Write an audit log message and throw exception to record an unauthorized access.protected void
validateUserAsServerAdmin
(String userId) Check that the calling user is authorized to update the configuration for a server.protected void
Check that the calling user is authorized to issue operator requests to the OMAG Server.protected void
validateUserAsServerOperator
(String userId) Check that the calling user is authorized to issue operator requests to the OMAG Server.protected void
validateUserForAssetAttachmentUpdate
(String userId, Asset asset) Tests for whether a specific user should have the right to update elements attached directly to an asset such as schema and connections.protected Connection
validateUserForAssetConnectionList
(String userId, Asset asset, List<Connection> connections) Select a connection from the list of connections attached to an asset.protected void
validateUserForAssetCreate
(String userId, Asset asset) Tests for whether a specific user should have the right to create an asset within a zone.protected void
validateUserForAssetDelete
(String userId, Asset asset) Tests for whether a specific user should have the right to delete an asset within a zone.protected void
validateUserForAssetDetailUpdate
(String userId, Asset originalAsset, AssetAuditHeader originalAssetAuditHeader, Asset newAsset) Tests for whether a specific user should have the right to update an asset.protected void
validateUserForAssetFeedback
(String userId, Asset asset) Tests for whether a specific user should have the right to attach feedback - such as comments, ratings, tags and likes, to the asset.protected void
validateUserForAssetRead
(String userId, Asset asset) Tests for whether a specific user should have read access to a specific asset within a zone.protected void
validateUserForConnection
(String userId, Connection connection) Tests for whether a specific user should have access to a connection.protected void
validateUserForEntityClassificationAdd
(String userId, String metadataCollectionName, EntitySummary instance, String classificationName, InstanceProperties properties) Tests for whether a specific user should have the right to add a classification to an entity instance within a repository.protected void
validateUserForEntityClassificationDelete
(String userId, String metadataCollectionName, EntitySummary instance, String classificationName) Tests for whether a specific user should have the right to delete a classification from an entity instance within a repository.protected void
validateUserForEntityClassificationUpdate
(String userId, String metadataCollectionName, EntitySummary instance, String classificationName, InstanceProperties properties) Tests for whether a specific user should have the right to update the classification for an entity instance within a repository.protected void
validateUserForEntityCreate
(String userId, String metadataCollectionName, String entityTypeGUID, InstanceProperties initialProperties, List<Classification> initialClassifications, InstanceStatus initialStatus) Tests for whether a specific user should have the right to create an instance within a repository.protected void
validateUserForEntityDelete
(String userId, String metadataCollectionName, EntityDetail instance) Tests for whether a specific user should have the right to delete an instance within a repository.protected void
validateUserForEntityProxyRead
(String userId, String metadataCollectionName, EntityProxy instance) Tests for whether a specific user should have read access to a specific instance within a repository.protected EntityDetail
validateUserForEntityRead
(String userId, String metadataCollectionName, EntityDetail instance) Tests for whether a specific user should have read access to a specific instance within a repository.protected void
validateUserForEntityReHoming
(String userId, String metadataCollectionName, EntityDetail instance, String newHomeMetadataCollectionId, String newHomeMetadataCollectionName) Tests for whether a specific user should have the right to change the home of an instance within a repository.protected void
validateUserForEntityReIdentification
(String userId, String metadataCollectionName, EntityDetail instance, String newGUID) Tests for whether a specific user should have the right to change the guid on an instance within a repository.protected void
validateUserForEntityRestore
(String userId, String metadataCollectionName, String deletedEntityGUID) Tests for whether a specific user should have the right to restore an instance within a repository.protected void
validateUserForEntityReTyping
(String userId, String metadataCollectionName, EntityDetail instance, TypeDefSummary newTypeDefSummary) Tests for whether a specific user should have the right to change an instance's type within a repository.protected void
validateUserForEntitySummaryRead
(String userId, String metadataCollectionName, EntitySummary instance) Tests for whether a specific user should have read access to a specific instance within a repository.protected void
validateUserForEntityUpdate
(String userId, String metadataCollectionName, EntityDetail instance) Tests for whether a specific user should have the right to update an instance within a repository.protected void
validateUserForRelationshipCreate
(String userId, String metadataCollectionName, String relationshipTypeGUID, InstanceProperties initialProperties, EntitySummary entityOneSummary, EntitySummary entityTwoSummary, InstanceStatus initialStatus) Tests for whether a specific user should have the right to create an instance within a repository.protected void
validateUserForRelationshipDelete
(String userId, String metadataCollectionName, Relationship instance) Tests for whether a specific user should have the right to delete an instance within a repository.protected Relationship
validateUserForRelationshipRead
(String userId, String metadataCollectionName, Relationship instance) Tests for whether a specific user should have read access to a specific instance within a repository.protected void
validateUserForRelationshipReHoming
(String userId, String metadataCollectionName, Relationship instance, String newHomeMetadataCollectionId, String newHomeMetadataCollectionName) Tests for whether a specific user should have the right to change the home of an instance within a repository.protected void
validateUserForRelationshipReIdentification
(String userId, String metadataCollectionName, Relationship instance, String newGUID) Tests for whether a specific user should have the right to change the guid on an instance within a repository.protected void
validateUserForRelationshipRestore
(String userId, String metadataCollectionName, String deletedRelationshipGUID) Tests for whether a specific user should have the right to restore an instance within a repository.protected void
validateUserForRelationshipReTyping
(String userId, String metadataCollectionName, Relationship instance, TypeDefSummary newTypeDefSummary) Tests for whether a specific user should have the right to change an instance's type within a repository.protected void
validateUserForRelationshipUpdate
(String userId, String metadataCollectionName, Relationship instance) Tests for whether a specific user should have the right to update an instance within a repository.protected void
validateUserForServer
(String userId) Check that the calling user is authorized to issue a (any) request to the OMAG Server Platform.protected void
validateUserForService
(String userId, String serviceName) Check that the calling user is authorized to issue this request.protected void
validateUserForServiceOperation
(String userId, String serviceName, String serviceOperationName) Check that the calling user is authorized to issue this specific request.protected void
validateUserForTypeCreate
(String userId, String metadataCollectionName, AttributeTypeDef attributeTypeDef) Tests for whether a specific user should have the right to create a type within a repository.protected void
validateUserForTypeCreate
(String userId, String metadataCollectionName, TypeDef typeDef) Tests for whether a specific user should have the right to create a type within a repository.protected void
validateUserForTypeDelete
(String userId, String metadataCollectionName, AttributeTypeDef attributeTypeDef) Tests for whether a specific user should have the right to delete a type within a repository.protected void
validateUserForTypeDelete
(String userId, String metadataCollectionName, TypeDef typeDef) Tests for whether a specific user should have the right to delete a type within a repository.protected void
validateUserForTypeRead
(String userId, String metadataCollectionName, AttributeTypeDef attributeTypeDef) Tests for whether a specific user should have read access to a specific type within a repository.protected void
validateUserForTypeRead
(String userId, String metadataCollectionName, TypeDef typeDef) Tests for whether a specific user should have read access to a specific type within a repository.protected void
validateUserForTypeReIdentify
(String userId, String metadataCollectionName, AttributeTypeDef originalAttributeTypeDef, String newTypeDefGUID, String newTypeDefName) Tests for whether a specific user should have the right to change the identifiers for a type within a repository.protected void
validateUserForTypeReIdentify
(String userId, String metadataCollectionName, TypeDef originalTypeDef, String newTypeDefGUID, String newTypeDefName) Tests for whether a specific user should have the right to change the identifiers for a type within a repository.protected void
validateUserForTypeUpdate
(String userId, String metadataCollectionName, TypeDef typeDef, TypeDefPatch patch) Tests for whether a specific user should have the right to update a typeDef within a repository.verifyAssetZones
(List<String> defaultZones, List<String> supportedZones, List<String> publishZones, Asset originalAsset, Asset updatedAsset) Determine the appropriate setting for the asset zones depending on the content of the asset and the settings of both default zones and supported zones.Methods inherited from class org.odpi.openmetadata.frameworks.connectors.ConnectorBase
combineConfigurationProperties, disconnectConnectors, equals, getArrayConfigurationProperty, getAssetTypeName, getBooleanConfigurationProperty, getConnectedAssetProperties, getConnection, getConnectorInstanceId, getDateConfigurationProperty, getIntConfigurationProperty, getLongConfigurationProperty, getNetworkAddresses, getStringConfigurationProperty, getSuppliedPlaceholderProperties, hashCode, initialize, initializeConnectedAssetProperties, initializeEmbeddedConnectors, initializeSecretsStoreConnector, isActive, logExceptionRecord, logRecord, logRecord, throwMissingConfigurationProperty, throwMissingResource, throwNoAsset, throwWrongTypeOfAsset, throwWrongTypeOfResource, throwWrongTypeOfRootSchema, toString
Methods inherited from class org.odpi.openmetadata.frameworks.connectors.Connector
clearStatisticProperty, clearStatisticTimestamp, getConnectorStatistics, getStatisticCounter, getStatisticProperty, getStatisticTimestamp, incrementStatisticCounter, initializeStatisticCounter, setStatisticProperty, setStatisticTimestamp
-
Field Details
-
auditLog
-
serverName
-
localServerUserId
-
connectorName
-
unknownTypeName
- See Also:
-
-
Constructor Details
-
OpenMetadataServerSecurityConnector
public OpenMetadataServerSecurityConnector()
-
-
Method Details
-
logConnectorStarting
protected void logConnectorStarting()Write an audit log message to say that the connector is initializing. -
logConnectorDisconnecting
protected void logConnectorDisconnecting()Write an audit log message to say that the connector is stopping. -
getAssetGUID
Return a string representing the unique identifier for the asset. If the asset is null then the guid is "null", if the guid is null then the result is "null-guid".- Parameters:
asset
- asset to test- Returns:
- string identifier for messages
-
printZoneList
Return a string representing the list of zones.- Parameters:
zones
- zones to output- Returns:
- string for messages
-
getConnectionQualifiedName
Return a string representing the unique identifier for the connection. If the connection is null then the guid is "null", if the guid is null then the result is "null-name".- Parameters:
connection
- connection to test- Returns:
- string identifier for messages
-
getInstanceGUID
Return a string representing the unique identifier for a repository instance. If the instance is null then the guid is "null", if the guid is null then the result is "null-guid".- Parameters:
instance
- instance to test- Returns:
- string identifier for messages
-
throwUnauthorizedServerAccess
protected void throwUnauthorizedServerAccess(String userId, String methodName) throws UserNotAuthorizedException Write an audit log message and throw exception to record an unauthorized access.- Parameters:
userId
- calling usermethodName
- calling method- Throws:
UserNotAuthorizedException
- the authorization check failed
-
throwUnauthorizedServiceAccess
protected void throwUnauthorizedServiceAccess(String userId, String serviceName, String serviceOperationName, String methodName) throws UserNotAuthorizedException Write an audit log message and throw exception to record an unauthorized access.- Parameters:
userId
- calling userserviceName
- name of serviceserviceOperationName
- name of operationmethodName
- calling method- Throws:
UserNotAuthorizedException
- the authorization check failed
-
throwUnauthorizedTypeAccess
protected void throwUnauthorizedTypeAccess(String userId, String typeGUID, String typeName, String methodName) throws UserNotAuthorizedException Write an audit log message and throw exception to record an unauthorized access.- Parameters:
userId
- calling usertypeGUID
- uniqueId of typetypeName
- name of typemethodName
- calling method- Throws:
UserNotAuthorizedException
- the authorization check failed
-
throwUnauthorizedTypeChange
protected void throwUnauthorizedTypeChange(String userId, String typeGUID, String typeName, String methodName) throws UserNotAuthorizedException Write an audit log message and throw exception to record an unauthorized access.- Parameters:
userId
- calling usertypeGUID
- uniqueId of typetypeName
- name of typemethodName
- calling method- Throws:
UserNotAuthorizedException
- the authorization check failed
-
throwUnauthorizedInstanceCreate
protected void throwUnauthorizedInstanceCreate(String userId, String typeGUID, String methodName) throws UserNotAuthorizedException Write an audit log message and throw exception to record an unauthorized access.- Parameters:
userId
- calling usertypeGUID
- uniqueId of typemethodName
- calling method- Throws:
UserNotAuthorizedException
- the authorization check failed
-
throwUnauthorizedInstanceAccess
protected void throwUnauthorizedInstanceAccess(String userId, String instanceGUID, String typeName, String methodName) throws UserNotAuthorizedException Write an audit log message and throw exception to record an unauthorized access.- Parameters:
userId
- calling userinstanceGUID
- uniqueId of typetypeName
- name of typemethodName
- calling method- Throws:
UserNotAuthorizedException
- the authorization check failed
-
throwUnauthorizedInstanceChange
protected void throwUnauthorizedInstanceChange(String userId, String instanceGUID, String typeName, String methodName) throws UserNotAuthorizedException Write an audit log message and throw exception to record an unauthorized access.- Parameters:
userId
- calling userinstanceGUID
- uniqueId of typetypeName
- name of typemethodName
- calling method- Throws:
UserNotAuthorizedException
- the authorization check failed
-
throwUnauthorizedAssetAccess
protected void throwUnauthorizedAssetAccess(String userId, Asset asset, String methodName) throws UserNotAuthorizedException Write an audit log message and throw exception to record an unauthorized access.- Parameters:
userId
- calling userasset
- asset being accessedmethodName
- calling method- Throws:
UserNotAuthorizedException
- the authorization check failed
-
throwUnauthorizedAssetChange
protected void throwUnauthorizedAssetChange(String userId, Asset asset, String methodName) throws UserNotAuthorizedException Write an audit log message and throw exception to record an unauthorized access.- Parameters:
userId
- calling userasset
- asset being accessedmethodName
- calling method- Throws:
UserNotAuthorizedException
- the authorization check failed
-
throwUnauthorizedAssetCreate
protected void throwUnauthorizedAssetCreate(String userId, Asset asset, String methodName) throws UserNotAuthorizedException Write an audit log message and throw exception to record an unauthorized access.- Parameters:
userId
- calling userasset
- asset being accessedmethodName
- calling method- Throws:
UserNotAuthorizedException
- the authorization check failed
-
throwIncompleteAsset
protected void throwIncompleteAsset(String userId, Asset asset, String propertyName, String methodName) throws UserNotAuthorizedException Write an audit log message and throw exception to record an unauthorized access.- Parameters:
userId
- calling userasset
- asset being accessedpropertyName
- name of property that is missingmethodName
- calling method- Throws:
UserNotAuthorizedException
- the authorization check failed
-
throwUnauthorizedZoneChange
protected void throwUnauthorizedZoneChange(String userId, Asset asset, List<String> originalZones, List<String> newZones, String methodName) throws UserNotAuthorizedException Write an audit log message and throw exception to record an unauthorized access.- Parameters:
userId
- calling userasset
- asset being accessedoriginalZones
- previous value of the zone membership for the asset being accessednewZones
- new value of the zone membership for the asset being accessedmethodName
- calling method- Throws:
UserNotAuthorizedException
- the authorization check failed
-
throwUnauthorizedAssetFeedback
protected void throwUnauthorizedAssetFeedback(String userId, Asset asset, String methodName) throws UserNotAuthorizedException Write an audit log message and throw exception to record an unauthorized access.- Parameters:
userId
- calling userasset
- asset in errormethodName
- calling method- Throws:
UserNotAuthorizedException
- the user is not authorized to access this zone
-
throwUnauthorizedConnectionAccess
protected void throwUnauthorizedConnectionAccess(String userId, Connection connection, String methodName) throws UserNotAuthorizedException Write an audit log message and throw exception to record an unauthorized access.- Parameters:
userId
- calling userconnection
- connection to validatemethodName
- calling method- Throws:
UserNotAuthorizedException
- the authorization check failed
-
throwMissingGlossary
protected void throwMissingGlossary(String userId, String operation, String methodName) throws UserNotAuthorizedException Write an audit log message and throw exception to record an unauthorized access.- Parameters:
userId
- calling useroperation
- of requested operationmethodName
- calling method- Throws:
UserNotAuthorizedException
- the authorization check failed
-
throwUnauthorizedGlossaryAccess
protected void throwUnauthorizedGlossaryAccess(String userId, String operation, Glossary glossary, String methodName) throws UserNotAuthorizedException Write an audit log message and throw exception to record an unauthorized access.- Parameters:
userId
- calling useroperation
- of requested operationmethodName
- calling method- Throws:
UserNotAuthorizedException
- the authorization check failed
-
setAuditLog
Receive an audit log object that can be used to record audit log messages. The caller has initialized it with the correct component description and log destinations.- Specified by:
setAuditLog
in interfaceAuditLoggingComponent
- Parameters:
auditLog
- audit log object
-
getConnectorComponentDescription
Return the component description that is used by this connector in the audit log.- Specified by:
getConnectorComponentDescription
in interfaceAuditLoggingComponent
- Returns:
- id, name, description, wiki page URL.
-
setServerName
Set the name of the server that this connector is supporting.- Parameters:
serverName
- name of server
-
setLocalServerUserId
Provide the local server's userId. This is used for requests that originate from within the local server.- Parameters:
userId
- local server's userId
-
start
Indicates that the connector is completely configured and can begin processing.- Overrides:
start
in classConnectorBase
- Throws:
ConnectorCheckedException
- there is a problem within the connector.
-
setSupportedZonesForUser
protected List<String> setSupportedZonesForUser(List<String> supportedZones, String serviceName, String user) throws InvalidParameterException, PropertyServerException Determine the appropriate setting for the supported zones depending on the user and the default supported zones set up for the service. This is called whenever an asset is accessed.- Parameters:
supportedZones
- default setting of the supported zones for the serviceserviceName
- name of the called serviceuser
- name of the user- Returns:
- list of supported zones for the user
- Throws:
InvalidParameterException
- one of the parameter values is invalidPropertyServerException
- there is a problem calculating the zones
-
setAssetZonesToDefault
protected List<String> setAssetZonesToDefault(List<String> defaultZones, Asset asset) throws InvalidParameterException, PropertyServerException Determine the appropriate setting for the asset zones depending on the content of the asset and the default zones. This is called whenever a new asset is created. The default behavior is to use the default values, unless the zones have been explicitly set up, in which case, they are left unchanged.- Parameters:
defaultZones
- setting of the default zones for the serviceasset
- initial values for the asset- Returns:
- list of zones to set in the asset
- Throws:
InvalidParameterException
- one of the asset values is invalidPropertyServerException
- there is a problem calculating the zones
-
verifyAssetZones
protected List<String> verifyAssetZones(List<String> defaultZones, List<String> supportedZones, List<String> publishZones, Asset originalAsset, Asset updatedAsset) throws InvalidParameterException, PropertyServerException Determine the appropriate setting for the asset zones depending on the content of the asset and the settings of both default zones and supported zones. This method is called whenever an asset's values are changed. The default behavior is to keep the updated zones as they are.- Parameters:
defaultZones
- setting of the default zones for the servicesupportedZones
- setting of the supported zones for the servicepublishZones
- setting of the publishZones for the serviceoriginalAsset
- original values for the assetupdatedAsset
- updated values for the asset- Returns:
- list of zones to set in the asset
- Throws:
InvalidParameterException
- one of the asset values is invalidPropertyServerException
- there is a problem calculating the zones
-
validateUserForServer
Check that the calling user is authorized to issue a (any) request to the OMAG Server Platform.- Parameters:
userId
- calling user- Throws:
UserNotAuthorizedException
- the user is not authorized to access this function
-
validateUserAsServerAdmin
Check that the calling user is authorized to update the configuration for a server.- Parameters:
userId
- calling user- Throws:
UserNotAuthorizedException
- the user is not authorized to change configuration
-
validateUserAsServerOperator
Check that the calling user is authorized to issue operator requests to the OMAG Server.- Parameters:
userId
- calling user- Throws:
UserNotAuthorizedException
- the user is not authorized to issue operator commands to this server
-
validateUserAsServerInvestigator
Check that the calling user is authorized to issue operator requests to the OMAG Server.- Parameters:
userId
- calling user- Throws:
UserNotAuthorizedException
- the user is not authorized to issue diagnostic commands to this server
-
validateUserForService
protected void validateUserForService(String userId, String serviceName) throws UserNotAuthorizedException Check that the calling user is authorized to issue this request.- Parameters:
userId
- calling userserviceName
- name of called service- Throws:
UserNotAuthorizedException
- the user is not authorized to access this service
-
validateUserForServiceOperation
protected void validateUserForServiceOperation(String userId, String serviceName, String serviceOperationName) throws UserNotAuthorizedException Check that the calling user is authorized to issue this specific request.- Parameters:
userId
- calling userserviceName
- name of called serviceserviceOperationName
- name of called operation- Throws:
UserNotAuthorizedException
- the user is not authorized to access this service
-
validateUserForConnection
protected void validateUserForConnection(String userId, Connection connection) throws UserNotAuthorizedException Tests for whether a specific user should have access to a connection.- Parameters:
userId
- identifier of userconnection
- connection object- Throws:
UserNotAuthorizedException
- the user is not authorized to access this service
-
validateUserForAssetConnectionList
protected Connection validateUserForAssetConnectionList(String userId, Asset asset, List<Connection> connections) throws UserNotAuthorizedException Select a connection from the list of connections attached to an asset.- Parameters:
userId
- calling userasset
- asset requested by callerconnections
- list of attached connections- Returns:
- selected connection or null (pretend there are no connections attached to the asset) or
- Throws:
UserNotAuthorizedException
- the user is not authorized to access this service
-
validateUserForAssetCreate
protected void validateUserForAssetCreate(String userId, Asset asset) throws UserNotAuthorizedException Tests for whether a specific user should have the right to create an asset within a zone.- Parameters:
userId
- identifier of userasset
- asset details- Throws:
UserNotAuthorizedException
- the user is not authorized to change this asset
-
validateUserForAssetRead
protected void validateUserForAssetRead(String userId, Asset asset) throws UserNotAuthorizedException Tests for whether a specific user should have read access to a specific asset within a zone.- Parameters:
userId
- identifier of userasset
- asset to test- Throws:
UserNotAuthorizedException
- the user is not authorized to access this asset
-
validateUserForAssetDetailUpdate
protected void validateUserForAssetDetailUpdate(String userId, Asset originalAsset, AssetAuditHeader originalAssetAuditHeader, Asset newAsset) throws UserNotAuthorizedException Tests for whether a specific user should have the right to update an asset. This is used for a general asset update, which may include changes to the zones and the ownership.- Parameters:
userId
- identifier of useroriginalAsset
- original asset detailsoriginalAssetAuditHeader
- details of the asset's audit headernewAsset
- new asset details- Throws:
UserNotAuthorizedException
- the user is not authorized to change this asset
-
validateUserForAssetAttachmentUpdate
protected void validateUserForAssetAttachmentUpdate(String userId, Asset asset) throws UserNotAuthorizedException Tests for whether a specific user should have the right to update elements attached directly to an asset such as schema and connections.- Parameters:
userId
- identifier of userasset
- original asset details- Throws:
UserNotAuthorizedException
- the user is not authorized to change this asset
-
validateUserForAssetFeedback
protected void validateUserForAssetFeedback(String userId, Asset asset) throws UserNotAuthorizedException Tests for whether a specific user should have the right to attach feedback - such as comments, ratings, tags and likes, to the asset.- Parameters:
userId
- identifier of userasset
- original asset details- Throws:
UserNotAuthorizedException
- the user is not authorized to change this asset
-
validateUserForAssetDelete
protected void validateUserForAssetDelete(String userId, Asset asset) throws UserNotAuthorizedException Tests for whether a specific user should have the right to delete an asset within a zone.- Parameters:
userId
- identifier of userasset
- asset details- Throws:
UserNotAuthorizedException
- the user is not authorized to change this asset
-
validateUserForTypeCreate
protected void validateUserForTypeCreate(String userId, String metadataCollectionName, TypeDef typeDef) throws UserNotAuthorizedException Tests for whether a specific user should have the right to create a type within a repository.- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectiontypeDef
- type details- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain types
-
validateUserForTypeCreate
protected void validateUserForTypeCreate(String userId, String metadataCollectionName, AttributeTypeDef attributeTypeDef) throws UserNotAuthorizedException Tests for whether a specific user should have the right to create a type within a repository.- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectionattributeTypeDef
- type details- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain types
-
validateUserForTypeRead
protected void validateUserForTypeRead(String userId, String metadataCollectionName, TypeDef typeDef) throws UserNotAuthorizedException Tests for whether a specific user should have read access to a specific type within a repository.- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectiontypeDef
- type details- Throws:
UserNotAuthorizedException
- the user is not authorized to retrieve types
-
validateUserForTypeRead
protected void validateUserForTypeRead(String userId, String metadataCollectionName, AttributeTypeDef attributeTypeDef) throws UserNotAuthorizedException Tests for whether a specific user should have read access to a specific type within a repository.- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectionattributeTypeDef
- type details- Throws:
UserNotAuthorizedException
- the user is not authorized to retrieve types
-
validateUserForTypeUpdate
protected void validateUserForTypeUpdate(String userId, String metadataCollectionName, TypeDef typeDef, TypeDefPatch patch) throws UserNotAuthorizedException Tests for whether a specific user should have the right to update a typeDef within a repository.- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectiontypeDef
- current typeDef detailspatch
- proposed changes to type- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain types
-
validateUserForTypeDelete
protected void validateUserForTypeDelete(String userId, String metadataCollectionName, TypeDef typeDef) throws UserNotAuthorizedException Tests for whether a specific user should have the right to delete a type within a repository.- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectiontypeDef
- type details- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain types
-
validateUserForTypeDelete
protected void validateUserForTypeDelete(String userId, String metadataCollectionName, AttributeTypeDef attributeTypeDef) throws UserNotAuthorizedException Tests for whether a specific user should have the right to delete a type within a repository.- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectionattributeTypeDef
- type details- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain types
-
validateUserForTypeReIdentify
protected void validateUserForTypeReIdentify(String userId, String metadataCollectionName, TypeDef originalTypeDef, String newTypeDefGUID, String newTypeDefName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to change the identifiers for a type within a repository.- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectionoriginalTypeDef
- type detailsnewTypeDefGUID
- the new identifier for the type.newTypeDefName
- new name for this type.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain types
-
validateUserForTypeReIdentify
protected void validateUserForTypeReIdentify(String userId, String metadataCollectionName, AttributeTypeDef originalAttributeTypeDef, String newTypeDefGUID, String newTypeDefName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to change the identifiers for a type within a repository.- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectionoriginalAttributeTypeDef
- type detailsnewTypeDefGUID
- the new identifier for the type.newTypeDefName
- new name for this type.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain types
-
validateUserForEntityCreate
protected void validateUserForEntityCreate(String userId, String metadataCollectionName, String entityTypeGUID, InstanceProperties initialProperties, List<Classification> initialClassifications, InstanceStatus initialStatus) throws UserNotAuthorizedException Tests for whether a specific user should have the right to create an instance within a repository.- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectionentityTypeGUID
- unique identifier (guid) for the new entity's type.initialProperties
- initial list of properties for the new entity null means no properties.initialClassifications
- initial list of classifications for the new entity null means no classifications.initialStatus
- initial status typically DRAFT, PREPARED or ACTIVE.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForEntityRead
protected EntityDetail validateUserForEntityRead(String userId, String metadataCollectionName, EntityDetail instance) throws UserNotAuthorizedException Tests for whether a specific user should have read access to a specific instance within a repository.- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance details- Returns:
- entity to return (maybe altered by the connector)
- Throws:
UserNotAuthorizedException
- the user is not authorized to retrieve instances
-
validateUserForEntitySummaryRead
protected void validateUserForEntitySummaryRead(String userId, String metadataCollectionName, EntitySummary instance) throws UserNotAuthorizedException Tests for whether a specific user should have read access to a specific instance within a repository.- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance details- Throws:
UserNotAuthorizedException
- the user is not authorized to retrieve instances
-
validateUserForEntityProxyRead
protected void validateUserForEntityProxyRead(String userId, String metadataCollectionName, EntityProxy instance) throws UserNotAuthorizedException Tests for whether a specific user should have read access to a specific instance within a repository.- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance details- Throws:
UserNotAuthorizedException
- the user is not authorized to retrieve instances
-
validateUserForEntityUpdate
protected void validateUserForEntityUpdate(String userId, String metadataCollectionName, EntityDetail instance) throws UserNotAuthorizedException Tests for whether a specific user should have the right to update an instance within a repository.- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance details- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForEntityClassificationAdd
protected void validateUserForEntityClassificationAdd(String userId, String metadataCollectionName, EntitySummary instance, String classificationName, InstanceProperties properties) throws UserNotAuthorizedException Tests for whether a specific user should have the right to add a classification to an entity instance within a repository.- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance detailsclassificationName
- String name for the classification.properties
- list of properties for the classification.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForEntityClassificationUpdate
protected void validateUserForEntityClassificationUpdate(String userId, String metadataCollectionName, EntitySummary instance, String classificationName, InstanceProperties properties) throws UserNotAuthorizedException Tests for whether a specific user should have the right to update the classification for an entity instance within a repository.- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance detailsclassificationName
- String name for the classification.properties
- list of properties for the classification.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForEntityClassificationDelete
protected void validateUserForEntityClassificationDelete(String userId, String metadataCollectionName, EntitySummary instance, String classificationName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to delete a classification from an entity instance within a repository.- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance detailsclassificationName
- String name for the classification.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForEntityDelete
protected void validateUserForEntityDelete(String userId, String metadataCollectionName, EntityDetail instance) throws UserNotAuthorizedException Tests for whether a specific user should have the right to delete an instance within a repository.- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance details- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForEntityRestore
protected void validateUserForEntityRestore(String userId, String metadataCollectionName, String deletedEntityGUID) throws UserNotAuthorizedException Tests for whether a specific user should have the right to restore an instance within a repository.- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectiondeletedEntityGUID
- String unique identifier (guid) for the entity.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForEntityReIdentification
protected void validateUserForEntityReIdentification(String userId, String metadataCollectionName, EntityDetail instance, String newGUID) throws UserNotAuthorizedException Tests for whether a specific user should have the right to change the guid on an instance within a repository.- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance detailsnewGUID
- the new guid for the instance.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForEntityReTyping
protected void validateUserForEntityReTyping(String userId, String metadataCollectionName, EntityDetail instance, TypeDefSummary newTypeDefSummary) throws UserNotAuthorizedException Tests for whether a specific user should have the right to change an instance's type within a repository.- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance detailsnewTypeDefSummary
- details of this instance's new TypeDef.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForEntityReHoming
protected void validateUserForEntityReHoming(String userId, String metadataCollectionName, EntityDetail instance, String newHomeMetadataCollectionId, String newHomeMetadataCollectionName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to change the home of an instance within a repository.- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance detailsnewHomeMetadataCollectionId
- unique identifier for the new home metadata collection/repository.newHomeMetadataCollectionName
- display name for the new home metadata collection/repository.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForRelationshipCreate
protected void validateUserForRelationshipCreate(String userId, String metadataCollectionName, String relationshipTypeGUID, InstanceProperties initialProperties, EntitySummary entityOneSummary, EntitySummary entityTwoSummary, InstanceStatus initialStatus) throws UserNotAuthorizedException Tests for whether a specific user should have the right to create an instance within a repository.- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectionrelationshipTypeGUID
- unique identifier (guid) for the new relationship's type.initialProperties
- initial list of properties for the new entity null means no properties.entityOneSummary
- the unique identifier of one of the entities that the relationship is connecting together.entityTwoSummary
- the unique identifier of the other entity that the relationship is connecting together.initialStatus
- initial status typically DRAFT, PREPARED or ACTIVE.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForRelationshipRead
protected Relationship validateUserForRelationshipRead(String userId, String metadataCollectionName, Relationship instance) throws UserNotAuthorizedException Tests for whether a specific user should have read access to a specific instance within a repository.- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance details- Returns:
- relationship
- Throws:
UserNotAuthorizedException
- the user is not authorized to retrieve instances
-
validateUserForRelationshipUpdate
protected void validateUserForRelationshipUpdate(String userId, String metadataCollectionName, Relationship instance) throws UserNotAuthorizedException Tests for whether a specific user should have the right to update an instance within a repository.- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance details- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForRelationshipDelete
protected void validateUserForRelationshipDelete(String userId, String metadataCollectionName, Relationship instance) throws UserNotAuthorizedException Tests for whether a specific user should have the right to delete an instance within a repository.- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance details- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForRelationshipRestore
protected void validateUserForRelationshipRestore(String userId, String metadataCollectionName, String deletedRelationshipGUID) throws UserNotAuthorizedException Tests for whether a specific user should have the right to restore an instance within a repository.- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectiondeletedRelationshipGUID
- String unique identifier (guid) for the relationship.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForRelationshipReIdentification
protected void validateUserForRelationshipReIdentification(String userId, String metadataCollectionName, Relationship instance, String newGUID) throws UserNotAuthorizedException Tests for whether a specific user should have the right to change the guid on an instance within a repository.- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance detailsnewGUID
- the new guid for the instance.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForRelationshipReTyping
protected void validateUserForRelationshipReTyping(String userId, String metadataCollectionName, Relationship instance, TypeDefSummary newTypeDefSummary) throws UserNotAuthorizedException Tests for whether a specific user should have the right to change an instance's type within a repository.- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance detailsnewTypeDefSummary
- details of this instance's new TypeDef.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
validateUserForRelationshipReHoming
protected void validateUserForRelationshipReHoming(String userId, String metadataCollectionName, Relationship instance, String newHomeMetadataCollectionId, String newHomeMetadataCollectionName) throws UserNotAuthorizedException Tests for whether a specific user should have the right to change the home of an instance within a repository.- Parameters:
userId
- identifier of usermetadataCollectionName
- configurable name of the metadata collectioninstance
- instance detailsnewHomeMetadataCollectionId
- unique identifier for the new home metadata collection/repository.newHomeMetadataCollectionName
- display name for the new home metadata collection/repository.- Throws:
UserNotAuthorizedException
- the user is not authorized to maintain instances
-
disconnect
Free up any resources held since the connector is no longer needed.- Overrides:
disconnect
in classConnectorBase
- Throws:
ConnectorCheckedException
- there is a problem within the connector.
-