Package org.odpi.openmetadata.metadatasecurity.server

Class OpenMetadataServerSecurityVerifier

java.lang.Object

org.odpi.openmetadata.metadatasecurity.server.OpenMetadataServerSecurityVerifier

All Implemented Interfaces:

OpenMetadataServerSecurity, OpenMetadataServiceSecurity, OpenMetadataRepositorySecurity, OpenMetadataEventsSecurity

public class OpenMetadataServerSecurityVerifier
extends Object
implements OpenMetadataRepositorySecurity, OpenMetadataEventsSecurity, OpenMetadataServerSecurity, OpenMetadataServiceSecurity

OpenMetadataServerSecurityVerifier provides the plug-in point for the open metadata server connector. It supports the same security interfaces, and handles the fact that the security connector is optional.

Field Summary

Fields

Modifier and Type	Field	Description
static final String	SEVERITY_LEVEL_IDENTIFIER_PROPERTY_NAME

Constructor Summary

Constructors

Constructor	Description
OpenMetadataServerSecurityVerifier()	Default constructor

Method Summary

Modifier and Type	Method	Description
void	registerSecurityValidator(String localServerUserId, String serverName, AuditLog auditLog, Connection connection)	Register an open metadata server security connector to verify access to the server's services.
EntityDetail	selectConnection(String userId, EntityDetail assetEntity, List<EntityDetail> connectionEntities, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName)	Use the security connector to make a choice on which connection to supply to the requesting user.
boolean	validateEntityReferenceCopySave(EntityDetail instance)	Tests for whether a reference copy should be saved to the repository.
OMRSInstanceEvent	validateInboundEvent(String cohortName, OMRSInstanceEvent event)	Validate whether an event received from another member of the cohort should be processed by this server.
OMRSInstanceEvent	validateOutboundEvent(String cohortName, OMRSInstanceEvent event)	Validate whether an event should be sent to the other members of the cohort by this server.
boolean	validateRelationshipReferenceCopySave(Relationship instance)	Tests for whether a reference copy should be saved to the repository.
void	validateUserAsServerAdmin(String userId)	Check that the calling user is authorized to update the configuration for a server.
void	validateUserAsServerInvestigator(String userId)	Check that the calling user is authorized to issue operator requests to the OMAG Server.
void	validateUserAsServerOperator(String userId)	Check that the calling user is authorized to issue operator requests to the OMAG Server.
void	validateUserForAssetAttachment(String userId, String assetGUID, String assetGUIDParameterName, EntityDetail assetEntity, boolean isFeedback, boolean isUpdate, List<String> suppliedSupportedZones, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName)	Validate that the user is able to perform the requested action on an attachment.
void	validateUserForAssetCreate(String userId, String entityTypeGUID, String entityTypeName, InstanceProperties newProperties, List<Classification> classifications, InstanceStatus instanceStatus, List<String> defaultZones, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName)	Tests for whether a specific user should have the right to create an asset within a zone.
void	validateUserForAssetDelete(String userId, EntityDetail assetEntity, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName)	Tests for whether a specific user should have the right to delete an asset.
void	validateUserForAssetRead(String userId, String assetGUID, String assetGUIDParameterName, EntityDetail assetEntity, List<String> suppliedSupportedZones, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName)	Validate that the user is able to perform the requested action on an attachment.
void	validateUserForAssetUpdate(String userId, EntityDetail originalAssetEntity, InstanceProperties updatedAssetProperties, InstanceStatus newInstanceStatus, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName)	Validate that the user is able to perform the requested action on an attachment.
void	validateUserForConnection(String userId, Connection connection)	Tests for whether a specific user should have access to a connection.
void	validateUserForConnection(String userId, EntityDetail entity, OMRSRepositoryHelper repositoryHelper, String serviceName, String methodName)	Validate that the user is able to retrieve the requested connection.
void	validateUserForEntityClassificationAdd(String userId, String metadataCollectionName, EntitySummary instance, String classificationName, InstanceProperties properties)	Tests for whether a specific user should have the right to add a classification to an entity instance within a repository.
void	validateUserForEntityClassificationDelete(String userId, String metadataCollectionName, EntitySummary instance, String classificationName)	Tests for whether a specific user should have the right to delete a classification from an entity instance within a repository.
void	validateUserForEntityClassificationUpdate(String userId, String metadataCollectionName, EntitySummary instance, String classificationName, InstanceProperties properties)	Tests for whether a specific user should have the right to update the classification for an entity instance within a repository.
void	validateUserForEntityCreate(String userId, String metadataCollectionName, String entityTypeGUID, InstanceProperties initialProperties, List<Classification> initialClassifications, InstanceStatus initialStatus)	Tests for whether a specific user should have the right to create an instance within a repository.
void	validateUserForEntityDelete(String userId, String metadataCollectionName, EntityDetail instance)	Tests for whether a specific user should have the right to delete an instance within a repository.
void	validateUserForEntityProxyRead(String userId, String metadataCollectionName, EntityProxy instance)	Tests for whether a specific user should have read access to a specific instance within a repository.
EntityDetail	validateUserForEntityRead(String userId, String metadataCollectionName, EntityDetail instance)	Tests for whether a specific user should have read access to a specific instance within a repository.
void	validateUserForEntityReHoming(String userId, String metadataCollectionName, EntityDetail instance, String newHomeMetadataCollectionId, String newHomeMetadataCollectionName)	Tests for whether a specific user should have the right to change the home of an instance within a repository.
void	validateUserForEntityReIdentification(String userId, String metadataCollectionName, EntityDetail instance, String newGUID)	Tests for whether a specific user should have the right to change the guid on an instance within a repository.
void	validateUserForEntityRestore(String userId, String metadataCollectionName, String deletedEntityGUID)	Tests for whether a specific user should have the right to delete an instance within a repository.
void	validateUserForEntityReTyping(String userId, String metadataCollectionName, EntityDetail instance, TypeDefSummary newTypeDefSummary)	Tests for whether a specific user should have the right to change an instance's type within a repository.
void	validateUserForEntitySummaryRead(String userId, String metadataCollectionName, EntitySummary instance)	Tests for whether a specific user should have read access to a specific instance within a repository.
void	validateUserForEntityUpdate(String userId, String metadataCollectionName, EntityDetail instance)	Tests for whether a specific user should have the right to update an instance within a repository.
void	validateUserForRelationshipCreate(String userId, String metadataCollectionName, String relationshipTypeGUID, InstanceProperties initialProperties, EntitySummary entityOneSummary, EntitySummary entityTwoSummary, InstanceStatus initialStatus)	Tests for whether a specific user should have the right to create an instance within a repository.
void	validateUserForRelationshipDelete(String userId, String metadataCollectionName, Relationship instance)	Tests for whether a specific user should have the right to delete an instance within a repository.
Relationship	validateUserForRelationshipRead(String userId, String metadataCollectionName, Relationship instance)	Tests for whether a specific user should have read access to a specific instance within a repository.
void	validateUserForRelationshipReHoming(String userId, String metadataCollectionName, Relationship instance, String newHomeMetadataCollectionId, String newHomeMetadataCollectionName)	Tests for whether a specific user should have the right to change the home of an instance within a repository.
void	validateUserForRelationshipReIdentification(String userId, String metadataCollectionName, Relationship instance, String newGUID)	Tests for whether a specific user should have the right to change the guid on an instance within a repository.
void	validateUserForRelationshipRestore(String userId, String metadataCollectionName, String deletedRelationshipGUID)	Tests for whether a specific user should have the right to delete an instance within a repository.
void	validateUserForRelationshipReTyping(String userId, String metadataCollectionName, Relationship instance, TypeDefSummary newTypeDefSummary)	Tests for whether a specific user should have the right to change an instance's type within a repository.
void	validateUserForRelationshipUpdate(String userId, String metadataCollectionName, Relationship instance)	Tests for whether a specific user should have the right to update an instance within a repository.
void	validateUserForServer(String userId)	Check that the calling user is authorized to issue a (any) request to the OMAG Server Platform.
void	validateUserForService(String userId, String serviceName)	Check that the calling user is authorized to issue this request.
void	validateUserForServiceOperation(String userId, String serviceName, String serviceOperationName)	Check that the calling user is authorized to issue this specific request.
void	validateUserForTypeCreate(String userId, String metadataCollectionName, AttributeTypeDef attributeTypeDef)	Tests for whether a specific user should have the right to create a type within a repository.
void	validateUserForTypeCreate(String userId, String metadataCollectionName, TypeDef typeDef)	Tests for whether a specific user should have the right to create a type within a repository.
void	validateUserForTypeDelete(String userId, String metadataCollectionName, AttributeTypeDef attributeTypeDef)	Tests for whether a specific user should have the right to delete a type within a repository.
void	validateUserForTypeDelete(String userId, String metadataCollectionName, TypeDef typeDef)	Tests for whether a specific user should have the right to delete a type within a repository.
void	validateUserForTypeRead(String userId, String metadataCollectionName, AttributeTypeDef attributeTypeDef)	Tests for whether a specific user should have read access to a specific type within a repository.
void	validateUserForTypeRead(String userId, String metadataCollectionName, TypeDef typeDef)	Tests for whether a specific user should have read access to a specific type within a repository.
void	validateUserForTypeReIdentify(String userId, String metadataCollectionName, AttributeTypeDef originalAttributeTypeDef, String newTypeDefGUID, String newTypeDefName)	Tests for whether a specific user should have the right to change the identifiers for a type within a repository.
void	validateUserForTypeReIdentify(String userId, String metadataCollectionName, TypeDef originalTypeDef, String newTypeDefGUID, String newTypeDefName)	Tests for whether a specific user should have the right to change the identifiers for a type within a repository.
void	validateUserForTypeUpdate(String userId, String metadataCollectionName, TypeDef typeDef, TypeDefPatch patch)	Tests for whether a specific user should have the right to update a type within a repository.
List<String>	verifyAssetZones(List<String> defaultZones, List<String> supportedZones, List<String> publishZones, Asset originalAsset, Asset updatedAsset)	Determine the appropriate setting for the asset zones depending on the content of the asset and the settings of both default zones and supported zones.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

SEVERITY_LEVEL_IDENTIFIER_PROPERTY_NAME

public static final String SEVERITY_LEVEL_IDENTIFIER_PROPERTY_NAME

See Also:

• Constant Field Values

Constructor Details

OpenMetadataServerSecurityVerifier

public OpenMetadataServerSecurityVerifier()

Default constructor

Method Details

registerSecurityValidator

public void registerSecurityValidator(String localServerUserId,
 String serverName,
 AuditLog auditLog,
 Connection connection)
                               throws InvalidParameterException

Register an open metadata server security connector to verify access to the server's services.

Parameters:

localServerUserId - local server's userId

serverName - local server's name

auditLog - logging destination

connection - properties used to create the connector

Throws:

InvalidParameterException - the connection is invalid

verifyAssetZones

public List<String> verifyAssetZones(List<String> defaultZones,
 List<String> supportedZones,
 List<String> publishZones,
 Asset originalAsset,
 Asset updatedAsset)
                              throws InvalidParameterException,
PropertyServerException

Determine the appropriate setting for the asset zones depending on the content of the asset and the settings of both default zones and supported zones. This method is called whenever an asset's values are changed. The default behavior is to keep the updated zones as they are.

Parameters:

defaultZones - setting of the default zones for the service

supportedZones - setting of the supported zones for the service

publishZones - setting of the zones that are set when an asset is published for the service

originalAsset - original values for the asset

updatedAsset - updated values for the asset

Returns:

list of zones to set in the asset

Throws:

InvalidParameterException - one of the asset values is invalid

PropertyServerException - there is a problem calculating the zones

validateUserForConnection

public void validateUserForConnection(String userId,
 EntityDetail entity,
 OMRSRepositoryHelper repositoryHelper,
 String serviceName,
 String methodName)
                               throws UserNotAuthorizedException

Validate that the user is able to retrieve the requested connection.

Parameters:

userId - calling user

entity - entity storing the connection's properties

repositoryHelper - for working with OMRS objects

serviceName - calling service

methodName - calling method

Throws:

UserNotAuthorizedException - user not authorized to access this connection

selectConnection

public EntityDetail selectConnection(String userId,
 EntityDetail assetEntity,
 List<EntityDetail> connectionEntities,
 OMRSRepositoryHelper repositoryHelper,
 String serviceName,
 String methodName)
                              throws UserNotAuthorizedException,
PropertyServerException

Use the security connector to make a choice on which connection to supply to the requesting user.

Parameters:

userId - calling userId

assetEntity - associated asset - may be null

connectionEntities - list of retrieved connections

repositoryHelper - for working with OMRS objects

serviceName - calling service

methodName - calling method

Returns:

single connection entity, or null

Throws:

UserNotAuthorizedException - the user is not able to use any of the connections

PropertyServerException - unable to reduce the number of connections to

validateUserForServer

public void validateUserForServer(String userId)
                           throws UserNotAuthorizedException

Check that the calling user is authorized to issue a (any) request to the OMAG Server Platform.

Specified by:

validateUserForServer in interface OpenMetadataServerSecurity

Parameters:

userId - calling user

Throws:

UserNotAuthorizedException - the user is not authorized to access this function

validateUserAsServerAdmin

public void validateUserAsServerAdmin(String userId)
                               throws UserNotAuthorizedException

Check that the calling user is authorized to update the configuration for a server.

Specified by:

validateUserAsServerAdmin in interface OpenMetadataServerSecurity

Parameters:

userId - calling user

Throws:

UserNotAuthorizedException - the user is not authorized to change configuration

validateUserAsServerOperator

public void validateUserAsServerOperator(String userId)
                                  throws UserNotAuthorizedException

Check that the calling user is authorized to issue operator requests to the OMAG Server.

Specified by:

validateUserAsServerOperator in interface OpenMetadataServerSecurity

Parameters:

userId - calling user

Throws:

UserNotAuthorizedException - the user is not authorized to issue operator commands to this server

validateUserAsServerInvestigator

public void validateUserAsServerInvestigator(String userId)
                                      throws UserNotAuthorizedException

Check that the calling user is authorized to issue operator requests to the OMAG Server.

Specified by:

validateUserAsServerInvestigator in interface OpenMetadataServerSecurity

Parameters:

userId - calling user

Throws:

UserNotAuthorizedException - the user is not authorized to issue diagnostic commands to this server

validateUserForService

public void validateUserForService(String userId,
 String serviceName)
                            throws UserNotAuthorizedException

Check that the calling user is authorized to issue this request.

Specified by:

validateUserForService in interface OpenMetadataServiceSecurity

Parameters:

userId - calling user

serviceName - name of called service

Throws:

UserNotAuthorizedException - the user is not authorized to access this service

validateUserForServiceOperation

public void validateUserForServiceOperation(String userId,
 String serviceName,
 String serviceOperationName)
                                     throws UserNotAuthorizedException

Check that the calling user is authorized to issue this specific request.

Specified by:

validateUserForServiceOperation in interface OpenMetadataServiceSecurity

Parameters:

userId - calling user

serviceName - name of called service

serviceOperationName - name of called operation

Throws:

UserNotAuthorizedException - the user is not authorized to access this service

validateUserForConnection

public void validateUserForConnection(String userId,
 Connection connection)
                               throws UserNotAuthorizedException

Tests for whether a specific user should have access to a connection.

Parameters:

userId - identifier of user

connection - connection object

Throws:

UserNotAuthorizedException - the user is not authorized to access this service

validateUserForAssetCreate

public void validateUserForAssetCreate(String userId,
 String entityTypeGUID,
 String entityTypeName,
 InstanceProperties newProperties,
 List<Classification> classifications,
 InstanceStatus instanceStatus,
 List<String> defaultZones,
 OMRSRepositoryHelper repositoryHelper,
 String serviceName,
 String methodName)
                                throws UserNotAuthorizedException,
InvalidParameterException,
PropertyServerException

Tests for whether a specific user should have the right to create an asset within a zone.

Parameters:

userId - identifier of user

entityTypeGUID - unique identifier of the type of entity to create

entityTypeName - unique name of the type of entity to create

newProperties - properties for new entity

classifications - classifications for new entity

instanceStatus - status for new entity

defaultZones - initial setting of the asset's zone membership

repositoryHelper - manipulates repository service objects

serviceName - calling service

methodName - calling method

Throws:

UserNotAuthorizedException - the user is not authorized to access this zone

InvalidParameterException - Something wrong with the supplied parameters

PropertyServerException - logic error because classification type not recognized

validateUserForAssetRead

public void validateUserForAssetRead(String userId,
 String assetGUID,
 String assetGUIDParameterName,
 EntityDetail assetEntity,
 List<String> suppliedSupportedZones,
 OMRSRepositoryHelper repositoryHelper,
 String serviceName,
 String methodName)
                              throws InvalidParameterException,
PropertyServerException,
UserNotAuthorizedException

Validate that the user is able to perform the requested action on an attachment. This method should be used by the other handlers to verify whether the element they are working with is attached to a visible asset (ie is a member of one of the supported zones) that can be operated on by the calling user.

Parameters:

userId - calling user

assetGUID - unique identifier of the asset

assetGUIDParameterName - name of parameter supplying the assetGUID

assetEntity - entity storing the asset's properties

suppliedSupportedZones - list of supported zones from the caller.

repositoryHelper - helper for OMRS objects

serviceName - calling service

methodName - calling method

Throws:

InvalidParameterException - the bean properties are invalid

UserNotAuthorizedException - user not authorized to issue this request

PropertyServerException - problem accessing the property server

validateUserForAssetAttachment

public void validateUserForAssetAttachment(String userId,
 String assetGUID,
 String assetGUIDParameterName,
 EntityDetail assetEntity,
 boolean isFeedback,
 boolean isUpdate,
 List<String> suppliedSupportedZones,
 OMRSRepositoryHelper repositoryHelper,
 String serviceName,
 String methodName)
                                    throws InvalidParameterException,
PropertyServerException,
UserNotAuthorizedException

Validate that the user is able to perform the requested action on an attachment. This method should be used by the other handlers to verify whether the element they are working with is attached to a visible asset (ie is a member of one of the supported zones) that can be operated on by the calling user.

Parameters:

userId - calling user

assetGUID - unique identifier of the asset

assetGUIDParameterName - name of parameter supplying the assetGUID

assetEntity - entity storing the root of the asset

isFeedback - is this request related to a feedback element (comment, like, rating) or an attachment

isUpdate - is this an update request?

suppliedSupportedZones - list of supported zones from the caller.

repositoryHelper - works with OMRS objects

serviceName - calling service

methodName - calling method

Throws:

InvalidParameterException - the bean properties are invalid

UserNotAuthorizedException - user not authorized to issue this request

PropertyServerException - problem accessing the property server

validateUserForAssetUpdate

public void validateUserForAssetUpdate(String userId,
 EntityDetail originalAssetEntity,
 InstanceProperties updatedAssetProperties,
 InstanceStatus newInstanceStatus,
 OMRSRepositoryHelper repositoryHelper,
 String serviceName,
 String methodName)
                                throws UserNotAuthorizedException

Validate that the user is able to perform the requested action on an attachment. This method should be used by the other handlers to verify whether the element they are working with is attached to a visible asset (ie is a member of one of the supported zones) that can be operated on by the calling user.

Parameters:

userId - calling user

originalAssetEntity - entity storing the current asset

updatedAssetProperties - properties after the update has completed

newInstanceStatus - status of the entity once the update is complete

repositoryHelper - works with OMRS objects

serviceName - calling service

methodName - calling method

Throws:

UserNotAuthorizedException - user not authorized to issue this request

validateUserForAssetDelete

public void validateUserForAssetDelete(String userId,
 EntityDetail assetEntity,
 OMRSRepositoryHelper repositoryHelper,
 String serviceName,
 String methodName)
                                throws InvalidParameterException,
PropertyServerException,
UserNotAuthorizedException

Tests for whether a specific user should have the right to delete an asset.

Parameters:

userId - calling user

assetEntity - entity storing the asset's properties

repositoryHelper - helper for OMRS objects

serviceName - calling service

methodName - calling method

Throws:

InvalidParameterException - the bean properties are invalid

UserNotAuthorizedException - user not authorized to issue this request

PropertyServerException - problem accessing the property server

validateUserForTypeCreate

public void validateUserForTypeCreate(String userId,
 String metadataCollectionName,
 TypeDef typeDef)
                               throws UserNotAuthorizedException

Tests for whether a specific user should have the right to create a type within a repository.

Specified by:

validateUserForTypeCreate in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

typeDef - type details

Throws:

UserNotAuthorizedException - the user is not authorized to maintain types

validateUserForTypeCreate

public void validateUserForTypeCreate(String userId,
 String metadataCollectionName,
 AttributeTypeDef attributeTypeDef)
                               throws UserNotAuthorizedException

Tests for whether a specific user should have the right to create a type within a repository.

Specified by:

validateUserForTypeCreate in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

attributeTypeDef - type details

Throws:

UserNotAuthorizedException - the user is not authorized to maintain types

validateUserForTypeRead

public void validateUserForTypeRead(String userId,
 String metadataCollectionName,
 TypeDef typeDef)
                             throws UserNotAuthorizedException

Tests for whether a specific user should have read access to a specific type within a repository.

Specified by:

validateUserForTypeRead in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

typeDef - type details

Throws:

UserNotAuthorizedException - the user is not authorized to retrieve types

validateUserForTypeRead

public void validateUserForTypeRead(String userId,
 String metadataCollectionName,
 AttributeTypeDef attributeTypeDef)
                             throws UserNotAuthorizedException

Tests for whether a specific user should have read access to a specific type within a repository.

Specified by:

validateUserForTypeRead in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

attributeTypeDef - type details

Throws:

UserNotAuthorizedException - the user is not authorized to retrieve types

validateUserForTypeUpdate

public void validateUserForTypeUpdate(String userId,
 String metadataCollectionName,
 TypeDef typeDef,
 TypeDefPatch patch)
                               throws UserNotAuthorizedException

Tests for whether a specific user should have the right to update a type within a repository.

Specified by:

validateUserForTypeUpdate in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

typeDef - type details

patch - changes to the type

Throws:

UserNotAuthorizedException - the user is not authorized to maintain types

validateUserForTypeDelete

public void validateUserForTypeDelete(String userId,
 String metadataCollectionName,
 TypeDef typeDef)
                               throws UserNotAuthorizedException

Tests for whether a specific user should have the right to delete a type within a repository.

Specified by:

validateUserForTypeDelete in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

typeDef - type details

Throws:

UserNotAuthorizedException - the user is not authorized to maintain types

validateUserForTypeDelete

public void validateUserForTypeDelete(String userId,
 String metadataCollectionName,
 AttributeTypeDef attributeTypeDef)
                               throws UserNotAuthorizedException

Tests for whether a specific user should have the right to delete a type within a repository.

Specified by:

validateUserForTypeDelete in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

attributeTypeDef - type details

Throws:

UserNotAuthorizedException - the user is not authorized to maintain types

validateUserForTypeReIdentify

public void validateUserForTypeReIdentify(String userId,
 String metadataCollectionName,
 TypeDef originalTypeDef,
 String newTypeDefGUID,
 String newTypeDefName)
                                   throws UserNotAuthorizedException

Tests for whether a specific user should have the right to change the identifiers for a type within a repository.

Specified by:

validateUserForTypeReIdentify in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

originalTypeDef - type details

newTypeDefGUID - the new identifier for the type.

newTypeDefName - new name for this type.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain types

validateUserForTypeReIdentify

public void validateUserForTypeReIdentify(String userId,
 String metadataCollectionName,
 AttributeTypeDef originalAttributeTypeDef,
 String newTypeDefGUID,
 String newTypeDefName)
                                   throws UserNotAuthorizedException

Tests for whether a specific user should have the right to change the identifiers for a type within a repository.

Specified by:

validateUserForTypeReIdentify in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

originalAttributeTypeDef - type details

newTypeDefGUID - the new identifier for the type.

newTypeDefName - new name for this type.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain types

validateUserForEntityCreate

public void validateUserForEntityCreate(String userId,
 String metadataCollectionName,
 String entityTypeGUID,
 InstanceProperties initialProperties,
 List<Classification> initialClassifications,
 InstanceStatus initialStatus)
                                 throws UserNotAuthorizedException

Tests for whether a specific user should have the right to create an instance within a repository.

Specified by:

validateUserForEntityCreate in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

entityTypeGUID - unique identifier (guid) for the new entity's type.

initialProperties - initial list of properties for the new entity null means no properties.

initialClassifications - initial list of classifications for the new entity null means no classifications.

initialStatus - initial status typically DRAFT, PREPARED or ACTIVE.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForEntityRead

public EntityDetail validateUserForEntityRead(String userId,
 String metadataCollectionName,
 EntityDetail instance)
                                       throws UserNotAuthorizedException

Tests for whether a specific user should have read access to a specific instance within a repository.

Specified by:

validateUserForEntityRead in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

Returns:

entity to return (maybe altered by the connector)

Throws:

UserNotAuthorizedException - the user is not authorized to retrieve instances

validateUserForEntitySummaryRead

public void validateUserForEntitySummaryRead(String userId,
 String metadataCollectionName,
 EntitySummary instance)
                                      throws UserNotAuthorizedException

Tests for whether a specific user should have read access to a specific instance within a repository.

Specified by:

validateUserForEntitySummaryRead in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

Throws:

UserNotAuthorizedException - the user is not authorized to retrieve instances

validateUserForEntityProxyRead

public void validateUserForEntityProxyRead(String userId,
 String metadataCollectionName,
 EntityProxy instance)
                                    throws UserNotAuthorizedException

Tests for whether a specific user should have read access to a specific instance within a repository.

Specified by:

validateUserForEntityProxyRead in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

Throws:

UserNotAuthorizedException - the user is not authorized to retrieve instances

validateUserForEntityUpdate

public void validateUserForEntityUpdate(String userId,
 String metadataCollectionName,
 EntityDetail instance)
                                 throws UserNotAuthorizedException

Tests for whether a specific user should have the right to update an instance within a repository.

Specified by:

validateUserForEntityUpdate in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForEntityClassificationAdd

public void validateUserForEntityClassificationAdd(String userId,
 String metadataCollectionName,
 EntitySummary instance,
 String classificationName,
 InstanceProperties properties)
                                            throws UserNotAuthorizedException

Tests for whether a specific user should have the right to add a classification to an entity instance within a repository.

Specified by:

validateUserForEntityClassificationAdd in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

classificationName - String name for the classification.

properties - list of properties for the classification.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForEntityClassificationUpdate

public void validateUserForEntityClassificationUpdate(String userId,
 String metadataCollectionName,
 EntitySummary instance,
 String classificationName,
 InstanceProperties properties)
                                               throws UserNotAuthorizedException

Tests for whether a specific user should have the right to update the classification for an entity instance within a repository.

Specified by:

validateUserForEntityClassificationUpdate in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

classificationName - String name for the classification.

properties - list of properties for the classification.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForEntityClassificationDelete

public void validateUserForEntityClassificationDelete(String userId,
 String metadataCollectionName,
 EntitySummary instance,
 String classificationName)
                                               throws UserNotAuthorizedException

Tests for whether a specific user should have the right to delete a classification from an entity instance within a repository.

Specified by:

validateUserForEntityClassificationDelete in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

classificationName - String name for the classification.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForEntityDelete

public void validateUserForEntityDelete(String userId,
 String metadataCollectionName,
 EntityDetail instance)
                                 throws UserNotAuthorizedException

Tests for whether a specific user should have the right to delete an instance within a repository.

Specified by:

validateUserForEntityDelete in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForEntityRestore

public void validateUserForEntityRestore(String userId,
 String metadataCollectionName,
 String deletedEntityGUID)
                                  throws UserNotAuthorizedException

Tests for whether a specific user should have the right to delete an instance within a repository.

Specified by:

validateUserForEntityRestore in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

deletedEntityGUID - String unique identifier (guid) for the entity.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForEntityReIdentification

public void validateUserForEntityReIdentification(String userId,
 String metadataCollectionName,
 EntityDetail instance,
 String newGUID)
                                           throws UserNotAuthorizedException

Tests for whether a specific user should have the right to change the guid on an instance within a repository.

Specified by:

validateUserForEntityReIdentification in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

newGUID - the new guid for the instance.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForEntityReTyping

public void validateUserForEntityReTyping(String userId,
 String metadataCollectionName,
 EntityDetail instance,
 TypeDefSummary newTypeDefSummary)
                                   throws UserNotAuthorizedException

Tests for whether a specific user should have the right to change an instance's type within a repository.

Specified by:

validateUserForEntityReTyping in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

newTypeDefSummary - details of this instance's new TypeDef.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForEntityReHoming

public void validateUserForEntityReHoming(String userId,
 String metadataCollectionName,
 EntityDetail instance,
 String newHomeMetadataCollectionId,
 String newHomeMetadataCollectionName)
                                   throws UserNotAuthorizedException

Tests for whether a specific user should have the right to change the home of an instance within a repository.

Specified by:

validateUserForEntityReHoming in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

newHomeMetadataCollectionId - unique identifier for the new home metadata collection/repository.

newHomeMetadataCollectionName - display name for the new home metadata collection/repository.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForRelationshipCreate

public void validateUserForRelationshipCreate(String userId,
 String metadataCollectionName,
 String relationshipTypeGUID,
 InstanceProperties initialProperties,
 EntitySummary entityOneSummary,
 EntitySummary entityTwoSummary,
 InstanceStatus initialStatus)
                                       throws UserNotAuthorizedException

Tests for whether a specific user should have the right to create an instance within a repository.

Specified by:

validateUserForRelationshipCreate in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

relationshipTypeGUID - unique identifier (guid) for the new relationship's type.

initialProperties - initial list of properties for the new entity null means no properties.

entityOneSummary - the unique identifier of one of the entities that the relationship is connecting together.

entityTwoSummary - the unique identifier of the other entity that the relationship is connecting together.

initialStatus - initial status typically DRAFT, PREPARED or ACTIVE.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForRelationshipRead

public Relationship validateUserForRelationshipRead(String userId,
 String metadataCollectionName,
 Relationship instance)
                                             throws UserNotAuthorizedException

Tests for whether a specific user should have read access to a specific instance within a repository.

Specified by:

validateUserForRelationshipRead in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

Returns:

relationship to return (maybe altered by the connector)

Throws:

UserNotAuthorizedException - the user is not authorized to retrieve instances

validateUserForRelationshipUpdate

public void validateUserForRelationshipUpdate(String userId,
 String metadataCollectionName,
 Relationship instance)
                                       throws UserNotAuthorizedException

Tests for whether a specific user should have the right to update an instance within a repository.

Specified by:

validateUserForRelationshipUpdate in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForRelationshipDelete

public void validateUserForRelationshipDelete(String userId,
 String metadataCollectionName,
 Relationship instance)
                                       throws UserNotAuthorizedException

Tests for whether a specific user should have the right to delete an instance within a repository.

Specified by:

validateUserForRelationshipDelete in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForRelationshipRestore

public void validateUserForRelationshipRestore(String userId,
 String metadataCollectionName,
 String deletedRelationshipGUID)
                                        throws UserNotAuthorizedException

Tests for whether a specific user should have the right to delete an instance within a repository.

Specified by:

validateUserForRelationshipRestore in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

deletedRelationshipGUID - String unique identifier (guid) for the relationship.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForRelationshipReIdentification

public void validateUserForRelationshipReIdentification(String userId,
 String metadataCollectionName,
 Relationship instance,
 String newGUID)
                                                 throws UserNotAuthorizedException

Tests for whether a specific user should have the right to change the guid on an instance within a repository.

Specified by:

validateUserForRelationshipReIdentification in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

newGUID - the new guid for the instance.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForRelationshipReTyping

public void validateUserForRelationshipReTyping(String userId,
 String metadataCollectionName,
 Relationship instance,
 TypeDefSummary newTypeDefSummary)
                                         throws UserNotAuthorizedException

Tests for whether a specific user should have the right to change an instance's type within a repository.

Specified by:

validateUserForRelationshipReTyping in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

newTypeDefSummary - details of this instance's new TypeDef.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForRelationshipReHoming

public void validateUserForRelationshipReHoming(String userId,
 String metadataCollectionName,
 Relationship instance,
 String newHomeMetadataCollectionId,
 String newHomeMetadataCollectionName)
                                         throws UserNotAuthorizedException

Tests for whether a specific user should have the right to change the home of an instance within a repository.

Specified by:

validateUserForRelationshipReHoming in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

newHomeMetadataCollectionId - unique identifier for the new home metadata collection/repository.

newHomeMetadataCollectionName - display name for the new home metadata collection/repository.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateEntityReferenceCopySave

public boolean validateEntityReferenceCopySave(EntityDetail instance)

Tests for whether a reference copy should be saved to the repository.

Specified by:

validateEntityReferenceCopySave in interface OpenMetadataRepositorySecurity

Parameters:

instance - instance details

Returns:

flag indicating whether the reference copy should be saved

validateRelationshipReferenceCopySave

public boolean validateRelationshipReferenceCopySave(Relationship instance)

Tests for whether a reference copy should be saved to the repository.

Specified by:

validateRelationshipReferenceCopySave in interface OpenMetadataRepositorySecurity

Parameters:

instance - instance details

Returns:

flag indicating whether the reference copy should be saved

validateInboundEvent

public OMRSInstanceEvent validateInboundEvent(String cohortName,
 OMRSInstanceEvent event)

Validate whether an event received from another member of the cohort should be processed by this server.

Specified by:

validateInboundEvent in interface OpenMetadataEventsSecurity

Parameters:

cohortName - name of the cohort

event - event that has been received

Returns:

inbound event to process (maybe updated) or null to indicate that the event should be ignored

validateOutboundEvent

public OMRSInstanceEvent validateOutboundEvent(String cohortName,
 OMRSInstanceEvent event)

Validate whether an event should be sent to the other members of the cohort by this server.

Specified by:

validateOutboundEvent in interface OpenMetadataEventsSecurity

Parameters:

cohortName - name of the cohort

event - event that has been received

Returns:

outbound event to send (maybe updated) or null to indicate that the event should be ignored