public class UMFactory extends Object
Applications can access UME functionality via a set of public UME factories
like IUserFactory
, IAuthentication
and IUserMapping
.
UME factories can be distinguished by their behavior regarding database transactions. There are factories that simply account for UME internal transactions, which is the default behavior. And there may also be factories that participate in container wide shared transactions (if supported by the current runtime environment, e.g. SAP Application Server Java).
There are two ways to get access to UME factories:
UMFactory
class provides functionality to get access to
UME factory objects. Applications access all the functionality through
this class and its (mostly static) factory getter methods like
getUserFactory()
, getAuthenticator()
and getUserMapping()
.
UMFactory
's getter methods always return UME
factories that don't participate in shared transactions.
In scenarios where a JNDI naming system exists inside of the server, UME factories can also be retrieved by a JNDI lookup. This is the only way to get access to UME factories that participate in shared transactions.
Looking up UME factories from JNDI requires declaration of all necessary
factories in the application's deployment descriptor. In SAP Application Server Java,
this requires adding a server-component-ref
node to the
web-j2ee-engine.xml / ejb-j2ee-engine.xml / appclient-j2ee-engine.xml
like this
<server-component-ref> <name> ume/userfactory </name> <type> interface </type> <jndi-name> UME/unsharable/com.sap.security.api.IUserFactory </jndi-name> </server-component-ref>
In this example, the application would call
lookup("java:comp/env/ume/userfactory")
to retrieve an
instance of IUserFactory
(which does not
participate in shared transactions, see below).
Some UME factories are available in two different subcontexts of the main
UME context "UME"
:
"sharable"
participate in shared
database transactions (if the container supports shared transactions
and the actual factory is subject to transactions at all).
"unsharable"
ignore shared transactions
or are not subject to transactions at all.
Each factory object is bound into the UME subcontexts by the fully qualified name of the corresponding UME interface:
UME/sharable/com.sap.security.api.IGroupFactory UME/sharable/com.sap.security.api.IPrincipalFactory UME/sharable/com.sap.security.api.IRoleFactory UME/sharable/com.sap.security.api.IUserAccountFactory UME/sharable/com.sap.security.api.IUserFactory UME/sharable/com.sap.security.api.acl.IAclManagerFactory UME/sharable/com.sap.security.api.srvUser.IServiceUserFactory UME/unsharable/com.sap.security.api.IGroupFactory UME/unsharable/com.sap.security.api.IPrincipalFactory UME/unsharable/com.sap.security.api.IRoleFactory UME/unsharable/com.sap.security.api.IUserAccountFactory UME/unsharable/com.sap.security.api.IUserFactory UME/unsharable/com.sap.security.api.acl.IAclManagerFactory UME/unsharable/com.sap.security.api.logon.IAnonymousUserFactory UME/unsharable/com.sap.security.api.IAuthentication UME/unsharable/com.sap.security.api.logon.ILogonAuthentication UME/unsharable/com.sap.security.api.logon.ISecurityPolicyFactory UME/unsharable/com.sap.security.api.srvUser.IServiceUserFactory UME/unsharable/com.sap.security.api.umap.IUserMapping
UMFactory
initialize(Map)
to initialize UMFactory. This is the
standard way which is already used in SAP Application Server Java and SAP JTS.
initialize(String)
with a directory in the file system which contains
all required UME configuration data.
TicketVerifier
.
Modifier and Type | Method and Description |
---|---|
static void |
addSystemLandscapeWrapper(ISystemLandscapeWrapper slw)
Deprecated.
|
static IAclManager |
getAclManager()
Gets the default Access Control List (ACL) Manager.
|
static IAclManager |
getAclManager(String applicationId)
Gets an application specific Access Control List (ACL) Manager.
|
static String[] |
getAllAclManagers()
Returns an array of all used Access Control List (ACL) Managers.
|
static IAnonymousUserFactory |
getAnonymousUserFactory()
Gets the anonymous user factory for retrieving anonymous user.
|
static IAuthentication |
getAuthenticator()
Provide access to an implementation of
IAuthentication . |
static IUserFactory |
getDefaultFactory()
Deprecated.
: use
getUserFactory() instead |
static IGroupFactory |
getGroupFactory()
Returns an implementation of
IGroupFactory . |
static UMFactory |
getInstance()
Returns the instance of
UMFactory . |
static ILogonAuthentication |
getLogonAuthenticator()
Provide access to an implementation of
ILogonAuthentication . |
static IPrincipalFactory |
getPrincipalFactory()
Returns an implementation of
IPrincipalFactory . |
static com.sap.security.api.util.IUMParameters |
getProperties()
Deprecated.
Released for internal use only
|
static IRoleFactory |
getRoleFactory()
Returns an implementation of
IRoleFactory . |
static SecurityManager |
getSecurityManager()
A method in the user management that wants to check whether the caller is
allowed to call it should call this method instead of
System.getSecurityManager() to get a security manager to perform the
checkPermission call. |
static ISecurityPolicy |
getSecurityPolicy()
This method provides access to the default security policy object.
|
static ISecurityPolicy |
getSecurityPolicyByLogonID(String logonID)
Retrieve a security policy object from the associated user account.
|
static IServiceUserFactory |
getServiceUserFactory()
NOTE: Released for internal use only.
|
static ISystemLandscapeFactory |
getSystemLandscapeFactory() |
static ArrayList |
getSystemLandscapeWrappers()
Deprecated.
|
TicketVerifier |
getTicketVerifier()
Deprecated.
Please use the native library "SAPSSOEXT" and the corresponding Java wrapper. For
further information, including where to download the "SAPSSOEXT" package, please
refer to the online documentation.
|
static com.sap.security.api.util.IUMFileIO |
getUMFileIO()
NOTE: Released for internal use only.
|
static IUserAccountFactory |
getUserAccountFactory()
Returns an implementation of
IUserAccountFactory . |
static IUserFactory |
getUserFactory()
Returns an implementation of
IUserFactory . |
static IUserMapping |
getUserMapping()
Gets the global user mapping object which provides access to all user
mapping data.
|
static void |
initialize(Map factories)
Note: Released for internal use only.
|
static void |
initialize(String umeCfgPath)
Note: Released for internal use only.
|
static boolean |
isInitialized()
This method provides information about the state of UMFactory.
|
static void |
removeSystemLandscapeWrapper(ISystemLandscapeWrapper slw)
Deprecated.
|
static void |
setSecurityManager(SecurityManager securitymanager)
Set the security manager that is used to protect the API.
|
public static void initialize(Map factories)
isInitialized()
will not return true
until the key "InitializationComplete"
is contained in the
argument Map
(see the table of keys and values below).factories
- Map of UME factory objects.
The following key / value pairs are currently required:
Key | Value |
---|---|
IAclManager.class | Class object of the IAclManager implementation class |
IAnonymousUserFactory.class | Instance of IAnonymousUserFactory |
IAuthentication.class | Instance of IAuthentication |
IGroupFactory.class | Instance of IGroupFactory |
ILogonAuthentication.class | Instance of ILogonAuthentication |
IPrincipalFactory.class | Instance of IPrincipalFactory |
IRoleFactory.class | Instance of IRoleFactory |
ISecurityPolicyFactory.class | Instance of ISecurityPolicyFactory |
IServiceUserFactory.class | Instance of IServiceUserFactory |
ISystemLandscapeFactory.class | Instance of ISystemLandscapeFactory |
IUMFileIO.class | Instance of IUMFileIO |
IUMParameters.class | Instance of IUMParameters |
IUserAccountFactory.class | Instance of IUserAccountFactory |
IUserFactory.class | Instance of IUserFactory |
IUserMapping.class | Instance of IUserMapping |
TicketVerifier.class | Class object of the TicketVerifier implementation class |
"InitializationComplete" (String ) |
Boolean with value true . |
public static void initialize(String umeCfgPath)
com.sap.security.core.InternalUMFactory
!umeCfgPath
- String object that contains the path to the
sapum.properties file and the additional xml filespublic static UMFactory getInstance() throws UMRuntimeException
UMFactory
. If the
UMFactory
is not already initialized this function throws an
IllegalStateException
. Note: UMFactory will be initialized
by EP6 Portal or SAP Application Server Java 630. If UMFactory should be
used standalone, it has to be initialized explicitly with the method
initialize(String umeCfgPath)UMFactory
IllegalStateException
- If the UMFactory
is not already initialized.UMRuntimeException
- If UME is running with
client ("Mandant") concept enabled and the current client
can not be determined.public static IAuthentication getAuthenticator()
IAuthentication
.IAuthentication
@Deprecated public static IUserFactory getDefaultFactory()
getUserFactory()
insteadpublic static IGroupFactory getGroupFactory()
IGroupFactory
. This method
should be called to get the group factory for all group related
operations.public static ILogonAuthentication getLogonAuthenticator()
ILogonAuthentication
.ILogonAuthentication
public static SecurityManager getSecurityManager()
System.getSecurityManager()
to get a security manager to perform the
checkPermission call.public static IUserMapping getUserMapping()
public static com.sap.security.api.util.IUMFileIO getUMFileIO()
public static com.sap.security.api.util.IUMParameters getProperties()
Get access to IUMParameters
interface
IUMParameters
public static IRoleFactory getRoleFactory()
IRoleFactory
. This method
should be called to get the role factory for all role related operations.public static IUserAccountFactory getUserAccountFactory()
IUserAccountFactory
. This
method should be called to get the user account factory for all user
account related operations.public static IPrincipalFactory getPrincipalFactory()
IPrincipalFactory
. This method
should be called to get the principal factory for all principal related
operations.public static IUserFactory getUserFactory()
IUserFactory
. This method
should be called to get the user factory for all user related operations.public static IServiceUserFactory getServiceUserFactory()
Returns an implementation of IServiceUserFactory
. This
method should be called to get the service user factory for all service
user related operations.
public static IAclManager getAclManager()
IAclManager
public static IAclManager getAclManager(String applicationId)
applicationId
- the application IDIAclManager
public static String[] getAllAclManagers()
public static void setSecurityManager(SecurityManager securitymanager)
IllegalStateException
. An
IllegalStateException
is also thrown if there is a system
security manager and this method is called. If the
SecurityManagerFactory
is visible for the UMFactory, this
method must be called before the UMFactory
is initialized,
because in this case during initialization a security manager is set if
there is neither a system security manager nor this method was called.securitymanager
- security manager to be usedIllegalStateException
- in case this method has already been
called before or there is a system security manager@Deprecated public static void addSystemLandscapeWrapper(ISystemLandscapeWrapper slw)
getSystemLandscapeFactory()
and
ISystemLandscapeFactory.registerLandscape(ISystemLandscape)
instead.slw
- The system landscape wrapper to be added@Deprecated public static ArrayList getSystemLandscapeWrappers()
getSystemLandscapeFactory()
and
ISystemLandscapeFactory.getAllLandscapes()
resp.
ISystemLandscapeFactory.getLandscape(String)
instead.ISystemLandscapeWrapper
implementations that are currently registered.@Deprecated public static void removeSystemLandscapeWrapper(ISystemLandscapeWrapper slw)
getSystemLandscapeFactory()
and
ISystemLandscapeFactory.unregisterLandscape(ISystemLandscape)
instead.slw
- The system landscape wrapper to be removedpublic static ISystemLandscapeFactory getSystemLandscapeFactory()
public static IAnonymousUserFactory getAnonymousUserFactory()
public static ISecurityPolicy getSecurityPolicy()
ISecurityPolicy
public static ISecurityPolicy getSecurityPolicyByLogonID(String logonID) throws UMException
logonID
- the logon ID of the associated account's For more
details see ISecurityPolicy
UMException
- if there is an error.public static boolean isInitialized()
@Deprecated public TicketVerifier getTicketVerifier()
TicketVerifier
Access Rights |
---|
SC | DC | Public Part | ACH |
---|---|---|---|
[sap.com] CORE-TOOLS
|
[sap.com]
|
default
|
BC-JAS
|
[sap.com] ENGFACADE
|
[sap.com] tc/je/usermanagement/api
|
api
|
BC-JAS-SEC
|
[sap.com] ENGINEAPI
|
[sap.com]
|
-
|
BC-JAS-SEC-UME
|
[sap.com] ENGINEAPI
|
[sap.com]
|
default
|
BC-JAS-SEC-UME
|
Copyright 2017 SAP AG Complete Copyright Notice