org.odpi.openmetadata.metadatasecurity.connectors

Class OpenMetadataServerSecurityConnector

java.lang.Object

org.odpi.openmetadata.frameworks.connectors.Connector

org.odpi.openmetadata.frameworks.connectors.ConnectorBase

org.odpi.openmetadata.metadatasecurity.connectors.OpenMetadataServerSecurityConnector

All Implemented Interfaces:

AuditLoggingComponent, OpenMetadataAssetSecurity, OpenMetadataConnectionSecurity, OpenMetadataServerSecurity, OpenMetadataServiceSecurity, OpenMetadataRepositorySecurity

public class OpenMetadataServerSecurityConnector
extends ConnectorBase
implements AuditLoggingComponent, OpenMetadataRepositorySecurity, OpenMetadataServerSecurity, OpenMetadataServiceSecurity, OpenMetadataConnectionSecurity, OpenMetadataAssetSecurity

OpenMetadataServerSecurityConnector provides the base class for an Open Metadata Security Connector for a server. This connector is configured in an OMAG Configuration Document. Its default behavior is to reject every request. It generates well-defined exceptions and audit log messages. Override these to define the required access for the deployment environment. The methods in this base class can be called if access is to be denied as a way of making use of the message logging and exceptions.

Nested Class Summary

Nested classes/interfaces inherited from class org.odpi.openmetadata.frameworks.connectors.ConnectorBase

ConnectorBase.ProtectedConnection

Field Summary

Fields

Modifier and Type	Field and Description
protected AuditLog	auditLog
protected String	connectorName
protected String	localServerUserId
protected String	serverName
protected String	unknownTypeName

Fields inherited from class org.odpi.openmetadata.frameworks.connectors.ConnectorBase

connectedAssetProperties, connectionBean, connectionProperties, connectorInstanceId, isActive, securedProperties

Constructor Summary

Constructors

Constructor and Description
OpenMetadataServerSecurityConnector()

Method Summary

Modifier and Type	Method and Description
void	disconnect() Free up any resources held since the connector is no longer needed.
protected String	getAssetGUID(Asset asset) Return a string representing the unique identifier for the asset.
protected String	getConnectionQualifiedName(Connection connection) Return a string representing the unique identifier for the connection.
protected String	getInstanceGUID(InstanceHeader instance) Return a string representing the unique identifier for a repository instance.
protected void	logConnectorDisconnecting() Write an audit log message to say that the connector is stopping.
protected void	logConnectorStarting() Write an audit log message to say that the connector is initializing.
protected String	printZoneList(List<String> zones) Return a string representing the list of zones.
List<String>	setAssetZonesToDefault(List<String> defaultZones, Asset asset) Determine the appropriate setting for the asset zones depending on the content of the asset and the default zones.
void	setAuditLog(AuditLog auditLog) Receive an audit log object that can be used to record audit log messages.
void	setLocalServerUserId(String userId) Provide the local server's userId.
void	setServerName(String serverName) Set the name of the server that this connector is supporting.
List<String>	setSupportedZonesForUser(List<String> supportedZones, String serviceName, String user) Determine the appropriate setting for the supported zones depending on the user and the default supported zones set up for the service.
void	start() Indicates that the connector is completely configured and can begin processing.
protected void	throwIncompleteAsset(String userId, Asset asset, String methodName) Write an audit log message and throw exception to record an unauthorized access.
protected void	throwUnauthorizedAssetAccess(String userId, Asset asset, String methodName) Write an audit log message and throw exception to record an unauthorized access.
protected void	throwUnauthorizedAssetChange(String userId, Asset asset, String methodName) Write an audit log message and throw exception to record an unauthorized access.
protected void	throwUnauthorizedAssetCreate(String userId, Asset asset, String methodName) Write an audit log message and throw exception to record an unauthorized access.
protected void	throwUnauthorizedAssetFeedback(String userId, Asset asset, String methodName) Write an audit log message and throw exception to record an unauthorized access.
protected void	throwUnauthorizedConnectionAccess(String userId, Connection connection, String methodName) Write an audit log message and throw exception to record an unauthorized access.
protected void	throwUnauthorizedInstanceAccess(String userId, String instanceGUID, String typeName, String methodName) Write an audit log message and throw exception to record an unauthorized access.
protected void	throwUnauthorizedInstanceChange(String userId, String instanceGUID, String typeName, String methodName) Write an audit log message and throw exception to record an unauthorized access.
protected void	throwUnauthorizedInstanceCreate(String userId, String typeGUID, String methodName) Write an audit log message and throw exception to record an unauthorized access.
protected void	throwUnauthorizedServerAccess(String userId, String methodName) Write an audit log message and throw exception to record an unauthorized access.
protected void	throwUnauthorizedServiceAccess(String userId, String serviceName, String serviceOperationName, String methodName) Write an audit log message and throw exception to record an unauthorized access.
protected void	throwUnauthorizedTypeAccess(String userId, String typeGUID, String typeName, String methodName) Write an audit log message and throw exception to record an unauthorized access.
protected void	throwUnauthorizedTypeChange(String userId, String typeGUID, String typeName, String methodName) Write an audit log message and throw exception to record an unauthorized access.
protected void	throwUnauthorizedZoneChange(String userId, Asset asset, List<String> originalZones, List<String> newZones, String methodName) Write an audit log message and throw exception to record an unauthorized access.
void	validateUserAsServerAdmin(String userId) Check that the calling user is authorized to update the configuration for a server.
void	validateUserAsServerInvestigator(String userId) Check that the calling user is authorized to issue operator requests to the OMAG Server.
void	validateUserAsServerOperator(String userId) Check that the calling user is authorized to issue operator requests to the OMAG Server.
void	validateUserForAssetAttachmentUpdate(String userId, Asset asset) Tests for whether a specific user should have the right to update elements attached directly to an asset such as schema and connections.
Connection	validateUserForAssetConnectionList(String userId, Asset asset, List<Connection> connections) Select a connection from the list of connections attached to an asset.
void	validateUserForAssetCreate(String userId, Asset asset) Tests for whether a specific user should have the right to create an asset within a zone.
void	validateUserForAssetDelete(String userId, Asset asset) Tests for whether a specific user should have the right to delete an asset within a zone.
void	validateUserForAssetDetailUpdate(String userId, Asset originalAsset, AssetAuditHeader originalAssetAuditHeader, Asset newAsset) Tests for whether a specific user should have the right to update an asset.
void	validateUserForAssetFeedback(String userId, Asset asset) Tests for whether a specific user should have the right to attach feedback - such as comments, ratings, tags and likes, to the asset.
void	validateUserForAssetRead(String userId, Asset asset) Tests for whether a specific user should have read access to a specific asset within a zone.
void	validateUserForConnection(String userId, Connection connection) Tests for whether a specific user should have access to a connection.
void	validateUserForEntityClassificationAdd(String userId, String metadataCollectionName, EntityDetail instance, String classificationName, InstanceProperties properties) Tests for whether a specific user should have the right to add a classification to an entity instance within a repository.
void	validateUserForEntityClassificationDelete(String userId, String metadataCollectionName, EntityDetail instance, String classificationName) Tests for whether a specific user should have the right to delete a classification from an entity instance within a repository.
void	validateUserForEntityClassificationUpdate(String userId, String metadataCollectionName, EntityDetail instance, String classificationName, InstanceProperties properties) Tests for whether a specific user should have the right to update the classification for an entity instance within a repository.
void	validateUserForEntityCreate(String userId, String metadataCollectionName, String entityTypeGUID, InstanceProperties initialProperties, List<Classification> initialClassifications, InstanceStatus initialStatus) Tests for whether a specific user should have the right to create a instance within a repository.
void	validateUserForEntityDelete(String userId, String metadataCollectionName, EntityDetail instance) Tests for whether a specific user should have the right to delete a instance within a repository.
void	validateUserForEntityProxyRead(String userId, String metadataCollectionName, EntityProxy instance) Tests for whether a specific user should have read access to a specific instance within a repository.
void	validateUserForEntityRead(String userId, String metadataCollectionName, EntityDetail instance) Tests for whether a specific user should have read access to a specific instance within a repository.
void	validateUserForEntityReHoming(String userId, String metadataCollectionName, EntityDetail instance, String newHomeMetadataCollectionId, String newHomeMetadataCollectionName) Tests for whether a specific user should have the right to change the home of a instance within a repository.
void	validateUserForEntityReIdentification(String userId, String metadataCollectionName, EntityDetail instance, String newGUID) Tests for whether a specific user should have the right to change the guid on a instance within a repository.
void	validateUserForEntityRestore(String userId, String metadataCollectionName, String deletedEntityGUID) Tests for whether a specific user should have the right to restore a instance within a repository.
void	validateUserForEntityReTyping(String userId, String metadataCollectionName, EntityDetail instance, TypeDefSummary newTypeDefSummary) Tests for whether a specific user should have the right to change the type of a instance within a repository.
void	validateUserForEntitySummaryRead(String userId, String metadataCollectionName, EntitySummary instance) Tests for whether a specific user should have read access to a specific instance within a repository.
void	validateUserForEntityUpdate(String userId, String metadataCollectionName, EntityDetail instance) Tests for whether a specific user should have the right to update a instance within a repository.
void	validateUserForRelationshipCreate(String userId, String metadataCollectionName, String relationshipTypeGUID, InstanceProperties initialProperties, EntitySummary entityOneSummary, EntitySummary entityTwoSummary, InstanceStatus initialStatus) Tests for whether a specific user should have the right to create a instance within a repository.
void	validateUserForRelationshipDelete(String userId, String metadataCollectionName, Relationship instance) Tests for whether a specific user should have the right to delete a instance within a repository.
void	validateUserForRelationshipRead(String userId, String metadataCollectionName, Relationship instance) Tests for whether a specific user should have read access to a specific instance within a repository.
void	validateUserForRelationshipReHoming(String userId, String metadataCollectionName, Relationship instance, String newHomeMetadataCollectionId, String newHomeMetadataCollectionName) Tests for whether a specific user should have the right to change the home of a instance within a repository.
void	validateUserForRelationshipReIdentification(String userId, String metadataCollectionName, Relationship instance, String newGUID) Tests for whether a specific user should have the right to change the guid on a instance within a repository.
void	validateUserForRelationshipRestore(String userId, String metadataCollectionName, String deletedRelationshipGUID) Tests for whether a specific user should have the right to restore a instance within a repository.
void	validateUserForRelationshipReTyping(String userId, String metadataCollectionName, Relationship instance, TypeDefSummary newTypeDefSummary) Tests for whether a specific user should have the right to change the type of a instance within a repository.
void	validateUserForRelationshipUpdate(String userId, String metadataCollectionName, Relationship instance) Tests for whether a specific user should have the right to update a instance within a repository.
void	validateUserForServer(String userId) Check that the calling user is authorized to issue a (any) request to the OMAG Server Platform.
void	validateUserForService(String userId, String serviceName) Check that the calling user is authorized to issue this request.
void	validateUserForServiceOperation(String userId, String serviceName, String serviceOperationName) Check that the calling user is authorized to issue this specific request.
void	validateUserForTypeCreate(String userId, String metadataCollectionName, AttributeTypeDef attributeTypeDef) Tests for whether a specific user should have the right to create a type within a repository.
void	validateUserForTypeCreate(String userId, String metadataCollectionName, TypeDef typeDef) Tests for whether a specific user should have the right to create a type within a repository.
void	validateUserForTypeDelete(String userId, String metadataCollectionName, AttributeTypeDef attributeTypeDef) Tests for whether a specific user should have the right to delete a type within a repository.
void	validateUserForTypeDelete(String userId, String metadataCollectionName, TypeDef typeDef) Tests for whether a specific user should have the right to delete a type within a repository.
void	validateUserForTypeRead(String userId, String metadataCollectionName, AttributeTypeDef attributeTypeDef) Tests for whether a specific user should have read access to a specific type within a repository.
void	validateUserForTypeRead(String userId, String metadataCollectionName, TypeDef typeDef) Tests for whether a specific user should have read access to a specific type within a repository.
void	validateUserForTypeReIdentify(String userId, String metadataCollectionName, AttributeTypeDef originalAttributeTypeDef, String newTypeDefGUID, String newTypeDefName) Tests for whether a specific user should have the right to change the identifiers for a type within a repository.
void	validateUserForTypeReIdentify(String userId, String metadataCollectionName, TypeDef originalTypeDef, String newTypeDefGUID, String newTypeDefName) Tests for whether a specific user should have the right to change the identifiers for a type within a repository.
void	validateUserForTypeUpdate(String userId, String metadataCollectionName, TypeDef typeDef, TypeDefPatch patch) Tests for whether a specific user should have the right to update a typeDef within a repository.
List<String>	verifyAssetZones(List<String> defaultZones, List<String> supportedZones, Asset originalAsset, Asset updatedAsset) Deprecated.
List<String>	verifyAssetZones(List<String> defaultZones, List<String> supportedZones, List<String> publishZones, Asset originalAsset, Asset updatedAsset) Determine the appropriate setting for the asset zones depending on the content of the asset and the settings of both default zones and supported zones.

Methods inherited from class org.odpi.openmetadata.frameworks.connectors.ConnectorBase

equals, getConnectedAssetProperties, getConnection, getConnectorInstanceId, hashCode, initialize, initializeConnectedAssetProperties, isActive, toString

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

auditLog

protected AuditLog auditLog

serverName

protected String serverName

localServerUserId

protected String localServerUserId

connectorName

protected String connectorName

unknownTypeName

protected final String unknownTypeName

See Also:

Constant Field Values

Constructor Detail

OpenMetadataServerSecurityConnector

public OpenMetadataServerSecurityConnector()

Method Detail

logConnectorStarting

protected void logConnectorStarting()

Write an audit log message to say that the connector is initializing.

logConnectorDisconnecting

protected void logConnectorDisconnecting()

Write an audit log message to say that the connector is stopping.

getAssetGUID

protected String getAssetGUID(Asset asset)

Return a string representing the unique identifier for the asset. If the asset is null then the guid is "null", if the guid is null then the result is "null-guid".

Parameters:

asset - asset to test

Returns:

string identifier for messages

printZoneList

protected String printZoneList(List<String> zones)

Return a string representing the list of zones.

Parameters:

zones - zones to output

Returns:

string for messages

getConnectionQualifiedName

protected String getConnectionQualifiedName(Connection connection)

Return a string representing the unique identifier for the connection. If the connection is null then the guid is "null", if the guid is null then the result is "null-name".

Parameters:

connection - connection to test

Returns:

string identifier for messages

getInstanceGUID

protected String getInstanceGUID(InstanceHeader instance)

Return a string representing the unique identifier for a repository instance. If the instance is null then the guid is "null", if the guid is null then the result is "null-guid".

Parameters:

instance - instance to test

Returns:

string identifier for messages

throwUnauthorizedServerAccess

protected void throwUnauthorizedServerAccess(String userId,
                                             String methodName)
                                      throws UserNotAuthorizedException

Write an audit log message and throw exception to record an unauthorized access.

Parameters:

userId - calling user

methodName - calling method

Throws:

UserNotAuthorizedException - the authorization check failed

throwUnauthorizedServiceAccess

protected void throwUnauthorizedServiceAccess(String userId,
                                              String serviceName,
                                              String serviceOperationName,
                                              String methodName)
                                       throws UserNotAuthorizedException

Write an audit log message and throw exception to record an unauthorized access.

Parameters:

userId - calling user

serviceName - name of service

serviceOperationName - name of operation

methodName - calling method

Throws:

UserNotAuthorizedException - the authorization check failed

throwUnauthorizedTypeAccess

protected void throwUnauthorizedTypeAccess(String userId,
                                           String typeGUID,
                                           String typeName,
                                           String methodName)
                                    throws UserNotAuthorizedException

Write an audit log message and throw exception to record an unauthorized access.

Parameters:

userId - calling user

typeGUID - uniqueId of type

typeName - name of type

methodName - calling method

Throws:

UserNotAuthorizedException - the authorization check failed

throwUnauthorizedTypeChange

protected void throwUnauthorizedTypeChange(String userId,
                                           String typeGUID,
                                           String typeName,
                                           String methodName)
                                    throws UserNotAuthorizedException

Write an audit log message and throw exception to record an unauthorized access.

Parameters:

userId - calling user

typeGUID - uniqueId of type

typeName - name of type

methodName - calling method

Throws:

UserNotAuthorizedException - the authorization check failed

throwUnauthorizedInstanceCreate

protected void throwUnauthorizedInstanceCreate(String userId,
                                               String typeGUID,
                                               String methodName)
                                        throws UserNotAuthorizedException

Write an audit log message and throw exception to record an unauthorized access.

Parameters:

userId - calling user

typeGUID - uniqueId of type

methodName - calling method

Throws:

UserNotAuthorizedException - the authorization check failed

throwUnauthorizedInstanceAccess

protected void throwUnauthorizedInstanceAccess(String userId,
                                               String instanceGUID,
                                               String typeName,
                                               String methodName)
                                        throws UserNotAuthorizedException

Write an audit log message and throw exception to record an unauthorized access.

Parameters:

userId - calling user

instanceGUID - uniqueId of type

typeName - name of type

methodName - calling method

Throws:

UserNotAuthorizedException - the authorization check failed

throwUnauthorizedInstanceChange

protected void throwUnauthorizedInstanceChange(String userId,
                                               String instanceGUID,
                                               String typeName,
                                               String methodName)
                                        throws UserNotAuthorizedException

Write an audit log message and throw exception to record an unauthorized access.

Parameters:

userId - calling user

instanceGUID - uniqueId of type

typeName - name of type

methodName - calling method

Throws:

UserNotAuthorizedException - the authorization check failed

throwUnauthorizedAssetAccess

protected void throwUnauthorizedAssetAccess(String userId,
                                            Asset asset,
                                            String methodName)
                                     throws UserNotAuthorizedException

Write an audit log message and throw exception to record an unauthorized access.

Parameters:

userId - calling user

asset - asset being accessed

methodName - calling method

Throws:

UserNotAuthorizedException - the authorization check failed

throwUnauthorizedAssetChange

protected void throwUnauthorizedAssetChange(String userId,
                                            Asset asset,
                                            String methodName)
                                     throws UserNotAuthorizedException

Write an audit log message and throw exception to record an unauthorized access.

Parameters:

userId - calling user

asset - asset being accessed

methodName - calling method

Throws:

UserNotAuthorizedException - the authorization check failed

throwUnauthorizedAssetCreate

protected void throwUnauthorizedAssetCreate(String userId,
                                            Asset asset,
                                            String methodName)
                                     throws UserNotAuthorizedException

Write an audit log message and throw exception to record an unauthorized access.

Parameters:

userId - calling user

asset - asset being accessed

methodName - calling method

Throws:

UserNotAuthorizedException - the authorization check failed

throwIncompleteAsset

protected void throwIncompleteAsset(String userId,
                                    Asset asset,
                                    String methodName)
                             throws UserNotAuthorizedException

Write an audit log message and throw exception to record an unauthorized access.

Parameters:

userId - calling user

asset - asset being accessed

methodName - calling method

Throws:

UserNotAuthorizedException - the authorization check failed

throwUnauthorizedZoneChange

protected void throwUnauthorizedZoneChange(String userId,
                                           Asset asset,
                                           List<String> originalZones,
                                           List<String> newZones,
                                           String methodName)
                                    throws UserNotAuthorizedException

Write an audit log message and throw exception to record an unauthorized access.

Parameters:

userId - calling user

asset - asset being accessed

originalZones - previous value of the zone membership for the asset being accessed

newZones - new value of the zone membership for the asset being accessed

methodName - calling method

Throws:

UserNotAuthorizedException - the authorization check failed

throwUnauthorizedAssetFeedback

protected void throwUnauthorizedAssetFeedback(String userId,
                                              Asset asset,
                                              String methodName)
                                       throws UserNotAuthorizedException

Write an audit log message and throw exception to record an unauthorized access.

Parameters:

userId - calling user

asset - asset in error

methodName - calling method

Throws:

UserNotAuthorizedException - the user is not authorized to access this zone

throwUnauthorizedConnectionAccess

protected void throwUnauthorizedConnectionAccess(String userId,
                                                 Connection connection,
                                                 String methodName)
                                          throws UserNotAuthorizedException

Write an audit log message and throw exception to record an unauthorized access.

Parameters:

userId - calling user

connection - connection to validate

methodName - calling method

Throws:

UserNotAuthorizedException - the authorization check failed

setAuditLog

public void setAuditLog(AuditLog auditLog)

Receive an audit log object that can be used to record audit log messages. The caller has initialized it with the correct component description and log destinations.

Specified by:

setAuditLog in interface AuditLoggingComponent

Parameters:

auditLog - audit log object

setServerName

public void setServerName(String serverName)

Set the name of the server that this connector is supporting.

Parameters:

serverName - name of server

setLocalServerUserId

public void setLocalServerUserId(String userId)

Provide the local server's userId. This is used for requests that originate from within the local server.

Parameters:

userId - local server's userId

start

public void start()
           throws ConnectorCheckedException

Indicates that the connector is completely configured and can begin processing.

Overrides:

start in class ConnectorBase

Throws:

ConnectorCheckedException - there is a problem within the connector.

setSupportedZonesForUser

public List<String> setSupportedZonesForUser(List<String> supportedZones,
                                             String serviceName,
                                             String user)
                                      throws InvalidParameterException,
                                             PropertyServerException

Determine the appropriate setting for the supported zones depending on the user and the default supported zones set up for the service. This is called whenever an asset is accessed.

Specified by:

setSupportedZonesForUser in interface OpenMetadataAssetSecurity

Parameters:

supportedZones - default setting of the supported zones for the service

serviceName - name of the called service

user - name of the user

Returns:

list of supported zones for the user

Throws:

InvalidParameterException - one of the parameter values is invalid

PropertyServerException - there is a problem calculating the zones

setAssetZonesToDefault

public List<String> setAssetZonesToDefault(List<String> defaultZones,
                                           Asset asset)
                                    throws InvalidParameterException,
                                           PropertyServerException

Determine the appropriate setting for the asset zones depending on the content of the asset and the default zones. This is called whenever a new asset is created. The default behavior is to use the default values, unless the zones have been explicitly set up, in which case, they are left unchanged.

Specified by:

setAssetZonesToDefault in interface OpenMetadataAssetSecurity

Parameters:

defaultZones - setting of the default zones for the service

asset - initial values for the asset

Returns:

list of zones to set in the asset

Throws:

InvalidParameterException - one of the asset values is invalid

PropertyServerException - there is a problem calculating the zones

verifyAssetZones

@Deprecated
public List<String> verifyAssetZones(List<String> defaultZones,
                                                 List<String> supportedZones,
                                                 Asset originalAsset,
                                                 Asset updatedAsset)
                                          throws InvalidParameterException,
                                                 PropertyServerException

Deprecated.

Determine the appropriate setting for the asset zones depending on the content of the asset and the settings of both default zones and supported zones. This method is called whenever an asset's values are changed. The default behavior is to keep the updated zones as they are.

Specified by:

verifyAssetZones in interface OpenMetadataAssetSecurity

Parameters:

defaultZones - setting of the default zones for the service

supportedZones - setting of the supported zones for the service

originalAsset - original values for the asset

updatedAsset - updated values for the asset

Returns:

list of zones to set in the asset

Throws:

InvalidParameterException - one of the asset values is invalid

PropertyServerException - there is a problem calculating the zones

verifyAssetZones

public List<String> verifyAssetZones(List<String> defaultZones,
                                     List<String> supportedZones,
                                     List<String> publishZones,
                                     Asset originalAsset,
                                     Asset updatedAsset)
                              throws InvalidParameterException,
                                     PropertyServerException

Determine the appropriate setting for the asset zones depending on the content of the asset and the settings of both default zones and supported zones. This method is called whenever an asset's values are changed. The default behavior is to keep the updated zones as they are.

Specified by:

verifyAssetZones in interface OpenMetadataAssetSecurity

Parameters:

defaultZones - setting of the default zones for the service

supportedZones - setting of the supported zones for the service

publishZones - setting of the publishZones for the service

originalAsset - original values for the asset

updatedAsset - updated values for the asset

Returns:

list of zones to set in the asset

Throws:

InvalidParameterException - one of the asset values is invalid

PropertyServerException - there is a problem calculating the zones

validateUserForServer

public void validateUserForServer(String userId)
                           throws UserNotAuthorizedException

Check that the calling user is authorized to issue a (any) request to the OMAG Server Platform.

Specified by:

validateUserForServer in interface OpenMetadataServerSecurity

Parameters:

userId - calling user

Throws:

UserNotAuthorizedException - the user is not authorized to access this function

validateUserAsServerAdmin

public void validateUserAsServerAdmin(String userId)
                               throws UserNotAuthorizedException

Check that the calling user is authorized to update the configuration for a server.

Specified by:

validateUserAsServerAdmin in interface OpenMetadataServerSecurity

Parameters:

userId - calling user

Throws:

UserNotAuthorizedException - the user is not authorized to change configuration

validateUserAsServerOperator

public void validateUserAsServerOperator(String userId)
                                  throws UserNotAuthorizedException

Check that the calling user is authorized to issue operator requests to the OMAG Server.

Specified by:

validateUserAsServerOperator in interface OpenMetadataServerSecurity

Parameters:

userId - calling user

Throws:

UserNotAuthorizedException - the user is not authorized to issue operator commands to this server

validateUserAsServerInvestigator

public void validateUserAsServerInvestigator(String userId)
                                      throws UserNotAuthorizedException

Check that the calling user is authorized to issue operator requests to the OMAG Server.

Specified by:

validateUserAsServerInvestigator in interface OpenMetadataServerSecurity

Parameters:

userId - calling user

Throws:

UserNotAuthorizedException - the user is not authorized to issue diagnostic commands to this server

validateUserForService

public void validateUserForService(String userId,
                                   String serviceName)
                            throws UserNotAuthorizedException

Check that the calling user is authorized to issue this request.

Specified by:

validateUserForService in interface OpenMetadataServiceSecurity

Parameters:

userId - calling user

serviceName - name of called service

Throws:

UserNotAuthorizedException - the user is not authorized to access this service

validateUserForServiceOperation

public void validateUserForServiceOperation(String userId,
                                            String serviceName,
                                            String serviceOperationName)
                                     throws UserNotAuthorizedException

Check that the calling user is authorized to issue this specific request.

Specified by:

validateUserForServiceOperation in interface OpenMetadataServiceSecurity

Parameters:

userId - calling user

serviceName - name of called service

serviceOperationName - name of called operation

Throws:

UserNotAuthorizedException - the user is not authorized to access this service

validateUserForConnection

public void validateUserForConnection(String userId,
                                      Connection connection)
                               throws UserNotAuthorizedException

Tests for whether a specific user should have access to a connection.

Specified by:

validateUserForConnection in interface OpenMetadataConnectionSecurity

Parameters:

userId - identifier of user

connection - connection object

Throws:

UserNotAuthorizedException - the user is not authorized to access this service

validateUserForAssetConnectionList

public Connection validateUserForAssetConnectionList(String userId,
                                                     Asset asset,
                                                     List<Connection> connections)
                                              throws UserNotAuthorizedException

Select a connection from the list of connections attached to an asset.

Specified by:

validateUserForAssetConnectionList in interface OpenMetadataConnectionSecurity

Parameters:

userId - calling user

asset - asset requested by caller

connections - list of attached connections

Returns:

selected connection or null (pretend there are no connections attached to the asset) or

Throws:

UserNotAuthorizedException - the user is not authorized to access this service

validateUserForAssetCreate

public void validateUserForAssetCreate(String userId,
                                       Asset asset)
                                throws UserNotAuthorizedException

Tests for whether a specific user should have the right to create an asset within a zone.

Specified by:

validateUserForAssetCreate in interface OpenMetadataAssetSecurity

Parameters:

userId - identifier of user

asset - asset details

Throws:

UserNotAuthorizedException - the user is not authorized to change this asset

validateUserForAssetRead

public void validateUserForAssetRead(String userId,
                                     Asset asset)
                              throws UserNotAuthorizedException

Tests for whether a specific user should have read access to a specific asset within a zone.

Specified by:

validateUserForAssetRead in interface OpenMetadataAssetSecurity

Parameters:

userId - identifier of user

asset - asset to test

Throws:

UserNotAuthorizedException - the user is not authorized to access this asset

validateUserForAssetDetailUpdate

public void validateUserForAssetDetailUpdate(String userId,
                                             Asset originalAsset,
                                             AssetAuditHeader originalAssetAuditHeader,
                                             Asset newAsset)
                                      throws UserNotAuthorizedException

Tests for whether a specific user should have the right to update an asset. This is used for a general asset update, which may include changes to the zones and the ownership.

Specified by:

validateUserForAssetDetailUpdate in interface OpenMetadataAssetSecurity

Parameters:

userId - identifier of user

originalAsset - original asset details

originalAssetAuditHeader - details of the asset's audit header

newAsset - new asset details

Throws:

UserNotAuthorizedException - the user is not authorized to change this asset

validateUserForAssetAttachmentUpdate

public void validateUserForAssetAttachmentUpdate(String userId,
                                                 Asset asset)
                                          throws UserNotAuthorizedException

Tests for whether a specific user should have the right to update elements attached directly to an asset such as schema and connections.

Specified by:

validateUserForAssetAttachmentUpdate in interface OpenMetadataAssetSecurity

Parameters:

userId - identifier of user

asset - original asset details

Throws:

UserNotAuthorizedException - the user is not authorized to change this asset

validateUserForAssetFeedback

public void validateUserForAssetFeedback(String userId,
                                         Asset asset)
                                  throws UserNotAuthorizedException

Tests for whether a specific user should have the right to attach feedback - such as comments, ratings, tags and likes, to the asset.

Specified by:

validateUserForAssetFeedback in interface OpenMetadataAssetSecurity

Parameters:

userId - identifier of user

asset - original asset details

Throws:

UserNotAuthorizedException - the user is not authorized to change this asset

validateUserForAssetDelete

public void validateUserForAssetDelete(String userId,
                                       Asset asset)
                                throws UserNotAuthorizedException

Tests for whether a specific user should have the right to delete an asset within a zone.

Specified by:

validateUserForAssetDelete in interface OpenMetadataAssetSecurity

Parameters:

userId - identifier of user

asset - asset details

Throws:

UserNotAuthorizedException - the user is not authorized to change this asset

validateUserForTypeCreate

public void validateUserForTypeCreate(String userId,
                                      String metadataCollectionName,
                                      TypeDef typeDef)
                               throws UserNotAuthorizedException

Tests for whether a specific user should have the right to create a type within a repository.

Specified by:

validateUserForTypeCreate in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

typeDef - type details

Throws:

UserNotAuthorizedException - the user is not authorized to maintain types

validateUserForTypeCreate

public void validateUserForTypeCreate(String userId,
                                      String metadataCollectionName,
                                      AttributeTypeDef attributeTypeDef)
                               throws UserNotAuthorizedException

Tests for whether a specific user should have the right to create a type within a repository.

Specified by:

validateUserForTypeCreate in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

attributeTypeDef - type details

Throws:

UserNotAuthorizedException - the user is not authorized to maintain types

validateUserForTypeRead

public void validateUserForTypeRead(String userId,
                                    String metadataCollectionName,
                                    TypeDef typeDef)
                             throws UserNotAuthorizedException

Tests for whether a specific user should have read access to a specific type within a repository.

Specified by:

validateUserForTypeRead in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

typeDef - type details

Throws:

UserNotAuthorizedException - the user is not authorized to retrieve types

validateUserForTypeRead

public void validateUserForTypeRead(String userId,
                                    String metadataCollectionName,
                                    AttributeTypeDef attributeTypeDef)
                             throws UserNotAuthorizedException

Tests for whether a specific user should have read access to a specific type within a repository.

Specified by:

validateUserForTypeRead in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

attributeTypeDef - type details

Throws:

UserNotAuthorizedException - the user is not authorized to retrieve types

validateUserForTypeUpdate

public void validateUserForTypeUpdate(String userId,
                                      String metadataCollectionName,
                                      TypeDef typeDef,
                                      TypeDefPatch patch)
                               throws UserNotAuthorizedException

Tests for whether a specific user should have the right to update a typeDef within a repository.

Specified by:

validateUserForTypeUpdate in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

typeDef - current typeDef details

patch - proposed changes to type

Throws:

UserNotAuthorizedException - the user is not authorized to maintain types

validateUserForTypeDelete

public void validateUserForTypeDelete(String userId,
                                      String metadataCollectionName,
                                      TypeDef typeDef)
                               throws UserNotAuthorizedException

Tests for whether a specific user should have the right to delete a type within a repository.

Specified by:

validateUserForTypeDelete in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

typeDef - type details

Throws:

UserNotAuthorizedException - the user is not authorized to maintain types

validateUserForTypeDelete

public void validateUserForTypeDelete(String userId,
                                      String metadataCollectionName,
                                      AttributeTypeDef attributeTypeDef)
                               throws UserNotAuthorizedException

Tests for whether a specific user should have the right to delete a type within a repository.

Specified by:

validateUserForTypeDelete in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

attributeTypeDef - type details

Throws:

UserNotAuthorizedException - the user is not authorized to maintain types

validateUserForTypeReIdentify

public void validateUserForTypeReIdentify(String userId,
                                          String metadataCollectionName,
                                          TypeDef originalTypeDef,
                                          String newTypeDefGUID,
                                          String newTypeDefName)
                                   throws UserNotAuthorizedException

Tests for whether a specific user should have the right to change the identifiers for a type within a repository.

Specified by:

validateUserForTypeReIdentify in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

originalTypeDef - type details

newTypeDefGUID - the new identifier for the type.

newTypeDefName - new name for this type.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain types

validateUserForTypeReIdentify

public void validateUserForTypeReIdentify(String userId,
                                          String metadataCollectionName,
                                          AttributeTypeDef originalAttributeTypeDef,
                                          String newTypeDefGUID,
                                          String newTypeDefName)
                                   throws UserNotAuthorizedException

Tests for whether a specific user should have the right to change the identifiers for a type within a repository.

Specified by:

validateUserForTypeReIdentify in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

originalAttributeTypeDef - type details

newTypeDefGUID - the new identifier for the type.

newTypeDefName - new name for this type.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain types

validateUserForEntityCreate

public void validateUserForEntityCreate(String userId,
                                        String metadataCollectionName,
                                        String entityTypeGUID,
                                        InstanceProperties initialProperties,
                                        List<Classification> initialClassifications,
                                        InstanceStatus initialStatus)
                                 throws UserNotAuthorizedException

Tests for whether a specific user should have the right to create a instance within a repository.

Specified by:

validateUserForEntityCreate in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

entityTypeGUID - unique identifier (guid) for the new entity's type.

initialProperties - initial list of properties for the new entity null means no properties.

initialClassifications - initial list of classifications for the new entity null means no classifications.

initialStatus - initial status typically DRAFT, PREPARED or ACTIVE.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForEntityRead

public void validateUserForEntityRead(String userId,
                                      String metadataCollectionName,
                                      EntityDetail instance)
                               throws UserNotAuthorizedException

Tests for whether a specific user should have read access to a specific instance within a repository.

Specified by:

validateUserForEntityRead in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

Throws:

UserNotAuthorizedException - the user is not authorized to retrieve instances

validateUserForEntitySummaryRead

public void validateUserForEntitySummaryRead(String userId,
                                             String metadataCollectionName,
                                             EntitySummary instance)
                                      throws UserNotAuthorizedException

Tests for whether a specific user should have read access to a specific instance within a repository.

Specified by:

validateUserForEntitySummaryRead in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

instance - instance details

Throws:

UserNotAuthorizedException - the user is not authorized to retrieve instances

validateUserForEntityProxyRead

public void validateUserForEntityProxyRead(String userId,
                                           String metadataCollectionName,
                                           EntityProxy instance)
                                    throws UserNotAuthorizedException

Tests for whether a specific user should have read access to a specific instance within a repository.

Specified by:

validateUserForEntityProxyRead in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

Throws:

UserNotAuthorizedException - the user is not authorized to retrieve instances

validateUserForEntityUpdate

public void validateUserForEntityUpdate(String userId,
                                        String metadataCollectionName,
                                        EntityDetail instance)
                                 throws UserNotAuthorizedException

Tests for whether a specific user should have the right to update a instance within a repository.

Specified by:

validateUserForEntityUpdate in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForEntityClassificationAdd

public void validateUserForEntityClassificationAdd(String userId,
                                                   String metadataCollectionName,
                                                   EntityDetail instance,
                                                   String classificationName,
                                                   InstanceProperties properties)
                                            throws UserNotAuthorizedException

Tests for whether a specific user should have the right to add a classification to an entity instance within a repository.

Specified by:

validateUserForEntityClassificationAdd in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

classificationName - String name for the classification.

properties - list of properties for the classification.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForEntityClassificationUpdate

public void validateUserForEntityClassificationUpdate(String userId,
                                                      String metadataCollectionName,
                                                      EntityDetail instance,
                                                      String classificationName,
                                                      InstanceProperties properties)
                                               throws UserNotAuthorizedException

Tests for whether a specific user should have the right to update the classification for an entity instance within a repository.

Specified by:

validateUserForEntityClassificationUpdate in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

classificationName - String name for the classification.

properties - list of properties for the classification.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForEntityClassificationDelete

public void validateUserForEntityClassificationDelete(String userId,
                                                      String metadataCollectionName,
                                                      EntityDetail instance,
                                                      String classificationName)
                                               throws UserNotAuthorizedException

Tests for whether a specific user should have the right to delete a classification from an entity instance within a repository.

Specified by:

validateUserForEntityClassificationDelete in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

classificationName - String name for the classification.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForEntityDelete

public void validateUserForEntityDelete(String userId,
                                        String metadataCollectionName,
                                        EntityDetail instance)
                                 throws UserNotAuthorizedException

Tests for whether a specific user should have the right to delete a instance within a repository.

Specified by:

validateUserForEntityDelete in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForEntityRestore

public void validateUserForEntityRestore(String userId,
                                         String metadataCollectionName,
                                         String deletedEntityGUID)
                                  throws UserNotAuthorizedException

Tests for whether a specific user should have the right to restore a instance within a repository.

Specified by:

validateUserForEntityRestore in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

deletedEntityGUID - String unique identifier (guid) for the entity.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForEntityReIdentification

public void validateUserForEntityReIdentification(String userId,
                                                  String metadataCollectionName,
                                                  EntityDetail instance,
                                                  String newGUID)
                                           throws UserNotAuthorizedException

Tests for whether a specific user should have the right to change the guid on a instance within a repository.

Specified by:

validateUserForEntityReIdentification in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

newGUID - the new guid for the instance.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForEntityReTyping

public void validateUserForEntityReTyping(String userId,
                                          String metadataCollectionName,
                                          EntityDetail instance,
                                          TypeDefSummary newTypeDefSummary)
                                   throws UserNotAuthorizedException

Tests for whether a specific user should have the right to change the type of a instance within a repository.

Specified by:

validateUserForEntityReTyping in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

newTypeDefSummary - details of this instance's new TypeDef.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForEntityReHoming

public void validateUserForEntityReHoming(String userId,
                                          String metadataCollectionName,
                                          EntityDetail instance,
                                          String newHomeMetadataCollectionId,
                                          String newHomeMetadataCollectionName)
                                   throws UserNotAuthorizedException

Tests for whether a specific user should have the right to change the home of a instance within a repository.

Specified by:

validateUserForEntityReHoming in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

newHomeMetadataCollectionId - unique identifier for the new home metadata collection/repository.

newHomeMetadataCollectionName - display name for the new home metadata collection/repository.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForRelationshipCreate

public void validateUserForRelationshipCreate(String userId,
                                              String metadataCollectionName,
                                              String relationshipTypeGUID,
                                              InstanceProperties initialProperties,
                                              EntitySummary entityOneSummary,
                                              EntitySummary entityTwoSummary,
                                              InstanceStatus initialStatus)
                                       throws UserNotAuthorizedException

Tests for whether a specific user should have the right to create a instance within a repository.

Specified by:

validateUserForRelationshipCreate in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

relationshipTypeGUID - unique identifier (guid) for the new relationship's type.

initialProperties - initial list of properties for the new entity null means no properties.

entityOneSummary - the unique identifier of one of the entities that the relationship is connecting together.

entityTwoSummary - the unique identifier of the other entity that the relationship is connecting together.

initialStatus - initial status typically DRAFT, PREPARED or ACTIVE.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForRelationshipRead

public void validateUserForRelationshipRead(String userId,
                                            String metadataCollectionName,
                                            Relationship instance)
                                     throws UserNotAuthorizedException

Tests for whether a specific user should have read access to a specific instance within a repository.

Specified by:

validateUserForRelationshipRead in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

Throws:

UserNotAuthorizedException - the user is not authorized to retrieve instances

validateUserForRelationshipUpdate

public void validateUserForRelationshipUpdate(String userId,
                                              String metadataCollectionName,
                                              Relationship instance)
                                       throws UserNotAuthorizedException

Tests for whether a specific user should have the right to update a instance within a repository.

Specified by:

validateUserForRelationshipUpdate in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForRelationshipDelete

public void validateUserForRelationshipDelete(String userId,
                                              String metadataCollectionName,
                                              Relationship instance)
                                       throws UserNotAuthorizedException

Tests for whether a specific user should have the right to delete a instance within a repository.

Specified by:

validateUserForRelationshipDelete in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForRelationshipRestore

public void validateUserForRelationshipRestore(String userId,
                                               String metadataCollectionName,
                                               String deletedRelationshipGUID)
                                        throws UserNotAuthorizedException

Tests for whether a specific user should have the right to restore a instance within a repository.

Specified by:

validateUserForRelationshipRestore in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

deletedRelationshipGUID - String unique identifier (guid) for the relationship.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForRelationshipReIdentification

public void validateUserForRelationshipReIdentification(String userId,
                                                        String metadataCollectionName,
                                                        Relationship instance,
                                                        String newGUID)
                                                 throws UserNotAuthorizedException

Tests for whether a specific user should have the right to change the guid on a instance within a repository.

Specified by:

validateUserForRelationshipReIdentification in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

newGUID - the new guid for the instance.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForRelationshipReTyping

public void validateUserForRelationshipReTyping(String userId,
                                                String metadataCollectionName,
                                                Relationship instance,
                                                TypeDefSummary newTypeDefSummary)
                                         throws UserNotAuthorizedException

Tests for whether a specific user should have the right to change the type of a instance within a repository.

Specified by:

validateUserForRelationshipReTyping in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

newTypeDefSummary - details of this instance's new TypeDef.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

validateUserForRelationshipReHoming

public void validateUserForRelationshipReHoming(String userId,
                                                String metadataCollectionName,
                                                Relationship instance,
                                                String newHomeMetadataCollectionId,
                                                String newHomeMetadataCollectionName)
                                         throws UserNotAuthorizedException

Tests for whether a specific user should have the right to change the home of a instance within a repository.

Specified by:

validateUserForRelationshipReHoming in interface OpenMetadataRepositorySecurity

Parameters:

userId - identifier of user

metadataCollectionName - configurable name of the metadata collection

instance - instance details

newHomeMetadataCollectionId - unique identifier for the new home metadata collection/repository.

newHomeMetadataCollectionName - display name for the new home metadata collection/repository.

Throws:

UserNotAuthorizedException - the user is not authorized to maintain instances

disconnect

public void disconnect()
                throws ConnectorCheckedException

Free up any resources held since the connector is no longer needed.

Overrides:

disconnect in class ConnectorBase

Throws:

ConnectorCheckedException - there is a problem within the connector.