RoleMapperAdmin allows one to administer the role mappings for the current configuration.
If the XMLFileRoleMapper provider is included in the CSI configuration, it will read the RoleMapFile option to find an XML file containing role mapping (the option specifies a file relative to the configuration file).
The information in this file maps between "Logical Roles" as referenced in the consuming application (SecContext.checkRole) and "Physical Roles" assigned to subjects in the back-end security stores.
The RoleMapperAdmin class returned from this method is initialized with the role mapping data for the current configuration. Use getMappings to retrieve the RoleMappings data.
The mapping from Logical to Physical roles can be done within different "scopes" or "packages". There is a RoleMapper.DEFAULT_PACKAGE and then there are named packages. If a role is mapped in a specific package, and you do a roleCheck in that package, the role mapping from that package is used. If there is no role mapping for the role you are checking in that package, the DEFAULT_PACKAGE is checked. If there is no mapping there, then it may use straight-thru mapping to the physical role name if the XMLFileRoleMapper is configured to allow this.
This mapping information is maintained in a hierarchy: RoleMappings - contains all the Packages RolePackage - a named package (or the default package) LogicalRole - a mapped logical role PhysicalRole - physical role mapped to a logical role.
com.sybase.security.core.HierarchialItem for the methods available on each of these items in the hierarchy.
Here is some sample code that iterates across the entire tree of role mappings:
RoleMapperAdmin rma = SecContextFactory.newAdminContext(ctx).getRoleMapperAdmin();
RoleMappings mappings = rma.getMappings();
for (RolePackage rp : mappings)
{
for (LogicalRole lr : rp)
{
for (PhysicalRole pr : lr)
{
System.out.println("In package " + package.getName()
+ " the logical role " + lr.getName() +
" " is mapped to physical role " + pr.getName());
}
}
}