Google Git
Sign in
apache / turbine-core / c1ed94584a724f7355f3301023b3f310336a9bbc / . / src / java / org / apache / turbine / services / security / SecurityService.java
blob: 39523ff016e5dda4c65c5170fb6711b582fa71d3 [file] [log] [blame]
package org.apache.turbine.services.security;
/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2001-2003 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache Turbine" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache",
* "Apache Turbine", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
import java.util.List;
import java.util.Map;
import org.apache.torque.util.Criteria;
import org.apache.turbine.om.security.Group;
import org.apache.turbine.om.security.Permission;
import org.apache.turbine.om.security.Role;
import org.apache.turbine.om.security.TurbineGroup;
import org.apache.turbine.om.security.TurbinePermission;
import org.apache.turbine.om.security.TurbineRole;
import org.apache.turbine.om.security.TurbineUser;
import org.apache.turbine.om.security.User;
import org.apache.turbine.services.Service;
import org.apache.turbine.services.security.db.DBUserManager;
import org.apache.turbine.util.security.AccessControlList;
import org.apache.turbine.util.security.DataBackendException;
import org.apache.turbine.util.security.EntityExistsException;
import org.apache.turbine.util.security.GroupSet;
import org.apache.turbine.util.security.PasswordMismatchException;
import org.apache.turbine.util.security.PermissionSet;
import org.apache.turbine.util.security.RoleSet;
import org.apache.turbine.util.security.TurbineAccessControlList;
import org.apache.turbine.util.security.UnknownEntityException;
/**
* The Security Service manages Users, Groups Roles and Permissions in the
* system.
*
* The task performed by the security service include creation and removal of
* accounts, groups, roles, and permissions; assigning users roles in groups;
* assigning roles specific permissions and construction of objects
* representing these logical entities.
*
* <p> Because of pluggable nature of the Services, it is possible to create
* multiple implementations of SecurityService, for example employing database
* and directory server as the data backend.<br>
*
* @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a>
* @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
* @author <a href="mailto:marco@intermeta.de">Marco Kn&uuml;ttel</a>
* @version $Id$
*/
public interface SecurityService
extends Service
{
/** The name of the service */
static final String SERVICE_NAME = "SecurityService";
/**
* the key within services's properties for user implementation
* classname (user.class)
*/
static final String USER_CLASS_KEY = "user.class";
/**
* the default implementation of User interface
* (org.apache.turbine.om.security.TurbineUser)
*/
static final String USER_CLASS_DEFAULT
= TurbineUser.class.getName();
/**
* The key within services' properties for the GROUP
* implementation classname (group.class)
*/
static final String GROUP_CLASS_KEY = "group.class";
/**
* The default implementation of the Group interface
* (org.apache.turbine.om.security.TurbineGroup)
*/
static final String GROUP_CLASS_DEFAULT
= TurbineGroup.class.getName();
/**
* The key within services' properties for the PERMISSION
* implementation classname (permission.class)
*/
static final String PERMISSION_CLASS_KEY = "permission.class";
/**
* The default implementation of the Permissions interface
* (org.apache.turbine.om.security.TurbinePermission)
*/
static final String PERMISSION_CLASS_DEFAULT
= TurbinePermission.class.getName();
/**
* The key within services' properties for the ROLE
* implementation classname (role.class)
*/
static final String ROLE_CLASS_KEY = "role.class";
/**
* The default implementation of the Role Interface
* (org.apache.turbine.om.security.TurbineRole)
*/
static final String ROLE_CLASS_DEFAULT
= TurbineRole.class.getName();
/**
* The key within services' properties for the
* ACL implementation classname (acl.class)
*/
static final String ACL_CLASS_KEY = "acl.class";
/**
* The default implementation of the Acl Interface
* (org.apache.turbine.util.security.TurbineAccessControlList)
*/
static final String ACL_CLASS_DEFAULT
= TurbineAccessControlList.class.getName();
/**
* the key within services's properties for user implementation
* classname (user.manager)
*/
static final String USER_MANAGER_KEY = "user.manager";
/**
* the default implementation of UserManager interface
* (org.apache.turbine.services.security.DBUserManager)
*/
static final String USER_MANAGER_DEFAULT
= DBUserManager.class.getName();
/**
* the key within services's properties for secure passwords flag
* (secure.passwords)
*/
static final String SECURE_PASSWORDS_KEY = "secure.passwords";
/** the value of secure passwords flag (false) */
static final String SECURE_PASSWORDS_DEFAULT = "false";
/**
* the key within services's properties for secure passwords algorithm
* (secure.passwords.algorithm)
*/
static final String SECURE_PASSWORDS_ALGORITHM_KEY
= "secure.passwords.algorithm";
/** the default algorithm for password encryption (SHA) */
static final String SECURE_PASSWORDS_ALGORITHM_DEFAULT = "SHA";
/*-----------------------------------------------------------------------
Management of User objects
-----------------------------------------------------------------------*/
/**
* Returns the Class object for the implementation of User interface
* used by the system.
*
* @return the implementation of User interface used by the system.
* @throws UnknownEntityException if the system's implementation of User
* interface could not be determined.
*/
Class getUserClass()
throws UnknownEntityException;
/**
* Construct a blank User object.
*
* This method calls getUserClass, and then creates a new object using
* the default constructor.
*
* @return an object implementing User interface.
* @throws UnknownEntityException if the object could not be instantiated.
*/
User getUserInstance()
throws UnknownEntityException;
/**
* Construct a blank User object.
*
* This method calls getUserClass, and then creates a new object using
* the default constructor.
*
* @param userName The name of the user.
*
* @return an object implementing User interface.
* @throws UnknownEntityException if the object could not be instantiated.
*/
User getUserInstance(String userName)
throws UnknownEntityException;
/**
* Returns the Class object for the implementation of Group interface
* used by the system.
*
* @return the implementation of Group interface used by the system.
* @throws UnknownEntityException if the system's implementation of Group
* interface could not be determined.
*/
Class getGroupClass()
throws UnknownEntityException;
/**
* Construct a blank Group object.
*
* This method calls getGroupClass, and then creates a new object using
* the default constructor.
*
* @return an object implementing Group interface.
* @throws UnknownEntityException if the object could not be instantiated.
*/
Group getGroupInstance()
throws UnknownEntityException;
/**
* Construct a blank Group object.
*
* This method calls getGroupClass, and then creates a new object using
* the default constructor.
*
* @param groupName The name of the Group
*
* @return an object implementing Group interface.
* @throws UnknownEntityException if the object could not be instantiated.
*/
Group getGroupInstance(String groupName)
throws UnknownEntityException;
/**
* Returns the Class object for the implementation of Permission interface
* used by the system.
*
* @return the implementation of Permission interface used by the system.
* @throws UnknownEntityException if the system's implementation of Permission
* interface could not be determined.
*/
Class getPermissionClass()
throws UnknownEntityException;
/**
* Construct a blank Permission object.
*
* This method calls getPermissionClass, and then creates a new object using
* the default constructor.
*
* @return an object implementing Permission interface.
* @throws UnknownEntityException if the object could not be instantiated.
*/
Permission getPermissionInstance()
throws UnknownEntityException;
/**
* Construct a blank Permission object.
*
* This method calls getPermissionClass, and then creates a new object using
* the default constructor.
*
* @param permName The name of the Permission
*
* @return an object implementing Permission interface.
* @throws UnknownEntityException if the object could not be instantiated.
*/
Permission getPermissionInstance(String permName)
throws UnknownEntityException;
/**
* Returns the Class object for the implementation of Role interface
* used by the system.
*
* @return the implementation of Role interface used by the system.
* @throws UnknownEntityException if the system's implementation of Role
* interface could not be determined.
*/
Class getRoleClass()
throws UnknownEntityException;
/**
* Construct a blank Role object.
*
* This method calls getRoleClass, and then creates a new object using
* the default constructor.
*
* @return an object implementing Role interface.
* @throws UnknownEntityException if the object could not be instantiated.
*/
Role getRoleInstance()
throws UnknownEntityException;
/**
* Construct a blank Role object.
*
* This method calls getRoleClass, and then creates a new object using
* the default constructor.
*
* @param roleName The name of the Role
*
* @return an object implementing Role interface.
* @throws UnknownEntityException if the object could not be instantiated.
*/
Role getRoleInstance(String roleName)
throws UnknownEntityException;
/**
* Returns the Class object for the implementation of AccessControlList interface
* used by the system.
*
* @return the implementation of AccessControlList interface used by the system.
* @throws UnknownEntityException if the system's implementation of AccessControlList
* interface could not be determined.
*/
Class getAclClass()
throws UnknownEntityException;
/**
* Construct a new ACL object.
*
* This constructs a new ACL object from the configured class and
* initializes it with the supplied roles and permissions.
*
* @param roles The roles that this ACL should contain
* @param permissions The permissions for this ACL
*
* @return an object implementing ACL interface.
* @throws UnknownEntityException if the object could not be instantiated.
*/
AccessControlList getAclInstance(Map roles, Map permissions)
throws UnknownEntityException;
/**
* Returns the configured UserManager.
*
* @return An UserManager object
*/
UserManager getUserManager();
/**
* Configure a new user Manager.
*
* @param userManager An UserManager object
*/
void setUserManager(UserManager userManager);
/**
* Check whether a specified user's account exists.
*
* The login name is used for looking up the account.
*
* @param userName The user to be checked.
* @return true if the specified account exists
* @throws DataBackendException if there was an error accessing the data
* backend.
*/
boolean accountExists(String userName)
throws DataBackendException;
/**
* Check whether a specified user's account exists.
* An User object is used for looking up the account.
*
* @param user The user object to be checked.
* @return true if the specified account exists
* @throws DataBackendException if there was an error accessing the data
* backend.
*/
boolean accountExists(User user)
throws DataBackendException;
/**
* Authenticates an user, and constructs an User object to represent
* him/her.
*
* @param username The user name.
* @param password The user password.
* @return An authenticated Turbine User.
* @throws DataBackendException if there was an error accessing the data
* backend.
* @throws UnknownEntityException if user account is not present.
* @throws PasswordMismatchException if the supplied password was incorrect.
*/
User getAuthenticatedUser(String username, String password)
throws DataBackendException, UnknownEntityException,
PasswordMismatchException;
/**
* Constructs an User object to represent a registered user of the
* application.
*
* @param username The user name.
* @return A Turbine User.
* @throws DataBackendException if there was an error accessing the data
* backend.
* @throws UnknownEntityException if user account is not present.
*/
User getUser(String username)
throws DataBackendException, UnknownEntityException;
/**
* Retrieve a set of users that meet the specified criteria.
*
* As the keys for the criteria, you should use the constants that
* are defined in {@link User} interface, plus the names
* of the custom attributes you added to your user representation
* in the data storage. Use verbatim names of the attributes -
* without table name prefix in case of Torque implementation.
*
* @param criteria The criteria of selection.
* @return a List of users meeting the criteria.
* @throws DataBackendException if there is a problem accessing the
* storage.
*/
List getUserList(Criteria criteria)
throws DataBackendException;
/**
* Constructs an User object to represent an anonymous user of the
* application.
*
* @return An anonymous Turbine User.
* @throws UnknownEntityException if the anonymous User object couldn't be
* constructed.
*/
User getAnonymousUser()
throws UnknownEntityException;
/**
* Checks whether a passed user object matches the anonymous user pattern
* according to the configured user manager
*
* @param An user object
*
* @return True if this is an anonymous user
*
*/
boolean isAnonymousUser(User u);
/**
* Saves User's data in the permanent storage. The user account is required
* to exist in the storage.
*
* @param user the user object to save
* @throws UnknownEntityException if the user's account does not
* exist in the database.
* @throws DataBackendException if there is a problem accessing the storage.
*/
void saveUser(User user)
throws UnknownEntityException, DataBackendException;
/**
* Saves User data when the session is unbound. The user account is required
* to exist in the storage.
*
* LastLogin, AccessCounter, persistent pull tools, and any data stored
* in the permData hashtable that is not mapped to a column will be saved.
*
* @exception UnknownEntityException if the user's account does not
* exist in the database.
* @exception DataBackendException if there is a problem accessing the
* storage.
*/
void saveOnSessionUnbind(User user)
throws UnknownEntityException, DataBackendException;
/*-----------------------------------------------------------------------
Account management
-----------------------------------------------------------------------*/
/**
* Creates new user account with specified attributes.
*
* @param user the object describing account to be created.
* @param password The password to use.
* @throws DataBackendException if there was an error accessing the data
* backend.
* @throws EntityExistsException if the user account already exists.
*/
void addUser(User user, String password)
throws DataBackendException, EntityExistsException;
/**
* Removes an user account from the system.
*
* @param user the object describing the account to be removed.
* @throws DataBackendException if there was an error accessing the data
* backend.
* @throws UnknownEntityException if the user account is not present.
*/
void removeUser(User user)
throws DataBackendException, UnknownEntityException;
/*-----------------------------------------------------------------------
Management of passwords
-----------------------------------------------------------------------*/
/**
* This method provides client-side encryption mechanism for passwords.
*
* This is an utility method that is used by other classes to maintain
* a consistent approach to encrypting password. The behavior of the
* method can be configured in service's properties.
*
* @param password the password to process
* @return processed password
*/
String encryptPassword(String password);
/**
* This method provides client-side encryption mechanism for passwords.
*
* This is an utility method that is used by other classes to maintain
* a consistent approach to encrypting password. The behavior of the
* method can be configured in service's properties.
*
* Algorithms that must supply a salt for encryption
* can use this method to provide it.
*
* @param password the password to process
* @param salt Salt parameter for some crypto algorithms
*
* @return processed password
*/
String encryptPassword(String password, String salt);
/**
* Checks if a supplied password matches the encrypted password
* when using the current encryption algorithm
*
* @param checkpw The clear text password supplied by the user
* @param encpw The current, encrypted password
*
* @return true if the password matches, else false
*
*/
boolean checkPassword(String checkpw, String encpw);
/**
* Change the password for an User.
*
* @param user an User to change password for.
* @param oldPassword the current password supplied by the user.
* @param newPassword the current password requested by the user.
* @exception PasswordMismatchException if the supplied password was
* incorrect.
* @exception UnknownEntityException if the user's record does not
* exist in the database.
* @exception DataBackendException if there is a problem accessing the
* storage.
*/
void changePassword(User user, String oldPassword,
String newPassword)
throws PasswordMismatchException, UnknownEntityException,
DataBackendException;
/**
* Forcibly sets new password for an User.
*
* This is supposed by the administrator to change the forgotten or
* compromised passwords. Certain implementatations of this feature
* would require administrative level access to the authenticating
* server / program.
*
* @param user an User to change password for.
* @param password the new password.
* @exception UnknownEntityException if the user's record does not
* exist in the database.
* @exception DataBackendException if there is a problem accessing the
* storage.
*/
void forcePassword(User user, String password)
throws UnknownEntityException, DataBackendException;
/*-----------------------------------------------------------------------
Retrieval of security information
-----------------------------------------------------------------------*/
/**
* Constructs an AccessControlList for a specific user.
*
* @param user the user for whom the AccessControlList are to be retrieved
* @return A new AccessControlList object.
* @throws DataBackendException if there was an error accessing the data backend.
* @throws UnknownEntityException if user account is not present.
*/
AccessControlList getACL(User user)
throws DataBackendException, UnknownEntityException;
/**
* Retrieves all permissions associated with a role.
*
* @param role the role name, for which the permissions are to be retrieved.
* @return the permissions associated with the role
* @throws DataBackendException if there was an error accessing the data
* backend.
* @throws UnknownEntityException if the role is not present.
*/
PermissionSet getPermissions(Role role)
throws DataBackendException, UnknownEntityException;
/*-----------------------------------------------------------------------
Manipulation of security information
-----------------------------------------------------------------------*/
/**
* Grant an User a Role in a Group.
*
* @param user the user.
* @param group the group.
* @param role the role.
* @throws DataBackendException if there was an error accessing the data
* backend.
* @throws UnknownEntityException if user account, group or role is not
* present.
*/
void grant(User user, Group group, Role role)
throws DataBackendException, UnknownEntityException;
/**
* Revoke a Role in a Group from an User.
*
* @param user the user.
* @param group the group.
* @param role the role.
* @throws DataBackendException if there was an error accessing the data
* backend.
* @throws UnknownEntityException if user account, group or role is not
* present.
*/
void revoke(User user, Group group, Role role)
throws DataBackendException, UnknownEntityException;
/**
* Revokes all roles from an User.
*
* This method is used when deleting an account.
*
* @param user the User.
* @throws DataBackendException if there was an error accessing the data
* backend.
* @throws UnknownEntityException if the account is not present.
*/
void revokeAll(User user)
throws DataBackendException, UnknownEntityException;
/**
* Grants a Role a Permission
*
* @param role the Role.
* @param permission the Permission.
* @throws DataBackendException if there was an error accessing the data
* backend.
* @throws UnknownEntityException if role or permission is not present.
*/
void grant(Role role, Permission permission)
throws DataBackendException, UnknownEntityException;
/**
* Revokes a Permission from a Role.
*
* @param role the Role.
* @param permission the Permission.
* @throws DataBackendException if there was an error accessing the data
* backend.
* @throws UnknownEntityException if role or permission is not present.
*/
void revoke(Role role, Permission permission)
throws DataBackendException, UnknownEntityException;
/**
* Revokes all permissions from a Role.
*
* This method is user when deleting a Role.
*
* @param role the Role
* @throws DataBackendException if there was an error accessing the data
* backend.
* @throws UnknownEntityException if the Role is not present.
*/
void revokeAll(Role role)
throws DataBackendException, UnknownEntityException;
/*-----------------------------------------------------------------------
Retrieval & storage of SecurityObjects
-----------------------------------------------------------------------*/
/**
* Provides a reference to the Group object that represents the
* <a href="#global">global group</a>.
*
* @return A Group object that represents the global group.
*/
Group getGlobalGroup();
/**
* @deprecated Use getGroupInstance(String name) instead.
*/
Group getNewGroup(String groupName);
/**
* @deprecated Use getRoleInstance(String name) instead.
*/
Role getNewRole(String roleName);
/**
* @deprecated Use getPermissionInstance(String name) instead.
*/
Permission getNewPermission(String permissionName);
/**
* Retrieve a Group object with specified name.
*
* @param name the name of the Group.
* @return an object representing the Group with specified name.
* @throws DataBackendException if there was an error accessing the data
* backend.
* @throws UnknownEntityException if the group does not exist.
* @deprecated Use <a href="#getGroupByName">getGroupByName</a> instead.
*/
Group getGroup(String name)
throws DataBackendException, UnknownEntityException;
/**
* Retrieve a Group object with specified name.
*
* @param name the name of the Group.
* @return an object representing the Group with specified name.
* @throws DataBackendException if there was an error accessing the data
* backend.
* @throws UnknownEntityException if the group does not exist.
*/
Group getGroupByName(String name)
throws DataBackendException, UnknownEntityException;
/**
* Retrieve a Group object with specified Id.
*
* @param name the name of the Group.
*
* @return an object representing the Group with specified name.
*
* @exception UnknownEntityException if the permission does not
* exist in the database.
* @exception DataBackendException if there is a problem accessing the
* storage.
*/
Group getGroupById(int id)
throws DataBackendException,
UnknownEntityException;
/**
* Retrieve a Role object with specified name.
*
* @param name the name of the Role.
* @return an object representing the Role with specified name.
* @throws DataBackendException if there was an error accessing the data
* backend.
* @throws UnknownEntityException if the role does not exist.
* @deprecated Use <a href="#getRoleByName">getRoleByName</a> instead.
*/
Role getRole(String name)
throws DataBackendException, UnknownEntityException;
/**
* Retrieve a Role object with specified name.
*
* @param name the name of the Role.
* @return an object representing the Role with specified name.
* @throws DataBackendException if there was an error accessing the data
* backend.
* @throws UnknownEntityException if the role does not exist.
*/
Role getRoleByName(String name)
throws DataBackendException, UnknownEntityException;
/**
* Retrieve a Role object with specified Id.
*
* @param name the name of the Role.
*
* @return an object representing the Role with specified name.
*
* @exception UnknownEntityException if the permission does not
* exist in the database.
* @exception DataBackendException if there is a problem accessing the
* storage.
*/
Role getRoleById(int id)
throws DataBackendException,
UnknownEntityException;
/**
* Retrieve a Permission object with specified name.
*
* @param name the name of the Permission.
* @return an object representing the Permission with specified name.
* @throws DataBackendException if there was an error accessing the data
* backend.
* @throws UnknownEntityException if the permission does not exist.
* @deprecated Use <a href="#getPermissionByName">getPermissionByName</a> instead.
*/
Permission getPermission(String name)
throws DataBackendException, UnknownEntityException;
/**
* Retrieve a Permission object with specified name.
*
* @param name the name of the Permission.
* @return an object representing the Permission with specified name.
* @throws DataBackendException if there was an error accessing the data
* backend.
* @throws UnknownEntityException if the permission does not exist.
*/
Permission getPermissionByName(String name)
throws DataBackendException, UnknownEntityException;
/**
* Retrieve a Permission object with specified Id.
*
* @param name the name of the Permission.
*
* @return an object representing the Permission with specified name.
*
* @exception UnknownEntityException if the permission does not
* exist in the database.
* @exception DataBackendException if there is a problem accessing the
* storage.
*/
Permission getPermissionById(int id)
throws DataBackendException,
UnknownEntityException;
/**
* Retrieve a set of Groups that meet the specified Criteria.
*
* @param criteria a Criteria of Group selection.
* @return a set of Groups that meet the specified Criteria.
* @throws DataBackendException if there was an error accessing the data
* backend.
*/
GroupSet getGroups(Criteria criteria)
throws DataBackendException;
/**
* Retrieve a set of Roles that meet the specified Criteria.
*
* @param criteria a Criteria of Roles selection.
* @return a set of Roles that meet the specified Criteria.
* @throws DataBackendException if there was an error accessing the data
* backend.
*/
RoleSet getRoles(Criteria criteria)
throws DataBackendException;
/**
* Retrieve a set of Permissions that meet the specified Criteria.
*
* @param criteria a Criteria of Permissions selection.
* @return a set of Permissions that meet the specified Criteria.
* @throws DataBackendException if there was an error accessing the data
* backend.
*/
PermissionSet getPermissions(Criteria criteria)
throws DataBackendException;
/**
* Retrieves all groups defined in the system.
*
* @return the names of all groups defined in the system.
* @throws DataBackendException if there was an error accessing the data
* backend.
*/
GroupSet getAllGroups()
throws DataBackendException;
/**
* Retrieves all roles defined in the system.
*
* @return the names of all roles defined in the system.
* @throws DataBackendException if there was an error accessing the data
* backend.
*/
RoleSet getAllRoles()
throws DataBackendException;
/**
* Retrieves all permissions defined in the system.
*
* @return the names of all roles defined in the system.
* @throws DataBackendException if there was an error accessing the data
* backend.
*/
PermissionSet getAllPermissions()
throws DataBackendException;
/**
* Stores Group's attributes. The Groups is required to exist in the system.
*
* @param group The Group to be stored.
* @throws DataBackendException if there was an error accessing the data
* backend.
* @throws UnknownEntityException if the group does not exist.
*/
void saveGroup(Group group)
throws DataBackendException, UnknownEntityException;
/**
* Stores Role's attributes. The Roles is required to exist in the system.
*
* @param role The Role to be stored.
* @throws DataBackendException if there was an error accessing the data
* backend.
* @throws UnknownEntityException if the role does not exist.
*/
void saveRole(Role role)
throws DataBackendException, UnknownEntityException;
/**
* Stores Permission's attributes. The Permission is required to exist in
* the system.
*
* @param permission The Permission to be stored.
* @throws DataBackendException if there was an error accessing the data
* backend.
* @throws UnknownEntityException if the permission does not exist.
*/
void savePermission(Permission permission)
throws DataBackendException, UnknownEntityException;
/*-----------------------------------------------------------------------
Group/Role/Permission management
-----------------------------------------------------------------------*/
/**
* Creates a new group with specified attributes.
*
* @param group the object describing the group to be created.
* @return the new Group object.
* @throws DataBackendException if there was an error accessing the data
* backend.
* @throws EntityExistsException if the group already exists.
*/
Group addGroup(Group group)
throws DataBackendException, EntityExistsException;
/**
* Creates a new role with specified attributes.
*
* @param role The object describing the role to be created.
* @return the new Role object.
* @throws DataBackendException if there was an error accessing the data
* backend.
* @throws EntityExistsException if the role already exists.
*/
Role addRole(Role role)
throws DataBackendException, EntityExistsException;
/**
* Creates a new permission with specified attributes.
*
* @param permission The object describing the permission to be created.
* @return the new Permission object.
* @throws DataBackendException if there was an error accessing the data
* backend.
* @throws EntityExistsException if the permission already exists.
*/
Permission addPermission(Permission permission)
throws DataBackendException, EntityExistsException;
/**
* Removes a Group from the system.
*
* @param group The object describing the group to be removed.
* @throws DataBackendException if there was an error accessing the data
* backend.
* @throws UnknownEntityException if the group does not exist.
*/
void removeGroup(Group group)
throws DataBackendException, UnknownEntityException;
/**
* Removes a Role from the system.
*
* @param role The object describing the role to be removed.
* @throws DataBackendException if there was an error accessing the data
* backend.
* @throws UnknownEntityException if the role does not exist.
*/
void removeRole(Role role)
throws DataBackendException, UnknownEntityException;
/**
* Removes a Permission from the system.
*
* @param permission The object describing the permission to be removed.
* @throws DataBackendException if there was an error accessing the data
* backend.
* @throws UnknownEntityException if the permission does not exist.
*/
void removePermission(Permission permission)
throws DataBackendException, UnknownEntityException;
/**
* Renames an existing Group.
*
* @param group The object describing the group to be renamed.
* @param name the new name for the group.
* @throws DataBackendException if there was an error accessing the data
* backend.
* @throws UnknownEntityException if the group does not exist.
*/
void renameGroup(Group group, String name)
throws DataBackendException, UnknownEntityException;
/**
* Renames an existing Role.
*
* @param role The object describing the role to be renamed.
* @param name the new name for the role.
* @throws DataBackendException if there was an error accessing the data
* backend.
* @throws UnknownEntityException if the role does not exist.
*/
void renameRole(Role role, String name)
throws DataBackendException, UnknownEntityException;
/**
* Renames an existing Permission.
*
* @param permission The object describing the permission to be renamed.
* @param name the new name for the permission.
* @throws DataBackendException if there was an error accessing the data
* backend.
* @throws UnknownEntityException if the permission does not exist.
*/
void renamePermission(Permission permission, String name)
throws DataBackendException, UnknownEntityException;
}