SecurityService


1   package org.apache.fulcrum.security;
2   
3   /* ====================================================================
4    * The Apache Software License, Version 1.1
5    *
6    * Copyright (c) 2001 The Apache Software Foundation.  All rights
7    * reserved.
8    *
9    * Redistribution and use in source and binary forms, with or without
10   * modification, are permitted provided that the following conditions
11   * are met:
12   *
13   * 1. Redistributions of source code must retain the above copyright
14   *    notice, this list of conditions and the following disclaimer.
15   *
16   * 2. Redistributions in binary form must reproduce the above copyright
17   *    notice, this list of conditions and the following disclaimer in
18   *    the documentation and/or other materials provided with the
19   *    distribution.
20   *
21   * 3. The end-user documentation included with the redistribution,
22   *    if any, must include the following acknowledgment:
23   *       "This product includes software developed by the
24   *        Apache Software Foundation (http://www.apache.org/)."
25   *    Alternately, this acknowledgment may appear in the software itself,
26   *    if and wherever such third-party acknowledgments normally appear.
27   *
28   * 4. The names "Apache" and "Apache Software Foundation" and
29   *    "Apache Turbine" must not be used to endorse or promote products
30   *    derived from this software without prior written permission. For
31   *    written permission, please contact apache@apache.org.
32   *
33   * 5. Products derived from this software may not be called "Apache",
34   *    "Apache Turbine", nor may "Apache" appear in their name, without
35   *    prior written permission of the Apache Software Foundation.
36   *
37   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
38   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
39   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
40   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
41   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
43   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
44   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
45   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
46   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
47   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
48   * SUCH DAMAGE.
49   * ====================================================================
50   *
51   * This software consists of voluntary contributions made by many
52   * individuals on behalf of the Apache Software Foundation.  For more
53   * information on the Apache Software Foundation, please see
54   * <http://www.apache.org/>.
55   */
56  
57  import java.util.Map  ;
58  
59  import org.apache.fulcrum.Service;
60  
61  import org.apache.fulcrum.security.entity.Group;
62  import org.apache.fulcrum.security.entity.Permission;
63  import org.apache.fulcrum.security.entity.Role;
64  import org.apache.fulcrum.security.entity.User;
65  
66  import org.apache.fulcrum.security.util.AccessControlList;
67  import org.apache.fulcrum.security.util.DataBackendException;
68  import org.apache.fulcrum.security.util.EntityExistsException;
69  import org.apache.fulcrum.security.util.GroupSet;
70  import org.apache.fulcrum.security.util.PasswordMismatchException;
71  import org.apache.fulcrum.security.util.PermissionSet;
72  import org.apache.fulcrum.security.util.RoleSet;
73  import org.apache.fulcrum.security.util.UnknownEntityException;
74  
75  import org.apache.torque.util.Criteria;
76  
77  /**
78   * The Security Service manages Users, Groups Roles and Permissions in the
79   * system.
80   *
81   * The task performed by the security service include creation and removal of
82   * accounts, groups, roles, and permissions; assigning users roles in groups;
83   * assigning roles specific permissions and construction of objects
84   * representing these logical entities.
85   *
86   * <p> Because of pluggable nature of the Services, it is possible to create
87   * multiple implementations of SecurityService, for example employing database
88   * and directory server as the data backend.<br>
89   *
90   * @author <a HREF="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a>
91   * @author <a HREF="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
92   * @author <a HREF="mailto:marco@intermeta.de">Marco Kn&uuml;ttel</a>
93   * @version $Id: SecurityService.java,v 1.1 2004/11/12 10:26:14 epugh Exp $
94   */
95  public interface SecurityService
96      extends Service
97  {
98      /** The name of the service */
99      public static final String   SERVICE_NAME = "SecurityService";
100 
101     /** the key within services's properties for user implementation classname (user.class) */
102     public static final String   USER_CLASS_KEY = "user.class";
103 
104     /** the default implementation of User interface (org.apache.fulcrum.security.impl.db.entity.TurbineUser) */
105     public static final String   USER_CLASS_DEFAULT = "org.apache.fulcrum.security.impl.db.entity.TurbineUser";
106 
107     /** The key within services' properties for the GROUP implementation classname (group.class) */
108     public static final String   GROUP_CLASS_KEY = "group.class";
109 
110     /** The default implementation of the Group interface (org.apache.fulcrum.security.impl.db.entity.TurbineGroup) */
111     public static final String   GROUP_CLASS_DEFAULT = "org.apache.fulcrum.security.impl.db.entity.TurbineGroup";
112         
113     /** The key within services' properties for the PERMISSION implementation classname (permission.class) */
114     public static final String   PERMISSION_CLASS_KEY = "permission.class";
115 
116     /** The default implementation of the Permissions interface (org.apache.fulcrum.security.impl.db.entity.TurbinePermission) */
117     public static final String   PERMISSION_CLASS_DEFAULT = "org.apache.fulcrum.security.impl.db.entity.TurbinePermission";
118         
119     /** The key within services' properties for the ROLE implementation classname (role.class) */
120     public static final String   ROLE_CLASS_KEY = "role.class";
121 
122     /** The default implementation of the Role Interface (org.apache.fulcrum.security.impl.db.entity.TurbineRole) */
123     public static final String   ROLE_CLASS_DEFAULT = "org.apache.fulcrum.security.impl.db.entity.TurbineRole";
124         
125     /** The key within services' properties for the ACL implementation classname (acl.class) */
126     public static final String   ACL_CLASS_KEY = "acl.class";
127 
128     /** The default implementation of the Acl Interface (org.apache.fulcrum.security.impl.TurbineAccessControlList) */
129     public static final String   ACL_CLASS_DEFAULT = "org.apache.fulcrum.security.impl.TurbineAccessControlList";
130         
131     /** the key within services's properties for user manager implementation classname (user.manager) */
132     public static final String   USER_MANAGER_KEY = "user.manager";
133 
134     /** the default implementation of UserManager interface (org.apache.fulcrum.security.DBUserManager) */
135     public static final String   USER_MANAGER_DEFAULT = "org.apache.fulcrum.security.impl.db.DBUserManager";
136 
137     /** the key within services's properties for secure passwords flag (secure.passwords) */
138     public static final String   SECURE_PASSWORDS_KEY = "secure.passwords";
139 
140     /** the value of secure passwords flag (false) */
141     public static final String   SECURE_PASSWORDS_DEFAULT = "false";
142 
143     /** the key within services's properties for secure passwords algorithm (secure.passwords.algorithm) */
144     public static final String   SECURE_PASSWORDS_ALGORITHM_KEY = "secure.passwords.algorithm";
145 
146     /** the default algorithm for password encryption (SHA) */
147     public static final String   SECURE_PASSWORDS_ALGORITHM_DEFAULT = "SHA";
148 
149     /*-----------------------------------------------------------------------
150       Management of User objects
151       -----------------------------------------------------------------------*/
152 
153     /**
154      * Returns the Class object for the implementation of User interface
155      * used by the system.
156      *
157      * @return the implementation of User interface used by the system.
158      * @throws UnknownEntityException if the system's implementation of User
159      *         interface could not be determined.
160      */
161     Class   getUserClass()
162         throws UnknownEntityException;
163 
164     /**
165      * Construct a blank User object.
166      *
167      * This method calls getUserClass, and then creates a new object using
168      * the default constructor.
169      *
170      * @return an object implementing User interface.
171      * @throws UnknownEntityException if the object could not be instantiated.
172      */
173     User getUserInstance()
174         throws UnknownEntityException;
175 
176     /**
177      * Construct a blank User object.
178      *
179      * This method calls getUserClass, and then creates a new object using
180      * the default constructor.
181      *
182      * @param userName The name of the user.
183      *
184      * @return an object implementing User interface.
185      * @throws UnknownEntityException if the object could not be instantiated.
186      */
187     User getUserInstance(String   userName)
188         throws UnknownEntityException;
189 
190     /**
191      * Returns the Class object for the implementation of Group interface
192      * used by the system.
193      *
194      * @return the implementation of Group interface used by the system.
195      * @throws UnknownEntityException if the system's implementation of Group
196      *         interface could not be determined.
197      */
198     Class   getGroupClass()
199         throws UnknownEntityException;
200 
201     /**
202      * Construct a blank Group object.
203      *
204      * This method calls getGroupClass, and then creates a new object using
205      * the default constructor.
206      *
207      * @return an object implementing Group interface.
208      * @throws UnknownEntityException if the object could not be instantiated.
209      */
210     Group getGroupInstance()
211         throws UnknownEntityException;
212 
213     /**
214      * Construct a blank Group object.
215      *
216      * This method calls getGroupClass, and then creates a new object using
217      * the default constructor.
218      *
219      * @param groupName The name of the Group
220      *
221      * @return an object implementing Group interface.
222      * @throws UnknownEntityException if the object could not be instantiated.
223      */
224     Group getGroupInstance(String   groupName)
225         throws UnknownEntityException;
226 
227     /**
228      * Returns the Class object for the implementation of Permission interface
229      * used by the system.
230      *
231      * @return the implementation of Permission interface used by the system.
232      * @throws UnknownEntityException if the system's implementation of Permission
233      *         interface could not be determined.
234      */
235     Class   getPermissionClass()
236         throws UnknownEntityException;
237 
238     /**
239      * Construct a blank Permission object.
240      *
241      * This method calls getPermissionClass, and then creates a new object using
242      * the default constructor.
243      *
244      * @return an object implementing Permission interface.
245      * @throws UnknownEntityException if the object could not be instantiated.
246      */
247     Permission getPermissionInstance()
248         throws UnknownEntityException;
249 
250     /**
251      * Construct a blank Permission object.
252      *
253      * This method calls getPermissionClass, and then creates a new object using
254      * the default constructor.
255      *
256      * @param permName The name of the Permission
257      *
258      * @return an object implementing Permission interface.
259      * @throws UnknownEntityException if the object could not be instantiated.
260      */
261     Permission getPermissionInstance(String   permName)
262         throws UnknownEntityException;
263 
264     /**
265      * Returns the Class object for the implementation of Role interface
266      * used by the system.
267      *
268      * @return the implementation of Role interface used by the system.
269      * @throws UnknownEntityException if the system's implementation of Role
270      *         interface could not be determined.
271      */
272     Class   getRoleClass()
273         throws UnknownEntityException;
274 
275     /**
276      * Construct a blank Role object.
277      *
278      * This method calls getRoleClass, and then creates a new object using
279      * the default constructor.
280      *
281      * @return an object implementing Role interface.
282      * @throws UnknownEntityException if the object could not be instantiated.
283      */
284     Role getRoleInstance()
285         throws UnknownEntityException;
286 
287     /**
288      * Construct a blank Role object.
289      *
290      * This method calls getRoleClass, and then creates a new object using
291      * the default constructor.
292      *
293      * @param roleName The name of the Role
294      *
295      * @return an object implementing Role interface.
296      * @throws UnknownEntityException if the object could not be instantiated.
297      */
298     Role getRoleInstance(String   roleName)
299         throws UnknownEntityException;
300 
301     /**
302      * Returns the Class object for the implementation of AccessControlList interface
303      * used by the system.
304      *
305      * @return the implementation of AccessControlList interface used by the system.
306      * @throws UnknownEntityException if the system's implementation of AccessControlList
307      *         interface could not be determined.
308      */
309     Class   getAclClass()
310         throws UnknownEntityException;
311 
312     /**
313      * Construct a new ACL object.
314      *
315      * This constructs a new ACL object from the configured class and
316      * initializes it with the supplied roles and permissions.
317      * 
318      * @param roles The roles that this ACL should contain
319      * @param permissions The permissions for this ACL
320      *
321      * @return an object implementing ACL interface.
322      * @throws UnknownEntityException if the object could not be instantiated.
323      */
324     AccessControlList getAclInstance(Map   roles, Map   permissions)
325         throws UnknownEntityException;
326 
327     /**
328      * Check whether a specified user's account exists.
329      *
330      * The login name is used for looking up the account.
331      *
332      * @param userName The user to be checked.
333      *
334      * @return true if the specified account exists
335      *
336      * @throws DataBackendException if there was an error accessing the data backend.
337      */
338     boolean accountExists(String   userName)
339         throws DataBackendException;
340 
341     /**
342      * Check whether a specified user's account exists.
343      * An User object is used for looking up the account.
344      *
345      * @param user The user object to be checked.
346      *
347      * @return true if the specified account exists
348      *
349      * @throws DataBackendException if there was an error accessing the data backend.
350      */
351     boolean accountExists(User user)
352         throws DataBackendException;
353 
354     /**
355      * Authenticates an user, and constructs an User object to represent him/her.
356      *
357      * @param username The user name.
358      * @param password The user password.
359      * @return An authenticated Turbine User.
360      * @throws DataBackendException if there was an error accessing the data backend.
361      * @throws UnknownEntityException if user account is not present.
362      * @throws PasswordMismatchException if the supplied password was incorrect.
363      */
364     User getAuthenticatedUser(String   username, String   password)
365         throws DataBackendException, UnknownEntityException, PasswordMismatchException;
366 
367     /**
368      * Constructs an User object to represent a registered user of the application.
369      *
370      * @param username The user name.
371      * @return A Turbine User.
372      * @throws DataBackendException if there was an error accessing the data backend.
373      * @throws UnknownEntityException if user account is not present.
374      */
375     User getUser(String   username)
376         throws DataBackendException, UnknownEntityException;
377 
378     /**
379      * Retrieve a set of users that meet the specified criteria.
380      *
381      * As the keys for the criteria, you should use the constants that
382      * are defined in {@link User} interface, plus the names
383      * of the custom attributes you added to your user representation
384      * in the data storage. Use verbatim names of the attributes -
385      * without table name prefix in case of DB implementation.
386      *
387      * @param criteria The criteria of selection.
388      * @return a List of users meeting the criteria.
389      * @throws DataBackendException if there is a problem accessing the
390      *         storage.
391      */
392     User[] getUsers(Criteria criteria)
393         throws DataBackendException;
394 
395     /**
396      * Constructs an User object to represent an anonymous user of the application.
397      *
398      * @return An anonymous Turbine User.
399      * @throws UnknownEntityException if the anonymous User object couldn't be
400      *         constructed.
401      */
402     User getAnonymousUser()
403         throws UnknownEntityException;
404 
405     /**
406      * Saves User's data in the permanent storage. The user account is required
407      * to exist in the storage.
408      *
409      * @param user The user object to save.
410      *
411      * @exception UnknownEntityException if the user's account does not
412      *            exist in the database.
413      * @exception DataBackendException if there is a problem accessing the
414      *            storage.
415      */
416     void saveUser(User user)
417         throws UnknownEntityException, DataBackendException;
418 
419     /*-----------------------------------------------------------------------
420       Account management
421       -----------------------------------------------------------------------*/
422 
423     /**
424      * Creates new user account with specified attributes.
425      *
426      * @param user the object describing account to be created.
427      * @param password The password to use.
428      *
429      * @throws DataBackendException if there was an error accessing the data backend.
430      * @throws EntityExistsException if the user account already exists.
431      */
432     void addUser(User user, String   password)
433         throws DataBackendException, EntityExistsException;
434 
435     /**
436      * Removes an user account from the system.
437      *
438      * @param user the object describing the account to be removed.
439      * @throws DataBackendException if there was an error accessing the data backend.
440      * @throws UnknownEntityException if the user account is not present.
441      */
442     void removeUser(User user)
443         throws DataBackendException, UnknownEntityException;
444 
445     /*-----------------------------------------------------------------------
446       Management of passwords
447       -----------------------------------------------------------------------*/
448 
449     /**
450      * This method provides client-side encryption mechanism for passwords.
451      *
452      * This is an utility method that is used by other classes to maintain
453      * a consistent approach to encrypting password. The behavior of the
454      * method can be configured in service's properties.
455      *
456      * @param password the password to process
457      * @return processed password
458      */
459     String   encryptPassword(String   password);
460 
461     /**
462      * Change the password for an User.
463      *
464      * @param user an User to change password for.
465      * @param oldPassword the current password supplied by the user.
466      * @param newPassword the current password requested by the user.
467      * @exception PasswordMismatchException if the supplied password was
468      *            incorrect.
469      * @exception UnknownEntityException if the user's record does not
470      *            exist in the database.
471      * @exception DataBackendException if there is a problem accessing the
472      *            storage.
473      */
474     void changePassword(User user, String   oldPassword, String   newPassword)
475         throws PasswordMismatchException, UnknownEntityException,
476                DataBackendException;
477 
478     /**
479      * Forcibly sets new password for an User.
480      *
481      * This is supposed by the administrator to change the forgotten or
482      * compromised passwords. Certain implementatations of this feature
483      * would require administrative level access to the authenticating
484      * server / program.
485      *
486      * @param user an User to change password for.
487      * @param password the new password.
488      * @exception UnknownEntityException if the user's record does not
489      *            exist in the database.
490      * @exception DataBackendException if there is a problem accessing the
491      *            storage.
492      */
493     void forcePassword(User user, String   password)
494         throws UnknownEntityException, DataBackendException;
495 
496     /*-----------------------------------------------------------------------
497       Retrieval of security information
498       -----------------------------------------------------------------------*/
499 
500     /**
501      * Constructs an AccessControlList for a specific user.
502      *
503      * @param user the user for whom the AccessControlList are to be retrieved
504      *
505      * @return A new AccessControlList object.
506      *
507      * @throws DataBackendException if there was an error accessing the data backend.
508      * @throws UnknownEntityException if user account is not present.
509      */
510     AccessControlList getACL(User user)
511         throws DataBackendException, UnknownEntityException;
512 
513     /**
514      * Retrieves all permissions associated with a role.
515      *
516      * @param role the role name, for which the permissions are to be retrieved.
517      *
518      * @return A Permission set for the Role.
519      *
520      * @throws DataBackendException if there was an error accessing the data backend.
521      * @throws UnknownEntityException if the role is not present.
522      */
523     PermissionSet getPermissions(Role role)
524         throws DataBackendException, UnknownEntityException;
525 
526     /*-----------------------------------------------------------------------
527       Manipulation of security information
528       -----------------------------------------------------------------------*/
529 
530     /**
531      * Grant an User a Role in a Group.
532      *
533      * @param user the user.
534      * @param group the group.
535      * @param role the role.
536      * @throws DataBackendException if there was an error accessing the data backend.
537      * @throws UnknownEntityException if user account, group or role is not present.
538      */
539     void grant(User user, Group group, Role role)
540         throws DataBackendException, UnknownEntityException;
541 
542     /**
543      * Revoke a Role in a Group from an User.
544      *
545      * @param user the user.
546      * @param group the group.
547      * @param role the role.
548      * @throws DataBackendException if there was an error accessing the data backend.
549      * @throws UnknownEntityException if user account, group or role is not present.
550      */
551     void revoke(User user, Group group, Role role)
552         throws DataBackendException, UnknownEntityException;
553 
554     /**
555      * Revokes all roles from an User.
556      *
557      * This method is used when deleting an account.
558      *
559      * @param user the User.
560      * @throws DataBackendException if there was an error accessing the data backend.
561      * @throws UnknownEntityException if the account is not present.
562      */
563     void revokeAll(User user)
564         throws DataBackendException, UnknownEntityException;
565 
566     /**
567      * Grants a Role a Permission
568      *
569      * @param role the Role.
570      * @param permission the Permission.
571      * @throws DataBackendException if there was an error accessing the data backend.
572      * @throws UnknownEntityException if role or permission is not present.
573      */
574     void grant(Role role, Permission permission)
575         throws DataBackendException, UnknownEntityException;
576 
577     /**
578      * Revokes a Permission from a Role.
579      *
580      * @param role the Role.
581      * @param permission the Permission.
582      * @throws DataBackendException if there was an error accessing the data backend.
583      * @throws UnknownEntityException if role or permission is not present.
584      */
585     void revoke(Role role, Permission permission)
586         throws DataBackendException, UnknownEntityException;
587 
588     /**
589      * Revokes all permissions from a Role.
590      *
591      * This method is user when deleting a Role.
592      *
593      * @param role the Role
594      * @throws DataBackendException if there was an error accessing the data backend.
595      * @throws  UnknownEntityException if the Role is not present.
596      */
597     void revokeAll(Role role)
598         throws DataBackendException, UnknownEntityException;
599 
600     /*-----------------------------------------------------------------------
601       Retrieval & storage of SecurityObjects
602       -----------------------------------------------------------------------*/
603 
604     /**
605      * Provides a reference to the Group object that represents the
606      * <a HREF="#global">global group</a>.
607      *
608      * @return A Group object that represents the global group.
609      */
610     Group getGlobalGroup();
611 
612     /**
613      * @deprecated Use getGroupInstance(String name) instead.
614      */
615     Group getNewGroup(String   groupName);
616 
617     /**
618      * @deprecated Use getRoleInstance(String name) instead.
619      */
620     Role getNewRole(String   roleName);
621 
622     /**
623      * @deprecated Use getPermissionInstance(String name) instead.
624      */
625     Permission getNewPermission(String   permissionName);
626 
627     /**
628      * Retrieve a Group object with specified name.
629      *
630      * @param name the name of the Group.
631      *
632      * @return an object representing the Group with specified name.
633      *
634      * @exception UnknownEntityException if the permission does not
635      *            exist in the database.
636      * @exception DataBackendException if there is a problem accessing the
637      *            storage.
638      */
639     Group getGroup(String   name)
640         throws DataBackendException, UnknownEntityException;
641 
642     /**
643      * Retrieve a Role object with specified name.
644      *
645      * @param name the name of the Role.
646      *
647      * @return an object representing the Role with specified name.
648      *
649      * @exception UnknownEntityException if the permission does not
650      *            exist in the database.
651      * @exception DataBackendException if there is a problem accessing the
652      *            storage.
653      */
654     Role getRole(String   name)
655         throws DataBackendException, UnknownEntityException;
656 
657     /**
658      * Retrieve a Permission object with specified name.
659      *
660      * @param name the name of the Permission.
661      *
662      * @return an object representing the Permission with specified name.
663      *
664      * @exception UnknownEntityException if the permission does not
665      *            exist in the database.
666      * @exception DataBackendException if there is a problem accessing the
667      *            storage.
668      */
669     Permission getPermission(String   name)
670         throws DataBackendException, UnknownEntityException;
671 
672     /**
673      * Retrieve a set of Groups that meet the specified Criteria.
674      *
675      * @param criteria a Criteria of Group selection.
676      * @return a set of Groups that meet the specified Criteria.
677      *
678      * @exception DataBackendException if there is a problem accessing the
679      *            storage.
680      */
681     GroupSet getGroups(Criteria criteria)
682         throws DataBackendException;
683 
684     /**
685      * Retrieve a set of Roles that meet the specified Criteria.
686      *
687      * @param criteria a Criteria of Roles selection.
688      * @return a set of Roles that meet the specified Criteria.
689      *
690      * @exception DataBackendException if there is a problem accessing the
691      *            storage.
692      */
693     RoleSet getRoles(Criteria criteria)
694         throws DataBackendException;
695 
696     /**
697      * Retrieve a set of Permissions that meet the specified Criteria.
698      *
699      * @param criteria a Criteria of Permissions selection.
700      * @return a set of Permissions that meet the specified Criteria.
701      *
702      * @exception DataBackendException if there is a problem accessing the
703      *            storage.
704      */
705     PermissionSet getPermissions(Criteria criteria)
706         throws DataBackendException;
707 
708     /**
709      * Retrieves all groups defined in the system.
710      *
711      * @return the names of all groups defined in the system.
712      * @throws DataBackendException if there was an error accessing the data backend.
713      */
714     GroupSet getAllGroups()
715         throws DataBackendException;
716 
717     /**
718      * Retrieves all roles defined in the system.
719      *
720      * @return the names of all roles defined in the system.
721      * @throws DataBackendException if there was an error accessing the data backend.
722      */
723     RoleSet getAllRoles()
724         throws DataBackendException;
725 
726     /**
727      * Retrieves all permissions defined in the system.
728      *
729      * @return the names of all roles defined in the system.
730      * @throws DataBackendException if there was an error accessing the data backend.
731      */
732     PermissionSet getAllPermissions()
733         throws DataBackendException;
734     /**
735      * Stores Group's attributes. The Groups is required to exist in the system.
736      *
737      * @param group The Group to be stored.
738      * @throws DataBackendException if there was an error accessing the data backend.
739      * @throws UnknownEntityException if the group does not exist.
740      */
741     void saveGroup(Group group)
742         throws DataBackendException, UnknownEntityException;
743 
744     /**
745      * Stores Role's attributes. The Roles is required to exist in the system.
746      *
747      * @param role The Role to be stored.
748      * @throws DataBackendException if there was an error accessing the data backend.
749      * @throws UnknownEntityException if the role does not exist.
750      */
751     void saveRole(Role role)
752         throws DataBackendException, UnknownEntityException;
753 
754     /**
755      * Stores Permission's attributes. The Permissions is required to exist in the system.
756      *
757      * @param permission The Permission to be stored.
758      * @throws DataBackendException if there was an error accessing the data backend.
759      * @throws UnknownEntityException if the permission does not exist.
760      */
761     void savePermission(Permission permission)
762         throws DataBackendException, UnknownEntityException;
763 
764     /*-----------------------------------------------------------------------
765       Group/Role/Permission management
766       -----------------------------------------------------------------------*/
767 
768     /**
769      * Creates a new group with specified attributes.
770      *
771      * @param group the object describing the group to be created.
772      * @return the new Group object.
773      * @throws DataBackendException if there was an error accessing the data backend.
774      * @throws EntityExistsException if the group already exists.
775      */
776     Group addGroup(Group group)
777         throws DataBackendException, EntityExistsException;
778 
779     /**
780      * Creates a new role with specified attributes.
781      *
782      * @param role The object describing the role to be created.
783      * @return the new Role object.
784      * @throws DataBackendException if there was an error accessing the data backend.
785      * @throws EntityExistsException if the role already exists.
786      */
787     Role addRole(Role role)
788         throws DataBackendException, EntityExistsException;
789 
790     /**
791      * Creates a new permission with specified attributes.
792      *
793      * @param permission The object describing the permission to be created.
794      * @return the new Permission object.
795      * @throws DataBackendException if there was an error accessing the data backend.
796      * @throws EntityExistsException if the permission already exists.
797      */
798     Permission addPermission(Permission permission)
799         throws DataBackendException, EntityExistsException;
800 
801     /**
802      * Removes a Group from the system.
803      *
804      * @param group The object describing group to be removed.
805      * @throws DataBackendException if there was an error accessing the data backend.
806      * @throws UnknownEntityException if the group does not exist.
807      */
808     void removeGroup(Group group)
809         throws DataBackendException, UnknownEntityException;
810 
811     /**
812      * Removes a Role from the system.
813      *
814      * @param role The object describing role to be removed.
815      * @throws DataBackendException if there was an error accessing the data backend.
816      * @throws UnknownEntityException if the role does not exist.
817      */
818     void removeRole(Role role)
819         throws DataBackendException, UnknownEntityException;
820 
821     /**
822      * Removes a Permission from the system.
823      *
824      * @param permission The object describing permission to be removed.
825      * @throws DataBackendException if there was an error accessing the data backend.
826      * @throws UnknownEntityException if the permission does not exist.
827      */
828     void removePermission(Permission permission)
829         throws DataBackendException, UnknownEntityException;
830 
831     /**
832      * Renames an existing Group.
833      *
834      * @param group The object describing the group to be renamed.
835      * @param name the new name for the group.
836      * @throws DataBackendException if there was an error accessing the data backend.
837      * @throws UnknownEntityException if the group does not exist.
838      */
839     void renameGroup(Group group, String   name)
840         throws DataBackendException, UnknownEntityException;
841 
842     /**
843      * Renames an existing Role.
844      *
845      * @param role The object describing the role to be renamed.
846      * @param name the new name for the role.
847      * @throws DataBackendException if there was an error accessing the data backend.
848      * @throws UnknownEntityException if the role does not exist.
849      */
850     void renameRole(Role role, String   name)
851         throws DataBackendException, UnknownEntityException;
852 
853     /**
854      * Renames an existing Permission.
855      *
856      * @param permission The object describing the permission to be renamed.
857      * @param name the new name for the permission.
858      * @throws DataBackendException if there was an error accessing the data backend.
859      * @throws UnknownEntityException if the permission does not exist.
860      */
861     void renamePermission(Permission permission, String   name)
862         throws DataBackendException, UnknownEntityException;
863 }
864
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags