KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > jetspeed > services > security > CredentialsManagement


1 /*
2  * Copyright 2000-2001,2004 The Apache Software Foundation.
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16
17 package org.apache.jetspeed.services.security;
18
19 import org.apache.turbine.services.Service;
20
21 import org.apache.jetspeed.om.security.JetspeedUser;
22
23 /**
24  * <p> The <code>UserManagement</code> interface describes a contract between
25  * the portal and security provider required for Jetspeed Credentials Management.
26  * This interface enables an application to be independent of the underlying
27  * user management technology.
28  *
29  * @author <a HREF="mailto:david@bluesunrise.com">David Sean Taylor</a>
30  * @version $Id: CredentialsManagement.java,v 1.3 2004/02/23 03:58:11 jford Exp $
31  */
32
33 public interface CredentialsManagement extends Service
34 {
35     public String JavaDoc SERVICE_NAME = "CredentialsManagement";
36
37     /**
38      * Allows for a user to change their own password.
39      *
40      * @param user the user to change the password for.
41      * @param oldPassword the current password supplied by the user.
42      * @param newPassword the current password requested by the user.
43      * @exception UserException when the security provider has a general failure retrieving a user.
44      * @exception UnknownUserException when the security provider cannot match
45      * the principal identity to a user.
46      * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
47      */
48     void changePassword( JetspeedUser user,
49                          String JavaDoc oldPassword,
50                          String JavaDoc newPassword )
51         throws JetspeedSecurityException;
52
53     /**
54      * Forcibly sets new password for a User.
55      *
56      * Provides an administrator the ability to change the forgotten or
57      * compromised passwords. Certain implementatations of this feature
58      * would require administrative level access to the authenticating
59      * server / program.
60      *
61      * @param user the user to change the password for.
62      * @param password the new password.
63      * @exception UserException when the security provider has a general failure retrieving a user.
64      * @exception UnknownUserException when the security provider cannot match
65      * the principal identity to a user.
66      * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
67      */
68     void forcePassword( JetspeedUser user, String JavaDoc password )
69         throws JetspeedSecurityException;
70
71
72     /**
73      * This method provides client-side encryption of passwords.
74      *
75      * If <code>secure.passwords</code> are enabled in JetspeedSecurity properties,
76      * the password will be encrypted, if not, it will be returned unchanged.
77      * The <code>secure.passwords.algorithm</code> property can be used
78      * to chose which digest algorithm should be used for performing the
79      * encryption. <code>SHA</code> is used by default.
80      *
81      * @param password the password to process
82      * @return processed password
83      */
84     String JavaDoc encryptPassword( String JavaDoc password )
85         throws JetspeedSecurityException;
86
87 }
88
89
Popular Tags