KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > jetspeed > services > security > JetspeedSecurityService


1 /*
2  * Copyright 2000-2001,2004 The Apache Software Foundation.
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16
17 package org.apache.jetspeed.services.security;
18
19 import java.util.List JavaDoc;
20
21 import org.apache.jetspeed.om.security.JetspeedUser;
22 import org.apache.jetspeed.portal.Portlet;
23 import org.apache.jetspeed.services.rundata.JetspeedRunData;
24 import org.apache.turbine.om.security.User;
25 import org.apache.turbine.services.Service;
26
27 /**
28  * The Security Service manages Users, Groups Roles and Permissions in the
29  * system. The Jetspeed Security Service extends the interface of the Turbine
30  * Security Service, adding on the Jetspeed specific interface: AccessControl
31  * for controlling access to portal resources (portlets, panes).
32  *
33  * @author <a HREF="mailto:david@bluesunrise.com">David Sean Taylor</a>
34  * @version $Id: JetspeedSecurityService.java,v 1.12 2004/03/31 04:49:10 morciuch Exp $
35  */
36
37
38 public interface JetspeedSecurityService extends Service
39 {
40    /** The name of this service */
41    public String JavaDoc SERVICE_NAME = "JetspeedSecurity";
42
43    //////////////////////////////////////////////////////////////////////////
44 //
45 // Required JetspeedSecurity Functions
46 //
47 // Required Features provided by default JetspeedSecurity
48 //
49 //////////////////////////////////////////////////////////////////////////
50
51    /*
52     * Factory to create a new JetspeedUser, using JetspeedUserFactory.
53     * The class that is created by the default JetspeedUserFactory is configured
54     * in the JetspeedSecurity properties:
55     *
56     * services.JetspeedSecurity.user.class=
57     * org.apache.jetspeed.om.security.BaseJetspeedUser
58     *
59     * @return JetspeedUser a newly created user that implements JetspeedUser.
60     */
61    public JetspeedUser getUserInstance();
62
63
64     //////////////////////////////////////////////////////////////////////////
65 //
66 // Optional JetspeedSecurity Features
67 //
68 // Features are not required to be implemented by Security Provider
69 //
70 //////////////////////////////////////////////////////////////////////////
71
72     /*
73      * During logon, the username can be case sensitive or case insensitive.
74      *
75      * Given a username, converts the username to either lower or upper case.
76      * This optional feature is configurable from the JetspeedSecurity.properties:
77      *
78      * <code>services.JetspeedSecurity.caseinsensitive.username = true/false</code>
79      * <code>services.JetspeedSecurity.caseinsensitive.upper = true/false</code>
80      *
81      * If <code>caseinsensitive.username</code> is true,
82      * then conversion is enabled and the username will be converted before
83      * being sent to the Authentication provider.
84      *
85      * @param username The username to be converted depending on configuration.
86      * @return The converted username.
87      *
88      */
89     public String JavaDoc convertUserName(String JavaDoc username);
90
91     /*
92      * During logon, the password can be case sensitive or case insensitive.
93      *
94      * Given a password, converts the password to either lower or upper case.
95      * This optional feature is configurable from the JetspeedSecurity.properties:
96      *
97      * <code>services.JetspeedSecurity.caseinsensitive.password = true/false</code>
98      * <code>services.JetspeedSecurity.caseinsensitive.upper = true/false</code>
99      *
100      * If <code>caseinsensitive.password</code> is true,
101      * then conversion is enabled and the password will be converted before
102      * being sent to the Authentication provider.
103      *
104      * @param password The password to be converted depending on configuration.
105      * @return The converted password.
106      *
107      */
108     public String JavaDoc convertPassword(String JavaDoc password);
109
110     /*
111      * Logon Failure / Account Disabling Feature
112      *
113      * Checks and tracks failed user-logon attempts.
114      * If the user fails to logon after a configurable number of logon attempts,
115      * then the user's account will be disabled.
116      *
117      * This optional feature is configurable from the JetspeedSecurity.properties:
118      *
119      * <code>services.JetspeedSecurity.logon.auto.disable=false</code>
120      *
121      * The example setting below allows for 3 logon strikes per 300 seconds.
122      * When the strike.count is exceeded over the strike.interval, the account
123      * is disabled. The strike.max is the cumulative maximum.
124      *
125      * <code>services.JetspeedSecurity.logon.strike.count=3</code>
126      * <code>services.JetspeedSecurity.logon.strike.interval=300</code>
127      * <code>services.JetspeedSecurity.logon.strike.max=10</code>
128      *
129      * These settings are not persisted, and in a distributed environment are
130      * only tracked per node.
131      *
132      * @param username The username to be checked.
133      * @return True if the strike count reached the maximum threshold and the
134      * user's account was disabled, otherwise False.
135      *
136      */
137     public boolean checkDisableAccount(String JavaDoc username);
138
139     /*
140      * Logon Failure / Account Disabling Feature
141      *
142      * Returns state of the the logon failure / account disabling feature.
143      *
144      * If the user fails to logon after a configurable number of logon attempts,
145      * then the user's account will be disabled.
146      *
147      * @see JetspeedSecurityService#checkLogonFailures
148      *
149      * @return True if the feature is enabled, false if the feature is disabled.
150      *
151      */
152     public boolean isDisableAccountCheckEnabled();
153
154     /*
155      * Logon Failure / Account Disabling Feature
156      *
157      * Resets counters for the logon failure / account disabling feature.
158      *
159      * If the user fails to logon after a configurable number of logon attempts,
160      * then the user's account will be disabled.
161      *
162      * @see JetspeedSecurityService#checkLogonFailures
163      *
164      * @param username The username to reset the logon failure counters.
165      *
166      */
167     public void resetDisableAccountCheck(String JavaDoc username);
168
169
170     //////////////////////////////////////////////////////////////////////////
171 //
172 // Optional JetspeedSecurity Helpers
173 //
174 //////////////////////////////////////////////////////////////////////////
175
176
177     /**
178      * Helper to UserManagement.
179      * Retrieves a <code>JetspeedUser</code> given the primary principle username.
180      * The principal can be any valid Jetspeed Security Principal:
181      * <code>org.apache.jetspeed.om.security.UserNamePrincipal</code>
182      * <code>org.apache.jetspeed.om.security.UserIdPrincipal</code>
183      *
184      * The security service may optionally check the current user context
185      * to determine if the requestor has permission to perform this action.
186      *
187      * @param username The username principal.
188      * @return a <code>JetspeedUser</code> associated to the principal identity.
189      * @exception UserException when the security provider has a general failure retrieving a user.
190      * @exception UnknownUserException when the security provider cannot match
191      * the principal identity to a user.
192      * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
193      */
194
195     public JetspeedUser getUser(String JavaDoc username)
196         throws JetspeedSecurityException;
197
198
199     /**
200      * Helper to PortalAuthorization.
201      * Gets a <code>JetspeedUser</code> from rundata, authorize user to perform the secured action on
202      * the given <code>Portlet</code> resource. If the user does not have
203      * sufficient privilege to perform the action on the resource, the check returns false,
204      * otherwise when sufficient privilege is present, checkPermission returns true.
205      *
206      * @param rundata request that the user is taken from rundatas
207      * @param action the secured action to be performed on the resource by the user.
208      * @param portlet the portlet resource.
209      * @return boolean true if the user has sufficient privilege.
210      */
211     public boolean checkPermission(JetspeedRunData runData, String JavaDoc action, Portlet portlet);
212
213     /**
214      * Helper to PortalAuthorization.
215      * Gets a <code>JetspeedUser</code> from rundata, authorize user to perform the secured action on
216      * the given <code>Entry</code> resource. If the user does not have
217      * sufficient privilege to perform the action on the resource, the check returns false,
218      * otherwise when sufficient privilege is present, checkPermission returns true.
219      *
220      * @param rundata request that the user is taken from rundatas
221      * @param action the secured action to be performed on the resource by the user.
222      * @param entry the portal entry resource.
223      * @return boolean true if the user has sufficient privilege.
224      */
225     //public boolean checkPermission(JetspeedRunData runData, String action, RegistryEntry entry);
226
227    /*
228      * Security configuration setting to disable all action buttons for the Anon user
229      * This setting is readonly and is edited in the JetspeedSecurity deployment
230      *
231      *
232      * @return True if the feature actions are disabled for the anon user
233      *
234      */
235     public boolean areActionsDisabledForAnon();
236
237     /*
238      * Security configuration setting to disable all action buttons for all users
239      * This setting is readonly and is edited in the JetspeedSecurity deployment
240      *
241      *
242      * @return True if the feature actions are disabled for the all users
243      *
244      */
245     public boolean areActionsDisabledForAllUsers();
246
247
248    /*
249      * Gets the name of the anonymous user account if applicable
250      *
251      *
252      * @return String the name of the anonymous user account
253      *
254      */
255     public String JavaDoc getAnonymousUserName();
256
257     /*
258      * Gets the list of administrative roles
259      *
260      * @return list of admin roles
261      */
262      public List JavaDoc getAdminRoles();
263
264     /*
265      * Returns true if user has adminstrative role
266      *
267      * @return
268      */
269      public boolean hasAdminRole(User user);
270
271 }
272
273
Popular Tags