1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.apache.jetspeed.security.spi;
18
19 import java.util.Set;
20
21 import org.apache.jetspeed.security.HierarchyResolver;
22 import org.apache.jetspeed.security.SecurityException;
23
24 /***
25 * <p>
26 * This interface encapsulates the mapping between principals.
27 * </p>
28 * <p>
29 * This provides a central placeholder for changing the implementation
30 * of the mapping association between principals.
31 * </p>
32 *
33 * @author <a href="mailto:dlestrat@apache.org">David Le Strat </a>
34 */
35 public interface SecurityMappingHandler
36 {
37
38 /***
39 * <p>
40 * Gets the {@link HierarchyResolver} to be used for resolving role hierarchy.
41 * </p>
42 *
43 * @return The role {@link HierarchyResolver}.
44 */
45 HierarchyResolver getRoleHierarchyResolver();
46
47 /***
48 * <p>
49 * Sets the {@link HierarchyResolver} to be used for resolving role hierachy.
50 * </p>
51 *
52 * @param roleHierarchyResolver The role {@link HierarchyResolver}.
53 */
54 void setRoleHierarchyResolver(HierarchyResolver roleHierarchyResolver);
55
56 /***
57 * <p>
58 * Gets the {@link HierarchyResolver} to be used for resolving group hierarchy.
59 * </p>
60 *
61 * @return The role {@link HierarchyResolver}.
62 */
63 HierarchyResolver getGroupHierarchyResolver();
64
65 /***
66 * <p>
67 * Sets the {@link HierarchyResolver} used for resolving group hierarchy.
68 * </p>
69 *
70 * @param groupHierarchyResolver The group {@link HierarchyResolver}.
71 */
72 void setGroupHierarchyResolver(HierarchyResolver groupHierarchyResolver);
73
74 /***
75 * <p>
76 * Gets the role principals for the given user according to the relevant hierarchy
77 * resolution rules.
78 * </p>
79 *
80 * @param username The user name.
81 * @return A set of <code>Principal</p>
82 */
83 Set getRolePrincipals(String username);
84
85 /***
86 * <p>
87 * Sets the role principal on a given user.
88 * Existence of the role or the user must be checked prior to invoking this method.
89 * If a principal does not exist in the security mapping store, it will be created for the purpose of
90 * security mapping only.
91 * </p>
92 *
93 * @param username The user to add the role principal to.
94 * @param roleFullPathName The full path of the role principal to add.
95 * @throws SecurityException Throws a {@link SecurityException}. An exeption needs to be
96 * thrown if the user does not exist.
97 */
98 void setUserPrincipalInRole(String username, String roleFullPathName) throws SecurityException;
99
100 /***
101 * <p>
102 * Removes the role principal on a given user.
103 * </p>
104 * <p>
105 * If a mapping only record does not have any mapping, this method will
106 * remove the record as well.
107 * </p>
108 *
109 * @param username The user to remove the role principal from.
110 * @param roleFullPathName The full path of the role principal to remove.
111 * @throws SecurityException Throws a {@link SecurityException}. An exeption needs to be
112 * thrown if the user does not exist.
113 */
114 void removeUserPrincipalInRole(String username, String roleFullPathName) throws SecurityException;
115
116 /***
117 * <p>
118 * Gets the role principals for the given group according to the relevant hierarchy
119 * resolution rules.
120 * </p>
121 *
122 * @param groupFullPathName The group full path name.
123 * @return A set of <code>Principal</p>
124 */
125 Set getRolePrincipalsInGroup(String groupFullPathName);
126
127 /***
128 * <p>
129 * Sets the role principal on a given user.
130 * </p>
131 *
132 * @param groupFullPathName The group to add the role principal to.
133 * @param roleFullPathName The full path of the role principal to add.
134 * @throws SecurityException Throws a {@link SecurityException}. An exeption needs to be
135 * thrown if the group does not exist.
136 */
137 void setRolePrincipalInGroup(String groupFullPathName, String roleFullPathName) throws SecurityException;
138
139 /***
140 * <p>
141 * Removes the role principal on a given user.
142 * </p>
143 *
144 * @param groupFullPathName The group to remove the role principal from.
145 * @param roleFullPathName The full path of the role principal to remove.
146 * @throws SecurityException Throws a {@link SecurityException}. An exeption needs to be
147 * thrown if the group does not exist.
148 */
149 void removeRolePrincipalInGroup(String groupFullPathName, String roleFullPathName) throws SecurityException;
150
151 /***
152 * <p>
153 * Gets the group principals for the given user according to the relevant hierarchy
154 * resolution rules.
155 * </p>
156 *
157 * @param username The user name.
158 * @return A set of <code>GroupPrincipal</p>
159 */
160 Set getGroupPrincipals(String username);
161
162 /***
163 * <p>
164 * Gets the group principals for the given role according to the relevant hierarchy
165 * resolution rules.
166 * </p>
167 *
168 * @param roleFullPathName The role full path name.
169 * @return A set of <code>Principal</p>
170 */
171 Set getGroupPrincipalsInRole(String roleFullPathName);
172
173 /***
174 * <p>
175 * Gets the user principals for the given role according to the relevant hierarchy
176 * resolution rules.
177 * </p>
178 *
179 * @param roleFullPathName The role full path name.
180 * @return A set of <code>Principal</p>
181 */
182 Set getUserPrincipalsInRole(String roleFullPathName);
183
184 /***
185 * <p>
186 * Gets the user principals for the given group according to the relevant hierarchy
187 * resolution rules.
188 * </p>
189 *
190 * @param groupFullPathName The group full path name.
191 * @return A set of <code>Principal</p>
192 */
193 Set getUserPrincipalsInGroup(String groupFullPathName);
194
195 /***
196 * <p>
197 * Sets the user principal in the given group.
198 * </p>
199 * <p>
200 * Existence of the group or the user must be checked prior to invoking this method.
201 * If a principal does not exist in the security mapping store, it will be created for the purpose of
202 * security mapping only.
203 * </p>
204 *
205 * @param username The user to add to the group principal.
206 * @param groupFullPathName The full path of the group principal.
207 * @throws SecurityException Throws a {@link SecurityException}. An exeption needs to be
208 * thrown if the user does not exist.
209 */
210 void setUserPrincipalInGroup(String username, String groupFullPathName) throws SecurityException;
211
212 /***
213 * <p>
214 * Removes the user principal from the given group.
215 * </p>
216 *
217 * @param username The user to remove from the group principal.
218 * @param groupFullPathName The full path of the group principal.
219 * @throws SecurityException Throws a {@link SecurityException}. An exeption needs to be
220 * thrown if the user does not exist.
221 */
222 void removeUserPrincipalInGroup(String username, String groupFullPathName) throws SecurityException;
223
224 }