|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface SecurityService
The Security Service manages Users, Groups Roles and Permissions in the system. The task performed by the security service include creation and removal of accounts, groups, roles, and permissions; assigning users roles in groups; assigning roles specific permissions and construction of objects representing these logical entities.
Because of pluggable nature of the Services, it is possible to create
multiple implementations of SecurityService, for example employing database
and directory server as the data backend.
Field Summary | |
---|---|
static java.lang.String |
ACL_CLASS_DEFAULT
The default implementation of the Acl Interface (org.apache.turbine.util.security.TurbineAccessControlList) |
static java.lang.String |
ACL_CLASS_KEY
The key within services' properties for the ACL implementation classname (acl.class) |
static java.lang.String |
GROUP_CLASS_DEFAULT
The default implementation of the Group interface (org.apache.turbine.om.security.TurbineGroup) |
static java.lang.String |
GROUP_CLASS_KEY
The key within services' properties for the GROUP implementation classname (group.class) |
static java.lang.String |
PERMISSION_CLASS_DEFAULT
The default implementation of the Permissions interface (org.apache.turbine.om.security.TurbinePermission) |
static java.lang.String |
PERMISSION_CLASS_KEY
The key within services' properties for the PERMISSION implementation classname (permission.class) |
static java.lang.String |
ROLE_CLASS_DEFAULT
The default implementation of the Role Interface (org.apache.turbine.om.security.TurbineRole) |
static java.lang.String |
ROLE_CLASS_KEY
The key within services' properties for the ROLE implementation classname (role.class) |
static java.lang.String |
SECURE_PASSWORDS_ALGORITHM_DEFAULT
the default algorithm for password encryption (SHA) |
static java.lang.String |
SECURE_PASSWORDS_ALGORITHM_KEY
the key within services's properties for secure passwords algorithm (secure.passwords.algorithm) |
static java.lang.String |
SECURE_PASSWORDS_DEFAULT
the value of secure passwords flag (false) |
static java.lang.String |
SECURE_PASSWORDS_KEY
the key within services's properties for secure passwords flag (secure.passwords) |
static java.lang.String |
SERVICE_NAME
The name of the service |
static java.lang.String |
USER_CLASS_DEFAULT
the default implementation of User interface (org.apache.turbine.om.security.TurbineUser) |
static java.lang.String |
USER_CLASS_KEY
the key within services's properties for user implementation classname (user.class) |
static java.lang.String |
USER_MANAGER_DEFAULT
the default implementation of UserManager interface (org.apache.turbine.services.security.DBUserManager) |
static java.lang.String |
USER_MANAGER_KEY
the key within services's properties for user implementation classname (user.manager) |
Method Summary | |
---|---|
boolean |
accountExists(java.lang.String userName)
Check whether a specified user's account exists. |
boolean |
accountExists(User user)
Check whether a specified user's account exists. |
Group |
addGroup(Group group)
Creates a new group with specified attributes. |
Permission |
addPermission(Permission permission)
Creates a new permission with specified attributes. |
Role |
addRole(Role role)
Creates a new role with specified attributes. |
void |
addUser(User user,
java.lang.String password)
Creates new user account with specified attributes. |
void |
changePassword(User user,
java.lang.String oldPassword,
java.lang.String newPassword)
Change the password for an User. |
boolean |
checkPassword(java.lang.String checkpw,
java.lang.String encpw)
Checks if a supplied password matches the encrypted password when using the current encryption algorithm |
java.lang.String |
encryptPassword(java.lang.String password)
This method provides client-side encryption mechanism for passwords. |
java.lang.String |
encryptPassword(java.lang.String password,
java.lang.String salt)
This method provides client-side encryption mechanism for passwords. |
void |
forcePassword(User user,
java.lang.String password)
Forcibly sets new password for an User. |
AccessControlList |
getACL(User user)
Constructs an AccessControlList for a specific user. |
java.lang.Class |
getAclClass()
Returns the Class object for the implementation of AccessControlList interface used by the system. |
AccessControlList |
getAclInstance(java.util.Map roles,
java.util.Map permissions)
Construct a new ACL object. |
GroupSet |
getAllGroups()
Retrieves all groups defined in the system. |
PermissionSet |
getAllPermissions()
Retrieves all permissions defined in the system. |
RoleSet |
getAllRoles()
Retrieves all roles defined in the system. |
User |
getAnonymousUser()
Constructs an User object to represent an anonymous user of the application. |
User |
getAuthenticatedUser(java.lang.String username,
java.lang.String password)
Authenticates an user, and constructs an User object to represent him/her. |
Group |
getGlobalGroup()
Provides a reference to the Group object that represents the global group. |
Group |
getGroup(java.lang.String name)
Deprecated. Use getGroupByName instead. |
Group |
getGroupById(int id)
Retrieve a Group object with specified Id. |
Group |
getGroupByName(java.lang.String name)
Retrieve a Group object with specified name. |
java.lang.Class |
getGroupClass()
Returns the Class object for the implementation of Group interface used by the system. |
Group |
getGroupInstance()
Construct a blank Group object. |
Group |
getGroupInstance(java.lang.String groupName)
Construct a blank Group object. |
GroupSet |
getGroups(org.apache.torque.util.Criteria criteria)
Retrieve a set of Groups that meet the specified Criteria. |
Group |
getNewGroup(java.lang.String groupName)
Deprecated. Use getGroupInstance(String name) instead. |
Permission |
getNewPermission(java.lang.String permissionName)
Deprecated. Use getPermissionInstance(String name) instead. |
Role |
getNewRole(java.lang.String roleName)
Deprecated. Use getRoleInstance(String name) instead. |
Permission |
getPermission(java.lang.String name)
Deprecated. Use getPermissionByName instead. |
Permission |
getPermissionById(int id)
Retrieve a Permission object with specified Id. |
Permission |
getPermissionByName(java.lang.String name)
Retrieve a Permission object with specified name. |
java.lang.Class |
getPermissionClass()
Returns the Class object for the implementation of Permission interface used by the system. |
Permission |
getPermissionInstance()
Construct a blank Permission object. |
Permission |
getPermissionInstance(java.lang.String permName)
Construct a blank Permission object. |
PermissionSet |
getPermissions(org.apache.torque.util.Criteria criteria)
Retrieve a set of Permissions that meet the specified Criteria. |
PermissionSet |
getPermissions(Role role)
Retrieves all permissions associated with a role. |
Role |
getRole(java.lang.String name)
Deprecated. Use getRoleByName instead. |
Role |
getRoleById(int id)
Retrieve a Role object with specified Id. |
Role |
getRoleByName(java.lang.String name)
Retrieve a Role object with specified name. |
java.lang.Class |
getRoleClass()
Returns the Class object for the implementation of Role interface used by the system. |
Role |
getRoleInstance()
Construct a blank Role object. |
Role |
getRoleInstance(java.lang.String roleName)
Construct a blank Role object. |
RoleSet |
getRoles(org.apache.torque.util.Criteria criteria)
Retrieve a set of Roles that meet the specified Criteria. |
User |
getUser(java.lang.String username)
Constructs an User object to represent a registered user of the application. |
java.lang.Class |
getUserClass()
Returns the Class object for the implementation of User interface used by the system. |
User |
getUserInstance()
Construct a blank User object. |
User |
getUserInstance(java.lang.String userName)
Construct a blank User object. |
java.util.List |
getUserList(org.apache.torque.util.Criteria criteria)
Retrieve a set of users that meet the specified criteria. |
UserManager |
getUserManager()
Returns the configured UserManager. |
User[] |
getUsers(org.apache.torque.util.Criteria criteria)
Deprecated. Use retrieveList instead. |
void |
grant(Role role,
Permission permission)
Grants a Role a Permission |
void |
grant(User user,
Group group,
Role role)
Grant an User a Role in a Group. |
boolean |
isAnonymousUser(User u)
Checks whether a passed user object matches the anonymous user pattern according to the configured user manager |
void |
removeGroup(Group group)
Removes a Group from the system. |
void |
removePermission(Permission permission)
Removes a Permission from the system. |
void |
removeRole(Role role)
Removes a Role from the system. |
void |
removeUser(User user)
Removes an user account from the system. |
void |
renameGroup(Group group,
java.lang.String name)
Renames an existing Group. |
void |
renamePermission(Permission permission,
java.lang.String name)
Renames an existing Permission. |
void |
renameRole(Role role,
java.lang.String name)
Renames an existing Role. |
void |
revoke(Role role,
Permission permission)
Revokes a Permission from a Role. |
void |
revoke(User user,
Group group,
Role role)
Revoke a Role in a Group from an User. |
void |
revokeAll(Role role)
Revokes all permissions from a Role. |
void |
revokeAll(User user)
Revokes all roles from an User. |
void |
saveGroup(Group group)
Stores Group's attributes. |
void |
saveOnSessionUnbind(User user)
Saves User data when the session is unbound. |
void |
savePermission(Permission permission)
Stores Permission's attributes. |
void |
saveRole(Role role)
Stores Role's attributes. |
void |
saveUser(User user)
Saves User's data in the permanent storage. |
void |
setUserManager(UserManager userManager)
Configure a new user Manager. |
Methods inherited from interface org.apache.turbine.services.Service |
---|
getConfiguration, getName, getProperties, setName, setServiceBroker |
Methods inherited from interface org.apache.turbine.services.Initable |
---|
getInit, init, init, setInitableBroker, shutdown |
Field Detail |
---|
static final java.lang.String SERVICE_NAME
static final java.lang.String USER_CLASS_KEY
static final java.lang.String USER_CLASS_DEFAULT
static final java.lang.String GROUP_CLASS_KEY
static final java.lang.String GROUP_CLASS_DEFAULT
static final java.lang.String PERMISSION_CLASS_KEY
static final java.lang.String PERMISSION_CLASS_DEFAULT
static final java.lang.String ROLE_CLASS_KEY
static final java.lang.String ROLE_CLASS_DEFAULT
static final java.lang.String ACL_CLASS_KEY
static final java.lang.String ACL_CLASS_DEFAULT
static final java.lang.String USER_MANAGER_KEY
static final java.lang.String USER_MANAGER_DEFAULT
static final java.lang.String SECURE_PASSWORDS_KEY
static final java.lang.String SECURE_PASSWORDS_DEFAULT
static final java.lang.String SECURE_PASSWORDS_ALGORITHM_KEY
static final java.lang.String SECURE_PASSWORDS_ALGORITHM_DEFAULT
Method Detail |
---|
java.lang.Class getUserClass() throws UnknownEntityException
UnknownEntityException
- if the system's implementation of User
interface could not be determined.User getUserInstance() throws UnknownEntityException
UnknownEntityException
- if the object could not be instantiated.User getUserInstance(java.lang.String userName) throws UnknownEntityException
userName
- The name of the user.
UnknownEntityException
- if the object could not be instantiated.java.lang.Class getGroupClass() throws UnknownEntityException
UnknownEntityException
- if the system's implementation of Group
interface could not be determined.Group getGroupInstance() throws UnknownEntityException
UnknownEntityException
- if the object could not be instantiated.Group getGroupInstance(java.lang.String groupName) throws UnknownEntityException
groupName
- The name of the Group
UnknownEntityException
- if the object could not be instantiated.java.lang.Class getPermissionClass() throws UnknownEntityException
UnknownEntityException
- if the system's implementation of Permission
interface could not be determined.Permission getPermissionInstance() throws UnknownEntityException
UnknownEntityException
- if the object could not be instantiated.Permission getPermissionInstance(java.lang.String permName) throws UnknownEntityException
permName
- The name of the Permission
UnknownEntityException
- if the object could not be instantiated.java.lang.Class getRoleClass() throws UnknownEntityException
UnknownEntityException
- if the system's implementation of Role
interface could not be determined.Role getRoleInstance() throws UnknownEntityException
UnknownEntityException
- if the object could not be instantiated.Role getRoleInstance(java.lang.String roleName) throws UnknownEntityException
roleName
- The name of the Role
UnknownEntityException
- if the object could not be instantiated.java.lang.Class getAclClass() throws UnknownEntityException
UnknownEntityException
- if the system's implementation of AccessControlList
interface could not be determined.AccessControlList getAclInstance(java.util.Map roles, java.util.Map permissions) throws UnknownEntityException
roles
- The roles that this ACL should containpermissions
- The permissions for this ACL
UnknownEntityException
- if the object could not be instantiated.UserManager getUserManager()
void setUserManager(UserManager userManager)
userManager
- An UserManager objectboolean accountExists(java.lang.String userName) throws DataBackendException
userName
- The user to be checked.
DataBackendException
- if there was an error accessing the data
backend.boolean accountExists(User user) throws DataBackendException
user
- The user object to be checked.
DataBackendException
- if there was an error accessing the data
backend.User getAuthenticatedUser(java.lang.String username, java.lang.String password) throws DataBackendException, UnknownEntityException, PasswordMismatchException
username
- The user name.password
- The user password.
DataBackendException
- if there was an error accessing the data
backend.
UnknownEntityException
- if user account is not present.
PasswordMismatchException
- if the supplied password was incorrect.User getUser(java.lang.String username) throws DataBackendException, UnknownEntityException
username
- The user name.
DataBackendException
- if there was an error accessing the data
backend.
UnknownEntityException
- if user account is not present.User[] getUsers(org.apache.torque.util.Criteria criteria) throws DataBackendException
User
interface, plus the names
of the custom attributes you added to your user representation
in the data storage. Use verbatim names of the attributes -
without table name prefix in case of DB implementation.
criteria
- The criteria of selection.
DataBackendException
- if there is a problem accessing the
storage.java.util.List getUserList(org.apache.torque.util.Criteria criteria) throws DataBackendException
User
interface, plus the names
of the custom attributes you added to your user representation
in the data storage. Use verbatim names of the attributes -
without table name prefix in case of Torque implementation.
criteria
- The criteria of selection.
DataBackendException
- if there is a problem accessing the
storage.User getAnonymousUser() throws UnknownEntityException
UnknownEntityException
- if the anonymous User object couldn't be
constructed.boolean isAnonymousUser(User u)
An
- user object
void saveUser(User user) throws UnknownEntityException, DataBackendException
user
- the user object to save
UnknownEntityException
- if the user's account does not
exist in the database.
DataBackendException
- if there is a problem accessing the storage.void saveOnSessionUnbind(User user) throws UnknownEntityException, DataBackendException
UnknownEntityException
- if the user's account does not
exist in the database.
DataBackendException
- if there is a problem accessing the
storage.void addUser(User user, java.lang.String password) throws DataBackendException, EntityExistsException
user
- the object describing account to be created.password
- The password to use.
DataBackendException
- if there was an error accessing the data
backend.
EntityExistsException
- if the user account already exists.void removeUser(User user) throws DataBackendException, UnknownEntityException
user
- the object describing the account to be removed.
DataBackendException
- if there was an error accessing the data
backend.
UnknownEntityException
- if the user account is not present.java.lang.String encryptPassword(java.lang.String password)
password
- the password to process
java.lang.String encryptPassword(java.lang.String password, java.lang.String salt)
password
- the password to processsalt
- Salt parameter for some crypto algorithms
boolean checkPassword(java.lang.String checkpw, java.lang.String encpw)
checkpw
- The clear text password supplied by the userencpw
- The current, encrypted password
void changePassword(User user, java.lang.String oldPassword, java.lang.String newPassword) throws PasswordMismatchException, UnknownEntityException, DataBackendException
user
- an User to change password for.oldPassword
- the current password supplied by the user.newPassword
- the current password requested by the user.
PasswordMismatchException
- if the supplied password was
incorrect.
UnknownEntityException
- if the user's record does not
exist in the database.
DataBackendException
- if there is a problem accessing the
storage.void forcePassword(User user, java.lang.String password) throws UnknownEntityException, DataBackendException
user
- an User to change password for.password
- the new password.
UnknownEntityException
- if the user's record does not
exist in the database.
DataBackendException
- if there is a problem accessing the
storage.AccessControlList getACL(User user) throws DataBackendException, UnknownEntityException
user
- the user for whom the AccessControlList are to be retrieved
DataBackendException
- if there was an error accessing the data backend.
UnknownEntityException
- if user account is not present.PermissionSet getPermissions(Role role) throws DataBackendException, UnknownEntityException
role
- the role name, for which the permissions are to be retrieved.
DataBackendException
- if there was an error accessing the data
backend.
UnknownEntityException
- if the role is not present.void grant(User user, Group group, Role role) throws DataBackendException, UnknownEntityException
user
- the user.group
- the group.role
- the role.
DataBackendException
- if there was an error accessing the data
backend.
UnknownEntityException
- if user account, group or role is not
present.void revoke(User user, Group group, Role role) throws DataBackendException, UnknownEntityException
user
- the user.group
- the group.role
- the role.
DataBackendException
- if there was an error accessing the data
backend.
UnknownEntityException
- if user account, group or role is not
present.void revokeAll(User user) throws DataBackendException, UnknownEntityException
user
- the User.
DataBackendException
- if there was an error accessing the data
backend.
UnknownEntityException
- if the account is not present.void grant(Role role, Permission permission) throws DataBackendException, UnknownEntityException
role
- the Role.permission
- the Permission.
DataBackendException
- if there was an error accessing the data
backend.
UnknownEntityException
- if role or permission is not present.void revoke(Role role, Permission permission) throws DataBackendException, UnknownEntityException
role
- the Role.permission
- the Permission.
DataBackendException
- if there was an error accessing the data
backend.
UnknownEntityException
- if role or permission is not present.void revokeAll(Role role) throws DataBackendException, UnknownEntityException
role
- the Role
DataBackendException
- if there was an error accessing the data
backend.
UnknownEntityException
- if the Role is not present.Group getGlobalGroup()
Group getNewGroup(java.lang.String groupName)
Role getNewRole(java.lang.String roleName)
Permission getNewPermission(java.lang.String permissionName)
Group getGroup(java.lang.String name) throws DataBackendException, UnknownEntityException
name
- the name of the Group.
DataBackendException
- if there was an error accessing the data
backend.
UnknownEntityException
- if the group does not exist.Group getGroupByName(java.lang.String name) throws DataBackendException, UnknownEntityException
name
- the name of the Group.
DataBackendException
- if there was an error accessing the data
backend.
UnknownEntityException
- if the group does not exist.Group getGroupById(int id) throws DataBackendException, UnknownEntityException
name
- the name of the Group.
UnknownEntityException
- if the permission does not
exist in the database.
DataBackendException
- if there is a problem accessing the
storage.Role getRole(java.lang.String name) throws DataBackendException, UnknownEntityException
name
- the name of the Role.
DataBackendException
- if there was an error accessing the data
backend.
UnknownEntityException
- if the role does not exist.Role getRoleByName(java.lang.String name) throws DataBackendException, UnknownEntityException
name
- the name of the Role.
DataBackendException
- if there was an error accessing the data
backend.
UnknownEntityException
- if the role does not exist.Role getRoleById(int id) throws DataBackendException, UnknownEntityException
name
- the name of the Role.
UnknownEntityException
- if the permission does not
exist in the database.
DataBackendException
- if there is a problem accessing the
storage.Permission getPermission(java.lang.String name) throws DataBackendException, UnknownEntityException
name
- the name of the Permission.
DataBackendException
- if there was an error accessing the data
backend.
UnknownEntityException
- if the permission does not exist.Permission getPermissionByName(java.lang.String name) throws DataBackendException, UnknownEntityException
name
- the name of the Permission.
DataBackendException
- if there was an error accessing the data
backend.
UnknownEntityException
- if the permission does not exist.Permission getPermissionById(int id) throws DataBackendException, UnknownEntityException
name
- the name of the Permission.
UnknownEntityException
- if the permission does not
exist in the database.
DataBackendException
- if there is a problem accessing the
storage.GroupSet getGroups(org.apache.torque.util.Criteria criteria) throws DataBackendException
criteria
- a Criteria of Group selection.
DataBackendException
- if there was an error accessing the data
backend.RoleSet getRoles(org.apache.torque.util.Criteria criteria) throws DataBackendException
criteria
- a Criteria of Roles selection.
DataBackendException
- if there was an error accessing the data
backend.PermissionSet getPermissions(org.apache.torque.util.Criteria criteria) throws DataBackendException
criteria
- a Criteria of Permissions selection.
DataBackendException
- if there was an error accessing the data
backend.GroupSet getAllGroups() throws DataBackendException
DataBackendException
- if there was an error accessing the data
backend.RoleSet getAllRoles() throws DataBackendException
DataBackendException
- if there was an error accessing the data
backend.PermissionSet getAllPermissions() throws DataBackendException
DataBackendException
- if there was an error accessing the data
backend.void saveGroup(Group group) throws DataBackendException, UnknownEntityException
group
- The Group to be stored.
DataBackendException
- if there was an error accessing the data
backend.
UnknownEntityException
- if the group does not exist.void saveRole(Role role) throws DataBackendException, UnknownEntityException
role
- The Role to be stored.
DataBackendException
- if there was an error accessing the data
backend.
UnknownEntityException
- if the role does not exist.void savePermission(Permission permission) throws DataBackendException, UnknownEntityException
permission
- The Permission to be stored.
DataBackendException
- if there was an error accessing the data
backend.
UnknownEntityException
- if the permission does not exist.Group addGroup(Group group) throws DataBackendException, EntityExistsException
group
- the object describing the group to be created.
DataBackendException
- if there was an error accessing the data
backend.
EntityExistsException
- if the group already exists.Role addRole(Role role) throws DataBackendException, EntityExistsException
role
- The object describing the role to be created.
DataBackendException
- if there was an error accessing the data
backend.
EntityExistsException
- if the role already exists.Permission addPermission(Permission permission) throws DataBackendException, EntityExistsException
permission
- The object describing the permission to be created.
DataBackendException
- if there was an error accessing the data
backend.
EntityExistsException
- if the permission already exists.void removeGroup(Group group) throws DataBackendException, UnknownEntityException
group
- The object describing the group to be removed.
DataBackendException
- if there was an error accessing the data
backend.
UnknownEntityException
- if the group does not exist.void removeRole(Role role) throws DataBackendException, UnknownEntityException
role
- The object describing the role to be removed.
DataBackendException
- if there was an error accessing the data
backend.
UnknownEntityException
- if the role does not exist.void removePermission(Permission permission) throws DataBackendException, UnknownEntityException
permission
- The object describing the permission to be removed.
DataBackendException
- if there was an error accessing the data
backend.
UnknownEntityException
- if the permission does not exist.void renameGroup(Group group, java.lang.String name) throws DataBackendException, UnknownEntityException
group
- The object describing the group to be renamed.name
- the new name for the group.
DataBackendException
- if there was an error accessing the data
backend.
UnknownEntityException
- if the group does not exist.void renameRole(Role role, java.lang.String name) throws DataBackendException, UnknownEntityException
role
- The object describing the role to be renamed.name
- the new name for the role.
DataBackendException
- if there was an error accessing the data
backend.
UnknownEntityException
- if the role does not exist.void renamePermission(Permission permission, java.lang.String name) throws DataBackendException, UnknownEntityException
permission
- The object describing the permission to be renamed.name
- the new name for the permission.
DataBackendException
- if there was an error accessing the data
backend.
UnknownEntityException
- if the permission does not exist.
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |