public interface SecurityService extends Service
The Security Service manages Users, Groups Roles and Permissions in the system.
The task performed by the security service include creation and removal of accounts, groups, roles, and permissions; assigning users roles in groups; assigning roles specific permissions and construction of objects representing these logical entities.
Because of pluggable nature of the Services, it is possible to create multiple implementations of SecurityService, for example employing database and directory server as the data backend.
Modifier and Type | Field and Description |
---|---|
static String |
SERVICE_NAME
The name of the service
|
static String |
USER_MANAGER_DEFAULT
the default implementation of UserManager interface
(org.apache.turbine.services.security.passive.PassiveUserManager)
|
static String |
USER_MANAGER_KEY
the key within services's properties for user manager implementation
classname (user.manager)
|
static String |
USER_WRAPPER_DEFAULT
the default implementation of
User interface
(org.apache.turbine.om.security.DefaultUserImpl) |
static String |
USER_WRAPPER_KEY
the key within services's properties for user implementation
classname (wrapper.class)
|
Modifier and Type | Method and Description |
---|---|
boolean |
accountExists(String userName)
Check whether a specified user's account exists.
|
boolean |
accountExists(User user)
Check whether a specified user's account exists.
|
<G extends org.apache.fulcrum.security.entity.Group> |
addGroup(G group)
Creates a new group with specified attributes.
|
<P extends org.apache.fulcrum.security.entity.Permission> |
addPermission(P permission)
Creates a new permission with specified attributes.
|
<R extends org.apache.fulcrum.security.entity.Role> |
addRole(R role)
Creates a new role with specified attributes.
|
void |
addUser(User user,
String password)
Creates new user account with specified attributes.
|
void |
changePassword(User user,
String oldPassword,
String newPassword)
Change the password for an User.
|
void |
forcePassword(User user,
String password)
Forcibly sets new password for an User.
|
<A extends org.apache.fulcrum.security.acl.AccessControlList> |
getACL(User user)
Constructs an AccessControlList for a specific user.
|
org.apache.fulcrum.security.util.GroupSet |
getAllGroups()
Retrieves all groups defined in the system.
|
org.apache.fulcrum.security.util.PermissionSet |
getAllPermissions()
Retrieves all permissions defined in the system.
|
org.apache.fulcrum.security.util.RoleSet |
getAllRoles()
Retrieves all roles defined in the system.
|
<U extends User> |
getAnonymousUser()
Constructs an User object to represent an anonymous user of the
application.
|
<U extends User> |
getAuthenticatedUser(String username,
String password)
Authenticates an user, and constructs an User object to represent
him/her.
|
<G extends org.apache.fulcrum.security.entity.Group> |
getGlobalGroup()
Provides a reference to the Group object that represents the
global group.
|
<G extends org.apache.fulcrum.security.entity.Group> |
getGroupById(int id)
Retrieve a Group object with specified Id.
|
<G extends org.apache.fulcrum.security.entity.Group> |
getGroupByName(String name)
Retrieve a Group object with specified name.
|
<G extends org.apache.fulcrum.security.entity.Group> |
getGroupInstance()
Construct a blank Group object.
|
<G extends org.apache.fulcrum.security.entity.Group> |
getGroupInstance(String groupName)
Construct a blank Group object.
|
<P extends org.apache.fulcrum.security.entity.Permission> |
getPermissionById(int id)
Retrieve a Permission object with specified Id.
|
<P extends org.apache.fulcrum.security.entity.Permission> |
getPermissionByName(String name)
Retrieve a Permission object with specified name.
|
<P extends org.apache.fulcrum.security.entity.Permission> |
getPermissionInstance()
Construct a blank Permission object.
|
<P extends org.apache.fulcrum.security.entity.Permission> |
getPermissionInstance(String permName)
Construct a blank Permission object.
|
org.apache.fulcrum.security.util.PermissionSet |
getPermissions(org.apache.fulcrum.security.entity.Role role)
Retrieves all permissions associated with a role.
|
<R extends org.apache.fulcrum.security.entity.Role> |
getRoleById(int id)
Retrieve a Role object with specified Id.
|
<R extends org.apache.fulcrum.security.entity.Role> |
getRoleByName(String name)
Retrieve a Role object with specified name.
|
<R extends org.apache.fulcrum.security.entity.Role> |
getRoleInstance()
Construct a blank Role object.
|
<R extends org.apache.fulcrum.security.entity.Role> |
getRoleInstance(String roleName)
Construct a blank Role object.
|
<U extends User> |
getUser(String username)
Constructs an User object to represent a registered user of the
application.
|
<U extends User> |
getUserInstance()
Construct a blank User object.
|
<U extends User> |
getUserInstance(String userName)
Construct a blank User object.
|
UserManager |
getUserManager()
Returns the configured UserManager.
|
void |
grant(org.apache.fulcrum.security.entity.Role role,
org.apache.fulcrum.security.entity.Permission permission)
Grants a Role a Permission
|
void |
grant(User user,
org.apache.fulcrum.security.entity.Group group,
org.apache.fulcrum.security.entity.Role role)
Grant an User a Role in a Group.
|
boolean |
isAnonymousUser(User u)
Checks whether a passed user object matches the anonymous user pattern
according to the configured user manager
|
void |
removeGroup(org.apache.fulcrum.security.entity.Group group)
Removes a Group from the system.
|
void |
removePermission(org.apache.fulcrum.security.entity.Permission permission)
Removes a Permission from the system.
|
void |
removeRole(org.apache.fulcrum.security.entity.Role role)
Removes a Role from the system.
|
void |
removeUser(User user)
Removes an user account from the system.
|
void |
renameGroup(org.apache.fulcrum.security.entity.Group group,
String name)
Renames an existing Group.
|
void |
renamePermission(org.apache.fulcrum.security.entity.Permission permission,
String name)
Renames an existing Permission.
|
void |
renameRole(org.apache.fulcrum.security.entity.Role role,
String name)
Renames an existing Role.
|
void |
replaceRole(User user,
org.apache.fulcrum.security.entity.Role role,
org.apache.fulcrum.security.entity.Role newRole)
Replaces transactionally the first given role with the second role for the given user.
|
void |
revoke(org.apache.fulcrum.security.entity.Role role,
org.apache.fulcrum.security.entity.Permission permission)
Revokes a Permission from a Role.
|
void |
revoke(User user,
org.apache.fulcrum.security.entity.Group group,
org.apache.fulcrum.security.entity.Role role)
Revoke a Role in a Group from an User.
|
void |
revokeAll(org.apache.fulcrum.security.entity.Role role)
Revokes all permissions from a Role.
|
void |
revokeAll(org.apache.fulcrum.security.entity.Role role,
boolean cascadeDelete)
Revokes by default all permissions from a Role and if flag is set
all groups and users for this role
This method is used when deleting a Role.
|
void |
revokeAll(User user)
Revokes all roles from an User.
|
void |
saveOnSessionUnbind(User user)
Saves User data when the session is unbound.
|
void |
saveUser(User user)
Saves User's data in the permanent storage.
|
getConfiguration, getName, getProperties, setName, setServiceBroker
static final String SERVICE_NAME
static final String USER_MANAGER_KEY
static final String USER_MANAGER_DEFAULT
static final String USER_WRAPPER_KEY
static final String USER_WRAPPER_DEFAULT
User
interface
(org.apache.turbine.om.security.DefaultUserImpl)<U extends User> U getUserInstance() throws org.apache.fulcrum.security.util.UnknownEntityException
U
- user classorg.apache.fulcrum.security.util.UnknownEntityException
- if the object could not be instantiated.<U extends User> U getUserInstance(String userName) throws org.apache.fulcrum.security.util.UnknownEntityException
U
- user classuserName
- The name of the user.org.apache.fulcrum.security.util.UnknownEntityException
- if the object could not be instantiated.<G extends org.apache.fulcrum.security.entity.Group> G getGroupInstance() throws org.apache.fulcrum.security.util.UnknownEntityException
G
- group classorg.apache.fulcrum.security.util.UnknownEntityException
- if the object could not be instantiated.<G extends org.apache.fulcrum.security.entity.Group> G getGroupInstance(String groupName) throws org.apache.fulcrum.security.util.UnknownEntityException
G
- group classgroupName
- The name of the Grouporg.apache.fulcrum.security.util.UnknownEntityException
- if the object could not be instantiated.<P extends org.apache.fulcrum.security.entity.Permission> P getPermissionInstance() throws org.apache.fulcrum.security.util.UnknownEntityException
P
- permission classorg.apache.fulcrum.security.util.UnknownEntityException
- if the object could not be instantiated.<P extends org.apache.fulcrum.security.entity.Permission> P getPermissionInstance(String permName) throws org.apache.fulcrum.security.util.UnknownEntityException
P
- permission classpermName
- The name of the Permissionorg.apache.fulcrum.security.util.UnknownEntityException
- if the object could not be instantiated.<R extends org.apache.fulcrum.security.entity.Role> R getRoleInstance() throws org.apache.fulcrum.security.util.UnknownEntityException
R
- role classorg.apache.fulcrum.security.util.UnknownEntityException
- if the object could not be instantiated.<R extends org.apache.fulcrum.security.entity.Role> R getRoleInstance(String roleName) throws org.apache.fulcrum.security.util.UnknownEntityException
R
- role classroleName
- The name of the Roleorg.apache.fulcrum.security.util.UnknownEntityException
- if the object could not be instantiated.UserManager getUserManager()
boolean accountExists(String userName) throws org.apache.fulcrum.security.util.DataBackendException
userName
- The user to be checked.org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data
backend.boolean accountExists(User user) throws org.apache.fulcrum.security.util.DataBackendException
user
- The user object to be checked.org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data
backend.<U extends User> U getAuthenticatedUser(String username, String password) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException, org.apache.fulcrum.security.util.PasswordMismatchException
U
- user classusername
- The user name.password
- The user password.org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data
backend.org.apache.fulcrum.security.util.UnknownEntityException
- if user account is not present.org.apache.fulcrum.security.util.PasswordMismatchException
- if the supplied password was incorrect.<U extends User> U getUser(String username) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
U
- user classusername
- The user name.org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data
backend.org.apache.fulcrum.security.util.UnknownEntityException
- if user account is not present.<U extends User> U getAnonymousUser() throws org.apache.fulcrum.security.util.UnknownEntityException
U
- user classorg.apache.fulcrum.security.util.UnknownEntityException
- if the anonymous User object couldn't be
constructed.boolean isAnonymousUser(User u)
u
- a user objectvoid saveUser(User user) throws org.apache.fulcrum.security.util.UnknownEntityException, org.apache.fulcrum.security.util.DataBackendException
user
- the user object to saveorg.apache.fulcrum.security.util.UnknownEntityException
- if the user's account does not
exist in the database.org.apache.fulcrum.security.util.DataBackendException
- if there is a problem accessing the storage.void saveOnSessionUnbind(User user) throws org.apache.fulcrum.security.util.UnknownEntityException, org.apache.fulcrum.security.util.DataBackendException
user
- the user objectorg.apache.fulcrum.security.util.UnknownEntityException
- if the user's account does not
exist in the database.org.apache.fulcrum.security.util.DataBackendException
- if there is a problem accessing the
storage.void addUser(User user, String password) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.EntityExistsException, org.apache.fulcrum.security.util.UnknownEntityException
user
- the object describing account to be created.password
- The password to use.org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data
backend.org.apache.fulcrum.security.util.EntityExistsException
- if the user account already exists.org.apache.fulcrum.security.util.UnknownEntityException
- if the provided user does not exist (is null)void removeUser(User user) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
user
- the object describing the account to be removed.org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data
backend.org.apache.fulcrum.security.util.UnknownEntityException
- if the user account is not present.void changePassword(User user, String oldPassword, String newPassword) throws org.apache.fulcrum.security.util.PasswordMismatchException, org.apache.fulcrum.security.util.UnknownEntityException, org.apache.fulcrum.security.util.DataBackendException
user
- an User to change password for.oldPassword
- the current password supplied by the user.newPassword
- the current password requested by the user.org.apache.fulcrum.security.util.PasswordMismatchException
- if the supplied password was
incorrect.org.apache.fulcrum.security.util.UnknownEntityException
- if the user's record does not
exist in the database.org.apache.fulcrum.security.util.DataBackendException
- if there is a problem accessing the
storage.void forcePassword(User user, String password) throws org.apache.fulcrum.security.util.UnknownEntityException, org.apache.fulcrum.security.util.DataBackendException
user
- an User to change password for.password
- the new password.org.apache.fulcrum.security.util.UnknownEntityException
- if the user's record does not
exist in the database.org.apache.fulcrum.security.util.DataBackendException
- if there is a problem accessing the
storage.<A extends org.apache.fulcrum.security.acl.AccessControlList> A getACL(User user) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
A
- ACL classuser
- the user for whom the AccessControlList are to be retrievedorg.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data backend.org.apache.fulcrum.security.util.UnknownEntityException
- if user account is not present.org.apache.fulcrum.security.util.PermissionSet getPermissions(org.apache.fulcrum.security.entity.Role role) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
role
- the role name, for which the permissions are to be retrieved.org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data
backend.org.apache.fulcrum.security.util.UnknownEntityException
- if the role is not present.void grant(User user, org.apache.fulcrum.security.entity.Group group, org.apache.fulcrum.security.entity.Role role) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
user
- the user.group
- the group.role
- the role.org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data
backend.org.apache.fulcrum.security.util.UnknownEntityException
- if user account, group or role is not
present.void revoke(User user, org.apache.fulcrum.security.entity.Group group, org.apache.fulcrum.security.entity.Role role) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
user
- the user.group
- the group.role
- the role.org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data
backend.org.apache.fulcrum.security.util.UnknownEntityException
- if user account, group or role is not
present.void revokeAll(User user) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
user
- the User.org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data
backend.org.apache.fulcrum.security.util.UnknownEntityException
- if the account is not present.void grant(org.apache.fulcrum.security.entity.Role role, org.apache.fulcrum.security.entity.Permission permission) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
role
- the Role.permission
- the Permission.org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data
backend.org.apache.fulcrum.security.util.UnknownEntityException
- if role or permission is not present.void revoke(org.apache.fulcrum.security.entity.Role role, org.apache.fulcrum.security.entity.Permission permission) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
role
- the Role.permission
- the Permission.org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data
backend.org.apache.fulcrum.security.util.UnknownEntityException
- if role or permission is not present.void revokeAll(org.apache.fulcrum.security.entity.Role role) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
role
- the Roleorg.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data
backend.org.apache.fulcrum.security.util.UnknownEntityException
- if the Role is not present.void revokeAll(org.apache.fulcrum.security.entity.Role role, boolean cascadeDelete) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
role
- the RolecascadeDelete
- if true
removes all groups and user for this role.org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data backend.org.apache.fulcrum.security.util.UnknownEntityException
- if the Role is not present.<G extends org.apache.fulcrum.security.entity.Group> G getGlobalGroup()
G
- group class<G extends org.apache.fulcrum.security.entity.Group> G getGroupByName(String name) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
G
- group classname
- the name of the Group.org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data
backend.org.apache.fulcrum.security.util.UnknownEntityException
- if the group does not exist.<G extends org.apache.fulcrum.security.entity.Group> G getGroupById(int id) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
G
- group classid
- the id of the Group.org.apache.fulcrum.security.util.UnknownEntityException
- if the permission does not
exist in the database.org.apache.fulcrum.security.util.DataBackendException
- if there is a problem accessing the
storage.<R extends org.apache.fulcrum.security.entity.Role> R getRoleByName(String name) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
R
- role classname
- the name of the Role.org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data
backend.org.apache.fulcrum.security.util.UnknownEntityException
- if the role does not exist.<R extends org.apache.fulcrum.security.entity.Role> R getRoleById(int id) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
R
- role classid
- the id of the Role.org.apache.fulcrum.security.util.UnknownEntityException
- if the permission does not
exist in the database.org.apache.fulcrum.security.util.DataBackendException
- if there is a problem accessing the
storage.<P extends org.apache.fulcrum.security.entity.Permission> P getPermissionByName(String name) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
P
- permission classname
- the name of the Permission.org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data
backend.org.apache.fulcrum.security.util.UnknownEntityException
- if the permission does not exist.<P extends org.apache.fulcrum.security.entity.Permission> P getPermissionById(int id) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
P
- permission classid
- the id of the Permission.org.apache.fulcrum.security.util.UnknownEntityException
- if the permission does not
exist in the database.org.apache.fulcrum.security.util.DataBackendException
- if there is a problem accessing the
storage.org.apache.fulcrum.security.util.GroupSet getAllGroups() throws org.apache.fulcrum.security.util.DataBackendException
org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data
backend.org.apache.fulcrum.security.util.RoleSet getAllRoles() throws org.apache.fulcrum.security.util.DataBackendException
org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data
backend.org.apache.fulcrum.security.util.PermissionSet getAllPermissions() throws org.apache.fulcrum.security.util.DataBackendException
org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data
backend.<G extends org.apache.fulcrum.security.entity.Group> G addGroup(G group) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.EntityExistsException
G
- group classgroup
- the object describing the group to be created.org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data
backend.org.apache.fulcrum.security.util.EntityExistsException
- if the group already exists.<R extends org.apache.fulcrum.security.entity.Role> R addRole(R role) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.EntityExistsException
R
- role classrole
- The object describing the role to be created.org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data
backend.org.apache.fulcrum.security.util.EntityExistsException
- if the role already exists.<P extends org.apache.fulcrum.security.entity.Permission> P addPermission(P permission) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.EntityExistsException
P
- permission classpermission
- The object describing the permission to be created.org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data
backend.org.apache.fulcrum.security.util.EntityExistsException
- if the permission already exists.void removeGroup(org.apache.fulcrum.security.entity.Group group) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
group
- The object describing the group to be removed.org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data
backend.org.apache.fulcrum.security.util.UnknownEntityException
- if the group does not exist.void removeRole(org.apache.fulcrum.security.entity.Role role) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
role
- The object describing the role to be removed.org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data
backend.org.apache.fulcrum.security.util.UnknownEntityException
- if the role does not exist.void removePermission(org.apache.fulcrum.security.entity.Permission permission) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
permission
- The object describing the permission to be removed.org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data
backend.org.apache.fulcrum.security.util.UnknownEntityException
- if the permission does not exist.void renameGroup(org.apache.fulcrum.security.entity.Group group, String name) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
group
- The object describing the group to be renamed.name
- the new name for the group.org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data
backend.org.apache.fulcrum.security.util.UnknownEntityException
- if the group does not exist.void renameRole(org.apache.fulcrum.security.entity.Role role, String name) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
role
- The object describing the role to be renamed.name
- the new name for the role.org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data
backend.org.apache.fulcrum.security.util.UnknownEntityException
- if the role does not exist.void renamePermission(org.apache.fulcrum.security.entity.Permission permission, String name) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
permission
- The object describing the permission to be renamed.name
- the new name for the permission.org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data
backend.org.apache.fulcrum.security.util.UnknownEntityException
- if the permission does not exist.void replaceRole(User user, org.apache.fulcrum.security.entity.Role role, org.apache.fulcrum.security.entity.Role newRole) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
user
- the user.role
- the old rolenewRole
- the new roleorg.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data
backend.org.apache.fulcrum.security.util.UnknownEntityException
- if the permission does not exist.Copyright © 2000–2019 The Apache Software Foundation. All rights reserved.