2010-06-20 22:11:53 +02:00
|
|
|
/*
|
|
|
|
* Copyright (c) 2010
|
|
|
|
*
|
|
|
|
* Robert von Burg
|
|
|
|
* eitch@eitchnet.ch
|
|
|
|
*
|
|
|
|
* All rights reserved.
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
|
|
|
package ch.eitchnet.privilege.handler;
|
|
|
|
|
|
|
|
import java.util.Locale;
|
2010-09-18 22:00:20 +02:00
|
|
|
import java.util.Map;
|
2010-06-21 23:45:55 +02:00
|
|
|
import java.util.Set;
|
2010-06-20 22:11:53 +02:00
|
|
|
|
2010-09-19 20:57:23 +02:00
|
|
|
import ch.eitchnet.privilege.i18n.AccessDeniedException;
|
2010-08-08 22:13:36 +02:00
|
|
|
import ch.eitchnet.privilege.i18n.PrivilegeException;
|
2010-06-20 22:11:53 +02:00
|
|
|
import ch.eitchnet.privilege.model.Certificate;
|
|
|
|
import ch.eitchnet.privilege.model.PrivilegeRep;
|
2010-08-08 22:13:36 +02:00
|
|
|
import ch.eitchnet.privilege.model.Restrictable;
|
2010-06-20 22:11:53 +02:00
|
|
|
import ch.eitchnet.privilege.model.RoleRep;
|
|
|
|
import ch.eitchnet.privilege.model.UserRep;
|
|
|
|
import ch.eitchnet.privilege.model.UserState;
|
|
|
|
import ch.eitchnet.privilege.model.internal.Role;
|
2010-09-19 20:57:23 +02:00
|
|
|
import ch.eitchnet.privilege.model.internal.User;
|
2010-08-08 22:13:36 +02:00
|
|
|
import ch.eitchnet.privilege.policy.PrivilegePolicy;
|
2010-06-20 22:11:53 +02:00
|
|
|
|
|
|
|
/**
|
|
|
|
* @author rvonburg
|
|
|
|
*
|
|
|
|
*/
|
2010-08-08 22:13:36 +02:00
|
|
|
public interface PrivilegeHandler {
|
|
|
|
|
|
|
|
/**
|
2010-09-18 22:00:20 +02:00
|
|
|
* This is the role users must have, if they are allowed to modify objects
|
|
|
|
*/
|
|
|
|
public static final String PRIVILEGE_ADMIN_ROLE = "PrivilegeAdmin";
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @param username
|
2010-08-08 22:13:36 +02:00
|
|
|
*
|
|
|
|
* @return
|
|
|
|
*/
|
2010-09-18 22:00:20 +02:00
|
|
|
public UserRep getUser(String username);
|
2010-08-08 22:13:36 +02:00
|
|
|
|
|
|
|
/**
|
2010-09-18 22:00:20 +02:00
|
|
|
* @param roleName
|
2010-08-08 22:13:36 +02:00
|
|
|
*
|
2010-09-18 22:00:20 +02:00
|
|
|
* @return
|
2010-08-08 22:13:36 +02:00
|
|
|
*/
|
2010-09-18 22:00:20 +02:00
|
|
|
public RoleRep getRole(String roleName);
|
2010-08-08 22:13:36 +02:00
|
|
|
|
|
|
|
/**
|
2010-09-18 22:00:20 +02:00
|
|
|
* @param privilegeName
|
|
|
|
*
|
2010-08-08 22:13:36 +02:00
|
|
|
* @return
|
2010-09-18 22:00:20 +02:00
|
|
|
*/
|
|
|
|
public PrivilegeRep getPrivilege(String privilegeName);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @param policyName
|
2010-08-08 22:13:36 +02:00
|
|
|
*
|
2010-09-18 22:00:20 +02:00
|
|
|
* @return
|
2010-08-08 22:13:36 +02:00
|
|
|
*/
|
2010-09-18 22:00:20 +02:00
|
|
|
public PrivilegePolicy getPolicy(String policyName);
|
2010-08-08 22:13:36 +02:00
|
|
|
|
|
|
|
/**
|
2010-09-18 22:00:20 +02:00
|
|
|
* @param certificate
|
2010-08-08 22:13:36 +02:00
|
|
|
* @param username
|
|
|
|
*
|
|
|
|
* @return
|
|
|
|
*/
|
2010-06-20 22:11:53 +02:00
|
|
|
public UserRep removeUser(Certificate certificate, String username);
|
|
|
|
|
2010-09-18 22:00:20 +02:00
|
|
|
/**
|
|
|
|
* @param certificate
|
|
|
|
* @param username
|
|
|
|
* @param roleName
|
|
|
|
*/
|
|
|
|
public void removeRoleFromUser(Certificate certificate, String username, String roleName);
|
2010-06-20 22:11:53 +02:00
|
|
|
|
2010-09-18 22:00:20 +02:00
|
|
|
/**
|
|
|
|
* @param certificate
|
|
|
|
* @param roleName
|
|
|
|
*
|
|
|
|
* @return
|
|
|
|
*/
|
|
|
|
public RoleRep removeRole(Certificate certificate, String roleName);
|
2010-06-20 22:11:53 +02:00
|
|
|
|
2010-09-18 22:00:20 +02:00
|
|
|
/**
|
|
|
|
* @param certificate
|
|
|
|
* @param roleName
|
|
|
|
* @param privilegeName
|
|
|
|
*/
|
|
|
|
public void removePrivilegeFromRole(Certificate certificate, String roleName, String privilegeName);
|
2010-06-20 22:11:53 +02:00
|
|
|
|
2010-09-18 22:00:20 +02:00
|
|
|
/**
|
|
|
|
* @param certificate
|
|
|
|
* @param privilegeName
|
|
|
|
*
|
|
|
|
* @return
|
|
|
|
*/
|
|
|
|
public PrivilegeRep removePrivilege(Certificate certificate, String privilegeName);
|
2010-06-20 22:11:53 +02:00
|
|
|
|
2010-09-18 22:00:20 +02:00
|
|
|
/**
|
|
|
|
* @param certificate
|
|
|
|
* @param userRep
|
|
|
|
* @param password
|
|
|
|
*/
|
|
|
|
public void addOrReplaceUser(Certificate certificate, UserRep userRep, String password);
|
2010-06-20 22:11:53 +02:00
|
|
|
|
2010-09-18 22:00:20 +02:00
|
|
|
/**
|
|
|
|
* @param certificate
|
|
|
|
* @param roleRep
|
|
|
|
*/
|
2010-06-20 22:11:53 +02:00
|
|
|
public void addOrReplaceRole(Certificate certificate, RoleRep roleRep);
|
|
|
|
|
2010-09-18 22:00:20 +02:00
|
|
|
/**
|
|
|
|
* @param certificate
|
|
|
|
* @param privilegeRep
|
|
|
|
*/
|
|
|
|
public void addOrReplacePrivilege(Certificate certificate, PrivilegeRep privilegeRep);
|
2010-06-20 22:11:53 +02:00
|
|
|
|
2010-09-18 22:00:20 +02:00
|
|
|
/**
|
|
|
|
* @param certificate
|
|
|
|
* @param username
|
|
|
|
* @param roleName
|
|
|
|
*/
|
|
|
|
public void addRoleToUser(Certificate certificate, String username, String roleName);
|
2010-06-20 22:11:53 +02:00
|
|
|
|
2010-09-18 22:00:20 +02:00
|
|
|
/**
|
|
|
|
* @param certificate
|
|
|
|
* @param roleName
|
|
|
|
* @param privilegeName
|
|
|
|
*/
|
2010-06-20 22:11:53 +02:00
|
|
|
public void addPrivilegeToRole(Certificate certificate, String roleName, String privilegeName);
|
|
|
|
|
2010-09-18 22:00:20 +02:00
|
|
|
/**
|
|
|
|
* @param certificate
|
|
|
|
* @param username
|
|
|
|
* @param password
|
|
|
|
*/
|
|
|
|
public void setUserPassword(Certificate certificate, String username, String password);
|
2010-06-20 22:11:53 +02:00
|
|
|
|
2010-09-18 22:00:20 +02:00
|
|
|
/**
|
|
|
|
* @param certificate
|
|
|
|
* @param username
|
|
|
|
* @param firstname
|
|
|
|
* @param surname
|
|
|
|
*/
|
|
|
|
public void setUserName(Certificate certificate, String username, String firstname, String surname);
|
2010-06-20 22:11:53 +02:00
|
|
|
|
2010-09-18 22:00:20 +02:00
|
|
|
/**
|
|
|
|
* @param certificate
|
|
|
|
* @param username
|
|
|
|
* @param state
|
|
|
|
*/
|
|
|
|
public void setUserState(Certificate certificate, String username, UserState state);
|
2010-06-20 22:11:53 +02:00
|
|
|
|
2010-09-18 22:00:20 +02:00
|
|
|
/**
|
|
|
|
* @param certificate
|
|
|
|
* @param username
|
|
|
|
* @param locale
|
|
|
|
*/
|
|
|
|
public void setUserLocaleState(Certificate certificate, String username, Locale locale);
|
2010-06-20 22:11:53 +02:00
|
|
|
|
2010-09-18 22:00:20 +02:00
|
|
|
/**
|
|
|
|
* @param certificate
|
|
|
|
* @param privilegeName
|
|
|
|
* @param policyName
|
|
|
|
*/
|
2010-06-20 22:11:53 +02:00
|
|
|
public void setPrivilegePolicy(Certificate certificate, String privilegeName, String policyName);
|
|
|
|
|
2010-09-18 22:00:20 +02:00
|
|
|
/**
|
|
|
|
* @param certificate
|
|
|
|
* @param privilegeName
|
|
|
|
* @param allAllowed
|
|
|
|
*/
|
2010-06-20 22:11:53 +02:00
|
|
|
public void setPrivilegeAllAllowed(Certificate certificate, String privilegeName, boolean allAllowed);
|
|
|
|
|
2010-09-18 22:00:20 +02:00
|
|
|
/**
|
|
|
|
* @param certificate
|
|
|
|
* @param privilegeName
|
|
|
|
* @param denyList
|
|
|
|
*/
|
2010-06-21 23:45:55 +02:00
|
|
|
public void setPrivilegeDenyList(Certificate certificate, String privilegeName, Set<String> denyList);
|
2010-06-20 22:11:53 +02:00
|
|
|
|
2010-09-18 22:00:20 +02:00
|
|
|
/**
|
|
|
|
* @param certificate
|
|
|
|
* @param privilegeName
|
|
|
|
* @param allowList
|
|
|
|
*/
|
2010-06-21 23:45:55 +02:00
|
|
|
public void setPrivilegeAllowList(Certificate certificate, String privilegeName, Set<String> allowList);
|
2010-06-20 22:11:53 +02:00
|
|
|
|
2010-09-18 22:00:20 +02:00
|
|
|
/**
|
|
|
|
* @param username
|
|
|
|
* @param password
|
|
|
|
*
|
|
|
|
* @return
|
|
|
|
*
|
|
|
|
* @throws AccessDeniedException
|
|
|
|
* if the user credentials are not valid
|
|
|
|
*/
|
|
|
|
public Certificate authenticate(String username, String password);
|
2010-08-08 22:13:36 +02:00
|
|
|
|
2010-09-18 22:00:20 +02:00
|
|
|
/**
|
|
|
|
* @param certificate
|
|
|
|
* @param restrictable
|
|
|
|
*
|
|
|
|
* @return
|
|
|
|
*
|
|
|
|
* @throws AccessDeniedException
|
|
|
|
* if the {@link Certificate} is not for a currently logged in {@link User} or if the user may not
|
|
|
|
* perform the action defined by the {@link Restrictable} implementation
|
|
|
|
* @throws PrivilegeException
|
|
|
|
* if there is anything wrong with this certificate
|
|
|
|
*/
|
|
|
|
public boolean actionAllowed(Certificate certificate, Restrictable restrictable);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @param role
|
|
|
|
* @param restrictable
|
|
|
|
* @return
|
|
|
|
*
|
|
|
|
* @throws AccessDeniedException
|
|
|
|
* if the {@link Certificate} is not for a currently logged in {@link User} or if the user may not
|
|
|
|
* perform the action defined by the {@link Restrictable} implementation
|
|
|
|
* @throws PrivilegeException
|
|
|
|
* if there is anything wrong with this certificate
|
|
|
|
*/
|
|
|
|
public boolean actionAllowed(Role role, Restrictable restrictable);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @param certificate
|
|
|
|
* @return
|
|
|
|
*
|
|
|
|
* @throws AccessDeniedException
|
|
|
|
* if the {@link Certificate} is not for a currently logged in {@link User}
|
|
|
|
* @throws PrivilegeException
|
|
|
|
* if there is anything wrong with this certificate
|
|
|
|
*/
|
|
|
|
public boolean isCertificateValid(Certificate certificate);
|
|
|
|
|
|
|
|
/**
|
|
|
|
* <p>
|
|
|
|
* Validates if this {@link Certificate} is for a {@link ch.eitchnet.privilege.model.internal.User} with
|
|
|
|
* {@link Role} with name {@link PrivilegeHandler#PRIVILEGE_ADMIN_ROLE}
|
|
|
|
* </p>
|
|
|
|
*
|
|
|
|
* <p>
|
|
|
|
* In other words, this method checks if the given certificate is for a user who has the rights to change objects
|
|
|
|
* </p>
|
|
|
|
*
|
|
|
|
* <p>
|
|
|
|
* If the user is not the administrator, then a {@link ch.eitchnet.privilege.i18n.PrivilegeException} is thrown
|
|
|
|
* </p>
|
|
|
|
*
|
|
|
|
* @param certificate
|
|
|
|
* the {@link Certificate} for which the role should be validated against
|
|
|
|
*
|
|
|
|
* @throws ch.eitchnet.privilege.i18n.PrivilegeException
|
|
|
|
* if the user does not not have admin privileges
|
|
|
|
*/
|
|
|
|
public void validateIsPrivilegeAdmin(Certificate certificate) throws PrivilegeException;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Validate that the given password meets any requirements. What these requirements are is a decision made by the
|
|
|
|
* concrete implementation
|
|
|
|
*
|
|
|
|
* @param password
|
|
|
|
*
|
|
|
|
* @throws PrivilegeException
|
|
|
|
*/
|
|
|
|
public void validatePassword(String password) throws PrivilegeException;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* @param certificate
|
|
|
|
*
|
|
|
|
* @return
|
|
|
|
*/
|
2010-06-20 22:11:53 +02:00
|
|
|
public boolean persist(Certificate certificate);
|
2010-08-08 22:13:36 +02:00
|
|
|
|
2010-09-18 22:00:20 +02:00
|
|
|
/**
|
|
|
|
*
|
|
|
|
* @param parameterMap
|
|
|
|
* @param encryptionHandler
|
|
|
|
* @param persistenceHandler
|
|
|
|
*/
|
|
|
|
public void initialize(Map<String, String> parameterMap, EncryptionHandler encryptionHandler,
|
|
|
|
PersistenceHandler persistenceHandler);
|
2010-06-20 22:11:53 +02:00
|
|
|
}
|