strolch/src/ch/eitchnet/privilege/handler/PrivilegeHandler.java

383 lines
13 KiB
Java

/*
* Copyright (c) 2010
*
* Robert von Burg
* eitch@eitchnet.ch
*
* All rights reserved.
*
*/
package ch.eitchnet.privilege.handler;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import ch.eitchnet.privilege.i18n.AccessDeniedException;
import ch.eitchnet.privilege.i18n.PrivilegeException;
import ch.eitchnet.privilege.model.Certificate;
import ch.eitchnet.privilege.model.PrivilegeRep;
import ch.eitchnet.privilege.model.Restrictable;
import ch.eitchnet.privilege.model.RoleRep;
import ch.eitchnet.privilege.model.UserRep;
import ch.eitchnet.privilege.model.UserState;
import ch.eitchnet.privilege.model.internal.Privilege;
import ch.eitchnet.privilege.model.internal.Role;
import ch.eitchnet.privilege.model.internal.User;
import ch.eitchnet.privilege.policy.PrivilegePolicy;
/**
* @author rvonburg
*
*/
public interface PrivilegeHandler {
/**
* value = PrivilegeAdmin: This is the role users must have, if they are allowed to modify objects
*/
public static final String PRIVILEGE_ADMIN_ROLE = "PrivilegeAdmin";
/**
* Returns a {@link UserRep} for the given username
*
* @param username
* the name of the {@link UserRep} to return
*
* @return the {@link UserRep} for the given username, or null if it was not found
*/
public UserRep getUser(String username);
/**
* Returns a {@link RoleRep} for the given roleName
*
* @param roleName
* the name of the {@link RoleRep} to return
*
* @return the {@link RoleRep} for the given roleName, or null if it was not found
*/
public RoleRep getRole(String roleName);
/**
* Returns a {@link PrivilegeRep} for the given privilegeName
*
* @param privilegeName
* the name of the {@link PrivilegeRep} to return
*
* @return the {@link PrivilegeRep} for the given privilegeName, or null if it was not found
*/
public PrivilegeRep getPrivilege(String privilegeName);
/**
* Returns a {@link PrivilegePolicy} for the given policyName
*
* @param policyName
* the name of the {@link PrivilegePolicy} to return
*
* @return the {@link PrivilegePolicy} for the given policyName, or null if it was not found
*/
public PrivilegePolicy getPolicy(String policyName);
/**
* Removes the user with the given username
*
* @param certificate
* the {@link Certificate} of the user which has the privilege to perform this action
* @param username
* the username of the user to remove
*
* @return the {@link UserRep} of the user removed, or null if the user did not exist
*/
public UserRep removeUser(Certificate certificate, String username);
/**
* Removes the role with the given roleName from the user with the given username
*
* @param certificate
* the {@link Certificate} of the user which has the privilege to perform this action
* @param username
* the username of the user from which the role is to be removed
* @param roleName
* the rolename of the role to remove from the user
*/
public void removeRoleFromUser(Certificate certificate, String username, String roleName);
/**
* Removes the role with the given roleName
*
* @param certificate
* the {@link Certificate} of the user which has the privilege to perform this action
* @param roleName
* the roleName of the role to remove
*
* @return the {@link RoleRep} of the role removed, or null if the role did not exist
*/
public RoleRep removeRole(Certificate certificate, String roleName);
/**
* Removes the privilege with the given privilegeName from the role with the given roleName
*
* @param certificate
* the {@link Certificate} of the user which has the privilege to perform this action
* @param roleName
* the roleName of the role from which the privilege is to be removed
* @param privilegeName
* the privilegeName of the privilege to remove from the role
*/
public void removePrivilegeFromRole(Certificate certificate, String roleName, String privilegeName);
/**
* Removes the privilege with the given privilegeName
*
* @param certificate
* the {@link Certificate} of the user which has the privilege to perform this action
* @param privilegeName
* the privilegeName of the privilege to remove
*
* @return the {@link PrivilegeRep} of the privilege removed, or null if the privilege did not exist
*/
public PrivilegeRep removePrivilege(Certificate certificate, String privilegeName);
/**
* <p>
* Adds a new user, or replaces the user with the information from this {@link UserRep} if the user already exists
* </p>
*
* <p>
* If the password given is null, then the user is created, but can not not login! Otherwise the password must meet
* the requirements of the implementation under {@link PrivilegeHandler#validatePassword(String)}
* </p>
*
* @param certificate
* the {@link Certificate} of the user which has the privilege to perform this action
* @param userRep
* the {@link UserRep} containing the information to create the new {@link User}
* @param password
* the password of the new user. If the password is null, then this is accepted but the user can not
* login, otherwise the password must be validated against
* {@link PrivilegeHandler#validatePassword(String)}
*/
public void addOrReplaceUser(Certificate certificate, UserRep userRep, String password);
/**
* Adds a new role, or replaces the role with the information from this {@link RoleRep} if the role already exists
*
* @param certificate
* the {@link Certificate} of the user which has the privilege to perform this action
* @param roleRep
* the {@link RoleRep} containing the information to create the new {@link Role}
*/
public void addOrReplaceRole(Certificate certificate, RoleRep roleRep);
/**
* Adds a new privilege, or replaces the privilege with the information from this {@link PrivilegeRep} if the
* privilege already exists
*
* @param certificate
* the {@link Certificate} of the user which has the privilege to perform this action
* @param privilegeRep
* the {@link PrivilegeRep} containing the information to create the new {@link Privilege}
*/
public void addOrReplacePrivilege(Certificate certificate, PrivilegeRep privilegeRep);
/**
* Adds the role with the given roleName to the {@link User} with the given username
*
* @param certificate
* the {@link Certificate} of the user which has the privilege to perform this action
* @param username
* the username of the {@link User} to which the role should be added
* @param roleName
* the roleName of the {@link Role} which should be added to the {@link User}
*/
public void addRoleToUser(Certificate certificate, String username, String roleName);
/**
* Adds the privilege with the given privilegeName to the {@link Role} with the given roleName
*
* @param certificate
* the {@link Certificate} of the user which has the privilege to perform this action
* @param roleName
* the roleName of the {@link Role} to which the privilege should be added
* @param privilegeName
* the privilegeName of the {@link Privilege} which should be added to the {@link Role}
*/
public void addPrivilegeToRole(Certificate certificate, String roleName, String privilegeName);
/**
* Changes the password for the {@link User} with the given username. If the password is null, then the {@link User}
* can not login anymore. Otherwise the password must meet the requirements of the implementation under
* {@link PrivilegeHandler#validatePassword(String)}
*
* @param certificate
* the {@link Certificate} of the user which has the privilege to perform this action
* @param username
* the username of the {@link User} for which the password is to be changed
* @param password
* the new password for this user. If the password is null, then the {@link User} can not login anymore.
* Otherwise the password must meet the requirements of the implementation under
* {@link PrivilegeHandler#validatePassword(String)}
*/
public void setUserPassword(Certificate certificate, String username, String password);
/**
* @param certificate
* the {@link Certificate} of the user which has the privilege to perform this action
* @param username
* @param firstname
* @param surname
*/
public void setUserName(Certificate certificate, String username, String firstname, String surname);
/**
* @param certificate
* the {@link Certificate} of the user which has the privilege to perform this action
* @param username
* @param state
*/
public void setUserState(Certificate certificate, String username, UserState state);
/**
* @param certificate
* the {@link Certificate} of the user which has the privilege to perform this action
* @param username
* @param locale
*/
public void setUserLocaleState(Certificate certificate, String username, Locale locale);
/**
* @param certificate
* the {@link Certificate} of the user which has the privilege to perform this action
* @param privilegeName
* @param policyName
*/
public void setPrivilegePolicy(Certificate certificate, String privilegeName, String policyName);
/**
* @param certificate
* the {@link Certificate} of the user which has the privilege to perform this action
* @param privilegeName
* @param allAllowed
*/
public void setPrivilegeAllAllowed(Certificate certificate, String privilegeName, boolean allAllowed);
/**
* @param certificate
* the {@link Certificate} of the user which has the privilege to perform this action
* @param privilegeName
* @param denyList
*/
public void setPrivilegeDenyList(Certificate certificate, String privilegeName, Set<String> denyList);
/**
* @param certificate
* the {@link Certificate} of the user which has the privilege to perform this action
* @param privilegeName
* @param allowList
*/
public void setPrivilegeAllowList(Certificate certificate, String privilegeName, Set<String> allowList);
/**
* @param username
* @param password
*
* @return
*
* @throws AccessDeniedException
* if the user credentials are not valid
*/
public Certificate authenticate(String username, String password);
/**
* @param certificate
* the {@link Certificate} of the user which has the privilege to perform this action
* @param restrictable
*
* @return
*
* @throws AccessDeniedException
* if the {@link Certificate} is not for a currently logged in {@link User} or if the user may not
* perform the action defined by the {@link Restrictable} implementation
* @throws PrivilegeException
* if there is anything wrong with this certificate
*/
public boolean actionAllowed(Certificate certificate, Restrictable restrictable);
/**
* @param role
* @param restrictable
* @return
*
* @throws AccessDeniedException
* if the {@link Certificate} is not for a currently logged in {@link User} or if the user may not
* perform the action defined by the {@link Restrictable} implementation
* @throws PrivilegeException
* if there is anything wrong with this certificate
*/
public boolean actionAllowed(Role role, Restrictable restrictable);
/**
* @param certificate
* @return
*
* @throws AccessDeniedException
* if the {@link Certificate} is not for a currently logged in {@link User}
* @throws PrivilegeException
* if there is anything wrong with this certificate
*/
public boolean isCertificateValid(Certificate certificate);
/**
* <p>
* Validates if this {@link Certificate} is for a {@link ch.eitchnet.privilege.model.internal.User} with
* {@link Role} with name {@link PrivilegeHandler#PRIVILEGE_ADMIN_ROLE}
* </p>
*
* <p>
* In other words, this method checks if the given certificate is for a user who has the rights to change objects
* </p>
*
* <p>
* If the user is not the administrator, then a {@link ch.eitchnet.privilege.i18n.PrivilegeException} is thrown
* </p>
*
* @param certificate
* the {@link Certificate} for which the role should be validated against
*
* @throws ch.eitchnet.privilege.i18n.PrivilegeException
* if the user does not not have admin privileges
*/
public void validateIsPrivilegeAdmin(Certificate certificate) throws PrivilegeException;
/**
* Validate that the given password meets any requirements. What these requirements are is a decision made by the
* concrete implementation
*
* @param password
*
* @throws PrivilegeException
*/
public void validatePassword(String password) throws PrivilegeException;
/**
* @param certificate
* the {@link Certificate} of the user which has the privilege to perform this action
*
* @return
*/
public boolean persist(Certificate certificate);
/**
* Initialize the concrete {@link EncryptionHandler}. The passed parameter map contains any configuration this map
* might need
*
* @param parameterMap
* a map containing configuration properties
*
* @param encryptionHandler
* @param persistenceHandler
*/
public void initialize(Map<String, String> parameterMap, EncryptionHandler encryptionHandler,
PersistenceHandler persistenceHandler);
}