001: //$HeadURL: https://svn.wald.intevation.org/svn/deegree/base/trunk/src/org/deegree/security/drm/SecurityRegistry.java $
002: /*---------------- FILE HEADER ------------------------------------------
003:
004: This file is part of deegree.
005: Copyright (C) 2001-2008 by:
006: EXSE, Department of Geography, University of Bonn
007: http://www.giub.uni-bonn.de/deegree/
008: lat/lon GmbH
009: http://www.lat-lon.de
010:
011: This library is free software; you can redistribute it and/or
012: modify it under the terms of the GNU Lesser General Public
013: License as published by the Free Software Foundation; either
014: version 2.1 of the License, or (at your option) any later version.
015:
016: This library is distributed in the hope that it will be useful,
017: but WITHOUT ANY WARRANTY; without even the implied warranty of
018: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
019: Lesser General Public License for more details.
020:
021: You should have received a copy of the GNU Lesser General Public
022: License along with this library; if not, write to the Free Software
023: Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
024:
025: Contact:
026:
027: Andreas Poth
028: lat/lon GmbH
029: Aennchenstr. 19
030: 53115 Bonn
031: Germany
032: E-Mail: poth@lat-lon.de
033:
034: Prof. Dr. Klaus Greve
035: Department of Geography
036: University of Bonn
037: Meckenheimer Allee 166
038: 53115 Bonn
039: Germany
040: E-Mail: greve@giub.uni-bonn.de
041:
042: ---------------------------------------------------------------------------*/
043: package org.deegree.security.drm;
044:
045: import java.util.Properties;
046:
047: import org.deegree.security.GeneralSecurityException;
048: import org.deegree.security.drm.model.Group;
049: import org.deegree.security.drm.model.Privilege;
050: import org.deegree.security.drm.model.Right;
051: import org.deegree.security.drm.model.RightType;
052: import org.deegree.security.drm.model.Role;
053: import org.deegree.security.drm.model.SecurableObject;
054: import org.deegree.security.drm.model.SecuredObject;
055: import org.deegree.security.drm.model.User;
056:
057: /**
058: * This is an interface for datastores that are able to stores the following
059: * object types and their relations:
060: * <ul>
061: * <li><code>User</code>
062: * <li><code>Group</code>
063: * <li><code>Role</code>
064: * <li><code>SecurableObject</code>
065: * <li><code>Right / RightType</code>
066: * <li><code>Privilege</code>
067: * </ul>
068: *
069: * @author <a href="mailto:mschneider@lat-lon.de">Markus Schneider </a>
070: * @version $Revision: 10566 $
071: */
072: public interface SecurityRegistry {
073:
074: /**
075: * Initializes the <code>Registry</code> -instance according to the
076: * contents of the submitted <code>Properties</code>.
077: * <p>
078: * The supported keys and values depend on the concrete implementation.
079: *
080: * @param properties
081: * @throws GeneralSecurityException
082: */
083: void initialize(Properties properties)
084: throws GeneralSecurityException;
085:
086: /**
087: * Signals the <code>Registry</code> that a new transaction starts.
088: * <p>
089: * Only one transaction can be active at a time.
090: * @param transaction
091: *
092: * @throws GeneralSecurityException
093: */
094: void beginTransaction(SecurityTransaction transaction)
095: throws GeneralSecurityException;
096:
097: /**
098: * Signals the <code>Registry</code> that the current transaction ends.
099: * Changes made during the transaction are now made persistent.
100: * @param transaction
101: *
102: * @throws GeneralSecurityException
103: */
104: void commitTransaction(SecurityTransaction transaction)
105: throws GeneralSecurityException;
106:
107: /**
108: * Signals the <code>Registry</code> that the transaction shall be
109: * aborted. Changes made by the transaction are undone.
110: * @param transaction
111: *
112: * @throws GeneralSecurityException
113: */
114: void abortTransaction(SecurityTransaction transaction)
115: throws GeneralSecurityException;
116:
117: /**
118: * Deletes all data from the <code>Registry</code> and sets the default
119: * objects (SEC_ADMIN user, role and group) and standard rights and
120: * privileges.
121: *
122: * @param transaction
123: * @throws GeneralSecurityException
124: */
125: void clean(SecurityTransaction transaction)
126: throws GeneralSecurityException;
127:
128: /**
129: * Adds a new User-account to the <code>Registry</code>.
130: * @param transaction
131: * @param name
132: * @param password
133: * @param lastName
134: * @param firstName
135: * @param mailAddress
136: * @return the new user
137: *
138: * @throws GeneralSecurityException
139: * this is a <code>DuplicateException</code> if the group
140: * already existed
141: */
142: User registerUser(SecurityTransaction transaction, String name,
143: String password, String lastName, String firstName,
144: String mailAddress) throws GeneralSecurityException;
145:
146: /**
147: * Removes an existing <code>User<code> from the <code>Registry</code>.
148: * @param transaction
149: * @param user
150: *
151: * @throws GeneralSecurityException
152: */
153: void deregisterUser(SecurityTransaction transaction, User user)
154: throws GeneralSecurityException;
155:
156: /**
157: * Updates the metadata (name, email, etc.) of a <code>User</code> in the
158: * <code>Registry</code>.
159: * @param transaction
160: * @param user
161: *
162: * @throws GeneralSecurityException
163: * this is a <code>DuplicateException</code> if a user with the
164: * new name already existed
165: */
166: void updateUser(SecurityTransaction transaction, User user)
167: throws GeneralSecurityException;
168:
169: /**
170: * Retrieves a <code>User</code> from the <code>Registry</code>.
171: * @param securityAccess
172: * @param name
173: * @return the user
174: *
175: * @throws GeneralSecurityException
176: * this is an <code>UnknownException</code> if the user is not
177: * known to the <code>Registry</code>
178: */
179: User getUserByName(SecurityAccess securityAccess, String name)
180: throws GeneralSecurityException;
181:
182: /**
183: * Retrieves a <code>User</code> from the <code>Registry</code>.
184: * @param securityAccess
185: * @param id
186: * @return the user
187: *
188: * @throws GeneralSecurityException
189: * this is an <code>UnknownException</code> if the user is not
190: * known to the <code>Registry</code>
191: */
192: User getUserById(SecurityAccess securityAccess, int id)
193: throws GeneralSecurityException;
194:
195: /**
196: * Retrieves all <code>User</code> s from the <code>Registry</code>.
197: * @param securityAccess
198: * @return the users
199: *
200: * @throws GeneralSecurityException
201: */
202: User[] getAllUsers(SecurityAccess securityAccess)
203: throws GeneralSecurityException;
204:
205: /**
206: * Retrieves all <code>Users</code> s from the <code>Registry</code>
207: * that are associated DIRECTLY (SecurityAccess securityAccess, i.e. not via
208: * group memberships) with a given <code>Role</code>.
209: * @param securityAccess
210: * @param role
211: * @return the users
212: *
213: * @throws GeneralSecurityException
214: */
215: User[] getUsersWithRole(SecurityAccess securityAccess, Role role)
216: throws GeneralSecurityException;
217:
218: /**
219: * Retrieves all <code>User</code> s from the <code>Registry</code>
220: * belong to the given <code>Group</code>.
221: * @param securityAccess
222: * @param group
223: * @return the users
224: *
225: * @throws GeneralSecurityException
226: */
227: User[] getUsersInGroup(SecurityAccess securityAccess, Group group)
228: throws GeneralSecurityException;
229:
230: /**
231: * Sets the <code>User</code> s that are members of a given
232: * <code>Group</code>.
233: * @param transaction
234: * @param group
235: * @param users
236: *
237: * @throws GeneralSecurityException
238: */
239: void setUsersInGroup(SecurityTransaction transaction, Group group,
240: User[] users) throws GeneralSecurityException;
241:
242: /**
243: * Sets the <code>User</code> s that a given <code>Role</code> is
244: * associated to.
245: * @param transaction
246: * @param role
247: * @param users
248: *
249: * @throws GeneralSecurityException
250: */
251: void setUsersWithRole(SecurityTransaction transaction, Role role,
252: User[] users) throws GeneralSecurityException;
253:
254: /**
255: * Adds a new Group-account to the <code>Registry</code>.
256: * @param transaction
257: * @param name
258: * @param title
259: * @return the group
260: *
261: * @throws GeneralSecurityException
262: * this is a <code>DuplicateException</code> if the group
263: * already existed
264: */
265: Group registerGroup(SecurityTransaction transaction, String name,
266: String title) throws GeneralSecurityException;
267:
268: /**
269: * Removes an existing <code>Group</code> from the <code>Registry</code>
270: * (including its relations).
271: * @param transaction
272: * @param group
273: *
274: * @throws GeneralSecurityException
275: */
276: void deregisterGroup(SecurityTransaction transaction, Group group)
277: throws GeneralSecurityException;
278:
279: /**
280: * Retrieves a <code>Group</code> from the <code>Registry</code>.
281: * @param securityAccess
282: * @param name
283: * @return the group
284: *
285: * @throws GeneralSecurityException
286: * this is an <code>UnknownException</code> if the group is
287: * not known to the <code>Registry</code>
288: */
289: Group getGroupByName(SecurityAccess securityAccess, String name)
290: throws GeneralSecurityException;
291:
292: /**
293: * Retrieves a <code>Group</code> from the <code>Registry</code>.
294: * @param securityAccess
295: * @param id
296: * @return the group
297: *
298: * @throws GeneralSecurityException
299: * this is an <code>UnknownException</code> if the group is
300: * not known to the <code>Registry</code>
301: */
302: Group getGroupById(SecurityAccess securityAccess, int id)
303: throws GeneralSecurityException;
304:
305: /**
306: * Retrieves all <code>Group</code> s from the <code>Registry</code>.
307: * @param securityAccess
308: * @return the groups
309: *
310: * @throws GeneralSecurityException
311: */
312: Group[] getAllGroups(SecurityAccess securityAccess)
313: throws GeneralSecurityException;
314:
315: /**
316: * Retrieves all <code>Group</code> s from the <code>Registry</code>
317: * that the given <code>User</code> belongs to.
318: * @param securityAccess
319: * @param user
320: * @return the groups
321: *
322: * @throws GeneralSecurityException
323: */
324: Group[] getGroupsForUser(SecurityAccess securityAccess, User user)
325: throws GeneralSecurityException;
326:
327: /**
328: * Retrieves all <code>Group</code> s from the <code>Registry</code>
329: * that the given <code>Group</code> belongs to.
330: * @param securityAccess
331: * @param group
332: * @return the groups
333: *
334: * @throws GeneralSecurityException
335: */
336: Group[] getGroupsForGroup(SecurityAccess securityAccess, Group group)
337: throws GeneralSecurityException;
338:
339: /**
340: * Retrieves all <code>Group</code> s from the <code>Registry</code>
341: * belong to the given <code>Group</code>.
342: * @param securityAccess
343: * @param group
344: * @return the groups
345: *
346: * @throws GeneralSecurityException
347: */
348: Group[] getGroupsInGroup(SecurityAccess securityAccess, Group group)
349: throws GeneralSecurityException;
350:
351: /**
352: * Retrieves all <code>Group</code> s from the <code>Registry</code>
353: * that are associated with a given <code>Role</code>.
354: * @param securityAccess
355: * @param role
356: * @return the groups
357: *
358: * @throws GeneralSecurityException
359: */
360: Group[] getGroupsWithRole(SecurityAccess securityAccess, Role role)
361: throws GeneralSecurityException;
362:
363: /**
364: * Sets the <code>Group</code> s that a given <code>User</code> is a
365: * DIRECT member of.
366: * @param transaction
367: * @param user
368: * @param groups
369: *
370: * @throws GeneralSecurityException
371: */
372: void setGroupsForUser(SecurityTransaction transaction, User user,
373: Group[] groups) throws GeneralSecurityException;
374:
375: /**
376: * Sets the <code>Groups</code> s that are members of a given
377: * <code>Group</code>.
378: * @param transaction
379: * @param group
380: * @param groups
381: *
382: * @throws GeneralSecurityException
383: */
384: void setGroupsInGroup(SecurityTransaction transaction, Group group,
385: Group[] groups) throws GeneralSecurityException;
386:
387: /**
388: * Sets the <code>Group</code> s that a given <code>Role</code> is
389: * associated to.
390: * @param transaction
391: * @param role
392: * @param groups
393: *
394: * @throws GeneralSecurityException
395: */
396: void setGroupsWithRole(SecurityTransaction transaction, Role role,
397: Group[] groups) throws GeneralSecurityException;
398:
399: /**
400: * Sets the <code>Groups</code> s that a given <code>Group</code> is
401: * member of DIRECTLY (i.e. not via group membership).
402: * @param transaction
403: * @param group
404: * @param groups
405: *
406: * @throws GeneralSecurityException
407: */
408: void setGroupsForGroup(SecurityTransaction transaction,
409: Group group, Group[] groups)
410: throws GeneralSecurityException;
411:
412: /**
413: * Adds a new role to the <code>Registry</code>.
414: * @param transaction
415: * @param name
416: * @return the role
417: *
418: * @throws GeneralSecurityException
419: * this is a <code>DuplicateException</code> if the role
420: * already existed
421: */
422: Role registerRole(SecurityTransaction transaction, String name)
423: throws GeneralSecurityException;
424:
425: /**
426: * Removes an existing <code>Role</code> from the <code>Registry</code>
427: * (including its relations).
428: * @param transaction
429: * @param role
430: *
431: * @throws GeneralSecurityException
432: */
433: void deregisterRole(SecurityTransaction transaction, Role role)
434: throws GeneralSecurityException;
435:
436: /**
437: * Retrieves a <code>Role</code> from the <code>Registry</code>.
438: * @param securityAccess
439: * @param name
440: * @return the role
441: *
442: * @throws GeneralSecurityException
443: * this is an <code>UnknownException</code> if the role is not
444: * known to the <code>Registry</code>
445: */
446: Role getRoleByName(SecurityAccess securityAccess, String name)
447: throws GeneralSecurityException;
448:
449: /**
450: * Retrieves all <code>Role</code> s from the <code>Registry</code> that
451: * have a certain namespace.
452: * @param securityAccess
453: * @param ns
454: * @return the roles
455: *
456: * @throws GeneralSecurityException
457: */
458: Role[] getRolesByNS(SecurityAccess securityAccess, String ns)
459: throws GeneralSecurityException;
460:
461: /**
462: * Retrieves a <code>Role</code> from the <code>Registry</code>.
463: * @param securityAccess
464: * @param id
465: * @return the role
466: *
467: * @throws GeneralSecurityException
468: * this is an <code>UnknownException</code> if the role is not
469: * known to the <code>Registry</code>
470: */
471: Role getRoleById(SecurityAccess securityAccess, int id)
472: throws GeneralSecurityException;
473:
474: /**
475: * Retrieves all <code>Role</code> s from the <code>Registry</code>,
476: * except those that are only used internally (these end with a $ symbol);
477: * @param securityAccess
478: * @return the roles
479: *
480: * @throws GeneralSecurityException
481: */
482: Role[] getAllRoles(SecurityAccess securityAccess)
483: throws GeneralSecurityException;
484:
485: /**
486: * Retrieves all <code>Role</code> s from the <code>Registry</code> that
487: * are associated with a given <code>User</code> DIRECTLY (i.e. not via
488: * group memberships).
489: * @param securityAccess
490: * @param user
491: * @return the roles
492: *
493: * @throws GeneralSecurityException
494: */
495: Role[] getRolesForUser(SecurityAccess securityAccess, User user)
496: throws GeneralSecurityException;
497:
498: /**
499: * Retrieves all <code>Role</code> s from the <code>Registry</code> that
500: * are associated with a given <code>Group</code> DIRECTLY (i.e. not via
501: * group memberships).
502: * @param securityAccess
503: * @param group
504: * @return the roles
505: *
506: * @throws GeneralSecurityException
507: */
508: Role[] getRolesForGroup(SecurityAccess securityAccess, Group group)
509: throws GeneralSecurityException;
510:
511: /**
512: * Sets the <code>Role</code> s that a given <code>User</code> is
513: * directly associated to.
514: * @param transaction
515: * @param user
516: * @param roles
517: *
518: * @throws GeneralSecurityException
519: */
520: void setRolesForUser(SecurityTransaction transaction, User user,
521: Role[] roles) throws GeneralSecurityException;
522:
523: /**
524: * Sets the <code>Role</code> s that a given <code>Group</code> is
525: * associated to.
526: * @param transaction
527: * @param group
528: * @param roles
529: *
530: * @throws GeneralSecurityException
531: */
532: void setRolesForGroup(SecurityTransaction transaction, Group group,
533: Role[] roles) throws GeneralSecurityException;
534:
535: /**
536: * Adds a new <code>SecuredObject</code> to the <code>Registry</code>.
537: * @param transaction
538: * @param type
539: * @param name
540: * @param title
541: * @return the new object
542: *
543: * @throws GeneralSecurityException
544: * this is a <code>DuplicateException</code> if the object
545: * already existed
546: */
547: SecuredObject registerSecuredObject(
548: SecurityTransaction transaction, String type, String name,
549: String title) throws GeneralSecurityException;
550:
551: /**
552: * Removes an existing <code>SecuredObject</code> from the
553: * <code>Registry</code> (including its associated rights).
554: * @param transaction
555: * @param object
556: *
557: * @throws GeneralSecurityException
558: */
559: void deregisterSecuredObject(SecurityTransaction transaction,
560: SecuredObject object) throws GeneralSecurityException;
561:
562: /**
563: * Retrieves a <code>SecuredObject</code> from the <code>Registry</code>.
564: * @param securityAccess
565: * @param name
566: * @param type
567: * @return the object
568: *
569: * @throws GeneralSecurityException
570: * this is an <code>UnknownException</code> if the
571: * <code>SecuredObject</code> is not known to the
572: * <code>Registry</code>
573: */
574: SecuredObject getSecuredObjectByName(SecurityAccess securityAccess,
575: String name, String type) throws GeneralSecurityException;
576:
577: /**
578: * Retrieves all <code>SecuredObject</code> s from the
579: * <code>Registry</code> that have a certain namespace.
580: * @param securityAccess
581: * @param ns
582: * @param type
583: * @return the objects
584: *
585: * @throws GeneralSecurityException
586: */
587: SecuredObject[] getSecuredObjectsByNS(
588: SecurityAccess securityAccess, String ns, String type)
589: throws GeneralSecurityException;
590:
591: /**
592: * Retrieves a <code>SecuredObject</code> from the <code>Registry</code>.
593: * @param securityAccess
594: * @param id
595: * @return the object
596: *
597: * @throws GeneralSecurityException
598: * this is an <code>UnknownException</code> if the
599: * <code>SecuredObject</code> is not known to the
600: * <code>Registry</code>
601: */
602: SecuredObject getSecuredObjectById(SecurityAccess securityAccess,
603: int id) throws GeneralSecurityException;
604:
605: /**
606: * Retrieves all <code>SecuredObject</code> s from the
607: * <code>Registry</code>.
608: * @param securityAccess
609: * @param type
610: * @return the objects
611: *
612: * @throws GeneralSecurityException
613: */
614: SecuredObject[] getAllSecuredObjects(SecurityAccess securityAccess,
615: String type) throws GeneralSecurityException;
616:
617: /**
618: * Adds a new <code>Privilege</code> to the <code>Registry</code>.
619: * @param transaction
620: * @param name
621: * @return the privilege
622: *
623: * @throws GeneralSecurityException
624: * this is a <code>DuplicateException</code> if the
625: * <code>Privilege</code> already existed
626: */
627: Privilege registerPrivilege(SecurityTransaction transaction,
628: String name) throws GeneralSecurityException;
629:
630: /**
631: * Removes an existing</code> Privilege</code> from the <code>Registry
632: * </code> (including its relations).
633: * @param transaction
634: * @param privilege
635: *
636: * @throws GeneralSecurityException
637: */
638: void deregisterPrivilege(SecurityTransaction transaction,
639: Privilege privilege) throws GeneralSecurityException;
640:
641: /**
642: * Retrieves a <code>Privilege</code> from the <code>Registry</code>.
643: * @param securityAccess
644: * @param name
645: * @return the privilege
646: *
647: * @throws GeneralSecurityException
648: * this is an <code>UnknownException</code> if the privilege
649: * is not known to the <code>Registry</code>
650: */
651: Privilege getPrivilegeByName(SecurityAccess securityAccess,
652: String name) throws GeneralSecurityException;
653:
654: /**
655: * Retrieves all <code>Privileges</code> s from the <code>Registry</code>
656: * that are associated with a given <code>Role</code>.
657: * @param securityAccess
658: * @param role
659: * @return the privileges
660: *
661: * @throws GeneralSecurityException
662: */
663: Privilege[] getPrivilegesForRole(SecurityAccess securityAccess,
664: Role role) throws GeneralSecurityException;
665:
666: /**
667: * Sets all <code>Privilege</code> s that are associated with a given
668: * <code>Role</code>.
669: * @param transaction
670: * @param role
671: * @param privileges
672: *
673: * @throws GeneralSecurityException
674: */
675: void setPrivilegesForRole(SecurityTransaction transaction,
676: Role role, Privilege[] privileges)
677: throws GeneralSecurityException;
678:
679: /**
680: * Adds a new <code>RightType</code> to the <code>Registry</code>.
681: * @param transaction
682: * @param name
683: * @return the right type
684: *
685: * @throws GeneralSecurityException
686: * this is a <code>DuplicateException</code> if the
687: * <code>RightType</code> already existed
688: */
689: RightType registerRightType(SecurityTransaction transaction,
690: String name) throws GeneralSecurityException;
691:
692: /**
693: * Removes an existing <code>RightType</code> from the
694: * <code>Registry</code> (including its relations).
695: * @param transaction
696: * @param type
697: *
698: * @throws GeneralSecurityException
699: */
700: void deregisterRightType(SecurityTransaction transaction,
701: RightType type) throws GeneralSecurityException;
702:
703: /**
704: * Retrieves a <code>RightType</code> from the <code>Registry</code>.
705: * @param securityAccess
706: * @param name
707: * @return the right type
708: *
709: * @throws GeneralSecurityException
710: * this is an <code>UnknownException</code> if the
711: * <code>RightType</code> is not known to the
712: * <code>Registry</code>
713: */
714: RightType getRightTypeByName(SecurityAccess securityAccess,
715: String name) throws GeneralSecurityException;
716:
717: /**
718: * Retrieves the <code>Rights</code> from the <code>Registry</code> that
719: * are associated with a given <code>Role</code> and a
720: * <code>SecurableObject</code>.
721: * @param securityAccess
722: * @param object
723: * @param role
724: * @return the rights
725: *
726: * @throws GeneralSecurityException
727: */
728: Right[] getRights(SecurityAccess securityAccess,
729: SecurableObject object, Role role)
730: throws GeneralSecurityException;
731:
732: /**
733: * Sets the <code>Rights</code> to be associated with a given
734: * <code>Role</code> and <code>SecurableObject</code>.
735: * @param transaction
736: * @param object
737: * @param role
738: * @param rights
739: *
740: * @throws GeneralSecurityException
741: */
742: void setRights(SecurityTransaction transaction,
743: SecurableObject object, Role role, Right[] rights)
744: throws GeneralSecurityException;
745:
746: /**
747: * Sets one <code>Right</code> to be associated with a given
748: * <code>Role</code> and all given <code>SecurableObjects</code>.
749: * @param transaction
750: * @param objects
751: * @param role
752: * @param right
753: *
754: * @throws GeneralSecurityException
755: */
756: void setRights(SecurityTransaction transaction,
757: SecurableObject[] objects, Role role, Right right)
758: throws GeneralSecurityException;
759: }
|