001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */
017: package org.apache.jetspeed.security.spi;
018:
019: import java.util.Set;
020:
021: import org.apache.jetspeed.security.HierarchyResolver;
022: import org.apache.jetspeed.security.SecurityException;
023:
024: /**
025: * <p>
026: * This interface encapsulates the mapping between principals.
027: * </p>
028: * <p>
029: * This provides a central placeholder for changing the implementation
030: * of the mapping association between principals.
031: * </p>
032: *
033: * @author <a href="mailto:dlestrat@apache.org">David Le Strat </a>
034: */
035: public interface SecurityMappingHandler {
036:
037: /**
038: * <p>
039: * Gets the {@link HierarchyResolver} to be used for resolving role hierarchy.
040: * </p>
041: *
042: * @return The role {@link HierarchyResolver}.
043: */
044: HierarchyResolver getRoleHierarchyResolver();
045:
046: /**
047: * <p>
048: * Sets the {@link HierarchyResolver} to be used for resolving role hierachy.
049: * </p>
050: *
051: * @param roleHierarchyResolver The role {@link HierarchyResolver}.
052: */
053: void setRoleHierarchyResolver(
054: HierarchyResolver roleHierarchyResolver);
055:
056: /**
057: * <p>
058: * Gets the {@link HierarchyResolver} to be used for resolving group hierarchy.
059: * </p>
060: *
061: * @return The role {@link HierarchyResolver}.
062: */
063: HierarchyResolver getGroupHierarchyResolver();
064:
065: /**
066: * <p>
067: * Sets the {@link HierarchyResolver} used for resolving group hierarchy.
068: * </p>
069: *
070: * @param groupHierarchyResolver The group {@link HierarchyResolver}.
071: */
072: void setGroupHierarchyResolver(
073: HierarchyResolver groupHierarchyResolver);
074:
075: /**
076: * <p>
077: * Gets the role principals for the given user according to the relevant hierarchy
078: * resolution rules.
079: * </p>
080: *
081: * @param username The user name.
082: * @return A set of <code>Principal</p>
083: */
084: Set getRolePrincipals(String username);
085:
086: /**
087: * <p>
088: * Sets the role principal on a given user.
089: * Existence of the role or the user must be checked prior to invoking this method.
090: * If a principal does not exist in the security mapping store, it will be created for the purpose of
091: * security mapping only.
092: * </p>
093: *
094: * @param username The user to add the role principal to.
095: * @param roleFullPathName The full path of the role principal to add.
096: * @throws SecurityException Throws a {@link SecurityException}. An exeption needs to be
097: * thrown if the user does not exist.
098: */
099: void setUserPrincipalInRole(String username, String roleFullPathName)
100: throws SecurityException;
101:
102: /**
103: * <p>
104: * Removes the role principal on a given user.
105: * </p>
106: * <p>
107: * If a mapping only record does not have any mapping, this method will
108: * remove the record as well.
109: * </p>
110: *
111: * @param username The user to remove the role principal from.
112: * @param roleFullPathName The full path of the role principal to remove.
113: * @throws SecurityException Throws a {@link SecurityException}. An exeption needs to be
114: * thrown if the user does not exist.
115: */
116: void removeUserPrincipalInRole(String username,
117: String roleFullPathName) throws SecurityException;
118:
119: /**
120: * <p>
121: * Gets the role principals for the given group according to the relevant hierarchy
122: * resolution rules.
123: * </p>
124: *
125: * @param groupFullPathName The group full path name.
126: * @return A set of <code>Principal</p>
127: */
128: Set getRolePrincipalsInGroup(String groupFullPathName);
129:
130: /**
131: * <p>
132: * Sets the role principal on a given user.
133: * </p>
134: *
135: * @param groupFullPathName The group to add the role principal to.
136: * @param roleFullPathName The full path of the role principal to add.
137: * @throws SecurityException Throws a {@link SecurityException}. An exeption needs to be
138: * thrown if the group does not exist.
139: */
140: void setRolePrincipalInGroup(String groupFullPathName,
141: String roleFullPathName) throws SecurityException;
142:
143: /**
144: * <p>
145: * Removes the role principal on a given user.
146: * </p>
147: *
148: * @param groupFullPathName The group to remove the role principal from.
149: * @param roleFullPathName The full path of the role principal to remove.
150: * @throws SecurityException Throws a {@link SecurityException}. An exeption needs to be
151: * thrown if the group does not exist.
152: */
153: void removeRolePrincipalInGroup(String groupFullPathName,
154: String roleFullPathName) throws SecurityException;
155:
156: /**
157: * <p>
158: * Gets the group principals for the given user according to the relevant hierarchy
159: * resolution rules.
160: * </p>
161: *
162: * @param username The user name.
163: * @return A set of <code>GroupPrincipal</p>
164: */
165: Set getGroupPrincipals(String username);
166:
167: /**
168: * <p>
169: * Gets the group principals for the given role according to the relevant hierarchy
170: * resolution rules.
171: * </p>
172: *
173: * @param roleFullPathName The role full path name.
174: * @return A set of <code>Principal</p>
175: */
176: Set getGroupPrincipalsInRole(String roleFullPathName);
177:
178: /**
179: * <p>
180: * Gets the user principals for the given role according to the relevant hierarchy
181: * resolution rules.
182: * </p>
183: *
184: * @param roleFullPathName The role full path name.
185: * @return A set of <code>Principal</p>
186: */
187: Set getUserPrincipalsInRole(String roleFullPathName);
188:
189: /**
190: * <p>
191: * Gets the user principals for the given group according to the relevant hierarchy
192: * resolution rules.
193: * </p>
194: *
195: * @param groupFullPathName The group full path name.
196: * @return A set of <code>Principal</p>
197: */
198: Set getUserPrincipalsInGroup(String groupFullPathName);
199:
200: /**
201: * <p>
202: * Sets the user principal in the given group.
203: * </p>
204: * <p>
205: * Existence of the group or the user must be checked prior to invoking this method.
206: * If a principal does not exist in the security mapping store, it will be created for the purpose of
207: * security mapping only.
208: * </p>
209: *
210: * @param username The user to add to the group principal.
211: * @param groupFullPathName The full path of the group principal.
212: * @throws SecurityException Throws a {@link SecurityException}. An exeption needs to be
213: * thrown if the user does not exist.
214: */
215: void setUserPrincipalInGroup(String username,
216: String groupFullPathName) throws SecurityException;
217:
218: /**
219: * <p>
220: * Removes the user principal from the given group.
221: * </p>
222: *
223: * @param username The user to remove from the group principal.
224: * @param groupFullPathName The full path of the group principal.
225: * @throws SecurityException Throws a {@link SecurityException}. An exeption needs to be
226: * thrown if the user does not exist.
227: */
228: void removeUserPrincipalInGroup(String username,
229: String groupFullPathName) throws SecurityException;
230:
231: }
|