001: /*--
002:
003: Copyright (C) 2002-2005 Adrian Price.
004: All rights reserved.
005:
006: Redistribution and use in source and binary forms, with or without
007: modification, are permitted provided that the following conditions
008: are met:
009:
010: 1. Redistributions of source code must retain the above copyright
011: notice, this list of conditions, and the following disclaimer.
012:
013: 2. Redistributions in binary form must reproduce the above copyright
014: notice, this list of conditions, and the disclaimer that follows
015: these conditions in the documentation and/or other materials
016: provided with the distribution.
017:
018: 3. The names "OBE" and "Open Business Engine" must not be used to
019: endorse or promote products derived from this software without prior
020: written permission. For written permission, please contact
021: adrianprice@sourceforge.net.
022:
023: 4. Products derived from this software may not be called "OBE" or
024: "Open Business Engine", nor may "OBE" or "Open Business Engine"
025: appear in their name, without prior written permission from
026: Adrian Price (adrianprice@users.sourceforge.net).
027:
028: THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
029: WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
030: OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
031: DISCLAIMED. IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT,
032: INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
033: (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
034: SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
035: HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
036: STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
037: IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
038: POSSIBILITY OF SUCH DAMAGE.
039:
040: For more information on OBE, please see
041: <http://obe.sourceforge.net/>.
042:
043: */
044:
045: package org.obe.spi.service;
046:
047: import org.obe.client.api.repository.ObjectNotFoundException;
048: import org.obe.client.api.repository.RepositoryException;
049: import org.obe.spi.WorkflowService;
050: import org.obe.spi.model.ProcessInstance;
051:
052: import java.security.Principal;
053:
054: /**
055: * Standard interface to a security realm. The security realm is used to
056: * resolve the abstract participants in the process definition into actual users
057: * and groups at runtime.
058: *
059: * @author Adrian Price
060: */
061: public interface SecurityRealm extends WorkflowService {
062: String SERVICE_NAME = "SecurityRealm";
063:
064: /**
065: * Bitmask value to select user principals.
066: */
067: int USER = 0x1;
068: /**
069: * Bitmask value to select group principals.
070: */
071: int GROUP = 0x2;
072:
073: /**
074: * An XPDL ExternalReference to the OBE security realm interface.
075: */
076: String XPDL_NAME = "obe:Realm";
077:
078: /**
079: * Finds the named Principal.
080: *
081: * @param name The unique Principal name.
082: * @return The Principal (or Group) as defined in the realm.
083: * @throws ObjectNotFoundException if a Principal with that name is not
084: * defined in the realm.
085: * @throws RepositoryException if any other error occurs.
086: */
087: Principal findPrincipal(String name) throws RepositoryException;
088:
089: /**
090: * Finds principals defined in the realm.
091: *
092: * @param mask Bitmask constructed by logically ORing {@link #USER}
093: * and {@link #GROUP}.
094: * @return An array of principals.
095: * @throws RepositoryException if any error occurs.
096: */
097: Principal[] findPrincipals(int mask) throws RepositoryException;
098:
099: /**
100: * Resolves an abstract participant into concrete security principals. If
101: * <code>name</code> resolves to a <code>java.security.acl.Group</code>,
102: * this group should be returned intact: group expansion will be performed
103: * by the caller, if necessary.
104: *
105: * @param name The participant name.
106: * @param processInstance The process instance within which to resolve the
107: * mapping. This parameter is present to enable implementations to provide
108: * process-instance-specific Role:Group mappings.
109: * @return The runtime Principals to which the performer is mapped.
110: * @throws ObjectNotFoundException if a Principal with that name is not
111: * defined in the realm.
112: * @throws RepositoryException if some other error occurred.
113: */
114: Principal[] resolveParticipants(String name,
115: ProcessInstance processInstance) throws RepositoryException;
116: }
|