Class DefaultSecurityService
- java.lang.Object
-
- org.apache.turbine.services.BaseInitable
-
- org.apache.turbine.services.BaseService
-
- org.apache.turbine.services.TurbineBaseService
-
- org.apache.turbine.services.security.DefaultSecurityService
-
- All Implemented Interfaces:
Initable
,SecurityService
,Service
public class DefaultSecurityService extends TurbineBaseService implements SecurityService
This is a common subset of SecurityService implementation. Provided functionality includes:- methods for retrieving User objects, that delegates functionality to the pluggable implementations of the User interface.
- synchronization mechanism for methods reading/modifying the security information, that guarantees that multiple threads may read the information concurrently, but threads that modify the information acquires exclusive access.
- implementation of convenience methods for retrieving security entities that maintain in-memory caching of objects for fast access.
- Version:
- $Id$
- Author:
- Rafal Krzewski, Henning P. Schmiedehausen, Marco Knüttel, Quinton McCombs
-
-
Field Summary
-
Fields inherited from class org.apache.turbine.services.BaseService
configuration, name, serviceBroker
-
Fields inherited from class org.apache.turbine.services.BaseInitable
initableBroker, isInitialized
-
Fields inherited from interface org.apache.turbine.services.security.SecurityService
SERVICE_NAME, USER_MANAGER_DEFAULT, USER_MANAGER_KEY, USER_WRAPPER_DEFAULT, USER_WRAPPER_KEY
-
Fields inherited from interface org.apache.turbine.services.Service
SERVICE_NAME
-
-
Constructor Summary
Constructors Constructor Description DefaultSecurityService()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
accountExists(String userName)
Check whether a specified user's account exists.boolean
accountExists(User user)
Check whether a specified user's account exists.<G extends org.apache.fulcrum.security.entity.Group>
GaddGroup(G group)
Creates a new group with specified attributes.<P extends org.apache.fulcrum.security.entity.Permission>
PaddPermission(P permission)
Creates a new permission with specified attributes.<R extends org.apache.fulcrum.security.entity.Role>
RaddRole(R role)
Creates a new role with specified attributes.void
addUser(User user, String password)
Creates new user account with specified attributes.void
changePassword(User user, String oldPassword, String newPassword)
Change the password for an User.void
forcePassword(User user, String password)
Forcibly sets new password for an User.<A extends org.apache.fulcrum.security.acl.AccessControlList>
AgetACL(User user)
Constructs an AccessControlList for a specific user.org.apache.fulcrum.security.util.GroupSet
getAllGroups()
Retrieves all groups defined in the system.org.apache.fulcrum.security.util.PermissionSet
getAllPermissions()
Retrieves all permissions defined in the system.org.apache.fulcrum.security.util.RoleSet
getAllRoles()
Retrieves all roles defined in the system.<U extends User>
UgetAnonymousUser()
Constructs an User object to represent an anonymous user of the application.<U extends User>
UgetAuthenticatedUser(String username, String password)
Retrieves a User object representing an individual who has properly identified themselves with their verified username and password<G extends org.apache.fulcrum.security.entity.Group>
GgetGlobalGroup()
Provides a reference to the Group object that represents the global group.<G extends org.apache.fulcrum.security.entity.Group>
GgetGroupById(int id)
Retrieve a Group object with specified Id.<G extends org.apache.fulcrum.security.entity.Group>
GgetGroupByName(String name)
Retrieve a Group object with specified name.<G extends org.apache.fulcrum.security.entity.Group>
GgetGroupInstance()
Construct a blank Group object.<G extends org.apache.fulcrum.security.entity.Group>
GgetGroupInstance(String groupName)
Construct a blank Group object.<P extends org.apache.fulcrum.security.entity.Permission>
PgetPermissionById(int id)
Retrieve a Permission object with specified Id.<P extends org.apache.fulcrum.security.entity.Permission>
PgetPermissionByName(String name)
Retrieve a Permission object with specified name.<P extends org.apache.fulcrum.security.entity.Permission>
PgetPermissionInstance()
Construct a blank Permission object.<P extends org.apache.fulcrum.security.entity.Permission>
PgetPermissionInstance(String permName)
Construct a blank Permission object.org.apache.fulcrum.security.util.PermissionSet
getPermissions(org.apache.fulcrum.security.entity.Role role)
Retrieves all permissions associated with a role.<R extends org.apache.fulcrum.security.entity.Role>
RgetRoleById(int id)
Retrieve a Role object with specified Id.<R extends org.apache.fulcrum.security.entity.Role>
RgetRoleByName(String name)
Retrieve a Role object with specified name.<R extends org.apache.fulcrum.security.entity.Role>
RgetRoleInstance()
Construct a blank Role object.<R extends org.apache.fulcrum.security.entity.Role>
RgetRoleInstance(String roleName)
Construct a blank Role object.<U extends User>
UgetUser(String username)
Constructs an User object to represent a registered user of the application.<U extends User>
UgetUserInstance()
Construct a blank User object.<U extends User>
UgetUserInstance(String userName)
Construct a blank User object.UserManager
getUserManager()
Returns the configured UserManager.void
grant(org.apache.fulcrum.security.entity.Role role, org.apache.fulcrum.security.entity.Permission permission)
Grants a Role a Permissionvoid
grant(User user, org.apache.fulcrum.security.entity.Group group, org.apache.fulcrum.security.entity.Role role)
Grant an User a Role in a Group.void
init()
Initializes the SecurityService, locating the appropriate UserManager This is a zero parameter variant which queries the Turbine Servlet for its config.boolean
isAnonymousUser(User user)
Checks whether a passed user object matches the anonymous user pattern according to the configured user managerprotected void
lockExclusive()
Acquire an exclusive lock on the security information repository.protected void
lockShared()
Acquire a shared lock on the security information repository.void
removeGroup(org.apache.fulcrum.security.entity.Group group)
Removes a Group from the system.void
removePermission(org.apache.fulcrum.security.entity.Permission permission)
Removes a Permission from the system.void
removeRole(org.apache.fulcrum.security.entity.Role role)
Removes a Role from the system.void
removeUser(User user)
Removes an user account from the system.void
renameGroup(org.apache.fulcrum.security.entity.Group group, String name)
Renames an existing Group.void
renamePermission(org.apache.fulcrum.security.entity.Permission permission, String name)
Renames an existing Permission.void
renameRole(org.apache.fulcrum.security.entity.Role role, String name)
Renames an existing Role.void
replaceRole(User user, org.apache.fulcrum.security.entity.Role role, org.apache.fulcrum.security.entity.Role newRole)
Replaces transactionally the first role with second role for the given user.void
revoke(org.apache.fulcrum.security.entity.Role role, org.apache.fulcrum.security.entity.Permission permission)
Revokes a Permission from a Role.void
revoke(User user, org.apache.fulcrum.security.entity.Group group, org.apache.fulcrum.security.entity.Role role)
Revoke a Role in a Group from an User.void
revokeAll(org.apache.fulcrum.security.entity.Role role)
Revokes all permissions from a Role.void
revokeAll(org.apache.fulcrum.security.entity.Role role, boolean cascadeDelete)
Revokes by default all permissions from a Role and if flag is set all group and user relationships with this role This method is used when deleting a Role.void
revokeAll(User user)
Revokes all roles from an User.void
saveOnSessionUnbind(User user)
Saves User data when the session is unbound.void
saveUser(User user)
Saves User's data in the permanent storage.protected void
unlockExclusive()
Release an exclusive lock on the security information repository.protected void
unlockShared()
Release a shared lock on the security information repository.-
Methods inherited from class org.apache.turbine.services.TurbineBaseService
init, init, shutdown
-
Methods inherited from class org.apache.turbine.services.BaseService
getConfiguration, getName, getProperties, getServiceBroker, setName, setServiceBroker
-
Methods inherited from class org.apache.turbine.services.BaseInitable
getInit, getInitableBroker, setInit, setInitableBroker
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.apache.turbine.services.Initable
getInit, init, setInitableBroker, shutdown
-
Methods inherited from interface org.apache.turbine.services.Service
getConfiguration, getName, getProperties, setName, setServiceBroker
-
-
-
-
Constructor Detail
-
DefaultSecurityService
public DefaultSecurityService()
-
-
Method Detail
-
init
public void init() throws InitializationException
Initializes the SecurityService, locating the appropriate UserManager This is a zero parameter variant which queries the Turbine Servlet for its config.- Specified by:
init
in interfaceInitable
- Overrides:
init
in classTurbineBaseService
- Throws:
InitializationException
- Something went wrong in the init stage
-
getUserInstance
public <U extends User> U getUserInstance() throws org.apache.fulcrum.security.util.UnknownEntityException
Construct a blank User object.- Specified by:
getUserInstance
in interfaceSecurityService
- Type Parameters:
U
- user class- Returns:
- an object implementing User interface.
- Throws:
org.apache.fulcrum.security.util.UnknownEntityException
- if the object could not be instantiated.
-
getUserInstance
public <U extends User> U getUserInstance(String userName) throws org.apache.fulcrum.security.util.UnknownEntityException
Construct a blank User object.- Specified by:
getUserInstance
in interfaceSecurityService
- Type Parameters:
U
- user class- Parameters:
userName
- The name of the user.- Returns:
- an object implementing User interface.
- Throws:
org.apache.fulcrum.security.util.UnknownEntityException
- if the object could not be instantiated.
-
getGroupInstance
public <G extends org.apache.fulcrum.security.entity.Group> G getGroupInstance() throws org.apache.fulcrum.security.util.UnknownEntityException
Construct a blank Group object.- Specified by:
getGroupInstance
in interfaceSecurityService
- Type Parameters:
G
- group class- Returns:
- an object implementing Group interface.
- Throws:
org.apache.fulcrum.security.util.UnknownEntityException
- if the object could not be instantiated.
-
getGroupInstance
public <G extends org.apache.fulcrum.security.entity.Group> G getGroupInstance(String groupName) throws org.apache.fulcrum.security.util.UnknownEntityException
Construct a blank Group object.- Specified by:
getGroupInstance
in interfaceSecurityService
- Type Parameters:
G
- group class- Parameters:
groupName
- The name of the Group- Returns:
- an object implementing Group interface.
- Throws:
org.apache.fulcrum.security.util.UnknownEntityException
- if the object could not be instantiated.
-
getPermissionInstance
public <P extends org.apache.fulcrum.security.entity.Permission> P getPermissionInstance() throws org.apache.fulcrum.security.util.UnknownEntityException
Construct a blank Permission object.- Specified by:
getPermissionInstance
in interfaceSecurityService
- Type Parameters:
P
- permission class- Returns:
- an object implementing Permission interface.
- Throws:
org.apache.fulcrum.security.util.UnknownEntityException
- if the object could not be instantiated.
-
getPermissionInstance
public <P extends org.apache.fulcrum.security.entity.Permission> P getPermissionInstance(String permName) throws org.apache.fulcrum.security.util.UnknownEntityException
Construct a blank Permission object.- Specified by:
getPermissionInstance
in interfaceSecurityService
- Type Parameters:
P
- permission class- Parameters:
permName
- The name of the permission.- Returns:
- an object implementing Permission interface.
- Throws:
org.apache.fulcrum.security.util.UnknownEntityException
- if the object could not be instantiated.
-
getRoleInstance
public <R extends org.apache.fulcrum.security.entity.Role> R getRoleInstance() throws org.apache.fulcrum.security.util.UnknownEntityException
Construct a blank Role object.- Specified by:
getRoleInstance
in interfaceSecurityService
- Type Parameters:
R
- role class- Returns:
- an object implementing Role interface.
- Throws:
org.apache.fulcrum.security.util.UnknownEntityException
- if the object could not be instantiated.
-
getRoleInstance
public <R extends org.apache.fulcrum.security.entity.Role> R getRoleInstance(String roleName) throws org.apache.fulcrum.security.util.UnknownEntityException
Construct a blank Role object.- Specified by:
getRoleInstance
in interfaceSecurityService
- Type Parameters:
R
- role class- Parameters:
roleName
- The name of the role.- Returns:
- an object implementing Role interface.
- Throws:
org.apache.fulcrum.security.util.UnknownEntityException
- if the object could not be instantiated.
-
getUserManager
public UserManager getUserManager()
Returns the configured UserManager.- Specified by:
getUserManager
in interfaceSecurityService
- Returns:
- An UserManager object
-
accountExists
public boolean accountExists(User user) throws org.apache.fulcrum.security.util.DataBackendException
Check whether a specified user's account exists. The login name is used for looking up the account.- Specified by:
accountExists
in interfaceSecurityService
- Parameters:
user
- The user to be checked.- Returns:
- true if the specified account exists
- Throws:
org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data backend.
-
accountExists
public boolean accountExists(String userName) throws org.apache.fulcrum.security.util.DataBackendException
Check whether a specified user's account exists. The login name is used for looking up the account.- Specified by:
accountExists
in interfaceSecurityService
- Parameters:
userName
- The name of the user to be checked.- Returns:
- true if the specified account exists
- Throws:
org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data backend.
-
getAuthenticatedUser
public <U extends User> U getAuthenticatedUser(String username, String password) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException, org.apache.fulcrum.security.util.PasswordMismatchException
Retrieves a User object representing an individual who has properly identified themselves with their verified username and password- Specified by:
getAuthenticatedUser
in interfaceSecurityService
- Type Parameters:
U
- user class- Parameters:
username
- The user name.password
- The user password.- Returns:
- An authenticated Turbine User.
- Throws:
org.apache.fulcrum.security.util.PasswordMismatchException
- if the supplied password was incorrect.org.apache.fulcrum.security.util.UnknownEntityException
- if the user's account does not exist in the database.org.apache.fulcrum.security.util.DataBackendException
- if there is a problem accessing the storage.
-
getUser
public <U extends User> U getUser(String username) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
Constructs an User object to represent a registered user of the application. This method does not authenticate that the proper credentials were supplied (see @link #getAuthenticatedUser()})- Specified by:
getUser
in interfaceSecurityService
- Type Parameters:
U
- user class- Parameters:
username
- The user name.- Returns:
- A Turbine User.
- Throws:
org.apache.fulcrum.security.util.UnknownEntityException
- if the user's account does not existorg.apache.fulcrum.security.util.DataBackendException
- if there is a problem accessing the storage.
-
getAnonymousUser
public <U extends User> U getAnonymousUser() throws org.apache.fulcrum.security.util.UnknownEntityException
Constructs an User object to represent an anonymous user of the application.- Specified by:
getAnonymousUser
in interfaceSecurityService
- Type Parameters:
U
- user class- Returns:
- An anonymous Turbine User.
- Throws:
org.apache.fulcrum.security.util.UnknownEntityException
- if the implementation of User interface could not be determined, or does not exist.
-
isAnonymousUser
public boolean isAnonymousUser(User user)
Checks whether a passed user object matches the anonymous user pattern according to the configured user manager- Specified by:
isAnonymousUser
in interfaceSecurityService
- Parameters:
user
- An user object- Returns:
- True if this is an anonymous user
-
saveUser
public void saveUser(User user) throws org.apache.fulcrum.security.util.UnknownEntityException, org.apache.fulcrum.security.util.DataBackendException
Saves User's data in the permanent storage. The user account is required to exist in the storage.- Specified by:
saveUser
in interfaceSecurityService
- Parameters:
user
- the User object to save- Throws:
org.apache.fulcrum.security.util.UnknownEntityException
- if the user's account does not exist in the database.org.apache.fulcrum.security.util.DataBackendException
- if there is a problem accessing the storage.
-
saveOnSessionUnbind
public void saveOnSessionUnbind(User user) throws org.apache.fulcrum.security.util.UnknownEntityException, org.apache.fulcrum.security.util.DataBackendException
Saves User data when the session is unbound. The user account is required to exist in the storage. LastLogin, AccessCounter, persistent pull tools, and any data stored in the permData hashmap that is not mapped to a column will be saved.- Specified by:
saveOnSessionUnbind
in interfaceSecurityService
- Parameters:
user
- the user object- Throws:
org.apache.fulcrum.security.util.UnknownEntityException
- if the user's account does not exist in the database.org.apache.fulcrum.security.util.DataBackendException
- if there is a problem accessing the storage.
-
addUser
public void addUser(User user, String password) throws org.apache.fulcrum.security.util.UnknownEntityException, org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.EntityExistsException
Creates new user account with specified attributes.- Specified by:
addUser
in interfaceSecurityService
- Parameters:
user
- the object describing account to be created.password
- The password to use for the account.- Throws:
org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data backend.org.apache.fulcrum.security.util.EntityExistsException
- if the user account already exists.org.apache.fulcrum.security.util.UnknownEntityException
- if the provided user does not exist (is null)
-
removeUser
public void removeUser(User user) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
Removes an user account from the system.- Specified by:
removeUser
in interfaceSecurityService
- Parameters:
user
- the object describing the account to be removed.- Throws:
org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data backend.org.apache.fulcrum.security.util.UnknownEntityException
- if the user account is not present.
-
changePassword
public void changePassword(User user, String oldPassword, String newPassword) throws org.apache.fulcrum.security.util.PasswordMismatchException, org.apache.fulcrum.security.util.UnknownEntityException, org.apache.fulcrum.security.util.DataBackendException
Change the password for an User.- Specified by:
changePassword
in interfaceSecurityService
- Parameters:
user
- an User to change password for.oldPassword
- the current password supplied by the user.newPassword
- the current password requested by the user.- Throws:
org.apache.fulcrum.security.util.PasswordMismatchException
- if the supplied password was incorrect.org.apache.fulcrum.security.util.UnknownEntityException
- if the user's record does not exist in the database.org.apache.fulcrum.security.util.DataBackendException
- if there is a problem accessing the storage.
-
forcePassword
public void forcePassword(User user, String password) throws org.apache.fulcrum.security.util.UnknownEntityException, org.apache.fulcrum.security.util.DataBackendException
Forcibly sets new password for an User. This is supposed by the administrator to change the forgotten or compromised passwords. Certain implementatations of this feature would require administrative level access to the authenticating server / program.- Specified by:
forcePassword
in interfaceSecurityService
- Parameters:
user
- an User to change password for.password
- the new password.- Throws:
org.apache.fulcrum.security.util.UnknownEntityException
- if the user's record does not exist in the database.org.apache.fulcrum.security.util.DataBackendException
- if there is a problem accessing the storage.
-
lockShared
protected void lockShared()
Acquire a shared lock on the security information repository. Methods that read security information need to invoke this method at the beginning of their body.
-
unlockShared
protected void unlockShared()
Release a shared lock on the security information repository. Methods that read security information need to invoke this method at the end of their body.
-
lockExclusive
protected void lockExclusive()
Acquire an exclusive lock on the security information repository. Methods that modify security information need to invoke this method at the beginning of their body. Note! Those methods must besynchronized
themselves!
-
unlockExclusive
protected void unlockExclusive()
Release an exclusive lock on the security information repository. This method is provided only for completeness. It does not really do anything. Note! Methods that modify security information must besynchronized
!
-
getGlobalGroup
public <G extends org.apache.fulcrum.security.entity.Group> G getGlobalGroup()
Provides a reference to the Group object that represents the global group.- Specified by:
getGlobalGroup
in interfaceSecurityService
- Type Parameters:
G
- group class- Returns:
- a Group object that represents the global group.
-
getGroupByName
public <G extends org.apache.fulcrum.security.entity.Group> G getGroupByName(String name) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
Retrieve a Group object with specified name.- Specified by:
getGroupByName
in interfaceSecurityService
- Type Parameters:
G
- group class- Parameters:
name
- the name of the Group.- Returns:
- an object representing the Group with specified name.
- Throws:
org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data backend.org.apache.fulcrum.security.util.UnknownEntityException
- if the group does not exist.
-
getGroupById
public <G extends org.apache.fulcrum.security.entity.Group> G getGroupById(int id) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
Retrieve a Group object with specified Id.- Specified by:
getGroupById
in interfaceSecurityService
- Type Parameters:
G
- group class- Parameters:
id
- the id of the Group.- Returns:
- an object representing the Group with specified name.
- Throws:
org.apache.fulcrum.security.util.UnknownEntityException
- if the permission does not exist in the database.org.apache.fulcrum.security.util.DataBackendException
- if there is a problem accessing the storage.
-
getRoleByName
public <R extends org.apache.fulcrum.security.entity.Role> R getRoleByName(String name) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
Retrieve a Role object with specified name.- Specified by:
getRoleByName
in interfaceSecurityService
- Type Parameters:
R
- role class- Parameters:
name
- the name of the Role.- Returns:
- an object representing the Role with specified name.
- Throws:
org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data backend.org.apache.fulcrum.security.util.UnknownEntityException
- if the role does not exist.
-
getRoleById
public <R extends org.apache.fulcrum.security.entity.Role> R getRoleById(int id) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
Retrieve a Role object with specified Id.- Specified by:
getRoleById
in interfaceSecurityService
- Type Parameters:
R
- role class- Parameters:
id
- the id of the Role.- Returns:
- an object representing the Role with specified name.
- Throws:
org.apache.fulcrum.security.util.UnknownEntityException
- if the permission does not exist in the database.org.apache.fulcrum.security.util.DataBackendException
- if there is a problem accessing the storage.
-
getPermissionByName
public <P extends org.apache.fulcrum.security.entity.Permission> P getPermissionByName(String name) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
Retrieve a Permission object with specified name.- Specified by:
getPermissionByName
in interfaceSecurityService
- Type Parameters:
P
- permission class- Parameters:
name
- the name of the Permission.- Returns:
- an object representing the Permission with specified name.
- Throws:
org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data backend.org.apache.fulcrum.security.util.UnknownEntityException
- if the permission does not exist.
-
getPermissionById
public <P extends org.apache.fulcrum.security.entity.Permission> P getPermissionById(int id) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
Retrieve a Permission object with specified Id.- Specified by:
getPermissionById
in interfaceSecurityService
- Type Parameters:
P
- permission class- Parameters:
id
- the id of the Permission.- Returns:
- an object representing the Permission with specified name.
- Throws:
org.apache.fulcrum.security.util.UnknownEntityException
- if the permission does not exist in the database.org.apache.fulcrum.security.util.DataBackendException
- if there is a problem accessing the storage.
-
getAllGroups
public org.apache.fulcrum.security.util.GroupSet getAllGroups() throws org.apache.fulcrum.security.util.DataBackendException
Retrieves all groups defined in the system.- Specified by:
getAllGroups
in interfaceSecurityService
- Returns:
- the names of all groups defined in the system.
- Throws:
org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data backend.
-
getAllRoles
public org.apache.fulcrum.security.util.RoleSet getAllRoles() throws org.apache.fulcrum.security.util.DataBackendException
Retrieves all roles defined in the system.- Specified by:
getAllRoles
in interfaceSecurityService
- Returns:
- the names of all roles defined in the system.
- Throws:
org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data backend.
-
getAllPermissions
public org.apache.fulcrum.security.util.PermissionSet getAllPermissions() throws org.apache.fulcrum.security.util.DataBackendException
Retrieves all permissions defined in the system.- Specified by:
getAllPermissions
in interfaceSecurityService
- Returns:
- the names of all roles defined in the system.
- Throws:
org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data backend.
-
getACL
public <A extends org.apache.fulcrum.security.acl.AccessControlList> A getACL(User user) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
Constructs an AccessControlList for a specific user.- Specified by:
getACL
in interfaceSecurityService
- Type Parameters:
A
- ACL class- Parameters:
user
- the user for whom the AccessControlList are to be retrieved- Returns:
- The AccessControList object constructed from the user object.
- Throws:
org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data backend.org.apache.fulcrum.security.util.UnknownEntityException
- if user account is not present.
-
grant
public void grant(User user, org.apache.fulcrum.security.entity.Group group, org.apache.fulcrum.security.entity.Role role) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
Grant an User a Role in a Group.- Specified by:
grant
in interfaceSecurityService
- Parameters:
user
- the user.group
- the group.role
- the role.- Throws:
org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data backend.org.apache.fulcrum.security.util.UnknownEntityException
- if user account, group or role is not present.
-
revoke
public void revoke(User user, org.apache.fulcrum.security.entity.Group group, org.apache.fulcrum.security.entity.Role role) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
Revoke a Role in a Group from an User.- Specified by:
revoke
in interfaceSecurityService
- Parameters:
user
- the user.group
- the group.role
- the role.- Throws:
org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data backend.org.apache.fulcrum.security.util.UnknownEntityException
- if user account, group or role is not present.
-
replaceRole
public void replaceRole(User user, org.apache.fulcrum.security.entity.Role role, org.apache.fulcrum.security.entity.Role newRole) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
Replaces transactionally the first role with second role for the given user.- Specified by:
replaceRole
in interfaceSecurityService
- Parameters:
user
- the user.role
- the old rolenewRole
- the new role- Throws:
org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data backend.org.apache.fulcrum.security.util.UnknownEntityException
- if user account, group or role is not present.
-
revokeAll
public void revokeAll(User user) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
Revokes all roles from an User. This method is used when deleting an account.- Specified by:
revokeAll
in interfaceSecurityService
- Parameters:
user
- the User.- Throws:
org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data backend.org.apache.fulcrum.security.util.UnknownEntityException
- if the account is not present.
-
grant
public void grant(org.apache.fulcrum.security.entity.Role role, org.apache.fulcrum.security.entity.Permission permission) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
Grants a Role a Permission- Specified by:
grant
in interfaceSecurityService
- Parameters:
role
- the Role.permission
- the Permission.- Throws:
org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data backend.org.apache.fulcrum.security.util.UnknownEntityException
- if role or permission is not present.
-
revoke
public void revoke(org.apache.fulcrum.security.entity.Role role, org.apache.fulcrum.security.entity.Permission permission) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
Revokes a Permission from a Role.- Specified by:
revoke
in interfaceSecurityService
- Parameters:
role
- the Role.permission
- the Permission.- Throws:
org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data backend.org.apache.fulcrum.security.util.UnknownEntityException
- if role or permission is not present.
-
revokeAll
public void revokeAll(org.apache.fulcrum.security.entity.Role role) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
Revokes all permissions from a Role. This method is used when deleting a Role.- Specified by:
revokeAll
in interfaceSecurityService
- Parameters:
role
- the Role- Throws:
org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data backend.org.apache.fulcrum.security.util.UnknownEntityException
- if the Role is not present.
-
revokeAll
public void revokeAll(org.apache.fulcrum.security.entity.Role role, boolean cascadeDelete) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
Revokes by default all permissions from a Role and if flag is set all group and user relationships with this role This method is used when deleting a Role.- Specified by:
revokeAll
in interfaceSecurityService
- Parameters:
role
- the RolecascadeDelete
- iftrue
removes all groups and user for this role.- Throws:
org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data backend.org.apache.fulcrum.security.util.UnknownEntityException
- if the Role is not present.
-
getPermissions
public org.apache.fulcrum.security.util.PermissionSet getPermissions(org.apache.fulcrum.security.entity.Role role) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
Retrieves all permissions associated with a role.- Specified by:
getPermissions
in interfaceSecurityService
- Parameters:
role
- the role name, for which the permissions are to be retrieved.- Returns:
- the Permissions for the specified role
- Throws:
org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data backend.org.apache.fulcrum.security.util.UnknownEntityException
- if the role is not present.
-
addGroup
public <G extends org.apache.fulcrum.security.entity.Group> G addGroup(G group) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.EntityExistsException
Creates a new group with specified attributes.- Specified by:
addGroup
in interfaceSecurityService
- Type Parameters:
G
- group class- Parameters:
group
- the object describing the group to be created.- Returns:
- the new Group object.
- Throws:
org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data backend.org.apache.fulcrum.security.util.EntityExistsException
- if the group already exists.
-
addRole
public <R extends org.apache.fulcrum.security.entity.Role> R addRole(R role) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.EntityExistsException
Creates a new role with specified attributes.- Specified by:
addRole
in interfaceSecurityService
- Type Parameters:
R
- role class- Parameters:
role
- the objects describing the role to be created.- Returns:
- the new Role object.
- Throws:
org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data backend.org.apache.fulcrum.security.util.EntityExistsException
- if the role already exists.
-
addPermission
public <P extends org.apache.fulcrum.security.entity.Permission> P addPermission(P permission) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.EntityExistsException
Creates a new permission with specified attributes.- Specified by:
addPermission
in interfaceSecurityService
- Type Parameters:
P
- permission class- Parameters:
permission
- the objects describing the permission to be created.- Returns:
- the new Permission object.
- Throws:
org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data backend.org.apache.fulcrum.security.util.EntityExistsException
- if the permission already exists.
-
removeGroup
public void removeGroup(org.apache.fulcrum.security.entity.Group group) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
Removes a Group from the system.- Specified by:
removeGroup
in interfaceSecurityService
- Parameters:
group
- the object describing group to be removed.- Throws:
org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data backend.org.apache.fulcrum.security.util.UnknownEntityException
- if the group does not exist.
-
removeRole
public void removeRole(org.apache.fulcrum.security.entity.Role role) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
Removes a Role from the system.- Specified by:
removeRole
in interfaceSecurityService
- Parameters:
role
- The object describing the role to be removed.- Throws:
org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data backend.org.apache.fulcrum.security.util.UnknownEntityException
- if the role does not exist.
-
removePermission
public void removePermission(org.apache.fulcrum.security.entity.Permission permission) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
Removes a Permission from the system.- Specified by:
removePermission
in interfaceSecurityService
- Parameters:
permission
- The object describing the permission to be removed.- Throws:
org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data backend.org.apache.fulcrum.security.util.UnknownEntityException
- if the permission does not exist.
-
renameGroup
public void renameGroup(org.apache.fulcrum.security.entity.Group group, String name) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
Renames an existing Group.- Specified by:
renameGroup
in interfaceSecurityService
- Parameters:
group
- The object describing the group to be renamed.name
- the new name for the group.- Throws:
org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data backend.org.apache.fulcrum.security.util.UnknownEntityException
- if the group does not exist.
-
renameRole
public void renameRole(org.apache.fulcrum.security.entity.Role role, String name) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
Renames an existing Role.- Specified by:
renameRole
in interfaceSecurityService
- Parameters:
role
- The object describing the role to be renamed.name
- the new name for the role.- Throws:
org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data backend.org.apache.fulcrum.security.util.UnknownEntityException
- if the role does not exist.
-
renamePermission
public void renamePermission(org.apache.fulcrum.security.entity.Permission permission, String name) throws org.apache.fulcrum.security.util.DataBackendException, org.apache.fulcrum.security.util.UnknownEntityException
Renames an existing Permission.- Specified by:
renamePermission
in interfaceSecurityService
- Parameters:
permission
- The object describing the permission to be renamed.name
- the new name for the permission.- Throws:
org.apache.fulcrum.security.util.DataBackendException
- if there was an error accessing the data backend.org.apache.fulcrum.security.util.UnknownEntityException
- if the permission does not exist.
-
-