Package org.apache.turbine.services.security

Class DefaultSecurityService

  • All Implemented Interfaces:
    Initable, SecurityService, Service
    public class DefaultSecurityService
extends TurbineBaseService
implements SecurityService
    This is a common subset of SecurityService implementation. Provided functionality includes:
    • methods for retrieving User objects, that delegates functionality to the pluggable implementations of the User interface.
    • synchronization mechanism for methods reading/modifying the security information, that guarantees that multiple threads may read the information concurrently, but threads that modify the information acquires exclusive access.
    • implementation of convenience methods for retrieving security entities that maintain in-memory caching of objects for fast access.
    Version:
    $Id$
    Author:
    Rafal Krzewski, Henning P. Schmiedehausen, Marco Knüttel, Quinton McCombs

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      boolean accountExists​(String userName)
      Check whether a specified user's account exists.
      boolean accountExists​(User user)
      Check whether a specified user's account exists.
      <G extends org.apache.fulcrum.security.entity.Group>
      G      		 addGroup​(G group)
      Creates a new group with specified attributes.
      <P extends org.apache.fulcrum.security.entity.Permission>
      P      		 addPermission​(P permission)
      Creates a new permission with specified attributes.
      <R extends org.apache.fulcrum.security.entity.Role>
      R      		 addRole​(R role)
      Creates a new role with specified attributes.
      void addUser​(User user, String password)
      Creates new user account with specified attributes.
      void changePassword​(User user, String oldPassword, String newPassword)
      Change the password for an User.
      void forcePassword​(User user, String password)
      Forcibly sets new password for an User.
      <A extends org.apache.fulcrum.security.acl.AccessControlList>
      A      		 getACL​(User user)
      Constructs an AccessControlList for a specific user.
      org.apache.fulcrum.security.util.GroupSet getAllGroups()
      Retrieves all groups defined in the system.
      org.apache.fulcrum.security.util.PermissionSet getAllPermissions()
      Retrieves all permissions defined in the system.
      org.apache.fulcrum.security.util.RoleSet getAllRoles()
      Retrieves all roles defined in the system.
      <U extends User>
      U      		 getAnonymousUser()
      Constructs an User object to represent an anonymous user of the application.
      <U extends User>
      U      		 getAuthenticatedUser​(String username, String password)
      Retrieves a User object representing an individual who has properly identified themselves with their verified username and password
      <G extends org.apache.fulcrum.security.entity.Group>
      G      		 getGlobalGroup()
      Provides a reference to the Group object that represents the global group.
      <G extends org.apache.fulcrum.security.entity.Group>
      G      		 getGroupById​(int id)
      Retrieve a Group object with specified Id.
      <G extends org.apache.fulcrum.security.entity.Group>
      G      		 getGroupByName​(String name)
      Retrieve a Group object with specified name.
      <G extends org.apache.fulcrum.security.entity.Group>
      G      		 getGroupInstance()
      Construct a blank Group object.
      <G extends org.apache.fulcrum.security.entity.Group>
      G      		 getGroupInstance​(String groupName)
      Construct a blank Group object.
      <P extends org.apache.fulcrum.security.entity.Permission>
      P      		 getPermissionById​(int id)
      Retrieve a Permission object with specified Id.
      <P extends org.apache.fulcrum.security.entity.Permission>
      P      		 getPermissionByName​(String name)
      Retrieve a Permission object with specified name.
      <P extends org.apache.fulcrum.security.entity.Permission>
      P      		 getPermissionInstance()
      Construct a blank Permission object.
      <P extends org.apache.fulcrum.security.entity.Permission>
      P      		 getPermissionInstance​(String permName)
      Construct a blank Permission object.
      org.apache.fulcrum.security.util.PermissionSet getPermissions​(org.apache.fulcrum.security.entity.Role role)
      Retrieves all permissions associated with a role.
      <R extends org.apache.fulcrum.security.entity.Role>
      R      		 getRoleById​(int id)
      Retrieve a Role object with specified Id.
      <R extends org.apache.fulcrum.security.entity.Role>
      R      		 getRoleByName​(String name)
      Retrieve a Role object with specified name.
      <R extends org.apache.fulcrum.security.entity.Role>
      R      		 getRoleInstance()
      Construct a blank Role object.
      <R extends org.apache.fulcrum.security.entity.Role>
      R      		 getRoleInstance​(String roleName)
      Construct a blank Role object.
      <U extends User>
      U      		 getUser​(String username)
      Constructs an User object to represent a registered user of the application.
      <U extends User>
      U      		 getUserInstance()
      Construct a blank User object.
      <U extends User>
      U      		 getUserInstance​(String userName)
      Construct a blank User object.
      UserManager getUserManager()
      Returns the configured UserManager.
      void grant​(org.apache.fulcrum.security.entity.Role role, org.apache.fulcrum.security.entity.Permission permission)
      Grants a Role a Permission
      void grant​(User user, org.apache.fulcrum.security.entity.Group group, org.apache.fulcrum.security.entity.Role role)
      Grant an User a Role in a Group.
      void init()
      Initializes the SecurityService, locating the appropriate UserManager This is a zero parameter variant which queries the Turbine Servlet for its config.
      boolean isAnonymousUser​(User user)
      Checks whether a passed user object matches the anonymous user pattern according to the configured user manager
      protected void lockExclusive()
      Acquire an exclusive lock on the security information repository.
      protected void lockShared()
      Acquire a shared lock on the security information repository.
      void removeGroup​(org.apache.fulcrum.security.entity.Group group)
      Removes a Group from the system.
      void removePermission​(org.apache.fulcrum.security.entity.Permission permission)
      Removes a Permission from the system.
      void removeRole​(org.apache.fulcrum.security.entity.Role role)
      Removes a Role from the system.
      void removeUser​(User user)
      Removes an user account from the system.
      void renameGroup​(org.apache.fulcrum.security.entity.Group group, String name)
      Renames an existing Group.
      void renamePermission​(org.apache.fulcrum.security.entity.Permission permission, String name)
      Renames an existing Permission.
      void renameRole​(org.apache.fulcrum.security.entity.Role role, String name)
      Renames an existing Role.
      void replaceRole​(User user, org.apache.fulcrum.security.entity.Role role, org.apache.fulcrum.security.entity.Role newRole)
      Replaces transactionally the first role with second role for the given user.
      void revoke​(org.apache.fulcrum.security.entity.Role role, org.apache.fulcrum.security.entity.Permission permission)
      Revokes a Permission from a Role.
      void revoke​(User user, org.apache.fulcrum.security.entity.Group group, org.apache.fulcrum.security.entity.Role role)
      Revoke a Role in a Group from an User.
      void revokeAll​(org.apache.fulcrum.security.entity.Role role)
      Revokes all permissions from a Role.
      void revokeAll​(org.apache.fulcrum.security.entity.Role role, boolean cascadeDelete)
      Revokes by default all permissions from a Role and if flag is set all group and user relationships with this role This method is used when deleting a Role.
      void revokeAll​(User user)
      Revokes all roles from an User.
      void saveOnSessionUnbind​(User user)
      Saves User data when the session is unbound.
      void saveUser​(User user)
      Saves User's data in the permanent storage.
      protected void unlockExclusive()
      Release an exclusive lock on the security information repository.
      protected void unlockShared()
      Release a shared lock on the security information repository.

    • Method Detail

      • getUserInstance

        public <U extends User> U getUserInstance()
                                   throws org.apache.fulcrum.security.util.UnknownEntityException
        Construct a blank User object.
        Specified by:
        getUserInstance in interface SecurityService
        Type Parameters:
        U - user class
        Returns:
        an object implementing User interface.
        Throws:
        org.apache.fulcrum.security.util.UnknownEntityException - if the object could not be instantiated.

      • getUserInstance

        public <U extends User> U getUserInstance​(String userName)
                                   throws org.apache.fulcrum.security.util.UnknownEntityException
        Construct a blank User object.
        Specified by:
        getUserInstance in interface SecurityService
        Type Parameters:
        U - user class
        Parameters:
        userName - The name of the user.
        Returns:
        an object implementing User interface.
        Throws:
        org.apache.fulcrum.security.util.UnknownEntityException - if the object could not be instantiated.

      • getGroupInstance

        public <G extends org.apache.fulcrum.security.entity.Group> G getGroupInstance()
                                                                        throws org.apache.fulcrum.security.util.UnknownEntityException
        Construct a blank Group object.
        Specified by:
        getGroupInstance in interface SecurityService
        Type Parameters:
        G - group class
        Returns:
        an object implementing Group interface.
        Throws:
        org.apache.fulcrum.security.util.UnknownEntityException - if the object could not be instantiated.

      • getGroupInstance

        public <G extends org.apache.fulcrum.security.entity.Group> G getGroupInstance​(String groupName)
                                                                        throws org.apache.fulcrum.security.util.UnknownEntityException
        Construct a blank Group object.
        Specified by:
        getGroupInstance in interface SecurityService
        Type Parameters:
        G - group class
        Parameters:
        groupName - The name of the Group
        Returns:
        an object implementing Group interface.
        Throws:
        org.apache.fulcrum.security.util.UnknownEntityException - if the object could not be instantiated.

      • getPermissionInstance

        public <P extends org.apache.fulcrum.security.entity.Permission> P getPermissionInstance()
                                                                                  throws org.apache.fulcrum.security.util.UnknownEntityException
        Construct a blank Permission object.
        Specified by:
        getPermissionInstance in interface SecurityService
        Type Parameters:
        P - permission class
        Returns:
        an object implementing Permission interface.
        Throws:
        org.apache.fulcrum.security.util.UnknownEntityException - if the object could not be instantiated.

      • getPermissionInstance

        public <P extends org.apache.fulcrum.security.entity.Permission> P getPermissionInstance​(String permName)
                                                                                  throws org.apache.fulcrum.security.util.UnknownEntityException
        Construct a blank Permission object.
        Specified by:
        getPermissionInstance in interface SecurityService
        Type Parameters:
        P - permission class
        Parameters:
        permName - The name of the permission.
        Returns:
        an object implementing Permission interface.
        Throws:
        org.apache.fulcrum.security.util.UnknownEntityException - if the object could not be instantiated.

      • getRoleInstance

        public <R extends org.apache.fulcrum.security.entity.Role> R getRoleInstance()
                                                                      throws org.apache.fulcrum.security.util.UnknownEntityException
        Construct a blank Role object.
        Specified by:
        getRoleInstance in interface SecurityService
        Type Parameters:
        R - role class
        Returns:
        an object implementing Role interface.
        Throws:
        org.apache.fulcrum.security.util.UnknownEntityException - if the object could not be instantiated.

      • getRoleInstance

        public <R extends org.apache.fulcrum.security.entity.Role> R getRoleInstance​(String roleName)
                                                                      throws org.apache.fulcrum.security.util.UnknownEntityException
        Construct a blank Role object.
        Specified by:
        getRoleInstance in interface SecurityService
        Type Parameters:
        R - role class
        Parameters:
        roleName - The name of the role.
        Returns:
        an object implementing Role interface.
        Throws:
        org.apache.fulcrum.security.util.UnknownEntityException - if the object could not be instantiated.

      • accountExists

        public boolean accountExists​(User user)
                      throws org.apache.fulcrum.security.util.DataBackendException
        Check whether a specified user's account exists. The login name is used for looking up the account.
        Specified by:
        accountExists in interface SecurityService
        Parameters:
        user - The user to be checked.
        Returns:
        true if the specified account exists
        Throws:
        org.apache.fulcrum.security.util.DataBackendException - if there was an error accessing the data backend.

      • accountExists

        public boolean accountExists​(String userName)
                      throws org.apache.fulcrum.security.util.DataBackendException
        Check whether a specified user's account exists. The login name is used for looking up the account.
        Specified by:
        accountExists in interface SecurityService
        Parameters:
        userName - The name of the user to be checked.
        Returns:
        true if the specified account exists
        Throws:
        org.apache.fulcrum.security.util.DataBackendException - if there was an error accessing the data backend.

      • getAuthenticatedUser

        public <U extends User> U getAuthenticatedUser​(String username,
                                               String password)
                                        throws org.apache.fulcrum.security.util.DataBackendException,
                                               org.apache.fulcrum.security.util.UnknownEntityException,
                                               org.apache.fulcrum.security.util.PasswordMismatchException
        Retrieves a User object representing an individual who has properly identified themselves with their verified username and password
        Specified by:
        getAuthenticatedUser in interface SecurityService
        Type Parameters:
        U - user class
        Parameters:
        username - The user name.
        password - The user password.
        Returns:
        An authenticated Turbine User.
        Throws:
        org.apache.fulcrum.security.util.PasswordMismatchException - if the supplied password was incorrect.
        org.apache.fulcrum.security.util.UnknownEntityException - if the user's account does not exist in the database.
        org.apache.fulcrum.security.util.DataBackendException - if there is a problem accessing the storage.

      • getUser

        public <U extends User> U getUser​(String username)
                           throws org.apache.fulcrum.security.util.DataBackendException,
                                  org.apache.fulcrum.security.util.UnknownEntityException
        Constructs an User object to represent a registered user of the application. This method does not authenticate that the proper credentials were supplied (see @link #getAuthenticatedUser()})
        Specified by:
        getUser in interface SecurityService
        Type Parameters:
        U - user class
        Parameters:
        username - The user name.
        Returns:
        A Turbine User.
        Throws:
        org.apache.fulcrum.security.util.UnknownEntityException - if the user's account does not exist
        org.apache.fulcrum.security.util.DataBackendException - if there is a problem accessing the storage.

      • getAnonymousUser

        public <U extends User> U getAnonymousUser()
                                    throws org.apache.fulcrum.security.util.UnknownEntityException
        Constructs an User object to represent an anonymous user of the application.
        Specified by:
        getAnonymousUser in interface SecurityService
        Type Parameters:
        U - user class
        Returns:
        An anonymous Turbine User.
        Throws:
        org.apache.fulcrum.security.util.UnknownEntityException - if the implementation of User interface could not be determined, or does not exist.

      • isAnonymousUser

        public boolean isAnonymousUser​(User user)
        Checks whether a passed user object matches the anonymous user pattern according to the configured user manager
        Specified by:
        isAnonymousUser in interface SecurityService
        Parameters:
        user - An user object
        Returns:
        True if this is an anonymous user

      • saveUser

        public void saveUser​(User user)
              throws org.apache.fulcrum.security.util.UnknownEntityException,
                     org.apache.fulcrum.security.util.DataBackendException
        Saves User's data in the permanent storage. The user account is required to exist in the storage.
        Specified by:
        saveUser in interface SecurityService
        Parameters:
        user - the User object to save
        Throws:
        org.apache.fulcrum.security.util.UnknownEntityException - if the user's account does not exist in the database.
        org.apache.fulcrum.security.util.DataBackendException - if there is a problem accessing the storage.

      • saveOnSessionUnbind

        public void saveOnSessionUnbind​(User user)
                         throws org.apache.fulcrum.security.util.UnknownEntityException,
                                org.apache.fulcrum.security.util.DataBackendException
        Saves User data when the session is unbound. The user account is required to exist in the storage. LastLogin, AccessCounter, persistent pull tools, and any data stored in the permData hashmap that is not mapped to a column will be saved.
        Specified by:
        saveOnSessionUnbind in interface SecurityService
        Parameters:
        user - the user object
        Throws:
        org.apache.fulcrum.security.util.UnknownEntityException - if the user's account does not exist in the database.
        org.apache.fulcrum.security.util.DataBackendException - if there is a problem accessing the storage.

      • addUser

        public void addUser​(User user,
                    String password)
             throws org.apache.fulcrum.security.util.UnknownEntityException,
                    org.apache.fulcrum.security.util.DataBackendException,
                    org.apache.fulcrum.security.util.EntityExistsException
        Creates new user account with specified attributes.
        Specified by:
        addUser in interface SecurityService
        Parameters:
        user - the object describing account to be created.
        password - The password to use for the account.
        Throws:
        org.apache.fulcrum.security.util.DataBackendException - if there was an error accessing the data backend.
        org.apache.fulcrum.security.util.EntityExistsException - if the user account already exists.
        org.apache.fulcrum.security.util.UnknownEntityException - if the provided user does not exist (is null)

      • removeUser

        public void removeUser​(User user)
                throws org.apache.fulcrum.security.util.DataBackendException,
                       org.apache.fulcrum.security.util.UnknownEntityException
        Removes an user account from the system.
        Specified by:
        removeUser in interface SecurityService
        Parameters:
        user - the object describing the account to be removed.
        Throws:
        org.apache.fulcrum.security.util.DataBackendException - if there was an error accessing the data backend.
        org.apache.fulcrum.security.util.UnknownEntityException - if the user account is not present.

      • changePassword

        public void changePassword​(User user,
                           String oldPassword,
                           String newPassword)
                    throws org.apache.fulcrum.security.util.PasswordMismatchException,
                           org.apache.fulcrum.security.util.UnknownEntityException,
                           org.apache.fulcrum.security.util.DataBackendException
        Change the password for an User.
        Specified by:
        changePassword in interface SecurityService
        Parameters:
        user - an User to change password for.
        oldPassword - the current password supplied by the user.
        newPassword - the current password requested by the user.
        Throws:
        org.apache.fulcrum.security.util.PasswordMismatchException - if the supplied password was incorrect.
        org.apache.fulcrum.security.util.UnknownEntityException - if the user's record does not exist in the database.
        org.apache.fulcrum.security.util.DataBackendException - if there is a problem accessing the storage.

      • forcePassword

        public void forcePassword​(User user,
                          String password)
                   throws org.apache.fulcrum.security.util.UnknownEntityException,
                          org.apache.fulcrum.security.util.DataBackendException
        Forcibly sets new password for an User. This is supposed by the administrator to change the forgotten or compromised passwords. Certain implementatations of this feature would require administrative level access to the authenticating server / program.
        Specified by:
        forcePassword in interface SecurityService
        Parameters:
        user - an User to change password for.
        password - the new password.
        Throws:
        org.apache.fulcrum.security.util.UnknownEntityException - if the user's record does not exist in the database.
        org.apache.fulcrum.security.util.DataBackendException - if there is a problem accessing the storage.

      • lockShared

        protected void lockShared()
        Acquire a shared lock on the security information repository. Methods that read security information need to invoke this method at the beginning of their body.

      • unlockShared

        protected void unlockShared()
        Release a shared lock on the security information repository. Methods that read security information need to invoke this method at the end of their body.

      • lockExclusive

        protected void lockExclusive()
        Acquire an exclusive lock on the security information repository. Methods that modify security information need to invoke this method at the beginning of their body. Note! Those methods must be synchronized themselves!

      • unlockExclusive

        protected void unlockExclusive()
        Release an exclusive lock on the security information repository. This method is provided only for completeness. It does not really do anything. Note! Methods that modify security information must be synchronized!

      • getGlobalGroup

        public <G extends org.apache.fulcrum.security.entity.Group> G getGlobalGroup()
        Provides a reference to the Group object that represents the global group.
        Specified by:
        getGlobalGroup in interface SecurityService
        Type Parameters:
        G - group class
        Returns:
        a Group object that represents the global group.

      • getGroupByName

        public <G extends org.apache.fulcrum.security.entity.Group> G getGroupByName​(String name)
                                                                      throws org.apache.fulcrum.security.util.DataBackendException,
                                                                             org.apache.fulcrum.security.util.UnknownEntityException
        Retrieve a Group object with specified name.
        Specified by:
        getGroupByName in interface SecurityService
        Type Parameters:
        G - group class
        Parameters:
        name - the name of the Group.
        Returns:
        an object representing the Group with specified name.
        Throws:
        org.apache.fulcrum.security.util.DataBackendException - if there was an error accessing the data backend.
        org.apache.fulcrum.security.util.UnknownEntityException - if the group does not exist.

      • getGroupById

        public <G extends org.apache.fulcrum.security.entity.Group> G getGroupById​(int id)
                                                                    throws org.apache.fulcrum.security.util.DataBackendException,
                                                                           org.apache.fulcrum.security.util.UnknownEntityException
        Retrieve a Group object with specified Id.
        Specified by:
        getGroupById in interface SecurityService
        Type Parameters:
        G - group class
        Parameters:
        id - the id of the Group.
        Returns:
        an object representing the Group with specified name.
        Throws:
        org.apache.fulcrum.security.util.UnknownEntityException - if the permission does not exist in the database.
        org.apache.fulcrum.security.util.DataBackendException - if there is a problem accessing the storage.

      • getRoleByName

        public <R extends org.apache.fulcrum.security.entity.Role> R getRoleByName​(String name)
                                                                    throws org.apache.fulcrum.security.util.DataBackendException,
                                                                           org.apache.fulcrum.security.util.UnknownEntityException
        Retrieve a Role object with specified name.
        Specified by:
        getRoleByName in interface SecurityService
        Type Parameters:
        R - role class
        Parameters:
        name - the name of the Role.
        Returns:
        an object representing the Role with specified name.
        Throws:
        org.apache.fulcrum.security.util.DataBackendException - if there was an error accessing the data backend.
        org.apache.fulcrum.security.util.UnknownEntityException - if the role does not exist.

      • getRoleById

        public <R extends org.apache.fulcrum.security.entity.Role> R getRoleById​(int id)
                                                                  throws org.apache.fulcrum.security.util.DataBackendException,
                                                                         org.apache.fulcrum.security.util.UnknownEntityException
        Retrieve a Role object with specified Id.
        Specified by:
        getRoleById in interface SecurityService
        Type Parameters:
        R - role class
        Parameters:
        id - the id of the Role.
        Returns:
        an object representing the Role with specified name.
        Throws:
        org.apache.fulcrum.security.util.UnknownEntityException - if the permission does not exist in the database.
        org.apache.fulcrum.security.util.DataBackendException - if there is a problem accessing the storage.

      • getPermissionByName

        public <P extends org.apache.fulcrum.security.entity.Permission> P getPermissionByName​(String name)
                                                                                throws org.apache.fulcrum.security.util.DataBackendException,
                                                                                       org.apache.fulcrum.security.util.UnknownEntityException
        Retrieve a Permission object with specified name.
        Specified by:
        getPermissionByName in interface SecurityService
        Type Parameters:
        P - permission class
        Parameters:
        name - the name of the Permission.
        Returns:
        an object representing the Permission with specified name.
        Throws:
        org.apache.fulcrum.security.util.DataBackendException - if there was an error accessing the data backend.
        org.apache.fulcrum.security.util.UnknownEntityException - if the permission does not exist.

      • getPermissionById

        public <P extends org.apache.fulcrum.security.entity.Permission> P getPermissionById​(int id)
                                                                              throws org.apache.fulcrum.security.util.DataBackendException,
                                                                                     org.apache.fulcrum.security.util.UnknownEntityException
        Retrieve a Permission object with specified Id.
        Specified by:
        getPermissionById in interface SecurityService
        Type Parameters:
        P - permission class
        Parameters:
        id - the id of the Permission.
        Returns:
        an object representing the Permission with specified name.
        Throws:
        org.apache.fulcrum.security.util.UnknownEntityException - if the permission does not exist in the database.
        org.apache.fulcrum.security.util.DataBackendException - if there is a problem accessing the storage.

      • getAllGroups

        public org.apache.fulcrum.security.util.GroupSet getAllGroups()
                                                       throws org.apache.fulcrum.security.util.DataBackendException
        Retrieves all groups defined in the system.
        Specified by:
        getAllGroups in interface SecurityService
        Returns:
        the names of all groups defined in the system.
        Throws:
        org.apache.fulcrum.security.util.DataBackendException - if there was an error accessing the data backend.

      • getAllRoles

        public org.apache.fulcrum.security.util.RoleSet getAllRoles()
                                                     throws org.apache.fulcrum.security.util.DataBackendException
        Retrieves all roles defined in the system.
        Specified by:
        getAllRoles in interface SecurityService
        Returns:
        the names of all roles defined in the system.
        Throws:
        org.apache.fulcrum.security.util.DataBackendException - if there was an error accessing the data backend.

      • getAllPermissions

        public org.apache.fulcrum.security.util.PermissionSet getAllPermissions()
                                                                 throws org.apache.fulcrum.security.util.DataBackendException
        Retrieves all permissions defined in the system.
        Specified by:
        getAllPermissions in interface SecurityService
        Returns:
        the names of all roles defined in the system.
        Throws:
        org.apache.fulcrum.security.util.DataBackendException - if there was an error accessing the data backend.

      • getACL

        public <A extends org.apache.fulcrum.security.acl.AccessControlList> A getACL​(User user)
                                                                       throws org.apache.fulcrum.security.util.DataBackendException,
                                                                              org.apache.fulcrum.security.util.UnknownEntityException
        Constructs an AccessControlList for a specific user.
        Specified by:
        getACL in interface SecurityService
        Type Parameters:
        A - ACL class
        Parameters:
        user - the user for whom the AccessControlList are to be retrieved
        Returns:
        The AccessControList object constructed from the user object.
        Throws:
        org.apache.fulcrum.security.util.DataBackendException - if there was an error accessing the data backend.
        org.apache.fulcrum.security.util.UnknownEntityException - if user account is not present.

      • grant

        public void grant​(User user,
                  org.apache.fulcrum.security.entity.Group group,
                  org.apache.fulcrum.security.entity.Role role)
           throws org.apache.fulcrum.security.util.DataBackendException,
                  org.apache.fulcrum.security.util.UnknownEntityException
        Grant an User a Role in a Group.
        Specified by:
        grant in interface SecurityService
        Parameters:
        user - the user.
        group - the group.
        role - the role.
        Throws:
        org.apache.fulcrum.security.util.DataBackendException - if there was an error accessing the data backend.
        org.apache.fulcrum.security.util.UnknownEntityException - if user account, group or role is not present.

      • revoke

        public void revoke​(User user,
                   org.apache.fulcrum.security.entity.Group group,
                   org.apache.fulcrum.security.entity.Role role)
            throws org.apache.fulcrum.security.util.DataBackendException,
                   org.apache.fulcrum.security.util.UnknownEntityException
        Revoke a Role in a Group from an User.
        Specified by:
        revoke in interface SecurityService
        Parameters:
        user - the user.
        group - the group.
        role - the role.
        Throws:
        org.apache.fulcrum.security.util.DataBackendException - if there was an error accessing the data backend.
        org.apache.fulcrum.security.util.UnknownEntityException - if user account, group or role is not present.

      • replaceRole

        public void replaceRole​(User user,
                        org.apache.fulcrum.security.entity.Role role,
                        org.apache.fulcrum.security.entity.Role newRole)
                 throws org.apache.fulcrum.security.util.DataBackendException,
                        org.apache.fulcrum.security.util.UnknownEntityException
        Replaces transactionally the first role with second role for the given user.
        Specified by:
        replaceRole in interface SecurityService
        Parameters:
        user - the user.
        role - the old role
        newRole - the new role
        Throws:
        org.apache.fulcrum.security.util.DataBackendException - if there was an error accessing the data backend.
        org.apache.fulcrum.security.util.UnknownEntityException - if user account, group or role is not present.

      • revokeAll

        public void revokeAll​(User user)
               throws org.apache.fulcrum.security.util.DataBackendException,
                      org.apache.fulcrum.security.util.UnknownEntityException
        Revokes all roles from an User. This method is used when deleting an account.
        Specified by:
        revokeAll in interface SecurityService
        Parameters:
        user - the User.
        Throws:
        org.apache.fulcrum.security.util.DataBackendException - if there was an error accessing the data backend.
        org.apache.fulcrum.security.util.UnknownEntityException - if the account is not present.

      • grant

        public void grant​(org.apache.fulcrum.security.entity.Role role,
                  org.apache.fulcrum.security.entity.Permission permission)
           throws org.apache.fulcrum.security.util.DataBackendException,
                  org.apache.fulcrum.security.util.UnknownEntityException
        Grants a Role a Permission
        Specified by:
        grant in interface SecurityService
        Parameters:
        role - the Role.
        permission - the Permission.
        Throws:
        org.apache.fulcrum.security.util.DataBackendException - if there was an error accessing the data backend.
        org.apache.fulcrum.security.util.UnknownEntityException - if role or permission is not present.

      • revoke

        public void revoke​(org.apache.fulcrum.security.entity.Role role,
                   org.apache.fulcrum.security.entity.Permission permission)
            throws org.apache.fulcrum.security.util.DataBackendException,
                   org.apache.fulcrum.security.util.UnknownEntityException
        Revokes a Permission from a Role.
        Specified by:
        revoke in interface SecurityService
        Parameters:
        role - the Role.
        permission - the Permission.
        Throws:
        org.apache.fulcrum.security.util.DataBackendException - if there was an error accessing the data backend.
        org.apache.fulcrum.security.util.UnknownEntityException - if role or permission is not present.

      • revokeAll

        public void revokeAll​(org.apache.fulcrum.security.entity.Role role)
               throws org.apache.fulcrum.security.util.DataBackendException,
                      org.apache.fulcrum.security.util.UnknownEntityException
        Revokes all permissions from a Role. This method is used when deleting a Role.
        Specified by:
        revokeAll in interface SecurityService
        Parameters:
        role - the Role
        Throws:
        org.apache.fulcrum.security.util.DataBackendException - if there was an error accessing the data backend.
        org.apache.fulcrum.security.util.UnknownEntityException - if the Role is not present.

      • revokeAll

        public void revokeAll​(org.apache.fulcrum.security.entity.Role role,
                      boolean cascadeDelete)
               throws org.apache.fulcrum.security.util.DataBackendException,
                      org.apache.fulcrum.security.util.UnknownEntityException
        Revokes by default all permissions from a Role and if flag is set all group and user relationships with this role This method is used when deleting a Role.
        Specified by:
        revokeAll in interface SecurityService
        Parameters:
        role - the Role
        cascadeDelete - if true removes all groups and user for this role.
        Throws:
        org.apache.fulcrum.security.util.DataBackendException - if there was an error accessing the data backend.
        org.apache.fulcrum.security.util.UnknownEntityException - if the Role is not present.

      • getPermissions

        public org.apache.fulcrum.security.util.PermissionSet getPermissions​(org.apache.fulcrum.security.entity.Role role)
                                                              throws org.apache.fulcrum.security.util.DataBackendException,
                                                                     org.apache.fulcrum.security.util.UnknownEntityException
        Retrieves all permissions associated with a role.
        Specified by:
        getPermissions in interface SecurityService
        Parameters:
        role - the role name, for which the permissions are to be retrieved.
        Returns:
        the Permissions for the specified role
        Throws:
        org.apache.fulcrum.security.util.DataBackendException - if there was an error accessing the data backend.
        org.apache.fulcrum.security.util.UnknownEntityException - if the role is not present.

      • addGroup

        public <G extends org.apache.fulcrum.security.entity.Group> G addGroup​(G group)
                                                                throws org.apache.fulcrum.security.util.DataBackendException,
                                                                       org.apache.fulcrum.security.util.EntityExistsException
        Creates a new group with specified attributes.
        Specified by:
        addGroup in interface SecurityService
        Type Parameters:
        G - group class
        Parameters:
        group - the object describing the group to be created.
        Returns:
        the new Group object.
        Throws:
        org.apache.fulcrum.security.util.DataBackendException - if there was an error accessing the data backend.
        org.apache.fulcrum.security.util.EntityExistsException - if the group already exists.

      • addRole

        public <R extends org.apache.fulcrum.security.entity.Role> R addRole​(R role)
                                                              throws org.apache.fulcrum.security.util.DataBackendException,
                                                                     org.apache.fulcrum.security.util.EntityExistsException
        Creates a new role with specified attributes.
        Specified by:
        addRole in interface SecurityService
        Type Parameters:
        R - role class
        Parameters:
        role - the objects describing the role to be created.
        Returns:
        the new Role object.
        Throws:
        org.apache.fulcrum.security.util.DataBackendException - if there was an error accessing the data backend.
        org.apache.fulcrum.security.util.EntityExistsException - if the role already exists.

      • addPermission

        public <P extends org.apache.fulcrum.security.entity.Permission> P addPermission​(P permission)
                                                                          throws org.apache.fulcrum.security.util.DataBackendException,
                                                                                 org.apache.fulcrum.security.util.EntityExistsException
        Creates a new permission with specified attributes.
        Specified by:
        addPermission in interface SecurityService
        Type Parameters:
        P - permission class
        Parameters:
        permission - the objects describing the permission to be created.
        Returns:
        the new Permission object.
        Throws:
        org.apache.fulcrum.security.util.DataBackendException - if there was an error accessing the data backend.
        org.apache.fulcrum.security.util.EntityExistsException - if the permission already exists.

      • removeGroup

        public void removeGroup​(org.apache.fulcrum.security.entity.Group group)
                 throws org.apache.fulcrum.security.util.DataBackendException,
                        org.apache.fulcrum.security.util.UnknownEntityException
        Removes a Group from the system.
        Specified by:
        removeGroup in interface SecurityService
        Parameters:
        group - the object describing group to be removed.
        Throws:
        org.apache.fulcrum.security.util.DataBackendException - if there was an error accessing the data backend.
        org.apache.fulcrum.security.util.UnknownEntityException - if the group does not exist.

      • removeRole

        public void removeRole​(org.apache.fulcrum.security.entity.Role role)
                throws org.apache.fulcrum.security.util.DataBackendException,
                       org.apache.fulcrum.security.util.UnknownEntityException
        Removes a Role from the system.
        Specified by:
        removeRole in interface SecurityService
        Parameters:
        role - The object describing the role to be removed.
        Throws:
        org.apache.fulcrum.security.util.DataBackendException - if there was an error accessing the data backend.
        org.apache.fulcrum.security.util.UnknownEntityException - if the role does not exist.

      • removePermission

        public void removePermission​(org.apache.fulcrum.security.entity.Permission permission)
                      throws org.apache.fulcrum.security.util.DataBackendException,
                             org.apache.fulcrum.security.util.UnknownEntityException
        Removes a Permission from the system.
        Specified by:
        removePermission in interface SecurityService
        Parameters:
        permission - The object describing the permission to be removed.
        Throws:
        org.apache.fulcrum.security.util.DataBackendException - if there was an error accessing the data backend.
        org.apache.fulcrum.security.util.UnknownEntityException - if the permission does not exist.

      • renameGroup

        public void renameGroup​(org.apache.fulcrum.security.entity.Group group,
                        String name)
                 throws org.apache.fulcrum.security.util.DataBackendException,
                        org.apache.fulcrum.security.util.UnknownEntityException
        Renames an existing Group.
        Specified by:
        renameGroup in interface SecurityService
        Parameters:
        group - The object describing the group to be renamed.
        name - the new name for the group.
        Throws:
        org.apache.fulcrum.security.util.DataBackendException - if there was an error accessing the data backend.
        org.apache.fulcrum.security.util.UnknownEntityException - if the group does not exist.

      • renameRole

        public void renameRole​(org.apache.fulcrum.security.entity.Role role,
                       String name)
                throws org.apache.fulcrum.security.util.DataBackendException,
                       org.apache.fulcrum.security.util.UnknownEntityException
        Renames an existing Role.
        Specified by:
        renameRole in interface SecurityService
        Parameters:
        role - The object describing the role to be renamed.
        name - the new name for the role.
        Throws:
        org.apache.fulcrum.security.util.DataBackendException - if there was an error accessing the data backend.
        org.apache.fulcrum.security.util.UnknownEntityException - if the role does not exist.

      • renamePermission

        public void renamePermission​(org.apache.fulcrum.security.entity.Permission permission,
                             String name)
                      throws org.apache.fulcrum.security.util.DataBackendException,
                             org.apache.fulcrum.security.util.UnknownEntityException
        Renames an existing Permission.
        Specified by:
        renamePermission in interface SecurityService
        Parameters:
        permission - The object describing the permission to be renamed.
        name - the new name for the permission.
        Throws:
        org.apache.fulcrum.security.util.DataBackendException - if there was an error accessing the data backend.
        org.apache.fulcrum.security.util.UnknownEntityException - if the permission does not exist.