AuthenticationManager xref

View Javadoc

1   /*
2   jGuard is a security framework based on top of jaas (java authentication and authorization security).
3   it is written for web applications, to resolve simply, access control problems.
4   version $Name$
5   http://sourceforge.net/projects/jguard/
6   
7   Copyright (C) 2004  Charles GAY
8   
9   This library is free software; you can redistribute it and/or
10  modify it under the terms of the GNU Lesser General Public
11  License as published by the Free Software Foundation; either
12  version 2.1 of the License, or (at your option) any later version.
13  
14  This library is distributed in the hope that it will be useful,
15  but WITHOUT ANY WARRANTY; without even the implied warranty of
16  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
17  Lesser General Public License for more details.
18  
19  You should have received a copy of the GNU Lesser General Public
20  License along with this library; if not, write to the Free Software
21  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
22  
23  
24  jGuard project home page:
25  http://sourceforge.net/projects/jguard/
26  
27  */
28  package net.sf.jguard.core.authentication.manager;
29  
30  
31  
32  import java.security.Principal;
33  import java.util.Collection;
34  import java.util.Set;
35  
36  import javax.security.auth.Subject;
37  
38  import net.sf.jguard.core.authentication.AuthenticationException;
39  import net.sf.jguard.core.authentication.credentials.JGuardCredential;
40  import net.sf.jguard.core.organization.Organization;
41  import net.sf.jguard.core.provisioning.OrganizationTemplate;
42  import net.sf.jguard.core.provisioning.RegistrationException;
43  import net.sf.jguard.core.provisioning.SubjectTemplate;
44  
45  /**
46   *
47   * this interface provide the ability to operate on the system which stores user profiles.
48   * it can be a database, or an ldap server, or anything else....
49   * it concerns <strong>administrators</strong> guys.
50   * there is one AuthenticationManager per webapp.
51   * @author <a href="mailto:diabolo512@users.sourceforge.net">Charles Gay</a>
52   * @author <a href="mailto:tandilero@users.sourceforge.net">Maximiliano Batelli</a>
53   *
54   */
55  public interface AuthenticationManager {
56  
57       public Organization createOrganization(OrganizationTemplate organizationTemplate)throws RegistrationException;
58       public void deleteOrganization(Organization organisation);
59       
60       /**
61        * return the <i>default</i> Organization identified by the id <b>system</b>.
62        */
63       public Organization getDefaultOrganization();
64       public Set getOrganizations()throws AuthenticationException;
65       public void updateOrganization(String organizationIdentityCredential, Organization organisation)throws AuthenticationException;
66       
67       /**
68        * @param unique organizationId to find
69        * @return Organization found or <b>null</b> otherwise.
70        */
71       public Organization findOrganization(String organizationId);
72     
73      public String getCredentialId();
74      
75      public String getCredentialPassword();
76  
77      /**
78       * add principals in the list to the persistance storage.
79       * create a Principal in the backend, <strong>only</strong> if it is not already present.
80       * @param role
81       * @throws AuthenticationException
82       */
83      public  void createPrincipal(Principal role)  throws AuthenticationException ;
84      
85      /**
86       * @param user to be controlled
87       * @param subjectTemplate is the validator
88       */
89      public Subject createUser(SubjectTemplate user,Organization organization) throws RegistrationException;
90       /**
91       * @param user to be controlled
92       * @param subjectTemplate is the validator
93       */ 
94      public Subject createUser(Subject user,Organization organization) throws AuthenticationException ;
95      /**
96       * retrieve role from the webapp.
97       * @param name
98       * @return roleInterface
99       * @throws AuthenticationException
100      */
101     public Principal getLocalPrincipal(String name)throws AuthenticationException;
102 
103 
104     /**
105      * get the principals defined in the repository for all the applications.
106      * @return role's list.
107      * @throws AuthenticationException
108      */
109     public Set getAllPrincipalsSet() throws AuthenticationException;
110 
111     /**
112      * get the principals defined in the repository <strong>only</strong> for this application.
113      * @return role's list.
114      *
115      */
116     public Set getLocalPrincipals();
117 
118     /**
119      * retrieve users which are in conformance with all these credentials.
120      * @param credentials
121      * @return users
122      * @throws AuthenticationException
123      */
124     public Set findUsers(Collection privateCredentials,Collection publicCredentials)throws AuthenticationException;
125 
126     /**
127      * checks if a user with the same username already exists.
128      * @param user
129      * @return result. true if a user with the same name exists, false otherwise.
130      * @throws AuthenticationException
131      */
132     public boolean userAlreadyExists(Subject user) throws AuthenticationException;
133 
134 
135 	/**
136 	 * role wether or not exists in the webapp.
137 	 * @param role to check
138 	 * @return result
139 	 * @throws AuthenticationException
140 	 */
141 	public boolean hasPrincipal(Principal role)throws AuthenticationException;
142 
143 	/**
144 	 * role wether or not exists in the webapp.
145 	 * @param role to check
146 	 * @return result
147 	 * @throws AuthenticationException
148 	 */
149 	public boolean hasPrincipal(String role)throws AuthenticationException;
150 
151 	/**
152 	 * update user's informations.
153 	 * @param identityCred
154 	 * @param user
155 	 * @throws AuthenticationException
156 	 */
157 	public void updateUser(JGuardCredential identityCred,Subject user)throws AuthenticationException;
158 
159 	/**
160 	 * remove user.
161 	 * @param user
162 	 * @throws AuthenticationException
163 	 */
164 	public void deleteUser(Subject user)throws AuthenticationException;
165 
166 	/**
167 	 * return the OrganizationTemplate.
168 	 * @param name
169 	 * @return SubjectTemplate
170 	 * @throws AuthenticationException
171 	 */
172     public OrganizationTemplate getOrganizationTemplate() throws AuthenticationException;
173 
174     public void setOrganizationTemplate(OrganizationTemplate organizationTemplate)throws AuthenticationException;
175     
176     
177     public Set getUsers() throws AuthenticationException;
178 
179     public boolean isEmpty();
180 
181     /**
182      * change principal's name.
183      * @param oldPrincipalName
184      * @param principal
185      * @throws AuthenticationException
186      */
187 	public void updatePrincipal(String oldPrincipalName, Principal principal) throws AuthenticationException;
188 
189 
190 	/**
191 	 * delete this principal and its references in users.
192 	 * @param principal
193 	 * @return false i delete fails, true if it succeed
194 	 * @throws AuthenticationException
195 	 */
196 	public boolean deletePrincipal(Principal principal)throws AuthenticationException ;
197 
198 
199     /**
200      * Clone a Principal with a random name
201      * @param roleName Principal name to clone
202      * @return cloned Principal with a different name: roleName + Random integer betweeen 0 and 99999
203      * @throws AuthenticationException
204      */
205 	public Principal clonePrincipal(String roleName) throws AuthenticationException;
206 
207 	/**
208      * Clone a Principal. If Principal is instance of RolePrincipal makes a call to the clone method leting the clone task to RolePrincipal
209      * @param roleName Principal name to clone
210      * @param cloneName Principal cloned name
211      * @return cloned Principal with the given cloneName
212      * @throws AuthenticationException
213      */
214     public Principal clonePrincipal(String roleName, String cloneName) throws AuthenticationException;
215     /**
216      * change 'active' property on the specified role for a user.
217      * this change cannot be done on 'guest' user, or if it remains only one 'active=true' role.
218      * @param subject
219      * @param roleName
220      * @param applicationName
221      * @param active
222      * @throws AuthenticationException
223      */
224     public void setActiveOnRolePrincipal(Subject subject,String roleName,String applicationName,boolean active) throws AuthenticationException;
225     
226     public Subject findUser(String login);
227     
228     public void updateRoleDefinition(Subject subject, String role,String applicationName,String definition) throws AuthenticationException;
229     
230     
231     public void importAuthenticationManager(AuthenticationManager authManager);
232     
233     /**
234      * Persists a user logon attempt.
235      * @param login user unique ID
236      * @param hostAdress IP Adress
237      * @param hostname DNS Name bound to the IP adress
238      * @succeeded boolean authentication result
239      */
240     public void persistUserLoginAttempt(String login, String hostAddress, String hostName, boolean succeeded,long timeStamp) throws AuthenticationException;
241     
242     /**
243      * Persists a user logon attempt.
244      * @param login user unique ID
245      * @param hostAdress IP Adress
246      * @param hostname DNS Name bound to the IP adress
247      * @succeeded boolean authentication result
248      */
249     public void persistUserLogoutAttempt(String login, String hostAddress, String hostName, long timeStamp) throws AuthenticationException;
250     
251     
252     
253     /**
254      * define the name of the <strong>current</strong> application which holds this 
255      * AuthenticationManager.
256      */
257     public String getApplicationName();
258 }