001: /*
002: jGuard is a security framework based on top of jaas (java authentication and authorization security).
003: it is written for web applications, to resolve simply, access control problems.
004: version $Name$
005: http://sourceforge.net/projects/jguard/
006:
007: Copyright (C) 2004 Charles GAY
008:
009: This library is free software; you can redistribute it and/or
010: modify it under the terms of the GNU Lesser General Public
011: License as published by the Free Software Foundation; either
012: version 2.1 of the License, or (at your option) any later version.
013:
014: This library is distributed in the hope that it will be useful,
015: but WITHOUT ANY WARRANTY; without even the implied warranty of
016: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
017: Lesser General Public License for more details.
018:
019: You should have received a copy of the GNU Lesser General Public
020: License along with this library; if not, write to the Free Software
021: Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
022:
023:
024: jGuard project home page:
025: http://sourceforge.net/projects/jguard/
026:
027: */
028: package net.sf.jguard.ext.authorization.manager;
029:
030: import java.security.Permission;
031: import java.security.Principal;
032: import java.util.Collection;
033: import java.util.List;
034: import java.util.Map;
035: import java.util.Set;
036:
037: import net.sf.jguard.core.authorization.manager.PermissionProvider;
038: import net.sf.jguard.core.authorization.permissions.Domain;
039: import net.sf.jguard.core.authorization.permissions.JGPermissionCollection;
040: import net.sf.jguard.ext.authorization.AuthorizationException;
041:
042: /**
043: * retrieve user's permissions.
044: * @author <a href="mailto:diabolo512@users.sourceforge.net">Charles Gay</a>
045: * @author <a href="mailto:vinipitta@users.sourceforge.net">Vinicius Pitta Lima de Araujo</a>
046: * @author <a href="mailto:tandilero@users.sourceforge.net">Maximiliano Batelli</a>
047: */
048: public interface AuthorizationManager extends PermissionProvider {
049:
050: /**
051: * Init AuthorizationManager implementation with a parameters map.
052: *
053: * @param options - map value for options
054: */
055: public void init(Map options);
056:
057: /**
058: * return needed initialization parameters.
059: * @return parameters list.
060: */
061: public List getInitParameters();
062:
063: /**
064: * create an URLPermission giving a url and a domain
065: * @param url
066: * @param domainName
067: * @throws AuthorizationException
068: */
069: public void createPermission(Permission url, String domainName)
070: throws AuthorizationException;
071:
072: public Permission readPermission(String permissionName)
073: throws AuthorizationException;
074:
075: public void updatePermission(String oldPermissionName,
076: Permission url, String newDomainName)
077: throws AuthorizationException;
078:
079: public void deletePermission(String permissionName)
080: throws AuthorizationException;
081:
082: public JGPermissionCollection listPermissions();
083:
084: public void createDomain(String domainName)
085: throws AuthorizationException;
086:
087: public JGPermissionCollection readDomain(String domainName)
088: throws AuthorizationException;
089:
090: public void updateDomain(String newName, String oldName)
091: throws AuthorizationException;
092:
093: public void deleteDomain(String domainName)
094: throws AuthorizationException;
095:
096: public Set listDomains() throws AuthorizationException;
097:
098: public void createPrincipal(Principal principal)
099: throws AuthorizationException;
100:
101: /**
102: * Clone a Principal with a random name
103: * @param roleName Principal name to clone
104: * @return cloned Principal with a different name: roleName + Random integer betweeen 0 and 99999
105: * @throws AuthorizationException
106: */
107: public Principal clonePrincipal(String roleName)
108: throws AuthorizationException;
109:
110: /**
111: * Clone a Principal. If Principal is instance of RolePrincipal makes a call to the clone method leting the clone task to RolePrincipal
112: * @param roleName Principal name to clone
113: * @param cloneName Principal cloned name
114: * @return cloned Principal with the given cloneName
115: * @throws AuthorizationException
116: */
117: public Principal clonePrincipal(String roleName, String cloneName)
118: throws AuthorizationException;
119:
120: public Principal readPrincipal(String roleName)
121: throws AuthorizationException;
122:
123: /**
124: * update the application Principal (role).
125: * @param oldPrincipalName the name the principal had
126: * @param principal the new principal updated
127: * @see net.sf.jguard.ext.authorization.manager.AuthorizationManager#updatePrincipal(net.sf.jguard.core.principals.RolePrincipal)
128: * @throws AuthorizationException
129: */
130: public void updatePrincipal(String oldPrincipalName,
131: Principal principal) throws AuthorizationException;
132:
133: public void deletePrincipal(Principal principal)
134: throws AuthorizationException;
135:
136: public Set listPrincipals();
137:
138: public Set getDomains(Collection domainNames);
139:
140: public Set getPermissions(Collection permissionNames);
141:
142: public void addToPrincipal(String roleName, Permission perm)
143: throws AuthorizationException;
144:
145: public void addToPrincipal(String roleName, Domain domain)
146: throws AuthorizationException;
147:
148: /* RBAC Role General Hierarchical model specific methods */
149:
150: /**
151: * This commands establishes a new immediate inheritance relationship
152: * between the existing principals roleAsc and the roleDesc.
153: * The command is valid if and only if the role roleAsc is not an immediate
154: * ascendant of roleDesc, and descendant does
155: * not properly inherit roleAsc role (in order to avoid cycle creation).
156: *
157: * @param roleAscName the role that will inherite.
158: * @param roleDescName the role that will be inherited.
159: * @throws AuthorizationException if the inheritance already exists or create a cycle.
160: */
161: public void addInheritance(String roleAscName, String roleDescName)
162: throws AuthorizationException;
163:
164: /**
165: * Delete the existing inheritance beteween roleAsc and roleDesc.
166: *
167: * @param roleAscName
168: * @param roleDescName
169: * @throws AuthorizationException
170: */
171: public void deleteInheritance(String roleAscName,
172: String roleDescName) throws AuthorizationException;
173:
174: /**
175: * replace the inital principal with the new one.
176: * @param principal RolePrincipal updated
177: * @throws AuthorizationException
178: * @see net.sf.jguard.ext.authorization.manager.AuthorizationManager#updatePrincipal(net.sf.jguard.core.principals.RolePrincipal)
179: */
180: public void updatePrincipal(Principal principal)
181: throws AuthorizationException;
182:
183: /**
184: * return an unmodifiable Domain Set.
185: * @return
186: */
187: public Set getDomainsSet();
188:
189: /**
190: * return an unmodifiable Principal Set.
191: * @return
192: */
193: public Set getPrincipalsSet();
194:
195: /**
196: * return an unmodifiable Permissions Set.
197: * @return
198: */
199: public Set getPermissionsSet();
200:
201: public boolean isEmpty();
202:
203: public void importAuthorizationManager(
204: AuthorizationManager authorizationManager)
205: throws AuthorizationException;
206:
207: }
|