Classes in this File | Line Coverage | Branch Coverage | Complexity | ||||
IAuthorizationManager |
|
| 1.0;1 |
1 | /** | |
2 | * 2007, Digitalis Informatica. All rights reserved. Distribuicao e Gestao de Informatica, Lda. Estrada de Paco de Arcos | |
3 | * num.9 - Piso -1 2780-666 Paco de Arcos Telefone: (351) 21 4408990 Fax: (351) 21 4408999 http://www.digitalis.pt | |
4 | */ | |
5 | ||
6 | package pt.digitalis.dif.controller.security.managers; | |
7 | ||
8 | import java.util.List; | |
9 | ||
10 | import pt.digitalis.dif.controller.security.objects.ACLEntry; | |
11 | import pt.digitalis.dif.controller.security.objects.IDIFGroup; | |
12 | import pt.digitalis.dif.controller.security.objects.IDIFUser; | |
13 | import pt.digitalis.dif.dem.Entity; | |
14 | import pt.digitalis.dif.dem.interfaces.IApplication; | |
15 | import pt.digitalis.dif.dem.interfaces.IService; | |
16 | import pt.digitalis.dif.dem.interfaces.IStage; | |
17 | import pt.digitalis.dif.exception.security.AuthorizationManagerException; | |
18 | ||
19 | /** | |
20 | * Defines the behavior for an authorization manager. | |
21 | * | |
22 | * @author Rodrigo Gonçalves <a href="mailto:rgoncalves@digitalis.pt">rgoncalves@digitalis.pt</a><br/> | |
23 | * @author Pedro Viegas <a href="mailto:pviegas@digitalis.pt">pviegas@digitalis.pt</a><br/> | |
24 | * @created 2007/12/03 | |
25 | */ | |
26 | public interface IAuthorizationManager { | |
27 | ||
28 | /** | |
29 | * Adds an ACL to the manager repository | |
30 | * | |
31 | * @param entry | |
32 | * the entry | |
33 | * @return T if the operation was successful | |
34 | * @throws AuthorizationManagerException | |
35 | * if a resource needed for adding authorization credentials can't be accessed | |
36 | */ | |
37 | public boolean addACLEntry(ACLEntry entry) throws AuthorizationManagerException; | |
38 | ||
39 | /** | |
40 | * Returns the ACL by application. | |
41 | * | |
42 | * @param applicationID | |
43 | * the application id | |
44 | * @return the application ACL | |
45 | */ | |
46 | public List<ACLEntry> findACLEntriesByApplication(String applicationID); | |
47 | ||
48 | /** | |
49 | * Returns the group ACL. | |
50 | * | |
51 | * @param groupID | |
52 | * the group id | |
53 | * @return the group ACL | |
54 | */ | |
55 | public List<ACLEntry> findACLEntriesByGroup(String groupID); | |
56 | ||
57 | /** | |
58 | * Returns ACL by provider. | |
59 | * | |
60 | * @param provider | |
61 | * the provider id | |
62 | * @return the provider ACL | |
63 | */ | |
64 | public List<ACLEntry> findACLEntriesByProvider(String provider); | |
65 | ||
66 | /** | |
67 | * Returns the ACL by service. | |
68 | * | |
69 | * @param serviceID | |
70 | * the service id | |
71 | * @return the service ACL | |
72 | */ | |
73 | public List<ACLEntry> findACLEntriesByService(String serviceID); | |
74 | ||
75 | /** | |
76 | * Returns the ACL by stage. | |
77 | * | |
78 | * @param stageID | |
79 | * the stage id | |
80 | * @return the stage ACL | |
81 | */ | |
82 | public List<ACLEntry> findACLEntriesByStage(String stageID); | |
83 | ||
84 | /** | |
85 | * Returns the user ACL. | |
86 | * | |
87 | * @param userID | |
88 | * the user id | |
89 | * @return the user ACL | |
90 | */ | |
91 | public List<ACLEntry> findACLEntriesByUser(String userID); | |
92 | ||
93 | /** | |
94 | * Returns the user ACL, inheriting the ACL's from groups as well. | |
95 | * | |
96 | * @param userID | |
97 | * the user id | |
98 | * @return the user ACL | |
99 | * @throws AuthorizationManagerException | |
100 | */ | |
101 | public List<ACLEntry> findACLEntriesByUserInherited(String userID) throws AuthorizationManagerException; | |
102 | ||
103 | /** | |
104 | * Returns the public ACL. | |
105 | * | |
106 | * @return the public ACL | |
107 | */ | |
108 | public List<ACLEntry> findPublicACLEntries(); | |
109 | ||
110 | /** | |
111 | * Grants a group with access to a given stage. | |
112 | * | |
113 | * @param groupID | |
114 | * the id of the group to grant access | |
115 | * @param entityType | |
116 | * the entity type | |
117 | * @param entityID | |
118 | * the entity ID | |
119 | * @return T if access was granted, F otherwise. | |
120 | * @throws AuthorizationManagerException | |
121 | * if a resource needed for checking authorization credentials can't be accessed | |
122 | */ | |
123 | public boolean grantAccessToGroup(String groupID, Entity entityType, String entityID) | |
124 | throws AuthorizationManagerException; | |
125 | ||
126 | /** | |
127 | * Grants the public with access to a given stage. | |
128 | * | |
129 | * @param entityType | |
130 | * the entity type | |
131 | * @param entityID | |
132 | * the entity ID | |
133 | * @return T if access was granted, F otherwise. | |
134 | * @throws AuthorizationManagerException | |
135 | * if a resource needed for checking authorization credentials can't be accessed | |
136 | */ | |
137 | public boolean grantAccessToPublic(Entity entityType, String entityID) throws AuthorizationManagerException; | |
138 | ||
139 | /** | |
140 | * Grants a user with access to a given stage. | |
141 | * | |
142 | * @param userID | |
143 | * the id of the user to grant access | |
144 | * @param entityType | |
145 | * the entity type | |
146 | * @param entityID | |
147 | * the entity ID | |
148 | * @return T if access was granted, F otherwise. | |
149 | * @throws AuthorizationManagerException | |
150 | * if a resource needed for granting authorization credentials can't be accessed | |
151 | */ | |
152 | public boolean grantAccessToUser(String userID, Entity entityType, String entityID) | |
153 | throws AuthorizationManagerException; | |
154 | ||
155 | /** | |
156 | * Grants a group with default access to a given stage. | |
157 | * | |
158 | * @param groupID | |
159 | * the id of the group to grant access | |
160 | * @param entityType | |
161 | * the entity type | |
162 | * @param entityID | |
163 | * the entity ID | |
164 | * @return T if access was granted, F otherwise. | |
165 | * @throws AuthorizationManagerException | |
166 | * if a resource needed for checking authorization credentials can't be accessed | |
167 | */ | |
168 | public boolean grantDefaultAccessToGroup(String groupID, Entity entityType, String entityID) | |
169 | throws AuthorizationManagerException; | |
170 | ||
171 | /** | |
172 | * Grants a user with default access to a given stage. | |
173 | * | |
174 | * @param userID | |
175 | * the id of the user to grant access | |
176 | * @param entityType | |
177 | * the entity type | |
178 | * @param entityID | |
179 | * the entity ID | |
180 | * @return T if access was granted, F otherwise. | |
181 | * @throws AuthorizationManagerException | |
182 | * if a resource needed for granting authorization credentials can't be accessed | |
183 | */ | |
184 | public boolean grantDefaultAccessToUser(String userID, Entity entityType, String entityID) | |
185 | throws AuthorizationManagerException; | |
186 | ||
187 | /** | |
188 | * Grants with default public access to a given stage. | |
189 | * | |
190 | * @param entityType | |
191 | * the entity type | |
192 | * @param entityID | |
193 | * the entity ID | |
194 | * @return T if the operation was successful | |
195 | * @throws AuthorizationManagerException | |
196 | * if a resource needed for granting authorization credentials can't be accessed | |
197 | */ | |
198 | public boolean grantDefaultPublicAccess(Entity entityType, String entityID) throws AuthorizationManagerException; | |
199 | ||
200 | /** | |
201 | * Checks if a group can access a given stage. | |
202 | * | |
203 | * @param group | |
204 | * the group to grant access | |
205 | * @param entityType | |
206 | * the entity type | |
207 | * @param entityID | |
208 | * the entity ID | |
209 | * @return T if the group can access the stage, F otherwise | |
210 | * @throws AuthorizationManagerException | |
211 | * if a needed resource for authorization checking can't be found | |
212 | */ | |
213 | public boolean hasAccessGroup(IDIFGroup group, Entity entityType, String entityID) | |
214 | throws AuthorizationManagerException; | |
215 | ||
216 | /** | |
217 | * Checks if the group can access a given application. Will parse the DEM for inherited grants | |
218 | * | |
219 | * @param group | |
220 | * the group to grant access | |
221 | * @param application | |
222 | * the application to check | |
223 | * @return T if the user can access the application, F otherwise | |
224 | * @throws AuthorizationManagerException | |
225 | * if a resource needed for checking authorization credentials can't be accessed | |
226 | */ | |
227 | public boolean hasAccessGroup(IDIFGroup group, IApplication application) throws AuthorizationManagerException; | |
228 | ||
229 | /** | |
230 | * Checks if the group can access a given service. Will parse the DEM for inherited grants | |
231 | * | |
232 | * @param group | |
233 | * the group to grant access | |
234 | * @param service | |
235 | * the service to check | |
236 | * @return T if the user can access the service, F otherwise | |
237 | * @throws AuthorizationManagerException | |
238 | * if a resource needed for checking authorization credentials can't be accessed | |
239 | */ | |
240 | public boolean hasAccessGroup(IDIFGroup group, IService service) throws AuthorizationManagerException; | |
241 | ||
242 | /** | |
243 | * Checks if a group can access to a given stage. | |
244 | * | |
245 | * @param group | |
246 | * the group to grant access | |
247 | * @param stage | |
248 | * the stage to check | |
249 | * @return T if the group can access the stage, F otherwise | |
250 | * @throws AuthorizationManagerException | |
251 | * if a needed resource for authorization checking can't be found | |
252 | */ | |
253 | public boolean hasAccessGroup(IDIFGroup group, IStage stage) throws AuthorizationManagerException; | |
254 | ||
255 | /** | |
256 | * Checks if the public can access to a given entity identified with a type and ID. | |
257 | * | |
258 | * @param entityType | |
259 | * the entity type | |
260 | * @param entityID | |
261 | * the entity ID | |
262 | * @return T if the user can access the stage, F otherwise | |
263 | */ | |
264 | public boolean hasAccessPublic(Entity entityType, String entityID); | |
265 | ||
266 | /** | |
267 | * Checks if the public can access a given application. | |
268 | * | |
269 | * @param application | |
270 | * the application to check | |
271 | * @return T if the public can access the application, F otherwise | |
272 | */ | |
273 | public boolean hasAccessPublic(IApplication application); | |
274 | ||
275 | /** | |
276 | * Checks if the public can access a given service. | |
277 | * | |
278 | * @param service | |
279 | * the stage to check | |
280 | * @return T if the public can access the service, F otherwise | |
281 | */ | |
282 | public boolean hasAccessPublic(IService service); | |
283 | ||
284 | /** | |
285 | * Checks if the public can access a given stage. | |
286 | * | |
287 | * @param stage | |
288 | * the stage to check | |
289 | * @return T if the public can access the stage, F otherwise | |
290 | */ | |
291 | public boolean hasAccessPublic(IStage stage); | |
292 | ||
293 | /** | |
294 | * Checks if a user can access to a given entity identified with a type and ID. | |
295 | * | |
296 | * @param user | |
297 | * the the user to check access | |
298 | * @param entityType | |
299 | * the entity type | |
300 | * @param entityID | |
301 | * the entity ID | |
302 | * @return T if the user can access the stage, F otherwise | |
303 | * @throws AuthorizationManagerException | |
304 | * if a resource needed for checking authorization credentials can't be accessed | |
305 | */ | |
306 | public boolean hasAccessUser(IDIFUser user, Entity entityType, String entityID) | |
307 | throws AuthorizationManagerException; | |
308 | ||
309 | /** | |
310 | * Checks if the user can access a given application. Will parse the DEM for inherited grants | |
311 | * | |
312 | * @param user | |
313 | * the user to check access | |
314 | * @param application | |
315 | * the application to check | |
316 | * @return T if the user can access the application, F otherwise | |
317 | * @throws AuthorizationManagerException | |
318 | * if a resource needed for checking authorization credentials can't be accessed | |
319 | */ | |
320 | public boolean hasAccessUser(IDIFUser user, IApplication application) throws AuthorizationManagerException; | |
321 | ||
322 | /** | |
323 | * Checks if the user can access a given service. Will parse the DEM for inherited grants | |
324 | * | |
325 | * @param user | |
326 | * the user to check access | |
327 | * @param service | |
328 | * the service to check | |
329 | * @return T if the user can access the service, F otherwise | |
330 | * @throws AuthorizationManagerException | |
331 | * if a resource needed for checking authorization credentials can't be accessed | |
332 | */ | |
333 | public boolean hasAccessUser(IDIFUser user, IService service) throws AuthorizationManagerException; | |
334 | ||
335 | /** | |
336 | * Checks if the user can access a given stage. Will parse the DEM for inherited grants | |
337 | * | |
338 | * @param user | |
339 | * the user to check access | |
340 | * @param stage | |
341 | * the stage to check | |
342 | * @return T if the user can access the stage, F otherwise | |
343 | * @throws AuthorizationManagerException | |
344 | * if a resource needed for checking authorization credentials can't be accessed | |
345 | */ | |
346 | public boolean hasAccessUser(IDIFUser user, IStage stage) throws AuthorizationManagerException; | |
347 | ||
348 | /** | |
349 | * Revokes the access of a group to a given stage. | |
350 | * | |
351 | * @param groupID | |
352 | * the id of the group to revoke access | |
353 | * @param entityType | |
354 | * the entity type | |
355 | * @param entityID | |
356 | * the entity ID | |
357 | * @return T if access was revoked, F otherwise. | |
358 | */ | |
359 | public boolean revokeAccessFromGroup(String groupID, Entity entityType, String entityID); | |
360 | ||
361 | /** | |
362 | * Revokes the public access to a given stage. AccessControl | |
363 | * | |
364 | * @param entityType | |
365 | * the entity type | |
366 | * @param entityID | |
367 | * the entity ID | |
368 | * @return T if access was revoked, F otherwise. | |
369 | */ | |
370 | public boolean revokeAccessFromPublic(Entity entityType, String entityID); | |
371 | ||
372 | /** | |
373 | * Revokes the access of a user to a given stage. | |
374 | * | |
375 | * @param userID | |
376 | * the id of the user to revoke access | |
377 | * @param entityType | |
378 | * the entity type | |
379 | * @param entityID | |
380 | * the entity ID | |
381 | * @return T if access was revoked, F otherwise. | |
382 | */ | |
383 | public boolean revokeAccessFromUser(String userID, Entity entityType, String entityID); | |
384 | ||
385 | /** | |
386 | * Removes an ACL from the manager repository | |
387 | * | |
388 | * @param entry | |
389 | * the entry | |
390 | * @return T if the operation was successful | |
391 | */ | |
392 | public boolean revokeACLEntry(ACLEntry entry); | |
393 | ||
394 | /** | |
395 | * Revokes the access of a group to all entities. | |
396 | * | |
397 | * @param groupID | |
398 | * the id of the group to revoke access | |
399 | * @return T if access was revoked, F otherwise. | |
400 | */ | |
401 | public boolean revokeAllAccessFromGroup(String groupID); | |
402 | ||
403 | /** | |
404 | * Revokes the access of a user to all entities. | |
405 | * | |
406 | * @param userID | |
407 | * the id of the user to revoke access | |
408 | * @return T if access was revoked, F otherwise. | |
409 | */ | |
410 | public boolean revokeAllAccessFromUser(String userID); | |
411 | } |