1 /** 2 * 2007, Digitalis Informatica. All rights reserved. Distribuicao e Gestao de Informatica, Lda. Estrada de Paco de Arcos 3 * num.9 - Piso -1 2780-666 Paco de Arcos Telefone: (351) 21 4408990 Fax: (351) 21 4408999 http://www.digitalis.pt 4 */ 5 6 package pt.digitalis.dif.controller.security.managers; 7 8 import java.util.List; 9 10 import pt.digitalis.dif.controller.security.objects.ACLEntry; 11 import pt.digitalis.dif.controller.security.objects.IDIFGroup; 12 import pt.digitalis.dif.controller.security.objects.IDIFUser; 13 import pt.digitalis.dif.dem.Entity; 14 import pt.digitalis.dif.dem.interfaces.IApplication; 15 import pt.digitalis.dif.dem.interfaces.IService; 16 import pt.digitalis.dif.dem.interfaces.IStage; 17 import pt.digitalis.dif.exception.security.AuthorizationManagerException; 18 19 /** 20 * Defines the behavior for an authorization manager. 21 * 22 * @author Rodrigo Gonçalves <a href="mailto:rgoncalves@digitalis.pt">rgoncalves@digitalis.pt</a><br/> 23 * @author Pedro Viegas <a href="mailto:pviegas@digitalis.pt">pviegas@digitalis.pt</a><br/> 24 * @created 2007/12/03 25 */ 26 public interface IAuthorizationManager { 27 28 /** 29 * Adds an ACL to the manager repository 30 * 31 * @param entry 32 * the entry 33 * @return T if the operation was successful 34 * @throws AuthorizationManagerException 35 * if a resource needed for adding authorization credentials can't be accessed 36 */ 37 public boolean addACLEntry(ACLEntry entry) throws AuthorizationManagerException; 38 39 /** 40 * Returns the ACL by application. 41 * 42 * @param applicationID 43 * the application id 44 * @return the application ACL 45 */ 46 public List<ACLEntry> findACLEntriesByApplication(String applicationID); 47 48 /** 49 * Returns the group ACL. 50 * 51 * @param groupID 52 * the group id 53 * @return the group ACL 54 */ 55 public List<ACLEntry> findACLEntriesByGroup(String groupID); 56 57 /** 58 * Returns ACL by provider. 59 * 60 * @param provider 61 * the provider id 62 * @return the provider ACL 63 */ 64 public List<ACLEntry> findACLEntriesByProvider(String provider); 65 66 /** 67 * Returns the ACL by service. 68 * 69 * @param serviceID 70 * the service id 71 * @return the service ACL 72 */ 73 public List<ACLEntry> findACLEntriesByService(String serviceID); 74 75 /** 76 * Returns the ACL by stage. 77 * 78 * @param stageID 79 * the stage id 80 * @return the stage ACL 81 */ 82 public List<ACLEntry> findACLEntriesByStage(String stageID); 83 84 /** 85 * Returns the user ACL. 86 * 87 * @param userID 88 * the user id 89 * @return the user ACL 90 */ 91 public List<ACLEntry> findACLEntriesByUser(String userID); 92 93 /** 94 * Returns the user ACL, inheriting the ACL's from groups as well. 95 * 96 * @param userID 97 * the user id 98 * @return the user ACL 99 * @throws AuthorizationManagerException 100 */ 101 public List<ACLEntry> findACLEntriesByUserInherited(String userID) throws AuthorizationManagerException; 102 103 /** 104 * Returns the public ACL. 105 * 106 * @return the public ACL 107 */ 108 public List<ACLEntry> findPublicACLEntries(); 109 110 /** 111 * Grants a group with access to a given stage. 112 * 113 * @param groupID 114 * the id of the group to grant access 115 * @param entityType 116 * the entity type 117 * @param entityID 118 * the entity ID 119 * @return T if access was granted, F otherwise. 120 * @throws AuthorizationManagerException 121 * if a resource needed for checking authorization credentials can't be accessed 122 */ 123 public boolean grantAccessToGroup(String groupID, Entity entityType, String entityID) 124 throws AuthorizationManagerException; 125 126 /** 127 * Grants the public with access to a given stage. 128 * 129 * @param entityType 130 * the entity type 131 * @param entityID 132 * the entity ID 133 * @return T if access was granted, F otherwise. 134 * @throws AuthorizationManagerException 135 * if a resource needed for checking authorization credentials can't be accessed 136 */ 137 public boolean grantAccessToPublic(Entity entityType, String entityID) throws AuthorizationManagerException; 138 139 /** 140 * Grants a user with access to a given stage. 141 * 142 * @param userID 143 * the id of the user to grant access 144 * @param entityType 145 * the entity type 146 * @param entityID 147 * the entity ID 148 * @return T if access was granted, F otherwise. 149 * @throws AuthorizationManagerException 150 * if a resource needed for granting authorization credentials can't be accessed 151 */ 152 public boolean grantAccessToUser(String userID, Entity entityType, String entityID) 153 throws AuthorizationManagerException; 154 155 /** 156 * Grants a group with default access to a given stage. 157 * 158 * @param groupID 159 * the id of the group to grant access 160 * @param entityType 161 * the entity type 162 * @param entityID 163 * the entity ID 164 * @return T if access was granted, F otherwise. 165 * @throws AuthorizationManagerException 166 * if a resource needed for checking authorization credentials can't be accessed 167 */ 168 public boolean grantDefaultAccessToGroup(String groupID, Entity entityType, String entityID) 169 throws AuthorizationManagerException; 170 171 /** 172 * Grants a user with default access to a given stage. 173 * 174 * @param userID 175 * the id of the user to grant access 176 * @param entityType 177 * the entity type 178 * @param entityID 179 * the entity ID 180 * @return T if access was granted, F otherwise. 181 * @throws AuthorizationManagerException 182 * if a resource needed for granting authorization credentials can't be accessed 183 */ 184 public boolean grantDefaultAccessToUser(String userID, Entity entityType, String entityID) 185 throws AuthorizationManagerException; 186 187 /** 188 * Grants with default public access to a given stage. 189 * 190 * @param entityType 191 * the entity type 192 * @param entityID 193 * the entity ID 194 * @return T if the operation was successful 195 * @throws AuthorizationManagerException 196 * if a resource needed for granting authorization credentials can't be accessed 197 */ 198 public boolean grantDefaultPublicAccess(Entity entityType, String entityID) throws AuthorizationManagerException; 199 200 /** 201 * Checks if a group can access a given stage. 202 * 203 * @param group 204 * the group to grant access 205 * @param entityType 206 * the entity type 207 * @param entityID 208 * the entity ID 209 * @return T if the group can access the stage, F otherwise 210 * @throws AuthorizationManagerException 211 * if a needed resource for authorization checking can't be found 212 */ 213 public boolean hasAccessGroup(IDIFGroup group, Entity entityType, String entityID) 214 throws AuthorizationManagerException; 215 216 /** 217 * Checks if the group can access a given application. Will parse the DEM for inherited grants 218 * 219 * @param group 220 * the group to grant access 221 * @param application 222 * the application to check 223 * @return T if the user can access the application, F otherwise 224 * @throws AuthorizationManagerException 225 * if a resource needed for checking authorization credentials can't be accessed 226 */ 227 public boolean hasAccessGroup(IDIFGroup group, IApplication application) throws AuthorizationManagerException; 228 229 /** 230 * Checks if the group can access a given service. Will parse the DEM for inherited grants 231 * 232 * @param group 233 * the group to grant access 234 * @param service 235 * the service to check 236 * @return T if the user can access the service, F otherwise 237 * @throws AuthorizationManagerException 238 * if a resource needed for checking authorization credentials can't be accessed 239 */ 240 public boolean hasAccessGroup(IDIFGroup group, IService service) throws AuthorizationManagerException; 241 242 /** 243 * Checks if a group can access to a given stage. 244 * 245 * @param group 246 * the group to grant access 247 * @param stage 248 * the stage to check 249 * @return T if the group can access the stage, F otherwise 250 * @throws AuthorizationManagerException 251 * if a needed resource for authorization checking can't be found 252 */ 253 public boolean hasAccessGroup(IDIFGroup group, IStage stage) throws AuthorizationManagerException; 254 255 /** 256 * Checks if the public can access to a given entity identified with a type and ID. 257 * 258 * @param entityType 259 * the entity type 260 * @param entityID 261 * the entity ID 262 * @return T if the user can access the stage, F otherwise 263 */ 264 public boolean hasAccessPublic(Entity entityType, String entityID); 265 266 /** 267 * Checks if the public can access a given application. 268 * 269 * @param application 270 * the application to check 271 * @return T if the public can access the application, F otherwise 272 */ 273 public boolean hasAccessPublic(IApplication application); 274 275 /** 276 * Checks if the public can access a given service. 277 * 278 * @param service 279 * the stage to check 280 * @return T if the public can access the service, F otherwise 281 */ 282 public boolean hasAccessPublic(IService service); 283 284 /** 285 * Checks if the public can access a given stage. 286 * 287 * @param stage 288 * the stage to check 289 * @return T if the public can access the stage, F otherwise 290 */ 291 public boolean hasAccessPublic(IStage stage); 292 293 /** 294 * Checks if a user can access to a given entity identified with a type and ID. 295 * 296 * @param user 297 * the the user to check access 298 * @param entityType 299 * the entity type 300 * @param entityID 301 * the entity ID 302 * @return T if the user can access the stage, F otherwise 303 * @throws AuthorizationManagerException 304 * if a resource needed for checking authorization credentials can't be accessed 305 */ 306 public boolean hasAccessUser(IDIFUser user, Entity entityType, String entityID) 307 throws AuthorizationManagerException; 308 309 /** 310 * Checks if the user can access a given application. Will parse the DEM for inherited grants 311 * 312 * @param user 313 * the user to check access 314 * @param application 315 * the application to check 316 * @return T if the user can access the application, F otherwise 317 * @throws AuthorizationManagerException 318 * if a resource needed for checking authorization credentials can't be accessed 319 */ 320 public boolean hasAccessUser(IDIFUser user, IApplication application) throws AuthorizationManagerException; 321 322 /** 323 * Checks if the user can access a given service. Will parse the DEM for inherited grants 324 * 325 * @param user 326 * the user to check access 327 * @param service 328 * the service to check 329 * @return T if the user can access the service, F otherwise 330 * @throws AuthorizationManagerException 331 * if a resource needed for checking authorization credentials can't be accessed 332 */ 333 public boolean hasAccessUser(IDIFUser user, IService service) throws AuthorizationManagerException; 334 335 /** 336 * Checks if the user can access a given stage. Will parse the DEM for inherited grants 337 * 338 * @param user 339 * the user to check access 340 * @param stage 341 * the stage to check 342 * @return T if the user can access the stage, F otherwise 343 * @throws AuthorizationManagerException 344 * if a resource needed for checking authorization credentials can't be accessed 345 */ 346 public boolean hasAccessUser(IDIFUser user, IStage stage) throws AuthorizationManagerException; 347 348 /** 349 * Revokes the access of a group to a given stage. 350 * 351 * @param groupID 352 * the id of the group to revoke access 353 * @param entityType 354 * the entity type 355 * @param entityID 356 * the entity ID 357 * @return T if access was revoked, F otherwise. 358 */ 359 public boolean revokeAccessFromGroup(String groupID, Entity entityType, String entityID); 360 361 /** 362 * Revokes the public access to a given stage. AccessControl 363 * 364 * @param entityType 365 * the entity type 366 * @param entityID 367 * the entity ID 368 * @return T if access was revoked, F otherwise. 369 */ 370 public boolean revokeAccessFromPublic(Entity entityType, String entityID); 371 372 /** 373 * Revokes the access of a user to a given stage. 374 * 375 * @param userID 376 * the id of the user to revoke access 377 * @param entityType 378 * the entity type 379 * @param entityID 380 * the entity ID 381 * @return T if access was revoked, F otherwise. 382 */ 383 public boolean revokeAccessFromUser(String userID, Entity entityType, String entityID); 384 385 /** 386 * Removes an ACL from the manager repository 387 * 388 * @param entry 389 * the entry 390 * @return T if the operation was successful 391 */ 392 public boolean revokeACLEntry(ACLEntry entry); 393 394 /** 395 * Revokes the access of a group to all entities. 396 * 397 * @param groupID 398 * the id of the group to revoke access 399 * @return T if access was revoked, F otherwise. 400 */ 401 public boolean revokeAllAccessFromGroup(String groupID); 402 403 /** 404 * Revokes the access of a user to all entities. 405 * 406 * @param userID 407 * the id of the user to revoke access 408 * @return T if access was revoked, F otherwise. 409 */ 410 public boolean revokeAllAccessFromUser(String userID); 411 }