1 /**
2 * 2007, Digitalis Informatica. All rights reserved. Distribuicao e Gestao de Informatica, Lda. Estrada de Paco de Arcos
3 * num.9 - Piso -1 2780-666 Paco de Arcos Telefone: (351) 21 4408990 Fax: (351) 21 4408999 http://www.digitalis.pt
4 */
5
6 package pt.digitalis.dif.controller.security.managers;
7
8 import java.util.List;
9
10 import pt.digitalis.dif.controller.security.objects.ACLEntry;
11 import pt.digitalis.dif.controller.security.objects.IDIFGroup;
12 import pt.digitalis.dif.controller.security.objects.IDIFUser;
13 import pt.digitalis.dif.dem.Entity;
14 import pt.digitalis.dif.dem.interfaces.IApplication;
15 import pt.digitalis.dif.dem.interfaces.IService;
16 import pt.digitalis.dif.dem.interfaces.IStage;
17 import pt.digitalis.dif.exception.security.AuthorizationManagerException;
18
19 /**
20 * Defines the behavior for an authorization manager.
21 *
22 * @author Rodrigo Gonçalves <a href="mailto:rgoncalves@digitalis.pt">rgoncalves@digitalis.pt</a><br/>
23 * @author Pedro Viegas <a href="mailto:pviegas@digitalis.pt">pviegas@digitalis.pt</a><br/>
24 * @created 2007/12/03
25 */
26 public interface IAuthorizationManager {
27
28 /**
29 * Adds an ACL to the manager repository
30 *
31 * @param entry
32 * the entry
33 * @return T if the operation was successful
34 * @throws AuthorizationManagerException
35 * if a resource needed for adding authorization credentials can't be accessed
36 */
37 public boolean addACLEntry(ACLEntry entry) throws AuthorizationManagerException;
38
39 /**
40 * Returns the ACL by application.
41 *
42 * @param applicationID
43 * the application id
44 * @return the application ACL
45 */
46 public List<ACLEntry> findACLEntriesByApplication(String applicationID);
47
48 /**
49 * Returns the group ACL.
50 *
51 * @param groupID
52 * the group id
53 * @return the group ACL
54 */
55 public List<ACLEntry> findACLEntriesByGroup(String groupID);
56
57 /**
58 * Returns ACL by provider.
59 *
60 * @param provider
61 * the provider id
62 * @return the provider ACL
63 */
64 public List<ACLEntry> findACLEntriesByProvider(String provider);
65
66 /**
67 * Returns the ACL by service.
68 *
69 * @param serviceID
70 * the service id
71 * @return the service ACL
72 */
73 public List<ACLEntry> findACLEntriesByService(String serviceID);
74
75 /**
76 * Returns the ACL by stage.
77 *
78 * @param stageID
79 * the stage id
80 * @return the stage ACL
81 */
82 public List<ACLEntry> findACLEntriesByStage(String stageID);
83
84 /**
85 * Returns the user ACL.
86 *
87 * @param userID
88 * the user id
89 * @return the user ACL
90 */
91 public List<ACLEntry> findACLEntriesByUser(String userID);
92
93 /**
94 * Returns the user ACL, inheriting the ACL's from groups as well.
95 *
96 * @param userID
97 * the user id
98 * @return the user ACL
99 * @throws AuthorizationManagerException
100 */
101 public List<ACLEntry> findACLEntriesByUserInherited(String userID) throws AuthorizationManagerException;
102
103 /**
104 * Returns the public ACL.
105 *
106 * @return the public ACL
107 */
108 public List<ACLEntry> findPublicACLEntries();
109
110 /**
111 * Grants a group with access to a given stage.
112 *
113 * @param groupID
114 * the id of the group to grant access
115 * @param entityType
116 * the entity type
117 * @param entityID
118 * the entity ID
119 * @return T if access was granted, F otherwise.
120 * @throws AuthorizationManagerException
121 * if a resource needed for checking authorization credentials can't be accessed
122 */
123 public boolean grantAccessToGroup(String groupID, Entity entityType, String entityID)
124 throws AuthorizationManagerException;
125
126 /**
127 * Grants the public with access to a given stage.
128 *
129 * @param entityType
130 * the entity type
131 * @param entityID
132 * the entity ID
133 * @return T if access was granted, F otherwise.
134 * @throws AuthorizationManagerException
135 * if a resource needed for checking authorization credentials can't be accessed
136 */
137 public boolean grantAccessToPublic(Entity entityType, String entityID) throws AuthorizationManagerException;
138
139 /**
140 * Grants a user with access to a given stage.
141 *
142 * @param userID
143 * the id of the user to grant access
144 * @param entityType
145 * the entity type
146 * @param entityID
147 * the entity ID
148 * @return T if access was granted, F otherwise.
149 * @throws AuthorizationManagerException
150 * if a resource needed for granting authorization credentials can't be accessed
151 */
152 public boolean grantAccessToUser(String userID, Entity entityType, String entityID)
153 throws AuthorizationManagerException;
154
155 /**
156 * Grants a group with default access to a given stage.
157 *
158 * @param groupID
159 * the id of the group to grant access
160 * @param entityType
161 * the entity type
162 * @param entityID
163 * the entity ID
164 * @return T if access was granted, F otherwise.
165 * @throws AuthorizationManagerException
166 * if a resource needed for checking authorization credentials can't be accessed
167 */
168 public boolean grantDefaultAccessToGroup(String groupID, Entity entityType, String entityID)
169 throws AuthorizationManagerException;
170
171 /**
172 * Grants a user with default access to a given stage.
173 *
174 * @param userID
175 * the id of the user to grant access
176 * @param entityType
177 * the entity type
178 * @param entityID
179 * the entity ID
180 * @return T if access was granted, F otherwise.
181 * @throws AuthorizationManagerException
182 * if a resource needed for granting authorization credentials can't be accessed
183 */
184 public boolean grantDefaultAccessToUser(String userID, Entity entityType, String entityID)
185 throws AuthorizationManagerException;
186
187 /**
188 * Grants with default public access to a given stage.
189 *
190 * @param entityType
191 * the entity type
192 * @param entityID
193 * the entity ID
194 * @return T if the operation was successful
195 * @throws AuthorizationManagerException
196 * if a resource needed for granting authorization credentials can't be accessed
197 */
198 public boolean grantDefaultPublicAccess(Entity entityType, String entityID) throws AuthorizationManagerException;
199
200 /**
201 * Checks if a group can access a given stage.
202 *
203 * @param group
204 * the group to grant access
205 * @param entityType
206 * the entity type
207 * @param entityID
208 * the entity ID
209 * @return T if the group can access the stage, F otherwise
210 * @throws AuthorizationManagerException
211 * if a needed resource for authorization checking can't be found
212 */
213 public boolean hasAccessGroup(IDIFGroup group, Entity entityType, String entityID)
214 throws AuthorizationManagerException;
215
216 /**
217 * Checks if the group can access a given application. Will parse the DEM for inherited grants
218 *
219 * @param group
220 * the group to grant access
221 * @param application
222 * the application to check
223 * @return T if the user can access the application, F otherwise
224 * @throws AuthorizationManagerException
225 * if a resource needed for checking authorization credentials can't be accessed
226 */
227 public boolean hasAccessGroup(IDIFGroup group, IApplication application) throws AuthorizationManagerException;
228
229 /**
230 * Checks if the group can access a given service. Will parse the DEM for inherited grants
231 *
232 * @param group
233 * the group to grant access
234 * @param service
235 * the service to check
236 * @return T if the user can access the service, F otherwise
237 * @throws AuthorizationManagerException
238 * if a resource needed for checking authorization credentials can't be accessed
239 */
240 public boolean hasAccessGroup(IDIFGroup group, IService service) throws AuthorizationManagerException;
241
242 /**
243 * Checks if a group can access to a given stage.
244 *
245 * @param group
246 * the group to grant access
247 * @param stage
248 * the stage to check
249 * @return T if the group can access the stage, F otherwise
250 * @throws AuthorizationManagerException
251 * if a needed resource for authorization checking can't be found
252 */
253 public boolean hasAccessGroup(IDIFGroup group, IStage stage) throws AuthorizationManagerException;
254
255 /**
256 * Checks if the public can access to a given entity identified with a type and ID.
257 *
258 * @param entityType
259 * the entity type
260 * @param entityID
261 * the entity ID
262 * @return T if the user can access the stage, F otherwise
263 */
264 public boolean hasAccessPublic(Entity entityType, String entityID);
265
266 /**
267 * Checks if the public can access a given application.
268 *
269 * @param application
270 * the application to check
271 * @return T if the public can access the application, F otherwise
272 */
273 public boolean hasAccessPublic(IApplication application);
274
275 /**
276 * Checks if the public can access a given service.
277 *
278 * @param service
279 * the stage to check
280 * @return T if the public can access the service, F otherwise
281 */
282 public boolean hasAccessPublic(IService service);
283
284 /**
285 * Checks if the public can access a given stage.
286 *
287 * @param stage
288 * the stage to check
289 * @return T if the public can access the stage, F otherwise
290 */
291 public boolean hasAccessPublic(IStage stage);
292
293 /**
294 * Checks if a user can access to a given entity identified with a type and ID.
295 *
296 * @param user
297 * the the user to check access
298 * @param entityType
299 * the entity type
300 * @param entityID
301 * the entity ID
302 * @return T if the user can access the stage, F otherwise
303 * @throws AuthorizationManagerException
304 * if a resource needed for checking authorization credentials can't be accessed
305 */
306 public boolean hasAccessUser(IDIFUser user, Entity entityType, String entityID)
307 throws AuthorizationManagerException;
308
309 /**
310 * Checks if the user can access a given application. Will parse the DEM for inherited grants
311 *
312 * @param user
313 * the user to check access
314 * @param application
315 * the application to check
316 * @return T if the user can access the application, F otherwise
317 * @throws AuthorizationManagerException
318 * if a resource needed for checking authorization credentials can't be accessed
319 */
320 public boolean hasAccessUser(IDIFUser user, IApplication application) throws AuthorizationManagerException;
321
322 /**
323 * Checks if the user can access a given service. Will parse the DEM for inherited grants
324 *
325 * @param user
326 * the user to check access
327 * @param service
328 * the service to check
329 * @return T if the user can access the service, F otherwise
330 * @throws AuthorizationManagerException
331 * if a resource needed for checking authorization credentials can't be accessed
332 */
333 public boolean hasAccessUser(IDIFUser user, IService service) throws AuthorizationManagerException;
334
335 /**
336 * Checks if the user can access a given stage. Will parse the DEM for inherited grants
337 *
338 * @param user
339 * the user to check access
340 * @param stage
341 * the stage to check
342 * @return T if the user can access the stage, F otherwise
343 * @throws AuthorizationManagerException
344 * if a resource needed for checking authorization credentials can't be accessed
345 */
346 public boolean hasAccessUser(IDIFUser user, IStage stage) throws AuthorizationManagerException;
347
348 /**
349 * Revokes the access of a group to a given stage.
350 *
351 * @param groupID
352 * the id of the group to revoke access
353 * @param entityType
354 * the entity type
355 * @param entityID
356 * the entity ID
357 * @return T if access was revoked, F otherwise.
358 */
359 public boolean revokeAccessFromGroup(String groupID, Entity entityType, String entityID);
360
361 /**
362 * Revokes the public access to a given stage. AccessControl
363 *
364 * @param entityType
365 * the entity type
366 * @param entityID
367 * the entity ID
368 * @return T if access was revoked, F otherwise.
369 */
370 public boolean revokeAccessFromPublic(Entity entityType, String entityID);
371
372 /**
373 * Revokes the access of a user to a given stage.
374 *
375 * @param userID
376 * the id of the user to revoke access
377 * @param entityType
378 * the entity type
379 * @param entityID
380 * the entity ID
381 * @return T if access was revoked, F otherwise.
382 */
383 public boolean revokeAccessFromUser(String userID, Entity entityType, String entityID);
384
385 /**
386 * Removes an ACL from the manager repository
387 *
388 * @param entry
389 * the entry
390 * @return T if the operation was successful
391 */
392 public boolean revokeACLEntry(ACLEntry entry);
393
394 /**
395 * Revokes the access of a group to all entities.
396 *
397 * @param groupID
398 * the id of the group to revoke access
399 * @return T if access was revoked, F otherwise.
400 */
401 public boolean revokeAllAccessFromGroup(String groupID);
402
403 /**
404 * Revokes the access of a user to all entities.
405 *
406 * @param userID
407 * the id of the user to revoke access
408 * @return T if access was revoked, F otherwise.
409 */
410 public boolean revokeAllAccessFromUser(String userID);
411 }