1 /** 2 * This file Copyright (c) 2003-2011 Magnolia International 3 * Ltd. (http://www.magnolia-cms.com). All rights reserved. 4 * 5 * 6 * This file is dual-licensed under both the Magnolia 7 * Network Agreement and the GNU General Public License. 8 * You may elect to use one or the other of these licenses. 9 * 10 * This file is distributed in the hope that it will be 11 * useful, but AS-IS and WITHOUT ANY WARRANTY; without even the 12 * implied warranty of MERCHANTABILITY or FITNESS FOR A 13 * PARTICULAR PURPOSE, TITLE, or NONINFRINGEMENT. 14 * Redistribution, except as permitted by whichever of the GPL 15 * or MNA you select, is prohibited. 16 * 17 * 1. For the GPL license (GPL), you can redistribute and/or 18 * modify this file under the terms of the GNU General 19 * Public License, Version 3, as published by the Free Software 20 * Foundation. You should have received a copy of the GNU 21 * General Public License, Version 3 along with this program; 22 * if not, write to the Free Software Foundation, Inc., 51 23 * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 24 * 25 * 2. For the Magnolia Network Agreement (MNA), this file 26 * and the accompanying materials are made available under the 27 * terms of the MNA which accompanies this distribution, and 28 * is available at http://www.magnolia-cms.com/mna.html 29 * 30 * Any modifications to this file must keep this entire header 31 * intact. 32 * 33 */ 34 package info.magnolia.cms.security; 35 36 import info.magnolia.cms.security.auth.ACL; 37 38 import java.util.Collection; 39 import java.util.Map; 40 41 import javax.security.auth.Subject; 42 43 44 /** 45 * Manages users. 46 * @version $Revision: 50842 $ ($Author: had $) 47 */ 48 public interface UserManager { 49 50 /** 51 * Magnolia system user name. 52 */ 53 public static final String SYSTEM_USER = "superuser"; 54 55 /** 56 * Magnolia system default password. 57 */ 58 public static final String SYSTEM_PSWD = "superuser"; 59 60 /** 61 * Anonymous user name. 62 */ 63 public static final String ANONYMOUS_USER = "anonymous"; 64 65 /** 66 * Find a specific user. Not all implementations will support this method. 67 * @param name the name of the user 68 * @return the user object 69 */ 70 public User getUser(String name) throws UnsupportedOperationException; 71 72 /** 73 * Initialize new user using JAAS authenticated/authorized subject. 74 * @throws UnsupportedOperationException if the current implementation doesn't support this operation 75 * @deprecated jaas login module should just request the user, not pass the subject around to the user manager 76 */ 77 @Deprecated 78 public User getUser(Subject subject) throws UnsupportedOperationException; 79 80 /** 81 * Get system user, this user must always exist in magnolia repository. 82 * @throws UnsupportedOperationException if the current implementation doesn't support this operation 83 */ 84 public User getSystemUser() throws UnsupportedOperationException; 85 86 /** 87 * Get Anonymous user, this user must always exist in magnolia repository. 88 * @throws UnsupportedOperationException if the current implementation doesn't support this operation 89 */ 90 public User getAnonymousUser() throws UnsupportedOperationException; 91 92 /** 93 * Get all users. 94 * @return collection of User objects 95 * @throws UnsupportedOperationException if the current implementation doesn't support this operation 96 */ 97 public Collection<User> getAllUsers() throws UnsupportedOperationException; 98 99 /** 100 * Creates a user without security restrictions. 101 * @throws UnsupportedOperationException if the current implementation doesn't support this operation 102 */ 103 public User createUser(String name, String pw) throws UnsupportedOperationException; 104 105 /** 106 * Sets a new password. 107 * @return user object with updated password. 108 * @throws UnsupportedOperationException if the current implementation doesn't support this operation 109 */ 110 public User changePassword(User user, String newPassword) throws UnsupportedOperationException; 111 112 /** 113 * Grants user role. 114 * @return user object with the role already granted. 115 */ 116 public User addRole(User user, String roleName); 117 118 /** 119 * Adds user to a group. 120 * 121 * @return user object with the group already assigned. 122 */ 123 public User addGroup(User user, String groupName); 124 125 /** 126 * Updates last access timestamp for the user. 127 * 128 * @throws UnsupportedOperationException 129 * if the current implementation doesn't support this operation 130 */ 131 public void updateLastAccessTimestamp(User user) throws UnsupportedOperationException; 132 133 /** 134 * Checks whether principal belongs to the named resource. 135 * @param name principal name 136 * @param resourceName either group or role name 137 * @param resourceType either group or role see 138 * @return 139 */ 140 public boolean hasAny(String principal, String resourceName, String resourceType); 141 142 /** 143 * Returns all ACLs assigned to the given user. 144 * @return 145 */ 146 public Map<String, ACL> getACLs(User user); 147 148 149 }