1 /** 2 * This file Copyright (c) 2003-2011 Magnolia International 3 * Ltd. (http://www.magnolia-cms.com). All rights reserved. 4 * 5 * 6 * This file is dual-licensed under both the Magnolia 7 * Network Agreement and the GNU General Public License. 8 * You may elect to use one or the other of these licenses. 9 * 10 * This file is distributed in the hope that it will be 11 * useful, but AS-IS and WITHOUT ANY WARRANTY; without even the 12 * implied warranty of MERCHANTABILITY or FITNESS FOR A 13 * PARTICULAR PURPOSE, TITLE, or NONINFRINGEMENT. 14 * Redistribution, except as permitted by whichever of the GPL 15 * or MNA you select, is prohibited. 16 * 17 * 1. For the GPL license (GPL), you can redistribute and/or 18 * modify this file under the terms of the GNU General 19 * Public License, Version 3, as published by the Free Software 20 * Foundation. You should have received a copy of the GNU 21 * General Public License, Version 3 along with this program; 22 * if not, write to the Free Software Foundation, Inc., 51 23 * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 24 * 25 * 2. For the Magnolia Network Agreement (MNA), this file 26 * and the accompanying materials are made available under the 27 * terms of the MNA which accompanies this distribution, and 28 * is available at http://www.magnolia-cms.com/mna.html 29 * 30 * Any modifications to this file must keep this entire header 31 * intact. 32 * 33 */ 34 package info.magnolia.cms.security; 35 36 import info.magnolia.cms.security.auth.ACL; 37 38 import java.util.Collection; 39 import java.util.Map; 40 41 import javax.jcr.Value; 42 import javax.security.auth.Subject; 43 44 45 /** 46 * Manages users. 47 * @version $Revision: 55876 $ ($Author: mdivilek $) 48 */ 49 public interface UserManager { 50 51 /** 52 * Magnolia system user name. 53 */ 54 public static final String SYSTEM_USER = "superuser"; 55 56 /** 57 * Magnolia system default password. 58 */ 59 public static final String SYSTEM_PSWD = "superuser"; 60 61 /** 62 * Anonymous user name. 63 */ 64 public static final String ANONYMOUS_USER = "anonymous"; 65 66 /** 67 * Find a specific user. Not all implementations will support this method. 68 * @param name the name of the user 69 * @return the user object 70 */ 71 public User getUser(String name) throws UnsupportedOperationException; 72 73 /** 74 * Find a specific user. Not all implementations will support this method. 75 * @param id user identifier 76 * @return the user object 77 */ 78 public User getUserById(String id) throws UnsupportedOperationException; 79 80 /** 81 * Initialize new user using JAAS authenticated/authorized subject. 82 * @throws UnsupportedOperationException if the current implementation doesn't support this operation 83 * @deprecated jaas login module should just request the user, not pass the subject around to the user manager 84 */ 85 @Deprecated 86 public User getUser(Subject subject) throws UnsupportedOperationException; 87 88 /** 89 * Get system user, this user must always exist in magnolia repository. 90 * @throws UnsupportedOperationException if the current implementation doesn't support this operation 91 */ 92 public User getSystemUser() throws UnsupportedOperationException; 93 94 /** 95 * Get Anonymous user, this user must always exist in magnolia repository. 96 * @throws UnsupportedOperationException if the current implementation doesn't support this operation 97 */ 98 public User getAnonymousUser() throws UnsupportedOperationException; 99 100 /** 101 * Get all users. 102 * @return collection of User objects 103 * @throws UnsupportedOperationException if the current implementation doesn't support this operation 104 */ 105 public Collection<User> getAllUsers() throws UnsupportedOperationException; 106 107 /** 108 * Creates a user without security restrictions. 109 * @throws UnsupportedOperationException if the current implementation doesn't support this operation 110 */ 111 public User createUser(String name, String pw) throws UnsupportedOperationException; 112 113 /** 114 * Sets a new password. 115 * @return user object with updated password. 116 * @throws UnsupportedOperationException if the current implementation doesn't support this operation 117 */ 118 public User changePassword(User user, String newPassword) throws UnsupportedOperationException; 119 120 /** 121 * Sets given property for the user and returns updated user object with new value of the property. 122 * 123 * @param user 124 * User to be updated. If property doesn't exist yet, it will be created. If the value is null, property will be removed if existing. 125 * @param propertyName 126 * Name of the property. 127 * @param propertyValue 128 * Value of the property. Use org.apache.jackrabbit.value.ValueFactoryImpl to convert type to Value. 129 * @return 130 */ 131 public User setProperty(User user, String propertyName, Value propertyValue); 132 133 /* ---------- User Manager configuration ----------- */ 134 135 /** 136 * Sets a time period for account lock. 137 * @throws UnsupportedOperationException if the current implementation doesn't support this operation 138 */ 139 public void setLockTimePeriod(int lockTimePeriod) throws UnsupportedOperationException; 140 141 /** 142 * Gets a time period for account lock. 143 * @throws UnsupportedOperationException if the current implementation doesn't support this operation 144 */ 145 public int getLockTimePeriod() throws UnsupportedOperationException; 146 147 /** 148 * Sets a number of failed attempts before locking account. 149 * @throws UnsupportedOperationException if the current implementation doesn't support this operation 150 */ 151 public void setMaxFailedLoginAttempts(int maxFailedLoginAttempts) throws UnsupportedOperationException; 152 153 /** 154 * Gets a number of failed attempts before locking account. 155 * @throws UnsupportedOperationException if the current implementation doesn't support this operation 156 */ 157 public int getMaxFailedLoginAttempts() throws UnsupportedOperationException; 158 159 /** 160 * Grants user role. 161 * @return user object with the role already granted. 162 */ 163 public User addRole(User user, String roleName); 164 165 /** 166 * Adds user to a group. 167 * 168 * @return user object with the group already assigned. 169 */ 170 public User addGroup(User user, String groupName); 171 172 /** 173 * Updates last access timestamp for the user. 174 * 175 * @throws UnsupportedOperationException 176 * if the current implementation doesn't support this operation 177 */ 178 public void updateLastAccessTimestamp(User user) throws UnsupportedOperationException; 179 180 /** 181 * Checks whether principal belongs to the named resource. 182 * @param name principal name 183 * @param resourceName either group or role name 184 * @param resourceType either group or role see 185 * @return 186 */ 187 public boolean hasAny(String principal, String resourceName, String resourceType); 188 189 /** 190 * Returns all ACLs assigned to the given user. 191 * @return 192 */ 193 public Map<String, ACL> getACLs(User user); 194 195 /** 196 * Removes user from a group. 197 * 198 * @return user object with the group assignment removed. 199 */ 200 public User removeGroup(User user, String groupName); 201 202 /** 203 * Removes role from a user. 204 * 205 * @return user object without removed role. 206 */ 207 public User removeRole(User user, String roleName); 208 209 }