1 /**
2 * This file Copyright (c) 2003-2012 Magnolia International
3 * Ltd. (http://www.magnolia-cms.com). All rights reserved.
4 *
5 *
6 * This file is dual-licensed under both the Magnolia
7 * Network Agreement and the GNU General Public License.
8 * You may elect to use one or the other of these licenses.
9 *
10 * This file is distributed in the hope that it will be
11 * useful, but AS-IS and WITHOUT ANY WARRANTY; without even the
12 * implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE, TITLE, or NONINFRINGEMENT.
14 * Redistribution, except as permitted by whichever of the GPL
15 * or MNA you select, is prohibited.
16 *
17 * 1. For the GPL license (GPL), you can redistribute and/or
18 * modify this file under the terms of the GNU General
19 * Public License, Version 3, as published by the Free Software
20 * Foundation. You should have received a copy of the GNU
21 * General Public License, Version 3 along with this program;
22 * if not, write to the Free Software Foundation, Inc., 51
23 * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
24 *
25 * 2. For the Magnolia Network Agreement (MNA), this file
26 * and the accompanying materials are made available under the
27 * terms of the MNA which accompanies this distribution, and
28 * is available at http://www.magnolia-cms.com/mna.html
29 *
30 * Any modifications to this file must keep this entire header
31 * intact.
32 *
33 */
34 package info.magnolia.cms.security;
35
36 import info.magnolia.cms.security.auth.ACL;
37
38 import java.util.Collection;
39 import java.util.Map;
40
41 import javax.jcr.Value;
42 import javax.security.auth.Subject;
43
44
45 /**
46 * Manages users.
47 * @version $Revision$ ($Author$)
48 */
49 public interface UserManager {
50
51 /**
52 * Magnolia system user name.
53 */
54 public static final String SYSTEM_USER = "superuser";
55
56 /**
57 * Magnolia system default password.
58 */
59 public static final String SYSTEM_PSWD = "superuser";
60
61 /**
62 * Anonymous user name.
63 */
64 public static final String ANONYMOUS_USER = "anonymous";
65
66 /**
67 * Find a specific user. Not all implementations will support this method.
68 * @param name the name of the user
69 * @return the user object
70 */
71 public User getUser(String name) throws UnsupportedOperationException;
72
73 /**
74 * Find a specific user. Not all implementations will support this method.
75 * @param id user identifier
76 * @return the user object
77 */
78 public User getUserById(String id) throws UnsupportedOperationException;
79
80 /**
81 * Initialize new user using JAAS authenticated/authorized subject.
82 * @throws UnsupportedOperationException if the current implementation doesn't support this operation
83 * @deprecated jaas login module should just request the user, not pass the subject around to the user manager
84 */
85 @Deprecated
86 public User getUser(Subject subject) throws UnsupportedOperationException;
87
88 /**
89 * Get system user, this user must always exist in magnolia repository.
90 * @throws UnsupportedOperationException if the current implementation doesn't support this operation
91 */
92 public User getSystemUser() throws UnsupportedOperationException;
93
94 /**
95 * Get Anonymous user, this user must always exist in magnolia repository.
96 * @throws UnsupportedOperationException if the current implementation doesn't support this operation
97 */
98 public User getAnonymousUser() throws UnsupportedOperationException;
99
100 /**
101 * Get all users.
102 * @return collection of User objects
103 * @throws UnsupportedOperationException if the current implementation doesn't support this operation
104 */
105 public Collection<User> getAllUsers() throws UnsupportedOperationException;
106
107 /**
108 * Creates a user without security restrictions.
109 * @throws UnsupportedOperationException if the current implementation doesn't support this operation
110 */
111 public User createUser(String name, String pw) throws UnsupportedOperationException;
112
113 /**
114 * Creates a user on given path.
115 * @throws UnsupportedOperationException if the current implementation doesn't support this operation
116 */
117 public User createUser(String path, String name, String pw) throws UnsupportedOperationException;
118
119 /**
120 * Sets a new password.
121 * @return user object with updated password.
122 * @throws UnsupportedOperationException if the current implementation doesn't support this operation
123 */
124 public User changePassword(User user, String newPassword) throws UnsupportedOperationException;
125
126 /**
127 * Sets given property for the user and returns updated user object with new value of the property.
128 * @deprecated since 4.5.7 - use {@link UserManager#setProperty(User, String, String)}
129 *
130 * @param user
131 * User to be updated. If property doesn't exist yet, it will be created. If the value is null, property will be removed if existing.
132 * @param propertyName
133 * Name of the property.
134 * @param propertyValue
135 * Value of the property. Use org.apache.jackrabbit.value.ValueFactoryImpl to convert type to Value.
136 * @return
137 */
138 @Deprecated
139 public User setProperty(User user, String propertyName, Value propertyValue);
140
141 /**
142 * Sets given property for the user and returns updated user object with new value of the property.
143 */
144 public User setProperty(User user, String propertyName, String propertyValue);
145
146 /* ---------- User Manager configuration ----------- */
147
148 /**
149 * Sets a time period for account lock.
150 * @throws UnsupportedOperationException if the current implementation doesn't support this operation
151 */
152 public void setLockTimePeriod(int lockTimePeriod) throws UnsupportedOperationException;
153
154 /**
155 * Gets a time period for account lock.
156 * @throws UnsupportedOperationException if the current implementation doesn't support this operation
157 */
158 public int getLockTimePeriod() throws UnsupportedOperationException;
159
160 /**
161 * Sets a number of failed attempts before locking account.
162 * @throws UnsupportedOperationException if the current implementation doesn't support this operation
163 */
164 public void setMaxFailedLoginAttempts(int maxFailedLoginAttempts) throws UnsupportedOperationException;
165
166 /**
167 * Gets a number of failed attempts before locking account.
168 * @throws UnsupportedOperationException if the current implementation doesn't support this operation
169 */
170 public int getMaxFailedLoginAttempts() throws UnsupportedOperationException;
171
172 /**
173 * Grants user role.
174 * @return user object with the role already granted.
175 */
176 public User addRole(User user, String roleName);
177
178 /**
179 * Adds user to a group.
180 *
181 * @return user object with the group already assigned.
182 */
183 public User addGroup(User user, String groupName);
184
185 /**
186 * Updates last access timestamp for the user.
187 *
188 * @throws UnsupportedOperationException
189 * if the current implementation doesn't support this operation
190 */
191 public void updateLastAccessTimestamp(User user) throws UnsupportedOperationException;
192
193 /**
194 * Checks whether principal belongs to the named resource.
195 * @param name principal name
196 * @param resourceName either group or role name
197 * @param resourceType either group or role see
198 * @return
199 */
200 public boolean hasAny(String principal, String resourceName, String resourceType);
201
202 /**
203 * Returns all ACLs assigned to the given user.
204 * @return
205 */
206 public Map<String, ACL> getACLs(User user);
207
208 /**
209 * Removes user from a group.
210 *
211 * @return user object with the group assignment removed.
212 */
213 public User removeGroup(User user, String groupName);
214
215 /**
216 * Removes role from a user.
217 *
218 * @return user object without removed role.
219 */
220 public User removeRole(User user, String roleName);
221
222 }