1 /**
2 * This file Copyright (c) 2003-2015 Magnolia International
3 * Ltd. (http://www.magnolia-cms.com). All rights reserved.
4 *
5 *
6 * This file is dual-licensed under both the Magnolia
7 * Network Agreement and the GNU General Public License.
8 * You may elect to use one or the other of these licenses.
9 *
10 * This file is distributed in the hope that it will be
11 * useful, but AS-IS and WITHOUT ANY WARRANTY; without even the
12 * implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE, TITLE, or NONINFRINGEMENT.
14 * Redistribution, except as permitted by whichever of the GPL
15 * or MNA you select, is prohibited.
16 *
17 * 1. For the GPL license (GPL), you can redistribute and/or
18 * modify this file under the terms of the GNU General
19 * Public License, Version 3, as published by the Free Software
20 * Foundation. You should have received a copy of the GNU
21 * General Public License, Version 3 along with this program;
22 * if not, write to the Free Software Foundation, Inc., 51
23 * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
24 *
25 * 2. For the Magnolia Network Agreement (MNA), this file
26 * and the accompanying materials are made available under the
27 * terms of the MNA which accompanies this distribution, and
28 * is available at http://www.magnolia-cms.com/mna.html
29 *
30 * Any modifications to this file must keep this entire header
31 * intact.
32 *
33 */
34 package info.magnolia.cms.security;
35
36 import info.magnolia.cms.security.auth.ACL;
37
38 import java.util.Collection;
39 import java.util.Map;
40
41 import javax.jcr.Value;
42 import javax.security.auth.Subject;
43
44
45 /**
46 * Manages users.
47 */
48 public interface UserManager {
49
50 /**
51 * Magnolia system user name.
52 */
53 public static final String SYSTEM_USER = "superuser";
54
55 /**
56 * Magnolia system default password.
57 */
58 public static final String SYSTEM_PSWD = "superuser";
59
60 /**
61 * Anonymous user name.
62 */
63 public static final String ANONYMOUS_USER = "anonymous";
64
65 /**
66 * Find a specific user. Not all implementations will support this method.
67 * @param name the name of the user
68 * @return the user object
69 */
70 public User getUser(String name) throws UnsupportedOperationException;
71
72 /**
73 * Find a specific user. Not all implementations will support this method.
74 * @param id user identifier
75 * @return the user object
76 */
77 public User getUserById(String id) throws UnsupportedOperationException;
78
79 /**
80 * Initialize new user using JAAS authenticated/authorized subject.
81 * @throws UnsupportedOperationException if the current implementation doesn't support this operation
82 * @deprecated jaas login module should just request the user, not pass the subject around to the user manager
83 */
84 @Deprecated
85 public User getUser(Subject subject) throws UnsupportedOperationException;
86
87 /**
88 * Get system user, this user must always exist in magnolia repository.
89 * @throws UnsupportedOperationException if the current implementation doesn't support this operation
90 */
91 public User getSystemUser() throws UnsupportedOperationException;
92
93 /**
94 * Get Anonymous user, this user must always exist in magnolia repository.
95 * @throws UnsupportedOperationException if the current implementation doesn't support this operation
96 */
97 public User getAnonymousUser() throws UnsupportedOperationException;
98
99 /**
100 * Get all users.
101 * @return collection of User objects
102 * @throws UnsupportedOperationException if the current implementation doesn't support this operation
103 */
104 public Collection<User> getAllUsers() throws UnsupportedOperationException;
105
106 /**
107 * Creates a user without security restrictions.
108 * @throws UnsupportedOperationException if the current implementation doesn't support this operation
109 */
110 public User createUser(String name, String pw) throws UnsupportedOperationException;
111
112 /**
113 * Creates a user on given path.
114 * @throws UnsupportedOperationException if the current implementation doesn't support this operation
115 */
116 public User createUser(String path, String name, String pw) throws UnsupportedOperationException;
117
118 /**
119 * Sets a new password.
120 * @return user object with updated password.
121 * @throws UnsupportedOperationException if the current implementation doesn't support this operation
122 */
123 public User changePassword(User user, String newPassword) throws UnsupportedOperationException;
124
125 /**
126 * Sets given property for the user.
127 *
128 * @deprecated since 4.5.7 - use {@link UserManager#setProperty(User, String, String)}
129 *
130 * @param user User to be updated. If property doesn't exist yet, it will be created. If the value is null, property will be removed if existing.
131 * @param propertyName Name of the property.
132 * @param propertyValue Value of the property. Use org.apache.jackrabbit.value.ValueFactoryImpl to convert type to Value.
133 * @return updated user object with new value of the property.
134 */
135 @Deprecated
136 public User setProperty(User user, String propertyName, Value propertyValue);
137
138 /**
139 * Sets given property for the user and returns updated user object with new value of the property.
140 */
141 public User setProperty(User user, String propertyName, String propertyValue);
142
143 /* ---------- User Manager configuration ----------- */
144
145 /**
146 * Sets a time period for account lock.
147 * @throws UnsupportedOperationException if the current implementation doesn't support this operation
148 */
149 public void setLockTimePeriod(int lockTimePeriod) throws UnsupportedOperationException;
150
151 /**
152 * Gets a time period for account lock.
153 * @throws UnsupportedOperationException if the current implementation doesn't support this operation
154 */
155 public int getLockTimePeriod() throws UnsupportedOperationException;
156
157 /**
158 * Sets a number of failed attempts before locking account.
159 * @throws UnsupportedOperationException if the current implementation doesn't support this operation
160 */
161 public void setMaxFailedLoginAttempts(int maxFailedLoginAttempts) throws UnsupportedOperationException;
162
163 /**
164 * Gets a number of failed attempts before locking account.
165 * @throws UnsupportedOperationException if the current implementation doesn't support this operation
166 */
167 public int getMaxFailedLoginAttempts() throws UnsupportedOperationException;
168
169 /**
170 * Grants user role.
171 * @return user object with the role already granted.
172 */
173 public User addRole(User user, String roleName);
174
175 /**
176 * Adds user to a group.
177 *
178 * @return user object with the group already assigned.
179 */
180 public User addGroup(User user, String groupName);
181
182 /**
183 * Updates last access timestamp for the user.
184 *
185 * @throws UnsupportedOperationException if the current implementation doesn't support this operation
186 */
187 public void updateLastAccessTimestamp(User user) throws UnsupportedOperationException;
188
189 /**
190 * @return whether principal belongs to the named resource.
191 * @param principal name of the principal
192 * @param resourceName either group or role name
193 * @param resourceType either group or role see
194 *
195 */
196 public boolean hasAny(String principal, String resourceName, String resourceType);
197
198 /**
199 * @return all ACLs assigned to the given user.
200 */
201 public Map<String, ACL> getACLs(User user);
202
203 /**
204 * Removes user from a group.
205 *
206 * @return user object with the group assignment removed.
207 */
208 public User removeGroup(User user, String groupName);
209
210 /**
211 * Removes role from a user.
212 *
213 * @return user object without removed role.
214 */
215 public User removeRole(User user, String roleName);
216
217 }