1 /**
2 * This file Copyright (c) 2003-2013 Magnolia International
3 * Ltd. (http://www.magnolia-cms.com). All rights reserved.
4 *
5 *
6 * This file is dual-licensed under both the Magnolia
7 * Network Agreement and the GNU General Public License.
8 * You may elect to use one or the other of these licenses.
9 *
10 * This file is distributed in the hope that it will be
11 * useful, but AS-IS and WITHOUT ANY WARRANTY; without even the
12 * implied warranty of MERCHANTABILITY or FITNESS FOR A
13 * PARTICULAR PURPOSE, TITLE, or NONINFRINGEMENT.
14 * Redistribution, except as permitted by whichever of the GPL
15 * or MNA you select, is prohibited.
16 *
17 * 1. For the GPL license (GPL), you can redistribute and/or
18 * modify this file under the terms of the GNU General
19 * Public License, Version 3, as published by the Free Software
20 * Foundation. You should have received a copy of the GNU
21 * General Public License, Version 3 along with this program;
22 * if not, write to the Free Software Foundation, Inc., 51
23 * Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
24 *
25 * 2. For the Magnolia Network Agreement (MNA), this file
26 * and the accompanying materials are made available under the
27 * terms of the MNA which accompanies this distribution, and
28 * is available at http://www.magnolia-cms.com/mna.html
29 *
30 * Any modifications to this file must keep this entire header
31 * intact.
32 *
33 */
34 package info.magnolia.cms.security;
35
36 import info.magnolia.cms.security.auth.ACL;
37
38 import java.util.Collection;
39 import java.util.Map;
40
41 import javax.jcr.Value;
42 import javax.security.auth.Subject;
43
44
45 /**
46 * Manages users.
47 */
48 public interface UserManager {
49
50 /**
51 * Magnolia system user name.
52 */
53 public static final String SYSTEM_USER = "superuser";
54
55 /**
56 * Magnolia system default password.
57 */
58 public static final String SYSTEM_PSWD = "superuser";
59
60 /**
61 * Anonymous user name.
62 */
63 public static final String ANONYMOUS_USER = "anonymous";
64
65 /**
66 * Find a specific user. Not all implementations will support this method.
67 * @param name the name of the user
68 * @return the user object
69 */
70 public User getUser(String name) throws UnsupportedOperationException;
71
72 /**
73 * Find a specific user. Not all implementations will support this method.
74 * @param id user identifier
75 * @return the user object
76 */
77 public User getUserById(String id) throws UnsupportedOperationException;
78
79 /**
80 * Initialize new user using JAAS authenticated/authorized subject.
81 * @throws UnsupportedOperationException if the current implementation doesn't support this operation
82 * @deprecated jaas login module should just request the user, not pass the subject around to the user manager
83 */
84 @Deprecated
85 public User getUser(Subject subject) throws UnsupportedOperationException;
86
87 /**
88 * Get system user, this user must always exist in magnolia repository.
89 * @throws UnsupportedOperationException if the current implementation doesn't support this operation
90 */
91 public User getSystemUser() throws UnsupportedOperationException;
92
93 /**
94 * Get Anonymous user, this user must always exist in magnolia repository.
95 * @throws UnsupportedOperationException if the current implementation doesn't support this operation
96 */
97 public User getAnonymousUser() throws UnsupportedOperationException;
98
99 /**
100 * Get all users.
101 * @return collection of User objects
102 * @throws UnsupportedOperationException if the current implementation doesn't support this operation
103 */
104 public Collection<User> getAllUsers() throws UnsupportedOperationException;
105
106 /**
107 * Creates a user without security restrictions.
108 * @throws UnsupportedOperationException if the current implementation doesn't support this operation
109 */
110 public User createUser(String name, String pw) throws UnsupportedOperationException;
111
112 /**
113 * Creates a user on given path.
114 * @throws UnsupportedOperationException if the current implementation doesn't support this operation
115 */
116 public User createUser(String path, String name, String pw) throws UnsupportedOperationException;
117
118 /**
119 * Sets a new password.
120 * @return user object with updated password.
121 * @throws UnsupportedOperationException if the current implementation doesn't support this operation
122 */
123 public User changePassword(User user, String newPassword) throws UnsupportedOperationException;
124
125 /**
126 * Sets given property for the user.
127 *
128 * @deprecated since 4.5.7 - use {@link UserManager#setProperty(User, String, String)}
129 *
130 * @param user
131 * User to be updated. If property doesn't exist yet, it will be created. If the value is null, property will be removed if existing.
132 * @param propertyName
133 * Name of the property.
134 * @param propertyValue
135 * Value of the property. Use org.apache.jackrabbit.value.ValueFactoryImpl to convert type to Value.
136 * @return updated user object with new value of the property.
137 */
138 @Deprecated
139 public User setProperty(User user, String propertyName, Value propertyValue);
140
141 /**
142 * Sets given property for the user and returns updated user object with new value of the property.
143 */
144 public User setProperty(User user, String propertyName, String propertyValue);
145
146 /* ---------- User Manager configuration ----------- */
147
148 /**
149 * Sets a time period for account lock.
150 * @throws UnsupportedOperationException if the current implementation doesn't support this operation
151 */
152 public void setLockTimePeriod(int lockTimePeriod) throws UnsupportedOperationException;
153
154 /**
155 * Gets a time period for account lock.
156 * @throws UnsupportedOperationException if the current implementation doesn't support this operation
157 */
158 public int getLockTimePeriod() throws UnsupportedOperationException;
159
160 /**
161 * Sets a number of failed attempts before locking account.
162 * @throws UnsupportedOperationException if the current implementation doesn't support this operation
163 */
164 public void setMaxFailedLoginAttempts(int maxFailedLoginAttempts) throws UnsupportedOperationException;
165
166 /**
167 * Gets a number of failed attempts before locking account.
168 * @throws UnsupportedOperationException if the current implementation doesn't support this operation
169 */
170 public int getMaxFailedLoginAttempts() throws UnsupportedOperationException;
171
172 /**
173 * Grants user role.
174 * @return user object with the role already granted.
175 */
176 public User addRole(User user, String roleName);
177
178 /**
179 * Adds user to a group.
180 *
181 * @return user object with the group already assigned.
182 */
183 public User addGroup(User user, String groupName);
184
185 /**
186 * Updates last access timestamp for the user.
187 *
188 * @throws UnsupportedOperationException
189 * if the current implementation doesn't support this operation
190 */
191 public void updateLastAccessTimestamp(User user) throws UnsupportedOperationException;
192
193 /**
194 * @return whether principal belongs to the named resource.
195 * @param principal name of the principal
196 * @param resourceName either group or role name
197 * @param resourceType either group or role see
198 *
199 */
200 public boolean hasAny(String principal, String resourceName, String resourceType);
201
202 /**
203 * @return all ACLs assigned to the given user.
204 */
205 public Map<String, ACL> getACLs(User user);
206
207 /**
208 * Removes user from a group.
209 *
210 * @return user object with the group assignment removed.
211 */
212 public User removeGroup(User user, String groupName);
213
214 /**
215 * Removes role from a user.
216 *
217 * @return user object without removed role.
218 */
219 public User removeRole(User user, String roleName);
220
221 }