Package org.apache.archiva.redback.rbac
Interface RBACManager
-
- All Known Implementing Classes:
AbstractRBACManager
,CachedRbacManager
,JpaRbacManager
,LdapRbacManager
,MemoryRbacManager
public interface RBACManager
Manages the roles, permissions and operations of the RBAC system.- Author:
- Jesse McConnell, Joakim Erdfelt, Martin Stockhammer
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description void
addChildRole(Role role, Role childRole)
Adds a child to a role.void
addListener(RBACManagerListener listener)
Operation
createOperation(String name)
Permission
createPermission(String name)
Creates an implementation specificPermission
, or return an existingPermission
, depending on the providedname
parameter.Permission
createPermission(String name, String operationName, String resourceIdentifier)
Resource
createResource(String identifier)
Role
createRole(String name)
Role
createRole(String id, String name)
Creates a new role with the given id and role name.UserAssignment
createUserAssignment(String principal)
Creates an implementation specificUserAssignment
, or return an existingUserAssignment
, depending on the providedidentifier
parameter.void
eraseDatabase()
List<? extends Role>
getAllAssignableRoles()
Returns a list of all assignable rolesList<? extends Operation>
getAllOperations()
List<? extends Permission>
getAllPermissions()
List<? extends Resource>
getAllResources()
List<? extends Role>
getAllRoles()
Returns all roles defined in the datastore.List<? extends UserAssignment>
getAllUserAssignments()
Returns all user assignments definedMap<String,List<? extends Permission>>
getAssignedPermissionMap(String principal)
returns a map of assigned permissions keyed off of operation with a list value of PermissionsSet<? extends Permission>
getAssignedPermissions(String principal)
Returns a set of all permissions that are in all active roles for a given principal.Collection<? extends Role>
getAssignedRoles(String principal)
Returns the active roles for a given principal NOTE: roles that are returned might have parent roles themselves, if you just want all permissions then usegetAssignedPermissions(String principal)
Collection<? extends Role>
getAssignedRoles(UserAssignment userAssignment)
Get the Collection ofRole
objects for this UserAssignment.Map<String,? extends Role>
getChildRoleIds(Role role)
Returns all the child roles of a given role as (role id, role) pairs.Map<String,? extends Role>
getChildRoleNames(Role role)
Returns all the child roles of a given role as (name, role) pairs.String
getDescriptionKey()
Collection<? extends Role>
getEffectivelyAssignedRoles(String principal)
Get a list of the effectively assigned roles to the specified user, this includes child rolesCollection<? extends Role>
getEffectivelyUnassignedRoles(String principal)
Get a list of all assignable roles that are currently not effectively assigned to the specific user, meaning, not a child of any already granted roleSet<? extends Role>
getEffectiveRoles(Role role)
Returns all effective roles.Resource
getGlobalResource()
Returns the global resource objectOperation
getOperation(String operationName)
Map<String,? extends Role>
getParentRoleIds(Role role)
Returns all the parent roles of a given role as map of (id, role) elements.Map<String,? extends Role>
getParentRoleNames(Role role)
Returns all the parent roles of a given role as map of (name, role) elements.Permission
getPermission(String permissionName)
Resource
getResource(String resourceIdentifier)
Role
getRole(String roleName)
Returns the role identified by the given nameRole
getRoleById(String id)
Returns the role identified by the given IDMap<String,? extends Role>
getRoles(Collection<String> roleNames)
Returns the role instances for the given role names.Collection<? extends Role>
getUnassignedRoles(String principal)
Get a list of all assignable roles that are currently not assigned to the specific user.UserAssignment
getUserAssignment(String principal)
List<? extends UserAssignment>
getUserAssignmentsForRoles(Collection<String> roleIds)
Returns the assignments for the given rolesvoid
initialize()
consumer of user manager can use it to reload various configuration with the configurable implementation is possible to change dynamically the real implementation used.boolean
isFinalImplementation()
boolean
isReadOnly()
Is the RBACManager read only? if so then create and modify actions are to be disabledboolean
operationExists(String name)
boolean
operationExists(Operation operation)
boolean
permissionExists(String name)
Tests for the existence of a permission.boolean
permissionExists(Permission permission)
void
removeListener(RBACManagerListener listener)
void
removeOperation(String operationName)
void
removeOperation(Operation operation)
void
removePermission(String permissionName)
void
removePermission(Permission permission)
void
removeResource(String resourceIdentifier)
void
removeResource(Resource resource)
void
removeRole(String roleName)
Removes the role with the given name from the datastore.void
removeRole(Role role)
Removes the given role from the datastore.void
removeRoleById(String id)
Removes the role with the given id from the datastore.void
removeUserAssignment(String principal)
Method removeAssignmentvoid
removeUserAssignment(UserAssignment userAssignment)
Method removeAssignmentboolean
resourceExists(String identifier)
boolean
resourceExists(Resource resource)
boolean
roleExists(String name)
Tests for the existence of a Role.boolean
roleExists(Role role)
Returns true, if the given role exists.boolean
roleExistsById(String id)
Returnstrue
, if a role with the given id exists.Operation
saveOperation(Operation operation)
Save the new or existing operation to the store.Permission
savePermission(Permission permission)
Resource
saveResource(Resource resource)
Role
saveRole(Role role)
Persists the given role to the backend datastore.void
saveRoles(Collection<Role> roles)
Persists all of the given roles to the backend datastore.UserAssignment
saveUserAssignment(UserAssignment userAssignment)
Method saveUserAssignmentboolean
userAssignmentExists(String principal)
boolean
userAssignmentExists(UserAssignment assignment)
-
-
-
Method Detail
-
addListener
void addListener(RBACManagerListener listener)
-
removeListener
void removeListener(RBACManagerListener listener)
-
createRole
Role createRole(String name)
Creates an implementation specificRole
, or return an existingRole
, depending on the providedname
parameter. Note: Be sure to usesaveRole(Role)
in order to persist any changes to the Role.- Parameters:
name
- the name.- Returns:
- the new
Role
object.
-
createRole
Role createRole(String id, String name)
Creates a new role with the given id and role name.- Parameters:
id
- the role identifier, which must be uniquename
- the role name, which must be unique- Returns:
- the new role instance
-
roleExists
boolean roleExists(String name) throws RbacManagerException
Tests for the existence of a Role.- Returns:
- true if role exists in store.
- Throws:
RbacManagerException
- if the access to the backend datastore failed
-
roleExistsById
boolean roleExistsById(String id) throws RbacManagerException
Returnstrue
, if a role with the given id exists.- Parameters:
id
- the role id- Returns:
true
, if the role with the given id exists, otherwisefalse
- Throws:
RbacManagerException
- if the access to the backend datastore failed
-
roleExists
boolean roleExists(Role role) throws RbacManagerException
Returns true, if the given role exists.- Parameters:
role
- the role to check- Returns:
true
, if the role exists, otherwisefalse
- Throws:
RbacManagerException
- if the access to the backend datastore failed
-
saveRole
Role saveRole(Role role) throws RbacObjectInvalidException, RbacManagerException
Persists the given role to the backend datastore.- Parameters:
role
- the role to save- Returns:
- the persisted role, if the method was successful
- Throws:
RbacObjectInvalidException
- if the given role object was not validRbacManagerException
- if the access to the backend datastore failed
-
saveRoles
void saveRoles(Collection<Role> roles) throws RbacObjectInvalidException, RbacManagerException
Persists all of the given roles to the backend datastore. Implementations should try to save all role instances and throw exceptions afterwards.- Parameters:
roles
- the list of roles to save- Throws:
RbacObjectInvalidException
- if one of the given role objects was not validRbacManagerException
- if the access to the backend datastore failed
-
getRole
Role getRole(String roleName) throws RbacObjectNotFoundException, RbacManagerException
Returns the role identified by the given name- Parameters:
roleName
- the role name- Returns:
- the role instance, if a role by this name was found
- Throws:
RbacObjectNotFoundException
- if not role was found with the given nameRbacManagerException
- if the access to the underlying datastore failed
-
getRoleById
Role getRoleById(String id) throws RbacObjectNotFoundException, RbacManagerException
Returns the role identified by the given ID- Parameters:
id
- the role id- Returns:
- the role object, if the role with the given id exists
- Throws:
RbacObjectNotFoundException
- if no role was found with the given idRbacManagerException
- if the access to the underlying datastore failed
-
getRoles
Map<String,? extends Role> getRoles(Collection<String> roleNames) throws RbacObjectNotFoundException, RbacManagerException
Returns the role instances for the given role names.- Parameters:
roleNames
- the list of role names.- Returns:
- a map of (name,role) pairs
- Throws:
RbacObjectNotFoundException
- if one of the given roles was not foundRbacManagerException
- if the access to the backend datastore failed
-
addChildRole
void addChildRole(Role role, Role childRole) throws RbacObjectInvalidException, RbacManagerException
Adds a child to a role.- Parameters:
role
- the parent rolechildRole
- the child role, that is added to the parent role- Throws:
RbacObjectInvalidException
- if one of the role objects was not validRbacManagerException
- if the access to the backend datastore failed
-
getChildRoleNames
Map<String,? extends Role> getChildRoleNames(Role role) throws RbacManagerException
Returns all the child roles of a given role as (name, role) pairs.- Parameters:
role
- the parent role- Returns:
- the list of child roles
- Throws:
RbacManagerException
- if the access to the backend datastore failed
-
getChildRoleIds
Map<String,? extends Role> getChildRoleIds(Role role) throws RbacManagerException
Returns all the child roles of a given role as (role id, role) pairs.- Parameters:
role
- the parent role- Returns:
- the map of child roles as (role id, role) pairs
- Throws:
RbacManagerException
- if the access to the backend datastore failed
-
getParentRoleNames
Map<String,? extends Role> getParentRoleNames(Role role) throws RbacManagerException
Returns all the parent roles of a given role as map of (name, role) elements.- Parameters:
role
- the role to check for parent roles- Returns:
- the list of parent roles that have
role
als child - Throws:
RbacManagerException
- if the access to the backend datastore failed
-
getParentRoleIds
Map<String,? extends Role> getParentRoleIds(Role role) throws RbacManagerException
Returns all the parent roles of a given role as map of (id, role) elements.- Parameters:
role
- the role to check for parents roles- Returns:
- a map of (role id, role) pairs that have
role
as child - Throws:
RbacManagerException
- if the access to the backend datastore failed
-
getAllRoles
List<? extends Role> getAllRoles() throws RbacManagerException
Returns all roles defined in the datastore.- Returns:
- the list of roles defined in the datastore
- Throws:
RbacManagerException
- if the access to the backend datastore failed
-
getEffectiveRoles
Set<? extends Role> getEffectiveRoles(Role role) throws RbacObjectNotFoundException, RbacManagerException
Returns all effective roles. Which means a list with the current role and all child roles recursively.- Parameters:
role
- the role to use as starting point- Returns:
- the set of roles that are found as children of the given role
- Throws:
RbacObjectNotFoundException
- if the given role was not foundRbacManagerException
- if the access to the backend datastore failed
-
removeRole
void removeRole(Role role) throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException
Removes the given role from the datastore.- Parameters:
role
- the role to remove- Throws:
RbacManagerException
- if the access to the backend datastore failedRbacObjectNotFoundException
- if the given role was not foundRbacObjectInvalidException
- if the given role has invalid data
-
removeRole
void removeRole(String roleName) throws RbacObjectNotFoundException, RbacManagerException
Removes the role with the given name from the datastore.- Parameters:
roleName
- the role name- Throws:
RbacObjectNotFoundException
- if the role with the given name was not foundRbacManagerException
- if the access to the backend datastore failed
-
removeRoleById
void removeRoleById(String id) throws RbacObjectNotFoundException, RbacManagerException
Removes the role with the given id from the datastore.- Parameters:
id
- the role id- Throws:
RbacObjectNotFoundException
- if no role with the given id was foundRbacManagerException
- if the access to the backend datastore failed
-
createPermission
Permission createPermission(String name) throws RbacManagerException
Creates an implementation specificPermission
, or return an existingPermission
, depending on the providedname
parameter. Note: Be sure to usesavePermission(Permission)
in order to persist any changes to the Role.- Parameters:
name
- the name.- Returns:
- the new Permission.
- Throws:
RbacManagerException
- if the access to the backend datastore failed
-
createPermission
Permission createPermission(String name, String operationName, String resourceIdentifier) throws RbacManagerException
Creates an implementation specificPermission
with specifiedOperation
, andResource
identifiers. Note: Be sure to usesavePermission(Permission)
in order to persist any changes to the Role.- Parameters:
name
- the name.operationName
- theOperation.setName(String)
valueresourceIdentifier
- theResource.setIdentifier(String)
value- Returns:
- the new Permission.
- Throws:
RbacManagerException
- if the access to the backend datastore failed
-
permissionExists
boolean permissionExists(String name)
Tests for the existence of a permission.- Parameters:
name
- the name to test for.- Returns:
- true if permission exists.
-
permissionExists
boolean permissionExists(Permission permission)
-
savePermission
Permission savePermission(Permission permission) throws RbacObjectInvalidException, RbacManagerException
-
getPermission
Permission getPermission(String permissionName) throws RbacObjectNotFoundException, RbacManagerException
-
getAllPermissions
List<? extends Permission> getAllPermissions() throws RbacManagerException
- Throws:
RbacManagerException
-
removePermission
void removePermission(Permission permission) throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException
-
removePermission
void removePermission(String permissionName) throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException
-
createOperation
Operation createOperation(String name) throws RbacManagerException
Creates an implementation specificOperation
, or return an existingOperation
, depending on the providedname
parameter. Note: Be sure to usesaveOperation(Operation)
in order to persist any changes to the Role.- Parameters:
name
- the name.- Returns:
- the new Operation.
- Throws:
RbacManagerException
- if the access to the backend datastore failed
-
operationExists
boolean operationExists(String name)
-
operationExists
boolean operationExists(Operation operation)
-
saveOperation
Operation saveOperation(Operation operation) throws RbacObjectInvalidException, RbacManagerException
Save the new or existing operation to the store.- Parameters:
operation
- the operation to save (new or existing)- Returns:
- the Operation that was saved.
- Throws:
RbacObjectInvalidException
- if the object is not valid and cannot be savedRbacManagerException
- if the access to the backend datastore failed
-
getOperation
Operation getOperation(String operationName) throws RbacObjectNotFoundException, RbacManagerException
-
getAllOperations
List<? extends Operation> getAllOperations() throws RbacManagerException
- Throws:
RbacManagerException
-
removeOperation
void removeOperation(Operation operation) throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException
-
removeOperation
void removeOperation(String operationName) throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException
-
createResource
Resource createResource(String identifier) throws RbacManagerException
Creates an implementation specificResource
, or return an existingResource
, depending on the providedidentifier
parameter. Note: Be sure to usesaveResource(Resource)
in order to persist any changes to the Role.- Parameters:
identifier
- the identifier.- Returns:
- the new Resource.
- Throws:
RbacManagerException
- if the access to the backend datastore failed
-
resourceExists
boolean resourceExists(String identifier)
-
resourceExists
boolean resourceExists(Resource resource)
-
saveResource
Resource saveResource(Resource resource) throws RbacObjectInvalidException, RbacManagerException
-
getResource
Resource getResource(String resourceIdentifier) throws RbacObjectNotFoundException, RbacManagerException
-
getAllResources
List<? extends Resource> getAllResources() throws RbacManagerException
- Throws:
RbacManagerException
-
removeResource
void removeResource(Resource resource) throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException
-
removeResource
void removeResource(String resourceIdentifier) throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException
-
createUserAssignment
UserAssignment createUserAssignment(String principal) throws RbacManagerException
Creates an implementation specificUserAssignment
, or return an existingUserAssignment
, depending on the providedidentifier
parameter. Note: Be sure to usesaveUserAssignment(UserAssignment)
in order to persist any changes to the Role.- Parameters:
principal
- the principal reference to the user.- Returns:
- the new UserAssignment object.
- Throws:
RbacManagerException
- if the access to the backend datastore failed
-
userAssignmentExists
boolean userAssignmentExists(String principal)
-
userAssignmentExists
boolean userAssignmentExists(UserAssignment assignment)
-
saveUserAssignment
UserAssignment saveUserAssignment(UserAssignment userAssignment) throws RbacObjectInvalidException, RbacManagerException
Method saveUserAssignment- Parameters:
userAssignment
- the user assignment instance to save- Throws:
RbacObjectInvalidException
- if the instance has invalid data and cannot be savedRbacManagerException
- if the access to the backend datastore failed
-
getUserAssignment
UserAssignment getUserAssignment(String principal) throws RbacObjectNotFoundException, RbacManagerException
-
getAllUserAssignments
List<? extends UserAssignment> getAllUserAssignments() throws RbacManagerException
Returns all user assignments defined- Returns:
- list of assignments
- Throws:
RbacManagerException
- if the access to the backend datastore failed
-
getUserAssignmentsForRoles
List<? extends UserAssignment> getUserAssignmentsForRoles(Collection<String> roleIds) throws RbacManagerException
Returns the assignments for the given roles- Parameters:
roleIds
- collection of role names- Throws:
RbacManagerException
- if the access to the backend datastore failed
-
removeUserAssignment
void removeUserAssignment(UserAssignment userAssignment) throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException
Method removeAssignment- Parameters:
userAssignment
- the assignment to remove- Throws:
RbacObjectNotFoundException
- if the assignment was not foundRbacObjectInvalidException
- if the provided assignment instance has invalid dataRbacManagerException
- if the access to the backend datastore failed
-
removeUserAssignment
void removeUserAssignment(String principal) throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException
Method removeAssignment- Parameters:
principal
- the principal for which the assignment should be removed- Throws:
RbacObjectNotFoundException
- if the user with the given principal name was not foundRbacObjectInvalidException
- if the principal string was invalidRbacManagerException
- if the access to the backend datastore failed
-
getAssignedRoles
Collection<? extends Role> getAssignedRoles(String principal) throws RbacObjectNotFoundException, RbacManagerException
Returns the active roles for a given principal NOTE: roles that are returned might have parent roles themselves, if you just want all permissions then usegetAssignedPermissions(String principal)
- Parameters:
principal
- the user principal to search for assignments- Returns:
- Collection of
Role
objects. - Throws:
RbacObjectNotFoundException
- if the user with the given principal name was not foundRbacManagerException
- if the access to the backend datastore failed
-
getAssignedRoles
Collection<? extends Role> getAssignedRoles(UserAssignment userAssignment) throws RbacObjectNotFoundException, RbacManagerException
Get the Collection ofRole
objects for this UserAssignment.- Parameters:
userAssignment
- the user assignment instance- Returns:
- Collection of
Role
objects for the provided UserAssignment. - Throws:
RbacObjectNotFoundException
- if the assignment could not be foundRbacManagerException
- if the access to the backend datastore failed
-
getEffectivelyUnassignedRoles
Collection<? extends Role> getEffectivelyUnassignedRoles(String principal) throws RbacManagerException, RbacObjectNotFoundException
Get a list of all assignable roles that are currently not effectively assigned to the specific user, meaning, not a child of any already granted role- Parameters:
principal
- the user principal- Returns:
- the list of roles, that are currently not assigned to the user, or a empty list, if no such role was found.
- Throws:
RbacManagerException
- if the access to the backend datastore failedRbacObjectNotFoundException
- if the user with the given principal was not found
-
getEffectivelyAssignedRoles
Collection<? extends Role> getEffectivelyAssignedRoles(String principal) throws RbacObjectNotFoundException, RbacManagerException
Get a list of the effectively assigned roles to the specified user, this includes child roles- Parameters:
principal
- the user principal- Returns:
- the list of roles effectively assigned to the given user
- Throws:
RbacObjectNotFoundException
- if the user with the given principal was not foundRbacManagerException
- if the access to the backend datastore failed
-
getUnassignedRoles
Collection<? extends Role> getUnassignedRoles(String principal) throws RbacManagerException, RbacObjectNotFoundException
Get a list of all assignable roles that are currently not assigned to the specific user.- Parameters:
principal
- the user principal name- Returns:
- the list of roles not assigned to the given user
- Throws:
RbacManagerException
- if the access to the backend datastore failedRbacObjectNotFoundException
- if the user with the given principal was not found
-
getAssignedPermissions
Set<? extends Permission> getAssignedPermissions(String principal) throws RbacObjectNotFoundException, RbacManagerException
Returns a set of all permissions that are in all active roles for a given principal. This includes permissions from all assigned parent roles.- Parameters:
principal
- the user principal name- Returns:
- the list of all permissions assigned to the user
- Throws:
RbacObjectNotFoundException
- if the user with the given principal name was not foundRbacManagerException
- if the access to the backend datastore failed
-
getAssignedPermissionMap
Map<String,List<? extends Permission>> getAssignedPermissionMap(String principal) throws RbacObjectNotFoundException, RbacManagerException
returns a map of assigned permissions keyed off of operation with a list value of Permissions- Parameters:
principal
- the user principal name- Returns:
- the map of (operation,permission list) pairs
- Throws:
RbacObjectNotFoundException
- if the user with the given principal was not foundRbacManagerException
- if the access to the backend datastore failed
-
getAllAssignableRoles
List<? extends Role> getAllAssignableRoles() throws RbacManagerException
Returns a list of all assignable roles- Returns:
- list of assignable roles
- Throws:
RbacManagerException
- if the access to the backend datastore failed
-
getGlobalResource
Resource getGlobalResource() throws RbacManagerException
Returns the global resource object- Returns:
- the global resource object
- Throws:
RbacManagerException
- if the access to the backend datastore failed
-
eraseDatabase
void eraseDatabase()
-
initialize
void initialize()
consumer of user manager can use it to reload various configuration with the configurable implementation is possible to change dynamically the real implementation used.- Since:
- 2.1
-
isFinalImplementation
boolean isFinalImplementation()
- Returns:
- true if this implementation is a final one and not a wrapper (configurable, cached)
- Since:
- 2.1
-
getDescriptionKey
String getDescriptionKey()
- Returns:
- a key to be able to customize label in UI
- Since:
- 2.1
-
isReadOnly
boolean isReadOnly()
Is the RBACManager read only? if so then create and modify actions are to be disabled- Returns:
- boolean true if user manager is read only
-
-