Package org.apache.archiva.redback.rbac

Interface RBACManager

All Known Implementing Classes:

AbstractRBACManager, CachedRbacManager, JpaRbacManager, LdapRbacManager, MemoryRbacManager

public interface RBACManager

Manages the roles, permissions and operations of the RBAC system.

Author:

Jesse McConnell, Joakim Erdfelt, Martin Stockhammer

Method Summary

Modifier and Type	Method	Description
void	addChildRole(Role role, Role childRole)	Adds a child to a role.
void	addListener(RBACManagerListener listener)
Operation	createOperation(String name)	Creates an implementation specific Operation, or return an existing Operation, depending on the provided name parameter.
Permission	createPermission(String name)	Creates an implementation specific Permission, or return an existing Permission, depending on the provided name parameter.
Permission	createPermission(String name, String operationName, String resourceIdentifier)	Creates an implementation specific Permission with specified Operation, and Resource identifiers.
Resource	createResource(String identifier)	Creates an implementation specific Resource, or return an existing Resource, depending on the provided identifier parameter.
Role	createRole(String name)	Creates an implementation specific Role, or return an existing Role, depending on the provided name parameter.
Role	createRole(String id, String name)	Creates a new role with the given id and role name.
UserAssignment	createUserAssignment(String principal)	Creates an implementation specific UserAssignment, or return an existing UserAssignment, depending on the provided identifier parameter.
void	eraseDatabase()
List<? extends Role>	getAllAssignableRoles()	Returns a list of all assignable roles
List<? extends Operation>	getAllOperations()
List<? extends Permission>	getAllPermissions()
List<? extends Resource>	getAllResources()
List<? extends Role>	getAllRoles()	Returns all roles defined in the datastore.
List<? extends UserAssignment>	getAllUserAssignments()	Returns all user assignments defined
Map<String,List<? extends Permission>>	getAssignedPermissionMap(String principal)	returns a map of assigned permissions keyed off of operation with a list value of Permissions
Set<? extends Permission>	getAssignedPermissions(String principal)	Returns a set of all permissions that are in all active roles for a given principal.
Collection<? extends Role>	getAssignedRoles(String principal)	Returns the active roles for a given principal NOTE: roles that are returned might have parent roles themselves, if you just want all permissions then use getAssignedPermissions(String principal)
Collection<? extends Role>	getAssignedRoles(UserAssignment userAssignment)	Get the Collection of Role objects for this UserAssignment.
Map<String,? extends Role>	getChildRoleIds(Role role)	Returns all the child roles of a given role as (role id, role) pairs.
Map<String,? extends Role>	getChildRoleNames(Role role)	Returns all the child roles of a given role as (name, role) pairs.
String	getDescriptionKey()
Collection<? extends Role>	getEffectivelyAssignedRoles(String principal)	Get a list of the effectively assigned roles to the specified user, this includes child roles
Collection<? extends Role>	getEffectivelyUnassignedRoles(String principal)	Get a list of all assignable roles that are currently not effectively assigned to the specific user, meaning, not a child of any already granted role
Set<? extends Role>	getEffectiveRoles(Role role)	Returns all effective roles.
Resource	getGlobalResource()	Returns the global resource object
Operation	getOperation(String operationName)
Map<String,? extends Role>	getParentRoleIds(Role role)	Returns all the parent roles of a given role as map of (id, role) elements.
Map<String,? extends Role>	getParentRoleNames(Role role)	Returns all the parent roles of a given role as map of (name, role) elements.
Permission	getPermission(String permissionName)
Resource	getResource(String resourceIdentifier)
Role	getRole(String roleName)	Returns the role identified by the given name
Role	getRoleById(String id)	Returns the role identified by the given ID
Map<String,? extends Role>	getRoles(Collection<String> roleNames)	Returns the role instances for the given role names.
Collection<? extends Role>	getUnassignedRoles(String principal)	Get a list of all assignable roles that are currently not assigned to the specific user.
UserAssignment	getUserAssignment(String principal)
List<? extends UserAssignment>	getUserAssignmentsForRoles(Collection<String> roleIds)	Returns the assignments for the given roles
void	initialize()	consumer of user manager can use it to reload various configuration with the configurable implementation is possible to change dynamically the real implementation used.
boolean	isFinalImplementation()
boolean	isReadOnly()	Is the RBACManager read only? if so then create and modify actions are to be disabled
boolean	operationExists(String name)
boolean	operationExists(Operation operation)
boolean	permissionExists(String name)	Tests for the existence of a permission.
boolean	permissionExists(Permission permission)
void	removeListener(RBACManagerListener listener)
void	removeOperation(String operationName)
void	removeOperation(Operation operation)
void	removePermission(String permissionName)
void	removePermission(Permission permission)
void	removeResource(String resourceIdentifier)
void	removeResource(Resource resource)
void	removeRole(String roleName)	Removes the role with the given name from the datastore.
void	removeRole(Role role)	Removes the given role from the datastore.
void	removeRoleById(String id)	Removes the role with the given id from the datastore.
void	removeUserAssignment(String principal)	Method removeAssignment
void	removeUserAssignment(UserAssignment userAssignment)	Method removeAssignment
boolean	resourceExists(String identifier)
boolean	resourceExists(Resource resource)
boolean	roleExists(String name)	Tests for the existence of a Role.
boolean	roleExists(Role role)	Returns true, if the given role exists.
boolean	roleExistsById(String id)	Returns true, if a role with the given id exists.
Operation	saveOperation(Operation operation)	Save the new or existing operation to the store.
Permission	savePermission(Permission permission)
Resource	saveResource(Resource resource)
Role	saveRole(Role role)	Persists the given role to the backend datastore.
void	saveRoles(Collection<Role> roles)	Persists all of the given roles to the backend datastore.
UserAssignment	saveUserAssignment(UserAssignment userAssignment)	Method saveUserAssignment
boolean	userAssignmentExists(String principal)
boolean	userAssignmentExists(UserAssignment assignment)

Method Detail

addListener

void addListener(RBACManagerListener listener)

removeListener

void removeListener(RBACManagerListener listener)

createRole

Role createRole(String name)

Creates an implementation specific Role, or return an existing Role, depending on the provided name parameter. Note: Be sure to use saveRole(Role) in order to persist any changes to the Role.

Parameters:

name - the name.

Returns:

the new Role object.

createRole

Role createRole(String id,
                String name)

Creates a new role with the given id and role name.

Parameters:

id - the role identifier, which must be unique

name - the role name, which must be unique

Returns:

the new role instance

roleExists

boolean roleExists(String name)
            throws RbacManagerException

Tests for the existence of a Role.

Returns:

true if role exists in store.

Throws:

RbacManagerException - if the access to the backend datastore failed

roleExistsById

boolean roleExistsById(String id)
                throws RbacManagerException

Returns true, if a role with the given id exists.

Parameters:

id - the role id

Returns:

true, if the role with the given id exists, otherwise false

Throws:

RbacManagerException - if the access to the backend datastore failed

roleExists

boolean roleExists(Role role)
            throws RbacManagerException

Returns true, if the given role exists.

Parameters:

role - the role to check

Returns:

true, if the role exists, otherwise false

Throws:

RbacManagerException - if the access to the backend datastore failed

saveRole

Role saveRole(Role role)
       throws RbacObjectInvalidException,
              RbacManagerException

Persists the given role to the backend datastore.

Parameters:

role - the role to save

Returns:

the persisted role, if the method was successful

Throws:

RbacObjectInvalidException - if the given role object was not valid

RbacManagerException - if the access to the backend datastore failed

saveRoles

void saveRoles(Collection<Role> roles)
        throws RbacObjectInvalidException,
               RbacManagerException

Persists all of the given roles to the backend datastore. Implementations should try to save all role instances and throw exceptions afterwards.

Parameters:

roles - the list of roles to save

Throws:

RbacObjectInvalidException - if one of the given role objects was not valid

RbacManagerException - if the access to the backend datastore failed

getRole

Role getRole(String roleName)
      throws RbacObjectNotFoundException,
             RbacManagerException

Returns the role identified by the given name

Parameters:

roleName - the role name

Returns:

the role instance, if a role by this name was found

Throws:

RbacObjectNotFoundException - if not role was found with the given name

RbacManagerException - if the access to the underlying datastore failed

getRoleById

Role getRoleById(String id)
          throws RbacObjectNotFoundException,
                 RbacManagerException

Returns the role identified by the given ID

Parameters:

id - the role id

Returns:

the role object, if the role with the given id exists

Throws:

RbacObjectNotFoundException - if no role was found with the given id

RbacManagerException - if the access to the underlying datastore failed

getRoles

Map<String,? extends Role> getRoles(Collection<String> roleNames)
                                   throws RbacObjectNotFoundException,
                                          RbacManagerException

Returns the role instances for the given role names.

Parameters:

roleNames - the list of role names.

Returns:

a map of (name,role) pairs

Throws:

RbacObjectNotFoundException - if one of the given roles was not found

RbacManagerException - if the access to the backend datastore failed

addChildRole

void addChildRole(Role role,
                  Role childRole)
           throws RbacObjectInvalidException,
                  RbacManagerException

Adds a child to a role.

Parameters:

role - the parent role

childRole - the child role, that is added to the parent role

Throws:

RbacObjectInvalidException - if one of the role objects was not valid

RbacManagerException - if the access to the backend datastore failed

getChildRoleNames

Map<String,? extends Role> getChildRoleNames(Role role)
                                            throws RbacManagerException

Returns all the child roles of a given role as (name, role) pairs.

Parameters:

role - the parent role

Returns:

the list of child roles

Throws:

RbacManagerException - if the access to the backend datastore failed

getChildRoleIds

Map<String,? extends Role> getChildRoleIds(Role role)
                                          throws RbacManagerException

Returns all the child roles of a given role as (role id, role) pairs.

Parameters:

role - the parent role

Returns:

the map of child roles as (role id, role) pairs

Throws:

RbacManagerException - if the access to the backend datastore failed

getParentRoleNames

Map<String,? extends Role> getParentRoleNames(Role role)
                                             throws RbacManagerException

Returns all the parent roles of a given role as map of (name, role) elements.

Parameters:

role - the role to check for parent roles

Returns:

the list of parent roles that have role als child

Throws:

RbacManagerException - if the access to the backend datastore failed

getParentRoleIds

Map<String,? extends Role> getParentRoleIds(Role role)
                                           throws RbacManagerException

Returns all the parent roles of a given role as map of (id, role) elements.

Parameters:

role - the role to check for parents roles

Returns:

a map of (role id, role) pairs that have role as child

Throws:

RbacManagerException - if the access to the backend datastore failed

getAllRoles

List<? extends Role> getAllRoles()
                          throws RbacManagerException

Returns all roles defined in the datastore.

Returns:

the list of roles defined in the datastore

Throws:

RbacManagerException - if the access to the backend datastore failed

getEffectiveRoles

Set<? extends Role> getEffectiveRoles(Role role)
                               throws RbacObjectNotFoundException,
                                      RbacManagerException

Returns all effective roles. Which means a list with the current role and all child roles recursively.

Parameters:

role - the role to use as starting point

Returns:

the set of roles that are found as children of the given role

Throws:

RbacObjectNotFoundException - if the given role was not found

RbacManagerException - if the access to the backend datastore failed

removeRole

void removeRole(Role role)
         throws RbacObjectNotFoundException,
                RbacObjectInvalidException,
                RbacManagerException

Removes the given role from the datastore.

Parameters:

role - the role to remove

Throws:

RbacManagerException - if the access to the backend datastore failed

RbacObjectNotFoundException - if the given role was not found

RbacObjectInvalidException - if the given role has invalid data

removeRole

void removeRole(String roleName)
         throws RbacObjectNotFoundException,
                RbacManagerException

Removes the role with the given name from the datastore.

Parameters:

roleName - the role name

Throws:

RbacObjectNotFoundException - if the role with the given name was not found

RbacManagerException - if the access to the backend datastore failed

removeRoleById

void removeRoleById(String id)
             throws RbacObjectNotFoundException,
                    RbacManagerException

Removes the role with the given id from the datastore.

Parameters:

id - the role id

Throws:

RbacObjectNotFoundException - if no role with the given id was found

RbacManagerException - if the access to the backend datastore failed

createPermission

Permission createPermission(String name)
                     throws RbacManagerException

Creates an implementation specific Permission, or return an existing Permission, depending on the provided name parameter. Note: Be sure to use savePermission(Permission) in order to persist any changes to the Role.

Parameters:

name - the name.

Returns:

the new Permission.

Throws:

RbacManagerException - if the access to the backend datastore failed

createPermission

Permission createPermission(String name,
                            String operationName,
                            String resourceIdentifier)
                     throws RbacManagerException

Creates an implementation specific Permission with specified Operation, and Resource identifiers. Note: Be sure to use savePermission(Permission) in order to persist any changes to the Role.

Parameters:

name - the name.

operationName - the Operation.setName(String) value

resourceIdentifier - the Resource.setIdentifier(String) value

Returns:

the new Permission.

Throws:

RbacManagerException - if the access to the backend datastore failed

permissionExists

boolean permissionExists(String name)

Tests for the existence of a permission.

Parameters:

name - the name to test for.

Returns:

true if permission exists.

permissionExists

boolean permissionExists(Permission permission)

savePermission

Permission savePermission(Permission permission)
                   throws RbacObjectInvalidException,
                          RbacManagerException

Throws:

RbacObjectInvalidException

RbacManagerException

getPermission

Permission getPermission(String permissionName)
                  throws RbacObjectNotFoundException,
                         RbacManagerException

Throws:

RbacObjectNotFoundException

RbacManagerException

getAllPermissions

List<? extends Permission> getAllPermissions()
                                      throws RbacManagerException

Throws:

RbacManagerException

removePermission

void removePermission(Permission permission)
               throws RbacObjectNotFoundException,
                      RbacObjectInvalidException,
                      RbacManagerException

Throws:

RbacObjectNotFoundException

RbacObjectInvalidException

RbacManagerException

removePermission

void removePermission(String permissionName)
               throws RbacObjectNotFoundException,
                      RbacObjectInvalidException,
                      RbacManagerException

Throws:

RbacObjectNotFoundException

RbacObjectInvalidException

RbacManagerException

createOperation

Operation createOperation(String name)
                   throws RbacManagerException

Creates an implementation specific Operation, or return an existing Operation, depending on the provided name parameter. Note: Be sure to use saveOperation(Operation) in order to persist any changes to the Role.

Parameters:

name - the name.

Returns:

the new Operation.

Throws:

RbacManagerException - if the access to the backend datastore failed

operationExists

boolean operationExists(String name)

operationExists

boolean operationExists(Operation operation)

saveOperation

Operation saveOperation(Operation operation)
                 throws RbacObjectInvalidException,
                        RbacManagerException

Save the new or existing operation to the store.

Parameters:

operation - the operation to save (new or existing)

Returns:

the Operation that was saved.

Throws:

RbacObjectInvalidException - if the object is not valid and cannot be saved

RbacManagerException - if the access to the backend datastore failed

getOperation

Operation getOperation(String operationName)
                throws RbacObjectNotFoundException,
                       RbacManagerException

Throws:

RbacObjectNotFoundException

RbacManagerException

getAllOperations

List<? extends Operation> getAllOperations()
                                    throws RbacManagerException

Throws:

RbacManagerException

removeOperation

void removeOperation(Operation operation)
              throws RbacObjectNotFoundException,
                     RbacObjectInvalidException,
                     RbacManagerException

Throws:

RbacObjectNotFoundException

RbacObjectInvalidException

RbacManagerException

removeOperation

void removeOperation(String operationName)
              throws RbacObjectNotFoundException,
                     RbacObjectInvalidException,
                     RbacManagerException

Throws:

RbacObjectNotFoundException

RbacObjectInvalidException

RbacManagerException

createResource

Resource createResource(String identifier)
                 throws RbacManagerException

Creates an implementation specific Resource, or return an existing Resource, depending on the provided identifier parameter. Note: Be sure to use saveResource(Resource) in order to persist any changes to the Role.

Parameters:

identifier - the identifier.

Returns:

the new Resource.

Throws:

RbacManagerException - if the access to the backend datastore failed

resourceExists

boolean resourceExists(String identifier)

resourceExists

boolean resourceExists(Resource resource)

saveResource

Resource saveResource(Resource resource)
               throws RbacObjectInvalidException,
                      RbacManagerException

Throws:

RbacObjectInvalidException

RbacManagerException

getResource

Resource getResource(String resourceIdentifier)
              throws RbacObjectNotFoundException,
                     RbacManagerException

Throws:

RbacObjectNotFoundException

RbacManagerException

getAllResources

List<? extends Resource> getAllResources()
                                  throws RbacManagerException

Throws:

RbacManagerException

removeResource

void removeResource(Resource resource)
             throws RbacObjectNotFoundException,
                    RbacObjectInvalidException,
                    RbacManagerException

Throws:

RbacObjectNotFoundException

RbacObjectInvalidException

RbacManagerException

removeResource

void removeResource(String resourceIdentifier)
             throws RbacObjectNotFoundException,
                    RbacObjectInvalidException,
                    RbacManagerException

Throws:

RbacObjectNotFoundException

RbacObjectInvalidException

RbacManagerException

createUserAssignment

UserAssignment createUserAssignment(String principal)
                             throws RbacManagerException

Creates an implementation specific UserAssignment, or return an existing UserAssignment, depending on the provided identifier parameter. Note: Be sure to use saveUserAssignment(UserAssignment) in order to persist any changes to the Role.

Parameters:

principal - the principal reference to the user.

Returns:

the new UserAssignment object.

Throws:

RbacManagerException - if the access to the backend datastore failed

userAssignmentExists

boolean userAssignmentExists(String principal)

userAssignmentExists

boolean userAssignmentExists(UserAssignment assignment)

saveUserAssignment

UserAssignment saveUserAssignment(UserAssignment userAssignment)
                           throws RbacObjectInvalidException,
                                  RbacManagerException

Method saveUserAssignment

Parameters:

userAssignment - the user assignment instance to save

Throws:

RbacObjectInvalidException - if the instance has invalid data and cannot be saved

RbacManagerException - if the access to the backend datastore failed

getUserAssignment

UserAssignment getUserAssignment(String principal)
                          throws RbacObjectNotFoundException,
                                 RbacManagerException

Throws:

RbacObjectNotFoundException

RbacManagerException

getAllUserAssignments

List<? extends UserAssignment> getAllUserAssignments()
                                              throws RbacManagerException

Returns all user assignments defined

Returns:

list of assignments

Throws:

RbacManagerException - if the access to the backend datastore failed

getUserAssignmentsForRoles

List<? extends UserAssignment> getUserAssignmentsForRoles(Collection<String> roleIds)
                                                   throws RbacManagerException

Returns the assignments for the given roles

Parameters:

roleIds - collection of role names

Throws:

RbacManagerException - if the access to the backend datastore failed

removeUserAssignment

void removeUserAssignment(UserAssignment userAssignment)
                   throws RbacObjectNotFoundException,
                          RbacObjectInvalidException,
                          RbacManagerException

Method removeAssignment

Parameters:

userAssignment - the assignment to remove

Throws:

RbacObjectNotFoundException - if the assignment was not found

RbacObjectInvalidException - if the provided assignment instance has invalid data

RbacManagerException - if the access to the backend datastore failed

removeUserAssignment

void removeUserAssignment(String principal)
                   throws RbacObjectNotFoundException,
                          RbacObjectInvalidException,
                          RbacManagerException

Method removeAssignment

Parameters:

principal - the principal for which the assignment should be removed

Throws:

RbacObjectNotFoundException - if the user with the given principal name was not found

RbacObjectInvalidException - if the principal string was invalid

RbacManagerException - if the access to the backend datastore failed

getAssignedRoles

Collection<? extends Role> getAssignedRoles(String principal)
                                     throws RbacObjectNotFoundException,
                                            RbacManagerException

Returns the active roles for a given principal NOTE: roles that are returned might have parent roles themselves, if you just want all permissions then use getAssignedPermissions(String principal)

Parameters:

principal - the user principal to search for assignments

Returns:

Collection of Role objects.

Throws:

RbacObjectNotFoundException - if the user with the given principal name was not found

RbacManagerException - if the access to the backend datastore failed

getAssignedRoles

Collection<? extends Role> getAssignedRoles(UserAssignment userAssignment)
                                     throws RbacObjectNotFoundException,
                                            RbacManagerException

Get the Collection of Role objects for this UserAssignment.

Parameters:

userAssignment - the user assignment instance

Returns:

Collection of Role objects for the provided UserAssignment.

Throws:

RbacObjectNotFoundException - if the assignment could not be found

RbacManagerException - if the access to the backend datastore failed

getEffectivelyUnassignedRoles

Collection<? extends Role> getEffectivelyUnassignedRoles(String principal)
                                                  throws RbacManagerException,
                                                         RbacObjectNotFoundException

Get a list of all assignable roles that are currently not effectively assigned to the specific user, meaning, not a child of any already granted role

Parameters:

principal - the user principal

Returns:

the list of roles, that are currently not assigned to the user, or a empty list, if no such role was found.

Throws:

RbacManagerException - if the access to the backend datastore failed

RbacObjectNotFoundException - if the user with the given principal was not found

getEffectivelyAssignedRoles

Collection<? extends Role> getEffectivelyAssignedRoles(String principal)
                                                throws RbacObjectNotFoundException,
                                                       RbacManagerException

Get a list of the effectively assigned roles to the specified user, this includes child roles

Parameters:

principal - the user principal

Returns:

the list of roles effectively assigned to the given user

Throws:

RbacObjectNotFoundException - if the user with the given principal was not found

RbacManagerException - if the access to the backend datastore failed

getUnassignedRoles

Collection<? extends Role> getUnassignedRoles(String principal)
                                       throws RbacManagerException,
                                              RbacObjectNotFoundException

Get a list of all assignable roles that are currently not assigned to the specific user.

Parameters:

principal - the user principal name

Returns:

the list of roles not assigned to the given user

Throws:

RbacManagerException - if the access to the backend datastore failed

RbacObjectNotFoundException - if the user with the given principal was not found

getAssignedPermissions

Set<? extends Permission> getAssignedPermissions(String principal)
                                          throws RbacObjectNotFoundException,
                                                 RbacManagerException

Returns a set of all permissions that are in all active roles for a given principal. This includes permissions from all assigned parent roles.

Parameters:

principal - the user principal name

Returns:

the list of all permissions assigned to the user

Throws:

RbacObjectNotFoundException - if the user with the given principal name was not found

RbacManagerException - if the access to the backend datastore failed

getAssignedPermissionMap

Map<String,List<? extends Permission>> getAssignedPermissionMap(String principal)
                                                               throws RbacObjectNotFoundException,
                                                                      RbacManagerException

returns a map of assigned permissions keyed off of operation with a list value of Permissions

Parameters:

principal - the user principal name

Returns:

the map of (operation,permission list) pairs

Throws:

RbacObjectNotFoundException - if the user with the given principal was not found

RbacManagerException - if the access to the backend datastore failed

getAllAssignableRoles

List<? extends Role> getAllAssignableRoles()
                                    throws RbacManagerException

Returns a list of all assignable roles

Returns:

list of assignable roles

Throws:

RbacManagerException - if the access to the backend datastore failed

getGlobalResource

Resource getGlobalResource()
                    throws RbacManagerException

Returns the global resource object

Returns:

the global resource object

Throws:

RbacManagerException - if the access to the backend datastore failed

eraseDatabase

void eraseDatabase()

initialize

void initialize()

consumer of user manager can use it to reload various configuration with the configurable implementation is possible to change dynamically the real implementation used.

Since:

2.1

isFinalImplementation

boolean isFinalImplementation()

Returns:

true if this implementation is a final one and not a wrapper (configurable, cached)

Since:

2.1

getDescriptionKey

String getDescriptionKey()

Returns:

a key to be able to customize label in UI

Since:

2.1

isReadOnly

boolean isReadOnly()

Is the RBACManager read only? if so then create and modify actions are to be disabled

Returns:

boolean true if user manager is read only