Package org.apache.archiva.redback.system

Class DefaultSecuritySystem

java.lang.Object

org.apache.archiva.redback.system.DefaultSecuritySystem

All Implemented Interfaces:

SecuritySystem

@Service("securitySystem")
public class DefaultSecuritySystem
extends Object
implements SecuritySystem

DefaultSecuritySystem:

Constructor Summary

Constructors

Constructor	Description
DefaultSecuritySystem()

Method Summary

Modifier and Type	Method	Description
SecuritySession	authenticate(AuthenticationDataSource source)	delegate to the authentication system for boolean authentication checks, if the result is authentic then pull the user object from the user manager and add it to the session.
AuthorizationResult	authorize(SecuritySession session, String permission)
AuthorizationResult	authorize(SecuritySession session, String permission, String resource)	return AuthorizationResult without changing authorization
AuthorizationResult	authorize(User user, String permission, String resource)
AuthenticationManager	getAuthenticationManager()
String	getAuthenticatorId()
AuthenticationManager	getAuthnManager()
Authorizer	getAuthorizer()
String	getAuthorizerId()
String	getKeyManagementId()
KeyManager	getKeyManager()
UserSecurityPolicy	getPolicy()
String	getPolicyId()
TokenManager	getTokenManager()	Returns the token manager implementation.
String	getUserManagementId()
UserManager	getUserManager()
boolean	isAuthenticated(AuthenticationDataSource source)
boolean	isAuthorized(SecuritySession session, String permission)
boolean	isAuthorized(SecuritySession session, String permission, String resource)
void	setAuthnManager(AuthenticationManager authnManager)
void	setAuthorizer(Authorizer authorizer)
void	setKeyManager(KeyManager keyManager)
void	setPolicy(UserSecurityPolicy policy)
void	setTokenManager(TokenManager tokenManager)
void	setUserManager(UserManager userManager)
boolean	userManagerReadOnly()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

DefaultSecuritySystem

public DefaultSecuritySystem()

Method Detail

authenticate

public SecuritySession authenticate(AuthenticationDataSource source)
                             throws AuthenticationException,
                                    UserNotFoundException,
                                    AccountLockedException,
                                    MustChangePasswordException,
                                    UserManagerException

delegate to the authentication system for boolean authentication checks, if the result is authentic then pull the user object from the user manager and add it to the session. If the result is false return the result in an authenticated session and a null user object. in the event of a successful authentication and a lack of corresponding user in the usermanager return a null user as well //todo should this last case create a user in the usermanager?

Specified by:

authenticate in interface SecuritySystem

Parameters:

source -

Returns:

Throws:

AuthenticationException

UserNotFoundException

MustChangePasswordException

AccountLockedException

MustChangePasswordException

UserManagerException

isAuthenticated

public boolean isAuthenticated(AuthenticationDataSource source)
                        throws AuthenticationException,
                               UserNotFoundException,
                               AccountLockedException,
                               MustChangePasswordException,
                               UserManagerException

Specified by:

isAuthenticated in interface SecuritySystem

Throws:

AuthenticationException

UserNotFoundException

AccountLockedException

MustChangePasswordException

UserManagerException

getAuthenticatorId

public String getAuthenticatorId()

authorize

public AuthorizationResult authorize(SecuritySession session,
                                     String permission)
                              throws AuthorizationException

Specified by:

authorize in interface SecuritySystem

Throws:

AuthorizationException

authorize

public AuthorizationResult authorize(SecuritySession session,
                                     String permission,
                                     String resource)
                              throws AuthorizationException

Description copied from interface: SecuritySystem

return AuthorizationResult without changing authorization

Specified by:

authorize in interface SecuritySystem

Returns:

Throws:

AuthorizationException

authorize

public AuthorizationResult authorize(User user,
                                     String permission,
                                     String resource)
                              throws AuthorizationException

Specified by:

authorize in interface SecuritySystem

Returns:

Throws:

AuthorizationException

isAuthorized

public boolean isAuthorized(SecuritySession session,
                            String permission)
                     throws AuthorizationException

Specified by:

isAuthorized in interface SecuritySystem

Throws:

AuthorizationException

isAuthorized

public boolean isAuthorized(SecuritySession session,
                            String permission,
                            String resource)
                     throws AuthorizationException

Specified by:

isAuthorized in interface SecuritySystem

Throws:

AuthorizationException

getAuthorizerId

public String getAuthorizerId()

getUserManager

public UserManager getUserManager()

Specified by:

getUserManager in interface SecuritySystem

getUserManagementId

public String getUserManagementId()

getKeyManager

public KeyManager getKeyManager()

Specified by:

getKeyManager in interface SecuritySystem

getKeyManagementId

public String getKeyManagementId()

getPolicy

public UserSecurityPolicy getPolicy()

Specified by:

getPolicy in interface SecuritySystem

getPolicyId

public String getPolicyId()

getAuthenticationManager

public AuthenticationManager getAuthenticationManager()

getAuthorizer

public Authorizer getAuthorizer()

getAuthnManager

public AuthenticationManager getAuthnManager()

setAuthnManager

public void setAuthnManager(AuthenticationManager authnManager)

setAuthorizer

public void setAuthorizer(Authorizer authorizer)

setUserManager

public void setUserManager(UserManager userManager)

setKeyManager

public void setKeyManager(KeyManager keyManager)

setPolicy

public void setPolicy(UserSecurityPolicy policy)

userManagerReadOnly

public boolean userManagerReadOnly()

Specified by:

userManagerReadOnly in interface SecuritySystem

Returns:

is it possible to modify user datas (some userManager cannot i.e ldap)

getTokenManager

public TokenManager getTokenManager()

Description copied from interface: SecuritySystem

Returns the token manager implementation.

Specified by:

getTokenManager in interface SecuritySystem

setTokenManager

public void setTokenManager(TokenManager tokenManager)