org.apache.jetspeed.services.security.nosecurity
Class NoUserManagement

java.lang.Object
  extended byorg.apache.turbine.services.BaseInitable
      extended byorg.apache.turbine.services.BaseService
          extended byorg.apache.turbine.services.TurbineBaseService
              extended byorg.apache.jetspeed.services.security.nosecurity.NoUserManagement
All Implemented Interfaces:
CredentialsManagement, org.apache.turbine.services.Initable, org.apache.turbine.services.Service, UserManagement

public class NoUserManagement
extends org.apache.turbine.services.TurbineBaseService
implements UserManagement, CredentialsManagement

The NoUserManagement class is a Jetspeed security provider, implementing the UserManagement and CredentialsManagement interfaces. It does not manage any users - no users are listed, no users are saved, any request for a user is satisfied with a temp. User object.

Version:
$Id: NoUserManagement.java,v 1.2 2004/02/23 03:53:24 jford Exp $
Author:
Glenn R. Golden

Field Summary
 
Fields inherited from class org.apache.turbine.services.BaseService
configuration, name, properties, serviceBroker
 
Fields inherited from class org.apache.turbine.services.BaseInitable
initableBroker, isInitialized
 
Fields inherited from interface org.apache.jetspeed.services.security.UserManagement
SERVICE_NAME
 
Constructor Summary
NoUserManagement()
           
 
Method Summary
 void addUser(JetspeedUser user)
          Adds a JetspeedUser into permanent storage.
 void changePassword(JetspeedUser user, java.lang.String oldPassword, java.lang.String newPassword)
          Allows for a user to change their own password.
 java.lang.String encryptPassword(java.lang.String password)
          This method provides client-side encryption of passwords.
 void forcePassword(JetspeedUser user, java.lang.String password)
          Forcibly sets new password for a User.
 JetspeedUser getUser(java.security.Principal principal)
          Retrieves a JetspeedUser given the primary principle.
 java.util.Iterator getUsers()
          Retrieves a collection of all JetspeedUsers.
 java.util.Iterator getUsers(java.lang.String filter)
          Retrieves a collection of JetspeedUsers filtered by a security provider-specific query string.
 void removeUser(java.security.Principal principal)
          Removes a JetspeedUser from the permanent store.
 void saveUser(JetspeedUser user)
          Saves a JetspeedUser's attributes into permanent storage.
 
Methods inherited from class org.apache.turbine.services.TurbineBaseService
init, init, init, init, shutdown
 
Methods inherited from class org.apache.turbine.services.BaseService
getConfiguration, getName, getProperties, getServiceBroker, setName, setServiceBroker
 
Methods inherited from class org.apache.turbine.services.BaseInitable
getInit, getInitableBroker, setInit, setInitableBroker
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface org.apache.turbine.services.Service
getConfiguration, getName, getProperties, setName, setServiceBroker
 
Methods inherited from interface org.apache.turbine.services.Initable
getInit, init, init, setInitableBroker, shutdown
 

Constructor Detail

NoUserManagement

public NoUserManagement()
Method Detail

getUser

public JetspeedUser getUser(java.security.Principal principal)
                     throws JetspeedSecurityException
Retrieves a JetspeedUser given the primary principle. The principal can be any valid Jetspeed Security Principal: org.apache.jetspeed.om.security.UserNamePrincipal org.apache.jetspeed.om.security.UserIdPrincipal The security service may optionally check the current user context to determine if the requestor has permission to perform this action.

Specified by:
getUser in interface UserManagement
Parameters:
principal - a principal identity to be retrieved.
Returns:
a JetspeedUser associated to the principal identity.
Throws:
UserException - when the security provider has a general failure retrieving a user.
UnknownUserException - when the security provider cannot match the principal identity to a user.
InsufficientPrivilegeException - when the requestor is denied due to insufficient privilege
JetspeedSecurityException

getUsers

public java.util.Iterator getUsers()
                            throws JetspeedSecurityException
Retrieves a collection of all JetspeedUsers. The security service may optionally check the current user context to determine if the requestor has permission to perform this action.

Specified by:
getUsers in interface UserManagement
Returns:
a collection of JetspeedUser entities.
Throws:
UserException - when the security provider has a general failure retrieving users.
InsufficientPrivilegeException - when the requestor is denied due to insufficient privilege
JetspeedSecurityException

getUsers

public java.util.Iterator getUsers(java.lang.String filter)
                            throws JetspeedSecurityException
Retrieves a collection of JetspeedUsers filtered by a security provider-specific query string. For example SQL, OQL, JDOQL. The security service may optionally check the current user context to determine if the requestor has permission to perform this action.

Specified by:
getUsers in interface UserManagement
Returns:
a collection of JetspeedUser entities.
Throws:
UserException - when the security provider has a general failure retrieving users.
InsufficientPrivilegeException - when the requestor is denied due to insufficient privilege
JetspeedSecurityException

saveUser

public void saveUser(JetspeedUser user)
              throws JetspeedSecurityException
Saves a JetspeedUser's attributes into permanent storage. The user's account is required to exist in the storage. The security service may optionally check the current user context to determine if the requestor has permission to perform this action.

Specified by:
saveUser in interface UserManagement
Throws:
UserException - when the security provider has a general failure retrieving users.
InsufficientPrivilegeException - when the requestor is denied due to insufficient privilege
JetspeedSecurityException

addUser

public void addUser(JetspeedUser user)
             throws JetspeedSecurityException
Adds a JetspeedUser into permanent storage. The security service can throw a NotUniqueUserException when the public credentials fail to meet the security provider-specific unique constraints. The security service may optionally check the current user context to determine if the requestor has permission to perform this action.

Specified by:
addUser in interface UserManagement
Throws:
UserException - when the security provider has a general failure retrieving users.
NotUniqueUserException - when the public credentials fail to meet the security provider-specific unique constraints.
InsufficientPrivilegeException - when the requestor is denied due to insufficient privilege
JetspeedSecurityException

removeUser

public void removeUser(java.security.Principal principal)
                throws JetspeedSecurityException
Removes a JetspeedUser from the permanent store. The security service may optionally check the current user context to determine if the requestor has permission to perform this action.

Specified by:
removeUser in interface UserManagement
Parameters:
principal - the principal identity to be retrieved.
Throws:
UserException - when the security provider has a general failure retrieving a user.
UnknownUserException - when the security provider cannot match the principal identity to a user.
InsufficientPrivilegeException - when the requestor is denied due to insufficient privilege
JetspeedSecurityException

changePassword

public void changePassword(JetspeedUser user,
                           java.lang.String oldPassword,
                           java.lang.String newPassword)
                    throws JetspeedSecurityException
Allows for a user to change their own password.

Specified by:
changePassword in interface CredentialsManagement
Parameters:
user - the user to change the password for.
oldPassword - the current password supplied by the user.
newPassword - the current password requested by the user.
Throws:
UserException - when the security provider has a general failure retrieving a user.
UnknownUserException - when the security provider cannot match the principal identity to a user.
InsufficientPrivilegeException - when the requestor is denied due to insufficient privilege
JetspeedSecurityException

forcePassword

public void forcePassword(JetspeedUser user,
                          java.lang.String password)
                   throws JetspeedSecurityException
Forcibly sets new password for a User. Provides an administrator the ability to change the forgotten or compromised passwords. Certain implementatations of this feature would require administrative level access to the authenticating server / program.

Specified by:
forcePassword in interface CredentialsManagement
Parameters:
user - the user to change the password for.
password - the new password.
Throws:
UserException - when the security provider has a general failure retrieving a user.
UnknownUserException - when the security provider cannot match the principal identity to a user.
InsufficientPrivilegeException - when the requestor is denied due to insufficient privilege
JetspeedSecurityException

encryptPassword

public java.lang.String encryptPassword(java.lang.String password)
                                 throws JetspeedSecurityException
This method provides client-side encryption of passwords. If secure.passwords are enabled in JetspeedSecurity properties, the password will be encrypted, if not, it will be returned unchanged. The secure.passwords.algorithm property can be used to chose which digest algorithm should be used for performing the encryption. SHA is used by default.

Specified by:
encryptPassword in interface CredentialsManagement
Parameters:
password - the password to process
Returns:
processed password
Throws:
JetspeedSecurityException


Copyright © 2000-2005 Apache Software Foundation. All Rights Reserved.