View Javadoc

1   /*
2    * Copyright 2000-2001,2004 The Apache Software Foundation.
3    * 
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    * 
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    * 
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.apache.jetspeed.services.security;
18  
19  import java.util.List;
20  
21  import org.apache.jetspeed.om.security.JetspeedUser;
22  import org.apache.jetspeed.portal.Portlet;
23  import org.apache.jetspeed.services.rundata.JetspeedRunData;
24  import org.apache.turbine.om.security.User;
25  import org.apache.turbine.services.Service;
26  
27  /***
28   * The Security Service manages Users, Groups Roles and Permissions in the 
29   * system. The Jetspeed Security Service extends the interface of the Turbine
30   * Security Service, adding on the Jetspeed specific interface: AccessControl
31   * for controlling access to portal resources (portlets, panes).
32   *
33   * @author <a href="mailto:david@bluesunrise.com">David Sean Taylor</a>
34   * @version $Id: JetspeedSecurityService.java,v 1.12 2004/03/31 04:49:10 morciuch Exp $
35   */
36  
37  
38  public interface JetspeedSecurityService extends Service
39  {
40     /*** The name of this service */
41     public String SERVICE_NAME = "JetspeedSecurity";
42  
43     //////////////////////////////////////////////////////////////////////////
44     //
45     // Required JetspeedSecurity Functions
46     //
47     // Required Features provided by default JetspeedSecurity
48     //
49     //////////////////////////////////////////////////////////////////////////
50  
51     /*
52      * Factory to create a new JetspeedUser, using JetspeedUserFactory.
53      * The class that is created by the default JetspeedUserFactory is configured
54      * in the JetspeedSecurity properties:
55      *
56      *    services.JetspeedSecurity.user.class=
57      *        org.apache.jetspeed.om.security.BaseJetspeedUser
58      *
59      * @return JetspeedUser a newly created user that implements JetspeedUser.
60      */
61     public JetspeedUser getUserInstance();
62  
63  
64      //////////////////////////////////////////////////////////////////////////
65      //
66      // Optional JetspeedSecurity Features 
67      //
68      // Features are not required to be implemented by Security Provider
69      //
70      //////////////////////////////////////////////////////////////////////////
71  
72      /*
73       * During logon, the username can be case sensitive or case insensitive.
74       *
75       * Given a username, converts the username to either lower or upper case.
76       * This optional feature is configurable from the JetspeedSecurity.properties:
77       *
78       *     <code>services.JetspeedSecurity.caseinsensitive.username = true/false</code>
79       *     <code>services.JetspeedSecurity.caseinsensitive.upper = true/false</code>
80       *
81       * If <code>caseinsensitive.username</code> is true,  
82       * then conversion is enabled and the username will be converted before 
83       * being sent to the Authentication provider.
84       *
85       * @param username The username to be converted depending on configuration.
86       * @return The converted username.
87       *
88       */
89      public String convertUserName(String username);
90  
91      /*
92       * During logon, the password can be case sensitive or case insensitive.
93       *
94       * Given a password, converts the password to either lower or upper case.
95       * This optional feature is configurable from the JetspeedSecurity.properties:
96       *
97       *     <code>services.JetspeedSecurity.caseinsensitive.password = true/false</code>
98       *     <code>services.JetspeedSecurity.caseinsensitive.upper = true/false</code>
99       *
100      * If <code>caseinsensitive.password</code> is true,  
101      * then conversion is enabled and the password will be converted before 
102      * being sent to the Authentication provider.
103      *
104      * @param password The password to be converted depending on configuration.
105      * @return The converted password.
106      *
107      */
108     public String convertPassword(String password);
109 
110     /*
111      * Logon Failure / Account Disabling Feature
112      *
113      * Checks and tracks failed user-logon attempts.
114      * If the user fails to logon after a configurable number of logon attempts,
115      * then the user's account will be disabled.
116      *
117      * This optional feature is configurable from the JetspeedSecurity.properties:
118      *
119      *     <code>services.JetspeedSecurity.logon.auto.disable=false</code>
120      *
121      * The example setting below allows for 3 logon strikes per 300 seconds.
122      * When the strike.count is exceeded over the strike.interval, the account
123      * is disabled. The strike.max is the cumulative maximum.
124      *
125      *     <code>services.JetspeedSecurity.logon.strike.count=3</code>
126      *     <code>services.JetspeedSecurity.logon.strike.interval=300</code>
127      *     <code>services.JetspeedSecurity.logon.strike.max=10</code>
128      *
129      * These settings are not persisted, and in a distributed environment are 
130      * only tracked per node.
131      *
132      * @param username The username to be checked.
133      * @return True if the strike count reached the maximum threshold and the
134      *         user's account was disabled, otherwise False.
135      *
136      */
137     public boolean checkDisableAccount(String username);
138 
139     /*
140      * Logon Failure / Account Disabling Feature
141      *    
142      * Returns state of the the logon failure / account disabling feature.
143      * 
144      * If the user fails to logon after a configurable number of logon attempts,
145      * then the user's account will be disabled.
146      *
147      * @see JetspeedSecurityService#checkLogonFailures
148      *
149      * @return True if the feature is enabled, false if the feature is disabled.
150      *
151      */
152     public boolean isDisableAccountCheckEnabled();
153 
154     /*
155      * Logon Failure / Account Disabling Feature
156      *    
157      * Resets counters for the logon failure / account disabling feature.
158      * 
159      * If the user fails to logon after a configurable number of logon attempts,
160      * then the user's account will be disabled.
161      *
162      * @see JetspeedSecurityService#checkLogonFailures
163      *
164      * @param username The username to reset the logon failure counters.
165      *
166      */
167     public void resetDisableAccountCheck(String username);
168 
169 
170     //////////////////////////////////////////////////////////////////////////
171     //
172     // Optional JetspeedSecurity Helpers
173     //
174     //////////////////////////////////////////////////////////////////////////
175 
176 
177     /***
178      * Helper to UserManagement.
179      * Retrieves a <code>JetspeedUser</code> given the primary principle username.
180      * The principal can be any valid Jetspeed Security Principal:
181      *   <code>org.apache.jetspeed.om.security.UserNamePrincipal</code>
182      *   <code>org.apache.jetspeed.om.security.UserIdPrincipal</code>
183      *   
184      * The security service may optionally check the current user context
185      * to determine if the requestor has permission to perform this action.
186      *
187      * @param username The username principal.
188      * @return a <code>JetspeedUser</code> associated to the principal identity.
189      * @exception UserException when the security provider has a general failure retrieving a user.
190      * @exception UnknownUserException when the security provider cannot match
191      *            the principal identity to a user.
192      * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege 
193      */
194 
195     public JetspeedUser getUser(String username) 
196         throws JetspeedSecurityException;
197 
198 
199     /***
200      * Helper to PortalAuthorization.
201      * Gets a <code>JetspeedUser</code> from rundata, authorize user to perform the secured action on
202      * the given <code>Portlet</code> resource. If the user does not have
203      * sufficient privilege to perform the action on the resource, the check returns false,
204      * otherwise when sufficient privilege is present, checkPermission returns true.
205      *
206      * @param rundata request that the user is taken from rundatas
207      * @param action the secured action to be performed on the resource by the user.     
208      * @param portlet the portlet resource.
209      * @return boolean true if the user has sufficient privilege.
210      */
211     public boolean checkPermission(JetspeedRunData runData, String action, Portlet portlet);
212 
213     /***
214      * Helper to PortalAuthorization.
215      * Gets a <code>JetspeedUser</code> from rundata, authorize user to perform the secured action on
216      * the given <code>Entry</code> resource. If the user does not have
217      * sufficient privilege to perform the action on the resource, the check returns false,
218      * otherwise when sufficient privilege is present, checkPermission returns true.
219      *
220      * @param rundata request that the user is taken from rundatas
221      * @param action the secured action to be performed on the resource by the user.     
222      * @param entry the portal entry resource.
223      * @return boolean true if the user has sufficient privilege.
224      */
225     //public boolean checkPermission(JetspeedRunData runData, String action, RegistryEntry entry);
226 
227    /*
228      * Security configuration setting to disable all action buttons for the Anon user
229      * This setting is readonly and is edited in the JetspeedSecurity deployment
230      *    
231      *
232      * @return True if the feature actions are disabled for the anon user
233      *
234      */
235     public boolean areActionsDisabledForAnon();
236 
237     /*
238      * Security configuration setting to disable all action buttons for all users
239      * This setting is readonly and is edited in the JetspeedSecurity deployment
240      *    
241      *
242      * @return True if the feature actions are disabled for the all users
243      *
244      */
245     public boolean areActionsDisabledForAllUsers();
246 
247 
248    /*
249      * Gets the name of the anonymous user account if applicable
250      *    
251      *
252      * @return String the name of the anonymous user account
253      *
254      */
255     public String getAnonymousUserName();
256 
257 	/*
258 	 * Gets the list of administrative roles
259 	 *    
260 	 * @return list of admin roles
261 	 */
262 	 public List getAdminRoles();
263 
264 	/*
265 	 * Returns true if user has adminstrative role
266 	 *    
267 	 * @return
268 	 */
269 	 public boolean hasAdminRole(User user);
270 
271 }
272