PrincipalProvider.java example

Explorer
jackrabbit-master
- jackrabbit-trunk
/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.jackrabbit.core.security.principal;

import org.apache.jackrabbit.api.security.principal.PrincipalIterator;

import javax.jcr.Session;
import java.security.Principal;
import java.util.Properties;

/**
 * This interface defines methods to provide access to sources of
 * {@link Principal}s. This allows the security framework share any external
 * sources for authorization and authentication, as may be used by a custom
 * {@link javax.security.auth.spi.LoginModule} for example.
 *
 * @see org.apache.jackrabbit.api.security.principal.PrincipalManager for more details about principals, users and groups.
 */
public interface PrincipalProvider {

    /**
     * Returns the principal with the given name if is known to this provider
     *
     * @param principalName the name of the principal to retrieve
     * @return return the requested principal or <code>null</code>
     */
    Principal getPrincipal(String principalName);

    /**
     * Searches for <code>Principal</code>s that match the given String.
     * NOTE: <code>Group</code>s are included in the search result.
     *
     * @param simpleFilter
     * @return
     * @see #findPrincipals(String,int)
     */
    PrincipalIterator findPrincipals(String simpleFilter);

    /**
     * Searches for <code>Principal</code>s that match the given String.
     *
     * @param simpleFilter
     * @param searchType searchType Any of the following constants:
     * <ul>
     * <li>{@link org.apache.jackrabbit.api.security.principal.PrincipalManager#SEARCH_TYPE_ALL}</li>
     * <li>{@link org.apache.jackrabbit.api.security.principal.PrincipalManager#SEARCH_TYPE_GROUP}</li>
     * <li>{@link org.apache.jackrabbit.api.security.principal.PrincipalManager#SEARCH_TYPE_NOT_GROUP}</li>
     * </ul>
     * @return
     * @see #findPrincipals(String)
     */
    PrincipalIterator findPrincipals(String simpleFilter, int searchType);

    /**
     * Returns an iterator over all principals that match the given search type.
     *
     * @return an iterator over all principals that match the given search type.
     * @param searchType searchType Any of the following constants:
     * <ul>
     * <li>{@link org.apache.jackrabbit.api.security.principal.PrincipalManager#SEARCH_TYPE_ALL}</li>
     * <li>{@link org.apache.jackrabbit.api.security.principal.PrincipalManager#SEARCH_TYPE_GROUP}</li>
     * <li>{@link org.apache.jackrabbit.api.security.principal.PrincipalManager#SEARCH_TYPE_NOT_GROUP}</li>
     * </ul>
     */
    PrincipalIterator getPrincipals(int searchType);

    /**
     * Returns an iterator over all group principals for which the given
     * principal is either direct or indirect member of. If a principal is
     * a direct member of a group, then <code>{@link java.security.acl.Group#isMember(Principal)}</code>
     * evaluates to <code>true</code>. A principal is an indirect member of a
     * group if any of its groups (to any degree of separation) is direct member
     * of the group.
     * <p>
     * Example:<br>
     * If Principal is member of Group A, and Group A is member of
     * Group B, this method will return Group A and Group B.
     *
     * @param principal the principal to return it's membership from.
     * @return an iterator returning all groups the given principal is member of.
     */
    PrincipalIterator getGroupMembership(Principal principal);

    /**
     * Initialize this provider.
     *
     * @param options the options that are set
     */
    void init(Properties options);

    /**
     * This is called when a provider is not longer used by the repository.
     * An implementation can then release any resources bound to this
     * provider, eg. disconnect from a back end system.
     */
    void close();

    /**
     * Tests if the provided session is allowed to read the given principal.
     * Since the principal providers do not restrict the access
     * on the principals they provide, this method is used by the PrincipalManger
     * to ensure proper access rights for the client requesting the principals.
     *
     * @param session
     * @param principalToRead The principal to be accessed by the specified subject.
     * @return <code>true</code> if the session is allowed to read the principal;
     * <code>false</code> otherwise.
     */
    boolean canReadPrincipal(Session session, Principal principalToRead);
}