/*
* RHQ Management Platform
* Copyright (C) 2005-2008 Red Hat, Inc.
* All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation version 2 of the License.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
package org.rhq.enterprise.server.auth;
import javax.ejb.Remote;
import org.rhq.core.domain.auth.Principal;
import org.rhq.core.domain.auth.Subject;
import org.rhq.core.domain.criteria.SubjectCriteria;
import org.rhq.core.domain.util.PageList;
import org.rhq.enterprise.server.authz.RoleManagerLocal;
import org.rhq.enterprise.server.exception.LoginException;
/**
* Subject manager remote API. Typically requires <code>MANAGE_SECURITY</code> permission.
*
*/
@Remote
public interface SubjectManagerRemote {
/**
* Change the password for a user.
*
* @param subject The logged in user's subject.
* @param username The user whose password will be changed
* @param password The new password for the user
*/
void changePassword(Subject subject, String username, String password);
/**
* Creates a new principal (username and password) in the internal database. The password will be encoded before
* being stored.
*
* @param subject The logged in user's subject.
* @param username The username part of the principal
* @param password The password part of the principal
* @throws SubjectException if the principal could not be added
*/
void createPrincipal(Subject subject, String username, String password) throws SubjectException;
/**
* Create a a new subject. This <b>ignores</b> the roles in <code>subject</code>. The created subject will not be
* assigned to any roles; use the {@link RoleManagerLocal role manager} to assign roles to a subject.
*
* @param subject The logged in user's subject.
* @param subjectToCreate The subject to be created.
*
* @return the newly persisted {@link Subject}
* @throws SubjectException
*/
Subject createSubject(Subject subject, Subject subjectToCreate) throws SubjectException;
/**
* Deletes the given set of users, including both the {@link Subject} and {@link Principal} objects associated with
* those users.
*
* @param subject The logged in user's subject.
* @param subjectIds identifies the subject IDs for all the users that are to be deleted
*/
void deleteSubjects(Subject subject, int[] subjectIds);
/**
* Looks up the existing subject using the given username.
*
* @param username the name of the subject to look for
*
* @return the subject that was found or <code>null</code> if not found
*
* @deprecated This method should be avoided as it may be removed in
* a future release. Given that multiple sessions may exist for a
* single user the result of this call is non-deterministic.
*/
@Deprecated
Subject getSubjectByName(String username);
/**
* Looks up the Subject for a current RHQ session by username and sessionId.
*
* @param username The name of the user.
* @param sessionId The sessionId of the desired Subject.
*
* @return The Subject that was found
*
* @throws Exception if the sessionId is not valid
*/
Subject getSubjectByNameAndSessionId(String username, int sessionId) throws Exception;
/**
* Logs a user into the system. This will authenticate the given user with the given password. If the user was
* already logged in, the current session will be used but the password will still need to be authenticated.
*
* @param username The name of the user.
* @param password The password.
*
* @return The subject of the authenticated user.
*
* @exception LoginException if the login failed for some reason
*/
Subject login(String username, String password) throws LoginException;
/**
* Logs out a user.
*
* @param subject The Subject to log out. The sessionId must be valid.
*/
void logout(Subject subject);
/**
* Updates an existing subject with new data. This does <b>not</b> cascade any changes to the roles but it will save
* the subject's configuration.
*
* @param subject The logged in user's subject.
* @param subjectToModify the subject whose data is to be updated (which may or may not be the same as <code>user</code>)
*
* @return the merged subject, which may or may not be the same instance of <code>subjectToModify</code>
*/
Subject updateSubject(Subject subject, Subject subjectToModify);
/**
* @param subject
* @param criteria
* @return not null
*/
PageList<Subject> findSubjectsByCriteria(Subject subject, SubjectCriteria criteria);
}