GeoServerRoleService.java example

Explorer
geoserver-master
- doc
  - en
    - developer
      - source
        programming-guide
        ows-services
        hello
        src
        main
        java
        HelloWorld.java
        web-ui
        ComponentInfo.java
    - user
      - source
        security
        tutorials
        ldap
        acme-ldap
        src
        main
        java
        org
        acme
        Ldap.java
- src
/* (c) 2014 Open Source Geospatial Foundation - all rights reserved
 * (c) 2001 - 2013 OpenPlans
 * This code is licensed under the GPL 2.0 license, available at the root
 * application directory.
 */
package org.geoserver.security;

import java.io.IOException;
import java.util.Map;
import java.util.Properties;
import java.util.SortedSet;

import org.geoserver.security.event.RoleLoadedEvent;
import org.geoserver.security.event.RoleLoadedListener;
import org.geoserver.security.impl.GeoServerRole;

/**
 * A class implementing this interface is capable of reading 
 * role assignments from a backend.
 * 
 * @author christian
 */
public interface GeoServerRoleService extends GeoServerSecurityService {

    /**
     * Creates the granted authority store associated with this service, or null if creating a store
     * is not supported. 
     * <p>
     * Implementations that do not support a store should ensure that {@link #canCreateStore()} 
     * returns <code>false</code>.
     * </p>
     */
    GeoServerRoleStore createStore() throws IOException;

    /**
     * Register for notifications on load
     * 
     * @param listener
     */
    void registerRoleLoadedListener (RoleLoadedListener listener);
    
    /**
     * Unregister for notifications on load
     * 
     * @param listener
     */
    void unregisterRoleLoadedListener (RoleLoadedListener listener);

    /**
     * Get group names for a {@link GeoServerRole} object
     * Hierarchical roles are not considered
     * 
     * @param role
     * @return collection which cannot be modified
     */
    SortedSet<String> getGroupNamesForRole(GeoServerRole role) throws IOException;

    /**
     * Get user names for a {@link GeoServerRole} object
     * Hierarchical roles are not considered
     * 
     * @param role
     * @return collection which cannot be modified
     */
    SortedSet<String> getUserNamesForRole(GeoServerRole role) throws IOException;

    
    /**
     * Get the roles for the user
     * Hierarchical roles are not considered
     * 
     * @param username
     * @return a collection which cannot be modified
     */
    SortedSet<GeoServerRole> getRolesForUser(String username) throws IOException;

    
    /**
     * Get the roles for the group
     * Hierarchical roles are not considered
     * 
     * @param groupname
     * @return a collection which cannot be modified
     */
    SortedSet<GeoServerRole> getRolesForGroup(String groupname) throws IOException;


    /**
     * Get the list of roles currently known by users (implementations must provide
     * the admin role "ROLE_ADMINISTRATOR") 
     * 
     * @return a collection which cannot be modified
     */
    
    SortedSet<GeoServerRole> getRoles() throws IOException;

    
    /**
     * returns a role name -> parent role name mapping for the all
     * {@link GeoServerRole} objects.
     * 
     * This method should be used by clients if they have to build
     * a tree structure
     * 
     * @return a collection which cannot be modified
     * @throws IOException
     */
    Map<String,String> getParentMappings() throws IOException;
        
    /**
     * Creates a {@link GeoServerRole} object . Implementations
     * can use their special classes derived from {@link GeoServerRole}
     * 
     * @param role
     *
     */
    GeoServerRole createRoleObject(String role) throws IOException;
    
    
    /**
     * Get the parent {@link GeoServerRole} object
     * @param role
     * @return the parent role or null
     */
    GeoServerRole getParentRole(GeoServerRole role)  throws IOException;
    
    /**
     * Loads a {@link GeoServerRole} by name
     * @param role
     *
     * @throws null if the role is not found
     */
    GeoServerRole getRoleByName(String role) throws  IOException;

    /**
     * load from backend store. On success,
     * a  {@link RoleLoadedEvent} should must be triggered 
     */
    void load() throws IOException;
    
    
    /**
     * This is a callback for personalized roles
     * Example:
     * Role employee has a property "employeeNumber", which has 
     * no value or a default value. "employeeNumber" is also called a 
     * role parameter in this context.
     * 
     * A user "harry" has assigned the role employee and
     * has a user property "empNr" with the value 4711 
     *  
     * Now, this method should create a {@link Properties}
     * object containing the the property "employeeNumber"
     * with the value 4711.
     * 
     * A GIS example could be a BBOX for specific user to
     * restrict his access to the wms service  
     * 
     * @param roleName the name of the role
     * @param roleParams the params for the role from {@link GeoServerRoleService}
     * @param userName the user name
     * @param userProps the properties of the user from {@link GeoServerUserGroupService}
     * 
     * @return null for no personalization, the personalized properties otherwise 
     * @throws IOException
     */
    Properties personalizeRoleParams (String roleName,Properties roleParams, 
            String userName,Properties userProps) throws IOException;
        
    /**
     * @return the local role  having the same privileges as  {@link GeoserverRole#ADMIN_ROLE}
     * or <code>null</code> if no such role exists
     */
    GeoServerRole getAdminRole();

    /**
     * @return the local role  having the same privileges {@link GeoServerRole#GROUP_ADMIN_ROLE}
     * or <code>null</code> if no such role exists
     */
    GeoServerRole getGroupAdminRole();

    /**
     * @return the number of roles
     */
    int getRoleCount() throws IOException;

}