JackrabbitSession...
+ */
+public interface JackrabbitSession extends Session {
+
+ /**
+ * Creates a new session with the same subject as this sessions but to a
+ * different workspace. The returned session is a newly logged in session,
+ * with the same subject but a different workspace. Even if the given
+ * workspace is the same as this sessions one, the implementation must
+ * return a new session object.
+ *
+ * @param workspaceName name of the workspace to acquire a session for.
+ * @return A session to the requested workspace for the same authenticated
+ * subject.
+ * @throws AccessDeniedException in case the current Subject is not allowed
+ * to access the requested Workspace
+ * @throws NoSuchWorkspaceException If the named workspace does not exist.
+ * @throws RepositoryException in any other exceptional state
+ */
+ JackrabbitSession createSession(String workspaceName)
+ throws AccessDeniedException, NoSuchWorkspaceException,
+ RepositoryException;
+
+ /**
+ * Returns this sessions principal manager.
+ * @return this sessions principal manager.
+ *
+ * @throws RepositoryException
+ * @throws AccessDeniedException
+ */
+ PrincipalManager getPrincipalManager()
+ throws RepositoryException, AccessDeniedException;
+
+ /**
+ * Returns the ACL manager for this session on this workspace.
+ *
+ * @return the ACL manager
+ *
+ * @throws RepositoryException
+ * @throws AccessDeniedException
+ */
+ ACLManager getACLManager() throws RepositoryException, AccessDeniedException;
+
+ /**
+ * Allow access to the UserManager for the current Session.
+ *
+ * @throws javax.jcr.AccessDeniedException if {@link javax.security.auth.Subject}
+ * of this session is not allowed to access UserData
+ * @throws javax.jcr.RepositoryException in all other exceptional states
+ * @see UserManager
+ */
+ UserManager getUserManager()
+ throws AccessDeniedException, RepositoryException;
+}
\ No newline at end of file
Property changes on: jackrabbit-api\src\main\java\org\apache\jackrabbit\api\JackrabbitSession.java
___________________________________________________________________
Name: svn:keywords
+ author date id rev url
Name: svn:eol-style
+ native
Index: jackrabbit-api/src/main/java/org/apache/jackrabbit/security/ACE.java
===================================================================
--- jackrabbit-api/src/main/java/org/apache/jackrabbit/security/ACE.java (revision 0)
+++ jackrabbit-api/src/main/java/org/apache/jackrabbit/security/ACE.java (revision 0)
@@ -0,0 +1,65 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.security;
+
+import java.security.Principal;
+
+
+/**
+ * The Access Control Entry (ACE) a single Entry of an {@link ACL}
+ * The ACE ignores the action's semantics. This is handled by the {@link ActionSet}.
+ * But the ACE allows to test if it contains any of the actions contained in a
+ * given {@link ActionSet}.
+ */
+public interface ACE {
+
+ /**
+ * @return the name of this ACE may be null
+ */
+ String getName();
+
+ /**
+ * @return the Principal for this entry.
+ */
+ Principal getPrincipal();
+
+ /**
+ * @return true if the ace allows the contained actions or false otherwise.
+ */
+ boolean isAllow();
+
+ /**
+ * @param actionSet set of actions to be tested
+ * @return true if at least one of the given actions is contained
+ */
+ boolean containsAnyAction(ActionSet actionSet);
+
+ /**
+ * Returns all Actions contained in this ace
+ * @return a ActionSet for all Actions contained in this ACEntry.
+ */
+ ActionSet getActionSet();
+
+ /**
+ * Returns the access control list, this entry is contained in.
+ *
+ * @return the ACL this entry is contained in.
+ */
+ ACL getContainingACL();
+}
Property changes on: jackrabbit-api\src\main\java\org\apache\jackrabbit\security\ACE.java
___________________________________________________________________
Name: svn:keywords
+ author date id rev url
Name: svn:eol-style
+ native
Index: jackrabbit-api/src/main/java/org/apache/jackrabbit/security/ACEIterator.java
===================================================================
--- jackrabbit-api/src/main/java/org/apache/jackrabbit/security/ACEIterator.java (revision 0)
+++ jackrabbit-api/src/main/java/org/apache/jackrabbit/security/ACEIterator.java (revision 0)
@@ -0,0 +1,35 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.security;
+
+import javax.jcr.RangeIterator;
+import java.util.NoSuchElementException;
+
+/**
+ * ACEIterator
+ */
+public interface ACEIterator extends RangeIterator {
+
+ /**
+ * Returns the next ACE in the iteration.
+ *
+ * @return the next ACE in the iteration.
+ * @throws NoSuchElementException iteration has no more elements.
+ */
+ public ACE nextACE() throws NoSuchElementException;
+
+}
Property changes on: jackrabbit-api\src\main\java\org\apache\jackrabbit\security\ACEIterator.java
___________________________________________________________________
Name: svn:keywords
+ author date id rev url
Name: svn:eol-style
+ native
Index: jackrabbit-api/src/main/java/org/apache/jackrabbit/security/ACETemplate.java
===================================================================
--- jackrabbit-api/src/main/java/org/apache/jackrabbit/security/ACETemplate.java (revision 0)
+++ jackrabbit-api/src/main/java/org/apache/jackrabbit/security/ACETemplate.java (revision 0)
@@ -0,0 +1,42 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.security;
+
+/**
+ * This is one Entry in an {@link ACLTemplate}
+ * Like the {@link ACLTemplate} the Entry is detached from its ACL.
+ * Any changes get only effective when commited via
+ * {@link ACLManager#setAcl(String, ACLTemplate)}
+ */
+public interface ACETemplate extends ACE {
+
+ /**
+ * Set the actions for this ACETemplate.
+ *
+ * @param actionSet
+ */
+ void setActionSet(ActionSet actionSet);
+
+ /**
+ * Indicates if this ACE has been modified since it has been access via
+ * {@link ACLManager#editAcl(String)}
+ *
+ * @return true if {@link #setActionSet(ActionSet)} has been called on this
+ * ACETemplate.
+ */
+ boolean isModified();
+}
Property changes on: jackrabbit-api\src\main\java\org\apache\jackrabbit\security\ACETemplate.java
___________________________________________________________________
Name: svn:keywords
+ author date id rev url
Name: svn:eol-style
+ native
Index: jackrabbit-api/src/main/java/org/apache/jackrabbit/security/ACL.java
===================================================================
--- jackrabbit-api/src/main/java/org/apache/jackrabbit/security/ACL.java (revision 0)
+++ jackrabbit-api/src/main/java/org/apache/jackrabbit/security/ACL.java (revision 0)
@@ -0,0 +1,64 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.security;
+
+import javax.security.auth.Subject;
+import java.util.Set;
+
+/**
+ * AccessControlList
+ * The list consists of {@link ACE ordered entries}, each representing
+ * a set of actions. The set of actions either grants or denies permission for a
+ * single Principal attached to the ACE.
+ */
+public interface ACL {
+
+ /**
+ * @return name identifying the ACL
+ */
+ String getName();
+
+ /**
+ * Returns all Entries of this ACL.
+ * The order should be reversed: The last added will be returned first
+ *
+ * @return the ACL entries
+ */
+ ACEIterator getEntries();
+
+ /**
+ * Compile all {@link ACE}s relevant for the given {@link Subject}.
+ *
+ * @param subject to compile all ACEs relevant for the Subject into an ActionSet.
+ * @return the compiled actionSet.
+ */
+ ActionSet compileEntries(Subject subject);
+
+ /**
+ * Test if the given Set of Principals is granted the specified actions.
+ * Note, that this method returns true if all actions
+ * included in the given ActionSet are granted for all
+ * Principals, false otherwise.
+ *
+ * @param principals
+ * @param actions
+ * @return true if this ACL grants all of the actions contained in the
+ * specified ActionSet.
+ */
+ boolean grants(Set principals, ActionSet actions);
+
+}
Property changes on: jackrabbit-api\src\main\java\org\apache\jackrabbit\security\ACL.java
___________________________________________________________________
Name: svn:keywords
+ author date id rev url
Name: svn:eol-style
+ native
Index: jackrabbit-api/src/main/java/org/apache/jackrabbit/security/ACLManager.java
===================================================================
--- jackrabbit-api/src/main/java/org/apache/jackrabbit/security/ACLManager.java (revision 0)
+++ jackrabbit-api/src/main/java/org/apache/jackrabbit/security/ACLManager.java (revision 0)
@@ -0,0 +1,92 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.security;
+
+import org.apache.jackrabbit.api.JackrabbitSession;
+
+import javax.jcr.AccessDeniedException;
+import javax.jcr.Item;
+import javax.jcr.RepositoryException;
+import javax.jcr.UnsupportedRepositoryOperationException;
+
+/**
+ * This Interface defines the ACL manager, which is the clients view on ACLs
+ * attached to items. Each ACLManager is bound to a session. This means the
+ * respective operations apply to the session's workspace and must obey the
+ * permissions defined for the session's subject.
+
+ * @see JackrabbitSession#getACLManager()
+ */
+public interface ACLManager {
+
+ /**
+ * Returns the ACL for the specified item.
+ *
+ * @param absPath the absolute path of the item to retrieve the ACL for.
+ * @return ACL applicable for this {@link Item}
+ * @throws RepositoryException
+ * @throws AccessDeniedException if the respective ACL cannot be retrieved
+ */
+ ACL getAcl(String absPath) throws RepositoryException;
+
+ /**
+ * Retrieves an editable acl for the respective item. The returned ACL is
+ * detached from the actual ACL stored and is only an external
+ * representation. Thus any modification will not take effect, until it is
+ * {@link #setAcl(String, ACLTemplate) stored} again.
+ *
absPath has no ACL declaration (but only an
+ * effective ACL inherited from another Item) then this method will return
+ * an new, empty ACLTemplate, that may be used to define the declared ACL
+ * later on.
+ * Note, that in contrast to {@link #getAcl(String)}, the scope of the
+ * editable ACL it limited to the item and does not include inherited ACLs.
+ * Similarly the effective ACL can only be edited on the path of the Item for
+ * which that ACL is declared.
+ *
+ * @param absPath the path of the item to retrieve the ACL for
+ * @return the ACLTemplate or null if ACL editing is not supported
+ * by the implementation.
+ * @throws AccessDeniedException if this manager is not allowed to edit the ACL.
+ * @throws RepositoryException if an error occurs
+ */
+ ACLTemplate editAcl(String absPath) throws RepositoryException, AccessDeniedException;
+
+ /**
+ * Stores the editable acl to the respective item.
+ *
+ * @param absPath the absolute path of the item to store the acl for
+ * @param acl the acl to store.
+ * @throws AccessDeniedException if the this manager is not allowed to edit the ACL.
+ * @throws UnsupportedRepositoryOperationException if ACL editing is not
+ * supported by the implementation.
+ * @throws RepositoryException if an error occurs.
+ */
+ void setAcl(String absPath, ACLTemplate acl) throws RepositoryException, AccessDeniedException;
+
+ /**
+ * Removes the acl from the respective item.
+ *
+ * @param absPath the absolute path of the item to remove the acl from.
+ * @throws AccessDeniedException if this manager is not allowed to edit the ACL.
+ * @throws UnsupportedRepositoryOperationException if ACL editing is not
+ * supported by the implementation.
+ * @throws RepositoryException if an error occurs.
+ */
+ void removeAcl(String absPath) throws RepositoryException, AccessDeniedException;
+
+}
Property changes on: jackrabbit-api\src\main\java\org\apache\jackrabbit\security\ACLManager.java
___________________________________________________________________
Name: svn:keywords
+ author date id rev url
Name: svn:eol-style
+ native
Index: jackrabbit-api/src/main/java/org/apache/jackrabbit/security/ACLTemplate.java
===================================================================
--- jackrabbit-api/src/main/java/org/apache/jackrabbit/security/ACLTemplate.java (revision 0)
+++ jackrabbit-api/src/main/java/org/apache/jackrabbit/security/ACLTemplate.java (revision 0)
@@ -0,0 +1,133 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.security;
+
+import java.security.Principal;
+
+/**
+ * ACLTemplate is the ediable view of an ACL used by an {@link ACLManager} ACETemplate.
+ */
+ ACETemplate create(Principal principal, boolean isAllow, ActionSet actionSet);
+
+ /**
+ * Returns the entry at the specified position in this list.
+ *
+ * @param index index of entry to return.
+ * @return the entry at the specified position in this list.
+ *
+ * @throws IndexOutOfBoundsException if the index is out of range (index
+ * < 0 || index >= size()).
+ */
+ ACETemplate get(int index);
+
+ /**
+ * Appends the specified entry to the end of this list.
+ *
+ * @param ace entry to be appended to this list.
+ */
+ void add(ACETemplate ace);
+
+ /**
+ * Inserts the specified entry at the specified position in this list
+ * (optional operation). Shifts the entry currently at that position
+ * (if any) and any subsequent entrys to the right (adds one to their
+ * indices).
+ *
+ * @param index index at which the specified entry is to be inserted.
+ * @param ace entry to be inserted.
+ *
+ * @throws IndexOutOfBoundsException if the index is out of range
+ * (index < 0 || index > size()).
+ */
+ void add(int index, ACETemplate ace);
+
+ /**
+ * Removes the entry at the specified position in this list (optional
+ * operation). Shifts any subsequent entrys to the left (subtracts one
+ * from their indices). Returns the entry that was removed from the
+ * list.
+ *
+ * @param index the index of the entry to removed.
+ * @return the entry previously at the specified position.
+ *
+ * @throws IndexOutOfBoundsException if the index is out of range (index
+ * < 0 || index >= size()).
+ */
+ ACETemplate remove(int index);
+
+ /**
+ * Removes the entry. Shifts any subsequent entrys to the left (subtracts one
+ * from their indices). Returns the entry that was removed from the
+ * list.
+ *
+ * @param ace the ace to remove
+ * @return if ace had been contained in ACL
+ */
+ boolean remove(ACETemplate ace);
+
+ /**
+ * Removes all of the entries from this list.
+ */
+ void clear();
+
+ /**
+ * Returns the index in this list of the first occurrence of the specified
+ * entry, or -1 if this list does not contain this entry.
+ * More formally, returns the lowest index i such that
+ * (o==null ? get(i)==null : o.equals(get(i))),
+ * or -1 if there is no such index.
+ *
+ * @param ace entry to search for.
+ * @return the index in this list of the first occurrence of the specified
+ * entry, or -1 if this list does not contain this entry.
+ */
+ int indexOf(ACETemplate ace);
+}
Property changes on: jackrabbit-api\src\main\java\org\apache\jackrabbit\security\ACLTemplate.java
___________________________________________________________________
Name: svn:keywords
+ author date id rev url
Name: svn:eol-style
+ native
Index: jackrabbit-api/src/main/java/org/apache/jackrabbit/security/ActionSet.java
===================================================================
--- jackrabbit-api/src/main/java/org/apache/jackrabbit/security/ActionSet.java (revision 0)
+++ jackrabbit-api/src/main/java/org/apache/jackrabbit/security/ActionSet.java (revision 0)
@@ -0,0 +1,110 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.security;
+
+/**
+ * The action set represents a set of actions that can be used to grant
+ * privileges to principals. It is an abstraction of actions identified by
+ * names.
+ */
+public interface ActionSet {
+
+ /** Read an Item */
+ String ACTION_NAME_READ = "read";
+
+ /** Set or modify a Property */
+ String ACTION_NAME_SET_PROPERTY = "set_property";
+
+ /** Add a child-Node */
+ String ACTION_NAME_ADD_NODE = "add_node";
+
+ /** Remove an Item */
+ String ACTION_NAME_REMOVE = "remove";
+
+ /** Read ACLs */
+ String ACTION_NAME_ACL_READ = "acl_read";
+
+ /** Modify ACLs */
+ String ACTION_NAME_ACL_MODIFY = "acl_edit";
+
+ /** Access the given Workspace */
+ String ACTION_NAME_WORKSPACE_ACCESS = "workspaceAccess";
+
+ /** Sudo another User */
+ String ACTION_NAME_SUDO = "sudo";
+
+ String[] ALL_ACTION_NAMES = new String[] {
+ ACTION_NAME_READ,
+ ACTION_NAME_SET_PROPERTY,
+ ACTION_NAME_ADD_NODE,
+ ACTION_NAME_REMOVE,
+ ACTION_NAME_ACL_READ,
+ ACTION_NAME_ACL_MODIFY,
+ ACTION_NAME_WORKSPACE_ACCESS,
+ ACTION_NAME_SUDO
+ };
+
+ /**
+ * Check if the given ActionSet contain common Actions with this
+ * ActionSet.
+ *
+ * @param other the action set to compare to
+ * @return true if at least one Action is contained in both Sets
+ */
+ boolean intersects(ActionSet other);
+
+ /**
+ * Check if this set contains all actions in the given, other,
+ * set. I.e. if the passed ActionSet is a sub-set this.
+ *
+ * @param other the actions set to compare to
+ * @return true if all Actions of the argument are contained in this set
+ */
+ boolean includes(ActionSet other);
+
+ /**
+ * Removes the actions from this set that are also included in the
+ * other set, i.e. subtracts the other set from this one.
+ * If the given ActionSet does not intersect ({@link #intersects} = false),
+ * this set is returned.
+ * If this set is included in the given one ({@link #includes} = true),
+ * an empty ActionSet is returned.
+ *
+ * @param other
+ * @return the differences of the 2 sets
+ */
+ ActionSet diff(ActionSet other);
+
+ /**
+ * @return array of the contained Action-Names
+ */
+ String[] getActions();
+
+ /**
+ * Check if the given action is contained in this set.
+ *
+ * @param action the name of the action to check
+ * @return true if the action is in thin set;
+ * false otherwise.
+ */
+ boolean contains(String action);
+
+ /**
+ * @return true if no Action is in the current set
+ */
+ boolean isEmpty();
+}
Property changes on: jackrabbit-api\src\main\java\org\apache\jackrabbit\security\ActionSet.java
___________________________________________________________________
Name: svn:keywords
+ author date id rev url
Name: svn:eol-style
+ native
Index: jackrabbit-api/src/main/java/org/apache/jackrabbit/security/Authentication.java
===================================================================
--- jackrabbit-api/src/main/java/org/apache/jackrabbit/security/Authentication.java (revision 0)
+++ jackrabbit-api/src/main/java/org/apache/jackrabbit/security/Authentication.java (revision 0)
@@ -0,0 +1,58 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.security;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.Credentials;
+
+/**
+ * Authentication
+ * A models a method to validate {@link javax.jcr.Credentials Credentials}.
+ * This model is dependant of a destinct {@link User User}.
+ * Some examples for such a method follow:
+ *
Credentials
+ * As the authentication process is tightly coupled to the semantics of the
+ * Credentials. E.g.: A ticket based Authentication
+ * is dependant on a Credentials implementation which allows access to this
+ * ticket.true if the current Authentication handles the given Credentials
+ */
+ boolean handles(Credentials credentials);
+
+ /**
+ * True if the Credentials idendify the User related to this
+ * Authentication
+ *
+ * @param credentials to verify
+ * @return true if Credentials identify the User
+ * @throws RepositoryException
+ */
+ boolean authenticate(Credentials credentials) throws RepositoryException;
+
+}
\ No newline at end of file
Property changes on: jackrabbit-api\src\main\java\org\apache\jackrabbit\security\Authentication.java
___________________________________________________________________
Name: svn:keywords
+ author date id rev url
Name: svn:eol-style
+ native
Index: jackrabbit-api/src/main/java/org/apache/jackrabbit/security/Authorizable.java
===================================================================
--- jackrabbit-api/src/main/java/org/apache/jackrabbit/security/Authorizable.java (revision 0)
+++ jackrabbit-api/src/main/java/org/apache/jackrabbit/security/Authorizable.java (revision 0)
@@ -0,0 +1,168 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.security;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.Value;
+import java.security.Principal;
+import java.util.Iterator;
+
+/**
+ * The Authorizable is the common Interface of {@link User} and {@link Group}
+ * The modelling of an Authorizable with this Interface enables the
+ * Repository to manage and conduct tasks realted to Authorization.Authorizable should not be confused with
+ * {@link java.security.Principal Principals}. As the Principal
+ * is referenced by the {@link ACE#getPrincipal()} ACL}, itmay be considered
+ * an authorizable Object too.Authorizable exists in a Repository and is
+ * independant of the current Session. In therfeor of the login
+ * mechanism the sesssion used tho accquire.
+ * In contrast the Principals are always related to
+ * specific credentials. E.g. to a SimpleCredentals
+ * for a login/password pair. Thus the same acting object's Session's Principal
+ * are diffrent, if they had been aquired by different login mechanisems.User:
+ * This Object may authenticate by {@link javax.jcr.Credentials Credentials}.
+ * And the Group that is a collection of other Authorizables.
+ *
+ * A Authorizable provides a {@link Principal} representing itself.
+ * It additonal keeps track of all Principals registred to refer to this Object
+ * {@see #getPrincipals()}
+ *
+ * @see User
+ * @see Group
+ */
+public interface Authorizable {
+
+ /**
+ * Return the unique identification for this Authorizable.
+ * In case of a {@link User} this corresponds to a call to
+ * {@link javax.jcr.Session#getUserID()} and for the {@link Group} it is
+ * an implementation specific identifier.
+ *
+ * @return unique identification for this Authorizable.
+ */
+ String getID() throws RepositoryException;
+
+ /**
+ * @return if the current Authorizable is a {@link Group}
+ */
+ boolean isGroup();
+
+ /**
+ * @return a representaion as Principal must not be null
+ * @throws RepositoryException
+ */
+ Principal getPrincipal() throws RepositoryException;
+
+ /**
+ * A Principal can only be refered by a single Authorizable in the Repository.
+ * If another User or Group refers to the given Principal a
+ * AuthorizableExistsException is thrown.
+ *
+ * @param principal
+ * @return true if added
+ * @return AuthorizableExistsException If the given principal is already refered
+ * to by another User or Group.
+ * @throws RepositoryException
+ */
+ boolean addReferee(Principal principal) throws AuthorizableExistsException, RepositoryException;
+
+ /**
+ * @param principal
+ * @return true if principal has been referee before
+ * @throws RepositoryException
+ */
+ boolean removeReferee(Principal principal) throws RepositoryException;
+
+ /**
+ * @return Iterator of all Principal related to this authentication Object
+ * including the main principal, (see {@link #getPrincipal()}).
+ * @throws RepositoryException
+ */
+ PrincipalIterator getPrincipals() throws RepositoryException;
+
+ /**
+ * @return all {@link Group}s, this Coventantee is member of
+ * @throws RepositoryException
+ */
+ Iterator memberOf() throws RepositoryException;
+
+ /**
+ * Removes this Authorizable, if the session has sufficient
+ * permissions.
+ *
+ * @throws RepositoryException
+ */
+ void remove() throws RepositoryException;
+
+
+ /**
+ * Tests if a Value exists for a property at the given name.
+ * @param name
+ * @return
+ * @throws RepositoryException
+ * @see #getProperty(String)
+ */
+ boolean hasProperty(String name) throws RepositoryException;
+
+ /**
+ * Set an arbitrary property to this Authorizable.
+ *
+ * @param name
+ * @param value
+ * @throws RepositoryException
+ */
+ void setProperty(String name, Value value) throws RepositoryException;
+
+ /**
+ * Set an arbitrary property to this Authorizable.
+ *
+ * @param name
+ * @param value multiple values
+ * @throws RepositoryException
+ */
+ void setProperty(String name, Value[] value) throws RepositoryException;
+
+ /**
+ * @param name
+ * @return value of the property with the given name or null
+ * if no such property exists.
+ * @throws RepositoryException
+ * @throws javax.jcr.PathNotFoundException if the current Covenantee doesn't
+ * have a Property for the given name
+ */
+ Value[] getProperty(String name) throws RepositoryException;
+
+ /**
+ * Removes the property with the given name.
+ *
+ * @param name
+ * @throws RepositoryException
+ */
+ void removeProperty(String name) throws RepositoryException;
+}
Property changes on: jackrabbit-api\src\main\java\org\apache\jackrabbit\security\Authorizable.java
___________________________________________________________________
Name: svn:keywords
+ author date id rev url
Name: svn:eol-style
+ native
Index: jackrabbit-api/src/main/java/org/apache/jackrabbit/security/AuthorizableExistsException.java
===================================================================
--- jackrabbit-api/src/main/java/org/apache/jackrabbit/security/AuthorizableExistsException.java (revision 0)
+++ jackrabbit-api/src/main/java/org/apache/jackrabbit/security/AuthorizableExistsException.java (revision 0)
@@ -0,0 +1,29 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.security;
+
+import javax.jcr.RepositoryException;
+
+/**
+ * AuthorizableExistsException
+ */
+public class AuthorizableExistsException extends RepositoryException {
+
+ public AuthorizableExistsException(String msg) {
+ super(msg);
+ }
+}
Property changes on: jackrabbit-api\src\main\java\org\apache\jackrabbit\security\AuthorizableExistsException.java
___________________________________________________________________
Name: svn:keywords
+ author date id rev url
Name: svn:eol-style
+ native
Index: jackrabbit-api/src/main/java/org/apache/jackrabbit/security/Group.java
===================================================================
--- jackrabbit-api/src/main/java/org/apache/jackrabbit/security/Group.java (revision 0)
+++ jackrabbit-api/src/main/java/org/apache/jackrabbit/security/Group.java (revision 0)
@@ -0,0 +1,57 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.security;
+
+import javax.jcr.RepositoryException;
+import java.util.Iterator;
+
+/**
+ * A Group is a collection of {@link Authorizable getMembers}.
+ */
+public interface Group extends Authorizable {
+
+ /**
+ * @return Iterator of Authorizables which are getMembers of
+ * this Group.
+ * @throws RepositoryException
+ */
+ Iterator getMembers() throws RepositoryException;
+
+ /**
+ * @return true if the Authorizable to test is a member of this Group.
+ * @throws RepositoryException
+ */
+ boolean isMember(Authorizable authorizable) throws RepositoryException;
+
+ /**
+ * Add a member to this Group
+ * Changes will be persisted immediately
+ *
+ * @return true if the Authorizable has successfully been added
+ * to this Group, false otherwise.
+ * @throws RepositoryException
+ */
+ boolean addMember(Authorizable authorizable) throws RepositoryException;
+
+ /**
+ * Remove a member to this Group
Changes will be persisted immediately.
+ *
+ * @return true if the Authorizable was successfully removed. False otherwise.
+ * @throws RepositoryException
+ */
+ boolean removeMember(Authorizable authorizable) throws RepositoryException;
+}
Property changes on: jackrabbit-api\src\main\java\org\apache\jackrabbit\security\Group.java
___________________________________________________________________
Name: svn:keywords
+ author date id rev url
Name: svn:eol-style
+ native
Index: jackrabbit-api/src/main/java/org/apache/jackrabbit/security/Impersonation.java
===================================================================
--- jackrabbit-api/src/main/java/org/apache/jackrabbit/security/Impersonation.java (revision 0)
+++ jackrabbit-api/src/main/java/org/apache/jackrabbit/security/Impersonation.java (revision 0)
@@ -0,0 +1,56 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.security;
+
+import javax.jcr.RepositoryException;
+import javax.security.auth.Subject;
+import java.security.Principal;
+
+/**
+ * The Impersonation maintains Principals that are allowed to
+ * impersonate. Principals can be added or removed using
+ * {@link #grantImpersonation(Principal)} and
+ * {@link #revokeImpersonation(Principal)}, respectively.
+ *
+ * @see User#getImpersonation()
+ */
+public interface Impersonation {
+
+ /**
+ * @param principal to grant impersonation to
+ * @return true if not already granted
+ * @throws RepositoryException
+ */
+ boolean grantImpersonation(Principal principal) throws RepositoryException;
+
+ /**
+ * @param principal
+ * @return
+ * @throws RepositoryException
+ */
+ boolean revokeImpersonation(Principal principal) throws RepositoryException;
+
+ /**
+ * Test if the given subject is allowed to impersonate.
+ *
+ * @param subject to impersonate.
+ * @return true if this Impersonation allows the specified
+ * Subject to impersonate.
+ * @throws RepositoryException
+ */
+ boolean allows(Subject subject) throws RepositoryException;
+}
Property changes on: jackrabbit-api\src\main\java\org\apache\jackrabbit\security\Impersonation.java
___________________________________________________________________
Name: svn:keywords
+ author date id rev url
Name: svn:eol-style
+ native
Index: jackrabbit-api/src/main/java/org/apache/jackrabbit/security/ItemBasedPrincipal.java
===================================================================
--- jackrabbit-api/src/main/java/org/apache/jackrabbit/security/ItemBasedPrincipal.java (revision 0)
+++ jackrabbit-api/src/main/java/org/apache/jackrabbit/security/ItemBasedPrincipal.java (revision 0)
@@ -0,0 +1,37 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.security;
+
+import javax.jcr.RepositoryException;
+import java.security.Principal;
+
+/**
+ * ItemBasedPrincipal is a Principal that is
+ * persisted as item within the repository. In addition to the methods
+ * inherited from the {@link Principal} interface it therefore provides
+ * a {@link #getPath()} method.
+ */
+public interface ItemBasedPrincipal extends JackrabbitPrincipal {
+
+ /**
+ * @return the path of the {@link javax.jcr.Item} that represents this
+ * Principal.
+ * @throws RepositoryException If an error occurs while retrieving the
+ * Item path.
+ */
+ String getPath() throws RepositoryException;
+}
Property changes on: jackrabbit-api\src\main\java\org\apache\jackrabbit\security\ItemBasedPrincipal.java
___________________________________________________________________
Name: svn:keywords
+ author date id rev url
Name: svn:eol-style
+ native
Index: jackrabbit-api/src/main/java/org/apache/jackrabbit/security/JackrabbitPrincipal.java
===================================================================
--- jackrabbit-api/src/main/java/org/apache/jackrabbit/security/JackrabbitPrincipal.java (revision 0)
+++ jackrabbit-api/src/main/java/org/apache/jackrabbit/security/JackrabbitPrincipal.java (revision 0)
@@ -0,0 +1,27 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.security;
+
+import java.security.Principal;
+
+/**
+ * JackrabbitPrincipal
+ * Marks the principal to be the result of authentication against the repository.
+ */
+public interface JackrabbitPrincipal extends Principal {
+
+}
Property changes on: jackrabbit-api\src\main\java\org\apache\jackrabbit\security\JackrabbitPrincipal.java
___________________________________________________________________
Name: svn:keywords
+ author date id rev url
Name: svn:eol-style
+ native
Index: jackrabbit-api/src/main/java/org/apache/jackrabbit/security/NoSuchPrincipalException.java
===================================================================
--- jackrabbit-api/src/main/java/org/apache/jackrabbit/security/NoSuchPrincipalException.java (revision 0)
+++ jackrabbit-api/src/main/java/org/apache/jackrabbit/security/NoSuchPrincipalException.java (revision 0)
@@ -0,0 +1,29 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.security;
+
+import javax.jcr.RepositoryException;
+
+/**
+ * Exception used for missing principals.
+ */
+public class NoSuchPrincipalException extends RepositoryException {
+
+ public NoSuchPrincipalException(String message) {
+ super(message);
+ }
+}
Property changes on: jackrabbit-api\src\main\java\org\apache\jackrabbit\security\NoSuchPrincipalException.java
___________________________________________________________________
Name: svn:keywords
+ author date id rev url
Name: svn:eol-style
+ native
Index: jackrabbit-api/src/main/java/org/apache/jackrabbit/security/PrincipalIterator.java
===================================================================
--- jackrabbit-api/src/main/java/org/apache/jackrabbit/security/PrincipalIterator.java (revision 0)
+++ jackrabbit-api/src/main/java/org/apache/jackrabbit/security/PrincipalIterator.java (revision 0)
@@ -0,0 +1,33 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.security;
+
+import javax.jcr.RangeIterator;
+import java.security.Principal;
+
+/**
+ * A {@link RangeIterator} iterating over Principals.
+ */
+public interface PrincipalIterator extends RangeIterator {
+
+ /**
+ * Returns the next principal.
+ * @return the next principal
+ */
+ Principal nextPrincipal();
+
+}
Property changes on: jackrabbit-api\src\main\java\org\apache\jackrabbit\security\PrincipalIterator.java
___________________________________________________________________
Name: svn:keywords
+ author date id rev url
Name: svn:eol-style
+ native
Index: jackrabbit-api/src/main/java/org/apache/jackrabbit/security/PrincipalManager.java
===================================================================
--- jackrabbit-api/src/main/java/org/apache/jackrabbit/security/PrincipalManager.java (revision 0)
+++ jackrabbit-api/src/main/java/org/apache/jackrabbit/security/PrincipalManager.java (revision 0)
@@ -0,0 +1,179 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.security;
+
+import org.apache.jackrabbit.api.JackrabbitSession;
+
+import java.security.Principal;
+import java.security.acl.Group;
+
+/**
+ * This interface defines the principal manager which is the clients view on
+ * all principals known to the repository. Each principal manager is bound to
+ * a session and is restricted by the respective access control. The principal
+ * manager provides basic search facilities and introspection on the underlying
+ * principal provider implementations.
+ *
Principals should disguise
+ * Groups in order to avoid non-protected access to group membership.
+ * To determine the type of a Principal returned by this manager, the API user
+ * can call {@link #isGroup(Principal)}. The group members and the membership
+ * of a Principal can be retrieved by {@link #getMembers(Principal)} and
+ * {@link #getGroupMembership(Principal)}, respectively.
+ *
+ * @see JackrabbitSession#getPrincipalManager()
+ */
+public interface PrincipalManager {
+
+ /**
+ * Filter flag indicating that only Principals that do NOT
+ * represent a {@link java.security.acl.Group group} should be searched
+ * and returned.
+ */
+ int SEARCH_TYPE_NOT_GROUP = 1;
+
+ /**
+ * Filter flag indicating that only Principals that represent
+ * a {@link java.security.acl.Group group} of Principals should be searched
+ * and returned.
+ */
+ int SEARCH_TYPE_GROUP = 2;
+
+ /**
+ * Filter flag indicating that all Principals should be search
+ * irrespective whether they represent a group of Principals or not.
+ */
+ int SEARCH_TYPE_ALL = 3;
+
+ /**
+ * Checks if the principal with the given name is known to this manager
+ * (in respect to the sessions access rights). If this method returns
+ * true then the following expression evaluates to true
+ * as well: PrincipalManager.getPrincipal(name).getName().equals(name)
+ *
+ * @param principalName the name of the principal to check
+ * @return return true if the principal with this name is known
+ * to this manager; false otherwise.
+ */
+ boolean hasPrincipal(String principalName);
+
+ /**
+ * Returns the principal with the given name if is known to this manager
+ * (in respect to the sessions access rights).
+ * Please note that due to security reasons, this method never returns a
+ * {@link Group} instance. Instead Group principals will be disguised and
+ * the {@link #isGroup(Principal)} method should be used to determine the
+ * type of a Principal.null
+ */
+ Principal getPrincipal(String principalName);
+
+ /**
+ *
+ * @param simpleFilter
+ * @return a PrincipalIterator over the Principals
+ * matching the given filter.
+ */
+ PrincipalIterator searchPrincipal(String simpleFilter);
+
+ /**
+ *
+ * @param simpleFilter
+ * @param searchType Any of the following constants:
+ * PrincipalIterator over the Principals
+ * matching the given filter and search type.
+ */
+ PrincipalIterator searchPrincipal(String simpleFilter, int searchType);
+
+ /**
+ * Returns all Principals depending on the
+ * specified flag.
+ *
+ * @param searchType Any of the following constants:
+ * PrincipalIterator over the Principals
+ * matching the given search type.
+ */
+ PrincipalIterator getPrincipals(int searchType);
+
+ /**
+ * Checks if the given principal represents a group.
+ *
+ * @param principal the principal to check
+ * @return true if the principal is group;
+ * false otherwise.
+ */
+ boolean isGroup(Principal principal);
+
+ /**
+ * Returns an iterator over all group principals for which the given
+ * principal is either direct or indirect member of.
+ *
+ * Example:Principals that are member of the given
+ * Principal if it is a Group. Otherwise an empty iterator is returned.
+ *
+ * @param principal
+ * @return
+ * @see #isGroup(Principal)
+ */
+ PrincipalIterator getMembers(Principal principal);
+
+ /**
+ * Returns the principal which is implicitely is applied to every subject.
+ *
+ * @return the 'everyone' principal
+ */
+ Principal getEveryone();
+
+ /**
+ * Returns the principal that has full access.
+ *
+ * @return the 'admin' principal
+ */
+ Principal getAdmin();
+}
Property changes on: jackrabbit-api\src\main\java\org\apache\jackrabbit\security\PrincipalManager.java
___________________________________________________________________
Name: svn:keywords
+ author date id rev url
Name: svn:eol-style
+ native
Index: jackrabbit-api/src/main/java/org/apache/jackrabbit/security/User.java
===================================================================
--- jackrabbit-api/src/main/java/org/apache/jackrabbit/security/User.java (revision 0)
+++ jackrabbit-api/src/main/java/org/apache/jackrabbit/security/User.java (revision 0)
@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.security;
+
+import javax.jcr.RepositoryException;
+import java.util.Iterator;
+
+/**
+ * User is a special {@link Authorizable} that can be authenticated and
+ * impersonated.
+ *
+ * @see #getCredentials()
+ * @see #getImpersonation()
+ */
+public interface User extends Authorizable {
+
+ /**
+ * @return true if the current Authorizable is has all Privileges
+ */
+ boolean isAdmin();
+
+ /**
+ * @return all credentials saved for this user
+ */
+ Iterator getCredentials() throws RepositoryException;
+
+ /**
+ * @return Impersonation for this Authorizable
+ */
+ Impersonation getImpersonation() throws RepositoryException;
+
+}
Property changes on: jackrabbit-api\src\main\java\org\apache\jackrabbit\security\User.java
___________________________________________________________________
Name: svn:keywords
+ author date id rev url
Name: svn:eol-style
+ native
Index: jackrabbit-api/src/main/java/org/apache/jackrabbit/security/UserManager.java
===================================================================
--- jackrabbit-api/src/main/java/org/apache/jackrabbit/security/UserManager.java (revision 0)
+++ jackrabbit-api/src/main/java/org/apache/jackrabbit/security/UserManager.java (revision 0)
@@ -0,0 +1,91 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.security;
+
+import javax.jcr.RepositoryException;
+import javax.jcr.Credentials;
+import java.security.Principal;
+import java.util.Iterator;
+
+/**
+ * The UserManager provides access to and means to maintain
+ * {@link Authorizable authoriable objects} i.e. {@link User users} and
+ * {@link Group groups}. The UserManager is bound to a particular
+ * Session.
+ */
+public interface UserManager {
+
+ /**
+ * Get the Authorizable by its ID.
+ *
+ * @param id
+ * @return Authorizable or null, if not present
+ * @throws RepositoryException
+ * @see Authorizable#getID()
+ */
+ Authorizable getAuthorizable(String id) throws RepositoryException;
+
+ /**
+ * Get the Authorizable by its Principal.
+ *
+ * @param principal
+ * @return Authorizable or null, if not present
+ * @throws RepositoryException
+ */
+ Authorizable getAuthorizable(Principal principal) throws RepositoryException;
+
+ /**
+ * Returns all Authorizables that have
+ * {@link Authorizable#getProperty(String) property} with the given name and
+ * that Property equals the given value.
+ *
+ * @param propertyName
+ * @param value
+ * @return All Authorizables that have a property with the given
+ * name exactly matching the given value.
+ * @throws RepositoryException
+ * @see Authorizable#getProperty(String)
+ */
+ Iterator findAuthorizable(String propertyName, String value) throws RepositoryException;
+
+ /**
+ * Creates an User for the given ID that austhenitcates with the given
+ * {@link javax.jcr.Credentials Credentials}.null. As this would create
+ * a User, which will not contain any authentication information.
+ *
+ * @param userID
+ * @param credentials
+ * @return The new User.
+ * @throws RepositoryException
+ * @throws AuthorizableExistsException in case the userID is already in use
+ */
+ User createUser(String userID, Credentials credentials)
+ throws AuthorizableExistsException, RepositoryException;
+
+ /**
+ * Creates a new Group with the given ID
+ *
+ * @param id
+ * @return The new Group.
+ * @throws RepositoryException
+ * @throws AuthorizableExistsException in case the name is already in use.
+ */
+ Group createGroup(String id)
+ throws AuthorizableExistsException, RepositoryException;
+
+}
Property changes on: jackrabbit-api\src\main\java\org\apache\jackrabbit\security\UserManager.java
___________________________________________________________________
Name: svn:keywords
+ author date id rev url
Name: svn:eol-style
+ native