public interface SecurityManager
Title: Service Event Fabric Core
Description: Defines the Security Manager of the Fabric.
The security manager is a prevailing construct across the runtime, services, data space users and client connections. It is part of the Federated Security model used by the application fabric to lock down resources and their usage. The model also integrates Presentity and VCard support as proposed by Versitcard and outlined in RCF 2425, RFC 2426 and RCF 4770 with extensions for Instant Messaging.
Security Manager function is to provide an interface for operations with secured entities (users, groups, organizations). The manager has the associated user (this user is called the current user in the documentation below).
Copyright: Copyright (c) 2010
Company: StreamScape Technologies
Modifier and Type | Field and Description |
---|---|
static java.lang.String |
ADMINS_GROUP |
static java.lang.String |
ANONYMOUS_USER |
static java.lang.String |
DOMAIN_ORGANIZATION |
static java.lang.String |
HTTP_GROUP |
static java.lang.String |
OPERATORS_GROUP |
static java.lang.String |
USERS_GROUP |
Modifier and Type | Method and Description |
---|---|
void |
addGroupPermission(java.lang.String groupName,
AccessControlOperation operation)
Adds the specified access permission to the specified group.
|
void |
addUserPermission(java.lang.String userName,
AccessControlOperation operation)
Adds the specified access permission to the specified user.
|
void |
addUserToGroup(java.lang.String userName,
java.lang.String groupName)
Adds a user with the specified name to a group with the specified name.
|
void |
changePassword(java.lang.String userName,
java.lang.String oldPassword,
java.lang.String newPassword)
Changes a password of the specified user.
|
Group |
createGroup(java.lang.String name,
java.lang.String description)
Creates a new group with the specified parameters.
|
Organization |
createOrganization(java.lang.String name,
java.lang.String description)
Creates a new organization with the specified parameters.
|
User |
createUser(java.lang.String name,
java.lang.String password,
java.lang.String description)
Creates a new user with the specified parameters.
|
User |
createUser(java.lang.String name,
java.lang.String password,
java.lang.String description,
vCard vcard)
Creates a new user with the specified parameters.
|
void |
disableUser(java.lang.String name)
Disables a user with the specified name.
|
void |
dropGroup(java.lang.String name)
Drops a group with the specified name.
|
void |
dropOrganization(java.lang.String name)
Drops an organization with the specified name.
|
void |
dropUser(java.lang.String name)
Drops a user with the specified name.
|
void |
enableUser(java.lang.String name)
Enables a user with the specified name.
|
boolean |
existsGroup(java.lang.String name)
Checks if a group with the specified name exists.
|
boolean |
existsOrganization(java.lang.String name)
Checks if an organization with the specified name exists.
|
boolean |
existsUser(java.lang.String name)
Checks if a user with the specified name exists.
|
AccessControlList |
getGroupPermissions(java.lang.String groupName)
Returns a list of all permissions of the specified group.
|
java.util.List |
getGroups()
Returns a list of all groups in the sysplex.
|
java.util.List |
getOrganizations()
Returns a list of all organization in the sysplex.
|
SecurityContext |
getSecurityContext()
Returns a Security Context of the current user working with the manager.
|
AccessControlList |
getUserPermissions(java.lang.String userName)
Returns a list of all permissions of the specified user.
|
java.util.List |
getUsers()
Returns a list of all users in the sysplex.
|
vCard |
getVCard(java.lang.String userName)
Returns a vCard associated with the specified user.
|
java.util.List |
listBoundComponents(java.lang.String ownerName,
boolean inSysplex)
Returns a list of components bound to the specified owner (user or group) in the current node.
|
java.util.List |
listGroups()
Returns a list of names of all groups in the sysplex.
|
java.util.List |
listOrganizations()
Returns a list of names of all organizations in the sysplex.
|
java.util.List |
listUsers()
Returns a list of names of all users in the sysplex.
|
Group |
lookupGroup(java.lang.String name)
Finds and returns a group with the specified name.
|
Organization |
lookupOrganization(java.lang.String name)
Finds and returns an organization with the specified name.
|
User |
lookupUser(java.lang.String name)
Finds and returns a user with the specified name.
|
void |
removeGroupPermission(java.lang.String groupName,
AccessControlOperation operation)
Removes the specified access permission from the specified group.
|
void |
removeUserFromGroup(java.lang.String userName,
java.lang.String groupName)
Removes a user with the specified name from a group with the specified name.
|
void |
removeUserPermission(java.lang.String userName,
AccessControlOperation operation)
Removes the specified access permission from the specified user.
|
java.lang.String |
resetPassword(java.lang.String userName)
Resets a password of the specified user to a random generated password.
|
void |
resetUserPermissions(java.lang.String userName)
Resets the access permissions of the specified user.
|
void |
setGroupOrganization(java.lang.String groupName,
java.lang.String organizationName)
Sets an organization with the specified name to a group with the specified name.
|
void |
setOrganizationDomain(java.lang.String organizationName,
java.lang.String domain)
Sets the specified domain to an organization with the specified name.
|
void |
setUserOrganization(java.lang.String userName,
java.lang.String organizationName)
Sets an organization with the specified name to a user with the specified name.
|
void |
setVCard(java.lang.String userName,
vCard vcard)
Sets the specified vCard to a user with the specified name.
|
void |
updateGroup(Group group)
Updates the specified group.
|
void |
updateOrganization(Organization organization)
Updates the specified organization.
|
void |
updateUser(User user)
Updates the specified user.
|
static final java.lang.String ANONYMOUS_USER
static final java.lang.String ADMINS_GROUP
static final java.lang.String USERS_GROUP
static final java.lang.String HTTP_GROUP
static final java.lang.String OPERATORS_GROUP
static final java.lang.String DOMAIN_ORGANIZATION
SecurityContext getSecurityContext()
User createUser(java.lang.String name, java.lang.String password, java.lang.String description) throws SecurityManagerException
null
or non-empty string (empty string will be converted to null
).
This method is allowed only if the current user has administrator rights or the user is an anonymous user (in the Client Context only).
name
- the name of a user to be created.password
- the password of a user to be created.description
- the description of a user to be created.SecurityManagerException
- if some error occurs.User createUser(java.lang.String name, java.lang.String password, java.lang.String description, vCard vcard) throws SecurityManagerException
null
or non-empty string (empty string will be converted to null
).
This method is allowed only if the current user has administrator rights or the user is an anonymous user (in the Client Context only).
name
- the name of a user to be created.password
- the password of a user to be created.description
- the description of a user to be created.vcard
- the vCard
of a user to be created.SecurityManagerException
- if some error occurs.void dropUser(java.lang.String name) throws SecurityManagerException
This method is allowed only if the current user has administrator rights.
name
- the name of a user to be dropped.SecurityManagerException
- if some error occurs.void updateUser(User user) throws SecurityManagerException
This method is allowed only if the current user has administrator rights or if the specified user is the current user.
user
- the user to be updated.SecurityManagerException
- if some error occurs.boolean existsUser(java.lang.String name) throws SecurityManagerException
name
- the name of a user to be checked.true
if the corresponding user exists, false
otherwise.SecurityManagerException
- if some error occurs.User lookupUser(java.lang.String name) throws SecurityManagerException
User
instance.
So the object returned by this method will not reflect further changes of the corresponding user.name
- the name of the user to be found.null
if the corresponding user is not found.SecurityManagerException
- if some error occurs.java.util.List getUsers() throws SecurityManagerException
User
instances.
So the objects returned by this method will not reflect further changes of the corresponding users.SecurityManagerException
- if some error occurs.java.util.List listUsers() throws SecurityManagerException
SecurityManagerException
- if some error occurs.void addUserPermission(java.lang.String userName, AccessControlOperation operation) throws SecurityManagerException
getUserPermissions(String)
can be used to get all access permissions of the user.
This method is allowed only if the current user has administrator rights and sudo capable
(see method User.isSudoCapable()
).
userName
- the name of the specified user.operation
- the access permission to be added.SecurityManagerException
- if some error occurs.void removeUserPermission(java.lang.String userName, AccessControlOperation operation) throws SecurityManagerException
getUserPermissions(String)
can be used to get all access permissions of the user.
This method is allowed only if the current user has administrator rights and sudo capable
(see method User.isSudoCapable()
).
userName
- the name of the specified user.operation
- the access permission to be removed.SecurityManagerException
- if some error occurs.void resetUserPermissions(java.lang.String userName) throws SecurityManagerException
getUserPermissions(String)
can be used to get all access permissions of the user.
This method is allowed only if the current user has administrator rights and sudo capable
(see method User.isSudoCapable()
).
userName
- the name of the specified user.SecurityManagerException
- if some error occurs.AccessControlList getUserPermissions(java.lang.String userName) throws SecurityManagerException
resetUserPermissions(String)
should be used to cancel all manual changes of user permissions.
After that a user will have only permissions inherited from its groups.
This method is allowed only if the current user has administrator rights or if the specified user is the current user.
userName
- the name of the specified user.SecurityManagerException
- if some error occurs.void enableUser(java.lang.String name) throws SecurityManagerException
This method is allowed only if the current user has administrator rights.
name
- the name of a user to be enabled.SecurityManagerException
- if some error occurs.void disableUser(java.lang.String name) throws SecurityManagerException
This method is allowed only if the current user has administrator rights.
name
- the name of a user to be disabled.SecurityManagerException
- if some error occurs.vCard getVCard(java.lang.String userName) throws SecurityManagerException
userName
- the specified user name.vCard
or null if a vCard is not associated with the corresponding user.
SecurityManagerException
- if some error occurs.void setVCard(java.lang.String userName, vCard vcard) throws SecurityManagerException
vcard
is null
, the operation clears the current vCard of the user.
This method is allowed only if the current user has administrator rights or if the specified user is the current user.
userName
- the name of a user to which the vCard to be set.vcard
- the vCard
to be set.SecurityManagerException
- if some error occurs.Group createGroup(java.lang.String name, java.lang.String description) throws SecurityManagerException
This method is allowed only if the current user has administrator rights.
name
- the name of a group to be created.description
- the description of a group to be created.SecurityManagerException
- if some error occurs.void dropGroup(java.lang.String name) throws SecurityManagerException
Admins
and Users groups cannot be dropped.
This method is allowed only if the current user has administrator rights.
name
- the name of a group to be dropped.SecurityManagerException
- if some error occurs.void updateGroup(Group group) throws SecurityManagerException
Admins
and Users groups cannot be changed.
This method is allowed only if the current user has administrator rights.
group
- the group to be updated.SecurityManagerException
- if some error occurs.boolean existsGroup(java.lang.String name) throws SecurityManagerException
name
- the name of a group to be checked.true
if the corresponding group exists, false
otherwise.SecurityManagerException
- if some error occurs.Group lookupGroup(java.lang.String name) throws SecurityManagerException
Group
instance.
So the object returned by this method will not reflect further changes of the corresponding group.name
- the name of the group to be found.null
if the corresponding group is not found.SecurityManagerException
- if some error occurs.java.util.List getGroups() throws SecurityManagerException
Group
instances.
So the objects returned by this method will not reflect further changes of the corresponding groups.SecurityManagerException
- if some error occurs.java.util.List listGroups() throws SecurityManagerException
SecurityManagerException
- if some error occurs.void addGroupPermission(java.lang.String groupName, AccessControlOperation operation) throws SecurityManagerException
Group.getAccessControlList()
can be used to get all access permissions of the group.
This method is allowed only if the current user has administrator rights and sudo capable
(see method User.isSudoCapable()
).
groupName
- the name of the specified group.operation
- the access permission to be added.SecurityManagerException
- if some error occurs.void removeGroupPermission(java.lang.String groupName, AccessControlOperation operation) throws SecurityManagerException
Group.getAccessControlList()
can be used to get all access permissions of the group.
This method is allowed only if the current user has administrator rights and sudo capable
(see method User.isSudoCapable()
).
groupName
- the name of the specified group.operation
- the access permission to be removed.SecurityManagerException
- if some error occurs.AccessControlList getGroupPermissions(java.lang.String groupName) throws SecurityManagerException
This method is allowed only if the current user has administrator rights or he is a member of the specified group.
groupName
- the name of the specified group.SecurityManagerException
- if some error occurs.void addUserToGroup(java.lang.String userName, java.lang.String groupName) throws SecurityManagerException
userName
- the name of a user to be added.groupName
- the name of a group to which a user should be added.SecurityManagerException
- if some error occurs.void removeUserFromGroup(java.lang.String userName, java.lang.String groupName) throws SecurityManagerException
userName
- the name of a user to be removed.groupName
- the name of a group from which a user should be removed.SecurityManagerException
- if some error occurs.Organization createOrganization(java.lang.String name, java.lang.String description) throws SecurityManagerException
This method is allowed only if the current user has administrator rights.
name
- the name of a organization to be created.description
- the description of a organization to be created.SecurityManagerException
- if some error occurs.void dropOrganization(java.lang.String name) throws SecurityManagerException
Domain
organization cannot be dropped.
This method is allowed only if the current user has administrator rights.
name
- the name of an organization to be dropped.SecurityManagerException
- if some error occurs.void updateOrganization(Organization organization) throws SecurityManagerException
This method is allowed only if the current user has administrator rights.
organization
- the organization to be updated.SecurityManagerException
- if some error occurs.boolean existsOrganization(java.lang.String name) throws SecurityManagerException
name
- the name of an organization to be checked.true
if the corresponding organization exists, false
otherwise.SecurityManagerException
- if some error occurs.Organization lookupOrganization(java.lang.String name) throws SecurityManagerException
Organization
instance.
So the object returned by this method will not reflect further changes of the corresponding organization.name
- the name of the organization to be found.null
if the corresponding organization is not found.SecurityManagerException
- if some error occurs.java.util.List getOrganizations() throws SecurityManagerException
Organization
instances.
So the objects returned by this method will not reflect further changes of the corresponding organizations.SecurityManagerException
- if some error occurs.java.util.List listOrganizations() throws SecurityManagerException
SecurityManagerException
- if some error occurs.void setOrganizationDomain(java.lang.String organizationName, java.lang.String domain) throws SecurityManagerException
This method is allowed only if the current user has administrator rights.
organizationName
- the name of an organization to be updated.domain
- the domain to be set.SecurityManagerException
- if some error occurs.void setUserOrganization(java.lang.String userName, java.lang.String organizationName) throws SecurityManagerException
This method is allowed only if the current user has administrator rights.
userName
- the name of a user to be updated.organizationName
- the name of an organization to be set.SecurityManagerException
- if some error occurs.void setGroupOrganization(java.lang.String groupName, java.lang.String organizationName) throws SecurityManagerException
Admins
and Users groups cannot be changed.
This method is allowed only if the current user has administrator rights.
groupName
- the name of a group to be updated.organizationName
- the name of an organization to be set.SecurityManagerException
- if some error occurs.java.lang.String resetPassword(java.lang.String userName) throws SecurityManagerException
This method is allowed only if the current user has administrator rights.
userName
- the name of the specified user.SecurityManagerException
- if some error occurs.void changePassword(java.lang.String userName, java.lang.String oldPassword, java.lang.String newPassword) throws SecurityManagerException
This method is allowed only if the current user has administrator rights or if the specified user is the current user.
userName
- the name of the specified user.oldPassword
- the old password of the specified user.newPassword
- the new password to be set.SecurityManagerException
- if some error occurs.java.util.List listBoundComponents(java.lang.String ownerName, boolean inSysplex) throws SecurityManagerException
ownerName
- the name of the specified owner.inSysplex
- specifies if the result should include components from all nodes of the sysplex.SecurityManagerException
- if some error occurs.Copyright © 2015-2024 StreamScape Technologies. All rights reserved.