portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tay...@apache.org
Subject svn commit: r470505 - in /portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed: ./ profiler/ profiler/rules/ security/ security/spi/
Date Thu, 02 Nov 2006 20:26:00 GMT
Author: taylor
Date: Thu Nov  2 12:25:59 2006
New Revision: 470505

URL: http://svn.apache.org/viewvc?view=rev&rev=470505
Log:
http://issues.apache.org/jira/browse/JS2-461 - Serializer component
patch from Hajo Birthelmer (hajo@bluesunrise.com)
phase 1 of 2 patches

* extended profiler to support factories for OM objects (rules, criterion,locator)
* moved Security SPI interfaces into Jetspeed API

Added:
    portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/AuthenticationProvider.java
    portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/AuthenticationProviderProxy.java
    portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/AuthorizationProvider.java
    portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/HierarchyResolver.java
    portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/LoginModuleProxy.java
    portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/SecurityProvider.java
    portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/
    portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/AlgorithmUpgradeCredentialPasswordEncoder.java
    portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/CredentialHandler.java
    portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/CredentialPasswordEncoder.java
    portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/CredentialPasswordValidator.java
    portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/GroupSecurityHandler.java
    portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/InternalPasswordCredentialInterceptor.java
    portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/PasswordCredentialProvider.java
    portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/RoleSecurityHandler.java
    portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/SecurityAccess.java
    portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/SecurityMappingHandler.java
    portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/UserSecurityHandler.java
Modified:
    portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/PortalReservedParameters.java
    portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/profiler/ProfileLocator.java
    portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/profiler/Profiler.java
    portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/profiler/rules/ProfileResolvers.java

Modified: portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/PortalReservedParameters.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/PortalReservedParameters.java?view=diff&rev=470505&r1=470504&r2=470505
==============================================================================
--- portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/PortalReservedParameters.java (original)
+++ portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/PortalReservedParameters.java Thu Nov  2 12:25:59 2006
@@ -59,7 +59,7 @@
     public static final String PAGE_THEME_ATTRIBUTE = "org.apache.jetspeed.theme";
     /**
      * Setting this as a session attribute will override all themes declared in
-     * psml. Sample values are "simple", "tigris", "jetspeed"
+     * psml. Sample values are "Simple", "tigris", "jetspeed"
      */
     public static final String PAGE_THEME_OVERRIDE_ATTRIBUTE = "org.apache.jetspeed.theme.override";
     public static final String PORTAL_FILTER_ATTRIBUTE = "org.apache.jetspeed.login.filter.PortalFilter";

Modified: portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/profiler/ProfileLocator.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/profiler/ProfileLocator.java?view=diff&rev=470505&r1=470504&r2=470505
==============================================================================
--- portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/profiler/ProfileLocator.java (original)
+++ portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/profiler/ProfileLocator.java Thu Nov  2 12:25:59 2006
@@ -74,7 +74,7 @@
     void add(RuleCriterion criterion, boolean isControl, boolean isNavigation, String value);
 
     /**
-     * Add a property based on a simple name and value.
+     * Add a property based on a Simple name and value.
      * 
      * @param name The name of the property.
      * @param isControl The control classification for property.
@@ -84,7 +84,7 @@
     void add(String name, boolean isControl, boolean isNavigation, String value);
     
     /**
-     * Add a property based on a simple name and value assumed
+     * Add a property based on a Simple name and value assumed
      * to be control property.
      * 
      * @param name The name of the property.

Modified: portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/profiler/Profiler.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/profiler/Profiler.java?view=diff&rev=470505&r1=470504&r2=470505
==============================================================================
--- portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/profiler/Profiler.java (original)
+++ portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/profiler/Profiler.java Thu Nov  2 12:25:59 2006
@@ -1,17 +1,17 @@
 /*
  * Copyright 2000-2001,2004 The Apache Software Foundation.
  * 
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not
+ * use this file except in compliance with the License. You may obtain a copy of
+ * the License at
  * 
- *      http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
  * 
  * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
  */
 package org.apache.jetspeed.profiler;
 
@@ -21,6 +21,7 @@
 
 import org.apache.jetspeed.profiler.rules.PrincipalRule;
 import org.apache.jetspeed.profiler.rules.ProfilingRule;
+import org.apache.jetspeed.profiler.rules.RuleCriterion;
 import org.apache.jetspeed.request.RequestContext;
 
 /**
@@ -97,19 +98,23 @@
      * For a given principal, associate a profiling rule to that principal name.
      * TODO: this API should be secured and require admin role
      * 
-     * @param principal Lookup the profiling rule based on this principal.
-     * @param locatorName the unique name of a locator for this principal/rule/locator 
-     * @param The rule used to find profiles for this user
+     * @param principal
+     *            Lookup the profiling rule based on this principal.
+     * @param locatorName
+     *            the unique name of a locator for this principal/rule/locator
+     * @param The
+     *            rule used to find profiles for this user
      */
-    void setRuleForPrincipal(Principal principal, ProfilingRule rule, String locatorName);
-    
+    void setRuleForPrincipal(Principal principal, ProfilingRule rule,
+            String locatorName);
+
     /**
      * Lookup the portal's default profiling rule.
      * 
      * @return The portal's default profiling rule.
      */
     ProfilingRule getDefaultRule();
-              
+
     /**
      * @return
      */
@@ -122,74 +127,110 @@
      * @return the rule
      */
     ProfilingRule getRule(String id);
-    
+
     /**
-     * For a given principal, find all supported locators and return a string array of 
-     * locator names.
+     * For a given principal, find all supported locators and return a string
+     * array of locator names.
      * 
-     * @param principal The given principal.
+     * @param principal
+     *            The given principal.
      * @return array of String locator names
      */
     String[] getLocatorNamesForPrincipal(Principal principal);
 
     /**
-     * For a given principal, find all supported locators and return a 
+     * For a given principal, find all supported locators and return a
      * collection of principal rules.
      * 
-     * @param principal The given principal.
+     * @param principal
+     *            The given principal.
      * @return collection of PrincipalRules
      */
     Collection getRulesForPrincipal(Principal principal);
-    
+
     /**
      * Gets all supported locators for a principal.
-     *  
+     * 
      * @param context
      * @param principal
      * @return
      * @throws ProfilerException
      */
     Map getProfileLocators(RequestContext context, Principal principal)
-    throws ProfilerException;
-    
+            throws ProfilerException;
+
     /**
      * 
      * <p>
      * getDefaultProfileLocators
      * </p>
      * Gets all the supported locators for the DEFAULT_RULE_PRINCIPAL
+     * 
      * @param context
      * @return
      * @throws ProfilerException
      */
-    Map getDefaultProfileLocators( RequestContext context) throws ProfilerException;
-    
+    Map getDefaultProfileLocators(RequestContext context)
+            throws ProfilerException;
+
     /*
      * Persist a profiling rule to the persistent store.
      * 
      */
-    void storeProfilingRule(ProfilingRule rule)
-    throws ProfilerException;
-    
+    void storeProfilingRule(ProfilingRule rule) throws ProfilerException;
+
     /*
      * Deletes a profiling rule from the persistent store.
      * 
-     */    
-    void deleteProfilingRule(ProfilingRule rule)
-    throws ProfilerException;
+     */
+    void deleteProfilingRule(ProfilingRule rule) throws ProfilerException;
 
     /*
      * Persist a principal rule to the persistent store.
      * 
      */
-    void storePrincipalRule(PrincipalRule rule)
-    throws ProfilerException;
-    
+    void storePrincipalRule(PrincipalRule rule) throws ProfilerException;
+
     /*
      * Deletes a principal rule from the persistent store.
      * 
-     */    
-    void deletePrincipalRule(PrincipalRule rule)
-    throws ProfilerException;
-    
+     */
+    void deletePrincipalRule(PrincipalRule rule) throws ProfilerException;
+
+    /**
+     * Factory for Profiling Rule. The boolean argument specifies whether to
+     * obtain a new instance of a standard profiling rule or of a fallback rule.
+     * 
+     * @param standard
+     *            true if standard rule is requested, false if fallback
+     * @return New instance of a (standard or fallback) Profiling Rule
+     * @throws ClassNotFoundException
+     *             if the beanfactory couldn't instantiate the bean
+     */
+    public ProfilingRule createProfilingRule(boolean standard)
+            throws ClassNotFoundException;
+
+    /**
+     * Factory for PrincipalRule, the container to connect profiling rule and
+     * (user) prinicpal
+     * <p>
+     * Replaces the previous Class.forName and .instantiate logic with the
+     * Spring based factory.
+     * 
+     * @return New instance of a principal rule
+     * @throws ClassNotFoundException
+     *             if the beanfactory couldn't instantiate the bean
+     */
+    public PrincipalRule createPrincipalRule() throws ClassNotFoundException;
+
+    /**
+     * Factory for Rule Criterion
+     * <p>
+     * 
+     * @return New instance of a rule criterion
+     * @throws ClassNotFoundException
+     *             if the beanfactory couldn't instantiate the bean
+     */
+    public RuleCriterion createRuleCriterion() throws ClassNotFoundException;
+
 }

Modified: portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/profiler/rules/ProfileResolvers.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/profiler/rules/ProfileResolvers.java?view=diff&rev=470505&r1=470504&r2=470505
==============================================================================
--- portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/profiler/rules/ProfileResolvers.java (original)
+++ portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/profiler/rules/ProfileResolvers.java Thu Nov  2 12:25:59 2006
@@ -15,6 +15,8 @@
  */
 package org.apache.jetspeed.profiler.rules;
 
+import java.util.Map;
+
 /**
  * Spring component to hold criterion resolvers for building profiling rules.
  *
@@ -24,4 +26,8 @@
 public interface ProfileResolvers 
 {
     RuleCriterionResolver get(String resolverName);
+    /**
+     * return the map of resolver
+     */
+    Map getResolvers();
 }

Added: portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/AuthenticationProvider.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/AuthenticationProvider.java?view=auto&rev=470505
==============================================================================
--- portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/AuthenticationProvider.java (added)
+++ portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/AuthenticationProvider.java Thu Nov  2 12:25:59 2006
@@ -0,0 +1,85 @@
+/* Copyright 2004 Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jetspeed.security;
+
+import org.apache.jetspeed.security.spi.CredentialHandler;
+import org.apache.jetspeed.security.spi.UserSecurityHandler;
+
+/**
+ * <p>
+ * Configures an authentication provider.
+ * </p>
+ * 
+ * @author <a href="mailto:dlestrat@apache.org">David Le Strat </a>
+ */
+public interface AuthenticationProvider
+{
+    
+    /**
+     * <p>
+     * Gets the authentication provider name.
+     * </p>
+     * 
+     * @return The authentication provider name.
+     */
+    String getProviderName();
+    
+    /**
+     * <p>
+     * Gets the authentication provider description.
+     * </p>
+     * 
+     * @return The authentication provider description.
+     */
+    String getProviderDescription();
+    
+    /**
+     * <p>
+     * Gets the {@link UserSecurityHandler}.
+     * </p>
+     * 
+     * @return The {@link UserSecurityHandler}.
+     */
+    UserSecurityHandler getUserSecurityHandler();
+    
+    
+    /**
+     * <p>
+     * Sets the {@link UserSecurityHandler}.
+     * </p>
+     * 
+     * @param userSecurityHandler The {@link UserSecurityHandler}.
+     */
+    void setUserSecurityHandler(UserSecurityHandler userSecurityHandler);
+    
+    /**
+     * <p>
+     * Gets the {@link CredentialHandler}.
+     * </p>
+     * 
+     * @return The {@link CredentialHandler}.
+     */
+    CredentialHandler getCredentialHandler();
+    
+    /**
+     * <p>
+     * Sets the {@link CredentialHandler}.
+     * </p>
+     * 
+     * @param credHandler The {@link CredentialHandler}.
+     */
+    void setCredentialHandler(CredentialHandler credHandler);
+
+}

Added: portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/AuthenticationProviderProxy.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/AuthenticationProviderProxy.java?view=auto&rev=470505
==============================================================================
--- portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/AuthenticationProviderProxy.java (added)
+++ portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/AuthenticationProviderProxy.java Thu Nov  2 12:25:59 2006
@@ -0,0 +1,147 @@
+/* Copyright 2004 Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jetspeed.security;
+
+import java.sql.Date;
+
+import org.apache.jetspeed.security.spi.CredentialHandler;
+import org.apache.jetspeed.security.spi.UserSecurityHandler;
+
+/**
+ * <p>
+ * Proxy allowing to handle multiple authentication providers.
+ * </p>
+ * 
+ * @author <a href="mailto:dlestrat@apache.org">David Le Strat </a>
+ */
+public interface AuthenticationProviderProxy extends UserSecurityHandler, CredentialHandler
+{
+    /**
+     * <p>
+     * Returns the default authentication provider.
+     * </p>
+     * 
+     * @return The default authentication provider.
+     */
+    String getDefaultAuthenticationProvider();
+    
+    /**
+     * <p>
+     * Returns the authentication provider of a user principal.
+     * @param userName
+     * @return The authentication provider or null if user is unknown.
+     */
+    String getAuthenticationProvider(String userName);
+    
+    /**
+     * <p>
+     * Adds a new user principal in a given authentication provider.
+     * </p>
+     * 
+     * @param userPrincipal The new user principal.
+     * @param authenticationProvider The authentication provider name.
+     * @throws SecurityException Throws a security exception.
+     */
+    void addUserPrincipal(UserPrincipal userPrincipal, String authenticationProvider) throws SecurityException;
+
+    /**
+     * <p>
+     * Updates user principal in a given authentication provider.
+     * </p>
+     * 
+     * @param userPrincipal The user principal.
+     * @param authenticationProvider The authentication provider name.
+     * @throws SecurityException Throws a security exception.
+     */
+    void updateUserPrincipal(UserPrincipal userPrincipal, String authenticationProvider) throws SecurityException;
+
+    /**
+     * <p>
+     * Remove user principal in a given authentication provider.
+     * </p>
+     * 
+     * @param userPrincipal The user principal.
+     * @param authenticationProvider The authentication provider name.
+     * @throws SecurityException Throws a security exception.
+     */
+    void removeUserPrincipal(UserPrincipal userPrincipal, String authenticationProvider) throws SecurityException;
+
+    /**
+     * <p>
+     * Adds or updates a private password credential in a given authentication provider.<br>
+     * If <code>oldPassword</code> is not null, the oldPassword will first be checked (authenticated).<br>
+     * </p>
+     * 
+     * @param oldPassword The old password value.
+     * @param newPassword The new password value.
+     * @param authenticationProvider The authentication provider name.
+     * @throws SecurityException Throws a {@link SecurityException}.
+     */
+    void setPassword(String userName, String oldPassword, String newPassword,
+            String authenticationProvider) throws SecurityException;
+    
+    /**
+     * <p>
+     * Set the update required state of the user password credential in a given authentication provider.
+     * </p>
+     * 
+     * @param userName The user name.
+     * @param updateRequired The update required state.
+     * @param authenticationProvider The authentication provider name.
+     * @throws Throws a security exception.
+     */
+    void setPasswordUpdateRequired(String userName, boolean updateRequired, 
+            String authenticationProvider) throws SecurityException;
+
+    /**
+     * <p>
+     * Set the enabled state of the user password credential in a given authentication provider.
+     * </p>
+     * 
+     * @param userName The user name.
+     * @param enabled The enabled state.
+     * @param authenticationProvider The authentication provider name.
+     * @throws Throws a security exception.
+     */
+    void setPasswordEnabled(String userName, boolean enabled, 
+            String authenticationProvider) throws SecurityException;
+
+    /**
+     * <p>
+     * Set the expiration date and the expired flag of the password credential in a given authentication provider</p>
+     * <p>
+     * If a date equal or before the current date is provided, the expired flag will be set to true,
+     * otherwise to false.</p>
+     * 
+     * @param userName The user name.
+     * @param expirationDate The expiration date to set.
+     * @param authenticationProvider The authentication provider name.
+     * @throws Throws a security exception.
+     */
+    void setPasswordExpiration(String userName, Date expirationDate, 
+            String authenticationProvider) throws SecurityException;
+
+    /**
+     * <p>
+     * Authenticate a user in a given authentication provider
+     * </p>
+     * 
+     * @param userName The user name.
+     * @param password The user password.
+     * @param authenticationProvider The authentication provider name.
+     * @return Whether or not a user is authenticated.
+     */
+    boolean authenticate(String userName, String password, String authenticationProvider) throws SecurityException;
+}

Added: portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/AuthorizationProvider.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/AuthorizationProvider.java?view=auto&rev=470505
==============================================================================
--- portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/AuthorizationProvider.java (added)
+++ portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/AuthorizationProvider.java Thu Nov  2 12:25:59 2006
@@ -0,0 +1,48 @@
+/* Copyright 2004 Apache Software Foundation
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+*     http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package org.apache.jetspeed.security;
+
+import java.util.List;
+
+/**
+ * <p>
+ * Configures the policies.  Instantiates the <code>SecurityPolicies</code> with the security policies
+ * that need to be enforced.  It will add the default policy already configured as well as the engine policies
+ * used to enforce permission checks.
+ * </p>
+ * 
+ * @author <a href="mailto:dlestrat@apache.org">David Le Strat </a>
+ */
+public interface AuthorizationProvider
+{
+    /**
+     * <p>
+     * The list of configured policies.
+     * </p>
+     * 
+     * @return The list of policies.
+     */
+    List getPolicies();
+    
+    
+    /**
+     * <p>
+     * Whether to use the default policy or not in addition to the Policies configured for the AuthorizationProvider.
+     * </p>
+     * 
+     * @param whetherToUseDefaultPolicy Boolean false: does not use the default policy, true: does.
+     */
+    void useDefaultPolicy(boolean whetherToUseDefaultPolicy);
+}

Added: portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/HierarchyResolver.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/HierarchyResolver.java?view=auto&rev=470505
==============================================================================
--- portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/HierarchyResolver.java (added)
+++ portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/HierarchyResolver.java Thu Nov  2 12:25:59 2006
@@ -0,0 +1,51 @@
+/* Copyright 2004 Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jetspeed.security;
+
+import java.util.prefs.Preferences;
+
+/**
+ * <p>
+ * This class allows to implement different types of groups/roles hierarchy.
+ * </p>
+ * 
+ * @author <a href="mailto:Artem.Grinshtein@t-systems.com">Artem Grinshtein </a>
+ * @version $Id: HierarchyResolver.java 187640 2004-09-30 04:01:42Z dlestrat $
+ */
+public interface HierarchyResolver 
+{
+    
+    /**
+     * <p>
+     * Returns absolute path names of the hierarchy roles/groups.
+     * </p>
+     * 
+     * @param prefs Preferences for the role/group
+     * @return Returns absolute path names of the dependcy roles/groups.
+     */
+    public String[] resolve(Preferences prefs);
+    
+    /**
+     * <p>
+     * Returns the absolute path names of the children of the given hierarchy
+     * roles/groups node.
+     * </p>
+     * 
+     * @param prefs Preferences for the role/group
+     * @return Returns absolute path names of the children roles/groups.
+     */
+    public String[] resolveChildren(Preferences prefs);
+        
+}

Added: portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/LoginModuleProxy.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/LoginModuleProxy.java?view=auto&rev=470505
==============================================================================
--- portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/LoginModuleProxy.java (added)
+++ portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/LoginModuleProxy.java Thu Nov  2 12:25:59 2006
@@ -0,0 +1,43 @@
+/* Copyright 2004 Apache Software Foundation
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+*     http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package org.apache.jetspeed.security;
+
+/**
+ * <p>Utility component used as a bridge between the login module and the security component.</p>
+ * 
+ * @author <a href="mailto:dlestrat@apache.org">David Le Strat</a>
+ */
+public interface LoginModuleProxy
+{
+    /**
+     * <p>Default .portal user role name</p>
+     */
+    String DEFAULT_PORTAL_USER_ROLE_NAME = "portal-user";
+
+    /**
+     * <p>Getter for the {@link UserManager}.</p>
+     * @return The UserManager.
+     */
+    UserManager getUserManager();
+
+    /**
+     * <p>Getter for the required portal user role name.</p>
+     *
+     * <p>Used in web.xml authorization to detect authenticated portal users.</p>
+     *
+     * @return The portal user role name.
+     */
+    String getPortalUserRole();
+}

Added: portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/SecurityProvider.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/SecurityProvider.java?view=auto&rev=470505
==============================================================================
--- portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/SecurityProvider.java (added)
+++ portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/SecurityProvider.java Thu Nov  2 12:25:59 2006
@@ -0,0 +1,67 @@
+/* Copyright 2004 Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jetspeed.security;
+
+import org.apache.jetspeed.security.spi.GroupSecurityHandler;
+import org.apache.jetspeed.security.spi.RoleSecurityHandler;
+import org.apache.jetspeed.security.spi.SecurityMappingHandler;
+
+/**
+ * <p>
+ * Utility component used to configure the security component and provide access
+ * to the various security handlers.
+ * </p>
+ * 
+ * @author <a href="mailto:dlestrat@apache.org">David Le Strat </a>
+ */
+public interface SecurityProvider
+{
+    /**
+     * <p>
+     * Getter for the {@link AuthenticationProviderProxy}
+     * </p>
+     * 
+     * @return The {@link AuthenticationProviderProxy}.
+     */
+    AuthenticationProviderProxy getAuthenticationProviderProxy();
+
+    /**
+     * <p>
+     * Getter for the {@link RoleSecurityHandler}
+     * </p>
+     * 
+     * @return The RoleSecurityHandler.
+     */
+    RoleSecurityHandler getRoleSecurityHandler();
+
+    /**
+     * <p>
+     * Getter for the {@link GroupSecurityHandler}
+     * </p>
+     * 
+     * @return The GroupSecurityHandler.
+     */
+    GroupSecurityHandler getGroupSecurityHandler();
+
+    /**
+     * <p>
+     * Gettter for the {@link SecurityMappingHandler}
+     * </p>
+     * 
+     * @return The SecurityMappingHandler.
+     */
+    SecurityMappingHandler getSecurityMappingHandler();
+
+}

Added: portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/AlgorithmUpgradeCredentialPasswordEncoder.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/AlgorithmUpgradeCredentialPasswordEncoder.java?view=auto&rev=470505
==============================================================================
--- portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/AlgorithmUpgradeCredentialPasswordEncoder.java (added)
+++ portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/AlgorithmUpgradeCredentialPasswordEncoder.java Thu Nov  2 12:25:59 2006
@@ -0,0 +1,42 @@
+/* Copyright 2004 Apache Software Foundation
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+*     http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package org.apache.jetspeed.security.spi;
+
+import org.apache.jetspeed.security.PasswordCredential;
+import org.apache.jetspeed.security.SecurityException;
+import org.apache.jetspeed.security.om.InternalCredential;
+
+/**
+ * <p>
+ * AlgorithmUpgradeCredentialPasswordEncoder which is provided with the InternalCredential as well
+ * to allow for migrating between two different encoding schemes.
+ * </p>
+ * <p>
+ * The extended encode method is *only* called in the context of validating an existing (old) password,
+ * and not used for creating or updating to a new password directl!
+ * </p>
+ * <p>
+ * After successfull authentication, the recodeIfNeeded method will be called allowing to migrate to the new encryption scheme.
+ * </p>
+ * 
+ * @author <a href="mailto:ate@douma.nu">Ate Douma</a>
+ * @version $Id$
+ */
+public interface AlgorithmUpgradeCredentialPasswordEncoder extends CredentialPasswordEncoder
+{
+    String encode(String userName, String clearTextPassword, InternalCredential credential) throws SecurityException;
+    void recodeIfNeeded(String userName, String clearTextPassword, InternalCredential credential) throws SecurityException;
+    boolean usesOldEncodingAlgorithm(PasswordCredential credential);
+}

Added: portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/CredentialHandler.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/CredentialHandler.java?view=auto&rev=470505
==============================================================================
--- portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/CredentialHandler.java (added)
+++ portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/CredentialHandler.java Thu Nov  2 12:25:59 2006
@@ -0,0 +1,116 @@
+/* Copyright 2004 Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jetspeed.security.spi;
+
+import java.sql.Date;
+import java.util.Set;
+
+import org.apache.jetspeed.security.SecurityException;
+
+/**
+ * <p>
+ * This interface encapsulates the handling of security credentials.
+ * </p>
+ * <p>
+ * This provides a central placeholder for changing the mapping of user
+ * credentials.  The default implementation only supports <code>PasswordCredential</code>
+ * </p>
+ * <p>
+ * A security implementation wanting to map additional credentials should do so
+ * here.
+ * </p>
+ * 
+ * @author <a href="mailto:dlestrat@apache.org">David Le Strat </a>
+ */
+public interface CredentialHandler
+{
+    /**
+     * <p>
+     * Gets the public credentials for the user.
+     * </p>
+     * 
+     * @param username The username.
+     * @return The set of public credentials.
+     */
+    Set getPublicCredentials(String username);
+    
+    /**
+     * <p>
+     * Gets the private credentials for the user.
+     * </p>
+     * 
+     * @param username The username.
+     * @return The set of private credentials.
+     */
+    Set getPrivateCredentials(String username);
+    
+    /**
+     * <p>
+     * Adds or updates a private password credential.<br>
+     * If <code>oldPassword</code> is not null, the oldPassword will first be checked (authenticated).<br>
+     * </p>
+     * 
+     * @param oldPassword The old password.
+     * @param newPassword The new password.
+     * @throws SecurityException Throws a {@link SecurityException}.
+     */
+    void setPassword(String userName, String oldPassword, String newPassword) throws SecurityException;
+
+    /**
+     * <p>
+     * Set the update required state of the user password credential.
+     * </p>
+     * 
+     * @param userName The user name.
+     * @param updateRequired The update required state.
+     * @throws Throws a security exception.
+     */
+    void setPasswordUpdateRequired(String userName, boolean updateRequired) throws SecurityException;
+
+    /**
+     * <p>
+     * Set the enabled state of the user password credential.
+     * </p>
+     * 
+     * @param userName The user name.
+     * @param enabled The enabled state.
+     * @throws Throws a security exception.
+     */
+    void setPasswordEnabled(String userName, boolean enabled) throws SecurityException;
+
+    /**
+     * <p>
+     * Set the expiration date and the expired flag of the password credential.</p>
+     * <p>
+     * If a date equal or before the current date is provided, the expired flag will be set to true,
+     * otherwise to false.</p>
+     * 
+     * @param userName The user name.
+     * @param expirationDate The expiration date to set.
+     * @throws Throws a security exception.
+     */
+    void setPasswordExpiration(String userName, Date expirationDate) throws SecurityException;
+
+    /**
+     * <p>
+     * Authenticate a user.
+     * </p>
+     * 
+     * @param userName The user name.
+     * @param password The user password.
+     * @return Whether or not a user is authenticated.
+     */
+    boolean authenticate(String userName, String password) throws SecurityException;
+}

Added: portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/CredentialPasswordEncoder.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/CredentialPasswordEncoder.java?view=auto&rev=470505
==============================================================================
--- portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/CredentialPasswordEncoder.java (added)
+++ portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/CredentialPasswordEncoder.java Thu Nov  2 12:25:59 2006
@@ -0,0 +1,30 @@
+/* Copyright 2004 Apache Software Foundation
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+*     http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package org.apache.jetspeed.security.spi;
+
+import org.apache.jetspeed.security.SecurityException;
+
+/**
+ * <p>
+ * CredentialPasswordEncoder
+ * </p>
+ * 
+ * @author <a href="mailto:ate@apache.org">Ate Douma</a>
+ * @version $Id: CredentialPasswordEncoder.java 187914 2004-11-08 22:36:04Z ate $
+ */
+public interface CredentialPasswordEncoder
+{
+    String encode(String userName, String clearTextPassword) throws SecurityException;
+}

Added: portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/CredentialPasswordValidator.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/CredentialPasswordValidator.java?view=auto&rev=470505
==============================================================================
--- portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/CredentialPasswordValidator.java (added)
+++ portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/CredentialPasswordValidator.java Thu Nov  2 12:25:59 2006
@@ -0,0 +1,30 @@
+/* Copyright 2004 Apache Software Foundation
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+*     http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package org.apache.jetspeed.security.spi;
+
+import org.apache.jetspeed.security.SecurityException;
+
+/**
+ * <p>
+ * CredentialPasswordValidator
+ * </p>
+ * 
+ * @author <a href="mailto:ate@apache.org">Ate Douma</a>
+ * @version $Id: CredentialPasswordValidator.java 187914 2004-11-08 22:36:04Z ate $
+ */
+public interface CredentialPasswordValidator
+{
+    void validate(String clearTextPassword) throws SecurityException;
+}

Added: portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/GroupSecurityHandler.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/GroupSecurityHandler.java?view=auto&rev=470505
==============================================================================
--- portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/GroupSecurityHandler.java (added)
+++ portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/GroupSecurityHandler.java Thu Nov  2 12:25:59 2006
@@ -0,0 +1,81 @@
+/* Copyright 2004 Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jetspeed.security.spi;
+
+import java.security.Principal;
+import java.util.List;
+
+import org.apache.jetspeed.security.GroupPrincipal;
+import org.apache.jetspeed.security.SecurityException;
+
+/**
+ * <p>
+ * This interface encapsulates the persistence of security groups.
+ * </p>
+ * <p>
+ * This provides a central placeholder for changing the persistence of groups
+ * security information.
+ * </p>
+ * <p>
+ * A security implementation wanting to store group security implementation in
+ * LDAP for instance would need to provide an LDAP implementation of this
+ * interface.
+ * </p>
+ * 
+ * @author <a href="mailto:dlestrat@apache.org">David Le Strat </a>
+ */
+public interface GroupSecurityHandler
+{
+    /**
+     * <p>
+     * Gets the group principal for the group full path name {principal}.{subprincipal}.
+     * </p>
+     * 
+     * @param groupFullPathName The group full path name.
+     * @return The <code>Principal</p>
+     */
+    GroupPrincipal getGroupPrincipal(String groupFullPathName);
+    
+    /**
+     * <p>
+     * Sets the group principal in the backing store.
+     * </p>
+     * 
+     * @param groupPrincipal The <code>GroupPrincipal</code>.
+     * @throws SecurityException Throws a {@link SecurityException}.
+     */
+    void setGroupPrincipal(GroupPrincipal groupPrincipal) throws SecurityException;
+    
+    /**
+     * <p>
+     * Removes the group principal.
+     * </p>
+     * 
+     * @param groupPrincipal The <code>GroupPrincipal</code>.
+     * @throws SecurityException Throws a {@link SecurityException}.
+     */
+    void removeGroupPrincipal(GroupPrincipal groupPrincipal) throws SecurityException;
+
+    /**
+     * <p>
+     * Gets the an iterator of group principals for a given filter.
+     * </p>
+     * 
+     * @param filter The filter.
+     * @return The list of <code>Principal</code>
+     */
+    List getGroupPrincipals(String filter);
+   
+}

Added: portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/InternalPasswordCredentialInterceptor.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/InternalPasswordCredentialInterceptor.java?view=auto&rev=470505
==============================================================================
--- portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/InternalPasswordCredentialInterceptor.java (added)
+++ portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/InternalPasswordCredentialInterceptor.java Thu Nov  2 12:25:59 2006
@@ -0,0 +1,119 @@
+/* Copyright 2004 Apache Software Foundation
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+*     http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package org.apache.jetspeed.security.spi;
+
+import java.util.Collection;
+
+import org.apache.jetspeed.security.SecurityException;
+import org.apache.jetspeed.security.om.InternalCredential;
+import org.apache.jetspeed.security.om.InternalUserPrincipal;
+
+/**
+ * <p>
+ * Callback component interface used by {@link org.apache.jetspeed.security.spi.impl.DefaultCredentialHandler DefaultCredentialHandler} 
+ * allowing injecting custom logic on certain events of the {@link InternalCredential}.
+ * </p>
+ * 
+ * @author <a href="mailto:ate@apache.org">Ate Douma</a>
+ * @version $Id: InternalPasswordCredentialInterceptor.java 291016 2005-09-22 21:19:36Z ate $
+ */
+public interface InternalPasswordCredentialInterceptor
+{
+    /**
+     * <p>
+     * Invoked after a password credential is loaded from the persistent store.</p>
+     * <p>
+     * If true is returned the credential is expected to be updated and its changes will be stored again.</p>
+     * <p>
+     * A thrown SecurityException will be logged as an error and result in the credential to be ignored 
+     * as if not existing (like for authentication).</p>
+     * 
+     * @param pcProvider provides callback access to for instance the configured {@link CredentialPasswordEncoder} and
+     * {@link CredentialPasswordValidator}
+     * @param userName the name of the principal to which the credential belongs
+     * @param credential the credential just loaded from the persistent store
+     * @return true if the credential is updated
+     * @throws SecurityException
+     * @see org.apache.jetspeed.security.spi.impl.DefaultCredentialHandler#getPasswordCredential(InternalUserPrincipal, String)
+     * @see org.apache.jetspeed.security.spi.impl.DefaultCredentialHandler#setPasswordExpiration(String, java.sql.Date)
+     */
+    boolean afterLoad(PasswordCredentialProvider pcProvider, String userName, InternalCredential credential) throws SecurityException;
+
+    /**
+     * <p>
+     * Invoked during authentication after the provided password is compared against the one retrieved from
+     * the InternalCredential.</p>
+     * <p>
+     * If true is returned, the credential is expected to be updated and its {@link InternalCredential#isEnabled() enabled}
+     * and {@link InternalCredential#isExpired() expired} flags will checked if the credential is (still) valid.</p>
+     * <p>
+     * Note: the enabled and expired flags are <em>only</em> checked if this method returns true.</p>
+     * <p>
+     * A thrown SecurityException will be passed on to the authentication requestor.</p>
+     *  
+     * @param internalUser the user to which the credential belongs
+     * @param userName the name of the principal to which the credential belongs
+     * @param credential the credential of the user
+     * @param authenticated true if the provided password matches the value of the credential
+     * @return true if the credential is updated
+     * @throws SecurityException
+     * @see org.apache.jetspeed.security.spi.impl.DefaultCredentialHandler#authenticate(String, String)
+     */
+    boolean afterAuthenticated(InternalUserPrincipal internalUser, String userName, InternalCredential credential, boolean authenticated) throws SecurityException;
+
+    /**
+     * <p>
+     * Invoked when the first password credential is to be saved for a user.</p>
+     * <p>
+     * This callback method can be used to set default values like the {@link InternalCredential#getExpirationDate() expiration date}.</p>
+     * <p>
+     * A thrown SecurityException is passed on to the new password requestor.</p>
+     * 
+     * @param internalUser the user to which the credential belongs
+     * @param credentials the collection of credentials which will set on the user after (already contains the new credential)
+     * @param userName the name of the principal to which the credential belongs
+     * @param credential the credential of the user
+     * @param password the new password value (already set on the new credential)
+     * @throws SecurityException
+     * @see org.apache.jetspeed.security.spi.impl.DefaultCredentialHandler#setPassword(String, String, String)
+     */
+    void beforeCreate(InternalUserPrincipal internalUser, Collection credentials, String userName, InternalCredential credential, String password) throws SecurityException;
+
+    /**
+     * <p>
+     * Invoked when a new password value is to be saved for a user.</p>
+     * <p>
+     * The new password value is <em>not</em> yet set on the provided credential when this callback is invoked. This allows
+     * custom history maintenance and/or auditing to be performed.</p>
+     * <p>
+     * The provided authenticated flag can be used to differentiate between a new password value set directly by a user
+     * itself or through an administrative interface.</p>
+     * <p>
+     * After this callback is invoked, the specified password value will be set, as well as a reset of the
+     * {@link InternalCredential#isUpdateRequired() updateRequired} flag, before the credential is saved.</p>
+     * <p>
+     * A thrown SecurityException is passed on to the set password requestor.</p>
+     * 
+     * @param internalUser the user to which the credential belongs
+     * @param credentials the collection of credentials which will set on the user after (already contains the new credential)
+     * @param userName the name of the principal to which the credential belongs
+     * @param credential the credential of the user
+     * @param password the new password value (already set on the new credential)
+     * @param authenticated true if the new password value is provided by the user directly
+     * @throws SecurityException
+     * @see org.apache.jetspeed.security.spi.impl.DefaultCredentialHandler#setPassword(String, String, String)
+     */
+    void beforeSetPassword(InternalUserPrincipal internalUser, Collection credentials, String userName, InternalCredential credential, String password, boolean authenticated) throws SecurityException;
+}

Added: portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/PasswordCredentialProvider.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/PasswordCredentialProvider.java?view=auto&rev=470505
==============================================================================
--- portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/PasswordCredentialProvider.java (added)
+++ portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/PasswordCredentialProvider.java Thu Nov  2 12:25:59 2006
@@ -0,0 +1,36 @@
+/* Copyright 2004 Apache Software Foundation
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+*     http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package org.apache.jetspeed.security.spi;
+
+import org.apache.jetspeed.security.PasswordCredential;
+import org.apache.jetspeed.security.SecurityException;
+import org.apache.jetspeed.security.om.InternalCredential;
+
+/**
+ * <p>
+ * PasswordCredentialProvider
+ * </p>
+ * 
+ * @author <a href="mailto:ate@apache.org">Ate Douma</a>
+ * @version $Id: PasswordCredentialProvider.java 187914 2004-11-08 22:36:04Z ate $
+ */
+public interface PasswordCredentialProvider
+{
+    Class getPasswordCredentialClass();
+    CredentialPasswordValidator getValidator();
+    CredentialPasswordEncoder getEncoder();
+    PasswordCredential create(String userName, String password) throws SecurityException;
+    PasswordCredential create(String userName, InternalCredential credential) throws SecurityException;
+}

Added: portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/RoleSecurityHandler.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/RoleSecurityHandler.java?view=auto&rev=470505
==============================================================================
--- portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/RoleSecurityHandler.java (added)
+++ portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/RoleSecurityHandler.java Thu Nov  2 12:25:59 2006
@@ -0,0 +1,82 @@
+/* Copyright 2004 Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jetspeed.security.spi;
+
+import java.security.Principal;
+import java.util.List;
+
+import org.apache.jetspeed.security.RolePrincipal;
+import org.apache.jetspeed.security.SecurityException;
+
+/**
+ * <p>
+ * This interface encapsulates the persistence of security roles.
+ * </p>
+ * <p>
+ * This provides a central placeholder for changing the persistence of roles
+ * security information.
+ * </p>
+ * <p>
+ * A security implementation wanting to store role security implementation in
+ * LDAP for instance would need to provide an LDAP implementation of this
+ * interface.
+ * </p>
+ * 
+ * @author <a href="mailto:dlestrat@apache.org">David Le Strat </a>
+ */
+public interface RoleSecurityHandler
+{
+    
+    /**
+     * <p>
+     * Gets the role principal for the role full path name {principal}.{subprincipal}.
+     * </p>
+     * 
+     * @param roleFullPathName The role full path name.
+     * @return The <code>Principal</p>
+     */
+    RolePrincipal getRolePrincipal(String roleFullPathName);
+    
+    /**
+     * <p>
+     * Sets the role principal in the backing store.
+     * </p>
+     * 
+     * @param rolePrincipal The <code>RolePrincipal</code>.
+     * @throws SecurityException Throws a {@link SecurityException}.
+     */
+    void setRolePrincipal(RolePrincipal rolePrincipal) throws SecurityException;
+    
+    /**
+     * <p>
+     * Removes the role principal.
+     * </p>
+     * 
+     * @param rolePrincipal The <code>RolePrincipal</code>.
+     * @throws SecurityException Throws a {@link SecurityException}.
+     */
+    void removeRolePrincipal(RolePrincipal rolePrincipal) throws SecurityException;
+
+    /**
+     * <p>
+     * Gets the an iterator of role principals for a given filter.
+     * </p>
+     * 
+     * @param filter The filter.
+     * @return The list of <code>Principal</code>
+     */
+    List getRolePrincipals(String filter);
+   
+}  

Added: portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/SecurityAccess.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/SecurityAccess.java?view=auto&rev=470505
==============================================================================
--- portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/SecurityAccess.java (added)
+++ portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/SecurityAccess.java Thu Nov  2 12:25:59 2006
@@ -0,0 +1,183 @@
+/*
+ * Copyright 2000-2001,2004 The Apache Software Foundation.
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jetspeed.security.spi;
+
+import java.util.Iterator;
+
+import org.apache.jetspeed.security.SecurityException;
+import org.apache.jetspeed.security.om.InternalGroupPrincipal;
+import org.apache.jetspeed.security.om.InternalRolePrincipal;
+import org.apache.jetspeed.security.om.InternalUserPrincipal;
+
+/**
+ * <p>
+ * SecurityAccess
+ * </p>
+ * <p>
+ *
+ * </p>
+ * @author <a href="mailto:weaver@apache.org">Scott T. Weaver</a>
+ * @version $Id: SecurityAccess.java 290457 2005-09-20 14:14:31Z ate $
+ *
+ */
+public interface SecurityAccess
+{
+    /**
+     * <p>
+     * Returns if a Internal UserPrincipal is defined for the user name.
+     * </p>
+     * 
+     * @param username The user name.
+     * @return true if the user is known
+     */
+    public boolean isKnownUser(String username);
+
+    /**
+     * <p>
+     * Returns the {@link InternalUserPrincipal} from the user name.
+     * </p>
+     * 
+     * @param username The user name.
+     * @return The {@link InternalUserPrincipal}.
+     */
+    InternalUserPrincipal getInternalUserPrincipal( String username );
+
+    /**
+     * <p>
+     * Returns the {@link InternalUserPrincipal} from the user name.
+     * </p>
+     * 
+     * @param username The user name.
+     * @param isMappingOnly Whether a principal's purpose is for security mappping only.
+     * @return The {@link InternalUserPrincipal}.
+     */
+    InternalUserPrincipal getInternalUserPrincipal( String username, boolean isMappingOnly );
+
+    /**
+     * <p>
+     * Returns a {@link InternalUserPrincipal} collection given the filter.
+     * </p>
+     * 
+     * @param filter The filter.
+     * @return Collection of {@link InternalUserPrincipal}.
+     */
+    Iterator getInternalUserPrincipals( String filter );
+
+    /**
+     * <p>
+     * Sets the given {@link InternalUserPrincipal}.
+     * </p>
+     * 
+     * @param internalUser The {@link InternalUserPrincipal}.
+     * @param isMappingOnly Whether a principal's purpose is for security mappping only.
+     * @throws SecurityException Throws a {@link SecurityException}.
+     */
+    void setInternalUserPrincipal( InternalUserPrincipal internalUser, boolean isMappingOnly ) throws SecurityException;
+
+    /**
+     * <p>
+     * Remove the given {@link InternalUserPrincipal}.
+     * </p>
+     * 
+     * @param internalUser The {@link InternalUserPrincipal}.
+     * @throws SecurityException Throws a {@link SecurityException}.
+     */
+    void removeInternalUserPrincipal( InternalUserPrincipal internalUser ) throws SecurityException;
+
+    /**
+     * <p>
+     * Returns the {@link InternalRolePrincipal}from the role full path name.
+     * </p>
+     * 
+     * @param roleFullPathName The role full path name.
+     * @return The {@link InternalRolePrincipal}.
+     */
+    InternalRolePrincipal getInternalRolePrincipal( String roleFullPathName );
+
+    /**
+     * <p>
+     * Sets the given {@link InternalRolePrincipal}.
+     * </p>
+     * 
+     * @param internalRole The {@link InternalRolePrincipal}.
+     * @param isMappingOnly Whether a principal's purpose is for security mappping only.
+     * @throws SecurityException Throws a {@link SecurityException}.
+     */
+    void setInternalRolePrincipal( InternalRolePrincipal internalRole, boolean isMappingOnly ) throws SecurityException;
+
+    /**
+     * <p>
+     * Remove the given {@link InternalRolePrincipal}.
+     * </p>
+     * 
+     * @param internalRole The {@link InternalRolePrincipal}.
+     * @throws SecurityException Throws a {@link SecurityException}.
+     */
+    void removeInternalRolePrincipal( InternalRolePrincipal internalRole ) throws SecurityException;
+
+    /**
+     * <p>
+     * Returns the {@link InternalGroupPrincipal}from the group full path name.
+     * </p>
+     * 
+     * @param groupFullPathName The group full path name.
+     * @return The {@link InternalGroupPrincipal}.
+     */
+    InternalGroupPrincipal getInternalGroupPrincipal( String groupFullPathName );
+
+    /**
+     * <p>
+     * Sets the given {@link InternalGroupPrincipal}.
+     * </p>
+     * 
+     * @param internalGroup The {@link InternalGroupPrincipal}.
+     * @param isMappingOnly Whether a principal's purpose is for security mappping only.
+     * @throws SecurityException Throws a {@link SecurityException}.
+     */
+    void setInternalGroupPrincipal( InternalGroupPrincipal internalGroup, boolean isMappingOnly )
+            throws SecurityException;
+
+    /**
+     * <p>
+     * Remove the given {@link InternalGroupPrincipal}.
+     * </p>
+     * 
+     * @param internalGroup The {@link InternalGroupPrincipal}.
+     * @throws SecurityException Throws a {@link SecurityException}.
+     */
+    void removeInternalGroupPrincipal( InternalGroupPrincipal internalGroup ) throws SecurityException;
+
+    /**
+     * <p>
+     * Returns a {@link InternalRolePrincipal} collection given the filter.
+     * </p>
+     * 
+     * @param filter The filter.
+     * @return Collection of {@link InternalRolePrincipal}.
+     */    
+    Iterator getInternalRolePrincipals(String filter);
+    
+    /**
+     * <p>
+     * Returns a {@link InternalGroupPrincipal} collection of Group given the filter.
+     * </p>
+     * 
+     * @param filter The filter.
+     * @return Collection of {@link InternalGroupPrincipal}.
+     */    
+    Iterator getInternalGroupPrincipals(String filter);
+
+}

Added: portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/SecurityMappingHandler.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/SecurityMappingHandler.java?view=auto&rev=470505
==============================================================================
--- portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/SecurityMappingHandler.java (added)
+++ portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/SecurityMappingHandler.java Thu Nov  2 12:25:59 2006
@@ -0,0 +1,222 @@
+/* Copyright 2004 Apache Software Foundation
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+*     http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package org.apache.jetspeed.security.spi;
+
+import java.util.Set;
+
+import org.apache.jetspeed.security.HierarchyResolver;
+import org.apache.jetspeed.security.SecurityException;
+
+/**
+ * <p>
+ * This interface encapsulates the mapping between principals.
+ * </p>
+ * <p>
+ * This provides a central placeholder for changing the implementation
+ * of the mapping association between principals.
+ * </p>
+ * 
+ * @author <a href="mailto:dlestrat@apache.org">David Le Strat </a>
+ */
+public interface SecurityMappingHandler
+{
+    
+    /**
+     * <p>
+     * Gets the {@link HierarchyResolver} to be used for resolving role hierarchy.
+     * </p>
+     * 
+     * @return The role {@link HierarchyResolver}.
+     */
+    HierarchyResolver getRoleHierarchyResolver();
+    
+    /**
+     * <p>
+     * Sets the {@link HierarchyResolver} to be used for resolving role hierachy.
+     * </p>
+     * 
+     * @param roleHierarchyResolver The role {@link HierarchyResolver}.
+     */
+    void setRoleHierarchyResolver(HierarchyResolver roleHierarchyResolver);
+    
+    /**
+     * <p>
+     * Gets the {@link HierarchyResolver} to be used for resolving group hierarchy.
+     * </p>
+     * 
+     * @return The role {@link HierarchyResolver}.
+     */
+    HierarchyResolver getGroupHierarchyResolver();
+    
+    /**
+     * <p>
+     * Sets the {@link HierarchyResolver} used for resolving group hierarchy.
+     * </p>
+     * 
+     * @param groupHierarchyResolver The group {@link HierarchyResolver}.
+     */
+    void setGroupHierarchyResolver(HierarchyResolver groupHierarchyResolver);
+    
+    /**
+     * <p>
+     * Gets the role principals for the given user according to the relevant hierarchy
+     * resolution rules.
+     * </p>
+     * 
+     * @param username The user name.
+     * @return A set of <code>Principal</p>
+     */
+    Set getRolePrincipals(String username);
+    
+    /**
+     * <p>
+     * Sets the role principal on a given user.
+     * Existence of the role or the user must be checked prior to invoking this method.
+     * If a principal does not exist in the security mapping store, it will be created for the purpose of
+     * security mapping only.
+     * </p>
+     * 
+     * @param username The user to add the role principal to.
+     * @param roleFullPathName The full path of the role principal to add.
+     * @throws SecurityException Throws a {@link SecurityException}.  An exeption needs to be
+     * 							 thrown if the user does not exist.
+     */
+    void setUserPrincipalInRole(String username, String roleFullPathName) throws SecurityException;
+    
+    /**
+     * <p>
+     * Removes the role principal on a given user.
+     * </p>
+     * <p>
+     * If a mapping only record does not have any mapping, this method will
+     * remove the record as well.
+     * </p>
+     * 
+     * @param username The user to remove the role principal from.
+     * @param roleFullPathName The full path of the role principal to remove.
+     * @throws SecurityException Throws a {@link SecurityException}.  An exeption needs to be
+     * 							 thrown if the user does not exist.
+     */
+    void removeUserPrincipalInRole(String username, String roleFullPathName) throws SecurityException;
+
+    /**
+     * <p>
+     * Gets the role principals for the given group according to the relevant hierarchy
+     * resolution rules.
+     * </p>
+     * 
+     * @param groupFullPathName The group full path name.
+     * @return A set of <code>Principal</p>
+     */
+    Set getRolePrincipalsInGroup(String groupFullPathName);
+    
+    /**
+     * <p>
+     * Sets the role principal on a given user.
+     * </p>
+     * 
+     * @param groupFullPathName The group to add the role principal to.
+     * @param roleFullPathName The full path of the role principal to add.
+     * @throws SecurityException Throws a {@link SecurityException}.  An exeption needs to be
+     * 							 thrown if the group does not exist.
+     */
+    void setRolePrincipalInGroup(String groupFullPathName, String roleFullPathName) throws SecurityException;
+    
+    /**
+     * <p>
+     * Removes the role principal on a given user.
+     * </p>
+     * 
+     * @param groupFullPathName The group to remove the role principal from.
+     * @param roleFullPathName The full path of the role principal to remove.
+     * @throws SecurityException Throws a {@link SecurityException}.  An exeption needs to be
+     * 							 thrown if the group does not exist.
+     */
+    void removeRolePrincipalInGroup(String groupFullPathName, String roleFullPathName) throws SecurityException;
+    
+    /**
+     * <p>
+     * Gets the group principals for the given user according to the relevant hierarchy
+     * resolution rules.
+     * </p>
+     * 
+     * @param username The user name.
+     * @return A set of <code>GroupPrincipal</p>
+     */
+    Set getGroupPrincipals(String username);
+    
+    /**
+     * <p>
+     * Gets the group principals for the given role according to the relevant hierarchy
+     * resolution rules.
+     * </p>
+     * 
+     * @param roleFullPathName The role full path name.
+     * @return A set of <code>Principal</p>
+     */
+    Set getGroupPrincipalsInRole(String roleFullPathName);
+    
+    /**
+     * <p>
+     * Gets the user principals for the given role according to the relevant hierarchy
+     * resolution rules.
+     * </p>
+     * 
+     * @param roleFullPathName The role full path name.
+     * @return A set of <code>Principal</p>
+     */   
+    Set getUserPrincipalsInRole(String roleFullPathName);
+    
+    /**
+     * <p>
+     * Gets the user principals for the given group according to the relevant hierarchy
+     * resolution rules.
+     * </p>
+     * 
+     * @param groupFullPathName The group full path name.
+     * @return A set of <code>Principal</p>
+     */   
+    Set getUserPrincipalsInGroup(String groupFullPathName);
+    
+    /**
+     * <p>
+     * Sets the user principal in the given group.
+     * </p>
+     * <p>
+     * Existence of the group or the user must be checked prior to invoking this method.
+     * If a principal does not exist in the security mapping store, it will be created for the purpose of
+     * security mapping only.
+     * </p>
+     * 
+     * @param username The user to add to the group principal.
+     * @param groupFullPathName The full path of the group principal.
+     * @throws SecurityException Throws a {@link SecurityException}.  An exeption needs to be
+     * 							 thrown if the user does not exist.
+     */
+    void setUserPrincipalInGroup(String username, String groupFullPathName) throws SecurityException;
+    
+    /**
+     * <p>
+     * Removes the user principal from the given group.
+     * </p>
+     * 
+     * @param username The user to remove from the group principal.
+     * @param groupFullPathName The full path of the group principal.
+     * @throws SecurityException Throws a {@link SecurityException}.  An exeption needs to be
+     * 							 thrown if the user does not exist.
+     */
+    void removeUserPrincipalInGroup(String username, String groupFullPathName) throws SecurityException;
+
+}

Added: portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/UserSecurityHandler.java
URL: http://svn.apache.org/viewvc/portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/UserSecurityHandler.java?view=auto&rev=470505
==============================================================================
--- portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/UserSecurityHandler.java (added)
+++ portals/jetspeed-2/trunk/jetspeed-api/src/java/org/apache/jetspeed/security/spi/UserSecurityHandler.java Thu Nov  2 12:25:59 2006
@@ -0,0 +1,98 @@
+/* Copyright 2004 Apache Software Foundation
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jetspeed.security.spi;
+
+import java.security.Principal;
+import java.util.List;
+
+import org.apache.jetspeed.security.SecurityException;
+import org.apache.jetspeed.security.UserPrincipal;
+
+/**
+ * <p>
+ * This interface encapsulates the persistence of a user security.
+ * </p>
+ * <p>
+ * This provides a central placeholder for changing the persistence of user
+ * security information.
+ * </p>
+ * <p>
+ * A security implementation wanting to store user security implementation in
+ * LDAP for instance would need to provide an LDAP implementation of this
+ * interface.
+ * </p>
+ * 
+ * @author <a href="mailto:dlestrat@apache.org">David Le Strat </a>
+ */
+public interface UserSecurityHandler
+{
+    /**
+     * <p>
+     * Checks if a UserPrincipal exists 
+     * @param userName
+     * @return true if a UserPrincipal exists
+     */
+    boolean isUserPrincipal(String userName);
+    
+    /**
+     * <p>
+     * Gets the user principal for the given user name.
+     * </p>
+     * 
+     * @param username The user name.
+     * @return The <code>Principal</p>
+     */
+    Principal getUserPrincipal(String username);
+    
+    /**
+     * <p>
+     * Gets the an iterator of user principals for a given filter.
+     * </p>
+     * 
+     * @param filter The filter.
+     * @return The list of <code>Principal</code>
+     */
+    List getUserPrincipals(String filter);
+    
+    /**
+     * <p>
+     * Adds a new user principal in the backing store.
+     * </p>
+     * 
+     * @param userPrincipal The new <code>UserPrincipal</code>.
+     * @throws SecurityException Throws a {@link SecurityException}.
+     */
+    void addUserPrincipal(UserPrincipal userPrincipal) throws SecurityException;
+    
+    /**
+     * <p>
+     * Updates the user principal in the backing store.
+     * </p>
+     * 
+     * @param userPrincipal The <code>UserPrincipal</code>.
+     * @throws SecurityException Throws a {@link SecurityException}.
+     */
+    void updateUserPrincipal(UserPrincipal userPrincipal) throws SecurityException;
+    
+    /**
+     * <p>
+     * Removes the user principal.
+     * </p>
+     * 
+     * @param userPrincipal The <code>UserPrincipal</code>.
+     * @throws SecurityException Throws a {@link SecurityException}.
+     */
+    void removeUserPrincipal(UserPrincipal userPrincipal) throws SecurityException;
+}



---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message