org.deegree.security.drm
Interface SecurityRegistry

All Known Implementing Classes:

SQLRegistry

public interface SecurityRegistry

This is an interface for datastores that are able to stores the following object types and their relations:

• User
• Group
• Role
• SecurableObject
• Right / RightType
• Privilege

Version:

$Revision: 9346 $

Author:

Markus Schneider

Method Summary

void	abortTransaction(SecurityTransaction transaction) Signals the Registry that the transaction shall be aborted.
void	beginTransaction(SecurityTransaction transaction) Signals the Registry that a new transaction starts.
void	clean(SecurityTransaction transaction) Deletes all data from the Registry and sets the default objects (SEC_ADMIN user, role and group) and standard rights and privileges.
void	commitTransaction(SecurityTransaction transaction) Signals the Registry that the current transaction ends.
void	deregisterGroup(SecurityTransaction transaction, Group group) Removes an existing Group from the Registry (including its relations).
void	deregisterPrivilege(SecurityTransaction transaction, Privilege privilege) Removes an existing Privilege from the Registry (including its relations).
void	deregisterRightType(SecurityTransaction transaction, RightType type) Removes an existing RightType from the Registry (including its relations).
void	deregisterRole(SecurityTransaction transaction, Role role) Removes an existing Role from the Registry (including its relations).
void	deregisterSecuredObject(SecurityTransaction transaction, SecuredObject object) Removes an existing SecuredObject from the Registry (including its associated rights).
void	deregisterUser(SecurityTransaction transaction, User user) Removes an existing User from the Registry.
Group[]	getAllGroups(SecurityAccess securityAccess) Retrieves all Group s from the Registry.
Role[]	getAllRoles(SecurityAccess securityAccess) Retrieves all Role s from the Registry, except those that are only used internally (these end with a $ symbol);
SecuredObject[]	getAllSecuredObjects(SecurityAccess securityAccess, String type) Retrieves all SecuredObject s from the Registry.
User[]	getAllUsers(SecurityAccess securityAccess) Retrieves all User s from the Registry.
Group	getGroupById(SecurityAccess securityAccess, int id) Retrieves a Group from the Registry.
Group	getGroupByName(SecurityAccess securityAccess, String name) Retrieves a Group from the Registry.
Group[]	getGroupsForGroup(SecurityAccess securityAccess, Group group) Retrieves all Group s from the Registry that the given Group belongs to.
Group[]	getGroupsForUser(SecurityAccess securityAccess, User user) Retrieves all Group s from the Registry that the given User belongs to.
Group[]	getGroupsInGroup(SecurityAccess securityAccess, Group group) Retrieves all Group s from the Registry belong to the given Group.
Group[]	getGroupsWithRole(SecurityAccess securityAccess, Role role) Retrieves all Group s from the Registry that are associated with a given Role.
Privilege	getPrivilegeByName(SecurityAccess securityAccess, String name) Retrieves a Privilege from the Registry.
Privilege[]	getPrivilegesForRole(SecurityAccess securityAccess, Role role) Retrieves all Privileges s from the Registry that are associated with a given Role.
Right[]	getRights(SecurityAccess securityAccess, SecurableObject object, Role role) Retrieves the Rights from the Registry that are associated with a given Role and a SecurableObject.
RightType	getRightTypeByName(SecurityAccess securityAccess, String name) Retrieves a RightType from the Registry.
Role	getRoleById(SecurityAccess securityAccess, int id) Retrieves a Role from the Registry.
Role	getRoleByName(SecurityAccess securityAccess, String name) Retrieves a Role from the Registry.
Role[]	getRolesByNS(SecurityAccess securityAccess, String ns) Retrieves all Role s from the Registry that have a certain namespace.
Role[]	getRolesForGroup(SecurityAccess securityAccess, Group group) Retrieves all Role s from the Registry that are associated with a given Group DIRECTLY (i.e. not via group memberships).
Role[]	getRolesForUser(SecurityAccess securityAccess, User user) Retrieves all Role s from the Registry that are associated with a given User DIRECTLY (i.e. not via group memberships).
SecuredObject	getSecuredObjectById(SecurityAccess securityAccess, int id) Retrieves a SecuredObject from the Registry.
SecuredObject	getSecuredObjectByName(SecurityAccess securityAccess, String name, String type) Retrieves a SecuredObject from the Registry.
SecuredObject[]	getSecuredObjectsByNS(SecurityAccess securityAccess, String ns, String type) Retrieves all SecuredObject s from the Registry that have a certain namespace.
User	getUserById(SecurityAccess securityAccess, int id) Retrieves a User from the Registry.
User	getUserByName(SecurityAccess securityAccess, String name) Retrieves a User from the Registry.
User[]	getUsersInGroup(SecurityAccess securityAccess, Group group) Retrieves all User s from the Registry belong to the given Group.
User[]	getUsersWithRole(SecurityAccess securityAccess, Role role) Retrieves all Users s from the Registry that are associated DIRECTLY (SecurityAccess securityAccess, i.e. not via group memberships) with a given Role.
void	initialize(Properties properties) Initializes the Registry -instance according to the contents of the submitted Properties.
Group	registerGroup(SecurityTransaction transaction, String name, String title) Adds a new Group-account to the Registry.
Privilege	registerPrivilege(SecurityTransaction transaction, String name) Adds a new Privilege to the Registry.
RightType	registerRightType(SecurityTransaction transaction, String name) Adds a new RightType to the Registry.
Role	registerRole(SecurityTransaction transaction, String name) Adds a new role to the Registry.
SecuredObject	registerSecuredObject(SecurityTransaction transaction, String type, String name, String title) Adds a new SecuredObject to the Registry.
User	registerUser(SecurityTransaction transaction, String name, String password, String lastName, String firstName, String mailAddress) Adds a new User-account to the Registry.
void	setGroupsForGroup(SecurityTransaction transaction, Group group, Group[] groups) Sets the Groups s that a given Group is member of DIRECTLY (i.e. not via group membership).
void	setGroupsForUser(SecurityTransaction transaction, User user, Group[] groups) Sets the Group s that a given User is a DIRECT member of.
void	setGroupsInGroup(SecurityTransaction transaction, Group group, Group[] groups) Sets the Groups s that are members of a given Group.
void	setGroupsWithRole(SecurityTransaction transaction, Role role, Group[] groups) Sets the Group s that a given Role is associated to.
void	setPrivilegesForRole(SecurityTransaction transaction, Role role, Privilege[] privileges) Sets all Privilege s that are associated with a given Role.
void	setRights(SecurityTransaction transaction, SecurableObject[] objects, Role role, Right right) Sets one Right to be associated with a given Role and all given SecurableObjects.
void	setRights(SecurityTransaction transaction, SecurableObject object, Role role, Right[] rights) Sets the Rights to be associated with a given Role and SecurableObject.
void	setRolesForGroup(SecurityTransaction transaction, Group group, Role[] roles) Sets the Role s that a given Group is associated to.
void	setRolesForUser(SecurityTransaction transaction, User user, Role[] roles) Sets the Role s that a given User is directly associated to.
void	setUsersInGroup(SecurityTransaction transaction, Group group, User[] users) Sets the User s that are members of a given Group.
void	setUsersWithRole(SecurityTransaction transaction, Role role, User[] users) Sets the User s that a given Role is associated to.
void	updateUser(SecurityTransaction transaction, User user) Updates the metadata (name, email, etc.) of a User in the Registry.

Method Detail

initialize

void initialize(Properties properties)
                throws GeneralSecurityException

Initializes the Registry -instance according to the contents of the submitted Properties.

The supported keys and values depend on the concrete implementation.

Parameters:

properties -

Throws:

GeneralSecurityException

beginTransaction

void beginTransaction(SecurityTransaction transaction)
                      throws GeneralSecurityException

Signals the Registry that a new transaction starts.

Only one transaction can be active at a time.

Parameters:

transaction -

Throws:

GeneralSecurityException

commitTransaction

void commitTransaction(SecurityTransaction transaction)
                       throws GeneralSecurityException

Signals the Registry that the current transaction ends. Changes made during the transaction are now made persistent.

Parameters:

transaction -

Throws:

GeneralSecurityException

abortTransaction

void abortTransaction(SecurityTransaction transaction)
                      throws GeneralSecurityException

Signals the Registry that the transaction shall be aborted. Changes made by the transaction are undone.

Parameters:

transaction -

Throws:

GeneralSecurityException

clean

void clean(SecurityTransaction transaction)
           throws GeneralSecurityException

Deletes all data from the Registry and sets the default objects (SEC_ADMIN user, role and group) and standard rights and privileges.

Parameters:

transaction -

Throws:

GeneralSecurityException

registerUser

User registerUser(SecurityTransaction transaction,
                  String name,
                  String password,
                  String lastName,
                  String firstName,
                  String mailAddress)
                  throws GeneralSecurityException

Adds a new User-account to the Registry.

Parameters:

transaction -

name -

password -

lastName -

firstName -

mailAddress -

Returns:

Throws:

GeneralSecurityException - this is a DuplicateException if the group already existed

deregisterUser

void deregisterUser(SecurityTransaction transaction,
                    User user)
                    throws GeneralSecurityException

Removes an existing User from the Registry.

Parameters:

transaction -

user -

Throws:

GeneralSecurityException

updateUser

void updateUser(SecurityTransaction transaction,
                User user)
                throws GeneralSecurityException

Updates the metadata (name, email, etc.) of a User in the Registry.

Parameters:

transaction -

user -

Throws:

GeneralSecurityException - this is a DuplicateException if a user with the new name already existed

getUserByName

User getUserByName(SecurityAccess securityAccess,
                   String name)
                   throws GeneralSecurityException

Retrieves a User from the Registry.

Parameters:

securityAccess -

name -

Returns:

Throws:

GeneralSecurityException - this is an UnknownException if the user is not known to the Registry

getUserById

User getUserById(SecurityAccess securityAccess,
                 int id)
                 throws GeneralSecurityException

Retrieves a User from the Registry.

Parameters:

securityAccess -

id -

Returns:

Throws:

GeneralSecurityException - this is an UnknownException if the user is not known to the Registry

getAllUsers

User[] getAllUsers(SecurityAccess securityAccess)
                   throws GeneralSecurityException

Retrieves all User s from the Registry.

Parameters:

securityAccess -

Returns:

Throws:

GeneralSecurityException

getUsersWithRole

User[] getUsersWithRole(SecurityAccess securityAccess,
                        Role role)
                        throws GeneralSecurityException

Retrieves all Users s from the Registry that are associated DIRECTLY (SecurityAccess securityAccess, i.e. not via group memberships) with a given Role.

Parameters:

securityAccess -

role -

Returns:

Throws:

GeneralSecurityException

getUsersInGroup

User[] getUsersInGroup(SecurityAccess securityAccess,
                       Group group)
                       throws GeneralSecurityException

Retrieves all User s from the Registry belong to the given Group.

Parameters:

securityAccess -

group -

Returns:

Throws:

GeneralSecurityException

setUsersInGroup

void setUsersInGroup(SecurityTransaction transaction,
                     Group group,
                     User[] users)
                     throws GeneralSecurityException

Sets the User s that are members of a given Group.

Parameters:

transaction -

group -

users -

Throws:

GeneralSecurityException

setUsersWithRole

void setUsersWithRole(SecurityTransaction transaction,
                      Role role,
                      User[] users)
                      throws GeneralSecurityException

Sets the User s that a given Role is associated to.

Parameters:

transaction -

role -

users -

Throws:

GeneralSecurityException

registerGroup

Group registerGroup(SecurityTransaction transaction,
                    String name,
                    String title)
                    throws GeneralSecurityException

Adds a new Group-account to the Registry.

Parameters:

transaction -

name -

title -

Returns:

Throws:

GeneralSecurityException - this is a DuplicateException if the group already existed

deregisterGroup

void deregisterGroup(SecurityTransaction transaction,
                     Group group)
                     throws GeneralSecurityException

Removes an existing Group from the Registry (including its relations).

Parameters:

transaction -

group -

Throws:

GeneralSecurityException

getGroupByName

Group getGroupByName(SecurityAccess securityAccess,
                     String name)
                     throws GeneralSecurityException

Retrieves a Group from the Registry.

Parameters:

securityAccess -

name -

Returns:

Throws:

GeneralSecurityException - this is an UnknownException if the group is not known to the Registry

getGroupById

Group getGroupById(SecurityAccess securityAccess,
                   int id)
                   throws GeneralSecurityException

Retrieves a Group from the Registry.

Parameters:

securityAccess -

id -

Returns:

Throws:

GeneralSecurityException - this is an UnknownException if the group is not known to the Registry

getAllGroups

Group[] getAllGroups(SecurityAccess securityAccess)
                     throws GeneralSecurityException

Retrieves all Group s from the Registry.

Parameters:

securityAccess -

Returns:

Throws:

GeneralSecurityException

getGroupsForUser

Group[] getGroupsForUser(SecurityAccess securityAccess,
                         User user)
                         throws GeneralSecurityException

Retrieves all Group s from the Registry that the given User belongs to.

Parameters:

securityAccess -

user -

Returns:

Throws:

GeneralSecurityException

getGroupsForGroup

Group[] getGroupsForGroup(SecurityAccess securityAccess,
                          Group group)
                          throws GeneralSecurityException

Retrieves all Group s from the Registry that the given Group belongs to.

Parameters:

securityAccess -

group -

Returns:

Throws:

GeneralSecurityException

getGroupsInGroup

Group[] getGroupsInGroup(SecurityAccess securityAccess,
                         Group group)
                         throws GeneralSecurityException

Retrieves all Group s from the Registry belong to the given Group.

Parameters:

securityAccess -

group -

Returns:

Throws:

GeneralSecurityException

getGroupsWithRole

Group[] getGroupsWithRole(SecurityAccess securityAccess,
                          Role role)
                          throws GeneralSecurityException

Retrieves all Group s from the Registry that are associated with a given Role.

Parameters:

securityAccess -

role -

Returns:

Throws:

GeneralSecurityException

setGroupsForUser

void setGroupsForUser(SecurityTransaction transaction,
                      User user,
                      Group[] groups)
                      throws GeneralSecurityException

Sets the Group s that a given User is a DIRECT member of.

Parameters:

transaction -

user -

groups -

Throws:

GeneralSecurityException

setGroupsInGroup

void setGroupsInGroup(SecurityTransaction transaction,
                      Group group,
                      Group[] groups)
                      throws GeneralSecurityException

Sets the Groups s that are members of a given Group.

Parameters:

transaction -

group -

groups -

Throws:

GeneralSecurityException

setGroupsWithRole

void setGroupsWithRole(SecurityTransaction transaction,
                       Role role,
                       Group[] groups)
                       throws GeneralSecurityException

Sets the Group s that a given Role is associated to.

Parameters:

transaction -

role -

groups -

Throws:

GeneralSecurityException

setGroupsForGroup

void setGroupsForGroup(SecurityTransaction transaction,
                       Group group,
                       Group[] groups)
                       throws GeneralSecurityException

Sets the Groups s that a given Group is member of DIRECTLY (i.e. not via group membership).

Parameters:

transaction -

group -

groups -

Throws:

GeneralSecurityException

registerRole

Role registerRole(SecurityTransaction transaction,
                  String name)
                  throws GeneralSecurityException

Adds a new role to the Registry.

Parameters:

transaction -

name -

Returns:

Throws:

GeneralSecurityException - this is a DuplicateException if the role already existed

deregisterRole

void deregisterRole(SecurityTransaction transaction,
                    Role role)
                    throws GeneralSecurityException

Removes an existing Role from the Registry (including its relations).

Parameters:

transaction -

role -

Throws:

GeneralSecurityException

getRoleByName

Role getRoleByName(SecurityAccess securityAccess,
                   String name)
                   throws GeneralSecurityException

Retrieves a Role from the Registry.

Parameters:

securityAccess -

name -

Returns:

Throws:

GeneralSecurityException - this is an UnknownException if the role is not known to the Registry

getRolesByNS

Role[] getRolesByNS(SecurityAccess securityAccess,
                    String ns)
                    throws GeneralSecurityException

Retrieves all Role s from the Registry that have a certain namespace.

Parameters:

securityAccess -

ns -

Returns:

Throws:

GeneralSecurityException

getRoleById

Role getRoleById(SecurityAccess securityAccess,
                 int id)
                 throws GeneralSecurityException

Retrieves a Role from the Registry.

Parameters:

securityAccess -

id -

Returns:

Throws:

GeneralSecurityException - this is an UnknownException if the role is not known to the Registry

getAllRoles

Role[] getAllRoles(SecurityAccess securityAccess)
                   throws GeneralSecurityException

Retrieves all Role s from the Registry, except those that are only used internally (these end with a $ symbol);

Parameters:

securityAccess -

Returns:

Throws:

GeneralSecurityException

getRolesForUser

Role[] getRolesForUser(SecurityAccess securityAccess,
                       User user)
                       throws GeneralSecurityException

Retrieves all Role s from the Registry that are associated with a given User DIRECTLY (i.e. not via group memberships).

Parameters:

securityAccess -

user -

Returns:

Throws:

GeneralSecurityException

getRolesForGroup

Role[] getRolesForGroup(SecurityAccess securityAccess,
                        Group group)
                        throws GeneralSecurityException

Retrieves all Role s from the Registry that are associated with a given Group DIRECTLY (i.e. not via group memberships).

Parameters:

securityAccess -

group -

Returns:

Throws:

GeneralSecurityException

setRolesForUser

void setRolesForUser(SecurityTransaction transaction,
                     User user,
                     Role[] roles)
                     throws GeneralSecurityException

Sets the Role s that a given User is directly associated to.

Parameters:

transaction -

user -

roles -

Throws:

GeneralSecurityException

setRolesForGroup

void setRolesForGroup(SecurityTransaction transaction,
                      Group group,
                      Role[] roles)
                      throws GeneralSecurityException

Sets the Role s that a given Group is associated to.

Parameters:

transaction -

group -

roles -

Throws:

GeneralSecurityException

registerSecuredObject

SecuredObject registerSecuredObject(SecurityTransaction transaction,
                                    String type,
                                    String name,
                                    String title)
                                    throws GeneralSecurityException

Adds a new SecuredObject to the Registry.

Parameters:

transaction -

type -

name -

title -

Returns:

Throws:

GeneralSecurityException - this is a DuplicateException if the object already existed

deregisterSecuredObject

void deregisterSecuredObject(SecurityTransaction transaction,
                             SecuredObject object)
                             throws GeneralSecurityException

Removes an existing SecuredObject from the Registry (including its associated rights).

Parameters:

transaction -

object -

Throws:

GeneralSecurityException

getSecuredObjectByName

SecuredObject getSecuredObjectByName(SecurityAccess securityAccess,
                                     String name,
                                     String type)
                                     throws GeneralSecurityException

Retrieves a SecuredObject from the Registry.

Parameters:

securityAccess -

name -

type -

Returns:

Throws:

GeneralSecurityException - this is an UnknownException if the SecuredObject is not known to the Registry

getSecuredObjectsByNS

SecuredObject[] getSecuredObjectsByNS(SecurityAccess securityAccess,
                                      String ns,
                                      String type)
                                      throws GeneralSecurityException

Retrieves all SecuredObject s from the Registry that have a certain namespace.

Parameters:

securityAccess -

ns -

type -

Returns:

Throws:

GeneralSecurityException

getSecuredObjectById

SecuredObject getSecuredObjectById(SecurityAccess securityAccess,
                                   int id)
                                   throws GeneralSecurityException

Retrieves a SecuredObject from the Registry.

Parameters:

securityAccess -

id -

Returns:

Throws:

GeneralSecurityException - this is an UnknownException if the SecuredObject is not known to the Registry

getAllSecuredObjects

SecuredObject[] getAllSecuredObjects(SecurityAccess securityAccess,
                                     String type)
                                     throws GeneralSecurityException

Retrieves all SecuredObject s from the Registry.

Parameters:

securityAccess -

type -

Returns:

Throws:

GeneralSecurityException

registerPrivilege

Privilege registerPrivilege(SecurityTransaction transaction,
                            String name)
                            throws GeneralSecurityException

Adds a new Privilege to the Registry.

Parameters:

transaction -

name -

Returns:

Throws:

GeneralSecurityException - this is a DuplicateException if the Privilege already existed

deregisterPrivilege

void deregisterPrivilege(SecurityTransaction transaction,
                         Privilege privilege)
                         throws GeneralSecurityException

Removes an existing Privilege from the Registry (including its relations).

Parameters:

transaction -

privilege -

Throws:

GeneralSecurityException

getPrivilegeByName

Privilege getPrivilegeByName(SecurityAccess securityAccess,
                             String name)
                             throws GeneralSecurityException

Retrieves a Privilege from the Registry.

Parameters:

securityAccess -

name -

Returns:

Throws:

GeneralSecurityException - this is an UnknownException if the privilege is not known to the Registry

getPrivilegesForRole

Privilege[] getPrivilegesForRole(SecurityAccess securityAccess,
                                 Role role)
                                 throws GeneralSecurityException

Retrieves all Privileges s from the Registry that are associated with a given Role.

Parameters:

securityAccess -

role -

Returns:

Throws:

GeneralSecurityException

setPrivilegesForRole

void setPrivilegesForRole(SecurityTransaction transaction,
                          Role role,
                          Privilege[] privileges)
                          throws GeneralSecurityException

Sets all Privilege s that are associated with a given Role.

Parameters:

transaction -

role -

privileges -

Throws:

GeneralSecurityException

registerRightType

RightType registerRightType(SecurityTransaction transaction,
                            String name)
                            throws GeneralSecurityException

Adds a new RightType to the Registry.

Parameters:

transaction -

name -

Returns:

Throws:

GeneralSecurityException - this is a DuplicateException if the RightType already existed

deregisterRightType

void deregisterRightType(SecurityTransaction transaction,
                         RightType type)
                         throws GeneralSecurityException

Removes an existing RightType from the Registry (including its relations).

Parameters:

transaction -

type -

Throws:

GeneralSecurityException

getRightTypeByName

RightType getRightTypeByName(SecurityAccess securityAccess,
                             String name)
                             throws GeneralSecurityException

Retrieves a RightType from the Registry.

Parameters:

securityAccess -

name -

Returns:

Throws:

GeneralSecurityException - this is an UnknownException if the RightType is not known to the Registry

getRights

Right[] getRights(SecurityAccess securityAccess,
                  SecurableObject object,
                  Role role)
                  throws GeneralSecurityException

Retrieves the Rights from the Registry that are associated with a given Role and a SecurableObject.

Parameters:

securityAccess -

object -

role -

Returns:

Throws:

GeneralSecurityException

setRights

void setRights(SecurityTransaction transaction,
               SecurableObject object,
               Role role,
               Right[] rights)
               throws GeneralSecurityException

Sets the Rights to be associated with a given Role and SecurableObject.

Parameters:

transaction -

object -

role -

rights -

Throws:

GeneralSecurityException

setRights

void setRights(SecurityTransaction transaction,
               SecurableObject[] objects,
               Role role,
               Right right)
               throws GeneralSecurityException

Sets one Right to be associated with a given Role and all given SecurableObjects.

Parameters:

transaction -

objects -

role -

right -

Throws:

GeneralSecurityException