inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-24 17:32:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Moving to root below branch label

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@2005 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Derek Hulley
2005-12-08 07:13:07 +00:00
commit e1e6508fec
1095 changed files with 230566 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
source/java/org/alfresco/service/cmr/security/AccessPermission.java Normal file
View File

@@ -0,0 +1,57 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.service.cmr.security;
/**
* The interface used to support reporting back if permissions are allowed or
* denied.
*
* @author Andy Hind
*/
public interface AccessPermission
{
/**
* The permission.
*
* @return
*/
public String getPermission();
/**
* Get the Access enumeration value
*
* @return
*/
public AccessStatus getAccessStatus();
/**
* Get the authority to which this permission applies.
*
* @return
*/
public String getAuthority();
/**
* Get the type of authority to which this permission applies.
*
* @return
*/
public AuthorityType getAuthorityType();
}

27
source/java/org/alfresco/service/cmr/security/AccessStatus.java Normal file
View File

@@ -0,0 +1,27 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.service.cmr.security;
/**
* Enumeration used to indicate access status.
*
* @author Andy Hind
*/
public enum AccessStatus
{
DENIED, ALLOWED
}

146
source/java/org/alfresco/service/cmr/security/AuthenticationService.java Normal file
View File

@@ -0,0 +1,146 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.service.cmr.security;
import org.alfresco.repo.security.authentication.AuthenticationException;
/**
* The authentication service defines the API for managing authentication information
* against a user id.
*
* @author Andy Hind
*
*/
public interface AuthenticationService
{
/**
* Create an authentication for the given user.
*
* @param userName
* @param password
* @throws AuthenticationException
*/
public void createAuthentication(String userName, char[] password) throws AuthenticationException;
/**
* Update the login information for the user (typically called by the user)
*
* @param userName
* @param oldPassword
* @param newPassword
* @throws AuthenticationException
*/
public void updateAuthentication(String userName, char[] oldPassword, char[] newPassword) throws AuthenticationException;
/**
* Set the login information for a user (typically called by an admin user)
*
* @param userName
* @param newPassword
* @throws AuthenticationException
*/
public void setAuthentication(String userName, char[] newPassword) throws AuthenticationException;
/**
* Delete an authentication entry
*
* @param userName
* @throws AuthenticationException
*/
public void deleteAuthentication(String userName) throws AuthenticationException;
/**
* Enable or disable an authentication entry
*
* @param userName
* @param enabled
*/
public void setAuthenticationEnabled(String userName, boolean enabled) throws AuthenticationException;
/**
* Is an authentication enabled or disabled?
*
* @param userName
* @return
*/
public boolean getAuthenticationEnabled(String userName) throws AuthenticationException;
/**
* Carry out an authentication attempt. If successful the user is set to the current user.
* The current user is a part of the thread context.
*
* @param userName
* @param password
* @throws AuthenticationException
*/
public void authenticate(String userName, char[] password) throws AuthenticationException;
/**
* Get the name of the currently authenticated user.
*
* @return
* @throws AuthenticationException
*/
public String getCurrentUserName() throws AuthenticationException;
/**
* Invalidate any tickets held by the user.
*
* @param userName
* @throws AuthenticationException
*/
public void invalidateUserSession(String userName) throws AuthenticationException;
/**
* Invalidate a single ticket by ID
*
* @param ticket
* @throws AuthenticationException
*/
public void invalidateTicket(String ticket) throws AuthenticationException;
/**
* Validate a ticket. Set the current user name accordingly.
*
* @param ticket
* @throws AuthenticationException
*/
public void validate(String ticket) throws AuthenticationException;
/**
* Get the current ticket as a string
* @return
*/
public String getCurrentTicket();
/**
* Remove the current security information
*
*/
public void clearCurrentSecurityContext();
/**
* Is the current user the system user?
*
* @return
*/
public boolean isCurrentUserTheSystemUser();
}

175
source/java/org/alfresco/service/cmr/security/AuthorityService.java Normal file
View File

@@ -0,0 +1,175 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.service.cmr.security;
import java.util.Set;
/**
* The service that encapsulates authorities granted to users.
*
* This service will refuse to create any user authorities. These should be
* managed using the AuthenticationService and PersonServce. Methods that try to
* change alter users will throw an exception.
*
* A string key is used to identify the authority. These follow the contract
* defined in AuthorityType. If there are entities linked to these authorities
* this key should be used to find them, as userName is used link user and
* person.
*
* @author Andy Hind
*/
public interface AuthorityService
{
/**
* Check of the current user has admin authority.
*
* There is no contract for who should have this authority, only that it can
* be tested here. It could be determined by group membership, role,
* authentication mechanism, ...
*
* @return true if the currently authenticated user has the admin authority
*/
public boolean hasAdminAuthority();
/**
* Get the authorities for the current user
*
* @return
*/
public Set<String> getAuthorities();
/**
* Get all authorities by type.
*
* @param type -
* the type of authorities.
* @return
*/
public Set<String> getAllAuthorities(AuthorityType type);
/**
* Get all root authorities by type. Root authorities are ones that were
* created without an authority as the parent authority;
*
* @param type -
* the type of the authority
* @return
*/
public Set<String> getAllRootAuthorities(AuthorityType type);
/**
* Create an authority. If the parent is null thisw method creates a root
* authority.
*
* @param type -
* the type of the authority
* @param parentName -
* the name of the parent authority. If this is null then a root
* authority is created.
* @param shortName -
* the short name of the authority to create
*
* @return the name of the authority (this will be the prefix, if any
* associated with the type appended with the short name)
*/
public String createAuthority(AuthorityType type, String parentName, String shortName);
/**
* Set an authority to include another authority. For example, adding a
* group to a group or adding a user to a group.
*
* @param parentName -
* the string identifier for the parent.
* @param childName -
* the string identifier for the child.
*/
public void addAuthority(String parentName, String childName);
/**
* Remove an authority as a member of another authority. The child authority
* will still exist. If the child authority was not created as a root
* authority and you remove its creation link, it will be moved to a root
* authority. If you want rid of it, use delete.
*
* @param parentName -
* the string identifier for the parent.
* @param childName -
* the string identifier for the child.
*/
public void removeAuthority(String parentName, String childName);
/**
* Delete an authority and all its relationships.
*
* @param name
*/
public void deleteAuthority(String name);
/**
* Get all the authorities that are contained by the given authority.
*
* For a group you could get all the authorities it contains, just the users
* it contains or just the other groups it includes.
*
* @param type -
* if not null, limit to the type of authority specified
* @param name -
* the name of the containing authority
* @param immediate -
* if true, limit the depth to just immediate child, if false
* find authorities at any depth
* @return
*/
public Set<String> getContainedAuthorities(AuthorityType type, String name, boolean immediate);
/**
* Get the authorities that contain the given authority
*
* For example, this can be used find out all the authorities that contain a
* user.
*
* @param type -
* if not null, limit to the type of authority specified
* @param name -
* the name of the authority for which the containing authorities
* are required.
* @param immediate -
* limit to immediate parents or any ancestor.
* @return
*/
public Set<String> getContainingAuthorities(AuthorityType type, String name, boolean immediate);
/**
* Extract the short name of an authority from its full identifier.
*
* @param name
* @return
*/
public String getShortName(String name);
/**
* Create the full identifier for an authority given its short name and
* type.
*
* @param type
* @param shortName
* @return
*/
public String getName(AuthorityType type, String shortName);
}

240
source/java/org/alfresco/service/cmr/security/AuthorityType.java Normal file
View File

@@ -0,0 +1,240 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.service.cmr.security;
/**
* The types of authority that are available.
* <p>
* <p>
* Available types are:
* <ol>
* <li>USER - an authority that identifies a user
* <li>GROUP - an authority that identifies a group
* <li>OWNER - the special authority that applies to the owner of a node
* <li>EVERYONE - the special authority that is interpreted as everyone
* <li>GUEST - the special authority that applies to a GUEST (An unknown,
* unauthenticated user)
* </ol>
*
* @author Andy Hind
*/
public enum AuthorityType
{
ADMIN
{
public boolean isFixedString()
{
return true;
}
public String getFixedString()
{
return PermissionService.ADMINISTRATOR_AUTHORITY;
}
public boolean isPrefixed()
{
return false;
}
public String getPrefixString()
{
return "";
}
},
EVERYONE
{
public boolean isFixedString()
{
return true;
}
public String getFixedString()
{
return PermissionService.ALL_AUTHORITIES;
}
public boolean isPrefixed()
{
return false;
}
public String getPrefixString()
{
return "";
}
},
OWNER
{
public boolean isFixedString()
{
return true;
}
public String getFixedString()
{
return PermissionService.OWNER_AUTHORITY;
}
public boolean isPrefixed()
{
return false;
}
public String getPrefixString()
{
return "";
}
},
GUEST
{
public boolean isFixedString()
{
return true;
}
public String getFixedString()
{
return PermissionService.GUEST;
}
public boolean isPrefixed()
{
return false;
}
public String getPrefixString()
{
return "";
}
},
GROUP
{
public boolean isFixedString()
{
return false;
}
public String getFixedString()
{
return "";
}
public boolean isPrefixed()
{
return true;
}
public String getPrefixString()
{
return PermissionService.GROUP_PREFIX;
}
},
ROLE
{
public boolean isFixedString()
{
return false;
}
public String getFixedString()
{
return "";
}
public boolean isPrefixed()
{
return true;
}
public String getPrefixString()
{
return PermissionService.ROLE_PREFIX;
}
},
USER
{
public boolean isFixedString()
{
return false;
}
public String getFixedString()
{
return "";
}
public boolean isPrefixed()
{
return false;
}
public String getPrefixString()
{
return "";
}
};
public abstract boolean isFixedString();
public abstract String getFixedString();
public abstract boolean isPrefixed();
public abstract String getPrefixString();
public boolean equals(String authority)
{
return equals(getAuthorityType(authority));
}
public static AuthorityType getAuthorityType(String authority)
{
AuthorityType authorityType;
if (authority.equals(PermissionService.ADMINISTRATOR_AUTHORITY))
{
authorityType = AuthorityType.ADMIN;
}
if (authority.equals(PermissionService.ALL_AUTHORITIES))
{
authorityType = AuthorityType.EVERYONE;
}
else if (authority.equals(PermissionService.OWNER_AUTHORITY))
{
authorityType = AuthorityType.OWNER;
}
else if (authority.equals(PermissionService.GUEST))
{
authorityType = AuthorityType.GUEST;
}
else if (authority.startsWith(PermissionService.GROUP_PREFIX))
{
authorityType = AuthorityType.GROUP;
}
else if (authority.startsWith(PermissionService.ROLE_PREFIX))
{
authorityType = AuthorityType.ROLE;
}
else
{
authorityType = AuthorityType.USER;
}
return authorityType;
}
}

58
source/java/org/alfresco/service/cmr/security/OwnableService.java Normal file
View File

@@ -0,0 +1,58 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.service.cmr.security;
import org.alfresco.service.cmr.repository.NodeRef;
/**
* Service support around managing ownership.
*
* @author Andy Hind
*/
public interface OwnableService
{
/**
* Get the username of the owner of the given object.
*
* @param nodeRef
* @return the username or null if the object has no owner
*/
public String getOwner(NodeRef nodeRef);
/**
* Set the owner of the object.
*
* @param nodeRef
* @param userName
*/
public void setOwner(NodeRef nodeRef, String userName);
/**
* Set the owner of the object to be the current user.
*
* @param nodeRef
*/
public void takeOwnership(NodeRef nodeRef);
/**
* Does the given node have an owner?
*
* @param nodeRef
* @return
*/
public boolean hasOwner(NodeRef nodeRef);
}

233
source/java/org/alfresco/service/cmr/security/PermissionService.java Normal file
View File

@@ -0,0 +1,233 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.service.cmr.security;
import java.util.Set;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.QName;
/**
* The public API for a permission service
*
* The implementation may be changed in the application configuration
*
* @author Andy Hind
*/
public interface PermissionService
{
public static final String ROLE_PREFIX = "ROLE_";
public static final String GROUP_PREFIX = "GROUP_";
public static final String ALL_AUTHORITIES = "GROUP_EVERYONE";
public static final String OWNER_AUTHORITY = "ROLE_OWNER";
public static final String LOCK_OWNER_AUTHORITY = "ROLE_LOCK_OWNER";
public static final String ADMINISTRATOR_AUTHORITY = "ROLE_ADMINISTRATOR";
public static final String ALL_PERMISSIONS = "All";
public static final String FULL_CONTROL = "FullControl";
public static final String READ = "Read";
public static final String WRITE = "Write";
public static final String DELETE = "Delete";
public static final String ADD_CHILDREN = "AddChildren";
public static final String READ_PROPERTIES = "ReadProperties";
public static final String READ_CHILDREN = "ReadChildren";
public static final String WRITE_PROPERTIES = "WriteProperties";
public static final String DELETE_NODE = "DeleteNode";
public static final String DELETE_CHILDREN = "DeleteChildren";
public static final String CREATE_CHILDREN = "CreateChildren";
public static final String LINK_CHILDREN = "LinkChildren";
public static final String DELETE_ASSOCIATIONS = "DeleteAssociations";
public static final String READ_ASSOCIATIONS = "ReadAssociations";
public static final String CREATE_ASSOCIATIONS = "CreateAssociations";
public static final String READ_PERMISSIONS = "ReadPermissions";
public static final String CHANGE_PERMISSIONS = "ChangePermissions";
public static final String EXECUTE = "Execute";
public static final String READ_CONTENT = "ReadContent";
public static final String WRITE_CONTENT = "WriteContent";
public static final String EXECUTE_CONTENT = "ExecuteContent";
public static final String TAKE_OWNERSHIP = "TakeOwnership";
public static final String SET_OWNER = "SetOwner";
public static final String COORDINATOR = "Coordinator";
public static final String CONTRIBUTOR = "Contributor";
public static final String EDITOR = "Editor";
public static final String GUEST = "Guest";
public static final String LOCK = "Lock";
public static final String UNLOCK = "Unlock";
public static final String CHECK_OUT = "CheckOut";
public static final String CHECK_IN = "CheckIn";
public static final String CANCEL_CHECK_OUT = "CancelCheckOut";
/**
* Get the Owner Authority
*
* @return the owner authority
*/
public String getOwnerAuthority();
/**
* Get the All Authorities
*
* @return the All authorities
*/
public String getAllAuthorities();
/**
* Get the All Permission
*
* @return the All permission
*/
public String getAllPermission();
/**
* Get all the AccessPermissions that are granted/denied to the current
* authentication for the given node
*
* @param nodeRef -
* the reference to the node
* @return the set of allowed permissions
*/
public Set<AccessPermission> getPermissions(NodeRef nodeRef);
/**
* Get all the AccessPermissions that are set for anyone for the
* given node
*
* @param nodeRef -
* the reference to the node
* @return the set of allowed permissions
*/
public Set<AccessPermission> getAllSetPermissions(NodeRef nodeRef);
/**
* Get the permissions that can be set for a given node
*
* @param nodeRef
* @return
*/
public Set<String> getSettablePermissions(NodeRef nodeRef);
/**
* Get the permissions that can be set for a given type
*
* @param nodeRef
* @return
*/
public Set<String> getSettablePermissions(QName type);
/**
* Check that the given authentication has a particular permission for the
* given node. (The default behaviour is to inherit permissions)
*
* @param nodeRef
* @param perm
* @return
*/
public AccessStatus hasPermission(NodeRef nodeRef, String perm);
/**
* Delete all the permission assigned to the node
*
* @param nodeRef
*/
public void deletePermissions(NodeRef nodeRef);
/**
* Delete all permission for the given authority.
*
* @param nodeRef
* @param authority
*/
public void clearPermission(NodeRef nodeRef, String authority);
/**
* Find and delete a permission by node, authentication and permission
* definition.
*
* @param nodeRef
* @param authority
* @param perm
*/
public void deletePermission(NodeRef nodeRef, String authority, String perm, boolean allow);
/**
* Set a specific permission on a node.
*
* @param nodeRef
* @param authority
* @param perm
* @param allow
*/
public void setPermission(NodeRef nodeRef, String authority, String perm, boolean allow);
/**
* Set the global inheritance behaviour for permissions on a node.
*
* @param nodeRef
* @param inheritParentPermissions
*/
public void setInheritParentPermissions(NodeRef nodeRef, boolean inheritParentPermissions);
/**
* Return the global inheritance behaviour for permissions on a node.
*
* @param nodeRef
* @return inheritParentPermissions
*/
public boolean getInheritParentPermissions(NodeRef nodeRef);
}

135
source/java/org/alfresco/service/cmr/security/PersonService.java Normal file
View File

@@ -0,0 +1,135 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.service.cmr.security;
import java.io.Serializable;
import java.util.Map;
import java.util.Set;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.namespace.QName;
/**
* This service encapsulates the management of people and groups.
* <p>
* <p>
* People and groups may be managed entirely in the repository or entirely in
* some other implementation such as LDAP or via NTLM. Some properties may in
* the repository and some in another store. Individual properties may or may
* not be mutable.
* <p>
*
* @author Andy Hind
*/
public interface PersonService
{
/**
* Get a person by userName. The person is store in the repository. The
* person may be created as a side effect of this call.
*
* @param userName - the userName key to find the person
* @return
*/
public NodeRef getPerson(String userName);
/**
* Check if a person exists.
*
* @param userName
* @return
*/
public boolean personExists(String userName);
/**
* Does this service create people on demand if they are missing. If this is
* true, a call to getPerson() will create a person if they are missing.
*
* @return true if people are created on demand and false otherwise.
*/
public boolean createMissingPeople();
/**
* Set if missing people should be created.
*
* @param createMissing
*/
public void setCreateMissingPeople(boolean createMissing);
/**
* Get the list of properties that are mutable. Some service may only allow
* a limited list of properties to be changed. This may be those persisted
* in the repository or those that can be changed in some other
* implementation such as LDAP.
*
* @return A set of QNames that identify properties that can be changed
*/
public Set<QName> getMutableProperties();
/**
* Set the properties on a person - some of these may be persisted in
* different locations.
*
* @param userName - the user for which the properties should be set.
* @param properties - the map of properties to set (as the NodeService)
*/
public void setPersonProperties(String userName, Map<QName, Serializable> properties);
/**
* Can this service create, delete and update person information?
*
* @return true if this service allows mutation to people.
*/
public boolean isMutable();
/**
* Create a new person with the given properties.
* The userName is one of the properties.
* Users with duplicate userNames are not allowed.
*
* @param properties
* @return
*/
public NodeRef createPerson(Map<QName, Serializable> properties);
/**
* Delete the person identified by the given user name.
*
* @param userName
*/
public void deletePerson(String userName);
/**
* Get all the people we know about.
*
* @return a set of people in no specific order.
*/
public Set<NodeRef> getAllPeople();
/**
* Return the container that stores people.
*
* @return
*/
public NodeRef getPeopleContainer();
/**
* Are user names case sensitive?
*
* @return
*/
public boolean getUserNamesAreCaseSensitive();
}