org.apache.jackrabbit.api.security.principal
Interface PrincipalManager

All Known Implementing Classes:
PrincipalManagerImpl

public interface PrincipalManager

This interface defines the principal manager which is the clients view on all principals known to the repository. Each principal manager is bound to a session and is restricted by the respective access control. The principal manager in addition provides basic search facilities.

A Principal is an object used to connect to any kind of security mechanism. Example for this are the login modules that use principals to process the login procedure.
A principal can be a member of a Group. A group is a principal itself and can therefore be a member of a group again.

Please note the following security considerations that need to be respected when implementing the PrincipalManager: All principals returned by this manager as well as Group.members() must respect access restrictions that may be present for the Session this manager has been built for. The same applies for getGroupMembership(Principal).


Field Summary
static int SEARCH_TYPE_ALL
          Filter flag indicating that all Principals should be search irrespective whether they represent a group of Principals or not.
static int SEARCH_TYPE_GROUP
          Filter flag indicating that only Principals that represent a group of Principals should be searched and returned.
static int SEARCH_TYPE_NOT_GROUP
          Filter flag indicating that only Principals that do NOT represent a group should be searched and returned.
 
Method Summary
 PrincipalIterator findPrincipals(String simpleFilter)
          Gets the principals matching a simple filter expression applied against the principal name.
 PrincipalIterator findPrincipals(String simpleFilter, int searchType)
          Gets the principals matching a simple filter expression applied against the principal name AND the specified search type.
 Principal getEveryone()
          Returns the Principal which is implicitly applied to every subject.
 PrincipalIterator getGroupMembership(Principal principal)
          Returns an iterator over all group principals for which the given principal is either direct or indirect member of.
 Principal getPrincipal(String principalName)
          Returns the principal with the given name if is known to this manager (with respect to the sessions access rights).
 PrincipalIterator getPrincipals(int searchType)
          Returns all Principals matching the specified search type.
 boolean hasPrincipal(String principalName)
          Checks if the principal with the given name is known to this manager (in respect to the sessions access rights).
 

Field Detail

SEARCH_TYPE_NOT_GROUP

static final int SEARCH_TYPE_NOT_GROUP
Filter flag indicating that only Principals that do NOT represent a group should be searched and returned.

See Also:
Constant Field Values

SEARCH_TYPE_GROUP

static final int SEARCH_TYPE_GROUP
Filter flag indicating that only Principals that represent a group of Principals should be searched and returned.

See Also:
Constant Field Values

SEARCH_TYPE_ALL

static final int SEARCH_TYPE_ALL
Filter flag indicating that all Principals should be search irrespective whether they represent a group of Principals or not.

See Also:
Constant Field Values
Method Detail

hasPrincipal

boolean hasPrincipal(String principalName)
Checks if the principal with the given name is known to this manager (in respect to the sessions access rights). If this method returns true then the following expression evaluates to true as well: PrincipalManager.getPrincipal(name).getName().equals(name)

Parameters:
principalName - the name of the principal to check
Returns:
return true if the principal with this name is known to this manager; false otherwise.

getPrincipal

Principal getPrincipal(String principalName)
Returns the principal with the given name if is known to this manager (with respect to the sessions access rights). Please note that due to security reasons Group principals will only reveal those members that are visible to the Session this PrincipalManager has been built for.

Parameters:
principalName - the name of the principal to retrieve
Returns:
return the requested principal or null if not exists

findPrincipals

PrincipalIterator findPrincipals(String simpleFilter)
Gets the principals matching a simple filter expression applied against the principal name. TODO: define the filter expression.
An implementation may limit the number of principals returned. If there are no matching principals, an empty iterator is returned.

Parameters:
simpleFilter -
Returns:
a PrincipalIterator over the Principals matching the given filter.

findPrincipals

PrincipalIterator findPrincipals(String simpleFilter,
                                 int searchType)
Gets the principals matching a simple filter expression applied against the principal name AND the specified search type. TODO: define the filter expression.
An implementation may limit the number of principals returned. If there are no matching principals, an empty iterator is returned.

Parameters:
simpleFilter -
searchType - Any of the following constants:
Returns:
a PrincipalIterator over the Principals matching the given filter and search type.

getPrincipals

PrincipalIterator getPrincipals(int searchType)
Returns all Principals matching the specified search type.

Parameters:
searchType - Any of the following constants:
Returns:
a PrincipalIterator over all the Principals matching the given search type.

getGroupMembership

PrincipalIterator getGroupMembership(Principal principal)
Returns an iterator over all group principals for which the given principal is either direct or indirect member of.

Example:
If Principal P is member of Group A, and Group A is member of Group B, this method will return Principal A and Principal B.

Parameters:
principal - the principal to return it's membership from.
Returns:
an iterator returning all groups the given principal is member of.

getEveryone

Principal getEveryone()
Returns the Principal which is implicitly applied to every subject.

Returns:
the 'everyone' principal


Copyright © 2004-2010 The Apache Software Foundation. All Rights Reserved.