Package com.bloomreach.xm.repository.security

Interface DomainsManager

  • public interface DomainsManager
    Provides administrative (crud) domain management; currently limited to only AuthRoles of an existing domain.

    Note that this manager only provides and allows operations on DomainAuths in a valid location!

    A domain location is valid if:

    • it is a domain (directly) under a hipposys:domainfolder parent node below /hippo:configuration/hippo:domains
    • it is a domain (directly) under a hipposys:federateddomainfolder parent node with depth >= 2

    Likewise, access and operations on AuthRoles is only provided for authroles directly under a valid domain location.

    All modifying operations require the underlying HippoSession to have userRole SecurityConstants.USERROLE_SECURITY_APPLICATION_ADMIN

    • Method Detail

      • getDomainAuth

        DomainAuth getDomainAuth​(String domainPath)
                  throws javax.jcr.ItemNotFoundException,
                         javax.jcr.RepositoryException
        Get a DomainAuth by its (node) path. Only a domain in a valid location will be returned.
        Parameters:
        domainPath - the path of the domain to get
        Returns:
        the DomainAuth object
        Throws:
        javax.jcr.ItemNotFoundException - when the domain node doesn't exist, or is in an invalid location
        javax.jcr.RepositoryException - if the underlying HippoSession is no longer live, or something else went wrong

      • getDomainAuths

        SortedSet<DomainAuth> getDomainAuths()
                              throws javax.jcr.RepositoryException
        Returns:
        all the DomainAuths. Only DomainAuths in a valid location will be returned.
        Throws:
        javax.jcr.RepositoryException - if the underlying HippoSession is no longer live, or something else went wrong

      • getDomainAuthsForUser

        SortedSet<DomainAuth> getDomainAuthsForUser​(String user)
                                     throws IllegalArgumentException,
                                            javax.jcr.RepositoryException
        Parameters:
        user - the name of the user
        Returns:
        the DomainAuths having at least one AuthRole with the provided user name. Only domains in a valid location will be returned.
        Throws:
        IllegalArgumentException - if the provided user name is null or invalid
        javax.jcr.RepositoryException - if the underlying HippoSession is no longer live, or something else went wrong

      • getDomainAuthsForUserRole

        SortedSet<DomainAuth> getDomainAuthsForUserRole​(String userRole)
                                         throws IllegalArgumentException,
                                                javax.jcr.RepositoryException
        Parameters:
        userRole - the name of the userRole
        Returns:
        the DomainAuths having at least one AuthRole with the provided userRole. Only domains in a valid location will be returned.
        Throws:
        IllegalArgumentException - if the provided userRole name is null or invalid
        javax.jcr.RepositoryException - if the underlying HippoSession is no longer live, or something else went wrong

      • getDomainAuthsForGroup

        SortedSet<DomainAuth> getDomainAuthsForGroup​(String group)
                                      throws IllegalArgumentException,
                                             javax.jcr.RepositoryException
        Parameters:
        group - the name of the group
        Returns:
        the DomainAuths having at least one AuthRole with the provided group. Only domains in a valid location will be returned.
        Throws:
        IllegalArgumentException - if the provided group name is null or invalid
        javax.jcr.RepositoryException - if the underlying HippoSession is no longer live, or something else went wrong

      • getAuthRole

        AuthRole getAuthRole​(String authRolePath)
              throws javax.jcr.RepositoryException
        Get a AuthRole by its (node) path. Only an authrole in a valid location will be returned.
        Parameters:
        authRolePath - the path of the authrole to get
        Returns:
        the AuthRole object
        Throws:
        javax.jcr.ItemNotFoundException - when the authrole node doesn't exist, or is in an invalid location
        javax.jcr.RepositoryException - if the underlying HippoSession is no longer live, or something else went wrong

      • addAuthRole

        AuthRole addAuthRole​(AuthRole authRoleTemplate)
              throws IllegalArgumentException,
                     javax.jcr.AccessDeniedException,
                     javax.jcr.RepositoryException
        Add a new AuthRole to an existing DomainAuth.
        Parameters:
        authRoleTemplate - A template for the AuthRole to create from, for example a AuthRoleBean instance
        Returns:
        the created AuthRole
        Throws:
        IllegalArgumentException - When the template, template.name, template.domainPath or template.role is null.
        javax.jcr.ItemNotFoundException - When there is no (valid) domain located at template.domainPath
        javax.jcr.ItemExistsException - When there already is an AuthRole named template.name under template.domainPath
        javax.jcr.AccessDeniedException - if the underlying HippoSession doesn't have the userRole SecurityConstants.USERROLE_SECURITY_APPLICATION_ADMIN
        javax.jcr.RepositoryException - if the underlying HippoSession is no longer live, or something else went wrong

      • updateAuthRole

        AuthRole updateAuthRole​(AuthRole authRoleTemplate)
                 throws IllegalArgumentException,
                        javax.jcr.AccessDeniedException,
                        javax.jcr.RepositoryException
        Update an existing AuthRole
        Parameters:
        authRoleTemplate - A template for the AuthRole to update from, for example a AuthRoleBean instance
        Returns:
        a fresh instance of the AuthRole after the update
        Throws:
        IllegalArgumentException - When the template, template.name, template.domainPath or template.role is null.
        javax.jcr.ItemNotFoundException - When there is no (valid) domain located at template.domainPath
        javax.jcr.AccessDeniedException - if the underlying HippoSession doesn't have the userRole SecurityConstants.USERROLE_SECURITY_APPLICATION_ADMIN
        javax.jcr.RepositoryException - if the underlying HippoSession is no longer live, or something else went wrong

      • deleteAuthRole

        boolean deleteAuthRole​(AuthRole authRoleTemplate)
                throws IllegalArgumentException,
                       javax.jcr.AccessDeniedException,
                       javax.jcr.RepositoryException
        Delete an existing AuthRole
        Parameters:
        authRoleTemplate - The AuthRole to delete
        Returns:
        true if the AuthRole was deleted; false if not (not found or in an invalid location)
        Throws:
        IllegalArgumentException - When the template or template.path is null.
        javax.jcr.AccessDeniedException - if the underlying HippoSession doesn't have the userRole SecurityConstants.USERROLE_SECURITY_APPLICATION_ADMIN
        javax.jcr.RepositoryException - if the underlying HippoSession is no longer live, or something else went wrong