Interface RepositorySecurityManager
-
public interface RepositorySecurityManagerHippoSessionbound manager for accessing, and optionally managing, repository based security configuration.The provided read-only and thread-safe providers are shared across all
RepositorySecurityManagerinstances (e.g. across multiple HippoSessions).The provided managers are all dedicated and bound to this
RepositorySecurityManagerinstance and use (each) a dedicated system session for perform changes. These managers are NOT thread-safe and only to be used on-behalf of their HippoSession (user).
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description ChangePasswordManagergetChangePasswordManager()The ChangePasswordManager allows the {link HippoSession} user to change its passwordDomainsManagergetDomainsManager()Provides administrative (crud) domain management; currently limited to onlyAuthRoles of an existing domain.RolesManagergetRolesManager()Provides administrative (crud) roles management.RolesProvidergetRolesProvider()Provides a read-only and thread-safe provider for accessing repository Role definitionsUserRolesManagergetUserRolesManager()Provides administrative (crud) userroles management.UserRolesProvidergetUserRolesProvider()Provides a read-only and thread-safe provider for accessing repository User Role definitions
-
-
-
Method Detail
-
getRolesProvider
RolesProvider getRolesProvider()
Provides a read-only and thread-safe provider for accessing repository Role definitions- Returns:
- the roles provider
-
getUserRolesProvider
UserRolesProvider getUserRolesProvider()
Provides a read-only and thread-safe provider for accessing repository User Role definitions- Returns:
- the userroles provider
-
getChangePasswordManager
ChangePasswordManager getChangePasswordManager() throws AccessDeniedException, RepositoryException
The ChangePasswordManager allows the {link HippoSession} user to change its password- Returns:
- the ChangePasswordManager
- Throws:
AccessDeniedException- for aHippoSession.isSystemSession(), aUser.isSystemUser()or aUser.isExternal().RepositoryException- if the underlying HippoSession is no longer live, or something else went wrong
-
getRolesManager
RolesManager getRolesManager() throws AccessDeniedException, RepositoryException
Provides administrative (crud) roles management.Accessing the
RolesManagerrequires the HippoSession to be in userroleSecurityConstants.USERROLE_SECURITY_VIEWERotherwise anAccessDeniedExceptionwill be raised.The HippoSession will be attached to a dedicated internal system session for performing the requested administrative tasks. The HippoSession itself is (only) used for (possibly) additional authorization checks, depending on the requested administrative task, and for (audit) logging purposes.
All of the managers provided by this RepositorySecurityManager share the same internal system session for its HippoSession, which is automatically logged out when the HippoSession logs out.
- Returns:
- the roles manager
- Throws:
AccessDeniedException- if the HippoSession isn't granted the userroleSecurityConstants.USERROLE_SECURITY_APPLICATION_ADMINRepositoryException- if the underlying HippoSession is no longer live, or something else went wrong
-
getUserRolesManager
UserRolesManager getUserRolesManager() throws AccessDeniedException, RepositoryException
Provides administrative (crud) userroles management.Accessing the
UserRolesManagerrequires the HippoSession to be in userroleSecurityConstants.USERROLE_SECURITY_VIEWERotherwise anAccessDeniedExceptionwill be raised.The HippoSession will be attached to a dedicated internal system session for performing the requested administrative tasks. The HippoSession itself is (only) used for (possibly) additional authorization checks, depending on the requested administrative task, and for (audit) logging purposes.
All of the managers provided by this RepositorySecurityManager share the same internal system session for its HippoSession, which is automatically logged out when the HippoSession logs out.
- Returns:
- the userroles manager
- Throws:
AccessDeniedException- if the provided HippoSession isn't granted the userroleSecurityConstants.USERROLE_SECURITY_APPLICATION_ADMINRepositoryException- if the underlying HippoSession is no longer live, or something else went wrong
-
getDomainsManager
DomainsManager getDomainsManager() throws AccessDeniedException, RepositoryException
Provides administrative (crud) domain management; currently limited to onlyAuthRoles of an existing domain.Accessing the
DomainsManagerrequires the HippoSession to be in userRoleSecurityConstants.USERROLE_SECURITY_VIEWERotherwise anAccessDeniedExceptionwill be raised.Note that this manager only provides and allows operations on
DomainAuths in a valid location!A domain location is valid if:
- it is a domain (directly) under a hipposys:domainfolder parent node below /hippo:configuration/hippo:domains
- it is a domain (directly) under a hipposys:federateddomainfolder parent node with depth >= 2
Likewise, access and operations on
AuthRoles is only provided for authroles directly under a valid domain location.All modifying operations require the underlying HippoSession to have userRole
SecurityConstants.USERROLE_SECURITY_APPLICATION_ADMINThe HippoSession will be attached to a dedicated internal system session for performing the requested administrative tasks. The HippoSession itself is (only) used for (possibly) additional authorization checks, depending on the requested administrative task, and for (audit) logging purposes.
All of the managers provided by this RepositorySecurityManager share the same internal system session for its HippoSession, which is automatically logged out when the HippoSession logs out.
- Returns:
- the DomainsManager
- Throws:
AccessDeniedException- if the provided HippoSession isn't granted the userroleSecurityConstants.USERROLE_SECURITY_VIEWERRepositoryException- if the underlying HippoSession is no longer live, or something else went wrong
-
-