Interface RepositorySecurityManager
-
public interface RepositorySecurityManager
HippoSession
bound manager for accessing, and optionally managing, repository based security configuration.The provided read-only and thread-safe providers are shared across all
RepositorySecurityManager
instances (e.g. across multiple HippoSessions).The provided managers are all dedicated and bound to this
RepositorySecurityManager
instance and use (each) a dedicated system session for perform changes. These managers are NOT thread-safe and only to be used on-behalf of their HippoSession (user).
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description ChangePasswordManager
getChangePasswordManager()
The ChangePasswordManager allows the {link HippoSession} user to change its passwordDomainsManager
getDomainsManager()
Provides administrative (crud) domain management; currently limited to onlyAuthRole
s of an existing domain.RolesManager
getRolesManager()
Provides administrative (crud) roles management.RolesProvider
getRolesProvider()
Provides a read-only and thread-safe provider for accessing repository Role definitionsUserRolesManager
getUserRolesManager()
Provides administrative (crud) userroles management.UserRolesProvider
getUserRolesProvider()
Provides a read-only and thread-safe provider for accessing repository User Role definitions
-
-
-
Method Detail
-
getRolesProvider
RolesProvider getRolesProvider()
Provides a read-only and thread-safe provider for accessing repository Role definitions- Returns:
- the roles provider
-
getUserRolesProvider
UserRolesProvider getUserRolesProvider()
Provides a read-only and thread-safe provider for accessing repository User Role definitions- Returns:
- the userroles provider
-
getChangePasswordManager
ChangePasswordManager getChangePasswordManager() throws AccessDeniedException, RepositoryException
The ChangePasswordManager allows the {link HippoSession} user to change its password- Returns:
- the ChangePasswordManager
- Throws:
AccessDeniedException
- for aHippoSession.isSystemSession()
, aUser.isSystemUser()
or aUser.isExternal()
.RepositoryException
- if the underlying HippoSession is no longer live, or something else went wrong
-
getRolesManager
RolesManager getRolesManager() throws AccessDeniedException, RepositoryException
Provides administrative (crud) roles management.Accessing the
RolesManager
requires the HippoSession to be in userroleSecurityConstants.USERROLE_SECURITY_VIEWER
otherwise anAccessDeniedException
will be raised.The HippoSession will be attached to a dedicated internal system session for performing the requested administrative tasks. The HippoSession itself is (only) used for (possibly) additional authorization checks, depending on the requested administrative task, and for (audit) logging purposes.
All of the managers provided by this RepositorySecurityManager share the same internal system session for its HippoSession, which is automatically logged out when the HippoSession logs out.
- Returns:
- the roles manager
- Throws:
AccessDeniedException
- if the HippoSession isn't granted the userroleSecurityConstants.USERROLE_SECURITY_APPLICATION_ADMIN
RepositoryException
- if the underlying HippoSession is no longer live, or something else went wrong
-
getUserRolesManager
UserRolesManager getUserRolesManager() throws AccessDeniedException, RepositoryException
Provides administrative (crud) userroles management.Accessing the
UserRolesManager
requires the HippoSession to be in userroleSecurityConstants.USERROLE_SECURITY_VIEWER
otherwise anAccessDeniedException
will be raised.The HippoSession will be attached to a dedicated internal system session for performing the requested administrative tasks. The HippoSession itself is (only) used for (possibly) additional authorization checks, depending on the requested administrative task, and for (audit) logging purposes.
All of the managers provided by this RepositorySecurityManager share the same internal system session for its HippoSession, which is automatically logged out when the HippoSession logs out.
- Returns:
- the userroles manager
- Throws:
AccessDeniedException
- if the provided HippoSession isn't granted the userroleSecurityConstants.USERROLE_SECURITY_APPLICATION_ADMIN
RepositoryException
- if the underlying HippoSession is no longer live, or something else went wrong
-
getDomainsManager
DomainsManager getDomainsManager() throws AccessDeniedException, RepositoryException
Provides administrative (crud) domain management; currently limited to onlyAuthRole
s of an existing domain.Accessing the
DomainsManager
requires the HippoSession to be in userRoleSecurityConstants.USERROLE_SECURITY_VIEWER
otherwise anAccessDeniedException
will be raised.Note that this manager only provides and allows operations on
DomainAuth
s in a valid location!A domain location is valid if:
- it is a domain (directly) under a hipposys:domainfolder parent node below /hippo:configuration/hippo:domains
- it is a domain (directly) under a hipposys:federateddomainfolder parent node with depth >= 2
Likewise, access and operations on
AuthRole
s is only provided for authroles directly under a valid domain location.All modifying operations require the underlying HippoSession to have userRole
SecurityConstants.USERROLE_SECURITY_APPLICATION_ADMIN
The HippoSession will be attached to a dedicated internal system session for performing the requested administrative tasks. The HippoSession itself is (only) used for (possibly) additional authorization checks, depending on the requested administrative task, and for (audit) logging purposes.
All of the managers provided by this RepositorySecurityManager share the same internal system session for its HippoSession, which is automatically logged out when the HippoSession logs out.
- Returns:
- the DomainsManager
- Throws:
AccessDeniedException
- if the provided HippoSession isn't granted the userroleSecurityConstants.USERROLE_SECURITY_VIEWER
RepositoryException
- if the underlying HippoSession is no longer live, or something else went wrong
-
-