Interface IAuthenticationSource
public interface IAuthenticationSource
WARNING: For internal use only. Use the
ISecurityService
instead.-
Nested Class Summary
Modifier and TypeInterfaceDescriptionstatic enum
Represents the result status of the password verification.static interface
static interface
-
Field Summary
-
Method Summary
Modifier and TypeMethodDescriptionvoid
addContextRoleToUser
(String userName, String roleId, IContextId ctx) void
addGlobalRoleToUser
(String userName, String roleId) boolean
void
changePassword
(String userName, String password) Change password in ${svn.credentials.file} file.boolean
checkCredentials
(String login, String password) Checks the given credentials against the physical source of authentication.checkCredentialsExternal
(String login, String password) Checks the given credentials against the ${svn.credentials.file} file.boolean
Checks if the underlying configuration exists and is valid.boolean
copyACLRights
(String sourcePath, String destinationPath) Copies the ACL from the source path to the destination path.void
createContextRole
(IContextId ctx, String roleId) void
createGlobalRole
(String roleId) void
createUser
(String userName, String password) Creates user record in ${svn.passwd.file} file.void
createUserExternal
(String userName, String password) Creates user record in ${svn.credentials.file} file.void
delGroupACL
(String path, String groupname) Delete Group ACL.void
delGroupsAndACL
(String groupPrefix, String pathPrefix) void
delUserACL
(String path, String username) Delete user ACL.getAuthSrcPermission
(String path, String userName) Returns permission for the given path as defined by the authentication source.getContextRoleAssignmentsForUser
(String userName, IContextId context) Returns the context roles assigned to the specific User together with the source of the assignment.getContextRolesForUser
(String userName, IContextId context) Returns context roles assigned directly to the user.getDefaultHatForContextRole
(IContextId ctx, String role) getEffectiveGroupsAndUsers
(List<String> paths, boolean rw) getEffectiveUsers
(List<String> paths, boolean rw) getGlobalRolesForUser
(String userName) Returns global roles assigned directly to the user.getGroupACLRights
(String path) getGroupACLRights
(String path, String groupname) Return access rights for the given Group ACL.getOverridenPaths
(String path) getUserACLRights
(String path) getUserACLRights
(String path, String username) Return access rights for given user ACL.getUserAssignmentsForRole
(String role, IContextId context) Returns the Users assigned the specific role together with the source of the assignment.getUsersForContextRole
(String roleId, IContextId ctx) Returns a set of user IDs that the role is directly assigned to.getUsersForGlobalRole
(String roleId) boolean
void
removeContextRole
(IContextId ctx, String roleId) void
removeContextRoleFromUser
(String userName, String roleId, IContextId ctx) void
removeGlobalRole
(String roleId) void
removeGlobalRoleFromUser
(String userName, String roleId) void
removeUser
(String userName) void
removeUserFromRoles
(String userName) void
removeUserGroup
(String groupId) Removes the user Group.void
setDefaultHatForContextRole
(IContextId ctx, String role, String hatId) void
setDefaultHatForGlobalRole
(String role, String hatId) void
setGroupACL
(String path, String groupname, String rights) Set Group ACL.void
setUserACL
(String path, String username, String rights) Set user ACL.synchronizeBackendSecurity
(ISecurityService securityService, Collection<String> users, Collection<IContextId> contexts) Synchronizes the backend's (i.e.void
Ensures that the cached svn access file version is the latest available as long as it was written within Polarion.updateUserGroup
(String groupId) Updates the user Group.updateUsersGroups
(String userId) Updates the user's groups.boolean
userExists
(String userName)
-
Field Details
-
NO_ACCESS
Access rights - no access allowed.- Since:
- 3.10.1
- See Also:
-
ACCESS_READ_ONLY
Access rights - read-only access.- Since:
- 3.10.1
- See Also:
-
ACCESS_READWRITE
Access rights - read/write access.- Since:
- 3.10.1
- See Also:
-
-
Method Details
-
checkCredentials
Checks the given credentials against the physical source of authentication. Returnstrue
if the credentials are valid orfalse
if they are not.Should throw an exception if the check was not possible due to problems while interacting with the source. (Instead of silently returning
false
).- Parameters:
login
-password
-- Returns:
true
if credentials are OK, otherwisefalse
.
-
checkCredentialsExternal
@NotNull IAuthenticationSource.CredentialsCheck checkCredentialsExternal(@NotNull String login, @Nullable String password) Checks the given credentials against the ${svn.credentials.file} file. ReturnsIAuthenticationSource.CredentialsCheck
value representing the outcome of the check.Should throw an exception if the check was not possible due to problems while interacting with the source.
- Parameters:
login
-password
-- Returns:
IAuthenticationSource.CredentialsCheck
depending whether the check was successful or a failure.- Since:
- 3.21.1
-
canManageUsers
boolean canManageUsers() -
createUser
Creates user record in ${svn.passwd.file} file.
This file is used for SVN access and passwords in this file are generated.- Parameters:
userName
-password
-
-
createUserExternal
Creates user record in ${svn.credentials.file} file.
This file is used to authenticate users with a user name and password. (It is not for accessing the SVN repository).- Parameters:
userName
-password
-- Since:
- 3.21.1
-
userExists
- Since:
- 3.3.1
-
changePassword
Change password in ${svn.credentials.file} file.- Parameters:
userName
-password
-
-
removeUser
-
removeUserFromRoles
-
getGlobalRoles
-
getGlobalRolesForUser
@NotNull IAuthenticationSource.IVersionedCollection<String> getGlobalRolesForUser(@NotNull String userName) Returns global roles assigned directly to the user.The user can also have roles assigned from Groups. To get the complete set of roles, use
ISecurityService.getRolesForUser(String)
.- Returns:
- A collection of
String
role IDs.
-
createGlobalRole
-
removeGlobalRole
-
getUsersForGlobalRole
-
addGlobalRoleToUser
-
removeGlobalRoleFromUser
-
getContextRoles
-
getContextRolesForUser
@NotNull IAuthenticationSource.IVersionedCollection<String> getContextRolesForUser(@NotNull String userName, @NotNull IContextId context) Returns context roles assigned directly to the user.The user can also have roles assigned from Groups. To get the complete set of roles, use
ISecurityService.getRolesForUser(String, IContextId)
.- Returns:
- A collection of
String
role IDs.
-
getContextRoleAssignmentsForUser
@NotNull IAuthenticationSource.IVersioned<Map<String,IRoleAssignment>> getContextRoleAssignmentsForUser(@NotNull String userName, @Nullable IContextId context) Returns the context roles assigned to the specific User together with the source of the assignment. WARNING: If you are not interested in the sources, usegetContextRolesForUser(java.lang.String, com.polarion.subterra.base.data.identification.IContextId)
instead for better performance.- Returns:
- role to assignment map
- Since:
- 3.20.1
-
getUserAssignmentsForRole
@NotNull IAuthenticationSource.IVersioned<Map<String,IRoleAssignment>> getUserAssignmentsForRole(@NotNull String role, @Nullable IContextId context) Returns the Users assigned the specific role together with the source of the assignment. WARNING: If you are not interested in the sources, usegetUsersForContextRole(java.lang.String, com.polarion.subterra.base.data.identification.IContextId)
instead for better performance.- Returns:
- user to assignment map
- Since:
- 3.20.1
-
createContextRole
-
removeContextRole
-
getUsersForContextRole
Returns a set of user IDs that the role is directly assigned to. (Not from the user Group).- Parameters:
roleId
-ctx
-- Returns:
- only the users that the role is assigned directly to.
-
addContextRoleToUser
void addContextRoleToUser(@NotNull String userName, @NotNull String roleId, @NotNull IContextId ctx) -
removeContextRoleFromUser
void removeContextRoleFromUser(@NotNull String userName, @NotNull String roleId, @NotNull IContextId ctx) -
setDefaultHatForGlobalRole
-
getDefaultHatForGlobalRole
-
setDefaultHatForContextRole
-
getDefaultHatForContextRole
-
synchronizeBackendSecurity
ISecurityService.IBackendSecuritySynchronizationResult synchronizeBackendSecurity(@NotNull ISecurityService securityService, @NotNull Collection<String> users, @NotNull Collection<IContextId> contexts) Synchronizes the backend's (i.e. repository's) security with the current state.Actual behavior is implementation-dependent.
- Parameters:
securityService
- security service (notnull
).users
- names of the users to be synchronized (notnull
).contexts
- ids of the contexts to be synchronized (notnull
).- Returns:
- result of synchronization (not
null
). - Since:
- 3.1.1
-
setUserACL
Set user ACL.- Parameters:
path
- repository pathusername
- user namerights
- access rights (one ofNO_ACCESS
,ACCESS_READ_ONLY
orACCESS_READWRITE
)- Throws:
GeneralAuthException
- may or may not be thrown if the user does not exist (depends on implementation).- Since:
- 3.5.0
-
delUserACL
Delete user ACL.- Parameters:
path
- repository pathusername
- user name- Throws:
GeneralAuthException
- may or may not be thrown if the user or the ACL does not exist (depends on implementation).- Since:
- 3.5.0
-
getUserACLRights
Return access rights for given user ACL.- Parameters:
path
- repository pathusername
- user name- Returns:
- access rights (one of
NO_ACCESS
,ACCESS_READ_ONLY
orACCESS_READWRITE
) ornull
if the ACL does not exist. - Throws:
GeneralAuthException
- may or may not be thrown if the user does not exist (depends on implementation).- Since:
- 3.5.0
-
getUserACLRights
- Since:
- 3.5.0
-
getGroupACLRights
- Since:
- 3.5.0
-
setGroupACL
Set Group ACL.- Parameters:
path
- repository pathgroupname
- Group namerights
- access rights (one ofNO_ACCESS
,ACCESS_READ_ONLY
orACCESS_READWRITE
)- Throws:
GeneralAuthException
- may or may not be thrown if the Group does not exist (depends on implementation).- Since:
- 3.5.0
-
delGroupACL
Delete Group ACL.- Parameters:
path
- repository pathgroupname
- Group name- Throws:
GeneralAuthException
- may or may not be thrown if the Group or the ACL does not exist (depends on implementation).- Since:
- 3.5.0
-
getGroupACLRights
Return access rights for the given Group ACL.- Parameters:
path
- repository pathgroupname
- Group name- Returns:
- access rights (one of
NO_ACCESS
,ACCESS_READ_ONLY
orACCESS_READWRITE
) ornull
if the ACL does not exist. - Throws:
GeneralAuthException
- may or may not be thrown if the Group does not exist (depends on implementation).- Since:
- 3.5.0
-
hasACL
- Since:
- 3.5.0
-
getEffectiveGroupsAndUsers
- Since:
- 3.5.0
-
getEffectiveUsers
- Since:
- 3.5.0
-
getOverridenPaths
- Since:
- 3.5.0
-
getAllUsers
- Since:
- 3.5.0
-
getAllRoles
- Since:
- 3.5.0
-
getAllSections
Collection<String> getAllSections()- Since:
- 3.5.1
-
patch
- Since:
- 3.5.0
-
getAuthSrcPermission
Returns permission for the given path as defined by the authentication source.- Parameters:
path
- path in the repositoryuserName
- user name- Returns:
- the permission
- Since:
- 3.5.0
-
checkExistsAndIsValid
boolean checkExistsAndIsValid()Checks if the underlying configuration exists and is valid. If not it logs the message.- Returns:
- true when the underlying configuration exists and is valid.
- Since:
- 3.5.0
-
delGroupsAndACL
- Since:
- 3.6.2
-
copyACLRights
Copies the ACL from the source path to the destination path. ACL for the source path must exist and the ACL for the destination path must not exist.- Returns:
- true when the ACL were copied.
- Since:
- 3.8.0
-
removeUserGroup
Removes the user Group.- Parameters:
groupId
- ID of the user Group to remove.- Since:
- 3.19.3
-
updateUserGroup
Updates the user Group. Allows for the addition or removal of Users or Roles.- Parameters:
groupId
- ID of the user Group to update.- Returns:
- batch update object to perform the update operations with.
- Since:
- 3.19.3
-
getUserAuthenticationProvidersManager
- Returns:
- user to authentication provider manager
- Since:
- 3.21.1
-
updateUsersGroups
Updates the user's groups. Allows for the addition or removal of the user's groups.- Parameters:
userId
- The ID of the user whose groups need to be updated.- Returns:
- batch update object to perform the update operations with.
- Since:
- 3.21.2
-
updateToLatestAccessFileVersion
void updateToLatestAccessFileVersion()Ensures that the cached svn access file version is the latest available as long as it was written within Polarion. It is only meant to be used for extreme cases where synchronization timing between cluster nodes is crucial.- Since:
- 3.21.2
-