Package com.polarion.platform.spi.security

Interface IAuthenticationSource

public interface IAuthenticationSource
WARNING: For internal use only. Use the ISecurityService instead.

  • Field Details

  • Method Details

    • checkCredentials

      boolean checkCredentials(@NotNull String login, @Nullable String password)
      Checks the given credentials against the physical source of authentication. Returns true if the credentials are valid or false if they are not.

      Should throw an exception if the check was not possible due to problems while interacting with the source. (Instead of silently returning false).

      Parameters:
      login -
      password -
      Returns:
      true if credentials are OK, otherwise false.

    • checkCredentialsExternal

      @NotNull IAuthenticationSource.CredentialsCheck checkCredentialsExternal(@NotNull String login, @Nullable String password)
      Checks the given credentials against the ${svn.credentials.file} file. Returns IAuthenticationSource.CredentialsCheck value representing the outcome of the check.

      Should throw an exception if the check was not possible due to problems while interacting with the source.

      Parameters:
      login -
      password -
      Returns:
      IAuthenticationSource.CredentialsCheck depending whether the check was successful or a failure.
      Since:
      3.21.1

    • canManageUsers

      boolean canManageUsers()

    • createUser

      void createUser(@NotNull String userName, @Nullable String password)
      Creates user record in ${svn.passwd.file} file.
      This file is used for SVN access and passwords in this file are generated.
      Parameters:
      userName -
      password -

    • createUserExternal

      void createUserExternal(@NotNull String userName, @Nullable String password)
      Creates user record in ${svn.credentials.file} file.
      This file is used to authenticate users with a user name and password. (It is not for accessing the SVN repository).
      Parameters:
      userName -
      password -
      Since:
      3.21.1

    • userExists

      boolean userExists(String userName)
      Since:
      3.3.1

    • changePassword

      void changePassword(@NotNull String userName, @Nullable String password)
      Change password in ${svn.credentials.file} file.
      Parameters:
      userName -
      password -

    • removeUser

      void removeUser(String userName)

    • removeUserFromRoles

      void removeUserFromRoles(@NotNull String userName)

    • getGlobalRoles

      @NotNull Set<String> getGlobalRoles()

    • getGlobalRolesForUser

      @NotNull IAuthenticationSource.IVersionedCollection<String> getGlobalRolesForUser(@NotNull String userName)
      Returns global roles assigned directly to the user.

      The user can also have roles assigned from Groups. To get the complete set of roles, use ISecurityService.getRolesForUser(String).

      Returns:
      A collection of String role IDs.

    • createGlobalRole

      void createGlobalRole(@NotNull String roleId)

    • removeGlobalRole

      void removeGlobalRole(@NotNull String roleId)

    • getUsersForGlobalRole

      @NotNull Set<String> getUsersForGlobalRole(@NotNull String roleId)

    • addGlobalRoleToUser

      void addGlobalRoleToUser(@NotNull String userName, @NotNull String roleId)

    • removeGlobalRoleFromUser

      void removeGlobalRoleFromUser(@NotNull String userName, @NotNull String roleId)

    • getContextRoles

      @NotNull Set<String> getContextRoles(@NotNull IContextId ctx)

    • getContextRolesForUser

      @NotNull IAuthenticationSource.IVersionedCollection<String> getContextRolesForUser(@NotNull String userName, @NotNull IContextId context)
      Returns context roles assigned directly to the user.

      The user can also have roles assigned from Groups. To get the complete set of roles, use ISecurityService.getRolesForUser(String, IContextId).

      Returns:
      A collection of String role IDs.

    • getContextRoleAssignmentsForUser

      @NotNull IAuthenticationSource.IVersioned<Map<String,IRoleAssignment>> getContextRoleAssignmentsForUser(@NotNull String userName, @Nullable IContextId context)
      Returns the context roles assigned to the specific User together with the source of the assignment. WARNING: If you are not interested in the sources, use getContextRolesForUser(java.lang.String, com.polarion.subterra.base.data.identification.IContextId) instead for better performance.
      Returns:
      role to assignment map
      Since:
      3.20.1

    • getUserAssignmentsForRole

      @NotNull IAuthenticationSource.IVersioned<Map<String,IRoleAssignment>> getUserAssignmentsForRole(@NotNull String role, @Nullable IContextId context)
      Returns the Users assigned the specific role together with the source of the assignment. WARNING: If you are not interested in the sources, use getUsersForContextRole(java.lang.String, com.polarion.subterra.base.data.identification.IContextId) instead for better performance.
      Returns:
      user to assignment map
      Since:
      3.20.1

    • createContextRole

      void createContextRole(@NotNull IContextId ctx, @NotNull String roleId)

    • removeContextRole

      void removeContextRole(@NotNull IContextId ctx, @NotNull String roleId)

    • getUsersForContextRole

      @NotNull Set<String> getUsersForContextRole(@NotNull String roleId, @NotNull IContextId ctx)
      Returns a set of user IDs that the role is directly assigned to. (Not from the user Group).
      Parameters:
      roleId -
      ctx -
      Returns:
      only the users that the role is assigned directly to.

    • addContextRoleToUser

      void addContextRoleToUser(@NotNull String userName, @NotNull String roleId, @NotNull IContextId ctx)

    • removeContextRoleFromUser

      void removeContextRoleFromUser(@NotNull String userName, @NotNull String roleId, @NotNull IContextId ctx)

    • setDefaultHatForGlobalRole

      void setDefaultHatForGlobalRole(String role, String hatId)

    • getDefaultHatForGlobalRole

      String getDefaultHatForGlobalRole(String role)

    • setDefaultHatForContextRole

      void setDefaultHatForContextRole(IContextId ctx, String role, String hatId)

    • getDefaultHatForContextRole

      String getDefaultHatForContextRole(IContextId ctx, String role)

    • synchronizeBackendSecurity

      ISecurityService.IBackendSecuritySynchronizationResult synchronizeBackendSecurity(@NotNull ISecurityService securityService, @NotNull Collection<String> users, @NotNull Collection<IContextId> contexts)
      Synchronizes the backend's (i.e. repository's) security with the current state.

      Actual behavior is implementation-dependent.

      Parameters:
      securityService - security service (not null).
      users - names of the users to be synchronized (not null).
      contexts - ids of the contexts to be synchronized (not null).
      Returns:
      result of synchronization (not null).
      Since:
      3.1.1

    • setUserACL

      void setUserACL(String path, String username, String rights)
      Set user ACL.
      Parameters:
      path - repository path
      username - user name
      rights - access rights (one of NO_ACCESS, ACCESS_READ_ONLY or ACCESS_READWRITE)
      Throws:
      GeneralAuthException - may or may not be thrown if the user does not exist (depends on implementation).
      Since:
      3.5.0

    • delUserACL

      void delUserACL(String path, String username)
      Delete user ACL.
      Parameters:
      path - repository path
      username - user name
      Throws:
      GeneralAuthException - may or may not be thrown if the user or the ACL does not exist (depends on implementation).
      Since:
      3.5.0

    • getUserACLRights

      String getUserACLRights(String path, String username)
      Return access rights for given user ACL.
      Parameters:
      path - repository path
      username - user name
      Returns:
      access rights (one of NO_ACCESS, ACCESS_READ_ONLY or ACCESS_READWRITE) or null if the ACL does not exist.
      Throws:
      GeneralAuthException - may or may not be thrown if the user does not exist (depends on implementation).
      Since:
      3.5.0

    • getUserACLRights

      Map<String,String> getUserACLRights(String path)
      Since:
      3.5.0

    • getGroupACLRights

      Map<String,String> getGroupACLRights(String path)
      Since:
      3.5.0

    • setGroupACL

      void setGroupACL(String path, String groupname, String rights)
      Set Group ACL.
      Parameters:
      path - repository path
      groupname - Group name
      rights - access rights (one of NO_ACCESS, ACCESS_READ_ONLY or ACCESS_READWRITE)
      Throws:
      GeneralAuthException - may or may not be thrown if the Group does not exist (depends on implementation).
      Since:
      3.5.0

    • delGroupACL

      void delGroupACL(String path, String groupname)
      Delete Group ACL.
      Parameters:
      path - repository path
      groupname - Group name
      Throws:
      GeneralAuthException - may or may not be thrown if the Group or the ACL does not exist (depends on implementation).
      Since:
      3.5.0

    • getGroupACLRights

      String getGroupACLRights(String path, String groupname)
      Return access rights for the given Group ACL.
      Parameters:
      path - repository path
      groupname - Group name
      Returns:
      access rights (one of NO_ACCESS, ACCESS_READ_ONLY or ACCESS_READWRITE) or null if the ACL does not exist.
      Throws:
      GeneralAuthException - may or may not be thrown if the Group does not exist (depends on implementation).
      Since:
      3.5.0

    • hasACL

      boolean hasACL(String path)
      Since:
      3.5.0

    • getEffectiveGroupsAndUsers

      Map<String,List<String>> getEffectiveGroupsAndUsers(List<String> paths, boolean rw)
      Since:
      3.5.0

    • getEffectiveUsers

      Map<String,List<String>> getEffectiveUsers(List<String> paths, boolean rw)
      Since:
      3.5.0

    • getOverridenPaths

      List<String> getOverridenPaths(String path)
      Since:
      3.5.0

    • getAllUsers

      @NotNull Collection<String> getAllUsers()
      Since:
      3.5.0

    • getAllRoles

      @NotNull Collection<String> getAllRoles()
      Since:
      3.5.0

    • getAllSections

      Collection<String> getAllSections()
      Since:
      3.5.1

    • patch

      Map<String,Set<String>> patch(String frag)
      Since:
      3.5.0

    • getAuthSrcPermission

      AuthenticationSourcePermission getAuthSrcPermission(String path, String userName)
      Returns permission for the given path as defined by the authentication source.
      Parameters:
      path - path in the repository
      userName - user name
      Returns:
      the permission
      Since:
      3.5.0

    • checkExistsAndIsValid

      boolean checkExistsAndIsValid()
      Checks if the underlying configuration exists and is valid. If not it logs the message.
      Returns:
      true when the underlying configuration exists and is valid.
      Since:
      3.5.0

    • delGroupsAndACL

      void delGroupsAndACL(String groupPrefix, String pathPrefix)
      Since:
      3.6.2

    • copyACLRights

      boolean copyACLRights(@NotNull String sourcePath, @NotNull String destinationPath)
      Copies the ACL from the source path to the destination path. ACL for the source path must exist and the ACL for the destination path must not exist.
      Returns:
      true when the ACL were copied.
      Since:
      3.8.0

    • removeUserGroup

      void removeUserGroup(@NotNull String groupId)
      Removes the user Group.
      Parameters:
      groupId - ID of the user Group to remove.
      Since:
      3.19.3

    • updateUserGroup

      @NotNull IUserGroupBatchUpdate updateUserGroup(@NotNull String groupId)
      Updates the user Group. Allows for the addition or removal of Users or Roles.
      Parameters:
      groupId - ID of the user Group to update.
      Returns:
      batch update object to perform the update operations with.
      Since:
      3.19.3

    • getUserAuthenticationProvidersManager

      @NotNull IUserAuthenticationProvidersManager getUserAuthenticationProvidersManager()
      Returns:
      user to authentication provider manager
      Since:
      3.21.1

    • updateUsersGroups

      @NotNull IGroupBatchUpdate updateUsersGroups(@NotNull String userId)
      Updates the user's groups. Allows for the addition or removal of the user's groups.
      Parameters:
      userId - The ID of the user whose groups need to be updated.
      Returns:
      batch update object to perform the update operations with.
      Since:
      3.21.2

    • updateToLatestAccessFileVersion

      void updateToLatestAccessFileVersion()
      Ensures that the cached svn access file version is the latest available as long as it was written within Polarion. It is only meant to be used for extreme cases where synchronization timing between cluster nodes is crucial.
      Since:
      3.21.2