3 import java
.time
.ZonedDateTime
;
8 import javax
.security
.auth
.Subject
;
9 import javax
.xml
.namespace
.QName
;
11 import org
.argeo
.api
.cms
.directory
.CmsGroup
;
12 import org
.argeo
.api
.cms
.directory
.CmsUser
;
13 import org
.argeo
.api
.cms
.directory
.HierarchyUnit
;
14 import org
.argeo
.api
.cms
.directory
.UserDirectory
;
15 import org
.osgi
.framework
.InvalidSyntaxException
;
16 import org
.osgi
.service
.useradmin
.Role
;
17 import org
.osgi
.service
.useradmin
.User
;
20 * Provide method interfaces to manage user concepts without accessing directly
23 public interface CmsUserManager
{
24 Map
<String
, String
> getKnownBaseDns(boolean onlyWritable
);
26 Set
<UserDirectory
> getUserDirectories();
29 /** Returns the e-mail of the current logged in user */
33 /** Returns a {@link User} given a username */
34 CmsUser
getUser(String username
);
36 /** Can be a group or a user */
37 String
getUserDisplayName(String dn
);
39 /** Can be a group or a user */
40 String
getUserMail(String dn
);
42 /** Lists all roles of the given user */
43 String
[] getUserRoles(String dn
);
45 /** Checks if the passed user belongs to the passed role */
46 boolean isUserInRole(String userDn
, String roleDn
);
49 /** Returns a filtered list of roles */
50 Role
[] getRoles(String filter
) throws InvalidSyntaxException
;
52 /** Recursively lists users in a given group. */
53 Set
<CmsUser
> listUsersInGroup(String groupDn
, String filter
);
55 /** Search among groups including system roles and users if needed */
56 List
<CmsUser
> listGroups(String filter
, boolean includeUsers
, boolean includeSystemRoles
);
59 // * Lists functional accounts, that is users with regular access to the system
60 // * under this functional hierarchy unit (which probably have technical direct
61 // * sub hierarchy units), excluding groups which are not explicitly users.
63 // Set<User> listAccounts(HierarchyUnit hierarchyUnit, boolean deep);
68 /** Creates a new user. */
69 CmsUser
createUser(String username
, Map
<String
, Object
> properties
, Map
<String
, Object
> credentials
);
71 /** Creates a group. */
72 CmsGroup
getOrCreateGroup(HierarchyUnit groups
, String commonName
);
74 /** Creates a new system role. */
75 CmsGroup
getOrCreateSystemRole(HierarchyUnit roles
, QName systemRole
);
77 /** Add additional object classes to this role. */
78 void addObjectClasses(Role role
, Set
<String
> objectClasses
, Map
<String
, Object
> additionalProperties
);
80 /** Add additional object classes to this hierarchy unit. */
81 void addObjectClasses(HierarchyUnit hierarchyUnit
, Set
<String
> objectClasses
,
82 Map
<String
, Object
> additionalProperties
);
84 /** Add a member to this group. */
85 void addMember(CmsGroup group
, Role role
);
87 void edit(Runnable action
);
90 /** Returns the dn of a role given its local ID */
91 String
buildDefaultDN(String localId
, int type
);
93 /** Exposes the main default domain name for this instance */
94 String
getDefaultDomainName();
97 * Search for a {@link User} (might also be a group) whose uid or cn is equals
98 * to localId within the various user repositories defined in the current
101 CmsUser
getUserFromLocalId(String localId
);
103 void changeOwnPassword(char[] oldPassword
, char[] newPassword
);
105 void resetPassword(String username
, char[] newPassword
);
108 String
addSharedSecret(String username
, int hours
);
110 // String addSharedSecret(String username, String authInfo, String authToken);
112 void addAuthToken(String userDn
, String token
, Integer hours
, String
... roles
);
114 void addAuthToken(String userDn
, String token
, ZonedDateTime expiryDate
, String
... roles
);
116 void expireAuthToken(String token
);
118 void expireAuthTokens(Subject subject
);
120 UserDirectory
getDirectory(Role role
);
122 /** Create a new hierarchy unit. Does nothing if it already exists. */
123 HierarchyUnit
getOrCreateHierarchyUnit(UserDirectory directory
, String path
);