3 import java
.time
.ZonedDateTime
;
8 import javax
.security
.auth
.Subject
;
10 import org
.argeo
.api
.cms
.directory
.HierarchyUnit
;
11 import org
.argeo
.cms
.auth
.SystemRole
;
12 import org
.argeo
.cms
.osgi
.useradmin
.UserDirectory
;
13 import org
.osgi
.framework
.InvalidSyntaxException
;
14 import org
.osgi
.service
.useradmin
.Group
;
15 import org
.osgi
.service
.useradmin
.Role
;
16 import org
.osgi
.service
.useradmin
.User
;
19 * Provide method interfaces to manage user concepts without accessing directly
22 public interface CmsUserManager
{
23 Map
<String
, String
> getKnownBaseDns(boolean onlyWritable
);
25 Set
<UserDirectory
> getUserDirectories();
28 /** Returns the e-mail of the current logged in user */
32 /** Returns a {@link User} given a username */
33 User
getUser(String username
);
35 /** Can be a group or a user */
36 String
getUserDisplayName(String dn
);
38 /** Can be a group or a user */
39 String
getUserMail(String dn
);
41 /** Lists all roles of the given user */
42 String
[] getUserRoles(String dn
);
44 /** Checks if the passed user belongs to the passed role */
45 boolean isUserInRole(String userDn
, String roleDn
);
48 /** Returns a filtered list of roles */
49 Role
[] getRoles(String filter
) throws InvalidSyntaxException
;
51 /** Recursively lists users in a given group. */
52 Set
<User
> listUsersInGroup(String groupDn
, String filter
);
54 /** Search among groups including system roles and users if needed */
55 List
<User
> listGroups(String filter
, boolean includeUsers
, boolean includeSystemRoles
);
58 // * Lists functional accounts, that is users with regular access to the system
59 // * under this functional hierarchy unit (which probably have technical direct
60 // * sub hierarchy units), excluding groups which are not explicitly users.
62 // Set<User> listAccounts(HierarchyUnit hierarchyUnit, boolean deep);
67 /** Creates a new user. */
68 User
createUser(String username
, Map
<String
, Object
> properties
, Map
<String
, Object
> credentials
);
70 /** Creates a group. */
71 Group
getOrCreateGroup(HierarchyUnit groups
, String commonName
);
73 /** Creates a new system role. */
74 Group
getOrCreateSystemRole(HierarchyUnit roles
, SystemRole systemRole
);
76 /** Add additional object classes to this role. */
77 void addObjectClasses(Role role
, Set
<String
> objectClasses
, Map
<String
, Object
> additionalProperties
);
79 /** Add additional object classes to this hierarchy unit. */
80 void addObjectClasses(HierarchyUnit hierarchyUnit
, Set
<String
> objectClasses
,
81 Map
<String
, Object
> additionalProperties
);
83 /** Add a member to this group. */
84 void addMember(Group group
, Role role
);
86 void edit(Runnable action
);
89 /** Returns the dn of a role given its local ID */
90 String
buildDefaultDN(String localId
, int type
);
92 /** Exposes the main default domain name for this instance */
93 String
getDefaultDomainName();
96 * Search for a {@link User} (might also be a group) whose uid or cn is equals
97 * to localId within the various user repositories defined in the current
100 User
getUserFromLocalId(String localId
);
102 void changeOwnPassword(char[] oldPassword
, char[] newPassword
);
104 void resetPassword(String username
, char[] newPassword
);
107 String
addSharedSecret(String username
, int hours
);
109 // String addSharedSecret(String username, String authInfo, String authToken);
111 void addAuthToken(String userDn
, String token
, Integer hours
, String
... roles
);
113 void addAuthToken(String userDn
, String token
, ZonedDateTime expiryDate
, String
... roles
);
115 void expireAuthToken(String token
);
117 void expireAuthTokens(Subject subject
);
119 UserDirectory
getDirectory(Role role
);
121 /** Create a new hierarchy unit. Does nothing if it already exists. */
122 HierarchyUnit
getOrCreateHierarchyUnit(UserDirectory directory
, String path
);