Improve Security

[lgpl/argeo-commons.git] / security / runtime / org.argeo.security.core / src / main / java / org / argeo / security / ArgeoSecurityDao.java

diff --git a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ArgeoSecurityDao.java b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ArgeoSecurityDao.java
index 039e549e3430e699f90fb2395be0904e2f47c097..67c4cb2ec39e9e315e3c2fa486aa9b72914020ed 100644 (file)
--- a/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ArgeoSecurityDao.java
+++ b/security/runtime/org.argeo.security.core/src/main/java/org/argeo/security/ArgeoSecurityDao.java
@@ -1,23 +1,68 @@
+/*
+ * Copyright (C) 2010 Mathieu Baudier <mbaudier@argeo.org>
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
 package org.argeo.security;
 
-import java.util.List;
+import java.util.Set;
 
+/**
+ * Access to the users and roles referential (dependent from the underlying
+ * storage, e.g. LDAP).
+ */
 public interface ArgeoSecurityDao {
-       public List<ArgeoUser> listUsers();
+       // public ArgeoUser getCurrentUser();
+
+       /** List all users */
+       public Set<ArgeoUser> listUsers();
 
-       public List<String> listEditableRoles();
+       /** List roles that can be modified */
+       public Set<String> listEditableRoles();
 
-       public void create(ArgeoUser user);
+       /**
+        * Creates a new user in the underlying storage. <b>DO NOT CALL DIRECTLY</b>
+        * use {@link ArgeoSecurityService#newUser(ArgeoUser)} instead.
+        */
+       public void createUser(ArgeoUser user);
 
-       public void update(ArgeoUser user);
+       public void updateUser(ArgeoUser user);
 
-       public void delete(String username);
+       public void deleteUser(String username);
+
+       /**
+        * Creates a new role in the underlying storage. <b>DO NOT CALL DIRECTLY</b>
+        * use {@link ArgeoSecurityService#newRole(String)} instead.
+        */
+       public void createRole(String role, String superuserName);
 
        public void deleteRole(String role);
 
-       public void updatePassword(String oldPassword, String newPassword);
+       /** List all users having this role. */
+       public Set<ArgeoUser> listUsersInRole(String role);
 
        public Boolean userExists(String username);
 
        public ArgeoUser getUser(String username);
+
+       public ArgeoUser getUserWithPassword(String username);
+
+       public String getDefaultRole();
+
+       /** Validates a raw password against an encoded one. */
+       public Boolean isPasswordValid(String encoded, String raw);
+
+       /** Encodes a raw password. */
+       public String encodePassword(String raw);
 }