org.eclipse.stardust.engine.api.runtime

Interface UserService

All Superinterfaces:

org.eclipse.stardust.engine.api.runtime.Service

public interface UserService
extends org.eclipse.stardust.engine.api.runtime.Service

The UserService provides functionality for operating on CARNOT users.

This includes:

• creating, modifying and invalidating users, and
• accessing user data.

Version:

$Revision$

Author:

ubirkemeyer

Field Summary

Fields

Modifier and Type	Field and Description
static String	ARCHIVE Constant used as sessionId on sessions opened on archive audit trails.
static String	DISABLED_FOR_USER Constant used as sessionId on sessions opened with user disabled for tracking.

Method Summary

Methods

Modifier and Type	Method and Description
org.eclipse.stardust.engine.api.runtime.Deputy	addDeputy(UserInfo user, UserInfo deputyUser, DeputyOptions options) Adds a new deputy user for a given user.
void	closeSession(String sessionId) Tracks the ending of a user session.
User	createUser(String account, String firstName, String lastName, String description, String password, String eMail, Date validFrom, Date validTo) Creates a new user with default realm ID.
User	createUser(String realm, String account, String firstName, String lastName, String description, String password, String eMail, Date validFrom, Date validTo) Creates a new user.
UserGroup	createUserGroup(String id, String name, String description, Date validFrom, Date validTo) Creates a new user group.
UserRealm	createUserRealm(String id, String name, String description) Creates a new user realm.
void	dropUserRealm(String id) Drops the user realm associated with the given ID.
void	generatePasswordResetToken(String realm, String account) Generates a token which is required to perform resetPassword(String, java.util.Map, String)
List<org.eclipse.stardust.engine.api.runtime.Deputy>	getDeputies(UserInfo user) Returns a list of all deputy users for the given user.
User	getUser() Retrieves information on the current user.
User	getUser(long userOID) Retrieves the specified user.
User	getUser(String account) Retrieves the user associated with the given account.
User	getUser(String realm, String account) Retrieves the user associated with the given account.
UserGroup	getUserGroup(long oid) Retrieves the specified user group.
UserGroup	getUserGroup(String id) Retrieves the user group associated with the given ID.
List	getUserRealms() Retrives all existing user realms.
List<org.eclipse.stardust.engine.api.runtime.Deputy>	getUsersBeingDeputyFor(UserInfo deputyUser) Returns a list of all users for which the given user is an deputy user.
User	invalidate(String account) Deprecated. Please use invalidateUser(String) instead.
User	invalidateUser(String account) Invalidates the user with the specified account.
User	invalidateUser(String realm, String account) Invalidates the user with the specified account.
UserGroup	invalidateUserGroup(long oid) Invalidates the specified user group.
UserGroup	invalidateUserGroup(String id) Invalidates the user group associated with the given ID.
boolean	isInternalAuthentication() Checks if internal authentication is used.
boolean	isInternalAuthentified() Deprecated. Superseded by isInternalAuthentication().
boolean	isInternalAuthorization() Checks if internal authorization is used.
org.eclipse.stardust.engine.api.runtime.Deputy	modifyDeputy(UserInfo user, UserInfo deputyUser, DeputyOptions options) Modifies an existing deputy user for a given user.
User	modifyLoginUser(String oldPassword, String firstName, String lastName, String newPassword, String eMail) Modifies the current user.
User	modifyUser(User user) Modifies the specified user.
User	modifyUser(User user, boolean generatePassword) Modifies the specified user.
UserGroup	modifyUserGroup(UserGroup userGroup) Modifies the specified user group.
void	removeDeputy(UserInfo user, UserInfo deputyUser) Removes an existing deputy user for a given user.
void	resetPassword(String account, Map properties, String token) Resets the password of specified user by generated password according to configured password rules.
String	startSession(String clientId) Tracks the starting of a new user session.

Field Detail

ARCHIVE

static final String ARCHIVE

Constant used as sessionId on sessions opened on archive audit trails.

See Also:

Constant Field Values

DISABLED_FOR_USER

static final String DISABLED_FOR_USER

Constant used as sessionId on sessions opened with user disabled for tracking.

See Also:

Constant Field Values

Method Detail

startSession

@ExecutionPermission
String startSession(String clientId)

Tracks the starting of a new user session.

Parameters:

clientId - the client starting the session.

Returns:

the new session id.

closeSession

@ExecutionPermission
void closeSession(String sessionId)

Tracks the ending of a user session.

Parameters:

sessionId - the id of the ending session.

isInternalAuthentified

@ExecutionPermission
boolean isInternalAuthentified()

Deprecated. Superseded by isInternalAuthentication().

Checks if internal authentication is used.

Returns:

true if CARNOT services use internal authentication.

isInternalAuthentication

@ExecutionPermission
boolean isInternalAuthentication()

Checks if internal authentication is used.

Returns:

true if CARNOT services use internal authentication.

isInternalAuthorization

@ExecutionPermission
boolean isInternalAuthorization()

Checks if internal authorization is used.

Returns:

true if Carnot services use internal authorization.

getUser

@ExecutionPermission
User getUser()

Retrieves information on the current user.

Returns:

the current user.

modifyLoginUser

@ExecutionPermission
User modifyLoginUser(String oldPassword,
                                       String firstName,
                                       String lastName,
                                       String newPassword,
                                       String eMail)
                     throws org.eclipse.stardust.common.error.ConcurrencyException,
                            IllegalOperationException,
                            org.eclipse.stardust.common.security.InvalidPasswordException

Modifies the current user.

Parameters:

oldPassword - the current password.

firstName - first name of the user.

lastName - last name of the user.

newPassword - the new password.

eMail - email address of the user.

Returns:

the modified user.

Throws:

org.eclipse.stardust.common.error.ConcurrencyException - if another user operates on the current user.

IllegalOperationException - if the authentication is not internal.

org.eclipse.stardust.common.security.InvalidPasswordException - if the new password does not match the given rules.

modifyUser

@ExecutionPermission(id=modifyUserData)
User modifyUser(User user)
                throws org.eclipse.stardust.common.error.ConcurrencyException,
                       org.eclipse.stardust.common.error.ObjectNotFoundException,
                       IllegalOperationException,
                       org.eclipse.stardust.common.security.InvalidPasswordException,
                       org.eclipse.stardust.common.error.AccessForbiddenException

Modifies the specified user.

Parameters:

user - the user to be modified.

Returns:

the modified user.

Throws:

org.eclipse.stardust.common.error.ConcurrencyException - if another user operates on the specified one.

org.eclipse.stardust.common.error.ObjectNotFoundException - if the user or a given grant is not found.

IllegalOperationException - if the authentication is not internal.

org.eclipse.stardust.common.security.InvalidPasswordException - if the new password does not match the given rules.

org.eclipse.stardust.common.error.AccessForbiddenException - if the current user is not allowed for operation.

generatePasswordResetToken

@ExecutionPermission(id=resetUserPassword,
                     defaults=ALL)
void generatePasswordResetToken(String realm,
                                                                                String account)

Generates a token which is required to perform resetPassword(String, java.util.Map, String)

Parameters:

realm - the realm ID of the user to retrieve.

account - the user account to generate the token for

resetPassword

@ExecutionPermission(id=resetUserPassword,
                     defaults=ALL)
void resetPassword(String account,
                                                                   Map properties,
                                                                   String token)
                   throws org.eclipse.stardust.common.error.ConcurrencyException,
                          org.eclipse.stardust.common.error.ObjectNotFoundException,
                          IllegalOperationException

Resets the password of specified user by generated password according to configured password rules. On synchronization with external repository the specified user will be created in audit trail if it is not already present there but exists in external repository. If the user exists in audit trail it will be updated on synchronization if there are any changes.

Parameters:

account - the user account to be modified.

properties - Map providing further login properties.

token - the token generated by generatePasswordResetToken(String, String)

Throws:

org.eclipse.stardust.common.error.ConcurrencyException - if another user operates on the specified one.

org.eclipse.stardust.common.error.ObjectNotFoundException - if the user or a given grant is not found.

IllegalOperationException - if the authentication is not internal.

modifyUser

@ExecutionPermission(id=modifyUserData)
User modifyUser(User user,
                                                  boolean generatePassword)
                throws org.eclipse.stardust.common.error.ConcurrencyException,
                       org.eclipse.stardust.common.error.ObjectNotFoundException,
                       IllegalOperationException,
                       org.eclipse.stardust.common.security.InvalidPasswordException,
                       org.eclipse.stardust.common.error.AccessForbiddenException

Modifies the specified user.

Parameters:

user - the user to be modified.

generatePassword - if set to true a password will be generated and send by mail to the user.

Returns:

the modified user.

Throws:

org.eclipse.stardust.common.error.ConcurrencyException - if another user operates on the specified one.

org.eclipse.stardust.common.error.ObjectNotFoundException - if the user or a given grant is not found.

IllegalOperationException - if the authentication is not internal.

org.eclipse.stardust.common.security.InvalidPasswordException - if the new password does not match the given rules.

org.eclipse.stardust.common.error.AccessForbiddenException - if the current user is not allowed for operation.

createUser

@ExecutionPermission(id=modifyUserData)
User createUser(String account,
                                                  String firstName,
                                                  String lastName,
                                                  String description,
                                                  String password,
                                                  String eMail,
                                                  Date validFrom,
                                                  Date validTo)
                throws UserExistsException,
                       IllegalOperationException,
                       org.eclipse.stardust.common.security.InvalidPasswordException

Creates a new user with default realm ID.

Parameters:

account - the account name.

firstName - first name of the user.

lastName - last name of the user.

description - short description.

password - the user password.

eMail - email address of the user.

validFrom - validity start time or null if unlimited.

validTo - validity end time or null if unlimited.

Returns:

the newly created user.

Throws:

UserExistsException - if another user with the specified account already exists.

IllegalOperationException - if the authentication is not internal.

org.eclipse.stardust.common.security.InvalidPasswordException

createUser

@ExecutionPermission(id=modifyUserData)
User createUser(String realm,
                                                  String account,
                                                  String firstName,
                                                  String lastName,
                                                  String description,
                                                  String password,
                                                  String eMail,
                                                  Date validFrom,
                                                  Date validTo)
                throws UserExistsException,
                       IllegalOperationException,
                       org.eclipse.stardust.common.security.InvalidPasswordException

Creates a new user.

Parameters:

realm - the user's realm ID.

account - the account name.

firstName - first name of the user.

lastName - last name of the user.

description - short description.

password - the user password.

eMail - email address of the user.

validFrom - validity start time or null if unlimited.

validTo - validity end time or null if unlimited.

Returns:

the newly created user.

Throws:

UserExistsException - if another user with the specified account already exists.

IllegalOperationException - if the authentication is not internal.

org.eclipse.stardust.common.security.InvalidPasswordException

getUser

@ExecutionPermission(id=readUserData,
                     defaults=ALL)
User getUser(String account)
             throws org.eclipse.stardust.common.error.ObjectNotFoundException,
                    IllegalOperationException

Retrieves the user associated with the given account. On synchronization with external repository the specified user will be created in audit trail if it is not already present there but exists in external repository. If the user exists in audit trail it will be updated on synchronization if there are any changes.

Parameters:

account - the account name of the user to retrieve.

Returns:

the user.

Throws:

org.eclipse.stardust.common.error.ObjectNotFoundException - if there is no user with the specified account.

IllegalOperationException

getUser

@ExecutionPermission(id=readUserData,
                     defaults=ALL)
User getUser(String realm,
                                                        String account)
             throws org.eclipse.stardust.common.error.ObjectNotFoundException

Retrieves the user associated with the given account. On synchronization with external repository the specified user will be created in audit trail if it is not already present there but exists in external repository. If the user exists in audit trail it will be updated on synchronization if there are any changes.

Parameters:

realm - the realm ID of the user to retrieve.

account - the account name of the user to retrieve.

Returns:

the user.

Throws:

org.eclipse.stardust.common.error.ObjectNotFoundException - if there is no user with the specified account.

getUser

@ExecutionPermission(id=readUserData,
                     defaults=ALL)
User getUser(long userOID)
             throws org.eclipse.stardust.common.error.ObjectNotFoundException

Retrieves the specified user. On synchronization the user with specified oid will be updated if this user exists in audit trail and there are any changes. If this user does not exist in audit trail but is present in external repository it will not be created in audit trail on synchronization with external repository.

Parameters:

userOID - the OID of the user to retrieve.

Returns:

the user.

Throws:

org.eclipse.stardust.common.error.ObjectNotFoundException - if there is no user with the specified oid.

invalidate

@ExecutionPermission(id=modifyUserData)
User invalidate(String account)
                throws org.eclipse.stardust.common.error.ObjectNotFoundException,
                       IllegalOperationException

Deprecated. Please use invalidateUser(String) instead.

Throws:

org.eclipse.stardust.common.error.ObjectNotFoundException

IllegalOperationException

invalidateUser

@ExecutionPermission(id=modifyUserData)
User invalidateUser(String account)
                    throws org.eclipse.stardust.common.error.ObjectNotFoundException,
                           IllegalOperationException

Invalidates the user with the specified account.

Parameters:

account - the account name of the user to invalidate.

Returns:

the invalidated user.

Throws:

org.eclipse.stardust.common.error.ObjectNotFoundException - if there is no user with the specified account.

IllegalOperationException - if the authentication is not internal.

invalidateUser

@ExecutionPermission(id=modifyUserData)
User invalidateUser(String realm,
                                                      String account)
                    throws org.eclipse.stardust.common.error.ObjectNotFoundException,
                           IllegalOperationException

Invalidates the user with the specified account.

Parameters:

realm - the realm ID of the user to invalidate.

account - the account name of the user to invalidate.

Returns:

the invalidated user.

Throws:

org.eclipse.stardust.common.error.ObjectNotFoundException - if there is no user with the specified account.

IllegalOperationException - if the authentication is not internal.

createUserGroup

@ExecutionPermission(id=modifyUserData)
UserGroup createUserGroup(String id,
                                                            String name,
                                                            String description,
                                                            Date validFrom,
                                                            Date validTo)
                          throws UserGroupExistsException,
                                 IllegalOperationException,
                                 org.eclipse.stardust.common.security.InvalidPasswordException,
                                 org.eclipse.stardust.common.error.InvalidArgumentException

Creates a new user group.

Parameters:

id - the user group ID. Must not be null or empty and must be unique.

name - the user group name. Must not be null or empty.

description - short description. Must not be null.

validFrom - validity start time or null if unlimited.

validTo - validity end time or null if unlimited.

Returns:

the newly created user group.

Throws:

UserGroupExistsException - if another user group with the specified ID already exists.

org.eclipse.stardust.common.error.InvalidArgumentException - if ID is empty if name is empty if description is empty

IllegalOperationException - if operation is not allowed in this context.

org.eclipse.stardust.common.security.InvalidPasswordException

getUserGroup

@ExecutionPermission(id=readUserData,
                     defaults=ALL)
UserGroup getUserGroup(String id)
                       throws org.eclipse.stardust.common.error.ObjectNotFoundException

Retrieves the user group associated with the given ID. On synchronization with external repository the specified user group will be created in audit trail if it is not already present there but exists in external repository. If the user group exists in audit trail it will be updated on synchronization if there are any changes.

Parameters:

id - the id of the user group to retrieve.

Returns:

the user group.

Throws:

org.eclipse.stardust.common.error.ObjectNotFoundException - if there is no user group with the specified ID.

getUserGroup

@ExecutionPermission(id=readUserData,
                     defaults=ALL)
UserGroup getUserGroup(long oid)
                       throws org.eclipse.stardust.common.error.ObjectNotFoundException

Retrieves the specified user group. On synchronization the user group with specified oid will be updated if this user group exists in audit trail and there are any changes. If this user group does not exist in audit trail but is present in external repository it will not be created in audit trail on synchronization with external repository.

Parameters:

oid - the OID of the user group to retrieve.

Returns:

the user group.

Throws:

org.eclipse.stardust.common.error.ObjectNotFoundException - if there is no user group with the specified OID.

modifyUserGroup

@ExecutionPermission(id=modifyUserData)
UserGroup modifyUserGroup(UserGroup userGroup)
                          throws org.eclipse.stardust.common.error.ConcurrencyException,
                                 org.eclipse.stardust.common.error.ObjectNotFoundException,
                                 IllegalOperationException

Modifies the specified user group.

Parameters:

userGroup - the user group to be modified.

Returns:

the modified user group.

Throws:

org.eclipse.stardust.common.error.ConcurrencyException - if another user operates on the specified user group.

org.eclipse.stardust.common.error.ObjectNotFoundException - if the user group is not found.

IllegalOperationException - if operation is not allowed in this context.

invalidateUserGroup

@ExecutionPermission(id=modifyUserData)
UserGroup invalidateUserGroup(String id)
                              throws org.eclipse.stardust.common.error.ConcurrencyException,
                                     org.eclipse.stardust.common.error.ObjectNotFoundException,
                                     IllegalOperationException

Invalidates the user group associated with the given ID.

Parameters:

id - the ID of the user group to be invalidated.

Returns:

the invalidated user group.

Throws:

org.eclipse.stardust.common.error.ConcurrencyException - if another user operates on the specified user group.

org.eclipse.stardust.common.error.ObjectNotFoundException - if the user group is not found.

IllegalOperationException - if operation is not allowed in this context.

invalidateUserGroup

@ExecutionPermission(id=modifyUserData)
UserGroup invalidateUserGroup(long oid)
                              throws org.eclipse.stardust.common.error.ConcurrencyException,
                                     org.eclipse.stardust.common.error.ObjectNotFoundException,
                                     IllegalOperationException

Invalidates the specified user group.

Parameters:

oid - the OID of the user group to invalidate.

Returns:

the invalidated user group.

Throws:

org.eclipse.stardust.common.error.ConcurrencyException - if another user operates on the specified user group.

org.eclipse.stardust.common.error.ObjectNotFoundException - if the user group is not found.

IllegalOperationException - if operation is not allowed in this context.

createUserRealm

@ExecutionPermission(id=modifyUserData)
UserRealm createUserRealm(String id,
                                                            String name,
                                                            String description)
                          throws UserRealmExistsException,
                                 IllegalOperationException

Creates a new user realm.

Parameters:

id - the user realm ID.

name - the user realm name.

description - short description.

Returns:

the newly created user realm.

Throws:

UserRealmExistsException - if another user realm with the specified ID already exists.

IllegalOperationException - if operation is not allowed in this context.

dropUserRealm

@ExecutionPermission(id=modifyUserData)
void dropUserRealm(String id)
                   throws org.eclipse.stardust.common.error.ConcurrencyException,
                          org.eclipse.stardust.common.error.ObjectNotFoundException,
                          IllegalOperationException

Drops the user realm associated with the given ID.

Parameters:

id - the ID of the user realm to be dropped.

Throws:

org.eclipse.stardust.common.error.ConcurrencyException - if another user operates on the specified user realm.

org.eclipse.stardust.common.error.ObjectNotFoundException - if the user realm is not found.

IllegalOperationException - if at least one user is assigned to the user realm.

getUserRealms

@ExecutionPermission(id=readUserData,
                     defaults=ALL)
List getUserRealms()
                   throws org.eclipse.stardust.common.error.ConcurrencyException,
                          IllegalOperationException

Retrives all existing user realms.

Returns:

list of all existing user realms.

Throws:

org.eclipse.stardust.common.error.ConcurrencyException - if another user operates on the user realms.

IllegalOperationException - if operation is not allowed in this context.

addDeputy

@ExecutionPermission(id=manageDeputies)
org.eclipse.stardust.engine.api.runtime.Deputy addDeputy(UserInfo user,
                                                                                           UserInfo deputyUser,
                                                                                           DeputyOptions options)
                                                         throws org.eclipse.stardust.common.error.InvalidArgumentException

Adds a new deputy user for a given user. This deputy user inherits for the defined time frame all grants from given user. The deputy user has to login again before the inherited grants become active. If fromDate is set to a date in the past then it will be set to new Date() (now).

Parameters:

user - the user to which a deputy user shall be added.

deputyUser - the deputy user.

options - the options associated with the operation. Can be null, in which case the default options will be used.

Returns:

the created deputy.

Throws:

org.eclipse.stardust.engine.api.runtime.DeputyExistsException - if the requested deputy already exists.

org.eclipse.stardust.common.error.InvalidArgumentException - if options.toDate is in the past

modifyDeputy

@ExecutionPermission(id=manageDeputies)
org.eclipse.stardust.engine.api.runtime.Deputy modifyDeputy(UserInfo user,
                                                                                              UserInfo deputyUser,
                                                                                              DeputyOptions options)
                                                            throws org.eclipse.stardust.common.error.ObjectNotFoundException,
                                                                   org.eclipse.stardust.common.error.InvalidArgumentException

Modifies an existing deputy user for a given user. This deputy user inherits for the defined time frame all grants from given user. The deputy user has to login again before changes become active. If fromDate is set to a date in the past then it will be set to new Date() (now).

Parameters:

user - the user for which a deputy user shall be modified.

deputyUser - the deputy user.

options - Used to provide the time frame for which the modification should apply.

• fromDate: Date from when deputy user inherits all grants of user. Not allowed to be null.
• toDate: Date when inherited grants are revoked from deputy user. If date is null then no upper limit exists.

Returns:

the created deputy.

Throws:

org.eclipse.stardust.common.error.ObjectNotFoundException - if the requested deputy does not exists.

org.eclipse.stardust.common.error.InvalidArgumentException - if options.toDate is in the past

removeDeputy

@ExecutionPermission(id=manageDeputies)
void removeDeputy(UserInfo user,
                                                    UserInfo deputyUser)
                  throws org.eclipse.stardust.common.error.ObjectNotFoundException

Removes an existing deputy user for a given user. All inherited grants from user are revoked from deputy user. The deputy user has to login again before changes become active.

Parameters:

user - the user for which a deputy user shall be removed.

deputyUser - the deputy user.

Throws:

org.eclipse.stardust.common.error.ObjectNotFoundException - if the requested deputy does not exists.

getDeputies

@ExecutionPermission(id=manageDeputies)
List<org.eclipse.stardust.engine.api.runtime.Deputy> getDeputies(UserInfo user)

Returns a list of all deputy users for the given user.

Parameters:

user - the user whose deputy users shall be returned.

Returns:

List of deputy users for given user.

getUsersBeingDeputyFor

@ExecutionPermission(id=manageDeputies)
List<org.eclipse.stardust.engine.api.runtime.Deputy> getUsersBeingDeputyFor(UserInfo deputyUser)

Returns a list of all users for which the given user is an deputy user.

Parameters:

deputyUser - the deputy user whose users shall be returned.

Returns:

List of users for given deputy user.