org.apache.jackrabbit.api.security.user

Interface UserManager

public interface UserManager

The UserManager provides access to and means to maintain authorizable objects i.e. users and groups. The UserManager is bound to a particular Session.

Note that all create calls will modify the session associated with the UserManager (whether this is the current session or not depends on the repository configuration). If the user manager is not in "autosave" mode (see isAutoSave()), problems like overlapping creation of intermediate nodes may only surface upon a subsequent Session#save() operation; callers should be prepared to repeat them in case this happens.

Field Summary

Fields

Modifier and Type	Field and Description
static int	SEARCH_TYPE_AUTHORIZABLE Filter flag indicating that all Authorizables should be searched.
static int	SEARCH_TYPE_GROUP Filter flag indicating that only Groups should be searched and returned.
static int	SEARCH_TYPE_USER Filter flag indicating that only Users should be searched and returned.

Method Summary

Modifier and Type	Method and Description
void	autoSave(boolean enable) Changes the auto save behavior of this UserManager.
Group	createGroup(java.security.Principal principal) Creates a new Group that is based on the given principal.
Group	createGroup(java.security.Principal principal, java.lang.String intermediatePath) Same as createGroup(String, Principal, String) where the name of the specified principal is used to create the group's ID.
Group	createGroup(java.lang.String groupID) Creates a Group for the given groupID, which must not be null.
Group	createGroup(java.lang.String groupID, java.security.Principal principal, java.lang.String intermediatePath) Creates a new Group that is based on the given id, principal and the specified intermediatePath hint.
User	createSystemUser(java.lang.String userID, java.lang.String intermediatePath) Create a new system user for the specified userID.
User	createUser(java.lang.String userID, java.lang.String password) Creates an User for the given userID / password pair; neither of the specified parameters can be null. Same as createUser(String,String,Principal,String) where the specified userID is equal to the principal name and the intermediate path is null.
User	createUser(java.lang.String userID, java.lang.String password, java.security.Principal principal, java.lang.String intermediatePath) Creates an User for the given parameters.
java.util.Iterator<Authorizable>	findAuthorizables(Query query) Return Authorizables that match a specific Query.
java.util.Iterator<Authorizable>	findAuthorizables(java.lang.String relPath, java.lang.String value) Returns all Authorizables that have a property with the given relative path (or name) that matches the specified value.
java.util.Iterator<Authorizable>	findAuthorizables(java.lang.String relPath, java.lang.String value, int searchType) Returns all Authorizables that have a property with the given relative path (or name) that matches the specified value.
Authorizable	getAuthorizable(java.security.Principal principal) Get the Authorizable by its Principal.
Authorizable	getAuthorizable(java.lang.String id) Get the Authorizable by its id.
<T extends Authorizable> T	getAuthorizable(java.lang.String id, java.lang.Class<T> authorizableClass) Get the Authorizable of a specific type by its id.
Authorizable	getAuthorizableByPath(java.lang.String path) In accordance to Authorizable.getPath() this method allows to retrieve an given authorizable by it's path.
boolean	isAutoSave() If any write operations executed through the User API are automatically persisted this method returns true.

Field Detail

SEARCH_TYPE_USER

static final int SEARCH_TYPE_USER

Filter flag indicating that only Users should be searched and returned.

See Also:

Constant Field Values

SEARCH_TYPE_GROUP

static final int SEARCH_TYPE_GROUP

Filter flag indicating that only Groups should be searched and returned.

See Also:

Constant Field Values

SEARCH_TYPE_AUTHORIZABLE

static final int SEARCH_TYPE_AUTHORIZABLE

Filter flag indicating that all Authorizables should be searched.

See Also:

Constant Field Values

Method Detail

getAuthorizable

Authorizable getAuthorizable(java.lang.String id)
                      throws RepositoryException

Get the Authorizable by its id.

Parameters:

id - The user or group id.

Returns:

Authorizable or null, if not present.

Throws:

RepositoryException - If an error occurs.

See Also:

Authorizable.getID()

getAuthorizable

<T extends Authorizable> T getAuthorizable(java.lang.String id,
                                           java.lang.Class<T> authorizableClass)
                                    throws AuthorizableTypeException,
                                           RepositoryException

Get the Authorizable of a specific type by its id.

Type Parameters:

T - the required Authorizable type.

Parameters:

id - the user or group id.

authorizableClass - the class of the type of Authorizable required; must not be null.

Returns:

Authorizable or null, if not present.

Throws:

AuthorizableTypeException - If an authorizable exists but is not of the requested type.

RepositoryException - If an error occurs

getAuthorizable

Authorizable getAuthorizable(java.security.Principal principal)
                      throws RepositoryException

Get the Authorizable by its Principal.

Parameters:

principal - The principal of the authorizable to retrieve.

Returns:

Authorizable or null, if not present.

Throws:

RepositoryException - If an error occurs.

getAuthorizableByPath

Authorizable getAuthorizableByPath(java.lang.String path)
                            throws UnsupportedRepositoryOperationException,
                                   RepositoryException

In accordance to Authorizable.getPath() this method allows to retrieve an given authorizable by it's path.

Parameters:

path - The path to an authorizable.

Returns:

Authorizable or null, if not present.

Throws:

UnsupportedRepositoryOperationException - If this implementation does support to retrieve authorizables by path.

RepositoryException - If another error occurs.

See Also:

Authorizable.getPath()

findAuthorizables

java.util.Iterator<Authorizable> findAuthorizables(java.lang.String relPath,
                                                   java.lang.String value)
                                            throws RepositoryException

Returns all Authorizables that have a property with the given relative path (or name) that matches the specified value.

If a relative path with more than one segment is specified only properties exactly matching that patch will be returned. If, however, a name is specified all properties that may be retrieved using Authorizable.getProperty(String) will be searched for a match.

Parameters:

relPath - A relative property path or name.

value - A string value to match.

Returns:

All Authorizables that have a property with the given name exactly matching the given value.

Throws:

RepositoryException - If an error occurs.

See Also:

Authorizable.getProperty(String)

findAuthorizables

java.util.Iterator<Authorizable> findAuthorizables(java.lang.String relPath,
                                                   java.lang.String value,
                                                   int searchType)
                                            throws RepositoryException

Returns all Authorizables that have a property with the given relative path (or name) that matches the specified value. In contrast to findAuthorizables(String, String) the type of authorizable is respected while executing the search.

If a relative path with more than one segment is specified only properties exactly matching that path will be returned. If, however, a name is specified all properties that may be retrieved using Authorizable.getProperty(String) will be searched for a match.

Parameters:

relPath - A relative property path or name.

value - A string value to match.

searchType - Any of the following constants:

• SEARCH_TYPE_AUTHORIZABLE
• SEARCH_TYPE_GROUP
• SEARCH_TYPE_USER

Returns:

An iterator of Authorizable.

Throws:

RepositoryException - If an error occurs.

findAuthorizables

java.util.Iterator<Authorizable> findAuthorizables(Query query)
                                            throws RepositoryException

Return Authorizables that match a specific Query.

Parameters:

query - A query

Returns:

Iterator of authorizables witch match the query.

Throws:

RepositoryException - If an error occurs.

createUser

User createUser(java.lang.String userID,
                java.lang.String password)
         throws AuthorizableExistsException,
                RepositoryException

Creates an User for the given userID / password pair; neither of the specified parameters can be null.
Same as createUser(String,String,Principal,String) where the specified userID is equal to the principal name and the intermediate path is null.

Parameters:

userID - The ID of the new user.

password - The initial password of this user.

Returns:

The new User.

Throws:

AuthorizableExistsException - in case the given userID is already in use or another Authorizable with the same principal name exists.

RepositoryException - If another error occurs.

createUser

User createUser(java.lang.String userID,
                java.lang.String password,
                java.security.Principal principal,
                java.lang.String intermediatePath)
         throws AuthorizableExistsException,
                RepositoryException

Creates an User for the given parameters. If the implementation is not able to deal with the intermediatePath that parameter should be ignored. Except for the intermediatePath, neither of the specified parameters can be null.

Parameters:

userID - The ID of the new user.

password - The initial password of the new user.

principal - The principal of the new user.

intermediatePath - An optional intermediate path used to create the new user. If the intermediate path is null an internal, implementation specific structure will be used.

Returns:

The new User.

Throws:

AuthorizableExistsException - in case the given userID is already in use or another Authorizable with the same principal name exists.

RepositoryException - If the current Session is not allowed to create users or some another error occurs.

createSystemUser

User createSystemUser(java.lang.String userID,
                      java.lang.String intermediatePath)
               throws AuthorizableExistsException,
                      RepositoryException

Create a new system user for the specified userID. The new authorizable is required to have the following characteristics:

• User.isSystemUser() returns true.
• The system user doesn't have a password set and doesn't allow change the password.
• The principal name is generated by the system; it may be the same as userID.
• A given implementation may choose to keep system users in a dedicated location and thus may impose restrictions on the intermediatePath.

Parameters:

userID - A valid userID.

intermediatePath - An optional intermediate path to create the new system user. The implemenation may decide to reject intermediate paths if they violate an implementation specific requirement with respect to the location where systems users are being held. If the intermediate path is null an internal implementation specific structure will be used.

Returns:

The new system user.

Throws:

AuthorizableExistsException - if an Authorizable with this id already exists.

RepositoryException - If another error occurs.

createGroup

Group createGroup(java.lang.String groupID)
           throws AuthorizableExistsException,
                  RepositoryException

Creates a Group for the given groupID, which must not be null.
Same as createGroup(String, Principal,String) where the specified groupID is the name of the Principal the intermediate path is null.

Parameters:

groupID - The ID of the new group; must not be null.

Returns:

The new Group.

Throws:

AuthorizableExistsException - in case the given groupID is already in use or another Authorizable with the same ID or principal name already exists.

RepositoryException - If another error occurs.

createGroup

Group createGroup(java.security.Principal principal)
           throws AuthorizableExistsException,
                  RepositoryException

Creates a new Group that is based on the given principal. Note that the group's ID is implementation specific. The implementation may take the principal name as ID hint but must in any case assert that it is unique among the IDs known to this manager.

Parameters:

principal - A non-null Principal

Returns:

The new Group.

Throws:

AuthorizableExistsException - in case the given principal is already in use with another Authorizable.

RepositoryException - If another error occurs.

createGroup

Group createGroup(java.security.Principal principal,
                  java.lang.String intermediatePath)
           throws AuthorizableExistsException,
                  RepositoryException

Same as createGroup(String, Principal, String) where the name of the specified principal is used to create the group's ID.

Parameters:

principal - The principal associated with the new group.

intermediatePath - An optional intermediate path used to create the new group. If the intermediate path is null an internal, implementation specific structure will be used.

Returns:

The new Group.

Throws:

AuthorizableExistsException - in case the given principal is already in use with another Authorizable.

RepositoryException - If another error occurs.

createGroup

Group createGroup(java.lang.String groupID,
                  java.security.Principal principal,
                  java.lang.String intermediatePath)
           throws AuthorizableExistsException,
                  RepositoryException

Creates a new Group that is based on the given id, principal and the specified intermediatePath hint. If the implementation is not able to deal with the intermediatePath this parameter should be ignored.

Parameters:

groupID - The ID of the new group.

principal - The principal of the new group.

intermediatePath - An optional intermediate path used to create the new group. If the intermediate path is null an internal, implementation specific structure will be used.

Returns:

The new Group.

Throws:

AuthorizableExistsException - in case the given principal is already in use with another Authorizable.

RepositoryException - If another error occurs.

isAutoSave

boolean isAutoSave()

If any write operations executed through the User API are automatically persisted this method returns true. In this case there are no pending transient changes left and there is no need to explicitly call javax.jcr.Session#save(). If this method returns false any changes must be completed by an extra save call on the Session associated with this UserManager.

Returns:

true if changes are automatically persisted; false if changes made through this API (including method calls on Authorizable and subclasses are only transient and must be persisted using javax.jcr.Session#save().

See Also:

autoSave(boolean)

autoSave

void autoSave(boolean enable)
       throws UnsupportedRepositoryOperationException,
              RepositoryException

Changes the auto save behavior of this UserManager.

Note, that this shouldn't be allowed in cases where the associated session is different from the original session accessing the user manager.

Parameters:

enable - If true changes made through this API will be automatically saved; otherwise an explicit call to javax.jcr.Session#save() is required in order to persist changes.

Throws:

UnsupportedRepositoryOperationException - If the implementation does not allow to change the auto save behavior.

RepositoryException - If some other error occurs.