1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
|
/*
* Copyright (c) OSGi Alliance (2001, 2013). All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.osgi.service.useradmin;
import java.util.Dictionary;
/**
* A {@code User} role managed by a User Admin service.
*
* <p>
* In this context, the term "user" is not limited to just human
* beings. Instead, it refers to any entity that may have any number of
* credentials associated with it that it may use to authenticate itself.
* <p>
* In general, {@code User} objects are associated with a specific User Admin
* service (namely the one that created them), and cannot be used with other
* User Admin services.
* <p>
* A {@code User} object may have credentials (and properties, inherited from
* the {@link Role} class) associated with it. Specific
* {@link UserAdminPermission} objects are required to read or change a
* {@code User} object's credentials.
* <p>
* Credentials are {@code Dictionary} objects and have semantics that are
* similar to the properties in the {@code Role} class.
*
* @noimplement
* @author $Id$
*/
public interface User extends Role {
/**
* Returns a {@code Dictionary} of the credentials of this {@code User}
* object. Any changes to the returned {@code Dictionary} object will change
* the credentials of this {@code User} object. This will cause a
* {@code UserAdminEvent} object of type {@link UserAdminEvent#ROLE_CHANGED}
* to be broadcast to any {@code UserAdminListeners} objects.
*
* <p>
* Only objects of type {@code String} may be used as credential keys, and
* only objects of type {@code String} or of type {@code byte[]} may be used
* as credential values. Any other types will cause an exception of type
* {@code IllegalArgumentException} to be raised.
*
* <p>
* In order to retrieve a credential from the returned {@code Dictionary}
* object, a {@link UserAdminPermission} named after the credential name (or
* a prefix of it) with action {@code getCredential} is required.
* <p>
* In order to add or remove a credential from the returned
* {@code Dictionary} object, a {@link UserAdminPermission} named after the
* credential name (or a prefix of it) with action {@code changeCredential}
* is required.
*
* @return {@code Dictionary} object containing the credentials of this
* {@code User} object.
*/
public Dictionary getCredentials();
/**
* Checks to see if this {@code User} object has a credential with the
* specified {@code key} set to the specified {@code value}.
*
* <p>
* If the specified credential {@code value} is not of type {@code String}
* or {@code byte[]}, it is ignored, that is, {@code false} is returned (as
* opposed to an {@code IllegalArgumentException} being raised).
*
* @param key The credential {@code key}.
* @param value The credential {@code value}.
*
* @return {@code true} if this user has the specified credential;
* {@code false} otherwise.
*
* @throws SecurityException If a security manager exists and the caller
* does not have the {@code UserAdminPermission} named after the
* credential key (or a prefix of it) with action
* {@code getCredential}.
*/
public boolean hasCredential(String key, Object value);
}
|
