001 /*
002 *
003 * Licensed to the Apache Software Foundation (ASF) under one
004 * or more contributor license agreements. See the NOTICE file
005 * distributed with this work for additional information
006 * regarding copyright ownership. The ASF licenses this file
007 * to you under the Apache License, Version 2.0 (the
008 * "License"); you may not use this file except in compliance
009 * with the License. You may obtain a copy of the License at
010 *
011 * http://www.apache.org/licenses/LICENSE-2.0
012 *
013 * Unless required by applicable law or agreed to in writing,
014 * software distributed under the License is distributed on an
015 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
016 * KIND, either express or implied. See the License for the
017 * specific language governing permissions and limitations
018 * under the License.
019 *
020 */
021 package org.apache.qpid.server.security.auth.database;
022
023 import org.apache.qpid.server.security.auth.sasl.AuthenticationProviderInitialiser;
024
025 import java.io.IOException;
026 import java.io.UnsupportedEncodingException;
027 import java.security.Principal;
028 import java.util.Map;
029 import java.util.List;
030
031 import javax.security.auth.callback.PasswordCallback;
032 import javax.security.auth.login.AccountNotFoundException;
033
034 /** Represents a "user database" which is really a way of storing principals (i.e. usernames) and passwords. */
035 public interface PrincipalDatabase
036 {
037 /**
038 * Set the password for a given principal in the specified callback. This is used for certain SASL providers. The
039 * user database implementation should look up the password in any way it chooses and set it in the callback by
040 * calling its setPassword method.
041 *
042 * @param principal the principal
043 * @param callback the password callback that wants to receive the password
044 *
045 * @throws AccountNotFoundException if the account for specified principal could not be found
046 * @throws IOException if there was an error looking up the principal
047 */
048 void setPassword(Principal principal, PasswordCallback callback)
049 throws IOException, AccountNotFoundException;
050
051 /**
052 * Used to verify that the presented Password is correct. Currently only used by Management Console
053 * @param principal The principal to authenticate
054 * @param password The password to check
055 * @return true if password is correct
056 * @throws AccountNotFoundException if the principal cannot be found
057 */
058 boolean verifyPassword(String principal, char[] password)
059 throws AccountNotFoundException;
060
061 /**
062 * Update(Change) the password for the given principal
063 * @param principal Who's password is to be changed
064 * @param password The new password to use
065 * @return True if change was successful
066 * @throws AccountNotFoundException If the given principal doesn't exist in the Database
067 */
068 boolean updatePassword(Principal principal, char[] password)
069 throws AccountNotFoundException;
070
071 /**
072 * Create a new principal in the database
073 * @param principal The principal to create
074 * @param password The password to set for the principal
075 * @return True on a successful creation
076 */
077 boolean createPrincipal(Principal principal, char[] password);
078
079 /**
080 * Delete a principal
081 * @param principal The principal to delete
082 * @return True on a successful creation
083 * @throws AccountNotFoundException If the given principal doesn't exist in the Database
084 */
085 boolean deletePrincipal(Principal principal)
086 throws AccountNotFoundException;
087
088 /**
089 * Get the principal from the database with the given username
090 * @param username of the principal to lookup
091 * @return The Principal object for the given username or null if not found.
092 */
093 Principal getUser(String username);
094
095 /**
096 * Reload the database to its ensure contents are up to date
097 * @throws IOException If there was an error reloading the database
098 */
099 void reload() throws IOException;
100
101 public Map<String, AuthenticationProviderInitialiser> getMechanisms();
102
103
104 List<Principal> getUsers();
105 }
|