[prev in list] [next in list] [prev in thread] [next in thread]
List: java-apache-james
Subject: [Proposal] UsersStore
From: Charles Benett <charles () benett1 ! demon ! co ! uk>
Date: 2001-01-24 9:58:35
[Download RAW message or body]
In the current cvs, unlike James 1.2.1, the user storage is a seperate
Avalon block. This would allow it to be used by other blocks than the
James mailserver. It also seperates the concerns.
At the moment, the internals are pretty much the same as 1.2.1, however,
given requests for:
1) Changing passwords
2) Virtual hosts
3) stuff I need to do to get the IMAP thingy working
So, here's my proposal:
We have a UsersStore which is a collction of UserRepositories.
Each UserRepository is a set of Users. For example, each virtual host
and email list would have its own repository. (Pretty much like now)
UserRepositories have Administrators and Readers. Administrators can
add/remove users from that repository. Readers can count and list the
members of that repository.
Users have names, passwords and may be able to set their own passwords.
I think, the way the interfaces below are written, that you could
either:
1) implement the UsersStore as the master set of Users, with
UserRepositories being views into the set. (in this case, the class
implementing UserStore would also implement UserRepository and you
probably only want the admin of UserStore to be able to reset user
passwords) , or
2) implement each UserRepository independently
The conf file section would then be like the cvs one:
<!-- The User Storage block -->
<block class="org.apache.james.core.AvalonUsersStore"
name="users-store" >
<!-- Configure file based user store here, defaults should be
fine -->
<provide name="objectstorage"
role="org.apache.avalon.services.Store"/>
<configuration>
<repository name="LocalUsers"
class="org.apache.james.usersrepository.UsersFileRepository">
<destination URL="file://../var/users/"/>
</repository>
<!-- Uncomment this to store users in an RDBMS
<repository name="LocalUsers"
class="org.apache.james.usersrepository.UsersTownRepository">
<destination URL="town://users/">
<conn>file:///var/maildatabase</conn>
<table>Users</table>
</repository>
-->
<repository name="list-james"
class="org.apache.james.usersrepository.UsersFileRepository">
<destination URL="file://../var/lists/list-james/"/>
</repository>
</configuration>
</block>
where the name attribute would be either a (virtual) host or an e-mail
list
Well, I'm doing this in a rush, so I'm not sure its very well explained.
Questions welcome!
Charles
=========================
Interfaces follow
/*****************************************************************************
* Copyright (C) The Apache Software Foundation. All rights
reserved. *
*
-------------------------------------------------------------------------
*
* This software is published under the terms of the Apache Software
License *
* version 1.1, a copy of which has been included with this
distribution in *
* the LICENSE
file. *
*****************************************************************************/
package org.apache.james;
/**
* Interface for objects representing a User on a James system.
* <p>Each entry in the usersRepository has four parts:
* <br>Name, e.g. local part of an email address
* <br>Password
* <br>Rights:
* <ul>
* <li> READ - Can read own attributes.
* <li> WRITE - Can change own password or attributes.
* </ul>
* <br>Attributes: an Object with other attributes of the user
*
* @author <a href="mailto:charles@benett1.demon.co.uk">Charles
Benett</a>
* @version 0.1 on 14 Dec 2000
*/
public interface User {
/**
* Returns the name of the user.
* <br>Example 1: 'Harry.Potter'
* <br>Example 2: 'johnsmith'
* <p>Note: there is no setName method
*
* @returns String name of this user
*/
public String getName();
/**
* Sets the password for this user, if setter has Write rights.
*
* @param setter String name of user attempting to set the password
* @param password String the password being set.
* @returns true if password successfully set, false otherwise.
(Implementations
* may specify minimum standards for passwords)
* @throws AuthorizationException if specified setter does not have
the
* right to set the password. (Must either be any user with ADMIN
rights
* or this user with WRITE rights.)
*/
public boolean setPassword(String setter, String password)
throws AuthorizationException;
/**
* Verify that specified test is the password of this user. Note
that there
* is no getPassword method. Implementations are recommended, but
not required,
* to use a secure storage for passwords, such as a one-way hash.
*
* @param test String the alleged password being tested.
* @returns true if test is the password of this user
*/
public boolean testPassword(String test);
/**
* Indicate if user can call getAttributes().
*
* @param setter String name of user attempting to set this right
* @param rights boolean true if user has READ rights
* @returns boolean true if rights set successfully
* @throws AuthorizationException if specified setter does not have
the
* right to set rights. (Must have ADMIN rights)
*/
public boolean setReadRights(String setter, boolean rights)
throws AuthorizationException;
/**
* Indicates if this user can call getAttributes on themselves..
*
* @returns true if this user has READ rights
* returns false.
*/
public boolean hasReadRights() ;
/**
* Indicate if user can call setPassword().
*
* @param setter String name of user attempting to set this right
* @param rights boolean true if user has WRITE rights
* @returns boolean true if rights set successfully
* @throws AuthorizationException if specified setter does not have
the
* right to set rights. (Must have ADMIN rights)
*/
public boolean setWriteRights(String setter, boolean rights)
throws AuthorizationException;
/**
* Indicates if this user can call setPassword on themselves.
*
* @returns true if this user has WRITE rights
*/
public boolean hasWriteRights() ;
/**
* Set attributes object for this user
*/
public boolean setAttributes(String setter, Object attributes)
throws AuthorizationException;
/**
* Read attributes for this user
*/
public Object getAttributes(String getter)
throws AuthorizationException;
}
/*****************************************************************************
* Copyright (C) The Apache Software Foundation. All rights
reserved. *
*
-------------------------------------------------------------------------
*
* This software is published under the terms of the Apache Software
License *
* version 1.1, a copy of which has been included with this
distribution in *
* the LICENSE
file. *
*****************************************************************************/
package org.apache.james.services;
import java.util.Iterator;
import org.apache.avalon.*;
import org.apache.avalon.services.*;
import org.apache.james.User;
import org.apache.james.AuthorizationException;
/**
* Interface for a collection of users. Possible uses include users of
an
* email server or members of a mailing list.
*
*<p>Some users may have rights in the repository:
* <ul>
* <li> REPOSITORY_READ - Can read group attributes, including number of
users and list of users names, but not other users attributes.
* <li> ADMIN - Can add/delete users and read/write password or
attributes for any user.
* </ul>
*
* @version 1.0.0, 24/01/2001
* @author <a href="mailto:charles@benett1.demon.co.uk">Charles
Benett</a>
*/
public interface ProposedUsersRepository extends Service {
/**
* Adds a User to the repository. If any entry already exists with
this
* user's name, replaces existing entry with parameter.
* Setter must have ADMIN rights
*
* @param setter String name of user attempting to add this User
* @param user User object to be added
* @returns boolean true if user added successfully
* @throws AuthorizationException if specified setter does not have
the
* right to add users. (Must have ADMIN rights)
*/
public boolean addUser(String setter, User user)
throws AuthorizationException;
/**
* Gets the User object with the corresponding name
* <p>Getter must either be the user with READ rights or someone
* with ADMIN rights.
*
* @param getter String name of user attempting to get this User
* @param name the name of the user
* @returns the User object
* @throws AuthorizationException if specified setter does not have
the
* right to add users. (Must have ADMIN rights)
*/
public User getUser(String getter, String name)
throws AuthorizationException;
/**
* Removes a user from the repository. Remover must have ADMIN
rights.
*
* @param remover String name of user attempting to remove this User
* @param name the name of the user
* @throws AuthorizationException if specified remover does not have
the
* right to delete users. (Must have ADMIN rights)
*/
public void removeUser(String remover, String name)
throws AuthorizationException;
/**
* Removes a user from the repository. Remover must have ADMIN
rights.
*
* @param remover String name of user attempting to remove this User
* @param user the User object to be removed
* @throws AuthorizationException if specified remover does not have
the
* right to delete users. (Must have ADMIN rights)
*/
public void removeUser(String remover, User user)
throws AuthorizationException;
/**
* Assign REPOSITORY_READ rights to user.
*
* @param setter String name of user attempting to set these rights
* @param user the User getting the Read rights
* @throws AuthorizationException if specified setter does not have
the
* right to add read rights. (Must have ADMIN rights)
*/
public boolean addReadRights(String setter, User user)
throws AuthorizationException;
/**
* Remove REPOSITORY_READ rights from user.
*
* @param remover String name of user attempting to remove these
rights
* @param user the User losing the Read rights
* @throws AuthorizationException if specified remover does not have
the
* right to remove read rights. (Must have ADMIN rights)
*/
public boolean removeReadRights(String remover, User user)
throws AuthorizationException;
/**
* Assign ADMIN rights to user.
*
* @param setter String name of user attempting to set these rights
* @param user the User getting the Admin rights
* @throws AuthorizationException if specified setter does not have
the
* right to add admin rights. (Must have ADMIN rights)
*/
public boolean addAdminRights(String setter, User user)
throws AuthorizationException;
/**
* Remove ADMIN rights from user.
*
* @param remover String name of user attempting to remove these
rights
* @param user the User losing the Admin rights
* @throws AuthorizationException if specified remover does not have
the
* right to remove admin rights. (Must have ADMIN rights)
*/
public boolean removeReadRights(String remover, User user)
throws AuthorizationException;
/**
* Returns whether or not this user is in the repository.
*
* @param getter String name of user attempting to verify presence.
* @param name the name of the user
* @returns true if this repository contains a User with specified
name.
* @throws AuthorizationException if getter does not have
* REPOSITORY_READ rights.
*/
public boolean contains(String getter, String name)
throws AuthorizationException;
/**
* Returns a count of the users in the repository.
*
* @param getter String name of user attempting to count users.
* @returns int number of User objects in repository.
* @throws AuthorizationException if getter does not have
* REPOSITORY_READ rights.
*/
public int countUsers(String getter)
throws AuthorizationException;
/**
* List users in repository.
*
* @param getter String name of user attempting to list Users.
* @returns Iterator over a collection of Users, each being one user
in the repository.
* @throws AuthorizationException if getter does not have
* REPOSITORY_READ rights.
*/
public Iterator list(String getter)
throws AuthorizationException;
/**
* List users in repository.
*
* @param getter String name of user attempting to list user names.
* @returns Iterator over a collection of Strings, each being the
name of one user in the repository.
* @throws AuthorizationException if getter does not have
* REPOSITORY_READ rights.
*/
public Iterator listNames(String getter)
throws AuthorizationException;
/**
* Convenience method equivalent to getUser().testPassword()
*
* @returns true if this repository contains a User with specified
name, and that user has the specified password, otherwise false.
*/
public boolean test(String name, String password);
}
/*****************************************************************************
* Copyright (C) The Apache Software Foundation. All rights
reserved. *
*
-------------------------------------------------------------------------
*
* This software is published under the terms of the Apache Software
License *
* version 1.1, a copy of which has been included with this
distribution in *
* the LICENSE
file. *
*****************************************************************************/
package org.apache.james.services;
import org.apache.avalon.services.Service;
/**
* Interface for a Store of Users.
*
* @version 1.0.0, 24/01/2001
* @author <a href="mailto:charles@benett1.demon.co.uk">Charles
Benett</a>
*/
public interface ProposedUsersStore extends Service {
/**
* Create a view into the UsersStore
*
* @param name String name of Repository
* @param admin User with admin rights for repository, must be
non-null
* @returns true if repository successfully created, false otherwise
*/
boolean createRepository(String name, User Admin);
/**
* Return a sub-set of users
*/
UsersRepository getRepository(String name);
}
------------------------------------------------------------
To subscribe: james-on@list.working-dogs.com
To unsubscribe: james-off@list.working-dogs.com
Archives: <http://www.mail-archive.com/james%40list.working-dogs.com/>
Problems?: jons@apache.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic