policydatabase.java

这是linux下ssl vpn的实现程序

package com.sslexplorer.policyframework;

import java.util.List;

import com.sslexplorer.core.Database;
import com.sslexplorer.security.User;

/**
 * Implementations of this interface are responsible for all of the persistence
 * of policy related data as well as performing the logic in checking whether or
 * not a principal has access to a policy
 * 
 * @author Brett Smith <a href="mailto: brett@3sp.com">&lt;brett@3sp.com&gt;</a>
 * @version $Revision: 1.38 $
 */
public interface PolicyDatabase extends Database {
    /**
     * Register a new resource type.
     * 
     * @param resourceType resource type to register
     * @throws Exception on any error
     */
    public void registerResourceType(ResourceType resourceType) throws Exception ;
    
    /**
     * De-register an existing resource type
     * 
     * @param resourceType resource type to de-register
     * @throws Exception on any error
     */
    public void deregisterResourceType(ResourceType resourceType) throws Exception ;

    /**
     * Get the number of resource types that have been registered.
     * 
     * @return number of registered resource types
     */
    public int getResourceTypeCount();
    

    /**
     * Get a {@link List} of all registered {@link ResourceType}s.
     * 
     * @param permissionClass permission class or <code>null</code> for any
     * @return list of resource types
     * @throws Exception
     */
    public List getResourceTypes(String permissionClass) throws Exception;
    
    /**
     * Get a {@link Policy} given its ID.
     * 
     * @param id id of policy
     * @return policy
     * @throws Exception on any error
     */
    public Policy getPolicy(int id) throws Exception;
    
    /**
     * Update a policy. If the policy is nested it must contain the parent
     * {@link Policy}
     * 
     * @param policy policy to update
     * @throws Exception on any error
     */
    public void updatePolicy(Policy policy) throws Exception ;
    
    /**
     * Create a new policy. The returned {@link Policy} object will contain the
     * newly assigned policy ID
     * 
     * @param name policy name
     * @param description policy description
     * @param type policy type
     * @param nestedPolicies array of policy ids to add as child policies
     * @param parentResourcePermission id of resource permission that allowed
     *        creation of this resource
     * @return Policy created policy object
     * @throws Exception on any error
     */
    public Policy createPolicy(String name, String description, int type, int[] nestedPolicies, int parentResourcePermission) throws Exception;
    
    /**
     * Delete a policy. If this policy is a parent of other policies then all
     * child policies will also be deleted.
     * 
     * @param id policy to delete
     * @return deleted policy
     * @throws Exception on any error
     */
    public Policy deletePolicy(int id) throws Exception;

    /**
     * Return a list of all policies
     * 
     * @return list of top level policies
     * @throws Exception on any error
     */
    public List getPolicies() throws Exception;
 
    /**
     * Get if a principal has been graded a policy.
     * 
     * @param policy policy
     * @param principal principal
     * @return granted
     * @throws Exception on any error
     */
    public boolean isPolicyGrantedToPrincipal(Policy policy, Principal principal) throws Exception;

    /**
     * Grant a policy to a principal, giving it access to any resources that are
     * attached to the policy
     * 
     * @param policy policy to grant
     * @param principal principal to grant to
     * @throws Exception on any error
     */
    public void grantPolicyToPrincipal(Policy policy, Principal principal) throws Exception;

    /**
     * Revoke a policy from a principal, removing any access it may have to the
     * resources that are attached to the policy.
     * 
     * @param policy policy to revoke
     * @param principal principal to revoke policy from
     * @throws Exception on any error
     */
    public void revokePolicyFromPrincipal(Policy policy, Principal principal) throws Exception;

    /**
     * Revoke all policies from a specified principal
     *  
     * @param principal principal to revoke policies from
     * @throws Exception on any error
     */
    public void revokeAllPoliciesFromPrincipal(Principal principal)  throws Exception ;
    
    /**
     * Attach a resource to a policy, giving access to any principals that are
     * attached the policy.
     * 
     * @param resource resource to attach to policy
     * @param policy policy to attach resource to
     * @param sequence sequence
     * @throws Exception on any error
     */
    public void attachResourceToPolicy(Resource resource, Policy policy, int sequence) throws Exception;
    
    /**
     * Detach a resource from a policy, removing access from any principals that
     * are attached the policy.
     * 
     * @param resource resource to detach from the policy
     * @param policy policy to detach resource from
     * @throws Exception on any error
     */
    public void detachResourceFromPolicy(Resource resource, Policy policy) throws Exception;

    /**
     * Determine if the specified resource is attached to the specified policy
     * 
     * @param resource resource
     * @param policy policy
     * @return attached
     * @throws Exception
     */
    public boolean isResourceAttachedToPolicy(Resource resource, Policy policy) throws Exception;

    /**
     * Get if the provided {@link com.sslexplorer.policyframework.Principal} is
     * allowed to access the specified
     * {@link com.sslexplorer.policyframework.Resource}. If
     * <code>null</code> is provided as the resource, <code>true</code> will
     * be returned if the principal is allowed access to <strong>any</strong>
     * resource.
     * 
     * @param principal principal to test
     * @param resource resource to test. <code>null</code> will test for any
     *        resource.
     * @param includeSuperUser include the super user in the test for allowed
     * @return allowed
     * @throws Exception on any error
     */
    public boolean isPrincipalAllowed(Principal principal, Resource resource, boolean includeSuperUser) throws Exception;

    /**
     * Get the policy thats grants the specified principal access to the 
     * specified resource. 
     * 
     * @param principal principal
     * @param resource resource
     * @return policy that grants access or <code>null</code> if no policy grants access
     * @throws Exception on any error
     */
    public Policy getGrantingPolicy(Principal principal, Resource resource) throws Exception;


    /**
     * Get if the principal is granted access via its policies to any resources
     * of the given resource type. Supply <code>null</code> as the resource
     * type to test if the principal is allowed access to any resources of any
     * type.
     * <p>
     * Note that by default the super user will not be granted resources of
     * the specified type, its up to the caller to treat super user as a 
     * special case.
     * 
     * @param principal principal (user / role) to test against
     * @param resourceType resource type to match or <code>null</code> for any resource type
     * @param resourceTypesToExclude list of {@link ResourceType}s to exclude or null to exclude none
     * @return allowed
     * @throws Exception on any error
     */
    public boolean isPrincipalGrantedResourcesOfType(Principal principal, ResourceType resourceType, List resourceTypesToExclude) throws Exception;

    /**
     * Get the resources a principal is granted access via its policies
     * 
     * @param principal principal
     * @param resourceType resource type
     * @return List of {@link Integer} objects containing the ids of the