1   package org.apache.turbine.services.security;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   *   http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  
22  
23  import org.apache.turbine.om.security.Group;
24  import org.apache.turbine.om.security.Permission;
25  import org.apache.turbine.om.security.Role;
26  import org.apache.turbine.om.security.User;
27  import org.apache.turbine.services.TurbineServices;
28  import org.apache.turbine.util.security.AccessControlList;
29  import org.apache.turbine.util.security.DataBackendException;
30  import org.apache.turbine.util.security.EntityExistsException;
31  import org.apache.turbine.util.security.GroupSet;
32  import org.apache.turbine.util.security.PasswordMismatchException;
33  import org.apache.turbine.util.security.PermissionSet;
34  import org.apache.turbine.util.security.RoleSet;
35  import org.apache.turbine.util.security.TurbineSecurityException;
36  import org.apache.turbine.util.security.UnknownEntityException;
37  
38  /**
39   * This is a Facade class for SecurityService.
40   *
41   * This class provides static methods that call related methods of the
42   * implementation of SecurityService used by the System, according to
43   * the settings in TurbineResources.
44   * <br>
45   *
46   * <a name="global">
47   * <p> Certain Roles that the Users may have in the system may are not related
48   * to any specific resource nor entity. They are assigned within a special group
49   * named 'global' that can be referenced in the code as
50   * {@link org.apache.turbine.om.security.Group#GLOBAL_GROUP_NAME}.
51   *
52   * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a>
53   * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
54   * @version $Id: TurbineSecurity.java 1096130 2011-04-23 10:37:19Z ludwig $
55   */
56  public abstract class TurbineSecurity
57  {
58      /**
59       * Retrieves an implementation of SecurityService, base on the settings in
60       * TurbineResources.
61       *
62       * @return an implementation of SecurityService.
63       */
64      public static SecurityService getService()
65      {
66          return (SecurityService) TurbineServices.getInstance().
67                  getService(SecurityService.SERVICE_NAME);
68      }
69  
70      /*-----------------------------------------------------------------------
71        Management of User objects
72        -----------------------------------------------------------------------*/
73  
74      /**
75       * This method provides client-side encryption of passwords.
76       *
77       * This is an utility method that is used by other classes to maintain
78       * a consistent approach to encrypting password. The behavior of the
79       * method can be configured in service's properties.
80       *
81       * @param password the password to process
82       * @return processed password
83       */
84      public static String encryptPassword(String password)
85      {
86          return getService().encryptPassword(password);
87      }
88  
89      /**
90       * This method provides client-side encryption of passwords.
91       *
92       * This is an utility method that is used by other classes to maintain
93       * a consistent approach to encrypting password. The behavior of the
94       * method can be configured in service's properties.
95       *
96       * @param password the password to process
97       * @param salt the supplied salt to encrypt the password
98       * @return processed password
99       */
100     public static String encryptPassword(String password, String salt)
101     {
102         return getService().encryptPassword(password, salt);
103     }
104 
105     /**
106      * Checks if a supplied password matches the encrypted password
107      *
108      * @param checkpw      The clear text password supplied by the user
109      * @param encpw        The current, encrypted password
110      *
111      * @return true if the password matches, else false
112      *
113      */
114 
115     public static boolean checkPassword(String checkpw, String encpw)
116     {
117         return getService().checkPassword(checkpw, encpw);
118     }
119 
120     /*-----------------------------------------------------------------------
121       Getting Object Classes
122       -----------------------------------------------------------------------*/
123 
124     /**
125      * Returns the Class object for the implementation of User interface
126      * used by the system.
127      *
128      * @return the implementation of User interface used by the system.
129      * @throws UnknownEntityException if the system's implementation of User
130      *         interface could not be determined.
131      */
132     public static Class getUserClass()
133             throws UnknownEntityException
134     {
135         return getService().getUserClass();
136     }
137 
138     /**
139      * Returns the Class object for the implementation of Group interface
140      * used by the system.
141      *
142      * @return the implementation of Group interface used by the system.
143      * @throws UnknownEntityException if the system's implementation of Group
144      *         interface could not be determined.
145      */
146     public static Class getGroupClass()
147         throws UnknownEntityException
148     {
149         return getService().getGroupClass();
150     }
151 
152     /**
153      * Returns the Class object for the implementation of Permission interface
154      * used by the system.
155      *
156      * @return the implementation of Permission interface used by the system.
157      * @throws UnknownEntityException if the system's implementation of Permission
158      *         interface could not be determined.
159      */
160     public static Class getPermissionClass()
161         throws UnknownEntityException
162     {
163         return getService().getPermissionClass();
164     }
165 
166     /**
167      * Returns the Class object for the implementation of Role interface
168      * used by the system.
169      *
170      * @return the implementation of Role interface used by the system.
171      * @throws UnknownEntityException if the system's implementation of Role
172      *         interface could not be determined.
173      */
174     public static Class getRoleClass()
175         throws UnknownEntityException
176     {
177         return getService().getRoleClass();
178     }
179 
180     /**
181      * Construct a blank User object.
182      *
183      * This method calls getUserClass, and then creates a new object using
184      * the default constructor.
185      *
186      * @return an object implementing User interface.
187      * @throws UnknownEntityException if the object could not be instantiated.
188      */
189     public static User getUserInstance()
190             throws UnknownEntityException
191     {
192         return getService().getUserInstance();
193     }
194 
195     /**
196      * Returns the configured UserManager.
197      *
198      * @return An UserManager object
199      */
200     public static UserManager getUserManager()
201     {
202         return getService().getUserManager();
203     }
204 
205     /**
206      * Configure a new user Manager.
207      *
208      * @param userManager An UserManager object
209      */
210     public void setUserManager(UserManager userManager)
211     {
212         getService().setUserManager(userManager);
213     }
214 
215     /**
216      * Check whether a specified user's account exists.
217      *
218      * The login name is used for looking up the account.
219      *
220      * @param user The user to be checked.
221      * @return true if the specified account exists
222      * @throws DataBackendException if there was an error accessing the data
223      *         backend.
224      */
225     public static boolean accountExists(User user)
226             throws DataBackendException
227     {
228         return getService().accountExists(user);
229     }
230 
231     /**
232      * Check whether a specified user's account exists.
233      *
234      * The login name is used for looking up the account.
235      *
236      * @param userName The name of the user to be checked.
237      * @return true if the specified account exists
238      * @throws DataBackendException if there was an error accessing the data
239      *         backend.
240      */
241     public static boolean accountExists(String userName)
242             throws DataBackendException
243     {
244         return getService().accountExists(userName);
245     }
246 
247     /**
248      * Authenticates an user, and constructs an User object to represent
249      * him/her.
250      *
251      * @param username The user name.
252      * @param password The user password.
253      * @return An authenticated Turbine User.
254      * @throws DataBackendException if there was an error accessing the data
255      *         backend.
256      * @throws UnknownEntityException if user account is not present.
257      * @throws PasswordMismatchException if the supplied password was incorrect.
258      */
259     public static User getAuthenticatedUser(String username, String password)
260             throws DataBackendException, UnknownEntityException,
261             PasswordMismatchException
262     {
263         return getService().getAuthenticatedUser(username, password);
264     }
265 
266     /**
267      * Constructs an User object to represent a registered user of the
268      * application.
269      *
270      * @param username The user name.
271      * @return A Turbine User.
272      * @throws DataBackendException if there was an error accessing the data
273      *         backend.
274      * @throws UnknownEntityException if user account is not present.
275      */
276     public static User getUser(String username)
277             throws DataBackendException, UnknownEntityException
278     {
279         return getService().getUser(username);
280     }
281 
282     /**
283      * Constructs an User object to represent an anonymous user of the
284      * application.
285      *
286      * @return An anonymous Turbine User.
287      * @throws UnknownEntityException if the anonymous User object couldn't be
288      *         constructed.
289      */
290     public static User getAnonymousUser()
291             throws UnknownEntityException
292     {
293         return getService().getAnonymousUser();
294     }
295 
296     /**
297      * Checks whether a passed user object matches the anonymous user pattern
298      * according to the configured service
299      *
300      * @param user A user object
301      * @return True if this is an anonymous user
302      */
303     public static boolean isAnonymousUser(User user)
304     {
305         return getService().isAnonymousUser(user);
306     }
307 
308     /**
309      * Saves User's data in the permanent storage. The user account is required
310      * to exist in the storage.
311      *
312      * @param user The User object to save.
313      * @throws UnknownEntityException if the user's account does not
314      *         exist in the database.
315      * @throws DataBackendException if there is a problem accessing the
316      *         storage.
317      */
318     public static void saveUser(User user)
319             throws UnknownEntityException, DataBackendException
320     {
321         getService().saveUser(user);
322     }
323 
324     /**
325      * Saves User data when the session is unbound. The user account is required
326      * to exist in the storage.
327      *
328      * LastLogin, AccessCounter, persistent pull tools, and any data stored
329      * in the permData hashtable that is not mapped to a column will be saved.
330      *
331      * @exception UnknownEntityException if the user's account does not
332      *            exist in the database.
333      * @exception DataBackendException if there is a problem accessing the
334      *            storage.
335      */
336     public static void saveOnSessionUnbind(User user)
337             throws UnknownEntityException, DataBackendException
338     {
339         getService().saveOnSessionUnbind(user);
340     }
341 
342     /**
343      * Change the password for an User.
344      *
345      * @param user an User to change password for.
346      * @param oldPassword the current password supplied by the user.
347      * @param newPassword the current password requested by the user.
348      * @throws PasswordMismatchException if the supplied password was
349      *         incorrect.
350      * @throws UnknownEntityException if the user's record does not
351      *         exist in the database.
352      * @throws DataBackendException if there is a problem accessing the
353      *         storage.
354      */
355     public static void changePassword(User user, String oldPassword,
356                                       String newPassword)
357             throws PasswordMismatchException, UnknownEntityException,
358             DataBackendException
359     {
360         getService().changePassword(user, oldPassword, newPassword);
361     }
362 
363     /**
364      * Forcibly sets new password for an User.
365      *
366      * This is supposed by the administrator to change the forgotten or
367      * compromised passwords. Certain implementatations of this feature
368      * would require administrative level access to the authenticating
369      * server / program.
370      *
371      * @param user an User to change password for.
372      * @param password the new password.
373      * @throws UnknownEntityException if the user's record does not
374      *         exist in the database.
375      * @throws DataBackendException if there is a problem accessing the
376      *         storage.
377      */
378     public static void forcePassword(User user, String password)
379             throws UnknownEntityException, DataBackendException
380     {
381         getService().forcePassword(user, password);
382     }
383 
384     /*-----------------------------------------------------------------------
385       Creation of AccessControlLists
386       -----------------------------------------------------------------------*/
387 
388     /**
389      * Constructs an AccessControlList for a specific user.
390      *
391      * @param user the user for whom the AccessControlList are to be retrieved
392      * @return The AccessControList object constructed from the user object.
393      * @throws DataBackendException if there was an error accessing the data
394      *         backend.
395      * @throws UnknownEntityException if user account is not present.
396      */
397     public static AccessControlList getACL(User user)
398             throws DataBackendException, UnknownEntityException
399     {
400         return getService().getACL(user);
401     }
402 
403     /*-----------------------------------------------------------------------
404       Security management
405       -----------------------------------------------------------------------*/
406 
407     /**
408      * Grant an User a Role in a Group.
409      *
410      * @param user the user.
411      * @param group the group.
412      * @param role the role.
413      * @throws DataBackendException if there was an error accessing the data
414      *         backend.
415      * @throws UnknownEntityException if user account, group or role is not
416      *         present.
417      */
418     public static void grant(User user, Group group, Role role)
419             throws DataBackendException, UnknownEntityException
420     {
421         getService().grant(user, group, role);
422     }
423 
424     /**
425      * Revoke a Role in a Group from an User.
426      *
427      * @param user the user.
428      * @param group the group.
429      * @param role the role.
430      * @throws DataBackendException if there was an error accessing the data
431      *         backend.
432      * @throws UnknownEntityException if user account, group or role is not
433      *         present.
434      */
435     public static void revoke(User user, Group group, Role role)
436             throws DataBackendException, UnknownEntityException
437     {
438         getService().revoke(user, group, role);
439     }
440 
441     /**
442      * Revokes all roles from an User.
443      *
444      * This method is used when deleting an account.
445      *
446      * @param user the User.
447      * @throws DataBackendException if there was an error accessing the data
448      *         backend.
449      * @throws UnknownEntityException if the account is not present.
450      */
451     public static void revokeAll(User user)
452             throws DataBackendException, UnknownEntityException
453     {
454         getService().revokeAll(user);
455     }
456 
457     /**
458      * Grants a Role a Permission
459      *
460      * @param role the Role.
461      * @param permission the Permission.
462      * @throws DataBackendException if there was an error accessing the data
463      *         backend.
464      * @throws UnknownEntityException if role or permission is not present.
465      */
466     public static void grant(Role role, Permission permission)
467             throws DataBackendException, UnknownEntityException
468     {
469         getService().grant(role, permission);
470     }
471 
472     /**
473      * Revokes a Permission from a Role.
474      *
475      * @param role the Role.
476      * @param permission the Permission.
477      * @throws DataBackendException if there was an error accessing the data
478      *         backend.
479      * @throws UnknownEntityException if role or permission is not present.
480      */
481     public static void revoke(Role role, Permission permission)
482             throws DataBackendException, UnknownEntityException
483     {
484         getService().revoke(role, permission);
485     }
486 
487     /**
488      * Revokes all permissions from a Role.
489      *
490      * This method is user when deleting a Role.
491      *
492      * @param role the Role
493      * @throws DataBackendException if there was an error accessing the data
494      *         backend.
495      * @throws  UnknownEntityException if the Role is not present.
496      */
497     public static void revokeAll(Role role)
498             throws DataBackendException, UnknownEntityException
499     {
500         getService().revokeAll(role);
501     }
502 
503     /*-----------------------------------------------------------------------
504       Account management
505       -----------------------------------------------------------------------*/
506 
507     /**
508      * Creates new user account with specified attributes.
509      *
510      * <strong>TODO</strong> throw more specific exception<br>
511      *
512      * @param user the object describing account to be created.
513      * @param password password for the new user
514      * @throws DataBackendException if there was an error accessing the data
515      *         backend.
516      * @throws EntityExistsException if the user account already exists.
517      */
518     public static void addUser(User user, String password)
519             throws DataBackendException, EntityExistsException
520     {
521         getService().addUser(user, password);
522     }
523 
524     /**
525      * Removes an user account from the system.
526      *
527      * <strong>TODO</strong> throw more specific exception<br>
528      *
529      * @param user the object describing the account to be removed.
530      * @throws DataBackendException if there was an error accessing the data
531      *         backend.
532      * @throws UnknownEntityException if the user account is not present.
533      */
534     public static void removeUser(User user)
535             throws DataBackendException, UnknownEntityException
536     {
537         getService().removeUser(user);
538     }
539 
540     /*-----------------------------------------------------------------------
541       Group/Role/Permission management
542       -----------------------------------------------------------------------*/
543     /**
544      * Provides a reference to the Group object that represents the
545      * <a name="global">global group</a>.
546      *
547      * @return a Group object that represents the global group.
548      */
549     public static Group getGlobalGroup()
550     {
551         return getService().getGlobalGroup();
552     }
553 
554     /**
555      * Creates a new Group in the system. This is a convenience
556      * method.
557      *
558      * @param name The name of the new Group.
559      * @return An object representing the new Group.
560      * @throws TurbineSecurityException if the Group could not be created.
561      */
562     public static Group createGroup(String name)
563             throws TurbineSecurityException
564     {
565         return getService().addGroup(getGroupInstance(name));
566     }
567 
568     /**
569      * Creates a new Permission in the system. This is a convenience
570      * method.
571      *
572      * @param name The name of the new Permission.
573      * @return An object representing the new Permission.
574      * @throws TurbineSecurityException if the Permission could not be created.
575      */
576     public static Permission createPermission(String name)
577             throws TurbineSecurityException
578     {
579         return getService().addPermission(getPermissionInstance(name));
580     }
581 
582     /**
583      * Creates a new Role in the system. This is a convenience
584      * method.
585      *
586      * @param name The name of the Role.
587      *
588      * @return An object representing the new Role.
589      *
590      * @throws TurbineSecurityException if the Role could not be created.
591      */
592     public static Role createRole(String name)
593         throws TurbineSecurityException
594     {
595         return getService().addRole(getRoleInstance(name));
596     }
597 
598     /**
599      * Retrieve a Group object with specified name.
600      *
601      * @param groupName The name of the Group to be retrieved.
602      * @return an object representing the Group with specified name.
603      * @throws DataBackendException if there was an error accessing the data
604      *         backend.
605      * @throws UnknownEntityException if the Group is not present.
606      */
607     public static Group getGroupByName(String groupName)
608             throws DataBackendException, UnknownEntityException
609     {
610         return getService().getGroupByName(groupName);
611     }
612 
613     /**
614      * Retrieve a Group object with specified Id.
615      *
616      * @param name the name of the Group.
617      *
618      * @return an object representing the Group with specified name.
619      *
620      * @exception UnknownEntityException if the permission does not
621      *            exist in the database.
622      * @exception DataBackendException if there is a problem accessing the
623      *            storage.
624      */
625     public static Group getGroupById(int groupId)
626             throws DataBackendException,
627                    UnknownEntityException
628     {
629         return getService().getGroupById(groupId);
630     }
631 
632     /**
633      * Construct a blank Group object.
634      *
635      * This method calls getGroupClass, and then creates a new object using
636      * the default constructor.
637      *
638      * @param groupName The name of the Group
639      *
640      * @return an object implementing Group interface.
641      *
642      * @throws UnknownEntityException if the object could not be instantiated.
643      */
644     public static Group getGroupInstance(String groupName)
645             throws UnknownEntityException
646     {
647         return getService().getGroupInstance(groupName);
648     }
649 
650     /**
651      * Construct a blank Role object.
652      *
653      * This method calls getRoleClass, and then creates a new object using
654      * the default constructor.
655      *
656      * @param roleName The name of the role.
657      *
658      * @return an object implementing Role interface.
659      *
660      * @throws UnknownEntityException if the object could not be instantiated.
661      */
662     public static Role getRoleInstance(String roleName)
663             throws UnknownEntityException
664     {
665         return getService().getRoleInstance(roleName);
666     }
667 
668     /**
669      * Construct a blank Permission object.
670      *
671      * This method calls getPermissionClass, and then creates a new object using
672      * the default constructor.
673      *
674      * @param permName The name of the permission.
675      *
676      * @return an object implementing Permission interface.
677      * @throws UnknownEntityException if the object could not be instantiated.
678      */
679     public static Permission getPermissionInstance(String permName)
680             throws UnknownEntityException
681     {
682         return getService().getPermissionInstance(permName);
683     }
684 
685     /**
686      * Retrieve a Role object with specified name.
687      *
688      * @param roleName The name of the Role to be retrieved.
689      * @return an object representing the Role with specified name.
690      * @throws DataBackendException if there was an error accessing the data
691      *         backend.
692      * @throws UnknownEntityException if the Role is not present.
693      */
694     public static Role getRoleByName(String roleName)
695             throws DataBackendException, UnknownEntityException
696     {
697         return getService().getRoleByName(roleName);
698     }
699 
700     /**
701      * Retrieve a Role object with specified Id.
702      *
703      * @param name the name of the Role.
704      *
705      * @return an object representing the Role with specified name.
706      *
707      * @exception UnknownEntityException if the permission does not
708      *            exist in the database.
709      * @exception DataBackendException if there is a problem accessing the
710      *            storage.
711      */
712     public static Role getRoleById(int roleId)
713             throws DataBackendException,
714                    UnknownEntityException
715     {
716         return getService().getRoleById(roleId);
717     }
718 
719     /**
720      * Retrieve a Permission object with specified name.
721      *
722      * @param permissionName The name of the Permission to be retrieved.
723      * @return an object representing the Permission with specified name.
724      * @throws DataBackendException if there was an error accessing the data
725      *         backend.
726      * @throws UnknownEntityException if the Permission is not present.
727      */
728     public static Permission getPermissionByName(String permissionName)
729             throws DataBackendException, UnknownEntityException
730     {
731         return getService().getPermissionByName(permissionName);
732     }
733 
734     /**
735      * Retrieve a Permission object with specified Id.
736      *
737      * @param name the name of the Permission.
738      *
739      * @return an object representing the Permission with specified name.
740      *
741      * @exception UnknownEntityException if the permission does not
742      *            exist in the database.
743      * @exception DataBackendException if there is a problem accessing the
744      *            storage.
745      */
746     public static Permission getPermissionById(int permissionId)
747             throws DataBackendException,
748                    UnknownEntityException
749     {
750         return getService().getPermissionById(permissionId);
751     }
752 
753     /**
754      * Retrieve a set of Groups that meet the specified Criteria.
755      *
756      * @param criteria A Criteria of Group selection.
757      * @return a set of Groups that meet the specified Criteria.
758      * @throws DataBackendException if there was an error accessing the data
759      *         backend.
760      */
761     public static GroupSet getGroups(Object criteria)
762             throws DataBackendException
763     {
764         return getService().getGroups(criteria);
765     }
766 
767     /**
768      * Retrieve a set of Roles that meet the specified Criteria.
769      *
770      * @param criteria a Criteria of Roles selection.
771      * @return a set of Roles that meet the specified Criteria.
772      * @throws DataBackendException if there was an error accessing the data
773      *         backend.
774      */
775     public static RoleSet getRoles(Object criteria)
776             throws DataBackendException
777     {
778         return getService().getRoles(criteria);
779     }
780 
781     /**
782      * Retrieve a set of Permissions that meet the specified Criteria.
783      *
784      * @param criteria a Criteria of Permissions selection.
785      * @return a set of Permissions that meet the specified Criteria.
786      * @throws DataBackendException if there was an error accessing the data
787      *         backend.
788      */
789     public static PermissionSet getPermissions(Object criteria)
790             throws DataBackendException
791     {
792         return getService().getPermissions(criteria);
793     }
794 
795     /**
796      * Retrieves all groups defined in the system.
797      *
798      * @return the names of all groups defined in the system.
799      * @throws DataBackendException if there was an error accessing the data
800      *         backend.
801      */
802     public static GroupSet getAllGroups()
803             throws DataBackendException
804     {
805         return getService().getAllGroups();
806     }
807 
808     /**
809      * Retrieves all roles defined in the system.
810      *
811      * @return the names of all roles defined in the system.
812      * @throws DataBackendException if there was an error accessing the data
813      *         backend.
814      */
815     public static RoleSet getAllRoles()
816             throws DataBackendException
817     {
818         return getService().getAllRoles();
819     }
820 
821     /**
822      * Retrieves all permissions defined in the system.
823      *
824      * @return the names of all roles defined in the system.
825      * @throws DataBackendException if there was an error accessing the data
826      *         backend.
827      */
828     public static PermissionSet getAllPermissions()
829             throws DataBackendException
830     {
831         return getService().getAllPermissions();
832     }
833 
834     /**
835      * Retrieves all permissions associated with a role.
836      *
837      * @param role the role name, for which the permissions are to be retrieved.
838      * @return the Permissions for the specified role
839      * @throws DataBackendException if there was an error accessing the data
840      *         backend.
841      * @throws UnknownEntityException if the role is not present.
842      */
843     public static PermissionSet getPermissions(Role role)
844             throws DataBackendException, UnknownEntityException
845     {
846         return getService().getPermissions(role);
847     }
848 
849     /**
850      * Stores Group's attributes. The Groups is required to exist in the system.
851      *
852      * @param group The Group to be stored.
853      * @throws DataBackendException if there was an error accessing the data
854      *         backend.
855      * @throws UnknownEntityException if the group does not exist.
856      */
857     public static void saveGroup(Group group)
858             throws DataBackendException, UnknownEntityException
859     {
860         getService().saveGroup(group);
861     }
862 
863     /**
864      * Stores Role's attributes. The Roles is required to exist in the system.
865      *
866      * @param role The Role to be stored.
867      * @throws DataBackendException if there was an error accessing the data
868      *         backend.
869      * @throws UnknownEntityException if the role does not exist.
870      */
871     public static void saveRole(Role role)
872             throws DataBackendException, UnknownEntityException
873     {
874         getService().saveRole(role);
875     }
876 
877     /**
878      * Stores Permission's attributes. The Permissions is required to exist in
879      * the system.
880      *
881      * @param permission The Permission to be stored.
882      * @throws DataBackendException if there was an error accessing the data
883      *         backend.
884      * @throws UnknownEntityException if the permission does not exist.
885      */
886     public static void savePermission(Permission permission)
887             throws DataBackendException, UnknownEntityException
888     {
889         getService().savePermission(permission);
890     }
891 
892     /**
893      * Creates a new group with specified attributes.
894      *
895      * @param group the object describing the group to be created.
896      * @throws DataBackendException if there was an error accessing the data
897      *         backend.
898      * @throws EntityExistsException if the group already exists.
899      */
900     public static void addGroup(Group group)
901             throws DataBackendException, EntityExistsException
902     {
903         getService().addGroup(group);
904     }
905 
906     /**
907      * Creates a new role with specified attributes.
908      *
909      * @param role the objects describing the role to be created.
910      * @throws DataBackendException if there was an error accessing the data
911      *         backend.
912      * @throws EntityExistsException if the role already exists.
913      */
914     public static void addRole(Role role)
915             throws DataBackendException, EntityExistsException
916     {
917         getService().addRole(role);
918     }
919 
920     /**
921      * Creates a new permission with specified attributes.
922      *
923      * @param permission the objects describing the permission to be created.
924      * @throws DataBackendException if there was an error accessing the data
925      *         backend.
926      * @throws EntityExistsException if the permission already exists.
927      */
928     public static void addPermission(Permission permission)
929             throws DataBackendException, EntityExistsException
930     {
931         getService().addPermission(permission);
932     }
933 
934     /**
935      * Removes a Group from the system.
936      *
937      * @param group the object describing group to be removed.
938      * @throws DataBackendException if there was an error accessing the data
939      *         backend.
940      * @throws UnknownEntityException if the group does not exist.
941      */
942     public static void removeGroup(Group group)
943             throws DataBackendException, UnknownEntityException
944     {
945         getService().removeGroup(group);
946     }
947 
948     /**
949      * Removes a Role from the system.
950      *
951      * @param role The object describing the role to be removed.
952      * @throws DataBackendException if there was an error accessing the data backend.
953      * @throws UnknownEntityException if the role does not exist.
954      */
955     public static void removeRole(Role role)
956             throws DataBackendException, UnknownEntityException
957     {
958         getService().removeRole(role);
959     }
960 
961     /**
962      * Removes a Permission from the system.
963      *
964      * @param permission The object describing the permission to be removed.
965      * @throws DataBackendException if there was an error accessing the data
966      *         backend.
967      * @throws UnknownEntityException if the permission does not exist.
968      */
969     public static void removePermission(Permission permission)
970             throws DataBackendException, UnknownEntityException
971     {
972         getService().removePermission(permission);
973     }
974 
975     /**
976      * Renames an existing Group.
977      *
978      * @param group The object describing the group to be renamed.
979      * @param name the new name for the group.
980      * @throws DataBackendException if there was an error accessing the data
981      *         backend.
982      * @throws UnknownEntityException if the group does not exist.
983      */
984     public static void renameGroup(Group group, String name)
985             throws DataBackendException, UnknownEntityException
986     {
987         getService().renameGroup(group, name);
988     }
989 
990     /**
991      * Renames an existing Role.
992      *
993      * @param role The object describing the role to be renamed.
994      * @param name the new name for the role.
995      * @throws DataBackendException if there was an error accessing the data
996      *         backend.
997      * @throws UnknownEntityException if the role does not exist.
998      */
999     public static void renameRole(Role role, String name)
1000             throws DataBackendException, UnknownEntityException
1001     {
1002         getService().renameRole(role, name);
1003     }
1004 
1005     /**
1006      * Renames an existing Permission.
1007      *
1008      * @param permission The object describing the permission to be renamed.
1009      * @param name the new name for the permission.
1010      * @throws DataBackendException if there was an error accessing the data
1011      *         backend.
1012      * @throws UnknownEntityException if the permission does not exist.
1013      */
1014     public static void renamePermission(Permission permission, String name)
1015             throws DataBackendException, UnknownEntityException
1016     {
1017         getService().renamePermission(permission, name);
1018     }
1019 }