001    package org.apache.turbine.services.security;
002    
003    /*
004     * Licensed to the Apache Software Foundation (ASF) under one
005     * or more contributor license agreements.  See the NOTICE file
006     * distributed with this work for additional information
007     * regarding copyright ownership.  The ASF licenses this file
008     * to you under the Apache License, Version 2.0 (the
009     * "License"); you may not use this file except in compliance
010     * with the License.  You may obtain a copy of the License at
011     *
012     *   http://www.apache.org/licenses/LICENSE-2.0
013     *
014     * Unless required by applicable law or agreed to in writing,
015     * software distributed under the License is distributed on an
016     * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
017     * KIND, either express or implied.  See the License for the
018     * specific language governing permissions and limitations
019     * under the License.
020     */
021    
022    
023    import org.apache.turbine.om.security.Group;
024    import org.apache.turbine.om.security.Permission;
025    import org.apache.turbine.om.security.Role;
026    import org.apache.turbine.om.security.User;
027    import org.apache.turbine.services.TurbineServices;
028    import org.apache.turbine.util.security.AccessControlList;
029    import org.apache.turbine.util.security.DataBackendException;
030    import org.apache.turbine.util.security.EntityExistsException;
031    import org.apache.turbine.util.security.GroupSet;
032    import org.apache.turbine.util.security.PasswordMismatchException;
033    import org.apache.turbine.util.security.PermissionSet;
034    import org.apache.turbine.util.security.RoleSet;
035    import org.apache.turbine.util.security.TurbineSecurityException;
036    import org.apache.turbine.util.security.UnknownEntityException;
037    
038    /**
039     * This is a Facade class for SecurityService.
040     *
041     * This class provides static methods that call related methods of the
042     * implementation of SecurityService used by the System, according to
043     * the settings in TurbineResources.
044     * <br>
045     *
046     * <a name="global">
047     * <p> Certain Roles that the Users may have in the system may are not related
048     * to any specific resource nor entity. They are assigned within a special group
049     * named 'global' that can be referenced in the code as
050     * {@link org.apache.turbine.om.security.Group#GLOBAL_GROUP_NAME}.
051     *
052     * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a>
053     * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
054     * @version $Id: TurbineSecurity.java 1096130 2011-04-23 10:37:19Z ludwig $
055     */
056    public abstract class TurbineSecurity
057    {
058        /**
059         * Retrieves an implementation of SecurityService, base on the settings in
060         * TurbineResources.
061         *
062         * @return an implementation of SecurityService.
063         */
064        public static SecurityService getService()
065        {
066            return (SecurityService) TurbineServices.getInstance().
067                    getService(SecurityService.SERVICE_NAME);
068        }
069    
070        /*-----------------------------------------------------------------------
071          Management of User objects
072          -----------------------------------------------------------------------*/
073    
074        /**
075         * This method provides client-side encryption of passwords.
076         *
077         * This is an utility method that is used by other classes to maintain
078         * a consistent approach to encrypting password. The behavior of the
079         * method can be configured in service's properties.
080         *
081         * @param password the password to process
082         * @return processed password
083         */
084        public static String encryptPassword(String password)
085        {
086            return getService().encryptPassword(password);
087        }
088    
089        /**
090         * This method provides client-side encryption of passwords.
091         *
092         * This is an utility method that is used by other classes to maintain
093         * a consistent approach to encrypting password. The behavior of the
094         * method can be configured in service's properties.
095         *
096         * @param password the password to process
097         * @param salt the supplied salt to encrypt the password
098         * @return processed password
099         */
100        public static String encryptPassword(String password, String salt)
101        {
102            return getService().encryptPassword(password, salt);
103        }
104    
105        /**
106         * Checks if a supplied password matches the encrypted password
107         *
108         * @param checkpw      The clear text password supplied by the user
109         * @param encpw        The current, encrypted password
110         *
111         * @return true if the password matches, else false
112         *
113         */
114    
115        public static boolean checkPassword(String checkpw, String encpw)
116        {
117            return getService().checkPassword(checkpw, encpw);
118        }
119    
120        /*-----------------------------------------------------------------------
121          Getting Object Classes
122          -----------------------------------------------------------------------*/
123    
124        /**
125         * Returns the Class object for the implementation of User interface
126         * used by the system.
127         *
128         * @return the implementation of User interface used by the system.
129         * @throws UnknownEntityException if the system's implementation of User
130         *         interface could not be determined.
131         */
132        public static Class getUserClass()
133                throws UnknownEntityException
134        {
135            return getService().getUserClass();
136        }
137    
138        /**
139         * Returns the Class object for the implementation of Group interface
140         * used by the system.
141         *
142         * @return the implementation of Group interface used by the system.
143         * @throws UnknownEntityException if the system's implementation of Group
144         *         interface could not be determined.
145         */
146        public static Class getGroupClass()
147            throws UnknownEntityException
148        {
149            return getService().getGroupClass();
150        }
151    
152        /**
153         * Returns the Class object for the implementation of Permission interface
154         * used by the system.
155         *
156         * @return the implementation of Permission interface used by the system.
157         * @throws UnknownEntityException if the system's implementation of Permission
158         *         interface could not be determined.
159         */
160        public static Class getPermissionClass()
161            throws UnknownEntityException
162        {
163            return getService().getPermissionClass();
164        }
165    
166        /**
167         * Returns the Class object for the implementation of Role interface
168         * used by the system.
169         *
170         * @return the implementation of Role interface used by the system.
171         * @throws UnknownEntityException if the system's implementation of Role
172         *         interface could not be determined.
173         */
174        public static Class getRoleClass()
175            throws UnknownEntityException
176        {
177            return getService().getRoleClass();
178        }
179    
180        /**
181         * Construct a blank User object.
182         *
183         * This method calls getUserClass, and then creates a new object using
184         * the default constructor.
185         *
186         * @return an object implementing User interface.
187         * @throws UnknownEntityException if the object could not be instantiated.
188         */
189        public static User getUserInstance()
190                throws UnknownEntityException
191        {
192            return getService().getUserInstance();
193        }
194    
195        /**
196         * Returns the configured UserManager.
197         *
198         * @return An UserManager object
199         */
200        public static UserManager getUserManager()
201        {
202            return getService().getUserManager();
203        }
204    
205        /**
206         * Configure a new user Manager.
207         *
208         * @param userManager An UserManager object
209         */
210        public void setUserManager(UserManager userManager)
211        {
212            getService().setUserManager(userManager);
213        }
214    
215        /**
216         * Check whether a specified user's account exists.
217         *
218         * The login name is used for looking up the account.
219         *
220         * @param user The user to be checked.
221         * @return true if the specified account exists
222         * @throws DataBackendException if there was an error accessing the data
223         *         backend.
224         */
225        public static boolean accountExists(User user)
226                throws DataBackendException
227        {
228            return getService().accountExists(user);
229        }
230    
231        /**
232         * Check whether a specified user's account exists.
233         *
234         * The login name is used for looking up the account.
235         *
236         * @param userName The name of the user to be checked.
237         * @return true if the specified account exists
238         * @throws DataBackendException if there was an error accessing the data
239         *         backend.
240         */
241        public static boolean accountExists(String userName)
242                throws DataBackendException
243        {
244            return getService().accountExists(userName);
245        }
246    
247        /**
248         * Authenticates an user, and constructs an User object to represent
249         * him/her.
250         *
251         * @param username The user name.
252         * @param password The user password.
253         * @return An authenticated Turbine User.
254         * @throws DataBackendException if there was an error accessing the data
255         *         backend.
256         * @throws UnknownEntityException if user account is not present.
257         * @throws PasswordMismatchException if the supplied password was incorrect.
258         */
259        public static User getAuthenticatedUser(String username, String password)
260                throws DataBackendException, UnknownEntityException,
261                PasswordMismatchException
262        {
263            return getService().getAuthenticatedUser(username, password);
264        }
265    
266        /**
267         * Constructs an User object to represent a registered user of the
268         * application.
269         *
270         * @param username The user name.
271         * @return A Turbine User.
272         * @throws DataBackendException if there was an error accessing the data
273         *         backend.
274         * @throws UnknownEntityException if user account is not present.
275         */
276        public static User getUser(String username)
277                throws DataBackendException, UnknownEntityException
278        {
279            return getService().getUser(username);
280        }
281    
282        /**
283         * Constructs an User object to represent an anonymous user of the
284         * application.
285         *
286         * @return An anonymous Turbine User.
287         * @throws UnknownEntityException if the anonymous User object couldn't be
288         *         constructed.
289         */
290        public static User getAnonymousUser()
291                throws UnknownEntityException
292        {
293            return getService().getAnonymousUser();
294        }
295    
296        /**
297         * Checks whether a passed user object matches the anonymous user pattern
298         * according to the configured service
299         *
300         * @param user A user object
301         * @return True if this is an anonymous user
302         */
303        public static boolean isAnonymousUser(User user)
304        {
305            return getService().isAnonymousUser(user);
306        }
307    
308        /**
309         * Saves User's data in the permanent storage. The user account is required
310         * to exist in the storage.
311         *
312         * @param user The User object to save.
313         * @throws UnknownEntityException if the user's account does not
314         *         exist in the database.
315         * @throws DataBackendException if there is a problem accessing the
316         *         storage.
317         */
318        public static void saveUser(User user)
319                throws UnknownEntityException, DataBackendException
320        {
321            getService().saveUser(user);
322        }
323    
324        /**
325         * Saves User data when the session is unbound. The user account is required
326         * to exist in the storage.
327         *
328         * LastLogin, AccessCounter, persistent pull tools, and any data stored
329         * in the permData hashtable that is not mapped to a column will be saved.
330         *
331         * @exception UnknownEntityException if the user's account does not
332         *            exist in the database.
333         * @exception DataBackendException if there is a problem accessing the
334         *            storage.
335         */
336        public static void saveOnSessionUnbind(User user)
337                throws UnknownEntityException, DataBackendException
338        {
339            getService().saveOnSessionUnbind(user);
340        }
341    
342        /**
343         * Change the password for an User.
344         *
345         * @param user an User to change password for.
346         * @param oldPassword the current password supplied by the user.
347         * @param newPassword the current password requested by the user.
348         * @throws PasswordMismatchException if the supplied password was
349         *         incorrect.
350         * @throws UnknownEntityException if the user's record does not
351         *         exist in the database.
352         * @throws DataBackendException if there is a problem accessing the
353         *         storage.
354         */
355        public static void changePassword(User user, String oldPassword,
356                                          String newPassword)
357                throws PasswordMismatchException, UnknownEntityException,
358                DataBackendException
359        {
360            getService().changePassword(user, oldPassword, newPassword);
361        }
362    
363        /**
364         * Forcibly sets new password for an User.
365         *
366         * This is supposed by the administrator to change the forgotten or
367         * compromised passwords. Certain implementatations of this feature
368         * would require administrative level access to the authenticating
369         * server / program.
370         *
371         * @param user an User to change password for.
372         * @param password the new password.
373         * @throws UnknownEntityException if the user's record does not
374         *         exist in the database.
375         * @throws DataBackendException if there is a problem accessing the
376         *         storage.
377         */
378        public static void forcePassword(User user, String password)
379                throws UnknownEntityException, DataBackendException
380        {
381            getService().forcePassword(user, password);
382        }
383    
384        /*-----------------------------------------------------------------------
385          Creation of AccessControlLists
386          -----------------------------------------------------------------------*/
387    
388        /**
389         * Constructs an AccessControlList for a specific user.
390         *
391         * @param user the user for whom the AccessControlList are to be retrieved
392         * @return The AccessControList object constructed from the user object.
393         * @throws DataBackendException if there was an error accessing the data
394         *         backend.
395         * @throws UnknownEntityException if user account is not present.
396         */
397        public static AccessControlList getACL(User user)
398                throws DataBackendException, UnknownEntityException
399        {
400            return getService().getACL(user);
401        }
402    
403        /*-----------------------------------------------------------------------
404          Security management
405          -----------------------------------------------------------------------*/
406    
407        /**
408         * Grant an User a Role in a Group.
409         *
410         * @param user the user.
411         * @param group the group.
412         * @param role the role.
413         * @throws DataBackendException if there was an error accessing the data
414         *         backend.
415         * @throws UnknownEntityException if user account, group or role is not
416         *         present.
417         */
418        public static void grant(User user, Group group, Role role)
419                throws DataBackendException, UnknownEntityException
420        {
421            getService().grant(user, group, role);
422        }
423    
424        /**
425         * Revoke a Role in a Group from an User.
426         *
427         * @param user the user.
428         * @param group the group.
429         * @param role the role.
430         * @throws DataBackendException if there was an error accessing the data
431         *         backend.
432         * @throws UnknownEntityException if user account, group or role is not
433         *         present.
434         */
435        public static void revoke(User user, Group group, Role role)
436                throws DataBackendException, UnknownEntityException
437        {
438            getService().revoke(user, group, role);
439        }
440    
441        /**
442         * Revokes all roles from an User.
443         *
444         * This method is used when deleting an account.
445         *
446         * @param user the User.
447         * @throws DataBackendException if there was an error accessing the data
448         *         backend.
449         * @throws UnknownEntityException if the account is not present.
450         */
451        public static void revokeAll(User user)
452                throws DataBackendException, UnknownEntityException
453        {
454            getService().revokeAll(user);
455        }
456    
457        /**
458         * Grants a Role a Permission
459         *
460         * @param role the Role.
461         * @param permission the Permission.
462         * @throws DataBackendException if there was an error accessing the data
463         *         backend.
464         * @throws UnknownEntityException if role or permission is not present.
465         */
466        public static void grant(Role role, Permission permission)
467                throws DataBackendException, UnknownEntityException
468        {
469            getService().grant(role, permission);
470        }
471    
472        /**
473         * Revokes a Permission from a Role.
474         *
475         * @param role the Role.
476         * @param permission the Permission.
477         * @throws DataBackendException if there was an error accessing the data
478         *         backend.
479         * @throws UnknownEntityException if role or permission is not present.
480         */
481        public static void revoke(Role role, Permission permission)
482                throws DataBackendException, UnknownEntityException
483        {
484            getService().revoke(role, permission);
485        }
486    
487        /**
488         * Revokes all permissions from a Role.
489         *
490         * This method is user when deleting a Role.
491         *
492         * @param role the Role
493         * @throws DataBackendException if there was an error accessing the data
494         *         backend.
495         * @throws  UnknownEntityException if the Role is not present.
496         */
497        public static void revokeAll(Role role)
498                throws DataBackendException, UnknownEntityException
499        {
500            getService().revokeAll(role);
501        }
502    
503        /*-----------------------------------------------------------------------
504          Account management
505          -----------------------------------------------------------------------*/
506    
507        /**
508         * Creates new user account with specified attributes.
509         *
510         * <strong>TODO</strong> throw more specific exception<br>
511         *
512         * @param user the object describing account to be created.
513         * @param password password for the new user
514         * @throws DataBackendException if there was an error accessing the data
515         *         backend.
516         * @throws EntityExistsException if the user account already exists.
517         */
518        public static void addUser(User user, String password)
519                throws DataBackendException, EntityExistsException
520        {
521            getService().addUser(user, password);
522        }
523    
524        /**
525         * Removes an user account from the system.
526         *
527         * <strong>TODO</strong> throw more specific exception<br>
528         *
529         * @param user the object describing the account to be removed.
530         * @throws DataBackendException if there was an error accessing the data
531         *         backend.
532         * @throws UnknownEntityException if the user account is not present.
533         */
534        public static void removeUser(User user)
535                throws DataBackendException, UnknownEntityException
536        {
537            getService().removeUser(user);
538        }
539    
540        /*-----------------------------------------------------------------------
541          Group/Role/Permission management
542          -----------------------------------------------------------------------*/
543        /**
544         * Provides a reference to the Group object that represents the
545         * <a name="global">global group</a>.
546         *
547         * @return a Group object that represents the global group.
548         */
549        public static Group getGlobalGroup()
550        {
551            return getService().getGlobalGroup();
552        }
553    
554        /**
555         * Creates a new Group in the system. This is a convenience
556         * method.
557         *
558         * @param name The name of the new Group.
559         * @return An object representing the new Group.
560         * @throws TurbineSecurityException if the Group could not be created.
561         */
562        public static Group createGroup(String name)
563                throws TurbineSecurityException
564        {
565            return getService().addGroup(getGroupInstance(name));
566        }
567    
568        /**
569         * Creates a new Permission in the system. This is a convenience
570         * method.
571         *
572         * @param name The name of the new Permission.
573         * @return An object representing the new Permission.
574         * @throws TurbineSecurityException if the Permission could not be created.
575         */
576        public static Permission createPermission(String name)
577                throws TurbineSecurityException
578        {
579            return getService().addPermission(getPermissionInstance(name));
580        }
581    
582        /**
583         * Creates a new Role in the system. This is a convenience
584         * method.
585         *
586         * @param name The name of the Role.
587         *
588         * @return An object representing the new Role.
589         *
590         * @throws TurbineSecurityException if the Role could not be created.
591         */
592        public static Role createRole(String name)
593            throws TurbineSecurityException
594        {
595            return getService().addRole(getRoleInstance(name));
596        }
597    
598        /**
599         * Retrieve a Group object with specified name.
600         *
601         * @param groupName The name of the Group to be retrieved.
602         * @return an object representing the Group with specified name.
603         * @throws DataBackendException if there was an error accessing the data
604         *         backend.
605         * @throws UnknownEntityException if the Group is not present.
606         */
607        public static Group getGroupByName(String groupName)
608                throws DataBackendException, UnknownEntityException
609        {
610            return getService().getGroupByName(groupName);
611        }
612    
613        /**
614         * Retrieve a Group object with specified Id.
615         *
616         * @param name the name of the Group.
617         *
618         * @return an object representing the Group with specified name.
619         *
620         * @exception UnknownEntityException if the permission does not
621         *            exist in the database.
622         * @exception DataBackendException if there is a problem accessing the
623         *            storage.
624         */
625        public static Group getGroupById(int groupId)
626                throws DataBackendException,
627                       UnknownEntityException
628        {
629            return getService().getGroupById(groupId);
630        }
631    
632        /**
633         * Construct a blank Group object.
634         *
635         * This method calls getGroupClass, and then creates a new object using
636         * the default constructor.
637         *
638         * @param groupName The name of the Group
639         *
640         * @return an object implementing Group interface.
641         *
642         * @throws UnknownEntityException if the object could not be instantiated.
643         */
644        public static Group getGroupInstance(String groupName)
645                throws UnknownEntityException
646        {
647            return getService().getGroupInstance(groupName);
648        }
649    
650        /**
651         * Construct a blank Role object.
652         *
653         * This method calls getRoleClass, and then creates a new object using
654         * the default constructor.
655         *
656         * @param roleName The name of the role.
657         *
658         * @return an object implementing Role interface.
659         *
660         * @throws UnknownEntityException if the object could not be instantiated.
661         */
662        public static Role getRoleInstance(String roleName)
663                throws UnknownEntityException
664        {
665            return getService().getRoleInstance(roleName);
666        }
667    
668        /**
669         * Construct a blank Permission object.
670         *
671         * This method calls getPermissionClass, and then creates a new object using
672         * the default constructor.
673         *
674         * @param permName The name of the permission.
675         *
676         * @return an object implementing Permission interface.
677         * @throws UnknownEntityException if the object could not be instantiated.
678         */
679        public static Permission getPermissionInstance(String permName)
680                throws UnknownEntityException
681        {
682            return getService().getPermissionInstance(permName);
683        }
684    
685        /**
686         * Retrieve a Role object with specified name.
687         *
688         * @param roleName The name of the Role to be retrieved.
689         * @return an object representing the Role with specified name.
690         * @throws DataBackendException if there was an error accessing the data
691         *         backend.
692         * @throws UnknownEntityException if the Role is not present.
693         */
694        public static Role getRoleByName(String roleName)
695                throws DataBackendException, UnknownEntityException
696        {
697            return getService().getRoleByName(roleName);
698        }
699    
700        /**
701         * Retrieve a Role object with specified Id.
702         *
703         * @param name the name of the Role.
704         *
705         * @return an object representing the Role with specified name.
706         *
707         * @exception UnknownEntityException if the permission does not
708         *            exist in the database.
709         * @exception DataBackendException if there is a problem accessing the
710         *            storage.
711         */
712        public static Role getRoleById(int roleId)
713                throws DataBackendException,
714                       UnknownEntityException
715        {
716            return getService().getRoleById(roleId);
717        }
718    
719        /**
720         * Retrieve a Permission object with specified name.
721         *
722         * @param permissionName The name of the Permission to be retrieved.
723         * @return an object representing the Permission with specified name.
724         * @throws DataBackendException if there was an error accessing the data
725         *         backend.
726         * @throws UnknownEntityException if the Permission is not present.
727         */
728        public static Permission getPermissionByName(String permissionName)
729                throws DataBackendException, UnknownEntityException
730        {
731            return getService().getPermissionByName(permissionName);
732        }
733    
734        /**
735         * Retrieve a Permission object with specified Id.
736         *
737         * @param name the name of the Permission.
738         *
739         * @return an object representing the Permission with specified name.
740         *
741         * @exception UnknownEntityException if the permission does not
742         *            exist in the database.
743         * @exception DataBackendException if there is a problem accessing the
744         *            storage.
745         */
746        public static Permission getPermissionById(int permissionId)
747                throws DataBackendException,
748                       UnknownEntityException
749        {
750            return getService().getPermissionById(permissionId);
751        }
752    
753        /**
754         * Retrieve a set of Groups that meet the specified Criteria.
755         *
756         * @param criteria A Criteria of Group selection.
757         * @return a set of Groups that meet the specified Criteria.
758         * @throws DataBackendException if there was an error accessing the data
759         *         backend.
760         */
761        public static GroupSet getGroups(Object criteria)
762                throws DataBackendException
763        {
764            return getService().getGroups(criteria);
765        }
766    
767        /**
768         * Retrieve a set of Roles that meet the specified Criteria.
769         *
770         * @param criteria a Criteria of Roles selection.
771         * @return a set of Roles that meet the specified Criteria.
772         * @throws DataBackendException if there was an error accessing the data
773         *         backend.
774         */
775        public static RoleSet getRoles(Object criteria)
776                throws DataBackendException
777        {
778            return getService().getRoles(criteria);
779        }
780    
781        /**
782         * Retrieve a set of Permissions that meet the specified Criteria.
783         *
784         * @param criteria a Criteria of Permissions selection.
785         * @return a set of Permissions that meet the specified Criteria.
786         * @throws DataBackendException if there was an error accessing the data
787         *         backend.
788         */
789        public static PermissionSet getPermissions(Object criteria)
790                throws DataBackendException
791        {
792            return getService().getPermissions(criteria);
793        }
794    
795        /**
796         * Retrieves all groups defined in the system.
797         *
798         * @return the names of all groups defined in the system.
799         * @throws DataBackendException if there was an error accessing the data
800         *         backend.
801         */
802        public static GroupSet getAllGroups()
803                throws DataBackendException
804        {
805            return getService().getAllGroups();
806        }
807    
808        /**
809         * Retrieves all roles defined in the system.
810         *
811         * @return the names of all roles defined in the system.
812         * @throws DataBackendException if there was an error accessing the data
813         *         backend.
814         */
815        public static RoleSet getAllRoles()
816                throws DataBackendException
817        {
818            return getService().getAllRoles();
819        }
820    
821        /**
822         * Retrieves all permissions defined in the system.
823         *
824         * @return the names of all roles defined in the system.
825         * @throws DataBackendException if there was an error accessing the data
826         *         backend.
827         */
828        public static PermissionSet getAllPermissions()
829                throws DataBackendException
830        {
831            return getService().getAllPermissions();
832        }
833    
834        /**
835         * Retrieves all permissions associated with a role.
836         *
837         * @param role the role name, for which the permissions are to be retrieved.
838         * @return the Permissions for the specified role
839         * @throws DataBackendException if there was an error accessing the data
840         *         backend.
841         * @throws UnknownEntityException if the role is not present.
842         */
843        public static PermissionSet getPermissions(Role role)
844                throws DataBackendException, UnknownEntityException
845        {
846            return getService().getPermissions(role);
847        }
848    
849        /**
850         * Stores Group's attributes. The Groups is required to exist in the system.
851         *
852         * @param group The Group to be stored.
853         * @throws DataBackendException if there was an error accessing the data
854         *         backend.
855         * @throws UnknownEntityException if the group does not exist.
856         */
857        public static void saveGroup(Group group)
858                throws DataBackendException, UnknownEntityException
859        {
860            getService().saveGroup(group);
861        }
862    
863        /**
864         * Stores Role's attributes. The Roles is required to exist in the system.
865         *
866         * @param role The Role to be stored.
867         * @throws DataBackendException if there was an error accessing the data
868         *         backend.
869         * @throws UnknownEntityException if the role does not exist.
870         */
871        public static void saveRole(Role role)
872                throws DataBackendException, UnknownEntityException
873        {
874            getService().saveRole(role);
875        }
876    
877        /**
878         * Stores Permission's attributes. The Permissions is required to exist in
879         * the system.
880         *
881         * @param permission The Permission to be stored.
882         * @throws DataBackendException if there was an error accessing the data
883         *         backend.
884         * @throws UnknownEntityException if the permission does not exist.
885         */
886        public static void savePermission(Permission permission)
887                throws DataBackendException, UnknownEntityException
888        {
889            getService().savePermission(permission);
890        }
891    
892        /**
893         * Creates a new group with specified attributes.
894         *
895         * @param group the object describing the group to be created.
896         * @throws DataBackendException if there was an error accessing the data
897         *         backend.
898         * @throws EntityExistsException if the group already exists.
899         */
900        public static void addGroup(Group group)
901                throws DataBackendException, EntityExistsException
902        {
903            getService().addGroup(group);
904        }
905    
906        /**
907         * Creates a new role with specified attributes.
908         *
909         * @param role the objects describing the role to be created.
910         * @throws DataBackendException if there was an error accessing the data
911         *         backend.
912         * @throws EntityExistsException if the role already exists.
913         */
914        public static void addRole(Role role)
915                throws DataBackendException, EntityExistsException
916        {
917            getService().addRole(role);
918        }
919    
920        /**
921         * Creates a new permission with specified attributes.
922         *
923         * @param permission the objects describing the permission to be created.
924         * @throws DataBackendException if there was an error accessing the data
925         *         backend.
926         * @throws EntityExistsException if the permission already exists.
927         */
928        public static void addPermission(Permission permission)
929                throws DataBackendException, EntityExistsException
930        {
931            getService().addPermission(permission);
932        }
933    
934        /**
935         * Removes a Group from the system.
936         *
937         * @param group the object describing group to be removed.
938         * @throws DataBackendException if there was an error accessing the data
939         *         backend.
940         * @throws UnknownEntityException if the group does not exist.
941         */
942        public static void removeGroup(Group group)
943                throws DataBackendException, UnknownEntityException
944        {
945            getService().removeGroup(group);
946        }
947    
948        /**
949         * Removes a Role from the system.
950         *
951         * @param role The object describing the role to be removed.
952         * @throws DataBackendException if there was an error accessing the data backend.
953         * @throws UnknownEntityException if the role does not exist.
954         */
955        public static void removeRole(Role role)
956                throws DataBackendException, UnknownEntityException
957        {
958            getService().removeRole(role);
959        }
960    
961        /**
962         * Removes a Permission from the system.
963         *
964         * @param permission The object describing the permission to be removed.
965         * @throws DataBackendException if there was an error accessing the data
966         *         backend.
967         * @throws UnknownEntityException if the permission does not exist.
968         */
969        public static void removePermission(Permission permission)
970                throws DataBackendException, UnknownEntityException
971        {
972            getService().removePermission(permission);
973        }
974    
975        /**
976         * Renames an existing Group.
977         *
978         * @param group The object describing the group to be renamed.
979         * @param name the new name for the group.
980         * @throws DataBackendException if there was an error accessing the data
981         *         backend.
982         * @throws UnknownEntityException if the group does not exist.
983         */
984        public static void renameGroup(Group group, String name)
985                throws DataBackendException, UnknownEntityException
986        {
987            getService().renameGroup(group, name);
988        }
989    
990        /**
991         * Renames an existing Role.
992         *
993         * @param role The object describing the role to be renamed.
994         * @param name the new name for the role.
995         * @throws DataBackendException if there was an error accessing the data
996         *         backend.
997         * @throws UnknownEntityException if the role does not exist.
998         */
999        public static void renameRole(Role role, String name)
1000                throws DataBackendException, UnknownEntityException
1001        {
1002            getService().renameRole(role, name);
1003        }
1004    
1005        /**
1006         * Renames an existing Permission.
1007         *
1008         * @param permission The object describing the permission to be renamed.
1009         * @param name the new name for the permission.
1010         * @throws DataBackendException if there was an error accessing the data
1011         *         backend.
1012         * @throws UnknownEntityException if the permission does not exist.
1013         */
1014        public static void renamePermission(Permission permission, String name)
1015                throws DataBackendException, UnknownEntityException
1016        {
1017            getService().renamePermission(permission, name);
1018        }
1019    }