authn.h

Go to the documentation of this file.
00001 /// @file   include/dmlite/cpp/authn.h
00002 /// @brief  Authentication API. Any sort of security check is plugin-specific.
00003 /// @author Alejandro Álvarez Ayllón <aalvarez@cern.ch>
00004 #ifndef DMLITE_CPP_AUTHN_H
00005 #define DMLITE_CPP_AUTHN_H
00006 
00007 #include <string>
00008 #include <vector>
00009 #include "base.h"
00010 #include "exceptions.h"
00011 #include "utils/extensible.h"
00012 
00013 namespace dmlite {
00014   
00015   // Forward declarations.
00016   class PluginManager;
00017   class StackInstance;
00018   
00019   /// Security credentials. To be filled by the front-end.
00020   struct SecurityCredentials: public Extensible {
00021     std::string mech;
00022     std::string clientName;
00023     std::string remoteAddress;
00024     std::string sessionId;
00025     
00026     std::vector<std::string> fqans;
00027     
00028     bool operator == (const SecurityCredentials&) const;
00029     bool operator != (const SecurityCredentials&) const;
00030     bool operator <  (const SecurityCredentials&) const;
00031     bool operator >  (const SecurityCredentials&) const;
00032   };
00033   
00034   /// User information.
00035   /// To be filled by the Authn plugin with whichever data
00036   /// it is needed. (i.e. uid for LCGDM Adapter)
00037   /// To be used by other plugins whenever they need it.
00038   /// IMPORTANT: This means plugins must be compatible with the Authn
00039   ///            put in charge of security.
00040   struct UserInfo: public Extensible {
00041     std::string name;
00042     
00043     bool operator == (const UserInfo&) const;
00044     bool operator != (const UserInfo&) const;
00045     bool operator <  (const UserInfo&) const;
00046     bool operator >  (const UserInfo&) const;
00047   };
00048   
00049   /// Group information
00050   /// See UserInfo
00051   struct GroupInfo: public Extensible {
00052     std::string name;
00053     
00054     bool operator == (const GroupInfo&) const;
00055     bool operator != (const GroupInfo&) const;
00056     bool operator <  (const GroupInfo&) const;
00057     bool operator >  (const GroupInfo&) const;
00058   };
00059   
00060 
00061   /// Security context. To be created by the Authn.
00062   struct SecurityContext {
00063     SecurityContext() {}
00064     
00065     SecurityContext(const SecurityCredentials& c,
00066                     const UserInfo& u,
00067                     std::vector<GroupInfo>& g):
00068                       credentials(c), user(u), groups(g) {}
00069     
00070     SecurityCredentials    credentials;
00071     
00072     UserInfo               user;
00073     std::vector<GroupInfo> groups;
00074     
00075     bool operator == (const SecurityContext&) const;
00076     bool operator != (const SecurityContext&) const;
00077     bool operator <  (const SecurityContext&) const;
00078     bool operator >  (const SecurityContext&) const;
00079   };
00080   
00081   
00082 
00083   /// User and group handling.
00084   ///@note This is the only interface not inheriting from BaseInterface.
00085   class Authn {
00086    public:
00087     /// Destructor
00088     virtual ~Authn();
00089 
00090     /// String ID of the user DB implementation.
00091     virtual std::string getImplId(void) const throw() = 0;
00092 
00093     /// Create a security context from the credentials.
00094     /// @param cred The security credentials.
00095     /// @return     A newly created SecurityContext.
00096     virtual SecurityContext* createSecurityContext(const SecurityCredentials& cred) throw (DmException) = 0;
00097 
00098     /// Create a new group.
00099     /// @param groupName The group name.
00100     /// @return          The new group.
00101     virtual GroupInfo newGroup(const std::string& groupName) throw (DmException) = 0;
00102 
00103     /// Get a specific group.
00104     /// @param groupName The group name.
00105     /// @return          The group.
00106     virtual GroupInfo getGroup(const std::string& groupName) throw (DmException) = 0;
00107     
00108     /// Get a specific group using an alternative key.
00109     /// @param key   The key name.
00110     /// @param value They value to search for.
00111     /// @return      The group.
00112     /// @note        The implementation will throw an exception if the field
00113     ///              can not be used as key.
00114     virtual GroupInfo getGroup(const std::string& key,
00115                                const boost::any& value) throw (DmException) = 0;
00116     
00117     /// Get the group list.
00118     virtual std::vector<GroupInfo> getGroups(void) throw (DmException) = 0;
00119     
00120     /// Update group info. 'name' identify uniquely the group.
00121     /// @param group The group metadata to update.
00122     virtual void updateGroup(const GroupInfo& group) throw (DmException) = 0;
00123     
00124     /// Delete a group.
00125     virtual void deleteGroup(const std::string& groupName) throw (DmException) = 0;
00126 
00127     /// Create a new user.
00128     /// @param userName The user name.
00129     /// @return         The new user.
00130     virtual UserInfo newUser(const std::string& userName) throw (DmException) = 0;
00131 
00132     /// Get a specific user.
00133     /// @param userName The user name.
00134     /// @return         The user.
00135     virtual UserInfo getUser(const std::string& userName) throw (DmException) = 0;
00136     
00137     /// Get a specific user using an alternative key.
00138     /// @param key   The key name.
00139     /// @param value They value to search for.
00140     /// @return      The user.
00141     /// @note        The implementation will throw an exception if the field
00142     ///              can not be used as key.
00143     virtual UserInfo getUser(const std::string& key,
00144                              const boost::any& value) throw (DmException) = 0;
00145     
00146     /// Get the user list.
00147     virtual std::vector<UserInfo> getUsers(void) throw (DmException) = 0;
00148     
00149     /// Update user info. 'name' identify uniquely the user.
00150     /// @param user The user metadata to update.
00151     virtual void updateUser(const UserInfo& user) throw (DmException) = 0;
00152     
00153     /// Delete a user.
00154     virtual void deleteUser(const std::string& userName) throw (DmException) = 0;
00155 
00156     /// Get the mapping of a user/group. Additionaly, new users and groups MAY
00157     /// be created by the implementation.
00158     /// @param userName   The user name.
00159     /// @param groupNames The different groups. Can be empty.
00160     /// @param user       Pointer to an UserInfo struct where to put the data.
00161     /// @param groups     Pointer to a vector where the group mapping will be put.
00162     /// @note If groupNames is empty, grid mapfile will be used to retrieve the default group.
00163     virtual void getIdMap(const std::string& userName,
00164                           const std::vector<std::string>& groupNames,
00165                           UserInfo* user,
00166                           std::vector<GroupInfo>* groups) throw (DmException) = 0;
00167   };
00168 
00169 
00170   /// AuthnFactory
00171   class AuthnFactory: public virtual BaseFactory {
00172    public:
00173     /// Destructor
00174     virtual ~AuthnFactory();
00175 
00176    protected:
00177     // Stack instance is allowed to instantiate Authn
00178     friend class StackInstance;
00179 
00180     /// Children of AuthnFactory are allowed to instantiate too (decorator)
00181     static Authn* createAuthn(AuthnFactory* factory,
00182                               PluginManager* pm) throw (DmException);
00183 
00184     /// Instantiate a implementation of Authn
00185     virtual Authn* createAuthn(PluginManager* pm) throw (DmException) = 0;
00186   };
00187 
00188 };
00189 
00190 #endif // DMLITE_CPP_AUTH_H

Generated on 3 Mar 2013 for dmlite by  doxygen 1.4.7