Coverage Report - org.apache.turbine.services.security.SecurityService
 
Classes in this File Line Coverage Branch Coverage Complexity
SecurityService
N/A
N/A
1
 
 1  
 package org.apache.turbine.services.security;
 2  
 
 3  
 
 4  
 /*
 5  
  * Licensed to the Apache Software Foundation (ASF) under one
 6  
  * or more contributor license agreements.  See the NOTICE file
 7  
  * distributed with this work for additional information
 8  
  * regarding copyright ownership.  The ASF licenses this file
 9  
  * to you under the Apache License, Version 2.0 (the
 10  
  * "License"); you may not use this file except in compliance
 11  
  * with the License.  You may obtain a copy of the License at
 12  
  *
 13  
  *   http://www.apache.org/licenses/LICENSE-2.0
 14  
  *
 15  
  * Unless required by applicable law or agreed to in writing,
 16  
  * software distributed under the License is distributed on an
 17  
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 18  
  * KIND, either express or implied.  See the License for the
 19  
  * specific language governing permissions and limitations
 20  
  * under the License.
 21  
  */
 22  
 
 23  
 
 24  
 import org.apache.fulcrum.security.acl.AccessControlList;
 25  
 import org.apache.fulcrum.security.entity.Group;
 26  
 import org.apache.fulcrum.security.entity.Permission;
 27  
 import org.apache.fulcrum.security.entity.Role;
 28  
 import org.apache.fulcrum.security.util.DataBackendException;
 29  
 import org.apache.fulcrum.security.util.EntityExistsException;
 30  
 import org.apache.fulcrum.security.util.GroupSet;
 31  
 import org.apache.fulcrum.security.util.PasswordMismatchException;
 32  
 import org.apache.fulcrum.security.util.PermissionSet;
 33  
 import org.apache.fulcrum.security.util.RoleSet;
 34  
 import org.apache.fulcrum.security.util.UnknownEntityException;
 35  
 import org.apache.turbine.om.security.User;
 36  
 import org.apache.turbine.services.Service;
 37  
 import org.apache.turbine.services.security.passive.PassiveUserManager;
 38  
 
 39  
 /**
 40  
  * The Security Service manages Users, Groups Roles and Permissions in the
 41  
  * system.
 42  
  *
 43  
  * The task performed by the security service include creation and removal of
 44  
  * accounts, groups, roles, and permissions; assigning users roles in groups;
 45  
  * assigning roles specific permissions and construction of objects
 46  
  * representing these logical entities.
 47  
  *
 48  
  * <p> Because of pluggable nature of the Services, it is possible to create
 49  
  * multiple implementations of SecurityService, for example employing database
 50  
  * and directory server as the data backend.<br>
 51  
  *
 52  
  * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a>
 53  
  * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
 54  
  * @author <a href="mailto:marco@intermeta.de">Marco Kn&uuml;ttel</a>
 55  
  * @version $Id: SecurityService.java 1706239 2015-10-01 13:18:35Z tv $
 56  
  */
 57  
 public interface SecurityService
 58  
         extends Service
 59  
 {
 60  
     /** The name of the service */
 61  
     String SERVICE_NAME = "SecurityService";
 62  
 
 63  
     /**
 64  
      * the key within services's properties for user implementation
 65  
      * classname (user.manager)
 66  
      */
 67  
     String USER_MANAGER_KEY = "user.manager";
 68  
 
 69  
     /**
 70  
      * the default implementation of UserManager interface
 71  
      * (org.apache.turbine.services.security.passive.PassiveUserManager)
 72  
      */
 73  
     String USER_MANAGER_DEFAULT
 74  
             = PassiveUserManager.class.getName();
 75  
 
 76  
     /*-----------------------------------------------------------------------
 77  
       Management of User objects
 78  
       -----------------------------------------------------------------------*/
 79  
 
 80  
     /**
 81  
      * Construct a blank User object.
 82  
      *
 83  
      * @return an object implementing User interface.
 84  
      * @throws UnknownEntityException if the object could not be instantiated.
 85  
      */
 86  
     <U extends User> U getUserInstance()
 87  
             throws UnknownEntityException;
 88  
 
 89  
     /**
 90  
      * Construct a blank User object.
 91  
      *
 92  
      * @param userName The name of the user.
 93  
      *
 94  
      * @return an object implementing User interface.
 95  
      * @throws UnknownEntityException if the object could not be instantiated.
 96  
      */
 97  
     <U extends User> U getUserInstance(String userName)
 98  
             throws UnknownEntityException;
 99  
 
 100  
     /**
 101  
      * Construct a blank Group object.
 102  
      *
 103  
      * @return an object implementing Group interface.
 104  
      * @throws UnknownEntityException if the object could not be instantiated.
 105  
      */
 106  
     <G extends Group> G getGroupInstance()
 107  
             throws UnknownEntityException;
 108  
 
 109  
     /**
 110  
      * Construct a blank Group object.
 111  
      *
 112  
      * @param groupName The name of the Group
 113  
      *
 114  
      * @return an object implementing Group interface.
 115  
      * @throws UnknownEntityException if the object could not be instantiated.
 116  
      */
 117  
     <G extends Group> G getGroupInstance(String groupName)
 118  
             throws UnknownEntityException;
 119  
 
 120  
     /**
 121  
      * Construct a blank Permission object.
 122  
      *
 123  
      * @return an object implementing Permission interface.
 124  
      * @throws UnknownEntityException if the object could not be instantiated.
 125  
      */
 126  
     <P extends Permission> P getPermissionInstance()
 127  
             throws UnknownEntityException;
 128  
 
 129  
     /**
 130  
      * Construct a blank Permission object.
 131  
      *
 132  
      * @param permName The name of the Permission
 133  
      *
 134  
      * @return an object implementing Permission interface.
 135  
      * @throws UnknownEntityException if the object could not be instantiated.
 136  
      */
 137  
     <P extends Permission> P getPermissionInstance(String permName)
 138  
             throws UnknownEntityException;
 139  
 
 140  
     /**
 141  
      * Construct a blank Role object.
 142  
      *
 143  
      * @return an object implementing Role interface.
 144  
      * @throws UnknownEntityException if the object could not be instantiated.
 145  
      */
 146  
     <R extends Role> R getRoleInstance()
 147  
             throws UnknownEntityException;
 148  
 
 149  
     /**
 150  
      * Construct a blank Role object.
 151  
      *
 152  
      * @param roleName The name of the Role
 153  
      *
 154  
      * @return an object implementing Role interface.
 155  
      * @throws UnknownEntityException if the object could not be instantiated.
 156  
      */
 157  
     <R extends Role> R getRoleInstance(String roleName)
 158  
             throws UnknownEntityException;
 159  
 
 160  
     /**
 161  
      * Returns the configured UserManager.
 162  
      *
 163  
      * @return An UserManager object
 164  
      */
 165  
     UserManager getUserManager();
 166  
 
 167  
     /**
 168  
      * Check whether a specified user's account exists.
 169  
      *
 170  
      * The login name is used for looking up the account.
 171  
      *
 172  
      * @param userName The user to be checked.
 173  
      * @return true if the specified account exists
 174  
      * @throws DataBackendException if there was an error accessing the data
 175  
      *         backend.
 176  
      */
 177  
     boolean accountExists(String userName)
 178  
             throws DataBackendException;
 179  
 
 180  
     /**
 181  
      * Check whether a specified user's account exists.
 182  
      * An User object is used for looking up the account.
 183  
      *
 184  
      * @param user The user object to be checked.
 185  
      * @return true if the specified account exists
 186  
      * @throws DataBackendException if there was an error accessing the data
 187  
      *         backend.
 188  
      */
 189  
     boolean accountExists(User user)
 190  
             throws DataBackendException;
 191  
 
 192  
     /**
 193  
      * Authenticates an user, and constructs an User object to represent
 194  
      * him/her.
 195  
      *
 196  
      * @param username The user name.
 197  
      * @param password The user password.
 198  
      * @return An authenticated Turbine User.
 199  
      * @throws DataBackendException if there was an error accessing the data
 200  
      *         backend.
 201  
      * @throws UnknownEntityException if user account is not present.
 202  
      * @throws PasswordMismatchException if the supplied password was incorrect.
 203  
      */
 204  
     <U extends User> U getAuthenticatedUser(String username, String password)
 205  
             throws DataBackendException, UnknownEntityException,
 206  
             PasswordMismatchException;
 207  
 
 208  
     /**
 209  
      * Constructs an User object to represent a registered user of the
 210  
      * application.
 211  
      *
 212  
      * @param username The user name.
 213  
      * @return A Turbine User.
 214  
      * @throws DataBackendException if there was an error accessing the data
 215  
      *         backend.
 216  
      * @throws UnknownEntityException if user account is not present.
 217  
      */
 218  
     <U extends User> U getUser(String username)
 219  
             throws DataBackendException, UnknownEntityException;
 220  
 
 221  
     /**
 222  
      * Constructs an User object to represent an anonymous user of the
 223  
      * application.
 224  
      *
 225  
      * @return An anonymous Turbine User.
 226  
      * @throws UnknownEntityException if the anonymous User object couldn't be
 227  
      *         constructed.
 228  
      */
 229  
     <U extends User> U getAnonymousUser()
 230  
             throws UnknownEntityException;
 231  
 
 232  
     /**
 233  
      * Checks whether a passed user object matches the anonymous user pattern
 234  
      * according to the configured user manager
 235  
      *
 236  
      * @param u a user object
 237  
      *
 238  
      * @return True if this is an anonymous user
 239  
      *
 240  
      */
 241  
     boolean isAnonymousUser(User u);
 242  
 
 243  
     /**
 244  
      * Saves User's data in the permanent storage. The user account is required
 245  
      * to exist in the storage.
 246  
      *
 247  
      * @param user the user object to save
 248  
      * @throws UnknownEntityException if the user's account does not
 249  
      *         exist in the database.
 250  
      * @throws DataBackendException if there is a problem accessing the storage.
 251  
      */
 252  
     void saveUser(User user)
 253  
             throws UnknownEntityException, DataBackendException;
 254  
 
 255  
     /**
 256  
      * Saves User data when the session is unbound. The user account is required
 257  
      * to exist in the storage.
 258  
      *
 259  
      * LastLogin, AccessCounter, persistent pull tools, and any data stored
 260  
      * in the permData hashtable that is not mapped to a column will be saved.
 261  
      *
 262  
      * @param user the user object
 263  
      *
 264  
      * @exception UnknownEntityException if the user's account does not
 265  
      *            exist in the database.
 266  
      * @exception DataBackendException if there is a problem accessing the
 267  
      *            storage.
 268  
      */
 269  
     void saveOnSessionUnbind(User user)
 270  
             throws UnknownEntityException, DataBackendException;
 271  
 
 272  
     /*-----------------------------------------------------------------------
 273  
       Account management
 274  
       -----------------------------------------------------------------------*/
 275  
 
 276  
     /**
 277  
      * Creates new user account with specified attributes.
 278  
      *
 279  
      * @param user the object describing account to be created.
 280  
      * @param password The password to use.
 281  
      * @throws DataBackendException if there was an error accessing the data
 282  
      *         backend.
 283  
      * @throws EntityExistsException if the user account already exists.
 284  
      */
 285  
     void addUser(User user, String password)
 286  
             throws DataBackendException, EntityExistsException;
 287  
 
 288  
     /**
 289  
      * Removes an user account from the system.
 290  
      *
 291  
      * @param user the object describing the account to be removed.
 292  
      * @throws DataBackendException if there was an error accessing the data
 293  
      *         backend.
 294  
      * @throws UnknownEntityException if the user account is not present.
 295  
      */
 296  
     void removeUser(User user)
 297  
             throws DataBackendException, UnknownEntityException;
 298  
 
 299  
     /*-----------------------------------------------------------------------
 300  
       Management of passwords
 301  
       -----------------------------------------------------------------------*/
 302  
 
 303  
     /**
 304  
      * Change the password for an User.
 305  
      *
 306  
      * @param user an User to change password for.
 307  
      * @param oldPassword the current password supplied by the user.
 308  
      * @param newPassword the current password requested by the user.
 309  
      * @exception PasswordMismatchException if the supplied password was
 310  
      *            incorrect.
 311  
      * @exception UnknownEntityException if the user's record does not
 312  
      *            exist in the database.
 313  
      * @exception DataBackendException if there is a problem accessing the
 314  
      *            storage.
 315  
      */
 316  
     void changePassword(User user, String oldPassword,
 317  
                         String newPassword)
 318  
             throws PasswordMismatchException, UnknownEntityException,
 319  
             DataBackendException;
 320  
 
 321  
     /**
 322  
      * Forcibly sets new password for an User.
 323  
      *
 324  
      * This is supposed by the administrator to change the forgotten or
 325  
      * compromised passwords. Certain implementatations of this feature
 326  
      * would require administrative level access to the authenticating
 327  
      * server / program.
 328  
      *
 329  
      * @param user an User to change password for.
 330  
      * @param password the new password.
 331  
      * @exception UnknownEntityException if the user's record does not
 332  
      *            exist in the database.
 333  
      * @exception DataBackendException if there is a problem accessing the
 334  
      *            storage.
 335  
      */
 336  
     void forcePassword(User user, String password)
 337  
             throws UnknownEntityException, DataBackendException;
 338  
 
 339  
     /*-----------------------------------------------------------------------
 340  
       Retrieval of security information
 341  
       -----------------------------------------------------------------------*/
 342  
 
 343  
     /**
 344  
      * Constructs an AccessControlList for a specific user.
 345  
      *
 346  
      * @param user the user for whom the AccessControlList are to be retrieved
 347  
      * @return A new AccessControlList object.
 348  
      * @throws DataBackendException if there was an error accessing the data backend.
 349  
      * @throws UnknownEntityException if user account is not present.
 350  
      */
 351  
     <A extends AccessControlList> A getACL(User user)
 352  
             throws DataBackendException, UnknownEntityException;
 353  
 
 354  
     /**
 355  
      * Retrieves all permissions associated with a role.
 356  
      *
 357  
      * @param role the role name, for which the permissions are to be retrieved.
 358  
      * @return the permissions associated with the role
 359  
      * @throws DataBackendException if there was an error accessing the data
 360  
      *         backend.
 361  
      * @throws UnknownEntityException if the role is not present.
 362  
      */
 363  
     PermissionSet getPermissions(Role role)
 364  
             throws DataBackendException, UnknownEntityException;
 365  
 
 366  
     /*-----------------------------------------------------------------------
 367  
       Manipulation of security information
 368  
       -----------------------------------------------------------------------*/
 369  
 
 370  
     /**
 371  
      * Grant an User a Role in a Group.
 372  
      *
 373  
      * @param user the user.
 374  
      * @param group the group.
 375  
      * @param role the role.
 376  
      * @throws DataBackendException if there was an error accessing the data
 377  
      *         backend.
 378  
      * @throws UnknownEntityException if user account, group or role is not
 379  
      *         present.
 380  
      */
 381  
     void grant(User user, Group group, Role role)
 382  
             throws DataBackendException, UnknownEntityException;
 383  
 
 384  
     /**
 385  
      * Revoke a Role in a Group from an User.
 386  
      *
 387  
      * @param user the user.
 388  
      * @param group the group.
 389  
      * @param role the role.
 390  
      * @throws DataBackendException if there was an error accessing the data
 391  
      *         backend.
 392  
      * @throws UnknownEntityException if user account, group or role is not
 393  
      *         present.
 394  
      */
 395  
     void revoke(User user, Group group, Role role)
 396  
             throws DataBackendException, UnknownEntityException;
 397  
 
 398  
     /**
 399  
      * Revokes all roles from an User.
 400  
      *
 401  
      * This method is used when deleting an account.
 402  
      *
 403  
      * @param user the User.
 404  
      * @throws DataBackendException if there was an error accessing the data
 405  
      *         backend.
 406  
      * @throws UnknownEntityException if the account is not present.
 407  
      */
 408  
     void revokeAll(User user)
 409  
             throws DataBackendException, UnknownEntityException;
 410  
 
 411  
     /**
 412  
      * Grants a Role a Permission
 413  
      *
 414  
      * @param role the Role.
 415  
      * @param permission the Permission.
 416  
      * @throws DataBackendException if there was an error accessing the data
 417  
      *         backend.
 418  
      * @throws UnknownEntityException if role or permission is not present.
 419  
      */
 420  
     void grant(Role role, Permission permission)
 421  
             throws DataBackendException, UnknownEntityException;
 422  
 
 423  
     /**
 424  
      * Revokes a Permission from a Role.
 425  
      *
 426  
      * @param role the Role.
 427  
      * @param permission the Permission.
 428  
      * @throws DataBackendException if there was an error accessing the data
 429  
      *         backend.
 430  
      * @throws UnknownEntityException if role or permission is not present.
 431  
      */
 432  
     void revoke(Role role, Permission permission)
 433  
             throws DataBackendException, UnknownEntityException;
 434  
 
 435  
     /**
 436  
      * Revokes all permissions from a Role.
 437  
      *
 438  
      * This method is user when deleting a Role.
 439  
      *
 440  
      * @param role the Role
 441  
      * @throws DataBackendException if there was an error accessing the data
 442  
      *         backend.
 443  
      * @throws  UnknownEntityException if the Role is not present.
 444  
      */
 445  
     void revokeAll(Role role)
 446  
             throws DataBackendException, UnknownEntityException;
 447  
 
 448  
     /*-----------------------------------------------------------------------
 449  
       Retrieval & storage of SecurityObjects
 450  
       -----------------------------------------------------------------------*/
 451  
 
 452  
     /**
 453  
      * Provides a reference to the Group object that represents the
 454  
      * <a href="#global">global group</a>.
 455  
      *
 456  
      * @return A Group object that represents the global group.
 457  
      */
 458  
     <G extends Group> G getGlobalGroup();
 459  
 
 460  
     /**
 461  
      * Retrieve a Group object with specified name.
 462  
      *
 463  
      * @param name the name of the Group.
 464  
      * @return an object representing the Group with specified name.
 465  
      * @throws DataBackendException if there was an error accessing the data
 466  
      *         backend.
 467  
      * @throws UnknownEntityException if the group does not exist.
 468  
      */
 469  
     <G extends Group> G getGroupByName(String name)
 470  
             throws DataBackendException, UnknownEntityException;
 471  
 
 472  
     /**
 473  
      * Retrieve a Group object with specified Id.
 474  
      *
 475  
      * @param id the id of the Group.
 476  
      *
 477  
      * @return an object representing the Group with specified name.
 478  
      *
 479  
      * @exception UnknownEntityException if the permission does not
 480  
      *            exist in the database.
 481  
      * @exception DataBackendException if there is a problem accessing the
 482  
      *            storage.
 483  
      */
 484  
     <G extends Group> G getGroupById(int id)
 485  
             throws DataBackendException,
 486  
                    UnknownEntityException;
 487  
 
 488  
     /**
 489  
      * Retrieve a Role object with specified name.
 490  
      *
 491  
      * @param name the name of the Role.
 492  
      * @return an object representing the Role with specified name.
 493  
      * @throws DataBackendException if there was an error accessing the data
 494  
      *         backend.
 495  
      * @throws UnknownEntityException if the role does not exist.
 496  
      */
 497  
     <R extends Role> R getRoleByName(String name)
 498  
             throws DataBackendException, UnknownEntityException;
 499  
 
 500  
     /**
 501  
      * Retrieve a Role object with specified Id.
 502  
      *
 503  
      * @param id the id of the Role.
 504  
      *
 505  
      * @return an object representing the Role with specified name.
 506  
      *
 507  
      * @exception UnknownEntityException if the permission does not
 508  
      *            exist in the database.
 509  
      * @exception DataBackendException if there is a problem accessing the
 510  
      *            storage.
 511  
      */
 512  
     <R extends Role> R getRoleById(int id)
 513  
             throws DataBackendException,
 514  
                    UnknownEntityException;
 515  
 
 516  
     /**
 517  
      * Retrieve a Permission object with specified name.
 518  
      *
 519  
      * @param name the name of the Permission.
 520  
      * @return an object representing the Permission with specified name.
 521  
      * @throws DataBackendException if there was an error accessing the data
 522  
      *         backend.
 523  
      * @throws UnknownEntityException if the permission does not exist.
 524  
      */
 525  
     <P extends Permission> P getPermissionByName(String name)
 526  
             throws DataBackendException, UnknownEntityException;
 527  
 
 528  
     /**
 529  
      * Retrieve a Permission object with specified Id.
 530  
      *
 531  
      * @param id the id of the Permission.
 532  
      *
 533  
      * @return an object representing the Permission with specified name.
 534  
      *
 535  
      * @exception UnknownEntityException if the permission does not
 536  
      *            exist in the database.
 537  
      * @exception DataBackendException if there is a problem accessing the
 538  
      *            storage.
 539  
      */
 540  
     <P extends Permission> P getPermissionById(int id)
 541  
             throws DataBackendException,
 542  
                    UnknownEntityException;
 543  
 
 544  
     /**
 545  
      * Retrieves all groups defined in the system.
 546  
      *
 547  
      * @return the names of all groups defined in the system.
 548  
      * @throws DataBackendException if there was an error accessing the data
 549  
      *         backend.
 550  
      */
 551  
     GroupSet getAllGroups()
 552  
             throws DataBackendException;
 553  
 
 554  
     /**
 555  
      * Retrieves all roles defined in the system.
 556  
      *
 557  
      * @return the names of all roles defined in the system.
 558  
      * @throws DataBackendException if there was an error accessing the data
 559  
      *         backend.
 560  
      */
 561  
     RoleSet getAllRoles()
 562  
             throws DataBackendException;
 563  
 
 564  
     /**
 565  
      * Retrieves all permissions defined in the system.
 566  
      *
 567  
      * @return the names of all roles defined in the system.
 568  
      * @throws DataBackendException if there was an error accessing the data
 569  
      *         backend.
 570  
      */
 571  
     PermissionSet getAllPermissions()
 572  
             throws DataBackendException;
 573  
 
 574  
     /*-----------------------------------------------------------------------
 575  
       Group/Role/Permission management
 576  
       -----------------------------------------------------------------------*/
 577  
 
 578  
     /**
 579  
      * Creates a new group with specified attributes.
 580  
      *
 581  
      * @param group the object describing the group to be created.
 582  
      * @return the new Group object.
 583  
      * @throws DataBackendException if there was an error accessing the data
 584  
      *         backend.
 585  
      * @throws EntityExistsException if the group already exists.
 586  
      */
 587  
     <G extends Group> G addGroup(G group)
 588  
             throws DataBackendException, EntityExistsException;
 589  
 
 590  
     /**
 591  
      * Creates a new role with specified attributes.
 592  
      *
 593  
      * @param role The object describing the role to be created.
 594  
      * @return the new Role object.
 595  
      * @throws DataBackendException if there was an error accessing the data
 596  
      *         backend.
 597  
      * @throws EntityExistsException if the role already exists.
 598  
      */
 599  
     <R extends Role> R addRole(R role)
 600  
             throws DataBackendException, EntityExistsException;
 601  
 
 602  
     /**
 603  
      * Creates a new permission with specified attributes.
 604  
      *
 605  
      * @param permission The object describing the permission to be created.
 606  
      * @return the new Permission object.
 607  
      * @throws DataBackendException if there was an error accessing the data
 608  
      *         backend.
 609  
      * @throws EntityExistsException if the permission already exists.
 610  
      */
 611  
     <P extends Permission> P addPermission(P permission)
 612  
             throws DataBackendException, EntityExistsException;
 613  
 
 614  
     /**
 615  
      * Removes a Group from the system.
 616  
      *
 617  
      * @param group The object describing the group to be removed.
 618  
      * @throws DataBackendException if there was an error accessing the data
 619  
      *         backend.
 620  
      * @throws UnknownEntityException if the group does not exist.
 621  
      */
 622  
     void removeGroup(Group group)
 623  
             throws DataBackendException, UnknownEntityException;
 624  
 
 625  
     /**
 626  
      * Removes a Role from the system.
 627  
      *
 628  
      * @param role The object describing the role to be removed.
 629  
      * @throws DataBackendException if there was an error accessing the data
 630  
      *         backend.
 631  
      * @throws UnknownEntityException if the role does not exist.
 632  
      */
 633  
     void removeRole(Role role)
 634  
             throws DataBackendException, UnknownEntityException;
 635  
 
 636  
     /**
 637  
      * Removes a Permission from the system.
 638  
      *
 639  
      * @param permission The object describing the permission to be removed.
 640  
      * @throws DataBackendException if there was an error accessing the data
 641  
      *         backend.
 642  
      * @throws UnknownEntityException if the permission does not exist.
 643  
      */
 644  
     void removePermission(Permission permission)
 645  
             throws DataBackendException, UnknownEntityException;
 646  
 
 647  
     /**
 648  
      * Renames an existing Group.
 649  
      *
 650  
      * @param group The object describing the group to be renamed.
 651  
      * @param name the new name for the group.
 652  
      * @throws DataBackendException if there was an error accessing the data
 653  
      *         backend.
 654  
      * @throws UnknownEntityException if the group does not exist.
 655  
      */
 656  
     void renameGroup(Group group, String name)
 657  
             throws DataBackendException, UnknownEntityException;
 658  
 
 659  
     /**
 660  
      * Renames an existing Role.
 661  
      *
 662  
      * @param role The object describing the role to be renamed.
 663  
      * @param name the new name for the role.
 664  
      * @throws DataBackendException if there was an error accessing the data
 665  
      *         backend.
 666  
      * @throws UnknownEntityException if the role does not exist.
 667  
      */
 668  
     void renameRole(Role role, String name)
 669  
             throws DataBackendException, UnknownEntityException;
 670  
 
 671  
     /**
 672  
      * Renames an existing Permission.
 673  
      *
 674  
      * @param permission The object describing the permission to be renamed.
 675  
      * @param name the new name for the permission.
 676  
      * @throws DataBackendException if there was an error accessing the data
 677  
      *         backend.
 678  
      * @throws UnknownEntityException if the permission does not exist.
 679  
      */
 680  
     void renamePermission(Permission permission, String name)
 681  
             throws DataBackendException, UnknownEntityException;
 682  
 }