View Javadoc

1   /**
2    * Copyright 2005-2011 The Kuali Foundation
3    *
4    * Licensed under the Educational Community License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.opensource.org/licenses/ecl2.php
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.rice.kim.api.role;
17  
18  import org.kuali.rice.core.api.criteria.QueryByCriteria;
19  import org.kuali.rice.core.api.delegation.DelegationType;
20  import org.kuali.rice.core.api.exception.RiceIllegalArgumentException;
21  import org.kuali.rice.core.api.exception.RiceIllegalStateException;
22  import org.kuali.rice.core.api.util.jaxb.MapStringStringAdapter;
23  import org.kuali.rice.kim.api.KimApiConstants;
24  import org.kuali.rice.kim.api.common.delegate.DelegateMember;
25  import org.kuali.rice.kim.api.common.delegate.DelegateType;
26  import org.springframework.cache.annotation.CacheEvict;
27  import org.springframework.cache.annotation.Cacheable;
28  
29  import javax.jws.WebMethod;
30  import javax.jws.WebParam;
31  import javax.jws.WebResult;
32  import javax.jws.WebService;
33  import javax.jws.soap.SOAPBinding;
34  import javax.xml.bind.annotation.XmlElement;
35  import javax.xml.bind.annotation.XmlElementWrapper;
36  import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
37  import java.util.Collection;
38  import java.util.List;
39  import java.util.Map;
40  import java.util.Set;
41  
42  /**
43   *
44   * This service provides operations for querying role and role qualification
45   * data.
46   *
47   * <p>A role is where permissions and responsibilities are granted.  Roles have
48   * a membership consisting of principals, groups or even other roles.  By
49   * being assigned as members of a role, the associated principals will be
50   * granted all permissions and responsibilities that have been granted to the
51   * role.
52   *
53   * <p>Each membership assignment on the role can have a qualification which
54   * defines extra information about that particular member of the role.  For
55   * example, one may have the role of "Dean" but that can be further qualified
56   * by the school they are the dean of, such as "Dean of Computer Science".
57   * Authorization checks that are then done in the permission service can pass
58   * qualifiers as part of the operation if they want to restrict the subset of
59   * the role against which the check is made.
60   *
61   * @author Kuali Rice Team (rice.collab@kuali.org)
62   *
63   */
64  @WebService(name = "roleService", targetNamespace = KimApiConstants.Namespaces.KIM_NAMESPACE_2_0 )
65  @SOAPBinding(style = SOAPBinding.Style.DOCUMENT, use = SOAPBinding.Use.LITERAL, parameterStyle = SOAPBinding.ParameterStyle.WRAPPED)
66  public interface RoleService {
67      /**
68       * This will create a {@link org.kuali.rice.kim.api.role.Role} exactly like the role passed in.
69       *
70       * @param role the role to create
71       * @return the newly created object.  will never be null.
72       * @throws IllegalArgumentException if the responsibility is null
73       * @throws IllegalStateException if the responsibility is already existing in the system
74       */
75      @WebMethod(operationName="createRole")
76      @WebResult(name = "role")
77      @CacheEvict(value={Role.Cache.NAME}, allEntries = true)
78      Role createRole(@WebParam(name = "role") Role role)
79              throws RiceIllegalArgumentException, RiceIllegalStateException;
80  
81      /**
82       * This will update a {@link Role}.
83       *
84       * @param role the role to update
85       * @throws IllegalArgumentException if the role is null
86       * @throws IllegalStateException if the role does not exist in the system
87       */
88      @WebMethod(operationName="updateRole")
89      @WebResult(name = "role")
90      @CacheEvict(value={Role.Cache.NAME}, allEntries = true)
91      Role updateRole(@WebParam(name = "role") Role role)
92              throws RiceIllegalArgumentException, RiceIllegalStateException;
93  
94  	/**
95  	 * Get the KIM Role object with the given ID.
96  	 *
97  	 */
98      @WebMethod(operationName = "getRole")
99      @WebResult(name = "role")
100     @Cacheable(value= Role.Cache.NAME, key="'id=' + #p0")
101     Role getRole(@WebParam(name = "id") String id) throws RiceIllegalArgumentException;
102 
103 	/**
104 	 * Get the KIM Role objects for the role IDs in the given List.
105 	 */
106     @WebMethod(operationName = "getRoles")
107     @XmlElementWrapper(name = "roles", required = true)
108     @XmlElement(name = "role", required = false)
109     @WebResult(name = "roles")
110     @Cacheable(value= Role.Cache.NAME, key="'ids=' + T(org.kuali.rice.core.api.cache.CacheKeyUtils).key(#p0)")
111 	List<Role> getRoles( @WebParam(name="ids") List<String> ids ) throws RiceIllegalArgumentException;
112 
113 	/** Get the KIM Role object with the unique combination of namespace, component,
114 	 * and role name.
115 	 *
116 	 */
117     @WebMethod(operationName = "getRoleByNameAndNamespaceCode")
118     @WebResult(name = "role")
119     @Cacheable(value=Role.Cache.NAME, key="'namespaceCode=' + #p0 + '|' + 'name=' + #p1")
120     Role getRoleByNameAndNamespaceCode(@WebParam(name = "namespaceCode") String namespaceCode,
121             @WebParam(name = "name") String name) throws RiceIllegalArgumentException;
122 
123 	/**
124 	 * Return the Role ID for the given unique combination of namespace,
125 	 * component and role name.
126 	 */
127     @WebMethod(operationName = "getRoleIdByNameAndNamespaceCode")
128     @WebResult(name = "roleId")
129     @Cacheable(value=Role.Cache.NAME, key="'{getRoleIdByNameAndNamespaceCode}' + 'namespaceCode=' + #p0 + '|' + 'name=' + #p1")
130 	String getRoleIdByNameAndNamespaceCode(@WebParam(name = "namespaceCode") String namespaceCode,
131             @WebParam(name = "name") String name) throws RiceIllegalArgumentException;
132 
133 	/**
134 	 * Checks whether the role with the given role ID is active.
135 	 *
136 	 * @param id
137 	 * @return
138 	 */
139     @WebMethod(operationName = "isRoleActive")
140     @WebResult(name = "isRoleActive")
141     @Cacheable(value=Role.Cache.NAME, key="'{isRoleActive}' + 'id=' + #p0")
142     boolean isRoleActive( @WebParam(name="id") String id ) throws RiceIllegalArgumentException;
143 
144     /**
145      * Returns a list of role qualifiers that the given principal has without taking into consideration
146      * that the principal may be a member via an assigned group or role.  Use in situations where
147      * you are only interested in the qualifiers that are directly assigned to the principal.
148      */
149     @WebMethod(operationName = "getRoleQualifersForPrincipalByRoleIds")
150     @XmlElementWrapper(name = "attributes", required = true)
151     @XmlElement(name = "attribute", required = false)
152     @WebResult(name = "attributes")
153     @XmlJavaTypeAdapter(value = MapStringStringAdapter.class)
154     List<Map<String, String>> getRoleQualifersForPrincipalByRoleIds(@WebParam(name = "principalId") String principalId,
155             @WebParam(name = "roleIds") List<String> roleIds, @WebParam(name = "qualification") @XmlJavaTypeAdapter(
156             value = MapStringStringAdapter.class) Map<String, String> qualification)
157             throws RiceIllegalArgumentException;
158 
159     /**
160      * Returns a list of role qualifiers that the given principal has without taking into consideration
161      * that the principal may be a member via an assigned group or role.  Use in situations where
162      * you are only interested in the qualifiers that are directly assigned to the principal.
163      */
164     @WebMethod(operationName = "getRoleQualifersForPrincipalByNamespaceAndRolename")
165     @XmlElementWrapper(name = "attributes", required = true)
166     @XmlElement(name = "attribute", required = false)
167     @WebResult(name = "attributes")
168     @XmlJavaTypeAdapter(value = MapStringStringAdapter.class)
169     List<Map<String, String>> getRoleQualifersForPrincipalByNamespaceAndRolename(
170             @WebParam(name = "principalId") String principalId, @WebParam(name = "namespaceCode") String namespaceCode,
171             @WebParam(name = "roleName") String roleName, @WebParam(name = "qualification") @XmlJavaTypeAdapter(
172             value = MapStringStringAdapter.class) Map<String, String> qualification)
173             throws RiceIllegalArgumentException;
174 
175     /**
176      * Returns a list of role qualifiers that the given principal.  If the principal's membership
177      * is via a group or role, that group or role's qualifier on the given role is returned.
178      */
179     @WebMethod(operationName = "getNestedRoleQualifersForPrincipalByNamespaceAndRolename")
180     @XmlElementWrapper(name = "attributes", required = true)
181     @XmlElement(name = "attribute", required = false)
182     @WebResult(name = "attributes")
183     @XmlJavaTypeAdapter(value = MapStringStringAdapter.class)
184 	List<Map<String, String>> getNestedRoleQualifersForPrincipalByNamespaceAndRolename(
185             @WebParam(name = "principalId") String principalId, @WebParam(name = "namespaceCode") String namespaceCode,
186             @WebParam(name = "roleName") String roleName, @WebParam(name = "qualification") @XmlJavaTypeAdapter(
187             value = MapStringStringAdapter.class) Map<String, String> qualification)
188             throws RiceIllegalArgumentException;
189 
190     /**
191      * Returns a list of role qualifiers that the given principal.  If the principal's membership
192      * is via a group or role, that group or role's qualifier on the given role is returned.
193      */
194     @WebMethod(operationName = "getNestedRoleQualifiersForPrincipalByRoleIds")
195     @XmlElementWrapper(name = "attributes", required = true)
196     @XmlElement(name = "attribute", required = false)
197     @WebResult(name = "attributes")
198     @XmlJavaTypeAdapter(value = MapStringStringAdapter.class)
199 	List<Map<String, String>> getNestedRoleQualifiersForPrincipalByRoleIds(
200             @WebParam(name = "principalId") String principalId, @WebParam(name = "roleIds") List<String> roleIds,
201             @WebParam(name = "qualification") @XmlJavaTypeAdapter(
202                     value = MapStringStringAdapter.class) Map<String, String> qualification)
203             throws RiceIllegalArgumentException;
204 
205 
206     // --------------------
207     // Role Membership Checks
208     // --------------------
209 
210     /**
211      * Get all the role members (groups and principals) associated with the given list of roles
212      * where their role membership/assignment matches the given qualification.  The list of RoleMemberships returned
213      * will only contain group and principal members.  Any nested role members will be resolved and flattened into
214      * the principals and groups that are members of that nested role (assuming qualifications match).
215      *
216      * The return object will have each membership relationship along with the delegations
217      *
218      */
219     @WebMethod(operationName = "getRoleMembers")
220     @XmlElementWrapper(name = "roleMemberships", required = true)
221     @XmlElement(name = "roleMembership", required = false)
222     @WebResult(name = "roleMemberships")
223     List<RoleMembership> getRoleMembers( @WebParam(name="roleIds") List<String> roleIds,
224             @WebParam(name="qualification")@XmlJavaTypeAdapter(value = MapStringStringAdapter.class) Map<String, String> qualification )
225             throws RiceIllegalArgumentException;
226 
227     /**
228 	 * This method gets all the members, then traverses down into members of type role and group to obtain the nested principal ids
229 	 *
230 	 * @return list of member principal ids
231 	 */
232     @WebMethod(operationName = "getRoleMemberPrincipalIds")
233     @XmlElementWrapper(name = "principalIds", required = true)
234     @XmlElement(name = "principalId", required = false)
235     @WebResult(name = "principalIds")
236     Collection<String> getRoleMemberPrincipalIds(@WebParam(name="namespaceCode") String namespaceCode,
237             @WebParam(name="roleName") String roleName,
238             @WebParam(name="qualification") @XmlJavaTypeAdapter(value = MapStringStringAdapter.class) Map<String, String> qualification)
239             throws RiceIllegalArgumentException;
240 
241     /**
242      * Returns whether the given principal has any of the passed role IDs with the given qualification.
243      */
244     @WebMethod(operationName = "principalHasRole")
245     @WebResult(name = "principalHasRole")
246     boolean principalHasRole( @WebParam(name="principalId") String principalId,
247             @WebParam(name="roleIds") List<String> roleIds,
248             @WebParam(name="qualification") @XmlJavaTypeAdapter(value = MapStringStringAdapter.class) Map<String, String> qualification )
249             throws RiceIllegalArgumentException;
250 
251     /**
252      * Returns the subset of the given principal ID list which has the given role and qualification.
253      * This is designed to be used by lookups of people by their roles.
254      */
255     @WebMethod(operationName = "getPrincipalIdSubListWithRole")
256     @XmlElementWrapper(name = "principalIds", required = true)
257     @XmlElement(name = "principalId", required = false)
258     @WebResult(name = "principalIds")
259     List<String> getPrincipalIdSubListWithRole( @WebParam(name="principalIds") List<String> principalIds,
260             @WebParam(name="roleNamespaceCode") String roleNamespaceCode,
261             @WebParam(name="roleName") String roleName,
262             @WebParam(name="qualification") @XmlJavaTypeAdapter(value = MapStringStringAdapter.class) Map<String, String> qualification )
263             throws RiceIllegalArgumentException;
264 
265     /**
266 	 *
267 	 * This method gets search results for role lookup
268 	 */
269     @WebMethod(operationName = "getRolesSearchResults")
270     @WebResult(name = "results")
271 	RoleQueryResults findRoles(@WebParam(name = "query") QueryByCriteria queryByCriteria) throws RiceIllegalArgumentException;
272 
273 
274 
275     /**
276      * Gets all direct members of the roles that have ids within the given list
277      * of role ids.  This method does not recurse into any nested roles.
278      *
279      *  <p>The resulting List of role membership will contain membership for
280      *  all the roles with the specified ids.  The list is not guaranteed to be
281      *  in any particular order and may have membership info for the
282      *  different roles interleaved with each other.
283      */
284     @WebMethod(operationName = "getFirstLevelRoleMembers")
285     @XmlElementWrapper(name = "roleMemberships", required = true)
286     @XmlElement(name = "roleMembership", required = false)
287     @WebResult(name = "roleMemberships")
288     @Cacheable(value=RoleMembership.Cache.NAME, key="'roleIds=' + T(org.kuali.rice.core.api.cache.CacheKeyUtils).key(#p0)")
289 	List<RoleMembership> getFirstLevelRoleMembers(@WebParam(name="roleIds") List<String> roleIds) throws RiceIllegalArgumentException;
290 
291 	/**
292 	 * Gets role member information based on the given search criteria.  The
293 	 * map of criteria contains attributes of RoleMembership as it's
294 	 * key and the values to search on as the value.
295 	 */
296     @WebMethod(operationName = "findRoleMemberships")
297     @WebResult(name = "results")
298 	RoleMembershipQueryResults findRoleMemberships(@WebParam(name = "query") QueryByCriteria queryByCriteria) throws RiceIllegalArgumentException;
299 
300 	/**
301 	 * Gets a list of Roles that the given member belongs to.
302 	 */
303     @WebMethod(operationName = "getMemberParentRoleIds")
304     @XmlElementWrapper(name = "roleIds", required = true)
305     @XmlElement(name = "roleId", required = false)
306     @WebResult(name = "roleIds")
307     @Cacheable(value=RoleMembership.Cache.NAME, key="'memberType=' + #p0 + '|' + 'memberId=' + #p1")
308 	List<String> getMemberParentRoleIds(String memberType, String memberId) throws RiceIllegalArgumentException;
309 
310 
311     @WebMethod(operationName = "findRoleMembers")
312     @WebResult(name = "results")
313 	RoleMemberQueryResults findRoleMembers(@WebParam(name = "query") QueryByCriteria queryByCriteria) throws RiceIllegalArgumentException;
314 
315     @WebMethod(operationName = "getRoleTypeRoleMemberIds")
316     @XmlElementWrapper(name = "memberIds", required = true)
317     @XmlElement(name = "memberId", required = false)
318     @WebResult(name = "memberIds")
319     @Cacheable(value=RoleMember.Cache.NAME, key="'{getRoleTypeRoleMemberIds} + 'roleId=' + #p0")
320     Set<String> getRoleTypeRoleMemberIds(@WebParam(name = "roleId") String roleId) throws RiceIllegalArgumentException;
321 
322     @WebMethod(operationName = "findDelegateMembers")
323     @WebResult(name = "results")
324     DelegateMemberQueryResults findDelegateMembers(@WebParam(name = "query") QueryByCriteria queryByCriteria) throws RiceIllegalArgumentException;
325 
326 	/**
327 	 * Gets delegation member information based on the given search criteria.  The
328 	 * map of criteria contains attributes of Delegate as it's
329 	 * key and the values to search on as the value.
330 	 */
331     @WebMethod(operationName = "getDelegationMembersByDelegationId")
332     @XmlElementWrapper(name = "delegateMembers", required = true)
333     @XmlElement(name = "delegateMember", required = false)
334     @WebResult(name = "delegateMembers")
335     @Cacheable(value=DelegateMember.Cache.NAME, key="'delegateId=' + #p0")
336     List<DelegateMember> getDelegationMembersByDelegationId(
337             @WebParam(name = "delegateId") String delegateId) throws RiceIllegalArgumentException;
338 
339     @WebMethod(operationName = "getDelegationMemberByDelegationAndMemberId")
340     @WebResult(name = "delegateMember")
341     @Cacheable(value=DelegateMember.Cache.NAME, key="'delegateId=' + #p0 + '|' + 'memberId=' + #p1")
342     DelegateMember getDelegationMemberByDelegationAndMemberId(
343             @WebParam(name = "delegationId") String delegationId, @WebParam(name = "memberId") String memberId) throws RiceIllegalArgumentException;
344 
345     @WebMethod(operationName = "getDelegationMemberById")
346     @WebResult(name = "delegateMember")
347     @Cacheable(value=DelegateMember.Cache.NAME, key="'id=' + #p0")
348     DelegateMember getDelegationMemberById(@WebParam(name = "id") String id) throws RiceIllegalArgumentException;
349 
350     @WebMethod(operationName = "getRoleResponsibilities")
351     @XmlElementWrapper(name = "roleResponsibilities", required = true)
352     @XmlElement(name = "roleResponsibility", required = false)
353     @WebResult(name = "roleResponsibilities")
354     @Cacheable(value=RoleResponsibility.Cache.NAME, key="'roleId=' + #p0")
355 	List<RoleResponsibility> getRoleResponsibilities(@WebParam(name="roleId") String roleId)  throws RiceIllegalArgumentException;
356 
357     @WebMethod(operationName = "getRoleMemberResponsibilityActions")
358     @XmlElementWrapper(name = "roleResponsibilityActions", required = true)
359     @XmlElement(name = "roleResponsibilityAction", required = false)
360     @WebResult(name = "roleResponsibilityActions")
361     @Cacheable(value=RoleResponsibility.Cache.NAME, key="'roleMemberId=' + #p0")
362 	List<RoleResponsibilityAction> getRoleMemberResponsibilityActions(
363             @WebParam(name = "roleMemberId") String roleMemberId)  throws RiceIllegalArgumentException;
364 
365     @WebMethod(operationName = "getDelegateTypeByRoleIdAndDelegateTypeCode")
366     @WebResult(name = "delegateType")
367     @Cacheable(value=DelegateType.Cache.NAME, key="'roleId=' + #p0 + '|' + 'code=' + #p1")
368     DelegateType getDelegateTypeByRoleIdAndDelegateTypeCode(@WebParam(name = "roleId") String roleId,
369             @WebParam(name = "delegateType") DelegationType delegateType)  throws RiceIllegalArgumentException;
370 
371     @WebMethod(operationName = "getDelegateTypeByDelegationId")
372     @WebResult(name = "delegateType")
373     @Cacheable(value=DelegateType.Cache.NAME, key="'delegationId=' + #p0")
374     DelegateType getDelegateTypeByDelegationId(@WebParam(name = "delegationId") String delegationId)  throws RiceIllegalArgumentException;
375 
376     /**
377 	 * Assigns the principal with the given id to the role with the specified
378 	 * namespace code and name with the supplied set of qualifications.
379 	 */
380     @WebMethod(operationName = "assignPrincipalToRole")
381     @CacheEvict(value={Role.Cache.NAME, RoleMembership.Cache.NAME, RoleMember.Cache.NAME, DelegateMember.Cache.NAME, RoleResponsibility.Cache.NAME, DelegateType.Cache.NAME }, allEntries = true)
382     void assignPrincipalToRole(@WebParam(name="principalId") String principalId,
383     		@WebParam(name="namespaceCode") String namespaceCode,
384     		@WebParam(name="roleName") String roleName,
385     		@WebParam(name="qualifications") @XmlJavaTypeAdapter(value = MapStringStringAdapter.class) Map<String, String> qualifications) throws RiceIllegalArgumentException;
386 
387 	/**
388 	 * Assigns the group with the given id to the role with the specified
389 	 * namespace code and name with the supplied set of qualifications.
390 	 */
391     @WebMethod(operationName = "assignGroupToRole")
392     @CacheEvict(value={Role.Cache.NAME, RoleMembership.Cache.NAME, RoleMember.Cache.NAME, DelegateMember.Cache.NAME, RoleResponsibility.Cache.NAME, DelegateType.Cache.NAME }, allEntries = true)
393     void assignGroupToRole(@WebParam(name="groupId") String groupId,
394     		@WebParam(name="namespaceCode") String namespaceCode,
395     		@WebParam(name="roleName") String roleName,
396     		@WebParam(name="qualifications") @XmlJavaTypeAdapter(value = MapStringStringAdapter.class) Map<String, String> qualifications) throws RiceIllegalArgumentException;
397 
398 	/**
399 	 * Assigns the role with the given id to the role with the specified
400 	 * namespace code and name with the supplied set of qualifications.
401 	 */
402     @WebMethod(operationName = "assignRoleToRole")
403     @CacheEvict(value={Role.Cache.NAME, RoleMembership.Cache.NAME, RoleMember.Cache.NAME, DelegateMember.Cache.NAME, RoleResponsibility.Cache.NAME, DelegateType.Cache.NAME }, allEntries = true)
404     void assignRoleToRole(@WebParam(name="roleId") String roleId,
405     		@WebParam(name="namespaceCode") String namespaceCode,
406     		@WebParam(name="roleName") String roleName,
407     		@WebParam(name="qualifications") @XmlJavaTypeAdapter(value = MapStringStringAdapter.class) Map<String, String> qualifications) throws RiceIllegalArgumentException;
408 
409 	/**
410 	 * Creates a new RoleMember.  Needs to be passed a valid RoleMember object that does not currently exist.
411 	 */
412     @WebMethod(operationName = "createRoleMember")
413     @WebResult(name = "roleMember")
414     @CacheEvict(value={Role.Cache.NAME, RoleMembership.Cache.NAME, RoleMember.Cache.NAME, DelegateMember.Cache.NAME, RoleResponsibility.Cache.NAME, DelegateType.Cache.NAME }, allEntries = true)
415     RoleMember createRoleMember(@WebParam(name = "roleMember") RoleMember roleMember) throws RiceIllegalArgumentException, RiceIllegalStateException;
416 
417     /**
418 	 * Assigns the role with the given id to the role with the specified
419 	 * namespace code and name with the supplied set of qualifications.
420 	 */
421     @WebMethod(operationName = "updateRoleMember")
422     @WebResult(name = "roleMember")
423     @CacheEvict(value={Role.Cache.NAME, RoleMembership.Cache.NAME, RoleMember.Cache.NAME, DelegateMember.Cache.NAME, RoleResponsibility.Cache.NAME, DelegateType.Cache.NAME }, allEntries = true)
424     RoleMember updateRoleMember(@WebParam(name = "roleMember") RoleMember roleMember) throws RiceIllegalArgumentException, RiceIllegalStateException;
425 
426     @WebMethod(operationName = "createRoleResponsibilityAction")
427     @CacheEvict(value={Role.Cache.NAME, RoleMembership.Cache.NAME, RoleMember.Cache.NAME, DelegateMember.Cache.NAME, RoleResponsibility.Cache.NAME, DelegateType.Cache.NAME }, allEntries = true)
428     RoleResponsibilityAction createRoleResponsibilityAction(@WebParam(name = "roleResponsibilityAction") RoleResponsibilityAction roleResponsibilityAction) throws RiceIllegalArgumentException;
429 
430 	/**
431 	 * Assigns the member with the given id as a delegation member to the role
432 	 * with the specified namespace code and name with the supplied set of qualifications.
433 	 */
434     @WebMethod(operationName = "createDelegateType")
435     @CacheEvict(value={Role.Cache.NAME, RoleMembership.Cache.NAME, RoleMember.Cache.NAME, DelegateMember.Cache.NAME, RoleResponsibility.Cache.NAME, DelegateType.Cache.NAME }, allEntries = true)
436     DelegateType createDelegateType(@WebParam(name="delegateType") DelegateType delegateType) throws RiceIllegalArgumentException, RiceIllegalStateException;
437 
438     /**
439 	 * Updates a delegation type, including attached members
440 	 */
441     @WebMethod(operationName = "updateDelegateType")
442     @CacheEvict(value={Role.Cache.NAME, RoleMembership.Cache.NAME, RoleMember.Cache.NAME, DelegateMember.Cache.NAME, RoleResponsibility.Cache.NAME, DelegateType.Cache.NAME }, allEntries = true)
443     DelegateType updateDelegateType(@WebParam(name="delegateType") DelegateType delegateType) throws RiceIllegalArgumentException, RiceIllegalStateException;
444 
445     /**
446      * Remove the principal with the given id and qualifications from the role
447      * with the specified namespace code and role name.
448      */
449     @WebMethod(operationName = "removePrincipalFromRole")
450     @CacheEvict(value={Role.Cache.NAME, RoleMembership.Cache.NAME, RoleMember.Cache.NAME, DelegateMember.Cache.NAME, RoleResponsibility.Cache.NAME, DelegateType.Cache.NAME }, allEntries = true)
451     void removePrincipalFromRole(@WebParam(name="principalId") String principalId,
452     		@WebParam(name="namespaceCode") String namespaceCode,
453     		@WebParam(name="roleName") String roleName,
454     		@WebParam(name="qualifications") @XmlJavaTypeAdapter(value = MapStringStringAdapter.class) Map<String, String> qualifications) throws RiceIllegalArgumentException;
455 
456     /**
457      * Remove the group with the given id and qualifications from the role
458      * with the specified namespace code and role name.
459      */
460     @WebMethod(operationName = "removeGroupFromRole")
461     @CacheEvict(value={Role.Cache.NAME, RoleMembership.Cache.NAME, RoleMember.Cache.NAME, DelegateMember.Cache.NAME, RoleResponsibility.Cache.NAME, DelegateType.Cache.NAME }, allEntries = true)
462     void removeGroupFromRole(@WebParam(name="groupId") String groupId,
463     		@WebParam(name="namespaceCode") String namespaceCode,
464     		@WebParam(name="roleName") String roleName,
465     		@WebParam(name="qualifications") @XmlJavaTypeAdapter(value = MapStringStringAdapter.class) Map<String, String> qualifications) throws RiceIllegalArgumentException;
466 
467     /**
468      * Remove the group with the given id and qualifications from the role
469      * with the specified namespace code and role name.
470      */
471     @WebMethod(operationName = "removeRoleFromRole")
472     @CacheEvict(value={Role.Cache.NAME, RoleMembership.Cache.NAME, RoleMember.Cache.NAME, DelegateMember.Cache.NAME, RoleResponsibility.Cache.NAME, DelegateType.Cache.NAME }, allEntries = true)
473     void removeRoleFromRole(@WebParam(name="roleId") String roleId,
474     		@WebParam(name="namespaceCode") String namespaceCode,
475     		@WebParam(name="roleName") String roleName,
476     		@WebParam(name="qualifications") @XmlJavaTypeAdapter(value = MapStringStringAdapter.class) Map<String, String> qualifications) throws RiceIllegalArgumentException;
477 
478     /**
479      * Assigns the given permission to the given role
480      */
481     @WebMethod(operationName = "assignPermissionToRole")
482     @CacheEvict(value={Role.Cache.NAME, RoleMembership.Cache.NAME, RoleMember.Cache.NAME, DelegateMember.Cache.NAME, RoleResponsibility.Cache.NAME, DelegateType.Cache.NAME }, allEntries = true)
483     void assignPermissionToRole(@WebParam(name = "permissionId") String permissionId, @WebParam(name = "roleId") String roleId) throws RiceIllegalArgumentException;
484 }