CCM NG:

- Renamed privilege constants in ccm-core to match naming convention (constants for privilege should start with "PRIVILEGE_")
- Added method PermissionsManager#listDefiniedPrivileges(Class) which lists all privileges constants definied in a class.


git-svn-id: https://svn.libreccm.org/ccm/ccm_ng@4352 8810af33-2d31-482b-a856-94f89814c4df

ccm-cms/src/main/java/com/arsdigita/cms/ui/GlobalNavigation.java

@@ -120,7 +120,7 @@ public class GlobalNavigation extends SimpleComponent {
 
             /* If the current user has admin permissions, insert a link to the admin center */
             if (CdiUtil.createCdiUtil().findBean(PermissionChecker.class)
-                .isPermitted(CoreConstants.ADMIN_PRIVILEGE)) {
+                .isPermitted(CoreConstants.PRIVILEGE_ADMIN)) {
                 link(sreq, nav, "cms:adminCenter", m_adminPath, adminTitle);
             }
 

ccm-cms/src/main/java/org/librecms/contentsection/ContentSectionManager.java

@@ -86,7 +86,7 @@ public class ContentSectionManager {
      * @return The new content section.
      */
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
     @Transactional(Transactional.TxType.REQUIRED)
     public ContentSection createContentSection(final String name) {
         if (name == null || name.isEmpty()) {
@@ -191,7 +191,7 @@ public class ContentSectionManager {
      * @@param name The new name of the content section.
      */
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
     @Transactional(Transactional.TxType.REQUIRED)
     public void renameContentSection(final ContentSection section,
                                      final String name) {

ccm-cms/src/main/java/org/librecms/contentsection/ContentSectionRepository.java

@@ -62,7 +62,7 @@ public class ContentSectionRepository
     }
 
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
     @Transactional(Transactional.TxType.REQUIRED)
     @Override
     public void save(final ContentSection section) {
@@ -75,7 +75,7 @@ public class ContentSectionRepository
     }
 
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
     @Transactional(Transactional.TxType.REQUIRED)
     @Override
     public void delete(final ContentSection section) {

ccm-core/src/main/java/org/libreccm/categorization/CategorizationConstants.java

@@ -25,10 +25,10 @@ package org.libreccm.categorization;
 public final class CategorizationConstants {
 
     public static final String CAT_XML_NS = "http://categorization.libreccm.org";
-    public static final String MANAGE_CATEGORY_PRIVILEGE = "manage_category";
+    public static final String PRIVILEGE_MANAGE_CATEGORY = "manage_category";
-    public static final String MANAGE_CATEGORY_OBJECTS_PRIVILEGE
+    public static final String PRIVILEGE_MANAGE_CATEGORY_OBJECTS
                                = "manage_category_objects";
-    public static final String MANAGE_DOMAINS_PRIVILEGE = "manage_domains";
+    public static final String PRIVILEGE_MANAGE_DOMAINS = "manage_domains";
 
     private CategorizationConstants() {
         //Nothing

ccm-core/src/main/java/org/libreccm/categorization/CategoryManager.java

@@ -93,7 +93,7 @@ public class CategoryManager {
     @Transactional(Transactional.TxType.REQUIRED)
     public void addObjectToCategory(
         final CcmObject object,
-        @RequiresPrivilege(MANAGE_CATEGORY_OBJECTS_PRIVILEGE)
+        @RequiresPrivilege(PRIVILEGE_MANAGE_CATEGORY_OBJECTS)
         final Category category) {
 
         addObjectToCategory(object, category, null);
@@ -121,7 +121,7 @@ public class CategoryManager {
     @Transactional(Transactional.TxType.REQUIRED)
     public void addObjectToCategory(
         final CcmObject object,
-        @RequiresPrivilege(MANAGE_CATEGORY_OBJECTS_PRIVILEGE)
+        @RequiresPrivilege(PRIVILEGE_MANAGE_CATEGORY_OBJECTS)
         final Category category,
         final String type) {
 
@@ -181,7 +181,7 @@ public class CategoryManager {
     @Transactional(Transactional.TxType.REQUIRED)
     public void removeObjectFromCategory(
         final CcmObject object,
-        @RequiresPrivilege(MANAGE_CATEGORY_OBJECTS_PRIVILEGE)
+        @RequiresPrivilege(PRIVILEGE_MANAGE_CATEGORY_OBJECTS)
         final Category category)
         throws ObjectNotAssignedToCategoryException {
 
@@ -252,7 +252,7 @@ public class CategoryManager {
     @Transactional(Transactional.TxType.REQUIRED)
     public void increaseObjectOrder(
         final CcmObject object,
-        @RequiresPrivilege(MANAGE_CATEGORY_OBJECTS_PRIVILEGE)
+        @RequiresPrivilege(PRIVILEGE_MANAGE_CATEGORY_OBJECTS)
         final Category category)
         throws ObjectNotAssignedToCategoryException {
 
@@ -326,7 +326,7 @@ public class CategoryManager {
     @Transactional(Transactional.TxType.REQUIRED)
     public void decreaseObjectOrder(
         final CcmObject object,
-        @RequiresPrivilege(MANAGE_CATEGORY_OBJECTS_PRIVILEGE)
+        @RequiresPrivilege(PRIVILEGE_MANAGE_CATEGORY_OBJECTS)
         final Category category)
         throws ObjectNotAssignedToCategoryException {
 
@@ -417,7 +417,7 @@ public class CategoryManager {
     @Transactional(Transactional.TxType.REQUIRED)
     public void addSubCategoryToCategory(
         final Category subCategory,
-        @RequiresPrivilege(MANAGE_CATEGORY_PRIVILEGE)
+        @RequiresPrivilege(PRIVILEGE_MANAGE_CATEGORY)
         final Category parentCategory) {
 
         final Category sub = categoryRepo.findById(subCategory.getObjectId());
@@ -457,7 +457,7 @@ public class CategoryManager {
     @Transactional(Transactional.TxType.REQUIRED)
     public void removeSubCategoryFromCategory(
         final Category subCategory,
-        @RequiresPrivilege(MANAGE_CATEGORY_PRIVILEGE)
+        @RequiresPrivilege(PRIVILEGE_MANAGE_CATEGORY)
         final Category parentCategory) {
 
         if (subCategory.getParentCategory() == null
@@ -502,7 +502,7 @@ public class CategoryManager {
     @Transactional(Transactional.TxType.REQUIRED)
     public void increaseCategoryOrder(
         final Category subCategory,
-        @RequiresPrivilege(MANAGE_CATEGORY_PRIVILEGE)
+        @RequiresPrivilege(PRIVILEGE_MANAGE_CATEGORY)
         final Category parentCategory) {
 
         if (parentCategory == null) {
@@ -577,7 +577,7 @@ public class CategoryManager {
     @Transactional(Transactional.TxType.REQUIRED)
     public void decreaseCategoryOrder(
         final Category subCategory,
-        @RequiresPrivilege(MANAGE_CATEGORY_PRIVILEGE)
+        @RequiresPrivilege(PRIVILEGE_MANAGE_CATEGORY)
         final Category parentCategory) {
 
         if (parentCategory == null) {

ccm-core/src/main/java/org/libreccm/categorization/CategoryRepository.java

@@ -170,7 +170,7 @@ public class CategoryRepository extends AbstractEntityRepository<Long, Category>
     @Transactional(Transactional.TxType.REQUIRED)
     @Override
     public void save(
-        @RequiresPrivilege(CategorizationConstants.MANAGE_CATEGORY_PRIVILEGE)
+        @RequiresPrivilege(CategorizationConstants.PRIVILEGE_MANAGE_CATEGORY)
         final Category category) {
 
         super.save(category);
@@ -181,7 +181,7 @@ public class CategoryRepository extends AbstractEntityRepository<Long, Category>
     @Transactional(Transactional.TxType.REQUIRED)
     @Override
     public void delete(
-        @RequiresPrivilege(CategorizationConstants.MANAGE_CATEGORY_PRIVILEGE)
+        @RequiresPrivilege(CategorizationConstants.PRIVILEGE_MANAGE_CATEGORY)
         final Category category) {
 
         super.save(category);

ccm-core/src/main/java/org/libreccm/categorization/DomainManager.java

@@ -63,7 +63,7 @@ public class DomainManager {
      * @return The new domain.
      */
     @AuthorizationRequired
-    @RequiresPrivilege(CategorizationConstants.MANAGE_DOMAINS_PRIVILEGE)
+    @RequiresPrivilege(CategorizationConstants.PRIVILEGE_MANAGE_DOMAINS)
     @Transactional(Transactional.TxType.REQUIRED)
     public Domain createDomain(final String domainKey,
                                final String rootCategoryName) {
@@ -95,7 +95,7 @@ public class DomainManager {
      *                    {@code CcmApplication is added}.
      */
     @AuthorizationRequired
-    @RequiresPrivilege(CategorizationConstants.MANAGE_DOMAINS_PRIVILEGE)
+    @RequiresPrivilege(CategorizationConstants.PRIVILEGE_MANAGE_DOMAINS)
     @Transactional(Transactional.TxType.REQUIRED)
     public void addDomainOwner(final CcmApplication application,
                                final Domain domain) {
@@ -124,7 +124,7 @@ public class DomainManager {
      *                    {@code CcmApplication} should be removed.
      */
     @AuthorizationRequired
-    @RequiresPrivilege(CategorizationConstants.MANAGE_DOMAINS_PRIVILEGE)
+    @RequiresPrivilege(CategorizationConstants.PRIVILEGE_MANAGE_DOMAINS)
     @Transactional(Transactional.TxType.REQUIRED)
     public void removeDomainOwner(final CcmApplication application,
                                   final Domain domain) {

ccm-core/src/main/java/org/libreccm/categorization/DomainRepository.java

@@ -144,7 +144,7 @@ public class DomainRepository extends AbstractEntityRepository<Long, Domain> {
     }
 
     @AuthorizationRequired
-    @RequiresPrivilege(CategorizationConstants.MANAGE_DOMAINS_PRIVILEGE)
+    @RequiresPrivilege(CategorizationConstants.PRIVILEGE_MANAGE_DOMAINS)
     @Transactional(Transactional.TxType.REQUIRED)
     @Override
     public void save(final Domain domain) {
@@ -152,7 +152,7 @@ public class DomainRepository extends AbstractEntityRepository<Long, Domain> {
     }
     
     @AuthorizationRequired
-    @RequiresPrivilege(CategorizationConstants.MANAGE_DOMAINS_PRIVILEGE)
+    @RequiresPrivilege(CategorizationConstants.PRIVILEGE_MANAGE_DOMAINS)
     @Transactional(Transactional.TxType.REQUIRED)
     @Override
     public void delete(final Domain domain) {

ccm-core/src/main/java/org/libreccm/configuration/ConfigurationManager.java

@@ -132,7 +132,7 @@ public class ConfigurationManager {
      *                                  {@link Configuration}.
      */
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
     @Transactional(Transactional.TxType.REQUIRED)
     public void saveConfiguration(final Object configuration) {
         if (configuration == null) {
@@ -278,7 +278,7 @@ public class ConfigurationManager {
      * @param value         The value to set.
      */
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
     @Transactional(Transactional.TxType.REQUIRED)
     private <T> void setSettingValue(final Object configuration,
                                      final String settingName,

ccm-core/src/main/java/org/libreccm/configuration/SettingManager.java

@@ -224,7 +224,7 @@ public class SettingManager {
      * @param setting The setting to save.
      */
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
     @Transactional(Transactional.TxType.REQUIRED)
     public void saveSetting(final AbstractSetting<?> setting) {
         if (setting.getSettingId() == 0) {

ccm-core/src/main/java/org/libreccm/core/CoreConstants.java

@@ -52,12 +52,12 @@ public final class CoreConstants {
     /**
      * Constant for the {@code admin} privilege.
      */
-    public static final String ADMIN_PRIVILEGE = "admin";
+    public static final String PRIVILEGE_ADMIN = "admin";
     
     /**
      * Constant for the {@code system} privilege.
      */
-    public static final String SYSTEM_PRIVILEGE = "system";
+    public static final String PRIVILEGE_SYSTEM = "system";
 
     private CoreConstants() {
         //Nothing

ccm-core/src/main/java/org/libreccm/security/ChallengeManager.java

@@ -110,7 +110,7 @@ public class ChallengeManager {
      * @return The text of the challenge mail.
      */
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM)
     public String createEmailVerification(final User user) {
         if (user == null) {
             throw new IllegalArgumentException(
@@ -129,7 +129,7 @@ public class ChallengeManager {
      *                            user.
      */
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM)
     public void sendEmailVerification(final User user)
         throws MessagingException {
         final String text = createEmailVerification(user);
@@ -151,7 +151,7 @@ public class ChallengeManager {
      *                                  stored token.
      */
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM)
     public void finishEmailVerification(final User user,
                                         final String submittedToken)
         throws ChallengeFailedException {
@@ -180,7 +180,7 @@ public class ChallengeManager {
      * @return The challenge message.
      */
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM)
     public String createAccountActivation(final User user) {
         if (user == null) {
             throw new IllegalArgumentException(
@@ -198,7 +198,7 @@ public class ChallengeManager {
      *                            message.
      */
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM)
     public void sendAccountActivation(final User user)
         throws MessagingException {
         final String text = createAccountActivation(user);
@@ -220,7 +220,7 @@ public class ChallengeManager {
      *                                  the stored token.
      */
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM)
     public void finishAccountActivation(final User user,
                                         final String submittedToken)
         throws ChallengeFailedException {
@@ -247,7 +247,7 @@ public class ChallengeManager {
      * @return The challenge message.
      */
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM)
     public String createPasswordRecover(final User user) {
         if (user == null) {
             throw new IllegalArgumentException(
@@ -266,7 +266,7 @@ public class ChallengeManager {
      *                            message.
      */
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM)
     public void sendPasswordRecover(final User user)
         throws MessagingException {
         final String text = createPasswordRecover(user);
@@ -289,7 +289,7 @@ public class ChallengeManager {
      *                                  the stored token.
      */
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM)
     public void finishPasswordRecover(final User user,
                                       final String submittedToken,
                                       final String newPassword)

ccm-core/src/main/java/org/libreccm/security/GroupManager.java

@@ -56,7 +56,7 @@ public class GroupManager {
      * @param group  The group to which the user is added.
      */
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
     @Transactional(Transactional.TxType.REQUIRED)
     public void addMemberToGroup(final User user, final Group group) {
         if (user == null) {
@@ -95,7 +95,7 @@ public class GroupManager {
      * @param group The group from which the user is removed.
      */
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
     @Transactional(Transactional.TxType.REQUIRED)
     public void removeMemberFromGroup(final User member, final Group group) {
         if (member == null) {

ccm-core/src/main/java/org/libreccm/security/GroupRepository.java

@@ -93,7 +93,7 @@ public class GroupRepository extends AbstractEntityRepository<Long, Group> {
     }
 
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
     @Transactional(Transactional.TxType.REQUIRED)
     @Override
     public void save(final Group group) {
@@ -101,7 +101,7 @@ public class GroupRepository extends AbstractEntityRepository<Long, Group> {
     }
 
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
     @Transactional(Transactional.TxType.REQUIRED)
     @Override
     public void delete(final Group entity) {

ccm-core/src/main/java/org/libreccm/security/OneTimeAuthManager.java

@@ -79,7 +79,7 @@ public class OneTimeAuthManager {
      * @return The one time authentication token with the not hashed token.
      */
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM)
     @Transactional(Transactional.TxType.REQUIRED)
     public OneTimeAuthToken createForUser(
         final User user, final OneTimeAuthTokenPurpose purpose) {
@@ -148,7 +148,7 @@ public class OneTimeAuthManager {
      *         {@code null} if there is no such token.
      */
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM)
     public List<OneTimeAuthToken> retrieveForUser(
         final User user, final OneTimeAuthTokenPurpose purpose) {
         if (user == null || purpose == null) {
@@ -177,7 +177,7 @@ public class OneTimeAuthManager {
      *         purpose, {@code false} if not.
      */
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM)
     public boolean validTokenExistsForUser(
         final User user, final OneTimeAuthTokenPurpose purpose) {
         if (user == null || purpose == null) {
@@ -209,7 +209,7 @@ public class OneTimeAuthManager {
      * @return {@code true} if the token is valid, {@code false} if not.
      */
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM)
     public boolean isValid(final OneTimeAuthToken token) {
         if (token == null) {
             throw new IllegalArgumentException("Can't validate a token null");
@@ -234,7 +234,7 @@ public class OneTimeAuthManager {
      * {@code false} if not.
      */
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM)
     public boolean verify(final OneTimeAuthToken token,
                           final String submittedToken) {
         if (token == null || submittedToken == null) {
@@ -265,7 +265,7 @@ public class OneTimeAuthManager {
      * @param token The token to invalidate.
      */
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM)
     @Transactional(Transactional.TxType.REQUIRED)
     public void invalidate(final OneTimeAuthToken token) {
         if (token == null) {

ccm-core/src/main/java/org/libreccm/security/PartyRepository.java

@@ -77,7 +77,7 @@ public class PartyRepository extends AbstractEntityRepository<Long, Party> {
     }
 
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
     @Transactional(Transactional.TxType.REQUIRED)
     @Override
     public void save(final Party party) {
@@ -85,7 +85,7 @@ public class PartyRepository extends AbstractEntityRepository<Long, Party> {
     }
     
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
     @Transactional(Transactional.TxType.REQUIRED)
     @Override
     public void delete(final Party party) {

ccm-core/src/main/java/org/libreccm/security/PermissionManager.java

@@ -28,6 +28,13 @@ import javax.persistence.TypedQuery;
 import org.libreccm.core.CcmObject;
 import org.libreccm.core.CoreConstants;
 
+import java.lang.reflect.Field;
+import java.lang.reflect.Modifier;
+import java.util.Arrays;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import java.util.stream.Collectors;
+
 import javax.enterprise.context.RequestScoped;
 import javax.transaction.Transactional;
 
@@ -69,7 +76,7 @@ public class PermissionManager {
      * @param object    The object on which the privilege is granted.
      */
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
     @Transactional(Transactional.TxType.REQUIRED)
     public void grantPrivilege(final String privilege,
                                final Role grantee,
@@ -107,7 +114,7 @@ public class PermissionManager {
      * @param grantee   The role to which the privilege is granted.
      */
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
     @Transactional(Transactional.TxType.REQUIRED)
     public void grantPrivilege(final String privilege,
                                final Role grantee) {
@@ -140,7 +147,7 @@ public class PermissionManager {
      * @param object    The object on which the privilege was granted.
      */
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
     @Transactional(Transactional.TxType.REQUIRED)
     public void revokePrivilege(final String privilege,
                                 final Role grantee,
@@ -181,7 +188,7 @@ public class PermissionManager {
      * @param grantee   The role to which the privilege was granted.
      */
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
     @Transactional(Transactional.TxType.REQUIRED)
     public void revokePrivilege(final String privilege,
                                 final Role grantee) {
@@ -218,7 +225,7 @@ public class PermissionManager {
      * @param target
      */
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
     @Transactional(Transactional.TxType.REQUIRED)
     public void copyPermissions(final CcmObject source,
                                 final CcmObject target) {
@@ -244,6 +251,25 @@ public class PermissionManager {
         }
     }
 
+    public List<String> listDefiniedPrivileges(final Class<?> clazz) {
+        return Arrays.stream(clazz.getDeclaredFields())
+            .filter(field -> Modifier.isStatic(field.getModifiers())
+                                 && Modifier.isFinal(field.getModifiers()))
+            .filter(field -> field.getName().startsWith("PRIVILEGE_")
+                                 || clazz.getSimpleName().endsWith("Privileges"))
+            .map(field -> getPrivilegeString(field))
+            .sorted()
+            .collect(Collectors.toList());
+    }
+
+    private String getPrivilegeString(final Field field) {
+        try {
+            return (String) field.get(null);
+        } catch (IllegalArgumentException | IllegalAccessException ex) {
+            throw new RuntimeException(ex);
+        }
+    }
+
     /**
      * Checks if a permission granting the provided {@code privilege} on the
      * provided {@code object} to the provided {@code role} exists.

ccm-core/src/main/java/org/libreccm/security/RegistrationManager.java

@@ -82,7 +82,7 @@ public class RegistrationManager {
      * @throws IllegalArgumentException If the provided {@code user} is
      */
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.SYSTEM_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_SYSTEM)
     public void registerUser(final String userName,
                              final String familyName,
                              final String givenName,

ccm-core/src/main/java/org/libreccm/security/RoleManager.java

@@ -56,7 +56,7 @@ public class RoleManager {
      * @param party The party which to which to role is assigned.
      */
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
     @Transactional(Transactional.TxType.REQUIRED)
     public void assignRoleToParty(final Role role, final Party party) {
         if (role == null) {
@@ -92,7 +92,7 @@ public class RoleManager {
      * @param party
      */
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
     @Transactional(Transactional.TxType.REQUIRED)
     public void removeRoleFromParty(final Role role, final Party party) {
         if (role == null) {

ccm-core/src/main/java/org/libreccm/security/RoleRepository.java

@@ -142,7 +142,7 @@ public class RoleRepository extends AbstractEntityRepository<Long, Role> {
     }
 
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
     @Transactional(Transactional.TxType.REQUIRED)
     @Override
     public void save(final Role role) {
@@ -150,7 +150,7 @@ public class RoleRepository extends AbstractEntityRepository<Long, Role> {
     }
 
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
     @Override
     @Transactional(Transactional.TxType.REQUIRED)
     public void delete(final Role role) {

ccm-core/src/main/java/org/libreccm/security/UserManager.java

@@ -82,7 +82,7 @@ public class UserManager {
      * @return The new user.
      */
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
     @ValidateOnExecution
     @Transactional(Transactional.TxType.REQUIRED)
     public User createUser(final String givenName,
@@ -142,7 +142,7 @@ public class UserManager {
             user.setPassword(hashPassword(newPassword));
             shiro.getSystemUser().execute(() -> userRepository.save(user));
         } else {
-            permissionChecker.checkPermission(CoreConstants.ADMIN_PRIVILEGE);
+            permissionChecker.checkPermission(CoreConstants.PRIVILEGE_ADMIN);
             user.setPassword(hashPassword(newPassword));
             shiro.getSystemUser().execute(() -> userRepository.save(user));
         }

ccm-core/src/main/java/org/libreccm/security/UserRepository.java

@@ -162,7 +162,7 @@ public class UserRepository extends AbstractEntityRepository<Long, User> {
     }
 
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
     @Transactional(Transactional.TxType.REQUIRED)
     @Override
     public void save(final User entity) {
@@ -170,7 +170,7 @@ public class UserRepository extends AbstractEntityRepository<Long, User> {
     }
      
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
     @Transactional(Transactional.TxType.REQUIRED)
     @Override
     public void delete(final User entity) {

ccm-core/src/main/java/org/libreccm/web/ApplicationManager.java

@@ -86,7 +86,7 @@ public class ApplicationManager {
     }
 
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
     @Transactional(Transactional.TxType.REQUIRED)
     public <T extends CcmApplication> T createInstance(
         final ApplicationType type,
@@ -103,7 +103,7 @@ public class ApplicationManager {
     }
 
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
     @Transactional(Transactional.TxType.REQUIRED)
     public void deleteInstance(final CcmApplication application) {
         entityManager.remove(application);

ccm-core/src/main/java/org/libreccm/web/ApplicationRepository.java

@@ -88,7 +88,7 @@ public class ApplicationRepository
     }
     
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
     @Transactional(Transactional.TxType.REQUIRED)
     @Override
     public void save(final CcmApplication application) {
@@ -96,7 +96,7 @@ public class ApplicationRepository
     }
     
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
     @Transactional(Transactional.TxType.REQUIRED)
     @Override
     public void delete(final CcmApplication application) {

ccm-core/src/main/java/org/libreccm/workflow/WorkflowManager.java

@@ -67,7 +67,7 @@ public class WorkflowManager {
     private Shiro shiro;
 
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
     @Transactional(Transactional.TxType.REQUIRED)
     public Workflow createWorkflow(final WorkflowTemplate template) {
         final Workflow workflow = new Workflow();
@@ -169,7 +169,7 @@ public class WorkflowManager {
     }
 
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
     @Transactional(Transactional.TxType.REQUIRED)
     public void addTask(final Workflow workflow, final Task task) {
         workflow.addTask(task);
@@ -180,7 +180,7 @@ public class WorkflowManager {
     }
 
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
     @Transactional(Transactional.TxType.REQUIRED)
     public void removeTask(final Workflow workflow, final Task task) {
         workflow.removeTask(task);
@@ -191,7 +191,7 @@ public class WorkflowManager {
     }
 
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
     @Transactional(Transactional.TxType.REQUIRED)
     public void assignTask(final UserTask task, final Role role) {
         final TaskAssignment assignment = new TaskAssignment();
@@ -207,7 +207,7 @@ public class WorkflowManager {
     }
 
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
     @Transactional(Transactional.TxType.REQUIRED)
     public void retractTask(final UserTask task, final Role role) {
         final List<TaskAssignment> result = task.getAssignments().stream()
@@ -223,7 +223,7 @@ public class WorkflowManager {
     }
 
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
     @Transactional(Transactional.TxType.REQUIRED)
     public void addDependentTask(final Task parent, final Task task) {
         parent.addDependentTask(task);
@@ -234,7 +234,7 @@ public class WorkflowManager {
     }
 
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
     @Transactional(Transactional.TxType.REQUIRED)
     public void removeDependentTask(final Task parent, final Task task) {
         parent.removeDependentTask(task);
@@ -245,7 +245,7 @@ public class WorkflowManager {
     }
 
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
     @Transactional(Transactional.TxType.REQUIRED)
     public void lockTask(final UserTask task) {
         task.setLocked(true);
@@ -255,7 +255,7 @@ public class WorkflowManager {
     }
 
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
     @Transactional(Transactional.TxType.REQUIRED)
     public void unlockTask(final UserTask task) {
         task.setLocked(false);
@@ -265,7 +265,7 @@ public class WorkflowManager {
     }
 
     @AuthorizationRequired
-    @RequiresPrivilege(CoreConstants.ADMIN_PRIVILEGE)
+    @RequiresPrivilege(CoreConstants.PRIVILEGE_ADMIN)
     @Transactional(Transactional.TxType.REQUIRED)
     public List<UserTask> lockedBy(final User user) {
         final TypedQuery<UserTask> query = entityManager.createNamedQuery(

ccm-core/src/test/java/org/libreccm/security/PermissionManagerTest.java

@@ -42,14 +42,19 @@ import org.libreccm.core.CcmObject;
 import org.libreccm.core.CcmObjectRepository;
 import org.libreccm.tests.categories.IntegrationTest;
 
-
 import javax.inject.Inject;
 import javax.persistence.EntityManager;
 
 import static org.hamcrest.Matchers.*;
 import static org.junit.Assert.*;
+
 import static org.libreccm.testutils.DependenciesHelpers.*;
 
+import org.libreccm.categorization.CategorizationConstants;
+import org.libreccm.core.CoreConstants;
+
+import java.util.List;
+
 /**
  *
  * @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
@@ -501,8 +506,7 @@ public class PermissionManagerTest {
         }
     }
 
-    @Test(expected
+    @Test(expected = IllegalArgumentException.class)
-              = IllegalArgumentException.class)
     @UsingDataSet(
         "datasets/org/libreccm/security/PermissionManagerTest/data.yml")
     @ShouldThrowException(IllegalArgumentException.class)
@@ -518,4 +522,34 @@ public class PermissionManagerTest {
         }
     }
 
+    /**
+     * Verifies if
+     * {@link PermissionManager#listDefiniedPrivileges(java.lang.Class)} returns
+     * the expected value.
+     */
+    @Test
+    @InSequence(500)
+    public void verifyListPrivileges() {
+
+        final List<String> corePrivileges = permissionManager
+            .listDefiniedPrivileges(CoreConstants.class);
+        final List<String> catPrivileges = permissionManager
+            .listDefiniedPrivileges(CategorizationConstants.class);
+
+        assertThat(corePrivileges, is(not(nullValue())));
+        assertThat(corePrivileges.isEmpty(), is(false));
+        assertThat(corePrivileges.size(), is(2));
+        assertThat(corePrivileges, contains(CoreConstants.PRIVILEGE_ADMIN,
+                                            CoreConstants.PRIVILEGE_SYSTEM));
+
+        assertThat(catPrivileges, is(not(nullValue())));
+        assertThat(catPrivileges.isEmpty(), is(false));
+        assertThat(catPrivileges.size(), is(3));
+        assertThat(catPrivileges,
+                   contains(CategorizationConstants.PRIVILEGE_MANAGE_CATEGORY,
+                            CategorizationConstants.PRIVILEGE_MANAGE_CATEGORY_OBJECTS,
+                            CategorizationConstants.PRIVILEGE_MANAGE_DOMAINS));
+
+    }
+
 }