%line | %branch | |||||||||
---|---|---|---|---|---|---|---|---|---|---|
org.apache.turbine.services.security.db.DBSecurityService |
|
|
1 | package org.apache.turbine.services.security.db; |
|
2 | ||
3 | /* |
|
4 | * Copyright 2001-2005 The Apache Software Foundation. |
|
5 | * |
|
6 | * Licensed under the Apache License, Version 2.0 (the "License") |
|
7 | * you may not use this file except in compliance with the License. |
|
8 | * You may obtain a copy of the License at |
|
9 | * |
|
10 | * http://www.apache.org/licenses/LICENSE-2.0 |
|
11 | * |
|
12 | * Unless required by applicable law or agreed to in writing, software |
|
13 | * distributed under the License is distributed on an "AS IS" BASIS, |
|
14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
15 | * See the License for the specific language governing permissions and |
|
16 | * limitations under the License. |
|
17 | */ |
|
18 | ||
19 | import java.util.ArrayList; |
|
20 | import java.util.Hashtable; |
|
21 | import java.util.Iterator; |
|
22 | import java.util.List; |
|
23 | import java.util.Vector; |
|
24 | ||
25 | import org.apache.commons.lang.StringUtils; |
|
26 | import org.apache.commons.logging.Log; |
|
27 | import org.apache.commons.logging.LogFactory; |
|
28 | import org.apache.torque.om.BaseObject; |
|
29 | import org.apache.torque.util.Criteria; |
|
30 | import org.apache.turbine.om.security.Group; |
|
31 | import org.apache.turbine.om.security.Permission; |
|
32 | import org.apache.turbine.om.security.Role; |
|
33 | import org.apache.turbine.om.security.User; |
|
34 | import org.apache.turbine.om.security.peer.GroupPeer; |
|
35 | import org.apache.turbine.om.security.peer.PermissionPeer; |
|
36 | import org.apache.turbine.om.security.peer.RolePeer; |
|
37 | import org.apache.turbine.om.security.peer.RolePermissionPeer; |
|
38 | import org.apache.turbine.om.security.peer.UserGroupRolePeer; |
|
39 | import org.apache.turbine.om.security.peer.UserPeer; |
|
40 | import org.apache.turbine.services.security.BaseSecurityService; |
|
41 | import org.apache.turbine.services.security.TurbineSecurity; |
|
42 | import org.apache.turbine.util.security.AccessControlList; |
|
43 | import org.apache.turbine.util.security.DataBackendException; |
|
44 | import org.apache.turbine.util.security.EntityExistsException; |
|
45 | import org.apache.turbine.util.security.GroupSet; |
|
46 | import org.apache.turbine.util.security.PermissionSet; |
|
47 | import org.apache.turbine.util.security.RoleSet; |
|
48 | import org.apache.turbine.util.security.UnknownEntityException; |
|
49 | ||
50 | /** |
|
51 | * An implementation of SecurityService that uses a database as backend. |
|
52 | * |
|
53 | * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a> |
|
54 | * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a> |
|
55 | * @author <a href="mailto:marco@intermeta.de">Marco Knüttel</a> |
|
56 | * @version $Id: DBSecurityService.java 264148 2005-08-29 14:21:04Z henning $ |
|
57 | */ |
|
58 | 3 | public class DBSecurityService |
59 | extends BaseSecurityService |
|
60 | { |
|
61 | /** Logging */ |
|
62 | 3 | private static Log log = LogFactory.getLog(DBSecurityService.class); |
63 | ||
64 | /** |
|
65 | * The key within services's properties for user implementation |
|
66 | * classname (user.class) - Leandro |
|
67 | */ |
|
68 | public static final String USER_PEER_CLASS_KEY = "userPeer.class"; |
|
69 | ||
70 | /** |
|
71 | * The default implementation of User interface |
|
72 | * (org.apache.turbine.om.security.DBUser) |
|
73 | */ |
|
74 | public static final String USER_PEER_CLASS_DEFAULT = |
|
75 | "org.apache.turbine.om.security.peer.TurbineUserPeer"; |
|
76 | ||
77 | /*----------------------------------------------------------------------- |
|
78 | Creation of AccessControlLists |
|
79 | -----------------------------------------------------------------------*/ |
|
80 | ||
81 | /** |
|
82 | * Constructs an AccessControlList for a specific user. |
|
83 | * |
|
84 | * This method creates a snapshot of the state of security information |
|
85 | * concerning this user, at the moment of invocation and stores it |
|
86 | * into an AccessControlList object. |
|
87 | * |
|
88 | * @param user the user for whom the AccessControlList are to be retrieved |
|
89 | * @return A new AccessControlList object. |
|
90 | * @throws DataBackendException if there was an error accessing the data |
|
91 | * backend. |
|
92 | * @throws UnknownEntityException if user account is not present. |
|
93 | */ |
|
94 | public AccessControlList getACL(User user) |
|
95 | throws DataBackendException, UnknownEntityException |
|
96 | { |
|
97 | 0 | if (!TurbineSecurity.accountExists(user)) |
98 | { |
|
99 | 0 | throw new UnknownEntityException("The account '" |
100 | + user.getName() + "' does not exist"); |
|
101 | } |
|
102 | try |
|
103 | { |
|
104 | 0 | Hashtable roles = new Hashtable(); |
105 | 0 | Hashtable permissions = new Hashtable(); |
106 | // notify the state modifiers (writers) that we want to create |
|
107 | // the snapshot. |
|
108 | 0 | lockShared(); |
109 | ||
110 | // construct the snapshot: |
|
111 | ||
112 | // foreach group in the system |
|
113 | 0 | for (Iterator groupsIterator = getAllGroups().iterator(); |
114 | 0 | groupsIterator.hasNext();) |
115 | { |
|
116 | 0 | Group group = (Group) groupsIterator.next(); |
117 | // get roles of user in the group |
|
118 | 0 | RoleSet groupRoles = RolePeer.retrieveSet(user, group); |
119 | // put the Set into roles(group) |
|
120 | 0 | roles.put(group, groupRoles); |
121 | // collect all permissions in this group |
|
122 | 0 | PermissionSet groupPermissions = new PermissionSet(); |
123 | // foreach role in Set |
|
124 | 0 | for (Iterator rolesIterator = groupRoles.iterator(); |
125 | 0 | rolesIterator.hasNext();) |
126 | { |
|
127 | 0 | Role role = (Role) rolesIterator.next(); |
128 | // get permissions of the role |
|
129 | 0 | PermissionSet rolePermissions |
130 | = PermissionPeer.retrieveSet(role); |
|
131 | 0 | groupPermissions.add(rolePermissions); |
132 | } |
|
133 | // put the Set into permissions(group) |
|
134 | 0 | permissions.put(group, groupPermissions); |
135 | } |
|
136 | 0 | return getAclInstance(roles, permissions); |
137 | } |
|
138 | 0 | catch (Exception e) |
139 | { |
|
140 | 0 | throw new DataBackendException("Failed to build ACL for user '" |
141 | + user.getName() + "'", e); |
|
142 | } |
|
143 | finally |
|
144 | { |
|
145 | // notify the state modifiers that we are done creating the snapshot |
|
146 | 0 | unlockShared(); |
147 | } |
|
148 | } |
|
149 | ||
150 | /*----------------------------------------------------------------------- |
|
151 | Security management |
|
152 | -----------------------------------------------------------------------*/ |
|
153 | ||
154 | /** |
|
155 | * Grant an User a Role in a Group. |
|
156 | * |
|
157 | * @param user the user. |
|
158 | * @param group the group. |
|
159 | * @param role the role. |
|
160 | * @throws DataBackendException if there was an error accessing the data |
|
161 | * backend. |
|
162 | * @throws UnknownEntityException if user account, group or role is not |
|
163 | * present. |
|
164 | */ |
|
165 | public synchronized void grant(User user, Group group, Role role) |
|
166 | throws DataBackendException, UnknownEntityException |
|
167 | { |
|
168 | 0 | boolean userExists = false; |
169 | 0 | boolean groupExists = false; |
170 | 0 | boolean roleExists = false; |
171 | try |
|
172 | { |
|
173 | 0 | lockExclusive(); |
174 | 0 | userExists = TurbineSecurity.accountExists(user); |
175 | 0 | groupExists = checkExists(group); |
176 | 0 | roleExists = checkExists(role); |
177 | 0 | if (userExists && groupExists && roleExists) |
178 | { |
|
179 | 0 | Criteria criteria = new Criteria(); |
180 | 0 | criteria.add(UserGroupRolePeer.USER_ID, |
181 | ((BaseObject) user).getPrimaryKey()); |
|
182 | 0 | criteria.add(UserGroupRolePeer.GROUP_ID, |
183 | ((BaseObject) group).getPrimaryKey()); |
|
184 | 0 | criteria.add(UserGroupRolePeer.ROLE_ID, |
185 | ((BaseObject) role).getPrimaryKey()); |
|
186 | 0 | UserGroupRolePeer.doInsert(criteria); |
187 | return; |
|
188 | } |
|
189 | } |
|
190 | 0 | catch (Exception e) |
191 | { |
|
192 | 0 | throw new DataBackendException("grant(User,Group,Role) failed", e); |
193 | } |
|
194 | finally |
|
195 | { |
|
196 | 0 | unlockExclusive(); |
197 | 0 | } |
198 | 0 | if (!userExists) |
199 | { |
|
200 | 0 | throw new UnknownEntityException("Unknown user '" |
201 | + user.getName() + "'"); |
|
202 | } |
|
203 | 0 | if (!groupExists) |
204 | { |
|
205 | 0 | throw new UnknownEntityException("Unknown group '" |
206 | + group.getName() + "'"); |
|
207 | } |
|
208 | 0 | if (!roleExists) |
209 | { |
|
210 | 0 | throw new UnknownEntityException("Unknown role '" |
211 | + role.getName() + "'"); |
|
212 | } |
|
213 | 0 | } |
214 | ||
215 | /** |
|
216 | * Revoke a Role in a Group from an User. |
|
217 | * |
|
218 | * @param user the user. |
|
219 | * @param group the group. |
|
220 | * @param role the role. |
|
221 | * @throws DataBackendException if there was an error accessing the data |
|
222 | * backend. |
|
223 | * @throws UnknownEntityException if user account, group or role is not |
|
224 | * present. |
|
225 | */ |
|
226 | public synchronized void revoke(User user, Group group, Role role) |
|
227 | throws DataBackendException, UnknownEntityException |
|
228 | { |
|
229 | 0 | boolean userExists = false; |
230 | 0 | boolean groupExists = false; |
231 | 0 | boolean roleExists = false; |
232 | try |
|
233 | { |
|
234 | 0 | lockExclusive(); |
235 | 0 | userExists = TurbineSecurity.accountExists(user); |
236 | 0 | groupExists = checkExists(group); |
237 | 0 | roleExists = checkExists(role); |
238 | 0 | if (userExists && groupExists && roleExists) |
239 | { |
|
240 | 0 | Criteria criteria = new Criteria(); |
241 | 0 | criteria.add(UserGroupRolePeer.USER_ID, |
242 | ((BaseObject) user).getPrimaryKey()); |
|
243 | 0 | criteria.add(UserGroupRolePeer.GROUP_ID, |
244 | ((BaseObject) group).getPrimaryKey()); |
|
245 | 0 | criteria.add(UserGroupRolePeer.ROLE_ID, |
246 | ((BaseObject) role).getPrimaryKey()); |
|
247 | 0 | UserGroupRolePeer.doDelete(criteria); |
248 | return; |
|
249 | } |
|
250 | } |
|
251 | 0 | catch (Exception e) |
252 | { |
|
253 | 0 | throw new DataBackendException("revoke(User,Role,Group) failed", e); |
254 | } |
|
255 | finally |
|
256 | { |
|
257 | 0 | unlockExclusive(); |
258 | 0 | } |
259 | 0 | if (!userExists) |
260 | { |
|
261 | 0 | throw new UnknownEntityException("Unknown user '" |
262 | + user.getName() + "'"); |
|
263 | } |
|
264 | 0 | if (!groupExists) |
265 | { |
|
266 | 0 | throw new UnknownEntityException("Unknown group '" |
267 | + group.getName() + "'"); |
|
268 | } |
|
269 | 0 | if (!roleExists) |
270 | { |
|
271 | 0 | throw new UnknownEntityException("Unknown role '" |
272 | + role.getName() + "'"); |
|
273 | } |
|
274 | 0 | } |
275 | ||
276 | /** |
|
277 | * Revokes all roles from an User. |
|
278 | * |
|
279 | * This method is used when deleting an account. |
|
280 | * |
|
281 | * @param user the User. |
|
282 | * @throws DataBackendException if there was an error accessing the data |
|
283 | * backend. |
|
284 | * @throws UnknownEntityException if the account is not present. |
|
285 | */ |
|
286 | public synchronized void revokeAll(User user) |
|
287 | throws DataBackendException, UnknownEntityException |
|
288 | { |
|
289 | 0 | boolean userExists = false; |
290 | try |
|
291 | { |
|
292 | 0 | lockExclusive(); |
293 | 0 | userExists = TurbineSecurity.accountExists(user); |
294 | 0 | if (userExists) |
295 | { |
|
296 | 0 | Criteria criteria = new Criteria(); |
297 | 0 | criteria.add(UserGroupRolePeer.USER_ID, |
298 | ((BaseObject) user).getPrimaryKey()); |
|
299 | 0 | UserGroupRolePeer.doDelete(criteria); |
300 | return; |
|
301 | } |
|
302 | } |
|
303 | 0 | catch (Exception e) |
304 | { |
|
305 | 0 | throw new DataBackendException("revokeAll(User) failed", e); |
306 | } |
|
307 | finally |
|
308 | { |
|
309 | 0 | unlockExclusive(); |
310 | 0 | } |
311 | 0 | throw new UnknownEntityException("Unknown user '" |
312 | + user.getName() + "'"); |
|
313 | } |
|
314 | ||
315 | /** |
|
316 | * Grants a Role a Permission |
|
317 | * |
|
318 | * @param role the Role. |
|
319 | * @param permission the Permission. |
|
320 | * @throws DataBackendException if there was an error accessing the data |
|
321 | * backend. |
|
322 | * @throws UnknownEntityException if role or permission is not present. |
|
323 | */ |
|
324 | public synchronized void grant(Role role, Permission permission) |
|
325 | throws DataBackendException, UnknownEntityException |
|
326 | { |
|
327 | 0 | boolean roleExists = false; |
328 | 0 | boolean permissionExists = false; |
329 | try |
|
330 | { |
|
331 | 0 | lockExclusive(); |
332 | 0 | roleExists = checkExists(role); |
333 | 0 | permissionExists = checkExists(permission); |
334 | 0 | if (roleExists && permissionExists) |
335 | { |
|
336 | 0 | Criteria criteria = new Criteria(); |
337 | 0 | criteria.add(RolePermissionPeer.ROLE_ID, |
338 | ((BaseObject) role).getPrimaryKey()); |
|
339 | 0 | criteria.add(RolePermissionPeer.PERMISSION_ID, |
340 | ((BaseObject) permission).getPrimaryKey()); |
|
341 | 0 | UserGroupRolePeer.doInsert(criteria); |
342 | return; |
|
343 | } |
|
344 | } |
|
345 | 0 | catch (Exception e) |
346 | { |
|
347 | 0 | throw new DataBackendException("grant(Role,Permission) failed", e); |
348 | } |
|
349 | finally |
|
350 | { |
|
351 | 0 | unlockExclusive(); |
352 | 0 | } |
353 | 0 | if (!roleExists) |
354 | { |
|
355 | 0 | throw new UnknownEntityException("Unknown role '" |
356 | + role.getName() + "'"); |
|
357 | } |
|
358 | 0 | if (!permissionExists) |
359 | { |
|
360 | 0 | throw new UnknownEntityException("Unknown permission '" |
361 | + permission.getName() + "'"); |
|
362 | } |
|
363 | 0 | } |
364 | ||
365 | /** |
|
366 | * Revokes a Permission from a Role. |
|
367 | * |
|
368 | * @param role the Role. |
|
369 | * @param permission the Permission. |
|
370 | * @throws DataBackendException if there was an error accessing the data |
|
371 | * backend. |
|
372 | * @throws UnknownEntityException if role or permission is not present. |
|
373 | */ |
|
374 | public synchronized void revoke(Role role, Permission permission) |
|
375 | throws DataBackendException, UnknownEntityException |
|
376 | { |
|
377 | 0 | boolean roleExists = false; |
378 | 0 | boolean permissionExists = false; |
379 | try |
|
380 | { |
|
381 | 0 | lockExclusive(); |
382 | 0 | roleExists = checkExists(role); |
383 | 0 | permissionExists = checkExists(permission); |
384 | 0 | if (roleExists && permissionExists) |
385 | { |
|
386 | 0 | Criteria criteria = new Criteria(); |
387 | 0 | criteria.add(RolePermissionPeer.ROLE_ID, |
388 | ((BaseObject) role).getPrimaryKey()); |
|
389 | 0 | criteria.add(RolePermissionPeer.PERMISSION_ID, |
390 | ((BaseObject) permission).getPrimaryKey()); |
|
391 | 0 | RolePermissionPeer.doDelete(criteria); |
392 | return; |
|
393 | } |
|
394 | } |
|
395 | 0 | catch (Exception e) |
396 | { |
|
397 | 0 | throw new DataBackendException("revoke(Role,Permission) failed", e); |
398 | } |
|
399 | finally |
|
400 | { |
|
401 | 0 | unlockExclusive(); |
402 | 0 | } |
403 | 0 | if (!roleExists) |
404 | { |
|
405 | 0 | throw new UnknownEntityException("Unknown role '" |
406 | + role.getName() + "'"); |
|
407 | } |
|
408 | 0 | if (!permissionExists) |
409 | { |
|
410 | 0 | throw new UnknownEntityException("Unknown permission '" |
411 | + permission.getName() + "'"); |
|
412 | } |
|
413 | 0 | } |
414 | ||
415 | /** |
|
416 | * Revokes all permissions from a Role. |
|
417 | * |
|
418 | * This method is user when deleting a Role. |
|
419 | * |
|
420 | * @param role the Role |
|
421 | * @throws DataBackendException if there was an error accessing the data |
|
422 | * backend. |
|
423 | * @throws UnknownEntityException if the Role is not present. |
|
424 | */ |
|
425 | public synchronized void revokeAll(Role role) |
|
426 | throws DataBackendException, UnknownEntityException |
|
427 | { |
|
428 | 0 | boolean roleExists = false; |
429 | try |
|
430 | { |
|
431 | 0 | lockExclusive(); |
432 | 0 | roleExists = checkExists(role); |
433 | 0 | if (roleExists) |
434 | { |
|
435 | 0 | Criteria criteria = new Criteria(); |
436 | 0 | criteria.add(RolePermissionPeer.ROLE_ID, |
437 | ((BaseObject) role).getPrimaryKey()); |
|
438 | 0 | RolePermissionPeer.doDelete(criteria); |
439 | ||
440 | return; |
|
441 | } |
|
442 | } |
|
443 | 0 | catch (Exception e) |
444 | { |
|
445 | 0 | throw new DataBackendException("revokeAll(Role) failed", e); |
446 | } |
|
447 | finally |
|
448 | { |
|
449 | 0 | unlockExclusive(); |
450 | 0 | } |
451 | 0 | throw new UnknownEntityException("Unknown role '" |
452 | + role.getName() + "'"); |
|
453 | } |
|
454 | ||
455 | /*----------------------------------------------------------------------- |
|
456 | Group/Role/Permission management |
|
457 | -----------------------------------------------------------------------*/ |
|
458 | ||
459 | /** |
|
460 | * Retrieve a set of Groups that meet the specified Criteria. |
|
461 | * |
|
462 | * @param criteria A Criteria of Group selection. |
|
463 | * @return a set of Groups that meet the specified Criteria. |
|
464 | * @throws DataBackendException if there was an error accessing the data |
|
465 | * backend. |
|
466 | */ |
|
467 | public GroupSet getGroups(Criteria criteria) |
|
468 | throws DataBackendException |
|
469 | { |
|
470 | 0 | Criteria dbCriteria = new Criteria(); |
471 | 0 | Iterator keys = criteria.keySet().iterator(); |
472 | 0 | while (keys.hasNext()) |
473 | { |
|
474 | 0 | String key = (String) keys.next(); |
475 | 0 | dbCriteria.put(GroupPeer.getColumnName(key), criteria.get(key)); |
476 | } |
|
477 | 0 | List groups = new ArrayList(0); |
478 | try |
|
479 | { |
|
480 | 0 | groups = GroupPeer.doSelect(criteria); |
481 | } |
|
482 | 0 | catch (Exception e) |
483 | { |
|
484 | 0 | throw new DataBackendException("getGroups(Criteria) failed", e); |
485 | 0 | } |
486 | 0 | return new GroupSet(groups); |
487 | } |
|
488 | ||
489 | /** |
|
490 | * Retrieve a set of Roles that meet the specified Criteria. |
|
491 | * |
|
492 | * @param criteria A Criteria of Roles selection. |
|
493 | * @return a set of Roles that meet the specified Criteria. |
|
494 | * @throws DataBackendException if there was an error accessing the data |
|
495 | * backend. |
|
496 | */ |
|
497 | public RoleSet getRoles(Criteria criteria) |
|
498 | throws DataBackendException |
|
499 | { |
|
500 | 0 | Criteria dbCriteria = new Criteria(); |
501 | 0 | Iterator keys = criteria.keySet().iterator(); |
502 | 0 | while (keys.hasNext()) |
503 | { |
|
504 | 0 | String key = (String) keys.next(); |
505 | 0 | dbCriteria.put(RolePeer.getColumnName(key), criteria.get(key)); |
506 | } |
|
507 | 0 | List roles = new ArrayList(0); |
508 | try |
|
509 | { |
|
510 | 0 | roles = RolePeer.doSelect(criteria); |
511 | } |
|
512 | 0 | catch (Exception e) |
513 | { |
|
514 | 0 | throw new DataBackendException("getRoles(Criteria) failed", e); |
515 | 0 | } |
516 | 0 | return new RoleSet(roles); |
517 | } |
|
518 | ||
519 | /** |
|
520 | * Retrieve a set of Permissions that meet the specified Criteria. |
|
521 | * |
|
522 | * @param criteria A Criteria of Permissions selection. |
|
523 | * @return a set of Permissions that meet the specified Criteria. |
|
524 | * @throws DataBackendException if there was an error accessing the data |
|
525 | * backend. |
|
526 | */ |
|
527 | public PermissionSet getPermissions(Criteria criteria) |
|
528 | throws DataBackendException |
|
529 | { |
|
530 | 0 | Criteria dbCriteria = new Criteria(); |
531 | 0 | Iterator keys = criteria.keySet().iterator(); |
532 | 0 | while (keys.hasNext()) |
533 | { |
|
534 | 0 | String key = (String) keys.next(); |
535 | 0 | dbCriteria.put(PermissionPeer.getColumnName(key), |
536 | criteria.get(key)); |
|
537 | } |
|
538 | 0 | List permissions = new Vector(0); |
539 | try |
|
540 | { |
|
541 | 0 | permissions = PermissionPeer.doSelect(criteria); |
542 | } |
|
543 | 0 | catch (Exception e) |
544 | { |
|
545 | 0 | throw new DataBackendException( |
546 | "getPermissions(Criteria) failed", e); |
|
547 | 0 | } |
548 | 0 | return new PermissionSet(permissions); |
549 | } |
|
550 | ||
551 | /** |
|
552 | * Retrieves all permissions associated with a role. |
|
553 | * |
|
554 | * @param role the role name, for which the permissions are to be retrieved. |
|
555 | * @return A Permission set for the Role. |
|
556 | * @throws DataBackendException if there was an error accessing the data |
|
557 | * backend. |
|
558 | * @throws UnknownEntityException if the role is not present. |
|
559 | */ |
|
560 | public PermissionSet getPermissions(Role role) |
|
561 | throws DataBackendException, UnknownEntityException |
|
562 | { |
|
563 | 0 | boolean roleExists = false; |
564 | try |
|
565 | { |
|
566 | 0 | lockShared(); |
567 | 0 | roleExists = checkExists(role); |
568 | 0 | if (roleExists) |
569 | { |
|
570 | 0 | return PermissionPeer.retrieveSet(role); |
571 | } |
|
572 | } |
|
573 | 0 | catch (Exception e) |
574 | { |
|
575 | 0 | throw new DataBackendException("getPermissions(Role) failed", e); |
576 | } |
|
577 | finally |
|
578 | { |
|
579 | 0 | unlockShared(); |
580 | 0 | } |
581 | 0 | throw new UnknownEntityException("Unknown role '" |
582 | + role.getName() + "'"); |
|
583 | } |
|
584 | ||
585 | /** |
|
586 | * Stores Group's attributes. The Groups is required to exist in the system. |
|
587 | * |
|
588 | * @param group The Group to be stored. |
|
589 | * @throws DataBackendException if there was an error accessing the data |
|
590 | * backend. |
|
591 | * @throws UnknownEntityException if the group does not exist. |
|
592 | */ |
|
593 | public void saveGroup(Group group) |
|
594 | throws DataBackendException, UnknownEntityException |
|
595 | { |
|
596 | 0 | boolean groupExists = false; |
597 | try |
|
598 | { |
|
599 | 0 | groupExists = checkExists(group); |
600 | 0 | if (groupExists) |
601 | { |
|
602 | 0 | Criteria criteria = GroupPeer.buildCriteria(group); |
603 | 0 | GroupPeer.doUpdate(criteria); |
604 | 0 | return; |
605 | } |
|
606 | } |
|
607 | 0 | catch (Exception e) |
608 | { |
|
609 | 0 | throw new DataBackendException("saveGroup(Group) failed", e); |
610 | 0 | } |
611 | 0 | throw new UnknownEntityException("Unknown group '" + group + "'"); |
612 | } |
|
613 | ||
614 | /** |
|
615 | * Stores Role's attributes. The Roles is required to exist in the system. |
|
616 | * |
|
617 | * @param role The Role to be stored. |
|
618 | * @throws DataBackendException if there was an error accessing the data |
|
619 | * backend. |
|
620 | * @throws UnknownEntityException if the role does not exist. |
|
621 | */ |
|
622 | public void saveRole(Role role) |
|
623 | throws DataBackendException, UnknownEntityException |
|
624 | { |
|
625 | 0 | boolean roleExists = false; |
626 | try |
|
627 | { |
|
628 | 0 | roleExists = checkExists(role); |
629 | 0 | if (roleExists) |
630 | { |
|
631 | 0 | Criteria criteria = RolePeer.buildCriteria(role); |
632 | 0 | RolePeer.doUpdate(criteria); |
633 | 0 | return; |
634 | } |
|
635 | } |
|
636 | 0 | catch (Exception e) |
637 | { |
|
638 | 0 | throw new DataBackendException("saveRole(Role) failed", e); |
639 | 0 | } |
640 | 0 | throw new UnknownEntityException("Unknown role '" + role + "'"); |
641 | } |
|
642 | ||
643 | /** |
|
644 | * Stores Permission's attributes. The Permissions is required to exist in |
|
645 | * the system. |
|
646 | * |
|
647 | * @param permission The Permission to be stored. |
|
648 | * @throws DataBackendException if there was an error accessing the data |
|
649 | * backend. |
|
650 | * @throws UnknownEntityException if the permission does not exist. |
|
651 | */ |
|
652 | public void savePermission(Permission permission) |
|
653 | throws DataBackendException, UnknownEntityException |
|
654 | { |
|
655 | 0 | boolean permissionExists = false; |
656 | try |
|
657 | { |
|
658 | 0 | permissionExists = checkExists(permission); |
659 | 0 | if (permissionExists) |
660 | { |
|
661 | 0 | Criteria criteria = PermissionPeer.buildCriteria(permission); |
662 | 0 | PermissionPeer.doUpdate(criteria); |
663 | 0 | return; |
664 | } |
|
665 | } |
|
666 | 0 | catch (Exception e) |
667 | { |
|
668 | 0 | throw new DataBackendException( |
669 | "savePermission(Permission) failed", e); |
|
670 | 0 | } |
671 | 0 | throw new UnknownEntityException("Unknown permission '" |
672 | + permission + "'"); |
|
673 | } |
|
674 | ||
675 | /** |
|
676 | * Creates a new group with specified attributes. |
|
677 | * |
|
678 | * @param group the object describing the group to be created. |
|
679 | * @return a new Group object that has id set up properly. |
|
680 | * @throws DataBackendException if there was an error accessing the data |
|
681 | * backend. |
|
682 | * @throws EntityExistsException if the group already exists. |
|
683 | */ |
|
684 | public synchronized Group addGroup(Group group) |
|
685 | throws DataBackendException, |
|
686 | EntityExistsException |
|
687 | { |
|
688 | 0 | boolean groupExists = false; |
689 | ||
690 | 0 | if (StringUtils.isEmpty(group.getName())) |
691 | { |
|
692 | 0 | throw new DataBackendException("Could not create " |
693 | + "a group with empty name!"); |
|
694 | } |
|
695 | ||
696 | try |
|
697 | { |
|
698 | 0 | lockExclusive(); |
699 | 0 | groupExists = checkExists(group); |
700 | 0 | if (!groupExists) |
701 | { |
|
702 | // add a row to the table |
|
703 | 0 | Criteria criteria = GroupPeer.buildCriteria(group); |
704 | 0 | GroupPeer.doInsert(criteria); |
705 | // try to get the object back using the name as key. |
|
706 | 0 | criteria = new Criteria(); |
707 | 0 | criteria.add(GroupPeer.NAME, |
708 | group.getName()); |
|
709 | 0 | List results = GroupPeer.doSelect(criteria); |
710 | 0 | if (results.size() != 1) |
711 | { |
|
712 | 0 | throw new DataBackendException( |
713 | "Internal error - query returned " |
|
714 | + results.size() + " rows"); |
|
715 | } |
|
716 | 0 | Group newGroup = (Group) results.get(0); |
717 | // add the group to system-wide cache |
|
718 | 0 | getAllGroups().add(newGroup); |
719 | // return the object with correct id |
|
720 | 0 | return newGroup; |
721 | } |
|
722 | } |
|
723 | 0 | catch (Exception e) |
724 | { |
|
725 | 0 | throw new DataBackendException("addGroup(Group) failed", e); |
726 | } |
|
727 | finally |
|
728 | { |
|
729 | 0 | unlockExclusive(); |
730 | 0 | } |
731 | // the only way we could get here without return/throw tirggered |
|
732 | // is that the groupExists was true. |
|
733 | 0 | throw new EntityExistsException("Group '" + group + "' already exists"); |
734 | } |
|
735 | ||
736 | /** |
|
737 | * Creates a new role with specified attributes. |
|
738 | * |
|
739 | * @param role the object describing the role to be created. |
|
740 | * @return a new Role object that has id set up properly. |
|
741 | * @throws DataBackendException if there was an error accessing the data |
|
742 | * backend. |
|
743 | * @throws EntityExistsException if the role already exists. |
|
744 | */ |
|
745 | public synchronized Role addRole(Role role) |
|
746 | throws DataBackendException, EntityExistsException |
|
747 | { |
|
748 | 0 | boolean roleExists = false; |
749 | ||
750 | 0 | if (StringUtils.isEmpty(role.getName())) |
751 | { |
|
752 | 0 | throw new DataBackendException("Could not create " |
753 | + "a role with empty name!"); |
|
754 | } |
|
755 | ||
756 | try |
|
757 | { |
|
758 | 0 | lockExclusive(); |
759 | 0 | roleExists = checkExists(role); |
760 | 0 | if (!roleExists) |
761 | { |
|
762 | // add a row to the table |
|
763 | 0 | Criteria criteria = RolePeer.buildCriteria(role); |
764 | 0 | RolePeer.doInsert(criteria); |
765 | // try to get the object back using the name as key. |
|
766 | 0 | criteria = new Criteria(); |
767 | 0 | criteria.add(RolePeer.NAME, role.getName()); |
768 | 0 | List results = RolePeer.doSelect(criteria); |
769 | 0 | if (results.size() != 1) |
770 | { |
|
771 | 0 | throw new DataBackendException( |
772 | "Internal error - query returned " |
|
773 | + results.size() + " rows"); |
|
774 | } |
|
775 | 0 | Role newRole = (Role) results.get(0); |
776 | // add the role to system-wide cache |
|
777 | 0 | getAllRoles().add(newRole); |
778 | // return the object with correct id |
|
779 | 0 | return newRole; |
780 | } |
|
781 | } |
|
782 | 0 | catch (Exception e) |
783 | { |
|
784 | 0 | throw new DataBackendException("addRole(Role) failed", e); |
785 | } |
|
786 | finally |
|
787 | { |
|
788 | 0 | unlockExclusive(); |
789 | 0 | } |
790 | // the only way we could get here without return/throw tirggered |
|
791 | // is that the roleExists was true. |
|
792 | 0 | throw new EntityExistsException("Role '" + role + "' already exists"); |
793 | } |
|
794 | ||
795 | /** |
|
796 | * Creates a new permission with specified attributes. |
|
797 | * |
|
798 | * @param permission the object describing the permission to be created. |
|
799 | * @return a new Permission object that has id set up properly. |
|
800 | * @throws DataBackendException if there was an error accessing the data |
|
801 | * backend. |
|
802 | * @throws EntityExistsException if the permission already exists. |
|
803 | */ |
|
804 | public synchronized Permission addPermission(Permission permission) |
|
805 | throws DataBackendException, EntityExistsException |
|
806 | { |
|
807 | 0 | boolean permissionExists = false; |
808 | ||
809 | 0 | if (StringUtils.isEmpty(permission.getName())) |
810 | { |
|
811 | 0 | throw new DataBackendException("Could not create " |
812 | + "a permission with empty name!"); |
|
813 | } |
|
814 | ||
815 | try |
|
816 | { |
|
817 | 0 | lockExclusive(); |
818 | 0 | permissionExists = checkExists(permission); |
819 | 0 | if (!permissionExists) |
820 | { |
|
821 | // add a row to the table |
|
822 | 0 | Criteria criteria = PermissionPeer.buildCriteria(permission); |
823 | 0 | PermissionPeer.doInsert(criteria); |
824 | // try to get the object back using the name as key. |
|
825 | 0 | criteria = new Criteria(); |
826 | 0 | criteria.add(PermissionPeer.NAME, |
827 | permission.getName()); |
|
828 | 0 | List results = PermissionPeer.doSelect(criteria); |
829 | 0 | if (results.size() != 1) |
830 | { |
|
831 | 0 | throw new DataBackendException( |
832 | "Internal error - query returned " |
|
833 | + results.size() + " rows"); |
|
834 | } |
|
835 | 0 | Permission newPermission = (Permission) results.get(0); |
836 | // add the permission to system-wide cache |
|
837 | 0 | getAllPermissions().add(newPermission); |
838 | // return the object with correct id |
|
839 | 0 | return newPermission; |
840 | } |
|
841 | } |
|
842 | 0 | catch (Exception e) |
843 | { |
|
844 | 0 | throw new DataBackendException( |
845 | "addPermission(Permission) failed", e); |
|
846 | } |
|
847 | finally |
|
848 | { |
|
849 | 0 | unlockExclusive(); |
850 | 0 | } |
851 | // the only way we could get here without return/throw tirggered |
|
852 | // is that the permissionExists was true. |
|
853 | 0 | throw new EntityExistsException("Permission '" + permission |
854 | + "' already exists"); |
|
855 | } |
|
856 | ||
857 | /** |
|
858 | * Removes a Group from the system. |
|
859 | * |
|
860 | * @param group The object describing the group to be removed. |
|
861 | * @throws DataBackendException if there was an error accessing the data |
|
862 | * backend. |
|
863 | * @throws UnknownEntityException if the group does not exist. |
|
864 | */ |
|
865 | public synchronized void removeGroup(Group group) |
|
866 | throws DataBackendException, UnknownEntityException |
|
867 | { |
|
868 | 0 | boolean groupExists = false; |
869 | try |
|
870 | { |
|
871 | 0 | lockExclusive(); |
872 | 0 | groupExists = checkExists(group); |
873 | 0 | if (groupExists) |
874 | { |
|
875 | 0 | Criteria criteria = GroupPeer.buildCriteria(group); |
876 | 0 | GroupPeer.doDelete(criteria); |
877 | 0 | getAllGroups().remove(group); |
878 | return; |
|
879 | } |
|
880 | } |
|
881 | 0 | catch (Exception e) |
882 | { |
|
883 | 0 | log.error("Failed to delete a Group"); |
884 | 0 | log.error(e); |
885 | 0 | throw new DataBackendException("removeGroup(Group) failed", e); |
886 | } |
|
887 | finally |
|
888 | { |
|
889 | 0 | unlockExclusive(); |
890 | 0 | } |
891 | 0 | throw new UnknownEntityException("Unknown group '" + group + "'"); |
892 | } |
|
893 | ||
894 | /** |
|
895 | * Removes a Role from the system. |
|
896 | * |
|
897 | * @param role The object describing the role to be removed. |
|
898 | * @throws DataBackendException if there was an error accessing the data |
|
899 | * backend. |
|
900 | * @throws UnknownEntityException if the role does not exist. |
|
901 | */ |
|
902 | public synchronized void removeRole(Role role) |
|
903 | throws DataBackendException, UnknownEntityException |
|
904 | { |
|
905 | 0 | boolean roleExists = false; |
906 | try |
|
907 | { |
|
908 | 0 | lockExclusive(); |
909 | 0 | roleExists = checkExists(role); |
910 | 0 | if (roleExists) |
911 | { |
|
912 | // revoke all permissions from the role to be deleted |
|
913 | 0 | revokeAll(role); |
914 | 0 | Criteria criteria = RolePeer.buildCriteria(role); |
915 | 0 | RolePeer.doDelete(criteria); |
916 | 0 | getAllRoles().remove(role); |
917 | return; |
|
918 | } |
|
919 | } |
|
920 | 0 | catch (Exception e) |
921 | { |
|
922 | 0 | throw new DataBackendException("removeRole(Role)", e); |
923 | } |
|
924 | finally |
|
925 | { |
|
926 | 0 | unlockExclusive(); |
927 | 0 | } |
928 | 0 | throw new UnknownEntityException("Unknown role '" + role + "'"); |
929 | } |
|
930 | ||
931 | /** |
|
932 | * Removes a Permission from the system. |
|
933 | * |
|
934 | * @param permission The object describing the permission to be removed. |
|
935 | * @throws DataBackendException if there was an error accessing the data |
|
936 | * backend. |
|
937 | * @throws UnknownEntityException if the permission does not exist. |
|
938 | */ |
|
939 | public synchronized void removePermission(Permission permission) |
|
940 | throws DataBackendException, UnknownEntityException |
|
941 | { |
|
942 | 0 | boolean permissionExists = false; |
943 | try |
|
944 | { |
|
945 | 0 | lockExclusive(); |
946 | 0 | permissionExists = checkExists(permission); |
947 | 0 | if (permissionExists) |
948 | { |
|
949 | 0 | Criteria criteria = PermissionPeer.buildCriteria(permission); |
950 | 0 | PermissionPeer.doDelete(criteria); |
951 | 0 | getAllPermissions().remove(permission); |
952 | return; |
|
953 | } |
|
954 | } |
|
955 | 0 | catch (Exception e) |
956 | { |
|
957 | 0 | throw new DataBackendException("removePermission(Permission)", e); |
958 | } |
|
959 | finally |
|
960 | { |
|
961 | 0 | unlockExclusive(); |
962 | 0 | } |
963 | 0 | throw new UnknownEntityException("Unknown permission '" |
964 | + permission + "'"); |
|
965 | } |
|
966 | ||
967 | /** |
|
968 | * Renames an existing Group. |
|
969 | * |
|
970 | * @param group The object describing the group to be renamed. |
|
971 | * @param name the new name for the group. |
|
972 | * @throws DataBackendException if there was an error accessing the data |
|
973 | * backend. |
|
974 | * @throws UnknownEntityException if the group does not exist. |
|
975 | */ |
|
976 | public synchronized void renameGroup(Group group, String name) |
|
977 | throws DataBackendException, UnknownEntityException |
|
978 | { |
|
979 | 0 | boolean groupExists = false; |
980 | try |
|
981 | { |
|
982 | 0 | lockExclusive(); |
983 | 0 | groupExists = checkExists(group); |
984 | 0 | if (groupExists) |
985 | { |
|
986 | 0 | group.setName(name); |
987 | 0 | Criteria criteria = GroupPeer.buildCriteria(group); |
988 | 0 | GroupPeer.doUpdate(criteria); |
989 | return; |
|
990 | } |
|
991 | } |
|
992 | 0 | catch (Exception e) |
993 | { |
|
994 | 0 | throw new DataBackendException("renameGroup(Group,String)", e); |
995 | } |
|
996 | finally |
|
997 | { |
|
998 | 0 | unlockExclusive(); |
999 | 0 | } |
1000 | 0 | throw new UnknownEntityException("Unknown group '" + group + "'"); |
1001 | } |
|
1002 | ||
1003 | /** |
|
1004 | * Renames an existing Role. |
|
1005 | * |
|
1006 | * @param role The object describing the role to be renamed. |
|
1007 | * @param name the new name for the role. |
|
1008 | * @throws DataBackendException if there was an error accessing the data |
|
1009 | * backend. |
|
1010 | * @throws UnknownEntityException if the role does not exist. |
|
1011 | */ |
|
1012 | public synchronized void renameRole(Role role, String name) |
|
1013 | throws DataBackendException, UnknownEntityException |
|
1014 | { |
|
1015 | 0 | boolean roleExists = false; |
1016 | try |
|
1017 | { |
|
1018 | 0 | lockExclusive(); |
1019 | 0 | roleExists = checkExists(role); |
1020 | 0 | if (roleExists) |
1021 | { |
|
1022 | 0 | role.setName(name); |
1023 | 0 | Criteria criteria = RolePeer.buildCriteria(role); |
1024 | 0 | RolePeer.doUpdate(criteria); |
1025 | return; |
|
1026 | } |
|
1027 | } |
|
1028 | 0 | catch (Exception e) |
1029 | { |
|
1030 | 0 | throw new DataBackendException("renameRole(Role,String)", e); |
1031 | } |
|
1032 | finally |
|
1033 | { |
|
1034 | 0 | unlockExclusive(); |
1035 | 0 | } |
1036 | 0 | throw new UnknownEntityException("Unknown role '" + role + "'"); |
1037 | } |
|
1038 | ||
1039 | /** |
|
1040 | * Renames an existing Permission. |
|
1041 | * |
|
1042 | * @param permission The object describing the permission to be renamed. |
|
1043 | * @param name the new name for the permission. |
|
1044 | * @throws DataBackendException if there was an error accessing the data |
|
1045 | * backend. |
|
1046 | * @throws UnknownEntityException if the permission does not exist. |
|
1047 | */ |
|
1048 | public synchronized void renamePermission(Permission permission, |
|
1049 | String name) |
|
1050 | throws DataBackendException, UnknownEntityException |
|
1051 | { |
|
1052 | 0 | boolean permissionExists = false; |
1053 | try |
|
1054 | { |
|
1055 | 0 | lockExclusive(); |
1056 | 0 | permissionExists = checkExists(permission); |
1057 | 0 | if (permissionExists) |
1058 | { |
|
1059 | 0 | permission.setName(name); |
1060 | 0 | Criteria criteria = PermissionPeer.buildCriteria(permission); |
1061 | 0 | PermissionPeer.doUpdate(criteria); |
1062 | return; |
|
1063 | } |
|
1064 | } |
|
1065 | 0 | catch (Exception e) |
1066 | { |
|
1067 | 0 | throw new DataBackendException( |
1068 | "renamePermission(Permission,name)", e); |
|
1069 | } |
|
1070 | finally |
|
1071 | { |
|
1072 | 0 | unlockExclusive(); |
1073 | 0 | } |
1074 | 0 | throw new UnknownEntityException("Unknown permission '" |
1075 | + permission + "'"); |
|
1076 | } |
|
1077 | ||
1078 | /* Service specific implementation methods */ |
|
1079 | ||
1080 | /** |
|
1081 | * Returns the Class object for the implementation of UserPeer interface |
|
1082 | * used by the system (defined in TR.properties) |
|
1083 | * |
|
1084 | * @return the implementation of UserPeer interface used by the system. |
|
1085 | * @throws UnknownEntityException if the system's implementation of UserPeer |
|
1086 | * interface could not be determined. |
|
1087 | */ |
|
1088 | public Class getUserPeerClass() throws UnknownEntityException |
|
1089 | { |
|
1090 | 0 | String userPeerClassName = getConfiguration().getString( |
1091 | USER_PEER_CLASS_KEY, USER_PEER_CLASS_DEFAULT); |
|
1092 | try |
|
1093 | { |
|
1094 | 0 | return Class.forName(userPeerClassName); |
1095 | } |
|
1096 | 0 | catch (Exception e) |
1097 | { |
|
1098 | 0 | throw new UnknownEntityException( |
1099 | "Failed create a Class object for UserPeer implementation", e); |
|
1100 | } |
|
1101 | } |
|
1102 | ||
1103 | /** |
|
1104 | * Construct a UserPeer object. |
|
1105 | * |
|
1106 | * This method calls getUserPeerClass, and then creates a new object using |
|
1107 | * the default constructor. |
|
1108 | * |
|
1109 | * @return an object implementing UserPeer interface. |
|
1110 | * @throws UnknownEntityException if the object could not be instantiated. |
|
1111 | */ |
|
1112 | public UserPeer getUserPeerInstance() throws UnknownEntityException |
|
1113 | { |
|
1114 | UserPeer up; |
|
1115 | try |
|
1116 | { |
|
1117 | 0 | up = (UserPeer) getUserPeerClass().newInstance(); |
1118 | } |
|
1119 | 0 | catch (Exception e) |
1120 | { |
|
1121 | 0 | throw new UnknownEntityException( |
1122 | "Failed instantiate an UserPeer implementation object", e); |
|
1123 | 0 | } |
1124 | 0 | return up; |
1125 | } |
|
1126 | ||
1127 | /** |
|
1128 | * Determines if the <code>Group</code> exists in the security system. |
|
1129 | * |
|
1130 | * @param group a <code>Group</code> value |
|
1131 | * @return true if the group exists in the system, false otherwise |
|
1132 | * @throws DataBackendException when more than one Group with |
|
1133 | * the same name exists. |
|
1134 | * @throws Exception A generic exception. |
|
1135 | */ |
|
1136 | protected boolean checkExists(Group group) |
|
1137 | throws DataBackendException, Exception |
|
1138 | { |
|
1139 | 0 | return GroupPeer.checkExists(group); |
1140 | } |
|
1141 | ||
1142 | /** |
|
1143 | * Determines if the <code>Role</code> exists in the security system. |
|
1144 | * |
|
1145 | * @param role a <code>Role</code> value |
|
1146 | * @return true if the role exists in the system, false otherwise |
|
1147 | * @throws DataBackendException when more than one Role with |
|
1148 | * the same name exists. |
|
1149 | * @throws Exception A generic exception. |
|
1150 | */ |
|
1151 | protected boolean checkExists(Role role) |
|
1152 | throws DataBackendException, Exception |
|
1153 | { |
|
1154 | 0 | return RolePeer.checkExists(role); |
1155 | } |
|
1156 | ||
1157 | /** |
|
1158 | * Determines if the <code>Permission</code> exists in the security system. |
|
1159 | * |
|
1160 | * @param permission a <code>Permission</code> value |
|
1161 | * @return true if the permission exists in the system, false otherwise |
|
1162 | * @throws DataBackendException when more than one Permission with |
|
1163 | * the same name exists. |
|
1164 | * @throws Exception A generic exception. |
|
1165 | */ |
|
1166 | protected boolean checkExists(Permission permission) |
|
1167 | throws DataBackendException, Exception |
|
1168 | { |
|
1169 | 0 | return PermissionPeer.checkExists(permission); |
1170 | } |
|
1171 | ||
1172 | } |
This report is generated by jcoverage, Maven and Maven JCoverage Plugin. |