1 package org.apache.turbine.services.security.db;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 import java.util.ArrayList;
20 import java.util.Hashtable;
21 import java.util.Iterator;
22 import java.util.List;
23 import java.util.Vector;
24
25 import org.apache.commons.lang.StringUtils;
26 import org.apache.commons.logging.Log;
27 import org.apache.commons.logging.LogFactory;
28 import org.apache.torque.om.BaseObject;
29 import org.apache.torque.util.Criteria;
30 import org.apache.turbine.om.security.Group;
31 import org.apache.turbine.om.security.Permission;
32 import org.apache.turbine.om.security.Role;
33 import org.apache.turbine.om.security.User;
34 import org.apache.turbine.om.security.peer.GroupPeer;
35 import org.apache.turbine.om.security.peer.PermissionPeer;
36 import org.apache.turbine.om.security.peer.RolePeer;
37 import org.apache.turbine.om.security.peer.RolePermissionPeer;
38 import org.apache.turbine.om.security.peer.UserGroupRolePeer;
39 import org.apache.turbine.om.security.peer.UserPeer;
40 import org.apache.turbine.services.security.BaseSecurityService;
41 import org.apache.turbine.services.security.TurbineSecurity;
42 import org.apache.turbine.util.security.AccessControlList;
43 import org.apache.turbine.util.security.DataBackendException;
44 import org.apache.turbine.util.security.EntityExistsException;
45 import org.apache.turbine.util.security.GroupSet;
46 import org.apache.turbine.util.security.PermissionSet;
47 import org.apache.turbine.util.security.RoleSet;
48 import org.apache.turbine.util.security.UnknownEntityException;
49
50 /***
51 * An implementation of SecurityService that uses a database as backend.
52 *
53 * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a>
54 * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
55 * @author <a href="mailto:marco@intermeta.de">Marco Knüttel</a>
56 * @version $Id: DBSecurityService.java 264148 2005-08-29 14:21:04Z henning $
57 */
58 public class DBSecurityService
59 extends BaseSecurityService
60 {
61 /*** Logging */
62 private static Log log = LogFactory.getLog(DBSecurityService.class);
63
64 /***
65 * The key within services's properties for user implementation
66 * classname (user.class) - Leandro
67 */
68 public static final String USER_PEER_CLASS_KEY = "userPeer.class";
69
70 /***
71 * The default implementation of User interface
72 * (org.apache.turbine.om.security.DBUser)
73 */
74 public static final String USER_PEER_CLASS_DEFAULT =
75 "org.apache.turbine.om.security.peer.TurbineUserPeer";
76
77
78
79
80
81 /***
82 * Constructs an AccessControlList for a specific user.
83 *
84 * This method creates a snapshot of the state of security information
85 * concerning this user, at the moment of invocation and stores it
86 * into an AccessControlList object.
87 *
88 * @param user the user for whom the AccessControlList are to be retrieved
89 * @return A new AccessControlList object.
90 * @throws DataBackendException if there was an error accessing the data
91 * backend.
92 * @throws UnknownEntityException if user account is not present.
93 */
94 public AccessControlList getACL(User user)
95 throws DataBackendException, UnknownEntityException
96 {
97 if (!TurbineSecurity.accountExists(user))
98 {
99 throw new UnknownEntityException("The account '"
100 + user.getName() + "' does not exist");
101 }
102 try
103 {
104 Hashtable roles = new Hashtable();
105 Hashtable permissions = new Hashtable();
106
107
108 lockShared();
109
110
111
112
113 for (Iterator groupsIterator = getAllGroups().iterator();
114 groupsIterator.hasNext();)
115 {
116 Group group = (Group) groupsIterator.next();
117
118 RoleSet groupRoles = RolePeer.retrieveSet(user, group);
119
120 roles.put(group, groupRoles);
121
122 PermissionSet groupPermissions = new PermissionSet();
123
124 for (Iterator rolesIterator = groupRoles.iterator();
125 rolesIterator.hasNext();)
126 {
127 Role role = (Role) rolesIterator.next();
128
129 PermissionSet rolePermissions
130 = PermissionPeer.retrieveSet(role);
131 groupPermissions.add(rolePermissions);
132 }
133
134 permissions.put(group, groupPermissions);
135 }
136 return getAclInstance(roles, permissions);
137 }
138 catch (Exception e)
139 {
140 throw new DataBackendException("Failed to build ACL for user '"
141 + user.getName() + "'", e);
142 }
143 finally
144 {
145
146 unlockShared();
147 }
148 }
149
150
151
152
153
154 /***
155 * Grant an User a Role in a Group.
156 *
157 * @param user the user.
158 * @param group the group.
159 * @param role the role.
160 * @throws DataBackendException if there was an error accessing the data
161 * backend.
162 * @throws UnknownEntityException if user account, group or role is not
163 * present.
164 */
165 public synchronized void grant(User user, Group group, Role role)
166 throws DataBackendException, UnknownEntityException
167 {
168 boolean userExists = false;
169 boolean groupExists = false;
170 boolean roleExists = false;
171 try
172 {
173 lockExclusive();
174 userExists = TurbineSecurity.accountExists(user);
175 groupExists = checkExists(group);
176 roleExists = checkExists(role);
177 if (userExists && groupExists && roleExists)
178 {
179 Criteria criteria = new Criteria();
180 criteria.add(UserGroupRolePeer.USER_ID,
181 ((BaseObject) user).getPrimaryKey());
182 criteria.add(UserGroupRolePeer.GROUP_ID,
183 ((BaseObject) group).getPrimaryKey());
184 criteria.add(UserGroupRolePeer.ROLE_ID,
185 ((BaseObject) role).getPrimaryKey());
186 UserGroupRolePeer.doInsert(criteria);
187 return;
188 }
189 }
190 catch (Exception e)
191 {
192 throw new DataBackendException("grant(User,Group,Role) failed", e);
193 }
194 finally
195 {
196 unlockExclusive();
197 }
198 if (!userExists)
199 {
200 throw new UnknownEntityException("Unknown user '"
201 + user.getName() + "'");
202 }
203 if (!groupExists)
204 {
205 throw new UnknownEntityException("Unknown group '"
206 + group.getName() + "'");
207 }
208 if (!roleExists)
209 {
210 throw new UnknownEntityException("Unknown role '"
211 + role.getName() + "'");
212 }
213 }
214
215 /***
216 * Revoke a Role in a Group from an User.
217 *
218 * @param user the user.
219 * @param group the group.
220 * @param role the role.
221 * @throws DataBackendException if there was an error accessing the data
222 * backend.
223 * @throws UnknownEntityException if user account, group or role is not
224 * present.
225 */
226 public synchronized void revoke(User user, Group group, Role role)
227 throws DataBackendException, UnknownEntityException
228 {
229 boolean userExists = false;
230 boolean groupExists = false;
231 boolean roleExists = false;
232 try
233 {
234 lockExclusive();
235 userExists = TurbineSecurity.accountExists(user);
236 groupExists = checkExists(group);
237 roleExists = checkExists(role);
238 if (userExists && groupExists && roleExists)
239 {
240 Criteria criteria = new Criteria();
241 criteria.add(UserGroupRolePeer.USER_ID,
242 ((BaseObject) user).getPrimaryKey());
243 criteria.add(UserGroupRolePeer.GROUP_ID,
244 ((BaseObject) group).getPrimaryKey());
245 criteria.add(UserGroupRolePeer.ROLE_ID,
246 ((BaseObject) role).getPrimaryKey());
247 UserGroupRolePeer.doDelete(criteria);
248 return;
249 }
250 }
251 catch (Exception e)
252 {
253 throw new DataBackendException("revoke(User,Role,Group) failed", e);
254 }
255 finally
256 {
257 unlockExclusive();
258 }
259 if (!userExists)
260 {
261 throw new UnknownEntityException("Unknown user '"
262 + user.getName() + "'");
263 }
264 if (!groupExists)
265 {
266 throw new UnknownEntityException("Unknown group '"
267 + group.getName() + "'");
268 }
269 if (!roleExists)
270 {
271 throw new UnknownEntityException("Unknown role '"
272 + role.getName() + "'");
273 }
274 }
275
276 /***
277 * Revokes all roles from an User.
278 *
279 * This method is used when deleting an account.
280 *
281 * @param user the User.
282 * @throws DataBackendException if there was an error accessing the data
283 * backend.
284 * @throws UnknownEntityException if the account is not present.
285 */
286 public synchronized void revokeAll(User user)
287 throws DataBackendException, UnknownEntityException
288 {
289 boolean userExists = false;
290 try
291 {
292 lockExclusive();
293 userExists = TurbineSecurity.accountExists(user);
294 if (userExists)
295 {
296 Criteria criteria = new Criteria();
297 criteria.add(UserGroupRolePeer.USER_ID,
298 ((BaseObject) user).getPrimaryKey());
299 UserGroupRolePeer.doDelete(criteria);
300 return;
301 }
302 }
303 catch (Exception e)
304 {
305 throw new DataBackendException("revokeAll(User) failed", e);
306 }
307 finally
308 {
309 unlockExclusive();
310 }
311 throw new UnknownEntityException("Unknown user '"
312 + user.getName() + "'");
313 }
314
315 /***
316 * Grants a Role a Permission
317 *
318 * @param role the Role.
319 * @param permission the Permission.
320 * @throws DataBackendException if there was an error accessing the data
321 * backend.
322 * @throws UnknownEntityException if role or permission is not present.
323 */
324 public synchronized void grant(Role role, Permission permission)
325 throws DataBackendException, UnknownEntityException
326 {
327 boolean roleExists = false;
328 boolean permissionExists = false;
329 try
330 {
331 lockExclusive();
332 roleExists = checkExists(role);
333 permissionExists = checkExists(permission);
334 if (roleExists && permissionExists)
335 {
336 Criteria criteria = new Criteria();
337 criteria.add(RolePermissionPeer.ROLE_ID,
338 ((BaseObject) role).getPrimaryKey());
339 criteria.add(RolePermissionPeer.PERMISSION_ID,
340 ((BaseObject) permission).getPrimaryKey());
341 UserGroupRolePeer.doInsert(criteria);
342 return;
343 }
344 }
345 catch (Exception e)
346 {
347 throw new DataBackendException("grant(Role,Permission) failed", e);
348 }
349 finally
350 {
351 unlockExclusive();
352 }
353 if (!roleExists)
354 {
355 throw new UnknownEntityException("Unknown role '"
356 + role.getName() + "'");
357 }
358 if (!permissionExists)
359 {
360 throw new UnknownEntityException("Unknown permission '"
361 + permission.getName() + "'");
362 }
363 }
364
365 /***
366 * Revokes a Permission from a Role.
367 *
368 * @param role the Role.
369 * @param permission the Permission.
370 * @throws DataBackendException if there was an error accessing the data
371 * backend.
372 * @throws UnknownEntityException if role or permission is not present.
373 */
374 public synchronized void revoke(Role role, Permission permission)
375 throws DataBackendException, UnknownEntityException
376 {
377 boolean roleExists = false;
378 boolean permissionExists = false;
379 try
380 {
381 lockExclusive();
382 roleExists = checkExists(role);
383 permissionExists = checkExists(permission);
384 if (roleExists && permissionExists)
385 {
386 Criteria criteria = new Criteria();
387 criteria.add(RolePermissionPeer.ROLE_ID,
388 ((BaseObject) role).getPrimaryKey());
389 criteria.add(RolePermissionPeer.PERMISSION_ID,
390 ((BaseObject) permission).getPrimaryKey());
391 RolePermissionPeer.doDelete(criteria);
392 return;
393 }
394 }
395 catch (Exception e)
396 {
397 throw new DataBackendException("revoke(Role,Permission) failed", e);
398 }
399 finally
400 {
401 unlockExclusive();
402 }
403 if (!roleExists)
404 {
405 throw new UnknownEntityException("Unknown role '"
406 + role.getName() + "'");
407 }
408 if (!permissionExists)
409 {
410 throw new UnknownEntityException("Unknown permission '"
411 + permission.getName() + "'");
412 }
413 }
414
415 /***
416 * Revokes all permissions from a Role.
417 *
418 * This method is user when deleting a Role.
419 *
420 * @param role the Role
421 * @throws DataBackendException if there was an error accessing the data
422 * backend.
423 * @throws UnknownEntityException if the Role is not present.
424 */
425 public synchronized void revokeAll(Role role)
426 throws DataBackendException, UnknownEntityException
427 {
428 boolean roleExists = false;
429 try
430 {
431 lockExclusive();
432 roleExists = checkExists(role);
433 if (roleExists)
434 {
435 Criteria criteria = new Criteria();
436 criteria.add(RolePermissionPeer.ROLE_ID,
437 ((BaseObject) role).getPrimaryKey());
438 RolePermissionPeer.doDelete(criteria);
439
440 return;
441 }
442 }
443 catch (Exception e)
444 {
445 throw new DataBackendException("revokeAll(Role) failed", e);
446 }
447 finally
448 {
449 unlockExclusive();
450 }
451 throw new UnknownEntityException("Unknown role '"
452 + role.getName() + "'");
453 }
454
455
456
457
458
459 /***
460 * Retrieve a set of Groups that meet the specified Criteria.
461 *
462 * @param criteria A Criteria of Group selection.
463 * @return a set of Groups that meet the specified Criteria.
464 * @throws DataBackendException if there was an error accessing the data
465 * backend.
466 */
467 public GroupSet getGroups(Criteria criteria)
468 throws DataBackendException
469 {
470 Criteria dbCriteria = new Criteria();
471 Iterator keys = criteria.keySet().iterator();
472 while (keys.hasNext())
473 {
474 String key = (String) keys.next();
475 dbCriteria.put(GroupPeer.getColumnName(key), criteria.get(key));
476 }
477 List groups = new ArrayList(0);
478 try
479 {
480 groups = GroupPeer.doSelect(criteria);
481 }
482 catch (Exception e)
483 {
484 throw new DataBackendException("getGroups(Criteria) failed", e);
485 }
486 return new GroupSet(groups);
487 }
488
489 /***
490 * Retrieve a set of Roles that meet the specified Criteria.
491 *
492 * @param criteria A Criteria of Roles selection.
493 * @return a set of Roles that meet the specified Criteria.
494 * @throws DataBackendException if there was an error accessing the data
495 * backend.
496 */
497 public RoleSet getRoles(Criteria criteria)
498 throws DataBackendException
499 {
500 Criteria dbCriteria = new Criteria();
501 Iterator keys = criteria.keySet().iterator();
502 while (keys.hasNext())
503 {
504 String key = (String) keys.next();
505 dbCriteria.put(RolePeer.getColumnName(key), criteria.get(key));
506 }
507 List roles = new ArrayList(0);
508 try
509 {
510 roles = RolePeer.doSelect(criteria);
511 }
512 catch (Exception e)
513 {
514 throw new DataBackendException("getRoles(Criteria) failed", e);
515 }
516 return new RoleSet(roles);
517 }
518
519 /***
520 * Retrieve a set of Permissions that meet the specified Criteria.
521 *
522 * @param criteria A Criteria of Permissions selection.
523 * @return a set of Permissions that meet the specified Criteria.
524 * @throws DataBackendException if there was an error accessing the data
525 * backend.
526 */
527 public PermissionSet getPermissions(Criteria criteria)
528 throws DataBackendException
529 {
530 Criteria dbCriteria = new Criteria();
531 Iterator keys = criteria.keySet().iterator();
532 while (keys.hasNext())
533 {
534 String key = (String) keys.next();
535 dbCriteria.put(PermissionPeer.getColumnName(key),
536 criteria.get(key));
537 }
538 List permissions = new Vector(0);
539 try
540 {
541 permissions = PermissionPeer.doSelect(criteria);
542 }
543 catch (Exception e)
544 {
545 throw new DataBackendException(
546 "getPermissions(Criteria) failed", e);
547 }
548 return new PermissionSet(permissions);
549 }
550
551 /***
552 * Retrieves all permissions associated with a role.
553 *
554 * @param role the role name, for which the permissions are to be retrieved.
555 * @return A Permission set for the Role.
556 * @throws DataBackendException if there was an error accessing the data
557 * backend.
558 * @throws UnknownEntityException if the role is not present.
559 */
560 public PermissionSet getPermissions(Role role)
561 throws DataBackendException, UnknownEntityException
562 {
563 boolean roleExists = false;
564 try
565 {
566 lockShared();
567 roleExists = checkExists(role);
568 if (roleExists)
569 {
570 return PermissionPeer.retrieveSet(role);
571 }
572 }
573 catch (Exception e)
574 {
575 throw new DataBackendException("getPermissions(Role) failed", e);
576 }
577 finally
578 {
579 unlockShared();
580 }
581 throw new UnknownEntityException("Unknown role '"
582 + role.getName() + "'");
583 }
584
585 /***
586 * Stores Group's attributes. The Groups is required to exist in the system.
587 *
588 * @param group The Group to be stored.
589 * @throws DataBackendException if there was an error accessing the data
590 * backend.
591 * @throws UnknownEntityException if the group does not exist.
592 */
593 public void saveGroup(Group group)
594 throws DataBackendException, UnknownEntityException
595 {
596 boolean groupExists = false;
597 try
598 {
599 groupExists = checkExists(group);
600 if (groupExists)
601 {
602 Criteria criteria = GroupPeer.buildCriteria(group);
603 GroupPeer.doUpdate(criteria);
604 return;
605 }
606 }
607 catch (Exception e)
608 {
609 throw new DataBackendException("saveGroup(Group) failed", e);
610 }
611 throw new UnknownEntityException("Unknown group '" + group + "'");
612 }
613
614 /***
615 * Stores Role's attributes. The Roles is required to exist in the system.
616 *
617 * @param role The Role to be stored.
618 * @throws DataBackendException if there was an error accessing the data
619 * backend.
620 * @throws UnknownEntityException if the role does not exist.
621 */
622 public void saveRole(Role role)
623 throws DataBackendException, UnknownEntityException
624 {
625 boolean roleExists = false;
626 try
627 {
628 roleExists = checkExists(role);
629 if (roleExists)
630 {
631 Criteria criteria = RolePeer.buildCriteria(role);
632 RolePeer.doUpdate(criteria);
633 return;
634 }
635 }
636 catch (Exception e)
637 {
638 throw new DataBackendException("saveRole(Role) failed", e);
639 }
640 throw new UnknownEntityException("Unknown role '" + role + "'");
641 }
642
643 /***
644 * Stores Permission's attributes. The Permissions is required to exist in
645 * the system.
646 *
647 * @param permission The Permission to be stored.
648 * @throws DataBackendException if there was an error accessing the data
649 * backend.
650 * @throws UnknownEntityException if the permission does not exist.
651 */
652 public void savePermission(Permission permission)
653 throws DataBackendException, UnknownEntityException
654 {
655 boolean permissionExists = false;
656 try
657 {
658 permissionExists = checkExists(permission);
659 if (permissionExists)
660 {
661 Criteria criteria = PermissionPeer.buildCriteria(permission);
662 PermissionPeer.doUpdate(criteria);
663 return;
664 }
665 }
666 catch (Exception e)
667 {
668 throw new DataBackendException(
669 "savePermission(Permission) failed", e);
670 }
671 throw new UnknownEntityException("Unknown permission '"
672 + permission + "'");
673 }
674
675 /***
676 * Creates a new group with specified attributes.
677 *
678 * @param group the object describing the group to be created.
679 * @return a new Group object that has id set up properly.
680 * @throws DataBackendException if there was an error accessing the data
681 * backend.
682 * @throws EntityExistsException if the group already exists.
683 */
684 public synchronized Group addGroup(Group group)
685 throws DataBackendException,
686 EntityExistsException
687 {
688 boolean groupExists = false;
689
690 if (StringUtils.isEmpty(group.getName()))
691 {
692 throw new DataBackendException("Could not create "
693 + "a group with empty name!");
694 }
695
696 try
697 {
698 lockExclusive();
699 groupExists = checkExists(group);
700 if (!groupExists)
701 {
702
703 Criteria criteria = GroupPeer.buildCriteria(group);
704 GroupPeer.doInsert(criteria);
705
706 criteria = new Criteria();
707 criteria.add(GroupPeer.NAME,
708 group.getName());
709 List results = GroupPeer.doSelect(criteria);
710 if (results.size() != 1)
711 {
712 throw new DataBackendException(
713 "Internal error - query returned "
714 + results.size() + " rows");
715 }
716 Group newGroup = (Group) results.get(0);
717
718 getAllGroups().add(newGroup);
719
720 return newGroup;
721 }
722 }
723 catch (Exception e)
724 {
725 throw new DataBackendException("addGroup(Group) failed", e);
726 }
727 finally
728 {
729 unlockExclusive();
730 }
731
732
733 throw new EntityExistsException("Group '" + group + "' already exists");
734 }
735
736 /***
737 * Creates a new role with specified attributes.
738 *
739 * @param role the object describing the role to be created.
740 * @return a new Role object that has id set up properly.
741 * @throws DataBackendException if there was an error accessing the data
742 * backend.
743 * @throws EntityExistsException if the role already exists.
744 */
745 public synchronized Role addRole(Role role)
746 throws DataBackendException, EntityExistsException
747 {
748 boolean roleExists = false;
749
750 if (StringUtils.isEmpty(role.getName()))
751 {
752 throw new DataBackendException("Could not create "
753 + "a role with empty name!");
754 }
755
756 try
757 {
758 lockExclusive();
759 roleExists = checkExists(role);
760 if (!roleExists)
761 {
762
763 Criteria criteria = RolePeer.buildCriteria(role);
764 RolePeer.doInsert(criteria);
765
766 criteria = new Criteria();
767 criteria.add(RolePeer.NAME, role.getName());
768 List results = RolePeer.doSelect(criteria);
769 if (results.size() != 1)
770 {
771 throw new DataBackendException(
772 "Internal error - query returned "
773 + results.size() + " rows");
774 }
775 Role newRole = (Role) results.get(0);
776
777 getAllRoles().add(newRole);
778
779 return newRole;
780 }
781 }
782 catch (Exception e)
783 {
784 throw new DataBackendException("addRole(Role) failed", e);
785 }
786 finally
787 {
788 unlockExclusive();
789 }
790
791
792 throw new EntityExistsException("Role '" + role + "' already exists");
793 }
794
795 /***
796 * Creates a new permission with specified attributes.
797 *
798 * @param permission the object describing the permission to be created.
799 * @return a new Permission object that has id set up properly.
800 * @throws DataBackendException if there was an error accessing the data
801 * backend.
802 * @throws EntityExistsException if the permission already exists.
803 */
804 public synchronized Permission addPermission(Permission permission)
805 throws DataBackendException, EntityExistsException
806 {
807 boolean permissionExists = false;
808
809 if (StringUtils.isEmpty(permission.getName()))
810 {
811 throw new DataBackendException("Could not create "
812 + "a permission with empty name!");
813 }
814
815 try
816 {
817 lockExclusive();
818 permissionExists = checkExists(permission);
819 if (!permissionExists)
820 {
821
822 Criteria criteria = PermissionPeer.buildCriteria(permission);
823 PermissionPeer.doInsert(criteria);
824
825 criteria = new Criteria();
826 criteria.add(PermissionPeer.NAME,
827 permission.getName());
828 List results = PermissionPeer.doSelect(criteria);
829 if (results.size() != 1)
830 {
831 throw new DataBackendException(
832 "Internal error - query returned "
833 + results.size() + " rows");
834 }
835 Permission newPermission = (Permission) results.get(0);
836
837 getAllPermissions().add(newPermission);
838
839 return newPermission;
840 }
841 }
842 catch (Exception e)
843 {
844 throw new DataBackendException(
845 "addPermission(Permission) failed", e);
846 }
847 finally
848 {
849 unlockExclusive();
850 }
851
852
853 throw new EntityExistsException("Permission '" + permission
854 + "' already exists");
855 }
856
857 /***
858 * Removes a Group from the system.
859 *
860 * @param group The object describing the group to be removed.
861 * @throws DataBackendException if there was an error accessing the data
862 * backend.
863 * @throws UnknownEntityException if the group does not exist.
864 */
865 public synchronized void removeGroup(Group group)
866 throws DataBackendException, UnknownEntityException
867 {
868 boolean groupExists = false;
869 try
870 {
871 lockExclusive();
872 groupExists = checkExists(group);
873 if (groupExists)
874 {
875 Criteria criteria = GroupPeer.buildCriteria(group);
876 GroupPeer.doDelete(criteria);
877 getAllGroups().remove(group);
878 return;
879 }
880 }
881 catch (Exception e)
882 {
883 log.error("Failed to delete a Group");
884 log.error(e);
885 throw new DataBackendException("removeGroup(Group) failed", e);
886 }
887 finally
888 {
889 unlockExclusive();
890 }
891 throw new UnknownEntityException("Unknown group '" + group + "'");
892 }
893
894 /***
895 * Removes a Role from the system.
896 *
897 * @param role The object describing the role to be removed.
898 * @throws DataBackendException if there was an error accessing the data
899 * backend.
900 * @throws UnknownEntityException if the role does not exist.
901 */
902 public synchronized void removeRole(Role role)
903 throws DataBackendException, UnknownEntityException
904 {
905 boolean roleExists = false;
906 try
907 {
908 lockExclusive();
909 roleExists = checkExists(role);
910 if (roleExists)
911 {
912
913 revokeAll(role);
914 Criteria criteria = RolePeer.buildCriteria(role);
915 RolePeer.doDelete(criteria);
916 getAllRoles().remove(role);
917 return;
918 }
919 }
920 catch (Exception e)
921 {
922 throw new DataBackendException("removeRole(Role)", e);
923 }
924 finally
925 {
926 unlockExclusive();
927 }
928 throw new UnknownEntityException("Unknown role '" + role + "'");
929 }
930
931 /***
932 * Removes a Permission from the system.
933 *
934 * @param permission The object describing the permission to be removed.
935 * @throws DataBackendException if there was an error accessing the data
936 * backend.
937 * @throws UnknownEntityException if the permission does not exist.
938 */
939 public synchronized void removePermission(Permission permission)
940 throws DataBackendException, UnknownEntityException
941 {
942 boolean permissionExists = false;
943 try
944 {
945 lockExclusive();
946 permissionExists = checkExists(permission);
947 if (permissionExists)
948 {
949 Criteria criteria = PermissionPeer.buildCriteria(permission);
950 PermissionPeer.doDelete(criteria);
951 getAllPermissions().remove(permission);
952 return;
953 }
954 }
955 catch (Exception e)
956 {
957 throw new DataBackendException("removePermission(Permission)", e);
958 }
959 finally
960 {
961 unlockExclusive();
962 }
963 throw new UnknownEntityException("Unknown permission '"
964 + permission + "'");
965 }
966
967 /***
968 * Renames an existing Group.
969 *
970 * @param group The object describing the group to be renamed.
971 * @param name the new name for the group.
972 * @throws DataBackendException if there was an error accessing the data
973 * backend.
974 * @throws UnknownEntityException if the group does not exist.
975 */
976 public synchronized void renameGroup(Group group, String name)
977 throws DataBackendException, UnknownEntityException
978 {
979 boolean groupExists = false;
980 try
981 {
982 lockExclusive();
983 groupExists = checkExists(group);
984 if (groupExists)
985 {
986 group.setName(name);
987 Criteria criteria = GroupPeer.buildCriteria(group);
988 GroupPeer.doUpdate(criteria);
989 return;
990 }
991 }
992 catch (Exception e)
993 {
994 throw new DataBackendException("renameGroup(Group,String)", e);
995 }
996 finally
997 {
998 unlockExclusive();
999 }
1000 throw new UnknownEntityException("Unknown group '" + group + "'");
1001 }
1002
1003 /***
1004 * Renames an existing Role.
1005 *
1006 * @param role The object describing the role to be renamed.
1007 * @param name the new name for the role.
1008 * @throws DataBackendException if there was an error accessing the data
1009 * backend.
1010 * @throws UnknownEntityException if the role does not exist.
1011 */
1012 public synchronized void renameRole(Role role, String name)
1013 throws DataBackendException, UnknownEntityException
1014 {
1015 boolean roleExists = false;
1016 try
1017 {
1018 lockExclusive();
1019 roleExists = checkExists(role);
1020 if (roleExists)
1021 {
1022 role.setName(name);
1023 Criteria criteria = RolePeer.buildCriteria(role);
1024 RolePeer.doUpdate(criteria);
1025 return;
1026 }
1027 }
1028 catch (Exception e)
1029 {
1030 throw new DataBackendException("renameRole(Role,String)", e);
1031 }
1032 finally
1033 {
1034 unlockExclusive();
1035 }
1036 throw new UnknownEntityException("Unknown role '" + role + "'");
1037 }
1038
1039 /***
1040 * Renames an existing Permission.
1041 *
1042 * @param permission The object describing the permission to be renamed.
1043 * @param name the new name for the permission.
1044 * @throws DataBackendException if there was an error accessing the data
1045 * backend.
1046 * @throws UnknownEntityException if the permission does not exist.
1047 */
1048 public synchronized void renamePermission(Permission permission,
1049 String name)
1050 throws DataBackendException, UnknownEntityException
1051 {
1052 boolean permissionExists = false;
1053 try
1054 {
1055 lockExclusive();
1056 permissionExists = checkExists(permission);
1057 if (permissionExists)
1058 {
1059 permission.setName(name);
1060 Criteria criteria = PermissionPeer.buildCriteria(permission);
1061 PermissionPeer.doUpdate(criteria);
1062 return;
1063 }
1064 }
1065 catch (Exception e)
1066 {
1067 throw new DataBackendException(
1068 "renamePermission(Permission,name)", e);
1069 }
1070 finally
1071 {
1072 unlockExclusive();
1073 }
1074 throw new UnknownEntityException("Unknown permission '"
1075 + permission + "'");
1076 }
1077
1078
1079
1080 /***
1081 * Returns the Class object for the implementation of UserPeer interface
1082 * used by the system (defined in TR.properties)
1083 *
1084 * @return the implementation of UserPeer interface used by the system.
1085 * @throws UnknownEntityException if the system's implementation of UserPeer
1086 * interface could not be determined.
1087 */
1088 public Class getUserPeerClass() throws UnknownEntityException
1089 {
1090 String userPeerClassName = getConfiguration().getString(
1091 USER_PEER_CLASS_KEY, USER_PEER_CLASS_DEFAULT);
1092 try
1093 {
1094 return Class.forName(userPeerClassName);
1095 }
1096 catch (Exception e)
1097 {
1098 throw new UnknownEntityException(
1099 "Failed create a Class object for UserPeer implementation", e);
1100 }
1101 }
1102
1103 /***
1104 * Construct a UserPeer object.
1105 *
1106 * This method calls getUserPeerClass, and then creates a new object using
1107 * the default constructor.
1108 *
1109 * @return an object implementing UserPeer interface.
1110 * @throws UnknownEntityException if the object could not be instantiated.
1111 */
1112 public UserPeer getUserPeerInstance() throws UnknownEntityException
1113 {
1114 UserPeer up;
1115 try
1116 {
1117 up = (UserPeer) getUserPeerClass().newInstance();
1118 }
1119 catch (Exception e)
1120 {
1121 throw new UnknownEntityException(
1122 "Failed instantiate an UserPeer implementation object", e);
1123 }
1124 return up;
1125 }
1126
1127 /***
1128 * Determines if the <code>Group</code> exists in the security system.
1129 *
1130 * @param group a <code>Group</code> value
1131 * @return true if the group exists in the system, false otherwise
1132 * @throws DataBackendException when more than one Group with
1133 * the same name exists.
1134 * @throws Exception A generic exception.
1135 */
1136 protected boolean checkExists(Group group)
1137 throws DataBackendException, Exception
1138 {
1139 return GroupPeer.checkExists(group);
1140 }
1141
1142 /***
1143 * Determines if the <code>Role</code> exists in the security system.
1144 *
1145 * @param role a <code>Role</code> value
1146 * @return true if the role exists in the system, false otherwise
1147 * @throws DataBackendException when more than one Role with
1148 * the same name exists.
1149 * @throws Exception A generic exception.
1150 */
1151 protected boolean checkExists(Role role)
1152 throws DataBackendException, Exception
1153 {
1154 return RolePeer.checkExists(role);
1155 }
1156
1157 /***
1158 * Determines if the <code>Permission</code> exists in the security system.
1159 *
1160 * @param permission a <code>Permission</code> value
1161 * @return true if the permission exists in the system, false otherwise
1162 * @throws DataBackendException when more than one Permission with
1163 * the same name exists.
1164 * @throws Exception A generic exception.
1165 */
1166 protected boolean checkExists(Permission permission)
1167 throws DataBackendException, Exception
1168 {
1169 return PermissionPeer.checkExists(permission);
1170 }
1171
1172 }