1 |
|
|
2 |
|
|
3 |
|
|
4 |
|
|
5 |
|
|
6 |
|
|
7 |
|
|
8 |
|
|
9 |
|
|
10 |
|
|
11 |
|
|
12 |
|
|
13 |
|
|
14 |
|
|
15 |
|
|
16 |
|
|
17 |
|
package org.apache.jetspeed.security.impl; |
18 |
|
|
19 |
|
import java.security.Principal; |
20 |
|
import java.util.ArrayList; |
21 |
|
import java.util.Collection; |
22 |
|
import java.util.Iterator; |
23 |
|
import java.util.LinkedList; |
24 |
|
import java.util.List; |
25 |
|
import java.util.Set; |
26 |
|
import java.util.prefs.BackingStoreException; |
27 |
|
import java.util.prefs.Preferences; |
28 |
|
|
29 |
|
import org.apache.commons.logging.Log; |
30 |
|
import org.apache.commons.logging.LogFactory; |
31 |
|
import org.apache.jetspeed.i18n.KeyedMessage; |
32 |
|
import org.apache.jetspeed.security.AuthenticationProviderProxy; |
33 |
|
import org.apache.jetspeed.security.Group; |
34 |
|
import org.apache.jetspeed.security.GroupManager; |
35 |
|
import org.apache.jetspeed.security.GroupPrincipal; |
36 |
|
import org.apache.jetspeed.security.SecurityException; |
37 |
|
import org.apache.jetspeed.security.SecurityProvider; |
38 |
|
import org.apache.jetspeed.security.spi.GroupSecurityHandler; |
39 |
|
import org.apache.jetspeed.security.spi.SecurityMappingHandler; |
40 |
|
import org.apache.jetspeed.util.ArgUtil; |
41 |
|
|
42 |
|
|
43 |
|
|
44 |
|
|
45 |
|
|
46 |
|
|
47 |
|
|
48 |
|
|
49 |
|
|
50 |
|
|
51 |
|
|
52 |
|
|
53 |
|
|
54 |
|
|
55 |
|
|
56 |
|
|
57 |
|
|
58 |
|
|
59 |
|
|
60 |
|
public class GroupManagerImpl implements GroupManager |
61 |
|
{ |
62 |
|
|
63 |
|
|
64 |
0 |
private static final Log log = LogFactory.getLog(GroupManagerImpl.class); |
65 |
|
|
66 |
|
|
67 |
0 |
private AuthenticationProviderProxy atnProviderProxy = null; |
68 |
|
|
69 |
|
|
70 |
0 |
private GroupSecurityHandler groupSecurityHandler = null; |
71 |
|
|
72 |
|
|
73 |
0 |
private SecurityMappingHandler securityMappingHandler = null; |
74 |
|
|
75 |
|
|
76 |
|
|
77 |
|
|
78 |
|
|
79 |
|
public GroupManagerImpl(SecurityProvider securityProvider) |
80 |
0 |
{ |
81 |
0 |
this.atnProviderProxy = securityProvider |
82 |
|
.getAuthenticationProviderProxy(); |
83 |
0 |
this.groupSecurityHandler = securityProvider.getGroupSecurityHandler(); |
84 |
0 |
this.securityMappingHandler = securityProvider |
85 |
|
.getSecurityMappingHandler(); |
86 |
0 |
} |
87 |
|
|
88 |
|
|
89 |
|
|
90 |
|
|
91 |
|
public void addGroup(String groupFullPathName) throws SecurityException |
92 |
|
{ |
93 |
0 |
ArgUtil.notNull(new Object[] |
94 |
|
{ groupFullPathName}, new String[] |
95 |
|
{ "groupFullPathName"}, "addGroup(java.lang.String)"); |
96 |
|
|
97 |
|
|
98 |
0 |
if (groupExists(groupFullPathName)) { |
99 |
0 |
throw new SecurityException(SecurityException.GROUP_ALREADY_EXISTS.create(groupFullPathName)); |
100 |
|
} |
101 |
|
|
102 |
0 |
GroupPrincipal groupPrincipal = new GroupPrincipalImpl( |
103 |
|
groupFullPathName); |
104 |
0 |
String fullPath = groupPrincipal.getFullPath(); |
105 |
|
|
106 |
0 |
Preferences preferences = Preferences.userRoot().node(fullPath); |
107 |
0 |
if (log.isDebugEnabled()) |
108 |
|
{ |
109 |
0 |
log.debug("Added group preferences node: " + fullPath); |
110 |
|
} |
111 |
|
try |
112 |
|
{ |
113 |
0 |
if ((null != preferences) |
114 |
|
&& preferences.absolutePath().equals(fullPath)) |
115 |
|
{ |
116 |
|
|
117 |
0 |
groupSecurityHandler.setGroupPrincipal(groupPrincipal); |
118 |
0 |
if (log.isDebugEnabled()) |
119 |
|
{ |
120 |
0 |
log.debug("Added group: " + fullPath); |
121 |
|
} |
122 |
|
} |
123 |
0 |
} catch (SecurityException se) |
124 |
|
{ |
125 |
0 |
String msg = "Unable to create the role."; |
126 |
0 |
log.error(msg, se); |
127 |
|
|
128 |
|
|
129 |
|
try |
130 |
|
{ |
131 |
0 |
preferences.removeNode(); |
132 |
0 |
} catch (BackingStoreException bse) |
133 |
|
{ |
134 |
0 |
bse.printStackTrace(); |
135 |
0 |
} |
136 |
0 |
throw se; |
137 |
0 |
} |
138 |
0 |
} |
139 |
|
|
140 |
|
|
141 |
|
|
142 |
|
|
143 |
|
public void removeGroup(String groupFullPathName) throws SecurityException |
144 |
|
{ |
145 |
0 |
ArgUtil.notNull(new Object[] |
146 |
|
{ groupFullPathName}, new String[] |
147 |
|
{ "groupFullPathName"}, "removeGroup(java.lang.String)"); |
148 |
|
|
149 |
|
|
150 |
0 |
Preferences prefs = Preferences.userRoot().node( |
151 |
|
GroupPrincipalImpl |
152 |
|
.getFullPathFromPrincipalName(groupFullPathName)); |
153 |
0 |
String[] groups = securityMappingHandler.getGroupHierarchyResolver() |
154 |
|
.resolveChildren(prefs); |
155 |
0 |
for (int i = 0; i < groups.length; i++) |
156 |
|
{ |
157 |
|
try |
158 |
|
{ |
159 |
0 |
groupSecurityHandler |
160 |
|
.removeGroupPrincipal(new GroupPrincipalImpl( |
161 |
|
GroupPrincipalImpl |
162 |
|
.getPrincipalNameFromFullPath(groups[i]))); |
163 |
0 |
} catch (SecurityException se) |
164 |
|
{ |
165 |
0 |
throw se; |
166 |
0 |
} catch (Exception e) |
167 |
|
{ |
168 |
0 |
KeyedMessage msg = |
169 |
|
SecurityException.UNEXPECTED.create("GroupManager.removeGroup", |
170 |
|
"GroupSecurityHandler.removeGroupPrincipal("+ |
171 |
|
GroupPrincipalImpl.getPrincipalNameFromFullPath(groups[i])+")", |
172 |
|
e.getMessage()); |
173 |
0 |
log.error(msg, e); |
174 |
0 |
throw new SecurityException(msg, e); |
175 |
0 |
} |
176 |
|
|
177 |
0 |
Preferences groupPref = Preferences.userRoot().node( |
178 |
|
groups[i]); |
179 |
|
try |
180 |
|
{ |
181 |
0 |
groupPref.removeNode(); |
182 |
0 |
} catch (BackingStoreException bse) |
183 |
|
{ |
184 |
0 |
KeyedMessage msg = |
185 |
|
SecurityException.UNEXPECTED.create("Preferences.removeNode("+groups[i]+")", |
186 |
|
bse.getMessage()); |
187 |
0 |
log.error(msg, bse); |
188 |
0 |
throw new SecurityException(msg, bse); |
189 |
0 |
} |
190 |
|
} |
191 |
0 |
} |
192 |
|
|
193 |
|
|
194 |
|
|
195 |
|
|
196 |
|
public boolean groupExists(String groupFullPathName) |
197 |
|
{ |
198 |
0 |
ArgUtil.notNull(new Object[] |
199 |
|
{ groupFullPathName}, new String[] |
200 |
|
{ "groupFullPathName"}, "groupExists(java.lang.String)"); |
201 |
|
|
202 |
0 |
Principal principal = groupSecurityHandler |
203 |
|
.getGroupPrincipal(groupFullPathName); |
204 |
0 |
boolean groupExists = (null != principal); |
205 |
0 |
if (log.isDebugEnabled()) |
206 |
|
{ |
207 |
0 |
log.debug("Role exists: " + groupExists); |
208 |
0 |
log.debug("Role: " + groupFullPathName); |
209 |
|
} |
210 |
0 |
return groupExists; |
211 |
|
} |
212 |
|
|
213 |
|
|
214 |
|
|
215 |
|
|
216 |
|
public Group getGroup(String groupFullPathName) throws SecurityException |
217 |
|
{ |
218 |
0 |
ArgUtil.notNull(new Object[] |
219 |
|
{ groupFullPathName}, new String[] |
220 |
|
{ "groupFullPathName"}, "getGroup(java.lang.String)"); |
221 |
|
|
222 |
0 |
String fullPath = GroupPrincipalImpl |
223 |
|
.getFullPathFromPrincipalName(groupFullPathName); |
224 |
|
|
225 |
0 |
Principal groupPrincipal = groupSecurityHandler |
226 |
|
.getGroupPrincipal(groupFullPathName); |
227 |
0 |
if (null == groupPrincipal) { |
228 |
0 |
throw new SecurityException( |
229 |
|
SecurityException.GROUP_DOES_NOT_EXIST.create(groupFullPathName)); |
230 |
|
} |
231 |
0 |
Preferences preferences = Preferences.userRoot().node(fullPath); |
232 |
0 |
Group group = new GroupImpl(groupPrincipal, preferences); |
233 |
0 |
return group; |
234 |
|
} |
235 |
|
|
236 |
|
|
237 |
|
|
238 |
|
|
239 |
|
public Collection getGroupsForUser(String username) |
240 |
|
throws SecurityException |
241 |
|
{ |
242 |
0 |
ArgUtil.notNull(new Object[] |
243 |
|
{ username}, new String[] |
244 |
|
{ "username"}, "getGroupsForUser(java.lang.String)"); |
245 |
|
|
246 |
0 |
Collection groups = new ArrayList(); |
247 |
|
|
248 |
0 |
Set groupPrincipals = securityMappingHandler |
249 |
|
.getGroupPrincipals(username); |
250 |
0 |
Iterator groupPrincipalsIter = groupPrincipals.iterator(); |
251 |
0 |
while (groupPrincipalsIter.hasNext()) |
252 |
|
{ |
253 |
0 |
Principal groupPrincipal = (Principal) groupPrincipalsIter.next(); |
254 |
0 |
Preferences preferences = Preferences.userRoot().node( |
255 |
|
GroupPrincipalImpl |
256 |
|
.getFullPathFromPrincipalName(groupPrincipal |
257 |
|
.getName())); |
258 |
0 |
groups.add(new GroupImpl(groupPrincipal, preferences)); |
259 |
0 |
} |
260 |
0 |
return groups; |
261 |
|
} |
262 |
|
|
263 |
|
|
264 |
|
|
265 |
|
|
266 |
|
public Collection getGroupsInRole(String roleFullPathName) |
267 |
|
throws SecurityException |
268 |
|
{ |
269 |
0 |
ArgUtil.notNull(new Object[] |
270 |
|
{ roleFullPathName}, new String[] |
271 |
|
{ "roleFullPathName"}, "getGroupsInRole(java.lang.String)"); |
272 |
|
|
273 |
0 |
Collection groups = new ArrayList(); |
274 |
|
|
275 |
0 |
Set groupPrincipals = securityMappingHandler |
276 |
|
.getGroupPrincipalsInRole(roleFullPathName); |
277 |
0 |
Iterator groupPrincipalsIter = groupPrincipals.iterator(); |
278 |
0 |
while (groupPrincipalsIter.hasNext()) |
279 |
|
{ |
280 |
0 |
Principal groupPrincipal = (Principal) groupPrincipalsIter.next(); |
281 |
0 |
Preferences preferences = Preferences.userRoot().node( |
282 |
|
GroupPrincipalImpl |
283 |
|
.getFullPathFromPrincipalName(groupPrincipal |
284 |
|
.getName())); |
285 |
0 |
groups.add(new GroupImpl(groupPrincipal, preferences)); |
286 |
0 |
} |
287 |
0 |
return groups; |
288 |
|
} |
289 |
|
|
290 |
|
|
291 |
|
|
292 |
|
|
293 |
|
|
294 |
|
public void addUserToGroup(String username, String groupFullPathName) |
295 |
|
throws SecurityException |
296 |
|
{ |
297 |
0 |
ArgUtil.notNull(new Object[] |
298 |
|
{ username, groupFullPathName}, new String[] |
299 |
|
{ "username", "groupFullPathName"}, |
300 |
|
"addUserToGroup(java.lang.String, java.lang.String)"); |
301 |
|
|
302 |
|
|
303 |
0 |
GroupPrincipal groupPrincipal = groupSecurityHandler.getGroupPrincipal(groupFullPathName); |
304 |
0 |
if (null == groupPrincipal) { |
305 |
0 |
throw new SecurityException(SecurityException.GROUP_DOES_NOT_EXIST.create(groupFullPathName)); |
306 |
|
} |
307 |
|
|
308 |
0 |
Principal userPrincipal = atnProviderProxy.getUserPrincipal(username); |
309 |
0 |
if (null == userPrincipal) { |
310 |
0 |
throw new SecurityException(SecurityException.USER_DOES_NOT_EXIST.create(username)); |
311 |
|
} |
312 |
|
|
313 |
0 |
Set groupPrincipals = securityMappingHandler.getGroupPrincipals(username); |
314 |
|
|
315 |
0 |
if (!groupPrincipals.contains(groupPrincipal)) |
316 |
|
{ |
317 |
0 |
securityMappingHandler.setUserPrincipalInGroup(username,groupFullPathName); |
318 |
|
} |
319 |
0 |
} |
320 |
|
|
321 |
|
|
322 |
|
|
323 |
|
|
324 |
|
|
325 |
|
public void removeUserFromGroup(String username, String groupFullPathName) |
326 |
|
throws SecurityException |
327 |
|
{ |
328 |
0 |
ArgUtil.notNull(new Object[] |
329 |
|
{ username, groupFullPathName}, new String[] |
330 |
|
{ "username", "groupFullPathName"}, |
331 |
|
"removeUserFromGroup(java.lang.String, java.lang.String)"); |
332 |
|
|
333 |
|
|
334 |
0 |
Principal userPrincipal = atnProviderProxy.getUserPrincipal(username); |
335 |
0 |
if (null == userPrincipal) { |
336 |
0 |
throw new SecurityException(SecurityException.USER_DOES_NOT_EXIST.create(username)); |
337 |
|
} |
338 |
|
|
339 |
0 |
Principal groupPrincipal = groupSecurityHandler |
340 |
|
.getGroupPrincipal(groupFullPathName); |
341 |
0 |
if (null != groupPrincipal) |
342 |
|
{ |
343 |
0 |
securityMappingHandler.removeUserPrincipalInGroup(username, |
344 |
|
groupFullPathName); |
345 |
|
} |
346 |
0 |
} |
347 |
|
|
348 |
|
|
349 |
|
|
350 |
|
|
351 |
|
|
352 |
|
public boolean isUserInGroup(String username, String groupFullPathName) |
353 |
|
throws SecurityException |
354 |
|
{ |
355 |
0 |
ArgUtil.notNull(new Object[] |
356 |
|
{ username, groupFullPathName}, new String[] |
357 |
|
{ "username", "groupFullPathName"}, |
358 |
|
"isUserInGroup(java.lang.String, java.lang.String)"); |
359 |
|
|
360 |
0 |
boolean isUserInGroup = false; |
361 |
|
|
362 |
0 |
Set groupPrincipals = securityMappingHandler |
363 |
|
.getGroupPrincipals(username); |
364 |
0 |
Principal groupPrincipal = new GroupPrincipalImpl(groupFullPathName); |
365 |
0 |
if (groupPrincipals.contains(groupPrincipal)) |
366 |
|
{ |
367 |
0 |
isUserInGroup = true; |
368 |
|
} |
369 |
0 |
return isUserInGroup; |
370 |
|
} |
371 |
|
|
372 |
|
|
373 |
|
|
374 |
|
|
375 |
|
public Iterator getGroups(String filter) throws SecurityException |
376 |
|
{ |
377 |
0 |
List groups = new LinkedList(); |
378 |
0 |
Iterator groupPrincipals = groupSecurityHandler.getGroupPrincipals(filter).iterator(); |
379 |
0 |
while (groupPrincipals.hasNext()) |
380 |
|
{ |
381 |
0 |
String groupName = ((Principal) groupPrincipals.next()).getName(); |
382 |
0 |
Group group = getGroup(groupName); |
383 |
0 |
groups.add(group); |
384 |
0 |
} |
385 |
0 |
return groups.iterator(); |
386 |
|
} |
387 |
|
|
388 |
|
|
389 |
|
|
390 |
|
|
391 |
|
public void setGroupEnabled(String groupFullPathName, boolean enabled) throws SecurityException |
392 |
|
{ |
393 |
0 |
ArgUtil.notNull(new Object[] { groupFullPathName }, class="keyword">new String[] { "groupFullPathName" }, |
394 |
|
"setGroupEnabled(java.lang.String,boolean)"); |
395 |
|
|
396 |
0 |
GroupPrincipalImpl groupPrincipal = (GroupPrincipalImpl)groupSecurityHandler.getGroupPrincipal(groupFullPathName); |
397 |
0 |
if (null == groupPrincipal) |
398 |
|
{ |
399 |
0 |
throw new SecurityException(SecurityException.GROUP_DOES_NOT_EXIST.create(groupFullPathName)); |
400 |
|
} |
401 |
0 |
if ( enabled != groupPrincipal.isEnabled() ) |
402 |
|
{ |
403 |
0 |
groupPrincipal.setEnabled(enabled); |
404 |
0 |
groupSecurityHandler.setGroupPrincipal(groupPrincipal); |
405 |
|
} |
406 |
0 |
} |
407 |
|
} |