1 |
|
|
2 |
|
|
3 |
|
|
4 |
|
|
5 |
|
|
6 |
|
|
7 |
|
|
8 |
|
|
9 |
|
|
10 |
|
|
11 |
|
|
12 |
|
|
13 |
|
|
14 |
|
|
15 |
|
|
16 |
|
|
17 |
|
package org.apache.jetspeed.security.impl; |
18 |
|
|
19 |
|
import java.security.Principal; |
20 |
|
import java.util.ArrayList; |
21 |
|
import java.util.Collection; |
22 |
|
import java.util.Iterator; |
23 |
|
import java.util.LinkedList; |
24 |
|
import java.util.List; |
25 |
|
import java.util.Set; |
26 |
|
import java.util.prefs.BackingStoreException; |
27 |
|
import java.util.prefs.Preferences; |
28 |
|
|
29 |
|
import org.apache.commons.logging.Log; |
30 |
|
import org.apache.commons.logging.LogFactory; |
31 |
|
import org.apache.jetspeed.i18n.KeyedMessage; |
32 |
|
import org.apache.jetspeed.security.AuthenticationProviderProxy; |
33 |
|
import org.apache.jetspeed.security.Role; |
34 |
|
import org.apache.jetspeed.security.RoleManager; |
35 |
|
import org.apache.jetspeed.security.RolePrincipal; |
36 |
|
import org.apache.jetspeed.security.SecurityException; |
37 |
|
import org.apache.jetspeed.security.SecurityProvider; |
38 |
|
import org.apache.jetspeed.security.spi.RoleSecurityHandler; |
39 |
|
import org.apache.jetspeed.security.spi.SecurityMappingHandler; |
40 |
|
import org.apache.jetspeed.util.ArgUtil; |
41 |
|
|
42 |
|
|
43 |
|
|
44 |
|
|
45 |
|
|
46 |
|
|
47 |
|
|
48 |
|
|
49 |
|
|
50 |
|
|
51 |
|
|
52 |
|
|
53 |
|
|
54 |
|
|
55 |
|
|
56 |
|
|
57 |
|
|
58 |
|
|
59 |
|
|
60 |
|
public class RoleManagerImpl implements RoleManager |
61 |
|
{ |
62 |
|
|
63 |
0 |
private static final Log log = LogFactory.getLog(RoleManagerImpl.class); |
64 |
|
|
65 |
|
|
66 |
0 |
private AuthenticationProviderProxy atnProviderProxy = null; |
67 |
|
|
68 |
|
|
69 |
0 |
private RoleSecurityHandler roleSecurityHandler = null; |
70 |
|
|
71 |
|
|
72 |
0 |
private SecurityMappingHandler securityMappingHandler = null; |
73 |
|
|
74 |
|
|
75 |
|
|
76 |
|
|
77 |
|
public RoleManagerImpl(SecurityProvider securityProvider) |
78 |
0 |
{ |
79 |
0 |
this.atnProviderProxy = securityProvider.getAuthenticationProviderProxy(); |
80 |
0 |
this.roleSecurityHandler = securityProvider.getRoleSecurityHandler(); |
81 |
0 |
this.securityMappingHandler = securityProvider.getSecurityMappingHandler(); |
82 |
0 |
} |
83 |
|
|
84 |
|
|
85 |
|
|
86 |
|
|
87 |
|
public void addRole(String roleFullPathName) throws SecurityException |
88 |
|
{ |
89 |
0 |
ArgUtil.notNull(new Object[] { roleFullPathName }, class="keyword">new String[] { "roleFullPathName" }, |
90 |
|
"addRole(java.lang.String)"); |
91 |
|
|
92 |
|
|
93 |
0 |
if (roleExists(roleFullPathName)) |
94 |
|
{ |
95 |
0 |
throw new SecurityException(SecurityException.ROLE_ALREADY_EXISTS.create(roleFullPathName)); |
96 |
|
} |
97 |
|
|
98 |
0 |
RolePrincipal rolePrincipal = new RolePrincipalImpl(roleFullPathName); |
99 |
0 |
String fullPath = rolePrincipal.getFullPath(); |
100 |
|
|
101 |
0 |
Preferences preferences = Preferences.userRoot().node(fullPath); |
102 |
0 |
if (log.isDebugEnabled()) |
103 |
|
{ |
104 |
0 |
log.debug("Added role preferences node: " + fullPath); |
105 |
|
} |
106 |
|
try |
107 |
|
{ |
108 |
0 |
if ((null != preferences) && preferences.absolutePath().equals(fullPath)) |
109 |
|
{ |
110 |
|
|
111 |
0 |
roleSecurityHandler.setRolePrincipal(rolePrincipal); |
112 |
0 |
if (log.isDebugEnabled()) |
113 |
|
{ |
114 |
0 |
log.debug("Added role: " + fullPath); |
115 |
|
} |
116 |
|
} |
117 |
|
} |
118 |
0 |
catch (SecurityException se) |
119 |
|
{ |
120 |
0 |
KeyedMessage msg = |
121 |
|
SecurityException.UNEXPECTED.create("RoleManager.addRole", |
122 |
|
"RoleSecurityHandler.setRolePrincipal("+rolePrincipal.getName()+")", |
123 |
|
se.getMessage()); |
124 |
0 |
log.error(msg, se); |
125 |
|
|
126 |
|
|
127 |
|
try |
128 |
|
{ |
129 |
0 |
preferences.removeNode(); |
130 |
|
} |
131 |
0 |
catch (BackingStoreException bse) |
132 |
|
{ |
133 |
0 |
bse.printStackTrace(); |
134 |
0 |
} |
135 |
0 |
throw new SecurityException(msg, se); |
136 |
0 |
} |
137 |
0 |
} |
138 |
|
|
139 |
|
|
140 |
|
|
141 |
|
|
142 |
|
public void removeRole(String roleFullPathName) throws SecurityException |
143 |
|
{ |
144 |
0 |
ArgUtil.notNull(new Object[] { roleFullPathName }, class="keyword">new String[] { "roleFullPathName" }, |
145 |
|
"removeRole(java.lang.String)"); |
146 |
|
|
147 |
|
|
148 |
0 |
Preferences prefs = Preferences.userRoot().node( |
149 |
|
RolePrincipalImpl.getFullPathFromPrincipalName(roleFullPathName)); |
150 |
0 |
String[] roles = securityMappingHandler.getRoleHierarchyResolver().resolveChildren(prefs); |
151 |
0 |
for (int i = 0; i < roles.length; i++) |
152 |
|
{ |
153 |
|
try |
154 |
|
{ |
155 |
0 |
roleSecurityHandler.removeRolePrincipal(new RolePrincipalImpl(RolePrincipalImpl |
156 |
|
.getPrincipalNameFromFullPath(roles[i]))); |
157 |
|
} |
158 |
0 |
catch (Exception e) |
159 |
|
{ |
160 |
0 |
KeyedMessage msg = |
161 |
|
SecurityException.UNEXPECTED.create("RoleManager.removeRole", |
162 |
|
"RoleSecurityHandler.removeRolePrincipal("+RolePrincipalImpl.getPrincipalNameFromFullPath(roles[i])+")", |
163 |
|
e.getMessage()); |
164 |
0 |
log.error(msg, e); |
165 |
0 |
throw new SecurityException(msg, e); |
166 |
0 |
} |
167 |
|
|
168 |
0 |
Preferences rolePref = Preferences.userRoot().node(roles[i]); |
169 |
|
try |
170 |
|
{ |
171 |
0 |
rolePref.removeNode(); |
172 |
|
} |
173 |
0 |
catch (BackingStoreException bse) |
174 |
|
{ |
175 |
0 |
KeyedMessage msg = |
176 |
|
SecurityException.UNEXPECTED.create("RoleManager.removeRole", |
177 |
|
"Preferences.removeNode("+roles[i]+")", |
178 |
|
bse.getMessage()); |
179 |
0 |
log.error(msg, bse); |
180 |
0 |
throw new SecurityException(msg, bse); |
181 |
0 |
} |
182 |
|
} |
183 |
0 |
} |
184 |
|
|
185 |
|
|
186 |
|
|
187 |
|
|
188 |
|
public boolean roleExists(String roleFullPathName) |
189 |
|
{ |
190 |
0 |
ArgUtil.notNull(new Object[] { roleFullPathName }, class="keyword">new String[] { "roleFullPathName" }, |
191 |
|
"roleExists(java.lang.String)"); |
192 |
|
|
193 |
0 |
Principal principal = roleSecurityHandler.getRolePrincipal(roleFullPathName); |
194 |
0 |
boolean roleExists = (null != principal); |
195 |
0 |
if (log.isDebugEnabled()) |
196 |
|
{ |
197 |
0 |
log.debug("Role exists: " + roleExists); |
198 |
0 |
log.debug("Role: " + roleFullPathName); |
199 |
|
} |
200 |
0 |
return roleExists; |
201 |
|
} |
202 |
|
|
203 |
|
|
204 |
|
|
205 |
|
|
206 |
|
public Role getRole(String roleFullPathName) throws SecurityException |
207 |
|
{ |
208 |
0 |
ArgUtil.notNull(new Object[] { roleFullPathName }, class="keyword">new String[] { "roleFullPathName" }, |
209 |
|
"getRole(java.lang.String)"); |
210 |
|
|
211 |
0 |
String fullPath = RolePrincipalImpl.getFullPathFromPrincipalName(roleFullPathName); |
212 |
|
|
213 |
0 |
Principal rolePrincipal = roleSecurityHandler.getRolePrincipal(roleFullPathName); |
214 |
0 |
if (null == rolePrincipal) |
215 |
|
{ |
216 |
0 |
throw new SecurityException(SecurityException.ROLE_DOES_NOT_EXIST.create(roleFullPathName)); |
217 |
|
} |
218 |
0 |
Preferences preferences = Preferences.userRoot().node(fullPath); |
219 |
0 |
Role role = new RoleImpl(rolePrincipal, preferences); |
220 |
0 |
return role; |
221 |
|
} |
222 |
|
|
223 |
|
|
224 |
|
|
225 |
|
|
226 |
|
public Collection getRolesForUser(String username) throws SecurityException |
227 |
|
{ |
228 |
0 |
ArgUtil.notNull(new Object[] { username }, class="keyword">new String[] { "username" }, "getRolesForUser(java.lang.String)"); |
229 |
|
|
230 |
0 |
Collection roles = new ArrayList(); |
231 |
|
|
232 |
0 |
Set rolePrincipals = securityMappingHandler.getRolePrincipals(username); |
233 |
0 |
Iterator rolePrincipalsIter = rolePrincipals.iterator(); |
234 |
0 |
while (rolePrincipalsIter.hasNext()) |
235 |
|
{ |
236 |
0 |
Principal rolePrincipal = (Principal) rolePrincipalsIter.next(); |
237 |
0 |
Preferences preferences = Preferences.userRoot().node( |
238 |
|
RolePrincipalImpl.getFullPathFromPrincipalName(rolePrincipal.getName())); |
239 |
0 |
roles.add(new RoleImpl(rolePrincipal, preferences)); |
240 |
0 |
} |
241 |
0 |
return roles; |
242 |
|
} |
243 |
|
|
244 |
|
|
245 |
|
|
246 |
|
|
247 |
|
public Collection getRolesInGroup(String groupFullPathName) throws SecurityException |
248 |
|
{ |
249 |
0 |
ArgUtil.notNull(new Object[] { groupFullPathName }, class="keyword">new String[] { "groupFullPathName" }, |
250 |
|
"getRolesInGroup(java.lang.String)"); |
251 |
|
|
252 |
0 |
Collection roles = new ArrayList(); |
253 |
|
|
254 |
0 |
Set rolePrincipals = securityMappingHandler.getRolePrincipalsInGroup(groupFullPathName); |
255 |
0 |
Iterator rolePrincipalsIter = rolePrincipals.iterator(); |
256 |
0 |
while (rolePrincipalsIter.hasNext()) |
257 |
|
{ |
258 |
0 |
Principal rolePrincipal = (Principal) rolePrincipalsIter.next(); |
259 |
0 |
Preferences preferences = Preferences.userRoot().node( |
260 |
|
RolePrincipalImpl.getFullPathFromPrincipalName(rolePrincipal.getName())); |
261 |
0 |
roles.add(new RoleImpl(rolePrincipal, preferences)); |
262 |
0 |
} |
263 |
0 |
return roles; |
264 |
|
} |
265 |
|
|
266 |
|
|
267 |
|
|
268 |
|
|
269 |
|
|
270 |
|
public void addRoleToUser(String username, String roleFullPathName) throws SecurityException |
271 |
|
{ |
272 |
0 |
ArgUtil.notNull(new Object[] { username, roleFullPathName }, class="keyword">new String[] { "username", "roleFullPathName" }, |
273 |
|
"addUserToRole(java.lang.String, java.lang.String)"); |
274 |
|
|
275 |
|
|
276 |
0 |
Principal rolePrincipal = roleSecurityHandler.getRolePrincipal(roleFullPathName); |
277 |
0 |
if (null == rolePrincipal) |
278 |
|
{ |
279 |
0 |
throw new SecurityException(SecurityException.ROLE_DOES_NOT_EXIST.create(roleFullPathName)); |
280 |
|
} |
281 |
|
|
282 |
0 |
Principal userPrincipal = atnProviderProxy.getUserPrincipal(username); |
283 |
0 |
if (null == userPrincipal) |
284 |
|
{ |
285 |
0 |
throw new SecurityException(SecurityException.USER_DOES_NOT_EXIST.create(username)); |
286 |
|
} |
287 |
|
|
288 |
0 |
Set rolePrincipals = securityMappingHandler.getRolePrincipals(username); |
289 |
|
|
290 |
0 |
if (!rolePrincipals.contains(rolePrincipal)) |
291 |
|
{ |
292 |
0 |
securityMappingHandler.setUserPrincipalInRole(username, roleFullPathName); |
293 |
|
} |
294 |
0 |
} |
295 |
|
|
296 |
|
|
297 |
|
|
298 |
|
|
299 |
|
|
300 |
|
public void removeRoleFromUser(String username, String roleFullPathName) throws SecurityException |
301 |
|
{ |
302 |
0 |
ArgUtil.notNull(new Object[] { username, roleFullPathName }, class="keyword">new String[] { "username", "roleFullPathName" }, |
303 |
|
"removeRoleFromUser(java.lang.String, java.lang.String)"); |
304 |
|
|
305 |
|
|
306 |
0 |
Principal userPrincipal = atnProviderProxy.getUserPrincipal(username); |
307 |
0 |
if (null == userPrincipal) |
308 |
|
{ |
309 |
0 |
throw new SecurityException(SecurityException.USER_DOES_NOT_EXIST.create(username)); |
310 |
|
} |
311 |
|
|
312 |
0 |
Principal rolePrincipal = roleSecurityHandler.getRolePrincipal(roleFullPathName); |
313 |
0 |
if (null != rolePrincipal) |
314 |
|
{ |
315 |
0 |
securityMappingHandler.removeUserPrincipalInRole(username, roleFullPathName); |
316 |
|
} |
317 |
0 |
} |
318 |
|
|
319 |
|
|
320 |
|
|
321 |
|
|
322 |
|
|
323 |
|
public boolean isUserInRole(String username, String roleFullPathName) throws SecurityException |
324 |
|
{ |
325 |
0 |
ArgUtil.notNull(new Object[] { username, roleFullPathName }, class="keyword">new String[] { "username", "roleFullPathName" }, |
326 |
|
"isUserInRole(java.lang.String, java.lang.String)"); |
327 |
|
|
328 |
0 |
boolean isUserInRole = false; |
329 |
|
|
330 |
0 |
Set rolePrincipals = securityMappingHandler.getRolePrincipals(username); |
331 |
0 |
Principal rolePrincipal = new RolePrincipalImpl(roleFullPathName); |
332 |
0 |
if (rolePrincipals.contains(rolePrincipal)) |
333 |
|
{ |
334 |
0 |
isUserInRole = true; |
335 |
|
} |
336 |
0 |
return isUserInRole; |
337 |
|
} |
338 |
|
|
339 |
|
|
340 |
|
|
341 |
|
|
342 |
|
|
343 |
|
public void addRoleToGroup(String roleFullPathName, String groupFullPathName) throws SecurityException |
344 |
|
{ |
345 |
0 |
ArgUtil.notNull(new Object[] { roleFullPathName, groupFullPathName }, class="keyword">new String[] { "roleFullPathName", |
346 |
|
"groupFullPathName" }, "addRoleToGroup(java.lang.String, java.lang.String)"); |
347 |
|
|
348 |
|
|
349 |
0 |
Principal rolePrincipal = roleSecurityHandler.getRolePrincipal(roleFullPathName); |
350 |
0 |
if (null == rolePrincipal) |
351 |
|
{ |
352 |
0 |
throw new SecurityException(SecurityException.ROLE_DOES_NOT_EXIST.create(roleFullPathName)); |
353 |
|
} |
354 |
0 |
securityMappingHandler.setRolePrincipalInGroup(groupFullPathName, roleFullPathName); |
355 |
0 |
} |
356 |
|
|
357 |
|
|
358 |
|
|
359 |
|
|
360 |
|
|
361 |
|
public void removeRoleFromGroup(String roleFullPathName, String groupFullPathName) throws SecurityException |
362 |
|
{ |
363 |
0 |
ArgUtil.notNull(new Object[] { roleFullPathName, groupFullPathName }, class="keyword">new String[] { "roleFullPathName", |
364 |
|
"groupFullPathName" }, "removeRoleFromGroup(java.lang.String, java.lang.String)"); |
365 |
|
|
366 |
|
|
367 |
0 |
Principal rolePrincipal = roleSecurityHandler.getRolePrincipal(roleFullPathName); |
368 |
0 |
if (null != rolePrincipal) |
369 |
|
{ |
370 |
0 |
securityMappingHandler.removeRolePrincipalInGroup(groupFullPathName, roleFullPathName); |
371 |
|
} |
372 |
0 |
} |
373 |
|
|
374 |
|
|
375 |
|
|
376 |
|
|
377 |
|
|
378 |
|
public boolean isGroupInRole(String groupFullPathName, String roleFullPathName) throws SecurityException |
379 |
|
{ |
380 |
0 |
ArgUtil.notNull(new Object[] { roleFullPathName, groupFullPathName }, class="keyword">new String[] { "roleFullPathName", |
381 |
|
"groupFullPathName" }, "isGroupInRole(java.lang.String, java.lang.String)"); |
382 |
|
|
383 |
0 |
boolean isGroupInRole = false; |
384 |
|
|
385 |
0 |
Set rolePrincipals = securityMappingHandler.getRolePrincipalsInGroup(groupFullPathName); |
386 |
0 |
Principal rolePrincipal = new RolePrincipalImpl(roleFullPathName); |
387 |
0 |
if (rolePrincipals.contains(rolePrincipal)) |
388 |
|
{ |
389 |
0 |
isGroupInRole = true; |
390 |
|
} |
391 |
|
|
392 |
0 |
return isGroupInRole; |
393 |
|
} |
394 |
|
|
395 |
|
|
396 |
|
|
397 |
|
|
398 |
|
public Iterator getRoles(String filter) throws SecurityException |
399 |
|
{ |
400 |
0 |
List roles = new LinkedList(); |
401 |
0 |
Iterator rolePrincipals = roleSecurityHandler.getRolePrincipals(filter).iterator(); |
402 |
0 |
while (rolePrincipals.hasNext()) |
403 |
|
{ |
404 |
0 |
String roleName = ((Principal) rolePrincipals.next()).getName(); |
405 |
0 |
Role role = getRole(roleName); |
406 |
0 |
roles.add(role); |
407 |
0 |
} |
408 |
0 |
return roles.iterator(); |
409 |
|
} |
410 |
|
|
411 |
|
|
412 |
|
|
413 |
|
|
414 |
|
public void setRoleEnabled(String roleFullPathName, boolean enabled) throws SecurityException |
415 |
|
{ |
416 |
0 |
ArgUtil.notNull(new Object[] { roleFullPathName }, class="keyword">new String[] { "roleFullPathName" }, |
417 |
|
"setRoleEnabled(java.lang.String,boolean)"); |
418 |
|
|
419 |
0 |
RolePrincipalImpl rolePrincipal = (RolePrincipalImpl)roleSecurityHandler.getRolePrincipal(roleFullPathName); |
420 |
0 |
if (null == rolePrincipal) |
421 |
|
{ |
422 |
0 |
throw new SecurityException(SecurityException.ROLE_DOES_NOT_EXIST.create(roleFullPathName)); |
423 |
|
} |
424 |
0 |
if ( enabled != rolePrincipal.isEnabled() ) |
425 |
|
{ |
426 |
0 |
rolePrincipal.setEnabled(enabled); |
427 |
0 |
roleSecurityHandler.setRolePrincipal(rolePrincipal); |
428 |
|
} |
429 |
0 |
} |
430 |
|
} |