Classes in this File | Line Coverage | Branch Coverage | Complexity | ||||
DefaultSecurityService |
|
| 1.6;1,6 |
1 | package org.apache.turbine.services.security; | |
2 | ||
3 | ||
4 | /* | |
5 | * Licensed to the Apache Software Foundation (ASF) under one | |
6 | * or more contributor license agreements. See the NOTICE file | |
7 | * distributed with this work for additional information | |
8 | * regarding copyright ownership. The ASF licenses this file | |
9 | * to you under the Apache License, Version 2.0 (the | |
10 | * "License"); you may not use this file except in compliance | |
11 | * with the License. You may obtain a copy of the License at | |
12 | * | |
13 | * http://www.apache.org/licenses/LICENSE-2.0 | |
14 | * | |
15 | * Unless required by applicable law or agreed to in writing, | |
16 | * software distributed under the License is distributed on an | |
17 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |
18 | * KIND, either express or implied. See the License for the | |
19 | * specific language governing permissions and limitations | |
20 | * under the License. | |
21 | */ | |
22 | ||
23 | ||
24 | import org.apache.commons.configuration.Configuration; | |
25 | import org.apache.commons.logging.Log; | |
26 | import org.apache.commons.logging.LogFactory; | |
27 | import org.apache.fulcrum.security.GroupManager; | |
28 | import org.apache.fulcrum.security.PermissionManager; | |
29 | import org.apache.fulcrum.security.RoleManager; | |
30 | import org.apache.fulcrum.security.acl.AccessControlList; | |
31 | import org.apache.fulcrum.security.entity.Group; | |
32 | import org.apache.fulcrum.security.entity.Permission; | |
33 | import org.apache.fulcrum.security.entity.Role; | |
34 | import org.apache.fulcrum.security.model.turbine.TurbineModelManager; | |
35 | import org.apache.fulcrum.security.model.turbine.entity.TurbineRole; | |
36 | import org.apache.fulcrum.security.util.DataBackendException; | |
37 | import org.apache.fulcrum.security.util.EntityExistsException; | |
38 | import org.apache.fulcrum.security.util.GroupSet; | |
39 | import org.apache.fulcrum.security.util.PasswordMismatchException; | |
40 | import org.apache.fulcrum.security.util.PermissionSet; | |
41 | import org.apache.fulcrum.security.util.RoleSet; | |
42 | import org.apache.fulcrum.security.util.UnknownEntityException; | |
43 | import org.apache.turbine.om.security.User; | |
44 | import org.apache.turbine.services.InitializationException; | |
45 | import org.apache.turbine.services.ServiceManager; | |
46 | import org.apache.turbine.services.TurbineBaseService; | |
47 | import org.apache.turbine.services.TurbineServices; | |
48 | ||
49 | /** | |
50 | * This is a common subset of SecurityService implementation. | |
51 | * | |
52 | * Provided functionality includes: | |
53 | * <ul> | |
54 | * <li> methods for retrieving User objects, that delegates functionality | |
55 | * to the pluggable implementations of the User interface. | |
56 | * <li> synchronization mechanism for methods reading/modifying the security | |
57 | * information, that guarantees that multiple threads may read the | |
58 | * information concurrently, but threads that modify the information | |
59 | * acquires exclusive access. | |
60 | * <li> implementation of convenience methods for retrieving security entities | |
61 | * that maintain in-memory caching of objects for fast access. | |
62 | * </ul> | |
63 | * | |
64 | * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a> | |
65 | * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a> | |
66 | * @author <a href="mailto:marco@intermeta.de">Marco Knüttel</a> | |
67 | * @author <a href="mailto:quintonm@bellsouth.net">Quinton McCombs</a> | |
68 | * @version $Id: DefaultSecurityService.java 1821872 2018-01-22 14:35:04Z gk $ | |
69 | */ | |
70 | 25 | public class DefaultSecurityService |
71 | extends TurbineBaseService | |
72 | implements SecurityService | |
73 | { | |
74 | /** The number of threads concurrently reading security information */ | |
75 | 25 | private int readerCount = 0; |
76 | ||
77 | /** The instance of UserManager the SecurityService uses */ | |
78 | 25 | private UserManager userManager = null; |
79 | ||
80 | /** The instance of GroupManager the SecurityService uses */ | |
81 | private GroupManager groupManager; | |
82 | ||
83 | /** The instance of RoleManager the SecurityService uses */ | |
84 | private RoleManager roleManager; | |
85 | ||
86 | /** The instance of PermissionManager the SecurityService uses */ | |
87 | private PermissionManager permissionManager; | |
88 | ||
89 | /** The instance of ModelManager the SecurityService uses */ | |
90 | private TurbineModelManager modelManager; | |
91 | ||
92 | /** | |
93 | * The Group object that represents the <a href="#global">global group</a>. | |
94 | */ | |
95 | 25 | private static volatile Group globalGroup = null; |
96 | ||
97 | /** Logging */ | |
98 | 25 | private static Log log = LogFactory.getLog(DefaultSecurityService.class); |
99 | ||
100 | /** | |
101 | * Initializes the SecurityService, locating the appropriate UserManager | |
102 | * This is a zero parameter variant which queries the Turbine Servlet | |
103 | * for its config. | |
104 | * | |
105 | * @throws InitializationException Something went wrong in the init stage | |
106 | */ | |
107 | @Override | |
108 | public void init() | |
109 | throws InitializationException | |
110 | { | |
111 | 5 | ServiceManager manager = TurbineServices.getInstance(); |
112 | ||
113 | 5 | this.groupManager = (GroupManager)manager.getService(GroupManager.ROLE); |
114 | 5 | this.roleManager = (RoleManager)manager.getService(RoleManager.ROLE); |
115 | 5 | this.permissionManager = (PermissionManager)manager.getService(PermissionManager.ROLE); |
116 | 5 | this.modelManager = (TurbineModelManager)manager.getService(TurbineModelManager.ROLE); |
117 | ||
118 | 5 | Configuration conf = getConfiguration(); |
119 | ||
120 | 5 | String userManagerClassName = conf.getString( |
121 | SecurityService.USER_MANAGER_KEY, | |
122 | SecurityService.USER_MANAGER_DEFAULT); | |
123 | ||
124 | try | |
125 | { | |
126 | 5 | this.userManager = |
127 | (UserManager) Class.forName(userManagerClassName).newInstance(); | |
128 | ||
129 | 5 | userManager.init(conf); |
130 | } | |
131 | 0 | catch (Exception e) |
132 | { | |
133 | 0 | throw new InitializationException("Failed to instantiate UserManager", e); |
134 | 5 | } |
135 | ||
136 | 5 | setInit(true); |
137 | 5 | } |
138 | ||
139 | /** | |
140 | * Construct a blank User object. | |
141 | * | |
142 | * @return an object implementing User interface. | |
143 | * @throws UnknownEntityException if the object could not be instantiated. | |
144 | */ | |
145 | @Override | |
146 | public <U extends User> U getUserInstance() | |
147 | throws UnknownEntityException | |
148 | { | |
149 | U user; | |
150 | try | |
151 | { | |
152 | 1 | user = getUserManager().getUserInstance(); |
153 | } | |
154 | 0 | catch (DataBackendException e) |
155 | { | |
156 | 0 | throw new UnknownEntityException( |
157 | "Failed instantiate an User implementation object", e); | |
158 | 1 | } |
159 | 1 | return user; |
160 | } | |
161 | ||
162 | /** | |
163 | * Construct a blank User object. | |
164 | * | |
165 | * @param userName The name of the user. | |
166 | * | |
167 | * @return an object implementing User interface. | |
168 | * | |
169 | * @throws UnknownEntityException if the object could not be instantiated. | |
170 | */ | |
171 | @Override | |
172 | public <U extends User> U getUserInstance(String userName) | |
173 | throws UnknownEntityException | |
174 | { | |
175 | U user; | |
176 | try | |
177 | { | |
178 | 1 | user = getUserManager().getUserInstance(userName); |
179 | } | |
180 | 0 | catch (DataBackendException e) |
181 | { | |
182 | 0 | throw new UnknownEntityException( |
183 | "Failed instantiate an User implementation object", e); | |
184 | 1 | } |
185 | 1 | return user; |
186 | } | |
187 | ||
188 | /** | |
189 | * Construct a blank Group object. | |
190 | * | |
191 | * @return an object implementing Group interface. | |
192 | * @throws UnknownEntityException if the object could not be instantiated. | |
193 | */ | |
194 | @Override | |
195 | public <G extends Group> G getGroupInstance() | |
196 | throws UnknownEntityException | |
197 | { | |
198 | G group; | |
199 | try | |
200 | { | |
201 | 0 | group = groupManager.getGroupInstance(); |
202 | } | |
203 | 0 | catch (Exception e) |
204 | { | |
205 | 0 | throw new UnknownEntityException("Failed to instantiate a Group implementation object", e); |
206 | 0 | } |
207 | 0 | return group; |
208 | } | |
209 | ||
210 | /** | |
211 | * Construct a blank Group object. | |
212 | * | |
213 | * @param groupName The name of the Group | |
214 | * | |
215 | * @return an object implementing Group interface. | |
216 | * | |
217 | * @throws UnknownEntityException if the object could not be instantiated. | |
218 | */ | |
219 | @Override | |
220 | public <G extends Group> G getGroupInstance(String groupName) | |
221 | throws UnknownEntityException | |
222 | { | |
223 | G group; | |
224 | try | |
225 | { | |
226 | 0 | group = groupManager.getGroupInstance(groupName); |
227 | } | |
228 | 0 | catch (Exception e) |
229 | { | |
230 | 0 | throw new UnknownEntityException("Failed to instantiate a Group implementation object", e); |
231 | 0 | } |
232 | 0 | return group; |
233 | } | |
234 | ||
235 | /** | |
236 | * Construct a blank Permission object. | |
237 | * | |
238 | * @return an object implementing Permission interface. | |
239 | * @throws UnknownEntityException if the object could not be instantiated. | |
240 | */ | |
241 | @Override | |
242 | public <P extends Permission> P getPermissionInstance() | |
243 | throws UnknownEntityException | |
244 | { | |
245 | P permission; | |
246 | try | |
247 | { | |
248 | 0 | permission = permissionManager.getPermissionInstance(); |
249 | } | |
250 | 0 | catch (Exception e) |
251 | { | |
252 | 0 | throw new UnknownEntityException("Failed to instantiate a Permission implementation object", e); |
253 | 0 | } |
254 | 0 | return permission; |
255 | } | |
256 | ||
257 | /** | |
258 | * Construct a blank Permission object. | |
259 | * | |
260 | * @param permName The name of the permission. | |
261 | * | |
262 | * @return an object implementing Permission interface. | |
263 | * @throws UnknownEntityException if the object could not be instantiated. | |
264 | */ | |
265 | @Override | |
266 | public <P extends Permission> P getPermissionInstance(String permName) | |
267 | throws UnknownEntityException | |
268 | { | |
269 | P permission; | |
270 | try | |
271 | { | |
272 | 0 | permission = permissionManager.getPermissionInstance(permName); |
273 | } | |
274 | 0 | catch (Exception e) |
275 | { | |
276 | 0 | throw new UnknownEntityException("Failed to instantiate a Permission implementation object", e); |
277 | 0 | } |
278 | 0 | return permission; |
279 | } | |
280 | ||
281 | /** | |
282 | * Construct a blank Role object. | |
283 | * | |
284 | * @return an object implementing Role interface. | |
285 | * @throws UnknownEntityException if the object could not be instantiated. | |
286 | */ | |
287 | @Override | |
288 | public <R extends Role> R getRoleInstance() | |
289 | throws UnknownEntityException | |
290 | { | |
291 | R role; | |
292 | try | |
293 | { | |
294 | 0 | role = roleManager.getRoleInstance(); |
295 | } | |
296 | 0 | catch (Exception e) |
297 | { | |
298 | 0 | throw new UnknownEntityException("Failed to instantiate a Role implementation object", e); |
299 | 0 | } |
300 | 0 | return role; |
301 | } | |
302 | ||
303 | /** | |
304 | * Construct a blank Role object. | |
305 | * | |
306 | * @param roleName The name of the role. | |
307 | * | |
308 | * @return an object implementing Role interface. | |
309 | * | |
310 | * @throws UnknownEntityException if the object could not be instantiated. | |
311 | */ | |
312 | @Override | |
313 | public <R extends Role> R getRoleInstance(String roleName) | |
314 | throws UnknownEntityException | |
315 | { | |
316 | R role; | |
317 | try | |
318 | { | |
319 | 0 | role = roleManager.getRoleInstance(roleName); |
320 | } | |
321 | 0 | catch (Exception e) |
322 | { | |
323 | 0 | throw new UnknownEntityException("Failed to instantiate a Role implementation object", e); |
324 | 0 | } |
325 | 0 | return role; |
326 | } | |
327 | ||
328 | /** | |
329 | * Returns the configured UserManager. | |
330 | * | |
331 | * @return An UserManager object | |
332 | */ | |
333 | @Override | |
334 | public UserManager getUserManager() | |
335 | { | |
336 | 21 | return userManager; |
337 | } | |
338 | ||
339 | /** | |
340 | * Check whether a specified user's account exists. | |
341 | * | |
342 | * The login name is used for looking up the account. | |
343 | * | |
344 | * @param user The user to be checked. | |
345 | * @return true if the specified account exists | |
346 | * @throws DataBackendException if there was an error accessing the data | |
347 | * backend. | |
348 | */ | |
349 | @Override | |
350 | public boolean accountExists(User user) | |
351 | throws DataBackendException | |
352 | { | |
353 | 2 | return getUserManager().accountExists(user); |
354 | } | |
355 | ||
356 | /** | |
357 | * Check whether a specified user's account exists. | |
358 | * | |
359 | * The login name is used for looking up the account. | |
360 | * | |
361 | * @param userName The name of the user to be checked. | |
362 | * @return true if the specified account exists | |
363 | * @throws DataBackendException if there was an error accessing the data | |
364 | * backend. | |
365 | */ | |
366 | @Override | |
367 | public boolean accountExists(String userName) | |
368 | throws DataBackendException | |
369 | { | |
370 | 2 | return getUserManager().accountExists(userName); |
371 | } | |
372 | ||
373 | /** | |
374 | * Authenticates an user, and constructs an User object to represent | |
375 | * him/her. | |
376 | * | |
377 | * @param username The user name. | |
378 | * @param password The user password. | |
379 | * @return An authenticated Turbine User. | |
380 | * @throws PasswordMismatchException if the supplied password was incorrect. | |
381 | * @throws UnknownEntityException if the user's account does not | |
382 | * exist in the database. | |
383 | * @throws DataBackendException if there is a problem accessing the storage. | |
384 | */ | |
385 | @Override | |
386 | public <U extends User> U getAuthenticatedUser(String username, String password) | |
387 | throws DataBackendException, UnknownEntityException, | |
388 | PasswordMismatchException | |
389 | { | |
390 | 1 | return getUserManager().retrieve(username, password); |
391 | } | |
392 | ||
393 | /** | |
394 | * Constructs an User object to represent a registered user of the | |
395 | * application. | |
396 | * | |
397 | * @param username The user name. | |
398 | * @return A Turbine User. | |
399 | * @throws UnknownEntityException if the user's account does not exist | |
400 | * @throws DataBackendException if there is a problem accessing the storage. | |
401 | */ | |
402 | @Override | |
403 | public <U extends User> U getUser(String username) | |
404 | throws DataBackendException, UnknownEntityException | |
405 | { | |
406 | 1 | return getUserManager().retrieve(username); |
407 | } | |
408 | ||
409 | /** | |
410 | * Constructs an User object to represent an anonymous user of the | |
411 | * application. | |
412 | * | |
413 | * @return An anonymous Turbine User. | |
414 | * @throws UnknownEntityException if the implementation of User interface | |
415 | * could not be determined, or does not exist. | |
416 | */ | |
417 | @Override | |
418 | public <U extends User> U getAnonymousUser() | |
419 | throws UnknownEntityException | |
420 | { | |
421 | 4 | return getUserManager().getAnonymousUser(); |
422 | } | |
423 | ||
424 | /** | |
425 | * Checks whether a passed user object matches the anonymous user pattern | |
426 | * according to the configured user manager | |
427 | * | |
428 | * @param user An user object | |
429 | * | |
430 | * @return True if this is an anonymous user | |
431 | * | |
432 | */ | |
433 | @Override | |
434 | public boolean isAnonymousUser(User user) | |
435 | { | |
436 | 4 | return getUserManager().isAnonymousUser(user); |
437 | } | |
438 | ||
439 | /** | |
440 | * Saves User's data in the permanent storage. The user account is required | |
441 | * to exist in the storage. | |
442 | * | |
443 | * @param user the User object to save | |
444 | * @throws UnknownEntityException if the user's account does not | |
445 | * exist in the database. | |
446 | * @throws DataBackendException if there is a problem accessing the storage. | |
447 | */ | |
448 | @Override | |
449 | public void saveUser(User user) | |
450 | throws UnknownEntityException, DataBackendException | |
451 | { | |
452 | 1 | getUserManager().store(user); |
453 | 1 | } |
454 | ||
455 | /** | |
456 | * Saves User data when the session is unbound. The user account is required | |
457 | * to exist in the storage. | |
458 | * | |
459 | * LastLogin, AccessCounter, persistent pull tools, and any data stored | |
460 | * in the permData hashmap that is not mapped to a column will be saved. | |
461 | * | |
462 | * @throws UnknownEntityException if the user's account does not | |
463 | * exist in the database. | |
464 | * @throws DataBackendException if there is a problem accessing the | |
465 | * storage. | |
466 | */ | |
467 | @Override | |
468 | public void saveOnSessionUnbind(User user) | |
469 | throws UnknownEntityException, DataBackendException | |
470 | { | |
471 | 0 | getUserManager().saveOnSessionUnbind(user); |
472 | 0 | } |
473 | ||
474 | /** | |
475 | * Creates new user account with specified attributes. | |
476 | * | |
477 | * @param user the object describing account to be created. | |
478 | * @param password The password to use for the account. | |
479 | * | |
480 | * @throws DataBackendException if there was an error accessing the | |
481 | * data backend. | |
482 | * @throws EntityExistsException if the user account already exists. | |
483 | */ | |
484 | @Override | |
485 | public void addUser(User user, String password) | |
486 | throws UnknownEntityException,DataBackendException, EntityExistsException | |
487 | { | |
488 | 3 | getUserManager().createAccount(user, password); |
489 | 3 | } |
490 | ||
491 | /** | |
492 | * Removes an user account from the system. | |
493 | * | |
494 | * @param user the object describing the account to be removed. | |
495 | * @throws DataBackendException if there was an error accessing the data | |
496 | * backend. | |
497 | * @throws UnknownEntityException if the user account is not present. | |
498 | */ | |
499 | @Override | |
500 | public void removeUser(User user) | |
501 | throws DataBackendException, UnknownEntityException | |
502 | { | |
503 | 0 | if (user == null) { |
504 | 0 | throw new UnknownEntityException("user is null"); |
505 | } | |
506 | // revoke all roles form the user | |
507 | 0 | modelManager.revokeAll(user.getUserDelegate()); |
508 | 0 | getUserManager().removeAccount(user); |
509 | 0 | } |
510 | ||
511 | /** | |
512 | * Change the password for an User. | |
513 | * | |
514 | * @param user an User to change password for. | |
515 | * @param oldPassword the current password supplied by the user. | |
516 | * @param newPassword the current password requested by the user. | |
517 | * @throws PasswordMismatchException if the supplied password was incorrect. | |
518 | * @throws UnknownEntityException if the user's record does not | |
519 | * exist in the database. | |
520 | * @throws DataBackendException if there is a problem accessing the storage. | |
521 | */ | |
522 | @Override | |
523 | public void changePassword(User user, String oldPassword, | |
524 | String newPassword) | |
525 | throws PasswordMismatchException, UnknownEntityException, | |
526 | DataBackendException | |
527 | { | |
528 | 0 | getUserManager().changePassword(user, oldPassword, newPassword); |
529 | 0 | } |
530 | ||
531 | /** | |
532 | * Forcibly sets new password for an User. | |
533 | * | |
534 | * This is supposed by the administrator to change the forgotten or | |
535 | * compromised passwords. Certain implementatations of this feature | |
536 | * would require administrative level access to the authenticating | |
537 | * server / program. | |
538 | * | |
539 | * @param user an User to change password for. | |
540 | * @param password the new password. | |
541 | * @throws UnknownEntityException if the user's record does not | |
542 | * exist in the database. | |
543 | * @throws DataBackendException if there is a problem accessing the storage. | |
544 | */ | |
545 | @Override | |
546 | public void forcePassword(User user, String password) | |
547 | throws UnknownEntityException, DataBackendException | |
548 | { | |
549 | 0 | getUserManager().forcePassword(user, password); |
550 | 0 | } |
551 | ||
552 | /** | |
553 | * Acquire a shared lock on the security information repository. | |
554 | * | |
555 | * Methods that read security information need to invoke this | |
556 | * method at the beginning of their body. | |
557 | */ | |
558 | protected synchronized void lockShared() | |
559 | { | |
560 | 0 | readerCount++; |
561 | 0 | } |
562 | ||
563 | /** | |
564 | * Release a shared lock on the security information repository. | |
565 | * | |
566 | * Methods that read security information need to invoke this | |
567 | * method at the end of their body. | |
568 | */ | |
569 | protected synchronized void unlockShared() | |
570 | { | |
571 | 0 | readerCount--; |
572 | 0 | this.notify(); |
573 | 0 | } |
574 | ||
575 | /** | |
576 | * Acquire an exclusive lock on the security information repository. | |
577 | * | |
578 | * Methods that modify security information need to invoke this | |
579 | * method at the beginning of their body. Note! Those methods must | |
580 | * be <code>synchronized</code> themselves! | |
581 | */ | |
582 | protected void lockExclusive() | |
583 | { | |
584 | 0 | while (readerCount > 0) |
585 | { | |
586 | try | |
587 | { | |
588 | 0 | this.wait(); |
589 | } | |
590 | 0 | catch (InterruptedException e) |
591 | { | |
592 | // ignore | |
593 | 0 | } |
594 | } | |
595 | 0 | } |
596 | ||
597 | /** | |
598 | * Release an exclusive lock on the security information repository. | |
599 | * | |
600 | * This method is provided only for completeness. It does not really | |
601 | * do anything. Note! Methods that modify security information | |
602 | * must be <code>synchronized</code>! | |
603 | */ | |
604 | protected void unlockExclusive() | |
605 | { | |
606 | // do nothing | |
607 | 0 | } |
608 | ||
609 | /** | |
610 | * Provides a reference to the Group object that represents the | |
611 | * <a href="#global">global group</a>. | |
612 | * | |
613 | * @return a Group object that represents the global group. | |
614 | */ | |
615 | @Override | |
616 | public <G extends Group> G getGlobalGroup() | |
617 | { | |
618 | 0 | if (globalGroup == null) |
619 | { | |
620 | 0 | synchronized (DefaultSecurityService.class) |
621 | { | |
622 | 0 | if (globalGroup == null) |
623 | { | |
624 | try | |
625 | { | |
626 | 0 | globalGroup = modelManager.getGlobalGroup(); |
627 | } | |
628 | 0 | catch (DataBackendException e) |
629 | { | |
630 | 0 | log.error("Failed to retrieve global group object: ", e); |
631 | 0 | } |
632 | } | |
633 | 0 | } |
634 | } | |
635 | @SuppressWarnings("unchecked") | |
636 | 0 | G g = (G)globalGroup; |
637 | 0 | return g; |
638 | } | |
639 | ||
640 | /** | |
641 | * Retrieve a Group object with specified name. | |
642 | * | |
643 | * @param name the name of the Group. | |
644 | * @return an object representing the Group with specified name. | |
645 | * @throws DataBackendException if there was an error accessing the | |
646 | * data backend. | |
647 | * @throws UnknownEntityException if the group does not exist. | |
648 | */ | |
649 | @Override | |
650 | public <G extends Group> G getGroupByName(String name) | |
651 | throws DataBackendException, UnknownEntityException | |
652 | { | |
653 | 0 | return groupManager.getGroupByName(name); |
654 | } | |
655 | ||
656 | /** | |
657 | * Retrieve a Group object with specified Id. | |
658 | * | |
659 | * @param id the id of the Group. | |
660 | * @return an object representing the Group with specified name. | |
661 | * @throws UnknownEntityException if the permission does not | |
662 | * exist in the database. | |
663 | * @throws DataBackendException if there is a problem accessing the | |
664 | * storage. | |
665 | */ | |
666 | @Override | |
667 | public <G extends Group> G getGroupById(int id) | |
668 | throws DataBackendException, UnknownEntityException | |
669 | { | |
670 | 0 | return groupManager.getGroupById(Integer.valueOf(id)); |
671 | } | |
672 | ||
673 | /** | |
674 | * Retrieve a Role object with specified name. | |
675 | * | |
676 | * @param name the name of the Role. | |
677 | * @return an object representing the Role with specified name. | |
678 | * @throws DataBackendException if there was an error accessing the | |
679 | * data backend. | |
680 | * @throws UnknownEntityException if the role does not exist. | |
681 | */ | |
682 | @Override | |
683 | public <R extends Role> R getRoleByName(String name) | |
684 | throws DataBackendException, UnknownEntityException | |
685 | { | |
686 | 0 | R role = roleManager.getRoleByName(name); |
687 | 0 | if (role instanceof TurbineRole) |
688 | { | |
689 | 0 | ((TurbineRole)role).setPermissions(getPermissions(role)); |
690 | } | |
691 | 0 | return role; |
692 | } | |
693 | ||
694 | /** | |
695 | * Retrieve a Role object with specified Id. | |
696 | * @param id the id of the Role. | |
697 | * @return an object representing the Role with specified name. | |
698 | * @throws UnknownEntityException if the permission does not | |
699 | * exist in the database. | |
700 | * @throws DataBackendException if there is a problem accessing the | |
701 | * storage. | |
702 | */ | |
703 | @Override | |
704 | public <R extends Role> R getRoleById(int id) | |
705 | throws DataBackendException, | |
706 | UnknownEntityException | |
707 | { | |
708 | 0 | R role = roleManager.getRoleById(Integer.valueOf(id)); |
709 | 0 | if (role instanceof TurbineRole) |
710 | { | |
711 | 0 | ((TurbineRole)role).setPermissions(getPermissions(role)); |
712 | } | |
713 | 0 | return role; |
714 | } | |
715 | ||
716 | /** | |
717 | * Retrieve a Permission object with specified name. | |
718 | * | |
719 | * @param name the name of the Permission. | |
720 | * @return an object representing the Permission with specified name. | |
721 | * @throws DataBackendException if there was an error accessing the | |
722 | * data backend. | |
723 | * @throws UnknownEntityException if the permission does not exist. | |
724 | */ | |
725 | @Override | |
726 | public <P extends Permission> P getPermissionByName(String name) | |
727 | throws DataBackendException, UnknownEntityException | |
728 | { | |
729 | 0 | return permissionManager.getPermissionByName(name); |
730 | } | |
731 | ||
732 | /** | |
733 | * Retrieve a Permission object with specified Id. | |
734 | * | |
735 | * @param id the id of the Permission. | |
736 | * @return an object representing the Permission with specified name. | |
737 | * @throws UnknownEntityException if the permission does not | |
738 | * exist in the database. | |
739 | * @throws DataBackendException if there is a problem accessing the | |
740 | * storage. | |
741 | */ | |
742 | @Override | |
743 | public <P extends Permission> P getPermissionById(int id) | |
744 | throws DataBackendException, | |
745 | UnknownEntityException | |
746 | { | |
747 | 0 | return permissionManager.getPermissionById(Integer.valueOf(id)); |
748 | } | |
749 | ||
750 | /** | |
751 | * Retrieves all groups defined in the system. | |
752 | * | |
753 | * @return the names of all groups defined in the system. | |
754 | * @throws DataBackendException if there was an error accessing the | |
755 | * data backend. | |
756 | */ | |
757 | @Override | |
758 | public GroupSet getAllGroups() throws DataBackendException | |
759 | { | |
760 | 0 | return groupManager.getAllGroups(); |
761 | } | |
762 | ||
763 | /** | |
764 | * Retrieves all roles defined in the system. | |
765 | * | |
766 | * @return the names of all roles defined in the system. | |
767 | * @throws DataBackendException if there was an error accessing the | |
768 | * data backend. | |
769 | */ | |
770 | @Override | |
771 | public RoleSet getAllRoles() throws DataBackendException | |
772 | { | |
773 | 0 | return roleManager.getAllRoles(); |
774 | } | |
775 | ||
776 | /** | |
777 | * Retrieves all permissions defined in the system. | |
778 | * | |
779 | * @return the names of all roles defined in the system. | |
780 | * @throws DataBackendException if there was an error accessing the | |
781 | * data backend. | |
782 | */ | |
783 | @Override | |
784 | public PermissionSet getAllPermissions() throws DataBackendException | |
785 | { | |
786 | 0 | return permissionManager.getAllPermissions(); |
787 | } | |
788 | ||
789 | /*----------------------------------------------------------------------- | |
790 | Creation of AccessControlLists | |
791 | -----------------------------------------------------------------------*/ | |
792 | ||
793 | /** | |
794 | * Constructs an AccessControlList for a specific user. | |
795 | * | |
796 | * @param user the user for whom the AccessControlList are to be retrieved | |
797 | * @return The AccessControList object constructed from the user object. | |
798 | * @throws DataBackendException if there was an error accessing the data | |
799 | * backend. | |
800 | * @throws UnknownEntityException if user account is not present. | |
801 | */ | |
802 | @Override | |
803 | public <A extends AccessControlList> A getACL(User user) | |
804 | throws DataBackendException, UnknownEntityException | |
805 | { | |
806 | 1 | return getUserManager().getACL(user); |
807 | } | |
808 | ||
809 | /*----------------------------------------------------------------------- | |
810 | Security management | |
811 | -----------------------------------------------------------------------*/ | |
812 | ||
813 | /** | |
814 | * Grant an User a Role in a Group. | |
815 | * | |
816 | * @param user the user. | |
817 | * @param group the group. | |
818 | * @param role the role. | |
819 | * @throws DataBackendException if there was an error accessing the data | |
820 | * backend. | |
821 | * @throws UnknownEntityException if user account, group or role is not | |
822 | * present. | |
823 | */ | |
824 | @Override | |
825 | public void grant(User user, Group group, Role role) | |
826 | throws DataBackendException, UnknownEntityException | |
827 | { | |
828 | 1 | if (user == null) { |
829 | 0 | throw new UnknownEntityException("user is null"); |
830 | } | |
831 | 1 | modelManager.grant(user.getUserDelegate(), group, role); |
832 | 1 | } |
833 | ||
834 | /** | |
835 | * Revoke a Role in a Group from an User. | |
836 | * | |
837 | * @param user the user. | |
838 | * @param group the group. | |
839 | * @param role the role. | |
840 | * @throws DataBackendException if there was an error accessing the data | |
841 | * backend. | |
842 | * @throws UnknownEntityException if user account, group or role is not | |
843 | * present. | |
844 | */ | |
845 | @Override | |
846 | public void revoke(User user, Group group, Role role) | |
847 | throws DataBackendException, UnknownEntityException | |
848 | { | |
849 | 0 | if (user == null) { |
850 | 0 | throw new UnknownEntityException("user is null"); |
851 | } | |
852 | 0 | modelManager.revoke(user.getUserDelegate(), group, role); |
853 | 0 | } |
854 | ||
855 | /** | |
856 | * Replaces transactionally the first role with second role for the given user. | |
857 | * | |
858 | * @param user the user. | |
859 | * @param role the old role | |
860 | * @param newRole the new role | |
861 | * | |
862 | * @throws DataBackendException | |
863 | * @throws UnknownEntityException | |
864 | */ | |
865 | @Override | |
866 | public void replaceRole(User user, Role role, Role newRole) | |
867 | throws DataBackendException, UnknownEntityException | |
868 | { | |
869 | 0 | modelManager.replace( user, role, newRole ); |
870 | 0 | } |
871 | ||
872 | /** | |
873 | * Revokes all roles from an User. | |
874 | * | |
875 | * This method is used when deleting an account. | |
876 | * | |
877 | * @param user the User. | |
878 | * @throws DataBackendException if there was an error accessing the data | |
879 | * backend. | |
880 | * @throws UnknownEntityException if the account is not present. | |
881 | */ | |
882 | @Override | |
883 | public void revokeAll(User user) | |
884 | throws DataBackendException, UnknownEntityException | |
885 | { | |
886 | 0 | if (user == null) { |
887 | 0 | throw new UnknownEntityException("user is null"); |
888 | } | |
889 | 0 | modelManager.revokeAll(user.getUserDelegate()); |
890 | 0 | } |
891 | ||
892 | /** | |
893 | * Grants a Role a Permission | |
894 | * | |
895 | * @param role the Role. | |
896 | * @param permission the Permission. | |
897 | * @throws DataBackendException if there was an error accessing the data | |
898 | * backend. | |
899 | * @throws UnknownEntityException if role or permission is not present. | |
900 | */ | |
901 | @Override | |
902 | public void grant(Role role, Permission permission) | |
903 | throws DataBackendException, UnknownEntityException | |
904 | { | |
905 | 0 | modelManager.grant(role, permission); |
906 | 0 | } |
907 | ||
908 | /** | |
909 | * Revokes a Permission from a Role. | |
910 | * | |
911 | * @param role the Role. | |
912 | * @param permission the Permission. | |
913 | * @throws DataBackendException if there was an error accessing the data | |
914 | * backend. | |
915 | * @throws UnknownEntityException if role or permission is not present. | |
916 | */ | |
917 | @Override | |
918 | public void revoke(Role role, Permission permission) | |
919 | throws DataBackendException, UnknownEntityException | |
920 | { | |
921 | 0 | modelManager.revoke(role, permission); |
922 | 0 | } |
923 | ||
924 | /** | |
925 | * Revokes all permissions from a Role. | |
926 | * | |
927 | * This method is used when deleting a Role. | |
928 | * | |
929 | * @param role the Role | |
930 | * @throws DataBackendException if there was an error accessing the data | |
931 | * backend. | |
932 | * @throws UnknownEntityException if the Role is not present. | |
933 | */ | |
934 | @Override | |
935 | public void revokeAll(Role role) | |
936 | throws DataBackendException, UnknownEntityException | |
937 | { | |
938 | 0 | modelManager.revokeAll(role); |
939 | 0 | } |
940 | ||
941 | /** | |
942 | * Revokes by default all permissions from a Role and if flag is set | |
943 | * all group and user relationships with this role | |
944 | * | |
945 | * This method is used when deleting a Role. | |
946 | * | |
947 | * @param role | |
948 | * the Role | |
949 | * @param cascadeDelete | |
950 | * if <code>true </code> removes all groups and user for this role. | |
951 | * @throws DataBackendException | |
952 | * if there was an error accessing the data backend. | |
953 | * @throws UnknownEntityException | |
954 | * if the Role is not present. | |
955 | */ | |
956 | @Override | |
957 | public void revokeAll( Role role, boolean cascadeDelete ) | |
958 | throws DataBackendException, UnknownEntityException | |
959 | { | |
960 | 0 | modelManager.revokeAll(role, cascadeDelete); |
961 | 0 | } |
962 | ||
963 | /** | |
964 | * Retrieves all permissions associated with a role. | |
965 | * | |
966 | * @param role the role name, for which the permissions are to be retrieved. | |
967 | * @return the Permissions for the specified role | |
968 | * @throws DataBackendException if there was an error accessing the data | |
969 | * backend. | |
970 | * @throws UnknownEntityException if the role is not present. | |
971 | */ | |
972 | @Override | |
973 | public PermissionSet getPermissions(Role role) | |
974 | throws DataBackendException, UnknownEntityException | |
975 | { | |
976 | 0 | return ((TurbineRole)role).getPermissions(); |
977 | } | |
978 | ||
979 | /** | |
980 | * Creates a new group with specified attributes. | |
981 | * | |
982 | * @param group the object describing the group to be created. | |
983 | * @throws DataBackendException if there was an error accessing the data | |
984 | * backend. | |
985 | * @throws EntityExistsException if the group already exists. | |
986 | */ | |
987 | @Override | |
988 | public <G extends Group> G addGroup(G group) | |
989 | throws DataBackendException, EntityExistsException | |
990 | { | |
991 | 0 | return groupManager.addGroup(group); |
992 | } | |
993 | ||
994 | /** | |
995 | * Creates a new role with specified attributes. | |
996 | * | |
997 | * @param role the objects describing the role to be created. | |
998 | * @throws DataBackendException if there was an error accessing the data | |
999 | * backend. | |
1000 | * @throws EntityExistsException if the role already exists. | |
1001 | */ | |
1002 | @Override | |
1003 | public <R extends Role> R addRole(R role) | |
1004 | throws DataBackendException, EntityExistsException | |
1005 | { | |
1006 | 0 | return roleManager.addRole(role); |
1007 | } | |
1008 | ||
1009 | /** | |
1010 | * Creates a new permission with specified attributes. | |
1011 | * | |
1012 | * @param permission the objects describing the permission to be created. | |
1013 | * @throws DataBackendException if there was an error accessing the data | |
1014 | * backend. | |
1015 | * @throws EntityExistsException if the permission already exists. | |
1016 | */ | |
1017 | @Override | |
1018 | public <P extends Permission> P addPermission(P permission) | |
1019 | throws DataBackendException, EntityExistsException | |
1020 | { | |
1021 | 0 | return permissionManager.addPermission(permission); |
1022 | } | |
1023 | ||
1024 | /** | |
1025 | * Removes a Group from the system. | |
1026 | * | |
1027 | * @param group the object describing group to be removed. | |
1028 | * @throws DataBackendException if there was an error accessing the data | |
1029 | * backend. | |
1030 | * @throws UnknownEntityException if the group does not exist. | |
1031 | */ | |
1032 | @Override | |
1033 | public void removeGroup(Group group) | |
1034 | throws DataBackendException, UnknownEntityException | |
1035 | { | |
1036 | 0 | groupManager.removeGroup(group); |
1037 | 0 | } |
1038 | ||
1039 | /** | |
1040 | * Removes a Role from the system. | |
1041 | * | |
1042 | * @param role The object describing the role to be removed. | |
1043 | * @throws DataBackendException if there was an error accessing the data backend. | |
1044 | * @throws UnknownEntityException if the role does not exist. | |
1045 | */ | |
1046 | @Override | |
1047 | public void removeRole(Role role) | |
1048 | throws DataBackendException, UnknownEntityException | |
1049 | { | |
1050 | 0 | roleManager.removeRole(role); |
1051 | 0 | } |
1052 | ||
1053 | /** | |
1054 | * Removes a Permission from the system. | |
1055 | * | |
1056 | * @param permission The object describing the permission to be removed. | |
1057 | * @throws DataBackendException if there was an error accessing the data | |
1058 | * backend. | |
1059 | * @throws UnknownEntityException if the permission does not exist. | |
1060 | */ | |
1061 | @Override | |
1062 | public void removePermission(Permission permission) | |
1063 | throws DataBackendException, UnknownEntityException | |
1064 | { | |
1065 | 0 | permissionManager.removePermission(permission); |
1066 | 0 | } |
1067 | ||
1068 | /** | |
1069 | * Renames an existing Group. | |
1070 | * | |
1071 | * @param group The object describing the group to be renamed. | |
1072 | * @param name the new name for the group. | |
1073 | * @throws DataBackendException if there was an error accessing the data | |
1074 | * backend. | |
1075 | * @throws UnknownEntityException if the group does not exist. | |
1076 | */ | |
1077 | @Override | |
1078 | public void renameGroup(Group group, String name) | |
1079 | throws DataBackendException, UnknownEntityException | |
1080 | { | |
1081 | 0 | groupManager.renameGroup(group, name); |
1082 | 0 | } |
1083 | ||
1084 | /** | |
1085 | * Renames an existing Role. | |
1086 | * | |
1087 | * @param role The object describing the role to be renamed. | |
1088 | * @param name the new name for the role. | |
1089 | * @throws DataBackendException if there was an error accessing the data | |
1090 | * backend. | |
1091 | * @throws UnknownEntityException if the role does not exist. | |
1092 | */ | |
1093 | @Override | |
1094 | public void renameRole(Role role, String name) | |
1095 | throws DataBackendException, UnknownEntityException | |
1096 | { | |
1097 | 0 | roleManager.renameRole(role, name); |
1098 | 0 | } |
1099 | ||
1100 | /** | |
1101 | * Renames an existing Permission. | |
1102 | * | |
1103 | * @param permission The object describing the permission to be renamed. | |
1104 | * @param name the new name for the permission. | |
1105 | * @throws DataBackendException if there was an error accessing the data | |
1106 | * backend. | |
1107 | * @throws UnknownEntityException if the permission does not exist. | |
1108 | */ | |
1109 | @Override | |
1110 | public void renamePermission(Permission permission, String name) | |
1111 | throws DataBackendException, UnknownEntityException | |
1112 | { | |
1113 | 0 | permissionManager.renamePermission(permission, name); |
1114 | 0 | } |
1115 | } |