Coverage Report - org.apache.turbine.services.security.DefaultSecurityService
 
Classes in this File Line Coverage Branch Coverage Complexity
DefaultSecurityService
24%
38/156
5%
1/18
1,6
 
 1  
 package org.apache.turbine.services.security;
 2  
 
 3  
 
 4  
 /*
 5  
  * Licensed to the Apache Software Foundation (ASF) under one
 6  
  * or more contributor license agreements.  See the NOTICE file
 7  
  * distributed with this work for additional information
 8  
  * regarding copyright ownership.  The ASF licenses this file
 9  
  * to you under the Apache License, Version 2.0 (the
 10  
  * "License"); you may not use this file except in compliance
 11  
  * with the License.  You may obtain a copy of the License at
 12  
  *
 13  
  *   http://www.apache.org/licenses/LICENSE-2.0
 14  
  *
 15  
  * Unless required by applicable law or agreed to in writing,
 16  
  * software distributed under the License is distributed on an
 17  
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 18  
  * KIND, either express or implied.  See the License for the
 19  
  * specific language governing permissions and limitations
 20  
  * under the License.
 21  
  */
 22  
 
 23  
 
 24  
 import org.apache.commons.configuration.Configuration;
 25  
 import org.apache.commons.logging.Log;
 26  
 import org.apache.commons.logging.LogFactory;
 27  
 import org.apache.fulcrum.security.GroupManager;
 28  
 import org.apache.fulcrum.security.PermissionManager;
 29  
 import org.apache.fulcrum.security.RoleManager;
 30  
 import org.apache.fulcrum.security.acl.AccessControlList;
 31  
 import org.apache.fulcrum.security.entity.Group;
 32  
 import org.apache.fulcrum.security.entity.Permission;
 33  
 import org.apache.fulcrum.security.entity.Role;
 34  
 import org.apache.fulcrum.security.model.turbine.TurbineModelManager;
 35  
 import org.apache.fulcrum.security.model.turbine.entity.TurbineRole;
 36  
 import org.apache.fulcrum.security.util.DataBackendException;
 37  
 import org.apache.fulcrum.security.util.EntityExistsException;
 38  
 import org.apache.fulcrum.security.util.GroupSet;
 39  
 import org.apache.fulcrum.security.util.PasswordMismatchException;
 40  
 import org.apache.fulcrum.security.util.PermissionSet;
 41  
 import org.apache.fulcrum.security.util.RoleSet;
 42  
 import org.apache.fulcrum.security.util.UnknownEntityException;
 43  
 import org.apache.turbine.om.security.User;
 44  
 import org.apache.turbine.services.InitializationException;
 45  
 import org.apache.turbine.services.ServiceManager;
 46  
 import org.apache.turbine.services.TurbineBaseService;
 47  
 import org.apache.turbine.services.TurbineServices;
 48  
 
 49  
 /**
 50  
  * This is a common subset of SecurityService implementation.
 51  
  *
 52  
  * Provided functionality includes:
 53  
  * <ul>
 54  
  * <li> methods for retrieving User objects, that delegates functionality
 55  
  *      to the pluggable implementations of the User interface.
 56  
  * <li> synchronization mechanism for methods reading/modifying the security
 57  
  *      information, that guarantees that multiple threads may read the
 58  
  *      information concurrently, but threads that modify the information
 59  
  *      acquires exclusive access.
 60  
  * <li> implementation of convenience methods for retrieving security entities
 61  
  *      that maintain in-memory caching of objects for fast access.
 62  
  * </ul>
 63  
  *
 64  
  * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a>
 65  
  * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
 66  
  * @author <a href="mailto:marco@intermeta.de">Marco Kn&uuml;ttel</a>
 67  
  * @author <a href="mailto:quintonm@bellsouth.net">Quinton McCombs</a>
 68  
  * @version $Id: DefaultSecurityService.java 1821872 2018-01-22 14:35:04Z gk $
 69  
  */
 70  25
 public class DefaultSecurityService
 71  
         extends TurbineBaseService
 72  
         implements SecurityService
 73  
 {
 74  
     /** The number of threads concurrently reading security information */
 75  25
     private int readerCount = 0;
 76  
 
 77  
     /** The instance of UserManager the SecurityService uses */
 78  25
     private UserManager userManager = null;
 79  
 
 80  
     /** The instance of GroupManager the SecurityService uses */
 81  
     private GroupManager groupManager;
 82  
 
 83  
     /** The instance of RoleManager the SecurityService uses */
 84  
     private RoleManager roleManager;
 85  
 
 86  
     /** The instance of PermissionManager the SecurityService uses */
 87  
     private PermissionManager permissionManager;
 88  
 
 89  
     /** The instance of ModelManager the SecurityService uses */
 90  
     private TurbineModelManager modelManager;
 91  
 
 92  
     /**
 93  
      * The Group object that represents the <a href="#global">global group</a>.
 94  
      */
 95  25
     private static volatile Group globalGroup = null;
 96  
 
 97  
     /** Logging */
 98  25
     private static Log log = LogFactory.getLog(DefaultSecurityService.class);
 99  
 
 100  
     /**
 101  
      * Initializes the SecurityService, locating the appropriate UserManager
 102  
      * This is a zero parameter variant which queries the Turbine Servlet
 103  
      * for its config.
 104  
      *
 105  
      * @throws InitializationException Something went wrong in the init stage
 106  
      */
 107  
     @Override
 108  
     public void init()
 109  
             throws InitializationException
 110  
     {
 111  5
         ServiceManager manager = TurbineServices.getInstance();
 112  
 
 113  5
         this.groupManager = (GroupManager)manager.getService(GroupManager.ROLE);
 114  5
         this.roleManager = (RoleManager)manager.getService(RoleManager.ROLE);
 115  5
         this.permissionManager = (PermissionManager)manager.getService(PermissionManager.ROLE);
 116  5
         this.modelManager = (TurbineModelManager)manager.getService(TurbineModelManager.ROLE);
 117  
 
 118  5
         Configuration conf = getConfiguration();
 119  
 
 120  5
         String userManagerClassName = conf.getString(
 121  
                 SecurityService.USER_MANAGER_KEY,
 122  
                 SecurityService.USER_MANAGER_DEFAULT);
 123  
 
 124  
         try
 125  
         {
 126  5
             this.userManager =
 127  
                     (UserManager) Class.forName(userManagerClassName).newInstance();
 128  
 
 129  5
             userManager.init(conf);
 130  
         }
 131  0
         catch (Exception e)
 132  
         {
 133  0
             throw new InitializationException("Failed to instantiate UserManager", e);
 134  5
         }
 135  
 
 136  5
         setInit(true);
 137  5
     }
 138  
 
 139  
     /**
 140  
      * Construct a blank User object.
 141  
      *
 142  
      * @return an object implementing User interface.
 143  
      * @throws UnknownEntityException if the object could not be instantiated.
 144  
      */
 145  
     @Override
 146  
     public <U extends User> U getUserInstance()
 147  
             throws UnknownEntityException
 148  
     {
 149  
         U user;
 150  
         try
 151  
         {
 152  1
             user = getUserManager().getUserInstance();
 153  
         }
 154  0
         catch (DataBackendException e)
 155  
         {
 156  0
             throw new UnknownEntityException(
 157  
                     "Failed instantiate an User implementation object", e);
 158  1
         }
 159  1
         return user;
 160  
     }
 161  
 
 162  
     /**
 163  
      * Construct a blank User object.
 164  
      *
 165  
      * @param userName The name of the user.
 166  
      *
 167  
      * @return an object implementing User interface.
 168  
      *
 169  
      * @throws UnknownEntityException if the object could not be instantiated.
 170  
      */
 171  
     @Override
 172  
     public <U extends User> U getUserInstance(String userName)
 173  
             throws UnknownEntityException
 174  
     {
 175  
         U user;
 176  
         try
 177  
         {
 178  1
             user = getUserManager().getUserInstance(userName);
 179  
         }
 180  0
         catch (DataBackendException e)
 181  
         {
 182  0
             throw new UnknownEntityException(
 183  
                     "Failed instantiate an User implementation object", e);
 184  1
         }
 185  1
         return user;
 186  
     }
 187  
 
 188  
     /**
 189  
      * Construct a blank Group object.
 190  
      *
 191  
      * @return an object implementing Group interface.
 192  
      * @throws UnknownEntityException if the object could not be instantiated.
 193  
      */
 194  
     @Override
 195  
     public <G extends Group> G getGroupInstance()
 196  
             throws UnknownEntityException
 197  
     {
 198  
         G group;
 199  
         try
 200  
         {
 201  0
             group = groupManager.getGroupInstance();
 202  
         }
 203  0
         catch (Exception e)
 204  
         {
 205  0
             throw new UnknownEntityException("Failed to instantiate a Group implementation object", e);
 206  0
         }
 207  0
         return group;
 208  
     }
 209  
 
 210  
     /**
 211  
      * Construct a blank Group object.
 212  
      *
 213  
      * @param groupName The name of the Group
 214  
      *
 215  
      * @return an object implementing Group interface.
 216  
      *
 217  
      * @throws UnknownEntityException if the object could not be instantiated.
 218  
      */
 219  
     @Override
 220  
     public <G extends Group> G getGroupInstance(String groupName)
 221  
             throws UnknownEntityException
 222  
     {
 223  
         G group;
 224  
         try
 225  
         {
 226  0
             group = groupManager.getGroupInstance(groupName);
 227  
         }
 228  0
         catch (Exception e)
 229  
         {
 230  0
             throw new UnknownEntityException("Failed to instantiate a Group implementation object", e);
 231  0
         }
 232  0
         return group;
 233  
     }
 234  
 
 235  
     /**
 236  
      * Construct a blank Permission object.
 237  
      *
 238  
      * @return an object implementing Permission interface.
 239  
      * @throws UnknownEntityException if the object could not be instantiated.
 240  
      */
 241  
     @Override
 242  
     public <P extends Permission> P getPermissionInstance()
 243  
             throws UnknownEntityException
 244  
     {
 245  
         P permission;
 246  
         try
 247  
         {
 248  0
             permission = permissionManager.getPermissionInstance();
 249  
         }
 250  0
         catch (Exception e)
 251  
         {
 252  0
             throw new UnknownEntityException("Failed to instantiate a Permission implementation object", e);
 253  0
         }
 254  0
         return permission;
 255  
     }
 256  
 
 257  
     /**
 258  
      * Construct a blank Permission object.
 259  
      *
 260  
      * @param permName The name of the permission.
 261  
      *
 262  
      * @return an object implementing Permission interface.
 263  
      * @throws UnknownEntityException if the object could not be instantiated.
 264  
      */
 265  
     @Override
 266  
     public <P extends Permission> P getPermissionInstance(String permName)
 267  
             throws UnknownEntityException
 268  
     {
 269  
         P permission;
 270  
         try
 271  
         {
 272  0
             permission = permissionManager.getPermissionInstance(permName);
 273  
         }
 274  0
         catch (Exception e)
 275  
         {
 276  0
             throw new UnknownEntityException("Failed to instantiate a Permission implementation object", e);
 277  0
         }
 278  0
         return permission;
 279  
     }
 280  
 
 281  
     /**
 282  
      * Construct a blank Role object.
 283  
      *
 284  
      * @return an object implementing Role interface.
 285  
      * @throws UnknownEntityException if the object could not be instantiated.
 286  
      */
 287  
     @Override
 288  
     public <R extends Role> R getRoleInstance()
 289  
             throws UnknownEntityException
 290  
     {
 291  
         R role;
 292  
         try
 293  
         {
 294  0
             role = roleManager.getRoleInstance();
 295  
         }
 296  0
         catch (Exception e)
 297  
         {
 298  0
             throw new UnknownEntityException("Failed to instantiate a Role implementation object", e);
 299  0
         }
 300  0
         return role;
 301  
     }
 302  
 
 303  
     /**
 304  
      * Construct a blank Role object.
 305  
      *
 306  
      * @param roleName The name of the role.
 307  
      *
 308  
      * @return an object implementing Role interface.
 309  
      *
 310  
      * @throws UnknownEntityException if the object could not be instantiated.
 311  
      */
 312  
     @Override
 313  
     public <R extends Role> R getRoleInstance(String roleName)
 314  
             throws UnknownEntityException
 315  
     {
 316  
         R role;
 317  
         try
 318  
         {
 319  0
             role = roleManager.getRoleInstance(roleName);
 320  
         }
 321  0
         catch (Exception e)
 322  
         {
 323  0
             throw new UnknownEntityException("Failed to instantiate a Role implementation object", e);
 324  0
         }
 325  0
         return role;
 326  
     }
 327  
 
 328  
     /**
 329  
      * Returns the configured UserManager.
 330  
      *
 331  
      * @return An UserManager object
 332  
      */
 333  
     @Override
 334  
     public UserManager getUserManager()
 335  
     {
 336  21
         return userManager;
 337  
     }
 338  
 
 339  
     /**
 340  
      * Check whether a specified user's account exists.
 341  
      *
 342  
      * The login name is used for looking up the account.
 343  
      *
 344  
      * @param user The user to be checked.
 345  
      * @return true if the specified account exists
 346  
      * @throws DataBackendException if there was an error accessing the data
 347  
      *         backend.
 348  
      */
 349  
     @Override
 350  
     public boolean accountExists(User user)
 351  
             throws DataBackendException
 352  
     {
 353  2
         return getUserManager().accountExists(user);
 354  
     }
 355  
 
 356  
     /**
 357  
      * Check whether a specified user's account exists.
 358  
      *
 359  
      * The login name is used for looking up the account.
 360  
      *
 361  
      * @param userName The name of the user to be checked.
 362  
      * @return true if the specified account exists
 363  
      * @throws DataBackendException if there was an error accessing the data
 364  
      *         backend.
 365  
      */
 366  
     @Override
 367  
     public boolean accountExists(String userName)
 368  
             throws DataBackendException
 369  
     {
 370  2
         return getUserManager().accountExists(userName);
 371  
     }
 372  
 
 373  
     /**
 374  
      * Authenticates an user, and constructs an User object to represent
 375  
      * him/her.
 376  
      *
 377  
      * @param username The user name.
 378  
      * @param password The user password.
 379  
      * @return An authenticated Turbine User.
 380  
      * @throws PasswordMismatchException if the supplied password was incorrect.
 381  
      * @throws UnknownEntityException if the user's account does not
 382  
      *            exist in the database.
 383  
      * @throws DataBackendException if there is a problem accessing the storage.
 384  
      */
 385  
     @Override
 386  
     public <U extends User> U getAuthenticatedUser(String username, String password)
 387  
             throws DataBackendException, UnknownEntityException,
 388  
                    PasswordMismatchException
 389  
     {
 390  1
         return getUserManager().retrieve(username, password);
 391  
     }
 392  
 
 393  
     /**
 394  
      * Constructs an User object to represent a registered user of the
 395  
      * application.
 396  
      *
 397  
      * @param username The user name.
 398  
      * @return A Turbine User.
 399  
      * @throws UnknownEntityException if the user's account does not exist
 400  
      * @throws DataBackendException if there is a problem accessing the storage.
 401  
      */
 402  
     @Override
 403  
     public <U extends User> U getUser(String username)
 404  
             throws DataBackendException, UnknownEntityException
 405  
     {
 406  1
         return getUserManager().retrieve(username);
 407  
     }
 408  
 
 409  
     /**
 410  
      * Constructs an User object to represent an anonymous user of the
 411  
      * application.
 412  
      *
 413  
      * @return An anonymous Turbine User.
 414  
      * @throws UnknownEntityException if the implementation of User interface
 415  
      *         could not be determined, or does not exist.
 416  
      */
 417  
     @Override
 418  
     public <U extends User> U getAnonymousUser()
 419  
             throws UnknownEntityException
 420  
     {
 421  4
         return getUserManager().getAnonymousUser();
 422  
     }
 423  
 
 424  
     /**
 425  
      * Checks whether a passed user object matches the anonymous user pattern
 426  
      * according to the configured user manager
 427  
      *
 428  
      * @param user An user object
 429  
      *
 430  
      * @return True if this is an anonymous user
 431  
      *
 432  
      */
 433  
     @Override
 434  
     public boolean isAnonymousUser(User user)
 435  
     {
 436  4
         return getUserManager().isAnonymousUser(user);
 437  
     }
 438  
 
 439  
     /**
 440  
      * Saves User's data in the permanent storage. The user account is required
 441  
      * to exist in the storage.
 442  
      *
 443  
      * @param user the User object to save
 444  
      * @throws UnknownEntityException if the user's account does not
 445  
      *         exist in the database.
 446  
      * @throws DataBackendException if there is a problem accessing the storage.
 447  
      */
 448  
     @Override
 449  
     public void saveUser(User user)
 450  
             throws UnknownEntityException, DataBackendException
 451  
     {
 452  1
         getUserManager().store(user);
 453  1
     }
 454  
 
 455  
     /**
 456  
      * Saves User data when the session is unbound. The user account is required
 457  
      * to exist in the storage.
 458  
      *
 459  
      * LastLogin, AccessCounter, persistent pull tools, and any data stored
 460  
      * in the permData hashmap that is not mapped to a column will be saved.
 461  
      *
 462  
      * @throws UnknownEntityException if the user's account does not
 463  
      *            exist in the database.
 464  
      * @throws DataBackendException if there is a problem accessing the
 465  
      *            storage.
 466  
      */
 467  
     @Override
 468  
     public void saveOnSessionUnbind(User user)
 469  
             throws UnknownEntityException, DataBackendException
 470  
     {
 471  0
         getUserManager().saveOnSessionUnbind(user);
 472  0
     }
 473  
 
 474  
     /**
 475  
      * Creates new user account with specified attributes.
 476  
      *
 477  
      * @param user the object describing account to be created.
 478  
      * @param password The password to use for the account.
 479  
      *
 480  
      * @throws DataBackendException if there was an error accessing the
 481  
      *         data backend.
 482  
      * @throws EntityExistsException if the user account already exists.
 483  
      */
 484  
     @Override
 485  
     public void addUser(User user, String password)
 486  
             throws UnknownEntityException,DataBackendException, EntityExistsException
 487  
     {
 488  3
         getUserManager().createAccount(user, password);
 489  3
     }
 490  
 
 491  
     /**
 492  
      * Removes an user account from the system.
 493  
      *
 494  
      * @param user the object describing the account to be removed.
 495  
      * @throws DataBackendException if there was an error accessing the data
 496  
      *         backend.
 497  
      * @throws UnknownEntityException if the user account is not present.
 498  
      */
 499  
     @Override
 500  
     public void removeUser(User user)
 501  
             throws DataBackendException, UnknownEntityException
 502  
     {
 503  0
         if (user == null) {
 504  0
             throw new UnknownEntityException("user is null");
 505  
         }
 506  
         // revoke all roles form the user
 507  0
         modelManager.revokeAll(user.getUserDelegate());
 508  0
         getUserManager().removeAccount(user);
 509  0
     }
 510  
 
 511  
     /**
 512  
      * Change the password for an User.
 513  
      *
 514  
      * @param user an User to change password for.
 515  
      * @param oldPassword the current password supplied by the user.
 516  
      * @param newPassword the current password requested by the user.
 517  
      * @throws PasswordMismatchException if the supplied password was incorrect.
 518  
      * @throws UnknownEntityException if the user's record does not
 519  
      *            exist in the database.
 520  
      * @throws DataBackendException if there is a problem accessing the storage.
 521  
      */
 522  
     @Override
 523  
     public void changePassword(User user, String oldPassword,
 524  
             String newPassword)
 525  
             throws PasswordMismatchException, UnknownEntityException,
 526  
                    DataBackendException
 527  
     {
 528  0
         getUserManager().changePassword(user, oldPassword, newPassword);
 529  0
     }
 530  
 
 531  
     /**
 532  
      * Forcibly sets new password for an User.
 533  
      *
 534  
      * This is supposed by the administrator to change the forgotten or
 535  
      * compromised passwords. Certain implementatations of this feature
 536  
      * would require administrative level access to the authenticating
 537  
      * server / program.
 538  
      *
 539  
      * @param user an User to change password for.
 540  
      * @param password the new password.
 541  
      * @throws UnknownEntityException if the user's record does not
 542  
      *            exist in the database.
 543  
      * @throws DataBackendException if there is a problem accessing the storage.
 544  
      */
 545  
     @Override
 546  
     public void forcePassword(User user, String password)
 547  
             throws UnknownEntityException, DataBackendException
 548  
     {
 549  0
         getUserManager().forcePassword(user, password);
 550  0
     }
 551  
 
 552  
     /**
 553  
      * Acquire a shared lock on the security information repository.
 554  
      *
 555  
      * Methods that read security information need to invoke this
 556  
      * method at the beginning of their body.
 557  
      */
 558  
     protected synchronized void lockShared()
 559  
     {
 560  0
         readerCount++;
 561  0
     }
 562  
 
 563  
     /**
 564  
      * Release a shared lock on the security information repository.
 565  
      *
 566  
      * Methods that read security information need to invoke this
 567  
      * method at the end of their body.
 568  
      */
 569  
     protected synchronized void unlockShared()
 570  
     {
 571  0
         readerCount--;
 572  0
         this.notify();
 573  0
     }
 574  
 
 575  
     /**
 576  
      * Acquire an exclusive lock on the security information repository.
 577  
      *
 578  
      * Methods that modify security information need to invoke this
 579  
      * method at the beginning of their body. Note! Those methods must
 580  
      * be <code>synchronized</code> themselves!
 581  
      */
 582  
     protected void lockExclusive()
 583  
     {
 584  0
         while (readerCount > 0)
 585  
         {
 586  
             try
 587  
             {
 588  0
                 this.wait();
 589  
             }
 590  0
             catch (InterruptedException e)
 591  
             {
 592  
                 // ignore
 593  0
             }
 594  
         }
 595  0
     }
 596  
 
 597  
     /**
 598  
      * Release an exclusive lock on the security information repository.
 599  
      *
 600  
      * This method is provided only for completeness. It does not really
 601  
      * do anything. Note! Methods that modify security information
 602  
      * must be <code>synchronized</code>!
 603  
      */
 604  
     protected void unlockExclusive()
 605  
     {
 606  
         // do nothing
 607  0
     }
 608  
 
 609  
     /**
 610  
      * Provides a reference to the Group object that represents the
 611  
      * <a href="#global">global group</a>.
 612  
      *
 613  
      * @return a Group object that represents the global group.
 614  
      */
 615  
     @Override
 616  
     public <G extends Group> G getGlobalGroup()
 617  
     {
 618  0
         if (globalGroup == null)
 619  
         {
 620  0
             synchronized (DefaultSecurityService.class)
 621  
             {
 622  0
                 if (globalGroup == null)
 623  
                 {
 624  
                     try
 625  
                     {
 626  0
                         globalGroup = modelManager.getGlobalGroup();
 627  
                     }
 628  0
                     catch (DataBackendException e)
 629  
                     {
 630  0
                         log.error("Failed to retrieve global group object: ", e);
 631  0
                     }
 632  
                 }
 633  0
             }
 634  
         }
 635  
         @SuppressWarnings("unchecked")
 636  0
         G g = (G)globalGroup;
 637  0
         return g;
 638  
     }
 639  
 
 640  
     /**
 641  
      * Retrieve a Group object with specified name.
 642  
      *
 643  
      * @param name the name of the Group.
 644  
      * @return an object representing the Group with specified name.
 645  
      * @throws DataBackendException if there was an error accessing the
 646  
      *         data backend.
 647  
      * @throws UnknownEntityException if the group does not exist.
 648  
      */
 649  
     @Override
 650  
     public <G extends Group> G getGroupByName(String name)
 651  
             throws DataBackendException, UnknownEntityException
 652  
     {
 653  0
         return groupManager.getGroupByName(name);
 654  
     }
 655  
 
 656  
     /**
 657  
      * Retrieve a Group object with specified Id.
 658  
      *
 659  
      * @param id the id of the Group.
 660  
      * @return an object representing the Group with specified name.
 661  
      * @throws UnknownEntityException if the permission does not
 662  
      *            exist in the database.
 663  
      * @throws DataBackendException if there is a problem accessing the
 664  
      *            storage.
 665  
      */
 666  
     @Override
 667  
     public <G extends Group> G getGroupById(int id)
 668  
             throws DataBackendException, UnknownEntityException
 669  
     {
 670  0
         return groupManager.getGroupById(Integer.valueOf(id));
 671  
     }
 672  
 
 673  
     /**
 674  
      * Retrieve a Role object with specified name.
 675  
      *
 676  
      * @param name the name of the Role.
 677  
      * @return an object representing the Role with specified name.
 678  
      * @throws DataBackendException if there was an error accessing the
 679  
      *         data backend.
 680  
      * @throws UnknownEntityException if the role does not exist.
 681  
      */
 682  
     @Override
 683  
     public <R extends Role> R getRoleByName(String name)
 684  
             throws DataBackendException, UnknownEntityException
 685  
     {
 686  0
         R role = roleManager.getRoleByName(name);
 687  0
         if (role instanceof TurbineRole)
 688  
         {
 689  0
             ((TurbineRole)role).setPermissions(getPermissions(role));
 690  
         }
 691  0
         return role;
 692  
     }
 693  
 
 694  
     /**
 695  
      * Retrieve a Role object with specified Id.
 696  
      * @param id the id of the Role.
 697  
      * @return an object representing the Role with specified name.
 698  
      * @throws UnknownEntityException if the permission does not
 699  
      *            exist in the database.
 700  
      * @throws DataBackendException if there is a problem accessing the
 701  
      *            storage.
 702  
      */
 703  
     @Override
 704  
     public <R extends Role> R getRoleById(int id)
 705  
             throws DataBackendException,
 706  
                    UnknownEntityException
 707  
     {
 708  0
         R role = roleManager.getRoleById(Integer.valueOf(id));
 709  0
         if (role instanceof TurbineRole)
 710  
         {
 711  0
             ((TurbineRole)role).setPermissions(getPermissions(role));
 712  
         }
 713  0
         return role;
 714  
     }
 715  
 
 716  
     /**
 717  
      * Retrieve a Permission object with specified name.
 718  
      *
 719  
      * @param name the name of the Permission.
 720  
      * @return an object representing the Permission with specified name.
 721  
      * @throws DataBackendException if there was an error accessing the
 722  
      *         data backend.
 723  
      * @throws UnknownEntityException if the permission does not exist.
 724  
      */
 725  
     @Override
 726  
     public <P extends Permission> P getPermissionByName(String name)
 727  
             throws DataBackendException, UnknownEntityException
 728  
     {
 729  0
         return permissionManager.getPermissionByName(name);
 730  
     }
 731  
 
 732  
     /**
 733  
      * Retrieve a Permission object with specified Id.
 734  
      *
 735  
      * @param id the id of the Permission.
 736  
      * @return an object representing the Permission with specified name.
 737  
      * @throws UnknownEntityException if the permission does not
 738  
      *            exist in the database.
 739  
      * @throws DataBackendException if there is a problem accessing the
 740  
      *            storage.
 741  
      */
 742  
     @Override
 743  
     public <P extends Permission> P getPermissionById(int id)
 744  
             throws DataBackendException,
 745  
                    UnknownEntityException
 746  
     {
 747  0
         return permissionManager.getPermissionById(Integer.valueOf(id));
 748  
     }
 749  
 
 750  
     /**
 751  
      * Retrieves all groups defined in the system.
 752  
      *
 753  
      * @return the names of all groups defined in the system.
 754  
      * @throws DataBackendException if there was an error accessing the
 755  
      *         data backend.
 756  
      */
 757  
     @Override
 758  
     public GroupSet getAllGroups() throws DataBackendException
 759  
     {
 760  0
         return groupManager.getAllGroups();
 761  
     }
 762  
 
 763  
     /**
 764  
      * Retrieves all roles defined in the system.
 765  
      *
 766  
      * @return the names of all roles defined in the system.
 767  
      * @throws DataBackendException if there was an error accessing the
 768  
      *         data backend.
 769  
      */
 770  
     @Override
 771  
     public RoleSet getAllRoles() throws DataBackendException
 772  
     {
 773  0
         return roleManager.getAllRoles();
 774  
     }
 775  
 
 776  
     /**
 777  
      * Retrieves all permissions defined in the system.
 778  
      *
 779  
      * @return the names of all roles defined in the system.
 780  
      * @throws DataBackendException if there was an error accessing the
 781  
      *         data backend.
 782  
      */
 783  
     @Override
 784  
     public PermissionSet getAllPermissions() throws DataBackendException
 785  
     {
 786  0
         return permissionManager.getAllPermissions();
 787  
     }
 788  
 
 789  
     /*-----------------------------------------------------------------------
 790  
     Creation of AccessControlLists
 791  
     -----------------------------------------------------------------------*/
 792  
 
 793  
     /**
 794  
      * Constructs an AccessControlList for a specific user.
 795  
      *
 796  
      * @param user the user for whom the AccessControlList are to be retrieved
 797  
      * @return The AccessControList object constructed from the user object.
 798  
      * @throws DataBackendException if there was an error accessing the data
 799  
      *         backend.
 800  
      * @throws UnknownEntityException if user account is not present.
 801  
      */
 802  
     @Override
 803  
     public <A extends AccessControlList> A getACL(User user)
 804  
         throws DataBackendException, UnknownEntityException
 805  
     {
 806  1
         return getUserManager().getACL(user);
 807  
     }
 808  
 
 809  
     /*-----------------------------------------------------------------------
 810  
     Security management
 811  
     -----------------------------------------------------------------------*/
 812  
 
 813  
     /**
 814  
      * Grant an User a Role in a Group.
 815  
      *
 816  
      * @param user the user.
 817  
      * @param group the group.
 818  
      * @param role the role.
 819  
      * @throws DataBackendException if there was an error accessing the data
 820  
      *         backend.
 821  
      * @throws UnknownEntityException if user account, group or role is not
 822  
      *         present.
 823  
      */
 824  
     @Override
 825  
     public void grant(User user, Group group, Role role)
 826  
     throws DataBackendException, UnknownEntityException
 827  
     {
 828  1
         if (user == null) {
 829  0
             throw new UnknownEntityException("user is null");
 830  
         }
 831  1
         modelManager.grant(user.getUserDelegate(), group, role);
 832  1
     }
 833  
 
 834  
     /**
 835  
      * Revoke a Role in a Group from an User.
 836  
      *
 837  
      * @param user the user.
 838  
      * @param group the group.
 839  
      * @param role the role.
 840  
      * @throws DataBackendException if there was an error accessing the data
 841  
      *         backend.
 842  
      * @throws UnknownEntityException if user account, group or role is not
 843  
      *         present.
 844  
      */
 845  
     @Override
 846  
     public void revoke(User user, Group group, Role role)
 847  
         throws DataBackendException, UnknownEntityException
 848  
     {
 849  0
         if (user == null) {
 850  0
             throw new UnknownEntityException("user is null");
 851  
         }
 852  0
         modelManager.revoke(user.getUserDelegate(), group, role);
 853  0
     }
 854  
     
 855  
     /**
 856  
      * Replaces transactionally the first role with second role for the given user. 
 857  
      * 
 858  
      * @param user the user.
 859  
      * @param role the old role
 860  
      * @param newRole the new role
 861  
      * 
 862  
      * @throws DataBackendException
 863  
      * @throws UnknownEntityException
 864  
      */
 865  
     @Override
 866  
     public void replaceRole(User user, Role role, Role newRole)
 867  
                     throws DataBackendException, UnknownEntityException
 868  
     {
 869  0
         modelManager.replace( user, role, newRole );
 870  0
     }
 871  
 
 872  
     /**
 873  
      * Revokes all roles from an User.
 874  
      *
 875  
      * This method is used when deleting an account.
 876  
      *
 877  
      * @param user the User.
 878  
      * @throws DataBackendException if there was an error accessing the data
 879  
      *         backend.
 880  
      * @throws UnknownEntityException if the account is not present.
 881  
      */
 882  
     @Override
 883  
     public void revokeAll(User user)
 884  
         throws DataBackendException, UnknownEntityException
 885  
     {
 886  0
         if (user == null) {
 887  0
             throw new UnknownEntityException("user is null");
 888  
         }
 889  0
         modelManager.revokeAll(user.getUserDelegate());
 890  0
     }
 891  
 
 892  
     /**
 893  
      * Grants a Role a Permission
 894  
      *
 895  
      * @param role the Role.
 896  
      * @param permission the Permission.
 897  
      * @throws DataBackendException if there was an error accessing the data
 898  
      *         backend.
 899  
      * @throws UnknownEntityException if role or permission is not present.
 900  
      */
 901  
     @Override
 902  
     public void grant(Role role, Permission permission)
 903  
         throws DataBackendException, UnknownEntityException
 904  
     {
 905  0
         modelManager.grant(role, permission);
 906  0
     }
 907  
 
 908  
     /**
 909  
      * Revokes a Permission from a Role.
 910  
      *
 911  
      * @param role the Role.
 912  
      * @param permission the Permission.
 913  
      * @throws DataBackendException if there was an error accessing the data
 914  
      *         backend.
 915  
      * @throws UnknownEntityException if role or permission is not present.
 916  
      */
 917  
     @Override
 918  
     public void revoke(Role role, Permission permission)
 919  
         throws DataBackendException, UnknownEntityException
 920  
     {
 921  0
         modelManager.revoke(role, permission);
 922  0
     }
 923  
 
 924  
     /**
 925  
      * Revokes all permissions from a Role.
 926  
      *
 927  
      * This method is used when deleting a Role.
 928  
      *
 929  
      * @param role the Role
 930  
      * @throws DataBackendException if there was an error accessing the data
 931  
      *         backend.
 932  
      * @throws  UnknownEntityException if the Role is not present.
 933  
      */
 934  
     @Override
 935  
     public void revokeAll(Role role)
 936  
         throws DataBackendException, UnknownEntityException
 937  
     {
 938  0
         modelManager.revokeAll(role);
 939  0
     }
 940  
     
 941  
     /**
 942  
      * Revokes by default all permissions from a Role and if flag is set
 943  
      * all group and user relationships with this role
 944  
      * 
 945  
      * This method is used when deleting a Role.
 946  
      * 
 947  
      * @param role
 948  
      *            the Role
 949  
      * @param cascadeDelete
 950  
      *             if <code>true </code> removes all groups and user for this role.
 951  
      * @throws DataBackendException
 952  
      *             if there was an error accessing the data backend.
 953  
      * @throws UnknownEntityException
 954  
      *             if the Role is not present.
 955  
      */
 956  
     @Override
 957  
     public void revokeAll( Role role, boolean cascadeDelete )
 958  
         throws DataBackendException, UnknownEntityException 
 959  
     {
 960  0
         modelManager.revokeAll(role, cascadeDelete);
 961  0
     }
 962  
 
 963  
     /**
 964  
      * Retrieves all permissions associated with a role.
 965  
      *
 966  
      * @param role the role name, for which the permissions are to be retrieved.
 967  
      * @return the Permissions for the specified role
 968  
      * @throws DataBackendException if there was an error accessing the data
 969  
      *         backend.
 970  
      * @throws UnknownEntityException if the role is not present.
 971  
      */
 972  
     @Override
 973  
     public PermissionSet getPermissions(Role role)
 974  
             throws DataBackendException, UnknownEntityException
 975  
     {
 976  0
         return ((TurbineRole)role).getPermissions();
 977  
     }
 978  
 
 979  
     /**
 980  
      * Creates a new group with specified attributes.
 981  
      *
 982  
      * @param group the object describing the group to be created.
 983  
      * @throws DataBackendException if there was an error accessing the data
 984  
      *         backend.
 985  
      * @throws EntityExistsException if the group already exists.
 986  
      */
 987  
     @Override
 988  
     public <G extends Group> G addGroup(G group)
 989  
             throws DataBackendException, EntityExistsException
 990  
     {
 991  0
         return groupManager.addGroup(group);
 992  
     }
 993  
 
 994  
     /**
 995  
      * Creates a new role with specified attributes.
 996  
      *
 997  
      * @param role the objects describing the role to be created.
 998  
      * @throws DataBackendException if there was an error accessing the data
 999  
      *         backend.
 1000  
      * @throws EntityExistsException if the role already exists.
 1001  
      */
 1002  
     @Override
 1003  
     public <R extends Role> R addRole(R role)
 1004  
             throws DataBackendException, EntityExistsException
 1005  
     {
 1006  0
         return roleManager.addRole(role);
 1007  
     }
 1008  
 
 1009  
     /**
 1010  
      * Creates a new permission with specified attributes.
 1011  
      *
 1012  
      * @param permission the objects describing the permission to be created.
 1013  
      * @throws DataBackendException if there was an error accessing the data
 1014  
      *         backend.
 1015  
      * @throws EntityExistsException if the permission already exists.
 1016  
      */
 1017  
     @Override
 1018  
     public <P extends Permission> P addPermission(P permission)
 1019  
             throws DataBackendException, EntityExistsException
 1020  
     {
 1021  0
         return permissionManager.addPermission(permission);
 1022  
     }
 1023  
 
 1024  
     /**
 1025  
      * Removes a Group from the system.
 1026  
      *
 1027  
      * @param group the object describing group to be removed.
 1028  
      * @throws DataBackendException if there was an error accessing the data
 1029  
      *         backend.
 1030  
      * @throws UnknownEntityException if the group does not exist.
 1031  
      */
 1032  
     @Override
 1033  
     public void removeGroup(Group group)
 1034  
             throws DataBackendException, UnknownEntityException
 1035  
     {
 1036  0
         groupManager.removeGroup(group);
 1037  0
     }
 1038  
 
 1039  
     /**
 1040  
      * Removes a Role from the system.
 1041  
      *
 1042  
      * @param role The object describing the role to be removed.
 1043  
      * @throws DataBackendException if there was an error accessing the data backend.
 1044  
      * @throws UnknownEntityException if the role does not exist.
 1045  
      */
 1046  
     @Override
 1047  
     public void removeRole(Role role)
 1048  
             throws DataBackendException, UnknownEntityException
 1049  
     {
 1050  0
         roleManager.removeRole(role);
 1051  0
     }
 1052  
 
 1053  
     /**
 1054  
      * Removes a Permission from the system.
 1055  
      *
 1056  
      * @param permission The object describing the permission to be removed.
 1057  
      * @throws DataBackendException if there was an error accessing the data
 1058  
      *         backend.
 1059  
      * @throws UnknownEntityException if the permission does not exist.
 1060  
      */
 1061  
     @Override
 1062  
     public void removePermission(Permission permission)
 1063  
             throws DataBackendException, UnknownEntityException
 1064  
     {
 1065  0
         permissionManager.removePermission(permission);
 1066  0
     }
 1067  
 
 1068  
     /**
 1069  
      * Renames an existing Group.
 1070  
      *
 1071  
      * @param group The object describing the group to be renamed.
 1072  
      * @param name the new name for the group.
 1073  
      * @throws DataBackendException if there was an error accessing the data
 1074  
      *         backend.
 1075  
      * @throws UnknownEntityException if the group does not exist.
 1076  
      */
 1077  
     @Override
 1078  
     public void renameGroup(Group group, String name)
 1079  
             throws DataBackendException, UnknownEntityException
 1080  
     {
 1081  0
         groupManager.renameGroup(group, name);
 1082  0
     }
 1083  
 
 1084  
     /**
 1085  
      * Renames an existing Role.
 1086  
      *
 1087  
      * @param role The object describing the role to be renamed.
 1088  
      * @param name the new name for the role.
 1089  
      * @throws DataBackendException if there was an error accessing the data
 1090  
      *         backend.
 1091  
      * @throws UnknownEntityException if the role does not exist.
 1092  
      */
 1093  
     @Override
 1094  
     public void renameRole(Role role, String name)
 1095  
             throws DataBackendException, UnknownEntityException
 1096  
     {
 1097  0
         roleManager.renameRole(role, name);
 1098  0
     }
 1099  
 
 1100  
     /**
 1101  
      * Renames an existing Permission.
 1102  
      *
 1103  
      * @param permission The object describing the permission to be renamed.
 1104  
      * @param name the new name for the permission.
 1105  
      * @throws DataBackendException if there was an error accessing the data
 1106  
      *         backend.
 1107  
      * @throws UnknownEntityException if the permission does not exist.
 1108  
      */
 1109  
     @Override
 1110  
     public void renamePermission(Permission permission, String name)
 1111  
             throws DataBackendException, UnknownEntityException
 1112  
     {
 1113  0
         permissionManager.renamePermission(permission, name);
 1114  0
     }
 1115  
 }