Classes in this File | Line Coverage | Branch Coverage | Complexity | ||||
DefaultSecurityService |
|
| 1.6;1,6 |
1 | package org.apache.turbine.services.security; | |
2 | ||
3 | ||
4 | /* | |
5 | * Licensed to the Apache Software Foundation (ASF) under one | |
6 | * or more contributor license agreements. See the NOTICE file | |
7 | * distributed with this work for additional information | |
8 | * regarding copyright ownership. The ASF licenses this file | |
9 | * to you under the Apache License, Version 2.0 (the | |
10 | * "License"); you may not use this file except in compliance | |
11 | * with the License. You may obtain a copy of the License at | |
12 | * | |
13 | * http://www.apache.org/licenses/LICENSE-2.0 | |
14 | * | |
15 | * Unless required by applicable law or agreed to in writing, | |
16 | * software distributed under the License is distributed on an | |
17 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |
18 | * KIND, either express or implied. See the License for the | |
19 | * specific language governing permissions and limitations | |
20 | * under the License. | |
21 | */ | |
22 | ||
23 | ||
24 | import org.apache.commons.configuration2.Configuration; | |
25 | import org.apache.fulcrum.security.GroupManager; | |
26 | import org.apache.fulcrum.security.PermissionManager; | |
27 | import org.apache.fulcrum.security.RoleManager; | |
28 | import org.apache.fulcrum.security.acl.AccessControlList; | |
29 | import org.apache.fulcrum.security.entity.Group; | |
30 | import org.apache.fulcrum.security.entity.Permission; | |
31 | import org.apache.fulcrum.security.entity.Role; | |
32 | import org.apache.fulcrum.security.model.turbine.TurbineModelManager; | |
33 | import org.apache.fulcrum.security.model.turbine.entity.TurbineRole; | |
34 | import org.apache.fulcrum.security.util.DataBackendException; | |
35 | import org.apache.fulcrum.security.util.EntityExistsException; | |
36 | import org.apache.fulcrum.security.util.GroupSet; | |
37 | import org.apache.fulcrum.security.util.PasswordMismatchException; | |
38 | import org.apache.fulcrum.security.util.PermissionSet; | |
39 | import org.apache.fulcrum.security.util.RoleSet; | |
40 | import org.apache.fulcrum.security.util.UnknownEntityException; | |
41 | import org.apache.logging.log4j.LogManager; | |
42 | import org.apache.logging.log4j.Logger; | |
43 | import org.apache.turbine.om.security.User; | |
44 | import org.apache.turbine.services.InitializationException; | |
45 | import org.apache.turbine.services.ServiceManager; | |
46 | import org.apache.turbine.services.TurbineBaseService; | |
47 | import org.apache.turbine.services.TurbineServices; | |
48 | ||
49 | /** | |
50 | * This is a common subset of SecurityService implementation. | |
51 | * | |
52 | * Provided functionality includes: | |
53 | * <ul> | |
54 | * <li> methods for retrieving User objects, that delegates functionality | |
55 | * to the pluggable implementations of the User interface. | |
56 | * <li> synchronization mechanism for methods reading/modifying the security | |
57 | * information, that guarantees that multiple threads may read the | |
58 | * information concurrently, but threads that modify the information | |
59 | * acquires exclusive access. | |
60 | * <li> implementation of convenience methods for retrieving security entities | |
61 | * that maintain in-memory caching of objects for fast access. | |
62 | * </ul> | |
63 | * | |
64 | * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a> | |
65 | * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a> | |
66 | * @author <a href="mailto:marco@intermeta.de">Marco Knüttel</a> | |
67 | * @author <a href="mailto:quintonm@bellsouth.net">Quinton McCombs</a> | |
68 | * @version $Id: DefaultSecurityService.java 1854688 2019-03-03 10:36:42Z tv $ | |
69 | */ | |
70 | 78 | public class DefaultSecurityService |
71 | extends TurbineBaseService | |
72 | implements SecurityService | |
73 | { | |
74 | /** The number of threads concurrently reading security information */ | |
75 | 78 | private int readerCount = 0; |
76 | ||
77 | /** The instance of UserManager the SecurityService uses */ | |
78 | 78 | private UserManager userManager = null; |
79 | ||
80 | /** The instance of GroupManager the SecurityService uses */ | |
81 | private GroupManager groupManager; | |
82 | ||
83 | /** The instance of RoleManager the SecurityService uses */ | |
84 | private RoleManager roleManager; | |
85 | ||
86 | /** The instance of PermissionManager the SecurityService uses */ | |
87 | private PermissionManager permissionManager; | |
88 | ||
89 | /** The instance of ModelManager the SecurityService uses */ | |
90 | private TurbineModelManager modelManager; | |
91 | ||
92 | /** | |
93 | * The Group object that represents the <a href="#global">global group</a>. | |
94 | */ | |
95 | 78 | private static volatile Group globalGroup = null; |
96 | ||
97 | /** Logging */ | |
98 | 78 | private static final Logger log = LogManager.getLogger(DefaultSecurityService.class); |
99 | ||
100 | /** | |
101 | * Initializes the SecurityService, locating the appropriate UserManager | |
102 | * This is a zero parameter variant which queries the Turbine Servlet | |
103 | * for its config. | |
104 | * | |
105 | * @throws InitializationException Something went wrong in the init stage | |
106 | */ | |
107 | @Override | |
108 | public void init() | |
109 | throws InitializationException | |
110 | { | |
111 | 15 | ServiceManager manager = TurbineServices.getInstance(); |
112 | ||
113 | 15 | this.groupManager = (GroupManager)manager.getService(GroupManager.ROLE); |
114 | 15 | this.roleManager = (RoleManager)manager.getService(RoleManager.ROLE); |
115 | 15 | this.permissionManager = (PermissionManager)manager.getService(PermissionManager.ROLE); |
116 | 15 | this.modelManager = (TurbineModelManager)manager.getService(TurbineModelManager.ROLE); |
117 | ||
118 | 15 | Configuration conf = getConfiguration(); |
119 | ||
120 | 15 | String userManagerClassName = conf.getString( |
121 | SecurityService.USER_MANAGER_KEY, | |
122 | SecurityService.USER_MANAGER_DEFAULT); | |
123 | ||
124 | try | |
125 | { | |
126 | 15 | this.userManager = |
127 | 15 | (UserManager) Class.forName(userManagerClassName).newInstance(); |
128 | ||
129 | 15 | userManager.init(conf); |
130 | } | |
131 | 0 | catch (Exception e) |
132 | { | |
133 | 0 | throw new InitializationException("Failed to instantiate UserManager", e); |
134 | 15 | } |
135 | ||
136 | 15 | setInit(true); |
137 | 15 | } |
138 | ||
139 | /** | |
140 | * Construct a blank User object. | |
141 | * | |
142 | * @return an object implementing User interface. | |
143 | * @throws UnknownEntityException if the object could not be instantiated. | |
144 | */ | |
145 | @Override | |
146 | public <U extends User> U getUserInstance() | |
147 | throws UnknownEntityException | |
148 | { | |
149 | U user; | |
150 | try | |
151 | { | |
152 | 3 | user = getUserManager().getUserInstance(); |
153 | } | |
154 | 0 | catch (DataBackendException e) |
155 | { | |
156 | 0 | throw new UnknownEntityException( |
157 | "Failed instantiate an User implementation object", e); | |
158 | 3 | } |
159 | 3 | return user; |
160 | } | |
161 | ||
162 | /** | |
163 | * Construct a blank User object. | |
164 | * | |
165 | * @param userName The name of the user. | |
166 | * | |
167 | * @return an object implementing User interface. | |
168 | * | |
169 | * @throws UnknownEntityException if the object could not be instantiated. | |
170 | */ | |
171 | @Override | |
172 | public <U extends User> U getUserInstance(String userName) | |
173 | throws UnknownEntityException | |
174 | { | |
175 | U user; | |
176 | try | |
177 | { | |
178 | 3 | user = getUserManager().getUserInstance(userName); |
179 | } | |
180 | 0 | catch (DataBackendException e) |
181 | { | |
182 | 0 | throw new UnknownEntityException( |
183 | "Failed instantiate an User implementation object", e); | |
184 | 3 | } |
185 | 3 | return user; |
186 | } | |
187 | ||
188 | /** | |
189 | * Construct a blank Group object. | |
190 | * | |
191 | * @return an object implementing Group interface. | |
192 | * @throws UnknownEntityException if the object could not be instantiated. | |
193 | */ | |
194 | @Override | |
195 | public <G extends Group> G getGroupInstance() | |
196 | throws UnknownEntityException | |
197 | { | |
198 | G group; | |
199 | try | |
200 | { | |
201 | 0 | group = groupManager.getGroupInstance(); |
202 | } | |
203 | 0 | catch (Exception e) |
204 | { | |
205 | 0 | throw new UnknownEntityException("Failed to instantiate a Group implementation object", e); |
206 | 0 | } |
207 | 0 | return group; |
208 | } | |
209 | ||
210 | /** | |
211 | * Construct a blank Group object. | |
212 | * | |
213 | * @param groupName The name of the Group | |
214 | * | |
215 | * @return an object implementing Group interface. | |
216 | * | |
217 | * @throws UnknownEntityException if the object could not be instantiated. | |
218 | */ | |
219 | @Override | |
220 | public <G extends Group> G getGroupInstance(String groupName) | |
221 | throws UnknownEntityException | |
222 | { | |
223 | G group; | |
224 | try | |
225 | { | |
226 | 0 | group = groupManager.getGroupInstance(groupName); |
227 | } | |
228 | 0 | catch (Exception e) |
229 | { | |
230 | 0 | throw new UnknownEntityException("Failed to instantiate a Group implementation object", e); |
231 | 0 | } |
232 | 0 | return group; |
233 | } | |
234 | ||
235 | /** | |
236 | * Construct a blank Permission object. | |
237 | * | |
238 | * @return an object implementing Permission interface. | |
239 | * @throws UnknownEntityException if the object could not be instantiated. | |
240 | */ | |
241 | @Override | |
242 | public <P extends Permission> P getPermissionInstance() | |
243 | throws UnknownEntityException | |
244 | { | |
245 | P permission; | |
246 | try | |
247 | { | |
248 | 0 | permission = permissionManager.getPermissionInstance(); |
249 | } | |
250 | 0 | catch (Exception e) |
251 | { | |
252 | 0 | throw new UnknownEntityException("Failed to instantiate a Permission implementation object", e); |
253 | 0 | } |
254 | 0 | return permission; |
255 | } | |
256 | ||
257 | /** | |
258 | * Construct a blank Permission object. | |
259 | * | |
260 | * @param permName The name of the permission. | |
261 | * | |
262 | * @return an object implementing Permission interface. | |
263 | * @throws UnknownEntityException if the object could not be instantiated. | |
264 | */ | |
265 | @Override | |
266 | public <P extends Permission> P getPermissionInstance(String permName) | |
267 | throws UnknownEntityException | |
268 | { | |
269 | P permission; | |
270 | try | |
271 | { | |
272 | 0 | permission = permissionManager.getPermissionInstance(permName); |
273 | } | |
274 | 0 | catch (Exception e) |
275 | { | |
276 | 0 | throw new UnknownEntityException("Failed to instantiate a Permission implementation object", e); |
277 | 0 | } |
278 | 0 | return permission; |
279 | } | |
280 | ||
281 | /** | |
282 | * Construct a blank Role object. | |
283 | * | |
284 | * @return an object implementing Role interface. | |
285 | * @throws UnknownEntityException if the object could not be instantiated. | |
286 | */ | |
287 | @Override | |
288 | public <R extends Role> R getRoleInstance() | |
289 | throws UnknownEntityException | |
290 | { | |
291 | R role; | |
292 | try | |
293 | { | |
294 | 0 | role = roleManager.getRoleInstance(); |
295 | } | |
296 | 0 | catch (Exception e) |
297 | { | |
298 | 0 | throw new UnknownEntityException("Failed to instantiate a Role implementation object", e); |
299 | 0 | } |
300 | 0 | return role; |
301 | } | |
302 | ||
303 | /** | |
304 | * Construct a blank Role object. | |
305 | * | |
306 | * @param roleName The name of the role. | |
307 | * | |
308 | * @return an object implementing Role interface. | |
309 | * | |
310 | * @throws UnknownEntityException if the object could not be instantiated. | |
311 | */ | |
312 | @Override | |
313 | public <R extends Role> R getRoleInstance(String roleName) | |
314 | throws UnknownEntityException | |
315 | { | |
316 | R role; | |
317 | try | |
318 | { | |
319 | 0 | role = roleManager.getRoleInstance(roleName); |
320 | } | |
321 | 0 | catch (Exception e) |
322 | { | |
323 | 0 | throw new UnknownEntityException("Failed to instantiate a Role implementation object", e); |
324 | 0 | } |
325 | 0 | return role; |
326 | } | |
327 | ||
328 | /** | |
329 | * Returns the configured UserManager. | |
330 | * | |
331 | * @return An UserManager object | |
332 | */ | |
333 | @Override | |
334 | public UserManager getUserManager() | |
335 | { | |
336 | 63 | return userManager; |
337 | } | |
338 | ||
339 | /** | |
340 | * Check whether a specified user's account exists. | |
341 | * | |
342 | * The login name is used for looking up the account. | |
343 | * | |
344 | * @param user The user to be checked. | |
345 | * @return true if the specified account exists | |
346 | * @throws DataBackendException if there was an error accessing the data | |
347 | * backend. | |
348 | */ | |
349 | @Override | |
350 | public boolean accountExists(User user) | |
351 | throws DataBackendException | |
352 | { | |
353 | 6 | return getUserManager().accountExists(user); |
354 | } | |
355 | ||
356 | /** | |
357 | * Check whether a specified user's account exists. | |
358 | * | |
359 | * The login name is used for looking up the account. | |
360 | * | |
361 | * @param userName The name of the user to be checked. | |
362 | * @return true if the specified account exists | |
363 | * @throws DataBackendException if there was an error accessing the data | |
364 | * backend. | |
365 | */ | |
366 | @Override | |
367 | public boolean accountExists(String userName) | |
368 | throws DataBackendException | |
369 | { | |
370 | 6 | return getUserManager().accountExists(userName); |
371 | } | |
372 | ||
373 | /** | |
374 | * Retrieves a User object representing an individual who has | |
375 | * properly identified themselves with their verified | |
376 | * username and password | |
377 | * | |
378 | * @param username The user name. | |
379 | * @param password The user password. | |
380 | * @return An authenticated Turbine User. | |
381 | * @throws PasswordMismatchException if the supplied password was incorrect. | |
382 | * @throws UnknownEntityException if the user's account does not | |
383 | * exist in the database. | |
384 | * @throws DataBackendException if there is a problem accessing the storage. | |
385 | */ | |
386 | @Override | |
387 | public <U extends User> U getAuthenticatedUser(String username, String password) | |
388 | throws DataBackendException, UnknownEntityException, | |
389 | PasswordMismatchException | |
390 | { | |
391 | 3 | return getUserManager().retrieve(username, password); |
392 | } | |
393 | ||
394 | /** | |
395 | * Constructs an User object to represent a registered user of the | |
396 | * application. This method does not authenticate that the proper | |
397 | * credentials were supplied (see @link #getAuthenticatedUser()}) | |
398 | * | |
399 | * @param username The user name. | |
400 | * @return A Turbine User. | |
401 | * @throws UnknownEntityException if the user's account does not exist | |
402 | * @throws DataBackendException if there is a problem accessing the storage. | |
403 | */ | |
404 | @Override | |
405 | public <U extends User> U getUser(String username) | |
406 | throws DataBackendException, UnknownEntityException | |
407 | { | |
408 | 3 | return getUserManager().retrieve(username); |
409 | } | |
410 | ||
411 | /** | |
412 | * Constructs an User object to represent an anonymous user of the | |
413 | * application. | |
414 | * | |
415 | * @return An anonymous Turbine User. | |
416 | * @throws UnknownEntityException if the implementation of User interface | |
417 | * could not be determined, or does not exist. | |
418 | */ | |
419 | @Override | |
420 | public <U extends User> U getAnonymousUser() | |
421 | throws UnknownEntityException | |
422 | { | |
423 | 12 | return getUserManager().getAnonymousUser(); |
424 | } | |
425 | ||
426 | /** | |
427 | * Checks whether a passed user object matches the anonymous user pattern | |
428 | * according to the configured user manager | |
429 | * | |
430 | * @param user An user object | |
431 | * | |
432 | * @return True if this is an anonymous user | |
433 | * | |
434 | */ | |
435 | @Override | |
436 | public boolean isAnonymousUser(User user) | |
437 | { | |
438 | 12 | return getUserManager().isAnonymousUser(user); |
439 | } | |
440 | ||
441 | /** | |
442 | * Saves User's data in the permanent storage. The user account is required | |
443 | * to exist in the storage. | |
444 | * | |
445 | * @param user the User object to save | |
446 | * @throws UnknownEntityException if the user's account does not | |
447 | * exist in the database. | |
448 | * @throws DataBackendException if there is a problem accessing the storage. | |
449 | */ | |
450 | @Override | |
451 | public void saveUser(User user) | |
452 | throws UnknownEntityException, DataBackendException | |
453 | { | |
454 | 3 | getUserManager().store(user); |
455 | 3 | } |
456 | ||
457 | /** | |
458 | * Saves User data when the session is unbound. The user account is required | |
459 | * to exist in the storage. | |
460 | * | |
461 | * LastLogin, AccessCounter, persistent pull tools, and any data stored | |
462 | * in the permData hashmap that is not mapped to a column will be saved. | |
463 | * | |
464 | * @throws UnknownEntityException if the user's account does not | |
465 | * exist in the database. | |
466 | * @throws DataBackendException if there is a problem accessing the | |
467 | * storage. | |
468 | */ | |
469 | @Override | |
470 | public void saveOnSessionUnbind(User user) | |
471 | throws UnknownEntityException, DataBackendException | |
472 | { | |
473 | 0 | getUserManager().saveOnSessionUnbind(user); |
474 | 0 | } |
475 | ||
476 | /** | |
477 | * Creates new user account with specified attributes. | |
478 | * | |
479 | * @param user the object describing account to be created. | |
480 | * @param password The password to use for the account. | |
481 | * | |
482 | * @throws DataBackendException if there was an error accessing the | |
483 | * data backend. | |
484 | * @throws EntityExistsException if the user account already exists. | |
485 | */ | |
486 | @Override | |
487 | public void addUser(User user, String password) | |
488 | throws UnknownEntityException,DataBackendException, EntityExistsException | |
489 | { | |
490 | 9 | getUserManager().createAccount(user, password); |
491 | 9 | } |
492 | ||
493 | /** | |
494 | * Removes an user account from the system. | |
495 | * | |
496 | * @param user the object describing the account to be removed. | |
497 | * @throws DataBackendException if there was an error accessing the data | |
498 | * backend. | |
499 | * @throws UnknownEntityException if the user account is not present. | |
500 | */ | |
501 | @Override | |
502 | public void removeUser(User user) | |
503 | throws DataBackendException, UnknownEntityException | |
504 | { | |
505 | 0 | if (user == null) { |
506 | 0 | throw new UnknownEntityException("user is null"); |
507 | } | |
508 | // revoke all roles form the user | |
509 | 0 | modelManager.revokeAll(user.getUserDelegate()); |
510 | 0 | getUserManager().removeAccount(user); |
511 | 0 | } |
512 | ||
513 | /** | |
514 | * Change the password for an User. | |
515 | * | |
516 | * @param user an User to change password for. | |
517 | * @param oldPassword the current password supplied by the user. | |
518 | * @param newPassword the current password requested by the user. | |
519 | * @throws PasswordMismatchException if the supplied password was incorrect. | |
520 | * @throws UnknownEntityException if the user's record does not | |
521 | * exist in the database. | |
522 | * @throws DataBackendException if there is a problem accessing the storage. | |
523 | */ | |
524 | @Override | |
525 | public void changePassword(User user, String oldPassword, | |
526 | String newPassword) | |
527 | throws PasswordMismatchException, UnknownEntityException, | |
528 | DataBackendException | |
529 | { | |
530 | 0 | getUserManager().changePassword(user, oldPassword, newPassword); |
531 | 0 | } |
532 | ||
533 | /** | |
534 | * Forcibly sets new password for an User. | |
535 | * | |
536 | * This is supposed by the administrator to change the forgotten or | |
537 | * compromised passwords. Certain implementatations of this feature | |
538 | * would require administrative level access to the authenticating | |
539 | * server / program. | |
540 | * | |
541 | * @param user an User to change password for. | |
542 | * @param password the new password. | |
543 | * @throws UnknownEntityException if the user's record does not | |
544 | * exist in the database. | |
545 | * @throws DataBackendException if there is a problem accessing the storage. | |
546 | */ | |
547 | @Override | |
548 | public void forcePassword(User user, String password) | |
549 | throws UnknownEntityException, DataBackendException | |
550 | { | |
551 | 0 | getUserManager().forcePassword(user, password); |
552 | 0 | } |
553 | ||
554 | /** | |
555 | * Acquire a shared lock on the security information repository. | |
556 | * | |
557 | * Methods that read security information need to invoke this | |
558 | * method at the beginning of their body. | |
559 | */ | |
560 | protected synchronized void lockShared() | |
561 | { | |
562 | 0 | readerCount++; |
563 | 0 | } |
564 | ||
565 | /** | |
566 | * Release a shared lock on the security information repository. | |
567 | * | |
568 | * Methods that read security information need to invoke this | |
569 | * method at the end of their body. | |
570 | */ | |
571 | protected synchronized void unlockShared() | |
572 | { | |
573 | 0 | readerCount--; |
574 | 0 | this.notify(); |
575 | 0 | } |
576 | ||
577 | /** | |
578 | * Acquire an exclusive lock on the security information repository. | |
579 | * | |
580 | * Methods that modify security information need to invoke this | |
581 | * method at the beginning of their body. Note! Those methods must | |
582 | * be <code>synchronized</code> themselves! | |
583 | */ | |
584 | protected void lockExclusive() | |
585 | { | |
586 | 0 | while (readerCount > 0) |
587 | { | |
588 | try | |
589 | { | |
590 | 0 | this.wait(); |
591 | } | |
592 | 0 | catch (InterruptedException e) |
593 | { | |
594 | // ignore | |
595 | 0 | } |
596 | } | |
597 | 0 | } |
598 | ||
599 | /** | |
600 | * Release an exclusive lock on the security information repository. | |
601 | * | |
602 | * This method is provided only for completeness. It does not really | |
603 | * do anything. Note! Methods that modify security information | |
604 | * must be <code>synchronized</code>! | |
605 | */ | |
606 | protected void unlockExclusive() | |
607 | { | |
608 | // do nothing | |
609 | 0 | } |
610 | ||
611 | /** | |
612 | * Provides a reference to the Group object that represents the | |
613 | * <a href="#global">global group</a>. | |
614 | * | |
615 | * @return a Group object that represents the global group. | |
616 | */ | |
617 | @Override | |
618 | public <G extends Group> G getGlobalGroup() | |
619 | { | |
620 | 0 | if (globalGroup == null) |
621 | { | |
622 | 0 | synchronized (DefaultSecurityService.class) |
623 | { | |
624 | 0 | if (globalGroup == null) |
625 | { | |
626 | try | |
627 | { | |
628 | 0 | globalGroup = modelManager.getGlobalGroup(); |
629 | } | |
630 | 0 | catch (DataBackendException e) |
631 | { | |
632 | 0 | log.error("Failed to retrieve global group object: ", e); |
633 | 0 | } |
634 | } | |
635 | 0 | } |
636 | } | |
637 | @SuppressWarnings("unchecked") | |
638 | 0 | G g = (G)globalGroup; |
639 | 0 | return g; |
640 | } | |
641 | ||
642 | /** | |
643 | * Retrieve a Group object with specified name. | |
644 | * | |
645 | * @param name the name of the Group. | |
646 | * @return an object representing the Group with specified name. | |
647 | * @throws DataBackendException if there was an error accessing the | |
648 | * data backend. | |
649 | * @throws UnknownEntityException if the group does not exist. | |
650 | */ | |
651 | @Override | |
652 | public <G extends Group> G getGroupByName(String name) | |
653 | throws DataBackendException, UnknownEntityException | |
654 | { | |
655 | 0 | return groupManager.getGroupByName(name); |
656 | } | |
657 | ||
658 | /** | |
659 | * Retrieve a Group object with specified Id. | |
660 | * | |
661 | * @param id the id of the Group. | |
662 | * @return an object representing the Group with specified name. | |
663 | * @throws UnknownEntityException if the permission does not | |
664 | * exist in the database. | |
665 | * @throws DataBackendException if there is a problem accessing the | |
666 | * storage. | |
667 | */ | |
668 | @Override | |
669 | public <G extends Group> G getGroupById(int id) | |
670 | throws DataBackendException, UnknownEntityException | |
671 | { | |
672 | 0 | return groupManager.getGroupById(Integer.valueOf(id)); |
673 | } | |
674 | ||
675 | /** | |
676 | * Retrieve a Role object with specified name. | |
677 | * | |
678 | * @param name the name of the Role. | |
679 | * @return an object representing the Role with specified name. | |
680 | * @throws DataBackendException if there was an error accessing the | |
681 | * data backend. | |
682 | * @throws UnknownEntityException if the role does not exist. | |
683 | */ | |
684 | @Override | |
685 | public <R extends Role> R getRoleByName(String name) | |
686 | throws DataBackendException, UnknownEntityException | |
687 | { | |
688 | 0 | R role = roleManager.getRoleByName(name); |
689 | 0 | if (role instanceof TurbineRole) |
690 | { | |
691 | 0 | ((TurbineRole)role).setPermissions(getPermissions(role)); |
692 | } | |
693 | 0 | return role; |
694 | } | |
695 | ||
696 | /** | |
697 | * Retrieve a Role object with specified Id. | |
698 | * @param id the id of the Role. | |
699 | * @return an object representing the Role with specified name. | |
700 | * @throws UnknownEntityException if the permission does not | |
701 | * exist in the database. | |
702 | * @throws DataBackendException if there is a problem accessing the | |
703 | * storage. | |
704 | */ | |
705 | @Override | |
706 | public <R extends Role> R getRoleById(int id) | |
707 | throws DataBackendException, | |
708 | UnknownEntityException | |
709 | { | |
710 | 0 | R role = roleManager.getRoleById(Integer.valueOf(id)); |
711 | 0 | if (role instanceof TurbineRole) |
712 | { | |
713 | 0 | ((TurbineRole)role).setPermissions(getPermissions(role)); |
714 | } | |
715 | 0 | return role; |
716 | } | |
717 | ||
718 | /** | |
719 | * Retrieve a Permission object with specified name. | |
720 | * | |
721 | * @param name the name of the Permission. | |
722 | * @return an object representing the Permission with specified name. | |
723 | * @throws DataBackendException if there was an error accessing the | |
724 | * data backend. | |
725 | * @throws UnknownEntityException if the permission does not exist. | |
726 | */ | |
727 | @Override | |
728 | public <P extends Permission> P getPermissionByName(String name) | |
729 | throws DataBackendException, UnknownEntityException | |
730 | { | |
731 | 0 | return permissionManager.getPermissionByName(name); |
732 | } | |
733 | ||
734 | /** | |
735 | * Retrieve a Permission object with specified Id. | |
736 | * | |
737 | * @param id the id of the Permission. | |
738 | * @return an object representing the Permission with specified name. | |
739 | * @throws UnknownEntityException if the permission does not | |
740 | * exist in the database. | |
741 | * @throws DataBackendException if there is a problem accessing the | |
742 | * storage. | |
743 | */ | |
744 | @Override | |
745 | public <P extends Permission> P getPermissionById(int id) | |
746 | throws DataBackendException, | |
747 | UnknownEntityException | |
748 | { | |
749 | 0 | return permissionManager.getPermissionById(Integer.valueOf(id)); |
750 | } | |
751 | ||
752 | /** | |
753 | * Retrieves all groups defined in the system. | |
754 | * | |
755 | * @return the names of all groups defined in the system. | |
756 | * @throws DataBackendException if there was an error accessing the | |
757 | * data backend. | |
758 | */ | |
759 | @Override | |
760 | public GroupSet getAllGroups() throws DataBackendException | |
761 | { | |
762 | 0 | return groupManager.getAllGroups(); |
763 | } | |
764 | ||
765 | /** | |
766 | * Retrieves all roles defined in the system. | |
767 | * | |
768 | * @return the names of all roles defined in the system. | |
769 | * @throws DataBackendException if there was an error accessing the | |
770 | * data backend. | |
771 | */ | |
772 | @Override | |
773 | public RoleSet getAllRoles() throws DataBackendException | |
774 | { | |
775 | 0 | return roleManager.getAllRoles(); |
776 | } | |
777 | ||
778 | /** | |
779 | * Retrieves all permissions defined in the system. | |
780 | * | |
781 | * @return the names of all roles defined in the system. | |
782 | * @throws DataBackendException if there was an error accessing the | |
783 | * data backend. | |
784 | */ | |
785 | @Override | |
786 | public PermissionSet getAllPermissions() throws DataBackendException | |
787 | { | |
788 | 0 | return permissionManager.getAllPermissions(); |
789 | } | |
790 | ||
791 | /*----------------------------------------------------------------------- | |
792 | Creation of AccessControlLists | |
793 | -----------------------------------------------------------------------*/ | |
794 | ||
795 | /** | |
796 | * Constructs an AccessControlList for a specific user. | |
797 | * | |
798 | * @param user the user for whom the AccessControlList are to be retrieved | |
799 | * @return The AccessControList object constructed from the user object. | |
800 | * @throws DataBackendException if there was an error accessing the data | |
801 | * backend. | |
802 | * @throws UnknownEntityException if user account is not present. | |
803 | */ | |
804 | @Override | |
805 | public <A extends AccessControlList> A getACL(User user) | |
806 | throws DataBackendException, UnknownEntityException | |
807 | { | |
808 | 3 | return getUserManager().getACL(user); |
809 | } | |
810 | ||
811 | /*----------------------------------------------------------------------- | |
812 | Security management | |
813 | -----------------------------------------------------------------------*/ | |
814 | ||
815 | /** | |
816 | * Grant an User a Role in a Group. | |
817 | * | |
818 | * @param user the user. | |
819 | * @param group the group. | |
820 | * @param role the role. | |
821 | * @throws DataBackendException if there was an error accessing the data | |
822 | * backend. | |
823 | * @throws UnknownEntityException if user account, group or role is not | |
824 | * present. | |
825 | */ | |
826 | @Override | |
827 | public void grant(User user, Group group, Role role) | |
828 | throws DataBackendException, UnknownEntityException | |
829 | { | |
830 | 3 | if (user == null) { |
831 | 0 | throw new UnknownEntityException("user is null"); |
832 | } | |
833 | 3 | modelManager.grant(user.getUserDelegate(), group, role); |
834 | 3 | } |
835 | ||
836 | /** | |
837 | * Revoke a Role in a Group from an User. | |
838 | * | |
839 | * @param user the user. | |
840 | * @param group the group. | |
841 | * @param role the role. | |
842 | * @throws DataBackendException if there was an error accessing the data | |
843 | * backend. | |
844 | * @throws UnknownEntityException if user account, group or role is not | |
845 | * present. | |
846 | */ | |
847 | @Override | |
848 | public void revoke(User user, Group group, Role role) | |
849 | throws DataBackendException, UnknownEntityException | |
850 | { | |
851 | 0 | if (user == null) { |
852 | 0 | throw new UnknownEntityException("user is null"); |
853 | } | |
854 | 0 | modelManager.revoke(user.getUserDelegate(), group, role); |
855 | 0 | } |
856 | ||
857 | /** | |
858 | * Replaces transactionally the first role with second role for the given user. | |
859 | * | |
860 | * @param user the user. | |
861 | * @param role the old role | |
862 | * @param newRole the new role | |
863 | * | |
864 | * @throws DataBackendException if there was an error accessing the data | |
865 | * backend. | |
866 | * @throws UnknownEntityException if user account, group or role is not | |
867 | * present. | |
868 | */ | |
869 | @Override | |
870 | public void replaceRole(User user, Role role, Role newRole) | |
871 | throws DataBackendException, UnknownEntityException | |
872 | { | |
873 | 0 | modelManager.replace( user, role, newRole ); |
874 | 0 | } |
875 | ||
876 | /** | |
877 | * Revokes all roles from an User. | |
878 | * | |
879 | * This method is used when deleting an account. | |
880 | * | |
881 | * @param user the User. | |
882 | * @throws DataBackendException if there was an error accessing the data | |
883 | * backend. | |
884 | * @throws UnknownEntityException if the account is not present. | |
885 | */ | |
886 | @Override | |
887 | public void revokeAll(User user) | |
888 | throws DataBackendException, UnknownEntityException | |
889 | { | |
890 | 0 | if (user == null) { |
891 | 0 | throw new UnknownEntityException("user is null"); |
892 | } | |
893 | 0 | modelManager.revokeAll(user.getUserDelegate()); |
894 | 0 | } |
895 | ||
896 | /** | |
897 | * Grants a Role a Permission | |
898 | * | |
899 | * @param role the Role. | |
900 | * @param permission the Permission. | |
901 | * @throws DataBackendException if there was an error accessing the data | |
902 | * backend. | |
903 | * @throws UnknownEntityException if role or permission is not present. | |
904 | */ | |
905 | @Override | |
906 | public void grant(Role role, Permission permission) | |
907 | throws DataBackendException, UnknownEntityException | |
908 | { | |
909 | 0 | modelManager.grant(role, permission); |
910 | 0 | } |
911 | ||
912 | /** | |
913 | * Revokes a Permission from a Role. | |
914 | * | |
915 | * @param role the Role. | |
916 | * @param permission the Permission. | |
917 | * @throws DataBackendException if there was an error accessing the data | |
918 | * backend. | |
919 | * @throws UnknownEntityException if role or permission is not present. | |
920 | */ | |
921 | @Override | |
922 | public void revoke(Role role, Permission permission) | |
923 | throws DataBackendException, UnknownEntityException | |
924 | { | |
925 | 0 | modelManager.revoke(role, permission); |
926 | 0 | } |
927 | ||
928 | /** | |
929 | * Revokes all permissions from a Role. | |
930 | * | |
931 | * This method is used when deleting a Role. | |
932 | * | |
933 | * @param role the Role | |
934 | * @throws DataBackendException if there was an error accessing the data | |
935 | * backend. | |
936 | * @throws UnknownEntityException if the Role is not present. | |
937 | */ | |
938 | @Override | |
939 | public void revokeAll(Role role) | |
940 | throws DataBackendException, UnknownEntityException | |
941 | { | |
942 | 0 | modelManager.revokeAll(role); |
943 | 0 | } |
944 | ||
945 | /** | |
946 | * Revokes by default all permissions from a Role and if flag is set | |
947 | * all group and user relationships with this role | |
948 | * | |
949 | * This method is used when deleting a Role. | |
950 | * | |
951 | * @param role | |
952 | * the Role | |
953 | * @param cascadeDelete | |
954 | * if <code>true </code> removes all groups and user for this role. | |
955 | * @throws DataBackendException | |
956 | * if there was an error accessing the data backend. | |
957 | * @throws UnknownEntityException | |
958 | * if the Role is not present. | |
959 | */ | |
960 | @Override | |
961 | public void revokeAll( Role role, boolean cascadeDelete ) | |
962 | throws DataBackendException, UnknownEntityException | |
963 | { | |
964 | 0 | modelManager.revokeAll(role, cascadeDelete); |
965 | 0 | } |
966 | ||
967 | /** | |
968 | * Retrieves all permissions associated with a role. | |
969 | * | |
970 | * @param role the role name, for which the permissions are to be retrieved. | |
971 | * @return the Permissions for the specified role | |
972 | * @throws DataBackendException if there was an error accessing the data | |
973 | * backend. | |
974 | * @throws UnknownEntityException if the role is not present. | |
975 | */ | |
976 | @Override | |
977 | public PermissionSet getPermissions(Role role) | |
978 | throws DataBackendException, UnknownEntityException | |
979 | { | |
980 | 0 | return ((TurbineRole)role).getPermissions(); |
981 | } | |
982 | ||
983 | /** | |
984 | * Creates a new group with specified attributes. | |
985 | * | |
986 | * @param group the object describing the group to be created. | |
987 | * @throws DataBackendException if there was an error accessing the data | |
988 | * backend. | |
989 | * @throws EntityExistsException if the group already exists. | |
990 | */ | |
991 | @Override | |
992 | public <G extends Group> G addGroup(G group) | |
993 | throws DataBackendException, EntityExistsException | |
994 | { | |
995 | 0 | return groupManager.addGroup(group); |
996 | } | |
997 | ||
998 | /** | |
999 | * Creates a new role with specified attributes. | |
1000 | * | |
1001 | * @param role the objects describing the role to be created. | |
1002 | * @throws DataBackendException if there was an error accessing the data | |
1003 | * backend. | |
1004 | * @throws EntityExistsException if the role already exists. | |
1005 | */ | |
1006 | @Override | |
1007 | public <R extends Role> R addRole(R role) | |
1008 | throws DataBackendException, EntityExistsException | |
1009 | { | |
1010 | 0 | return roleManager.addRole(role); |
1011 | } | |
1012 | ||
1013 | /** | |
1014 | * Creates a new permission with specified attributes. | |
1015 | * | |
1016 | * @param permission the objects describing the permission to be created. | |
1017 | * @throws DataBackendException if there was an error accessing the data | |
1018 | * backend. | |
1019 | * @throws EntityExistsException if the permission already exists. | |
1020 | */ | |
1021 | @Override | |
1022 | public <P extends Permission> P addPermission(P permission) | |
1023 | throws DataBackendException, EntityExistsException | |
1024 | { | |
1025 | 0 | return permissionManager.addPermission(permission); |
1026 | } | |
1027 | ||
1028 | /** | |
1029 | * Removes a Group from the system. | |
1030 | * | |
1031 | * @param group the object describing group to be removed. | |
1032 | * @throws DataBackendException if there was an error accessing the data | |
1033 | * backend. | |
1034 | * @throws UnknownEntityException if the group does not exist. | |
1035 | */ | |
1036 | @Override | |
1037 | public void removeGroup(Group group) | |
1038 | throws DataBackendException, UnknownEntityException | |
1039 | { | |
1040 | 0 | groupManager.removeGroup(group); |
1041 | 0 | } |
1042 | ||
1043 | /** | |
1044 | * Removes a Role from the system. | |
1045 | * | |
1046 | * @param role The object describing the role to be removed. | |
1047 | * @throws DataBackendException if there was an error accessing the data backend. | |
1048 | * @throws UnknownEntityException if the role does not exist. | |
1049 | */ | |
1050 | @Override | |
1051 | public void removeRole(Role role) | |
1052 | throws DataBackendException, UnknownEntityException | |
1053 | { | |
1054 | 0 | roleManager.removeRole(role); |
1055 | 0 | } |
1056 | ||
1057 | /** | |
1058 | * Removes a Permission from the system. | |
1059 | * | |
1060 | * @param permission The object describing the permission to be removed. | |
1061 | * @throws DataBackendException if there was an error accessing the data | |
1062 | * backend. | |
1063 | * @throws UnknownEntityException if the permission does not exist. | |
1064 | */ | |
1065 | @Override | |
1066 | public void removePermission(Permission permission) | |
1067 | throws DataBackendException, UnknownEntityException | |
1068 | { | |
1069 | 0 | permissionManager.removePermission(permission); |
1070 | 0 | } |
1071 | ||
1072 | /** | |
1073 | * Renames an existing Group. | |
1074 | * | |
1075 | * @param group The object describing the group to be renamed. | |
1076 | * @param name the new name for the group. | |
1077 | * @throws DataBackendException if there was an error accessing the data | |
1078 | * backend. | |
1079 | * @throws UnknownEntityException if the group does not exist. | |
1080 | */ | |
1081 | @Override | |
1082 | public void renameGroup(Group group, String name) | |
1083 | throws DataBackendException, UnknownEntityException | |
1084 | { | |
1085 | 0 | groupManager.renameGroup(group, name); |
1086 | 0 | } |
1087 | ||
1088 | /** | |
1089 | * Renames an existing Role. | |
1090 | * | |
1091 | * @param role The object describing the role to be renamed. | |
1092 | * @param name the new name for the role. | |
1093 | * @throws DataBackendException if there was an error accessing the data | |
1094 | * backend. | |
1095 | * @throws UnknownEntityException if the role does not exist. | |
1096 | */ | |
1097 | @Override | |
1098 | public void renameRole(Role role, String name) | |
1099 | throws DataBackendException, UnknownEntityException | |
1100 | { | |
1101 | 0 | roleManager.renameRole(role, name); |
1102 | 0 | } |
1103 | ||
1104 | /** | |
1105 | * Renames an existing Permission. | |
1106 | * | |
1107 | * @param permission The object describing the permission to be renamed. | |
1108 | * @param name the new name for the permission. | |
1109 | * @throws DataBackendException if there was an error accessing the data | |
1110 | * backend. | |
1111 | * @throws UnknownEntityException if the permission does not exist. | |
1112 | */ | |
1113 | @Override | |
1114 | public void renamePermission(Permission permission, String name) | |
1115 | throws DataBackendException, UnknownEntityException | |
1116 | { | |
1117 | 0 | permissionManager.renamePermission(permission, name); |
1118 | 0 | } |
1119 | } |