Coverage Report - org.apache.turbine.services.security.DefaultSecurityService
 
Classes in this File Line Coverage Branch Coverage Complexity
DefaultSecurityService
24%
39/157
5%
1/18
1,6
 
 1  
 package org.apache.turbine.services.security;
 2  
 
 3  
 
 4  
 /*
 5  
  * Licensed to the Apache Software Foundation (ASF) under one
 6  
  * or more contributor license agreements.  See the NOTICE file
 7  
  * distributed with this work for additional information
 8  
  * regarding copyright ownership.  The ASF licenses this file
 9  
  * to you under the Apache License, Version 2.0 (the
 10  
  * "License"); you may not use this file except in compliance
 11  
  * with the License.  You may obtain a copy of the License at
 12  
  *
 13  
  *   http://www.apache.org/licenses/LICENSE-2.0
 14  
  *
 15  
  * Unless required by applicable law or agreed to in writing,
 16  
  * software distributed under the License is distributed on an
 17  
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 18  
  * KIND, either express or implied.  See the License for the
 19  
  * specific language governing permissions and limitations
 20  
  * under the License.
 21  
  */
 22  
 
 23  
 
 24  
 import org.apache.commons.configuration2.Configuration;
 25  
 import org.apache.fulcrum.security.GroupManager;
 26  
 import org.apache.fulcrum.security.PermissionManager;
 27  
 import org.apache.fulcrum.security.RoleManager;
 28  
 import org.apache.fulcrum.security.acl.AccessControlList;
 29  
 import org.apache.fulcrum.security.entity.Group;
 30  
 import org.apache.fulcrum.security.entity.Permission;
 31  
 import org.apache.fulcrum.security.entity.Role;
 32  
 import org.apache.fulcrum.security.model.turbine.TurbineModelManager;
 33  
 import org.apache.fulcrum.security.model.turbine.entity.TurbineRole;
 34  
 import org.apache.fulcrum.security.util.DataBackendException;
 35  
 import org.apache.fulcrum.security.util.EntityExistsException;
 36  
 import org.apache.fulcrum.security.util.GroupSet;
 37  
 import org.apache.fulcrum.security.util.PasswordMismatchException;
 38  
 import org.apache.fulcrum.security.util.PermissionSet;
 39  
 import org.apache.fulcrum.security.util.RoleSet;
 40  
 import org.apache.fulcrum.security.util.UnknownEntityException;
 41  
 import org.apache.logging.log4j.LogManager;
 42  
 import org.apache.logging.log4j.Logger;
 43  
 import org.apache.turbine.om.security.User;
 44  
 import org.apache.turbine.services.InitializationException;
 45  
 import org.apache.turbine.services.ServiceManager;
 46  
 import org.apache.turbine.services.TurbineBaseService;
 47  
 import org.apache.turbine.services.TurbineServices;
 48  
 
 49  
 /**
 50  
  * This is a common subset of SecurityService implementation.
 51  
  *
 52  
  * Provided functionality includes:
 53  
  * <ul>
 54  
  * <li> methods for retrieving User objects, that delegates functionality
 55  
  *      to the pluggable implementations of the User interface.
 56  
  * <li> synchronization mechanism for methods reading/modifying the security
 57  
  *      information, that guarantees that multiple threads may read the
 58  
  *      information concurrently, but threads that modify the information
 59  
  *      acquires exclusive access.
 60  
  * <li> implementation of convenience methods for retrieving security entities
 61  
  *      that maintain in-memory caching of objects for fast access.
 62  
  * </ul>
 63  
  *
 64  
  * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a>
 65  
  * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
 66  
  * @author <a href="mailto:marco@intermeta.de">Marco Kn&uuml;ttel</a>
 67  
  * @author <a href="mailto:quintonm@bellsouth.net">Quinton McCombs</a>
 68  
  * @version $Id: DefaultSecurityService.java 1854688 2019-03-03 10:36:42Z tv $
 69  
  */
 70  78
 public class DefaultSecurityService
 71  
         extends TurbineBaseService
 72  
         implements SecurityService
 73  
 {
 74  
     /** The number of threads concurrently reading security information */
 75  78
     private int readerCount = 0;
 76  
 
 77  
     /** The instance of UserManager the SecurityService uses */
 78  78
     private UserManager userManager = null;
 79  
 
 80  
     /** The instance of GroupManager the SecurityService uses */
 81  
     private GroupManager groupManager;
 82  
 
 83  
     /** The instance of RoleManager the SecurityService uses */
 84  
     private RoleManager roleManager;
 85  
 
 86  
     /** The instance of PermissionManager the SecurityService uses */
 87  
     private PermissionManager permissionManager;
 88  
 
 89  
     /** The instance of ModelManager the SecurityService uses */
 90  
     private TurbineModelManager modelManager;
 91  
 
 92  
     /**
 93  
      * The Group object that represents the <a href="#global">global group</a>.
 94  
      */
 95  78
     private static volatile Group globalGroup = null;
 96  
 
 97  
     /** Logging */
 98  78
     private static final Logger log = LogManager.getLogger(DefaultSecurityService.class);
 99  
 
 100  
     /**
 101  
      * Initializes the SecurityService, locating the appropriate UserManager
 102  
      * This is a zero parameter variant which queries the Turbine Servlet
 103  
      * for its config.
 104  
      *
 105  
      * @throws InitializationException Something went wrong in the init stage
 106  
      */
 107  
     @Override
 108  
     public void init()
 109  
             throws InitializationException
 110  
     {
 111  15
         ServiceManager manager = TurbineServices.getInstance();
 112  
 
 113  15
         this.groupManager = (GroupManager)manager.getService(GroupManager.ROLE);
 114  15
         this.roleManager = (RoleManager)manager.getService(RoleManager.ROLE);
 115  15
         this.permissionManager = (PermissionManager)manager.getService(PermissionManager.ROLE);
 116  15
         this.modelManager = (TurbineModelManager)manager.getService(TurbineModelManager.ROLE);
 117  
 
 118  15
         Configuration conf = getConfiguration();
 119  
 
 120  15
         String userManagerClassName = conf.getString(
 121  
                 SecurityService.USER_MANAGER_KEY,
 122  
                 SecurityService.USER_MANAGER_DEFAULT);
 123  
 
 124  
         try
 125  
         {
 126  15
             this.userManager =
 127  15
                     (UserManager) Class.forName(userManagerClassName).newInstance();
 128  
 
 129  15
             userManager.init(conf);
 130  
         }
 131  0
         catch (Exception e)
 132  
         {
 133  0
             throw new InitializationException("Failed to instantiate UserManager", e);
 134  15
         }
 135  
 
 136  15
         setInit(true);
 137  15
     }
 138  
 
 139  
     /**
 140  
      * Construct a blank User object.
 141  
      *
 142  
      * @return an object implementing User interface.
 143  
      * @throws UnknownEntityException if the object could not be instantiated.
 144  
      */
 145  
     @Override
 146  
     public <U extends User> U getUserInstance()
 147  
             throws UnknownEntityException
 148  
     {
 149  
         U user;
 150  
         try
 151  
         {
 152  3
             user = getUserManager().getUserInstance();
 153  
         }
 154  0
         catch (DataBackendException e)
 155  
         {
 156  0
             throw new UnknownEntityException(
 157  
                     "Failed instantiate an User implementation object", e);
 158  3
         }
 159  3
         return user;
 160  
     }
 161  
 
 162  
     /**
 163  
      * Construct a blank User object.
 164  
      *
 165  
      * @param userName The name of the user.
 166  
      *
 167  
      * @return an object implementing User interface.
 168  
      *
 169  
      * @throws UnknownEntityException if the object could not be instantiated.
 170  
      */
 171  
     @Override
 172  
     public <U extends User> U getUserInstance(String userName)
 173  
             throws UnknownEntityException
 174  
     {
 175  
         U user;
 176  
         try
 177  
         {
 178  3
             user = getUserManager().getUserInstance(userName);
 179  
         }
 180  0
         catch (DataBackendException e)
 181  
         {
 182  0
             throw new UnknownEntityException(
 183  
                     "Failed instantiate an User implementation object", e);
 184  3
         }
 185  3
         return user;
 186  
     }
 187  
 
 188  
     /**
 189  
      * Construct a blank Group object.
 190  
      *
 191  
      * @return an object implementing Group interface.
 192  
      * @throws UnknownEntityException if the object could not be instantiated.
 193  
      */
 194  
     @Override
 195  
     public <G extends Group> G getGroupInstance()
 196  
             throws UnknownEntityException
 197  
     {
 198  
         G group;
 199  
         try
 200  
         {
 201  0
             group = groupManager.getGroupInstance();
 202  
         }
 203  0
         catch (Exception e)
 204  
         {
 205  0
             throw new UnknownEntityException("Failed to instantiate a Group implementation object", e);
 206  0
         }
 207  0
         return group;
 208  
     }
 209  
 
 210  
     /**
 211  
      * Construct a blank Group object.
 212  
      *
 213  
      * @param groupName The name of the Group
 214  
      *
 215  
      * @return an object implementing Group interface.
 216  
      *
 217  
      * @throws UnknownEntityException if the object could not be instantiated.
 218  
      */
 219  
     @Override
 220  
     public <G extends Group> G getGroupInstance(String groupName)
 221  
             throws UnknownEntityException
 222  
     {
 223  
         G group;
 224  
         try
 225  
         {
 226  0
             group = groupManager.getGroupInstance(groupName);
 227  
         }
 228  0
         catch (Exception e)
 229  
         {
 230  0
             throw new UnknownEntityException("Failed to instantiate a Group implementation object", e);
 231  0
         }
 232  0
         return group;
 233  
     }
 234  
 
 235  
     /**
 236  
      * Construct a blank Permission object.
 237  
      *
 238  
      * @return an object implementing Permission interface.
 239  
      * @throws UnknownEntityException if the object could not be instantiated.
 240  
      */
 241  
     @Override
 242  
     public <P extends Permission> P getPermissionInstance()
 243  
             throws UnknownEntityException
 244  
     {
 245  
         P permission;
 246  
         try
 247  
         {
 248  0
             permission = permissionManager.getPermissionInstance();
 249  
         }
 250  0
         catch (Exception e)
 251  
         {
 252  0
             throw new UnknownEntityException("Failed to instantiate a Permission implementation object", e);
 253  0
         }
 254  0
         return permission;
 255  
     }
 256  
 
 257  
     /**
 258  
      * Construct a blank Permission object.
 259  
      *
 260  
      * @param permName The name of the permission.
 261  
      *
 262  
      * @return an object implementing Permission interface.
 263  
      * @throws UnknownEntityException if the object could not be instantiated.
 264  
      */
 265  
     @Override
 266  
     public <P extends Permission> P getPermissionInstance(String permName)
 267  
             throws UnknownEntityException
 268  
     {
 269  
         P permission;
 270  
         try
 271  
         {
 272  0
             permission = permissionManager.getPermissionInstance(permName);
 273  
         }
 274  0
         catch (Exception e)
 275  
         {
 276  0
             throw new UnknownEntityException("Failed to instantiate a Permission implementation object", e);
 277  0
         }
 278  0
         return permission;
 279  
     }
 280  
 
 281  
     /**
 282  
      * Construct a blank Role object.
 283  
      *
 284  
      * @return an object implementing Role interface.
 285  
      * @throws UnknownEntityException if the object could not be instantiated.
 286  
      */
 287  
     @Override
 288  
     public <R extends Role> R getRoleInstance()
 289  
             throws UnknownEntityException
 290  
     {
 291  
         R role;
 292  
         try
 293  
         {
 294  0
             role = roleManager.getRoleInstance();
 295  
         }
 296  0
         catch (Exception e)
 297  
         {
 298  0
             throw new UnknownEntityException("Failed to instantiate a Role implementation object", e);
 299  0
         }
 300  0
         return role;
 301  
     }
 302  
 
 303  
     /**
 304  
      * Construct a blank Role object.
 305  
      *
 306  
      * @param roleName The name of the role.
 307  
      *
 308  
      * @return an object implementing Role interface.
 309  
      *
 310  
      * @throws UnknownEntityException if the object could not be instantiated.
 311  
      */
 312  
     @Override
 313  
     public <R extends Role> R getRoleInstance(String roleName)
 314  
             throws UnknownEntityException
 315  
     {
 316  
         R role;
 317  
         try
 318  
         {
 319  0
             role = roleManager.getRoleInstance(roleName);
 320  
         }
 321  0
         catch (Exception e)
 322  
         {
 323  0
             throw new UnknownEntityException("Failed to instantiate a Role implementation object", e);
 324  0
         }
 325  0
         return role;
 326  
     }
 327  
 
 328  
     /**
 329  
      * Returns the configured UserManager.
 330  
      *
 331  
      * @return An UserManager object
 332  
      */
 333  
     @Override
 334  
     public UserManager getUserManager()
 335  
     {
 336  63
         return userManager;
 337  
     }
 338  
 
 339  
     /**
 340  
      * Check whether a specified user's account exists.
 341  
      *
 342  
      * The login name is used for looking up the account.
 343  
      *
 344  
      * @param user The user to be checked.
 345  
      * @return true if the specified account exists
 346  
      * @throws DataBackendException if there was an error accessing the data
 347  
      *         backend.
 348  
      */
 349  
     @Override
 350  
     public boolean accountExists(User user)
 351  
             throws DataBackendException
 352  
     {
 353  6
         return getUserManager().accountExists(user);
 354  
     }
 355  
 
 356  
     /**
 357  
      * Check whether a specified user's account exists.
 358  
      *
 359  
      * The login name is used for looking up the account.
 360  
      *
 361  
      * @param userName The name of the user to be checked.
 362  
      * @return true if the specified account exists
 363  
      * @throws DataBackendException if there was an error accessing the data
 364  
      *         backend.
 365  
      */
 366  
     @Override
 367  
     public boolean accountExists(String userName)
 368  
             throws DataBackendException
 369  
     {
 370  6
         return getUserManager().accountExists(userName);
 371  
     }
 372  
 
 373  
     /**
 374  
      * Retrieves a User object representing an individual who has
 375  
      * properly identified themselves with their verified
 376  
      * username and password
 377  
      *
 378  
      * @param username The user name.
 379  
      * @param password The user password.
 380  
      * @return An authenticated Turbine User.
 381  
      * @throws PasswordMismatchException if the supplied password was incorrect.
 382  
      * @throws UnknownEntityException if the user's account does not
 383  
      *            exist in the database.
 384  
      * @throws DataBackendException if there is a problem accessing the storage.
 385  
      */
 386  
     @Override
 387  
     public <U extends User> U getAuthenticatedUser(String username, String password)
 388  
             throws DataBackendException, UnknownEntityException,
 389  
                    PasswordMismatchException
 390  
     {
 391  3
         return getUserManager().retrieve(username, password);
 392  
     }
 393  
 
 394  
     /**
 395  
      * Constructs an User object to represent a registered user of the
 396  
      * application. This method does not authenticate that the proper
 397  
      * credentials were supplied (see @link #getAuthenticatedUser()})
 398  
      *
 399  
      * @param username The user name.
 400  
      * @return A Turbine User.
 401  
      * @throws UnknownEntityException if the user's account does not exist
 402  
      * @throws DataBackendException if there is a problem accessing the storage.
 403  
      */
 404  
     @Override
 405  
     public <U extends User> U getUser(String username)
 406  
             throws DataBackendException, UnknownEntityException
 407  
     {
 408  3
         return getUserManager().retrieve(username);
 409  
     }
 410  
 
 411  
     /**
 412  
      * Constructs an User object to represent an anonymous user of the
 413  
      * application.
 414  
      *
 415  
      * @return An anonymous Turbine User.
 416  
      * @throws UnknownEntityException if the implementation of User interface
 417  
      *         could not be determined, or does not exist.
 418  
      */
 419  
     @Override
 420  
     public <U extends User> U getAnonymousUser()
 421  
             throws UnknownEntityException
 422  
     {
 423  12
         return getUserManager().getAnonymousUser();
 424  
     }
 425  
 
 426  
     /**
 427  
      * Checks whether a passed user object matches the anonymous user pattern
 428  
      * according to the configured user manager
 429  
      *
 430  
      * @param user An user object
 431  
      *
 432  
      * @return True if this is an anonymous user
 433  
      *
 434  
      */
 435  
     @Override
 436  
     public boolean isAnonymousUser(User user)
 437  
     {
 438  12
         return getUserManager().isAnonymousUser(user);
 439  
     }
 440  
 
 441  
     /**
 442  
      * Saves User's data in the permanent storage. The user account is required
 443  
      * to exist in the storage.
 444  
      *
 445  
      * @param user the User object to save
 446  
      * @throws UnknownEntityException if the user's account does not
 447  
      *         exist in the database.
 448  
      * @throws DataBackendException if there is a problem accessing the storage.
 449  
      */
 450  
     @Override
 451  
     public void saveUser(User user)
 452  
             throws UnknownEntityException, DataBackendException
 453  
     {
 454  3
         getUserManager().store(user);
 455  3
     }
 456  
 
 457  
     /**
 458  
      * Saves User data when the session is unbound. The user account is required
 459  
      * to exist in the storage.
 460  
      *
 461  
      * LastLogin, AccessCounter, persistent pull tools, and any data stored
 462  
      * in the permData hashmap that is not mapped to a column will be saved.
 463  
      *
 464  
      * @throws UnknownEntityException if the user's account does not
 465  
      *            exist in the database.
 466  
      * @throws DataBackendException if there is a problem accessing the
 467  
      *            storage.
 468  
      */
 469  
     @Override
 470  
     public void saveOnSessionUnbind(User user)
 471  
             throws UnknownEntityException, DataBackendException
 472  
     {
 473  0
         getUserManager().saveOnSessionUnbind(user);
 474  0
     }
 475  
 
 476  
     /**
 477  
      * Creates new user account with specified attributes.
 478  
      *
 479  
      * @param user the object describing account to be created.
 480  
      * @param password The password to use for the account.
 481  
      *
 482  
      * @throws DataBackendException if there was an error accessing the
 483  
      *         data backend.
 484  
      * @throws EntityExistsException if the user account already exists.
 485  
      */
 486  
     @Override
 487  
     public void addUser(User user, String password)
 488  
             throws UnknownEntityException,DataBackendException, EntityExistsException
 489  
     {
 490  9
         getUserManager().createAccount(user, password);
 491  9
     }
 492  
 
 493  
     /**
 494  
      * Removes an user account from the system.
 495  
      *
 496  
      * @param user the object describing the account to be removed.
 497  
      * @throws DataBackendException if there was an error accessing the data
 498  
      *         backend.
 499  
      * @throws UnknownEntityException if the user account is not present.
 500  
      */
 501  
     @Override
 502  
     public void removeUser(User user)
 503  
             throws DataBackendException, UnknownEntityException
 504  
     {
 505  0
         if (user == null) {
 506  0
             throw new UnknownEntityException("user is null");
 507  
         }
 508  
         // revoke all roles form the user
 509  0
         modelManager.revokeAll(user.getUserDelegate());
 510  0
         getUserManager().removeAccount(user);
 511  0
     }
 512  
 
 513  
     /**
 514  
      * Change the password for an User.
 515  
      *
 516  
      * @param user an User to change password for.
 517  
      * @param oldPassword the current password supplied by the user.
 518  
      * @param newPassword the current password requested by the user.
 519  
      * @throws PasswordMismatchException if the supplied password was incorrect.
 520  
      * @throws UnknownEntityException if the user's record does not
 521  
      *            exist in the database.
 522  
      * @throws DataBackendException if there is a problem accessing the storage.
 523  
      */
 524  
     @Override
 525  
     public void changePassword(User user, String oldPassword,
 526  
             String newPassword)
 527  
             throws PasswordMismatchException, UnknownEntityException,
 528  
                    DataBackendException
 529  
     {
 530  0
         getUserManager().changePassword(user, oldPassword, newPassword);
 531  0
     }
 532  
 
 533  
     /**
 534  
      * Forcibly sets new password for an User.
 535  
      *
 536  
      * This is supposed by the administrator to change the forgotten or
 537  
      * compromised passwords. Certain implementatations of this feature
 538  
      * would require administrative level access to the authenticating
 539  
      * server / program.
 540  
      *
 541  
      * @param user an User to change password for.
 542  
      * @param password the new password.
 543  
      * @throws UnknownEntityException if the user's record does not
 544  
      *            exist in the database.
 545  
      * @throws DataBackendException if there is a problem accessing the storage.
 546  
      */
 547  
     @Override
 548  
     public void forcePassword(User user, String password)
 549  
             throws UnknownEntityException, DataBackendException
 550  
     {
 551  0
         getUserManager().forcePassword(user, password);
 552  0
     }
 553  
 
 554  
     /**
 555  
      * Acquire a shared lock on the security information repository.
 556  
      *
 557  
      * Methods that read security information need to invoke this
 558  
      * method at the beginning of their body.
 559  
      */
 560  
     protected synchronized void lockShared()
 561  
     {
 562  0
         readerCount++;
 563  0
     }
 564  
 
 565  
     /**
 566  
      * Release a shared lock on the security information repository.
 567  
      *
 568  
      * Methods that read security information need to invoke this
 569  
      * method at the end of their body.
 570  
      */
 571  
     protected synchronized void unlockShared()
 572  
     {
 573  0
         readerCount--;
 574  0
         this.notify();
 575  0
     }
 576  
 
 577  
     /**
 578  
      * Acquire an exclusive lock on the security information repository.
 579  
      *
 580  
      * Methods that modify security information need to invoke this
 581  
      * method at the beginning of their body. Note! Those methods must
 582  
      * be <code>synchronized</code> themselves!
 583  
      */
 584  
     protected void lockExclusive()
 585  
     {
 586  0
         while (readerCount > 0)
 587  
         {
 588  
             try
 589  
             {
 590  0
                 this.wait();
 591  
             }
 592  0
             catch (InterruptedException e)
 593  
             {
 594  
                 // ignore
 595  0
             }
 596  
         }
 597  0
     }
 598  
 
 599  
     /**
 600  
      * Release an exclusive lock on the security information repository.
 601  
      *
 602  
      * This method is provided only for completeness. It does not really
 603  
      * do anything. Note! Methods that modify security information
 604  
      * must be <code>synchronized</code>!
 605  
      */
 606  
     protected void unlockExclusive()
 607  
     {
 608  
         // do nothing
 609  0
     }
 610  
 
 611  
     /**
 612  
      * Provides a reference to the Group object that represents the
 613  
      * <a href="#global">global group</a>.
 614  
      *
 615  
      * @return a Group object that represents the global group.
 616  
      */
 617  
     @Override
 618  
     public <G extends Group> G getGlobalGroup()
 619  
     {
 620  0
         if (globalGroup == null)
 621  
         {
 622  0
             synchronized (DefaultSecurityService.class)
 623  
             {
 624  0
                 if (globalGroup == null)
 625  
                 {
 626  
                     try
 627  
                     {
 628  0
                         globalGroup = modelManager.getGlobalGroup();
 629  
                     }
 630  0
                     catch (DataBackendException e)
 631  
                     {
 632  0
                         log.error("Failed to retrieve global group object: ", e);
 633  0
                     }
 634  
                 }
 635  0
             }
 636  
         }
 637  
         @SuppressWarnings("unchecked")
 638  0
         G g = (G)globalGroup;
 639  0
         return g;
 640  
     }
 641  
 
 642  
     /**
 643  
      * Retrieve a Group object with specified name.
 644  
      *
 645  
      * @param name the name of the Group.
 646  
      * @return an object representing the Group with specified name.
 647  
      * @throws DataBackendException if there was an error accessing the
 648  
      *         data backend.
 649  
      * @throws UnknownEntityException if the group does not exist.
 650  
      */
 651  
     @Override
 652  
     public <G extends Group> G getGroupByName(String name)
 653  
             throws DataBackendException, UnknownEntityException
 654  
     {
 655  0
         return groupManager.getGroupByName(name);
 656  
     }
 657  
 
 658  
     /**
 659  
      * Retrieve a Group object with specified Id.
 660  
      *
 661  
      * @param id the id of the Group.
 662  
      * @return an object representing the Group with specified name.
 663  
      * @throws UnknownEntityException if the permission does not
 664  
      *            exist in the database.
 665  
      * @throws DataBackendException if there is a problem accessing the
 666  
      *            storage.
 667  
      */
 668  
     @Override
 669  
     public <G extends Group> G getGroupById(int id)
 670  
             throws DataBackendException, UnknownEntityException
 671  
     {
 672  0
         return groupManager.getGroupById(Integer.valueOf(id));
 673  
     }
 674  
 
 675  
     /**
 676  
      * Retrieve a Role object with specified name.
 677  
      *
 678  
      * @param name the name of the Role.
 679  
      * @return an object representing the Role with specified name.
 680  
      * @throws DataBackendException if there was an error accessing the
 681  
      *         data backend.
 682  
      * @throws UnknownEntityException if the role does not exist.
 683  
      */
 684  
     @Override
 685  
     public <R extends Role> R getRoleByName(String name)
 686  
             throws DataBackendException, UnknownEntityException
 687  
     {
 688  0
         R role = roleManager.getRoleByName(name);
 689  0
         if (role instanceof TurbineRole)
 690  
         {
 691  0
             ((TurbineRole)role).setPermissions(getPermissions(role));
 692  
         }
 693  0
         return role;
 694  
     }
 695  
 
 696  
     /**
 697  
      * Retrieve a Role object with specified Id.
 698  
      * @param id the id of the Role.
 699  
      * @return an object representing the Role with specified name.
 700  
      * @throws UnknownEntityException if the permission does not
 701  
      *            exist in the database.
 702  
      * @throws DataBackendException if there is a problem accessing the
 703  
      *            storage.
 704  
      */
 705  
     @Override
 706  
     public <R extends Role> R getRoleById(int id)
 707  
             throws DataBackendException,
 708  
                    UnknownEntityException
 709  
     {
 710  0
         R role = roleManager.getRoleById(Integer.valueOf(id));
 711  0
         if (role instanceof TurbineRole)
 712  
         {
 713  0
             ((TurbineRole)role).setPermissions(getPermissions(role));
 714  
         }
 715  0
         return role;
 716  
     }
 717  
 
 718  
     /**
 719  
      * Retrieve a Permission object with specified name.
 720  
      *
 721  
      * @param name the name of the Permission.
 722  
      * @return an object representing the Permission with specified name.
 723  
      * @throws DataBackendException if there was an error accessing the
 724  
      *         data backend.
 725  
      * @throws UnknownEntityException if the permission does not exist.
 726  
      */
 727  
     @Override
 728  
     public <P extends Permission> P getPermissionByName(String name)
 729  
             throws DataBackendException, UnknownEntityException
 730  
     {
 731  0
         return permissionManager.getPermissionByName(name);
 732  
     }
 733  
 
 734  
     /**
 735  
      * Retrieve a Permission object with specified Id.
 736  
      *
 737  
      * @param id the id of the Permission.
 738  
      * @return an object representing the Permission with specified name.
 739  
      * @throws UnknownEntityException if the permission does not
 740  
      *            exist in the database.
 741  
      * @throws DataBackendException if there is a problem accessing the
 742  
      *            storage.
 743  
      */
 744  
     @Override
 745  
     public <P extends Permission> P getPermissionById(int id)
 746  
             throws DataBackendException,
 747  
                    UnknownEntityException
 748  
     {
 749  0
         return permissionManager.getPermissionById(Integer.valueOf(id));
 750  
     }
 751  
 
 752  
     /**
 753  
      * Retrieves all groups defined in the system.
 754  
      *
 755  
      * @return the names of all groups defined in the system.
 756  
      * @throws DataBackendException if there was an error accessing the
 757  
      *         data backend.
 758  
      */
 759  
     @Override
 760  
     public GroupSet getAllGroups() throws DataBackendException
 761  
     {
 762  0
         return groupManager.getAllGroups();
 763  
     }
 764  
 
 765  
     /**
 766  
      * Retrieves all roles defined in the system.
 767  
      *
 768  
      * @return the names of all roles defined in the system.
 769  
      * @throws DataBackendException if there was an error accessing the
 770  
      *         data backend.
 771  
      */
 772  
     @Override
 773  
     public RoleSet getAllRoles() throws DataBackendException
 774  
     {
 775  0
         return roleManager.getAllRoles();
 776  
     }
 777  
 
 778  
     /**
 779  
      * Retrieves all permissions defined in the system.
 780  
      *
 781  
      * @return the names of all roles defined in the system.
 782  
      * @throws DataBackendException if there was an error accessing the
 783  
      *         data backend.
 784  
      */
 785  
     @Override
 786  
     public PermissionSet getAllPermissions() throws DataBackendException
 787  
     {
 788  0
         return permissionManager.getAllPermissions();
 789  
     }
 790  
 
 791  
     /*-----------------------------------------------------------------------
 792  
     Creation of AccessControlLists
 793  
     -----------------------------------------------------------------------*/
 794  
 
 795  
     /**
 796  
      * Constructs an AccessControlList for a specific user.
 797  
      *
 798  
      * @param user the user for whom the AccessControlList are to be retrieved
 799  
      * @return The AccessControList object constructed from the user object.
 800  
      * @throws DataBackendException if there was an error accessing the data
 801  
      *         backend.
 802  
      * @throws UnknownEntityException if user account is not present.
 803  
      */
 804  
     @Override
 805  
     public <A extends AccessControlList> A getACL(User user)
 806  
         throws DataBackendException, UnknownEntityException
 807  
     {
 808  3
         return getUserManager().getACL(user);
 809  
     }
 810  
 
 811  
     /*-----------------------------------------------------------------------
 812  
     Security management
 813  
     -----------------------------------------------------------------------*/
 814  
 
 815  
     /**
 816  
      * Grant an User a Role in a Group.
 817  
      *
 818  
      * @param user the user.
 819  
      * @param group the group.
 820  
      * @param role the role.
 821  
      * @throws DataBackendException if there was an error accessing the data
 822  
      *         backend.
 823  
      * @throws UnknownEntityException if user account, group or role is not
 824  
      *         present.
 825  
      */
 826  
     @Override
 827  
     public void grant(User user, Group group, Role role)
 828  
     throws DataBackendException, UnknownEntityException
 829  
     {
 830  3
         if (user == null) {
 831  0
             throw new UnknownEntityException("user is null");
 832  
         }
 833  3
         modelManager.grant(user.getUserDelegate(), group, role);
 834  3
     }
 835  
 
 836  
     /**
 837  
      * Revoke a Role in a Group from an User.
 838  
      *
 839  
      * @param user the user.
 840  
      * @param group the group.
 841  
      * @param role the role.
 842  
      * @throws DataBackendException if there was an error accessing the data
 843  
      *         backend.
 844  
      * @throws UnknownEntityException if user account, group or role is not
 845  
      *         present.
 846  
      */
 847  
     @Override
 848  
     public void revoke(User user, Group group, Role role)
 849  
         throws DataBackendException, UnknownEntityException
 850  
     {
 851  0
         if (user == null) {
 852  0
             throw new UnknownEntityException("user is null");
 853  
         }
 854  0
         modelManager.revoke(user.getUserDelegate(), group, role);
 855  0
     }
 856  
 
 857  
     /**
 858  
      * Replaces transactionally the first role with second role for the given user.
 859  
      *
 860  
      * @param user the user.
 861  
      * @param role the old role
 862  
      * @param newRole the new role
 863  
      *
 864  
      * @throws DataBackendException if there was an error accessing the data
 865  
      *         backend.
 866  
      * @throws UnknownEntityException if user account, group or role is not
 867  
      *         present.
 868  
      */
 869  
     @Override
 870  
     public void replaceRole(User user, Role role, Role newRole)
 871  
                     throws DataBackendException, UnknownEntityException
 872  
     {
 873  0
         modelManager.replace( user, role, newRole );
 874  0
     }
 875  
 
 876  
     /**
 877  
      * Revokes all roles from an User.
 878  
      *
 879  
      * This method is used when deleting an account.
 880  
      *
 881  
      * @param user the User.
 882  
      * @throws DataBackendException if there was an error accessing the data
 883  
      *         backend.
 884  
      * @throws UnknownEntityException if the account is not present.
 885  
      */
 886  
     @Override
 887  
     public void revokeAll(User user)
 888  
         throws DataBackendException, UnknownEntityException
 889  
     {
 890  0
         if (user == null) {
 891  0
             throw new UnknownEntityException("user is null");
 892  
         }
 893  0
         modelManager.revokeAll(user.getUserDelegate());
 894  0
     }
 895  
 
 896  
     /**
 897  
      * Grants a Role a Permission
 898  
      *
 899  
      * @param role the Role.
 900  
      * @param permission the Permission.
 901  
      * @throws DataBackendException if there was an error accessing the data
 902  
      *         backend.
 903  
      * @throws UnknownEntityException if role or permission is not present.
 904  
      */
 905  
     @Override
 906  
     public void grant(Role role, Permission permission)
 907  
         throws DataBackendException, UnknownEntityException
 908  
     {
 909  0
         modelManager.grant(role, permission);
 910  0
     }
 911  
 
 912  
     /**
 913  
      * Revokes a Permission from a Role.
 914  
      *
 915  
      * @param role the Role.
 916  
      * @param permission the Permission.
 917  
      * @throws DataBackendException if there was an error accessing the data
 918  
      *         backend.
 919  
      * @throws UnknownEntityException if role or permission is not present.
 920  
      */
 921  
     @Override
 922  
     public void revoke(Role role, Permission permission)
 923  
         throws DataBackendException, UnknownEntityException
 924  
     {
 925  0
         modelManager.revoke(role, permission);
 926  0
     }
 927  
 
 928  
     /**
 929  
      * Revokes all permissions from a Role.
 930  
      *
 931  
      * This method is used when deleting a Role.
 932  
      *
 933  
      * @param role the Role
 934  
      * @throws DataBackendException if there was an error accessing the data
 935  
      *         backend.
 936  
      * @throws  UnknownEntityException if the Role is not present.
 937  
      */
 938  
     @Override
 939  
     public void revokeAll(Role role)
 940  
         throws DataBackendException, UnknownEntityException
 941  
     {
 942  0
         modelManager.revokeAll(role);
 943  0
     }
 944  
 
 945  
     /**
 946  
      * Revokes by default all permissions from a Role and if flag is set
 947  
      * all group and user relationships with this role
 948  
      *
 949  
      * This method is used when deleting a Role.
 950  
      *
 951  
      * @param role
 952  
      *            the Role
 953  
      * @param cascadeDelete
 954  
      *             if <code>true </code> removes all groups and user for this role.
 955  
      * @throws DataBackendException
 956  
      *             if there was an error accessing the data backend.
 957  
      * @throws UnknownEntityException
 958  
      *             if the Role is not present.
 959  
      */
 960  
     @Override
 961  
     public void revokeAll( Role role, boolean cascadeDelete )
 962  
         throws DataBackendException, UnknownEntityException
 963  
     {
 964  0
         modelManager.revokeAll(role, cascadeDelete);
 965  0
     }
 966  
 
 967  
     /**
 968  
      * Retrieves all permissions associated with a role.
 969  
      *
 970  
      * @param role the role name, for which the permissions are to be retrieved.
 971  
      * @return the Permissions for the specified role
 972  
      * @throws DataBackendException if there was an error accessing the data
 973  
      *         backend.
 974  
      * @throws UnknownEntityException if the role is not present.
 975  
      */
 976  
     @Override
 977  
     public PermissionSet getPermissions(Role role)
 978  
             throws DataBackendException, UnknownEntityException
 979  
     {
 980  0
         return ((TurbineRole)role).getPermissions();
 981  
     }
 982  
 
 983  
     /**
 984  
      * Creates a new group with specified attributes.
 985  
      *
 986  
      * @param group the object describing the group to be created.
 987  
      * @throws DataBackendException if there was an error accessing the data
 988  
      *         backend.
 989  
      * @throws EntityExistsException if the group already exists.
 990  
      */
 991  
     @Override
 992  
     public <G extends Group> G addGroup(G group)
 993  
             throws DataBackendException, EntityExistsException
 994  
     {
 995  0
         return groupManager.addGroup(group);
 996  
     }
 997  
 
 998  
     /**
 999  
      * Creates a new role with specified attributes.
 1000  
      *
 1001  
      * @param role the objects describing the role to be created.
 1002  
      * @throws DataBackendException if there was an error accessing the data
 1003  
      *         backend.
 1004  
      * @throws EntityExistsException if the role already exists.
 1005  
      */
 1006  
     @Override
 1007  
     public <R extends Role> R addRole(R role)
 1008  
             throws DataBackendException, EntityExistsException
 1009  
     {
 1010  0
         return roleManager.addRole(role);
 1011  
     }
 1012  
 
 1013  
     /**
 1014  
      * Creates a new permission with specified attributes.
 1015  
      *
 1016  
      * @param permission the objects describing the permission to be created.
 1017  
      * @throws DataBackendException if there was an error accessing the data
 1018  
      *         backend.
 1019  
      * @throws EntityExistsException if the permission already exists.
 1020  
      */
 1021  
     @Override
 1022  
     public <P extends Permission> P addPermission(P permission)
 1023  
             throws DataBackendException, EntityExistsException
 1024  
     {
 1025  0
         return permissionManager.addPermission(permission);
 1026  
     }
 1027  
 
 1028  
     /**
 1029  
      * Removes a Group from the system.
 1030  
      *
 1031  
      * @param group the object describing group to be removed.
 1032  
      * @throws DataBackendException if there was an error accessing the data
 1033  
      *         backend.
 1034  
      * @throws UnknownEntityException if the group does not exist.
 1035  
      */
 1036  
     @Override
 1037  
     public void removeGroup(Group group)
 1038  
             throws DataBackendException, UnknownEntityException
 1039  
     {
 1040  0
         groupManager.removeGroup(group);
 1041  0
     }
 1042  
 
 1043  
     /**
 1044  
      * Removes a Role from the system.
 1045  
      *
 1046  
      * @param role The object describing the role to be removed.
 1047  
      * @throws DataBackendException if there was an error accessing the data backend.
 1048  
      * @throws UnknownEntityException if the role does not exist.
 1049  
      */
 1050  
     @Override
 1051  
     public void removeRole(Role role)
 1052  
             throws DataBackendException, UnknownEntityException
 1053  
     {
 1054  0
         roleManager.removeRole(role);
 1055  0
     }
 1056  
 
 1057  
     /**
 1058  
      * Removes a Permission from the system.
 1059  
      *
 1060  
      * @param permission The object describing the permission to be removed.
 1061  
      * @throws DataBackendException if there was an error accessing the data
 1062  
      *         backend.
 1063  
      * @throws UnknownEntityException if the permission does not exist.
 1064  
      */
 1065  
     @Override
 1066  
     public void removePermission(Permission permission)
 1067  
             throws DataBackendException, UnknownEntityException
 1068  
     {
 1069  0
         permissionManager.removePermission(permission);
 1070  0
     }
 1071  
 
 1072  
     /**
 1073  
      * Renames an existing Group.
 1074  
      *
 1075  
      * @param group The object describing the group to be renamed.
 1076  
      * @param name the new name for the group.
 1077  
      * @throws DataBackendException if there was an error accessing the data
 1078  
      *         backend.
 1079  
      * @throws UnknownEntityException if the group does not exist.
 1080  
      */
 1081  
     @Override
 1082  
     public void renameGroup(Group group, String name)
 1083  
             throws DataBackendException, UnknownEntityException
 1084  
     {
 1085  0
         groupManager.renameGroup(group, name);
 1086  0
     }
 1087  
 
 1088  
     /**
 1089  
      * Renames an existing Role.
 1090  
      *
 1091  
      * @param role The object describing the role to be renamed.
 1092  
      * @param name the new name for the role.
 1093  
      * @throws DataBackendException if there was an error accessing the data
 1094  
      *         backend.
 1095  
      * @throws UnknownEntityException if the role does not exist.
 1096  
      */
 1097  
     @Override
 1098  
     public void renameRole(Role role, String name)
 1099  
             throws DataBackendException, UnknownEntityException
 1100  
     {
 1101  0
         roleManager.renameRole(role, name);
 1102  0
     }
 1103  
 
 1104  
     /**
 1105  
      * Renames an existing Permission.
 1106  
      *
 1107  
      * @param permission The object describing the permission to be renamed.
 1108  
      * @param name the new name for the permission.
 1109  
      * @throws DataBackendException if there was an error accessing the data
 1110  
      *         backend.
 1111  
      * @throws UnknownEntityException if the permission does not exist.
 1112  
      */
 1113  
     @Override
 1114  
     public void renamePermission(Permission permission, String name)
 1115  
             throws DataBackendException, UnknownEntityException
 1116  
     {
 1117  0
         permissionManager.renamePermission(permission, name);
 1118  0
     }
 1119  
 }