%line | %branch | |||||||||
---|---|---|---|---|---|---|---|---|---|---|
org.apache.turbine.services.security.torque.TorqueSecurityService |
|
|
1 | package org.apache.turbine.services.security.torque; |
|
2 | ||
3 | /* |
|
4 | * Copyright 2001-2005 The Apache Software Foundation. |
|
5 | * |
|
6 | * Licensed under the Apache License, Version 2.0 (the "License") |
|
7 | * you may not use this file except in compliance with the License. |
|
8 | * You may obtain a copy of the License at |
|
9 | * |
|
10 | * http://www.apache.org/licenses/LICENSE-2.0 |
|
11 | * |
|
12 | * Unless required by applicable law or agreed to in writing, software |
|
13 | * distributed under the License is distributed on an "AS IS" BASIS, |
|
14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
15 | * See the License for the specific language governing permissions and |
|
16 | * limitations under the License. |
|
17 | */ |
|
18 | ||
19 | import java.util.ArrayList; |
|
20 | import java.util.Hashtable; |
|
21 | import java.util.Iterator; |
|
22 | import java.util.List; |
|
23 | ||
24 | import org.apache.commons.configuration.Configuration; |
|
25 | ||
26 | import org.apache.commons.lang.StringUtils; |
|
27 | ||
28 | import org.apache.commons.logging.Log; |
|
29 | import org.apache.commons.logging.LogFactory; |
|
30 | ||
31 | import org.apache.torque.om.NumberKey; |
|
32 | import org.apache.torque.om.Persistent; |
|
33 | import org.apache.torque.util.Criteria; |
|
34 | ||
35 | import org.apache.turbine.om.security.Group; |
|
36 | import org.apache.turbine.om.security.Permission; |
|
37 | import org.apache.turbine.om.security.Role; |
|
38 | import org.apache.turbine.om.security.User; |
|
39 | import org.apache.turbine.services.InitializationException; |
|
40 | import org.apache.turbine.services.security.BaseSecurityService; |
|
41 | import org.apache.turbine.services.security.TurbineSecurity; |
|
42 | import org.apache.turbine.services.security.torque.om.TurbineRolePermissionPeer; |
|
43 | import org.apache.turbine.services.security.torque.om.TurbineUserGroupRolePeer; |
|
44 | import org.apache.turbine.util.security.AccessControlList; |
|
45 | import org.apache.turbine.util.security.DataBackendException; |
|
46 | import org.apache.turbine.util.security.EntityExistsException; |
|
47 | import org.apache.turbine.util.security.GroupSet; |
|
48 | import org.apache.turbine.util.security.PermissionSet; |
|
49 | import org.apache.turbine.util.security.RoleSet; |
|
50 | import org.apache.turbine.util.security.UnknownEntityException; |
|
51 | ||
52 | /** |
|
53 | * An implementation of SecurityService that uses torque objects. |
|
54 | * |
|
55 | * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a> |
|
56 | * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a> |
|
57 | * @author <a href="mailto:marco@intermeta.de">Marco Knüttel</a> |
|
58 | * @version $Id: TorqueSecurityService.java 264148 2005-08-29 14:21:04Z henning $ |
|
59 | */ |
|
60 | 24 | public class TorqueSecurityService |
61 | extends BaseSecurityService |
|
62 | { |
|
63 | /** Logging */ |
|
64 | 24 | private static Log log = LogFactory.getLog(TorqueSecurityService.class); |
65 | ||
66 | /** |
|
67 | * Initializes the TorqueSecurityService, loading the various class objects |
|
68 | * representing the security entity peer classes |
|
69 | * |
|
70 | * @exception InitializationException A problem occured during initialization |
|
71 | */ |
|
72 | ||
73 | public void init() |
|
74 | throws InitializationException |
|
75 | { |
|
76 | 16 | Configuration conf = getConfiguration(); |
77 | ||
78 | 16 | GroupPeerManager.init(conf); |
79 | 16 | RolePeerManager.init(conf); |
80 | 16 | PermissionPeerManager.init(conf); |
81 | ||
82 | /* At the end, because it calls setInit(true)! */ |
|
83 | 16 | super.init(); |
84 | 16 | } |
85 | ||
86 | ||
87 | /*----------------------------------------------------------------------- |
|
88 | Creation of AccessControlLists |
|
89 | -----------------------------------------------------------------------*/ |
|
90 | ||
91 | /** |
|
92 | * Constructs an AccessControlList for a specific user. |
|
93 | * |
|
94 | * This method creates a snapshot of the state of security information |
|
95 | * concerning this user, at the moment of invocation and stores it |
|
96 | * into an AccessControlList object. |
|
97 | * |
|
98 | * @param user the user for whom the AccessControlList are to be retrieved |
|
99 | * @return A new AccessControlList object. |
|
100 | * @throws DataBackendException if there was an error accessing the data |
|
101 | * backend. |
|
102 | * @throws UnknownEntityException if user account is not present. |
|
103 | */ |
|
104 | public AccessControlList getACL(User user) |
|
105 | throws DataBackendException, UnknownEntityException |
|
106 | { |
|
107 | 18 | if (!TurbineSecurity.accountExists(user)) |
108 | { |
|
109 | 0 | throw new UnknownEntityException("The account '" |
110 | + user.getName() + "' does not exist"); |
|
111 | } |
|
112 | try |
|
113 | { |
|
114 | 18 | Hashtable roles = new Hashtable(); |
115 | 18 | Hashtable permissions = new Hashtable(); |
116 | // notify the state modifiers (writers) that we want to create |
|
117 | // the snapshot. |
|
118 | 18 | lockShared(); |
119 | ||
120 | // construct the snapshot: |
|
121 | ||
122 | // foreach group in the system |
|
123 | 18 | for (Iterator groupsIterator = getAllGroups().iterator(); |
124 | 54 | groupsIterator.hasNext();) |
125 | { |
|
126 | 36 | Group group = (Group) groupsIterator.next(); |
127 | // get roles of user in the group |
|
128 | 36 | RoleSet groupRoles = RolePeerManager.retrieveSet(user, group); |
129 | // put the Set into roles(group) |
|
130 | 36 | roles.put(group, groupRoles); |
131 | // collect all permissions in this group |
|
132 | 36 | PermissionSet groupPermissions = new PermissionSet(); |
133 | // foreach role in Set |
|
134 | 36 | for (Iterator rolesIterator = groupRoles.iterator(); |
135 | 56 | rolesIterator.hasNext();) |
136 | { |
|
137 | 20 | Role role = (Role) rolesIterator.next(); |
138 | // get permissions of the role |
|
139 | 20 | PermissionSet rolePermissions = |
140 | PermissionPeerManager.retrieveSet(role); |
|
141 | 20 | groupPermissions.add(rolePermissions); |
142 | } |
|
143 | // put the Set into permissions(group) |
|
144 | 36 | permissions.put(group, groupPermissions); |
145 | } |
|
146 | 18 | return getAclInstance(roles, permissions); |
147 | } |
|
148 | 0 | catch (Exception e) |
149 | { |
|
150 | 0 | throw new DataBackendException("Failed to build ACL for user '" + |
151 | user.getName() + "'" , e); |
|
152 | } |
|
153 | finally |
|
154 | { |
|
155 | // notify the state modifiers that we are done creating the snapshot. |
|
156 | 9 | unlockShared(); |
157 | } |
|
158 | } |
|
159 | ||
160 | /*----------------------------------------------------------------------- |
|
161 | Security management |
|
162 | -----------------------------------------------------------------------*/ |
|
163 | ||
164 | /** |
|
165 | * Grant an User a Role in a Group. |
|
166 | * |
|
167 | * @param user the user. |
|
168 | * @param group the group. |
|
169 | * @param role the role. |
|
170 | * @throws DataBackendException if there was an error accessing the data |
|
171 | * backend. |
|
172 | * @throws UnknownEntityException if user account, group or role is not |
|
173 | * present. |
|
174 | */ |
|
175 | public synchronized void grant(User user, Group group, Role role) |
|
176 | throws DataBackendException, UnknownEntityException |
|
177 | { |
|
178 | 8 | boolean userExists = false; |
179 | 8 | boolean groupExists = false; |
180 | 8 | boolean roleExists = false; |
181 | try |
|
182 | { |
|
183 | 8 | lockExclusive(); |
184 | 8 | userExists = TurbineSecurity.accountExists(user); |
185 | 8 | groupExists = checkExists(group); |
186 | 8 | roleExists = checkExists(role); |
187 | 8 | if (userExists && groupExists && roleExists) |
188 | { |
|
189 | 4 | Criteria criteria = new Criteria(); |
190 | 4 | criteria.add(TurbineUserGroupRolePeer.USER_ID, |
191 | ((Persistent) user).getPrimaryKey()); |
|
192 | 4 | criteria.add(TurbineUserGroupRolePeer.GROUP_ID, |
193 | ((Persistent) group).getPrimaryKey()); |
|
194 | 4 | criteria.add(TurbineUserGroupRolePeer.ROLE_ID, |
195 | ((Persistent) role).getPrimaryKey()); |
|
196 | 4 | TurbineUserGroupRolePeer.doInsert(criteria); |
197 | 1 | return; |
198 | } |
|
199 | 2 | } |
200 | 1 | catch (Exception e) |
201 | { |
|
202 | 2 | throw new DataBackendException("grant(User,Group,Role) failed", e); |
203 | } |
|
204 | finally |
|
205 | { |
|
206 | 3 | unlockExclusive(); |
207 | 2 | } |
208 | 4 | if (!userExists) |
209 | { |
|
210 | 0 | throw new UnknownEntityException("Unknown user '" |
211 | + user.getName() + "'"); |
|
212 | } |
|
213 | 4 | if (!groupExists) |
214 | { |
|
215 | 2 | throw new UnknownEntityException("Unknown group '" |
216 | + group.getName() + "'"); |
|
217 | } |
|
218 | 2 | if (!roleExists) |
219 | { |
|
220 | 2 | throw new UnknownEntityException("Unknown role '" |
221 | + role.getName() + "'"); |
|
222 | } |
|
223 | 0 | } |
224 | ||
225 | /** |
|
226 | * Revoke a Role in a Group from an User. |
|
227 | * |
|
228 | * @param user the user. |
|
229 | * @param group the group. |
|
230 | * @param role the role. |
|
231 | * @throws DataBackendException if there was an error accessing the data |
|
232 | * backend. |
|
233 | * @throws UnknownEntityException if user account, group or role is not |
|
234 | * present. |
|
235 | */ |
|
236 | public synchronized void revoke(User user, Group group, Role role) |
|
237 | throws DataBackendException, UnknownEntityException |
|
238 | { |
|
239 | 6 | boolean userExists = false; |
240 | 6 | boolean groupExists = false; |
241 | 6 | boolean roleExists = false; |
242 | try |
|
243 | { |
|
244 | 6 | lockExclusive(); |
245 | 6 | userExists = TurbineSecurity.accountExists(user); |
246 | 6 | groupExists = checkExists(group); |
247 | 6 | roleExists = checkExists(role); |
248 | 6 | if (userExists && groupExists && roleExists) |
249 | { |
|
250 | 2 | Criteria criteria = new Criteria(); |
251 | 2 | criteria.add(TurbineUserGroupRolePeer.USER_ID, |
252 | ((Persistent) user).getPrimaryKey()); |
|
253 | 2 | criteria.add(TurbineUserGroupRolePeer.GROUP_ID, |
254 | ((Persistent) group).getPrimaryKey()); |
|
255 | 2 | criteria.add(TurbineUserGroupRolePeer.ROLE_ID, |
256 | ((Persistent) role).getPrimaryKey()); |
|
257 | 2 | TurbineUserGroupRolePeer.doDelete(criteria); |
258 | 1 | return; |
259 | } |
|
260 | 2 | } |
261 | 0 | catch (Exception e) |
262 | { |
|
263 | 0 | throw new DataBackendException("revoke(User,Role,Group) failed", e); |
264 | } |
|
265 | finally |
|
266 | { |
|
267 | 1 | unlockExclusive(); |
268 | 2 | } |
269 | 4 | if (!userExists) |
270 | { |
|
271 | 0 | throw new UnknownEntityException("Unknown user '" |
272 | + user.getName() + "'"); |
|
273 | } |
|
274 | 4 | if (!groupExists) |
275 | { |
|
276 | 2 | throw new UnknownEntityException("Unknown group '" |
277 | + group.getName() + "'"); |
|
278 | } |
|
279 | 2 | if (!roleExists) |
280 | { |
|
281 | 2 | throw new UnknownEntityException("Unknown role '" |
282 | + role.getName() + "'"); |
|
283 | } |
|
284 | 0 | } |
285 | ||
286 | /** |
|
287 | * Revokes all roles from an User. |
|
288 | * |
|
289 | * This method is used when deleting an account. |
|
290 | * |
|
291 | * @param user the User. |
|
292 | * @throws DataBackendException if there was an error accessing the data |
|
293 | * backend. |
|
294 | * @throws UnknownEntityException if the account is not present. |
|
295 | */ |
|
296 | public synchronized void revokeAll(User user) |
|
297 | throws DataBackendException, UnknownEntityException |
|
298 | { |
|
299 | 6 | boolean userExists = false; |
300 | try |
|
301 | { |
|
302 | 6 | lockExclusive(); |
303 | 6 | userExists = TurbineSecurity.accountExists(user); |
304 | 6 | if (userExists) |
305 | { |
|
306 | // The following would not work, due to an annoying misfeature |
|
307 | // of Village. Village allows only a single row to be deleted at |
|
308 | // a time. I wish that it was possible to disable this |
|
309 | // behaviour! |
|
310 | ||
311 | // Criteria criteria = new Criteria(); |
|
312 | // criteria.add(UserGroupRolePeer.USER_ID, |
|
313 | // ((Persistent) user).getPrimaryKey()); |
|
314 | // UserGroupRolePeer.doDelete(criteria); |
|
315 | 4 | int id = ((NumberKey) ((Persistent) user) |
316 | .getPrimaryKey()).intValue(); |
|
317 | 4 | TurbineUserGroupRolePeer.deleteAll( |
318 | TurbineUserGroupRolePeer.TABLE_NAME, |
|
319 | TurbineUserGroupRolePeer.USER_ID, id); |
|
320 | 2 | return; |
321 | } |
|
322 | 1 | } |
323 | 0 | catch (Exception e) |
324 | { |
|
325 | 0 | throw new DataBackendException("revokeAll(User) failed", e); |
326 | } |
|
327 | finally |
|
328 | { |
|
329 | 2 | unlockExclusive(); |
330 | 1 | } |
331 | 2 | throw new UnknownEntityException("Unknown user '" |
332 | + user.getName() + "'"); |
|
333 | } |
|
334 | ||
335 | /** |
|
336 | * Grants a Role a Permission |
|
337 | * |
|
338 | * @param role the Role. |
|
339 | * @param permission the Permission. |
|
340 | * @throws DataBackendException if there was an error accessing the data |
|
341 | * backend. |
|
342 | * @throws UnknownEntityException if role or permission is not present. |
|
343 | */ |
|
344 | public synchronized void grant(Role role, Permission permission) |
|
345 | throws DataBackendException, UnknownEntityException |
|
346 | { |
|
347 | 6 | boolean roleExists = false; |
348 | 6 | boolean permissionExists = false; |
349 | try |
|
350 | { |
|
351 | 6 | lockExclusive(); |
352 | 6 | roleExists = checkExists(role); |
353 | 6 | permissionExists = checkExists(permission); |
354 | 6 | if (roleExists && permissionExists) |
355 | { |
|
356 | 4 | Criteria criteria = new Criteria(); |
357 | 4 | criteria.add(TurbineRolePermissionPeer.ROLE_ID, |
358 | ((Persistent) role).getPrimaryKey()); |
|
359 | 4 | criteria.add(TurbineRolePermissionPeer.PERMISSION_ID, |
360 | ((Persistent) permission).getPrimaryKey()); |
|
361 | 4 | TurbineRolePermissionPeer.doInsert(criteria); |
362 | 1 | return; |
363 | } |
|
364 | 1 | } |
365 | 1 | catch (Exception e) |
366 | { |
|
367 | 2 | throw new DataBackendException("grant(Role,Permission) failed", e); |
368 | } |
|
369 | finally |
|
370 | { |
|
371 | 3 | unlockExclusive(); |
372 | 1 | } |
373 | 2 | if (!roleExists) |
374 | { |
|
375 | 0 | throw new UnknownEntityException("Unknown role '" |
376 | + role.getName() + "'"); |
|
377 | } |
|
378 | 2 | if (!permissionExists) |
379 | { |
|
380 | 2 | throw new UnknownEntityException("Unknown permission '" |
381 | + permission.getName() + "'"); |
|
382 | } |
|
383 | 0 | } |
384 | ||
385 | /** |
|
386 | * Revokes a Permission from a Role. |
|
387 | * |
|
388 | * @param role the Role. |
|
389 | * @param permission the Permission. |
|
390 | * @throws DataBackendException if there was an error accessing the data |
|
391 | * backend. |
|
392 | * @throws UnknownEntityException if role or permission is not present. |
|
393 | */ |
|
394 | public synchronized void revoke(Role role, Permission permission) |
|
395 | throws DataBackendException, UnknownEntityException |
|
396 | { |
|
397 | 4 | boolean roleExists = false; |
398 | 4 | boolean permissionExists = false; |
399 | try |
|
400 | { |
|
401 | 4 | lockExclusive(); |
402 | 4 | roleExists = checkExists(role); |
403 | 4 | permissionExists = checkExists(permission); |
404 | 4 | if (roleExists && permissionExists) |
405 | { |
|
406 | 2 | Criteria criteria = new Criteria(); |
407 | 2 | criteria.add(TurbineRolePermissionPeer.ROLE_ID, |
408 | ((Persistent) role).getPrimaryKey()); |
|
409 | 2 | criteria.add(TurbineRolePermissionPeer.PERMISSION_ID, |
410 | ((Persistent) permission).getPrimaryKey()); |
|
411 | 2 | TurbineRolePermissionPeer.doDelete(criteria); |
412 | 1 | return; |
413 | } |
|
414 | 1 | } |
415 | 0 | catch (Exception e) |
416 | { |
|
417 | 0 | throw new DataBackendException("revoke(Role,Permission) failed", e); |
418 | } |
|
419 | finally |
|
420 | { |
|
421 | 1 | unlockExclusive(); |
422 | 1 | } |
423 | 2 | if (!roleExists) |
424 | { |
|
425 | 0 | throw new UnknownEntityException("Unknown role '" |
426 | + role.getName() + "'"); |
|
427 | } |
|
428 | 2 | if (!permissionExists) |
429 | { |
|
430 | 2 | throw new UnknownEntityException("Unknown permission '" |
431 | + permission.getName() + "'"); |
|
432 | } |
|
433 | 0 | } |
434 | ||
435 | /** |
|
436 | * Revokes all permissions from a Role. |
|
437 | * |
|
438 | * This method is user when deleting a Role. |
|
439 | * |
|
440 | * @param role the Role |
|
441 | * @throws DataBackendException if there was an error accessing the data |
|
442 | * backend. |
|
443 | * @throws UnknownEntityException if the Role is not present. |
|
444 | */ |
|
445 | public synchronized void revokeAll(Role role) |
|
446 | throws DataBackendException, UnknownEntityException |
|
447 | { |
|
448 | 4 | boolean roleExists = false; |
449 | try |
|
450 | { |
|
451 | 4 | lockExclusive(); |
452 | 4 | roleExists = checkExists(role); |
453 | 4 | if (roleExists) |
454 | { |
|
455 | // The following would not work, due to an annoying misfeature |
|
456 | // of Village. see revokeAll( user ) |
|
457 | ||
458 | // Criteria criteria = new Criteria(); |
|
459 | // criteria.add(RolePermissionPeer.ROLE_ID, |
|
460 | // role.getPrimaryKey()); |
|
461 | // RolePermissionPeer.doDelete(criteria); |
|
462 | ||
463 | 4 | int id = ((NumberKey) ((Persistent) role) |
464 | .getPrimaryKey()).intValue(); |
|
465 | 4 | TurbineRolePermissionPeer.deleteAll( |
466 | TurbineRolePermissionPeer.TABLE_NAME, |
|
467 | TurbineRolePermissionPeer.ROLE_ID, id); |
|
468 | 2 | return; |
469 | } |
|
470 | } |
|
471 | 0 | catch (Exception e) |
472 | { |
|
473 | 0 | throw new DataBackendException("revokeAll(Role) failed", e); |
474 | } |
|
475 | finally |
|
476 | { |
|
477 | 2 | unlockExclusive(); |
478 | 0 | } |
479 | 0 | throw new UnknownEntityException("Unknown role '" |
480 | + role.getName() + "'"); |
|
481 | } |
|
482 | ||
483 | /*----------------------------------------------------------------------- |
|
484 | Group/Role/Permission management |
|
485 | -----------------------------------------------------------------------*/ |
|
486 | ||
487 | /** |
|
488 | * Retrieve a set of Groups that meet the specified Criteria. |
|
489 | * |
|
490 | * @param criteria A Criteria of Group selection. |
|
491 | * @return a set of Groups that meet the specified Criteria. |
|
492 | * @throws DataBackendException if there was an error accessing the data |
|
493 | * backend. |
|
494 | */ |
|
495 | public GroupSet getGroups(Criteria criteria) |
|
496 | throws DataBackendException |
|
497 | { |
|
498 | 100 | Criteria torqueCriteria = new Criteria(); |
499 | 100 | Iterator keys = criteria.keySet().iterator(); |
500 | 150 | while (keys.hasNext()) |
501 | { |
|
502 | 0 | String key = (String) keys.next(); |
503 | 0 | torqueCriteria.put(GroupPeerManager.getColumnName(key), |
504 | criteria.get(key)); |
|
505 | } |
|
506 | 100 | List groups = new ArrayList(0); |
507 | try |
|
508 | { |
|
509 | 100 | groups = GroupPeerManager.doSelect(criteria); |
510 | 50 | } |
511 | 0 | catch (Exception e) |
512 | { |
|
513 | 0 | throw new DataBackendException("getGroups(Criteria) failed", e); |
514 | 50 | } |
515 | 100 | return new GroupSet(groups); |
516 | } |
|
517 | ||
518 | /** |
|
519 | * Retrieve a set of Roles that meet the specified Criteria. |
|
520 | * |
|
521 | * @param criteria A Criteria of Roles selection. |
|
522 | * @return a set of Roles that meet the specified Criteria. |
|
523 | * @throws DataBackendException if there was an error accessing the data |
|
524 | * backend. |
|
525 | */ |
|
526 | public RoleSet getRoles(Criteria criteria) |
|
527 | throws DataBackendException |
|
528 | { |
|
529 | 66 | Criteria torqueCriteria = new Criteria(); |
530 | 66 | Iterator keys = criteria.keySet().iterator(); |
531 | 99 | while (keys.hasNext()) |
532 | { |
|
533 | 0 | String key = (String) keys.next(); |
534 | 0 | torqueCriteria.put(RolePeerManager.getColumnName(key), |
535 | criteria.get(key)); |
|
536 | } |
|
537 | 66 | List roles = new ArrayList(0); |
538 | try |
|
539 | { |
|
540 | 66 | roles = RolePeerManager.doSelect(criteria); |
541 | 33 | } |
542 | 0 | catch (Exception e) |
543 | { |
|
544 | 0 | throw new DataBackendException("getRoles(Criteria) failed", e); |
545 | 33 | } |
546 | 66 | return new RoleSet(roles); |
547 | } |
|
548 | ||
549 | /** |
|
550 | * Retrieve a set of Permissions that meet the specified Criteria. |
|
551 | * |
|
552 | * @param criteria A Criteria of Permissions selection. |
|
553 | * @return a set of Permissions that meet the specified Criteria. |
|
554 | * @throws DataBackendException if there was an error accessing the data |
|
555 | * backend. |
|
556 | */ |
|
557 | public PermissionSet getPermissions(Criteria criteria) |
|
558 | throws DataBackendException |
|
559 | { |
|
560 | 60 | Criteria torqueCriteria = new Criteria(); |
561 | 60 | Iterator keys = criteria.keySet().iterator(); |
562 | 90 | while (keys.hasNext()) |
563 | { |
|
564 | 0 | String key = (String) keys.next(); |
565 | 0 | torqueCriteria.put(PermissionPeerManager.getColumnName(key), |
566 | criteria.get(key)); |
|
567 | } |
|
568 | 60 | List permissions = new ArrayList(0); |
569 | try |
|
570 | { |
|
571 | 60 | permissions = PermissionPeerManager.doSelect(criteria); |
572 | 30 | } |
573 | 0 | catch (Exception e) |
574 | { |
|
575 | 0 | throw new DataBackendException( |
576 | "getPermissions(Criteria) failed", e); |
|
577 | 30 | } |
578 | 60 | return new PermissionSet(permissions); |
579 | } |
|
580 | ||
581 | /** |
|
582 | * Retrieves all permissions associated with a role. |
|
583 | * |
|
584 | * @param role the role name, for which the permissions are to be retrieved. |
|
585 | * @return A Permission set for the Role. |
|
586 | * @throws DataBackendException if there was an error accessing the data |
|
587 | * backend. |
|
588 | * @throws UnknownEntityException if the role is not present. |
|
589 | */ |
|
590 | public PermissionSet getPermissions(Role role) |
|
591 | throws DataBackendException, UnknownEntityException |
|
592 | { |
|
593 | 50 | boolean roleExists = false; |
594 | try |
|
595 | { |
|
596 | 50 | lockShared(); |
597 | 50 | roleExists = checkExists(role); |
598 | 50 | if (roleExists) |
599 | { |
|
600 | 50 | return PermissionPeerManager.retrieveSet(role); |
601 | } |
|
602 | } |
|
603 | 0 | catch (Exception e) |
604 | { |
|
605 | 0 | throw new DataBackendException("getPermissions(Role) failed", e); |
606 | } |
|
607 | finally |
|
608 | { |
|
609 | 25 | unlockShared(); |
610 | 0 | } |
611 | 0 | throw new UnknownEntityException("Unknown role '" |
612 | + role.getName() + "'"); |
|
613 | } |
|
614 | ||
615 | /** |
|
616 | * Stores Group's attributes. The Groups is required to exist in the system. |
|
617 | * |
|
618 | * @param group The Group to be stored. |
|
619 | * @throws DataBackendException if there was an error accessing the data |
|
620 | * backend. |
|
621 | * @throws UnknownEntityException if the group does not exist. |
|
622 | */ |
|
623 | public void saveGroup(Group group) |
|
624 | throws DataBackendException, UnknownEntityException |
|
625 | { |
|
626 | 4 | boolean groupExists = false; |
627 | try |
|
628 | { |
|
629 | 4 | groupExists = checkExists(group); |
630 | 4 | if (groupExists) |
631 | { |
|
632 | 2 | Criteria criteria = GroupPeerManager.buildCriteria(group); |
633 | 2 | GroupPeerManager.doUpdate(criteria); |
634 | 2 | return; |
635 | } |
|
636 | 1 | } |
637 | 0 | catch (Exception e) |
638 | { |
|
639 | 0 | throw new DataBackendException("saveGroup(Group) failed", e); |
640 | 1 | } |
641 | 2 | throw new UnknownEntityException("Unknown group '" + group + "'"); |
642 | } |
|
643 | ||
644 | /** |
|
645 | * Stores Role's attributes. The Roles is required to exist in the system. |
|
646 | * |
|
647 | * @param role The Role to be stored. |
|
648 | * @throws DataBackendException if there was an error accessing the data |
|
649 | * backend. |
|
650 | * @throws UnknownEntityException if the role does not exist. |
|
651 | */ |
|
652 | public void saveRole(Role role) |
|
653 | throws DataBackendException, UnknownEntityException |
|
654 | { |
|
655 | 4 | boolean roleExists = false; |
656 | try |
|
657 | { |
|
658 | 4 | roleExists = checkExists(role); |
659 | 4 | if (roleExists) |
660 | { |
|
661 | 2 | Criteria criteria = RolePeerManager.buildCriteria(role); |
662 | 2 | RolePeerManager.doUpdate(criteria); |
663 | 2 | return; |
664 | } |
|
665 | 1 | } |
666 | 0 | catch (Exception e) |
667 | { |
|
668 | 0 | throw new DataBackendException("saveRole(Role) failed", e); |
669 | 1 | } |
670 | 2 | throw new UnknownEntityException("Unknown role '" + role + "'"); |
671 | } |
|
672 | ||
673 | /** |
|
674 | * Stores Permission's attributes. The Permissions is required to exist in |
|
675 | * the system. |
|
676 | * |
|
677 | * @param permission The Permission to be stored. |
|
678 | * @throws DataBackendException if there was an error accessing the data |
|
679 | * backend. |
|
680 | * @throws UnknownEntityException if the permission does not exist. |
|
681 | */ |
|
682 | public void savePermission(Permission permission) |
|
683 | throws DataBackendException, UnknownEntityException |
|
684 | { |
|
685 | 4 | boolean permissionExists = false; |
686 | try |
|
687 | { |
|
688 | 4 | permissionExists = checkExists(permission); |
689 | 4 | if (permissionExists) |
690 | { |
|
691 | 2 | Criteria criteria = PermissionPeerManager.buildCriteria(permission); |
692 | 2 | PermissionPeerManager.doUpdate(criteria); |
693 | 2 | return; |
694 | } |
|
695 | 1 | } |
696 | 0 | catch (Exception e) |
697 | { |
|
698 | 0 | throw new DataBackendException( |
699 | "savePermission(Permission) failed", e); |
|
700 | 1 | } |
701 | 2 | throw new UnknownEntityException("Unknown permission '" |
702 | + permission + "'"); |
|
703 | } |
|
704 | ||
705 | /** |
|
706 | * Creates a new group with specified attributes. |
|
707 | * |
|
708 | * @param group the object describing the group to be created. |
|
709 | * @return a new Group object that has id set up properly. |
|
710 | * @throws DataBackendException if there was an error accessing the data |
|
711 | * backend. |
|
712 | * @throws EntityExistsException if the group already exists. |
|
713 | */ |
|
714 | public synchronized Group addGroup(Group group) |
|
715 | throws DataBackendException, |
|
716 | EntityExistsException |
|
717 | { |
|
718 | 8 | boolean groupExists = false; |
719 | ||
720 | 8 | if (StringUtils.isEmpty(group.getName())) |
721 | { |
|
722 | 2 | throw new DataBackendException("Could not create " |
723 | + "a group with empty name!"); |
|
724 | } |
|
725 | ||
726 | try |
|
727 | { |
|
728 | 6 | lockExclusive(); |
729 | 6 | groupExists = checkExists(group); |
730 | 6 | if (!groupExists) |
731 | { |
|
732 | // add a row to the table |
|
733 | 4 | Criteria criteria = GroupPeerManager.buildCriteria(group); |
734 | 4 | GroupPeerManager.doInsert(criteria); |
735 | // try to get the object back using the name as key. |
|
736 | 4 | criteria = new Criteria(); |
737 | 4 | criteria.add(GroupPeerManager.getNameColumn(), |
738 | group.getName()); |
|
739 | 4 | List results = GroupPeerManager.doSelect(criteria); |
740 | 4 | if (results.size() != 1) |
741 | { |
|
742 | 0 | throw new DataBackendException( |
743 | "Internal error - query returned " |
|
744 | + results.size() + " rows"); |
|
745 | } |
|
746 | 4 | Group newGroup = (Group) results.get(0); |
747 | // add the group to system-wide cache |
|
748 | 4 | getAllGroups().add(newGroup); |
749 | // return the object with correct id |
|
750 | 4 | return newGroup; |
751 | } |
|
752 | 1 | } |
753 | 0 | catch (Exception e) |
754 | { |
|
755 | 0 | throw new DataBackendException("addGroup(Group) failed", e); |
756 | } |
|
757 | finally |
|
758 | { |
|
759 | 2 | unlockExclusive(); |
760 | 1 | } |
761 | // the only way we could get here without return/throw tirggered |
|
762 | // is that the groupExists was true. |
|
763 | 2 | throw new EntityExistsException("Group '" + group + "' already exists"); |
764 | } |
|
765 | ||
766 | /** |
|
767 | * Creates a new role with specified attributes. |
|
768 | * |
|
769 | * @param role the object describing the role to be created. |
|
770 | * @return a new Role object that has id set up properly. |
|
771 | * @throws DataBackendException if there was an error accessing the data |
|
772 | * backend. |
|
773 | * @throws EntityExistsException if the role already exists. |
|
774 | */ |
|
775 | public synchronized Role addRole(Role role) |
|
776 | throws DataBackendException, EntityExistsException |
|
777 | { |
|
778 | 8 | boolean roleExists = false; |
779 | ||
780 | 8 | if (StringUtils.isEmpty(role.getName())) |
781 | { |
|
782 | 2 | throw new DataBackendException("Could not create " |
783 | + "a role with empty name!"); |
|
784 | } |
|
785 | ||
786 | try |
|
787 | { |
|
788 | 6 | lockExclusive(); |
789 | 6 | roleExists = checkExists(role); |
790 | 6 | if (!roleExists) |
791 | { |
|
792 | // add a row to the table |
|
793 | 4 | Criteria criteria = RolePeerManager.buildCriteria(role); |
794 | 4 | RolePeerManager.doInsert(criteria); |
795 | // try to get the object back using the name as key. |
|
796 | 4 | criteria = new Criteria(); |
797 | 4 | criteria.add(RolePeerManager.getNameColumn(), role.getName()); |
798 | 4 | List results = RolePeerManager.doSelect(criteria); |
799 | 4 | if (results.size() != 1) |
800 | { |
|
801 | 0 | throw new DataBackendException( |
802 | "Internal error - query returned " |
|
803 | + results.size() + " rows"); |
|
804 | } |
|
805 | 4 | Role newRole = (Role) results.get(0); |
806 | // add the role to system-wide cache |
|
807 | 4 | getAllRoles().add(newRole); |
808 | // return the object with correct id |
|
809 | 4 | return newRole; |
810 | } |
|
811 | 1 | } |
812 | 0 | catch (Exception e) |
813 | { |
|
814 | 0 | throw new DataBackendException("addRole(Role) failed", e); |
815 | } |
|
816 | finally |
|
817 | { |
|
818 | 2 | unlockExclusive(); |
819 | 1 | } |
820 | // the only way we could get here without return/throw tirggered |
|
821 | // is that the roleExists was true. |
|
822 | 2 | throw new EntityExistsException("Role '" + role + "' already exists"); |
823 | } |
|
824 | ||
825 | /** |
|
826 | * Creates a new permission with specified attributes. |
|
827 | * |
|
828 | * @param permission the object describing the permission to be created. |
|
829 | * @return a new Permission object that has id set up properly. |
|
830 | * @throws DataBackendException if there was an error accessing the data |
|
831 | * backend. |
|
832 | * @throws EntityExistsException if the permission already exists. |
|
833 | */ |
|
834 | public synchronized Permission addPermission(Permission permission) |
|
835 | throws DataBackendException, EntityExistsException |
|
836 | { |
|
837 | 8 | boolean permissionExists = false; |
838 | ||
839 | 8 | if (StringUtils.isEmpty(permission.getName())) |
840 | { |
|
841 | 2 | throw new DataBackendException("Could not create " |
842 | + "a permission with empty name!"); |
|
843 | } |
|
844 | ||
845 | try |
|
846 | { |
|
847 | 6 | lockExclusive(); |
848 | 6 | permissionExists = checkExists(permission); |
849 | 6 | if (!permissionExists) |
850 | { |
|
851 | // add a row to the table |
|
852 | 4 | Criteria criteria = PermissionPeerManager.buildCriteria(permission); |
853 | 4 | PermissionPeerManager.doInsert(criteria); |
854 | // try to get the object back using the name as key. |
|
855 | 4 | criteria = new Criteria(); |
856 | 4 | criteria.add(PermissionPeerManager.getNameColumn(), |
857 | permission.getName()); |
|
858 | 4 | List results = PermissionPeerManager.doSelect(criteria); |
859 | 4 | if (results.size() != 1) |
860 | { |
|
861 | 0 | throw new DataBackendException( |
862 | "Internal error - query returned " |
|
863 | + results.size() + " rows"); |
|
864 | } |
|
865 | 4 | Permission newPermission = (Permission) results.get(0); |
866 | // add the permission to system-wide cache |
|
867 | 4 | getAllPermissions().add(newPermission); |
868 | // return the object with correct id |
|
869 | 4 | return newPermission; |
870 | } |
|
871 | 1 | } |
872 | 0 | catch (Exception e) |
873 | { |
|
874 | 0 | throw new DataBackendException( |
875 | "addPermission(Permission) failed", e); |
|
876 | } |
|
877 | finally |
|
878 | { |
|
879 | 2 | unlockExclusive(); |
880 | 1 | } |
881 | // the only way we could get here without return/throw tirggered |
|
882 | // is that the permissionExists was true. |
|
883 | 2 | throw new EntityExistsException("Permission '" + permission |
884 | + "' already exists"); |
|
885 | } |
|
886 | ||
887 | /** |
|
888 | * Removes a Group from the system. |
|
889 | * |
|
890 | * @param group The object describing the group to be removed. |
|
891 | * @throws DataBackendException if there was an error accessing the data |
|
892 | * backend. |
|
893 | * @throws UnknownEntityException if the group does not exist. |
|
894 | */ |
|
895 | public synchronized void removeGroup(Group group) |
|
896 | throws DataBackendException, UnknownEntityException |
|
897 | { |
|
898 | 4 | boolean groupExists = false; |
899 | try |
|
900 | { |
|
901 | 4 | lockExclusive(); |
902 | 4 | groupExists = checkExists(group); |
903 | 4 | if (groupExists) |
904 | { |
|
905 | 2 | Criteria criteria = GroupPeerManager.buildCriteria(group); |
906 | 2 | GroupPeerManager.doDelete(criteria); |
907 | 2 | getAllGroups().remove(group); |
908 | 1 | return; |
909 | } |
|
910 | 1 | } |
911 | 0 | catch (Exception e) |
912 | { |
|
913 | 0 | log.error("Failed to delete a Group"); |
914 | 0 | log.error(e); |
915 | 0 | throw new DataBackendException("removeGroup(Group) failed", e); |
916 | } |
|
917 | finally |
|
918 | { |
|
919 | 1 | unlockExclusive(); |
920 | 1 | } |
921 | 2 | throw new UnknownEntityException("Unknown group '" + group + "'"); |
922 | } |
|
923 | ||
924 | /** |
|
925 | * Removes a Role from the system. |
|
926 | * |
|
927 | * @param role The object describing the role to be removed. |
|
928 | * @throws DataBackendException if there was an error accessing the data |
|
929 | * backend. |
|
930 | * @throws UnknownEntityException if the role does not exist. |
|
931 | */ |
|
932 | public synchronized void removeRole(Role role) |
|
933 | throws DataBackendException, UnknownEntityException |
|
934 | { |
|
935 | 4 | boolean roleExists = false; |
936 | try |
|
937 | { |
|
938 | 4 | lockExclusive(); |
939 | 4 | roleExists = checkExists(role); |
940 | 4 | if (roleExists) |
941 | { |
|
942 | // revoke all permissions from the role to be deleted |
|
943 | 2 | revokeAll(role); |
944 | 2 | Criteria criteria = RolePeerManager.buildCriteria(role); |
945 | 2 | RolePeerManager.doDelete(criteria); |
946 | 2 | getAllRoles().remove(role); |
947 | 1 | return; |
948 | } |
|
949 | 1 | } |
950 | 0 | catch (Exception e) |
951 | { |
|
952 | 0 | throw new DataBackendException("removeRole(Role)", e); |
953 | } |
|
954 | finally |
|
955 | { |
|
956 | 1 | unlockExclusive(); |
957 | 1 | } |
958 | 2 | throw new UnknownEntityException("Unknown role '" + role + "'"); |
959 | } |
|
960 | ||
961 | /** |
|
962 | * Removes a Permission from the system. |
|
963 | * |
|
964 | * @param permission The object describing the permission to be removed. |
|
965 | * @throws DataBackendException if there was an error accessing the data |
|
966 | * backend. |
|
967 | * @throws UnknownEntityException if the permission does not exist. |
|
968 | */ |
|
969 | public synchronized void removePermission(Permission permission) |
|
970 | throws DataBackendException, UnknownEntityException |
|
971 | { |
|
972 | 4 | boolean permissionExists = false; |
973 | try |
|
974 | { |
|
975 | 4 | lockExclusive(); |
976 | 4 | permissionExists = checkExists(permission); |
977 | 4 | if (permissionExists) |
978 | { |
|
979 | 2 | Criteria criteria = PermissionPeerManager.buildCriteria(permission); |
980 | 2 | PermissionPeerManager.doDelete(criteria); |
981 | 2 | getAllPermissions().remove(permission); |
982 | 1 | return; |
983 | } |
|
984 | 1 | } |
985 | 0 | catch (Exception e) |
986 | { |
|
987 | 0 | throw new DataBackendException("removePermission(Permission)", e); |
988 | } |
|
989 | finally |
|
990 | { |
|
991 | 1 | unlockExclusive(); |
992 | 1 | } |
993 | 2 | throw new UnknownEntityException("Unknown permission '" |
994 | + permission + "'"); |
|
995 | } |
|
996 | ||
997 | /** |
|
998 | * Renames an existing Group. |
|
999 | * |
|
1000 | * @param group The object describing the group to be renamed. |
|
1001 | * @param name the new name for the group. |
|
1002 | * @throws DataBackendException if there was an error accessing the data |
|
1003 | * backend. |
|
1004 | * @throws UnknownEntityException if the group does not exist. |
|
1005 | */ |
|
1006 | public synchronized void renameGroup(Group group, String name) |
|
1007 | throws DataBackendException, UnknownEntityException |
|
1008 | { |
|
1009 | 2 | boolean groupExists = false; |
1010 | try |
|
1011 | { |
|
1012 | 2 | lockExclusive(); |
1013 | 2 | groupExists = checkExists(group); |
1014 | 2 | if (groupExists) |
1015 | { |
|
1016 | 2 | group.setName(name); |
1017 | 2 | Criteria criteria = GroupPeerManager.buildCriteria(group); |
1018 | 2 | GroupPeerManager.doUpdate(criteria); |
1019 | 1 | return; |
1020 | } |
|
1021 | } |
|
1022 | 0 | catch (Exception e) |
1023 | { |
|
1024 | 0 | throw new DataBackendException("renameGroup(Group,String)", e); |
1025 | } |
|
1026 | finally |
|
1027 | { |
|
1028 | 1 | unlockExclusive(); |
1029 | 0 | } |
1030 | 0 | throw new UnknownEntityException("Unknown group '" + group + "'"); |
1031 | } |
|
1032 | ||
1033 | /** |
|
1034 | * Renames an existing Role. |
|
1035 | * |
|
1036 | * @param role The object describing the role to be renamed. |
|
1037 | * @param name the new name for the role. |
|
1038 | * @throws DataBackendException if there was an error accessing the data |
|
1039 | * backend. |
|
1040 | * @throws UnknownEntityException if the role does not exist. |
|
1041 | */ |
|
1042 | public synchronized void renameRole(Role role, String name) |
|
1043 | throws DataBackendException, UnknownEntityException |
|
1044 | { |
|
1045 | 2 | boolean roleExists = false; |
1046 | try |
|
1047 | { |
|
1048 | 2 | lockExclusive(); |
1049 | 2 | roleExists = checkExists(role); |
1050 | 2 | if (roleExists) |
1051 | { |
|
1052 | 2 | role.setName(name); |
1053 | 2 | Criteria criteria = RolePeerManager.buildCriteria(role); |
1054 | 2 | RolePeerManager.doUpdate(criteria); |
1055 | 1 | return; |
1056 | } |
|
1057 | } |
|
1058 | 0 | catch (Exception e) |
1059 | { |
|
1060 | 0 | throw new DataBackendException("renameRole(Role,String)", e); |
1061 | } |
|
1062 | finally |
|
1063 | { |
|
1064 | 1 | unlockExclusive(); |
1065 | 0 | } |
1066 | 0 | throw new UnknownEntityException("Unknown role '" + role + "'"); |
1067 | } |
|
1068 | ||
1069 | /** |
|
1070 | * Renames an existing Permission. |
|
1071 | * |
|
1072 | * @param permission The object describing the permission to be renamed. |
|
1073 | * @param name the new name for the permission. |
|
1074 | * @throws DataBackendException if there was an error accessing the data |
|
1075 | * backend. |
|
1076 | * @throws UnknownEntityException if the permission does not exist. |
|
1077 | */ |
|
1078 | public synchronized void renamePermission(Permission permission, |
|
1079 | String name) |
|
1080 | throws DataBackendException, UnknownEntityException |
|
1081 | { |
|
1082 | 2 | boolean permissionExists = false; |
1083 | try |
|
1084 | { |
|
1085 | 2 | lockExclusive(); |
1086 | 2 | permissionExists = checkExists(permission); |
1087 | 2 | if (permissionExists) |
1088 | { |
|
1089 | 2 | permission.setName(name); |
1090 | 2 | Criteria criteria = PermissionPeerManager.buildCriteria(permission); |
1091 | 2 | PermissionPeerManager.doUpdate(criteria); |
1092 | 1 | return; |
1093 | } |
|
1094 | } |
|
1095 | 0 | catch (Exception e) |
1096 | { |
|
1097 | 0 | throw new DataBackendException( |
1098 | "renamePermission(Permission,name)", e); |
|
1099 | } |
|
1100 | finally |
|
1101 | { |
|
1102 | 1 | unlockExclusive(); |
1103 | 0 | } |
1104 | 0 | throw new UnknownEntityException("Unknown permission '" |
1105 | + permission + "'"); |
|
1106 | } |
|
1107 | ||
1108 | /* Service specific implementation methods */ |
|
1109 | ||
1110 | /** |
|
1111 | * Determines if the <code>Group</code> exists in the security system. |
|
1112 | * |
|
1113 | * @param group a <code>Group</code> value |
|
1114 | * @return true if the group exists in the system, false otherwise |
|
1115 | * @throws DataBackendException when more than one Group with |
|
1116 | * the same name exists. |
|
1117 | * @throws Exception A generic exception. |
|
1118 | */ |
|
1119 | protected boolean checkExists(Group group) |
|
1120 | throws DataBackendException, Exception |
|
1121 | { |
|
1122 | 30 | return GroupPeerManager.checkExists(group); |
1123 | } |
|
1124 | ||
1125 | /** |
|
1126 | * Determines if the <code>Role</code> exists in the security system. |
|
1127 | * |
|
1128 | * @param role a <code>Role</code> value |
|
1129 | * @return true if the role exists in the system, false otherwise |
|
1130 | * @throws DataBackendException when more than one Role with |
|
1131 | * the same name exists. |
|
1132 | * @throws Exception A generic exception. |
|
1133 | */ |
|
1134 | protected boolean checkExists(Role role) |
|
1135 | throws DataBackendException, Exception |
|
1136 | { |
|
1137 | 94 | return RolePeerManager.checkExists(role); |
1138 | } |
|
1139 | ||
1140 | /** |
|
1141 | * Determines if the <code>Permission</code> exists in the security system. |
|
1142 | * |
|
1143 | * @param permission a <code>Permission</code> value |
|
1144 | * @return true if the permission exists in the system, false otherwise |
|
1145 | * @throws DataBackendException when more than one Permission with |
|
1146 | * the same name exists. |
|
1147 | * @throws Exception A generic exception. |
|
1148 | */ |
|
1149 | protected boolean checkExists(Permission permission) |
|
1150 | throws DataBackendException, Exception |
|
1151 | { |
|
1152 | 26 | return PermissionPeerManager.checkExists(permission); |
1153 | } |
|
1154 | ||
1155 | } |
This report is generated by jcoverage, Maven and Maven JCoverage Plugin. |