001: //$HeadURL: https://svn.wald.intevation.org/svn/deegree/base/trunk/src/org/deegree/security/drm/SecurityTransaction.java $
002: /*---------------- FILE HEADER ------------------------------------------
003:
004: This file is part of deegree.
005: Copyright (C) 2001-2008 by:
006: EXSE, Department of Geography, University of Bonn
007: http://www.giub.uni-bonn.de/deegree/
008: lat/lon GmbH
009: http://www.lat-lon.de
010:
011: This library is free software; you can redistribute it and/or
012: modify it under the terms of the GNU Lesser General Public
013: License as published by the Free Software Foundation; either
014: version 2.1 of the License, or (at your option) any later version.
015:
016: This library is distributed in the hope that it will be useful,
017: but WITHOUT ANY WARRANTY; without even the implied warranty of
018: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
019: Lesser General Public License for more details.
020:
021: You should have received a copy of the GNU Lesser General Public
022: License along with this library; if not, write to the Free Software
023: Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
024:
025: Contact:
026:
027: Andreas Poth
028: lat/lon GmbH
029: Aennchenstr. 19
030: 53115 Bonn
031: Germany
032: E-Mail: poth@lat-lon.de
033:
034: Prof. Dr. Klaus Greve
035: Department of Geography
036: University of Bonn
037: Meckenheimer Allee 166
038: 53115 Bonn
039: Germany
040: E-Mail: greve@giub.uni-bonn.de
041:
042: ---------------------------------------------------------------------------*/
043: package org.deegree.security.drm;
044:
045: import java.util.ArrayList;
046: import java.util.HashSet;
047: import java.util.Iterator;
048: import java.util.List;
049:
050: import org.deegree.security.GeneralSecurityException;
051: import org.deegree.security.UnauthorizedException;
052: import org.deegree.security.drm.model.Group;
053: import org.deegree.security.drm.model.Privilege;
054: import org.deegree.security.drm.model.Right;
055: import org.deegree.security.drm.model.RightSet;
056: import org.deegree.security.drm.model.RightType;
057: import org.deegree.security.drm.model.Role;
058: import org.deegree.security.drm.model.SecurableObject;
059: import org.deegree.security.drm.model.SecuredObject;
060: import org.deegree.security.drm.model.User;
061:
062: /**
063: *
064: *
065: *
066: * @author <a href="mailto:poth@lat-lon.de">Andreas Poth</a>
067: * @author last edited by: $Author: otonnhofer $
068: *
069: * @version $Revision: 10598 $, $Date: 2008-03-17 07:17:38 -0700 (Mon, 17 Mar 2008) $
070: */
071: public class SecurityTransaction extends SecurityAccess {
072:
073: private Role adminRole;
074:
075: private long timestamp;
076:
077: /**
078: * @param user
079: * @param registry
080: * @param adminRole
081: */
082: SecurityTransaction(User user, SecurityRegistry registry,
083: Role adminRole) {
084: super (user, registry);
085: this .adminRole = adminRole;
086: this .timestamp = System.currentTimeMillis();
087: }
088:
089: /**
090: * Returns the conjunction of an array of roles plus a single role.
091: *
092: * @param roles
093: * @param role
094: * @return the conjunction of an array of roles plus a single role.
095: */
096: public Role[] addRoles(Role[] roles, Role role) {
097: HashSet<Role> roleSet = new HashSet<Role>(roles.length + 1);
098: roleSet.add(role);
099: for (int i = 0; i < roles.length; i++) {
100: roleSet.add(roles[i]);
101: }
102: return roleSet.toArray(new Role[roleSet.size()]);
103: }
104:
105: /**
106: * Deletes all data from the underlying <code>Registry</code> and sets the default objects
107: * (SEC_ADMIN user, role and group) and standard rights and privileges.
108: *
109: * @throws GeneralSecurityException
110: */
111: public void clean() throws GeneralSecurityException {
112: SecurityAccessManager.getInstance().verify(this );
113: registry.clean(this );
114: }
115:
116: /**
117: * Removes a <code>Group</code> from the <code>Registry</code>.
118: *
119: * This means:
120: * <ul>
121: * <li>owner role ($G:GROUPNAME) is removed
122: * <li>group is removed
123: * </ul>
124: *
125: * NOTE: Only performed if the acting user has the 'delete'-right on the group object.
126: *
127: * @param group
128: * @throws GeneralSecurityException
129: * @throws UnauthorizedException
130: */
131: public void deregisterGroup(Group group)
132: throws GeneralSecurityException, UnauthorizedException {
133: SecurityAccessManager.getInstance().verify(this );
134: checkForRight(RightType.DELETE, group);
135: try {
136: Role ownerRole = registry.getRoleByName(this , "$G:"
137: + group.getName());
138: registry.deregisterRole(this , ownerRole);
139: } catch (UnknownException e) {
140: }
141: registry.deregisterGroup(this , group);
142: }
143:
144: /**
145: * Removes a <code>Role</code> from the <code>Registry</code>.
146: *
147: * This means:
148: * <ul>
149: * <li>owner role ($R:ROLENAME) is removed
150: * <li>role is removed
151: * </ul>
152: *
153: * NOTE: Only performed if acting user has the 'delete'-right on the role object.
154: *
155: * @param role
156: * @throws GeneralSecurityException
157: * @throws UnauthorizedException
158: */
159: public void deregisterRole(Role role)
160: throws GeneralSecurityException, UnauthorizedException {
161: SecurityAccessManager.getInstance().verify(this );
162: checkForRight(RightType.DELETE, role);
163: try {
164: Role ownerRole = registry.getRoleByName(this , "$R:"
165: + role.getName());
166: registry.deregisterRole(this , ownerRole);
167: } catch (UnknownException e) {
168: }
169: registry.deregisterRole(this , role);
170: }
171:
172: /**
173: * Removes a <code>SecuredObject</code> from the <code>Registry</code>.
174: *
175: * This means:
176: * <ul>
177: * <li>owner role ($O:OBJECTNAME) is removed
178: * <li>object is removed
179: * </ul>
180: *
181: * NOTE: Only performed if acting user has the 'delete'-right on the secured object.
182: *
183: * @param object
184: * @throws GeneralSecurityException
185: * @throws UnauthorizedException
186: */
187: public void deregisterSecuredObject(SecuredObject object)
188: throws GeneralSecurityException, UnauthorizedException {
189: SecurityAccessManager.getInstance().verify(this );
190: checkForRight(RightType.DELETE, object);
191: try {
192: Role ownerRole = registry.getRoleByName(this , "$O:"
193: + object.getName());
194: registry.deregisterRole(this , ownerRole);
195: } catch (UnknownException e) {
196: }
197: registry.deregisterSecuredObject(this , object);
198: }
199:
200: /**
201: * Removes a <code>User</code> from the <code>Registry</code>.
202: *
203: * This means:
204: * <ul>
205: * <li>owner role ($U:USERNAME) is removed
206: * <li>user is removed
207: * </ul>
208: *
209: * NOTE: Only performed if acting user has the 'delete'-right on the user object.
210: *
211: * @param user
212: * @throws GeneralSecurityException
213: * @throws UnauthorizedException
214: */
215: public void deregisterUser(User user)
216: throws GeneralSecurityException, UnauthorizedException {
217: SecurityAccessManager.getInstance().verify(this );
218: checkForRight(RightType.DELETE, user);
219: try {
220: Role ownerRole = registry.getRoleByName(this , "$U:"
221: + user.getName());
222: registry.deregisterRole(this , ownerRole);
223: } catch (UnknownException e) {
224: e.printStackTrace();
225: }
226: registry.deregisterUser(this , user);
227: }
228:
229: /**
230: *
231: * @return timestamp
232: */
233: public long getTimestamp() {
234: return timestamp;
235: }
236:
237: /**
238: * Registers a new <code>Group</code> to the <code>Registry</code>.
239: *
240: * This means:
241: * <ul>
242: * <li>a group is created in the registry
243: * <li>a corresponding owner role is created: $G:GROUPNAME
244: * <li>rights for the owner role are set up; creator has delete, update and grant rights on the
245: * group, administrator role gets these right, too
246: * </ul>
247: *
248: * NOTE: Only performed if acting user has the 'addgroup'-privilege.
249: *
250: * @param name
251: * @param title
252: * @return the new Group
253: * @throws GeneralSecurityException
254: */
255: public Group registerGroup(String name, String title)
256: throws GeneralSecurityException {
257: SecurityAccessManager.getInstance().verify(this );
258: checkForPrivilege(Privilege.ADDGROUP);
259: if (name.startsWith("$")) {
260: throw new GeneralSecurityException("Groupname '" + name
261: + "' is invalid. The '$'-character is for "
262: + "internal use only.");
263: }
264: Group group = registry.registerGroup(this , name, title);
265: // only add owner role if lock holder is not the administrator
266: if (this .user.getID() != User.ID_SEC_ADMIN) {
267: Role ownerRole = registry.registerRole(this , "$G:" + name);
268: registry.setRolesForUser(this , user, addRoles(registry
269: .getRolesForUser(this , user), ownerRole));
270: registry.setRights(this , group, ownerRole, new Right[] {
271: new Right(group, RightType.DELETE),
272: new Right(group, RightType.UPDATE),
273: new Right(group, RightType.GRANT) });
274: }
275: registry.setRights(this , group, adminRole, new Right[] {
276: new Right(group, RightType.DELETE),
277: new Right(group, RightType.UPDATE),
278: new Right(group, RightType.GRANT) });
279: return group;
280: }
281:
282: /**
283: * Registers a new <code>Role</code> to the <code>Registry</code>.
284: *
285: * This means:
286: * <ul>
287: * <li>a role is created in the registry
288: * <li>a corresponding owner role is created: $R:ROLENAME
289: * <li>rights for the owner role are set up; creator has delete, update and grant rights on the
290: * role, administrator role gets these right, too
291: * </ul>
292: *
293: * NOTE: Only performed if acting user has the 'addrole'-privilege.
294: *
295: * @param name
296: * @return the new Role
297: * @throws GeneralSecurityException
298: */
299: public Role registerRole(String name)
300: throws GeneralSecurityException {
301: SecurityAccessManager.getInstance().verify(this );
302: checkForPrivilege(Privilege.ADDROLE);
303: if (name.startsWith("$")) {
304: throw new GeneralSecurityException("Rolename '" + name
305: + "' is invalid. The '$'-character is for "
306: + "internal use only.");
307: }
308:
309: Role role = registry.registerRole(this , name);
310: if (this .user.getID() != User.ID_SEC_ADMIN) {
311: Role ownerRole = registry.registerRole(this , "$R:" + name);
312: registry.setRolesForUser(this , user, addRoles(registry
313: .getRolesForUser(this , user), ownerRole));
314: registry.setRights(this , role, ownerRole, new Right[] {
315: new Right(role, RightType.DELETE),
316: new Right(role, RightType.UPDATE),
317: new Right(role, RightType.GRANT) });
318: }
319: registry.setRights(this , role, adminRole, new Right[] {
320: new Right(role, RightType.DELETE),
321: new Right(role, RightType.UPDATE),
322: new Right(role, RightType.GRANT) });
323: return role;
324: }
325:
326: /**
327: * Registers a new <code>SecuredObject</code> to the <code>Registry</code>.
328: *
329: * This means:
330: * <ul>
331: * <li>a secured object is created in the registry
332: * <li>a corresponding owner role is created: $O:OBJECTNAME
333: * <li>rights for the owner role are set up; creator has delete, update and grant rights on the
334: * object, administrator role gets these right, too
335: * </ul>
336: *
337: * @param type
338: * @param name
339: * @param title
340: * @return the new SecuredObject
341: * @throws GeneralSecurityException
342: */
343: public SecuredObject registerSecuredObject(String type,
344: String name, String title) throws GeneralSecurityException {
345: SecurityAccessManager.getInstance().verify(this );
346: checkForPrivilege(Privilege.ADDOBJECT);
347: if (name.startsWith("$")) {
348: throw new GeneralSecurityException("Objectname '" + name
349: + "' is invalid. The '$'-character is for "
350: + "internal use only.");
351: }
352: SecuredObject object = registry.registerSecuredObject(this ,
353: type, name, title);
354: if (this .user.getID() != User.ID_SEC_ADMIN) {
355: Role ownerRole = registry.registerRole(this , "$O:" + name);
356: registry.setRolesForUser(this , user, addRoles(registry
357: .getRolesForUser(this , user), ownerRole));
358: registry.setRights(this , object, ownerRole, new Right[] {
359: new Right(object, RightType.DELETE),
360: new Right(object, RightType.UPDATE),
361: new Right(object, RightType.GRANT) });
362: }
363: registry.setRights(this , object, adminRole, new Right[] {
364: new Right(object, RightType.DELETE),
365: new Right(object, RightType.UPDATE),
366: new Right(object, RightType.GRANT) });
367: return object;
368: }
369:
370: /**
371: * Registers a new <code>User</code> to the <code>Registry</code>.
372: *
373: * This means:
374: * <ul>
375: * <li>a user is created in the registry
376: * <li>a corresponding owner role is created: $U:USERNAME
377: * <li>rights for the owner role are set up; creator has delete, update and grant rights on the
378: * user, administrator role gets these right, too
379: * </ul>
380: *
381: * NOTE: Only performed if acting user has the 'adduser'-privilege.
382: *
383: * @param name
384: * @param password
385: * null means that password checking is disabled
386: * @param lastName
387: * @param firstName
388: * @param mailAddress
389: * @return the new User
390: * @throws GeneralSecurityException
391: */
392: public User registerUser(String name, String password,
393: String lastName, String firstName, String mailAddress)
394: throws GeneralSecurityException {
395: SecurityAccessManager.getInstance().verify(this );
396: checkForPrivilege(Privilege.ADDUSER);
397: if (name.startsWith("$")) {
398: throw new GeneralSecurityException("Username '" + name
399: + "' is invalid. The '$'-character is for "
400: + "internal use only.");
401: }
402: User user = registry.registerUser(this , name, password,
403: lastName, firstName, mailAddress);
404:
405: // only add owner role if lock holder is not the administrator
406: if (this .user.getID() != User.ID_SEC_ADMIN) {
407: Role ownerRole = registry.registerRole(this , "$U:" + name);
408: registry.setRolesForUser(this , user, addRoles(registry
409: .getRolesForUser(this , user), ownerRole));
410: registry.setRights(this , user, ownerRole, new Right[] {
411: new Right(user, RightType.DELETE),
412: new Right(user, RightType.UPDATE),
413: new Right(user, RightType.GRANT) });
414: }
415: registry.setRights(this , user, adminRole, new Right[] {
416: new Right(user, RightType.DELETE),
417: new Right(user, RightType.UPDATE),
418: new Right(user, RightType.GRANT) });
419: return user;
420: }
421:
422: /**
423: * Updates the data of an existing <code>User</code> in the <code>Registry</code>.
424: *
425: * NOTE: Only performed if acting user has the 'update'-right on the user.
426: *
427: * @param user
428: * @throws GeneralSecurityException
429: */
430: public void updateUser(User user) throws GeneralSecurityException {
431: SecurityAccessManager.getInstance().verify(this );
432: checkForRight(RightType.UPDATE, user);
433: registry.updateUser(this , user);
434: }
435:
436: /**
437: * Sets the <code>Group</code> s that a given <code>Group</code> is a DIRECT member of.
438: *
439: * NOTE: Only performed if the acting user has the 'grant'-right for all the groups that are
440: * requested to be added / removed.
441: *
442: * @param group
443: * @param newGroups
444: * @throws GeneralSecurityException
445: * @throws UnauthorizedException
446: */
447: public void setGroupsForGroup(Group group, Group[] newGroups)
448: throws GeneralSecurityException, UnauthorizedException {
449: SecurityAccessManager.getInstance().verify(this );
450: Group[] oldGroups = group.getGroups(this );
451:
452: // build set for old groups
453: HashSet<Group> oldGroupSet = new HashSet<Group>(
454: oldGroups.length);
455: for (int i = 0; i < oldGroups.length; i++) {
456: oldGroupSet.add(oldGroups[i]);
457: }
458: // build set for new groups
459: HashSet<Group> newGroupSet = new HashSet<Group>(
460: oldGroups.length);
461: for (int i = 0; i < newGroups.length; i++) {
462: newGroupSet.add(newGroups[i]);
463: }
464:
465: // check grant right for all groups requested to be removed
466: Iterator it = oldGroupSet.iterator();
467: while (it.hasNext()) {
468: Group currGroup = (Group) it.next();
469: if (!newGroupSet.contains(currGroup)) {
470: checkForRight(RightType.GRANT, group);
471: }
472: }
473:
474: // check grant right for all groups requested to be added
475: it = newGroupSet.iterator();
476: while (it.hasNext()) {
477: Group currGroup = (Group) it.next();
478: if (!oldGroupSet.contains(currGroup)) {
479: checkForRight(RightType.GRANT, group);
480: }
481: }
482: registry.setGroupsForGroup(this , group, newGroups);
483: }
484:
485: /**
486: * Sets the <code>Groups</code> that a given <code>User</code> is a DIRECT member of.
487: *
488: * NOTE: Only performed if the acting user has the 'grant'-right for all the groups that are
489: * requested to be added / removed.
490: *
491: * @param user
492: * @param newGroups
493: * @throws GeneralSecurityException
494: * @throws UnauthorizedException
495: */
496: public void setGroupsForUser(User user, Group[] newGroups)
497: throws GeneralSecurityException, UnauthorizedException {
498: SecurityAccessManager.getInstance().verify(this );
499: Group[] oldGroups = user.getGroups(this );
500:
501: // build set for old groups
502: HashSet<Group> oldGroupSet = new HashSet<Group>(
503: oldGroups.length);
504: for (int i = 0; i < oldGroups.length; i++) {
505: oldGroupSet.add(oldGroups[i]);
506: }
507: // build set for new groups
508: HashSet<Group> newGroupSet = new HashSet<Group>(
509: oldGroups.length);
510: for (int i = 0; i < newGroups.length; i++) {
511: newGroupSet.add(newGroups[i]);
512: }
513:
514: // check grant right for all groups requested to be removed
515: Iterator it = oldGroupSet.iterator();
516: while (it.hasNext()) {
517: Group group = (Group) it.next();
518: if (!newGroupSet.contains(group)) {
519: checkForRight(RightType.GRANT, group);
520: }
521: }
522:
523: // check grant right for all groups requested to be added
524: it = newGroupSet.iterator();
525: while (it.hasNext()) {
526: Group group = (Group) it.next();
527: if (!oldGroupSet.contains(group)) {
528: checkForRight(RightType.GRANT, group);
529: }
530: }
531: registry.setGroupsForUser(this , user, newGroups);
532: }
533:
534: /**
535: * Sets the members (groups) for a group.
536: *
537: * NOTE: Only performed if the acting user has the 'grant'-right on the group.
538: *
539: * @param group
540: * @param groups
541: * @throws GeneralSecurityException
542: * @throws UnauthorizedException
543: */
544: public void setGroupsInGroup(Group group, Group[] groups)
545: throws GeneralSecurityException, UnauthorizedException {
546: SecurityAccessManager.getInstance().verify(this );
547: checkForRight(RightType.GRANT, group);
548: registry.setGroupsInGroup(this , group, groups);
549: }
550:
551: /**
552: * Sets the groups to be associated with the given role.
553: *
554: * NOTE: Only performed if the acting user has the 'grant'-right on the role.
555: *
556: * @param role
557: * @param groups
558: * @throws GeneralSecurityException
559: * if not permitted
560: * @throws UnauthorizedException
561: */
562: public void setGroupsWithRole(Role role, Group[] groups)
563: throws GeneralSecurityException, UnauthorizedException {
564: SecurityAccessManager.getInstance().verify(this );
565: checkForRight(RightType.GRANT, role);
566: registry.setGroupsWithRole(this , role, groups);
567: }
568:
569: /**
570: * Sets the privileges for a certain role.
571: *
572: * NOTE: Only performed if the acting user has all the privileges he is trying to grant.
573: *
574: * FIXME: Shouldn't that be "... to grant / withdraw"?
575: *
576: * @param role
577: * @param privileges
578: * @throws GeneralSecurityException
579: * if not permitted
580: */
581: public void setPrivilegesForRole(Role role, Privilege[] privileges)
582: throws GeneralSecurityException {
583: SecurityAccessManager.getInstance().verify(this );
584: Privilege[] holderPrivileges = user.getPrivileges(this );
585: HashSet<Privilege> holderSet = new HashSet<Privilege>(
586: holderPrivileges.length);
587: for (int i = 0; i < holderPrivileges.length; i++) {
588: holderSet.add(holderPrivileges[i]);
589: }
590: for (int i = 0; i < privileges.length; i++) {
591: if (!holderSet.contains(privileges[i])) {
592: throw new GeneralSecurityException(
593: "The requested operation requires the privilege '"
594: + privileges[i].getName() + "'.");
595: }
596: }
597: registry.setPrivilegesForRole(this , role, privileges);
598: }
599:
600: /**
601: * Sets the <code>Rights</code> that a certain role has on a given object.
602: *
603: * NOTE: Only performed if the acting user has the 'update'-right on the role and the
604: * 'grant'-right on the securable object.
605: *
606: * @param object
607: * @param role
608: * @param rights
609: * @throws GeneralSecurityException
610: * if not permitted
611: * @throws UnauthorizedException
612: */
613: public void setRights(SecurableObject object, Role role,
614: Right[] rights) throws GeneralSecurityException,
615: UnauthorizedException {
616: SecurityAccessManager.getInstance().verify(this );
617: checkForRight(RightType.UPDATE, role);
618: checkForRight(RightType.GRANT, object);
619: registry.setRights(this , object, role, rights);
620: }
621:
622: /**
623: * Sets one certain right that a certain role has on the given objects.
624: *
625: * NOTE: Only performed if the acting user has the 'update'-right on the role and the
626: * 'grant'-right on the securable objects.
627: *
628: * @param objects
629: * @param role
630: * @param right
631: * @throws GeneralSecurityException
632: * if not permitted
633: * @throws UnauthorizedException
634: */
635: public void setRights(SecurableObject[] objects, Role role,
636: Right right) throws GeneralSecurityException,
637: UnauthorizedException {
638: SecurityAccessManager.getInstance().verify(this );
639: checkForRight(RightType.UPDATE, role);
640: for (int i = 0; i < objects.length; i++) {
641: checkForRight(RightType.GRANT, objects[i]);
642: }
643: registry.setRights(this , objects, role, right);
644: }
645:
646: /**
647: * Adds the specified <code>Rights</code> on the passed object to the passed role. If they are
648: * already present, nothing happens.
649: *
650: * @param object
651: * @param role
652: * @param additionalRights
653: * @throws GeneralSecurityException
654: * @throws UnauthorizedException
655: */
656: public void addRights(SecurableObject object, Role role,
657: Right[] additionalRights) throws GeneralSecurityException,
658: UnauthorizedException {
659: SecurityAccessManager.getInstance().verify(this );
660: checkForRight(RightType.UPDATE, role);
661: checkForRight(RightType.GRANT, object);
662: RightSet presentRights = new RightSet(registry.getRights(this ,
663: object, role));
664: RightSet newRights = presentRights.merge(new RightSet(
665: additionalRights));
666: registry.setRights(this , object, role, newRights
667: .toArray(object));
668: }
669:
670: /**
671: * Adds the specified <code>Rights</code> on the passed object to the passed role. If they are
672: * already present, nothing happens.
673: *
674: * @param object
675: * @param role
676: * @param types
677: * @throws UnauthorizedException
678: * @throws GeneralSecurityException
679: */
680: public void addRights(SecurableObject object, Role role,
681: RightType[] types) throws UnauthorizedException,
682: GeneralSecurityException {
683: Right[] additionalRights = new Right[types.length];
684: for (int i = 0; i < additionalRights.length; i++) {
685: additionalRights[i] = new Right(object, types[i]);
686: }
687: addRights(object, role, additionalRights);
688: }
689:
690: /**
691: * Removes all rights of the specified types that the role may have on the given
692: * <code>SecurableObject</code>.
693: *
694: * @param object
695: * @param role
696: * @param types
697: * @throws GeneralSecurityException
698: * @throws UnauthorizedException
699: */
700: public void removeRights(SecurableObject object, Role role,
701: RightType[] types) throws GeneralSecurityException,
702: UnauthorizedException {
703: SecurityAccessManager.getInstance().verify(this );
704: checkForRight(RightType.UPDATE, role);
705: checkForRight(RightType.GRANT, object);
706:
707: Right[] rights = registry.getRights(this , object, role);
708: List<Right> newRightList = new ArrayList<Right>(20);
709: for (int i = 0; i < rights.length; i++) {
710: RightType type = rights[i].getType();
711: boolean remove = true;
712: for (int j = 0; j < types.length; j++) {
713: if (type.equals(types[j])) {
714: remove = true;
715: }
716: }
717: if (!remove) {
718: newRightList.add(rights[i]);
719: }
720: }
721: Right[] newRights = newRightList.toArray(new Right[newRightList
722: .size()]);
723: registry.setRights(this , object, role, newRights);
724: }
725:
726: /**
727: * Sets the members (users) in a group.
728: *
729: * NOTE: Only performed if the acting user has the 'grant'-right on the group.
730: *
731: * @param group
732: * @param users
733: * @throws GeneralSecurityException
734: * @throws UnauthorizedException
735: */
736: public void setUsersInGroup(Group group, User[] users)
737: throws GeneralSecurityException, UnauthorizedException {
738: SecurityAccessManager.getInstance().verify(this );
739: checkForRight(RightType.GRANT, group);
740: registry.setUsersInGroup(this , group, users);
741: }
742:
743: /**
744: * Sets the users to be associated with the given role (DIRECTLY, i.e. not via group
745: * memberships).
746: *
747: * NOTE: Only performed if the user has the 'grant'-right on the role.
748: *
749: * @param role
750: * @param users
751: * @throws GeneralSecurityException
752: * if not permitted
753: * @throws UnauthorizedException
754: */
755: public void setUsersWithRole(Role role, User[] users)
756: throws GeneralSecurityException, UnauthorizedException {
757: SecurityAccessManager.getInstance().verify(this );
758: checkForRight(RightType.GRANT, role);
759: registry.setUsersWithRole(this , role, users);
760: }
761:
762: /*
763: * (non-Javadoc)
764: *
765: * @see java.lang.Object#toString()
766: */
767: public String toString() {
768: StringBuffer sb = new StringBuffer();
769: try {
770: User[] users = getAllUsers();
771:
772: sb.append("\n\nSecurityAccess @ "
773: + System.currentTimeMillis());
774:
775: sb.append("\n\n").append(users.length).append(
776: " registered users:\n");
777: for (int i = 0; i < users.length; i++) {
778: sb.append(users[i].toString(this )).append("\n");
779: }
780: Group[] groups = getAllGroups();
781: sb.append("\n").append(groups.length).append(
782: " registered groups:\n");
783: for (int i = 0; i < groups.length; i++) {
784: sb.append(groups[i].toString(this )).append("\n");
785: }
786: Role[] roles = getAllRoles();
787: sb.append("\n").append(roles.length).append(
788: " registered roles:\n");
789: for (int i = 0; i < roles.length; i++) {
790: sb.append(roles[i].toString(this )).append("\n");
791: }
792: } catch (Exception e) {
793: e.printStackTrace();
794: }
795: return sb.toString();
796: }
797:
798: /**
799: *
800: */
801: void renew() {
802: this.timestamp = System.currentTimeMillis();
803: }
804: }
|