001: //$HeadURL: https://svn.wald.intevation.org/svn/deegree/base/trunk/src/org/deegree/security/drm/model/User.java $
002: /*---------------- FILE HEADER ------------------------------------------
003:
004: This file is part of deegree.
005: Copyright (C) 2001-2008 by:
006: EXSE, Department of Geography, University of Bonn
007: http://www.giub.uni-bonn.de/deegree/
008: lat/lon GmbH
009: http://www.lat-lon.de
010:
011: This library is free software; you can redistribute it and/or
012: modify it under the terms of the GNU Lesser General Public
013: License as published by the Free Software Foundation; either
014: version 2.1 of the License, or (at your option) any later version.
015:
016: This library is distributed in the hope that it will be useful,
017: but WITHOUT ANY WARRANTY; without even the implied warranty of
018: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
019: Lesser General Public License for more details.
020:
021: You should have received a copy of the GNU Lesser General Public
022: License along with this library; if not, write to the Free Software
023: Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
024:
025: Contact:
026:
027: Andreas Poth
028: lat/lon GmbH
029: Aennchenstr. 19
030: 53115 Bonn
031: Germany
032: E-Mail: poth@lat-lon.de
033:
034: Prof. Dr. Klaus Greve
035: Department of Geography
036: University of Bonn
037: Meckenheimer Allee 166
038: 53115 Bonn
039: Germany
040: E-Mail: greve@giub.uni-bonn.de
041:
042: ---------------------------------------------------------------------------*/
043: package org.deegree.security.drm.model;
044:
045: import java.util.HashSet;
046:
047: import org.deegree.framework.log.ILogger;
048: import org.deegree.framework.log.LoggerFactory;
049: import org.deegree.model.feature.Feature;
050: import org.deegree.security.GeneralSecurityException;
051: import org.deegree.security.drm.SecurityAccess;
052: import org.deegree.security.drm.SecurityRegistry;
053: import org.deegree.security.drm.WrongCredentialsException;
054:
055: /**
056: * Implementation of user-objects. <code>User</code> s can be members of <code>Groups</code> and
057: * can be associated with <code>Role</code>s.
058: * <p>
059: * A user is always in one of two states:
060: *
061: * <ul>
062: * <li>
063: * Not authenticated: <code>SecurityManager</code> will not issue <code>SecurityAccess</code>
064: * instances for this user
065: * </li>
066: * <li>
067: * Authenticated: achieved by calling <code>authenticate()</code> and submitting the correct
068: * password, afterwards <code>SecurityAccess</code> instances for the user can be issued
069: * </li>
070: * </ul>
071: *
072: * @author <a href="mailto:mschneider@lat-lon.de">Markus Schneider</a>
073: * @author last edited by: $Author: mays$
074: *
075: * @version $Revision: 9346 $, $Date: 21.08.2007 16:51:15$
076: */
077: public class User extends SecurableObject {
078:
079: private ILogger LOG = LoggerFactory.getLogger(User.class);
080:
081: /**
082: *
083: */
084: public final static int ID_SEC_ADMIN = 1;
085:
086: private String password;
087:
088: private String firstName;
089:
090: private String lastName;
091:
092: private String emailAddress;
093:
094: private boolean isAuthenticated = false;
095:
096: /**
097: * Creates a new <code>User</code> -instance.
098: *
099: * @param id
100: * @param name
101: * @param password
102: * null means that password checking is disabled
103: * @param firstName
104: * @param lastName
105: * @param emailAddress
106: * @param registry
107: */
108: public User(int id, String name, String password, String firstName,
109: String lastName, String emailAddress,
110: SecurityRegistry registry) {
111: this .id = id;
112: this .name = name;
113: this .password = password;
114: if (password == null) {
115: isAuthenticated = true;
116: }
117: if (lastName == null || firstName == null) {
118: this .title = name;
119: } else if ((lastName == null || lastName.equals(""))
120: && (firstName == null || firstName.equals(""))) {
121: this .title = name;
122: } else if ((!lastName.equals("")) && (!firstName.equals(""))) {
123: this .title = lastName + ", " + firstName;
124: } else if (lastName.equals("")) {
125: this .title = firstName;
126: } else {
127: this .title = lastName;
128: }
129: this .firstName = firstName;
130: this .lastName = lastName;
131: this .emailAddress = emailAddress;
132: this .registry = registry;
133: }
134:
135: /**
136: * @return the first name
137: *
138: */
139: public String getFirstName() {
140: return firstName;
141: }
142:
143: /**
144: * @return the last name
145: *
146: */
147: public String getLastName() {
148: return lastName;
149: }
150:
151: /**
152: * @return the mail address
153: *
154: */
155: public String getEmailAddress() {
156: return emailAddress;
157: }
158:
159: /**
160: * @return the password
161: *
162: */
163: public String getPassword() {
164: return password;
165: }
166:
167: /**
168: * Returns the groups that this user belongs to.
169: *
170: * @param securityAccess
171: * @return the user's groups
172: * @throws GeneralSecurityException
173: */
174: public Group[] getGroups(SecurityAccess securityAccess)
175: throws GeneralSecurityException {
176: return registry.getGroupsForUser(securityAccess, this );
177: }
178:
179: /**
180: * Returns the roles that this is user is associated with (directly and via group memberships).
181: * <p>
182: *
183: * @param securityAccess
184: * @return the user's roles
185: * @throws GeneralSecurityException
186: */
187: public Role[] getRoles(SecurityAccess securityAccess)
188: throws GeneralSecurityException {
189: return securityAccess.getAllRolesForUser(this );
190: }
191:
192: /**
193: * Returns the <code>Privileges</code> that the <code>User</code> has (directly and via
194: * group memberships).
195: *
196: * @param securityAccess
197: * @return the user's privileges
198: * @throws GeneralSecurityException
199: */
200: public Privilege[] getPrivileges(SecurityAccess securityAccess)
201: throws GeneralSecurityException {
202:
203: Role[] roles = securityAccess.getAllRolesForUser(this );
204: HashSet<Privilege> privilegeSet = new HashSet<Privilege>();
205: // gather privileges for all associated roles
206: for (int i = 0; i < roles.length; i++) {
207: Privilege[] rolePrivileges = registry.getPrivilegesForRole(
208: securityAccess, roles[i]);
209: for (int j = 0; j < rolePrivileges.length; j++) {
210: privilegeSet.add(rolePrivileges[j]);
211: }
212: }
213: return privilegeSet.toArray(new Privilege[privilegeSet.size()]);
214: }
215:
216: /**
217: * Returns whether the <code>User</code> has a certain <code>Privilege</code> (either
218: * directly or via group memberships).
219: *
220: * @param securityAccess
221: * @param privilege
222: * @return true if the user has the specified privilege
223: * @throws GeneralSecurityException
224: */
225: public boolean hasPrivilege(SecurityAccess securityAccess,
226: Privilege privilege) throws GeneralSecurityException {
227: Privilege[] privileges = getPrivileges(securityAccess);
228: for (int i = 0; i < privileges.length; i++) {
229: if (privileges[i].equals(privilege)) {
230: return true;
231: }
232: }
233: return false;
234: }
235:
236: /**
237: * Returns whether the <code>User</code> has a certain privilege (either directly or via group
238: * memberships).
239: *
240: * @param securityAccess
241: * @param s
242: * @return true if the user has the specified privilege
243: * @throws GeneralSecurityException
244: */
245: public boolean hasPrivilege(SecurityAccess securityAccess, String s)
246: throws GeneralSecurityException {
247: Privilege privilege = registry.getPrivilegeByName(
248: securityAccess, s);
249: return hasPrivilege(securityAccess, privilege);
250: }
251:
252: /**
253: * Returns the rights that this <code>User</code> has on the given
254: * <code>SecurableObject</code> (directly and via group memberships).
255: *
256: * @param securityAccess
257: * @param object
258: * @return the user's right for the specified object
259: * @throws GeneralSecurityException
260: */
261: public RightSet getRights(SecurityAccess securityAccess,
262: SecurableObject object) throws GeneralSecurityException {
263: Role[] roles = securityAccess.getAllRolesForUser(this );
264: RightSet rights = new RightSet();
265:
266: for (int i = 0; i < roles.length; i++) {
267: rights = rights.merge(new RightSet(registry.getRights(
268: securityAccess, object, roles[i])));
269: }
270: return rights;
271: }
272:
273: /**
274: * Returns whether the <code>User</code> has a certain <code>Right</code> on this
275: * <code>SecurableObject</code> (directly or via group memberships).
276: *
277: * @param securityAccess
278: * @param type
279: * @param accessParams
280: * @param object
281: * @return true if the user has the right for the specified object
282: * @throws GeneralSecurityException
283: */
284: public boolean hasRight(SecurityAccess securityAccess,
285: RightType type, Feature accessParams, SecurableObject object)
286: throws GeneralSecurityException {
287: LOG.logDebug("has Right", type);
288: LOG.logDebug("has Right", object);
289: return getRights(securityAccess, object).applies(object, type,
290: accessParams);
291: }
292:
293: /**
294: * Returns whether the <code>User</code> has a certain <code>Right</code> on this
295: * <code>SecurableObject</code> (directly or via group memberships).
296: *
297: * @param securityAccess
298: * @param type
299: * @param object
300: * @return true if the user has the right for the specified object
301: * @throws GeneralSecurityException
302: */
303: public boolean hasRight(SecurityAccess securityAccess,
304: RightType type, SecurableObject object)
305: throws GeneralSecurityException {
306: return getRights(securityAccess, object).applies(object, type);
307: }
308:
309: /**
310: * Returns whether the <code>User</code> has a certain right on this
311: * <code>SecurableObject</code> (directly or via group memberships).
312: *
313: * @param securityAccess
314: * @param s
315: * @param object
316: * @return true if the user has the right for the specified object
317: * @throws GeneralSecurityException
318: */
319: public boolean hasRight(SecurityAccess securityAccess, String s,
320: SecurableObject object) throws GeneralSecurityException {
321: RightType right = registry
322: .getRightTypeByName(securityAccess, s);
323: return hasRight(securityAccess, right, object);
324: }
325:
326: /**
327: * Returns whether the <code>User</code> has already been authenticated by a call to
328: * <code>authenticate()</code> with the correct password (or if the <code>user</code>'s
329: * password is null).
330: *
331: * @return true, if the user is authenticated
332: */
333: public boolean isAuthenticated() {
334: return isAuthenticated;
335: }
336:
337: /**
338: * Returns a <code>String</code> representation of this object.
339: *
340: * @param securityAccess
341: * @return the object as string
342: */
343: public String toString(SecurityAccess securityAccess) {
344: StringBuffer sb = new StringBuffer("Name: ").append(name)
345: .append(", Title: ").append(title);
346:
347: try {
348: sb.append(", Groups: [");
349: Group[] groups = getGroups(securityAccess);
350: for (int i = 0; i < groups.length; i++) {
351: sb.append(groups[i].getName());
352: if (i != groups.length - 1) {
353: sb.append(", ");
354: }
355: }
356: sb.append("]");
357:
358: sb.append(", Roles: [");
359: Role[] roles = getRoles(securityAccess);
360: for (int i = 0; i < roles.length; i++) {
361: sb.append(roles[i].getName());
362: if (i != roles.length - 1) {
363: sb.append(", ");
364: }
365: }
366: sb.append("]");
367:
368: sb.append(", Privileges: [");
369: Privilege[] privileges = getPrivileges(securityAccess);
370: for (int i = 0; i < privileges.length; i++) {
371: sb.append(privileges[i].getName());
372: if (i != privileges.length - 1) {
373: sb.append(", ");
374: }
375: }
376: sb.append("]");
377:
378: } catch (GeneralSecurityException e) {
379: LOG.logError(e.getMessage(), e);
380: }
381: return sb.toString();
382: }
383:
384: /**
385: * Checks if the submitted password is equal to the one of this user instance and sets the state
386: * to "authenticated" in case it is correct.
387: *
388: * @param password
389: * @throws WrongCredentialsException
390: */
391: public void authenticate(String password)
392: throws WrongCredentialsException {
393: if (this .password == null || "".equals(this .password)) {
394: isAuthenticated = true;
395: return;
396: }
397: if (!this .password.equals(password)) {
398: isAuthenticated = false;
399: throw new WrongCredentialsException(
400: "The submitted password is incorrect.");
401: }
402: isAuthenticated = true;
403: }
404: }
|