001: /*
002: * Coefficient - facilitates project based collaboration
003: * Copyright (C) 2003, Dylan Etkin, CSIR icomtek
004: * PO Box 395
005: * Pretoria 0001, RSA
006: * This library is free software; you can redistribute it and/or
007: * modify it under the terms of the GNU Lesser General Public
008: * License as published by the Free Software Foundation; either
009: * version 2.1 of the License, or (at your option) any later version.
010: * This library is distributed in the hope that it will be useful,
011: * but WITHOUT ANY WARRANTY; without even the implied warranty of
012: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
013: * Lesser General Public License for more details.
014: *
015: * You should have received a copy of the GNU Lesser General Public
016: * License along with this library; if not, write to the Free Software
017: * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
018: */
019:
020: package za.org.coefficient.util.ejb;
021:
022: import za.org.coefficient.authentication.CoefficientUser;
023: import za.org.coefficient.authentication.ProjectMember;
024: import za.org.coefficient.authentication.Role;
025: import za.org.coefficient.core.Project;
026: import za.org.coefficient.util.common.InvokerFactory;
027:
028: import java.io.Serializable;
029:
030: import java.security.MessageDigest;
031: import java.security.NoSuchAlgorithmException;
032:
033: import java.util.ArrayList;
034: import java.util.HashMap;
035: import java.util.Iterator;
036: import java.util.List;
037: import java.util.TreeMap;
038:
039: /**
040: * This is a utility class that allows access to users and roles in
041: * the system
042: */
043: public class SecurityUtil implements Serializable {
044: //~ Static fields/initializers =============================================
045:
046: public static final String SITE_ADMIN_ROLE_DESC = "Site Administrator";
047: public static final String SITE_MODERATOR_ROLE_DESC = "Site Moderator";
048: public static final String PROJECT_CHAMPION_ROLE_DESC = "Project Champion";
049: public static final String PROJECT_MEMBER_ROLE_DESC = "Project Member";
050: public static final String SITE_MEMBER_ROLE_DESC = "Site Member";
051: public static final String GUEST_ROLE_DESC = "Guest";
052: public static final long SITE_ADMIN_ROLE_VAL = 0;
053: public static final long SITE_MODERATOR_ROLE_VAL = 50;
054: public static final long PROJECT_CHAMPION_ROLE_VAL = 100;
055: public static final long PROJECT_MEMBER_ROLE_VAL = 200;
056: public static final long SITE_MEMBER_ROLE_VAL = 250;
057: public static final long GUEST_ROLE_VAL = 300;
058: private static final String[] HEX_ALPHABET = { "0", "1", "2", "3",
059: "4", "5", "6", "7", "8", "9", "A", "B", "C", "D", "E", "F" };
060: private static HashMap roleDescCache = new HashMap();
061: private static TreeMap roleValCache = new TreeMap();
062:
063: // This is used to seed data in a virgin system
064: static {
065: try {
066: // NOTE: if you ever plan on supporting dynamic role creation then
067: // the roles should be cached better
068: List roles = (List) InvokerFactory.getRemoteInvoker()
069: .invokeMethodOnService("Role", "getAllRoles",
070: new Object[0]);
071: for (Iterator it = roles.iterator(); it.hasNext();) {
072: Role role = (Role) it.next();
073: roleDescCache.put(role.getDescription(), role);
074: roleValCache.put(new Long(role.getRoleValue()), role);
075: }
076:
077: // Make sure we initialize users
078: InvokerFactory.getRemoteInvoker().invokeGetterOnModule(
079: "UserAdmin", "moduleName");
080: } catch (Exception e) {
081: e.printStackTrace();
082: }
083: }
084:
085: //~ Methods ================================================================
086:
087: public static List getAllUsers() {
088: List retVals = null;
089: try {
090: retVals = (List) InvokerFactory.getRemoteInvoker()
091: .invokeGetterOnModule("UserAdmin", "getAllUsers");
092: } catch (Exception e) {
093: //swallow the exception and return an empty list
094: retVals = new ArrayList();
095: }
096:
097: return retVals;
098: }
099:
100: /**
101: *
102: * This is used to determine the correct role in the role hierarchy for
103: * a user. The hierarchy is from highest to lowest:
104: * 1. SecurityUtil.SITE_ADMIN_ROLE_DESC - a system/project role
105: * 2. SecurityUtil.PROJECT_CHAMPION_ROLE_DESC - a project role
106: * 3. SecurityUtil.PROJECT_MEMBER_ROLE_DESC - a project role
107: * 4. SecurityUtil.SITE_MEMBER_ROLE_DESC - a system role
108: * 5. SecurityUtil.GUEST_ROLE_DESC - a system/project role
109: *
110: *
111: * @param user is the user to determine the role for, if null then this
112: * method will return the guest role
113: * @param project is the project obtained from a context. If null then
114: * the role returned will be obtained
115: * from the system role contained in the user
116: * @return is the highest role associated with the current user given
117: * the project information
118: */
119: public static Role getHighestRoleForUser(CoefficientUser user,
120: Project project) {
121: if (user == null) {
122: return getRoleForDescription(GUEST_ROLE_DESC);
123: } else {
124: Role retVal = user.getSystemRole();
125: if (retVal.getDescription().equals(SITE_ADMIN_ROLE_DESC)) {
126: return retVal;
127: } else if (project != null) {
128: List projectMembers = project.getMembers();
129: for (Iterator it = projectMembers.iterator(); it
130: .hasNext();) {
131: ProjectMember member = (ProjectMember) it.next();
132: if (member.getCoefficientUser().equals(user)) {
133: if (member.getProjectRole().getRoleValue() < retVal
134: .getRoleValue()) {
135: retVal = member.getProjectRole();
136: }
137: }
138: }
139: }
140:
141: return retVal;
142: }
143: }
144:
145: public static Role getRoleForDescription(String roleDescription) {
146: return (Role) roleDescCache.get(roleDescription);
147: }
148:
149: public static synchronized Role getRoleForValue(long roleValue) {
150: return (Role) roleValCache.get(new Long(roleValue));
151: }
152:
153: public static synchronized List getRoles() {
154: return new ArrayList(roleValCache.values());
155: }
156:
157: public static List getUsersWithSystemRole(Role role) {
158: List retVals = null;
159: try {
160: retVals = (List) InvokerFactory.getRemoteInvoker()
161: .invokeMethodOnModule("UserAdmin",
162: "getUsersWithSystemRole",
163: new Object[] { role });
164: } catch (Exception e) {
165: //swallow the exception and return an empty list
166: retVals = new ArrayList();
167: }
168:
169: return retVals;
170: }
171:
172: /**
173: * Computes an md5 hash of a string.
174: * @param text the hashed string
175: * @return the string hash
176: * @exception NullPointerException if text is null
177: */
178: public static byte[] md5(String text) {
179: // arguments check
180: if (text == null) {
181: throw new NullPointerException("null text");
182: }
183:
184: try {
185: MessageDigest md = MessageDigest.getInstance("MD5");
186: md.update(text.getBytes());
187:
188: return md.digest();
189: } catch (NoSuchAlgorithmException e) {
190: throw new RuntimeException("Cannot find MD5 algorithm");
191: }
192: }
193:
194: /**
195: * Computes an md5 hash and returns the result as a string
196: * made of hexadecimal HEX_ALPHABET whose.
197: * @param text the hashed string
198: * @return the string hash
199: * @exception NullPointerException if text is null
200: */
201: public static String md5AsHexString(String text) {
202: byte[] bytes = md5(text);
203: StringBuffer hex = new StringBuffer();
204: for (int i = 0; i < bytes.length; i++) {
205: hex.append(HEX_ALPHABET[(bytes[i] & 0XF0) >> 4]);
206: hex.append(HEX_ALPHABET[bytes[i] & 0X0F]);
207: }
208:
209: return hex.toString();
210: }
211: }
|