001: /* ====================================================================
002: * The Jcorporate Apache Style Software License, Version 1.2 05-07-2002
003: *
004: * Copyright (c) 1995-2002 Jcorporate Ltd. All rights reserved.
005: *
006: * Redistribution and use in source and binary forms, with or without
007: * modification, are permitted provided that the following conditions
008: * are met:
009: *
010: * 1. Redistributions of source code must retain the above copyright
011: * notice, this list of conditions and the following disclaimer.
012: *
013: * 2. Redistributions in binary form must reproduce the above copyright
014: * notice, this list of conditions and the following disclaimer in
015: * the documentation and/or other materials provided with the
016: * distribution.
017: *
018: * 3. The end-user documentation included with the redistribution,
019: * if any, must include the following acknowledgment:
020: * "This product includes software developed by Jcorporate Ltd.
021: * (http://www.jcorporate.com/)."
022: * Alternately, this acknowledgment may appear in the software itself,
023: * if and wherever such third-party acknowledgments normally appear.
024: *
025: * 4. "Jcorporate" and product names such as "Expresso" must
026: * not be used to endorse or promote products derived from this
027: * software without prior written permission. For written permission,
028: * please contact info@jcorporate.com.
029: *
030: * 5. Products derived from this software may not be called "Expresso",
031: * or other Jcorporate product names; nor may "Expresso" or other
032: * Jcorporate product names appear in their name, without prior
033: * written permission of Jcorporate Ltd.
034: *
035: * 6. No product derived from this software may compete in the same
036: * market space, i.e. framework, without prior written permission
037: * of Jcorporate Ltd. For written permission, please contact
038: * partners@jcorporate.com.
039: *
040: * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
041: * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
042: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
043: * DISCLAIMED. IN NO EVENT SHALL JCORPORATE LTD OR ITS CONTRIBUTORS
044: * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
045: * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
046: * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
047: * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
048: * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
049: * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
050: * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
051: * SUCH DAMAGE.
052: * ====================================================================
053: *
054: * This software consists of voluntary contributions made by many
055: * individuals on behalf of the Jcorporate Ltd. Contributions back
056: * to the project(s) are encouraged when you make modifications.
057: * Please send them to support@jcorporate.com. For more information
058: * on Jcorporate Ltd. and its products, please see
059: * <http://www.jcorporate.com/>.
060: *
061: * Portions of this software are based upon other open source
062: * products and are subject to their respective licenses.
063: */
064:
065: /**
066: * DBSecurityMatrix.java
067: *
068: * Copyright (c) 1999, 2000, 2001 Jcorporate Ltd. All rights reserved.
069: */package com.jcorporate.expresso.services.controller;
070:
071: import com.jcorporate.expresso.core.controller.Block;
072: import com.jcorporate.expresso.core.controller.ControllerException;
073: import com.jcorporate.expresso.core.controller.ControllerRequest;
074: import com.jcorporate.expresso.core.controller.ControllerResponse;
075: import com.jcorporate.expresso.core.controller.DBController;
076: import com.jcorporate.expresso.core.controller.Input;
077: import com.jcorporate.expresso.core.controller.Output;
078: import com.jcorporate.expresso.core.controller.State;
079: import com.jcorporate.expresso.core.controller.Transition;
080: import com.jcorporate.expresso.core.db.DBException;
081: import com.jcorporate.expresso.core.dbobj.DBObject;
082: import com.jcorporate.expresso.core.dbobj.Schema;
083: import com.jcorporate.expresso.core.dbobj.SchemaFactory;
084: import com.jcorporate.expresso.core.dbobj.SecuredDBObject;
085: import com.jcorporate.expresso.core.dbobj.ValidValue;
086: import com.jcorporate.expresso.core.misc.StringUtil;
087: import com.jcorporate.expresso.services.dbobj.DBObjSecurity;
088: import com.jcorporate.expresso.services.dbobj.SchemaList;
089: import com.jcorporate.expresso.services.dbobj.UserGroup;
090: import org.apache.log4j.Logger;
091:
092: import java.util.Enumeration;
093: import java.util.Hashtable;
094: import java.util.Iterator;
095: import java.util.Vector;
096:
097: /**
098: * The DBSecurityMatrix controller allows authorized users to easily
099: * maintain the security permissions of different user groups to
100: * database objects.
101: *
102: * @author Michael Nash
103: * @version $Revision: 1.19 $ $Date: 2004/11/17 20:48:17 $
104: */
105: public class DBSecurityMatrix extends DBController {
106: private static final String this Class = DBSecurityMatrix.class
107: .getName()
108: + ".";
109: private static Logger log = Logger
110: .getLogger(DBSecurityMatrix.class);
111:
112: /**
113: * Object to enclose the existing security info for a database object
114: */
115: private class CurrentSecurity {
116: public boolean addAllowed = false;
117: public boolean updateAllowed = false;
118: public boolean searchAllowed = false;
119: public boolean deleteAllowed = false;
120: public String description = ("none");
121:
122: public CurrentSecurity() {
123: super ();
124: }
125: } /* CurrentSecurity */
126:
127: /**
128: * Our constructor declares the states this controller supports
129: */
130: public DBSecurityMatrix() {
131: State prompt = new State("prompt",
132: "Prompt for Schema and User Group");
133: addState(prompt);
134: setInitialState("prompt");
135:
136: State dbobjmatrix = new State("dbobjmatrix",
137: "Enter/View Database Object permissions");
138: dbobjmatrix.addRequiredParameter("SchemaClass");
139: dbobjmatrix.addRequiredParameter("GroupName");
140: addState(dbobjmatrix);
141:
142: State dbobjupdate = new State("dbobjupdate",
143: "Update Database Obejct permissions");
144: dbobjupdate.addRequiredParameter("GroupName");
145: addState(dbobjupdate);
146: this
147: .setSchema(com.jcorporate.expresso.core.ExpressoSchema.class);
148: } /* DBSecurityMatrix() */
149:
150: /**
151: * Internal method to verify existing security on an object
152: *
153: * @param params ?
154: * @param append ?
155: * @param title the title of the object
156: * @param oneObjName ?
157: * @param methodCode ?
158: * @param nowAllowed ?
159: * @param objDescrip ?
160: * @return a BLOCK of permission checkboxes (inputs)
161: * @throws ControllerException upon error
162: * @throws HtmlException upon html rendering exception
163: * @throws DBException upon database connection exception
164: */
165: private Block checkPermission(ControllerRequest params,
166: String append, String title, String oneObjName,
167: String methodCode, boolean nowAllowed, String objDescrip)
168: throws ControllerException, DBException {
169: DBObjSecurity oneDBSecurity = new DBObjSecurity(
170: SecuredDBObject.SYSTEM_ACCOUNT);
171: oneDBSecurity.setDataContext(params.getDataContext());
172:
173: Block subPara = new Block("subPara");
174:
175: if (StringUtil.notNull(
176: params.getParameter(oneObjName + "_" + append)).equals(
177: "Y")) {
178: if (log.isDebugEnabled()) {
179: log.debug(title + " for " + oneObjName + " allowed");
180: }
181: if (!nowAllowed) {
182: subPara.add(new Output(title
183: + " permission granted to " + objDescrip));
184:
185: /* add permission */
186: oneDBSecurity.clear();
187: oneDBSecurity.setDataContext(params.getDataContext());
188: oneDBSecurity.setField("DBObjectName", oneObjName);
189: oneDBSecurity.setField("MethodCode", methodCode);
190: oneDBSecurity.setField("GroupName", params
191: .getParameter("GroupName"));
192: oneDBSecurity.add();
193: }
194: } else { /* if method is not currently allwoed */
195:
196: /* method not allowed */
197: if (log.isDebugEnabled()) {
198: log.debug("Search for " + oneObjName + " not allowed");
199: }
200: if (nowAllowed) {
201:
202: /* remove method permission */
203: subPara.add(new Output(title
204: + " permission removed for " + objDescrip));
205: oneDBSecurity.clear();
206: oneDBSecurity.setDataContext(params.getDataContext());
207: oneDBSecurity.setField("DBObjectName", oneObjName);
208: oneDBSecurity.setField("MethodCode", methodCode);
209: oneDBSecurity.setField("GroupName", params
210: .getParameter("GroupName"));
211:
212: if (oneDBSecurity.find()) {
213: oneDBSecurity.delete();
214: }
215: } /* if method is currently allowed */
216:
217: } /* else method not allowed */
218:
219: return subPara;
220: } /* checkPermission(String, String, String, String, boolean, String) */
221:
222: /**
223: * Update the database object security given the information filled
224: * in on the matrix.
225: *
226: * @param params the ControllerRequest object
227: * @param myResponse the controller response object
228: */
229: private void runDbobjupdateState(ControllerRequest params,
230: ControllerResponse myResponse) throws ControllerException {
231: try {
232: String myName = (this Class + "dbObjUpdate()");
233: Block dbUpdatedPara = new Block("dbUpdatedPara");
234:
235: if (StringUtil.notNull(params.getParameter("GroupName"))
236: .equals("")) {
237: throw new ControllerException(myName
238: + ":GroupName parameter not " + "supplied");
239: }
240:
241: Hashtable old = readSecurity(params);
242: String oneObjName;
243: CurrentSecurity oneSec;
244:
245: for (Enumeration se = old.keys(); se.hasMoreElements();) {
246: oneObjName = (String) se.nextElement();
247: oneSec = (CurrentSecurity) old.get(oneObjName);
248:
249: Block p = checkPermission(params, "search", "Search",
250: oneObjName, "S", oneSec.searchAllowed,
251: oneSec.description);
252:
253: if (p.getNumContents() > 0) {
254: dbUpdatedPara.add(p);
255: }
256:
257: p = checkPermission(params, "add", "Add", oneObjName,
258: "A", oneSec.addAllowed, oneSec.description);
259:
260: if (p.getNumContents() > 0) {
261: dbUpdatedPara.add(p);
262: }
263:
264: p = checkPermission(params, "update", "Update",
265: oneObjName, "U", oneSec.updateAllowed,
266: oneSec.description);
267:
268: if (p.getNumContents() > 0) {
269: dbUpdatedPara.add(p);
270: }
271:
272: p = checkPermission(params, "delete", "Delete",
273: oneObjName, "D", oneSec.deleteAllowed,
274: oneSec.description);
275:
276: if (p.getNumContents() > 0) {
277: dbUpdatedPara.add(p);
278: }
279: } /* for each old security obejct */
280:
281: if (dbUpdatedPara.getNumContents() == 0) {
282: dbUpdatedPara.add(new Output("No updates "
283: + "required."));
284: } else {
285: dbUpdatedPara.add(new Output("Database Object "
286: + "Security updated"));
287: }
288:
289: Transition again = new Transition("Start Again", getClass()
290: .getName());
291: again.setAttribute("button", "");
292: again.setName("again");
293: again.addParam(STATE_PARAM_KEY, "prompt");
294: myResponse.addTransition(again);
295: myResponse.add(dbUpdatedPara);
296: } catch (DBException e) {
297: throw new ControllerException(e);
298: }
299: } /* dbObjUpdate() */
300:
301: /**
302: * Build the matrix for the database objects in this schema
303: *
304: * @param params the ControllerRequest object
305: * @param myResponse the ControllerResponse object
306: * @throws ControllerException upon error
307: */
308: private void runDbobjmatrixState(ControllerRequest params,
309: ControllerResponse myResponse) throws ControllerException {
310: String myName = (this Class + "getDBObjMatrix()");
311: Block myPara = new Block("myPara");
312:
313: //myPara.setForm("true");
314: try {
315: SchemaList mySchema = new SchemaList(
316: SecuredDBObject.SYSTEM_ACCOUNT);
317: mySchema.setDataContext(params.getDataContext());
318:
319: String schemaDescrip;
320: mySchema.setField("SchemaClass", params
321: .getParameter("SchemaClass"));
322:
323: if (mySchema.find()) {
324: schemaDescrip = mySchema.getField("Descrip");
325: } else {
326: schemaDescrip = ("General");
327: }
328:
329: UserGroup myGroup = new UserGroup(
330: SecuredDBObject.SYSTEM_ACCOUNT);
331: myGroup.setDataContext(params.getDataContext());
332: myGroup.setField("GroupName", params
333: .getParameter("GroupName"));
334: myGroup.retrieve();
335: myResponse.add(new Output("Security for Schema "
336: + schemaDescrip + " and User Group "
337: + myGroup.getField("Descrip")));
338: myResponse.add(new Output("Database '"
339: + params.getDataContext() + "'"));
340:
341: /* get each of the database objects for this schema */
342: Block matrix = new Block("matrix");
343: matrix.setAttribute("table", "Y");
344:
345: String head = ("Object|Search|Add|Update|Delete");
346: matrix.setAttribute("header-row", head);
347:
348: int dbObjectCount = 0;
349: Block oneRow;
350: myPara.add(matrix);
351:
352: String oneDBObj;
353: Input cb = null;
354: CurrentSecurity oneSec;
355: Hashtable currentSecurity = readSecurity(params);
356:
357: for (Enumeration e = currentSecurity.keys(); e
358: .hasMoreElements();) {
359: oneDBObj = (String) e.nextElement();
360: oneSec = (CurrentSecurity) currentSecurity
361: .get(oneDBObj);
362: dbObjectCount++;
363: oneRow = new Block("oneRow");
364: oneRow.setAttribute("row", "Y");
365: matrix.add(oneRow);
366: oneRow.add(new Output(oneSec.description));
367:
368: if (oneSec.searchAllowed) {
369: cb = new Input(oneDBObj + "_" + "search");
370: cb.setType("boolean");
371: cb.setAttribute("checkbox", "");
372: cb.setDefaultValue("Y");
373: } else {
374: cb = new Input(oneDBObj + "_" + "search");
375: cb.setType("boolean");
376: cb.setAttribute("checkbox", "");
377: cb.setDefaultValue("N");
378: }
379:
380: oneRow.add(cb);
381:
382: if (oneSec.addAllowed) {
383: cb = new Input(oneDBObj + "_" + "add");
384: cb.setType("boolean");
385: cb.setAttribute("checkbox", "");
386: cb.setDefaultValue("Y");
387: } else {
388: cb = new Input(oneDBObj + "_" + "add");
389: cb.setType("boolean");
390: cb.setAttribute("checkbox", "");
391: cb.setDefaultValue("N");
392: }
393:
394: oneRow.add(cb);
395:
396: if (oneSec.updateAllowed) {
397: cb = new Input(oneDBObj + "_" + "update");
398: cb.setType("boolean");
399: cb.setAttribute("checkbox", "");
400: cb.setDefaultValue("Y");
401: } else {
402: cb = new Input(oneDBObj + "_" + "update");
403: cb.setType("boolean");
404: cb.setAttribute("checkbox", "");
405: cb.setDefaultValue("N");
406: }
407:
408: oneRow.add(cb);
409:
410: if (oneSec.deleteAllowed) {
411: cb = new Input(oneDBObj + "_" + "delete");
412: cb.setType("boolean");
413: cb.setAttribute("checkbox", "");
414: cb.setDefaultValue("Y");
415: } else {
416: cb = new Input(oneDBObj + "_" + "delete");
417: cb.setAttribute("checkbox", "");
418: cb.setType("boolean");
419: cb.setDefaultValue("N");
420: }
421:
422: oneRow.add(cb);
423: } /* for each database object */
424:
425: if (dbObjectCount == 0) {
426: throw new ControllerException(
427: myName
428: + ":There were no database objects in this schema - "
429: + "security cannot be administered");
430: }
431: } catch (DBException de) {
432: throw new ControllerException(myName
433: + ":Database exception reading " + "security info:"
434: + de.getMessage());
435: }
436:
437: Transition doUpdateDB = new Transition("Update", getClass()
438: .getName());
439: doUpdateDB.setName("updateDBobj");
440: doUpdateDB.addParam(STATE_PARAM_KEY, "dbobjupdate");
441: doUpdateDB.addParam("SchemaClass", params
442: .getParameter("SchemaClass"));
443: doUpdateDB.addParam("GroupName", params
444: .getParameter("GroupName"));
445: myResponse.add(doUpdateDB);
446:
447: //myPara.setFormTransition(doUpdateDB);
448: Transition again = new Transition("Start Again", getClass()
449: .getName());
450: again.setName("again");
451: again.addParam(STATE_PARAM_KEY, "prompt");
452: myResponse.add(again);
453: myResponse.add(myPara);
454: } /* getDBObjMatrix() */
455:
456: /**
457: * Instantiate & return the schema class given in the current parameter
458: *
459: * @param params the ControllerRequest object
460: * @return A Schema object instantiated from the class named by the
461: * ' SchemaClass' parameter
462: */
463: private Schema getSchemaObject(ControllerRequest params)
464: throws ControllerException {
465: String myName = (this Class + "getSchema()");
466: String className = params.getParameter("SchemaClass");
467:
468: if (className == null) {
469: throw new ControllerException(myName
470: + ":No parameter 'SchemaClass',"
471: + " can't read current schema");
472: }
473: Schema mySchema = SchemaFactory.getInstance().getSchema(
474: className);
475:
476: if (mySchema == null) {
477: throw new ControllerException(myName
478: + ":Can't instantiate " + "Schema class "
479: + className);
480: }
481:
482: return mySchema;
483: } /* getSchemaObject() */
484:
485: /**
486: * Return the title of this Controller
487: *
488: * @return java.lang.String The Title of the controller
489: */
490: public String getTitle() {
491: return ("Database Object Security Matrix");
492: } /* getTitle() */
493:
494: /**
495: *
496: *
497: * @param newState
498: * @throws ControllerException
499: */
500: // public ControllerResponse newState(String newState, ControllerRequest params)
501: // throws ControllerException, NonHandleableException {
502: //
503: // ControllerResponse myResponse = super.newState(newState, params);
504: //
505: // if (newState.equals("prompt")) {
506: // /* ask the user to select a user group */
507: // promptState(myResponse, params);
508: // } else if (newState.equals("dbobjmatrix")) {
509: // getDBObjMatrix(myResponse,params);
510: // } else if (newState.equals("dbobjupdate")) {
511: // try {
512: // dbObjUpdate(myResponse, params);
513: // } catch (DBException de) {
514: // throw new ControllerException(de);
515: // }
516: // }
517: //
518: // return myResponse;
519: // } /* newState(String) */
520: /**
521: * @param params the ControllerRequest object
522: * @param myResponse the ControllerResponse object
523: */
524: private void runPromptState(ControllerRequest params,
525: ControllerResponse myResponse) throws ControllerException {
526: String myName = (this Class + "promptState()");
527:
528: /* First the inputs */
529: Input chooseGroup = new Input();
530: chooseGroup.setLabel("Choose Group");
531: chooseGroup.setName("GroupName");
532:
533: Vector vg = new Vector(2);
534:
535: try {
536: UserGroup gl = new UserGroup(SecuredDBObject.SYSTEM_ACCOUNT);
537: gl.setDataContext(params.getDataContext());
538:
539: UserGroup oneGroup = null;
540:
541: for (Iterator e = gl.searchAndRetrieveList("Descrip")
542: .iterator(); e.hasNext();) {
543: oneGroup = (UserGroup) e.next();
544: vg.addElement(new ValidValue(oneGroup
545: .getField("GroupName"), oneGroup
546: .getField("Descrip")));
547: }
548: if (vg.size() == 0) {
549: throw new ControllerException(myName
550: + ":There are no groups " + "defined.");
551: }
552:
553: chooseGroup.setValidValues(vg);
554: myResponse.addInput(chooseGroup);
555:
556: /* ..and a schema */
557: Input chooseSchema = new Input();
558: chooseSchema.setLabel("Choose Schema");
559: chooseSchema.setName("SchemaClass");
560:
561: Vector v2 = new Vector(2);
562: v2.addElement(new ValidValue("com.jcorporate.expresso."
563: + "core.ExpressoSchema", "General"));
564:
565: SchemaList sl = new SchemaList(
566: SecuredDBObject.SYSTEM_ACCOUNT);
567: sl.setDataContext(params.getDataContext());
568:
569: SchemaList oneSchema = null;
570:
571: for (Iterator e = sl.searchAndRetrieveList("Descrip")
572: .iterator(); e.hasNext();) {
573: oneSchema = (SchemaList) e.next();
574: v2.addElement(new ValidValue(oneSchema
575: .getField("SchemaClass"), oneSchema
576: .getField("Descrip")));
577: }
578:
579: chooseSchema.setValidValues(v2);
580: myResponse.addInput(chooseSchema);
581:
582: /* now the actions */
583: Transition doDBObj = new Transition("Set Security",
584: getClass().getName());
585: doDBObj.setName("adminDBobj");
586: doDBObj.addParam(STATE_PARAM_KEY, "dbobjmatrix");
587: myResponse.addTransition(doDBObj);
588: } catch (DBException de) {
589: throw new ControllerException(de.getMessage());
590: }
591: } /* promptState() */
592:
593: /**
594: * Return a hash of existing security info
595: *
596: * @param params the ControllerRequest object
597: * @return java.util.Hashtable
598: */
599: private Hashtable readSecurity(ControllerRequest params)
600: throws ControllerException {
601: Hashtable h = new Hashtable(4);
602:
603: try {
604: DBObject oneDBObj = null;
605: DBObjSecurity secur = new DBObjSecurity(
606: SecuredDBObject.SYSTEM_ACCOUNT);
607: secur.setDataContext(params.getDataContext());
608:
609: CurrentSecurity oneSec;
610:
611: for (Enumeration e = getSchemaObject(params).getMembers(); e
612: .hasMoreElements();) {
613: oneSec = new CurrentSecurity();
614: oneDBObj = (DBObject) e.nextElement();
615: secur.clear();
616: secur.setField("DBObjectName", oneDBObj.getClass()
617: .getName());
618: secur.setField("GroupName", params
619: .getParameter("GroupName"));
620: oneSec.description = oneDBObj.getMetaData()
621: .getDescription(params.getLocale());
622: secur.setField("MethodCode", SecuredDBObject.ADD);
623:
624: if (secur.find()) {
625: oneSec.addAllowed = true;
626: }
627:
628: secur.setField("MethodCode", SecuredDBObject.SEARCH);
629:
630: if (secur.find()) {
631: oneSec.searchAllowed = true;
632: }
633:
634: secur.setField("MethodCode", SecuredDBObject.UPDATE);
635:
636: if (secur.find()) {
637: oneSec.updateAllowed = true;
638: }
639:
640: secur.setField("MethodCode", SecuredDBObject.DELETE);
641:
642: if (secur.find()) {
643: oneSec.deleteAllowed = true;
644: }
645:
646: h.put(secur.getField("DBObjectName"), oneSec);
647: }
648:
649: return h;
650: } catch (DBException de) {
651: throw new ControllerException(de.getMessage());
652: }
653: } /* readSecurity() */
654:
655: } /* DBSecurityMatrix */
|