0001: package org.apache.turbine.services.security;
0002:
0003: /*
0004: * Copyright 2001-2005 The Apache Software Foundation.
0005: *
0006: * Licensed under the Apache License, Version 2.0 (the "License")
0007: * you may not use this file except in compliance with the License.
0008: * You may obtain a copy of the License at
0009: *
0010: * http://www.apache.org/licenses/LICENSE-2.0
0011: *
0012: * Unless required by applicable law or agreed to in writing, software
0013: * distributed under the License is distributed on an "AS IS" BASIS,
0014: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
0015: * See the License for the specific language governing permissions and
0016: * limitations under the License.
0017: */
0018:
0019: import java.util.List;
0020: import java.util.Map;
0021:
0022: import javax.servlet.ServletConfig;
0023:
0024: import org.apache.commons.configuration.Configuration;
0025:
0026: import org.apache.commons.lang.StringUtils;
0027:
0028: import org.apache.commons.logging.Log;
0029: import org.apache.commons.logging.LogFactory;
0030:
0031: import org.apache.torque.util.Criteria;
0032:
0033: import org.apache.turbine.om.security.Group;
0034: import org.apache.turbine.om.security.Permission;
0035: import org.apache.turbine.om.security.Role;
0036: import org.apache.turbine.om.security.User;
0037: import org.apache.turbine.services.InitializationException;
0038: import org.apache.turbine.services.TurbineBaseService;
0039: import org.apache.turbine.services.TurbineServices;
0040: import org.apache.turbine.services.crypto.CryptoAlgorithm;
0041: import org.apache.turbine.services.crypto.CryptoService;
0042: import org.apache.turbine.services.crypto.TurbineCrypto;
0043: import org.apache.turbine.services.factory.FactoryService;
0044: import org.apache.turbine.util.security.AccessControlList;
0045: import org.apache.turbine.util.security.DataBackendException;
0046: import org.apache.turbine.util.security.EntityExistsException;
0047: import org.apache.turbine.util.security.GroupSet;
0048: import org.apache.turbine.util.security.PasswordMismatchException;
0049: import org.apache.turbine.util.security.PermissionSet;
0050: import org.apache.turbine.util.security.RoleSet;
0051: import org.apache.turbine.util.security.UnknownEntityException;
0052:
0053: /**
0054: * This is a common subset of SecurityService implementation.
0055: *
0056: * Provided functionality includes:
0057: * <ul>
0058: * <li> methods for retrieving User objects, that delegates functionality
0059: * to the pluggable implementations of the User interface.
0060: * <li> synchronization mechanism for methods reading/modifying the security
0061: * information, that guarantees that multiple threads may read the
0062: * information concurrently, but threads that modify the information
0063: * acquires exclusive access.
0064: * <li> implementation of convenience methods for retrieving security entities
0065: * that maintain in-memory caching of objects for fast access.
0066: * </ul>
0067: *
0068: * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a>
0069: * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
0070: * @author <a href="mailto:marco@intermeta.de">Marco Knüttel</a>
0071: * @author <a href="mailto:quintonm@bellsouth.net">Quinton McCombs</a>
0072: * @version $Id: BaseSecurityService.java 264148 2005-08-29 14:21:04Z henning $
0073: */
0074: public abstract class BaseSecurityService extends TurbineBaseService
0075: implements SecurityService {
0076: /** The number of threads concurrently reading security information */
0077: private int readerCount = 0;
0078:
0079: /** The instance of UserManager the SecurityService uses */
0080: private UserManager userManager = null;
0081:
0082: /** The class of User the SecurityService uses */
0083: private Class userClass = null;
0084:
0085: /** The class of Group the SecurityService uses */
0086: private Class groupClass = null;
0087:
0088: /** The class of Permission the SecurityService uses */
0089: private Class permissionClass = null;
0090:
0091: /** The class of Role the SecurityService uses */
0092: private Class roleClass = null;
0093:
0094: /** The class of ACL the SecurityService uses */
0095: private Class aclClass = null;
0096:
0097: /** A factory to construct ACL Objects */
0098: private FactoryService aclFactoryService = null;
0099:
0100: /**
0101: * The Group object that represents the <a href="#global">global group</a>.
0102: */
0103: private static Group globalGroup = null;
0104:
0105: /** Logging */
0106: private static Log log = LogFactory
0107: .getLog(BaseSecurityService.class);
0108:
0109: /**
0110: * This method provides client-side encryption of passwords.
0111: *
0112: * If <code>secure.passwords</code> are enabled in TurbineResources,
0113: * the password will be encrypted, if not, it will be returned unchanged.
0114: * The <code>secure.passwords.algorithm</code> property can be used
0115: * to chose which digest algorithm should be used for performing the
0116: * encryption. <code>SHA</code> is used by default.
0117: *
0118: * @param password the password to process
0119: * @return processed password
0120: */
0121: public String encryptPassword(String password) {
0122: return encryptPassword(password, null);
0123: }
0124:
0125: /**
0126: * This method provides client-side encryption of passwords.
0127: *
0128: * If <code>secure.passwords</code> are enabled in TurbineResources,
0129: * the password will be encrypted, if not, it will be returned unchanged.
0130: * The <code>secure.passwords.algorithm</code> property can be used
0131: * to chose which digest algorithm should be used for performing the
0132: * encryption. <code>SHA</code> is used by default.
0133: *
0134: * The used algorithms must be prepared to accept null as a
0135: * valid parameter for salt. All algorithms in the Fulcrum Cryptoservice
0136: * accept this.
0137: *
0138: * @param password the password to process
0139: * @param salt algorithms that needs a salt can provide one here
0140: * @return processed password
0141: */
0142:
0143: public String encryptPassword(String password, String salt) {
0144: if (password == null) {
0145: return null;
0146: }
0147: String secure = getConfiguration().getString(
0148: SecurityService.SECURE_PASSWORDS_KEY,
0149: SecurityService.SECURE_PASSWORDS_DEFAULT).toLowerCase();
0150:
0151: String algorithm = getConfiguration().getString(
0152: SecurityService.SECURE_PASSWORDS_ALGORITHM_KEY,
0153: SecurityService.SECURE_PASSWORDS_ALGORITHM_DEFAULT);
0154:
0155: CryptoService cs = TurbineCrypto.getService();
0156:
0157: if (cs != null
0158: && (secure.equals("true") || secure.equals("yes"))) {
0159: try {
0160: CryptoAlgorithm ca = cs.getCryptoAlgorithm(algorithm);
0161:
0162: ca.setSeed(salt);
0163:
0164: String result = ca.encrypt(password);
0165:
0166: return result;
0167: } catch (Exception e) {
0168: log.error("Unable to encrypt password: ", e);
0169:
0170: return null;
0171: }
0172: } else {
0173: return password;
0174: }
0175: }
0176:
0177: /**
0178: * Checks if a supplied password matches the encrypted password
0179: *
0180: * @param checkpw The clear text password supplied by the user
0181: * @param encpw The current, encrypted password
0182: *
0183: * @return true if the password matches, else false
0184: *
0185: */
0186:
0187: public boolean checkPassword(String checkpw, String encpw) {
0188: String result = encryptPassword(checkpw, encpw);
0189:
0190: return (result == null) ? false : result.equals(encpw);
0191: }
0192:
0193: /**
0194: * Initializes the SecurityService, locating the apropriate UserManager
0195: * This is a zero parameter variant which queries the Turbine Servlet
0196: * for its config.
0197: *
0198: * @throws InitializationException Something went wrong in the init stage
0199: */
0200: public void init() throws InitializationException {
0201: Configuration conf = getConfiguration();
0202:
0203: String userManagerClassName = conf.getString(
0204: SecurityService.USER_MANAGER_KEY,
0205: SecurityService.USER_MANAGER_DEFAULT);
0206:
0207: String userClassName = conf.getString(
0208: SecurityService.USER_CLASS_KEY,
0209: SecurityService.USER_CLASS_DEFAULT);
0210:
0211: String groupClassName = conf.getString(
0212: SecurityService.GROUP_CLASS_KEY,
0213: SecurityService.GROUP_CLASS_DEFAULT);
0214:
0215: String permissionClassName = conf.getString(
0216: SecurityService.PERMISSION_CLASS_KEY,
0217: SecurityService.PERMISSION_CLASS_DEFAULT);
0218:
0219: String roleClassName = conf.getString(
0220: SecurityService.ROLE_CLASS_KEY,
0221: SecurityService.ROLE_CLASS_DEFAULT);
0222:
0223: String aclClassName = conf.getString(
0224: SecurityService.ACL_CLASS_KEY,
0225: SecurityService.ACL_CLASS_DEFAULT);
0226:
0227: try {
0228: userClass = Class.forName(userClassName);
0229: groupClass = Class.forName(groupClassName);
0230: permissionClass = Class.forName(permissionClassName);
0231: roleClass = Class.forName(roleClassName);
0232: aclClass = Class.forName(aclClassName);
0233: } catch (Exception e) {
0234: if (userClass == null) {
0235: throw new InitializationException(
0236: "Failed to create a Class object for User implementation",
0237: e);
0238: }
0239: if (groupClass == null) {
0240: throw new InitializationException(
0241: "Failed to create a Class object for Group implementation",
0242: e);
0243: }
0244: if (permissionClass == null) {
0245: throw new InitializationException(
0246: "Failed to create a Class object for Permission implementation",
0247: e);
0248: }
0249: if (roleClass == null) {
0250: throw new InitializationException(
0251: "Failed to create a Class object for Role implementation",
0252: e);
0253: }
0254: if (aclClass == null) {
0255: throw new InitializationException(
0256: "Failed to create a Class object for ACL implementation",
0257: e);
0258: }
0259: }
0260:
0261: try {
0262: UserManager userManager = (UserManager) Class.forName(
0263: userManagerClassName).newInstance();
0264:
0265: userManager.init(conf);
0266:
0267: setUserManager(userManager);
0268: } catch (Exception e) {
0269: throw new InitializationException(
0270: "Failed to instantiate UserManager", e);
0271: }
0272:
0273: try {
0274: aclFactoryService = (FactoryService) TurbineServices
0275: .getInstance().getService(
0276: FactoryService.SERVICE_NAME);
0277: } catch (Exception e) {
0278: throw new InitializationException(
0279: "BaseSecurityService.init: Failed to get the Factory Service object",
0280: e);
0281: }
0282:
0283: setInit(true);
0284: }
0285:
0286: /**
0287: * Initializes the SecurityService, locating the apropriate UserManager
0288: *
0289: * @param config a ServletConfig, to enforce early initialization
0290: * @throws InitializationException Something went wrong in the init stage
0291: * @deprecated use init() instead.
0292: */
0293: public void init(ServletConfig config)
0294: throws InitializationException {
0295: init();
0296: }
0297:
0298: /**
0299: * Return a Class object representing the system's chosen implementation of
0300: * of User interface.
0301: *
0302: * @return systems's chosen implementation of User interface.
0303: * @throws UnknownEntityException if the implementation of User interface
0304: * could not be determined, or does not exist.
0305: */
0306: public Class getUserClass() throws UnknownEntityException {
0307: if (userClass == null) {
0308: throw new UnknownEntityException(
0309: "Failed to create a Class object for User implementation");
0310: }
0311: return userClass;
0312: }
0313:
0314: /**
0315: * Construct a blank User object.
0316: *
0317: * This method calls getUserClass, and then creates a new object using
0318: * the default constructor.
0319: *
0320: * @return an object implementing User interface.
0321: * @throws UnknownEntityException if the object could not be instantiated.
0322: */
0323: public User getUserInstance() throws UnknownEntityException {
0324: User user;
0325: try {
0326: user = (User) getUserClass().newInstance();
0327: } catch (Exception e) {
0328: throw new UnknownEntityException(
0329: "Failed instantiate an User implementation object",
0330: e);
0331: }
0332: return user;
0333: }
0334:
0335: /**
0336: * Construct a blank User object.
0337: *
0338: * This method calls getUserClass, and then creates a new object using
0339: * the default constructor.
0340: *
0341: * @param userName The name of the user.
0342: *
0343: * @return an object implementing User interface.
0344: *
0345: * @throws UnknownEntityException if the object could not be instantiated.
0346: */
0347: public User getUserInstance(String userName)
0348: throws UnknownEntityException {
0349: User user = getUserInstance();
0350: user.setName(userName);
0351: return user;
0352: }
0353:
0354: /**
0355: * Return a Class object representing the system's chosen implementation of
0356: * of Group interface.
0357: *
0358: * @return systems's chosen implementation of Group interface.
0359: * @throws UnknownEntityException if the implementation of Group interface
0360: * could not be determined, or does not exist.
0361: */
0362: public Class getGroupClass() throws UnknownEntityException {
0363: if (groupClass == null) {
0364: throw new UnknownEntityException(
0365: "Failed to create a Class object for Group implementation");
0366: }
0367: return groupClass;
0368: }
0369:
0370: /**
0371: * Construct a blank Group object.
0372: *
0373: * This method calls getGroupClass, and then creates a new object using
0374: * the default constructor.
0375: *
0376: * @return an object implementing Group interface.
0377: * @throws UnknownEntityException if the object could not be instantiated.
0378: */
0379: public Group getGroupInstance() throws UnknownEntityException {
0380: Group group;
0381: try {
0382: group = (Group) getGroupClass().newInstance();
0383: } catch (Exception e) {
0384: throw new UnknownEntityException(
0385: "Failed to instantiate a Group implementation object",
0386: e);
0387: }
0388: return group;
0389: }
0390:
0391: /**
0392: * Construct a blank Group object.
0393: *
0394: * This method calls getGroupClass, and then creates a new object using
0395: * the default constructor.
0396: *
0397: * @param groupName The name of the Group
0398: *
0399: * @return an object implementing Group interface.
0400: *
0401: * @throws UnknownEntityException if the object could not be instantiated.
0402: */
0403: public Group getGroupInstance(String groupName)
0404: throws UnknownEntityException {
0405: Group group = getGroupInstance();
0406: group.setName(groupName);
0407: return group;
0408: }
0409:
0410: /**
0411: * Return a Class object representing the system's chosen implementation of
0412: * of Permission interface.
0413: *
0414: * @return systems's chosen implementation of Permission interface.
0415: * @throws UnknownEntityException if the implementation of Permission interface
0416: * could not be determined, or does not exist.
0417: */
0418: public Class getPermissionClass() throws UnknownEntityException {
0419: if (permissionClass == null) {
0420: throw new UnknownEntityException(
0421: "Failed to create a Class object for Permission implementation");
0422: }
0423: return permissionClass;
0424: }
0425:
0426: /**
0427: * Construct a blank Permission object.
0428: *
0429: * This method calls getPermissionClass, and then creates a new object using
0430: * the default constructor.
0431: *
0432: * @return an object implementing Permission interface.
0433: * @throws UnknownEntityException if the object could not be instantiated.
0434: */
0435: public Permission getPermissionInstance()
0436: throws UnknownEntityException {
0437: Permission permission;
0438: try {
0439: permission = (Permission) getPermissionClass()
0440: .newInstance();
0441: } catch (Exception e) {
0442: throw new UnknownEntityException(
0443: "Failed to instantiate a Permission implementation object",
0444: e);
0445: }
0446: return permission;
0447: }
0448:
0449: /**
0450: * Construct a blank Permission object.
0451: *
0452: * This method calls getPermissionClass, and then creates a new object using
0453: * the default constructor.
0454: *
0455: * @param permName The name of the permission.
0456: *
0457: * @return an object implementing Permission interface.
0458: * @throws UnknownEntityException if the object could not be instantiated.
0459: */
0460: public Permission getPermissionInstance(String permName)
0461: throws UnknownEntityException {
0462: Permission perm = getPermissionInstance();
0463: perm.setName(permName);
0464: return perm;
0465: }
0466:
0467: /**
0468: * Return a Class object representing the system's chosen implementation of
0469: * of Role interface.
0470: *
0471: * @return systems's chosen implementation of Role interface.
0472: * @throws UnknownEntityException if the implementation of Role interface
0473: * could not be determined, or does not exist.
0474: */
0475: public Class getRoleClass() throws UnknownEntityException {
0476: if (roleClass == null) {
0477: throw new UnknownEntityException(
0478: "Failed to create a Class object for Role implementation");
0479: }
0480: return roleClass;
0481: }
0482:
0483: /**
0484: * Construct a blank Role object.
0485: *
0486: * This method calls getRoleClass, and then creates a new object using
0487: * the default constructor.
0488: *
0489: * @return an object implementing Role interface.
0490: * @throws UnknownEntityException if the object could not be instantiated.
0491: */
0492: public Role getRoleInstance() throws UnknownEntityException {
0493: Role role;
0494:
0495: try {
0496: role = (Role) getRoleClass().newInstance();
0497: } catch (Exception e) {
0498: throw new UnknownEntityException(
0499: "Failed to instantiate a Role implementation object",
0500: e);
0501: }
0502: return role;
0503: }
0504:
0505: /**
0506: * Construct a blank Role object.
0507: *
0508: * This method calls getRoleClass, and then creates a new object using
0509: * the default constructor.
0510: *
0511: * @param roleName The name of the role.
0512: *
0513: * @return an object implementing Role interface.
0514: *
0515: * @throws UnknownEntityException if the object could not be instantiated.
0516: */
0517: public Role getRoleInstance(String roleName)
0518: throws UnknownEntityException {
0519: Role role = getRoleInstance();
0520: role.setName(roleName);
0521: return role;
0522: }
0523:
0524: /**
0525: * Return a Class object representing the system's chosen implementation of
0526: * of ACL interface.
0527: *
0528: * @return systems's chosen implementation of ACL interface.
0529: * @throws UnknownEntityException if the implementation of ACL interface
0530: * could not be determined, or does not exist.
0531: */
0532: public Class getAclClass() throws UnknownEntityException {
0533: if (aclClass == null) {
0534: throw new UnknownEntityException(
0535: "Failed to create a Class object for ACL implementation");
0536: }
0537: return aclClass;
0538: }
0539:
0540: /**
0541: * Construct a new ACL object.
0542: *
0543: * This constructs a new ACL object from the configured class and
0544: * initializes it with the supplied roles and permissions.
0545: *
0546: * @param roles The roles that this ACL should contain
0547: * @param permissions The permissions for this ACL
0548: *
0549: * @return an object implementing ACL interface.
0550: * @throws UnknownEntityException if the object could not be instantiated.
0551: */
0552: public AccessControlList getAclInstance(Map roles, Map permissions)
0553: throws UnknownEntityException {
0554: Object[] objects = { roles, permissions };
0555: String[] signatures = { Map.class.getName(),
0556: Map.class.getName() };
0557: AccessControlList accessControlList;
0558:
0559: try {
0560: accessControlList = (AccessControlList) aclFactoryService
0561: .getInstance(aclClass.getName(), objects,
0562: signatures);
0563: } catch (Exception e) {
0564: throw new UnknownEntityException(
0565: "Failed to instantiate an ACL implementation object",
0566: e);
0567: }
0568:
0569: return accessControlList;
0570: }
0571:
0572: /**
0573: * Returns the configured UserManager.
0574: *
0575: * @return An UserManager object
0576: */
0577: public UserManager getUserManager() {
0578: return userManager;
0579: }
0580:
0581: /**
0582: * Configure a new user Manager.
0583: *
0584: * @param userManager An UserManager object
0585: */
0586: public void setUserManager(UserManager userManager) {
0587: this .userManager = userManager;
0588: }
0589:
0590: /**
0591: * Check whether a specified user's account exists.
0592: *
0593: * The login name is used for looking up the account.
0594: *
0595: * @param user The user to be checked.
0596: * @return true if the specified account exists
0597: * @throws DataBackendException if there was an error accessing the data
0598: * backend.
0599: */
0600: public boolean accountExists(User user) throws DataBackendException {
0601: return getUserManager().accountExists(user);
0602: }
0603:
0604: /**
0605: * Check whether a specified user's account exists.
0606: *
0607: * The login name is used for looking up the account.
0608: *
0609: * @param userName The name of the user to be checked.
0610: * @return true if the specified account exists
0611: * @throws DataBackendException if there was an error accessing the data
0612: * backend.
0613: */
0614: public boolean accountExists(String userName)
0615: throws DataBackendException {
0616: return getUserManager().accountExists(userName);
0617: }
0618:
0619: /**
0620: * Authenticates an user, and constructs an User object to represent
0621: * him/her.
0622: *
0623: * @param username The user name.
0624: * @param password The user password.
0625: * @return An authenticated Turbine User.
0626: * @throws PasswordMismatchException if the supplied password was incorrect.
0627: * @throws UnknownEntityException if the user's account does not
0628: * exist in the database.
0629: * @throws DataBackendException if there is a problem accessing the storage.
0630: */
0631: public User getAuthenticatedUser(String username, String password)
0632: throws DataBackendException, UnknownEntityException,
0633: PasswordMismatchException {
0634: return getUserManager().retrieve(username, password);
0635: }
0636:
0637: /**
0638: * Constructs an User object to represent a registered user of the
0639: * application.
0640: *
0641: * @param username The user name.
0642: * @return A Turbine User.
0643: * @throws UnknownEntityException if the user's account does not exist
0644: * @throws DataBackendException if there is a problem accessing the storage.
0645: */
0646: public User getUser(String username) throws DataBackendException,
0647: UnknownEntityException {
0648: return getUserManager().retrieve(username);
0649: }
0650:
0651: /**
0652: * Retrieve a set of users that meet the specified criteria.
0653: *
0654: * As the keys for the criteria, you should use the constants that
0655: * are defined in {@link User} interface, plus the names
0656: * of the custom attributes you added to your user representation
0657: * in the data storage. Use verbatim names of the attributes -
0658: * without table name prefix in case of DB implementation.
0659: *
0660: * @param criteria The criteria of selection.
0661: * @return a List of users meeting the criteria.
0662: * @throws DataBackendException if there is a problem accessing the
0663: * storage.
0664: * @deprecated Use <a href="#getUserList">getUserList</a> instead.
0665: */
0666: public User[] getUsers(Criteria criteria)
0667: throws DataBackendException {
0668: return (User[]) getUserList(criteria).toArray(new User[0]);
0669: }
0670:
0671: /**
0672: * Retrieve a set of users that meet the specified criteria.
0673: *
0674: * As the keys for the criteria, you should use the constants that
0675: * are defined in {@link User} interface, plus the names
0676: * of the custom attributes you added to your user representation
0677: * in the data storage. Use verbatim names of the attributes -
0678: * without table name prefix in case of DB implementation.
0679: *
0680: * @param criteria The criteria of selection.
0681: * @return a List of users meeting the criteria.
0682: * @throws DataBackendException if there is a problem accessing the
0683: * storage.
0684: */
0685: public List getUserList(Criteria criteria)
0686: throws DataBackendException {
0687: return getUserManager().retrieveList(criteria);
0688: }
0689:
0690: /**
0691: * Constructs an User object to represent an anonymous user of the
0692: * application.
0693: *
0694: * @return An anonymous Turbine User.
0695: * @throws UnknownEntityException if the implementation of User interface
0696: * could not be determined, or does not exist.
0697: */
0698: public User getAnonymousUser() throws UnknownEntityException {
0699: User user = getUserInstance();
0700: user.setName("");
0701: return user;
0702: }
0703:
0704: /**
0705: * Checks whether a passed user object matches the anonymous user pattern
0706: * according to the configured user manager
0707: *
0708: * @param user An user object
0709: *
0710: * @return True if this is an anonymous user
0711: *
0712: */
0713: public boolean isAnonymousUser(User user) {
0714: // Either just null, the name is null or the name is the empty string
0715: return (user == null) || StringUtils.isEmpty(user.getName());
0716: }
0717:
0718: /**
0719: * Saves User's data in the permanent storage. The user account is required
0720: * to exist in the storage.
0721: *
0722: * @param user the User object to save
0723: * @throws UnknownEntityException if the user's account does not
0724: * exist in the database.
0725: * @throws DataBackendException if there is a problem accessing the storage.
0726: */
0727: public void saveUser(User user) throws UnknownEntityException,
0728: DataBackendException {
0729: getUserManager().store(user);
0730: }
0731:
0732: /**
0733: * Saves User data when the session is unbound. The user account is required
0734: * to exist in the storage.
0735: *
0736: * LastLogin, AccessCounter, persistent pull tools, and any data stored
0737: * in the permData hashtable that is not mapped to a column will be saved.
0738: *
0739: * @exception UnknownEntityException if the user's account does not
0740: * exist in the database.
0741: * @exception DataBackendException if there is a problem accessing the
0742: * storage.
0743: */
0744: public void saveOnSessionUnbind(User user)
0745: throws UnknownEntityException, DataBackendException {
0746: userManager.saveOnSessionUnbind(user);
0747: }
0748:
0749: /**
0750: * Creates new user account with specified attributes.
0751: *
0752: * @param user the object describing account to be created.
0753: * @param password The password to use for the account.
0754: *
0755: * @throws DataBackendException if there was an error accessing the
0756: * data backend.
0757: * @throws EntityExistsException if the user account already exists.
0758: */
0759: public void addUser(User user, String password)
0760: throws DataBackendException, EntityExistsException {
0761: getUserManager().createAccount(user, password);
0762: }
0763:
0764: /**
0765: * Removes an user account from the system.
0766: *
0767: * @param user the object describing the account to be removed.
0768: * @throws DataBackendException if there was an error accessing the data
0769: * backend.
0770: * @throws UnknownEntityException if the user account is not present.
0771: */
0772: public void removeUser(User user) throws DataBackendException,
0773: UnknownEntityException {
0774: // revoke all roles form the user
0775: revokeAll(user);
0776:
0777: getUserManager().removeAccount(user);
0778: }
0779:
0780: /**
0781: * Change the password for an User.
0782: *
0783: * @param user an User to change password for.
0784: * @param oldPassword the current password supplied by the user.
0785: * @param newPassword the current password requested by the user.
0786: * @throws PasswordMismatchException if the supplied password was incorrect.
0787: * @throws UnknownEntityException if the user's record does not
0788: * exist in the database.
0789: * @throws DataBackendException if there is a problem accessing the storage.
0790: */
0791: public void changePassword(User user, String oldPassword,
0792: String newPassword) throws PasswordMismatchException,
0793: UnknownEntityException, DataBackendException {
0794: getUserManager().changePassword(user, oldPassword, newPassword);
0795: }
0796:
0797: /**
0798: * Forcibly sets new password for an User.
0799: *
0800: * This is supposed by the administrator to change the forgotten or
0801: * compromised passwords. Certain implementatations of this feature
0802: * would require administrative level access to the authenticating
0803: * server / program.
0804: *
0805: * @param user an User to change password for.
0806: * @param password the new password.
0807: * @throws UnknownEntityException if the user's record does not
0808: * exist in the database.
0809: * @throws DataBackendException if there is a problem accessing the storage.
0810: */
0811: public void forcePassword(User user, String password)
0812: throws UnknownEntityException, DataBackendException {
0813: getUserManager().forcePassword(user, password);
0814: }
0815:
0816: /**
0817: * Acquire a shared lock on the security information repository.
0818: *
0819: * Methods that read security information need to invoke this
0820: * method at the beginning of their body.
0821: */
0822: protected synchronized void lockShared() {
0823: readerCount++;
0824: }
0825:
0826: /**
0827: * Release a shared lock on the security information repository.
0828: *
0829: * Methods that read security information need to invoke this
0830: * method at the end of their body.
0831: */
0832: protected synchronized void unlockShared() {
0833: readerCount--;
0834: this .notify();
0835: }
0836:
0837: /**
0838: * Acquire an exclusive lock on the security information repository.
0839: *
0840: * Methods that modify security information need to invoke this
0841: * method at the beginning of their body. Note! Those methods must
0842: * be <code>synchronized</code> themselves!
0843: */
0844: protected void lockExclusive() {
0845: while (readerCount > 0) {
0846: try {
0847: this .wait();
0848: } catch (InterruptedException e) {
0849: }
0850: }
0851: }
0852:
0853: /**
0854: * Release an exclusive lock on the security information repository.
0855: *
0856: * This method is provided only for completeness. It does not really
0857: * do anything. Note! Methods that modify security information
0858: * must be <code>synchronized</code>!
0859: */
0860: protected void unlockExclusive() {
0861: // do nothing
0862: }
0863:
0864: /**
0865: * Provides a reference to the Group object that represents the
0866: * <a href="#global">global group</a>.
0867: *
0868: * @return a Group object that represents the global group.
0869: */
0870: public Group getGlobalGroup() {
0871: if (globalGroup == null) {
0872: synchronized (BaseSecurityService.class) {
0873: if (globalGroup == null) {
0874: try {
0875: globalGroup = getAllGroups().getGroupByName(
0876: Group.GLOBAL_GROUP_NAME);
0877: } catch (DataBackendException e) {
0878: log
0879: .error(
0880: "Failed to retrieve global group object: ",
0881: e);
0882: }
0883: }
0884: }
0885: }
0886: return globalGroup;
0887: }
0888:
0889: /**
0890: * Retrieve a Group object with specified name.
0891: *
0892: * @param name the name of the Group.
0893: * @return an object representing the Group with specified name.
0894: * @throws DataBackendException if there was an error accessing the
0895: * data backend.
0896: * @throws UnknownEntityException if the group does not exist.
0897: * @deprecated Use <a href="#getGroupByName">getGroupByName</a> instead.
0898: */
0899: public Group getGroup(String name) throws DataBackendException,
0900: UnknownEntityException {
0901: return getGroupByName(name);
0902: }
0903:
0904: /**
0905: * Retrieve a Group object with specified name.
0906: *
0907: * @param name the name of the Group.
0908: * @return an object representing the Group with specified name.
0909: * @throws DataBackendException if there was an error accessing the
0910: * data backend.
0911: * @throws UnknownEntityException if the group does not exist.
0912: */
0913: public Group getGroupByName(String name)
0914: throws DataBackendException, UnknownEntityException {
0915: Group group = getAllGroups().getGroupByName(name);
0916: if (group == null) {
0917: throw new UnknownEntityException(
0918: "The specified group does not exist");
0919: }
0920: return group;
0921: }
0922:
0923: /**
0924: * Retrieve a Group object with specified Id.
0925: *
0926: * @param id the id of the Group.
0927: * @return an object representing the Group with specified name.
0928: * @throws UnknownEntityException if the permission does not
0929: * exist in the database.
0930: * @throws DataBackendException if there is a problem accessing the
0931: * storage.
0932: */
0933: public Group getGroupById(int id) throws DataBackendException,
0934: UnknownEntityException {
0935: Group group = getAllGroups().getGroupById(id);
0936: if (group == null) {
0937: throw new UnknownEntityException(
0938: "The specified group does not exist");
0939: }
0940: return group;
0941: }
0942:
0943: /**
0944: * Retrieve a Role object with specified name.
0945: *
0946: * @param name the name of the Role.
0947: * @return an object representing the Role with specified name.
0948: * @throws DataBackendException if there was an error accessing the
0949: * data backend.
0950: * @throws UnknownEntityException if the role does not exist.
0951: * @deprecated Use <a href="#getRoleByName">getRoleByName</a> instead.
0952: */
0953: public Role getRole(String name) throws DataBackendException,
0954: UnknownEntityException {
0955: return getRoleByName(name);
0956: }
0957:
0958: /**
0959: * Retrieve a Role object with specified name.
0960: *
0961: * @param name the name of the Role.
0962: * @return an object representing the Role with specified name.
0963: * @throws DataBackendException if there was an error accessing the
0964: * data backend.
0965: * @throws UnknownEntityException if the role does not exist.
0966: */
0967: public Role getRoleByName(String name) throws DataBackendException,
0968: UnknownEntityException {
0969: Role role = getAllRoles().getRoleByName(name);
0970: if (role == null) {
0971: throw new UnknownEntityException(
0972: "The specified role does not exist");
0973: }
0974: role.setPermissions(getPermissions(role));
0975: return role;
0976: }
0977:
0978: /**
0979: * Retrieve a Role object with specified Id.
0980: * @param id the id of the Role.
0981: * @return an object representing the Role with specified name.
0982: * @throws UnknownEntityException if the permission does not
0983: * exist in the database.
0984: * @throws DataBackendException if there is a problem accessing the
0985: * storage.
0986: */
0987: public Role getRoleById(int id) throws DataBackendException,
0988: UnknownEntityException {
0989: Role role = getAllRoles().getRoleById(id);
0990: if (role == null) {
0991: throw new UnknownEntityException(
0992: "The specified role does not exist");
0993: }
0994: role.setPermissions(getPermissions(role));
0995: return role;
0996: }
0997:
0998: /**
0999: * Retrieve a Permission object with specified name.
1000: *
1001: * @param name the name of the Permission.
1002: * @return an object representing the Permission with specified name.
1003: * @throws DataBackendException if there was an error accessing the
1004: * data backend.
1005: * @throws UnknownEntityException if the permission does not exist.
1006: * @deprecated Use <a href="#getPermissionByName">getPermissionByName</a> instead.
1007: */
1008: public Permission getPermission(String name)
1009: throws DataBackendException, UnknownEntityException {
1010: return getPermissionByName(name);
1011: }
1012:
1013: /**
1014: * Retrieve a Permission object with specified name.
1015: *
1016: * @param name the name of the Permission.
1017: * @return an object representing the Permission with specified name.
1018: * @throws DataBackendException if there was an error accessing the
1019: * data backend.
1020: * @throws UnknownEntityException if the permission does not exist.
1021: */
1022: public Permission getPermissionByName(String name)
1023: throws DataBackendException, UnknownEntityException {
1024: Permission permission = getAllPermissions()
1025: .getPermissionByName(name);
1026: if (permission == null) {
1027: throw new UnknownEntityException(
1028: "The specified permission does not exist");
1029: }
1030: return permission;
1031: }
1032:
1033: /**
1034: * Retrieve a Permission object with specified Id.
1035: *
1036: * @param id the id of the Permission.
1037: * @return an object representing the Permission with specified name.
1038: * @throws UnknownEntityException if the permission does not
1039: * exist in the database.
1040: * @throws DataBackendException if there is a problem accessing the
1041: * storage.
1042: */
1043: public Permission getPermissionById(int id)
1044: throws DataBackendException, UnknownEntityException {
1045: Permission permission = getAllPermissions().getPermissionById(
1046: id);
1047: if (permission == null) {
1048: throw new UnknownEntityException(
1049: "The specified permission does not exist");
1050: }
1051: return permission;
1052: }
1053:
1054: /**
1055: * Retrieves all groups defined in the system.
1056: *
1057: * @return the names of all groups defined in the system.
1058: * @throws DataBackendException if there was an error accessing the
1059: * data backend.
1060: */
1061: public GroupSet getAllGroups() throws DataBackendException {
1062: return getGroups(new Criteria());
1063: }
1064:
1065: /**
1066: * Retrieves all roles defined in the system.
1067: *
1068: * @return the names of all roles defined in the system.
1069: * @throws DataBackendException if there was an error accessing the
1070: * data backend.
1071: */
1072: public RoleSet getAllRoles() throws DataBackendException {
1073: return getRoles(new Criteria());
1074: }
1075:
1076: /**
1077: * Retrieves all permissions defined in the system.
1078: *
1079: * @return the names of all roles defined in the system.
1080: * @throws DataBackendException if there was an error accessing the
1081: * data backend.
1082: */
1083: public PermissionSet getAllPermissions()
1084: throws DataBackendException {
1085: return getPermissions(new Criteria());
1086: }
1087:
1088: /**
1089: * @deprecated Use getGroupInstance(String name) instead.
1090: */
1091: public Group getNewGroup(String groupName) {
1092: try {
1093: return getGroupInstance(groupName);
1094: } catch (UnknownEntityException uee) {
1095: uee.printStackTrace();
1096: return null;
1097: }
1098: }
1099:
1100: /**
1101: * @deprecated Use getRoleInstance(String name) instead.
1102: */
1103: public Role getNewRole(String roleName) {
1104: try {
1105: return getRoleInstance(roleName);
1106: } catch (UnknownEntityException uee) {
1107: return null;
1108: }
1109: }
1110:
1111: /**
1112: * @deprecated Use getPermissionInstance(String name) instead.
1113: */
1114: public Permission getNewPermission(String permissionName) {
1115: try {
1116: return getPermissionInstance(permissionName);
1117: } catch (UnknownEntityException uee) {
1118: return null;
1119: }
1120: }
1121: }
|