0001: package org.apache.turbine.services.security;
0002:
0003: /*
0004: * Licensed to the Apache Software Foundation (ASF) under one
0005: * or more contributor license agreements. See the NOTICE file
0006: * distributed with this work for additional information
0007: * regarding copyright ownership. The ASF licenses this file
0008: * to you under the Apache License, Version 2.0 (the
0009: * "License"); you may not use this file except in compliance
0010: * with the License. You may obtain a copy of the License at
0011: *
0012: * http://www.apache.org/licenses/LICENSE-2.0
0013: *
0014: * Unless required by applicable law or agreed to in writing,
0015: * software distributed under the License is distributed on an
0016: * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
0017: * KIND, either express or implied. See the License for the
0018: * specific language governing permissions and limitations
0019: * under the License.
0020: */
0021:
0022: import java.util.List;
0023: import java.util.Map;
0024:
0025: import javax.servlet.ServletConfig;
0026:
0027: import org.apache.commons.configuration.Configuration;
0028:
0029: import org.apache.commons.lang.StringUtils;
0030:
0031: import org.apache.commons.logging.Log;
0032: import org.apache.commons.logging.LogFactory;
0033:
0034: import org.apache.torque.util.Criteria;
0035:
0036: import org.apache.turbine.om.security.Group;
0037: import org.apache.turbine.om.security.Permission;
0038: import org.apache.turbine.om.security.Role;
0039: import org.apache.turbine.om.security.User;
0040: import org.apache.turbine.services.InitializationException;
0041: import org.apache.turbine.services.TurbineBaseService;
0042: import org.apache.turbine.services.TurbineServices;
0043: import org.apache.turbine.services.crypto.CryptoAlgorithm;
0044: import org.apache.turbine.services.crypto.CryptoService;
0045: import org.apache.turbine.services.crypto.TurbineCrypto;
0046: import org.apache.turbine.services.factory.FactoryService;
0047: import org.apache.turbine.util.security.AccessControlList;
0048: import org.apache.turbine.util.security.DataBackendException;
0049: import org.apache.turbine.util.security.EntityExistsException;
0050: import org.apache.turbine.util.security.GroupSet;
0051: import org.apache.turbine.util.security.PasswordMismatchException;
0052: import org.apache.turbine.util.security.PermissionSet;
0053: import org.apache.turbine.util.security.RoleSet;
0054: import org.apache.turbine.util.security.UnknownEntityException;
0055:
0056: /**
0057: * This is a common subset of SecurityService implementation.
0058: *
0059: * Provided functionality includes:
0060: * <ul>
0061: * <li> methods for retrieving User objects, that delegates functionality
0062: * to the pluggable implementations of the User interface.
0063: * <li> synchronization mechanism for methods reading/modifying the security
0064: * information, that guarantees that multiple threads may read the
0065: * information concurrently, but threads that modify the information
0066: * acquires exclusive access.
0067: * <li> implementation of convenience methods for retrieving security entities
0068: * that maintain in-memory caching of objects for fast access.
0069: * </ul>
0070: *
0071: * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a>
0072: * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
0073: * @author <a href="mailto:marco@intermeta.de">Marco Knüttel</a>
0074: * @author <a href="mailto:quintonm@bellsouth.net">Quinton McCombs</a>
0075: * @version $Id: BaseSecurityService.java 534527 2007-05-02 16:10:59Z tv $
0076: */
0077: public abstract class BaseSecurityService extends TurbineBaseService
0078: implements SecurityService {
0079: /** The number of threads concurrently reading security information */
0080: private int readerCount = 0;
0081:
0082: /** The instance of UserManager the SecurityService uses */
0083: private UserManager userManager = null;
0084:
0085: /** The class of User the SecurityService uses */
0086: private Class userClass = null;
0087:
0088: /** The class of Group the SecurityService uses */
0089: private Class groupClass = null;
0090:
0091: /** The class of Permission the SecurityService uses */
0092: private Class permissionClass = null;
0093:
0094: /** The class of Role the SecurityService uses */
0095: private Class roleClass = null;
0096:
0097: /** The class of ACL the SecurityService uses */
0098: private Class aclClass = null;
0099:
0100: /** A factory to construct ACL Objects */
0101: private FactoryService aclFactoryService = null;
0102:
0103: /**
0104: * The Group object that represents the <a href="#global">global group</a>.
0105: */
0106: private static Group globalGroup = null;
0107:
0108: /** Logging */
0109: private static Log log = LogFactory
0110: .getLog(BaseSecurityService.class);
0111:
0112: /**
0113: * This method provides client-side encryption of passwords.
0114: *
0115: * If <code>secure.passwords</code> are enabled in TurbineResources,
0116: * the password will be encrypted, if not, it will be returned unchanged.
0117: * The <code>secure.passwords.algorithm</code> property can be used
0118: * to chose which digest algorithm should be used for performing the
0119: * encryption. <code>SHA</code> is used by default.
0120: *
0121: * @param password the password to process
0122: * @return processed password
0123: */
0124: public String encryptPassword(String password) {
0125: return encryptPassword(password, null);
0126: }
0127:
0128: /**
0129: * This method provides client-side encryption of passwords.
0130: *
0131: * If <code>secure.passwords</code> are enabled in TurbineResources,
0132: * the password will be encrypted, if not, it will be returned unchanged.
0133: * The <code>secure.passwords.algorithm</code> property can be used
0134: * to chose which digest algorithm should be used for performing the
0135: * encryption. <code>SHA</code> is used by default.
0136: *
0137: * The used algorithms must be prepared to accept null as a
0138: * valid parameter for salt. All algorithms in the Fulcrum Cryptoservice
0139: * accept this.
0140: *
0141: * @param password the password to process
0142: * @param salt algorithms that needs a salt can provide one here
0143: * @return processed password
0144: */
0145:
0146: public String encryptPassword(String password, String salt) {
0147: if (password == null) {
0148: return null;
0149: }
0150: String secure = getConfiguration().getString(
0151: SecurityService.SECURE_PASSWORDS_KEY,
0152: SecurityService.SECURE_PASSWORDS_DEFAULT).toLowerCase();
0153:
0154: String algorithm = getConfiguration().getString(
0155: SecurityService.SECURE_PASSWORDS_ALGORITHM_KEY,
0156: SecurityService.SECURE_PASSWORDS_ALGORITHM_DEFAULT);
0157:
0158: CryptoService cs = TurbineCrypto.getService();
0159:
0160: if (cs != null
0161: && (secure.equals("true") || secure.equals("yes"))) {
0162: try {
0163: CryptoAlgorithm ca = cs.getCryptoAlgorithm(algorithm);
0164:
0165: ca.setSeed(salt);
0166:
0167: String result = ca.encrypt(password);
0168:
0169: return result;
0170: } catch (Exception e) {
0171: log.error("Unable to encrypt password: ", e);
0172:
0173: return null;
0174: }
0175: } else {
0176: return password;
0177: }
0178: }
0179:
0180: /**
0181: * Checks if a supplied password matches the encrypted password
0182: *
0183: * @param checkpw The clear text password supplied by the user
0184: * @param encpw The current, encrypted password
0185: *
0186: * @return true if the password matches, else false
0187: *
0188: */
0189:
0190: public boolean checkPassword(String checkpw, String encpw) {
0191: String result = encryptPassword(checkpw, encpw);
0192:
0193: return (result == null) ? false : result.equals(encpw);
0194: }
0195:
0196: /**
0197: * Initializes the SecurityService, locating the apropriate UserManager
0198: * This is a zero parameter variant which queries the Turbine Servlet
0199: * for its config.
0200: *
0201: * @throws InitializationException Something went wrong in the init stage
0202: */
0203: public void init() throws InitializationException {
0204: Configuration conf = getConfiguration();
0205:
0206: String userManagerClassName = conf.getString(
0207: SecurityService.USER_MANAGER_KEY,
0208: SecurityService.USER_MANAGER_DEFAULT);
0209:
0210: String userClassName = conf.getString(
0211: SecurityService.USER_CLASS_KEY,
0212: SecurityService.USER_CLASS_DEFAULT);
0213:
0214: String groupClassName = conf.getString(
0215: SecurityService.GROUP_CLASS_KEY,
0216: SecurityService.GROUP_CLASS_DEFAULT);
0217:
0218: String permissionClassName = conf.getString(
0219: SecurityService.PERMISSION_CLASS_KEY,
0220: SecurityService.PERMISSION_CLASS_DEFAULT);
0221:
0222: String roleClassName = conf.getString(
0223: SecurityService.ROLE_CLASS_KEY,
0224: SecurityService.ROLE_CLASS_DEFAULT);
0225:
0226: String aclClassName = conf.getString(
0227: SecurityService.ACL_CLASS_KEY,
0228: SecurityService.ACL_CLASS_DEFAULT);
0229:
0230: try {
0231: userClass = Class.forName(userClassName);
0232: groupClass = Class.forName(groupClassName);
0233: permissionClass = Class.forName(permissionClassName);
0234: roleClass = Class.forName(roleClassName);
0235: aclClass = Class.forName(aclClassName);
0236: } catch (Exception e) {
0237: if (userClass == null) {
0238: throw new InitializationException(
0239: "Failed to create a Class object for User implementation",
0240: e);
0241: }
0242: if (groupClass == null) {
0243: throw new InitializationException(
0244: "Failed to create a Class object for Group implementation",
0245: e);
0246: }
0247: if (permissionClass == null) {
0248: throw new InitializationException(
0249: "Failed to create a Class object for Permission implementation",
0250: e);
0251: }
0252: if (roleClass == null) {
0253: throw new InitializationException(
0254: "Failed to create a Class object for Role implementation",
0255: e);
0256: }
0257: if (aclClass == null) {
0258: throw new InitializationException(
0259: "Failed to create a Class object for ACL implementation",
0260: e);
0261: }
0262: }
0263:
0264: try {
0265: UserManager userManager = (UserManager) Class.forName(
0266: userManagerClassName).newInstance();
0267:
0268: userManager.init(conf);
0269:
0270: setUserManager(userManager);
0271: } catch (Exception e) {
0272: throw new InitializationException(
0273: "Failed to instantiate UserManager", e);
0274: }
0275:
0276: try {
0277: aclFactoryService = (FactoryService) TurbineServices
0278: .getInstance().getService(
0279: FactoryService.SERVICE_NAME);
0280: } catch (Exception e) {
0281: throw new InitializationException(
0282: "BaseSecurityService.init: Failed to get the Factory Service object",
0283: e);
0284: }
0285:
0286: setInit(true);
0287: }
0288:
0289: /**
0290: * Initializes the SecurityService, locating the apropriate UserManager
0291: *
0292: * @param config a ServletConfig, to enforce early initialization
0293: * @throws InitializationException Something went wrong in the init stage
0294: * @deprecated use init() instead.
0295: */
0296: public void init(ServletConfig config)
0297: throws InitializationException {
0298: init();
0299: }
0300:
0301: /**
0302: * Return a Class object representing the system's chosen implementation of
0303: * of User interface.
0304: *
0305: * @return systems's chosen implementation of User interface.
0306: * @throws UnknownEntityException if the implementation of User interface
0307: * could not be determined, or does not exist.
0308: */
0309: public Class getUserClass() throws UnknownEntityException {
0310: if (userClass == null) {
0311: throw new UnknownEntityException(
0312: "Failed to create a Class object for User implementation");
0313: }
0314: return userClass;
0315: }
0316:
0317: /**
0318: * Construct a blank User object.
0319: *
0320: * This method calls getUserClass, and then creates a new object using
0321: * the default constructor.
0322: *
0323: * @return an object implementing User interface.
0324: * @throws UnknownEntityException if the object could not be instantiated.
0325: */
0326: public User getUserInstance() throws UnknownEntityException {
0327: User user;
0328: try {
0329: user = (User) getUserClass().newInstance();
0330: } catch (Exception e) {
0331: throw new UnknownEntityException(
0332: "Failed instantiate an User implementation object",
0333: e);
0334: }
0335: return user;
0336: }
0337:
0338: /**
0339: * Construct a blank User object.
0340: *
0341: * This method calls getUserClass, and then creates a new object using
0342: * the default constructor.
0343: *
0344: * @param userName The name of the user.
0345: *
0346: * @return an object implementing User interface.
0347: *
0348: * @throws UnknownEntityException if the object could not be instantiated.
0349: */
0350: public User getUserInstance(String userName)
0351: throws UnknownEntityException {
0352: User user = getUserInstance();
0353: user.setName(userName);
0354: return user;
0355: }
0356:
0357: /**
0358: * Return a Class object representing the system's chosen implementation of
0359: * of Group interface.
0360: *
0361: * @return systems's chosen implementation of Group interface.
0362: * @throws UnknownEntityException if the implementation of Group interface
0363: * could not be determined, or does not exist.
0364: */
0365: public Class getGroupClass() throws UnknownEntityException {
0366: if (groupClass == null) {
0367: throw new UnknownEntityException(
0368: "Failed to create a Class object for Group implementation");
0369: }
0370: return groupClass;
0371: }
0372:
0373: /**
0374: * Construct a blank Group object.
0375: *
0376: * This method calls getGroupClass, and then creates a new object using
0377: * the default constructor.
0378: *
0379: * @return an object implementing Group interface.
0380: * @throws UnknownEntityException if the object could not be instantiated.
0381: */
0382: public Group getGroupInstance() throws UnknownEntityException {
0383: Group group;
0384: try {
0385: group = (Group) getGroupClass().newInstance();
0386: } catch (Exception e) {
0387: throw new UnknownEntityException(
0388: "Failed to instantiate a Group implementation object",
0389: e);
0390: }
0391: return group;
0392: }
0393:
0394: /**
0395: * Construct a blank Group object.
0396: *
0397: * This method calls getGroupClass, and then creates a new object using
0398: * the default constructor.
0399: *
0400: * @param groupName The name of the Group
0401: *
0402: * @return an object implementing Group interface.
0403: *
0404: * @throws UnknownEntityException if the object could not be instantiated.
0405: */
0406: public Group getGroupInstance(String groupName)
0407: throws UnknownEntityException {
0408: Group group = getGroupInstance();
0409: group.setName(groupName);
0410: return group;
0411: }
0412:
0413: /**
0414: * Return a Class object representing the system's chosen implementation of
0415: * of Permission interface.
0416: *
0417: * @return systems's chosen implementation of Permission interface.
0418: * @throws UnknownEntityException if the implementation of Permission interface
0419: * could not be determined, or does not exist.
0420: */
0421: public Class getPermissionClass() throws UnknownEntityException {
0422: if (permissionClass == null) {
0423: throw new UnknownEntityException(
0424: "Failed to create a Class object for Permission implementation");
0425: }
0426: return permissionClass;
0427: }
0428:
0429: /**
0430: * Construct a blank Permission object.
0431: *
0432: * This method calls getPermissionClass, and then creates a new object using
0433: * the default constructor.
0434: *
0435: * @return an object implementing Permission interface.
0436: * @throws UnknownEntityException if the object could not be instantiated.
0437: */
0438: public Permission getPermissionInstance()
0439: throws UnknownEntityException {
0440: Permission permission;
0441: try {
0442: permission = (Permission) getPermissionClass()
0443: .newInstance();
0444: } catch (Exception e) {
0445: throw new UnknownEntityException(
0446: "Failed to instantiate a Permission implementation object",
0447: e);
0448: }
0449: return permission;
0450: }
0451:
0452: /**
0453: * Construct a blank Permission object.
0454: *
0455: * This method calls getPermissionClass, and then creates a new object using
0456: * the default constructor.
0457: *
0458: * @param permName The name of the permission.
0459: *
0460: * @return an object implementing Permission interface.
0461: * @throws UnknownEntityException if the object could not be instantiated.
0462: */
0463: public Permission getPermissionInstance(String permName)
0464: throws UnknownEntityException {
0465: Permission perm = getPermissionInstance();
0466: perm.setName(permName);
0467: return perm;
0468: }
0469:
0470: /**
0471: * Return a Class object representing the system's chosen implementation of
0472: * of Role interface.
0473: *
0474: * @return systems's chosen implementation of Role interface.
0475: * @throws UnknownEntityException if the implementation of Role interface
0476: * could not be determined, or does not exist.
0477: */
0478: public Class getRoleClass() throws UnknownEntityException {
0479: if (roleClass == null) {
0480: throw new UnknownEntityException(
0481: "Failed to create a Class object for Role implementation");
0482: }
0483: return roleClass;
0484: }
0485:
0486: /**
0487: * Construct a blank Role object.
0488: *
0489: * This method calls getRoleClass, and then creates a new object using
0490: * the default constructor.
0491: *
0492: * @return an object implementing Role interface.
0493: * @throws UnknownEntityException if the object could not be instantiated.
0494: */
0495: public Role getRoleInstance() throws UnknownEntityException {
0496: Role role;
0497:
0498: try {
0499: role = (Role) getRoleClass().newInstance();
0500: } catch (Exception e) {
0501: throw new UnknownEntityException(
0502: "Failed to instantiate a Role implementation object",
0503: e);
0504: }
0505: return role;
0506: }
0507:
0508: /**
0509: * Construct a blank Role object.
0510: *
0511: * This method calls getRoleClass, and then creates a new object using
0512: * the default constructor.
0513: *
0514: * @param roleName The name of the role.
0515: *
0516: * @return an object implementing Role interface.
0517: *
0518: * @throws UnknownEntityException if the object could not be instantiated.
0519: */
0520: public Role getRoleInstance(String roleName)
0521: throws UnknownEntityException {
0522: Role role = getRoleInstance();
0523: role.setName(roleName);
0524: return role;
0525: }
0526:
0527: /**
0528: * Return a Class object representing the system's chosen implementation of
0529: * of ACL interface.
0530: *
0531: * @return systems's chosen implementation of ACL interface.
0532: * @throws UnknownEntityException if the implementation of ACL interface
0533: * could not be determined, or does not exist.
0534: */
0535: public Class getAclClass() throws UnknownEntityException {
0536: if (aclClass == null) {
0537: throw new UnknownEntityException(
0538: "Failed to create a Class object for ACL implementation");
0539: }
0540: return aclClass;
0541: }
0542:
0543: /**
0544: * Construct a new ACL object.
0545: *
0546: * This constructs a new ACL object from the configured class and
0547: * initializes it with the supplied roles and permissions.
0548: *
0549: * @param roles The roles that this ACL should contain
0550: * @param permissions The permissions for this ACL
0551: *
0552: * @return an object implementing ACL interface.
0553: * @throws UnknownEntityException if the object could not be instantiated.
0554: */
0555: public AccessControlList getAclInstance(Map roles, Map permissions)
0556: throws UnknownEntityException {
0557: Object[] objects = { roles, permissions };
0558: String[] signatures = { Map.class.getName(),
0559: Map.class.getName() };
0560: AccessControlList accessControlList;
0561:
0562: try {
0563: accessControlList = (AccessControlList) aclFactoryService
0564: .getInstance(aclClass.getName(), objects,
0565: signatures);
0566: } catch (Exception e) {
0567: throw new UnknownEntityException(
0568: "Failed to instantiate an ACL implementation object",
0569: e);
0570: }
0571:
0572: return accessControlList;
0573: }
0574:
0575: /**
0576: * Returns the configured UserManager.
0577: *
0578: * @return An UserManager object
0579: */
0580: public UserManager getUserManager() {
0581: return userManager;
0582: }
0583:
0584: /**
0585: * Configure a new user Manager.
0586: *
0587: * @param userManager An UserManager object
0588: */
0589: public void setUserManager(UserManager userManager) {
0590: this .userManager = userManager;
0591: }
0592:
0593: /**
0594: * Check whether a specified user's account exists.
0595: *
0596: * The login name is used for looking up the account.
0597: *
0598: * @param user The user to be checked.
0599: * @return true if the specified account exists
0600: * @throws DataBackendException if there was an error accessing the data
0601: * backend.
0602: */
0603: public boolean accountExists(User user) throws DataBackendException {
0604: return getUserManager().accountExists(user);
0605: }
0606:
0607: /**
0608: * Check whether a specified user's account exists.
0609: *
0610: * The login name is used for looking up the account.
0611: *
0612: * @param userName The name of the user to be checked.
0613: * @return true if the specified account exists
0614: * @throws DataBackendException if there was an error accessing the data
0615: * backend.
0616: */
0617: public boolean accountExists(String userName)
0618: throws DataBackendException {
0619: return getUserManager().accountExists(userName);
0620: }
0621:
0622: /**
0623: * Authenticates an user, and constructs an User object to represent
0624: * him/her.
0625: *
0626: * @param username The user name.
0627: * @param password The user password.
0628: * @return An authenticated Turbine User.
0629: * @throws PasswordMismatchException if the supplied password was incorrect.
0630: * @throws UnknownEntityException if the user's account does not
0631: * exist in the database.
0632: * @throws DataBackendException if there is a problem accessing the storage.
0633: */
0634: public User getAuthenticatedUser(String username, String password)
0635: throws DataBackendException, UnknownEntityException,
0636: PasswordMismatchException {
0637: return getUserManager().retrieve(username, password);
0638: }
0639:
0640: /**
0641: * Constructs an User object to represent a registered user of the
0642: * application.
0643: *
0644: * @param username The user name.
0645: * @return A Turbine User.
0646: * @throws UnknownEntityException if the user's account does not exist
0647: * @throws DataBackendException if there is a problem accessing the storage.
0648: */
0649: public User getUser(String username) throws DataBackendException,
0650: UnknownEntityException {
0651: return getUserManager().retrieve(username);
0652: }
0653:
0654: /**
0655: * Retrieve a set of users that meet the specified criteria.
0656: *
0657: * As the keys for the criteria, you should use the constants that
0658: * are defined in {@link User} interface, plus the names
0659: * of the custom attributes you added to your user representation
0660: * in the data storage. Use verbatim names of the attributes -
0661: * without table name prefix in case of DB implementation.
0662: *
0663: * @param criteria The criteria of selection.
0664: * @return a List of users meeting the criteria.
0665: * @throws DataBackendException if there is a problem accessing the
0666: * storage.
0667: * @deprecated Use <a href="#getUserList">getUserList</a> instead.
0668: */
0669: public User[] getUsers(Criteria criteria)
0670: throws DataBackendException {
0671: return (User[]) getUserList(criteria).toArray(new User[0]);
0672: }
0673:
0674: /**
0675: * Retrieve a set of users that meet the specified criteria.
0676: *
0677: * As the keys for the criteria, you should use the constants that
0678: * are defined in {@link User} interface, plus the names
0679: * of the custom attributes you added to your user representation
0680: * in the data storage. Use verbatim names of the attributes -
0681: * without table name prefix in case of DB implementation.
0682: *
0683: * @param criteria The criteria of selection.
0684: * @return a List of users meeting the criteria.
0685: * @throws DataBackendException if there is a problem accessing the
0686: * storage.
0687: */
0688: public List getUserList(Criteria criteria)
0689: throws DataBackendException {
0690: return getUserManager().retrieveList(criteria);
0691: }
0692:
0693: /**
0694: * Constructs an User object to represent an anonymous user of the
0695: * application.
0696: *
0697: * @return An anonymous Turbine User.
0698: * @throws UnknownEntityException if the implementation of User interface
0699: * could not be determined, or does not exist.
0700: */
0701: public User getAnonymousUser() throws UnknownEntityException {
0702: User user = getUserInstance();
0703: user.setName("");
0704: return user;
0705: }
0706:
0707: /**
0708: * Checks whether a passed user object matches the anonymous user pattern
0709: * according to the configured user manager
0710: *
0711: * @param user An user object
0712: *
0713: * @return True if this is an anonymous user
0714: *
0715: */
0716: public boolean isAnonymousUser(User user) {
0717: // Either just null, the name is null or the name is the empty string
0718: return (user == null) || StringUtils.isEmpty(user.getName());
0719: }
0720:
0721: /**
0722: * Saves User's data in the permanent storage. The user account is required
0723: * to exist in the storage.
0724: *
0725: * @param user the User object to save
0726: * @throws UnknownEntityException if the user's account does not
0727: * exist in the database.
0728: * @throws DataBackendException if there is a problem accessing the storage.
0729: */
0730: public void saveUser(User user) throws UnknownEntityException,
0731: DataBackendException {
0732: getUserManager().store(user);
0733: }
0734:
0735: /**
0736: * Saves User data when the session is unbound. The user account is required
0737: * to exist in the storage.
0738: *
0739: * LastLogin, AccessCounter, persistent pull tools, and any data stored
0740: * in the permData hashtable that is not mapped to a column will be saved.
0741: *
0742: * @exception UnknownEntityException if the user's account does not
0743: * exist in the database.
0744: * @exception DataBackendException if there is a problem accessing the
0745: * storage.
0746: */
0747: public void saveOnSessionUnbind(User user)
0748: throws UnknownEntityException, DataBackendException {
0749: userManager.saveOnSessionUnbind(user);
0750: }
0751:
0752: /**
0753: * Creates new user account with specified attributes.
0754: *
0755: * @param user the object describing account to be created.
0756: * @param password The password to use for the account.
0757: *
0758: * @throws DataBackendException if there was an error accessing the
0759: * data backend.
0760: * @throws EntityExistsException if the user account already exists.
0761: */
0762: public void addUser(User user, String password)
0763: throws DataBackendException, EntityExistsException {
0764: getUserManager().createAccount(user, password);
0765: }
0766:
0767: /**
0768: * Removes an user account from the system.
0769: *
0770: * @param user the object describing the account to be removed.
0771: * @throws DataBackendException if there was an error accessing the data
0772: * backend.
0773: * @throws UnknownEntityException if the user account is not present.
0774: */
0775: public void removeUser(User user) throws DataBackendException,
0776: UnknownEntityException {
0777: // revoke all roles form the user
0778: revokeAll(user);
0779:
0780: getUserManager().removeAccount(user);
0781: }
0782:
0783: /**
0784: * Change the password for an User.
0785: *
0786: * @param user an User to change password for.
0787: * @param oldPassword the current password supplied by the user.
0788: * @param newPassword the current password requested by the user.
0789: * @throws PasswordMismatchException if the supplied password was incorrect.
0790: * @throws UnknownEntityException if the user's record does not
0791: * exist in the database.
0792: * @throws DataBackendException if there is a problem accessing the storage.
0793: */
0794: public void changePassword(User user, String oldPassword,
0795: String newPassword) throws PasswordMismatchException,
0796: UnknownEntityException, DataBackendException {
0797: getUserManager().changePassword(user, oldPassword, newPassword);
0798: }
0799:
0800: /**
0801: * Forcibly sets new password for an User.
0802: *
0803: * This is supposed by the administrator to change the forgotten or
0804: * compromised passwords. Certain implementatations of this feature
0805: * would require administrative level access to the authenticating
0806: * server / program.
0807: *
0808: * @param user an User to change password for.
0809: * @param password the new password.
0810: * @throws UnknownEntityException if the user's record does not
0811: * exist in the database.
0812: * @throws DataBackendException if there is a problem accessing the storage.
0813: */
0814: public void forcePassword(User user, String password)
0815: throws UnknownEntityException, DataBackendException {
0816: getUserManager().forcePassword(user, password);
0817: }
0818:
0819: /**
0820: * Acquire a shared lock on the security information repository.
0821: *
0822: * Methods that read security information need to invoke this
0823: * method at the beginning of their body.
0824: */
0825: protected synchronized void lockShared() {
0826: readerCount++;
0827: }
0828:
0829: /**
0830: * Release a shared lock on the security information repository.
0831: *
0832: * Methods that read security information need to invoke this
0833: * method at the end of their body.
0834: */
0835: protected synchronized void unlockShared() {
0836: readerCount--;
0837: this .notify();
0838: }
0839:
0840: /**
0841: * Acquire an exclusive lock on the security information repository.
0842: *
0843: * Methods that modify security information need to invoke this
0844: * method at the beginning of their body. Note! Those methods must
0845: * be <code>synchronized</code> themselves!
0846: */
0847: protected void lockExclusive() {
0848: while (readerCount > 0) {
0849: try {
0850: this .wait();
0851: } catch (InterruptedException e) {
0852: }
0853: }
0854: }
0855:
0856: /**
0857: * Release an exclusive lock on the security information repository.
0858: *
0859: * This method is provided only for completeness. It does not really
0860: * do anything. Note! Methods that modify security information
0861: * must be <code>synchronized</code>!
0862: */
0863: protected void unlockExclusive() {
0864: // do nothing
0865: }
0866:
0867: /**
0868: * Provides a reference to the Group object that represents the
0869: * <a href="#global">global group</a>.
0870: *
0871: * @return a Group object that represents the global group.
0872: */
0873: public Group getGlobalGroup() {
0874: if (globalGroup == null) {
0875: synchronized (BaseSecurityService.class) {
0876: if (globalGroup == null) {
0877: try {
0878: globalGroup = getAllGroups().getGroupByName(
0879: Group.GLOBAL_GROUP_NAME);
0880: } catch (DataBackendException e) {
0881: log
0882: .error(
0883: "Failed to retrieve global group object: ",
0884: e);
0885: }
0886: }
0887: }
0888: }
0889: return globalGroup;
0890: }
0891:
0892: /**
0893: * Retrieve a Group object with specified name.
0894: *
0895: * @param name the name of the Group.
0896: * @return an object representing the Group with specified name.
0897: * @throws DataBackendException if there was an error accessing the
0898: * data backend.
0899: * @throws UnknownEntityException if the group does not exist.
0900: * @deprecated Use <a href="#getGroupByName">getGroupByName</a> instead.
0901: */
0902: public Group getGroup(String name) throws DataBackendException,
0903: UnknownEntityException {
0904: return getGroupByName(name);
0905: }
0906:
0907: /**
0908: * Retrieve a Group object with specified name.
0909: *
0910: * @param name the name of the Group.
0911: * @return an object representing the Group with specified name.
0912: * @throws DataBackendException if there was an error accessing the
0913: * data backend.
0914: * @throws UnknownEntityException if the group does not exist.
0915: */
0916: public Group getGroupByName(String name)
0917: throws DataBackendException, UnknownEntityException {
0918: Group group = getAllGroups().getGroupByName(name);
0919: if (group == null) {
0920: throw new UnknownEntityException(
0921: "The specified group does not exist");
0922: }
0923: return group;
0924: }
0925:
0926: /**
0927: * Retrieve a Group object with specified Id.
0928: *
0929: * @param id the id of the Group.
0930: * @return an object representing the Group with specified name.
0931: * @throws UnknownEntityException if the permission does not
0932: * exist in the database.
0933: * @throws DataBackendException if there is a problem accessing the
0934: * storage.
0935: */
0936: public Group getGroupById(int id) throws DataBackendException,
0937: UnknownEntityException {
0938: Group group = getAllGroups().getGroupById(id);
0939: if (group == null) {
0940: throw new UnknownEntityException(
0941: "The specified group does not exist");
0942: }
0943: return group;
0944: }
0945:
0946: /**
0947: * Retrieve a Role object with specified name.
0948: *
0949: * @param name the name of the Role.
0950: * @return an object representing the Role with specified name.
0951: * @throws DataBackendException if there was an error accessing the
0952: * data backend.
0953: * @throws UnknownEntityException if the role does not exist.
0954: * @deprecated Use <a href="#getRoleByName">getRoleByName</a> instead.
0955: */
0956: public Role getRole(String name) throws DataBackendException,
0957: UnknownEntityException {
0958: return getRoleByName(name);
0959: }
0960:
0961: /**
0962: * Retrieve a Role object with specified name.
0963: *
0964: * @param name the name of the Role.
0965: * @return an object representing the Role with specified name.
0966: * @throws DataBackendException if there was an error accessing the
0967: * data backend.
0968: * @throws UnknownEntityException if the role does not exist.
0969: */
0970: public Role getRoleByName(String name) throws DataBackendException,
0971: UnknownEntityException {
0972: Role role = getAllRoles().getRoleByName(name);
0973: if (role == null) {
0974: throw new UnknownEntityException(
0975: "The specified role does not exist");
0976: }
0977: role.setPermissions(getPermissions(role));
0978: return role;
0979: }
0980:
0981: /**
0982: * Retrieve a Role object with specified Id.
0983: * @param id the id of the Role.
0984: * @return an object representing the Role with specified name.
0985: * @throws UnknownEntityException if the permission does not
0986: * exist in the database.
0987: * @throws DataBackendException if there is a problem accessing the
0988: * storage.
0989: */
0990: public Role getRoleById(int id) throws DataBackendException,
0991: UnknownEntityException {
0992: Role role = getAllRoles().getRoleById(id);
0993: if (role == null) {
0994: throw new UnknownEntityException(
0995: "The specified role does not exist");
0996: }
0997: role.setPermissions(getPermissions(role));
0998: return role;
0999: }
1000:
1001: /**
1002: * Retrieve a Permission object with specified name.
1003: *
1004: * @param name the name of the Permission.
1005: * @return an object representing the Permission with specified name.
1006: * @throws DataBackendException if there was an error accessing the
1007: * data backend.
1008: * @throws UnknownEntityException if the permission does not exist.
1009: * @deprecated Use <a href="#getPermissionByName">getPermissionByName</a> instead.
1010: */
1011: public Permission getPermission(String name)
1012: throws DataBackendException, UnknownEntityException {
1013: return getPermissionByName(name);
1014: }
1015:
1016: /**
1017: * Retrieve a Permission object with specified name.
1018: *
1019: * @param name the name of the Permission.
1020: * @return an object representing the Permission with specified name.
1021: * @throws DataBackendException if there was an error accessing the
1022: * data backend.
1023: * @throws UnknownEntityException if the permission does not exist.
1024: */
1025: public Permission getPermissionByName(String name)
1026: throws DataBackendException, UnknownEntityException {
1027: Permission permission = getAllPermissions()
1028: .getPermissionByName(name);
1029: if (permission == null) {
1030: throw new UnknownEntityException(
1031: "The specified permission does not exist");
1032: }
1033: return permission;
1034: }
1035:
1036: /**
1037: * Retrieve a Permission object with specified Id.
1038: *
1039: * @param id the id of the Permission.
1040: * @return an object representing the Permission with specified name.
1041: * @throws UnknownEntityException if the permission does not
1042: * exist in the database.
1043: * @throws DataBackendException if there is a problem accessing the
1044: * storage.
1045: */
1046: public Permission getPermissionById(int id)
1047: throws DataBackendException, UnknownEntityException {
1048: Permission permission = getAllPermissions().getPermissionById(
1049: id);
1050: if (permission == null) {
1051: throw new UnknownEntityException(
1052: "The specified permission does not exist");
1053: }
1054: return permission;
1055: }
1056:
1057: /**
1058: * Retrieves all groups defined in the system.
1059: *
1060: * @return the names of all groups defined in the system.
1061: * @throws DataBackendException if there was an error accessing the
1062: * data backend.
1063: */
1064: public GroupSet getAllGroups() throws DataBackendException {
1065: return getGroups(new Criteria());
1066: }
1067:
1068: /**
1069: * Retrieves all roles defined in the system.
1070: *
1071: * @return the names of all roles defined in the system.
1072: * @throws DataBackendException if there was an error accessing the
1073: * data backend.
1074: */
1075: public RoleSet getAllRoles() throws DataBackendException {
1076: return getRoles(new Criteria());
1077: }
1078:
1079: /**
1080: * Retrieves all permissions defined in the system.
1081: *
1082: * @return the names of all roles defined in the system.
1083: * @throws DataBackendException if there was an error accessing the
1084: * data backend.
1085: */
1086: public PermissionSet getAllPermissions()
1087: throws DataBackendException {
1088: return getPermissions(new Criteria());
1089: }
1090:
1091: /**
1092: * @deprecated Use getGroupInstance(String name) instead.
1093: */
1094: public Group getNewGroup(String groupName) {
1095: try {
1096: return getGroupInstance(groupName);
1097: } catch (UnknownEntityException uee) {
1098: uee.printStackTrace();
1099: return null;
1100: }
1101: }
1102:
1103: /**
1104: * @deprecated Use getRoleInstance(String name) instead.
1105: */
1106: public Role getNewRole(String roleName) {
1107: try {
1108: return getRoleInstance(roleName);
1109: } catch (UnknownEntityException uee) {
1110: return null;
1111: }
1112: }
1113:
1114: /**
1115: * @deprecated Use getPermissionInstance(String name) instead.
1116: */
1117: public Permission getNewPermission(String permissionName) {
1118: try {
1119: return getPermissionInstance(permissionName);
1120: } catch (UnknownEntityException uee) {
1121: return null;
1122: }
1123: }
1124: }
|