001: /*
002: jGuard is a security framework based on top of jaas (java authentication and authorization security).
003: it is written for web applications, to resolve simply, access control problems.
004: version $Name: v080_step3_beta2 $
005: http://sourceforge.net/projects/jguard/
006:
007: Copyright (C) 2004 Charles GAY
008:
009: This library is free software; you can redistribute it and/or
010: modify it under the terms of the GNU Lesser General Public
011: License as published by the Free Software Foundation; either
012: version 2.1 of the License, or (at your option) any later version.
013:
014: This library is distributed in the hope that it will be useful,
015: but WITHOUT ANY WARRANTY; without even the implied warranty of
016: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
017: Lesser General Public License for more details.
018:
019: You should have received a copy of the GNU Lesser General Public
020: License along with this library; if not, write to the Free Software
021: Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
022:
023:
024: jGuard project home page:
025: http://sourceforge.net/projects/jguard/
026:
027: */
028: package net.sf.jguard.example.struts.admin.actions;
029:
030: import java.util.ArrayList;
031: import java.util.Collection;
032: import java.util.HashSet;
033: import java.util.Iterator;
034: import java.util.List;
035: import java.util.Set;
036:
037: import javax.security.auth.Subject;
038: import javax.servlet.http.HttpServletRequest;
039: import javax.servlet.http.HttpServletResponse;
040:
041: import net.sf.jguard.core.authentication.credentials.JGuardCredential;
042: import net.sf.jguard.core.principals.RolePrincipal;
043: import net.sf.jguard.example.struts.actions.BaseAction;
044: import net.sf.jguard.ext.SecurityConstants;
045: import net.sf.jguard.ext.authentication.AuthenticationException;
046: import net.sf.jguard.ext.authentication.manager.AuthenticationManager;
047: import net.sf.jguard.ext.registration.RegistrationException;
048: import net.sf.jguard.ext.registration.SubjectTemplate;
049: import net.sf.jguard.jee.authentication.http.HttpAuthenticationUtils;
050: import net.sf.jguard.jee.authentication.http.HttpConstants;
051:
052: import org.apache.commons.lang.StringUtils;
053: import org.apache.log4j.Logger;
054: import org.apache.struts.action.ActionForm;
055: import org.apache.struts.action.ActionForward;
056: import org.apache.struts.action.ActionMapping;
057: import org.apache.struts.action.DynaActionForm;
058:
059: /**
060: * @author <a href="mailto:tandilero@users.sourceforge.net">Maximiliano Batelli</a>
061: */
062: public class UserDispatchAction extends BaseAction {
063:
064: private static Logger logger = Logger
065: .getLogger(UserDispatchAction.class);
066:
067: /**
068: * list users.
069: * @param mapping
070: * @param form
071: * @param request
072: * @param response
073: * @return
074: */
075: public ActionForward list(ActionMapping mapping, ActionForm form,
076: HttpServletRequest request, HttpServletResponse response) {
077: DynaActionForm dyna = (DynaActionForm) form;
078: Set users = null;
079:
080: AuthenticationManager am = (AuthenticationManager) request
081: .getSession().getServletContext().getAttribute(
082: SecurityConstants.AUTHENTICATION_MANAGER);
083: try {
084: users = am.getUsers();
085: if (logger.isDebugEnabled()) {
086: logger.debug(" listing users");
087: Iterator usersIt = users.iterator();
088: while (usersIt.hasNext()) {
089: Subject user = (Subject) usersIt.next();
090: logger.debug(user);
091: }
092: }
093: } catch (AuthenticationException e) {
094: e.printStackTrace();
095: }
096: List usersList = new ArrayList(users);
097: dyna.set("users", usersList);
098:
099: return mapping.findForward("listUsersOK");
100: }
101:
102: /**
103: * read an user.
104: * @param mapping
105: * @param form
106: * @param request
107: * @param response
108: * @return
109: */
110: public ActionForward read(ActionMapping mapping, ActionForm form,
111: HttpServletRequest request, HttpServletResponse response) {
112: DynaActionForm dyna = (DynaActionForm) form;
113: AuthenticationManager authenticationManager = (AuthenticationManager) request
114: .getSession().getServletContext().getAttribute(
115: SecurityConstants.AUTHENTICATION_MANAGER);
116: Iterator itCred;
117: JGuardCredential jcred;
118: Subject user = authenticationManager.findUser((String) dyna
119: .get("login"));
120:
121: resetForm(dyna);
122:
123: Set privCred = user.getPrivateCredentials();
124: itCred = privCred.iterator();
125: while (itCred.hasNext()) {
126: jcred = (JGuardCredential) itCred.next();
127: dyna.set(jcred.getId(), jcred.getValue());
128: }
129: Set pubCred = user.getPublicCredentials();
130: itCred = pubCred.iterator();
131: while (itCred.hasNext()) {
132: jcred = (JGuardCredential) itCred.next();
133: dyna.set(jcred.getId(), jcred.getValue());
134: }
135: dyna.set("oldLogin", (String) dyna.get("login"));
136: Set principals = new HashSet(user.getPrincipals());
137: Set localPrincipals = authenticationManager
138: .getLocalPrincipals();
139: //we remove all the principals which are not owned by this appplication
140: principals.retainAll(localPrincipals);
141: dyna.set("principals", new ArrayList(principals));
142:
143: Collection tempCol = new HashSet(authenticationManager
144: .getLocalPrincipals());
145: tempCol.removeAll(user.getPrincipals());
146: request.setAttribute("allPrincipals", tempCol);
147: request.setAttribute("action", "update");
148: return mapping.findForward("readUserOK");
149: }
150:
151: /**
152: * called when you click on the button to create a user.
153: * @param mapping
154: * @param form
155: * @param request
156: * @param response
157: * @return
158: */
159: public ActionForward newUser(ActionMapping mapping,
160: ActionForm form, HttpServletRequest request,
161: HttpServletResponse response) {
162: AuthenticationManager authenticationManager = (AuthenticationManager) request
163: .getSession().getServletContext().getAttribute(
164: SecurityConstants.AUTHENTICATION_MANAGER);
165: DynaActionForm dyna = (DynaActionForm) form;
166:
167: resetForm(dyna);
168:
169: request.setAttribute("allPrincipals", authenticationManager
170: .getLocalPrincipals());
171: request.setAttribute("action", "create");
172: return mapping.findForward("readUserOK");
173: }
174:
175: /**
176: * create a new user.
177: * @param mapping
178: * @param form
179: * @param request
180: * @param response
181: * @return
182: */
183: public ActionForward create(ActionMapping mapping, ActionForm form,
184: HttpServletRequest request, HttpServletResponse response) {
185: logger.debug(" into UserDispatchAction.create");
186:
187: DynaActionForm dyna = (DynaActionForm) form;
188: AuthenticationManager am = (AuthenticationManager) request
189: .getSession().getServletContext().getAttribute(
190: SecurityConstants.AUTHENTICATION_MANAGER);
191:
192: SubjectTemplate st = new SubjectTemplate();
193:
194: // Private required credentials
195: Set privRequiredCred = new HashSet();
196: addCredential(privRequiredCred, "login", (String) dyna
197: .get("login"));
198: addCredential(privRequiredCred, "password", (String) dyna
199: .get("password"));
200: // add private required credentials to user
201: st.setPrivateRequiredCredentials(privRequiredCred);
202:
203: // Public required creadentials
204: Set publicRequiredCred = new HashSet();
205: addCredential(publicRequiredCred, "firstname", (String) dyna
206: .get("firstname"));
207: addCredential(publicRequiredCred, "lastname", (String) dyna
208: .get("lastname"));
209: addCredential(publicRequiredCred, "location", (String) dyna
210: .get("location"));
211: // add public required credentials to user
212: st.setPublicRequiredCredentials(publicRequiredCred);
213:
214: // Private optional credentials
215: Set privOptionalCred = new HashSet();
216: addCredential(privOptionalCred, "country", (String) dyna
217: .get("country"));
218: addCredential(privOptionalCred, "religion", (String) dyna
219: .get("religion"));
220: // add private optional credentials to user
221: st.setPrivateOptionalCredentials(privOptionalCred);
222:
223: // Public optional credentials
224: Set publicOptionalCred = new HashSet();
225: addCredential(publicOptionalCred, "hobbies", (String) dyna
226: .get("hobbies"));
227: // add public optional credentials to user
228: st.setPublicOptionalCredentials(publicOptionalCred);
229:
230: // add principals
231: st.getPrincipals().clear();
232: String principalsNames = (String) dyna
233: .get("userPrincipalsNames");
234: logger.debug(" create user: principalsNames from form ="
235: + principalsNames);
236:
237: try {
238: SubjectTemplate stClone = (SubjectTemplate) am
239: .getDefaultSubjectTemplate().clone();
240: stClone.getPrincipals().clear();
241: addPrincipals(principalsNames, stClone.getPrincipals(), am);
242: Subject userCreated = am.createUser(st, stClone);
243: logger.debug("user created =" + userCreated);
244: } catch (RegistrationException e) {
245: logger.error(e.getMissingPrivateCredential());
246: logger.error(e.getMissingPublicCredential());
247: logger.error(e);
248: } catch (AuthenticationException e) {
249: logger.error(e);
250: } catch (CloneNotSupportedException e) {
251: logger.error(e);
252: }
253:
254: return mapping.findForward("createUserOK");
255: }
256:
257: /**
258: * update an user.
259: * @param mapping
260: * @param form
261: * @param request
262: * @param response
263: * @return
264: */
265: public ActionForward update(ActionMapping mapping, ActionForm form,
266: HttpServletRequest request, HttpServletResponse response) {
267:
268: DynaActionForm dyna = (DynaActionForm) form;
269: AuthenticationManager am = (AuthenticationManager) request
270: .getSession().getServletContext().getAttribute(
271: SecurityConstants.AUTHENTICATION_MANAGER);
272: Subject user = new Subject();
273:
274: // Private credentials
275: Set privCred = user.getPrivateCredentials();
276:
277: addCredential(privCred, "login", (String) dyna.get("login"));
278: addCredential(privCred, "password", (String) dyna
279: .get("password"));
280: addCredential(privCred, "country", (String) dyna.get("country"));
281: addCredential(privCred, "religion", (String) dyna
282: .get("religion"));
283:
284: // Public credentials
285: Set publicCred = user.getPublicCredentials();
286:
287: addCredential(publicCred, "firstname", (String) dyna
288: .get("firstname"));
289: addCredential(publicCred, "lastname", (String) dyna
290: .get("lastname"));
291: addCredential(publicCred, "location", (String) dyna
292: .get("location"));
293: addCredential(publicCred, "hobbies", (String) dyna
294: .get("hobbies"));
295:
296: // add principals
297: user.getPrincipals().clear();
298: String principalsNames = (String) dyna
299: .get("userPrincipalsNames");
300: logger.debug("update user :principalsNames from form ="
301: + principalsNames);
302: addPrincipals(principalsNames, user.getPrincipals(), am);
303:
304: // Set identity credential
305: JGuardCredential jcred = new JGuardCredential();
306: jcred.setId("login");
307: jcred.setValue((String) dyna.get("oldLogin"));
308: try {
309: am.updateUser(jcred, user);
310: logger.debug("after update user content=" + user);
311: } catch (AuthenticationException e) {
312: e.printStackTrace();
313: }
314:
315: return mapping.findForward("updateUserOK");
316:
317: }
318:
319: /**
320: * delete an user.
321: * @param mapping
322: * @param form
323: * @param request
324: * @param response
325: * @return
326: */
327: public ActionForward delete(ActionMapping mapping, ActionForm form,
328: HttpServletRequest request, HttpServletResponse response) {
329: DynaActionForm dyna = (DynaActionForm) form;
330: AuthenticationManager am = (AuthenticationManager) request
331: .getSession().getServletContext().getAttribute(
332: SecurityConstants.AUTHENTICATION_MANAGER);
333:
334: Subject user = am.findUser((String) dyna.get("login"));
335:
336: try {
337: am.deleteUser(user);
338: } catch (AuthenticationException e) {
339: logger.error(e.getMessage());
340: }
341:
342: return mapping.findForward("deleteUserOK");
343: }
344:
345: /**
346: * reset form.
347: * @param dyna
348: */
349: private void resetForm(DynaActionForm dyna) {
350: dyna.set("login", "");
351: dyna.set("password", "");
352: dyna.set("firstname", "");
353: dyna.set("lastname", "");
354: dyna.set("location", "");
355: dyna.set("country", "");
356: dyna.set("religion", "");
357: dyna.set("hobbies", "");
358: Collection tempCol = (Collection) dyna.get("principals");
359: tempCol.clear();
360: dyna.set("principals", tempCol);
361: }
362:
363: /**
364: * adds a credential to the Set.
365: * @param credentials
366: * @param id
367: * @param value
368: */
369: private void addCredential(Set credentials, String id, String value) {
370: if (StringUtils.isNotEmpty(value)) {
371: JGuardCredential jcred = new JGuardCredential();
372: jcred.setId(id);
373: jcred.setValue(value);
374: credentials.add(jcred);
375: }
376: }
377:
378: /**
379: * adds principals to the set referenced by the String with the help of authenticationmanager.
380: * @param principalsSet
381: * @param am
382: */
383: private void addPrincipals(String principalNames,
384: Set principalsSet, AuthenticationManager am) {
385: logger.debug("principalNames=" + principalNames);
386: if (!"".equals(principalNames)) {
387: String[] prinNames = principalNames.split("§");
388: for (int i = 0; i < prinNames.length; i++) {
389: try {
390: String principalName = prinNames[i];
391: principalName = principalName.replaceAll("§", "");
392: logger.debug("current principal name="
393: + principalName);
394: RolePrincipal principal = (RolePrincipal) am
395: .getLocalPrincipal(principalName);
396: if (principal == null) {
397: logger.info("local principal not found");
398: return;
399: }
400: logger.debug("local principal found=" + principal);
401: principalsSet.add(principal);
402: } catch (AuthenticationException e) {
403: logger.error(e.getMessage());
404: }
405: }
406: }
407: }
408:
409: public ActionForward setActiveOnRolePrincipal(
410: ActionMapping mapping, ActionForm form,
411: HttpServletRequest request, HttpServletResponse response) {
412: String roleName = request.getParameter("roleName");
413: String applicationName = request
414: .getParameter("applicationName");
415: boolean active = Boolean
416: .valueOf(request.getParameter("active")).booleanValue();
417: AuthenticationManager authenticationManager = (AuthenticationManager) request
418: .getSession().getServletContext().getAttribute(
419: SecurityConstants.AUTHENTICATION_MANAGER);
420: HttpAuthenticationUtils auth = (HttpAuthenticationUtils) request
421: .getSession(true).getAttribute(
422: HttpConstants.AUTHN_UTILS);
423: try {
424: authenticationManager.setActiveOnRolePrincipal(auth
425: .getSubject(), roleName, applicationName, active);
426: } catch (AuthenticationException e) {
427: logger.error(e.getMessage());
428: }
429: return mapping.findForward("welcome");
430: }
431: }
|