001: /**
002: * Copyright (c) 2003-2007, David A. Czarnecki
003: * All rights reserved.
004: *
005: * Redistribution and use in source and binary forms, with or without
006: * modification, are permitted provided that the following conditions are met:
007: *
008: * Redistributions of source code must retain the above copyright notice, this list of conditions and the
009: * following disclaimer.
010: * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the
011: * following disclaimer in the documentation and/or other materials provided with the distribution.
012: * Neither the name of "David A. Czarnecki" and "blojsom" nor the names of its contributors may be used to
013: * endorse or promote products derived from this software without specific prior written permission.
014: * Products derived from this software may not be called "blojsom", nor may "blojsom" appear in their name,
015: * without prior written permission of David A. Czarnecki.
016: *
017: * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
018: * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
019: * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
020: * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
021: * EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
022: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
023: * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
024: * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
025: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
026: * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
027: * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
028: * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
029: * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
030: */package org.blojsom.authorization.database;
031:
032: import org.apache.commons.logging.Log;
033: import org.apache.commons.logging.LogFactory;
034: import org.blojsom.ConfigurationException;
035: import org.blojsom.util.BlojsomUtils;
036: import org.blojsom.authorization.AuthorizationException;
037: import org.blojsom.authorization.AuthorizationProvider;
038: import org.blojsom.blog.Blog;
039: import org.blojsom.blog.database.DatabaseUser;
040: import org.hibernate.*;
041: import org.hibernate.criterion.Restrictions;
042:
043: import java.util.Map;
044:
045: /**
046: * Database authorization provider
047: *
048: * @author David Czarnecki
049: * @version $Id: DatabaseAuthorizationProvider.java,v 1.7 2007/01/17 02:35:16 czarneckid Exp $
050: * @since blojsom. 3.0
051: */
052: public class DatabaseAuthorizationProvider implements
053: AuthorizationProvider {
054:
055: private Log _logger = LogFactory
056: .getLog(DatabaseAuthorizationProvider.class);
057: private static final String ALL_PERMISSIONS_PERMISSION = "all_permissions_permission";
058:
059: protected SessionFactory _sessionFactory;
060:
061: /**
062: * Create a new instance of the database authorization provider
063: */
064: public DatabaseAuthorizationProvider() {
065: }
066:
067: /**
068: * Initialization method for the authorization provider
069: *
070: * @throws org.blojsom.ConfigurationException
071: * If there is an error initializing the provider
072: */
073: public void init() throws ConfigurationException {
074: }
075:
076: /**
077: * Set the {@link SessionFactory}
078: *
079: * @param sessionFactory {@link SessionFactory}
080: */
081: public void setSessionFactory(SessionFactory sessionFactory) {
082: _sessionFactory = sessionFactory;
083: }
084:
085: /**
086: * Authorize a username and password for the given {@link Blog}
087: *
088: * @param blog {@link Blog}
089: * @param authorizationContext {@link Map} to be used to provide other information for authorization. This will
090: * change depending on the authorization provider.
091: * @param userLogin Username
092: * @param password Password
093: * @throws AuthorizationException If there is an error authorizing the username and password
094: */
095: public void authorize(Blog blog, Map authorizationContext,
096: String userLogin, String password)
097: throws AuthorizationException {
098: if (userLogin == null) {
099: throw new AuthorizationException("Username was null");
100: }
101:
102: if (password == null) {
103: throw new AuthorizationException("Password was null");
104: }
105:
106: try {
107: Session session = _sessionFactory.openSession();
108: Transaction tx = session.beginTransaction();
109:
110: Criteria userCriteria = session
111: .createCriteria(DatabaseUser.class);
112: userCriteria.add(Restrictions.eq("userLogin", userLogin))
113: .add(Restrictions.eq("blogId", blog.getId()));
114:
115: DatabaseUser user = (DatabaseUser) userCriteria
116: .uniqueResult();
117:
118: if (user == null) {
119: tx.commit();
120: session.close();
121:
122: throw new AuthorizationException("User login not found");
123: }
124:
125: tx.commit();
126: session.close();
127:
128: if (blog.getUseEncryptedPasswords().booleanValue()) {
129: password = BlojsomUtils.digestString(password, blog
130: .getDigestAlgorithm());
131: }
132:
133: if (!password.equals(user.getUserPassword())) {
134: throw new AuthorizationException(
135: "Password authorization failure");
136: }
137: } catch (HibernateException e) {
138: if (_logger.isErrorEnabled()) {
139: _logger.error(e);
140: }
141:
142: throw new AuthorizationException(e);
143: }
144: }
145:
146: /**
147: * Check a permission for the given {@link Blog}
148: *
149: * @param blog {@link Blog}
150: * @param permissionContext {@link Map} to be used to provide other information for permission check. This will
151: * change depending on the authorization provider.
152: * @param userLogin Username
153: * @param permission Permission
154: * @throws AuthorizationException If there is an error checking the permission for the username and permission
155: */
156: public void checkPermission(Blog blog, Map permissionContext,
157: String userLogin, String permission)
158: throws AuthorizationException {
159: if (userLogin == null) {
160: throw new AuthorizationException("Username was null");
161: }
162:
163: if (permission == null) {
164: throw new AuthorizationException("Password was null");
165: }
166:
167: try {
168: Session session = _sessionFactory.openSession();
169: Transaction tx = session.beginTransaction();
170:
171: Criteria userCriteria = session
172: .createCriteria(DatabaseUser.class);
173: userCriteria.add(Restrictions.eq("userLogin", userLogin))
174: .add(Restrictions.eq("blogId", blog.getId()));
175:
176: DatabaseUser user = (DatabaseUser) userCriteria
177: .uniqueResult();
178:
179: tx.commit();
180: session.close();
181:
182: if (!user.getMetaData().containsKey(
183: ALL_PERMISSIONS_PERMISSION)) {
184: if (!user.getMetaData().containsKey(permission)) {
185: throw new AuthorizationException(
186: "Permission authorization failure");
187: }
188: }
189: } catch (HibernateException e) {
190: if (_logger.isErrorEnabled()) {
191: _logger.error(e);
192: }
193:
194: throw new AuthorizationException(e);
195: }
196: }
197: }
|