001: /*
002:
003: Derby - Class org.apache.derby.database.UserUtility
004:
005: Licensed to the Apache Software Foundation (ASF) under one or more
006: contributor license agreements. See the NOTICE file distributed with
007: this work for additional information regarding copyright ownership.
008: The ASF licenses this file to You under the Apache License, Version 2.0
009: (the "License"); you may not use this file except in compliance with
010: the License. You may obtain a copy of the License at
011:
012: http://www.apache.org/licenses/LICENSE-2.0
013:
014: Unless required by applicable law or agreed to in writing, software
015: distributed under the License is distributed on an "AS IS" BASIS,
016: WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
017: See the License for the specific language governing permissions and
018: limitations under the License.
019:
020: */
021:
022: package org.apache.derby.database;
023:
024: import org.apache.derby.iapi.db.PropertyInfo;
025: import org.apache.derby.iapi.store.access.TransactionController;
026: import org.apache.derby.iapi.util.IdUtil;
027: import org.apache.derby.iapi.error.StandardException;
028: import org.apache.derby.iapi.sql.conn.LanguageConnectionContext;
029: import org.apache.derby.iapi.sql.conn.ConnectionUtil;
030: import org.apache.derby.iapi.reference.SQLState;
031: import org.apache.derby.iapi.reference.Property;
032:
033: import java.sql.SQLException;
034: import org.apache.derby.iapi.error.PublicAPI;
035:
036: /**
037: This utility class provides static methods for managing user authorization in a Cloudscape database.
038:
039: <p>This class can only be used within an SQL-J statement, a Java procedure or a server side Java method.
040: <p>This class can be accessed using the class alias <code> USERUTILITY </code> in SQL-J statements.
041: */
042: public abstract class UserUtility {
043: /** Enumeration value for read access permission ("READ_ACCESS_PERMISSION"). */
044: public final static String READ_ACCESS_PERMISSION = "READ_ACCESS_PERMISSION";
045: /** Enumeration value for full access permission ("FULL_ACCESS_PERMISSION"). */
046: public final static String FULL_ACCESS_PERMISSION = "FULL_ACCESS_PERMISSION";
047:
048: /** Prevent users from creating UserUtility Objects. */
049: private UserUtility() {
050: }
051:
052: /**
053: Add a user's authorization permission to the database.
054:
055: <P>
056: Only users with FULL_ACCESS_PERMISSION may use this.
057:
058: @param userName the user's name. A valid possibly delimited
059: SQL identifier.
060: @param permission READ_ACCESS_PERMISSION or FULL_ACCESS_PERMISSION.
061: @exception SQLException thrown if this fails.
062: */
063: public static final void add(String userName, String permission)
064: throws SQLException {
065: String pv;
066: TransactionController tc = ConnectionUtil.getCurrentLCC()
067: .getTransactionExecute();
068: try {
069: normalizeIdParam("userName", userName); //Validate
070: if (permission == null)
071: throw StandardException.newException(
072: SQLState.UU_INVALID_PARAMETER, "permission",
073: "null");
074: if (permission.equals(READ_ACCESS_PERMISSION)) {
075: pv = (String) tc
076: .getProperty(Property.READ_ONLY_ACCESS_USERS_PROPERTY);
077: pv = IdUtil.appendId(userName, pv);
078: PropertyInfo.setDatabaseProperty(
079: Property.READ_ONLY_ACCESS_USERS_PROPERTY, pv);
080: } else if (permission.equals(FULL_ACCESS_PERMISSION)) {
081: pv = (String) tc
082: .getProperty(Property.FULL_ACCESS_USERS_PROPERTY);
083: pv = IdUtil.appendId(userName, pv);
084: PropertyInfo.setDatabaseProperty(
085: Property.FULL_ACCESS_USERS_PROPERTY, pv);
086: } else
087: throw StandardException.newException(
088: SQLState.UU_UNKNOWN_PERMISSION, permission);
089: } catch (StandardException se) {
090: throw PublicAPI.wrapStandardException(se);
091: }
092: }
093:
094: /**
095: Set the authorization permission for a user in the database.
096:
097: <P>
098: Only users with FULL_ACCESS_PERMISSION may use this.
099:
100: @param userName the user's name. A valid possibly delimited
101: SQL identifier.
102: @param permission READ_ACCESS_PERMISSION or FULL_ACCESS_PERMISSION.
103: @exception SQLException thrown if this fails.
104: */
105: public static final void set(String userName, String permission)
106: throws SQLException {
107: drop(userName);
108: add(userName, permission);
109: }
110:
111: /**
112: Drop a user's authorization permission from the database.
113:
114: <P>
115: Only users with FULL_ACCESS_PERMISSION may use this.
116:
117: @param userName the user's name. A valid possibly delimited
118: SQL identifier.
119:
120: @exception SQLException thrown if this fails or the user
121: being dropped does not exist.
122: */
123: public static final void drop(String userName) throws SQLException {
124: TransactionController tc = ConnectionUtil.getCurrentLCC()
125: .getTransactionExecute();
126:
127: try {
128: String userId = normalizeIdParam("userName", userName);
129:
130: String access = getPermission(userName);
131: if (access != null && access.equals(READ_ACCESS_PERMISSION)) {
132: String pv = (String) tc
133: .getProperty(Property.READ_ONLY_ACCESS_USERS_PROPERTY);
134: String newList = IdUtil.deleteId(userId, pv);
135: PropertyInfo.setDatabaseProperty(
136: Property.READ_ONLY_ACCESS_USERS_PROPERTY,
137: newList);
138: } else if (access != null
139: && access.equals(FULL_ACCESS_PERMISSION)) {
140: String pv = (String) tc
141: .getProperty(Property.FULL_ACCESS_USERS_PROPERTY);
142: String newList = IdUtil.deleteId(userId, pv);
143: PropertyInfo.setDatabaseProperty(
144: Property.FULL_ACCESS_USERS_PROPERTY, newList);
145: } else {
146: throw StandardException.newException(
147: SQLState.UU_UNKNOWN_USER, userName);
148: }
149: } catch (StandardException se) {
150: throw PublicAPI.wrapStandardException(se);
151: }
152: }
153:
154: /**
155: Return a user's authorization permission in a database.
156:
157: <P>
158: Users with FULL_ACCESS_PERMISSION or READ_ACCESS_PERMISSION
159: may use this.
160:
161: @param userName the user's name. A valid possibly delimited
162: SQL identifier.
163: @return FULL_ACCESS_PERMISSION if the user is in "derby.database.fullAccessUsers",
164: READ_ACCESS_PERMISSION if the user is in "derby.database.readOnlyAccessUsers",
165: or null if the user is not in either list.
166: @exception SQLException thrown if this fails.
167: */
168: public static final String getPermission(String userName)
169: throws SQLException {
170: TransactionController tc = ConnectionUtil.getCurrentLCC()
171: .getTransactionExecute();
172:
173: try {
174:
175: String pv = (String) tc
176: .getProperty(Property.READ_ONLY_ACCESS_USERS_PROPERTY);
177: String userId = normalizeIdParam("userName", userName);
178: if (IdUtil.idOnList(userId, pv))
179: return READ_ACCESS_PERMISSION;
180: pv = (String) tc
181: .getProperty(Property.FULL_ACCESS_USERS_PROPERTY);
182: if (IdUtil.idOnList(userId, pv))
183: return FULL_ACCESS_PERMISSION;
184: return null;
185: } catch (StandardException se) {
186: throw PublicAPI.wrapStandardException(se);
187: }
188: }
189:
190: private static String normalizeIdParam(String pName, String pValue)
191: throws StandardException {
192: if (pValue == null)
193: throw StandardException.newException(
194: SQLState.UU_INVALID_PARAMETER, pName, "null");
195:
196: try {
197: return IdUtil.parseId(pValue);
198: } catch (StandardException se) {
199: throw StandardException.newException(
200: SQLState.UU_INVALID_PARAMETER, se, pName, pValue);
201: }
202: }
203: }
|