001: /* Copyright (c) 1995-2000, The Hypersonic SQL Group.
002: * All rights reserved.
003: *
004: * Redistribution and use in source and binary forms, with or without
005: * modification, are permitted provided that the following conditions are met:
006: *
007: * Redistributions of source code must retain the above copyright notice, this
008: * list of conditions and the following disclaimer.
009: *
010: * Redistributions in binary form must reproduce the above copyright notice,
011: * this list of conditions and the following disclaimer in the documentation
012: * and/or other materials provided with the distribution.
013: *
014: * Neither the name of the Hypersonic SQL Group nor the names of its
015: * contributors may be used to endorse or promote products derived from this
016: * software without specific prior written permission.
017: *
018: * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
019: * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
020: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
021: * ARE DISCLAIMED. IN NO EVENT SHALL THE HYPERSONIC SQL GROUP,
022: * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
023: * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
024: * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
025: * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
026: * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
027: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
028: * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
029: *
030: * This software consists of voluntary contributions made by many individuals
031: * on behalf of the Hypersonic SQL Group.
032: *
033: *
034: * For work added by the HSQL Development Group:
035: *
036: * Copyright (c) 2001-2005, The HSQL Development Group
037: * All rights reserved.
038: *
039: * Redistribution and use in source and binary forms, with or without
040: * modification, are permitted provided that the following conditions are met:
041: *
042: * Redistributions of source code must retain the above copyright notice, this
043: * list of conditions and the following disclaimer.
044: *
045: * Redistributions in binary form must reproduce the above copyright notice,
046: * this list of conditions and the following disclaimer in the documentation
047: * and/or other materials provided with the distribution.
048: *
049: * Neither the name of the HSQL Development Group nor the names of its
050: * contributors may be used to endorse or promote products derived from this
051: * software without specific prior written permission.
052: *
053: * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
054: * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
055: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
056: * ARE DISCLAIMED. IN NO EVENT SHALL HSQL DEVELOPMENT GROUP, HSQLDB.ORG,
057: * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
058: * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
059: * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
060: * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
061: * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
062: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
063: * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
064: */
065:
066: package org.hsqldb;
067:
068: import org.hsqldb.HsqlNameManager.HsqlName;
069: import org.hsqldb.lib.HashSet;
070: import org.hsqldb.lib.IntValueHashMap;
071:
072: // fredt@users 20021103 - patch 1.7.2 - fix bug in revokeAll()
073: // fredt@users 20021103 - patch 1.7.2 - allow for drop table, etc.
074: // when tables are dropped or renamed, changes are reflected in the
075: // permissions held in User objects.
076: // boucherb@users 200208-200212 - doc 1.7.2 - update
077: // boucherb@users 200208-200212 - patch 1.7.2 - metadata
078: // unsaved@users - patch 1.8.0 moved right managament to new classes
079:
080: /**
081: * A User Object holds the name, password for a
082: * particular database user.<p>
083: *
084: * Enhanced in successive versions of HSQLDB.
085: *
086: * @author Thomas Mueller (Hypersonic SQL Group)
087: * @version 1.8.0
088: * @since Hypersonic SQL
089: */
090: public class User {
091:
092: /** true if this user is the sys user. */
093: private boolean isSys;
094:
095: /** true if this user is the public user. */
096: private boolean isPublic;
097:
098: /** user name. */
099: private String sName;
100:
101: /** password. */
102: private String sPassword;
103:
104: /** default schema when new Sessions started (defaults to PUBLIC schema) */
105: private HsqlName initialSchema = null;
106:
107: /** grantee object. */
108: private Grantee grantee;
109:
110: /**
111: * Constructor
112: */
113: User(String name, String password, Grantee inGrantee)
114: throws HsqlException {
115:
116: sName = name;
117: grantee = inGrantee;
118:
119: boolean granteeOk = grantee != null
120: || GranteeManager.isReserved(name);
121:
122: if (!granteeOk) {
123: Trace.doAssert(false, Trace
124: .getMessage(Trace.MISSING_GRANTEE)
125: + ": " + name);
126: }
127:
128: setPassword(password);
129:
130: isSys = name.equals(GranteeManager.SYSTEM_AUTHORIZATION_NAME);
131: isPublic = name.equals(GranteeManager.PUBLIC_ROLE_NAME);
132: }
133:
134: String getName() {
135: return sName;
136: }
137:
138: void setPassword(String password) throws HsqlException {
139:
140: // TODO:
141: // checkComplexity(password);
142: // requires: UserManager.createSAUser(), UserManager.createPublicUser()
143: sPassword = password;
144: }
145:
146: /**
147: * Checks if this object's password attibute equals
148: * specified argument, else throws.
149: */
150: void checkPassword(String test) throws HsqlException {
151: Trace.check(test.equals(sPassword), Trace.ACCESS_IS_DENIED);
152: }
153:
154: /**
155: * Returns true if this User object is for a user with the
156: * database administrator role.
157: */
158: boolean isSys() {
159: return isSys;
160: }
161:
162: /**
163: * Returns the initial schema for the user
164: */
165: HsqlName getInitialSchema() {
166: return initialSchema;
167: }
168:
169: /**
170: * This class does not have access to the SchemaManager, therefore
171: * caller should verify that the given schemaName exists.
172: *
173: * @param schemaName Name of an existing schema. Null value allowed,
174: * which means use the DB default session schema.
175: */
176: void setInitialSchema(HsqlName schema) {
177: initialSchema = schema;
178: }
179:
180: /**
181: * Returns true if this User object represents the PUBLIC user
182: */
183: boolean isPublic() {
184: return isPublic;
185: }
186:
187: /**
188: * Returns the ALTER USER DDL character sequence that preserves the
189: * this user's current password value and mode. <p>
190: *
191: * @return the DDL
192: */
193: String getAlterUserDDL() {
194:
195: StringBuffer sb = new StringBuffer();
196:
197: sb.append(Token.T_ALTER).append(' ');
198: sb.append(Token.T_USER).append(' ');
199: sb.append(sName).append(' ');
200: sb.append(Token.T_SET).append(' ');
201: sb.append(Token.T_PASSWORD).append(' ');
202: sb.append('"').append(sPassword).append('"');
203:
204: return sb.toString();
205: }
206:
207: /**
208: * returns the DDL string
209: * sequence that creates this user.
210: *
211: */
212: String getCreateUserDDL() {
213:
214: StringBuffer sb = new StringBuffer(64);
215:
216: sb.append(Token.T_CREATE).append(' ');
217: sb.append(Token.T_USER).append(' ');
218: sb.append(sName).append(' ');
219: sb.append(Token.T_PASSWORD).append(' ');
220: sb.append('"').append(sPassword).append('"');
221:
222: return sb.toString();
223: }
224:
225: /**
226: * Retrieves the redo log character sequence for connecting
227: * this user
228: *
229: * @return the redo log character sequence for connecting
230: * this user
231: */
232: public String getConnectStatement() {
233:
234: StringBuffer sb = new StringBuffer();
235:
236: sb.append(Token.T_CONNECT).append(' ');
237: sb.append(Token.T_USER).append(' ');
238: sb.append(sName);
239:
240: return sb.toString();
241: }
242:
243: /**
244: * Retrieves the Grantee object for this User.
245: */
246: Grantee getGrantee() {
247: return grantee;
248: }
249:
250: /**
251: * Sets the Grantee object for this User.
252: * This is done in the constructor for all users except the special
253: * users SYSTEM and PUBLIC, which have to be set up before the
254: * Managers are initialized.
255: */
256: void setGrantee(Grantee inGrantee) throws HsqlException {
257:
258: if (grantee != null) {
259: Trace.doAssert(false, Trace
260: .getMessage(Trace.CHANGE_GRANTEE)
261: + ": " + sName);
262: }
263:
264: grantee = inGrantee;
265: }
266:
267: // Legacy wrappers
268:
269: /**
270: * Returns true if this User object is for a user with the
271: * database administrator role.
272: */
273: boolean isAdmin() {
274: return grantee.isAdmin();
275: }
276:
277: /**
278: * Retrieves a string[] whose elements are the names, of the rights
279: * explicitly granted with the GRANT command to this <code>User</code>
280: * object on the <code>Table</code> object identified by the
281: * <code>name</code> argument.
282: * * @return array of Strings naming the rights granted to this
283: * <code>User</code> object on the <code>Table</code> object
284: * identified by the <code>name</code> argument.
285: * @param name a <code>Table</code> object identifier
286: *
287: */
288: String[] listGrantedTablePrivileges(HsqlName name) {
289: return grantee.listGrantedTablePrivileges(name);
290: }
291:
292: /**
293: * Retrieves the distinct set of Java <code>Class</code> FQNs
294: * for which this <code>User</code> object has been
295: * granted <code>ALL</code> (the Class execution privilege). <p>
296: * @param andToPublic if <code>true</code>, then the set includes the
297: * names of classes accessible to this <code>User</code> object
298: * through grants to its <code>PUBLIC</code> <code>User</code>
299: * object attribute, else only direct grants are inlcuded.
300: * @return the distinct set of Java Class FQNs for which this
301: * this <code>User</code> object has been granted
302: * <code>ALL</code>.
303: *
304: */
305: HashSet getGrantedClassNames(boolean andToPublic)
306: throws HsqlException {
307: return grantee.getGrantedClassNames(andToPublic);
308: }
309:
310: /**
311: * Retrieves the map object that represents the rights that have been
312: * granted on database objects. <p>
313: *
314: * The map has keys and values with the following interpretation: <P>
315: *
316: * <UL>
317: * <LI> The keys are generally (but not limited to) objects having
318: * an attribute or value equal to the name of an actual database
319: * object.
320: *
321: * <LI> Specifically, the keys act as database object identifiers.
322: *
323: * <LI> The values are always Integer objects, each formed by combining
324: * a set of flags, one for each of the access rights defined in
325: * UserManager: {SELECT, INSERT, UPDATE and DELETE}.
326: * </UL>
327: */
328: IntValueHashMap getRights() {
329: return grantee.getRights();
330: }
331:
332: /**
333: * Checks that this User object is for a user with the
334: * database administrator role. Otherwise it throws.
335: */
336: void checkAdmin() throws HsqlException {
337: grantee.checkAdmin();
338: }
339:
340: /**
341: * Checks if any of the rights represented by the rights
342: * argument have been granted on the specified database object. <p>
343: *
344: * This is done by checking that a mapping exists in the rights map
345: * from the dbobject argument for at least one of the rights
346: * contained in the rights argument. Otherwise, it throws.
347: */
348: void check(HsqlName dbobject, int rights) throws HsqlException {
349: grantee.check(dbobject, rights);
350: }
351:
352: void check(String dbobject) throws HsqlException {
353: grantee.check(dbobject);
354: }
355:
356: /**
357: * Returns true if any of the rights represented by the
358: * rights argument has been granted on the database object identified
359: * by the dbobject argument. <p>
360: *
361: * This is done by checking that a mapping exists in the rights map
362: * from the dbobject argument for at least one of the rights
363: * contained in the rights argument.
364: */
365: boolean isAccessible(HsqlName dbobject, int rights)
366: throws HsqlException {
367: return grantee.isAccessible(dbobject, rights);
368: }
369:
370: /**
371: * Returns true if any right at all has been granted to this User object
372: * on the database object identified by the dbobject argument.
373: */
374: boolean isAccessible(String dbobject) throws HsqlException {
375: return grantee.isAccessible(dbobject);
376: }
377:
378: boolean isAccessible(HsqlName dbobject) throws HsqlException {
379: return grantee.isAccessible(dbobject);
380: }
381: }
|