0001: package org.apache.turbine.services.security.torque;
0002:
0003: /*
0004: * Copyright 2001-2005 The Apache Software Foundation.
0005: *
0006: * Licensed under the Apache License, Version 2.0 (the "License")
0007: * you may not use this file except in compliance with the License.
0008: * You may obtain a copy of the License at
0009: *
0010: * http://www.apache.org/licenses/LICENSE-2.0
0011: *
0012: * Unless required by applicable law or agreed to in writing, software
0013: * distributed under the License is distributed on an "AS IS" BASIS,
0014: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
0015: * See the License for the specific language governing permissions and
0016: * limitations under the License.
0017: */
0018:
0019: import java.util.ArrayList;
0020: import java.util.Hashtable;
0021: import java.util.Iterator;
0022: import java.util.List;
0023:
0024: import org.apache.commons.configuration.Configuration;
0025:
0026: import org.apache.commons.lang.StringUtils;
0027:
0028: import org.apache.commons.logging.Log;
0029: import org.apache.commons.logging.LogFactory;
0030:
0031: import org.apache.torque.om.NumberKey;
0032: import org.apache.torque.om.Persistent;
0033: import org.apache.torque.util.Criteria;
0034:
0035: import org.apache.turbine.om.security.Group;
0036: import org.apache.turbine.om.security.Permission;
0037: import org.apache.turbine.om.security.Role;
0038: import org.apache.turbine.om.security.User;
0039: import org.apache.turbine.services.InitializationException;
0040: import org.apache.turbine.services.security.BaseSecurityService;
0041: import org.apache.turbine.services.security.TurbineSecurity;
0042: import org.apache.turbine.services.security.torque.om.TurbineRolePermissionPeer;
0043: import org.apache.turbine.services.security.torque.om.TurbineUserGroupRolePeer;
0044: import org.apache.turbine.util.security.AccessControlList;
0045: import org.apache.turbine.util.security.DataBackendException;
0046: import org.apache.turbine.util.security.EntityExistsException;
0047: import org.apache.turbine.util.security.GroupSet;
0048: import org.apache.turbine.util.security.PermissionSet;
0049: import org.apache.turbine.util.security.RoleSet;
0050: import org.apache.turbine.util.security.UnknownEntityException;
0051:
0052: /**
0053: * An implementation of SecurityService that uses torque objects.
0054: *
0055: * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a>
0056: * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
0057: * @author <a href="mailto:marco@intermeta.de">Marco Knüttel</a>
0058: * @version $Id: TorqueSecurityService.java 264148 2005-08-29 14:21:04Z henning $
0059: */
0060: public class TorqueSecurityService extends BaseSecurityService {
0061: /** Logging */
0062: private static Log log = LogFactory
0063: .getLog(TorqueSecurityService.class);
0064:
0065: /**
0066: * Initializes the TorqueSecurityService, loading the various class objects
0067: * representing the security entity peer classes
0068: *
0069: * @exception InitializationException A problem occured during initialization
0070: */
0071:
0072: public void init() throws InitializationException {
0073: Configuration conf = getConfiguration();
0074:
0075: GroupPeerManager.init(conf);
0076: RolePeerManager.init(conf);
0077: PermissionPeerManager.init(conf);
0078:
0079: /* At the end, because it calls setInit(true)! */
0080: super .init();
0081: }
0082:
0083: /*-----------------------------------------------------------------------
0084: Creation of AccessControlLists
0085: -----------------------------------------------------------------------*/
0086:
0087: /**
0088: * Constructs an AccessControlList for a specific user.
0089: *
0090: * This method creates a snapshot of the state of security information
0091: * concerning this user, at the moment of invocation and stores it
0092: * into an AccessControlList object.
0093: *
0094: * @param user the user for whom the AccessControlList are to be retrieved
0095: * @return A new AccessControlList object.
0096: * @throws DataBackendException if there was an error accessing the data
0097: * backend.
0098: * @throws UnknownEntityException if user account is not present.
0099: */
0100: public AccessControlList getACL(User user)
0101: throws DataBackendException, UnknownEntityException {
0102: if (!TurbineSecurity.accountExists(user)) {
0103: throw new UnknownEntityException("The account '"
0104: + user.getName() + "' does not exist");
0105: }
0106: try {
0107: Hashtable roles = new Hashtable();
0108: Hashtable permissions = new Hashtable();
0109: // notify the state modifiers (writers) that we want to create
0110: // the snapshot.
0111: lockShared();
0112:
0113: // construct the snapshot:
0114:
0115: // foreach group in the system
0116: for (Iterator groupsIterator = getAllGroups().iterator(); groupsIterator
0117: .hasNext();) {
0118: Group group = (Group) groupsIterator.next();
0119: // get roles of user in the group
0120: RoleSet groupRoles = RolePeerManager.retrieveSet(user,
0121: group);
0122: // put the Set into roles(group)
0123: roles.put(group, groupRoles);
0124: // collect all permissions in this group
0125: PermissionSet groupPermissions = new PermissionSet();
0126: // foreach role in Set
0127: for (Iterator rolesIterator = groupRoles.iterator(); rolesIterator
0128: .hasNext();) {
0129: Role role = (Role) rolesIterator.next();
0130: // get permissions of the role
0131: PermissionSet rolePermissions = PermissionPeerManager
0132: .retrieveSet(role);
0133: groupPermissions.add(rolePermissions);
0134: }
0135: // put the Set into permissions(group)
0136: permissions.put(group, groupPermissions);
0137: }
0138: return getAclInstance(roles, permissions);
0139: } catch (Exception e) {
0140: throw new DataBackendException(
0141: "Failed to build ACL for user '" + user.getName()
0142: + "'", e);
0143: } finally {
0144: // notify the state modifiers that we are done creating the snapshot.
0145: unlockShared();
0146: }
0147: }
0148:
0149: /*-----------------------------------------------------------------------
0150: Security management
0151: -----------------------------------------------------------------------*/
0152:
0153: /**
0154: * Grant an User a Role in a Group.
0155: *
0156: * @param user the user.
0157: * @param group the group.
0158: * @param role the role.
0159: * @throws DataBackendException if there was an error accessing the data
0160: * backend.
0161: * @throws UnknownEntityException if user account, group or role is not
0162: * present.
0163: */
0164: public synchronized void grant(User user, Group group, Role role)
0165: throws DataBackendException, UnknownEntityException {
0166: boolean userExists = false;
0167: boolean groupExists = false;
0168: boolean roleExists = false;
0169: try {
0170: lockExclusive();
0171: userExists = TurbineSecurity.accountExists(user);
0172: groupExists = checkExists(group);
0173: roleExists = checkExists(role);
0174: if (userExists && groupExists && roleExists) {
0175: Criteria criteria = new Criteria();
0176: criteria.add(TurbineUserGroupRolePeer.USER_ID,
0177: ((Persistent) user).getPrimaryKey());
0178: criteria.add(TurbineUserGroupRolePeer.GROUP_ID,
0179: ((Persistent) group).getPrimaryKey());
0180: criteria.add(TurbineUserGroupRolePeer.ROLE_ID,
0181: ((Persistent) role).getPrimaryKey());
0182: TurbineUserGroupRolePeer.doInsert(criteria);
0183: return;
0184: }
0185: } catch (Exception e) {
0186: throw new DataBackendException(
0187: "grant(User,Group,Role) failed", e);
0188: } finally {
0189: unlockExclusive();
0190: }
0191: if (!userExists) {
0192: throw new UnknownEntityException("Unknown user '"
0193: + user.getName() + "'");
0194: }
0195: if (!groupExists) {
0196: throw new UnknownEntityException("Unknown group '"
0197: + group.getName() + "'");
0198: }
0199: if (!roleExists) {
0200: throw new UnknownEntityException("Unknown role '"
0201: + role.getName() + "'");
0202: }
0203: }
0204:
0205: /**
0206: * Revoke a Role in a Group from an User.
0207: *
0208: * @param user the user.
0209: * @param group the group.
0210: * @param role the role.
0211: * @throws DataBackendException if there was an error accessing the data
0212: * backend.
0213: * @throws UnknownEntityException if user account, group or role is not
0214: * present.
0215: */
0216: public synchronized void revoke(User user, Group group, Role role)
0217: throws DataBackendException, UnknownEntityException {
0218: boolean userExists = false;
0219: boolean groupExists = false;
0220: boolean roleExists = false;
0221: try {
0222: lockExclusive();
0223: userExists = TurbineSecurity.accountExists(user);
0224: groupExists = checkExists(group);
0225: roleExists = checkExists(role);
0226: if (userExists && groupExists && roleExists) {
0227: Criteria criteria = new Criteria();
0228: criteria.add(TurbineUserGroupRolePeer.USER_ID,
0229: ((Persistent) user).getPrimaryKey());
0230: criteria.add(TurbineUserGroupRolePeer.GROUP_ID,
0231: ((Persistent) group).getPrimaryKey());
0232: criteria.add(TurbineUserGroupRolePeer.ROLE_ID,
0233: ((Persistent) role).getPrimaryKey());
0234: TurbineUserGroupRolePeer.doDelete(criteria);
0235: return;
0236: }
0237: } catch (Exception e) {
0238: throw new DataBackendException(
0239: "revoke(User,Role,Group) failed", e);
0240: } finally {
0241: unlockExclusive();
0242: }
0243: if (!userExists) {
0244: throw new UnknownEntityException("Unknown user '"
0245: + user.getName() + "'");
0246: }
0247: if (!groupExists) {
0248: throw new UnknownEntityException("Unknown group '"
0249: + group.getName() + "'");
0250: }
0251: if (!roleExists) {
0252: throw new UnknownEntityException("Unknown role '"
0253: + role.getName() + "'");
0254: }
0255: }
0256:
0257: /**
0258: * Revokes all roles from an User.
0259: *
0260: * This method is used when deleting an account.
0261: *
0262: * @param user the User.
0263: * @throws DataBackendException if there was an error accessing the data
0264: * backend.
0265: * @throws UnknownEntityException if the account is not present.
0266: */
0267: public synchronized void revokeAll(User user)
0268: throws DataBackendException, UnknownEntityException {
0269: boolean userExists = false;
0270: try {
0271: lockExclusive();
0272: userExists = TurbineSecurity.accountExists(user);
0273: if (userExists) {
0274: // The following would not work, due to an annoying misfeature
0275: // of Village. Village allows only a single row to be deleted at
0276: // a time. I wish that it was possible to disable this
0277: // behaviour!
0278:
0279: // Criteria criteria = new Criteria();
0280: // criteria.add(UserGroupRolePeer.USER_ID,
0281: // ((Persistent) user).getPrimaryKey());
0282: // UserGroupRolePeer.doDelete(criteria);
0283: int id = ((NumberKey) ((Persistent) user)
0284: .getPrimaryKey()).intValue();
0285: TurbineUserGroupRolePeer.deleteAll(
0286: TurbineUserGroupRolePeer.TABLE_NAME,
0287: TurbineUserGroupRolePeer.USER_ID, id);
0288: return;
0289: }
0290: } catch (Exception e) {
0291: throw new DataBackendException("revokeAll(User) failed", e);
0292: } finally {
0293: unlockExclusive();
0294: }
0295: throw new UnknownEntityException("Unknown user '"
0296: + user.getName() + "'");
0297: }
0298:
0299: /**
0300: * Grants a Role a Permission
0301: *
0302: * @param role the Role.
0303: * @param permission the Permission.
0304: * @throws DataBackendException if there was an error accessing the data
0305: * backend.
0306: * @throws UnknownEntityException if role or permission is not present.
0307: */
0308: public synchronized void grant(Role role, Permission permission)
0309: throws DataBackendException, UnknownEntityException {
0310: boolean roleExists = false;
0311: boolean permissionExists = false;
0312: try {
0313: lockExclusive();
0314: roleExists = checkExists(role);
0315: permissionExists = checkExists(permission);
0316: if (roleExists && permissionExists) {
0317: Criteria criteria = new Criteria();
0318: criteria.add(TurbineRolePermissionPeer.ROLE_ID,
0319: ((Persistent) role).getPrimaryKey());
0320: criteria.add(TurbineRolePermissionPeer.PERMISSION_ID,
0321: ((Persistent) permission).getPrimaryKey());
0322: TurbineRolePermissionPeer.doInsert(criteria);
0323: return;
0324: }
0325: } catch (Exception e) {
0326: throw new DataBackendException(
0327: "grant(Role,Permission) failed", e);
0328: } finally {
0329: unlockExclusive();
0330: }
0331: if (!roleExists) {
0332: throw new UnknownEntityException("Unknown role '"
0333: + role.getName() + "'");
0334: }
0335: if (!permissionExists) {
0336: throw new UnknownEntityException("Unknown permission '"
0337: + permission.getName() + "'");
0338: }
0339: }
0340:
0341: /**
0342: * Revokes a Permission from a Role.
0343: *
0344: * @param role the Role.
0345: * @param permission the Permission.
0346: * @throws DataBackendException if there was an error accessing the data
0347: * backend.
0348: * @throws UnknownEntityException if role or permission is not present.
0349: */
0350: public synchronized void revoke(Role role, Permission permission)
0351: throws DataBackendException, UnknownEntityException {
0352: boolean roleExists = false;
0353: boolean permissionExists = false;
0354: try {
0355: lockExclusive();
0356: roleExists = checkExists(role);
0357: permissionExists = checkExists(permission);
0358: if (roleExists && permissionExists) {
0359: Criteria criteria = new Criteria();
0360: criteria.add(TurbineRolePermissionPeer.ROLE_ID,
0361: ((Persistent) role).getPrimaryKey());
0362: criteria.add(TurbineRolePermissionPeer.PERMISSION_ID,
0363: ((Persistent) permission).getPrimaryKey());
0364: TurbineRolePermissionPeer.doDelete(criteria);
0365: return;
0366: }
0367: } catch (Exception e) {
0368: throw new DataBackendException(
0369: "revoke(Role,Permission) failed", e);
0370: } finally {
0371: unlockExclusive();
0372: }
0373: if (!roleExists) {
0374: throw new UnknownEntityException("Unknown role '"
0375: + role.getName() + "'");
0376: }
0377: if (!permissionExists) {
0378: throw new UnknownEntityException("Unknown permission '"
0379: + permission.getName() + "'");
0380: }
0381: }
0382:
0383: /**
0384: * Revokes all permissions from a Role.
0385: *
0386: * This method is user when deleting a Role.
0387: *
0388: * @param role the Role
0389: * @throws DataBackendException if there was an error accessing the data
0390: * backend.
0391: * @throws UnknownEntityException if the Role is not present.
0392: */
0393: public synchronized void revokeAll(Role role)
0394: throws DataBackendException, UnknownEntityException {
0395: boolean roleExists = false;
0396: try {
0397: lockExclusive();
0398: roleExists = checkExists(role);
0399: if (roleExists) {
0400: // The following would not work, due to an annoying misfeature
0401: // of Village. see revokeAll( user )
0402:
0403: // Criteria criteria = new Criteria();
0404: // criteria.add(RolePermissionPeer.ROLE_ID,
0405: // role.getPrimaryKey());
0406: // RolePermissionPeer.doDelete(criteria);
0407:
0408: int id = ((NumberKey) ((Persistent) role)
0409: .getPrimaryKey()).intValue();
0410: TurbineRolePermissionPeer.deleteAll(
0411: TurbineRolePermissionPeer.TABLE_NAME,
0412: TurbineRolePermissionPeer.ROLE_ID, id);
0413: return;
0414: }
0415: } catch (Exception e) {
0416: throw new DataBackendException("revokeAll(Role) failed", e);
0417: } finally {
0418: unlockExclusive();
0419: }
0420: throw new UnknownEntityException("Unknown role '"
0421: + role.getName() + "'");
0422: }
0423:
0424: /*-----------------------------------------------------------------------
0425: Group/Role/Permission management
0426: -----------------------------------------------------------------------*/
0427:
0428: /**
0429: * Retrieve a set of Groups that meet the specified Criteria.
0430: *
0431: * @param criteria A Criteria of Group selection.
0432: * @return a set of Groups that meet the specified Criteria.
0433: * @throws DataBackendException if there was an error accessing the data
0434: * backend.
0435: */
0436: public GroupSet getGroups(Criteria criteria)
0437: throws DataBackendException {
0438: Criteria torqueCriteria = new Criteria();
0439: Iterator keys = criteria.keySet().iterator();
0440: while (keys.hasNext()) {
0441: String key = (String) keys.next();
0442: torqueCriteria.put(GroupPeerManager.getColumnName(key),
0443: criteria.get(key));
0444: }
0445: List groups = new ArrayList(0);
0446: try {
0447: groups = GroupPeerManager.doSelect(criteria);
0448: } catch (Exception e) {
0449: throw new DataBackendException(
0450: "getGroups(Criteria) failed", e);
0451: }
0452: return new GroupSet(groups);
0453: }
0454:
0455: /**
0456: * Retrieve a set of Roles that meet the specified Criteria.
0457: *
0458: * @param criteria A Criteria of Roles selection.
0459: * @return a set of Roles that meet the specified Criteria.
0460: * @throws DataBackendException if there was an error accessing the data
0461: * backend.
0462: */
0463: public RoleSet getRoles(Criteria criteria)
0464: throws DataBackendException {
0465: Criteria torqueCriteria = new Criteria();
0466: Iterator keys = criteria.keySet().iterator();
0467: while (keys.hasNext()) {
0468: String key = (String) keys.next();
0469: torqueCriteria.put(RolePeerManager.getColumnName(key),
0470: criteria.get(key));
0471: }
0472: List roles = new ArrayList(0);
0473: try {
0474: roles = RolePeerManager.doSelect(criteria);
0475: } catch (Exception e) {
0476: throw new DataBackendException("getRoles(Criteria) failed",
0477: e);
0478: }
0479: return new RoleSet(roles);
0480: }
0481:
0482: /**
0483: * Retrieve a set of Permissions that meet the specified Criteria.
0484: *
0485: * @param criteria A Criteria of Permissions selection.
0486: * @return a set of Permissions that meet the specified Criteria.
0487: * @throws DataBackendException if there was an error accessing the data
0488: * backend.
0489: */
0490: public PermissionSet getPermissions(Criteria criteria)
0491: throws DataBackendException {
0492: Criteria torqueCriteria = new Criteria();
0493: Iterator keys = criteria.keySet().iterator();
0494: while (keys.hasNext()) {
0495: String key = (String) keys.next();
0496: torqueCriteria.put(
0497: PermissionPeerManager.getColumnName(key), criteria
0498: .get(key));
0499: }
0500: List permissions = new ArrayList(0);
0501: try {
0502: permissions = PermissionPeerManager.doSelect(criteria);
0503: } catch (Exception e) {
0504: throw new DataBackendException(
0505: "getPermissions(Criteria) failed", e);
0506: }
0507: return new PermissionSet(permissions);
0508: }
0509:
0510: /**
0511: * Retrieves all permissions associated with a role.
0512: *
0513: * @param role the role name, for which the permissions are to be retrieved.
0514: * @return A Permission set for the Role.
0515: * @throws DataBackendException if there was an error accessing the data
0516: * backend.
0517: * @throws UnknownEntityException if the role is not present.
0518: */
0519: public PermissionSet getPermissions(Role role)
0520: throws DataBackendException, UnknownEntityException {
0521: boolean roleExists = false;
0522: try {
0523: lockShared();
0524: roleExists = checkExists(role);
0525: if (roleExists) {
0526: return PermissionPeerManager.retrieveSet(role);
0527: }
0528: } catch (Exception e) {
0529: throw new DataBackendException(
0530: "getPermissions(Role) failed", e);
0531: } finally {
0532: unlockShared();
0533: }
0534: throw new UnknownEntityException("Unknown role '"
0535: + role.getName() + "'");
0536: }
0537:
0538: /**
0539: * Stores Group's attributes. The Groups is required to exist in the system.
0540: *
0541: * @param group The Group to be stored.
0542: * @throws DataBackendException if there was an error accessing the data
0543: * backend.
0544: * @throws UnknownEntityException if the group does not exist.
0545: */
0546: public void saveGroup(Group group) throws DataBackendException,
0547: UnknownEntityException {
0548: boolean groupExists = false;
0549: try {
0550: groupExists = checkExists(group);
0551: if (groupExists) {
0552: Criteria criteria = GroupPeerManager
0553: .buildCriteria(group);
0554: GroupPeerManager.doUpdate(criteria);
0555: return;
0556: }
0557: } catch (Exception e) {
0558: throw new DataBackendException("saveGroup(Group) failed", e);
0559: }
0560: throw new UnknownEntityException("Unknown group '" + group
0561: + "'");
0562: }
0563:
0564: /**
0565: * Stores Role's attributes. The Roles is required to exist in the system.
0566: *
0567: * @param role The Role to be stored.
0568: * @throws DataBackendException if there was an error accessing the data
0569: * backend.
0570: * @throws UnknownEntityException if the role does not exist.
0571: */
0572: public void saveRole(Role role) throws DataBackendException,
0573: UnknownEntityException {
0574: boolean roleExists = false;
0575: try {
0576: roleExists = checkExists(role);
0577: if (roleExists) {
0578: Criteria criteria = RolePeerManager.buildCriteria(role);
0579: RolePeerManager.doUpdate(criteria);
0580: return;
0581: }
0582: } catch (Exception e) {
0583: throw new DataBackendException("saveRole(Role) failed", e);
0584: }
0585: throw new UnknownEntityException("Unknown role '" + role + "'");
0586: }
0587:
0588: /**
0589: * Stores Permission's attributes. The Permissions is required to exist in
0590: * the system.
0591: *
0592: * @param permission The Permission to be stored.
0593: * @throws DataBackendException if there was an error accessing the data
0594: * backend.
0595: * @throws UnknownEntityException if the permission does not exist.
0596: */
0597: public void savePermission(Permission permission)
0598: throws DataBackendException, UnknownEntityException {
0599: boolean permissionExists = false;
0600: try {
0601: permissionExists = checkExists(permission);
0602: if (permissionExists) {
0603: Criteria criteria = PermissionPeerManager
0604: .buildCriteria(permission);
0605: PermissionPeerManager.doUpdate(criteria);
0606: return;
0607: }
0608: } catch (Exception e) {
0609: throw new DataBackendException(
0610: "savePermission(Permission) failed", e);
0611: }
0612: throw new UnknownEntityException("Unknown permission '"
0613: + permission + "'");
0614: }
0615:
0616: /**
0617: * Creates a new group with specified attributes.
0618: *
0619: * @param group the object describing the group to be created.
0620: * @return a new Group object that has id set up properly.
0621: * @throws DataBackendException if there was an error accessing the data
0622: * backend.
0623: * @throws EntityExistsException if the group already exists.
0624: */
0625: public synchronized Group addGroup(Group group)
0626: throws DataBackendException, EntityExistsException {
0627: boolean groupExists = false;
0628:
0629: if (StringUtils.isEmpty(group.getName())) {
0630: throw new DataBackendException("Could not create "
0631: + "a group with empty name!");
0632: }
0633:
0634: try {
0635: lockExclusive();
0636: groupExists = checkExists(group);
0637: if (!groupExists) {
0638: // add a row to the table
0639: Criteria criteria = GroupPeerManager
0640: .buildCriteria(group);
0641: GroupPeerManager.doInsert(criteria);
0642: // try to get the object back using the name as key.
0643: criteria = new Criteria();
0644: criteria.add(GroupPeerManager.getNameColumn(), group
0645: .getName());
0646: List results = GroupPeerManager.doSelect(criteria);
0647: if (results.size() != 1) {
0648: throw new DataBackendException(
0649: "Internal error - query returned "
0650: + results.size() + " rows");
0651: }
0652: Group newGroup = (Group) results.get(0);
0653: // add the group to system-wide cache
0654: getAllGroups().add(newGroup);
0655: // return the object with correct id
0656: return newGroup;
0657: }
0658: } catch (Exception e) {
0659: throw new DataBackendException("addGroup(Group) failed", e);
0660: } finally {
0661: unlockExclusive();
0662: }
0663: // the only way we could get here without return/throw tirggered
0664: // is that the groupExists was true.
0665: throw new EntityExistsException("Group '" + group
0666: + "' already exists");
0667: }
0668:
0669: /**
0670: * Creates a new role with specified attributes.
0671: *
0672: * @param role the object describing the role to be created.
0673: * @return a new Role object that has id set up properly.
0674: * @throws DataBackendException if there was an error accessing the data
0675: * backend.
0676: * @throws EntityExistsException if the role already exists.
0677: */
0678: public synchronized Role addRole(Role role)
0679: throws DataBackendException, EntityExistsException {
0680: boolean roleExists = false;
0681:
0682: if (StringUtils.isEmpty(role.getName())) {
0683: throw new DataBackendException("Could not create "
0684: + "a role with empty name!");
0685: }
0686:
0687: try {
0688: lockExclusive();
0689: roleExists = checkExists(role);
0690: if (!roleExists) {
0691: // add a row to the table
0692: Criteria criteria = RolePeerManager.buildCriteria(role);
0693: RolePeerManager.doInsert(criteria);
0694: // try to get the object back using the name as key.
0695: criteria = new Criteria();
0696: criteria.add(RolePeerManager.getNameColumn(), role
0697: .getName());
0698: List results = RolePeerManager.doSelect(criteria);
0699: if (results.size() != 1) {
0700: throw new DataBackendException(
0701: "Internal error - query returned "
0702: + results.size() + " rows");
0703: }
0704: Role newRole = (Role) results.get(0);
0705: // add the role to system-wide cache
0706: getAllRoles().add(newRole);
0707: // return the object with correct id
0708: return newRole;
0709: }
0710: } catch (Exception e) {
0711: throw new DataBackendException("addRole(Role) failed", e);
0712: } finally {
0713: unlockExclusive();
0714: }
0715: // the only way we could get here without return/throw tirggered
0716: // is that the roleExists was true.
0717: throw new EntityExistsException("Role '" + role
0718: + "' already exists");
0719: }
0720:
0721: /**
0722: * Creates a new permission with specified attributes.
0723: *
0724: * @param permission the object describing the permission to be created.
0725: * @return a new Permission object that has id set up properly.
0726: * @throws DataBackendException if there was an error accessing the data
0727: * backend.
0728: * @throws EntityExistsException if the permission already exists.
0729: */
0730: public synchronized Permission addPermission(Permission permission)
0731: throws DataBackendException, EntityExistsException {
0732: boolean permissionExists = false;
0733:
0734: if (StringUtils.isEmpty(permission.getName())) {
0735: throw new DataBackendException("Could not create "
0736: + "a permission with empty name!");
0737: }
0738:
0739: try {
0740: lockExclusive();
0741: permissionExists = checkExists(permission);
0742: if (!permissionExists) {
0743: // add a row to the table
0744: Criteria criteria = PermissionPeerManager
0745: .buildCriteria(permission);
0746: PermissionPeerManager.doInsert(criteria);
0747: // try to get the object back using the name as key.
0748: criteria = new Criteria();
0749: criteria.add(PermissionPeerManager.getNameColumn(),
0750: permission.getName());
0751: List results = PermissionPeerManager.doSelect(criteria);
0752: if (results.size() != 1) {
0753: throw new DataBackendException(
0754: "Internal error - query returned "
0755: + results.size() + " rows");
0756: }
0757: Permission newPermission = (Permission) results.get(0);
0758: // add the permission to system-wide cache
0759: getAllPermissions().add(newPermission);
0760: // return the object with correct id
0761: return newPermission;
0762: }
0763: } catch (Exception e) {
0764: throw new DataBackendException(
0765: "addPermission(Permission) failed", e);
0766: } finally {
0767: unlockExclusive();
0768: }
0769: // the only way we could get here without return/throw tirggered
0770: // is that the permissionExists was true.
0771: throw new EntityExistsException("Permission '" + permission
0772: + "' already exists");
0773: }
0774:
0775: /**
0776: * Removes a Group from the system.
0777: *
0778: * @param group The object describing the group to be removed.
0779: * @throws DataBackendException if there was an error accessing the data
0780: * backend.
0781: * @throws UnknownEntityException if the group does not exist.
0782: */
0783: public synchronized void removeGroup(Group group)
0784: throws DataBackendException, UnknownEntityException {
0785: boolean groupExists = false;
0786: try {
0787: lockExclusive();
0788: groupExists = checkExists(group);
0789: if (groupExists) {
0790: Criteria criteria = GroupPeerManager
0791: .buildCriteria(group);
0792: GroupPeerManager.doDelete(criteria);
0793: getAllGroups().remove(group);
0794: return;
0795: }
0796: } catch (Exception e) {
0797: log.error("Failed to delete a Group");
0798: log.error(e);
0799: throw new DataBackendException("removeGroup(Group) failed",
0800: e);
0801: } finally {
0802: unlockExclusive();
0803: }
0804: throw new UnknownEntityException("Unknown group '" + group
0805: + "'");
0806: }
0807:
0808: /**
0809: * Removes a Role from the system.
0810: *
0811: * @param role The object describing the role to be removed.
0812: * @throws DataBackendException if there was an error accessing the data
0813: * backend.
0814: * @throws UnknownEntityException if the role does not exist.
0815: */
0816: public synchronized void removeRole(Role role)
0817: throws DataBackendException, UnknownEntityException {
0818: boolean roleExists = false;
0819: try {
0820: lockExclusive();
0821: roleExists = checkExists(role);
0822: if (roleExists) {
0823: // revoke all permissions from the role to be deleted
0824: revokeAll(role);
0825: Criteria criteria = RolePeerManager.buildCriteria(role);
0826: RolePeerManager.doDelete(criteria);
0827: getAllRoles().remove(role);
0828: return;
0829: }
0830: } catch (Exception e) {
0831: throw new DataBackendException("removeRole(Role)", e);
0832: } finally {
0833: unlockExclusive();
0834: }
0835: throw new UnknownEntityException("Unknown role '" + role + "'");
0836: }
0837:
0838: /**
0839: * Removes a Permission from the system.
0840: *
0841: * @param permission The object describing the permission to be removed.
0842: * @throws DataBackendException if there was an error accessing the data
0843: * backend.
0844: * @throws UnknownEntityException if the permission does not exist.
0845: */
0846: public synchronized void removePermission(Permission permission)
0847: throws DataBackendException, UnknownEntityException {
0848: boolean permissionExists = false;
0849: try {
0850: lockExclusive();
0851: permissionExists = checkExists(permission);
0852: if (permissionExists) {
0853: Criteria criteria = PermissionPeerManager
0854: .buildCriteria(permission);
0855: PermissionPeerManager.doDelete(criteria);
0856: getAllPermissions().remove(permission);
0857: return;
0858: }
0859: } catch (Exception e) {
0860: throw new DataBackendException(
0861: "removePermission(Permission)", e);
0862: } finally {
0863: unlockExclusive();
0864: }
0865: throw new UnknownEntityException("Unknown permission '"
0866: + permission + "'");
0867: }
0868:
0869: /**
0870: * Renames an existing Group.
0871: *
0872: * @param group The object describing the group to be renamed.
0873: * @param name the new name for the group.
0874: * @throws DataBackendException if there was an error accessing the data
0875: * backend.
0876: * @throws UnknownEntityException if the group does not exist.
0877: */
0878: public synchronized void renameGroup(Group group, String name)
0879: throws DataBackendException, UnknownEntityException {
0880: boolean groupExists = false;
0881: try {
0882: lockExclusive();
0883: groupExists = checkExists(group);
0884: if (groupExists) {
0885: group.setName(name);
0886: Criteria criteria = GroupPeerManager
0887: .buildCriteria(group);
0888: GroupPeerManager.doUpdate(criteria);
0889: return;
0890: }
0891: } catch (Exception e) {
0892: throw new DataBackendException("renameGroup(Group,String)",
0893: e);
0894: } finally {
0895: unlockExclusive();
0896: }
0897: throw new UnknownEntityException("Unknown group '" + group
0898: + "'");
0899: }
0900:
0901: /**
0902: * Renames an existing Role.
0903: *
0904: * @param role The object describing the role to be renamed.
0905: * @param name the new name for the role.
0906: * @throws DataBackendException if there was an error accessing the data
0907: * backend.
0908: * @throws UnknownEntityException if the role does not exist.
0909: */
0910: public synchronized void renameRole(Role role, String name)
0911: throws DataBackendException, UnknownEntityException {
0912: boolean roleExists = false;
0913: try {
0914: lockExclusive();
0915: roleExists = checkExists(role);
0916: if (roleExists) {
0917: role.setName(name);
0918: Criteria criteria = RolePeerManager.buildCriteria(role);
0919: RolePeerManager.doUpdate(criteria);
0920: return;
0921: }
0922: } catch (Exception e) {
0923: throw new DataBackendException("renameRole(Role,String)", e);
0924: } finally {
0925: unlockExclusive();
0926: }
0927: throw new UnknownEntityException("Unknown role '" + role + "'");
0928: }
0929:
0930: /**
0931: * Renames an existing Permission.
0932: *
0933: * @param permission The object describing the permission to be renamed.
0934: * @param name the new name for the permission.
0935: * @throws DataBackendException if there was an error accessing the data
0936: * backend.
0937: * @throws UnknownEntityException if the permission does not exist.
0938: */
0939: public synchronized void renamePermission(Permission permission,
0940: String name) throws DataBackendException,
0941: UnknownEntityException {
0942: boolean permissionExists = false;
0943: try {
0944: lockExclusive();
0945: permissionExists = checkExists(permission);
0946: if (permissionExists) {
0947: permission.setName(name);
0948: Criteria criteria = PermissionPeerManager
0949: .buildCriteria(permission);
0950: PermissionPeerManager.doUpdate(criteria);
0951: return;
0952: }
0953: } catch (Exception e) {
0954: throw new DataBackendException(
0955: "renamePermission(Permission,name)", e);
0956: } finally {
0957: unlockExclusive();
0958: }
0959: throw new UnknownEntityException("Unknown permission '"
0960: + permission + "'");
0961: }
0962:
0963: /* Service specific implementation methods */
0964:
0965: /**
0966: * Determines if the <code>Group</code> exists in the security system.
0967: *
0968: * @param group a <code>Group</code> value
0969: * @return true if the group exists in the system, false otherwise
0970: * @throws DataBackendException when more than one Group with
0971: * the same name exists.
0972: * @throws Exception A generic exception.
0973: */
0974: protected boolean checkExists(Group group)
0975: throws DataBackendException, Exception {
0976: return GroupPeerManager.checkExists(group);
0977: }
0978:
0979: /**
0980: * Determines if the <code>Role</code> exists in the security system.
0981: *
0982: * @param role a <code>Role</code> value
0983: * @return true if the role exists in the system, false otherwise
0984: * @throws DataBackendException when more than one Role with
0985: * the same name exists.
0986: * @throws Exception A generic exception.
0987: */
0988: protected boolean checkExists(Role role)
0989: throws DataBackendException, Exception {
0990: return RolePeerManager.checkExists(role);
0991: }
0992:
0993: /**
0994: * Determines if the <code>Permission</code> exists in the security system.
0995: *
0996: * @param permission a <code>Permission</code> value
0997: * @return true if the permission exists in the system, false otherwise
0998: * @throws DataBackendException when more than one Permission with
0999: * the same name exists.
1000: * @throws Exception A generic exception.
1001: */
1002: protected boolean checkExists(Permission permission)
1003: throws DataBackendException, Exception {
1004: return PermissionPeerManager.checkExists(permission);
1005: }
1006:
1007: }
|