Classes in this File | Line Coverage | Branch Coverage | Complexity | ||||
DefaultSecurityService |
|
| 1.471698113207547;1,472 |
1 | package org.apache.turbine.services.security; | |
2 | ||
3 | ||
4 | /* | |
5 | * Licensed to the Apache Software Foundation (ASF) under one | |
6 | * or more contributor license agreements. See the NOTICE file | |
7 | * distributed with this work for additional information | |
8 | * regarding copyright ownership. The ASF licenses this file | |
9 | * to you under the Apache License, Version 2.0 (the | |
10 | * "License"); you may not use this file except in compliance | |
11 | * with the License. You may obtain a copy of the License at | |
12 | * | |
13 | * http://www.apache.org/licenses/LICENSE-2.0 | |
14 | * | |
15 | * Unless required by applicable law or agreed to in writing, | |
16 | * software distributed under the License is distributed on an | |
17 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |
18 | * KIND, either express or implied. See the License for the | |
19 | * specific language governing permissions and limitations | |
20 | * under the License. | |
21 | */ | |
22 | ||
23 | ||
24 | import org.apache.commons.configuration.Configuration; | |
25 | import org.apache.commons.logging.Log; | |
26 | import org.apache.commons.logging.LogFactory; | |
27 | import org.apache.fulcrum.security.GroupManager; | |
28 | import org.apache.fulcrum.security.PermissionManager; | |
29 | import org.apache.fulcrum.security.RoleManager; | |
30 | import org.apache.fulcrum.security.acl.AccessControlList; | |
31 | import org.apache.fulcrum.security.entity.Group; | |
32 | import org.apache.fulcrum.security.entity.Permission; | |
33 | import org.apache.fulcrum.security.entity.Role; | |
34 | import org.apache.fulcrum.security.model.turbine.TurbineModelManager; | |
35 | import org.apache.fulcrum.security.model.turbine.entity.TurbineRole; | |
36 | import org.apache.fulcrum.security.util.DataBackendException; | |
37 | import org.apache.fulcrum.security.util.EntityExistsException; | |
38 | import org.apache.fulcrum.security.util.GroupSet; | |
39 | import org.apache.fulcrum.security.util.PasswordMismatchException; | |
40 | import org.apache.fulcrum.security.util.PermissionSet; | |
41 | import org.apache.fulcrum.security.util.RoleSet; | |
42 | import org.apache.fulcrum.security.util.UnknownEntityException; | |
43 | import org.apache.turbine.om.security.User; | |
44 | import org.apache.turbine.services.InitializationException; | |
45 | import org.apache.turbine.services.ServiceManager; | |
46 | import org.apache.turbine.services.TurbineBaseService; | |
47 | import org.apache.turbine.services.TurbineServices; | |
48 | ||
49 | /** | |
50 | * This is a common subset of SecurityService implementation. | |
51 | * | |
52 | * Provided functionality includes: | |
53 | * <ul> | |
54 | * <li> methods for retrieving User objects, that delegates functionality | |
55 | * to the pluggable implementations of the User interface. | |
56 | * <li> synchronization mechanism for methods reading/modifying the security | |
57 | * information, that guarantees that multiple threads may read the | |
58 | * information concurrently, but threads that modify the information | |
59 | * acquires exclusive access. | |
60 | * <li> implementation of convenience methods for retrieving security entities | |
61 | * that maintain in-memory caching of objects for fast access. | |
62 | * </ul> | |
63 | * | |
64 | * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a> | |
65 | * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a> | |
66 | * @author <a href="mailto:marco@intermeta.de">Marco Knüttel</a> | |
67 | * @author <a href="mailto:quintonm@bellsouth.net">Quinton McCombs</a> | |
68 | * @version $Id: DefaultSecurityService.java 1524210 2013-09-17 20:22:56Z tv $ | |
69 | */ | |
70 | 15 | public class DefaultSecurityService |
71 | extends TurbineBaseService | |
72 | implements SecurityService | |
73 | { | |
74 | /** The number of threads concurrently reading security information */ | |
75 | 15 | private int readerCount = 0; |
76 | ||
77 | /** The instance of UserManager the SecurityService uses */ | |
78 | 15 | private UserManager userManager = null; |
79 | ||
80 | /** The instance of GroupManager the SecurityService uses */ | |
81 | private GroupManager groupManager; | |
82 | ||
83 | /** The instance of RoleManager the SecurityService uses */ | |
84 | private RoleManager roleManager; | |
85 | ||
86 | /** The instance of PermissionManager the SecurityService uses */ | |
87 | private PermissionManager permissionManager; | |
88 | ||
89 | /** The instance of ModelManager the SecurityService uses */ | |
90 | private TurbineModelManager modelManager; | |
91 | ||
92 | /** | |
93 | * The Group object that represents the <a href="#global">global group</a>. | |
94 | */ | |
95 | 15 | private static Group globalGroup = null; |
96 | ||
97 | /** Logging */ | |
98 | 15 | private static Log log = LogFactory.getLog(DefaultSecurityService.class); |
99 | ||
100 | /** | |
101 | * Initializes the SecurityService, locating the appropriate UserManager | |
102 | * This is a zero parameter variant which queries the Turbine Servlet | |
103 | * for its config. | |
104 | * | |
105 | * @throws InitializationException Something went wrong in the init stage | |
106 | */ | |
107 | public void init() | |
108 | throws InitializationException | |
109 | { | |
110 | 4 | ServiceManager manager = TurbineServices.getInstance(); |
111 | ||
112 | 4 | this.groupManager = (GroupManager)manager.getService(GroupManager.ROLE); |
113 | 4 | this.roleManager = (RoleManager)manager.getService(RoleManager.ROLE); |
114 | 4 | this.permissionManager = (PermissionManager)manager.getService(PermissionManager.ROLE); |
115 | 4 | this.modelManager = (TurbineModelManager)manager.getService(TurbineModelManager.ROLE); |
116 | ||
117 | 4 | Configuration conf = getConfiguration(); |
118 | ||
119 | 4 | String userManagerClassName = conf.getString( |
120 | SecurityService.USER_MANAGER_KEY, | |
121 | SecurityService.USER_MANAGER_DEFAULT); | |
122 | ||
123 | try | |
124 | { | |
125 | 4 | this.userManager = |
126 | (UserManager) Class.forName(userManagerClassName).newInstance(); | |
127 | ||
128 | 4 | userManager.init(conf); |
129 | } | |
130 | 0 | catch (Exception e) |
131 | { | |
132 | 0 | throw new InitializationException("Failed to instantiate UserManager", e); |
133 | 4 | } |
134 | ||
135 | 4 | setInit(true); |
136 | 4 | } |
137 | ||
138 | /** | |
139 | * Construct a blank User object. | |
140 | * | |
141 | * @return an object implementing User interface. | |
142 | * @throws UnknownEntityException if the object could not be instantiated. | |
143 | */ | |
144 | public <U extends User> U getUserInstance() | |
145 | throws UnknownEntityException | |
146 | { | |
147 | U user; | |
148 | try | |
149 | { | |
150 | 1 | user = getUserManager().getUserInstance(); |
151 | } | |
152 | 0 | catch (DataBackendException e) |
153 | { | |
154 | 0 | throw new UnknownEntityException( |
155 | "Failed instantiate an User implementation object", e); | |
156 | 1 | } |
157 | 1 | return user; |
158 | } | |
159 | ||
160 | /** | |
161 | * Construct a blank User object. | |
162 | * | |
163 | * @param userName The name of the user. | |
164 | * | |
165 | * @return an object implementing User interface. | |
166 | * | |
167 | * @throws UnknownEntityException if the object could not be instantiated. | |
168 | */ | |
169 | public <U extends User> U getUserInstance(String userName) | |
170 | throws UnknownEntityException | |
171 | { | |
172 | U user; | |
173 | try | |
174 | { | |
175 | 0 | user = getUserManager().getUserInstance(userName); |
176 | } | |
177 | 0 | catch (DataBackendException e) |
178 | { | |
179 | 0 | throw new UnknownEntityException( |
180 | "Failed instantiate an User implementation object", e); | |
181 | 0 | } |
182 | 0 | return user; |
183 | } | |
184 | ||
185 | /** | |
186 | * Construct a blank Group object. | |
187 | * | |
188 | * @return an object implementing Group interface. | |
189 | * @throws UnknownEntityException if the object could not be instantiated. | |
190 | */ | |
191 | public <G extends Group> G getGroupInstance() | |
192 | throws UnknownEntityException | |
193 | { | |
194 | G group; | |
195 | try | |
196 | { | |
197 | 0 | group = groupManager.getGroupInstance(); |
198 | } | |
199 | 0 | catch (Exception e) |
200 | { | |
201 | 0 | throw new UnknownEntityException("Failed to instantiate a Group implementation object", e); |
202 | 0 | } |
203 | 0 | return group; |
204 | } | |
205 | ||
206 | /** | |
207 | * Construct a blank Group object. | |
208 | * | |
209 | * @param groupName The name of the Group | |
210 | * | |
211 | * @return an object implementing Group interface. | |
212 | * | |
213 | * @throws UnknownEntityException if the object could not be instantiated. | |
214 | */ | |
215 | public <G extends Group> G getGroupInstance(String groupName) | |
216 | throws UnknownEntityException | |
217 | { | |
218 | G group; | |
219 | try | |
220 | { | |
221 | 0 | group = groupManager.getGroupInstance(groupName); |
222 | } | |
223 | 0 | catch (Exception e) |
224 | { | |
225 | 0 | throw new UnknownEntityException("Failed to instantiate a Group implementation object", e); |
226 | 0 | } |
227 | 0 | return group; |
228 | } | |
229 | ||
230 | /** | |
231 | * Construct a blank Permission object. | |
232 | * | |
233 | * @return an object implementing Permission interface. | |
234 | * @throws UnknownEntityException if the object could not be instantiated. | |
235 | */ | |
236 | public <P extends Permission> P getPermissionInstance() | |
237 | throws UnknownEntityException | |
238 | { | |
239 | P permission; | |
240 | try | |
241 | { | |
242 | 0 | permission = permissionManager.getPermissionInstance(); |
243 | } | |
244 | 0 | catch (Exception e) |
245 | { | |
246 | 0 | throw new UnknownEntityException("Failed to instantiate a Permission implementation object", e); |
247 | 0 | } |
248 | 0 | return permission; |
249 | } | |
250 | ||
251 | /** | |
252 | * Construct a blank Permission object. | |
253 | * | |
254 | * @param permName The name of the permission. | |
255 | * | |
256 | * @return an object implementing Permission interface. | |
257 | * @throws UnknownEntityException if the object could not be instantiated. | |
258 | */ | |
259 | public <P extends Permission> P getPermissionInstance(String permName) | |
260 | throws UnknownEntityException | |
261 | { | |
262 | P permission; | |
263 | try | |
264 | { | |
265 | 0 | permission = permissionManager.getPermissionInstance(permName); |
266 | } | |
267 | 0 | catch (Exception e) |
268 | { | |
269 | 0 | throw new UnknownEntityException("Failed to instantiate a Permission implementation object", e); |
270 | 0 | } |
271 | 0 | return permission; |
272 | } | |
273 | ||
274 | /** | |
275 | * Construct a blank Role object. | |
276 | * | |
277 | * @return an object implementing Role interface. | |
278 | * @throws UnknownEntityException if the object could not be instantiated. | |
279 | */ | |
280 | public <R extends Role> R getRoleInstance() | |
281 | throws UnknownEntityException | |
282 | { | |
283 | R role; | |
284 | try | |
285 | { | |
286 | 0 | role = roleManager.getRoleInstance(); |
287 | } | |
288 | 0 | catch (Exception e) |
289 | { | |
290 | 0 | throw new UnknownEntityException("Failed to instantiate a Role implementation object", e); |
291 | 0 | } |
292 | 0 | return role; |
293 | } | |
294 | ||
295 | /** | |
296 | * Construct a blank Role object. | |
297 | * | |
298 | * @param roleName The name of the role. | |
299 | * | |
300 | * @return an object implementing Role interface. | |
301 | * | |
302 | * @throws UnknownEntityException if the object could not be instantiated. | |
303 | */ | |
304 | public <R extends Role> R getRoleInstance(String roleName) | |
305 | throws UnknownEntityException | |
306 | { | |
307 | R role; | |
308 | try | |
309 | { | |
310 | 0 | role = roleManager.getRoleInstance(); |
311 | } | |
312 | 0 | catch (Exception e) |
313 | { | |
314 | 0 | throw new UnknownEntityException("Failed to instantiate a Role implementation object", e); |
315 | 0 | } |
316 | 0 | return role; |
317 | } | |
318 | ||
319 | /** | |
320 | * Returns the configured UserManager. | |
321 | * | |
322 | * @return An UserManager object | |
323 | */ | |
324 | public UserManager getUserManager() | |
325 | { | |
326 | 8 | return userManager; |
327 | } | |
328 | ||
329 | /** | |
330 | * Check whether a specified user's account exists. | |
331 | * | |
332 | * The login name is used for looking up the account. | |
333 | * | |
334 | * @param user The user to be checked. | |
335 | * @return true if the specified account exists | |
336 | * @throws DataBackendException if there was an error accessing the data | |
337 | * backend. | |
338 | */ | |
339 | public boolean accountExists(User user) | |
340 | throws DataBackendException | |
341 | { | |
342 | 0 | return getUserManager().accountExists(user); |
343 | } | |
344 | ||
345 | /** | |
346 | * Check whether a specified user's account exists. | |
347 | * | |
348 | * The login name is used for looking up the account. | |
349 | * | |
350 | * @param userName The name of the user to be checked. | |
351 | * @return true if the specified account exists | |
352 | * @throws DataBackendException if there was an error accessing the data | |
353 | * backend. | |
354 | */ | |
355 | public boolean accountExists(String userName) | |
356 | throws DataBackendException | |
357 | { | |
358 | 0 | return getUserManager().accountExists(userName); |
359 | } | |
360 | ||
361 | /** | |
362 | * Authenticates an user, and constructs an User object to represent | |
363 | * him/her. | |
364 | * | |
365 | * @param username The user name. | |
366 | * @param password The user password. | |
367 | * @return An authenticated Turbine User. | |
368 | * @throws PasswordMismatchException if the supplied password was incorrect. | |
369 | * @throws UnknownEntityException if the user's account does not | |
370 | * exist in the database. | |
371 | * @throws DataBackendException if there is a problem accessing the storage. | |
372 | */ | |
373 | public <U extends User> U getAuthenticatedUser(String username, String password) | |
374 | throws DataBackendException, UnknownEntityException, | |
375 | PasswordMismatchException | |
376 | { | |
377 | 1 | return getUserManager().retrieve(username, password); |
378 | } | |
379 | ||
380 | /** | |
381 | * Constructs an User object to represent a registered user of the | |
382 | * application. | |
383 | * | |
384 | * @param username The user name. | |
385 | * @return A Turbine User. | |
386 | * @throws UnknownEntityException if the user's account does not exist | |
387 | * @throws DataBackendException if there is a problem accessing the storage. | |
388 | */ | |
389 | public <U extends User> U getUser(String username) | |
390 | throws DataBackendException, UnknownEntityException | |
391 | { | |
392 | 0 | return getUserManager().retrieve(username); |
393 | } | |
394 | ||
395 | /** | |
396 | * Constructs an User object to represent an anonymous user of the | |
397 | * application. | |
398 | * | |
399 | * @return An anonymous Turbine User. | |
400 | * @throws UnknownEntityException if the implementation of User interface | |
401 | * could not be determined, or does not exist. | |
402 | */ | |
403 | public <U extends User> U getAnonymousUser() | |
404 | throws UnknownEntityException | |
405 | { | |
406 | 2 | return getUserManager().getAnonymousUser(); |
407 | } | |
408 | ||
409 | /** | |
410 | * Checks whether a passed user object matches the anonymous user pattern | |
411 | * according to the configured user manager | |
412 | * | |
413 | * @param user An user object | |
414 | * | |
415 | * @return True if this is an anonymous user | |
416 | * | |
417 | */ | |
418 | public boolean isAnonymousUser(User user) | |
419 | { | |
420 | 2 | return getUserManager().isAnonymousUser(user); |
421 | } | |
422 | ||
423 | /** | |
424 | * Saves User's data in the permanent storage. The user account is required | |
425 | * to exist in the storage. | |
426 | * | |
427 | * @param user the User object to save | |
428 | * @throws UnknownEntityException if the user's account does not | |
429 | * exist in the database. | |
430 | * @throws DataBackendException if there is a problem accessing the storage. | |
431 | */ | |
432 | public void saveUser(User user) | |
433 | throws UnknownEntityException, DataBackendException | |
434 | { | |
435 | 0 | getUserManager().store(user); |
436 | 0 | } |
437 | ||
438 | /** | |
439 | * Saves User data when the session is unbound. The user account is required | |
440 | * to exist in the storage. | |
441 | * | |
442 | * LastLogin, AccessCounter, persistent pull tools, and any data stored | |
443 | * in the permData hashtable that is not mapped to a column will be saved. | |
444 | * | |
445 | * @exception UnknownEntityException if the user's account does not | |
446 | * exist in the database. | |
447 | * @exception DataBackendException if there is a problem accessing the | |
448 | * storage. | |
449 | */ | |
450 | public void saveOnSessionUnbind(User user) | |
451 | throws UnknownEntityException, DataBackendException | |
452 | { | |
453 | 0 | getUserManager().saveOnSessionUnbind(user); |
454 | 0 | } |
455 | ||
456 | /** | |
457 | * Creates new user account with specified attributes. | |
458 | * | |
459 | * @param user the object describing account to be created. | |
460 | * @param password The password to use for the account. | |
461 | * | |
462 | * @throws DataBackendException if there was an error accessing the | |
463 | * data backend. | |
464 | * @throws EntityExistsException if the user account already exists. | |
465 | */ | |
466 | public void addUser(User user, String password) | |
467 | throws DataBackendException, EntityExistsException | |
468 | { | |
469 | 1 | getUserManager().createAccount(user, password); |
470 | 1 | } |
471 | ||
472 | /** | |
473 | * Removes an user account from the system. | |
474 | * | |
475 | * @param user the object describing the account to be removed. | |
476 | * @throws DataBackendException if there was an error accessing the data | |
477 | * backend. | |
478 | * @throws UnknownEntityException if the user account is not present. | |
479 | */ | |
480 | public void removeUser(User user) | |
481 | throws DataBackendException, UnknownEntityException | |
482 | { | |
483 | // revoke all roles form the user | |
484 | 0 | modelManager.revokeAll(user); |
485 | 0 | getUserManager().removeAccount(user); |
486 | 0 | } |
487 | ||
488 | /** | |
489 | * Change the password for an User. | |
490 | * | |
491 | * @param user an User to change password for. | |
492 | * @param oldPassword the current password supplied by the user. | |
493 | * @param newPassword the current password requested by the user. | |
494 | * @throws PasswordMismatchException if the supplied password was incorrect. | |
495 | * @throws UnknownEntityException if the user's record does not | |
496 | * exist in the database. | |
497 | * @throws DataBackendException if there is a problem accessing the storage. | |
498 | */ | |
499 | public void changePassword(User user, String oldPassword, | |
500 | String newPassword) | |
501 | throws PasswordMismatchException, UnknownEntityException, | |
502 | DataBackendException | |
503 | { | |
504 | 0 | getUserManager().changePassword(user, oldPassword, newPassword); |
505 | 0 | } |
506 | ||
507 | /** | |
508 | * Forcibly sets new password for an User. | |
509 | * | |
510 | * This is supposed by the administrator to change the forgotten or | |
511 | * compromised passwords. Certain implementatations of this feature | |
512 | * would require administrative level access to the authenticating | |
513 | * server / program. | |
514 | * | |
515 | * @param user an User to change password for. | |
516 | * @param password the new password. | |
517 | * @throws UnknownEntityException if the user's record does not | |
518 | * exist in the database. | |
519 | * @throws DataBackendException if there is a problem accessing the storage. | |
520 | */ | |
521 | public void forcePassword(User user, String password) | |
522 | throws UnknownEntityException, DataBackendException | |
523 | { | |
524 | 0 | getUserManager().forcePassword(user, password); |
525 | 0 | } |
526 | ||
527 | /** | |
528 | * Acquire a shared lock on the security information repository. | |
529 | * | |
530 | * Methods that read security information need to invoke this | |
531 | * method at the beginning of their body. | |
532 | */ | |
533 | protected synchronized void lockShared() | |
534 | { | |
535 | 0 | readerCount++; |
536 | 0 | } |
537 | ||
538 | /** | |
539 | * Release a shared lock on the security information repository. | |
540 | * | |
541 | * Methods that read security information need to invoke this | |
542 | * method at the end of their body. | |
543 | */ | |
544 | protected synchronized void unlockShared() | |
545 | { | |
546 | 0 | readerCount--; |
547 | 0 | this.notify(); |
548 | 0 | } |
549 | ||
550 | /** | |
551 | * Acquire an exclusive lock on the security information repository. | |
552 | * | |
553 | * Methods that modify security information need to invoke this | |
554 | * method at the beginning of their body. Note! Those methods must | |
555 | * be <code>synchronized</code> themselves! | |
556 | */ | |
557 | protected void lockExclusive() | |
558 | { | |
559 | 0 | while (readerCount > 0) |
560 | { | |
561 | try | |
562 | { | |
563 | 0 | this.wait(); |
564 | } | |
565 | 0 | catch (InterruptedException e) |
566 | { | |
567 | // ignore | |
568 | 0 | } |
569 | } | |
570 | 0 | } |
571 | ||
572 | /** | |
573 | * Release an exclusive lock on the security information repository. | |
574 | * | |
575 | * This method is provided only for completeness. It does not really | |
576 | * do anything. Note! Methods that modify security information | |
577 | * must be <code>synchronized</code>! | |
578 | */ | |
579 | protected void unlockExclusive() | |
580 | { | |
581 | // do nothing | |
582 | 0 | } |
583 | ||
584 | /** | |
585 | * Provides a reference to the Group object that represents the | |
586 | * <a href="#global">global group</a>. | |
587 | * | |
588 | * @return a Group object that represents the global group. | |
589 | */ | |
590 | public <G extends Group> G getGlobalGroup() | |
591 | { | |
592 | 0 | if (globalGroup == null) |
593 | { | |
594 | 0 | synchronized (DefaultSecurityService.class) |
595 | { | |
596 | 0 | if (globalGroup == null) |
597 | { | |
598 | try | |
599 | { | |
600 | 0 | globalGroup = modelManager.getGlobalGroup(); |
601 | } | |
602 | 0 | catch (DataBackendException e) |
603 | { | |
604 | 0 | log.error("Failed to retrieve global group object: ", e); |
605 | 0 | } |
606 | } | |
607 | 0 | } |
608 | } | |
609 | @SuppressWarnings("unchecked") | |
610 | 0 | G g = (G)globalGroup; |
611 | 0 | return g; |
612 | } | |
613 | ||
614 | /** | |
615 | * Retrieve a Group object with specified name. | |
616 | * | |
617 | * @param name the name of the Group. | |
618 | * @return an object representing the Group with specified name. | |
619 | * @throws DataBackendException if there was an error accessing the | |
620 | * data backend. | |
621 | * @throws UnknownEntityException if the group does not exist. | |
622 | */ | |
623 | public <G extends Group> G getGroupByName(String name) | |
624 | throws DataBackendException, UnknownEntityException | |
625 | { | |
626 | 0 | return groupManager.getGroupByName(name); |
627 | } | |
628 | ||
629 | /** | |
630 | * Retrieve a Group object with specified Id. | |
631 | * | |
632 | * @param id the id of the Group. | |
633 | * @return an object representing the Group with specified name. | |
634 | * @throws UnknownEntityException if the permission does not | |
635 | * exist in the database. | |
636 | * @throws DataBackendException if there is a problem accessing the | |
637 | * storage. | |
638 | */ | |
639 | public <G extends Group> G getGroupById(int id) | |
640 | throws DataBackendException, UnknownEntityException | |
641 | { | |
642 | 0 | return groupManager.getGroupById(Integer.valueOf(id)); |
643 | } | |
644 | ||
645 | /** | |
646 | * Retrieve a Role object with specified name. | |
647 | * | |
648 | * @param name the name of the Role. | |
649 | * @return an object representing the Role with specified name. | |
650 | * @throws DataBackendException if there was an error accessing the | |
651 | * data backend. | |
652 | * @throws UnknownEntityException if the role does not exist. | |
653 | */ | |
654 | public <R extends Role> R getRoleByName(String name) | |
655 | throws DataBackendException, UnknownEntityException | |
656 | { | |
657 | 0 | R role = roleManager.getRoleByName(name); |
658 | 0 | if (role instanceof TurbineRole) |
659 | { | |
660 | 0 | ((TurbineRole)role).setPermissions(getPermissions(role)); |
661 | } | |
662 | 0 | return role; |
663 | } | |
664 | ||
665 | /** | |
666 | * Retrieve a Role object with specified Id. | |
667 | * @param id the id of the Role. | |
668 | * @return an object representing the Role with specified name. | |
669 | * @throws UnknownEntityException if the permission does not | |
670 | * exist in the database. | |
671 | * @throws DataBackendException if there is a problem accessing the | |
672 | * storage. | |
673 | */ | |
674 | public <R extends Role> R getRoleById(int id) | |
675 | throws DataBackendException, | |
676 | UnknownEntityException | |
677 | { | |
678 | 0 | R role = roleManager.getRoleById(Integer.valueOf(id)); |
679 | 0 | if (role instanceof TurbineRole) |
680 | { | |
681 | 0 | ((TurbineRole)role).setPermissions(getPermissions(role)); |
682 | } | |
683 | 0 | return role; |
684 | } | |
685 | ||
686 | /** | |
687 | * Retrieve a Permission object with specified name. | |
688 | * | |
689 | * @param name the name of the Permission. | |
690 | * @return an object representing the Permission with specified name. | |
691 | * @throws DataBackendException if there was an error accessing the | |
692 | * data backend. | |
693 | * @throws UnknownEntityException if the permission does not exist. | |
694 | */ | |
695 | public <P extends Permission> P getPermissionByName(String name) | |
696 | throws DataBackendException, UnknownEntityException | |
697 | { | |
698 | 0 | return permissionManager.getPermissionByName(name); |
699 | } | |
700 | ||
701 | /** | |
702 | * Retrieve a Permission object with specified Id. | |
703 | * | |
704 | * @param id the id of the Permission. | |
705 | * @return an object representing the Permission with specified name. | |
706 | * @throws UnknownEntityException if the permission does not | |
707 | * exist in the database. | |
708 | * @throws DataBackendException if there is a problem accessing the | |
709 | * storage. | |
710 | */ | |
711 | public <P extends Permission> P getPermissionById(int id) | |
712 | throws DataBackendException, | |
713 | UnknownEntityException | |
714 | { | |
715 | 0 | return permissionManager.getPermissionById(Integer.valueOf(id)); |
716 | } | |
717 | ||
718 | /** | |
719 | * Retrieves all groups defined in the system. | |
720 | * | |
721 | * @return the names of all groups defined in the system. | |
722 | * @throws DataBackendException if there was an error accessing the | |
723 | * data backend. | |
724 | */ | |
725 | public GroupSet getAllGroups() throws DataBackendException | |
726 | { | |
727 | 0 | return groupManager.getAllGroups(); |
728 | } | |
729 | ||
730 | /** | |
731 | * Retrieves all roles defined in the system. | |
732 | * | |
733 | * @return the names of all roles defined in the system. | |
734 | * @throws DataBackendException if there was an error accessing the | |
735 | * data backend. | |
736 | */ | |
737 | public RoleSet getAllRoles() throws DataBackendException | |
738 | { | |
739 | 0 | return roleManager.getAllRoles(); |
740 | } | |
741 | ||
742 | /** | |
743 | * Retrieves all permissions defined in the system. | |
744 | * | |
745 | * @return the names of all roles defined in the system. | |
746 | * @throws DataBackendException if there was an error accessing the | |
747 | * data backend. | |
748 | */ | |
749 | public PermissionSet getAllPermissions() throws DataBackendException | |
750 | { | |
751 | 0 | return permissionManager.getAllPermissions(); |
752 | } | |
753 | ||
754 | /*----------------------------------------------------------------------- | |
755 | Creation of AccessControlLists | |
756 | -----------------------------------------------------------------------*/ | |
757 | ||
758 | /** | |
759 | * Constructs an AccessControlList for a specific user. | |
760 | * | |
761 | * @param user the user for whom the AccessControlList are to be retrieved | |
762 | * @return The AccessControList object constructed from the user object. | |
763 | * @throws DataBackendException if there was an error accessing the data | |
764 | * backend. | |
765 | * @throws UnknownEntityException if user account is not present. | |
766 | */ | |
767 | public <A extends AccessControlList> A getACL(User user) | |
768 | throws DataBackendException, UnknownEntityException | |
769 | { | |
770 | 1 | return getUserManager().getACL(user); |
771 | } | |
772 | ||
773 | /*----------------------------------------------------------------------- | |
774 | Security management | |
775 | -----------------------------------------------------------------------*/ | |
776 | ||
777 | /** | |
778 | * Grant an User a Role in a Group. | |
779 | * | |
780 | * @param user the user. | |
781 | * @param group the group. | |
782 | * @param role the role. | |
783 | * @throws DataBackendException if there was an error accessing the data | |
784 | * backend. | |
785 | * @throws UnknownEntityException if user account, group or role is not | |
786 | * present. | |
787 | */ | |
788 | public void grant(User user, Group group, Role role) | |
789 | throws DataBackendException, UnknownEntityException | |
790 | { | |
791 | 0 | modelManager.grant(user, group, role); |
792 | 0 | } |
793 | ||
794 | /** | |
795 | * Revoke a Role in a Group from an User. | |
796 | * | |
797 | * @param user the user. | |
798 | * @param group the group. | |
799 | * @param role the role. | |
800 | * @throws DataBackendException if there was an error accessing the data | |
801 | * backend. | |
802 | * @throws UnknownEntityException if user account, group or role is not | |
803 | * present. | |
804 | */ | |
805 | public void revoke(User user, Group group, Role role) | |
806 | throws DataBackendException, UnknownEntityException | |
807 | { | |
808 | 0 | modelManager.revoke(user, group, role); |
809 | 0 | } |
810 | ||
811 | /** | |
812 | * Revokes all roles from an User. | |
813 | * | |
814 | * This method is used when deleting an account. | |
815 | * | |
816 | * @param user the User. | |
817 | * @throws DataBackendException if there was an error accessing the data | |
818 | * backend. | |
819 | * @throws UnknownEntityException if the account is not present. | |
820 | */ | |
821 | public void revokeAll(User user) | |
822 | throws DataBackendException, UnknownEntityException | |
823 | { | |
824 | 0 | modelManager.revokeAll(user); |
825 | 0 | } |
826 | ||
827 | /** | |
828 | * Grants a Role a Permission | |
829 | * | |
830 | * @param role the Role. | |
831 | * @param permission the Permission. | |
832 | * @throws DataBackendException if there was an error accessing the data | |
833 | * backend. | |
834 | * @throws UnknownEntityException if role or permission is not present. | |
835 | */ | |
836 | public void grant(Role role, Permission permission) | |
837 | throws DataBackendException, UnknownEntityException | |
838 | { | |
839 | 0 | modelManager.grant(role, permission); |
840 | 0 | } |
841 | ||
842 | /** | |
843 | * Revokes a Permission from a Role. | |
844 | * | |
845 | * @param role the Role. | |
846 | * @param permission the Permission. | |
847 | * @throws DataBackendException if there was an error accessing the data | |
848 | * backend. | |
849 | * @throws UnknownEntityException if role or permission is not present. | |
850 | */ | |
851 | public void revoke(Role role, Permission permission) | |
852 | throws DataBackendException, UnknownEntityException | |
853 | { | |
854 | 0 | modelManager.revoke(role, permission); |
855 | 0 | } |
856 | ||
857 | /** | |
858 | * Revokes all permissions from a Role. | |
859 | * | |
860 | * This method is user when deleting a Role. | |
861 | * | |
862 | * @param role the Role | |
863 | * @throws DataBackendException if there was an error accessing the data | |
864 | * backend. | |
865 | * @throws UnknownEntityException if the Role is not present. | |
866 | */ | |
867 | public void revokeAll(Role role) | |
868 | throws DataBackendException, UnknownEntityException | |
869 | { | |
870 | 0 | modelManager.revokeAll(role); |
871 | 0 | } |
872 | ||
873 | /** | |
874 | * Retrieves all permissions associated with a role. | |
875 | * | |
876 | * @param role the role name, for which the permissions are to be retrieved. | |
877 | * @return the Permissions for the specified role | |
878 | * @throws DataBackendException if there was an error accessing the data | |
879 | * backend. | |
880 | * @throws UnknownEntityException if the role is not present. | |
881 | */ | |
882 | public PermissionSet getPermissions(Role role) | |
883 | throws DataBackendException, UnknownEntityException | |
884 | { | |
885 | 0 | return ((TurbineRole)role).getPermissions(); |
886 | } | |
887 | ||
888 | /** | |
889 | * Creates a new group with specified attributes. | |
890 | * | |
891 | * @param group the object describing the group to be created. | |
892 | * @throws DataBackendException if there was an error accessing the data | |
893 | * backend. | |
894 | * @throws EntityExistsException if the group already exists. | |
895 | */ | |
896 | public <G extends Group> G addGroup(G group) | |
897 | throws DataBackendException, EntityExistsException | |
898 | { | |
899 | 0 | return groupManager.addGroup(group); |
900 | } | |
901 | ||
902 | /** | |
903 | * Creates a new role with specified attributes. | |
904 | * | |
905 | * @param role the objects describing the role to be created. | |
906 | * @throws DataBackendException if there was an error accessing the data | |
907 | * backend. | |
908 | * @throws EntityExistsException if the role already exists. | |
909 | */ | |
910 | public <R extends Role> R addRole(R role) | |
911 | throws DataBackendException, EntityExistsException | |
912 | { | |
913 | 0 | return roleManager.addRole(role); |
914 | } | |
915 | ||
916 | /** | |
917 | * Creates a new permission with specified attributes. | |
918 | * | |
919 | * @param permission the objects describing the permission to be created. | |
920 | * @throws DataBackendException if there was an error accessing the data | |
921 | * backend. | |
922 | * @throws EntityExistsException if the permission already exists. | |
923 | */ | |
924 | public <P extends Permission> P addPermission(P permission) | |
925 | throws DataBackendException, EntityExistsException | |
926 | { | |
927 | 0 | return permissionManager.addPermission(permission); |
928 | } | |
929 | ||
930 | /** | |
931 | * Removes a Group from the system. | |
932 | * | |
933 | * @param group the object describing group to be removed. | |
934 | * @throws DataBackendException if there was an error accessing the data | |
935 | * backend. | |
936 | * @throws UnknownEntityException if the group does not exist. | |
937 | */ | |
938 | public void removeGroup(Group group) | |
939 | throws DataBackendException, UnknownEntityException | |
940 | { | |
941 | 0 | groupManager.removeGroup(group); |
942 | 0 | } |
943 | ||
944 | /** | |
945 | * Removes a Role from the system. | |
946 | * | |
947 | * @param role The object describing the role to be removed. | |
948 | * @throws DataBackendException if there was an error accessing the data backend. | |
949 | * @throws UnknownEntityException if the role does not exist. | |
950 | */ | |
951 | public void removeRole(Role role) | |
952 | throws DataBackendException, UnknownEntityException | |
953 | { | |
954 | 0 | roleManager.removeRole(role); |
955 | 0 | } |
956 | ||
957 | /** | |
958 | * Removes a Permission from the system. | |
959 | * | |
960 | * @param permission The object describing the permission to be removed. | |
961 | * @throws DataBackendException if there was an error accessing the data | |
962 | * backend. | |
963 | * @throws UnknownEntityException if the permission does not exist. | |
964 | */ | |
965 | public void removePermission(Permission permission) | |
966 | throws DataBackendException, UnknownEntityException | |
967 | { | |
968 | 0 | permissionManager.removePermission(permission); |
969 | 0 | } |
970 | ||
971 | /** | |
972 | * Renames an existing Group. | |
973 | * | |
974 | * @param group The object describing the group to be renamed. | |
975 | * @param name the new name for the group. | |
976 | * @throws DataBackendException if there was an error accessing the data | |
977 | * backend. | |
978 | * @throws UnknownEntityException if the group does not exist. | |
979 | */ | |
980 | public void renameGroup(Group group, String name) | |
981 | throws DataBackendException, UnknownEntityException | |
982 | { | |
983 | 0 | groupManager.renameGroup(group, name); |
984 | 0 | } |
985 | ||
986 | /** | |
987 | * Renames an existing Role. | |
988 | * | |
989 | * @param role The object describing the role to be renamed. | |
990 | * @param name the new name for the role. | |
991 | * @throws DataBackendException if there was an error accessing the data | |
992 | * backend. | |
993 | * @throws UnknownEntityException if the role does not exist. | |
994 | */ | |
995 | public void renameRole(Role role, String name) | |
996 | throws DataBackendException, UnknownEntityException | |
997 | { | |
998 | 0 | roleManager.renameRole(role, name); |
999 | 0 | } |
1000 | ||
1001 | /** | |
1002 | * Renames an existing Permission. | |
1003 | * | |
1004 | * @param permission The object describing the permission to be renamed. | |
1005 | * @param name the new name for the permission. | |
1006 | * @throws DataBackendException if there was an error accessing the data | |
1007 | * backend. | |
1008 | * @throws UnknownEntityException if the permission does not exist. | |
1009 | */ | |
1010 | public void renamePermission(Permission permission, String name) | |
1011 | throws DataBackendException, UnknownEntityException | |
1012 | { | |
1013 | 0 | permissionManager.renamePermission(permission, name); |
1014 | 0 | } |
1015 | } |