1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.apache.jetspeed.portlets.security.users;
18
19 import java.io.IOException;
20 import java.security.Principal;
21 import java.util.ArrayList;
22 import java.util.Collection;
23 import java.util.Date;
24 import java.util.Iterator;
25 import java.util.LinkedHashMap;
26 import java.util.LinkedList;
27 import java.util.List;
28 import java.util.ResourceBundle;
29 import java.util.Set;
30 import java.util.prefs.Preferences;
31
32 import javax.portlet.ActionRequest;
33 import javax.portlet.ActionResponse;
34 import javax.portlet.PortletConfig;
35 import javax.portlet.PortletException;
36 import javax.portlet.PortletMode;
37 import javax.portlet.PortletPreferences;
38 import javax.portlet.PortletRequest;
39 import javax.portlet.RenderRequest;
40 import javax.portlet.RenderResponse;
41 import javax.security.auth.Subject;
42
43 import org.apache.jetspeed.CommonPortletServices;
44 import org.apache.jetspeed.PortalReservedParameters;
45 import org.apache.jetspeed.administration.PortalConfiguration;
46 import org.apache.jetspeed.administration.PortalConfigurationConstants;
47 import org.apache.jetspeed.audit.AuditActivity;
48 import org.apache.jetspeed.components.portletregistry.PortletRegistry;
49 import org.apache.jetspeed.container.JetspeedPortletContext;
50 import org.apache.jetspeed.om.common.UserAttribute;
51 import org.apache.jetspeed.om.common.portlet.MutablePortletApplication;
52 import org.apache.jetspeed.om.folder.Folder;
53 import org.apache.jetspeed.om.folder.FolderNotFoundException;
54 import org.apache.jetspeed.page.PageManager;
55 import org.apache.jetspeed.page.document.NodeSet;
56 import org.apache.jetspeed.portlets.security.SecurityResources;
57 import org.apache.jetspeed.portlets.security.SecurityUtil;
58 import org.apache.jetspeed.profiler.Profiler;
59 import org.apache.jetspeed.profiler.rules.PrincipalRule;
60 import org.apache.jetspeed.request.RequestContext;
61 import org.apache.jetspeed.security.Group;
62 import org.apache.jetspeed.security.GroupManager;
63 import org.apache.jetspeed.security.InvalidNewPasswordException;
64 import org.apache.jetspeed.security.InvalidPasswordException;
65 import org.apache.jetspeed.security.PasswordAlreadyUsedException;
66 import org.apache.jetspeed.security.PasswordCredential;
67 import org.apache.jetspeed.security.Role;
68 import org.apache.jetspeed.security.RoleManager;
69 import org.apache.jetspeed.security.SecurityException;
70 import org.apache.jetspeed.security.User;
71 import org.apache.jetspeed.security.UserManager;
72 import org.apache.jetspeed.security.UserPrincipal;
73 import org.apache.jetspeed.security.om.InternalCredential;
74 import org.apache.portals.bridges.beans.TabBean;
75 import org.apache.portals.bridges.common.GenericServletPortlet;
76 import org.apache.portals.bridges.util.PreferencesHelper;
77 import org.apache.portals.messaging.PortletMessaging;
78
79 /***
80 * This portlet is a tabbed editor user interface for editing user attributes
81 * and security definitions.
82 *
83 * @author <a href="mailto:jford@apache.com">Jeremy Ford</a>
84 * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
85 * @version $Id: UserDetailsPortlet.java 348264 2005-11-22 22:06:45Z taylor $
86 */
87 public class UserDetailsPortlet extends GenericServletPortlet
88 {
89 private final String VIEW_USER = "user";
90 private final String VIEW_ROLES = "roles";
91 private final String VIEW_GROUPS = "groups";
92 private final String VIEW_RULES = "rules";
93 private final String VIEW_CREDENTIAL = "credential";
94 private final String VIEW_ALL_RULES = "prules";
95 private final String VIEW_PA_USER_ATTRIBUTES = "paUserAttributes";
96
97 private final String USER_ACTION_PREFIX = "security_user.";
98 private final String ACTION_EDIT_USER = "edit_user";
99 private final String ACTION_UPDATE_ATTRIBUTE = "update_user_attribute";
100 private final String ACTION_REMOVE_ATTRIBUTE = "remove_user_attribute";
101 private final String ACTION_ADD_ATTRIBUTE = "add_user_attribute";
102 private final String ACTION_REMOVE_ROLE = "remove_user_role";
103 private final String ACTION_ADD_ROLE = "add_user_role";
104 private final String ACTION_REMOVE_GROUP = "remove_user_group";
105 private final String ACTION_ADD_GROUP = "add_user_group";
106 private final String ACTION_REMOVE_RULE = "remove_user_rule";
107 private final String ACTION_ADD_RULE = "add_rule";
108 private final String ACTION_UPDATE_CREDENTIAL = "update_user_credential";
109
110 private final String TAB_USER = "user";
111 private final String TAB_ATTRIBUTES = "user_attributes";
112 private final String TAB_ROLE = "user_role";
113 private final String TAB_GROUP = "user_group";
114 private final String TAB_PROFILE = "user_profile";
115 private final String TAB_CREDENTIAL = "user_credential";
116
117 /*** the id of the roles control */
118 private static final String ROLES_CONTROL = "jetspeedRoles";
119
120 /*** the id of the rules control */
121 private static final String RULES_CONTROL = "jetspeedRules";
122
123 /*** the id of the subsites control */
124 private static final String SUBSITES_CONTROL = "jetspeedSubsites";
125
126 /*** the id of the groups control */
127 private static final String GROUPS_CONTROL = "jetspeedGroups";
128
129 public static final String USER_ADMINISTRATION = "J2 User Administration";
130
131 private PageManager pageManager;
132 private UserManager userManager;
133 private RoleManager roleManager;
134 private GroupManager groupManager;
135 private Profiler profiler;
136 private PortletRegistry registry;
137 private String paIdentifier;
138 private Collection paUserAttributes;
139 private boolean initPrefsAndAttr;
140 private PortalConfiguration configuration;
141 private AuditActivity audit;
142
143 private LinkedHashMap userTabMap;
144 private LinkedHashMap anonymousUserTabMap;
145
146 public void init(PortletConfig config)
147 throws PortletException
148 {
149 super.init(config);
150 userManager = (UserManager)getPortletContext().getAttribute(CommonPortletServices.CPS_USER_MANAGER_COMPONENT);
151 if (null == userManager)
152 {
153 throw new PortletException("Failed to find the User Manager on portlet initialization");
154 }
155 roleManager = (RoleManager)getPortletContext().getAttribute(CommonPortletServices.CPS_ROLE_MANAGER_COMPONENT);
156 if (null == roleManager)
157 {
158 throw new PortletException("Failed to find the Role Manager on portlet initialization");
159 }
160 groupManager = (GroupManager)getPortletContext().getAttribute(CommonPortletServices.CPS_GROUP_MANAGER_COMPONENT);
161 if (null == groupManager)
162 {
163 throw new PortletException("Failed to find the Group Manager on portlet initialization");
164 }
165 profiler = (Profiler)getPortletContext().getAttribute(CommonPortletServices.CPS_PROFILER_COMPONENT);
166 if (null == profiler)
167 {
168 throw new PortletException("Failed to find the Profiler on portlet initialization");
169 }
170 registry = (PortletRegistry)getPortletContext().getAttribute(CommonPortletServices.CPS_REGISTRY_COMPONENT);
171 if (null == registry)
172 {
173 throw new PortletException("Failed to find the Portlet Registry on portlet initialization");
174 }
175
176 pageManager = (PageManager)getPortletContext().getAttribute(CommonPortletServices.CPS_PAGE_MANAGER_COMPONENT);
177 if (null == pageManager)
178 {
179 throw new PortletException("Failed to find the Page Manager on portlet initialization");
180 }
181
182 configuration = (PortalConfiguration)getPortletContext().getAttribute(CommonPortletServices.CPS_PORTAL_CONFIGURATION);
183 if (null == configuration)
184 {
185 throw new PortletException("Failed to find the Portal Configuration on portlet initialization");
186 }
187
188 audit = (AuditActivity)getPortletContext().getAttribute(CommonPortletServices.CPS_AUDIT_ACTIVITY);
189 if (null == audit)
190 {
191 throw new PortletException("Failed to find the Audit Activity on portlet initialization");
192 }
193
194 paIdentifier = ((MutablePortletApplication)((JetspeedPortletContext)config.getPortletContext())
195 .getApplication()).getApplicationIdentifier();
196 }
197
198 public void doView(RenderRequest request, RenderResponse response)
199 throws PortletException, IOException
200 {
201 response.setContentType("text/html");
202
203 if ( !initPrefsAndAttr )
204 {
205 initPrefsAndAttr(request);
206 }
207
208 String userName = (String)PortletMessaging.receive(request,
209 SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_SELECTED);
210
211 User user = null;
212 if (userName != null)
213 {
214 user = lookupUser(request, userName);
215 }
216
217 if (user != null)
218 {
219 LinkedHashMap tabMap = null;
220 if ( userManager.getAnonymousUser().equals(userName) )
221 {
222 tabMap = anonymousUserTabMap;
223 }
224 else
225 {
226 tabMap = userTabMap;
227 }
228
229
230 request.setAttribute("tabs", tabMap.values());
231 TabBean selectedTab =
232 (TabBean) request.getPortletSession().getAttribute(SecurityResources.REQUEST_SELECT_TAB);
233
234 if(selectedTab != null && !tabMap.containsKey(selectedTab.getId()))
235 {
236 selectedTab = null;
237 }
238
239 if(selectedTab == null)
240 {
241 selectedTab = (TabBean) tabMap.values().iterator().next();
242 }
243 JetspeedUserBean bean = new JetspeedUserBean(user);
244 request.setAttribute(VIEW_USER, bean);
245
246 if (selectedTab.getId().equals(TAB_USER))
247 {
248 request.setAttribute(VIEW_PA_USER_ATTRIBUTES, paUserAttributes);
249 if ( "true".equals(request.getPreferences().getValue("showPasswordOnUserTab", "false")))
250 {
251 request.setAttribute(VIEW_CREDENTIAL, getCredential(request, userName));
252 }
253 }
254 else if (selectedTab.getId().equals(TAB_ROLE))
255 {
256 Collection userRoles = getRoles(request, userName);
257 request.setAttribute(VIEW_ROLES, userRoles );
258
259
260 String refreshRoles = (String)PortletMessaging.consume(request, SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_REFRESH_ROLES);
261 List roles = null;
262 if (refreshRoles == null)
263 {
264 roles = (List) request.getPortletSession().getAttribute(ROLES_CONTROL);
265 }
266
267
268 try
269 {
270 if (roles == null)
271 {
272 roles = new LinkedList();
273 Iterator fullRoles = roleManager.getRoles("");
274 while (fullRoles.hasNext())
275 {
276 Role role = (Role)fullRoles.next();
277 roles.add(role.getPrincipal().getName());
278 }
279 request.getPortletSession().setAttribute(ROLES_CONTROL, roles);
280 }
281 }
282 catch (SecurityException se)
283 {
284 throw new PortletException(se);
285 }
286 ArrayList selectableRoles = new ArrayList(roles);
287 Iterator rolesIter = userRoles.iterator();
288 while ( rolesIter.hasNext() )
289 {
290 Role role = (Role)rolesIter.next();
291 int index = selectableRoles.indexOf(role.getPrincipal().getName());
292 if (index != -1)
293 {
294 selectableRoles.remove(index);
295 }
296 }
297 request.setAttribute(ROLES_CONTROL, selectableRoles);
298
299 }
300 else if (selectedTab.getId().equals(TAB_GROUP))
301 {
302 Collection userGroups = getGroups(request, userName);
303 request.setAttribute(VIEW_GROUPS, userGroups);
304
305
306 String refreshGroups = (String)PortletMessaging.consume(request, SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_REFRESH_GROUPS);
307 List groups = null;
308 if (refreshGroups == null)
309 {
310 groups = (List) request.getPortletSession().getAttribute(GROUPS_CONTROL);
311 }
312
313
314 try
315 {
316 if (groups == null)
317 {
318 groups = new LinkedList();
319 Iterator fullGroups = groupManager.getGroups("");
320 while (fullGroups.hasNext())
321 {
322 Group group = (Group)fullGroups.next();
323 groups.add(group.getPrincipal().getName());
324 }
325 request.getPortletSession().setAttribute(GROUPS_CONTROL, groups);
326 }
327 }
328 catch (SecurityException se)
329 {
330 throw new PortletException(se);
331 }
332 ArrayList selectableGroups = new ArrayList(groups);
333 Iterator groupsIter = userGroups.iterator();
334 while ( groupsIter.hasNext() )
335 {
336 Group group = (Group)groupsIter.next();
337 int index = selectableGroups.indexOf(group.getPrincipal().getName());
338 if (index != -1)
339 {
340 selectableGroups.remove(index);
341 }
342 }
343 request.setAttribute(GROUPS_CONTROL, selectableGroups);
344
345 }
346 else if (selectedTab.getId().equals(TAB_PROFILE))
347 {
348 request.setAttribute(VIEW_RULES, getRules(user));
349 request.setAttribute(VIEW_ALL_RULES, getProfilerRules());
350 }
351 else if (selectedTab.getId().equals(TAB_CREDENTIAL))
352 {
353 request.setAttribute(VIEW_CREDENTIAL, getCredential(request, userName));
354 }
355
356 request.setAttribute(SecurityResources.REQUEST_SELECT_TAB, selectedTab);
357 }
358 else
359 {
360 renderRoleInformation(request);
361 renderProfileInformation(request);
362 renderSubsiteInformation(request);
363 }
364
365 ArrayList errorMessages = (ArrayList)PortletMessaging.consume(request, SecurityResources.TOPIC_USER, SecurityResources.ERROR_MESSAGES);
366 if (errorMessages != null )
367 {
368 request.setAttribute(SecurityResources.ERROR_MESSAGES, errorMessages);
369 }
370
371 super.doView(request, response);
372 }
373
374 protected void initPrefsAndAttr(PortletRequest request)
375 {
376 initPrefsAndAttr = true;
377 if ( userTabMap == null )
378 {
379 userTabMap = new LinkedHashMap();
380 anonymousUserTabMap = new LinkedHashMap();
381 }
382 else
383 {
384 userTabMap.clear();
385 anonymousUserTabMap.clear();
386 }
387
388 TabBean tb;
389 PortletPreferences prefs = request.getPreferences();
390
391 if ( "true".equals(prefs.getValue("showUserTab", "true")) )
392 {
393 tb = new TabBean(TAB_USER);
394 userTabMap.put(tb.getId(), tb);
395 }
396 if ( "true".equals(prefs.getValue("showAttributesTab", "true")) )
397 {
398 tb = new TabBean(TAB_ATTRIBUTES);
399 userTabMap.put(tb.getId(), tb);
400 }
401 if ( "true".equals(prefs.getValue("showPasswordTab", "true")) )
402 {
403 tb = new TabBean(TAB_CREDENTIAL);
404 userTabMap.put(tb.getId(), tb);
405 }
406 if ( "true".equals(prefs.getValue("showRoleTab", "true")) )
407 {
408 tb = new TabBean(TAB_ROLE);
409 userTabMap.put(tb.getId(), tb);
410 anonymousUserTabMap.put(tb.getId(), tb);
411 }
412 if ( "true".equals(prefs.getValue("showGroupTab", "true")) )
413 {
414 tb = new TabBean(TAB_GROUP);
415 userTabMap.put(tb.getId(), tb);
416 anonymousUserTabMap.put(tb.getId(), tb);
417 }
418 if ( "true".equals(prefs.getValue("showProfileTab", "true")) )
419 {
420 tb = new TabBean(TAB_PROFILE);
421 userTabMap.put(tb.getId(), tb);
422 anonymousUserTabMap.put(tb.getId(), tb);
423 }
424
425 paUserAttributes = registry.getPortletApplicationByIdentifier(paIdentifier).getUserAttributes();
426 }
427
428 protected void renderRoleInformation(RenderRequest request)
429 throws PortletException
430 {
431
432 String refreshRoles = (String)PortletMessaging.consume(request, SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_REFRESH_ROLES);
433 List roles = null;
434 if (refreshRoles == null)
435 {
436 roles = (List) request.getPortletSession().getAttribute(ROLES_CONTROL);
437 }
438
439
440 try
441 {
442 if (roles == null)
443 {
444 String adminName = configuration.getString(PortalConfigurationConstants.ROLES_DEFAULT_ADMIN, "admin");
445 String managerName = configuration.getString(PortalConfigurationConstants.ROLES_DEFAULT_MANAGER, "manager");
446 roles = new LinkedList();
447 Iterator fullRoles = roleManager.getRoles("");
448 while (fullRoles.hasNext())
449 {
450 Role role = (Role)fullRoles.next();
451 String roleName = role.getPrincipal().getName();
452
453
454 String username = request.getUserPrincipal().getName();
455 if (roleName.equals(adminName))
456 {
457 if (roleManager.isUserInRole(username, adminName))
458 roles.add(roleName);
459 }
460 else if (roleName.equals(managerName))
461 {
462 if (roleManager.isUserInRole(username, managerName))
463 roles.add(roleName);
464 }
465 else
466 {
467 roles.add(roleName);
468 }
469 }
470 request.getPortletSession().setAttribute(ROLES_CONTROL, roles);
471 }
472 }
473 catch (SecurityException se)
474 {
475 throw new PortletException(se);
476 }
477 request.setAttribute(ROLES_CONTROL, roles);
478 }
479
480 protected void renderProfileInformation(RenderRequest request)
481 {
482
483 String refreshProfiles = (String)PortletMessaging.consume(request,
484 SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_REFRESH_PROFILES);
485 Collection rules = null;
486 if (refreshProfiles == null)
487 {
488 rules = (Collection) request.getPortletSession().getAttribute(RULES_CONTROL);
489 }
490
491
492 if (rules == null)
493 {
494 rules = profiler.getRules();
495 request.getPortletSession().setAttribute(RULES_CONTROL, rules);
496 }
497 request.setAttribute(RULES_CONTROL, rules);
498 }
499
500 protected void renderSubsiteInformation(RenderRequest request)
501 {
502
503 String refreshSubsites = (String)PortletMessaging.consume(request,
504 SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_REFRESH_SUBSITES);
505 Collection subsites = null;
506 if (refreshSubsites == null)
507 {
508 subsites = (Collection) request.getPortletSession().getAttribute(SUBSITES_CONTROL);
509 }
510
511
512 if (subsites == null)
513 {
514 subsites = new ArrayList();
515 SubsiteInfo emptyone = new SubsiteInfo("","");
516 subsites.add(emptyone);
517 String subsiteRoot = request.getPreferences().getValue("subsiteRootFolder", "");
518 if (!subsiteRoot.equals(""))
519 {
520 try
521 {
522 Folder subsiteFolder = pageManager.getFolder(subsiteRoot);
523 NodeSet set = pageManager.getFolders(subsiteFolder);
524 if (set != null && !set.isEmpty())
525 {
526 Iterator setIterator = set.iterator();
527 while (setIterator.hasNext())
528 {
529 Folder f = (Folder)setIterator.next();
530 subsites.add(new SubsiteInfo(f.getPath(), f.getTitle()));
531 }
532 }
533 }
534 catch (FolderNotFoundException fnfe)
535 {
536
537 }
538 catch (Exception e)
539 {
540
541 }
542 }
543 request.getPortletSession().setAttribute(SUBSITES_CONTROL, subsites);
544 }
545 request.setAttribute(SUBSITES_CONTROL, subsites);
546 }
547
548 public void doEdit(RenderRequest request, RenderResponse response)
549 throws PortletException, IOException
550 {
551 response.setContentType("text/html");
552 renderRoleInformation(request);
553 renderProfileInformation(request);
554 renderSubsiteInformation(request);
555 super.doEdit(request, response);
556 }
557
558 public void processAction(ActionRequest actionRequest, ActionResponse actionResponse)
559 throws PortletException, IOException
560 {
561 if (actionRequest.getPortletMode() == PortletMode.EDIT)
562 {
563 PortletPreferences prefs = actionRequest.getPreferences();
564 PreferencesHelper.requestParamsToPreferences(actionRequest);
565 prefs.store();
566 actionResponse.setPortletMode(PortletMode.VIEW);
567 initPrefsAndAttr(actionRequest);
568 actionRequest.getPortletSession().removeAttribute(SUBSITES_CONTROL);
569 return;
570 }
571
572 String selectedTab = actionRequest.getParameter(SecurityResources.REQUEST_SELECT_TAB);
573 if (selectedTab != null)
574 {
575 TabBean tab = (TabBean) userTabMap.get(selectedTab);
576 if (tab != null)
577 {
578 actionRequest.getPortletSession().setAttribute(
579 SecurityResources.REQUEST_SELECT_TAB, tab);
580 }
581 }
582 String action = actionRequest.getParameter(SecurityResources.PORTLET_ACTION);
583 if (action != null && action.equals("remove.user"))
584 {
585 removeUser(actionRequest, actionResponse);
586 }
587 else if (action != null && action.equals("add.new.user"))
588 {
589 PortletMessaging.cancel(actionRequest, SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_SELECTED);
590 }
591 else if (action != null && action.equals("add.user"))
592 {
593 addUser(actionRequest);
594 }
595 else if (action != null && isUserPortletAction(action))
596 {
597 action = getAction(USER_ACTION_PREFIX, action);
598 if (action.endsWith(ACTION_EDIT_USER))
599 {
600 editUser(actionRequest, actionResponse);
601 }
602 else if (action.endsWith(ACTION_UPDATE_ATTRIBUTE))
603 {
604 updateUserAttribute(actionRequest, actionResponse);
605 }
606 else if (action.endsWith(ACTION_REMOVE_ATTRIBUTE))
607 {
608 removeUserAttributes(actionRequest, actionResponse);
609 }
610 else if (action.endsWith(ACTION_ADD_ATTRIBUTE))
611 {
612 addUserAttribute(actionRequest, actionResponse);
613 }
614 else if (action.endsWith(ACTION_REMOVE_ROLE))
615 {
616 removeUserRoles(actionRequest, actionResponse);
617 }
618 else if (action.endsWith(ACTION_ADD_ROLE))
619 {
620 addUserRole(actionRequest, actionResponse);
621 }
622 else if (action.endsWith(ACTION_REMOVE_GROUP))
623 {
624 removeUserGroups(actionRequest, actionResponse);
625 }
626 else if (action.endsWith(ACTION_ADD_GROUP))
627 {
628 addUserGroup(actionRequest, actionResponse);
629 }
630 else if (action.endsWith(this.ACTION_ADD_RULE))
631 {
632 addUserProfile(actionRequest, actionResponse);
633 }
634 else if (action.endsWith(this.ACTION_REMOVE_RULE))
635 {
636 removeUserProfile(actionRequest, actionResponse);
637 }
638 else if (action.endsWith(this.ACTION_UPDATE_CREDENTIAL))
639 {
640 updateUserCredential(actionRequest, actionResponse);
641 }
642 }
643 }
644
645 public void removeUser(ActionRequest actionRequest, ActionResponse actionResponse)
646 throws PortletException
647 {
648 String userName = (String)PortletMessaging.receive(actionRequest,
649 SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_SELECTED);
650 User user = lookupUser(actionRequest, userName);
651 if (user != null)
652 {
653 try
654 {
655 Preferences attributes = user.getUserAttributes();
656 String subsite = attributes.get(User.USER_INFO_SUBSITE, null);
657 userManager.removeUser(userName);
658 PortletMessaging.publish(actionRequest, SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_REFRESH, "true");
659 if (subsite == null)
660 {
661 subsite = Folder.USER_FOLDER + userName;
662 }
663 if (pageManager.folderExists(subsite))
664 {
665 Folder folder = pageManager.getFolder(subsite);
666 pageManager.removeFolder(folder);
667 }
668 audit.logAdminUserActivity(actionRequest.getUserPrincipal().getName(), getIPAddress(actionRequest), userName, AuditActivity.USER_DELETE, USER_ADMINISTRATION);
669
670 PortletMessaging.cancel(actionRequest,SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_SELECTED);
671
672
673 }
674 catch (Exception ex)
675 {
676 SecurityUtil.publishErrorMessage(actionRequest, SecurityResources.TOPIC_USER, ex.getMessage());
677 }
678 }
679 }
680
681 public Principal createPrincipal(Subject subject, Class classe)
682 {
683 Principal principal = null;
684 Iterator principals = subject.getPrincipals().iterator();
685 while (principals.hasNext())
686 {
687 Principal p = (Principal) principals.next();
688 if (classe.isInstance(p))
689 {
690 principal = p;
691 break;
692 }
693 }
694 return principal;
695 }
696
697 private void updateUserCredential(ActionRequest actionRequest, ActionResponse actionResponse)
698 {
699 ResourceBundle bundle = ResourceBundle.getBundle("org.apache.jetspeed.portlets.security.resources.UsersResources",actionRequest.getLocale());
700
701 String userName = (String)PortletMessaging.receive(actionRequest,
702 SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_SELECTED);
703 User user = lookupUser(actionRequest, userName);
704 if (user != null)
705 {
706 try
707 {
708 String password = actionRequest.getParameter("user_cred_value");
709 boolean passwordSet = false;
710 if ( password != null && password.trim().length() > 0 )
711 {
712 userManager.setPassword(userName, null, password);
713 audit.logAdminCredentialActivity(actionRequest.getUserPrincipal().getName(), getIPAddress(actionRequest), userName, AuditActivity.PASSWORD_RESET, USER_ADMINISTRATION);
714 passwordSet = true;
715 }
716 PasswordCredential credential = getCredential(actionRequest, userName);
717 if ( credential != null )
718 {
719 String updateRequiredStr = actionRequest.getParameter("user_cred_updreq");
720 if (updateRequiredStr != null)
721 {
722 boolean updateRequired = Boolean.valueOf(updateRequiredStr).booleanValue();
723 if (updateRequired != credential.isUpdateRequired())
724 {
725 userManager.setPasswordUpdateRequired(userName,updateRequired);
726 audit.logAdminCredentialActivity(actionRequest.getUserPrincipal().getName(), getIPAddress(actionRequest), userName, AuditActivity.PASSWORD_UPDATE_REQUIRED, USER_ADMINISTRATION);
727 }
728 }
729 String enabledStr = actionRequest.getParameter("user_cred_enabled");
730 if (enabledStr != null)
731 {
732 boolean enabled = Boolean.valueOf(enabledStr).booleanValue();
733 if (enabled != credential.isEnabled())
734 {
735 userManager.setPasswordEnabled(userName,enabled);
736 String activity = (enabled) ? AuditActivity.PASSWORD_ENABLED : AuditActivity.PASSWORD_DISABLED;
737 audit.logAdminCredentialActivity(actionRequest.getUserPrincipal().getName(), getIPAddress(actionRequest), userName, activity, USER_ADMINISTRATION);
738 }
739 }
740 String expiredFlagStr = actionRequest.getParameter("user_expired_flag");
741 if (expiredFlagStr != null)
742 {
743 if ( !passwordSet && expiredFlagStr.equals("expired"))
744 {
745 java.sql.Date today = new java.sql.Date(new Date().getTime());
746 userManager.setPasswordExpiration(userName,today);
747 audit.logAdminCredentialActivity(actionRequest.getUserPrincipal().getName(), getIPAddress(actionRequest), userName, AuditActivity.PASSWORD_EXPIRE, USER_ADMINISTRATION);
748 }
749 else if (expiredFlagStr.equals("extend"))
750 {
751 userManager.setPasswordExpiration(userName,null);
752 audit.logAdminCredentialActivity(actionRequest.getUserPrincipal().getName(), getIPAddress(actionRequest), userName, AuditActivity.PASSWORD_EXTEND, USER_ADMINISTRATION);
753 }
754 else if (expiredFlagStr.equals("unlimited"))
755 {
756 userManager.setPasswordExpiration(userName,InternalCredential.MAX_DATE);
757 audit.logAdminCredentialActivity(actionRequest.getUserPrincipal().getName(), getIPAddress(actionRequest), userName, AuditActivity.PASSWORD_UNLIMITED, USER_ADMINISTRATION);
758 }
759 }
760 }
761 }
762 catch ( InvalidPasswordException ipe )
763 {
764 SecurityUtil.publishErrorMessage(actionRequest, SecurityResources.TOPIC_USER, bundle.getString("chgpwd.error.invalidPassword"));
765 }
766 catch ( InvalidNewPasswordException inpe )
767 {
768 SecurityUtil.publishErrorMessage(actionRequest, SecurityResources.TOPIC_USER, bundle.getString("chgpwd.error.invalidNewPassword"));
769 }
770 catch ( PasswordAlreadyUsedException paue )
771 {
772 SecurityUtil.publishErrorMessage(actionRequest, SecurityResources.TOPIC_USER, bundle.getString("chgpwd.error.passwordAlreadyUsed"));
773 }
774 catch (SecurityException e)
775 {
776 SecurityUtil.publishErrorMessage(actionRequest, SecurityResources.TOPIC_USER, e.getMessage());
777 }
778 }
779 }
780
781 private void editUser(ActionRequest actionRequest, ActionResponse actionResponse)
782 {
783 String userName = (String)PortletMessaging.receive(actionRequest,
784 SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_SELECTED);
785 User user = lookupUser(actionRequest, userName);
786 if (user != null)
787 {
788 Iterator attrIter = paUserAttributes.iterator();
789 UserAttribute attr;
790 String value;
791 while( attrIter.hasNext() )
792 {
793 attr = (UserAttribute)attrIter.next();
794 value = actionRequest.getParameter("attr_"+attr.getName());
795 if (value != null)
796 {
797 user.getUserAttributes().put(attr.getName(), value);
798 audit.logAdminAttributeActivity(actionRequest.getUserPrincipal().getName(), getIPAddress(actionRequest), userName, AuditActivity.USER_ADD_ATTRIBUTE, attr.getName(), value, value, USER_ADMINISTRATION);
799 }
800 }
801 }
802 if ( "true".equals(actionRequest.getPreferences().getValue("showPasswordOnUserTab", "false")))
803 {
804 updateUserCredential(actionRequest, actionResponse);
805 }
806 }
807
808 private void updateUserAttribute(ActionRequest actionRequest, ActionResponse actionResponse)
809 {
810 String userName = (String)PortletMessaging.receive(actionRequest,
811 SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_SELECTED);
812 User user = lookupUser(actionRequest, userName);
813 if (user != null)
814 {
815 String[] userAttrNames = actionRequest.getParameterValues("user_attr_id");
816 if(userAttrNames != null)
817 {
818 for (int i=0; i<userAttrNames.length; i++)
819 {
820 String userAttrName = userAttrNames[i];
821 String value = actionRequest.getParameter(userAttrName + ":value");
822 String before = user.getUserAttributes().get(userAttrName, "");
823 user.getUserAttributes().put(userAttrName, value);
824 audit.logAdminAttributeActivity(actionRequest.getUserPrincipal().getName(), getIPAddress(actionRequest), userName, AuditActivity.USER_UPDATE_ATTRIBUTE, userAttrName, before, value, USER_ADMINISTRATION);
825 }
826 }
827 }
828 }
829
830 private void addUserAttribute(ActionRequest actionRequest, ActionResponse actionResponse)
831 {
832 String userName = (String)PortletMessaging.receive(actionRequest,
833 SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_SELECTED);
834 User user = lookupUser(actionRequest, userName);
835 if (user != null)
836 {
837 String userAttrName = actionRequest.getParameter("user_attr_name");
838 String userAttrValue = actionRequest.getParameter("user_attr_value");
839 if (userAttrName != null && userAttrName.trim().length() > 0)
840 {
841 Preferences attributes = user.getUserAttributes();
842 attributes.put(userAttrName, userAttrValue);
843 audit.logAdminAttributeActivity(actionRequest.getUserPrincipal().getName(), getIPAddress(actionRequest), userName, AuditActivity.USER_ADD_ATTRIBUTE, userAttrName, "", userAttrValue, USER_ADMINISTRATION);
844 }
845 }
846 }
847
848 private void removeUserAttributes(ActionRequest actionRequest, ActionResponse actionResponse)
849 {
850 String userName = (String)PortletMessaging.receive(actionRequest,
851 SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_SELECTED);
852
853 User user = lookupUser(actionRequest, userName);
854 if (user != null)
855 {
856 String[] userAttrNames = actionRequest.getParameterValues("user_attr_id");
857
858 if(userAttrNames != null)
859 {
860 Preferences attributes = user.getUserAttributes();
861 for(int ix = 0; ix < userAttrNames.length; ix++)
862 {
863 try
864 {
865 String before = attributes.get(userAttrNames[ix], "");
866 attributes.remove(userAttrNames[ix]);
867 audit.logAdminAttributeActivity(actionRequest.getUserPrincipal().getName(), getIPAddress(actionRequest), userName, AuditActivity.USER_DELETE_ATTRIBUTE, userAttrNames[ix], before, "", USER_ADMINISTRATION);
868 }
869 catch (Exception e)
870 {
871 e.printStackTrace();
872 }
873 }
874 }
875 }
876 }
877
878 private void removeUserRoles(ActionRequest actionRequest, ActionResponse actionResponse)
879 {
880 String userName = (String)PortletMessaging.receive(actionRequest,
881 SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_SELECTED);
882 User user = lookupUser(actionRequest, userName);
883 if (user != null)
884 {
885 String[] roleNames = actionRequest.getParameterValues("user_role_id");
886
887 if(roleNames != null)
888 {
889 for (int ix = 0; ix < roleNames.length; ix++)
890 {
891 try
892 {
893 if (roleManager.roleExists(roleNames[ix]))
894 {
895 roleManager.removeRoleFromUser(userName, roleNames[ix]);
896 audit.logAdminAuthorizationActivity(actionRequest.getUserPrincipal().getName(), getIPAddress(actionRequest), userName, AuditActivity.USER_DELETE_ROLE, roleNames[ix], USER_ADMINISTRATION);
897 }
898 }
899 catch (SecurityException e)
900 {
901 SecurityUtil.publishErrorMessage(actionRequest, SecurityResources.TOPIC_USER, e.getMessage());
902 }
903 }
904 }
905 }
906 }
907
908 private void addUserRole(ActionRequest actionRequest, ActionResponse actionResponse)
909 {
910 String userName = (String)PortletMessaging.receive(actionRequest,
911 SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_SELECTED);
912 User user = lookupUser(actionRequest, userName);
913 if (user != null)
914 {
915 String roleName = actionRequest.getParameter("role_name");
916 if (roleName != null && roleName.trim().length() > 0)
917 {
918 try
919 {
920 roleManager.addRoleToUser(userName, roleName);
921 audit.logAdminAuthorizationActivity(actionRequest.getUserPrincipal().getName(), getIPAddress(actionRequest), userName, AuditActivity.USER_ADD_ROLE, roleName, USER_ADMINISTRATION);
922 }
923 catch (SecurityException e)
924 {
925 SecurityUtil.publishErrorMessage(actionRequest, SecurityResources.TOPIC_USER, e.getMessage());
926 }
927 }
928 }
929 }
930
931 private void removeUserGroups(ActionRequest actionRequest, ActionResponse actionResponse)
932 {
933 String userName = (String)PortletMessaging.receive(actionRequest,
934 SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_SELECTED);
935 User user = lookupUser(actionRequest, userName);
936 if (user != null)
937 {
938 String[] groupNames = actionRequest.getParameterValues("user_group_id");
939
940 if(groupNames != null)
941 {
942 for (int ix = 0; ix < groupNames.length; ix++)
943 {
944 try
945 {
946 if (groupManager.groupExists(groupNames[ix]))
947 {
948 groupManager.removeUserFromGroup(userName, groupNames[ix]);
949 audit.logAdminAuthorizationActivity(actionRequest.getUserPrincipal().getName(), getIPAddress(actionRequest), userName, AuditActivity.USER_DELETE_GROUP, groupNames[ix], USER_ADMINISTRATION);
950 }
951 }
952 catch (SecurityException e)
953 {
954 SecurityUtil.publishErrorMessage(actionRequest, SecurityResources.TOPIC_USER, e.getMessage());
955 }
956 }
957 }
958 }
959 }
960
961 private void addUserGroup(ActionRequest actionRequest, ActionResponse actionResponse)
962 {
963 String userName = (String)PortletMessaging.receive(actionRequest,
964 SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_SELECTED);
965 User user = lookupUser(actionRequest, userName);
966 if (user != null)
967 {
968 String groupName = actionRequest.getParameter("group_name");
969 if (groupName != null && groupName.trim().length() > 0)
970 {
971 try
972 {
973 groupManager.addUserToGroup(userName, groupName);
974 audit.logAdminAuthorizationActivity(actionRequest.getUserPrincipal().getName(), getIPAddress(actionRequest), userName, AuditActivity.USER_ADD_GROUP, groupName, USER_ADMINISTRATION);
975 }
976 catch (SecurityException e)
977 {
978 SecurityUtil.publishErrorMessage(actionRequest, SecurityResources.TOPIC_USER, e.getMessage());
979 }
980 }
981 }
982 }
983
984 private String getAction(String prefix, String action)
985 {
986 return action.substring(prefix.length());
987 }
988
989 private boolean isUserPortletAction(String action)
990 {
991 return action.startsWith(USER_ACTION_PREFIX);
992 }
993
994 private Collection getRoles(PortletRequest request, String userName)
995 {
996 try
997 {
998 return roleManager.getRolesForUser(userName);
999 }
1000 catch (SecurityException e)
1001 {
1002 SecurityUtil.publishErrorMessage(request, SecurityResources.TOPIC_USER, e.getMessage());
1003 }
1004 return new LinkedList();
1005 }
1006
1007 private Collection getGroups(PortletRequest request, String userName)
1008 {
1009 try
1010 {
1011 return groupManager.getGroupsForUser(userName);
1012 }
1013 catch (SecurityException e)
1014 {
1015 SecurityUtil.publishErrorMessage(request, SecurityResources.TOPIC_USER, e.getMessage());
1016 }
1017 return new LinkedList();
1018 }
1019
1020 private PasswordCredential getCredential(User user)
1021 {
1022 PasswordCredential credential = null;
1023
1024 Set credentials = user.getSubject().getPrivateCredentials();
1025 Iterator iter = credentials.iterator();
1026 while (iter.hasNext())
1027 {
1028 Object o = iter.next();
1029 if (o instanceof PasswordCredential)
1030 {
1031 credential = (PasswordCredential)o;
1032 break;
1033 }
1034 }
1035 return credential;
1036 }
1037 private PasswordCredential getCredential(PortletRequest request, String userName)
1038 {
1039 return getCredential(lookupUser(request, userName));
1040 }
1041
1042 private User lookupUser(PortletRequest request, String userName)
1043 {
1044 User user = null;
1045 try
1046 {
1047 user = userManager.getUser(userName);
1048 }
1049 catch (Exception e)
1050 {
1051 SecurityUtil.publishErrorMessage(request, SecurityResources.TOPIC_USER, e.getMessage());
1052 }
1053 return user;
1054 }
1055
1056 private Collection getProfilerRules()
1057 {
1058 return profiler.getRules();
1059 }
1060
1061 private Collection getRules(User user)
1062 {
1063 Principal userPrincipal = createPrincipal(user.getSubject(), UserPrincipal.class);
1064 return profiler.getRulesForPrincipal(userPrincipal);
1065 }
1066
1067 private void addUserProfile(ActionRequest actionRequest, ActionResponse actionResponse)
1068 {
1069 String userName = (String)PortletMessaging.receive(actionRequest,
1070 SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_SELECTED);
1071 User user = lookupUser(actionRequest, userName);
1072 if (user != null)
1073 {
1074 String locatorName = actionRequest.getParameter("locator_name");
1075 if (locatorName != null && locatorName.trim().length() > 0)
1076 {
1077 try
1078 {
1079 Principal userPrincipal = createPrincipal(user.getSubject(), UserPrincipal.class);
1080 String ruleName = actionRequest.getParameter("select_rule");
1081 profiler.setRuleForPrincipal(userPrincipal,
1082 profiler.getRule(ruleName),
1083 locatorName);
1084 audit.logAdminAuthorizationActivity(actionRequest.getUserPrincipal().getName(), getIPAddress(actionRequest), userName, AuditActivity.USER_ADD_PROFILE, ruleName + "-" + locatorName, USER_ADMINISTRATION);
1085 }
1086 catch (Exception e)
1087 {
1088 SecurityUtil.publishErrorMessage(actionRequest, SecurityResources.TOPIC_USER, e.getMessage());
1089 }
1090 }
1091
1092 }
1093 }
1094
1095 private void removeUserProfile(ActionRequest actionRequest, ActionResponse actionResponse)
1096 {
1097 String userName = (String)PortletMessaging.receive(actionRequest,
1098 SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_SELECTED);
1099 User user = lookupUser(actionRequest, userName);
1100 if (user != null)
1101 {
1102 String[] locatorNames = actionRequest.getParameterValues("user_profile_id");
1103
1104 if(locatorNames != null)
1105 {
1106 Principal userPrincipal = createPrincipal(user.getSubject(), UserPrincipal.class);
1107 Collection rules = profiler.getRulesForPrincipal(userPrincipal);
1108 for (int ix = 0; ix < locatorNames.length; ix++)
1109 {
1110 try
1111 {
1112 Iterator it = rules.iterator();
1113 while (it.hasNext())
1114 {
1115 PrincipalRule rule = (PrincipalRule)it.next();
1116 if (rule.getLocatorName().equals(locatorNames[ix]))
1117 {
1118 profiler.deletePrincipalRule(rule);
1119 audit.logAdminAuthorizationActivity(actionRequest.getUserPrincipal().getName(), getIPAddress(actionRequest), userName, AuditActivity.USER_DELETE_PROFILE, rule.getProfilingRule().getId() + "-" + rule.getLocatorName(), USER_ADMINISTRATION);
1120 }
1121 }
1122 }
1123 catch (Exception e)
1124 {
1125 SecurityUtil.publishErrorMessage(actionRequest, SecurityResources.TOPIC_USER, e.getMessage());
1126 }
1127 }
1128 }
1129 }
1130 }
1131
1132 protected void addUser(ActionRequest actionRequest)
1133 {
1134 String userName = actionRequest.getParameter("jetspeed.user");
1135 String password = actionRequest.getParameter("jetspeed.password");
1136 if (!SecurityUtil.isEmpty(userName))
1137 {
1138 try
1139 {
1140 if (SecurityUtil.isEmpty(password))
1141 {
1142 throw new SecurityException(SecurityException.PASSWORD_REQUIRED);
1143 }
1144 userManager.addUser(userName, password);
1145 audit.logAdminUserActivity(actionRequest.getUserPrincipal().getName(), getIPAddress(actionRequest), userName, AuditActivity.USER_CREATE, USER_ADMINISTRATION);
1146
1147 PortletMessaging.publish(actionRequest, SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_REFRESH, "true");
1148 PortletMessaging.publish(actionRequest, SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_SELECTED, userName);
1149
1150 User user = userManager.getUser(userName);
1151
1152 PasswordCredential credential = getCredential(user);
1153 if ( credential != null )
1154 {
1155 String updateRequiredStr = actionRequest.getParameter("user_cred_updreq");
1156 if (updateRequiredStr != null)
1157 {
1158 boolean updateRequired = Boolean.valueOf(updateRequiredStr).booleanValue();
1159 if (updateRequired != credential.isUpdateRequired())
1160 {
1161 userManager.setPasswordUpdateRequired(userName,updateRequired);
1162 }
1163 }
1164 }
1165
1166 String requiredRole = actionRequest.getPreferences().getValue("requiredRole", "");
1167 if (!requiredRole.equals("") && user != null)
1168 {
1169 roleManager.addRoleToUser(userName, requiredRole);
1170 }
1171
1172 String role = actionRequest.getParameter(ROLES_CONTROL);
1173 if (!SecurityUtil.isEmpty(role) && user != null)
1174 {
1175 roleManager.addRoleToUser(userName, role);
1176 }
1177
1178 String templateFolder = actionRequest.getPreferences().getValue("newUserTemplateDirectory", "/_user/template/");
1179 String subsite = actionRequest.getParameter(SUBSITES_CONTROL);
1180 if (SecurityUtil.isEmpty(subsite))
1181 {
1182 subsite = Folder.USER_FOLDER + userName;
1183 }
1184 else
1185 {
1186 subsite = subsite + Folder.USER_FOLDER + userName;
1187 Preferences attributes = user.getUserAttributes();
1188 attributes.put(User.USER_INFO_SUBSITE, subsite);
1189 }
1190
1191
1192 Folder source = pageManager.getFolder(templateFolder);
1193 pageManager.deepCopyFolder(source, subsite, userName);
1194
1195
1196
1197 String rule = actionRequest.getParameter(RULES_CONTROL);
1198 if (!SecurityUtil.isEmpty(rule) && user != null)
1199 {
1200 Principal principal = SecurityUtil.getPrincipal(user.getSubject(), UserPrincipal.class);
1201 profiler.setRuleForPrincipal(principal, profiler.getRule(rule), "page");
1202 }
1203
1204 }
1205 catch (SecurityException sex)
1206 {
1207 SecurityUtil.publishErrorMessage(actionRequest, SecurityResources.TOPIC_USER, sex.getMessage());
1208 }
1209 catch (Exception ex)
1210 {
1211 SecurityUtil.publishErrorMessage(actionRequest, SecurityResources.TOPIC_USER, ex.getMessage());
1212 }
1213 }
1214 }
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225 protected String getIPAddress(PortletRequest request)
1226 {
1227 RequestContext context = (RequestContext)request.getAttribute(PortalReservedParameters.REQUEST_CONTEXT_ATTRIBUTE);
1228 if (context == null)
1229 return "";
1230 return context.getRequest().getRemoteAddr();
1231 }
1232 }