1 |
|
|
2 |
|
|
3 |
|
|
4 |
|
|
5 |
|
|
6 |
|
|
7 |
|
|
8 |
|
|
9 |
|
|
10 |
|
|
11 |
|
|
12 |
|
|
13 |
|
|
14 |
|
|
15 |
|
|
16 |
|
|
17 |
|
package org.apache.jetspeed.security.impl; |
18 |
|
|
19 |
|
import java.security.Principal; |
20 |
|
import java.sql.Date; |
21 |
|
import java.util.ArrayList; |
22 |
|
import java.util.Collection; |
23 |
|
import java.util.HashSet; |
24 |
|
import java.util.Iterator; |
25 |
|
import java.util.LinkedList; |
26 |
|
import java.util.List; |
27 |
|
import java.util.Set; |
28 |
|
import java.util.prefs.BackingStoreException; |
29 |
|
import java.util.prefs.Preferences; |
30 |
|
|
31 |
|
import javax.security.auth.Subject; |
32 |
|
|
33 |
|
import org.apache.commons.logging.Log; |
34 |
|
import org.apache.commons.logging.LogFactory; |
35 |
|
import org.apache.jetspeed.security.AuthenticationProviderProxy; |
36 |
|
import org.apache.jetspeed.security.HierarchyResolver; |
37 |
|
import org.apache.jetspeed.security.SecurityException; |
38 |
|
import org.apache.jetspeed.security.SecurityProvider; |
39 |
|
import org.apache.jetspeed.security.User; |
40 |
|
import org.apache.jetspeed.security.UserManager; |
41 |
|
import org.apache.jetspeed.security.UserPrincipal; |
42 |
|
import org.apache.jetspeed.security.spi.SecurityMappingHandler; |
43 |
|
import org.apache.jetspeed.util.ArgUtil; |
44 |
|
|
45 |
|
|
46 |
|
|
47 |
|
|
48 |
|
|
49 |
|
|
50 |
|
|
51 |
|
|
52 |
|
|
53 |
|
public class UserManagerImpl implements UserManager |
54 |
|
{ |
55 |
|
|
56 |
0 |
private static final Log log = LogFactory.getLog(UserManagerImpl.class); |
57 |
|
|
58 |
|
|
59 |
0 |
private AuthenticationProviderProxy atnProviderProxy = null; |
60 |
|
|
61 |
|
|
62 |
0 |
private SecurityMappingHandler securityMappingHandler = null; |
63 |
|
|
64 |
0 |
private String anonymousUser = "guest"; |
65 |
0 |
private User guest = null; |
66 |
|
|
67 |
|
|
68 |
|
|
69 |
|
|
70 |
|
|
71 |
|
public UserManagerImpl(SecurityProvider securityProvider) |
72 |
0 |
{ |
73 |
0 |
this.atnProviderProxy = securityProvider |
74 |
|
.getAuthenticationProviderProxy(); |
75 |
0 |
this.securityMappingHandler = securityProvider |
76 |
|
.getSecurityMappingHandler(); |
77 |
0 |
} |
78 |
|
|
79 |
|
|
80 |
|
|
81 |
|
|
82 |
|
|
83 |
|
|
84 |
|
|
85 |
|
public UserManagerImpl(SecurityProvider securityProvider, |
86 |
|
String anonymousUser) |
87 |
0 |
{ |
88 |
0 |
this.atnProviderProxy = securityProvider |
89 |
|
.getAuthenticationProviderProxy(); |
90 |
0 |
this.securityMappingHandler = securityProvider |
91 |
|
.getSecurityMappingHandler(); |
92 |
0 |
if (anonymousUser != null) |
93 |
|
{ |
94 |
0 |
this.anonymousUser = anonymousUser; |
95 |
|
} |
96 |
0 |
} |
97 |
|
|
98 |
|
|
99 |
|
|
100 |
|
|
101 |
|
|
102 |
|
|
103 |
|
|
104 |
|
|
105 |
|
|
106 |
|
public UserManagerImpl(SecurityProvider securityProvider, |
107 |
|
HierarchyResolver roleHierarchyResolver, |
108 |
|
HierarchyResolver groupHierarchyResolver) |
109 |
0 |
{ |
110 |
0 |
securityProvider.getSecurityMappingHandler().setRoleHierarchyResolver( |
111 |
|
roleHierarchyResolver); |
112 |
0 |
securityProvider.getSecurityMappingHandler().setGroupHierarchyResolver( |
113 |
|
groupHierarchyResolver); |
114 |
0 |
this.atnProviderProxy = securityProvider |
115 |
|
.getAuthenticationProviderProxy(); |
116 |
0 |
this.securityMappingHandler = securityProvider |
117 |
|
.getSecurityMappingHandler(); |
118 |
0 |
} |
119 |
|
|
120 |
|
|
121 |
|
|
122 |
|
|
123 |
|
|
124 |
|
|
125 |
|
|
126 |
|
|
127 |
|
|
128 |
|
|
129 |
|
|
130 |
|
public UserManagerImpl(SecurityProvider securityProvider, |
131 |
|
HierarchyResolver roleHierarchyResolver, |
132 |
|
HierarchyResolver groupHierarchyResolver, String anonymousUser) |
133 |
0 |
{ |
134 |
0 |
securityProvider.getSecurityMappingHandler().setRoleHierarchyResolver( |
135 |
|
roleHierarchyResolver); |
136 |
0 |
securityProvider.getSecurityMappingHandler().setGroupHierarchyResolver( |
137 |
|
groupHierarchyResolver); |
138 |
0 |
this.atnProviderProxy = securityProvider |
139 |
|
.getAuthenticationProviderProxy(); |
140 |
0 |
this.securityMappingHandler = securityProvider |
141 |
|
.getSecurityMappingHandler(); |
142 |
0 |
if (anonymousUser != null) |
143 |
|
{ |
144 |
0 |
this.anonymousUser = anonymousUser; |
145 |
|
} |
146 |
0 |
} |
147 |
|
|
148 |
|
|
149 |
|
|
150 |
|
|
151 |
|
|
152 |
|
|
153 |
|
public String getAnonymousUser() |
154 |
|
{ |
155 |
0 |
return this.anonymousUser; |
156 |
|
} |
157 |
|
|
158 |
|
|
159 |
|
|
160 |
|
|
161 |
|
|
162 |
|
public boolean authenticate(String username, String password) |
163 |
|
{ |
164 |
0 |
ArgUtil.notNull(new Object[] |
165 |
|
{ username, password}, new String[] |
166 |
|
{ "username", "password"}, |
167 |
|
"authenticate(java.lang.String, java.lang.String)"); |
168 |
|
|
169 |
0 |
boolean authenticated = false; |
170 |
|
try |
171 |
|
{ |
172 |
0 |
if (!getAnonymousUser().equals(username)) |
173 |
|
{ |
174 |
0 |
authenticated = atnProviderProxy.authenticate(username, |
175 |
|
password); |
176 |
0 |
if (authenticated && log.isDebugEnabled()) |
177 |
|
{ |
178 |
0 |
log.debug("Authenticated user: " + username); |
179 |
|
} |
180 |
|
} |
181 |
0 |
} catch (SecurityException e) |
182 |
|
{ |
183 |
|
|
184 |
0 |
} |
185 |
0 |
return authenticated; |
186 |
|
} |
187 |
|
|
188 |
|
|
189 |
|
|
190 |
|
|
191 |
|
|
192 |
|
public void addUser(String username, String password) |
193 |
|
throws SecurityException |
194 |
|
{ |
195 |
0 |
ArgUtil.notNull(new Object[] |
196 |
|
{ username}, new String[] |
197 |
|
{ "username"}, "addUser(java.lang.String, java.lang.String)"); |
198 |
|
|
199 |
0 |
createUser(username, password, atnProviderProxy |
200 |
|
.getDefaultAuthenticationProvider(),false); |
201 |
0 |
} |
202 |
|
|
203 |
|
|
204 |
|
|
205 |
|
|
206 |
|
|
207 |
|
|
208 |
|
|
209 |
|
public void addUser(String username, String password, String atnProviderName) |
210 |
|
throws SecurityException |
211 |
|
{ |
212 |
0 |
ArgUtil.notNull(new Object[] |
213 |
|
{ username}, new String[] |
214 |
|
{ "username"}, "addUser(java.lang.String, java.lang.String)"); |
215 |
|
|
216 |
0 |
createUser(username, password, atnProviderName, false); |
217 |
0 |
} |
218 |
|
|
219 |
|
|
220 |
|
|
221 |
|
|
222 |
|
|
223 |
|
public void importUser(String username, String password, boolean passThrough) |
224 |
|
throws SecurityException |
225 |
|
{ |
226 |
0 |
ArgUtil.notNull(new Object[] |
227 |
|
{ username}, new String[] |
228 |
|
{ "username"}, "addUser(java.lang.String, java.lang.String)"); |
229 |
|
|
230 |
0 |
createUser(username, password, atnProviderProxy |
231 |
|
.getDefaultAuthenticationProvider(),passThrough); |
232 |
0 |
} |
233 |
|
|
234 |
|
|
235 |
|
|
236 |
|
|
237 |
|
|
238 |
|
public void importUser(String username, String password, String atnProviderName, boolean passThrough) |
239 |
|
throws SecurityException |
240 |
|
{ |
241 |
0 |
ArgUtil.notNull(new Object[] |
242 |
|
{ username}, new String[] |
243 |
|
{ "username"}, "addUser(java.lang.String, java.lang.String)"); |
244 |
|
|
245 |
0 |
createUser(username, password, atnProviderName,passThrough); |
246 |
0 |
} |
247 |
|
|
248 |
|
|
249 |
|
|
250 |
|
|
251 |
|
protected void createUser(String username, String password, String atnProviderName, boolean raw) |
252 |
|
throws SecurityException |
253 |
|
{ |
254 |
0 |
ArgUtil |
255 |
|
.notNull(new Object[] |
256 |
|
{ username, atnProviderName}, new String[] |
257 |
|
{ "username", "atnProviderName"}, |
258 |
|
"addUser(java.lang.String, java.lang.String, java.lang.String)"); |
259 |
|
|
260 |
|
|
261 |
|
|
262 |
|
|
263 |
|
|
264 |
0 |
if (userExists(username)) { |
265 |
0 |
throw new SecurityException(SecurityException.USER_ALREADY_EXISTS.create(username)); |
266 |
|
} |
267 |
|
|
268 |
0 |
UserPrincipal userPrincipal = new UserPrincipalImpl(username); |
269 |
0 |
String fullPath = userPrincipal.getFullPath(); |
270 |
|
|
271 |
0 |
Preferences preferences = Preferences.userRoot().node(fullPath); |
272 |
0 |
if (log.isDebugEnabled()) |
273 |
|
{ |
274 |
0 |
log.debug("Added user preferences node: " + fullPath); |
275 |
|
} |
276 |
|
try |
277 |
|
{ |
278 |
0 |
if ((null != preferences) |
279 |
|
&& preferences.absolutePath().equals(fullPath)) |
280 |
|
{ |
281 |
|
|
282 |
0 |
atnProviderProxy.addUserPrincipal(userPrincipal); |
283 |
0 |
if (password != null) |
284 |
|
{ |
285 |
|
try |
286 |
|
{ |
287 |
|
|
288 |
0 |
if (raw) |
289 |
0 |
atnProviderProxy.importPassword(username, password,atnProviderName); |
290 |
|
else |
291 |
0 |
atnProviderProxy.setPassword(username, null, password,atnProviderName); |
292 |
|
} |
293 |
0 |
catch (SecurityException se1) |
294 |
|
{ |
295 |
|
try |
296 |
|
{ |
297 |
|
|
298 |
0 |
atnProviderProxy.removeUserPrincipal(userPrincipal); |
299 |
|
} |
300 |
0 |
catch (SecurityException se2) |
301 |
|
{ |
302 |
0 |
log.error("Failed to rollback created user after its password turned out to be invalid", se2); |
303 |
0 |
} |
304 |
0 |
throw se1; |
305 |
0 |
} |
306 |
|
} |
307 |
0 |
if (log.isDebugEnabled()) |
308 |
|
{ |
309 |
0 |
log.debug("Added user: " + fullPath); |
310 |
|
} |
311 |
|
} |
312 |
0 |
} catch (SecurityException se) |
313 |
|
{ |
314 |
0 |
log.error(se.getMessage(), se); |
315 |
|
|
316 |
|
|
317 |
|
try |
318 |
|
{ |
319 |
0 |
preferences.removeNode(); |
320 |
0 |
} catch (BackingStoreException bse) |
321 |
|
{ |
322 |
0 |
bse.printStackTrace(); |
323 |
0 |
} |
324 |
0 |
throw se; |
325 |
0 |
} |
326 |
0 |
} |
327 |
|
|
328 |
|
|
329 |
|
|
330 |
|
|
331 |
|
|
332 |
|
|
333 |
|
|
334 |
|
|
335 |
|
public void removeUser(String username) throws SecurityException |
336 |
|
{ |
337 |
0 |
ArgUtil.notNull(new Object[] |
338 |
|
{ username}, new String[] |
339 |
|
{ "username"}, "removeUser(java.lang.String)"); |
340 |
|
|
341 |
0 |
if (getAnonymousUser().equals(username)) { throw new SecurityException( |
342 |
|
SecurityException.ANONYMOUS_USER_PROTECTED.create(username)); } |
343 |
0 |
UserPrincipal userPrincipal = new UserPrincipalImpl(username); |
344 |
0 |
String fullPath = userPrincipal.getFullPath(); |
345 |
0 |
atnProviderProxy.removeUserPrincipal(userPrincipal); |
346 |
|
|
347 |
0 |
Preferences preferences = Preferences.userRoot().node(fullPath); |
348 |
|
try |
349 |
|
{ |
350 |
0 |
preferences.removeNode(); |
351 |
0 |
} catch (BackingStoreException bse) |
352 |
|
{ |
353 |
0 |
bse.printStackTrace(); |
354 |
0 |
} |
355 |
0 |
} |
356 |
|
|
357 |
|
|
358 |
|
|
359 |
|
|
360 |
|
public boolean userExists(String username) |
361 |
|
{ |
362 |
0 |
ArgUtil.notNull(new Object[] |
363 |
|
{ username}, new String[] |
364 |
|
{ "username"}, "userExists(java.lang.String)"); |
365 |
|
|
366 |
0 |
return atnProviderProxy.getUserPrincipal(username) != null; |
367 |
|
} |
368 |
|
|
369 |
|
|
370 |
|
|
371 |
|
|
372 |
|
public User getUser(String username) throws SecurityException |
373 |
|
{ |
374 |
0 |
ArgUtil.notNull(new Object[] |
375 |
|
{ username}, new String[] |
376 |
|
{ "username"}, "getUser(java.lang.String)"); |
377 |
|
|
378 |
|
|
379 |
0 |
if (guest != null && getAnonymousUser().equals(username)) |
380 |
|
{ |
381 |
|
|
382 |
0 |
return guest; |
383 |
|
} |
384 |
|
|
385 |
0 |
Set principals = new PrincipalsSet(); |
386 |
0 |
String fullPath = (new UserPrincipalImpl(username)).getFullPath(); |
387 |
|
|
388 |
0 |
Principal userPrincipal = atnProviderProxy.getUserPrincipal(username); |
389 |
0 |
if (null == userPrincipal) { |
390 |
0 |
throw new SecurityException(SecurityException.USER_DOES_NOT_EXIST.create(username)); |
391 |
|
} |
392 |
|
|
393 |
0 |
principals.add(userPrincipal); |
394 |
0 |
principals.addAll(securityMappingHandler.getRolePrincipals(username)); |
395 |
0 |
principals.addAll(securityMappingHandler.getGroupPrincipals(username)); |
396 |
|
|
397 |
0 |
Subject subject = null; |
398 |
0 |
if (getAnonymousUser().equals(username)) |
399 |
|
{ |
400 |
0 |
subject = new Subject(true, principals, class="keyword">new HashSet(), |
401 |
|
new HashSet()); |
402 |
|
} else |
403 |
|
{ |
404 |
0 |
subject = new Subject(true, principals, atnProviderProxy |
405 |
|
.getPublicCredentials(username), atnProviderProxy |
406 |
|
.getPrivateCredentials(username)); |
407 |
|
} |
408 |
0 |
Preferences preferences = Preferences.userRoot().node(fullPath); |
409 |
0 |
User user = new UserImpl(subject, preferences); |
410 |
0 |
if (getAnonymousUser().equals(username)) |
411 |
|
{ |
412 |
0 |
guest = user; |
413 |
|
} |
414 |
0 |
return user; |
415 |
|
} |
416 |
|
|
417 |
|
|
418 |
|
|
419 |
|
|
420 |
|
public Iterator getUsers(String filter) throws SecurityException |
421 |
|
{ |
422 |
0 |
List users = new LinkedList(); |
423 |
0 |
Iterator userPrincipals = atnProviderProxy.getUserPrincipals(filter) |
424 |
|
.iterator(); |
425 |
0 |
while (userPrincipals.hasNext()) |
426 |
|
{ |
427 |
0 |
String username = ((Principal) userPrincipals.next()).getName(); |
428 |
0 |
User user = getUser(username); |
429 |
0 |
users.add(user); |
430 |
0 |
} |
431 |
0 |
return users.iterator(); |
432 |
|
} |
433 |
|
|
434 |
|
|
435 |
|
|
436 |
|
|
437 |
|
public Iterator getUserNames(String filter) throws SecurityException |
438 |
|
{ |
439 |
0 |
List usernames = new LinkedList(); |
440 |
0 |
Iterator userPrincipals = atnProviderProxy.getUserPrincipals(filter).iterator(); |
441 |
0 |
while (userPrincipals.hasNext()) |
442 |
|
{ |
443 |
0 |
usernames.add(((Principal) userPrincipals.next()).getName()); |
444 |
|
} |
445 |
0 |
return usernames.iterator(); |
446 |
|
} |
447 |
|
|
448 |
|
|
449 |
|
|
450 |
|
|
451 |
|
public Collection getUsersInRole(String roleFullPathName) |
452 |
|
throws SecurityException |
453 |
|
{ |
454 |
0 |
ArgUtil.notNull(new Object[] |
455 |
|
{ roleFullPathName}, new String[] |
456 |
|
{ "roleFullPathName"}, "getUsersInRole(java.lang.String)"); |
457 |
|
|
458 |
0 |
Collection users = new ArrayList(); |
459 |
|
|
460 |
0 |
Set userPrincipals = securityMappingHandler |
461 |
|
.getUserPrincipalsInRole(roleFullPathName); |
462 |
0 |
Iterator userPrincipalsIter = userPrincipals.iterator(); |
463 |
0 |
while (userPrincipalsIter.hasNext()) |
464 |
|
{ |
465 |
0 |
Principal userPrincipal = (Principal) userPrincipalsIter.next(); |
466 |
0 |
users.add(getUser(userPrincipal.getName())); |
467 |
0 |
} |
468 |
0 |
return users; |
469 |
|
} |
470 |
|
|
471 |
|
|
472 |
|
|
473 |
|
|
474 |
|
public Collection getUsersInGroup(String groupFullPathName) |
475 |
|
throws SecurityException |
476 |
|
{ |
477 |
0 |
ArgUtil.notNull(new Object[] |
478 |
|
{ groupFullPathName}, new String[] |
479 |
|
{ "groupFullPathName"}, "getUsersInGroup(java.lang.String)"); |
480 |
|
|
481 |
0 |
Collection users = new ArrayList(); |
482 |
|
|
483 |
0 |
Set userPrincipals = securityMappingHandler |
484 |
|
.getUserPrincipalsInGroup(groupFullPathName); |
485 |
0 |
Iterator userPrincipalsIter = userPrincipals.iterator(); |
486 |
0 |
while (userPrincipalsIter.hasNext()) |
487 |
|
{ |
488 |
0 |
Principal userPrincipal = (Principal) userPrincipalsIter.next(); |
489 |
0 |
users.add(getUser(userPrincipal.getName())); |
490 |
0 |
} |
491 |
0 |
return users; |
492 |
|
} |
493 |
|
|
494 |
|
|
495 |
|
|
496 |
|
|
497 |
|
|
498 |
|
|
499 |
|
|
500 |
|
public void setPassword(String username, String oldPassword, |
501 |
|
String newPassword) throws SecurityException |
502 |
|
{ |
503 |
0 |
ArgUtil |
504 |
|
.notNull(new Object[] |
505 |
|
{ username, newPassword}, new String[] |
506 |
|
{ "username", "newPassword"}, |
507 |
|
"setPassword(java.lang.String, java.lang.String, java.lang.String)"); |
508 |
|
|
509 |
0 |
if (getAnonymousUser().equals(username)) { throw new SecurityException( |
510 |
|
SecurityException.ANONYMOUS_USER_PROTECTED.create(username)); } |
511 |
0 |
atnProviderProxy.setPassword(username, oldPassword, newPassword); |
512 |
0 |
} |
513 |
|
|
514 |
|
|
515 |
|
|
516 |
|
|
517 |
|
|
518 |
|
public void setPasswordEnabled(String userName, boolean enabled) |
519 |
|
throws SecurityException |
520 |
|
{ |
521 |
0 |
ArgUtil.notNull(new Object[] |
522 |
|
{ userName,}, new String[] |
523 |
|
{ "userName"}, "setPasswordEnabled(java.lang.String, boolean)"); |
524 |
|
|
525 |
0 |
if (getAnonymousUser().equals(userName)) { throw new SecurityException( |
526 |
|
SecurityException.ANONYMOUS_USER_PROTECTED.create(userName)); } |
527 |
0 |
atnProviderProxy.setPasswordEnabled(userName, enabled); |
528 |
0 |
} |
529 |
|
|
530 |
|
|
531 |
|
|
532 |
|
|
533 |
|
|
534 |
|
public void setPasswordUpdateRequired(String userName, |
535 |
|
boolean updateRequired) throws SecurityException |
536 |
|
{ |
537 |
0 |
ArgUtil.notNull(new Object[] |
538 |
|
{ userName,}, new String[] |
539 |
|
{ "userName"}, "setPasswordUpdateRequired(java.lang.String, boolean)"); |
540 |
|
|
541 |
0 |
if (getAnonymousUser().equals(userName)) { throw new SecurityException( |
542 |
|
SecurityException.ANONYMOUS_USER_PROTECTED.create(userName)); } |
543 |
0 |
atnProviderProxy.setPasswordUpdateRequired(userName, updateRequired); |
544 |
0 |
} |
545 |
|
|
546 |
|
|
547 |
|
|
548 |
|
|
549 |
|
|
550 |
|
public void setUserEnabled(String userName, boolean enabled) throws SecurityException |
551 |
|
{ |
552 |
0 |
ArgUtil.notNull(new Object[] { userName, }, class="keyword">new String[] { "userName" }, |
553 |
|
"setUserEnabled(java.lang.String, boolean)"); |
554 |
|
|
555 |
0 |
if (getAnonymousUser().equals(userName)) |
556 |
|
{ |
557 |
0 |
throw new SecurityException(SecurityException.ANONYMOUS_USER_PROTECTED.create(userName)); |
558 |
|
} |
559 |
|
|
560 |
0 |
UserPrincipalImpl userPrincipal = (UserPrincipalImpl)atnProviderProxy.getUserPrincipal(userName); |
561 |
0 |
if (null == userPrincipal) |
562 |
|
{ |
563 |
0 |
throw new SecurityException(SecurityException.USER_DOES_NOT_EXIST.create(userName)); |
564 |
|
} |
565 |
0 |
if ( enabled != userPrincipal.isEnabled() ) |
566 |
|
{ |
567 |
0 |
userPrincipal.setEnabled(enabled); |
568 |
0 |
atnProviderProxy.updateUserPrincipal(userPrincipal); |
569 |
|
} |
570 |
0 |
} |
571 |
|
|
572 |
|
|
573 |
|
|
574 |
|
|
575 |
|
public void setPasswordExpiration(String userName, Date expirationDate) throws SecurityException |
576 |
|
{ |
577 |
0 |
ArgUtil.notNull(new Object[] |
578 |
|
{ userName,}, new String[] |
579 |
|
{ "userName"}, "setPasswordExpiration(java.lang.String, java.sql.Date)"); |
580 |
|
|
581 |
0 |
if (getAnonymousUser().equals(userName)) |
582 |
|
{ |
583 |
0 |
throw new SecurityException(SecurityException.ANONYMOUS_USER_PROTECTED.create(userName)); |
584 |
|
} |
585 |
0 |
atnProviderProxy.setPasswordExpiration(userName, expirationDate); |
586 |
0 |
} |
587 |
|
} |