1 package org.apache.turbine.services.security.db;
2
3 /* ====================================================================
4 * The Apache Software License, Version 1.1
5 *
6 * Copyright (c) 2001 The Apache Software Foundation. All rights
7 * reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. The end-user documentation included with the redistribution,
22 * if any, must include the following acknowledgment:
23 * "This product includes software developed by the
24 * Apache Software Foundation (http://www.apache.org/)."
25 * Alternately, this acknowledgment may appear in the software itself,
26 * if and wherever such third-party acknowledgments normally appear.
27 *
28 * 4. The names "Apache" and "Apache Software Foundation" and
29 * "Apache Turbine" must not be used to endorse or promote products
30 * derived from this software without prior written permission. For
31 * written permission, please contact apache@apache.org.
32 *
33 * 5. Products derived from this software may not be called "Apache",
34 * "Apache Turbine", nor may "Apache" appear in their name, without
35 * prior written permission of the Apache Software Foundation.
36 *
37 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
38 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
39 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
40 * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
43 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
44 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
45 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
46 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
47 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
48 * SUCH DAMAGE.
49 * ====================================================================
50 *
51 * This software consists of voluntary contributions made by many
52 * individuals on behalf of the Apache Software Foundation. For more
53 * information on the Apache Software Foundation, please see
54 * <http://www.apache.org/>.
55 */
56
57 import java.util.ArrayList;
58 import java.util.Hashtable;
59 import java.util.Iterator;
60 import java.util.List;
61 import java.util.Vector;
62 import org.apache.torque.om.BaseObject;
63 import org.apache.torque.util.Criteria;
64 import org.apache.turbine.om.security.Group;
65 import org.apache.turbine.om.security.Permission;
66 import org.apache.turbine.om.security.Role;
67 import org.apache.turbine.om.security.SecurityObject;
68 import org.apache.turbine.om.security.TurbineGroup;
69 import org.apache.turbine.om.security.TurbinePermission;
70 import org.apache.turbine.om.security.TurbineRole;
71 import org.apache.turbine.om.security.User;
72 import org.apache.turbine.om.security.peer.GroupPeer;
73 import org.apache.turbine.om.security.peer.PermissionPeer;
74 import org.apache.turbine.om.security.peer.RolePeer;
75 import org.apache.turbine.om.security.peer.RolePermissionPeer;
76 import org.apache.turbine.om.security.peer.UserGroupRolePeer;
77 import org.apache.turbine.om.security.peer.UserPeer;
78 import org.apache.turbine.services.security.BaseSecurityService;
79 import org.apache.turbine.services.security.TurbineSecurity;
80 import org.apache.turbine.util.Log;
81 import org.apache.turbine.util.security.AccessControlList;
82 import org.apache.turbine.util.security.DataBackendException;
83 import org.apache.turbine.util.security.EntityExistsException;
84 import org.apache.turbine.util.security.GroupSet;
85 import org.apache.turbine.util.security.PermissionSet;
86 import org.apache.turbine.util.security.RoleSet;
87 import org.apache.turbine.util.security.UnknownEntityException;
88
89 /***
90 * An implementation of SecurityService that uses a database as backend.
91 *
92 * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a>
93 * @author <a href="mailto:marco@intermeta.de">Marco Knüttel</a>
94 * @version $Id: DBSecurityService.java,v 1.6 2002/07/11 07:34:31 mpoeschl Exp $
95 */
96 public class DBSecurityService extends BaseSecurityService
97 {
98 /***
99 * The key within services's properties for user implementation
100 * classname (user.class) - Leandro
101 */
102 public static final String USER_PEER_CLASS_KEY = "userPeer.class";
103
104 /***
105 * The default implementation of User interface
106 * (org.apache.turbine.om.security.DBUser)
107 */
108 public static final String USER_PEER_CLASS_DEFAULT =
109 "org.apache.turbine.om.security.peer.TurbineUserPeer";
110
111 /*-----------------------------------------------------------------------
112 Creation of AccessControlLists
113 -----------------------------------------------------------------------*/
114
115 /***
116 * Constructs an AccessControlList for a specific user.
117 *
118 * This method creates a snapshot of the state of security information
119 * concerning this user, at the moment of invocation and stores it
120 * into an AccessControlList object.
121 *
122 * @param user the user for whom the AccessControlList are to be retrieved
123 * @throws DataBackendException if there was an error accessing the data backend.
124 * @throws UnknownEntityException if user account is not present.
125 */
126 public AccessControlList getACL( User user )
127 throws DataBackendException, UnknownEntityException
128 {
129 if(!TurbineSecurity.accountExists(user))
130 {
131 throw new UnknownEntityException("The account '" +
132 user.getUserName() + "' does not exist");
133 }
134 try
135 {
136 Hashtable roles = new Hashtable();
137 Hashtable permissions = new Hashtable();
138 // notify the state modifiers (writers) that we want to create the snapshot.
139 lockShared();
140
141 // construct the snapshot:
142
143 // foreach group in the system
144 Iterator groupsIterator = getAllGroups().elements();
145 while(groupsIterator.hasNext())
146 {
147 Group group = (Group)groupsIterator.next();
148 // get roles of user in the group
149 RoleSet groupRoles = RolePeer.retrieveSet( user, group );
150 // put the Set into roles(group)
151 roles.put(group, groupRoles);
152 // collect all permissoins in this group
153 PermissionSet groupPermissions = new PermissionSet();
154 // foreach role in Set
155 Iterator rolesIterator = groupRoles.elements();
156 while(rolesIterator.hasNext())
157 {
158 Role role = (Role)rolesIterator.next();
159 // get permissions of the role
160 PermissionSet rolePermissions = PermissionPeer.retrieveSet(role);
161 groupPermissions.add(rolePermissions);
162 }
163 // put the Set into permissions(group)
164 permissions.put(group, groupPermissions);
165 }
166 return new AccessControlList(roles, permissions);
167 }
168 catch(Exception e)
169 {
170 throw new DataBackendException("Failed to build ACL for user '" +
171 user.getUserName() + "'" , e);
172 }
173 finally
174 {
175 // notify the state modifiers that we are done creating the snapshot.
176 unlockShared();
177 }
178 }
179
180 /*-----------------------------------------------------------------------
181 Security management
182 -----------------------------------------------------------------------*/
183
184 /***
185 * Grant an User a Role in a Group.
186 *
187 * @param User the user.
188 * @param Group the group.
189 * @param Role the role.
190 * @throws DataBackendException if there was an error accessing the data backend.
191 * @throws UnknownEntityException if user account, group or role is not present.
192 */
193 public synchronized void grant( User user, Group group, Role role )
194 throws DataBackendException, UnknownEntityException
195 {
196 boolean userExists = false;
197 boolean groupExists = false;
198 boolean roleExists = false;
199 try
200 {
201 lockExclusive();
202 userExists=TurbineSecurity.accountExists(user);
203 groupExists=checkExists(group);
204 roleExists=checkExists(role);
205 if(userExists && groupExists && roleExists)
206 {
207 Criteria criteria = new Criteria();
208 criteria.add(UserGroupRolePeer.USER_ID,
209 ((BaseObject)user).getPrimaryKey());
210 criteria.add(UserGroupRolePeer.GROUP_ID, ((BaseObject)group).getPrimaryKey());
211 criteria.add(UserGroupRolePeer.ROLE_ID, ((TurbineRole)role).getPrimaryKey());
212 UserGroupRolePeer.doInsert(criteria);
213 return;
214 }
215 }
216 catch(Exception e)
217 {
218 throw new DataBackendException("grant(User,Group,Role) failed", e);
219 }
220 finally
221 {
222 unlockExclusive();
223 }
224 if(!userExists)
225 {
226 throw new UnknownEntityException("Unknown user '" +
227 user.getUserName() + "'");
228 }
229 if(!groupExists)
230 {
231 throw new UnknownEntityException("Unknown group '" +
232 ((SecurityObject)group).getName() + "'");
233 }
234 if(!roleExists)
235 {
236 throw new UnknownEntityException("Unknown role '" +
237 role.getName() + "'");
238 }
239 }
240
241 /***
242 * Revoke a Role in a Group from an User.
243 *
244 * @param User the user.
245 * @param Group the group.
246 * @param Role the role.
247 * @throws DataBackendException if there was an error accessing the data backend.
248 * @throws UnknownEntityException if user account, group or role is not present.
249 */
250 public synchronized void revoke( User user, Group group, Role role )
251 throws DataBackendException, UnknownEntityException
252 {
253 boolean userExists = false;
254 boolean groupExists = false;
255 boolean roleExists = false;
256 try
257 {
258 lockExclusive();
259 userExists=TurbineSecurity.accountExists(user);
260 groupExists=checkExists(group);
261 roleExists=checkExists(role);
262 if(userExists && groupExists && roleExists)
263 {
264 Criteria criteria = new Criteria();
265 criteria.add(UserGroupRolePeer.USER_ID,
266 ((BaseObject)user).getPrimaryKey());
267 criteria.add(UserGroupRolePeer.GROUP_ID,
268 ((BaseObject)group).getPrimaryKey());
269 criteria.add(UserGroupRolePeer.ROLE_ID, ((TurbineRole)role).getPrimaryKey());
270 UserGroupRolePeer.doDelete(criteria);
271 return;
272 }
273 }
274 catch(Exception e)
275 {
276 throw new DataBackendException("revoke(User,Role,Group) failed", e);
277 }
278 finally
279 {
280 unlockExclusive();
281 }
282 if(!userExists)
283 {
284 throw new UnknownEntityException("Unknown user '" +
285 user.getUserName() + "'");
286 }
287 if(!groupExists)
288 {
289 throw new UnknownEntityException("Unknown group '" +
290 ((SecurityObject)group).getName() + "'");
291 }
292 if(!roleExists)
293 {
294 throw new UnknownEntityException("Unknown role '" +
295 role.getName() + "'");
296 }
297 }
298
299 /***
300 * Revokes all roles from an User.
301 *
302 * This method is used when deleting an account.
303 *
304 * @param user the User.
305 * @throws DataBackendException if there was an error accessing the data backend.
306 * @throws UnknownEntityException if the account is not present.
307 */
308 public synchronized void revokeAll( User user )
309 throws DataBackendException, UnknownEntityException
310 {
311 boolean userExists = false;
312 try
313 {
314 lockExclusive();
315 userExists=TurbineSecurity.accountExists(user);
316 if(userExists)
317 {
318 // The following would not work, due to an annoying misfeature of Village.
319 // Village allows only a single row to be deleted at a time. I wish that
320 // it was possible to disable this behaviour!
321
322 // Criteria criteria = new Criteria();
323 // criteria.add(UserGroupRolePeer.USER_ID, ((BaseObject)user).getPrimaryKey());
324 // UserGroupRolePeer.doDelete(criteria);
325 int id = ((BaseObject)user).getPrimaryKeyAsInt();
326 UserGroupRolePeer.deleteAll(UserGroupRolePeer.TABLE_NAME, UserGroupRolePeer.USER_ID, id);
327 return;
328 }
329 }
330 catch(Exception e)
331 {
332 throw new DataBackendException("revokeAll(User) failed", e);
333 }
334 finally
335 {
336 unlockExclusive();
337 }
338 throw new UnknownEntityException("Unknown user '"+user.getUserName()+"'");
339 }
340
341 /***
342 * Grants a Role a Permission
343 *
344 * @param role the Role.
345 * @param permission the Permission.
346 * @throws DataBackendException if there was an error accessing the data backend.
347 * @throws UnknownEntityException if role or permission is not present.
348 */
349 public synchronized void grant( Role role, Permission permission )
350 throws DataBackendException, UnknownEntityException
351 {
352 boolean roleExists = false;
353 boolean permissionExists = false;
354 try
355 {
356 lockExclusive();
357 roleExists=checkExists(role);
358 permissionExists=checkExists(permission);
359 if(roleExists && permissionExists)
360 {
361 Criteria criteria = new Criteria();
362 criteria.add(RolePermissionPeer.ROLE_ID, ((TurbineRole)role).getPrimaryKey());
363 criteria.add(RolePermissionPeer.PERMISSION_ID,
364 ((BaseObject)permission).getPrimaryKey());
365 UserGroupRolePeer.doInsert(criteria);
366 return;
367 }
368 }
369 catch(Exception e)
370 {
371 throw new DataBackendException("grant(Role,Permission) failed", e);
372 }
373 finally
374 {
375 unlockExclusive();
376 }
377 if(!roleExists)
378 {
379 throw new UnknownEntityException("Unknown role '" +
380 role.getName() + "'");
381 }
382 if(!permissionExists)
383 {
384 throw new UnknownEntityException("Unknown permission '" +
385 ((SecurityObject)permission).getName() + "'");
386 }
387 }
388
389 /***
390 * Revokes a Permission from a Role.
391 *
392 * @param role the Role.
393 * @param permission the Permission.
394 * @throws DataBackendException if there was an error accessing the data backend.
395 * @throws UnknownEntityException if role or permission is not present.
396 */
397 public synchronized void revoke( Role role, Permission permission )
398 throws DataBackendException, UnknownEntityException
399 {
400 boolean roleExists = false;
401 boolean permissionExists = false;
402 try
403 {
404 lockExclusive();
405 roleExists=checkExists(role);
406 permissionExists=checkExists(permission);
407 if(roleExists && permissionExists)
408 {
409 Criteria criteria = new Criteria();
410 criteria.add(RolePermissionPeer.ROLE_ID, ((TurbineRole)role).getPrimaryKey());
411 criteria.add(RolePermissionPeer.PERMISSION_ID,
412 ((BaseObject)permission).getPrimaryKey());
413 RolePermissionPeer.doDelete(criteria);
414 return;
415 }
416 }
417 catch(Exception e)
418 {
419 throw new DataBackendException("revoke(Role,Permission) failed", e);
420 }
421 finally
422 {
423 unlockExclusive();
424 }
425 if(!roleExists)
426 {
427 throw new UnknownEntityException("Unknown role '" +
428 role.getName() + "'");
429 }
430 if(!permissionExists)
431 {
432 throw new UnknownEntityException("Unknown permission '" +
433 ((SecurityObject)permission).getName() + "'");
434 }
435 }
436
437 /***
438 * Revokes all permissions from a Role.
439 *
440 * This method is user when deleting a Role.
441 *
442 * @param role the Role
443 * @throws DataBackendException if there was an error accessing the data backend.
444 * @throws UnknownEntityException if the Role is not present.
445 */
446 public synchronized void revokeAll( Role role )
447 throws DataBackendException, UnknownEntityException
448 {
449 boolean roleExists = false;
450 try
451 {
452 lockExclusive();
453 roleExists=checkExists(role);
454 if(roleExists)
455 {
456 // The following would not work, due to an annoying misfeature of Village.
457 // see revokeAll( user )
458
459 // Criteria criteria = new Criteria();
460 // criteria.add(RolePermissionPeer.ROLE_ID, role.getPrimaryKey());
461 // RolePermissionPeer.doDelete(criteria);
462
463 int id = ((TurbineRole)role).getPrimaryKeyAsInt();
464 RolePermissionPeer.deleteAll(RolePermissionPeer.TABLE_NAME,
465 RolePermissionPeer.ROLE_ID, id);
466 return;
467 }
468 }
469 catch(Exception e)
470 {
471 throw new DataBackendException("revokeAll(Role) failed", e);
472 }
473 finally
474 {
475 unlockExclusive();
476 }
477 throw new UnknownEntityException("Unknown role '" + role.getName() + "'");
478 }
479
480 /*-----------------------------------------------------------------------
481 Group/Role/Permission management
482 -----------------------------------------------------------------------*/
483
484 /***
485 * Retrieve a set of Groups that meet the specified Criteria.
486 *
487 * @param a Criteria of Group selection.
488 * @return a set of Groups that meet the specified Criteria.
489 */
490 public GroupSet getGroups( Criteria criteria )
491 throws DataBackendException
492 {
493 Criteria dbCriteria = new Criteria();
494 Iterator keys = criteria.keySet().iterator();
495 while(keys.hasNext())
496 {
497 String key = (String)keys.next();
498 dbCriteria.put(GroupPeer.getColumnName(key), criteria.get(key));
499 }
500 List groups = new ArrayList(0);
501 try
502 {
503 groups = GroupPeer.doSelect(criteria);
504 }
505 catch(Exception e)
506 {
507 throw new DataBackendException("getGroups(Criteria) failed", e);
508 }
509 return new GroupSet(groups);
510 }
511
512 /***
513 * Retrieve a set of Roles that meet the specified Criteria.
514 *
515 * @param a Criteria of Roles selection.
516 * @return a set of Roles that meet the specified Criteria.
517 */
518 public RoleSet getRoles( Criteria criteria )
519 throws DataBackendException
520 {
521 Criteria dbCriteria = new Criteria();
522 Iterator keys = criteria.keySet().iterator();
523 while(keys.hasNext())
524 {
525 String key = (String)keys.next();
526 dbCriteria.put(RolePeer.getColumnName(key), criteria.get(key));
527 }
528 List roles = new ArrayList(0);
529 try
530 {
531 roles = RolePeer.doSelect(criteria);
532 }
533 catch(Exception e)
534 {
535 throw new DataBackendException("getRoles(Criteria) failed", e);
536 }
537 return new RoleSet(roles);
538 }
539
540 /***
541 * Retrieve a set of Permissions that meet the specified Criteria.
542 *
543 * @param a Criteria of Permissions selection.
544 * @return a set of Permissions that meet the specified Criteria.
545 */
546 public PermissionSet getPermissions(Criteria criteria)
547 throws DataBackendException
548 {
549 Criteria dbCriteria = new Criteria();
550 Iterator keys = criteria.keySet().iterator();
551 while(keys.hasNext())
552 {
553 String key = (String)keys.next();
554 dbCriteria.put(PermissionPeer.getColumnName(key), criteria.get(key));
555 }
556 List permissions = new Vector(0);
557 try
558 {
559 permissions = PermissionPeer.doSelect(criteria);
560 }
561 catch(Exception e)
562 {
563 throw new DataBackendException("getPermissions(Criteria) failed", e);
564 }
565 return new PermissionSet(permissions);
566 }
567
568 /***
569 * Retrieves all permissions associated with a role.
570 *
571 * @param role the role name, for which the permissions are to be retrieved.
572 * @throws DataBackendException if there was an error accessing the data backend.
573 * @throws UnknownEntityException if the role is not present.
574 */
575 public PermissionSet getPermissions( Role role )
576 throws DataBackendException, UnknownEntityException
577 {
578 boolean roleExists = false;
579 try
580 {
581 lockShared();
582 roleExists = checkExists(role);
583 if(roleExists)
584 {
585 return PermissionPeer.retrieveSet(role);
586 }
587 }
588 catch(Exception e)
589 {
590 throw new DataBackendException("getPermissions(Role) failed", e);
591 }
592 finally
593 {
594 unlockShared();
595 }
596 throw new UnknownEntityException("Unknown role '" +
597 role.getName() + "'");
598 }
599
600 /***
601 * Stores Group's attributes. The Groups is required to exist in the system.
602 *
603 * @param group The Group to be stored.
604 * @throws DataBackendException if there was an error accessing the data backend.
605 * @throws UnknownEntityException if the group does not exist.
606 */
607 public void saveGroup( Group group )
608 throws DataBackendException, UnknownEntityException
609 {
610 boolean groupExists = false;
611 try
612 {
613 groupExists = checkExists(group);
614 if(groupExists)
615 {
616 Criteria criteria = GroupPeer.buildCriteria(group);
617 GroupPeer.doUpdate(criteria);
618 return;
619 }
620 }
621 catch(Exception e)
622 {
623 throw new DataBackendException("saveGroup(Group) failed" ,e);
624 }
625 throw new UnknownEntityException("Unknown group '" + group + "'");
626 }
627
628 /***
629 * Stores Role's attributes. The Roles is required to exist in the system.
630 *
631 * @param role The Role to be stored.
632 * @throws DataBackendException if there was an error accessing the data backend.
633 * @throws UnknownEntityException if the role does not exist.
634 */
635 public void saveRole( Role role )
636 throws DataBackendException, UnknownEntityException
637 {
638 boolean roleExists = false;
639 try
640 {
641 roleExists = checkExists(role);
642 if(roleExists)
643 {
644 Criteria criteria = RolePeer.buildCriteria(role);
645 RolePeer.doUpdate(criteria);
646 return;
647 }
648 }
649 catch(Exception e)
650 {
651 throw new DataBackendException("saveRole(Role) failed", e);
652 }
653 throw new UnknownEntityException("Unknown role '" + role + "'");
654 }
655
656 /***
657 * Stores Permission's attributes. The Permissions is required to exist in the system.
658 *
659 * @param permission The Permission to be stored.
660 * @throws DataBackendException if there was an error accessing the data backend.
661 * @throws UnknownEntityException if the permission does not exist.
662 */
663 public void savePermission( Permission permission )
664 throws DataBackendException, UnknownEntityException
665 {
666 boolean permissionExists = false;
667 try
668 {
669 permissionExists = checkExists(permission);
670 if(permissionExists)
671 {
672 Criteria criteria = PermissionPeer.buildCriteria(permission);
673 PermissionPeer.doUpdate(criteria);
674 return;
675 }
676 }
677 catch(Exception e)
678 {
679 throw new DataBackendException("savePermission(Permission) failed", e);
680 }
681 throw new UnknownEntityException("Unknown permission '" + permission + "'");
682 }
683
684 /***
685 * Retrieves a new Group. It creates
686 * a new Group based on the Services Group implementation. It does not
687 * create a new Group in the system though. Use create for that.
688 *
689 * @param groupName The name of the Group to be retrieved.
690 */
691 public Group getNewGroup( String groupName )
692 {
693 return (Group) new TurbineGroup(groupName);
694 }
695
696 /***
697 * Retrieves a new Role. It creates
698 * a new Role based on the Services Role implementation. It does not
699 * create a new Role in the system though. Use create for that.
700 *
701 * @param roleName The name of the Role to be retrieved.
702 */
703 public Role getNewRole( String roleName )
704 {
705 return (Role) new TurbineRole(roleName);
706 }
707
708 /***
709 * Retrieves a new Permission. It creates
710 * a new Permission based on the Services Permission implementation. It does not
711 * create a new Permission in the system though. Use create for that.
712 *
713 * @param permissionName The name of the Permission to be retrieved.
714 */
715 public Permission getNewPermission( String permissionName )
716 {
717 return (Permission) new TurbinePermission(permissionName);
718 }
719
720 /***
721 * Creates a new group with specified attributes.
722 *
723 * @param group the object describing the group to be created.
724 * @return a new Group object that has id set up properly.
725 * @throws DataBackendException if there was an error accessing the data backend.
726 * @throws EntityExistsException if the group already exists.
727 */
728 public synchronized Group addGroup( Group group )
729 throws DataBackendException, EntityExistsException
730 {
731 boolean groupExists = false;
732 try
733 {
734 lockExclusive();
735 groupExists = checkExists(group);
736 if(!groupExists)
737 {
738 // add a row to the table
739 Criteria criteria = GroupPeer.buildCriteria(group);
740 GroupPeer.doInsert(criteria);
741 // try to get the object back using the name as key.
742 criteria = new Criteria();
743 criteria.add(GroupPeer.NAME, ((SecurityObject)group).getName());
744 List results = GroupPeer.doSelect(criteria);
745 if(results.size() != 1)
746 {
747 throw new DataBackendException(
748 "Internal error - query returned " +
749 results.size() + " rows");
750 }
751 Group newGroup = (Group)results.get(0);
752 // add the group to system-wide cache
753 getAllGroups().add(newGroup);
754 // return the object with correct id
755 return newGroup;
756 }
757 }
758 catch(Exception e)
759 {
760 throw new DataBackendException("addGroup(Group) failed", e);
761 }
762 finally
763 {
764 unlockExclusive();
765 }
766 // the only way we could get here without return/throw tirggered
767 // is that the groupExists was true.
768 throw new EntityExistsException("Group '" + group +
769 "' already exists");
770 }
771
772 /***
773 * Creates a new role with specified attributes.
774 *
775 * @param role the object describing the role to be created.
776 * @return a new Role object that has id set up properly.
777 * @throws DataBackendException if there was an error accessing the data backend.
778 * @throws EntityExistsException if the role already exists.
779 */
780 public synchronized Role addRole( Role role )
781 throws DataBackendException, EntityExistsException
782 {
783 boolean roleExists = false;
784 try
785 {
786 lockExclusive();
787 roleExists = checkExists(role);
788 if(!roleExists)
789 {
790 // add a row to the table
791 Criteria criteria = RolePeer.buildCriteria(role);
792 RolePeer.doInsert(criteria);
793 // try to get the object back using the name as key.
794 criteria = new Criteria();
795 criteria.add(RolePeer.NAME, role.getName());
796 List results = RolePeer.doSelect(criteria);
797 if(results.size() != 1)
798 {
799 throw new DataBackendException(
800 "Internal error - query returned " +
801 results.size() + " rows");
802 }
803 Role newRole = (Role)results.get(0);
804 // add the role to system-wide cache
805 getAllRoles().add(newRole);
806 // return the object with correct id
807 return newRole;
808 }
809 }
810 catch(Exception e)
811 {
812 throw new DataBackendException("addRole(Role) failed", e);
813 }
814 finally
815 {
816 unlockExclusive();
817 }
818 // the only way we could get here without return/throw tirggered
819 // is that the roleExists was true.
820 throw new EntityExistsException("Role '" + role + "' already exists");
821 }
822
823 /***
824 * Creates a new permission with specified attributes.
825 *
826 * @param permission the object describing the permission to be created.
827 * @return a new Permission object that has id set up properly.
828 * @throws DataBackendException if there was an error accessing the data backend.
829 * @throws EntityExistsException if the permission already exists.
830 */
831 public synchronized Permission addPermission( Permission permission )
832 throws DataBackendException, EntityExistsException
833 {
834 boolean permissionExists = false;
835 try
836 {
837 lockExclusive();
838 permissionExists = checkExists(permission);
839 if(!permissionExists)
840 {
841 // add a row to the table
842 Criteria criteria = PermissionPeer.buildCriteria(permission);
843 PermissionPeer.doInsert(criteria);
844 // try to get the object back using the name as key.
845 criteria = new Criteria();
846 criteria.add(PermissionPeer.NAME,
847 ((SecurityObject)permission).getName());
848 List results = PermissionPeer.doSelect(criteria);
849 if(results.size() != 1)
850 {
851 throw new DataBackendException(
852 "Internal error - query returned " +
853 results.size() + " rows");
854 }
855 Permission newPermission = (Permission)results.get(0);
856 // add the permission to system-wide cache
857 getAllPermissions().add(newPermission);
858 // return the object with correct id
859 return newPermission;
860 }
861 }
862 catch(Exception e)
863 {
864 throw new DataBackendException("addPermission(Permission) failed", e);
865 }
866 finally
867 {
868 unlockExclusive();
869 }
870 // the only way we could get here without return/throw tirggered
871 // is that the permissionExists was true.
872 throw new EntityExistsException("Permission '" + permission +
873 "' already exists");
874 }
875
876 /***
877 * Removes a Group from the system.
878 *
879 * @param the object describing group to be removed.
880 * @throws DataBackendException if there was an error accessing the data backend.
881 * @throws UnknownEntityException if the group does not exist.
882 */
883 public synchronized void removeGroup( Group group )
884 throws DataBackendException, UnknownEntityException
885 {
886 boolean groupExists = false;
887 try
888 {
889 lockExclusive();
890 groupExists = checkExists(group);
891 if(groupExists)
892 {
893 Criteria criteria = GroupPeer.buildCriteria(group);
894 GroupPeer.doDelete(criteria);
895 getAllGroups().remove(group);
896 return;
897 }
898 }
899 catch(Exception e)
900 {
901 Log.error("Failed to delete a Group");
902 Log.error(e);
903 throw new DataBackendException("removeGroup(Group) failed", e);
904 }
905 finally
906 {
907 unlockExclusive();
908 }
909 throw new UnknownEntityException("Unknown group '" + group + "'");
910 }
911
912 /***
913 * Removes a Role from the system.
914 *
915 * @param the object describing role to be removed.
916 * @throws DataBackendException if there was an error accessing the data backend.
917 * @throws UnknownEntityException if the role does not exist.
918 */
919 public synchronized void removeRole( Role role )
920 throws DataBackendException, UnknownEntityException
921 {
922 boolean roleExists = false;
923 try
924 {
925 lockExclusive();
926 roleExists = checkExists(role);
927 if(roleExists)
928 {
929 // revoke all permissions from the role to be deleted
930 revokeAll(role);
931 Criteria criteria = RolePeer.buildCriteria(role);
932 RolePeer.doDelete(criteria);
933 getAllRoles().remove(role);
934 return;
935 }
936 }
937 catch(Exception e)
938 {
939 throw new DataBackendException("removeRole(Role)" ,e);
940 }
941 finally
942 {
943 unlockExclusive();
944 }
945 throw new UnknownEntityException("Unknown role '" + role + "'");
946 }
947
948 /***
949 * Removes a Permission from the system.
950 *
951 * @param the object describing permission to be removed.
952 * @throws DataBackendException if there was an error accessing the data backend.
953 * @throws UnknownEntityException if the permission does not exist.
954 */
955 public synchronized void removePermission( Permission permission )
956 throws DataBackendException, UnknownEntityException
957 {
958 boolean permissionExists = false;
959 try
960 {
961 lockExclusive();
962 permissionExists = checkExists(permission);
963 if(permissionExists)
964 {
965 Criteria criteria = PermissionPeer.buildCriteria(permission);
966 PermissionPeer.doDelete(criteria);
967 getAllPermissions().remove(permission);
968 return;
969 }
970 }
971 catch(Exception e)
972 {
973 throw new DataBackendException("removePermission(Permission)" ,e);
974 }
975 finally
976 {
977 unlockExclusive();
978 }
979 throw new UnknownEntityException("Unknown permission '" +
980 permission + "'");
981 }
982
983 /***
984 * Renames an existing Group.
985 *
986 * @param the object describing the group to be renamed.
987 * @param name the new name for the group.
988 * @throws DataBackendException if there was an error accessing the data backend.
989 * @throws UnknownEntityException if the group does not exist.
990 */
991 public synchronized void renameGroup( Group group, String name )
992 throws DataBackendException, UnknownEntityException
993 {
994 boolean groupExists = false;
995 try
996 {
997 lockExclusive();
998 groupExists = checkExists(group);
999 if(groupExists)
1000 {
1001 ((SecurityObject)group).setName(name);
1002 Criteria criteria = GroupPeer.buildCriteria(group);
1003 GroupPeer.doUpdate(criteria);
1004 return;
1005 }
1006 }
1007 catch(Exception e)
1008 {
1009 throw new DataBackendException("renameGroup(Group,String)" ,e);
1010 }
1011 finally
1012 {
1013 unlockExclusive();
1014 }
1015 throw new UnknownEntityException("Unknown group '" + group + "'");
1016 }
1017
1018 /***
1019 * Renames an existing Role.
1020 *
1021 * @param the object describing the role to be renamed.
1022 * @param name the new name for the role.
1023 * @throws DataBackendException if there was an error accessing the data backend.
1024 * @throws UnknownEntityException if the role does not exist.
1025 */
1026 public synchronized void renameRole( Role role, String name )
1027 throws DataBackendException, UnknownEntityException
1028 {
1029 boolean roleExists = false;
1030 try
1031 {
1032 lockExclusive();
1033 roleExists = checkExists(role);
1034 if(roleExists)
1035 {
1036 role.setName(name);
1037 Criteria criteria = RolePeer.buildCriteria(role);
1038 RolePeer.doUpdate(criteria);
1039 return;
1040 }
1041 }
1042 catch(Exception e)
1043 {
1044 throw new DataBackendException("renameRole(Role,String)" ,e);
1045 }
1046 finally
1047 {
1048 unlockExclusive();
1049 }
1050 throw new UnknownEntityException("Unknown role '" + role + "'");
1051 }
1052
1053 /***
1054 * Renames an existing Permission.
1055 *
1056 * @param the object describing the permission to be renamed.
1057 * @param name the new name for the permission.
1058 * @throws DataBackendException if there was an error accessing the data backend.
1059 * @throws UnknownEntityException if the permission does not exist.
1060 */
1061 public synchronized void renamePermission( Permission permission, String name )
1062 throws DataBackendException, UnknownEntityException
1063 {
1064 boolean permissionExists = false;
1065 try
1066 {
1067 lockExclusive();
1068 permissionExists = checkExists(permission);
1069 if(permissionExists)
1070 {
1071 ((SecurityObject)permission).setName(name);
1072 Criteria criteria = PermissionPeer.buildCriteria(permission);
1073 PermissionPeer.doUpdate(criteria);
1074 return;
1075 }
1076 }
1077 catch(Exception e)
1078 {
1079 throw new DataBackendException("renamePermission(Permission,name)", e);
1080 }
1081 finally
1082 {
1083 unlockExclusive();
1084 }
1085 throw new UnknownEntityException("Unknown permission '" +
1086 permission + "'");
1087 }
1088
1089 /*** Service specific implementation methods */
1090
1091 /***
1092 * Returns the Class object for the implementation of UserPeer interface
1093 * used by the system (defined in TR.properties)
1094 *
1095 * @return the implementation of UserPeer interface used by the system.
1096 * @throws UnknownEntityException if the system's implementation of UserPeer
1097 * interface could not be determined.
1098 */
1099 public Class getUserPeerClass() throws UnknownEntityException
1100 {
1101 String userPeerClassName = getProperties().getProperty(
1102 USER_PEER_CLASS_KEY, USER_PEER_CLASS_DEFAULT);
1103 try
1104 {
1105 return Class.forName(userPeerClassName);
1106 }
1107 catch(Exception e)
1108 {
1109 throw new UnknownEntityException(
1110 "Failed create a Class object for UserPeer implementation", e);
1111 }
1112 }
1113
1114 /***
1115 * Construct a UserPeer object.
1116 *
1117 * This method calls getUserPeerClass, and then creates a new object using
1118 * the default constructor.
1119 *
1120 * @return an object implementing UserPeer interface.
1121 * @throws UnknownEntityException if the object could not be instantiated.
1122 */
1123 public UserPeer getUserPeerInstance() throws UnknownEntityException
1124 {
1125 UserPeer up;
1126 try
1127 {
1128 up = (UserPeer)getUserPeerClass().newInstance();
1129 }
1130 catch(Exception e)
1131 {
1132 throw new UnknownEntityException(
1133 "Failed instantiate an UserPeer implementation object", e);
1134 }
1135 return up;
1136 }
1137
1138
1139 /***
1140 * Determines if the <code>Group</code> exists in the security system.
1141 *
1142 * @param group a <code>Group</code> value
1143 * @return true if the group exists in the system, false otherwise
1144 * @throws DataBackendException when more than one Group with
1145 * the same name exists.
1146 * @throws Exception, a generic exception.
1147 */
1148 protected boolean checkExists(Group group)
1149 throws DataBackendException, Exception
1150 {
1151 return GroupPeer.checkExists(group);
1152 }
1153
1154 /***
1155 * Determines if the <code>Role</code> exists in the security system.
1156 *
1157 * @param role a <code>Role</code> value
1158 * @return true if the role exists in the system, false otherwise
1159 * @throws DataBackendException when more than one Role with
1160 * the same name exists.
1161 * @throws Exception, a generic exception.
1162 */
1163 protected boolean checkExists(Role role)
1164 throws DataBackendException, Exception
1165 {
1166 return RolePeer.checkExists(role);
1167 }
1168
1169 /***
1170 * Determines if the <code>Permission</code> exists in the security system.
1171 *
1172 * @param permission a <code>Permission</code> value
1173 * @return true if the permission exists in the system, false otherwise
1174 * @throws DataBackendException when more than one Permission with
1175 * the same name exists.
1176 * @throws Exception, a generic exception.
1177 */
1178 protected boolean checkExists(Permission permission)
1179 throws DataBackendException, Exception
1180 {
1181 return PermissionPeer.checkExists(permission);
1182 }
1183
1184 }
This page was automatically generated by Maven