KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > com > jcorporate > expresso > services > controller > ControllerSecurityMatrix


1 /* ====================================================================
2  * The Jcorporate Apache Style Software License, Version 1.2 05-07-2002
3  *
4  * Copyright (c) 1995-2002 Jcorporate Ltd. All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  * notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  * notice, this list of conditions and the following disclaimer in
15  * the documentation and/or other materials provided with the
16  * distribution.
17  *
18  * 3. The end-user documentation included with the redistribution,
19  * if any, must include the following acknowledgment:
20  * "This product includes software developed by Jcorporate Ltd.
21  * (http://www.jcorporate.com/)."
22  * Alternately, this acknowledgment may appear in the software itself,
23  * if and wherever such third-party acknowledgments normally appear.
24  *
25  * 4. "Jcorporate" and product names such as "Expresso" must
26  * not be used to endorse or promote products derived from this
27  * software without prior written permission. For written permission,
28  * please contact info@jcorporate.com.
29  *
30  * 5. Products derived from this software may not be called "Expresso",
31  * or other Jcorporate product names; nor may "Expresso" or other
32  * Jcorporate product names appear in their name, without prior
33  * written permission of Jcorporate Ltd.
34  *
35  * 6. No product derived from this software may compete in the same
36  * market space, i.e. framework, without prior written permission
37  * of Jcorporate Ltd. For written permission, please contact
38  * partners@jcorporate.com.
39  *
40  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
41  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
42  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
43  * DISCLAIMED. IN NO EVENT SHALL JCORPORATE LTD OR ITS CONTRIBUTORS
44  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
45  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
46  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
47  * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
48  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
49  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
50  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  * ====================================================================
53  *
54  * This software consists of voluntary contributions made by many
55  * individuals on behalf of the Jcorporate Ltd. Contributions back
56  * to the project(s) are encouraged when you make modifications.
57  * Please send them to support@jcorporate.com. For more information
58  * on Jcorporate Ltd. and its products, please see
59  * <http://www.jcorporate.com/>.
60  *
61  * Portions of this software are based upon other open source
62  * products and are subject to their respective licenses.
63  */
64
65 /**
66  * ControllerSecurityMatrix.java
67  *
68  * Copyright 2000, 2001 Jcorporate Ltd.
69  */
70 package com.jcorporate.expresso.services.controller;
71
72 import com.jcorporate.expresso.core.controller.Block;
73 import com.jcorporate.expresso.core.controller.Controller;
74 import com.jcorporate.expresso.core.controller.ControllerException;
75 import com.jcorporate.expresso.core.controller.ControllerRequest;
76 import com.jcorporate.expresso.core.controller.ControllerResponse;
77 import com.jcorporate.expresso.core.controller.DBController;
78 import com.jcorporate.expresso.core.controller.Input;
79 import com.jcorporate.expresso.core.controller.NonHandleableException;
80 import com.jcorporate.expresso.core.controller.Output;
81 import com.jcorporate.expresso.core.controller.State;
82 import com.jcorporate.expresso.core.controller.Transition;
83 import com.jcorporate.expresso.core.db.DBException;
84 import com.jcorporate.expresso.core.dbobj.Schema;
85 import com.jcorporate.expresso.core.dbobj.SchemaFactory;
86 import com.jcorporate.expresso.core.dbobj.SecuredDBObject;
87 import com.jcorporate.expresso.core.dbobj.ValidValue;
88 import com.jcorporate.expresso.core.misc.ConfigManager;
89 import com.jcorporate.expresso.core.misc.StringUtil;
90 import com.jcorporate.expresso.core.servlet.StdServlet;
91 import com.jcorporate.expresso.services.dbobj.ControllerSecurity;
92 import com.jcorporate.expresso.services.dbobj.SchemaList;
93 import com.jcorporate.expresso.services.dbobj.UserGroup;
94
95 import java.util.Enumeration JavaDoc;
96 import java.util.Hashtable JavaDoc;
97 import java.util.Iterator JavaDoc;
98 import java.util.Vector JavaDoc;
99
100
101 /**
102  * The ControllerSecurityMatrix controller allows easy administration of
103  * access to controller and states within the controllers.
104  *
105  * @author Michael Nash
106  * @version $Revision: 1.19 $ $Date: 2004/11/17 20:48:17 $
107  */
108 public class ControllerSecurityMatrix
109         extends DBController {
110     private static final String JavaDoc thisClass = ControllerSecurityMatrix.class.getName() + ".";
111
112     /**
113      * Constructor which specifies the allowed states in this
114      * controller
115      */
116     public ControllerSecurityMatrix() {
117         State prompt = new State("prompt", "Choose Schema and User Group");
118         addState(prompt);
119
120         State selcon = new State("selcon", "Select Controller");
121         selcon.addRequiredParameter("GroupName");
122         selcon.addRequiredParameter("SchemaClass");
123         addState(selcon);
124
125         State setcon = new State("setcon", "Set Allowed Controllers");
126         setcon.addRequiredParameter("SchemaClass");
127         setcon.addRequiredParameter("GroupName");
128         addState(setcon);
129
130         State updcon = new State("updcon", "Update Allowed Controllers");
131         updcon.addRequiredParameter("SchemaClass");
132         updcon.addRequiredParameter("GroupName");
133         addState(updcon);
134
135         State selstates = new State("selstates", "Select Allowed States");
136         selstates.addRequiredParameter("GroupName");
137         selstates.addRequiredParameter("ControllerClass");
138         addState(selstates);
139
140         State updstates = new State("updstates", "Update Allowed States");
141         updstates.addRequiredParameter("GroupName");
142         updstates.addRequiredParameter("ControllerClass");
143         addState(updstates);
144
145         this.setInitialState("prompt");
146         this.setSchema(com.jcorporate.expresso.core.ExpressoSchema.class);
147
148     } /* ControllerSecurityMatrix() */
149
150
151     /**
152      * Add a 'start again' button to the response that points to the prompt
153      * state.
154      *
155      * @param request The <code>ControllerRequest</code> object
156      * @param response The <code>ControllerResponse</code> object
157      * @throws ControllerException upon error
158      */
159     private void addStartAgainButton(ControllerRequest request,
160                                      ControllerResponse response) throws ControllerException {
161
162         Transition again = new Transition("Start Again",
163                 getClass().getName());
164         again.setName("again");
165         again.addParam(STATE_PARAM_KEY, "prompt");
166         response.addTransition(again);
167     }
168
169
170     /**
171      * Instantiate & return the schema class given in the current parameter
172      *
173      * @param className the name of the class to load
174      * @return an instantiated Schema object
175      * @throws ControllerException upon error
176      */
177     private Schema getSchema(String JavaDoc className)
178             throws ControllerException {
179         return SchemaFactory.getInstance().getSchema(className);
180     } /* getSchema(String) */
181
182
183     /**
184      * Build the matrix for user to select the allowed controllers
185      * for this user and this schema
186      *
187      * @param myResponse the ControllerResponse object
188      * @param params the ControllerRequest object
189      * @throws ControllerException upon error
190      */
191     private void getSelControllerMatrix(ControllerRequest params,
192                                         ControllerResponse myResponse)
193             throws ControllerException {
194         String JavaDoc myName = (thisClass + "getDBObjMatrix()");
195         Schema mySchema = getSchema(params.getParameter("SchemaClass"));
196
197         if (mySchema == null) {
198             throw new ControllerException(myName +
199                     ":Unable to instantiate the '" +
200                     params.getParameter("SchemaClass") +
201                     "' schema.");
202         }
203         try {
204
205             /* get each of the database objects for this schema */
206             Block matrix = new Block("matrix");
207             matrix.setAttribute("table", "Y");
208
209             String JavaDoc head = ("Controller|Allowed?");
210             matrix.setAttribute("header-row", head);
211
212             Block oneRow = new Block("row");
213             oneRow.setAttribute("row", "Y");
214             myResponse.add(matrix);
215
216             Controller oneController = null;
217             ControllerSecurity secur = new ControllerSecurity(SecuredDBObject.SYSTEM_ACCOUNT);
218             secur.setDataContext(params.getDataContext());
219
220             Input cb = null;
221
222             for (Iterator JavaDoc e = mySchema.getControllerList().iterator();
223                  e.hasNext();) {
224                 oneRow = new Block("row");
225                 oneRow.setAttribute("row", "Y");
226                 oneController = (Controller) e.next();
227                 oneRow.add(new Output(oneController.getTitle()));
228
229                 /* now determine existing security for this group */
230
231                 /* and this object */
232                 boolean conAllowed = false;
233                 secur.clear();
234                 secur.setField("ControllerClass",
235                         oneController.getClass().getName());
236                 secur.setField("GroupName", params.getParameter("GroupName"));
237
238                 if (secur.find()) {
239                     conAllowed = true;
240                 }
241
242                 cb = new Input(oneController.getClass().getName());
243                 cb.setType("boolean");
244                 cb.setAttribute("checkbox", "");
245
246                 if (conAllowed) {
247                     cb.setDefaultValue("Y");
248                 } else {
249                     cb.setDefaultValue("N");
250                 }
251
252                 oneRow.add(cb);
253                 matrix.add(oneRow);
254             } /* for each controller object */
255
256
257             StdServlet oneServlet;
258
259             /* Now for each non-controller servlet */
260             for (Enumeration JavaDoc se = mySchema.getServlets();
261                  se.hasMoreElements();) {
262                 oneRow = new Block("row");
263                 oneRow.setAttribute("row", "Y");
264                 oneServlet = (StdServlet) se.nextElement();
265                 oneRow.add(new Output(oneServlet.getTitle()));
266
267                 /* now determine existing security for this group */
268
269                 /* and this object */
270                 boolean conAllowed = false;
271                 secur.clear();
272                 secur.setField("ControllerClass",
273                         oneServlet.getClass().getName());
274                 secur.setField("GroupName", params.getParameter("GroupName"));
275
276                 if (secur.find()) {
277                     conAllowed = true;
278                 }
279
280                 cb = new Input(oneServlet.getClass().getName());
281                 cb.setType("boolean");
282                 cb.setAttribute("checkbox", "");
283
284                 if (conAllowed) {
285                     cb.setDefaultValue("Y");
286                 } else {
287                     cb.setDefaultValue("N");
288                 }
289
290                 oneRow.add(cb);
291                 matrix.add(oneRow);
292             } /* for each servlet object */
293
294         } catch (DBException de) {
295             throw new ControllerException(myName +
296                     ":Database exception reading " +
297                     "security info", de);
298         }
299     } /* getSelControllerMatrix() */
300
301
302     /**
303      * Build the matrix for user to select the allowed states
304      * for this user and this controller
305      *
306      * @param myResponse the ControllerResponse object
307      * @param params the ControllerRequest object
308      * @throws NonHandleableException upon fatal error
309      */
310     private void getSelStatesMatrix(ControllerResponse myResponse,
311                                     ControllerRequest params)
312             throws ControllerException,
313             NonHandleableException {
314         Controller con = ConfigManager.getControllerFactory().getController(params.getParameter("ControllerClass"));
315
316         /* must have GroupName and ControllerClass fields */
317         try {
318
319             /* get each of the database objects for this schema */
320             Block matrix = new Block("matrix");
321             matrix.setAttribute("table", "Y");
322
323             String JavaDoc head = ("State|Allowed?");
324             matrix.setAttribute("header-row", head);
325
326             Block oneRow = new Block("row");
327             oneRow.setAttribute("row", "Y");
328             myResponse.add(matrix);
329
330             ControllerSecurity secur = new ControllerSecurity(SecuredDBObject.SYSTEM_ACCOUNT);
331             secur.setDataContext(params.getDataContext());
332             secur.setField("ControllerClass", con.getClass().getName());
333             secur.setField("GroupName", params.getParameter("GroupName"));
334
335             String JavaDoc currentSecurity = ("");
336
337             if (secur.find()) {
338                 currentSecurity = secur.getField("States");
339             }
340
341             Input cb = null;
342             Hashtable JavaDoc allStates = con.getStates();
343             String JavaDoc oneStateName;
344             State oneState;
345
346             for (Enumeration JavaDoc e = allStates.keys(); e.hasMoreElements();) {
347                 oneRow = new Block("row");
348                 oneRow.setAttribute("row", "Y");
349                 oneStateName = (String JavaDoc) e.nextElement();
350                 oneState = (State) allStates.get(oneStateName);
351                 oneRow.add(new Output((String JavaDoc) oneState.getDescription()));
352
353                 /* now determine existing security for this group */
354
355                 /* and this object */
356                 boolean stateAllowed = false;
357
358                 if (currentSecurity.indexOf(oneStateName) != -1) {
359                     stateAllowed = true;
360                 }
361                 if (currentSecurity.indexOf("*") != -1) {
362                     stateAllowed = true;
363                 }
364
365                 cb = new Input(oneStateName);
366                 cb.setType("boolean");
367                 cb.setAttribute("checkbox", "");
368
369                 if (stateAllowed) {
370                     cb.setDefaultValue("Y");
371                 } else {
372                     cb.setDefaultValue("N");
373                 }
374
375                 oneRow.add(cb);
376                 matrix.add(oneRow);
377             } /* for each controller object */
378
379         } catch (DBException de) {
380             throw new ControllerException("Database exception reading " +
381                     "security info", de);
382         }
383     } /* getSelStatesMatrix() */
384
385
386     /**
387      * Return the title of this Controller
388      *
389      * @return The title of this controller
390      */
391     public String JavaDoc getTitle() {
392         return ("Administer Controller Security");
393     } /* getTitle() */
394
395     /**
396      * Prompt for a schema and usergroup
397      *
398      * @param myResponse the ControllerResponse object
399      * @param params the ControllerRequest object
400      */
401     private void runPromptState(ControllerRequest params,
402                                 ControllerResponse myResponse)
403             throws ControllerException {
404         {
405             Input chooseGroup = new Input();
406             chooseGroup.setLabel("Choose Group");
407             chooseGroup.setName("GroupName");
408
409             Vector JavaDoc v = new Vector JavaDoc(2);
410
411             try {
412                 UserGroup gl = new UserGroup(SecuredDBObject.SYSTEM_ACCOUNT);
413                 gl.setDataContext(params.getDataContext());
414
415                 UserGroup oneGroup = null;
416
417                 for (Iterator JavaDoc e = gl.searchAndRetrieveList().iterator();
418                      e.hasNext();) {
419                     oneGroup = (UserGroup) e.next();
420                     v.addElement(new ValidValue(oneGroup.getField("GroupName"),
421                             oneGroup.getField("Descrip")));
422                 }
423             } catch (DBException de) {
424                 throw new ControllerException("Unable to retrieve " +
425                         "group information", de);
426             }
427             if (v.size() == 0) {
428                 throw new ControllerException("There are no groups " +
429                         "defined.");
430             }
431
432             chooseGroup.setValidValues(v);
433             myResponse.addInput(chooseGroup);
434         } /* end block for choosegroup */
435
436
437         {
438             Input chooseSchema = new Input();
439             chooseSchema.setLabel("Choose Schema");
440             chooseSchema.setName("SchemaClass");
441
442             Vector JavaDoc v = new Vector JavaDoc(2);
443             v.addElement(new ValidValue("com.jcorporate.expresso.core." + "ExpressoSchema",
444                     "General"));
445
446             try {
447                 Schema oneSchemaObj;
448                 SchemaList sl = new SchemaList(SecuredDBObject.SYSTEM_ACCOUNT);
449                 sl.setDataContext(params.getDataContext());
450
451                 SchemaList oneSchema = null;
452
453                 for (Iterator JavaDoc e = sl.searchAndRetrieveList().iterator();
454                      e.hasNext();) {
455                     oneSchema = (SchemaList) e.next();
456                     oneSchemaObj = getSchema(oneSchema.getField("SchemaClass"));
457
458                     if (oneSchemaObj != null) {
459                         if (oneSchemaObj.getControllerList().iterator().hasNext()) {
460                             v.addElement(new ValidValue(oneSchema.getField("SchemaClass"),
461                                     oneSchema.getField("Descrip")));
462                         }
463                     }
464                 } /* for each listed schema */
465
466             } catch (DBException de) {
467                 throw new ControllerException("Unable to retrieve " +
468                         "schema information", de);
469             }
470
471             chooseSchema.setValidValues(v);
472             myResponse.addInput(chooseSchema);
473         } /* end chooseschema block */
474
475
476         Transition setcon = new Transition("Select Allowed Controllers",
477                 getClass().getName());
478         setcon.setName("setcon");
479         setcon.addParam(STATE_PARAM_KEY, "setcon");
480         myResponse.addTransition(setcon);
481
482         Transition selcon = new Transition("Select Allowed States",
483                 getClass().getName());
484         selcon.setName("selcon");
485         selcon.addParam(STATE_PARAM_KEY, "selcon");
486         myResponse.addTransition(selcon);
487     } /* promptState() */
488
489
490     /**
491      * Select a Controller to administer states for.
492      *
493      * @param myResponse the ControllerResponse object
494      * @param params the ControllerRequest object
495      */
496     private void runSelconState(ControllerRequest params,
497                                 ControllerResponse myResponse)
498             throws ControllerException {
499         String JavaDoc myName = (thisClass + "selControllerState()");
500         Schema mySchema = getSchema(params.getParameter("SchemaClass"));
501
502         if (mySchema == null) {
503             throw new ControllerException(myName +
504                     ":Can't find the schema class '" +
505                     params.getParameter("SchemaClass") +
506                     "'");
507         }
508
509         Controller oneController;
510         Input chooseController = new Input();
511         chooseController.setLabel("Choose Controller");
512         chooseController.setName("ControllerClass");
513
514         Vector JavaDoc v = new Vector JavaDoc(2);
515
516         for (Iterator JavaDoc e = mySchema.getControllerList().iterator(); e.hasNext();) {
517             oneController = (Controller) e.next();
518             v.addElement(new ValidValue(oneController.getClass().getName(),
519                     oneController.getTitle()));
520         } /* for each controller in the selected schema */
521
522         if (v.size() == 0) {
523             throw new ControllerException(myName +
524                     ":There are no controllers " +
525                     "defined in the selected schema.");
526         }
527
528         chooseController.setValidValues(v);
529         myResponse.addInput(chooseController);
530
531         try {
532             UserGroup myGroup = new UserGroup(SecuredDBObject.SYSTEM_ACCOUNT);
533             myGroup.setDataContext(params.getDataContext());
534             myGroup.setField("GroupName", params.getParameter("GroupName"));
535             myGroup.retrieve();
536             myResponse.addOutput(new Output("Choose a Controller to administer states " + "for group '" +
537                     myGroup.getField("Descrip") +
538                     "'"));
539         } catch (DBException de) {
540             throw new ControllerException("Unable to retrieve group", de);
541         }
542
543         Transition selstates = new Transition("Select Allowed States",
544                 getClass().getName());
545         selstates.setName("selstates");
546         selstates.addParam(STATE_PARAM_KEY, "selstates");
547         selstates.addParam("GroupName", params.getParameter("GroupName"));
548         selstates.addParam("SchemaClass", params.getParameter("SchemaClass"));
549         myResponse.addTransition(selstates);
550     } /* selControllerState() */
551
552
553     /**
554      * Set allowed states of a particular controller for
555      * one group and controller combination
556      *
557      * @param myResponse the ControllerResponse object
558      * @param params the ControllerRequest object
559      * @throws NonHandleableException upon fatal error
560      */
561     private void runSelstatesState(ControllerRequest params,
562                                    ControllerResponse myResponse)
563             throws ControllerException, NonHandleableException {
564         String JavaDoc myName = (thisClass + "selStatesState()");
565         Controller oneController = ConfigManager.getControllerFactory().getController(params.getParameter(
566                 "ControllerClass"));
567
568         try {
569             UserGroup oneGroup = new UserGroup(SecuredDBObject.SYSTEM_ACCOUNT);
570             oneGroup.setDataContext(params.getDataContext());
571             oneGroup.setField("GroupName", params.getParameter("GroupName"));
572             oneGroup.retrieve();
573             myResponse.addOutput(new Output("Select allowed States for Controller'" + oneController.getTitle() +
574                     "' and group '" +
575                     oneGroup.getField("Descrip") +
576                     "'"));
577             getSelStatesMatrix(myResponse, params);
578         } catch (DBException de) {
579             throw new ControllerException(myName +
580                     ":Unable to locate group '" +
581                     params.getParameter("GroupName"));
582         }
583
584         Transition updstates = new Transition("Update", getClass().getName());
585         updstates.setName("updstates");
586         updstates.addParam(STATE_PARAM_KEY, "updstates");
587         updstates.addParam("GroupName", params.getParameter("GroupName"));
588         updstates.addParam("ControllerClass",
589                 params.getParameter("ControllerClass"));
590         myResponse.addTransition(updstates);
591     } /* selStatesState() */
592
593
594     /**
595      * Set allowed Controller for a schema and group
596      *
597      * @param myResponse the ControllerResponse object
598      * @param params the ControllerRequest object
599      */
600     private void runSetconState(ControllerRequest params,
601                                 ControllerResponse myResponse)
602             throws ControllerException,
603             NonHandleableException {
604         String JavaDoc myName = (thisClass + "setControllerState()");
605
606         /* present a list of controllers from the current */
607         /* schema to the user to check off the ones this group */
608         try {
609             UserGroup myGroup = new UserGroup(SecuredDBObject.SYSTEM_ACCOUNT);
610             myGroup.setDataContext(params.getDataContext());
611             myGroup.setField("GroupName", params.getParameter("GroupName"));
612             myGroup.retrieve();
613
614             String JavaDoc schemaName;
615
616             if (params.getParameter("SchemaClass").equals("com.jcorporate." + "expresso.core.ExpressoSchema")) {
617                 schemaName = ("General");
618             } else {
619                 SchemaList mySL = new SchemaList(SecuredDBObject.SYSTEM_ACCOUNT);
620                 mySL.setDataContext(params.getDataContext());
621                 mySL.setField("SchemaClass",
622                         params.getParameter("SchemaClass"));
623                 mySL.retrieve();
624                 schemaName = mySL.getField("Descrip");
625             }
626
627             myResponse.addOutput(new Output("Select allowed Controllers for group '" + myGroup.getField("Descrip") +
628                     "' in Schema '" + schemaName +
629                     "'"));
630             getSelControllerMatrix(params, myResponse);
631         } catch (DBException de) {
632             throw new ControllerException(myName +
633                     ":Unable to read state, group or schema " +
634                     "information", de);
635         }
636
637         Transition updcon = new Transition("Update", getClass().getName());
638         updcon.setName("updcon");
639         updcon.addParam(STATE_PARAM_KEY, "updcon");
640         updcon.addParam("GroupName", params.getParameter("GroupName"));
641         updcon.addParam("SchemaClass", params.getParameter("SchemaClass"));
642         myResponse.addTransition(updcon);
643     } /* setControllerState() */
644
645
646     /**
647      * Update allowed states for a particular controller
648      * and group
649      *
650      * @param response the ControllerResponse object
651      * @param request the ControllerRequest object
652      */
653     private void runUpdconState(ControllerRequest request,
654                                 ControllerResponse response)
655             throws ControllerException {
656         String JavaDoc myName = (thisClass + "updControllerState()");
657         Schema mySchema = getSchema(request.getParameter("SchemaClass"));
658
659         if (mySchema == null) {
660             throw new ControllerException(myName +
661                     ":Can't find the schema class '" +
662                     request.getParameter("SchemaClass") +
663                     "'");
664         }
665
666         try {
667             ControllerSecurity secur = new ControllerSecurity(SecuredDBObject.SYSTEM_ACCOUNT);
668             secur.setDataContext(request.getDataContext());
669
670             Controller checkController;
671             int changes = 0;
672
673             for (Iterator JavaDoc pe = mySchema.getControllerList().iterator();
674                  pe.hasNext();) {
675                 checkController = (Controller) pe.next();
676                 secur.clear();
677                 secur.setField("ControllerClass",
678                         checkController.getClass().getName());
679                 secur.setField("GroupName", request.getParameter("GroupName"));
680
681                 if (StringUtil.notNull(request.getParameter(checkController.getClass().getName())).equals("Y")) {
682
683                     /* check that permission is allowed */
684                     if (!secur.find()) {
685                         secur.setField("States", "*");
686                         secur.add();
687                         response.addOutput(new Output("Permission granted for " + "Controller" +
688                                 checkController.getTitle()));
689                         changes++;
690                     }
691                 } else {
692
693                     /* make sure permission is NOT allowed */
694                     if (secur.find()) {
695                         secur.delete();
696                         response.addOutput(new Output("Permission removed for " + "Controller" +
697                                 checkController.getTitle()));
698                         changes++;
699                     }
700                 } /* else not allowed */
701
702             } /* for each controller in the schema */
703
704
705             /* Now for each servlet that's not a controller */
706             StdServlet checkServlet;
707
708             for (Enumeration JavaDoc se = mySchema.getServlets();
709                  se.hasMoreElements();) {
710                 checkServlet = (StdServlet) se.nextElement();
711                 secur.clear();
712                 secur.setField("ControllerClass",
713                         checkServlet.getClass().getName());
714                 secur.setField("GroupName", request.getParameter("GroupName"));
715
716                 if (StringUtil.notNull(request.getParameter(checkServlet.getClass().getName())).equals("Y")) {
717
718                     /* check that permission is allowed */
719                     if (!secur.find()) {
720                         secur.setField("States", "*");
721                         secur.add();
722                         response.addOutput(new Output("Permission granted for " + "Servlet " +
723                                 checkServlet.getTitle()));
724                         changes++;
725                     }
726                 } else {
727
728                     /* make sure permission is NOT allowed */
729                     if (secur.find()) {
730                         secur.delete();
731                         response.addOutput(new Output("Permission removed for " + "Servlet " +
732                                 checkServlet.getTitle()));
733                         changes++;
734                     }
735                 } /* else not allowed */
736
737             } /* for each servlet in the schema */
738
739             if (changes == 0) {
740                 response.addOutput(new Output("No changes required"));
741             }
742         } catch (DBException de) {
743             throw new ControllerException(myName +
744                     ":Unable to update security " +
745                     "info", de);
746         }
747     } /* updControllerState() */
748
749
750     /**
751      * Update the allowed states
752      *
753      * @param response the ControllerResponse object
754      * @param request the ControllerRequest object
755      * @throws NonHandleableException upon fatal error
756      */
757     private void runUpdstatesState(ControllerRequest request,
758                                    ControllerResponse response)
759             throws ControllerException, NonHandleableException {
760         String JavaDoc myName = (thisClass + "updStatesState()");
761         Controller con = ConfigManager.getControllerFactory().getController(request.getParameter("ControllerClass"));
762
763         try {
764             Hashtable JavaDoc allStates = con.getStates();
765             String JavaDoc oneStateName;
766             State oneState;
767             StringBuffer JavaDoc newSecurity = new StringBuffer JavaDoc("");
768             boolean allAllowed = true;
769
770             for (Enumeration JavaDoc e = allStates.keys(); e.hasMoreElements();) {
771                 oneStateName = (String JavaDoc) e.nextElement();
772                 oneState = (State) allStates.get(oneStateName);
773
774                 if (StringUtil.notNull(request.getParameter(oneStateName)).equals("Y")) {
775                     newSecurity.append(oneStateName);
776                     newSecurity.append(", ");
777                     response.addOutput(new Output("Access granted to state '" + oneState.getDescription() +
778                             "'"));
779                 } else {
780                     response.addOutput(new Output("Access denied to state '" + oneState.getDescription() +
781                             "'"));
782                     allAllowed = false;
783                 }
784             } /* for each state of this controller */
785
786
787             ControllerSecurity secur = new ControllerSecurity(SecuredDBObject.SYSTEM_ACCOUNT);
788             secur.setDataContext(request.getDataContext());
789             secur.setField("ControllerClass", con.getClass().getName());
790             secur.setField("GroupName", request.getParameter("GroupName"));
791
792             if (allAllowed) {
793                 newSecurity = new StringBuffer JavaDoc("*");
794             }
795             if (secur.find()) {
796                 secur.setField("States", newSecurity.toString());
797                 secur.update();
798             } else {
799                 secur.setField("States", newSecurity.toString());
800                 secur.add();
801             }
802         } catch (DBException de) {
803             throw new ControllerException(myName +
804                     ":Database exception reading " +
805                     "security info", de);
806         }
807     } /* updStatesState() */
808
809
810 } /* ControllerSecurityMatrix */
811
Popular Tags