Java > Open Source Codes > com > jcorporate > expresso > services > controller > DBSecurityMatrix


1 /* ====================================================================
2  * The Jcorporate Apache Style Software License, Version 1.2 05-07-2002
3  *
4  * Copyright (c) 1995-2002 Jcorporate Ltd. All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  * notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  * notice, this list of conditions and the following disclaimer in
15  * the documentation and/or other materials provided with the
16  * distribution.
17  *
18  * 3. The end-user documentation included with the redistribution,
19  * if any, must include the following acknowledgment:
20  * "This product includes software developed by Jcorporate Ltd.
21  * (http://www.jcorporate.com/)."
22  * Alternately, this acknowledgment may appear in the software itself,
23  * if and wherever such third-party acknowledgments normally appear.
24  *
25  * 4. "Jcorporate" and product names such as "Expresso" must
26  * not be used to endorse or promote products derived from this
27  * software without prior written permission. For written permission,
28  * please contact info@jcorporate.com.
29  *
30  * 5. Products derived from this software may not be called "Expresso",
31  * or other Jcorporate product names; nor may "Expresso" or other
32  * Jcorporate product names appear in their name, without prior
33  * written permission of Jcorporate Ltd.
34  *
35  * 6. No product derived from this software may compete in the same
36  * market space, i.e. framework, without prior written permission
37  * of Jcorporate Ltd. For written permission, please contact
38  * partners@jcorporate.com.
39  *
40  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
41  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
42  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
43  * DISCLAIMED. IN NO EVENT SHALL JCORPORATE LTD OR ITS CONTRIBUTORS
44  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
45  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
46  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
47  * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
48  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
49  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
50  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  * ====================================================================
53  *
54  * This software consists of voluntary contributions made by many
55  * individuals on behalf of the Jcorporate Ltd. Contributions back
56  * to the project(s) are encouraged when you make modifications.
57  * Please send them to support@jcorporate.com. For more information
58  * on Jcorporate Ltd. and its products, please see
59  * <http://www.jcorporate.com/>.
60  *
61  * Portions of this software are based upon other open source
62  * products and are subject to their respective licenses.
63  */
64
65 /**
66  * DBSecurityMatrix.java
67  *
68  * Copyright (c) 1999, 2000, 2001 Jcorporate Ltd. All rights reserved.
69  */
70 package com.jcorporate.expresso.services.controller;
71
72 import com.jcorporate.expresso.core.controller.Block;
73 import com.jcorporate.expresso.core.controller.ControllerException;
74 import com.jcorporate.expresso.core.controller.ControllerRequest;
75 import com.jcorporate.expresso.core.controller.ControllerResponse;
76 import com.jcorporate.expresso.core.controller.DBController;
77 import com.jcorporate.expresso.core.controller.Input;
78 import com.jcorporate.expresso.core.controller.Output;
79 import com.jcorporate.expresso.core.controller.State;
80 import com.jcorporate.expresso.core.controller.Transition;
81 import com.jcorporate.expresso.core.db.DBException;
82 import com.jcorporate.expresso.core.dbobj.DBObject;
83 import com.jcorporate.expresso.core.dbobj.Schema;
84 import com.jcorporate.expresso.core.dbobj.SchemaFactory;
85 import com.jcorporate.expresso.core.dbobj.SecuredDBObject;
86 import com.jcorporate.expresso.core.dbobj.ValidValue;
87 import com.jcorporate.expresso.core.misc.StringUtil;
88 import com.jcorporate.expresso.services.dbobj.DBObjSecurity;
89 import com.jcorporate.expresso.services.dbobj.SchemaList;
90 import com.jcorporate.expresso.services.dbobj.UserGroup;
91 import org.apache.log4j.Logger;
92
93 import java.util.Enumeration ;
94 import java.util.Hashtable ;
95 import java.util.Iterator ;
96 import java.util.Vector ;
97
98
99 /**
100  * The DBSecurityMatrix controller allows authorized users to easily
101  * maintain the security permissions of different user groups to
102  * database objects.
103  *
104  * @author Michael Nash
105  * @version $Revision: 1.19 $ $Date: 2004/11/17 20:48:17 $
106  */
107 public class DBSecurityMatrix
108         extends DBController {
109     private static final String thisClass = DBSecurityMatrix.class.getName() + ".";
110     private static Logger log = Logger.getLogger(DBSecurityMatrix.class);
111
112     /**
113      * Object to enclose the existing security info for a database object
114      */
115     private class CurrentSecurity {
116         public boolean addAllowed = false;
117         public boolean updateAllowed = false;
118         public boolean searchAllowed = false;
119         public boolean deleteAllowed = false;
120         public String description = ("none");
121
122         public CurrentSecurity() {
123             super();
124         }
125     } /* CurrentSecurity */
126
127     /**
128      * Our constructor declares the states this controller supports
129      */
130     public DBSecurityMatrix() {
131         State prompt = new State("prompt", "Prompt for Schema and User Group");
132         addState(prompt);
133         setInitialState("prompt");
134
135         State dbobjmatrix = new State("dbobjmatrix",
136                 "Enter/View Database Object permissions");
137         dbobjmatrix.addRequiredParameter("SchemaClass");
138         dbobjmatrix.addRequiredParameter("GroupName");
139         addState(dbobjmatrix);
140
141         State dbobjupdate = new State("dbobjupdate",
142                 "Update Database Obejct permissions");
143         dbobjupdate.addRequiredParameter("GroupName");
144         addState(dbobjupdate);
145         this.setSchema(com.jcorporate.expresso.core.ExpressoSchema.class);
146     } /* DBSecurityMatrix() */
147
148     /**
149      * Internal method to verify existing security on an object
150      *
151      * @param params ?
152      * @param append ?
153      * @param title the title of the object
154      * @param oneObjName ?
155      * @param methodCode ?
156      * @param nowAllowed ?
157      * @param objDescrip ?
158      * @return a BLOCK of permission checkboxes (inputs)
159      * @throws ControllerException upon error
160      * @throws HtmlException upon html rendering exception
161      * @throws DBException upon database connection exception
162      */
163     private Block checkPermission(ControllerRequest params, String append,
164                                   String title, String oneObjName,
165                                   String methodCode, boolean nowAllowed,
166                                   String objDescrip)
167             throws ControllerException, DBException {
168         DBObjSecurity oneDBSecurity = new DBObjSecurity(SecuredDBObject.SYSTEM_ACCOUNT);
169         oneDBSecurity.setDataContext(params.getDataContext());
170
171         Block subPara = new Block("subPara");
172
173         if (StringUtil.notNull(params.getParameter(oneObjName + "_" + append)).equals("Y")) {
174             if (log.isDebugEnabled()) {
175                 log.debug(title + " for " + oneObjName + " allowed");
176             }
177             if (!nowAllowed) {
178                 subPara.add(new Output(title + " permission granted to " +
179                         objDescrip));
180
181                 /* add permission */
182                 oneDBSecurity.clear();
183                 oneDBSecurity.setDataContext(params.getDataContext());
184                 oneDBSecurity.setField("DBObjectName", oneObjName);
185                 oneDBSecurity.setField("MethodCode", methodCode);
186                 oneDBSecurity.setField("GroupName",
187                         params.getParameter("GroupName"));
188                 oneDBSecurity.add();
189             }
190         } else { /* if method is not currently allwoed */
191
192             /* method not allowed */
193             if (log.isDebugEnabled()) {
194                 log.debug("Search for " + oneObjName + " not allowed");
195             }
196             if (nowAllowed) {
197
198                 /* remove method permission */
199                 subPara.add(new Output(title + " permission removed for " +
200                         objDescrip));
201                 oneDBSecurity.clear();
202                 oneDBSecurity.setDataContext(params.getDataContext());
203                 oneDBSecurity.setField("DBObjectName", oneObjName);
204                 oneDBSecurity.setField("MethodCode", methodCode);
205                 oneDBSecurity.setField("GroupName",
206                         params.getParameter("GroupName"));
207
208                 if (oneDBSecurity.find()) {
209                     oneDBSecurity.delete();
210                 }
211             } /* if method is currently allowed */
212
213         } /* else method not allowed */
214
215
216         return subPara;
217     } /* checkPermission(String, String, String, String, boolean, String) */
218
219
220     /**
221      * Update the database object security given the information filled
222      * in on the matrix.
223      *
224      * @param params the ControllerRequest object
225      * @param myResponse the controller response object
226      */
227     private void runDbobjupdateState(ControllerRequest params,
228                                      ControllerResponse myResponse)
229             throws ControllerException {
230         try {
231             String myName = (thisClass + "dbObjUpdate()");
232             Block dbUpdatedPara = new Block("dbUpdatedPara");
233
234             if (StringUtil.notNull(params.getParameter("GroupName")).equals("")) {
235                 throw new ControllerException(myName +
236                         ":GroupName parameter not " +
237                         "supplied");
238             }
239
240             Hashtable old = readSecurity(params);
241             String oneObjName;
242             CurrentSecurity oneSec;
243
244             for (Enumeration se = old.keys(); se.hasMoreElements();) {
245                 oneObjName = (String ) se.nextElement();
246                 oneSec = (CurrentSecurity) old.get(oneObjName);
247
248                 Block p = checkPermission(params, "search", "Search",
249                         oneObjName, "S",
250                         oneSec.searchAllowed,
251                         oneSec.description);
252
253                 if (p.getNumContents() > 0) {
254                     dbUpdatedPara.add(p);
255                 }
256
257                 p = checkPermission(params, "add", "Add", oneObjName, "A",
258                         oneSec.addAllowed, oneSec.description);
259
260                 if (p.getNumContents() > 0) {
261                     dbUpdatedPara.add(p);
262                 }
263
264                 p = checkPermission(params, "update", "Update", oneObjName,
265                         "U", oneSec.updateAllowed,
266                         oneSec.description);
267
268                 if (p.getNumContents() > 0) {
269                     dbUpdatedPara.add(p);
270                 }
271
272                 p = checkPermission(params, "delete", "Delete", oneObjName,
273                         "D", oneSec.deleteAllowed,
274                         oneSec.description);
275
276                 if (p.getNumContents() > 0) {
277                     dbUpdatedPara.add(p);
278                 }
279             } /* for each old security obejct */
280
281             if (dbUpdatedPara.getNumContents() == 0) {
282                 dbUpdatedPara.add(new Output("No updates " + "required."));
283             } else {
284                 dbUpdatedPara.add(new Output("Database Object " + "Security updated"));
285             }
286
287             Transition again = new Transition("Start Again",
288                     getClass().getName());
289             again.setAttribute("button", "");
290             again.setName("again");
291             again.addParam(STATE_PARAM_KEY, "prompt");
292             myResponse.addTransition(again);
293             myResponse.add(dbUpdatedPara);
294         } catch (DBException e) {
295             throw new ControllerException(e);
296         }
297     } /* dbObjUpdate() */
298
299
300     /**
301      * Build the matrix for the database objects in this schema
302      *
303      * @param params the ControllerRequest object
304      * @param myResponse the ControllerResponse object
305      * @throws ControllerException upon error
306      */
307     private void runDbobjmatrixState(ControllerRequest params,
308                                      ControllerResponse myResponse)
309             throws ControllerException {
310         String myName = (thisClass + "getDBObjMatrix()");
311         Block myPara = new Block("myPara");
312
313         //myPara.setForm("true");
314 try {
315             SchemaList mySchema = new SchemaList(SecuredDBObject.SYSTEM_ACCOUNT);
316             mySchema.setDataContext(params.getDataContext());
317
318             String schemaDescrip;
319             mySchema.setField("SchemaClass",
320                     params.getParameter("SchemaClass"));
321
322             if (mySchema.find()) {
323                 schemaDescrip = mySchema.getField("Descrip");
324             } else {
325                 schemaDescrip = ("General");
326             }
327
328             UserGroup myGroup = new UserGroup(SecuredDBObject.SYSTEM_ACCOUNT);
329             myGroup.setDataContext(params.getDataContext());
330             myGroup.setField("GroupName", params.getParameter("GroupName"));
331             myGroup.retrieve();
332             myResponse.add(new Output("Security for Schema " + schemaDescrip +
333                     " and User Group " +
334                     myGroup.getField("Descrip")));
335             myResponse.add(new Output("Database '" + params.getDataContext() + "'"));
336
337             /* get each of the database objects for this schema */
338             Block matrix = new Block("matrix");
339             matrix.setAttribute("table", "Y");
340
341             String head = ("Object|Search|Add|Update|Delete");
342             matrix.setAttribute("header-row", head);
343
344             int dbObjectCount = 0;
345             Block oneRow;
346             myPara.add(matrix);
347
348             String oneDBObj;
349             Input cb = null;
350             CurrentSecurity oneSec;
351             Hashtable currentSecurity = readSecurity(params);
352
353             for (Enumeration e = currentSecurity.keys(); e.hasMoreElements();) {
354                 oneDBObj = (String ) e.nextElement();
355                 oneSec = (CurrentSecurity) currentSecurity.get(oneDBObj);
356                 dbObjectCount++;
357                 oneRow = new Block("oneRow");
358                 oneRow.setAttribute("row", "Y");
359                 matrix.add(oneRow);
360                 oneRow.add(new Output(oneSec.description));
361
362                 if (oneSec.searchAllowed) {
363                     cb = new Input(oneDBObj + "_" + "search");
364                     cb.setType("boolean");
365                     cb.setAttribute("checkbox", "");
366                     cb.setDefaultValue("Y");
367                 } else {
368                     cb = new Input(oneDBObj + "_" + "search");
369                     cb.setType("boolean");
370                     cb.setAttribute("checkbox", "");
371                     cb.setDefaultValue("N");
372                 }
373
374                 oneRow.add(cb);
375
376                 if (oneSec.addAllowed) {
377                     cb = new Input(oneDBObj + "_" + "add");
378                     cb.setType("boolean");
379                     cb.setAttribute("checkbox", "");
380                     cb.setDefaultValue("Y");
381                 } else {
382                     cb = new Input(oneDBObj + "_" + "add");
383                     cb.setType("boolean");
384                     cb.setAttribute("checkbox", "");
385                     cb.setDefaultValue("N");
386                 }
387
388                 oneRow.add(cb);
389
390                 if (oneSec.updateAllowed) {
391                     cb = new Input(oneDBObj + "_" + "update");
392                     cb.setType("boolean");
393                     cb.setAttribute("checkbox", "");
394                     cb.setDefaultValue("Y");
395                 } else {
396                     cb = new Input(oneDBObj + "_" + "update");
397                     cb.setType("boolean");
398                     cb.setAttribute("checkbox", "");
399                     cb.setDefaultValue("N");
400                 }
401
402                 oneRow.add(cb);
403
404                 if (oneSec.deleteAllowed) {
405                     cb = new Input(oneDBObj + "_" + "delete");
406                     cb.setType("boolean");
407                     cb.setAttribute("checkbox", "");
408                     cb.setDefaultValue("Y");
409                 } else {
410                     cb = new Input(oneDBObj + "_" + "delete");
411                     cb.setAttribute("checkbox", "");
412                     cb.setType("boolean");
413                     cb.setDefaultValue("N");
414                 }
415
416                 oneRow.add(cb);
417             } /* for each database object */
418
419             if (dbObjectCount == 0) {
420                 throw new ControllerException(myName +
421                         ":There were no database objects in this schema - " +
422                         "security cannot be administered");
423             }
424         } catch (DBException de) {
425             throw new ControllerException(myName +
426                     ":Database exception reading " +
427                     "security info:" + de.getMessage());
428         }
429
430         Transition doUpdateDB = new Transition("Update", getClass().getName());
431         doUpdateDB.setName("updateDBobj");
432         doUpdateDB.addParam(STATE_PARAM_KEY, "dbobjupdate");
433         doUpdateDB.addParam("SchemaClass", params.getParameter("SchemaClass"));
434         doUpdateDB.addParam("GroupName", params.getParameter("GroupName"));
435         myResponse.add(doUpdateDB);
436
437         //myPara.setFormTransition(doUpdateDB);
438 Transition again = new Transition("Start Again", getClass().getName());
439         again.setName("again");
440         again.addParam(STATE_PARAM_KEY, "prompt");
441         myResponse.add(again);
442         myResponse.add(myPara);
443     } /* getDBObjMatrix() */
444
445
446     /**
447      * Instantiate & return the schema class given in the current parameter
448      *
449      * @param params the ControllerRequest object
450      * @return A Schema object instantiated from the class named by the
451      * ' SchemaClass' parameter
452      */
453     private Schema getSchemaObject(ControllerRequest params)
454             throws ControllerException {
455         String myName = (thisClass + "getSchema()");
456         String className = params.getParameter("SchemaClass");
457
458         if (className == null) {
459             throw new ControllerException(myName +
460                     ":No parameter 'SchemaClass'," +
461                     " can't read current schema");
462         }
463         Schema mySchema = SchemaFactory.getInstance().getSchema(className);
464
465         if (mySchema == null) {
466             throw new ControllerException(myName + ":Can't instantiate " +
467                     "Schema class " +
468                     className);
469         }
470
471         return mySchema;
472     } /* getSchemaObject() */
473
474
475     /**
476      * Return the title of this Controller
477      *
478      * @return java.lang.String The Title of the controller
479      */
480     public String getTitle() {
481         return ("Database Object Security Matrix");
482     } /* getTitle() */
483
484     /**
485      *
486      *
487      * @param newState
488      * @throws ControllerException
489      */
490     // public ControllerResponse newState(String newState, ControllerRequest params)
491 // throws ControllerException, NonHandleableException {
492 //
493 // ControllerResponse myResponse = super.newState(newState, params);
494 //
495 // if (newState.equals("prompt")) {
496 // /* ask the user to select a user group */
497 // promptState(myResponse, params);
498 // } else if (newState.equals("dbobjmatrix")) {
499 // getDBObjMatrix(myResponse,params);
500 // } else if (newState.equals("dbobjupdate")) {
501 // try {
502 // dbObjUpdate(myResponse, params);
503 // } catch (DBException de) {
504 // throw new ControllerException(de);
505 // }
506 // }
507 //
508 // return myResponse;
509 // } /* newState(String) */
510 /**
511      * @param params the ControllerRequest object
512      * @param myResponse the ControllerResponse object
513      */
514     private void runPromptState(ControllerRequest params,
515                                 ControllerResponse myResponse)
516             throws ControllerException {
517         String myName = (thisClass + "promptState()");
518
519         /* First the inputs */
520         Input chooseGroup = new Input();
521         chooseGroup.setLabel("Choose Group");
522         chooseGroup.setName("GroupName");
523
524         Vector vg = new Vector (2);
525
526         try {
527             UserGroup gl = new UserGroup(SecuredDBObject.SYSTEM_ACCOUNT);
528             gl.setDataContext(params.getDataContext());
529
530             UserGroup oneGroup = null;
531
532             for (Iterator e = gl.searchAndRetrieveList("Descrip").iterator();
533                  e.hasNext();) {
534                 oneGroup = (UserGroup) e.next();
535                 vg.addElement(new ValidValue(oneGroup.getField("GroupName"),
536                         oneGroup.getField("Descrip")));
537             }
538             if (vg.size() == 0) {
539                 throw new ControllerException(myName +
540                         ":There are no groups " +
541                         "defined.");
542             }
543
544             chooseGroup.setValidValues(vg);
545             myResponse.addInput(chooseGroup);
546
547             /* ..and a schema */
548             Input chooseSchema = new Input();
549             chooseSchema.setLabel("Choose Schema");
550             chooseSchema.setName("SchemaClass");
551
552             Vector v2 = new Vector (2);
553             v2.addElement(new ValidValue("com.jcorporate.expresso." + "core.ExpressoSchema",
554                     "General"));
555
556             SchemaList sl = new SchemaList(SecuredDBObject.SYSTEM_ACCOUNT);
557             sl.setDataContext(params.getDataContext());
558
559             SchemaList oneSchema = null;
560
561             for (Iterator e = sl.searchAndRetrieveList("Descrip").iterator();
562                  e.hasNext();) {
563                 oneSchema = (SchemaList) e.next();
564                 v2.addElement(new ValidValue(oneSchema.getField("SchemaClass"),
565                         oneSchema.getField("Descrip")));
566             }
567
568             chooseSchema.setValidValues(v2);
569             myResponse.addInput(chooseSchema);
570
571             /* now the actions */
572             Transition doDBObj = new Transition("Set Security",
573                     getClass().getName());
574             doDBObj.setName("adminDBobj");
575             doDBObj.addParam(STATE_PARAM_KEY, "dbobjmatrix");
576             myResponse.addTransition(doDBObj);
577         } catch (DBException de) {
578             throw new ControllerException(de.getMessage());
579         }
580     } /* promptState() */
581
582
583     /**
584      * Return a hash of existing security info
585      *
586      * @param params the ControllerRequest object
587      * @return java.util.Hashtable
588      */
589     private Hashtable readSecurity(ControllerRequest params)
590             throws ControllerException {
591         Hashtable h = new Hashtable (4);
592
593         try {
594             DBObject oneDBObj = null;
595             DBObjSecurity secur = new DBObjSecurity(SecuredDBObject.SYSTEM_ACCOUNT);
596             secur.setDataContext(params.getDataContext());
597
598             CurrentSecurity oneSec;
599
600             for (Enumeration e = getSchemaObject(params).getMembers();
601                  e.hasMoreElements();) {
602                 oneSec = new CurrentSecurity();
603                 oneDBObj = (DBObject) e.nextElement();
604                 secur.clear();
605                 secur.setField("DBObjectName", oneDBObj.getClass().getName());
606                 secur.setField("GroupName", params.getParameter("GroupName"));
607                 oneSec.description = oneDBObj.getMetaData().getDescription(params.getLocale());
608                 secur.setField("MethodCode", SecuredDBObject.ADD);
609
610                 if (secur.find()) {
611                     oneSec.addAllowed = true;
612                 }
613
614                 secur.setField("MethodCode", SecuredDBObject.SEARCH);
615
616                 if (secur.find()) {
617                     oneSec.searchAllowed = true;
618                 }
619
620                 secur.setField("MethodCode", SecuredDBObject.UPDATE);
621
622                 if (secur.find()) {
623                     oneSec.updateAllowed = true;
624                 }
625
626                 secur.setField("MethodCode", SecuredDBObject.DELETE);
627
628                 if (secur.find()) {
629                     oneSec.deleteAllowed = true;
630                 }
631
632                 h.put(secur.getField("DBObjectName"), oneSec);
633             }
634
635             return h;
636         } catch (DBException de) {
637             throw new ControllerException(de.getMessage());
638         }
639     } /* readSecurity() */
640
641
642 } /* DBSecurityMatrix */
643

A to Z: JavaDoc & Examples

---

Daily Java News & Articles

---

Open Source Projects

---

Open Source Codes

---

Free Computer Books

---

Remove Frame

---

Popular Tags