KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > com > jcorporate > expresso > services > dbobj > SecurityDBObject


1 /* ====================================================================
2  * The Jcorporate Apache Style Software License, Version 1.2 05-07-2002
3  *
4  * Copyright (c) 1995-2002 Jcorporate Ltd. All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  *
10  * 1. Redistributions of source code must retain the above copyright
11  * notice, this list of conditions and the following disclaimer.
12  *
13  * 2. Redistributions in binary form must reproduce the above copyright
14  * notice, this list of conditions and the following disclaimer in
15  * the documentation and/or other materials provided with the
16  * distribution.
17  *
18  * 3. The end-user documentation included with the redistribution,
19  * if any, must include the following acknowledgment:
20  * "This product includes software developed by Jcorporate Ltd.
21  * (http://www.jcorporate.com/)."
22  * Alternately, this acknowledgment may appear in the software itself,
23  * if and wherever such third-party acknowledgments normally appear.
24  *
25  * 4. "Jcorporate" and product names such as "Expresso" must
26  * not be used to endorse or promote products derived from this
27  * software without prior written permission. For written permission,
28  * please contact info@jcorporate.com.
29  *
30  * 5. Products derived from this software may not be called "Expresso",
31  * or other Jcorporate product names; nor may "Expresso" or other
32  * Jcorporate product names appear in their name, without prior
33  * written permission of Jcorporate Ltd.
34  *
35  * 6. No product derived from this software may compete in the same
36  * market space, i.e. framework, without prior written permission
37  * of Jcorporate Ltd. For written permission, please contact
38  * partners@jcorporate.com.
39  *
40  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
41  * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
42  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
43  * DISCLAIMED. IN NO EVENT SHALL JCORPORATE LTD OR ITS CONTRIBUTORS
44  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
45  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
46  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
47  * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
48  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
49  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
50  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  * ====================================================================
53  *
54  * This software consists of voluntary contributions made by many
55  * individuals on behalf of the Jcorporate Ltd. Contributions back
56  * to the project(s) are encouraged when you make modifications.
57  * Please send them to support@jcorporate.com. For more information
58  * on Jcorporate Ltd. and its products, please see
59  * <http://www.jcorporate.com/>.
60  *
61  * Portions of this software are based upon other open source
62  * products and are subject to their respective licenses.
63  */

64
65 package com.jcorporate.expresso.services.dbobj;
66
67 import com.jcorporate.expresso.core.db.DBConnection;
68 import com.jcorporate.expresso.core.db.DBException;
69 import com.jcorporate.expresso.core.dbobj.RequestContext;
70 import com.jcorporate.expresso.core.dbobj.SecuredDBObject;
71 import com.jcorporate.expresso.core.misc.ConfigContext;
72 import com.jcorporate.expresso.core.misc.ConfigManager;
73 import com.jcorporate.expresso.core.misc.StringUtil;
74 import org.apache.log4j.Logger;
75
76
77 /**
78  * <p/>
79  * SecurityDBObject.java</p>
80  * this object provides a means to control the DB context via Setup values.
81  * subclasses will ignore any context except that found in Setup.
82  * <p/>
83  * You probably will never create a subclass of SecurityDBObject yourself--it is
84  * a framework tool embedded in the Expresso security system. The idea is to provide
85  * a flexible way to redirect authentication classes to another database context.
86  * For example, consider a situation where there are two Expresso applications,
87  * and you wanted the second application to rely on the first in order to
88  * authenticate users and otherwise supply user information.
89  * The following classes extend SecurityDBObject in Expresso:
90  * <ul>
91  * <li>ControllerSecurity</li>
92  * <li>DBObjSecurity</li>
93  * <li>DefaultUserInfo</li>
94  * <li>GroupMembers</li>
95  * <li>GroupNest</li>
96  * <li>JobSecurity</li>
97  * <li>TmpUser</li>
98  * <li>UserGroup</li>
99  * <li>UserPreference</li>
100  * <li>UserPreferenceDef</li>
101  * </ul>
102  * <p>SecurityDBObject provides a means to control the DB context
103  * (for some or all of the classes listed above) via Setup values.
104  * Two Setup values are important for SecurityDBObject:
105  * SecurityDB -- Database to use for User/Group Security Info
106  * SecurityDBObjs -- Database Objects that should use the 'fixed' context found in the SecurityDB parameter
107  * <p/>
108  * If these Setup values are empty, SecurityDBObject does nothing special. However, if these 2 Setup values contain
109  * meaningful info, subclasses of SecurityDBObject may ignore any DB context supplied (e.g., they can ignore a
110  * context like 'default' that comes from the ControllerRequest). The logic is two-fold: the Setup value SecurityDB
111  * must be filled, AND the Setup value SecurityDBObjs must contain the fully-qualified class name of all objects
112  * (from the list of SecurityDBObject subclasses listed above) that will use the 'fixed' context value in Setup
113  * value SecurityDB. That's a bit tricky, so to repeat: even though all the security classes listed above are
114  * instances of SecurityDBObject, each one will use the fixed context only if that individual class is also listed
115  * in the Setup value, SecurityDBObjs.
116  * </p>
117  * <p/>
118  * This scheme is useful in at least one case: one primary Expresso application supplying User information to a
119  * secondary Expresso application.
120  * </p>
121  * <p/>
122  * LIMITATION: user info and group membership changed on the primary,
123  * UserInfo application will not trigger a cache cleaning on the secondary
124  * system. So when these memberships are changed, manually clean the cache on
125  * the secondary system via admin
126  * pages, or by restarting.</p>
127  * <p>As always, this sample may not be representative of your needs, so attempt
128  * this only with caution and a single-step debugger handy.</p>
129  *
130  * @author Michael Nash
131  */

132 public abstract class SecurityDBObject extends SecuredDBObject {
133     private static Logger log = Logger.getLogger(SecurityDBObject.class);
134     public static final String JavaDoc SECURITY_CONTEXT = "SecurityDB";
135     public static final String JavaDoc SECURITY_OBJECTS = "SecurityDBObjs";
136
137     public SecurityDBObject() throws DBException {
138         super();
139     }
140
141     /**
142      * Use over (String) constructor. Initializes the object in the context
143      * of the user who's uid belongs to the parameter.
144      *
145      * @param uid the Uid of the user context
146      * @throws DBException if there's an initialization problem
147      */

148     public SecurityDBObject(int uid) throws DBException {
149         super(uid);
150     }
151
152     /**
153      * For using DBObjects within Controllers. Initializes based upon the current
154      * user and the requested db. [Of course this can be modified later]
155      *
156      * @param request - The controller request handed to you by the framework.
157      * @throws DBException if there's an error constructing the object
158      */

159     public SecurityDBObject(RequestContext request) throws DBException {
160         super(request);
161     }
162
163     /**
164      * Override of DBObject's setDataContext() to call setDBName
165      *
166      * @param newContext the new dataContext to use
167      */

168     public void setDataContext(String JavaDoc newContext) {
169         try {
170             setDBName(newContext);
171         } catch (DBException e) {
172             throw new IllegalArgumentException JavaDoc(e.getMessage());
173         }
174     }
175
176     /**
177      * Ignore the newContext parameter if Setup values indicate to do this.
178      * In other words, when someone tries to set a new data context, check
179      * with Setup values to see if this SecurityDBObject subclass is listed in the set
180      * of SecurityDBObjs (a list configurable as a Setup param).
181      * <p/>
182      * Warning: calls super.setDBName(),
183      * which could loop back recursively if the superclass
184      * then creates objects which get db context set.
185      *
186      * @param newContext the new dataContext to use
187      * @throws DBException upon construction error.
188      */

189     public void setDBName(String JavaDoc newContext) throws DBException {
190         super.setDBName(newContext);
191         overrideDataContext(newContext);
192     }
193
194     /**
195      * when someone tries to set a new data context, check
196      * with Setup values to see if this new context should be
197      * ignored, such as when a SecurityDBObject subclass is listed in the set
198      * of SecurityDBObjs (a list configurable as a Setup param).
199      *
200      * @param newContext the new data context to use.
201      */

202     protected void overrideDataContext(String JavaDoc newContext) {
203         try {
204             if (newContext == null || newContext.length() == 0) {
205                 newContext = DBConnection.DEFAULT_DB_CONTEXT_NAME;
206             }
207
208             // look for setup values only if the context includes setup
209
ConfigContext config = ConfigManager.getContext(newContext);
210             if (config != null && config.hasSetupTables()) {
211                 String JavaDoc securityDB = StringUtil.notNull(Setup.getValue(newContext,
212                         SECURITY_CONTEXT));
213                 String JavaDoc objNames = StringUtil.notNull(Setup.getValue(newContext,
214                         SECURITY_OBJECTS));
215
216                 // if our object is included in list,
217
// use the Setup value for DB context instead the one passed in
218
if (objNames.indexOf(getClass().getName()) >= 0) {
219                     super.setDBName(securityDB);
220                 }
221             }
222         } catch (Exception JavaDoc ex) {
223             String JavaDoc errorMessage = "Problem overriding newContext name: "
224                     + newContext + ": "
225                     + ex.getMessage();
226             log.error(errorMessage, ex);
227             throw new IllegalArgumentException JavaDoc(errorMessage);
228         }
229     }
230 }
231
Popular Tags