SecurityDBObject


1   /* ====================================================================
2    * The Jcorporate Apache Style Software License, Version 1.2 05-07-2002
3    *
4    * Copyright (c) 1995-2002 Jcorporate Ltd. All rights reserved.
5    *
6    * Redistribution and use in source and binary forms, with or without
7    * modification, are permitted provided that the following conditions
8    * are met:
9    *
10   * 1. Redistributions of source code must retain the above copyright
11   *    notice, this list of conditions and the following disclaimer.
12   *
13   * 2. Redistributions in binary form must reproduce the above copyright
14   *    notice, this list of conditions and the following disclaimer in
15   *    the documentation and/or other materials provided with the
16   *    distribution.
17   *
18   * 3. The end-user documentation included with the redistribution,
19   *    if any, must include the following acknowledgment:
20   *       "This product includes software developed by Jcorporate Ltd.
21   *        (http://www.jcorporate.com/)."
22   *    Alternately, this acknowledgment may appear in the software itself,
23   *    if and wherever such third-party acknowledgments normally appear.
24   *
25   * 4. "Jcorporate" and product names such as "Expresso" must
26   *    not be used to endorse or promote products derived from this
27   *    software without prior written permission. For written permission,
28   *    please contact info@jcorporate.com.
29   *
30   * 5. Products derived from this software may not be called "Expresso",
31   *    or other Jcorporate product names; nor may "Expresso" or other
32   *    Jcorporate product names appear in their name, without prior
33   *    written permission of Jcorporate Ltd.
34   *
35   * 6. No product derived from this software may compete in the same
36   *    market space, i.e. framework, without prior written permission
37   *    of Jcorporate Ltd. For written permission, please contact
38   *    partners@jcorporate.com.
39   *
40   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
41   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
42   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
43   * DISCLAIMED.  IN NO EVENT SHALL JCORPORATE LTD OR ITS CONTRIBUTORS
44   * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
45   * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
46   * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
47   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
48   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
49   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
50   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51   * SUCH DAMAGE.
52   * ====================================================================
53   *
54   * This software consists of voluntary contributions made by many
55   * individuals on behalf of the Jcorporate Ltd. Contributions back
56   * to the project(s) are encouraged when you make modifications.
57   * Please send them to support@jcorporate.com. For more information
58   * on Jcorporate Ltd. and its products, please see
59   * <http://www.jcorporate.com/>.
60   *
61   * Portions of this software are based upon other open source
62   * products and are subject to their respective licenses.
63   */
64  
65  package com.jcorporate.expresso.services.dbobj;
66  
67  import com.jcorporate.expresso.core.db.DBConnection;
68  import com.jcorporate.expresso.core.db.DBException;
69  import com.jcorporate.expresso.core.dbobj.RequestContext;
70  import com.jcorporate.expresso.core.dbobj.SecuredDBObject;
71  import com.jcorporate.expresso.core.misc.ConfigContext;
72  import com.jcorporate.expresso.core.misc.ConfigManager;
73  import com.jcorporate.expresso.core.misc.StringUtil;
74  import org.apache.log4j.Logger;
75  
76  
77  /**
78   * <p/>
79   * SecurityDBObject.java</p>
80   * this object provides a means to control the DB context via Setup values.
81   * subclasses will ignore any context except that found in Setup.
82   * <p/>
83   * You probably will never create a subclass of SecurityDBObject yourself--it is
84   * a framework tool embedded in the Expresso security system. The idea is to provide
85   * a flexible way to redirect authentication classes to another database context.
86   * For example, consider a situation where there are two Expresso applications,
87   * and you wanted the second application to rely on the first in order to
88   * authenticate users and otherwise supply user information.
89   * The following classes extend SecurityDBObject in Expresso:
90   * <ul>
91   * <li>ControllerSecurity</li>
92   * <li>DBObjSecurity</li>
93   * <li>DefaultUserInfo</li>
94   * <li>GroupMembers</li>
95   * <li>GroupNest</li>
96   * <li>JobSecurity</li>
97   * <li>TmpUser</li>
98   * <li>UserGroup</li>
99   * <li>UserPreference</li>
100  * <li>UserPreferenceDef</li>
101  * </ul>
102  * <p>SecurityDBObject provides a means to control the DB context
103  * (for some or all of the classes listed above) via Setup values.
104  * Two Setup values are important for SecurityDBObject:
105  * SecurityDB -- Database to use for User/Group Security Info
106  * SecurityDBObjs -- Database Objects that should use the 'fixed' context found in the SecurityDB parameter
107  * <p/>
108  * If these Setup values are empty, SecurityDBObject does nothing special. However, if these 2 Setup values contain
109  * meaningful info, subclasses of SecurityDBObject may ignore any DB context supplied (e.g., they can ignore a
110  * context like 'default' that comes from the ControllerRequest). The logic is two-fold: the Setup value SecurityDB
111  * must be filled, AND the Setup value SecurityDBObjs must contain the fully-qualified class name of all objects
112  * (from the list of SecurityDBObject subclasses listed above) that will use the 'fixed' context value in Setup
113  * value SecurityDB. That's a bit tricky, so to repeat: even though all the security classes listed above are
114  * instances of SecurityDBObject, each one will use the fixed context only if that individual class is also listed
115  * in the Setup value, SecurityDBObjs.
116  * </p>
117  * <p/>
118  * This scheme is useful in at least one case: one primary Expresso application supplying User information to a
119  * secondary Expresso application.
120  * </p>
121  * <p/>
122  * LIMITATION: user info and group membership changed on the primary,
123  * UserInfo application will not trigger a cache cleaning on the secondary
124  * system.  So when these memberships are changed, manually clean the cache on
125  * the secondary system via admin
126  * pages, or by restarting.</p>
127  * <p>As always, this sample may not be representative of your needs, so attempt
128  * this only with caution and a single-step debugger handy.</p>
129  *
130  * @author Michael Nash
131  */
132 public abstract class SecurityDBObject extends SecuredDBObject {
133     private static Logger log = Logger.getLogger(SecurityDBObject.class);
134     public static final String   SECURITY_CONTEXT = "SecurityDB";
135     public static final String   SECURITY_OBJECTS = "SecurityDBObjs";
136 
137     public SecurityDBObject() throws DBException {
138         super();
139     }
140 
141     /**
142      * Use over (String) constructor.  Initializes the object in the context
143      * of the user who's uid belongs to the parameter.
144      *
145      * @param uid the Uid of the user context
146      * @throws DBException if there's an initialization problem
147      */
148     public SecurityDBObject(int uid) throws DBException {
149         super(uid);
150     }
151 
152     /**
153      * For using DBObjects within Controllers.  Initializes based upon the current
154      * user and the requested db. [Of course this can be modified later]
155      *
156      * @param request - The controller request handed to you by the framework.
157      * @throws DBException if there's an error constructing the object
158      */
159     public SecurityDBObject(RequestContext request) throws DBException {
160         super(request);
161     }
162 
163     /**
164      * Override of DBObject's setDataContext() to call setDBName
165      *
166      * @param newContext the new dataContext to use
167      */
168     public void setDataContext(String   newContext) {
169         try {
170             setDBName(newContext);
171         } catch (DBException e) {
172             throw new IllegalArgumentException  (e.getMessage());
173         }
174     }
175 
176     /**
177      * Ignore the newContext parameter if Setup values indicate to do this.
178      * In other words, when someone tries to set a new data context, check
179      * with Setup values to see if this SecurityDBObject subclass is listed in the set
180      * of SecurityDBObjs (a list configurable as a Setup param).
181      * <p/>
182      * Warning: calls super.setDBName(),
183      * which could loop back recursively if the superclass
184      * then creates objects which get db context set.
185      *
186      * @param newContext the new dataContext to use
187      * @throws DBException upon construction error.
188      */
189     public void setDBName(String   newContext) throws DBException {
190         super.setDBName(newContext);
191         overrideDataContext(newContext);
192     }
193 
194     /**
195      * when someone tries to set a new data context, check
196      * with Setup values to see if this new context should be
197      * ignored, such as when a SecurityDBObject subclass is listed in the set
198      * of SecurityDBObjs (a list configurable as a Setup param).
199      *
200      * @param newContext the new data context to use.
201      */
202     protected void overrideDataContext(String   newContext) {
203         try {
204             if (newContext == null || newContext.length() == 0) {
205                 newContext = DBConnection.DEFAULT_DB_CONTEXT_NAME;
206             }
207 
208             // look for setup values only if the context includes setup
209             ConfigContext config = ConfigManager.getContext(newContext);
210             if (config != null && config.hasSetupTables()) {
211                 String   securityDB = StringUtil.notNull(Setup.getValue(newContext,
212                         SECURITY_CONTEXT));
213                 String   objNames = StringUtil.notNull(Setup.getValue(newContext,
214                         SECURITY_OBJECTS));
215 
216                 // if our object is included in list,
217                 // use the Setup value for DB context instead the one passed in
218                 if (objNames.indexOf(getClass().getName()) >= 0) {
219                     super.setDBName(securityDB);
220                 }
221             }
222         } catch (Exception   ex) {
223             String   errorMessage = "Problem overriding newContext name: "
224                     + newContext + ": "
225                     + ex.getMessage();
226             log.error(errorMessage, ex);
227             throw new IllegalArgumentException  (errorMessage);
228         }
229     }
230 }
231
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags