Java > Open Source Codes > com > sslexplorer > security > actions > ShowAvailableAccountsDispatchAction


1 /*
2  * SSL-Explorer
3  *
4  * Copyright (C) 2003-2006 3SP LTD. All Rights Reserved
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public License
8  * as published by the Free Software Foundation; either version 2 of
9  * the License, or (at your option) any later version.
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public
16  * License along with this program; if not, write to the Free Software
17  * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
18  */
19             
20 package com.sslexplorer.security.actions;
21
22 import java.util.Iterator ;
23
24 import javax.servlet.http.HttpServletRequest ;
25 import javax.servlet.http.HttpServletResponse ;
26
27 import org.apache.commons.logging.Log;
28 import org.apache.commons.logging.LogFactory;
29 import org.apache.struts.Globals;
30 import org.apache.struts.action.ActionForm;
31 import org.apache.struts.action.ActionForward;
32 import org.apache.struts.action.ActionMapping;
33 import org.apache.struts.action.ActionMessage;
34 import org.apache.struts.action.ActionMessages;
35
36 import com.sslexplorer.boot.PropertyClass;
37 import com.sslexplorer.boot.PropertyClassManager;
38 import com.sslexplorer.boot.PropertyDefinition;
39 import com.sslexplorer.boot.Util;
40 import com.sslexplorer.core.CoreAttributeConstants;
41 import com.sslexplorer.core.CoreEvent;
42 import com.sslexplorer.core.CoreEventConstants;
43 import com.sslexplorer.core.CoreServlet;
44 import com.sslexplorer.core.CoreUtil;
45 import com.sslexplorer.core.UserDatabaseManager;
46 import com.sslexplorer.policyframework.Permission;
47 import com.sslexplorer.policyframework.PolicyConstants;
48 import com.sslexplorer.policyframework.PolicyDatabaseFactory;
49 import com.sslexplorer.policyframework.PolicyUtil;
50 import com.sslexplorer.properties.Property;
51 import com.sslexplorer.properties.attributes.AttributeDefinition;
52 import com.sslexplorer.properties.impl.userattributes.UserAttributeKey;
53 import com.sslexplorer.properties.impl.userattributes.UserAttributes;
54 import com.sslexplorer.security.Constants;
55 import com.sslexplorer.security.LogonControllerFactory;
56 import com.sslexplorer.security.PublicKeyStore;
57 import com.sslexplorer.security.SessionInfo;
58 import com.sslexplorer.security.User;
59 import com.sslexplorer.security.UserDatabase;
60 import com.sslexplorer.security.forms.ShowAvailableAccountsForm;
61 import com.sslexplorer.security.forms.UserAccountForm;
62 import com.sslexplorer.table.actions.AbstractPagerAction;
63
64 /**
65  */
66 public class ShowAvailableAccountsDispatchAction extends AbstractPagerAction {
67     private static final Log log = LogFactory.getLog(SetPasswordAction.class);
68
69     /**
70      */
71     public ShowAvailableAccountsDispatchAction() {
72         super(PolicyConstants.ACCOUNTS_AND_GROUPS_RESOURCE_TYPE, new Permission[] { PolicyConstants.PERM_CREATE_EDIT_AND_ASSIGN, PolicyConstants.PERM_DELETE });
73     }
74
75     public ActionForward unspecified(ActionMapping mapping, ActionForm form, HttpServletRequest request,
76                     HttpServletResponse response) throws Exception {
77         return list(mapping, form, request, response);
78     }
79
80     /**
81      * @param mapping
82      * @param form
83      * @param request
84      * @param response
85      * @return ActionForward
86      * @throws Exception
87      */
88     public ActionForward list(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response)
89                     throws Exception {
90         
91         CoreUtil.clearFlow(request);
92         
93         ShowAvailableAccountsForm accountsForm = (ShowAvailableAccountsForm) form;
94         UserDatabase udb = UserDatabaseManager.getInstance().getUserDatabase(getSessionInfo(request).getUser().getRealm());
95         User[] users = null;
96         try {
97             users = udb.listAllUsers("*");
98         } catch (Exception e) {
99             log.error("Could not list users.", e);
100             ActionMessages errs = new ActionMessages();
101             errs
102                             .add(Globals.ERROR_KEY, new ActionMessage("availableAccounts.cannotListAccounts", Util
103                                             .getExceptionMessageChain(e)));
104             saveErrors(request, errs);
105             users = new User[0];
106             accountsForm.setErrored(true);
107         }
108         accountsForm.initialize(users, isSetupMode() ? null : LogonControllerFactory.getInstance().getUser(request),
109                         request.getSession());
110         accountsForm.setEditable(udb.supportsAccountCreation());
111         ActionMessages msgs = new ActionMessages();
112         if (udb.supportsAccountCreation() && !udb.supportsPasswordChange()) {
113             msgs.add(Globals.MESSAGE_KEY, new ActionMessage("availableAccounts.noPasswordChange.text"));
114         }
115         if (!udb.supportsAccountCreation() && udb.supportsPasswordChange()) {
116             msgs.add(Globals.MESSAGE_KEY, new ActionMessage("availableAccounts.noAccountCreation.text"));
117         } else if (!udb.supportsAccountCreation() && !udb.supportsPasswordChange()) {
118             msgs.add(Globals.MESSAGE_KEY, new ActionMessage("availableAccounts.noAccountCreationAndNoPasswordChange.text"));
119         }
120         if (msgs.size() > 0) {
121             saveMessages(request, msgs);
122         }
123         return mapping.findForward("display");
124     }
125
126     /**
127      * @param mapping
128      * @param form
129      * @param request
130      * @param response
131      * @return ActionForward
132      * @throws Exception
133      */
134     public ActionForward create(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response)
135                     throws Exception {
136         return mapping.findForward("create");
137     }
138
139     /**
140      * @param mapping
141      * @param form
142      * @param request
143      * @param response
144      * @return ActionForward
145      * @throws Exception
146      */
147     public ActionForward commit(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response)
148                     throws Exception {
149         return mapping.findForward("display");
150     }
151
152     /**
153      * @param mapping
154      * @param form
155      * @param request
156      * @param response
157      * @return ActionForward
158      * @throws Exception
159      */
160     public ActionForward password(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response)
161                     throws Exception {
162         PolicyUtil.checkPermission(PolicyConstants.ACCOUNTS_AND_GROUPS_RESOURCE_TYPE, PolicyConstants.PERM_CREATE_EDIT_AND_ASSIGN, request);
163         String [] accounts = request.getParameterValues("username");
164         if (accounts == null || accounts.length != 1) {
165             ActionMessages mesgs = new ActionMessages();
166             mesgs.add(Globals.ERROR_KEY, new ActionMessage("availableAccounts.singleAccountNotSelected"));
167             saveErrors(request, mesgs);
168             return list(mapping, form, request, response);
169         } else {
170             UserDatabase udb = UserDatabaseManager.getInstance().getUserDatabase(getSessionInfo(request).getUser().getRealm());
171             User user = udb.getAccount(accounts[0]);
172             request.getSession().setAttribute("setPassword.user", user);
173             return mapping.findForward("setPassword");
174         }
175     }
176
177     /**
178      * @param mapping
179      * @param form
180      * @param request
181      * @param response
182      * @return ActionForward
183      * @throws Exception
184      */
185     public ActionForward setPassword(ActionMapping mapping, ActionForm form, HttpServletRequest request,
186                     HttpServletResponse response) throws Exception {
187         PolicyUtil.checkPermission(PolicyConstants.ACCOUNTS_AND_GROUPS_RESOURCE_TYPE, PolicyConstants.PERM_CREATE_EDIT_AND_ASSIGN, request);
188         UserDatabase udb = UserDatabaseManager.getInstance().getUserDatabase(getSessionInfo(request).getUser().getRealm());
189         User user = udb.getAccount(((UserAccountForm) form).getUsername());
190         request.getSession().setAttribute("setPassword.user", user);
191         return mapping.findForward("setPassword");
192     }
193
194     /**
195      * @param mapping
196      * @param form
197      * @param request
198      * @param response
199      * @return ActionForward
200      * @throws Exception
201      */
202     public ActionForward edit(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response)
203                     throws Exception {
204         PolicyUtil.checkPermission(PolicyConstants.ACCOUNTS_AND_GROUPS_RESOURCE_TYPE, PolicyConstants.PERM_CREATE_EDIT_AND_ASSIGN, request);
205         String [] accounts = request.getParameterValues("username");
206         if (accounts == null || accounts.length != 1) {
207             ActionMessages mesgs = new ActionMessages();
208             mesgs.add(Globals.ERROR_KEY, new ActionMessage("availableAccounts.singleAccountNotSelected"));
209             saveErrors(request, mesgs);
210             return list(mapping, form, request, response);
211         } else {
212             return mapping.findForward("edit");
213         }
214     }
215
216     /**
217      * @param mapping
218      * @param form
219      * @param request
220      * @param response
221      * @return ActionForward
222      * @throws Exception
223      */
224     public ActionForward confirmAccountDeletion(ActionMapping mapping, ActionForm form, HttpServletRequest request,
225                     HttpServletResponse response) throws Exception {
226         PolicyUtil.checkPermission(PolicyConstants.ACCOUNTS_AND_GROUPS_RESOURCE_TYPE, PolicyConstants.PERM_DELETE, request);
227         String [] accounts = request.getParameterValues("username");
228         if (accounts == null || accounts.length != 1) {
229             ActionMessages mesgs = new ActionMessages();
230             mesgs.add(Globals.ERROR_KEY, new ActionMessage("availableAccounts.singleAccountNotSelected"));
231             saveErrors(request, mesgs);
232             return list(mapping, form, request, response);
233         } else {
234             return mapping.findForward("confirmAccountDeletion");
235         }
236     }
237
238     /**
239      * @param mapping
240      * @param form
241      * @param request
242      * @param response
243      * @return ActionForward
244      * @throws Exception
245      */
246     public ActionForward accountDeletion(ActionMapping mapping, ActionForm form, HttpServletRequest request,
247                     HttpServletResponse response) throws Exception {
248         PolicyUtil.checkPermission(PolicyConstants.ACCOUNTS_AND_GROUPS_RESOURCE_TYPE, PolicyConstants.PERM_DELETE, request);
249
250         User currentUser = isSetupMode() ? null : LogonControllerFactory.getInstance().getUser(request);
251
252         String [] accounts = request.getParameterValues("username");
253         boolean found = false;
254         for (int i = 0; i < accounts.length; i++) {
255             if (currentUser != null && accounts[i].equals(currentUser.getPrincipalName())) {
256                 found = true;
257             }
258         }
259         if (!found) {
260             UserDatabase udb = UserDatabaseManager.getInstance().getUserDatabase(getSessionInfo(request).getUser().getRealm());
261             for (int i = 0; accounts != null && i < accounts.length; i++) {
262                 User user = udb.getAccount(accounts[i]);
263                 if (udb.supportsAccountCreation()) {
264                     try {
265                         // check to see if the user has a session, if so then logoff.
266 Iterator loggedOnUserSessions = LogonControllerFactory.getInstance().getActiveSessions().values()
267                                         .iterator();
268                         while (loggedOnUserSessions.hasNext()) {
269                             SessionInfo element = (SessionInfo) loggedOnUserSessions.next();
270                             if (element.getUser().equals(user)) {
271                                 element.invalidate();
272                             }
273                         }
274                         // Revoke all polices from the user
275 PolicyDatabaseFactory.getInstance().revokeAllPoliciesFromPrincipal(user);
276                         udb.deleteAccount(user);
277                         CoreServlet.getServlet().fireCoreEvent(
278                             new CoreEvent(this, CoreEventConstants.USER_REMOVED, null, null, CoreEvent.STATE_SUCCESSFUL)
279                                 .addAttribute(CoreAttributeConstants.EVENT_ATTR_PRINCIPAL_ID, user.getPrincipalName())
280                                 .addAttribute(CoreAttributeConstants.EVENT_ATTR_FULL_NAME, user.getFullname()));
281                     } catch (Exception e) {
282                         CoreServlet.getServlet().fireCoreEvent(
283                             new CoreEvent(this, CoreEventConstants.USER_REMOVED, null, null, e)
284                                 .addAttribute(CoreAttributeConstants.EVENT_ATTR_PRINCIPAL_ID, user.getPrincipalName())
285                                 .addAttribute(CoreAttributeConstants.EVENT_ATTR_FULL_NAME, user.getFullname()));
286                         throw e;
287                     }
288                 }
289             }
290         } else {
291             ActionMessages mesgs = new ActionMessages();
292             mesgs.add(Globals.ERROR_KEY, new ActionMessage("availableAccounts.cannotDeleteOwnAccount"));
293             saveErrors(request, mesgs);
294         }
295         return mapping.findForward("refresh");
296     }
297     
298     /**
299      * @param mapping
300      * @param form
301      * @param request
302      * @param response
303      * @return ActionForward
304      * @throws Exception
305      */
306     public ActionForward enable(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response)
307                     throws Exception {
308         PolicyUtil.checkPermission(PolicyConstants.ACCOUNTS_AND_GROUPS_RESOURCE_TYPE, PolicyConstants.PERM_CREATE_EDIT_AND_ASSIGN, request);
309         String [] accounts = request.getParameterValues("username");
310         ActionMessages mesgs = new ActionMessages();
311         if (accounts == null || accounts.length == 0) {
312             mesgs.add(Globals.ERROR_KEY, new ActionMessage("availableAccounts.atLeastOneAccountNotSelected"));
313             saveErrors(request, mesgs);
314         } else {
315             UserDatabase udb = UserDatabaseManager.getInstance().getUserDatabase(getSessionInfo(request).getUser().getRealm());
316             for (int i = 0; accounts != null && i < accounts.length; i++) {
317                 User user = udb.getAccount(accounts[i]);
318                 boolean disabled = !PolicyUtil.isEnabled(user);
319                 SessionInfo session = this.getSessionInfo(request);
320                 if (disabled) {
321                     if (log.isInfoEnabled())
322                         log.info("Re-enabling user " + user.getPrincipalName());
323                     PolicyUtil.setEnabled(user, true, null, session);
324                 }
325                 LogonControllerFactory.getInstance().unlockUser(user.getPrincipalName());
326             }
327         }
328         return list(mapping, form, request, response);
329     }
330
331     /**
332      * @param mapping
333      * @param form
334      * @param request
335      * @param response
336      * @return ActionForward
337      * @throws Exception
338      */
339     public ActionForward confirmDisableAccount(ActionMapping mapping, ActionForm form, HttpServletRequest request,
340                                                HttpServletResponse response) throws Exception {
341         PolicyUtil.checkPermission(PolicyConstants.ACCOUNTS_AND_GROUPS_RESOURCE_TYPE, PolicyConstants.PERM_DELETE, request);
342         String [] accounts = request.getParameterValues("username");
343         if (accounts == null || accounts.length != 1) {
344             ActionMessages mesgs = new ActionMessages();
345             mesgs.add(Globals.ERROR_KEY, new ActionMessage("availableAccounts.atLeastOneAccountNotSelected"));
346             saveErrors(request, mesgs);
347             return list(mapping, form, request, response);
348         } else {
349             UserDatabase udb = UserDatabaseManager.getInstance().getUserDatabase(getSessionInfo(request).getUser().getRealm());
350             for (int i = 0; accounts != null && i < accounts.length; i++) {
351                 User user = udb.getAccount(accounts[i]);
352                 if (null != user.getPrincipalName() && user.getPrincipalName().equals(this.getSessionInfo(request).getUser().getPrincipalName())) {
353                     ActionMessages mesgs = new ActionMessages();
354                     mesgs.add(Globals.ERROR_KEY, new ActionMessage("status.sessions.cannotLogoffYourself"));
355                     saveErrors(request, mesgs);
356                     return new ActionForward("/confirmDisableAccount.do");
357                 }
358             }
359             disable(mapping, form, request, response);
360         }
361         return list(mapping, form, request, response);
362     }
363     
364     /**
365      * @param mapping
366      * @param form
367      * @param request
368      * @param response
369      * @return ActionForward
370      * @throws Exception
371      */
372     public ActionForward disable(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response)
373                     throws Exception {
374         PolicyUtil.checkPermission(PolicyConstants.ACCOUNTS_AND_GROUPS_RESOURCE_TYPE, PolicyConstants.PERM_CREATE_EDIT_AND_ASSIGN, request);
375         String [] accounts = request.getParameterValues("username");
376         ActionMessages mesgs = new ActionMessages();
377         if (accounts == null || accounts.length == 0) {
378             mesgs.add(Globals.ERROR_KEY, new ActionMessage("availableAccounts.atLeastOneAccountNotSelected"));
379             saveErrors(request, mesgs);
380         } else {
381             UserDatabase udb = UserDatabaseManager.getInstance().getUserDatabase(getSessionInfo(request).getUser().getRealm());
382             for (int i = 0; accounts != null && i < accounts.length; i++) {
383                 User user = udb.getAccount(accounts[i]);
384                 SessionInfo info = this.getSessionInfo(request);
385                 boolean disabled = !PolicyUtil.isEnabled(user);
386                 if (!disabled) {
387                     if (log.isInfoEnabled())
388                         log.info("Disabling user " + user.getPrincipalName());
389                     PolicyUtil.setEnabled(user, false, null, info);
390                     if (LogonControllerFactory.getInstance().isAdministrator(user)) {
391                         mesgs.add(Globals.MESSAGE_KEY, new ActionMessage("info.superUserDisabled"));
392                         saveErrors(request, mesgs);
393                     }
394
395                 }
396             }
397         }
398         return list(mapping, form, request, response);
399     }
400
401     /**
402      * @param mapping
403      * @param form
404      * @param request
405      * @param response
406      * @return ActionForward
407      * @throws Exception
408      */
409     public ActionForward sendMessage(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
410         String [] accounts = request.getParameterValues("username");
411         if (accounts != null && accounts.length == 1) {
412             return CoreUtil.addParameterToForward(mapping.findForward("sendMessage"), "users", accounts[0]);
413         }
414         return list(mapping, form, request, response);
415     }
416     
417     /**
418      * Confirm the reset of a users private key.
419      * @param mapping
420      * @param form
421      * @param request
422      * @param response
423      * @return forward
424      * @throws Exception
425      */
426     public ActionForward confirmResetPrivateKey(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
427         String [] accounts = request.getParameterValues("username");
428         if (accounts != null && accounts.length == 1) {
429             int resourceId = getSessionInfo(request).getUser().getRealm().getResourceId();
430             User account = UserDatabaseManager.getInstance().getUserDatabase(resourceId).getAccount(accounts[0]);
431             request.getSession().setAttribute(Constants.EDITING_ITEM, account);
432             return mapping.findForward("confirmResetPrivateKey");
433         }
434         return list(mapping, form, request, response);
435     }
436
437     /**
438      * Reset of a users private key.
439      *
440      * @param mapping
441      * @param form
442      * @param request
443      * @param response
444      * @return forward
445      * @throws Exception
446      */
447     public ActionForward resetPrivateKey(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws Exception {
448         User user = (User) request.getSession().getAttribute(Constants.EDITING_ITEM);
449         PolicyUtil.checkPermission(PolicyConstants.ACCOUNTS_AND_GROUPS_RESOURCE_TYPE, PolicyConstants.PERM_CREATE_EDIT_AND_ASSIGN, request);
450         PropertyClass propertyClass = PropertyClassManager.getInstance().getPropertyClass(UserAttributes.NAME);
451         /* We must delete all confidential attribute values */
452         for (PropertyDefinition propertyDefinition : propertyClass.getDefinitions()) {
453             AttributeDefinition attributeDefinition = (AttributeDefinition) propertyDefinition;
454             if (attributeDefinition.getVisibility() == AttributeDefinition.USER_CONFIDENTIAL_ATTRIBUTE) {
455                 Property.setProperty(new UserAttributeKey(user, attributeDefinition.getName()), (String ) null, getSessionInfo(request));
456             }
457         }
458         PublicKeyStore.getInstance().removeKeys(user.getPrincipalName());
459         return list(mapping, form, request, response);
460     }
461     
462     public int getNavigationContext(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) {
463         return SessionInfo.MANAGEMENT_CONSOLE_CONTEXT;
464     }
465 }

A to Z: JavaDoc & Examples

---

Daily Java News & Articles

---

Open Source Projects

---

Open Source Codes

---

Free Computer Books

---

Remove Frame

---

Popular Tags