1 28 package net.sf.jguard.ext.authorization.manager; 29 30 import java.io.File ; 31 import java.io.FileInputStream ; 32 import java.io.FileNotFoundException ; 33 import java.io.IOException ; 34 import java.net.URI ; 35 import java.net.URISyntaxException ; 36 import java.security.Permission ; 37 import java.security.Principal ; 38 import java.sql.Connection ; 39 import java.sql.PreparedStatement ; 40 import java.sql.ResultSet ; 41 import java.sql.SQLException ; 42 import java.util.ArrayList ; 43 import java.util.Arrays ; 44 import java.util.HashMap ; 45 import java.util.HashSet ; 46 import java.util.Iterator ; 47 import java.util.List ; 48 import java.util.Map ; 49 import java.util.Properties ; 50 import java.util.Set ; 51 import java.util.Stack ; 52 import java.util.logging.Level ; 53 import java.util.logging.Logger ; 54 55 import net.sf.jguard.core.CoreConstants; 56 import net.sf.jguard.core.authorization.permissions.Domain; 57 import net.sf.jguard.core.authorization.permissions.JGPermissionCollection; 58 import net.sf.jguard.core.authorization.permissions.JGPositivePermissionCollection; 59 import net.sf.jguard.core.authorization.permissions.NoSuchPermissionException; 60 import net.sf.jguard.core.authorization.permissions.PermissionUtils; 61 import net.sf.jguard.core.principals.RolePrincipal; 62 import net.sf.jguard.core.util.FileUtils; 63 import net.sf.jguard.ext.SecurityConstants; 64 import net.sf.jguard.ext.authorization.AuthorizationException; 65 import net.sf.jguard.ext.database.ConnectionFactory; 66 import net.sf.jguard.ext.database.DatabaseUtils; 67 import net.sf.jguard.ext.util.XMLUtils; 68 69 75 public class JdbcAuthorizationManager extends AbstractAuthorizationManager implements AuthorizationManager{ 76 77 private static final Logger logger = Logger.getLogger(JdbcAuthorizationManager.class.getName()); 78 79 80 protected static final String NAME = "name"; 81 protected static final String DOMAIN_NAME= "domain_name"; 82 83 protected Map domainIds; 85 86 protected static String jgDomainSeq ="jg_domain_seq"; 88 protected static String jgPermissionSeq ="jg_permission_seq"; 89 protected static String jgAppPrincipalSeq ="jg_app_principal_seq"; 90 protected static String jgUrlQuerySeq ="jg_url_query_seq"; 91 protected static String jgPrincipalDomain ="jg_principal_domain"; 92 protected static String jgDomain ="jg_domain"; 93 protected static String jgAppPrincipal ="jg_app_principal"; 94 protected static String jgPrincipalPermission ="jg_principal_permission"; 95 protected static String jgPermission= "jg_permission"; 96 protected static String jgUrlQuery = "jg_urlquery"; 97 protected static String jgPrincipalHierarchy = "jg_principal_principal"; 98 99 protected String PRINCIPALS_HIERARCHY = "PRINCIPALS_HIERARCHY"; 101 protected String CREATE_PRINCIPAL_INHERITANCE = "CREATE_PRINCIPAL_INHERITANCE"; 102 protected String DELETE_PRINCIPAL_INHERITANCE = "DELETE_PRINCIPAL_INHERITANCE"; 103 104 105 protected String PRINCIPALS="PRINCIPALS"; 106 protected String PERMISSIONS_FROM_PRINCIPAL="PERMISSIONS_FROM_PRINCIPAL"; 107 protected String PERMISSIONS_FROM_DOMAINS="PERMISSIONS_FROM_DOMAINS"; 108 protected String PERMISSIONS="PERMISSIONS"; 109 protected String CREATE_PERMISSION="CREATE_PERMISSION"; 110 protected String CREATE_DOMAIN="CREATE_DOMAIN"; 111 protected String CREATE_PRINCIPAL_PERMISSION="CREATE_PRINCIPAL_PERMISSION"; 112 protected String CREATE_PRINCIPAL_DOMAIN="CREATE_PRINCIPAL_DOMAIN"; 113 protected String DOMAINS="DOMAINS"; 114 protected String DELETE_DOMAIN="DELETE_DOMAIN"; 116 protected String DELETE_PRINCIPAL_DOMAIN="DELETE_PRINCIPAL_DOMAIN"; 118 protected String DELETE_DOMAIN_PRINCIPAL="DELETE_DOMAIN_PRINCIPAL"; 120 121 protected String UPDATE_DOMAIN="UPDATE_DOMAIN"; 122 protected String UPDATE_PERMISSION="UPDATE_PERMISSION"; 123 protected String CHANGE_DOMAIN_PERMISSION="CHANGE_DOMAIN_PERMISSION"; 124 protected String DELETE_PRINCIPAL="DELETE_PRINCIPAL"; 125 protected String CREATE_PRINCIPAL="CREATE_PRINCIPAL"; 126 protected String UPDATE_PRINCIPAL="UPDATE_PRINCIPAL"; 127 protected String DELETE_PERMISSION="DELETE_PERMISSION"; 129 protected String DELETE_PRINCIPAL_PERMISSION="DELETE_PRINCIPAL_PERMISSION"; 131 protected String DELETE_PERMISSION_PRINCIPAL="DELETE_PERMISSION_PRINCIPAL"; 133 protected String READ_PERMISSION_ID="READ_PERMISSION_ID"; 134 protected String READ_DOMAIN_ID ="READ_DOMAIN_ID"; 135 protected String READ_PRINCIPAL_ID ="READ_PRINCIPAL_ID"; 136 137 private Properties props; 138 private String dbPropertiesLocation; 139 protected ConnectionFactory connectionFactory = null; 140 141 144 public JdbcAuthorizationManager() { 145 super(); 146 domainIds = new HashMap (); 147 } 148 149 154 public List getInitParameters() { 155 156 String [] authorizationParameters = {"authorizationUrl","authorizationLogin", 157 "authorizationPassword","authorizationDriver"}; 158 return Arrays.asList(authorizationParameters); 159 } 160 161 162 167 private Set initPrincipals() { 168 169 Set ppals = new HashSet (); 170 Map principalsMap = new HashMap (); 171 PreparedStatement pst; 172 PreparedStatement pst2; 173 PreparedStatement pst3; 174 ResultSet rs; 175 ResultSet rs2; 176 ResultSet rs3; 177 178 Connection connection = null; 179 try { 180 connection = connectionFactory.getConnection(); 181 pst= connection.prepareStatement(props.getProperty(PRINCIPALS)); 182 rs = pst.executeQuery(); 183 184 while(rs.next()){ 185 RolePrincipal tempJGuardPrincipal = new RolePrincipal(); 186 tempJGuardPrincipal.setName(this.applicationName+"#"+rs.getString(NAME)); 187 String name = rs.getString(NAME); 188 189 Set domainNames = new HashSet (); 191 192 pst3 = connection.prepareStatement(props.getProperty(PERMISSIONS_FROM_DOMAINS)); 194 pst3.setString(1,name); 195 rs3 = pst3.executeQuery(); 196 197 while(rs3.next()){ 199 String domainName = rs3.getString(DOMAIN_NAME); 200 if(!domainNames.contains(domainName)){ 201 domainNames.add(domainName); 202 logger.finest(" add domain "+domainName+" to principal "+tempJGuardPrincipal.getLocalName()); 203 JGPermissionCollection domainTemp = (JGPermissionCollection)domains.get(domainName); 204 tempJGuardPrincipal.addDomain(domainTemp); 205 } 206 207 } 208 209 pst2 = connection.prepareStatement(props.getProperty(PERMISSIONS_FROM_PRINCIPAL)); 211 pst2.setString(1,name); 212 rs2 = pst2.executeQuery(); 213 214 while(rs2.next()){ 216 String permissionName = rs2.getString(NAME); 217 Permission perm; 218 try { 219 perm = (Permission )urlp.getPermission(permissionName); 220 tempJGuardPrincipal.addPermission(perm); 221 } catch (NoSuchPermissionException e) { 222 logger.warning(" permission "+permissionName+" is not present in the JGPermissionCollection "); 223 } 224 } 225 226 ppals.add(tempJGuardPrincipal); 227 principalsMap.put(tempJGuardPrincipal.getLocalName(), tempJGuardPrincipal); 228 } 229 230 231 232 rs.close(); 233 pst.close(); 234 235 pst = connection.prepareStatement(props.getProperty(PRINCIPALS_HIERARCHY)); 236 rs = pst.executeQuery(); 237 238 RolePrincipal ascendantPrincipal = null; 239 240 while (rs.next()) { 241 String principalAscendantName = rs.getString(1); 242 String principalDescendantName = rs.getString(2); 243 244 if (ascendantPrincipal == null || !ascendantPrincipal.getLocalName().equals(principalAscendantName)) { 245 ascendantPrincipal = (RolePrincipal) principalsMap.get(principalAscendantName); 246 } 247 248 RolePrincipal descendant = (RolePrincipal)principalsMap.get(principalDescendantName); 249 ascendantPrincipal.getDescendants().add(descendant); 250 251 logger.info("Principal " + principalAscendantName + " inherites from principal " + principalDescendantName); 252 } 253 254 rs.close(); 255 pst.close(); 256 257 } catch (SQLException e) { 258 if (logger.isLoggable(Level.FINEST)) { 259 logger.finest("initPrincipals in AuthorizationManager SQL ERROR "+ e.getMessage()); 260 } 261 }finally{ 262 try { 263 connection.close(); 264 } catch (SQLException e1) { 265 logger.log(Level.SEVERE, "listPrincipals()", e1); 266 } 267 } 268 269 return ppals; 270 } 271 272 277 private JGPermissionCollection initPermissions() { 278 279 JGPermissionCollection urlPc= new JGPositivePermissionCollection(); 280 Permission tempPermission = null; 281 String tempPermissionName=""; 282 Connection connection2 = null; 283 try { 284 connection2 = connectionFactory.getConnection(); 286 PreparedStatement pst2 = connection2.prepareStatement(props.getProperty(DOMAINS)); 287 ResultSet rs2 = pst2.executeQuery(); 288 while(rs2.next()){ 289 String domainName = rs2.getString(NAME); 290 Long domainId = new Long ((rs2.getInt("id"))); 291 JGPermissionCollection domain = new Domain(domainName); 292 domainsSet.add(domain); 293 domains.put(domainName,domain); 294 domainIds.put(domainName,domainId); 295 Connection connection = null; 296 try{ 297 connection = connectionFactory.getConnection(); 298 PreparedStatement pst = connection.prepareStatement(props.getProperty(PERMISSIONS)); 299 pst.setLong(1,domainId.longValue()); 300 ResultSet rs = pst.executeQuery(); 301 302 while(rs.next()){ 304 305 if(rs.getString(NAME).equals(tempPermissionName)==false){ 307 if(tempPermission!=null){ 308 urlPc.add(tempPermission); 309 } 310 String clazz = rs.getString(("class")); 311 String actions = rs.getString(("actions")); 312 try { 313 tempPermission = PermissionUtils.getPermission(clazz,rs.getString(NAME),actions); 314 } catch (ClassNotFoundException e) { 315 logger.warning(e.getMessage()); 316 continue; 317 } 318 permissions.put(tempPermission.getName(),tempPermission); 319 permissionsSet.add(tempPermission); 320 ((JGPermissionCollection)domains.get(domainName)).add(tempPermission); 322 323 } 324 } 325 326 if(tempPermission!=null){ 328 urlPc.add(tempPermission); 329 } 330 }finally{ 331 connection.close(); 332 } 333 334 } 335 336 337 } catch (SQLException e) { 338 339 if (logger.isLoggable(Level.FINEST)) { 340 logger.finest("listPermissions() - initializePermissions in AuthorizationManager SQL ERROR "+ e.getMessage()); 341 } 342 343 }finally{ 344 try { 345 connection2.close(); 346 } catch (SQLException e) { 347 throw new RuntimeException (e); 348 } 349 } 350 351 return urlPc; 352 } 353 354 359 public void init(Map options) { 360 super.init(options); 361 String applicationName= (String )options.get(CoreConstants.APPLICATION_NAME); 362 if(applicationName==null){ 363 throw new IllegalArgumentException (" applicationName is null"); 364 } 365 this.setApplicationName(applicationName); 366 super.options = options; 367 dbPropertiesLocation = (String )options.get(SecurityConstants.AUTHORIZATION_DATABASE_FILE_LOCATION); 368 dbPropertiesLocation = XMLUtils.resolveLocation(dbPropertiesLocation); 369 props = new Properties (); 370 try { 371 File file = FileUtils.getFile(new URI (dbPropertiesLocation)); 372 props.load(new FileInputStream (file)); 373 logger.finest(" JdbcAuthorizationManager properties = "+props); 374 } catch (FileNotFoundException e2) { 375 logger.severe(" authorization database properties file is not found at this location "+dbPropertiesLocation); 376 e2.printStackTrace(); 377 } catch (IOException e2) { 378 logger.severe(" authorization database properties file is not accesible this location "+dbPropertiesLocation+"\n "+e2.getMessage()); 379 } catch (URISyntaxException e) { 380 logger.log(Level.SEVERE, " uri of the authorization database properties file hasn't got a valid synthax ",e); 381 } 382 383 connectionFactory = new ConnectionFactory(options); 385 createRequiredDatabaseEntities(props,connectionFactory); 386 boolean empty = isEmpty(); 387 if(empty){ 388 insertRequiredData(); 389 } 390 391 urlp = initPermissions(); 392 principalsSet = initPrincipals(); 393 Iterator itPrincipalsSet = principalsSet.iterator(); 394 395 while(itPrincipalsSet.hasNext()){ 397 RolePrincipal tempPrincipal = (RolePrincipal)itPrincipalsSet.next(); 398 principals.put(tempPrincipal.getLocalName(),tempPrincipal); 399 } 400 401 } 402 403 private static void createRequiredDatabaseEntities(Properties properties,ConnectionFactory connectionFactory) { 404 405 List tablesNames = new ArrayList (); 407 tablesNames.add("JG_DOMAIN"); 408 tablesNames.add("JG_APP_PRINCIPAL"); 409 tablesNames.add("JG_PERMISSION"); 410 tablesNames.add("JG_PRINCIPAL_PERMISSION"); 411 tablesNames.add("JG_PRINCIPAL_DOMAIN"); 412 tablesNames.add("JG_PRINCIPAL_HIERARCHY"); 413 414 List sequencesNames = new ArrayList (); 415 sequencesNames.add("JG_APP_PRINCIPAL_SEQ"); 416 sequencesNames.add("JG_PERMISSION_SEQ"); 417 sequencesNames.add("JG_DOMAIN_SEQ"); 418 419 List foreignkeysNames = new ArrayList (); 420 foreignkeysNames.add("FK_PERMISSION_PRINCIPAL"); 421 foreignkeysNames.add("FK_PRINCIPAL_PERMISSION"); 422 foreignkeysNames.add("FK_DOMAIN_PRINCIPAL"); 423 foreignkeysNames.add("FK_PRINCIPAL_DOMAIN"); 424 foreignkeysNames.add("FK_PERMISSION_DOMAIN"); 425 foreignkeysNames.add("FK_PRINCIPAL_HIERARCHY_PRINCIPAL"); 426 foreignkeysNames.add("FK_PRINCIPAL_HIERARCHY_PRINCIPAL2"); 427 428 DatabaseUtils.createRequiredDatabaseEntities(properties,connectionFactory,sequencesNames,tablesNames,foreignkeysNames); 430 431 } 432 433 434 435 442 public void createPermission(Permission permission,String domainName) throws AuthorizationException { 443 444 445 Connection conn = null; 446 PreparedStatement pst = null; 447 try { 449 conn = connectionFactory.getConnection(); 450 pst = conn.prepareStatement(props.getProperty(CREATE_PERMISSION)); 451 452 pst.setString(1,permission.getName()); 453 pst.setString(2,permission.getActions()); 454 pst.setString(3,permission.getClass().getName()); 455 Long domainId =(Long )domainIds.get(domainName); 456 pst.setLong(4,domainId.longValue()); 457 pst.executeUpdate(); 458 459 urlp.add(permission); 461 if (logger.isLoggable(Level.FINEST)) { 462 logger.finest("createPermission() - " + permission 463 + " added!"); 464 logger.finest("createPermission() - permissions: " + urlp); 465 } 466 JGPermissionCollection domain = (JGPermissionCollection)domains.get(domainName); 468 domain.add(permission); 469 permissions.put(permission.getName(),permission); 470 permissionsSet.add(permission); 471 472 477 this.updatePrincipals(permission); 478 479 480 } catch (SQLException e) { 481 logger.log(Level.SEVERE, "createPermission(URLPermission, String)", e); 482 }finally{ 483 try { 484 pst.close(); 485 conn.close(); 486 } catch (SQLException e1) { 487 logger.log(Level.SEVERE, "createPermission(URLPermission, String)", e1); 488 } 489 } 490 491 492 } 493 494 495 496 504 public void updatePermission(String oldPermissionName, Permission perm, String newDomainName) throws AuthorizationException { 505 506 507 PreparedStatement pst; 508 Connection conn = null; 509 510 try { 511 conn = connectionFactory.getConnection(); 512 conn.setAutoCommit(false); 513 pst = conn.prepareStatement(props.getProperty(UPDATE_PERMISSION)); 514 515 pst.setString(1,perm.getName()); 517 pst.setString(2,perm.getActions()); 519 pst.setString(3,perm.getClass().getName()); 521 pst.setLong(4,((Long )domainIds.get(newDomainName)).longValue()); 523 pst.setString(5,oldPermissionName); 525 pst.executeUpdate(); 526 527 JGPermissionCollection newDomain = (JGPermissionCollection)domains.get(newDomainName); 528 529 Iterator itDomains = domainsSet.iterator(); 531 Permission oldPermission = (Permission ) permissions.get(oldPermissionName); 532 while(itDomains.hasNext()){ 533 JGPermissionCollection domain = (JGPermissionCollection)itDomains.next(); 534 535 if(domain.containsPermission(oldPermission)){ 536 domain.removePermission(oldPermission); 537 break; 541 } 542 } 543 544 urlp.removePermission(oldPermission); 546 urlp.add(perm); 547 permissions.remove(oldPermissionName); 548 permissions.put(perm.getName(),perm); 549 Iterator itPermissionsSet = permissionsSet.iterator(); 550 while(itPermissionsSet.hasNext()){ 551 Permission tempPerm = (Permission )itPermissionsSet.next(); 552 if(tempPerm.getName().equals(oldPermissionName)){ 553 permissionsSet.remove(tempPerm); 554 break; 555 } 556 } 557 permissionsSet.add(perm); 558 newDomain.add(perm); 560 561 this.updatePrincipals(perm); 563 conn.commit(); 566 } catch (SQLException e) { 567 throw new AuthorizationException(e); 568 }finally{ 569 try { 570 conn.close(); 571 } catch (SQLException e1) { 572 logger.log(Level.SEVERE, "updatePermission(String, URLPermission, String)", e1); 573 } 574 } 575 } 576 577 578 579 584 public void deletePermission(String permissionName) throws AuthorizationException { 585 586 587 PreparedStatement pst; 588 PreparedStatement pst2; 589 Connection conn = null; 590 try { 591 conn = connectionFactory.getConnection(); 592 conn.setAutoCommit(false); 593 pst = conn.prepareStatement(props.getProperty(DELETE_PERMISSION_PRINCIPAL)); 596 pst.setString(1,permissionName); 597 logger.finest(props.getProperty(DELETE_PERMISSION_PRINCIPAL)); 598 logger.finest("permissionName="+permissionName); 599 pst.executeUpdate(); 600 pst.close(); 601 602 pst2 = conn.prepareStatement(props.getProperty(DELETE_PERMISSION)); 603 pst2.setString(1,permissionName); 604 pst2.executeUpdate(); 605 606 this.removePermissionFromPrincipals(permissionName); 607 Permission permission = null; 608 try { 609 permission = (Permission )urlp.getPermission(permissionName); 610 } catch (NoSuchPermissionException e) { 611 throw new AuthorizationException(e); 612 } 613 Domain domain = getDomain(permission); 614 domain.removePermission(permission); 615 permissions.remove(permission.getName()); 616 permissionsSet.remove(permission); 617 urlp.removePermission(permission); 618 this.updatePrincipals(domain); 620 621 Iterator urlpIt = urlp.getPermissions().iterator(); 622 while(urlpIt.hasNext()){ 623 Permission tempPermission = (Permission )urlpIt.next(); 624 if(tempPermission.getName().equals(permissionName)){ 625 getDomain(tempPermission).removePermission(tempPermission); 627 urlpIt.remove(); 629 break; 630 } 631 632 } 633 conn.commit(); 634 } catch (SQLException e) { 635 logger.log(Level.SEVERE, "deletePermission(String)", e); 636 }finally{ 637 try { 638 conn.close(); 639 } catch (SQLException e1) { 640 logger.log(Level.SEVERE, "deletePermission(String)", e1); 641 } 642 } 643 644 } 645 646 647 652 public void createDomain(String domainName) throws AuthorizationException { 653 654 PreparedStatement pst; 655 PreparedStatement pst2; 656 ResultSet rs2; 657 Connection conn = null; 658 try { 659 conn = connectionFactory.getConnection(); 660 pst = conn.prepareStatement(props.getProperty(CREATE_DOMAIN)); 661 pst.setString(1,domainName); 662 pst.executeUpdate(); 663 JGPermissionCollection newDomain = new Domain(domainName); 664 pst2 = conn.prepareStatement(props.getProperty(READ_DOMAIN_ID)); 665 pst2.setString(1,domainName); 666 rs2 = pst2.executeQuery(); 667 rs2.next(); 669 domains.put(domainName,newDomain); 670 domainsSet.add(newDomain); 671 domainIds.put(domainName,new Long (rs2.getLong("id"))); 672 673 } catch (SQLException e) { 674 logger.log(Level.SEVERE, "createDomain(String)", e); 675 }finally{ 676 try { 677 conn.close(); 678 } catch (SQLException e1) { 679 logger.log(Level.SEVERE, "createDomain(String)", e1); 680 } 681 } 682 683 } 684 685 691 public void updateDomain(String newDomainName,String oldDomainName) throws AuthorizationException { 692 693 PreparedStatement pst; 694 PreparedStatement pst2; 695 ResultSet rs2; 696 Connection conn = null; 697 try { 698 conn = connectionFactory.getConnection(); 699 pst = conn.prepareStatement(props.getProperty(UPDATE_DOMAIN)); 700 pst.setString(1,newDomainName); 701 pst.setString(2,oldDomainName); 702 pst.executeUpdate(); 703 Domain updatedDomain = ((Domain)domains.get(oldDomainName)); 705 728 domainsSet.remove(domains.get(oldDomainName)); 729 updatedDomain.setName(newDomainName); 731 732 domains.remove(oldDomainName); 733 domainIds.remove(oldDomainName); 735 736 domains.put(newDomainName,updatedDomain); 737 738 pst2 = conn.prepareStatement(props.getProperty(READ_DOMAIN_ID)); 739 pst2.setString(1,newDomainName); 740 rs2 = pst2.executeQuery(); 741 rs2.next(); 743 domainIds.put(newDomainName,new Long (rs2.getLong("id"))); 744 domainsSet.add(domains.get(updatedDomain.getName())); 745 746 this.updatePrincipals(updatedDomain, oldDomainName); 748 } catch (SQLException e) { 749 logger.log(Level.SEVERE, "updateDomain(String, String)", e); 750 }finally{ 751 try { 752 conn.close(); 753 } catch (SQLException e1) { 754 logger.log(Level.SEVERE, "updateDomain(String, String)", e1); 755 } 756 } 757 758 } 759 760 761 767 public void deleteDomain(String domainName) throws AuthorizationException { 768 if(domains.get(domainName)== null){ 769 throw new AuthorizationException(" this domain does not exists "); 770 }else if(((JGPermissionCollection)domains.get(domainName)).getPermissions().isEmpty()==false){ 771 throw new AuthorizationException(" there are "+ 772 ((JGPermissionCollection)domains.get(domainName)).getPermissions().size()+" permissions bound to this domain "); 773 }else{ 774 775 776 PreparedStatement pst; 777 PreparedStatement pst2; 778 Connection conn = null; 779 try { 780 conn = connectionFactory.getConnection(); 781 pst2 = conn.prepareStatement(props.getProperty(DELETE_DOMAIN_PRINCIPAL)); 783 pst2.setString(1,domainName); 784 pst2.executeUpdate(); 785 786 pst = conn.prepareStatement(props.getProperty(DELETE_DOMAIN)); 787 pst.setString(1,domainName); 788 pst.executeUpdate(); 789 domainIds.remove(((Domain)domains.get(domainName)).getName()); 790 domainsSet.remove(domains.get(domainName)); 791 domains.remove(domainName); 793 794 super.removeDomainFromPrincipals(domainName); 796 } catch (SQLException e) { 797 logger.log(Level.SEVERE, "deleteDomain(String)", e); 798 }finally{ 799 try { 800 conn.close(); 801 } catch (SQLException e1) { 802 logger.log(Level.SEVERE, "deleteDomain(String)", e1); 803 } 804 } 805 } 806 } 807 808 809 816 public void updatePrincipal(String oldPrincipalName, Principal principal) throws AuthorizationException { 817 818 PreparedStatement pst; 819 PreparedStatement pst2; 820 PreparedStatement pst3; 821 Connection conn = null; 822 823 try { 824 conn = connectionFactory.getConnection(); 825 pst2 = conn.prepareStatement(props.getProperty(DELETE_PRINCIPAL_PERMISSION)); 827 pst2.setString(1,oldPrincipalName); 828 logger.finest(props.getProperty(DELETE_PRINCIPAL_PERMISSION)); 829 logger.finest(oldPrincipalName); 830 pst2.executeUpdate(); 831 832 pst3 = conn.prepareStatement(props.getProperty(DELETE_PRINCIPAL_DOMAIN)); 834 pst3.setString(1,oldPrincipalName); 835 pst3.executeUpdate(); 836 837 pst = conn.prepareStatement(props.getProperty(UPDATE_PRINCIPAL)); 839 pst.setString(1,getLocalName(principal)); 840 pst.setString(2,oldPrincipalName); 841 pst.executeUpdate(); 842 } catch (SQLException e) { 843 logger.log(Level.SEVERE, "updatePrincipal(String, RolePrincipal)", e); 844 throw new AuthorizationException(e); 845 }finally{ 846 try { 847 conn.close(); 848 } catch (SQLException e1) { 849 throw new AuthorizationException(" connection cannot be closed ",e1); 850 } 851 } 852 if(principal.getClass().equals(RolePrincipal.class)){ 853 addDomainsAndPermissions((RolePrincipal)principal); 854 } 855 Principal oldPal = (Principal )principals.remove(oldPrincipalName); 857 principalsSet.remove(oldPal); 858 principals.put(getLocalName(principal),principal); 859 principalsSet.add(principal); 860 861 862 } 863 864 868 private void addDomainsAndPermissions(RolePrincipal principal) throws AuthorizationException { 869 870 871 PreparedStatement pst4; 872 PreparedStatement pst5; 873 PreparedStatement pst6; 874 PreparedStatement pst7; 875 PreparedStatement pst8; 876 ResultSet rs5; 877 ResultSet rs6; 878 ResultSet rs7; 879 Connection conn = null; 880 try { 881 conn = connectionFactory.getConnection(); 882 pst6 = conn.prepareStatement(props.getProperty(READ_PRINCIPAL_ID)); 884 885 pst6.setString(1,getLocalName(principal)); 886 rs6 = pst6.executeQuery(); 887 long idPrincipal; 888 if(rs6.next()){ 889 idPrincipal = rs6.getLong(1); 890 }else{ 891 throw new AuthorizationException(" the principal "+principal.getLocalName()+" is not present in the database : it hasn't got any id "); 892 } 893 Set orphanedPermissions = principal.getOrphanedPermissions(); 895 Iterator itOrphanedPermissions = orphanedPermissions.iterator(); 896 long idPermission; 897 898 while(itOrphanedPermissions.hasNext()){ 899 Permission perm = (Permission )itOrphanedPermissions.next(); 900 pst5 = conn.prepareStatement(props.getProperty(READ_PERMISSION_ID)); 901 pst5.setString(1,perm.getName()); 902 rs5 = pst5.executeQuery(); 903 rs5.next(); 904 idPermission = rs5.getLong(1); 905 906 pst8 = conn.prepareStatement(props.getProperty(CREATE_PRINCIPAL_PERMISSION)); 907 pst8.setLong(1,idPrincipal); 908 pst8.setLong(2,idPermission); 909 pst8.executeUpdate(); 910 } 911 912 Set doms = principal.getDomains(); 914 Iterator itDomains = doms.iterator(); 915 long idDomain; 916 while(itDomains.hasNext()){ 917 Domain dom = (Domain)itDomains.next(); 918 pst7 = conn.prepareStatement(props.getProperty(READ_DOMAIN_ID)); 919 pst7.setString(1,dom.getName()); 920 rs7 = pst7.executeQuery(); 921 rs7.next(); 922 idDomain = rs7.getLong(1); 923 924 pst4 = conn.prepareStatement(props.getProperty(CREATE_PRINCIPAL_DOMAIN)); 925 pst4.setLong(1,idPrincipal); 926 pst4.setLong(2,idDomain); 927 pst4.executeUpdate(); 928 } 929 930 } catch (SQLException e) { 931 throw new AuthorizationException(" an SQLException has been raised in the addDomainsAndPermissions method ",e); 932 }finally{ 933 try { 934 conn.close(); 935 } catch (SQLException e1) { 936 throw new AuthorizationException(" connection cannot be closed ",e1); 937 } 938 } 939 } 940 941 946 public void deletePrincipal(Principal principal) throws AuthorizationException { 947 948 PreparedStatement pst; 949 PreparedStatement pst2; 950 PreparedStatement pst3; 951 Connection conn = null; 952 try { 953 conn = connectionFactory.getConnection(); 954 pst = conn.prepareStatement(props.getProperty(DELETE_PRINCIPAL_PERMISSION)); 955 pst.setString(1,getLocalName(principal)); 956 pst.executeUpdate(); 957 958 pst3 = conn.prepareStatement(props.getProperty(DELETE_PRINCIPAL_DOMAIN)); 959 pst3.setString(1,getLocalName(principal)); 960 pst3.executeUpdate(); 961 962 pst2 = conn.prepareStatement(props.getProperty(DELETE_PRINCIPAL)); 963 pst2.setString(1,getLocalName(principal)); 964 pst2.executeUpdate(); 965 principals.remove(getLocalName(principal)); 966 RolePrincipal ppal = new RolePrincipal(); 967 ppal.setLocalName(getLocalName(principal)); 968 ppal.setApplicationName(applicationName); 969 principalsSet.remove(ppal); 970 971 } catch (SQLException e) { 972 logger.log(Level.SEVERE, "deletePrincipal(String)", e); 973 }finally{ 974 try { 975 conn.close(); 976 } catch (SQLException e1) { 977 logger.log(Level.SEVERE, "deletePrincipal(String)", e1); 978 } 979 } 980 981 } 982 983 984 990 public void changeDomainPermission(String permissionName, String newDomainName) throws AuthorizationException{ 991 992 PreparedStatement pst; 993 Connection conn = null; 994 try { 995 conn = connectionFactory.getConnection(); 996 conn.setAutoCommit(false); 997 pst = conn.prepareStatement(props.getProperty(CHANGE_DOMAIN_PERMISSION)); 998 pst.setString(1,newDomainName); 999 pst.setString(2,permissionName); 1000 pst.executeUpdate(); 1001 Permission perm; 1002 try { 1003 perm = (Permission )urlp.getPermission(permissionName); 1004 } catch (NoSuchPermissionException e) { 1005 throw new AuthorizationException(e); 1006 } 1007 JGPermissionCollection oldDomain =getDomain(perm); 1008 oldDomain.removePermission(perm); 1009 JGPermissionCollection newDomain =(JGPermissionCollection)domains.get(newDomainName); 1010 newDomain.add(perm); 1011 conn.commit(); 1012 } catch (SQLException e) { 1013 logger.log(Level.SEVERE, "changeDomainPermission(String, String)", e); 1014 }finally{ 1015 try { 1016 conn.close(); 1017 } catch (SQLException e1) { 1018 logger.log(Level.SEVERE, "changeDomainPermission(String, String)", e1); 1019 } 1020 } 1021 1022 } 1023 1024 public void createPrincipal(Principal principal) throws AuthorizationException{ 1025 1026 PreparedStatement pst; 1027 Connection conn = null; 1028 try { 1030 conn = connectionFactory.getConnection(); 1031 pst = conn.prepareStatement(props.getProperty(CREATE_PRINCIPAL)); 1032 pst.setString(1,getLocalName(principal)); 1033 int result = pst.executeUpdate(); 1034 if(result==0){ 1035 throw new AuthorizationException("principal "+getLocalName(principal)+" has not been created"); 1036 } 1037 } catch (SQLException e) { 1038 logger.log(Level.SEVERE, "createPrincipal(RolePrincipal)", e); 1039 throw new AuthorizationException(e); 1040 }finally{ 1041 try { 1042 conn.close(); 1043 } catch (SQLException e1) { 1044 logger.log(Level.SEVERE, "createPrincipal(RolePrincipal)", e1); 1045 throw new AuthorizationException(e1); 1046 } 1047 } 1048 if(principal.getClass().equals(RolePrincipal.class)){ 1049 addDomainsAndPermissions((RolePrincipal)principal); 1050 } 1051 principals.put(getLocalName(principal),principal); 1052 1053 principalsSet.add(principal); 1054 1055 } 1056 1057 1068 public void addInheritance(String principalAscName, String principalDescName) throws AuthorizationException { 1069 RolePrincipal principalAsc = (RolePrincipal) principals.get(principalAscName); 1071 RolePrincipal principalDesc = (RolePrincipal) principals.get(principalDescName); 1072 1073 if (principalAsc == null) { 1074 logger.severe("Principal " + principalAscName + " not found!"); 1075 throw new AuthorizationException("Principal " + principalAscName + " not found!"); 1076 } 1077 1078 if (principalDesc == null) { 1079 logger.severe("Principal " + principalDescName + " not found!"); 1080 throw new AuthorizationException("Principal " + principalDescName + " not found!"); 1081 } 1082 1083 for (Iterator it = principalAsc.getDescendants().iterator(); it.hasNext(); ) { 1085 if (principalDesc.equals(it.next())) { 1086 logger.warning("Principal " + principalAscName + " is immediate ascendant of Principal " + principalDescName + "!"); 1087 } 1088 } 1089 1090 Stack principalsToCheck = new Stack (); 1093 Stack principalsFromNextLevel = new Stack (); 1095 principalsToCheck.addAll(principalDesc.getDescendants()); 1096 1097 while (!principalsToCheck.isEmpty()) { 1098 RolePrincipal principal = (RolePrincipal) principalsToCheck.pop(); 1099 if (principalAsc.equals(principal)) { 1100 logger.severe("Principal " + principalAscName + " cannot inherit Principal " 1101 + principalDescName + " because " + principalDescName + " inherit " 1102 + principalAscName); 1103 throw new AuthorizationException("Principal " + principalAscName + " cannot inherit Principal " 1104 + principalDescName + " because " + principalDescName + " inherit " 1105 + principalAscName); 1106 } 1107 1108 principalsFromNextLevel.addAll(principal.getDescendants()); 1109 1110 if (principalsToCheck.isEmpty()) { 1112 principalsToCheck.addAll(principalsFromNextLevel); 1113 1114 principalsFromNextLevel.clear(); 1116 } 1117 } 1118 1119 1120 PreparedStatement pst; 1121 Connection conn = null; 1122 try { 1123 conn = connectionFactory.getConnection(); 1124 pst = conn.prepareStatement(props.getProperty(READ_PRINCIPAL_ID)); 1126 pst.setString(1, principalAscName); 1127 ResultSet rs = pst.executeQuery(); 1128 rs.next(); 1129 int principalAscId = rs.getInt(1); 1130 rs.close(); 1131 1132 pst.setString(1, principalDescName); 1134 rs = pst.executeQuery(); 1135 rs.next(); 1136 int principalDescId = rs.getInt(1); 1137 rs.close(); 1138 pst.close(); 1139 1140 pst = conn.prepareStatement(props.getProperty(CREATE_PRINCIPAL_INHERITANCE)); 1142 pst.setInt(1, principalAscId); 1143 pst.setInt(2, principalDescId); 1144 pst.executeUpdate(); 1145 pst.close(); 1146 1147 principalAsc.getDescendants().add(principalDesc); 1149 1150 } catch (SQLException e) { 1151 logger.log(Level.SEVERE, "addInheritance(principalAscName, principalDescName)", e); 1152 } finally { 1153 try { 1154 conn.close(); 1155 } catch (SQLException e1) { 1156 logger.log(Level.SEVERE, "addInheritance(principalAscName, principalDescName)", e1); 1157 } 1158 } 1159 1160 1161 } 1162 1163 1168 public void deleteInheritance(String principalAscName, String principalDescName) throws AuthorizationException { 1169 1170 PreparedStatement pst; 1171 Connection conn = null; 1172 try { 1173 conn = connectionFactory.getConnection(); 1174 pst = conn.prepareStatement(props.getProperty(READ_PRINCIPAL_ID)); 1176 pst.setString(1, principalAscName); 1177 ResultSet rs = pst.executeQuery(); 1178 rs.next(); 1179 int principalAscId = rs.getInt(1); 1180 rs.close(); 1181 1182 pst.setString(1, principalDescName); 1184 rs = pst.executeQuery(); 1185 rs.next(); 1186 int principalDescId = rs.getInt(1); 1187 rs.close(); 1188 pst.close(); 1189 1190 pst = conn.prepareStatement(props.getProperty(DELETE_PRINCIPAL_INHERITANCE)); 1192 pst.setInt(1, principalAscId); 1193 pst.setInt(2, principalDescId); 1194 pst.executeUpdate(); 1195 1196 pst.close(); 1197 1198 RolePrincipal principalAsc = (RolePrincipal) principals.get(principalAscName); 1199 principalAsc.getDescendants().remove(principals.get(principalDescName)); 1200 1201 logger.info("Inheritance beteween principal " + principalAscName + " and " + principalDescName + " was been deleted."); 1202 } catch (SQLException e) { 1203 logger.log(Level.SEVERE, "assemblyPrincipalHierarchy(RolePrincipal)", e); 1204 }finally{ 1205 try { 1206 conn.close(); 1207 } catch (SQLException e1) { 1208 logger.log(Level.SEVERE, "assemblyPrincipalHierarchy(RolePrincipal)", e1); 1209 } 1210 } 1211 } 1212 1213 1214 1217 private void insertRequiredData(){ 1218 AuthorizationManager authManager = new XmlAuthorizationManager(); 1219 Map options = new HashMap (); 1220 String XmlFileLocation = dbPropertiesLocation.substring(0,dbPropertiesLocation.lastIndexOf('/'))+"/jGuardPrincipalsPermissions.xml"; 1221 options.put(SecurityConstants.AUTHORIZATION_XML_FILE_LOCATION,XmlFileLocation); 1222 options.put(CoreConstants.APPLICATION_NAME,this.applicationName); 1223 authManager.init(options); 1224 1225 try { 1226 importAuthorizationManager(authManager); 1227 } catch (AuthorizationException e) { 1228 logger.severe(" error importing AuthorizationManager with options "+options); 1229 } 1230 1231 } 1232 1233 public boolean isEmpty() { 1234 List selectQueries = new ArrayList (); 1235 selectQueries.add("PRINCIPALS"); 1236 selectQueries.add("ALL_PERMISSIONS"); 1237 selectQueries.add("DOMAINS"); 1238 return DatabaseUtils.isEmpty(this.props,connectionFactory,selectQueries); 1239 1240 } 1241 1242 1243} 1244 | Popular Tags |