BaseSecurityService


1   package org.apache.fulcrum.security;
2   
3   /* ====================================================================
4    * The Apache Software License, Version 1.1
5    *
6    * Copyright (c) 2001 The Apache Software Foundation.  All rights
7    * reserved.
8    *
9    * Redistribution and use in source and binary forms, with or without
10   * modification, are permitted provided that the following conditions
11   * are met:
12   *
13   * 1. Redistributions of source code must retain the above copyright
14   *    notice, this list of conditions and the following disclaimer.
15   *
16   * 2. Redistributions in binary form must reproduce the above copyright
17   *    notice, this list of conditions and the following disclaimer in
18   *    the documentation and/or other materials provided with the
19   *    distribution.
20   *
21   * 3. The end-user documentation included with the redistribution,
22   *    if any, must include the following acknowledgment:
23   *       "This product includes software developed by the
24   *        Apache Software Foundation (http://www.apache.org/)."
25   *    Alternately, this acknowledgment may appear in the software itself,
26   *    if and wherever such third-party acknowledgments normally appear.
27   *
28   * 4. The names "Apache" and "Apache Software Foundation" and
29   *    "Apache Turbine" must not be used to endorse or promote products
30   *    derived from this software without prior written permission. For
31   *    written permission, please contact apache@apache.org.
32   *
33   * 5. Products derived from this software may not be called "Apache",
34   *    "Apache Turbine", nor may "Apache" appear in their name, without
35   *    prior written permission of the Apache Software Foundation.
36   *
37   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
38   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
39   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
40   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
41   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
43   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
44   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
45   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
46   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
47   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
48   * SUCH DAMAGE.
49   * ====================================================================
50   *
51   * This software consists of voluntary contributions made by many
52   * individuals on behalf of the Apache Software Foundation.  For more
53   * information on the Apache Software Foundation, please see
54   * <http://www.apache.org/>.
55   */
56  
57  import java.security.MessageDigest  ;
58  import java.util.Map  ;
59  
60  import org.apache.commons.codec.binary.Base64;
61  import org.apache.fulcrum.BaseService;
62  import org.apache.fulcrum.InitializationException;
63  import org.apache.fulcrum.TurbineServices;
64  import org.apache.fulcrum.factory.FactoryService;
65  import org.apache.fulcrum.security.entity.Group;
66  import org.apache.fulcrum.security.entity.Permission;
67  import org.apache.fulcrum.security.entity.Role;
68  import org.apache.fulcrum.security.entity.User;
69  import org.apache.fulcrum.security.util.AccessControlList;
70  import org.apache.fulcrum.security.util.DataBackendException;
71  import org.apache.fulcrum.security.util.EntityExistsException;
72  import org.apache.fulcrum.security.util.GroupSet;
73  import org.apache.fulcrum.security.util.PasswordMismatchException;
74  import org.apache.fulcrum.security.util.PermissionSet;
75  import org.apache.fulcrum.security.util.RoleSet;
76  import org.apache.fulcrum.security.util.UnknownEntityException;
77  import org.apache.torque.util.Criteria;
78  import org.apache.turbine.services.yaaficomponent.YaafiComponentService;
79  
80  /**
81   * This is a common subset of SecurityService implementation.
82   *
83   * Provided functionality includes:
84   * <ul>
85   * <li> methods for retrieving User objects, that delegates functionality
86   *      to the pluggable implementations of the User interface.
87   * <li> synchronization mechanism for methods reading/modifying the security
88   *      information, that guarantees that multiple threads may read the
89   *      information concurrently, but threads that modify the information
90   *      acquires exclusive access.
91   * <li> implementation of convenience methods for retrieving security entities
92   *      that maintain in-memory caching of objects for fast access.
93   * </ul>
94   *
95   * @author <a HREF="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a>
96   * @author <a HREF="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
97   * @author <a HREF="mailto:marco@intermeta.de">Marco Kn&uuml;ttel</a>
98   * @version $Id: BaseSecurityService.java,v 1.2 2004/11/17 14:28:07 epugh Exp $
99   */
100 public abstract class BaseSecurityService
101     extends BaseService
102     implements SecurityService
103 {
104     // management of Groups/Role/Permissions
105 
106     /** Holds a list of all groups in the systems, for speeding up the access */
107     private GroupSet allGroups = null;
108 
109     /** Holds a list of all roles in the systems, for speeding up the access */
110     private RoleSet allRoles = null;
111 
112     /** Holds a list of all permissions in the systems, for speeding up the access */
113     private PermissionSet allPermissions = null;
114 
115     /** The number of threads concurrently reading security information */
116     private int readerCount = 0;
117 
118     /** The instance of UserManager the SecurityService uses */
119     protected UserManager userManager = null;
120 
121     /** The class of User the SecurityService uses */
122     private Class   userClass = null;
123 
124     /** The class of Group the SecurityService uses */
125     private Class   groupClass = null;
126 
127     /** The class of Permission the SecurityService uses */
128     private Class   permissionClass = null;
129     
130     /** The class of Role the SecurityService uses */
131     private Class   roleClass = null;
132 
133     /** The class of ACL the SecurityService uses */
134     private Class   aclClass = null;
135 
136     /** A factory to construct ACL Objects */
137     private FactoryService aclFactoryService = null;
138 
139     /**
140      * The Group object that represents the <a HREF="#global">global group</a>.
141      */
142     private static Group globalGroup = null;
143 
144     /**
145      * This method provides client-side encryption of passwords.
146      *
147      * If <code>secure.passwords</code> are enabled in TurbineResources,
148      * the password will be encrypted, if not, it will be returned unchanged.
149      * The <code>secure.passwords.algorithm</code> property can be used
150      * to chose which digest algorithm should be used for performing the
151      * encryption. <code>SHA</code> is used by default.
152      *
153      * @param password the password to process
154      * @return processed password
155      */
156     public String   encryptPassword(String   password)
157     {
158         if (password == null)
159         {
160             return null;
161         }
162 
163         String   secure = getConfiguration().getString(
164             SecurityService.SECURE_PASSWORDS_KEY,
165             SecurityService.SECURE_PASSWORDS_DEFAULT).toLowerCase();
166 
167         String   algorithm = getConfiguration().getString(
168             SecurityService.SECURE_PASSWORDS_ALGORITHM_KEY,
169             SecurityService.SECURE_PASSWORDS_ALGORITHM_DEFAULT);
170 
171         if (secure.equals("true") || secure.equals("yes"))
172         {
173             try
174             {
175                 MessageDigest   md = MessageDigest.getInstance(algorithm);
176                 // We need to use unicode here, to be independent of platform's
177                 // default encoding. Thanks to SGawin for spotting this.
178                 byte[] digest = md.digest(password.getBytes("UTF-8"));
179 
180                 // Eric:  Note, this is in a new package in commons-codec 1.3,
181                 // could have unintended results..
182                 // Base64-encode the digest.
183                 Base64 base64 = new Base64();
184                 byte[] encodedDigest = base64.encodeBase64(digest);
185                 return (encodedDigest == null ? null :
186                         new String  (encodedDigest));
187             }
188             catch (Exception   e)
189             {
190                 getCategory().error("Unable to encrypt password");
191                 getCategory().error(e);
192 
193                 return null;
194             }
195         }
196         else
197         {
198             return password;
199         }
200     }
201 
202     /**
203      * Initializes the SecurityService, locating the apropriate UserManager
204      *
205      * @throws InitializationException A Problem occured while initializing the User Manager.
206      */
207     public void init()
208         throws InitializationException
209     {
210         String   userManagerClassName = getConfiguration().getString(
211             SecurityService.USER_MANAGER_KEY,
212             SecurityService.USER_MANAGER_DEFAULT);
213 
214         String   userClassName = getConfiguration().getString(
215             SecurityService.USER_CLASS_KEY,
216             SecurityService.USER_CLASS_DEFAULT);
217 
218         String   groupClassName = getConfiguration().getString(
219             SecurityService.GROUP_CLASS_KEY, 
220             SecurityService.GROUP_CLASS_DEFAULT);
221 
222         String   permissionClassName = getConfiguration().getString(
223             SecurityService.PERMISSION_CLASS_KEY, 
224             SecurityService.PERMISSION_CLASS_DEFAULT);
225 
226         String   roleClassName = getConfiguration().getString(
227             SecurityService.ROLE_CLASS_KEY, 
228             SecurityService.ROLE_CLASS_DEFAULT);
229 
230         String   aclClassName = getConfiguration().getString(
231             SecurityService.ACL_CLASS_KEY, 
232             SecurityService.ACL_CLASS_DEFAULT);
233 
234         try
235         {
236             userClass = Class.forName(userClassName);
237             groupClass      = Class.forName(groupClassName);
238             permissionClass = Class.forName(permissionClassName);
239             roleClass       = Class.forName(roleClassName);
240             aclClass        = Class.forName(aclClassName);
241         }
242         catch (Exception   e)
243         {
244             if (userClass == null)
245             {
246                 throw new InitializationException(
247                       "Failed to create a Class object for User implementation", e);
248             }
249             if (groupClass == null)
250             {
251                 throw new InitializationException(
252                       "Failed to create a Class object for Group implementation", e);
253             }
254             if (permissionClass == null)
255             {
256                 throw new InitializationException(
257                       "Failed to create a Class object for Permission implementation", e);
258             }
259             if (roleClass == null)
260             {
261             throw new InitializationException(
262                       "Failed to create a Class object for Role implementation", e);
263             }
264             if (aclClass == null)
265             {
266                 throw new InitializationException(
267                       "Failed to create a Class object for ACL implementation", e);
268             }
269         }
270 
271         try
272         {
273             userManager =  (UserManager) Class.
274                 forName(userManagerClassName).newInstance();
275         }
276         catch (Exception   e)
277         {
278             throw new InitializationException(
279                 "BaseSecurityService.init: Failed to instantiate UserManager", e);
280         }
281 
282         try 
283         {
284             aclFactoryService = getFactoryService();
285         }
286         catch (Exception   e)
287         {
288             throw new InitializationException(
289                 "BaseSecurityService.init: Failed to get the Factory Service object", e);
290         }
291 
292 
293         setInit(true);
294     }
295 
296     /**
297      * Return a Class object representing the system's chosen implementation of
298      * of User interface.
299      *
300      * @return systems's chosen implementation of User interface.
301      * @throws UnknownEntityException if the implementation of User interface
302      *         could not be determined, or does not exist.
303      */
304     public Class   getUserClass()
305         throws UnknownEntityException
306     {
307         if (userClass == null)
308         {
309             throw new UnknownEntityException(
310                 "Failed to create a Class object for User implementation");
311         }
312         return userClass;
313     }
314 
315     /**
316      * Construct a blank User object.
317      *
318      * This method calls getUserClass, and then creates a new object using
319      * the default constructor.
320      *
321      * @return an object implementing User interface.
322      * @throws UnknownEntityException if the object could not be instantiated.
323      */
324     public User getUserInstance()
325         throws UnknownEntityException
326     {
327         User user;
328         try
329         {
330             user = (User) getUserClass().newInstance();
331         }
332         catch (Exception   e)
333         {
334             throw new UnknownEntityException("Failed instantiate an User implementation object", e);
335         }
336         return user;
337     }
338 
339     /**
340      * Construct a blank User object.
341      *
342      * This method calls getUserClass, and then creates a new object using
343      * the default constructor.
344      *
345      * @param userName The name of the user.
346      *
347      * @return an object implementing User interface.
348      *
349      * @throws UnknownEntityException if the object could not be instantiated.
350      */
351     public User getUserInstance(String   userName)
352         throws UnknownEntityException
353     {
354         User user = getUserInstance();
355         user.setName(userName);
356         return user;
357     }
358 
359     /**
360      * Return a Class object representing the system's chosen implementation of
361      * of Group interface.
362      *
363      * @return systems's chosen implementation of Group interface.
364      * @throws UnknownEntityException if the implementation of Group interface
365      *         could not be determined, or does not exist.
366      */
367     public Class   getGroupClass()
368         throws UnknownEntityException
369     {
370         if (groupClass == null)
371         {
372             throw new UnknownEntityException(
373                 "Failed to create a Class object for Group implementation");
374         }
375         return groupClass;
376     }
377 
378     /**
379      * Construct a blank Group object.
380      *
381      * This method calls getGroupClass, and then creates a new object using
382      * the default constructor.
383      *
384      * @return an object implementing Group interface.
385      * @throws UnknownEntityException if the object could not be instantiated.
386      */
387     public Group getGroupInstance()
388         throws UnknownEntityException
389     {
390         Group group;
391         try
392         {
393             group = (Group) getGroupClass().newInstance();
394         }
395         catch (Exception   e)
396         {
397             throw new UnknownEntityException("Failed instantiate an Group implementation object", e);
398         }
399         return group;
400     }
401 
402     /**
403      * Construct a blank Group object.
404      *
405      * This method calls getGroupClass, and then creates a new object using
406      * the default constructor.
407      *
408      * @param groupName The name of the Group
409      *
410      * @return an object implementing Group interface.
411      *
412      * @throws UnknownEntityException if the object could not be instantiated.
413      */
414     public Group getGroupInstance(String   groupName)
415         throws UnknownEntityException
416     {
417         Group group = getGroupInstance();
418         group.setName(groupName);
419         return group;
420     }
421 
422     /**
423      * Return a Class object representing the system's chosen implementation of
424      * of Permission interface.
425      *
426      * @return systems's chosen implementation of Permission interface.
427      * @throws UnknownEntityException if the implementation of Permission interface
428      *         could not be determined, or does not exist.
429      */
430     public Class   getPermissionClass()
431         throws UnknownEntityException
432     {
433         if (permissionClass == null)
434         {
435             throw new UnknownEntityException(
436                 "Failed to create a Class object for Permission implementation");
437         }
438         return permissionClass;
439     }
440 
441     /**
442      * Construct a blank Permission object.
443      *
444      * This method calls getPermissionClass, and then creates a new object using
445      * the default constructor.
446      *
447      * @return an object implementing Permission interface.
448      * @throws UnknownEntityException if the object could not be instantiated.
449      */
450     public Permission getPermissionInstance()
451         throws UnknownEntityException
452     {
453         Permission permission;
454         try
455         {
456             permission = (Permission) getPermissionClass().newInstance();
457         }
458         catch (Exception   e)
459         {
460             throw new UnknownEntityException("Failed instantiate an Permission implementation object", e);
461         }
462         return permission;
463     }
464 
465     /**
466      * Construct a blank Permission object.
467      *
468      * This method calls getPermissionClass, and then creates a new object using
469      * the default constructor.
470      *
471      * @param permName The name of the permission.
472      *
473      * @return an object implementing Permission interface.
474      * @throws UnknownEntityException if the object could not be instantiated.
475      */
476     public Permission getPermissionInstance(String   permName)
477         throws UnknownEntityException
478     {
479         Permission perm = getPermissionInstance();
480         perm.setName(permName);
481         return perm;
482     }
483 
484     /**
485      * Return a Class object representing the system's chosen implementation of
486      * of Role interface.
487      *
488      * @return systems's chosen implementation of Role interface.
489      * @throws UnknownEntityException if the implementation of Role interface
490      *         could not be determined, or does not exist.
491      */
492     public Class   getRoleClass()
493         throws UnknownEntityException
494     {
495         if (roleClass == null)
496         {
497             throw new UnknownEntityException(
498                 "Failed to create a Class object for Role implementation");
499         }
500         return roleClass;
501     }
502 
503     /**
504      * Construct a blank Role object.
505      *
506      * This method calls getRoleClass, and then creates a new object using
507      * the default constructor.
508      *
509      * @return an object implementing Role interface.
510      * @throws UnknownEntityException if the object could not be instantiated.
511      */
512     public Role getRoleInstance()
513         throws UnknownEntityException
514     {
515         Role role;
516         try
517         {
518             role = (Role) getRoleClass().newInstance();
519         }
520         catch (Exception   e)
521         {
522             throw new UnknownEntityException("Failed instantiate an Role implementation object", e);
523         }
524         return role;
525     }
526 
527     /**
528      * Construct a blank Role object.
529      *
530      * This method calls getRoleClass, and then creates a new object using
531      * the default constructor.
532      *
533      * @param roleName The name of the role.
534      *
535      * @return an object implementing Role interface.
536      *
537      * @throws UnknownEntityException if the object could not be instantiated.
538      */
539     public Role getRoleInstance(String   roleName)
540         throws UnknownEntityException
541     {
542         Role role = getRoleInstance();
543         role.setName(roleName);
544         return role;
545     }
546 
547     /**
548      * Return a Class object representing the system's chosen implementation of
549      * of ACL interface.
550      *
551      * @return systems's chosen implementation of ACL interface.
552      * @throws UnknownEntityException if the implementation of ACL interface
553      *         could not be determined, or does not exist.
554      */
555     public Class   getAclClass()
556         throws UnknownEntityException
557     {
558         if (aclClass == null)
559         {
560             throw new UnknownEntityException(
561                 "Failed to create a Class object for ACL implementation");
562         }
563         return aclClass;
564     }
565 
566     /**
567      * Construct a new ACL object.
568      *
569      * This constructs a new ACL object from the configured class and
570      * initializes it with the supplied roles and permissions.
571      * 
572      * @param roles The roles that this ACL should contain
573      * @param permissions The permissions for this ACL
574      *
575      * @return an object implementing ACL interface.
576      * @throws UnknownEntityException if the object could not be instantiated.
577      */
578     public AccessControlList getAclInstance(Map   roles, Map   permissions)
579         throws UnknownEntityException
580     {
581         Object  [] objects    = { roles, permissions };
582         String  [] signatures = {"java.util.Map", "java.util.Map"};
583         AccessControlList accessControlList;
584         
585         try
586         {
587             accessControlList = 
588                 (AccessControlList) aclFactoryService.getInstance(aclClass.getName(), 
589                                                                   objects, 
590                                                                   signatures);
591         }
592         catch (Exception   e)
593         {
594             throw new UnknownEntityException(
595                       "Failed instantiate an ACL implementation object", e);
596         }
597 
598         return accessControlList;
599     }
600 
601     /**
602      * Check whether a specified user's account exists.
603      *
604      * The login name is used for looking up the account.
605      *
606      * @param user The user to be checked.
607      * @return true if the specified account exists
608      * @throws DataBackendException if there was an error accessing the data backend.
609      */
610     public boolean accountExists(User user)
611         throws DataBackendException
612     {
613         return userManager.accountExists(user);
614     }
615 
616     /**
617      * Check whether a specified user's account exists.
618      *
619      * The login name is used for looking up the account.
620      *
621      * @param userName The name of the user to be checked.
622      *
623      * @return true if the specified account exists
624      *
625      * @throws DataBackendException if there was an error accessing the data backend.
626      */
627     public boolean accountExists(String   userName)
628         throws DataBackendException
629     {
630         return userManager.accountExists(userName);
631     }
632 
633     /**
634      * Authenticates an user, and constructs an User object to represent
635      * him/her.
636      *
637      * @param username The user name.
638      * @param password The user password.
639      * @return An authenticated Turbine User.
640      * @exception PasswordMismatchException if the supplied password was
641      *            incorrect.
642      * @exception UnknownEntityException if the user's account does not
643      *            exist in the database.
644      * @exception DataBackendException if there is a problem accessing the
645      *            storage.
646      */
647     public User getAuthenticatedUser(String   username, String   password)
648         throws DataBackendException, UnknownEntityException,
649                PasswordMismatchException
650     {
651         return userManager.retrieve(username, password);
652     }
653 
654     /**
655      * Constructs an User object to represent a registered user of the application.
656      *
657      * @param username The user name.
658      * @return A Turbine User.
659      * @exception UnknownEntityException if the user's account does not
660      *            exist in the database.
661      * @exception DataBackendException if there is a problem accessing the
662      *            storage.
663      */
664     public User getUser(String   username)
665         throws DataBackendException, UnknownEntityException
666     {
667         return userManager.retrieve(username);
668     }
669 
670     /**
671      * Retrieve a set of users that meet the specified criteria.
672      *
673      * As the keys for the criteria, you should use the constants that
674      * are defined in {@link User} interface, plus the names
675      * of the custom attributes you added to your user representation
676      * in the data storage. Use verbatim names of the attributes -
677      * without table name prefix in case of DB implementation.
678      *
679      * @param criteria The criteria of selection.
680      * @return a List of users meeting the criteria.
681      * @throws DataBackendException if there is a problem accessing the
682      *         storage.
683      */
684     public User[] getUsers(Criteria criteria)
685         throws DataBackendException
686     {
687         return userManager.retrieve(criteria);
688     }
689 
690     /**
691      * Constructs an User object to represent an anonymous user of the application.
692      *
693      * @return An anonymous Turbine User.
694      * @throws UnknownEntityException if the implementation of User interface
695      *         could not be determined, or does not exist.
696      */
697     public User getAnonymousUser()
698         throws UnknownEntityException
699     {
700         User user = getUserInstance();
701         user.setUserName("");
702         return user;
703     }
704 
705     /**
706      * Saves User's data in the permanent storage. The user account is required
707      * to exist in the storage.
708      * 
709      * @param user The user Object to store.
710      *
711      * @exception UnknownEntityException if the user's account does not
712      *            exist in the database.
713      * @exception DataBackendException if there is a problem accessing the
714      *            storage.
715      */
716     public void saveUser(User user)
717         throws UnknownEntityException, DataBackendException
718     {
719         userManager.store(user);
720     }
721 
722     /**
723      * Creates new user account with specified attributes.
724      *
725      * @param user the object describing account to be created.
726      * @param password The password to use for the account.
727      *
728      * @throws DataBackendException if there was an error accessing the data backend.
729      * @throws EntityExistsException if the user account already exists.
730      */
731     public void addUser(User user, String   password)
732         throws DataBackendException, EntityExistsException
733     {
734         userManager.createAccount(user, password);
735     }
736 
737     /**
738      * Removes an user account from the system.
739      *
740      * @param user the object describing the account to be removed.
741      * @throws DataBackendException if there was an error accessing the data backend.
742      * @throws UnknownEntityException if the user account is not present.
743      */
744     public void removeUser(User user)
745         throws DataBackendException, UnknownEntityException
746     {
747         // revoke all roles form the user
748         revokeAll(user);
749 
750         userManager.removeAccount(user);
751     }
752 
753     /**
754      * Change the password for an User.
755      *
756      * @param user an User to change password for.
757      * @param oldPassword the current password supplied by the user.
758      * @param newPassword the current password requested by the user.
759      * @exception PasswordMismatchException if the supplied password was
760      *            incorrect.
761      * @exception UnknownEntityException if the user's record does not
762      *            exist in the database.
763      * @exception DataBackendException if there is a problem accessing the
764      *            storage.
765      */
766     public void changePassword(User user, String   oldPassword, String   newPassword)
767         throws PasswordMismatchException, UnknownEntityException,
768                DataBackendException
769     {
770         userManager.changePassword(user, oldPassword, newPassword);
771     }
772 
773     /**
774      * Forcibly sets new password for an User.
775      *
776      * This is supposed by the administrator to change the forgotten or
777      * compromised passwords. Certain implementatations of this feature
778      * would require administrative level access to the authenticating
779      * server / program.
780      *
781      * @param user an User to change password for.
782      * @param password the new password.
783      * @exception UnknownEntityException if the user's record does not
784      *            exist in the database.
785      * @exception DataBackendException if there is a problem accessing the
786      *            storage.
787      */
788     public void forcePassword(User user, String   password)
789         throws UnknownEntityException, DataBackendException
790     {
791         userManager.forcePassword(user, password);
792     }
793 
794     /**
795      * Acquire a shared lock on the security information repository.
796      *
797      * Methods that read security information need to invoke this
798      * method at the beginning of their body.
799      */
800     protected synchronized void lockShared()
801     {
802         readerCount++;
803     }
804 
805     /**
806      * Release a shared lock on the security information repository.
807      *
808      * Methods that read security information need to invoke this
809      * method at the end of their body.
810      */
811     protected synchronized void unlockShared()
812     {
813         readerCount--;
814         this.notify();
815     }
816 
817     /**
818      * Acquire an exclusive lock on the security information repository.
819      *
820      * Methods that modify security information need to invoke this
821      * method at the beginning of their body. Note! Those methods must
822      * be <code>synchronized</code> themselves!
823      */
824     protected void lockExclusive()
825     {
826         while (readerCount > 0)
827         {
828             try
829             {
830                this.wait();
831             }
832             catch (InterruptedException   e)
833             {
834             }
835         }
836     }
837 
838     /**
839      * Release an exclusive lock on the security information repository.
840      *
841      * This method is provided only for completeness. It does not really
842      * do anything. Note! Methods that modify security information
843      * must be <code>synchronized</code>!
844      */
845     protected void unlockExclusive()
846     {
847         // do nothing
848     }
849 
850     /**
851      * Provides a reference to the Group object that represents the
852      * <a HREF="#global">global group</a>.
853      *
854      * @return a Group object that represents the global group.
855      */
856     public Group getGlobalGroup()
857     {
858         if (globalGroup == null)
859         {
860             synchronized (BaseSecurityService.class)
861             {
862                 if (globalGroup == null)
863                 {
864                     try
865                     {
866                         globalGroup = getAllGroups()
867                             .getGroup(Group.GLOBAL_GROUP_NAME);
868                     }
869                     catch (DataBackendException e)
870                     {
871                         getCategory().error("Failed to retrieve global group object");
872                         getCategory().error(e);
873                     }
874                 }
875             }
876         }
877         return globalGroup;
878     }
879 
880     /**
881      * Retrieve a Group object with specified name.
882      *
883      * @param name the name of the Group.
884      * @return an object representing the Group with specified name.
885      *
886      * @exception UnknownEntityException if the object does not
887      *            exist in the database.
888      * @exception DataBackendException if there is a problem accessing the
889      *            storage.
890      */
891     public Group getGroup(String   name)
892         throws DataBackendException, UnknownEntityException
893     {
894         GroupSet groups = getAllGroups();
895         Group group = groups.getGroup(name);
896         if (group != null)
897         {
898             return group;
899         }
900         else
901         {
902             throw new UnknownEntityException("The specified group does not exist");
903         }
904     }
905 
906     /**
907      * Retrieve a Role object with specified name.
908      *
909      * @param name the name of the Role.
910      * @return an object representing the Role with specified name.
911      *
912      * @exception UnknownEntityException if the object does not
913      *            exist in the database.
914      * @exception DataBackendException if there is a problem accessing the
915      *            storage.
916      */
917     public Role getRole(String   name)
918         throws DataBackendException, UnknownEntityException
919     {
920         RoleSet roles = getAllRoles();
921         Role role = roles.getRole(name);
922         if (role != null)
923         {
924             role.setPermissions(getPermissions(role));
925             return role;
926         }
927         else
928         {
929             throw new UnknownEntityException("The specified role does not exist");
930         }
931     }
932 
933     /**
934      * Retrieve a Permission object with specified name.
935      *
936      * @param name the name of the Permission.
937      * @return an object representing the Permission with specified name.
938      *
939      * @exception UnknownEntityException if the permission does not
940      *            exist in the database.
941      * @exception DataBackendException if there is a problem accessing the
942      *            storage.
943      */
944     public Permission getPermission(String   name)
945         throws DataBackendException, UnknownEntityException
946     {
947         PermissionSet permissions = getAllPermissions();
948         Permission permission = permissions.getPermission(name);
949         if (permission != null)
950         {
951             return permission;
952         }
953         else
954         {
955             throw new UnknownEntityException("The specified permission does not exist");
956         }
957     }
958 
959     /**
960      * Retrieves all groups defined in the system.
961      *
962      * @return the names of all groups defined in the system.
963      * @throws DataBackendException if there was an error accessing the data backend.
964      */
965     public GroupSet getAllGroups()
966         throws DataBackendException
967     {
968         return getGroups(new Criteria());
969     }
970 
971     /**
972      * Retrieves all roles defined in the system.
973      *
974      * @return the names of all roles defined in the system.
975      * @throws DataBackendException if there was an error accessing the data backend.
976      */
977     public RoleSet getAllRoles()
978         throws DataBackendException
979     {
980         return getRoles(new Criteria());
981     }
982 
983     /**
984      * Retrieves all permissions defined in the system.
985      *
986      * @return the names of all roles defined in the system.
987      * @throws DataBackendException if there was an error accessing the data backend.
988      */
989     public PermissionSet getAllPermissions()
990         throws DataBackendException
991     {
992         return getPermissions(new Criteria());
993     }
994     
995     /**
996      * Utility method for accessing the service implementation
997      * 
998      * @return a FactoryService implementation instance
999      */
1000    protected static FactoryService getFactoryService() {
1001        try {
1002        YaafiComponentService yaafi = (YaafiComponentService) TurbineServices.getInstance().getService(
1003                YaafiComponentService.SERVICE_NAME);
1004        return (FactoryService) yaafi.lookup(FactoryService.class.getName());
1005        } catch (Exception   e) {
1006            throw new RuntimeException  ("Problem looking up Factory service", e);
1007        }
1008    }
1009}
1010
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags