KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > jetspeed > modules > actions > portlets > SecurityUpdateAction


1 /*
2  * Copyright 2000-2004 The Apache Software Foundation.
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16
17 package org.apache.jetspeed.modules.actions.portlets;
18
19 import java.util.ArrayList JavaDoc;
20 import java.util.Iterator JavaDoc;
21 import java.util.Vector JavaDoc;
22
23 import org.apache.jetspeed.modules.actions.portlets.security.SecurityConstants;
24 import org.apache.jetspeed.om.registry.SecurityAccess;
25 import org.apache.jetspeed.om.registry.SecurityAllow;
26 import org.apache.jetspeed.om.registry.base.BaseSecurityAccess;
27 import org.apache.jetspeed.om.registry.base.BaseSecurityAllow;
28 import org.apache.jetspeed.om.registry.base.BaseSecurityAllowOwner;
29 import org.apache.jetspeed.om.registry.base.BaseSecurityEntry;
30 import org.apache.jetspeed.portal.portlets.VelocityPortlet;
31 import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
32 import org.apache.jetspeed.services.logging.JetspeedLogger;
33 import org.apache.jetspeed.services.JetspeedSecurity;
34 import org.apache.jetspeed.services.Registry;
35 import org.apache.turbine.util.DynamicURI;
36 import org.apache.turbine.util.RunData;
37 import org.apache.velocity.context.Context;
38
39 /**
40  * This action sets up the template context for managing of security entries in the Turbine database.
41  *
42  * @author <a HREF="mailto:jford@apache.org">Jeremy Ford</a>
43  * @author <a HREF="mailto:morciuch@apache.org">Mark Orciuch</a>
44  * @version $Id: $
45  */
46 public class SecurityUpdateAction extends RegistryUpdateAction
47 {
48     private static final String JavaDoc SECURITY_UPDATE_PANE = "security-form";
49
50     /**
51      * Static initialization of the logger for this class
52      */
53     private static final JetspeedLogger logger = JetspeedLogFactoryService.getLogger(SecurityUpdateAction.class.getName());
54     
55     public SecurityUpdateAction()
56     {
57         registryEntryName = "security_name";
58         registry = Registry.SECURITY;
59         pane = SECURITY_UPDATE_PANE;
60     }
61
62     /**
63      * @see org.apache.jetspeed.modules.actions.portlets.VelocityPortletAction#buildNormalContext(VelocityPortlet, Context, RunData)
64      */
65     protected void buildNormalContext(
66         VelocityPortlet portlet,
67         Context context,
68         RunData rundata)
69         throws Exception JavaDoc
70     {
71         String JavaDoc mode =
72             rundata.getParameters().getString(SecurityConstants.PARAM_MODE);
73         context.put(SecurityConstants.PARAM_MODE, mode);
74
75         String JavaDoc msgid =
76             rundata.getParameters().getString(SecurityConstants.PARAM_MSGID);
77         if (msgid != null)
78         {
79             int id = Integer.parseInt(msgid);
80             if (id < SecurityConstants.MESSAGES.length)
81             {
82                 context.put(
83                     SecurityConstants.PARAM_MSG,
84                     SecurityConstants.MESSAGES[id]);
85             }
86         }
87
88         if (mode != null
89             && (mode.equals(SecurityConstants.PARAM_MODE_DELETE)
90                 || mode.equals(SecurityConstants.PARAM_MODE_UPDATE)))
91         {
92             String JavaDoc securityName =
93                 rundata.getParameters().getString("security_name");
94             BaseSecurityEntry securityEntry =
95                 (BaseSecurityEntry) Registry.getEntry(
96                     Registry.SECURITY,
97                     securityName);
98
99             String JavaDoc subMode = rundata.getParameters().getString("subMode");
100             if (subMode != null)
101             {
102                 context.put("subMode", subMode);
103                 int accessIndex =
104                     rundata.getParameters().getInt("access_index", -1);
105                 if (accessIndex != -1)
106                 {
107                     context.put("accessIndex", new Integer JavaDoc(accessIndex));
108                     accessIndex--;
109                     BaseSecurityAccess securityAccess =
110                         (BaseSecurityAccess) securityEntry.getAccesses().get(
111                             accessIndex);
112                     context.put("securityAccess", securityAccess);
113                 }
114             }
115
116             Iterator JavaDoc permissionIter = JetspeedSecurity.getPermissions();
117             Iterator JavaDoc userIter = JetspeedSecurity.getUsers();
118             Iterator JavaDoc roleIter = JetspeedSecurity.getRoles();
119             Iterator JavaDoc groupIter = JetspeedSecurity.getGroups();
120
121             context.put("permissions", iteratorToCollection(permissionIter));
122             context.put("users", iteratorToCollection(userIter));
123             context.put("roles", iteratorToCollection(roleIter));
124             context.put("groups", iteratorToCollection(groupIter));
125
126             context.put("entry", securityEntry);
127         }
128
129         if (mode != null && (mode.equals(SecurityConstants.PARAM_MODE_INSERT)))
130         {
131             Iterator JavaDoc permissionIter = JetspeedSecurity.getPermissions();
132             context.put("permissions", permissionIter);
133         }
134     }
135
136     /**
137      * Update a security entry in the registry
138      * @param rundata The turbine rundata context for this request.
139      * @param context The velocity context for this request.
140      * @throws Exception
141      */
142     public void doAddaccess(RunData rundata, Context context) throws Exception JavaDoc
143     {
144         try
145         {
146             String JavaDoc securityName =
147                 rundata.getParameters().getString("security_name");
148             BaseSecurityEntry securityEntry =
149                 (BaseSecurityEntry) Registry.getEntry(
150                     Registry.SECURITY,
151                     securityName);
152
153             if (securityEntry != null)
154             {
155                 String JavaDoc action =
156                     rundata.getParameters().getString("access_action");
157
158                 if (action != null && action.length() > 0)
159                 {
160                     BaseSecurityAccess securityAccess =
161                         new BaseSecurityAccess();
162                     securityAccess.setAction(action);
163
164                     addAllow(rundata, securityAccess);
165
166                     Vector JavaDoc accesses = securityEntry.getAccesses();
167                     accesses.add(securityAccess);
168                     securityEntry.setAccesses(accesses);
169
170                     Registry.addEntry(Registry.SECURITY, securityEntry);
171                     clearUserData(rundata);
172                 }
173                 else
174                 {
175                     
176                     DynamicURI duri = redirect(rundata, SecurityConstants.PARAM_MODE_UPDATE, SecurityConstants.MID_MISSING_PARAMETER);
177                     rundata.setRedirectURI(duri.toString());
178                     resetForm(rundata);
179                 }
180             }
181             else
182             {
183                 DynamicURI duri = redirect(rundata, SecurityConstants.PARAM_MODE_UPDATE, SecurityConstants.MID_INVALID_ENTITY_NAME);
184                 rundata.setRedirectURI(duri.toString());
185                 resetForm(rundata);
186                 
187                 logger.error("Failed to find registry entry while trying to add accesses");
188             }
189         }
190         catch (Exception JavaDoc e)
191         {
192             DynamicURI duri = redirect(rundata, SecurityConstants.PARAM_MODE_UPDATE, SecurityConstants.MID_UPDATE_FAILED);
193             rundata.setRedirectURI(duri.toString());
194             resetForm(rundata);
195             
196             logger.error("Exception", e);
197         }
198     }
199
200     /**
201      * Update a security entry in the registry
202      * @param rundata The turbine rundata context for this request.
203      * @param context The velocity context for this request.
204      * @throws Exception
205      */
206     public void doUpdateaccess(RunData rundata, Context context)
207         throws Exception JavaDoc
208     {
209         try
210         {
211             String JavaDoc securityName =
212                 rundata.getParameters().getString("security_name");
213             BaseSecurityEntry securityEntry =
214                 (BaseSecurityEntry) Registry.getEntry(
215                     Registry.SECURITY,
216                     securityName);
217             if (securityEntry != null)
218             {
219                 int accessIndex =
220                     rundata.getParameters().getInt("access_index", -1);
221                 accessIndex--;
222                 String JavaDoc action =
223                     rundata.getParameters().getString("access_action");
224
225                 if (accessIndex >= 0
226                     && accessIndex < securityEntry.getAccesses().size())
227                 {
228                     BaseSecurityAccess securityAccess =
229                         (BaseSecurityAccess) securityEntry.getAccesses().get(
230                             accessIndex);
231                     securityAccess.setAction(action);
232
233                     Registry.addEntry(Registry.SECURITY, securityEntry);
234                     clearUserData(rundata);
235                 }
236             }
237             else
238             {
239                 DynamicURI duri = redirect(rundata, SecurityConstants.PARAM_MODE_UPDATE, SecurityConstants.MID_INVALID_ENTITY_NAME);
240                 rundata.setRedirectURI(duri.toString());
241                 resetForm(rundata);
242
243                 logger.error("Failed to find registry entry while trying to update accesses");
244             }
245         }
246         catch (Exception JavaDoc e)
247         {
248             DynamicURI duri = redirect(rundata, SecurityConstants.PARAM_MODE_UPDATE, SecurityConstants.MID_UPDATE_FAILED);
249             rundata.setRedirectURI(duri.toString());
250             resetForm(rundata);
251
252             logger.error("Exception", e);
253         }
254     }
255
256     /**
257      * Remove a access entry from a security entry in the registry
258      * @param rundata The turbine rundata context for this request.
259      * @param context The velocity context for this request.
260      * @throws Exception
261      */
262     public void doRemoveaccess(RunData rundata, Context context)
263         throws Exception JavaDoc
264     {
265         try
266         {
267             String JavaDoc securityName =
268                 rundata.getParameters().getString("security_name");
269             BaseSecurityEntry securityEntry =
270                 (BaseSecurityEntry) Registry.getEntry(
271                     Registry.SECURITY,
272                     securityName);
273             if (securityEntry != null)
274             {
275                 int[] accessIndexes =
276                     rundata.getParameters().getInts("access_index");
277
278                 if (accessIndexes != null && accessIndexes.length > 0)
279                 {
280                     ArrayList JavaDoc deleteList = new ArrayList JavaDoc();
281
282                     for (int i = 0; i < accessIndexes.length; i++)
283                     {
284                         int accessIndex = accessIndexes[i];
285                         accessIndex--;
286
287                         if (accessIndex >= 0
288                             && accessIndex < securityEntry.getAccesses().size())
289                         {
290                             deleteList.add(
291                                 securityEntry.getAccesses().get(accessIndex));
292                         }
293                         else
294                         {
295                             logger.error(
296                                 "Access Index: " + i + " is out of range");
297                         }
298                     }
299
300
301                     Vector JavaDoc accesses = securityEntry.getAccesses();
302                     Iterator JavaDoc deleteIter = deleteList.iterator();
303                     while (deleteIter.hasNext())
304                     {
305                         SecurityAccess sa = (SecurityAccess) deleteIter.next();
306                         accesses.remove(sa);
307                     }
308                     
309                     securityEntry.setAccesses(accesses);
310
311                     Registry.addEntry(Registry.SECURITY, securityEntry);
312                     clearUserData(rundata);
313                 }
314                 else
315                 {
316                     DynamicURI duri =
317                         redirect(rundata, SecurityConstants.PARAM_MODE_UPDATE, SecurityConstants.MID_MISSING_PARAMETER);
318                     rundata.setRedirectURI(duri.toString());
319                     resetForm(rundata);
320                 }
321             }
322             else
323             {
324                 DynamicURI duri = redirect(rundata, SecurityConstants.PARAM_MODE_UPDATE, SecurityConstants.MID_INVALID_ENTITY_NAME);
325                 rundata.setRedirectURI(duri.toString());
326                 resetForm(rundata);
327                 
328                 logger.error("Failed to find registry entry while trying to remove accesses");
329             }
330         }
331         catch (Exception JavaDoc e)
332         {
333             DynamicURI duri = redirect(rundata, SecurityConstants.PARAM_MODE_UPDATE, SecurityConstants.MID_DELETE_FAILED);
334             rundata.setRedirectURI(duri.toString());
335             resetForm(rundata);
336             
337             logger.error("Exception", e);
338         }
339     }
340
341     /**
342      * Update a security entry in the registry
343      * @param rundata The turbine rundata context for this request.
344      * @param context The velocity context for this request.
345      * @throws Exception
346      */
347     public void doAddallow(RunData rundata, Context context) throws Exception JavaDoc
348     {
349         try
350         {
351             String JavaDoc securityName =
352                 rundata.getParameters().getString("security_name");
353             BaseSecurityEntry securityEntry =
354                 (BaseSecurityEntry) Registry.getEntry(
355                     Registry.SECURITY,
356                     securityName);
357             if (securityEntry != null)
358             {
359                 int accessIndex =
360                     rundata.getParameters().getInt("access_index", -1);
361                 accessIndex--;
362
363                 if (accessIndex >= 0
364                     && accessIndex < securityEntry.getAccesses().size())
365                 {
366                     BaseSecurityAccess securityAccess =
367                         (BaseSecurityAccess) securityEntry.getAccesses().get(
368                             accessIndex);
369                     addAllow(rundata, securityAccess);
370                     Registry.addEntry(Registry.SECURITY, securityEntry);
371                     clearUserData(rundata);
372                 }
373                 else
374                 {
375                     DynamicURI duri = redirect(rundata, SecurityConstants.PARAM_MODE_UPDATE, SecurityConstants.MID_MISSING_PARAMETER);
376                     rundata.setRedirectURI(duri.toString());
377                     resetForm(rundata);
378                 }
379             }
380             else
381             {
382                 DynamicURI duri = redirect(rundata, SecurityConstants.PARAM_MODE_UPDATE, SecurityConstants.MID_INVALID_ENTITY_NAME);
383                 rundata.setRedirectURI(duri.toString());
384                 resetForm(rundata);
385                 
386                 logger.error("Failed to find registry entry while trying to add allow");
387             }
388         }
389         catch (Exception JavaDoc e)
390         {
391             DynamicURI duri = redirect(rundata, SecurityConstants.PARAM_MODE_UPDATE, SecurityConstants.MID_UPDATE_FAILED);
392             rundata.setRedirectURI(duri.toString());
393             resetForm(rundata);
394             
395             logger.error("Exception", e);
396         }
397     }
398
399     /**
400      * Update a security entry in the registry
401      * @param rundata The turbine rundata context for this request.
402      * @param context The velocity context for this request.
403      * @throws Exception
404      */
405     public void doRemoveallow(RunData rundata, Context context)
406         throws Exception JavaDoc
407     {
408         try
409         {
410             String JavaDoc securityName =
411                 rundata.getParameters().getString("security_name");
412             BaseSecurityEntry securityEntry =
413                 (BaseSecurityEntry) Registry.getEntry(
414                     Registry.SECURITY,
415                     securityName);
416             if (securityEntry != null)
417             {
418                 int accessIndex =
419                     rundata.getParameters().getInt("access_index", -1);
420                 accessIndex--;
421
422                 if (accessIndex >= 0
423                     && accessIndex < securityEntry.getAccesses().size())
424                 {
425                     BaseSecurityAccess securityAccess =
426                         (BaseSecurityAccess) securityEntry.getAccesses().get(
427                             accessIndex);
428
429                     String JavaDoc allowType =
430                         rundata.getParameters().getString(
431                             "allow_type",
432                             "allows");
433                     int[] allowIndexes =
434                         rundata.getParameters().getInts("allow_index");
435
436                     if (allowIndexes != null && allowIndexes.length > 0)
437                     {
438                         for (int i = 0; i < allowIndexes.length; i++)
439                         {
440                             int allowIndex = allowIndexes[i];
441                             allowIndex--;
442
443                             if (allowIndex >= 0)
444                             {
445                                 //TODO: more validation
446 if (allowType.equals("owner"))
447                                 {
448                                     securityAccess.getOwnerAllows().remove(
449                                         allowIndex);
450                                 }
451                                 else
452                                 {
453                                     securityAccess.getAllows().remove(
454                                         allowIndex);
455                                 }
456
457                                 Registry.addEntry(
458                                     Registry.SECURITY,
459                                     securityEntry);
460                                 clearUserData(rundata);
461                             }
462                             else
463                             {
464                                 logger.error(
465                                     "Allow Index: "
466                                         + allowIndex
467                                         + " is out of range.");
468                             }
469                         }
470                     }
471                     else
472                     {
473                         DynamicURI duri = redirect(rundata, SecurityConstants.PARAM_MODE_UPDATE, SecurityConstants.MID_MISSING_PARAMETER);
474                         rundata.setRedirectURI(duri.toString());
475                         resetForm(rundata);
476                     }
477                 }
478                 else
479                 {
480                     DynamicURI duri = redirect(rundata, SecurityConstants.PARAM_MODE_UPDATE, SecurityConstants.MID_MISSING_PARAMETER);
481                     rundata.setRedirectURI(duri.toString());
482                     resetForm(rundata);
483                 }
484             }
485             else
486             {
487                 DynamicURI duri = redirect(rundata, SecurityConstants.PARAM_MODE_UPDATE, SecurityConstants.MID_INVALID_ENTITY_NAME);
488                 rundata.setRedirectURI(duri.toString());
489                 resetForm(rundata);
490                 
491                 logger.error("Failed to find registry entry while trying to remove allow");
492             }
493         }
494         catch (Exception JavaDoc e)
495         {
496             DynamicURI duri = redirect(rundata, SecurityConstants.PARAM_MODE_UPDATE, SecurityConstants.MID_DELETE_FAILED);
497             rundata.setRedirectURI(duri.toString());
498             resetForm(rundata);
499             
500             logger.error("Exception", e);
501         }
502     }
503
504     private void addAllow(RunData rundata, BaseSecurityAccess securityAccess)
505     {
506         String JavaDoc allowType = rundata.getParameters().getString("allow_type");
507         String JavaDoc allowValue = rundata.getParameters().getString("allow_value");
508         String JavaDoc allowValue2 = rundata.getParameters().getString("allow_value2");
509
510         SecurityAllow allow = null;
511         if (allowType.equals("user"))
512         {
513             allow = new BaseSecurityAllow();
514             allow.setUser(allowValue);
515             securityAccess.getAllows().add(allow);
516         }
517         else if (allowType.equals("role"))
518         {
519             allow = new BaseSecurityAllow();
520             allow.setRole(allowValue);
521
522             securityAccess.getAllows().add(allow);
523         }
524         else if (allowType.equals("group"))
525         {
526             allow = new BaseSecurityAllow();
527             allow.setGroup(allowValue);
528
529             securityAccess.getAllows().add(allow);
530         }
531         else if (allowType.equals("groupRole"))
532         {
533             allow = new BaseSecurityAllow();
534             allow.setGroup(allowValue);
535             allow.setRole(allowValue2);
536
537             securityAccess.getAllows().add(allow);
538         }
539         else if (allowType.equals("owner"))
540         {
541             allow = new BaseSecurityAllowOwner();
542             allow.setOwner(true);
543
544             securityAccess.getOwnerAllows().add(allow);
545         }
546         else
547         {
548             //throw exception?
549 }
550     }
551
552     /**
553      * Clears the temporary storage of any data that was used
554      * @param rundata
555      */
556     protected void clearUserData(RunData rundata)
557     {
558         try
559         {
560             super.clearUserData(rundata);
561
562             rundata.getUser().removeTemp("security_name");
563             rundata.getUser().removeTemp("allow_type");
564             rundata.getUser().removeTemp("allow_value");
565             rundata.getUser().removeTemp("access_index");
566             rundata.getUser().removeTemp("access_action");
567         }
568         catch (Exception JavaDoc e)
569         {
570             if (logger.isDebugEnabled())
571             {
572                 logger.debug("SecurityUpdateAction: Failed to clear user data");
573             }
574         }
575     }
576
577     /**
578      * Populates the user's temp storage with form data
579      * @param rundata The turbine rundata context for this request.
580      */
581     protected void resetForm(RunData rundata)
582     {
583         String JavaDoc securityName =
584             rundata.getParameters().getString("security_name");
585         String JavaDoc allowType = rundata.getParameters().getString("allow_type");
586         String JavaDoc allowValue = rundata.getParameters().getString("allow_value");
587         String JavaDoc accessIndex = rundata.getParameters().getString("access_index");
588         String JavaDoc accessAction =
589             rundata.getParameters().getString("access_action");
590
591         rundata.getUser().setTemp("security_name", securityName);
592         rundata.getUser().setTemp("allow_type", allowType);
593         rundata.getUser().setTemp("allow_value", allowValue);
594         rundata.getUser().setTemp("access_index", accessIndex);
595         rundata.getUser().setTemp("access_action", accessAction);
596     }
597 }
598
Popular Tags