KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > jetspeed > services > security > turbine > TurbineRoleManagement


1 /*
2  * Copyright 2000-2004 The Apache Software Foundation.
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */

16
17 package org.apache.jetspeed.services.security.turbine;
18
19 import java.sql.Connection JavaDoc;
20 import java.util.HashMap JavaDoc;
21 import java.util.Iterator JavaDoc;
22 import java.util.List JavaDoc;
23
24 import javax.servlet.ServletConfig JavaDoc;
25
26 import org.apache.jetspeed.om.profile.Profile;
27 import org.apache.jetspeed.om.profile.ProfileException;
28 import org.apache.jetspeed.om.security.BaseJetspeedGroupRole;
29 import org.apache.jetspeed.om.security.Group;
30 import org.apache.jetspeed.om.security.GroupRole;
31 import org.apache.jetspeed.om.security.JetspeedUser;
32 import org.apache.jetspeed.om.security.Role;
33 import org.apache.jetspeed.om.security.UserNamePrincipal;
34 import org.apache.jetspeed.om.security.turbine.TurbineRole;
35 import org.apache.jetspeed.om.security.turbine.TurbineRolePeer;
36 import org.apache.jetspeed.om.security.turbine.TurbineRolePermissionPeer;
37 import org.apache.jetspeed.om.security.turbine.TurbineUserGroupRole;
38 import org.apache.jetspeed.om.security.turbine.TurbineUserGroupRolePeer;
39 import org.apache.jetspeed.services.JetspeedSecurity;
40 import org.apache.jetspeed.services.Profiler;
41 import org.apache.jetspeed.services.PsmlManager;
42 import org.apache.jetspeed.services.rundata.JetspeedRunData;
43 import org.apache.jetspeed.services.rundata.JetspeedRunDataService;
44 import org.apache.jetspeed.services.security.CachedAcl;
45 import org.apache.jetspeed.services.security.GroupManagement;
46 import org.apache.jetspeed.services.security.JetspeedSecurityCache;
47 import org.apache.jetspeed.services.security.JetspeedSecurityException;
48 import org.apache.jetspeed.services.security.JetspeedSecurityService;
49 import org.apache.jetspeed.services.security.RoleException;
50 import org.apache.jetspeed.services.security.RoleManagement;
51 import org.apache.torque.Torque;
52 import org.apache.torque.om.NumberKey;
53 import org.apache.torque.util.Criteria;
54 import org.apache.turbine.services.InitializationException;
55 import org.apache.turbine.services.TurbineBaseService;
56 import org.apache.turbine.services.TurbineServices;
57 import org.apache.turbine.services.resources.ResourceService;
58 import org.apache.turbine.services.rundata.RunDataService;
59 import org.apache.turbine.util.Log;
60
61 /**
62  * Default Jetspeed-Turbine Role Management implementation
63  *
64  *
65  * @author <a HREF="mailto:david@bluesunrise.com">David Sean Taylor</a>
66  * @author <a HREF="mailto:morciuch@apache.org">Mark Orciuch</a>
67  * @version $Id: TurbineRoleManagement.java,v 1.14 2004/02/23 03:54:49 jford Exp $
68  */

69
70 public class TurbineRoleManagement extends TurbineBaseService
71                                    implements RoleManagement
72 {
73     private JetspeedRunDataService runDataService = null;
74     private final static String JavaDoc CASCADE_DELETE = "programmatic.cascade.delete";
75     private final static boolean DEFAULT_CASCADE_DELETE = true;
76     private boolean cascadeDelete;
77     private final static String JavaDoc CACHING_ENABLE = "caching.enable";
78     private boolean cachingEnable = true;
79
80
81     ///////////////////////////////////////////////////////////////////////////
82
// Role Management Interfaces
83
///////////////////////////////////////////////////////////////////////////
84

85     /**
86      * Retrieves all <code>Role</code>s for a given username principal.
87      *
88      * The security service may optionally check the current user context
89      * to determine if the requestor has permission to perform this action.
90      *
91      * @param username a user principal identity to be retrieved.
92      * @return Iterator over all roles associated to the user principal (iterator of GroupRole objects keyed on group+role).
93      * @exception RoleException when the security provider has a general failure.
94      * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
95      */

96     public Iterator JavaDoc getRoles(String JavaDoc username)
97         throws JetspeedSecurityException
98     {
99         JetspeedUser user = null;
100         try
101         {
102             if (cachingEnable)
103             {
104                 Iterator JavaDoc result = JetspeedSecurityCache.getRoles(username);
105                 if (null != result)
106                 {
107                     return result;
108                 }
109             }
110             user = JetspeedSecurity.getUser(new UserNamePrincipal(username));
111         }
112         catch(JetspeedSecurityException e)
113         {
114             throw new RoleException("Failed to Retrieve User: ", e);
115         }
116         Criteria criteria = new Criteria();
117         criteria.add(TurbineUserGroupRolePeer.USER_ID, user.getUserId());
118         List JavaDoc rels;
119         HashMap JavaDoc roles;
120
121         try
122         {
123             rels = TurbineUserGroupRolePeer.doSelect(criteria);
124             if (rels.size() > 0)
125             {
126                 roles = new HashMap JavaDoc(rels.size());
127             }
128             else
129             {
130                 roles = new HashMap JavaDoc();
131             }
132
133             for (int ix = 0; ix < rels.size(); ix++)
134             {
135                 TurbineUserGroupRole rel = (TurbineUserGroupRole) rels.get(ix);
136                 Role role = rel.getTurbineRole();
137                 Group group = rel.getTurbineGroup();
138                 GroupRole groupRole = new BaseJetspeedGroupRole();
139                 groupRole.setGroup(group);
140                 groupRole.setRole(role);
141                 roles.put(group.getName() + role.getName(), groupRole);
142             }
143         }
144         catch(Exception JavaDoc e)
145         {
146             throw new RoleException("Failed to retrieve roles ", e);
147         }
148         return roles.values().iterator();
149     }
150
151     /**
152      * Retrieves all <code>Role</code>s.
153      *
154      * The security service may optionally check the current user context
155      * to determine if the requestor has permission to perform this action.
156      *
157      * @return Iterator over all roles.
158      * @exception RoleException when the security provider has a general failure.
159      * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
160      */

161     public Iterator JavaDoc getRoles()
162         throws JetspeedSecurityException
163     {
164         Criteria criteria = new Criteria();
165         List JavaDoc roles;
166         try
167         {
168             roles = TurbineRolePeer.doSelect(criteria);
169         }
170         catch(Exception JavaDoc e)
171         {
172             throw new RoleException("Failed to retrieve roles ", e);
173         }
174         return roles.iterator();
175     }
176
177     /**
178      * Adds a <code>Role</code> into permanent storage.
179      *
180      * The security service may optionally check the current user context
181      * to determine if the requestor has permission to perform this action.
182      *
183      * @exception RoleException when the security provider has a general failure.
184      * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
185      */

186     public void addRole(Role role)
187         throws JetspeedSecurityException
188     {
189         if(roleExists(role.getName()))
190         {
191             throw new RoleException("The role '" +
192                 role.getName() + "' already exists");
193         }
194
195         try
196         {
197             TurbineRole trole = new TurbineRole();
198             trole.setRoleName(role.getName());
199             Criteria criteria = TurbineRolePeer.buildCriteria(trole);
200             NumberKey key = (NumberKey)TurbineRolePeer.doInsert(criteria);
201             role.setId(key.toString());
202         }
203         catch(Exception JavaDoc e)
204         {
205             throw new RoleException("Failed to create role '" +
206                 role.getName() + "'", e);
207         }
208
209         if (cachingEnable)
210         {
211             JetspeedSecurityCache.addRole(role);
212         }
213
214         try
215         {
216             addDefaultRolePSML(role);
217         }
218         catch (Exception JavaDoc e)
219         {
220             try
221             {
222                 removeRole(role.getName());
223             }
224             catch (Exception JavaDoc e2)
225             {
226             }
227             throw new RoleException("failed to add default PSML for Role resource", e);
228         }
229
230     }
231
232     protected void addDefaultRolePSML(Role role)
233         throws RoleException
234     {
235         try
236         {
237             JetspeedRunDataService runDataService =
238                (JetspeedRunDataService)TurbineServices.getInstance()
239                    .getService(RunDataService.SERVICE_NAME);
240             JetspeedRunData rundata = runDataService.getCurrentRunData();
241             Profile profile = Profiler.createProfile();
242             profile.setRole(role);
243             profile.setMediaType("html");
244             Profiler.createProfile(rundata, profile);
245         }
246         catch (ProfileException e)
247         {
248             try
249             {
250                 removeRole(role.getName());
251             }
252             catch(Exception JavaDoc e2)
253             {
254             }
255             throw new RoleException("Failed to create Role PSML", e);
256         }
257     }
258
259     /**
260      * Saves a <code>Role</code> into permanent storage.
261      *
262      * The security service can throw a <code>NotUniqueEntityException</code> when the public
263      * credentials fail to meet the security provider-specific unique constraints.
264      * The security service may optionally check the current user context
265      * to determine if the requestor has permission to perform this action.
266      *
267      * @exception RoleException when the security provider has a general failure.
268      * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
269      */

270     public void saveRole(Role role)
271         throws JetspeedSecurityException
272     {
273         if(!roleExists(role.getName()))
274         {
275             throw new RoleException("The role '" +
276                 role.getName() + "' doesn't exists");
277         }
278
279         try
280         {
281             if (role instanceof TurbineRole)
282             {
283                 TurbineRolePeer.doUpdate((TurbineRole)role);
284             }
285             else
286             {
287                 throw new RoleException("TurbineRoleManagment: Role is not a Turbine role, cannot update");
288             }
289
290         }
291         catch(Exception JavaDoc e)
292         {
293             throw new RoleException("Failed to create role '" +
294                 role.getName() + "'", e);
295         }
296
297     }
298
299     /**
300      * Removes a <code>Role</code> from the permanent store.
301      *
302      * The security service may optionally check the current user context
303      * to determine if the requestor has permission to perform this action.
304      *
305      * @param rolename the principal identity of the role to be retrieved.
306      * @exception RoleException when the security provider has a general failure.
307      * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
308      */

309     public void removeRole(String JavaDoc rolename)
310         throws JetspeedSecurityException
311     {
312         Connection JavaDoc conn = null;
313         try
314         {
315             conn = Torque.getConnection();
316             Role role = this.getRole(rolename);
317
318             Criteria criteria = new Criteria();
319             criteria.add(TurbineRolePeer.ROLE_NAME, rolename);
320
321             if(cascadeDelete)
322             {
323                 // CASCADE TURBINE_USER_GROUP_ROLE, TURBINE_ROLE_PERMISSION
324
Criteria criteria1 = new Criteria();
325                 criteria1.add(TurbineUserGroupRolePeer.ROLE_ID, role.getId());
326                 TurbineUserGroupRolePeer.doDelete(criteria1, conn);
327
328                 Criteria criteria2 = new Criteria();
329                 criteria2.add(TurbineRolePermissionPeer.ROLE_ID, role.getId());
330                 TurbineRolePermissionPeer.doDelete(criteria2, conn);
331             }
332
333             TurbineRolePeer.doDelete(criteria, conn);
334             PsmlManager.removeRoleDocuments(role);
335
336             conn.commit();
337
338             if (cachingEnable)
339             {
340                 JetspeedSecurityCache.removeAllRoles(rolename);
341             }
342         }
343         catch(Exception JavaDoc e)
344         {
345             try
346             {
347                 conn.rollback();
348             }
349             catch (java.sql.SQLException JavaDoc sqle)
350             {
351                 Log.error(sqle);
352             }
353             throw new RoleException("Failed to remove role '" +
354                 rolename + "'", e);
355         }
356         finally
357         {
358             try
359             {
360                 Torque.closeConnection(conn);
361             }
362             catch (Exception JavaDoc e){}
363         }
364
365     }
366
367     /**
368      * Grants a role to a user.
369      *
370      * The security service may optionally check the current user context
371      * to determine if the requestor has permission to perform this action.
372      *
373      * @exception RoleException when the security provider has a general failure retrieving users.
374      * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
375      */

376     public void grantRole(String JavaDoc username, String JavaDoc rolename)
377         throws JetspeedSecurityException
378     {
379         grantRole(username, rolename, GroupManagement.DEFAULT_GROUP_NAME);
380     }
381     public void grantRole(String JavaDoc username, String JavaDoc rolename, String JavaDoc groupname)
382         throws JetspeedSecurityException
383     {
384         try
385         {
386             JetspeedUser user = JetspeedSecurity.getUser(username);
387             Role role = this.getRole(rolename);
388             Group group = JetspeedSecurity.getGroup(groupname);
389
390             Criteria criteria = new Criteria();
391             criteria.add(TurbineUserGroupRolePeer.USER_ID, user.getUserId());
392             criteria.add(TurbineUserGroupRolePeer.GROUP_ID, group.getId());
393             criteria.add(TurbineUserGroupRolePeer.ROLE_ID, role.getId());
394             TurbineUserGroupRolePeer.doInsert(criteria);
395
396             if (cachingEnable)
397             {
398                 JetspeedSecurityCache.addRole(username, role, group);
399             }
400         }
401         catch(Exception JavaDoc e)
402         {
403             throw new RoleException("Grant role '" + rolename + "' to user '" + username + "' failed: ", e);
404         }
405     }
406
407     /**
408      * Revokes a role from a user.
409      *
410      * The security service may optionally check the current user context
411      * to determine if the requestor has permission to perform this action.
412      *
413      * @exception RoleException when the security provider has a general failure retrieving users.
414      * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
415      */

416     public void revokeRole(String JavaDoc username, String JavaDoc rolename)
417         throws JetspeedSecurityException
418     {
419         revokeRole(username, rolename, GroupManagement.DEFAULT_GROUP_NAME);
420     }
421
422     public void revokeRole(String JavaDoc username, String JavaDoc rolename, String JavaDoc groupname)
423         throws JetspeedSecurityException
424     {
425         try
426         {
427             JetspeedUser user = JetspeedSecurity.getUser(username);
428             Role role = this.getRole(rolename);
429             Group group = JetspeedSecurity.getGroup(groupname);
430
431             Criteria criteria = new Criteria();
432             criteria.add(TurbineUserGroupRolePeer.USER_ID, user.getUserId());
433             criteria.add(TurbineUserGroupRolePeer.GROUP_ID, group.getId());
434             criteria.add(TurbineUserGroupRolePeer.ROLE_ID, role.getId());
435             TurbineUserGroupRolePeer.doDelete(criteria);
436
437             if (cachingEnable)
438             {
439                 JetspeedSecurityCache.removeRole(username, rolename, groupname);
440             }
441
442         }
443         catch(Exception JavaDoc e)
444         {
445             throw new RoleException("Revoke role '" + rolename + "' to user '" + username + "' failed: ", e);
446         }
447
448     }
449
450     /**
451      * Checks for the relationship of user has a role. Returns true when the user has the given role.
452      *
453      * The security service may optionally check the current user context
454      * to determine if the requestor has permission to perform this action.
455      *
456      * @exception RoleException when the security provider has a general failure retrieving users.
457      * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
458      */

459     public boolean hasRole(String JavaDoc username, String JavaDoc rolename)
460         throws JetspeedSecurityException
461     {
462         return hasRole(username, rolename, GroupManagement.DEFAULT_GROUP_NAME);
463     }
464     
465     public boolean hasRole(String JavaDoc username, String JavaDoc rolename, String JavaDoc groupname)
466         throws JetspeedSecurityException
467     {
468         List JavaDoc roles;
469
470         try
471         {
472             if (cachingEnable)
473             {
474                 CachedAcl acl = JetspeedSecurityCache.getAcl(username);
475                 if (null != acl)
476                 {
477                     return acl.hasRole(rolename, groupname);
478                 }
479             }
480             JetspeedUser user = JetspeedSecurity.getUser(username);
481             Role role = this.getRole(rolename);
482             Group group = JetspeedSecurity.getGroup(groupname);
483
484             Criteria criteria = new Criteria();
485             criteria.add(TurbineUserGroupRolePeer.USER_ID, user.getUserId());
486             criteria.add(TurbineUserGroupRolePeer.GROUP_ID, group.getId());
487             criteria.add(TurbineUserGroupRolePeer.ROLE_ID, role.getId());
488             roles = TurbineUserGroupRolePeer.doSelect(criteria);
489
490         }
491         catch(Exception JavaDoc e)
492         {
493             throw new RoleException("Failed to check role '" +
494                 rolename + "'", e);
495         }
496         return ( roles.size() > 0 );
497     }
498
499
500     /**
501      * Retrieves a single <code>Role</code> for a given rolename principal.
502      *
503      * The security service may optionally check the current user context
504      * to determine if the requestor has permission to perform this action.
505      *
506      * @param rolename a role principal identity to be retrieved.
507      * @return Role the role record retrieved.
508      * @exception RoleException when the security provider has a general failure.
509      * @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
510      */

511     public Role getRole(String JavaDoc rolename)
512         throws JetspeedSecurityException
513     {
514         List JavaDoc roles;
515         try
516         {
517             Criteria criteria = new Criteria();
518             criteria.add(TurbineRolePeer.ROLE_NAME, rolename);
519             roles = TurbineRolePeer.doSelect(criteria);
520         }
521         catch(Exception JavaDoc e)
522         {
523             throw new RoleException("Failed to retrieve role '" +
524                 rolename + "'", e);
525         }
526         if ( roles.size() > 1 )
527         {
528             throw new RoleException(
529                 "Multiple Roles with same rolename '" + rolename + "'");
530         }
531         if ( roles.size() == 1 )
532         {
533             TurbineRole role = (TurbineRole)roles.get(0);
534             return role;
535         }
536         throw new RoleException("Unknown role '" + rolename + "'");
537
538     }
539
540
541     ///////////////////////////////////////////////////////////////////////////
542
// Internal
543
///////////////////////////////////////////////////////////////////////////
544

545     protected JetspeedRunData getRunData()
546      {
547          JetspeedRunData rundata = null;
548          if (this.runDataService != null)
549          {
550              rundata = this.runDataService.getCurrentRunData();
551          }
552          return rundata;
553      }
554
555     /**
556      * Check whether a specified role exists.
557      *
558      * The login name is used for looking up the account.
559      *
560      * @param roleName the name of the role to check for existence.
561      * @return true if the specified account exists
562      * @throws RoleException if there was a general db access error
563      *
564      */

565     protected boolean roleExists(String JavaDoc roleName)
566         throws RoleException
567     {
568         Criteria criteria = new Criteria();
569         criteria.add(TurbineRolePeer.ROLE_NAME, roleName);
570         List JavaDoc roles;
571         try
572         {
573             roles = TurbineRolePeer.doSelect(criteria);
574         }
575         catch(Exception JavaDoc e)
576         {
577             throw new RoleException(
578                 "Failed to check account's presence", e);
579         }
580         if (roles.size() < 1)
581         {
582             return false;
583         }
584         return true;
585     }
586
587     ///////////////////////////////////////////////////////////////////////////
588
// Service Init
589
///////////////////////////////////////////////////////////////////////////
590

591
592     /**
593      * This is the early initialization method called by the
594      * Turbine <code>Service</code> framework
595      * @param conf The <code>ServletConfig</code>
596      * @exception throws a <code>InitializationException</code> if the service
597      * fails to initialize
598      */

599     public synchronized void init(ServletConfig JavaDoc conf)
600         throws InitializationException
601     {
602         if (getInit()) return;
603
604         super.init(conf);
605
606         // get configuration parameters from Jetspeed Resources
607
ResourceService serviceConf = ((TurbineServices)TurbineServices.getInstance())
608                                                      .getResources(JetspeedSecurityService.SERVICE_NAME);
609
610         this.runDataService =
611            (JetspeedRunDataService)TurbineServices.getInstance()
612                .getService(RunDataService.SERVICE_NAME);
613
614         cascadeDelete = serviceConf.getBoolean( CASCADE_DELETE, DEFAULT_CASCADE_DELETE );
615         cachingEnable = serviceConf.getBoolean( CACHING_ENABLE, cachingEnable );
616
617         setInit(true);
618      }
619
620
621
622 }
623
624
625
Popular Tags