DatabaseAuthorizationProvider


1   /**
2    * Copyright (c) 2003-2006, David A. Czarnecki
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions are met:
7    *
8    * Redistributions of source code must retain the above copyright notice, this list of conditions and the
9    *     following disclaimer.
10   * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the
11   *     following disclaimer in the documentation and/or other materials provided with the distribution.
12   * Neither the name of "David A. Czarnecki" and "blojsom" nor the names of its contributors may be used to
13   *     endorse or promote products derived from this software without specific prior written permission.
14   * Products derived from this software may not be called "blojsom", nor may "blojsom" appear in their name,
15   *     without prior written permission of David A. Czarnecki.
16   *
17   * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
18   * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
19   * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
20   * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
21   * EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
22   * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23   * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
24   * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25   * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
26   * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
27   * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28   * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
29   * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30   */
31  package org.blojsom.authorization.database;
32  
33  import org.apache.commons.logging.Log;
34  import org.apache.commons.logging.LogFactory;
35  import org.blojsom.ConfigurationException;
36  import org.blojsom.util.BlojsomUtils;
37  import org.blojsom.authorization.AuthorizationException;
38  import org.blojsom.authorization.AuthorizationProvider;
39  import org.blojsom.blog.Blog;
40  import org.blojsom.blog.database.DatabaseUser;
41  import org.hibernate.*;
42  import org.hibernate.criterion.Restrictions;
43  
44  import java.util.Map  ;
45  
46  /**
47   * Database authorization provider
48   *
49   * @author David Czarnecki
50   * @version $Id: DatabaseAuthorizationProvider.java,v 1.6 2006/09/26 02:55:21 czarneckid Exp $
51   * @since blojsom. 3.0
52   */
53  public class DatabaseAuthorizationProvider implements AuthorizationProvider {
54  
55      private Log _logger = LogFactory.getLog(DatabaseAuthorizationProvider.class);
56      private static final String   ALL_PERMISSIONS_PERMISSION = "all_permissions_permission";
57  
58      protected SessionFactory _sessionFactory;
59  
60      /**
61       * Create a new instance of the database authorization provider
62       */
63      public DatabaseAuthorizationProvider() {
64      }
65  
66      /**
67       * Initialization method for the authorization provider
68       *
69       * @throws org.blojsom.ConfigurationException
70       *          If there is an error initializing the provider
71       */
72      public void init() throws ConfigurationException {
73      }
74  
75      /**
76       * Set the {@link SessionFactory}
77       *
78       * @param sessionFactory {@link SessionFactory}
79       */
80      public void setSessionFactory(SessionFactory sessionFactory) {
81          _sessionFactory = sessionFactory;
82      }
83  
84      /**
85       * Authorize a username and password for the given {@link Blog}
86       *
87       * @param blog                 {@link Blog}
88       * @param authorizationContext {@link Map} to be used to provide other information for authorization. This will
89       *                             change depending on the authorization provider.
90       * @param userLogin            Username
91       * @param password             Password
92       * @throws AuthorizationException If there is an error authorizing the username and password
93       */
94      public void authorize(Blog blog, Map   authorizationContext, String   userLogin, String   password) throws AuthorizationException {
95          if (userLogin == null) {
96              throw new AuthorizationException("Username was null");
97          }
98  
99          if (password == null) {
100             throw new AuthorizationException("Password was null");
101         }
102 
103         try {
104             Session session = _sessionFactory.openSession();
105             Transaction tx = session.beginTransaction();
106 
107             Criteria userCriteria = session.createCriteria(DatabaseUser.class);
108             userCriteria.add(Restrictions.eq("userLogin", userLogin)).add(Restrictions.eq("blogId", blog.getId()));
109 
110             DatabaseUser user = (DatabaseUser) userCriteria.uniqueResult();
111 
112             if (user == null) {
113                 tx.commit();
114                 session.close();
115 
116                 throw new AuthorizationException("User login not found");
117             }
118 
119             tx.commit();
120             session.close();
121 
122             if (blog.getUseEncryptedPasswords().booleanValue()) {
123                 password = BlojsomUtils.digestString(password, blog.getDigestAlgorithm());
124             }
125 
126             if (!password.equals(user.getUserPassword())) {
127                 throw new AuthorizationException("Password authorization failure");
128             }
129         } catch (HibernateException e) {
130             if (_logger.isErrorEnabled()) {
131                 _logger.error(e);
132             }
133 
134             throw new AuthorizationException(e);
135         }
136     }
137 
138     /**
139      * Check a permission for the given {@link Blog}
140      *
141      * @param blog              {@link Blog}
142      * @param permissionContext {@link Map} to be used to provide other information for permission check. This will
143      *                          change depending on the authorization provider.
144      * @param userLogin         Username
145      * @param permission        Permission
146      * @throws AuthorizationException If there is an error checking the permission for the username and permission
147      */
148     public void checkPermission(Blog blog, Map   permissionContext, String   userLogin, String   permission) throws AuthorizationException {
149         if (userLogin == null) {
150             throw new AuthorizationException("Username was null");
151         }
152 
153         if (permission == null) {
154             throw new AuthorizationException("Password was null");
155         }
156 
157         try {
158             Session session = _sessionFactory.openSession();
159             Transaction tx = session.beginTransaction();
160 
161             Criteria userCriteria = session.createCriteria(DatabaseUser.class);
162             userCriteria.add(Restrictions.eq("userLogin", userLogin)).add(Restrictions.eq("blogId", blog.getId()));
163 
164             DatabaseUser user = (DatabaseUser) userCriteria.uniqueResult();
165 
166             tx.commit();
167             session.close();
168 
169             if (!user.getMetaData().containsKey(ALL_PERMISSIONS_PERMISSION)) {
170                 if (!user.getMetaData().containsKey(permission)) {
171                     throw new AuthorizationException("Permission authorization failure");
172                 }
173             }
174         } catch (HibernateException e) {
175             if (_logger.isErrorEnabled()) {
176                 _logger.error(e);
177             }
178 
179             throw new AuthorizationException(e);
180         }
181     }
182 }
183
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags