KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > opencrx > kernel > layer > application > Admin


1 /*
2  * ====================================================================
3  * Project: opencrx, http://www.opencrx.org/
4  * Name: $Id: Admin.java,v 1.28 2006/04/02 00:34:52 wfro Exp $
5  * Description: openCRX application plugin
6  * Revision: $Revision: 1.28 $
7  * Owner: CRIXP AG, Switzerland, http://www.crixp.com
8  * Date: $Date: 2006/04/02 00:34:52 $
9  * ====================================================================
10  *
11  * This software is published under the BSD license
12  * as listed below.
13  *
14  * Copyright (c) 2004-2005, CRIXP Corp., Switzerland
15  * All rights reserved.
16  *
17  * Redistribution and use in source and binary forms, with or without
18  * modification, are permitted provided that the following conditions
19  * are met:
20  *
21  * * Redistributions of source code must retain the above copyright
22  * notice, this list of conditions and the following disclaimer.
23  *
24  * * Redistributions in binary form must reproduce the above copyright
25  * notice, this list of conditions and the following disclaimer in
26  * the documentation and/or other materials provided with the
27  * distribution.
28  *
29  * * Neither the name of CRIXP Corp. nor the names of the contributors
30  * to openCRX may be used to endorse or promote products derived
31  * from this software without specific prior written permission
32  *
33  *
34  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
35  * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
36  * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
37  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
38  * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
39  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
40  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
41  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
42  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
43  * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
44  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
45  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
46  * POSSIBILITY OF SUCH DAMAGE.
47  *
48  * ------------------
49  *
50  * This product includes software developed by the Apache Software
51  * Foundation (http://www.apache.org/).
52  *
53  * This product includes software developed by contributors to
54  * openMDX (http://www.openmdx.org/)
55  */

56
57 package org.opencrx.kernel.layer.application;
58
59 import java.io.BufferedReader JavaDoc;
60 import java.io.ByteArrayInputStream JavaDoc;
61 import java.io.IOException JavaDoc;
62 import java.io.InputStreamReader JavaDoc;
63 import java.util.Arrays JavaDoc;
64 import java.util.List JavaDoc;
65 import java.util.StringTokenizer JavaDoc;
66
67 import org.opencrx.kernel.account1.cci.Contact;
68 import org.opencrx.kernel.generic.SecurityKeys;
69 import org.opencrx.kernel.home1.cci.CreateUserParams;
70 import org.openmdx.application.log.AppLog;
71 import org.openmdx.base.exception.ServiceException;
72 import org.openmdx.compatibility.base.dataprovider.cci.AttributeSelectors;
73 import org.openmdx.compatibility.base.dataprovider.cci.AttributeSpecifier;
74 import org.openmdx.compatibility.base.dataprovider.cci.DataproviderObject;
75 import org.openmdx.compatibility.base.dataprovider.cci.DataproviderObject_1_0;
76 import org.openmdx.compatibility.base.dataprovider.cci.RequestCollection;
77 import org.openmdx.compatibility.base.dataprovider.cci.SystemAttributes;
78 import org.openmdx.compatibility.base.naming.Path;
79 import org.openmdx.compatibility.base.query.FilterOperators;
80 import org.openmdx.compatibility.base.query.FilterProperty;
81 import org.openmdx.compatibility.base.query.Quantors;
82
83 public class Admin {
84
85     //-----------------------------------------------------------------------
86
public Admin(
87         OpenCrxKernel_1 plugin,
88         RequestCollection delegation,
89         String JavaDoc passwordEncodingAlgorithm
90     ) {
91         this.plugin = plugin;
92         this.delegation = delegation;
93         this.passwordEncodingAlgorithm = passwordEncodingAlgorithm;
94     }
95             
96     //-----------------------------------------------------------------------
97
private DataproviderObject_1_0 createSegment(
98         String JavaDoc qualifiedModelName,
99         String JavaDoc providerName,
100         String JavaDoc segmentName,
101         boolean isSecureObject,
102         Path groupAdminIdentity,
103         Path groupAdmininstratorsIdentity,
104         List JavaDoc errors
105     ) {
106         Path segmentIdentity = new Path("xri:@openmdx:" + qualifiedModelName.replace(':', '.') + "/provider");
107         segmentIdentity = segmentIdentity.getDescendant(new String JavaDoc[]{providerName, "segment", segmentName});
108         DataproviderObject_1_0 segment = null;
109         try {
110             segment = this.delegation.addGetRequest(
111                 segmentIdentity,
112                 AttributeSelectors.ALL_ATTRIBUTES,
113                 new AttributeSpecifier[]{}
114             );
115         }
116         catch(Exception JavaDoc e) {
117             DataproviderObject newSegment = new DataproviderObject(
118                 segmentIdentity
119             );
120             newSegment.values(SystemAttributes.OBJECT_CLASS).add(qualifiedModelName + ":Segment");
121             if(isSecureObject) {
122                 newSegment.values("owningUser").add(groupAdminIdentity);
123                 newSegment.values("owningGroup").add(groupAdmininstratorsIdentity);
124                 newSegment.values("accessLevelBrowse").add(new Short JavaDoc(SecurityKeys.ACCESS_LEVEL_GLOBAL));
125                 newSegment.values("accessLevelUpdate").add(new Short JavaDoc(SecurityKeys.ACCESS_LEVEL_DEEP));
126                 newSegment.values("accessLevelDelete").add(new Short JavaDoc(SecurityKeys.ACCESS_LEVEL_PRIVATE));
127             }
128             try {
129                 this.delegation.addCreateRequest(newSegment);
130             }
131             catch(Exception JavaDoc e0) {
132                 ServiceException e1 = new ServiceException(e0);
133                 AppLog.warning(e1.getMessage(), e1.getCause(), 1);
134                 errors.add("can not create segment for " + qualifiedModelName);
135                 errors.add("reason is " + e0.getMessage());
136                 return null;
137             }
138             segment = newSegment;
139         }
140         return segment;
141     }
142     
143     //-----------------------------------------------------------------------
144
private Path createContact(
145         Path adminIdentity,
146         String JavaDoc segmentName,
147         String JavaDoc principalName,
148         Path owningUser,
149         Path[] owningGroup,
150         List JavaDoc errors
151     ) {
152         Path contactIdentity = new Path("xri:@openmdx:org.opencrx.kernel.account1/provider");
153         contactIdentity = contactIdentity.getDescendant(new String JavaDoc[]{adminIdentity.get(2), "segment", segmentName, "account", principalName});
154         try {
155             this.delegation.addGetRequest(
156                 contactIdentity,
157                 AttributeSelectors.ALL_ATTRIBUTES,
158                 new AttributeSpecifier[]{}
159             );
160         }
161         catch(Exception JavaDoc e) {
162             DataproviderObject newContact = new DataproviderObject(
163                 contactIdentity
164             );
165             newContact.values(SystemAttributes.OBJECT_CLASS).add("org:opencrx:kernel:account1:Contact");
166             newContact.values("lastName").add(principalName);
167             newContact.values("owningUser").add(owningUser);
168             newContact.values("owningGroup").addAll(
169                 Arrays.asList(owningGroup)
170             );
171             try {
172                 this.plugin.accounts.setAccountFullName(newContact, null);
173                 this.delegation.addCreateRequest(newContact);
174             }
175             catch(Exception JavaDoc e0) {
176                 ServiceException e1 = new ServiceException(e);
177                 AppLog.warning(e1.getMessage(), e1.getCause(), 1);
178                 errors.add("can not create contact");
179                 errors.add("reason is " + e0.getMessage());
180                 return null;
181             }
182         }
183         return contactIdentity;
184     }
185
186     //-----------------------------------------------------------------------
187
/*
188      * Creates a new segment and segment administrators. <segmentName>:ADMIN_PRINCIPAL
189      * is the owner of all created objects.
190      */

191     void createAdministrator(
192         Path adminIdentity,
193         Path loginRealmIdentity,
194         String JavaDoc segmentName,
195         String JavaDoc principalName,
196         String JavaDoc initialPassword,
197         String JavaDoc initialPasswordVerification,
198         List JavaDoc errors
199     ) {
200         String JavaDoc providerName = adminIdentity.get(2);
201         
202         // Principal must exist in login realm
203
String JavaDoc segmentAdminName = SecurityKeys.ADMIN_PRINCIPAL + SecurityKeys.ID_SEPARATOR + segmentName;
204         try {
205             this.delegation.addGetRequest(
206                 loginRealmIdentity.getDescendant(new String JavaDoc[]{"principal", principalName}),
207                 AttributeSelectors.ALL_ATTRIBUTES,
208                 new AttributeSpecifier[]{}
209             );
210         }
211         catch(Exception JavaDoc e) {
212             // Create segment administrator if it does not exist
213
if(principalName.equals(segmentAdminName)) {
214                 // Create segment administrator's subject
215
Path segmentAdminSubjectIdentity = this.plugin.createSubject(
216                     segmentAdminName,
217                     new Path("xri:@openmdx:org.opencrx.security.identity1/provider/" + loginRealmIdentity.get(2) + "/segment/" + loginRealmIdentity.get(4)),
218                     errors
219                 );
220                 if(errors.size() > 0) return;
221                 // Create segment administrator's principal
222
this.plugin.createPrincipal(
223                     principalName,
224                     loginRealmIdentity,
225                     SecurityKeys.PRINCIPAL_TYPE_PRINCIPAL,
226                     new Path[]{
227                         loginRealmIdentity.getDescendant(new String JavaDoc[]{"principal", SecurityKeys.PRINCIPAL_GROUP_ADMINISTRATORS})
228                     },
229                     segmentAdminSubjectIdentity,
230                     errors
231                 );
232                 if(errors.size() > 0) return;
233             }
234             else {
235                 ServiceException e1 = new ServiceException(e);
236                 AppLog.warning(e1.getMessage(), e1.getCause(), 1);
237                 errors.add("principal " + principalName + " not found in realm " + loginRealmIdentity);
238                 return;
239             }
240         }
241         
242         // Principal admin-<segment name> must exist before any other
243
// segment administrator can be created
244
try {
245             this.delegation.addGetRequest(
246                 loginRealmIdentity.getDescendant(new String JavaDoc[]{"principal", segmentAdminName}),
247                 AttributeSelectors.ALL_ATTRIBUTES,
248                 new AttributeSpecifier[]{}
249             );
250         }
251         catch(Exception JavaDoc e) {
252             // admin-<segment name> does not exist --> principalName must match segment administrator
253
if(!principalName.equals(segmentAdminName)) {
254                 errors.add("primary principal name must match " + segmentAdminName);
255                 return;
256             }
257         }
258         if(
259             (principalName.startsWith(SecurityKeys.ADMIN_PRINCIPAL + SecurityKeys.ID_SEPARATOR)) &&
260             !principalName.equals(segmentAdminName)
261         ) {
262             errors.add("admin principal for segment " + segmentName + " must match " + segmentAdminName);
263             return;
264         }
265         
266         // realm
267
Path realmIdentity = new Path("xri:@openmdx:org.openmdx.security.realm1/provider");
268         realmIdentity = realmIdentity.getDescendant(new String JavaDoc[]{providerName, "segment", adminIdentity.get(4), "realm", segmentName});
269         
270         // user
271
Path userIdentity = realmIdentity;
272         userIdentity = userIdentity.getDescendant(new String JavaDoc[]{"principal", principalName + "." + SecurityKeys.USER_SUFFIX});
273         
274         // group Unspecified
275
Path groupUnspecifiedIdentity = realmIdentity;
276         groupUnspecifiedIdentity = groupUnspecifiedIdentity.getDescendant(new String JavaDoc[]{"principal", SecurityKeys.USER_GROUP_UNSPECIFIED});
277
278         // group Administrators
279
Path groupAdministratorsIdentity = realmIdentity;
280         groupAdministratorsIdentity = groupAdministratorsIdentity.getDescendant(new String JavaDoc[]{"principal", SecurityKeys.USER_GROUP_ADMINISTRATORS});
281
282         // group Users
283
Path groupUsersIdentity = realmIdentity;
284         groupUsersIdentity = groupUsersIdentity.getDescendant(new String JavaDoc[]{"principal", SecurityKeys.USER_GROUP_USERS});
285
286         // Create realm
287
try {
288             this.delegation.addGetRequest(
289                 realmIdentity,
290                 AttributeSelectors.ALL_ATTRIBUTES,
291                 new AttributeSpecifier[]{}
292             );
293         }
294         catch(Exception JavaDoc e) {
295             DataproviderObject realm = new DataproviderObject(
296                 realmIdentity
297             );
298             realm.values(SystemAttributes.OBJECT_CLASS).add("org:openmdx:security:realm1:Realm");
299             realm.values("description").add(segmentName + " Realm");
300             try {
301                 this.delegation.addCreateRequest(realm);
302             }
303             catch(Exception JavaDoc e0) {
304                 ServiceException e1 = new ServiceException(e);
305                 AppLog.warning(e1.getMessage(), e1.getCause(), 1);
306                 errors.add("can not create realm " + realmIdentity);
307                 errors.add("reason is " + e0.getMessage());
308                 return;
309             }
310         }
311         
312         // Create segments
313
this.createSegment("org:opencrx:kernel:account1", providerName, segmentName, true, userIdentity, groupAdministratorsIdentity, errors);
314         this.createSegment("org:opencrx:kernel:home1", providerName, segmentName, true, userIdentity, groupAdministratorsIdentity, errors);
315         this.createSegment("org:opencrx:kernel:activity1", providerName, segmentName, true, userIdentity, groupAdministratorsIdentity, errors);
316         this.createSegment("org:opencrx:kernel:contract1", providerName, segmentName, true, userIdentity, groupAdministratorsIdentity, errors);
317         this.createSegment("org:opencrx:kernel:product1", providerName, segmentName, true, userIdentity, groupAdministratorsIdentity, errors);
318         this.createSegment("org:opencrx:kernel:document1", providerName, segmentName, true, userIdentity, groupAdministratorsIdentity, errors);
319         this.createSegment("org:opencrx:kernel:building1", providerName, segmentName, true, userIdentity, groupAdministratorsIdentity, errors);
320         this.createSegment("org:opencrx:kernel:uom1", providerName, segmentName, true, userIdentity, groupAdministratorsIdentity, errors);
321         this.createSegment("org:opencrx:kernel:forecast1", providerName, segmentName, true, userIdentity, groupAdministratorsIdentity, errors);
322         this.createSegment("org:opencrx:kernel:workflow1", providerName, segmentName, true, userIdentity, groupAdministratorsIdentity, errors);
323         this.createSegment("org:opencrx:kernel:depot1", providerName, segmentName, true, userIdentity, groupAdministratorsIdentity, errors);
324         this.createSegment("org:opencrx:kernel:model1", providerName, segmentName, true, userIdentity, groupAdministratorsIdentity, errors);
325         if(errors.size() > 0) return;
326         
327         // Create contact: adminPrincipalName
328
Path contactIdentity = this.createContact(
329             adminIdentity,
330             segmentName,
331             principalName,
332             userIdentity,
333             new Path[]{
334                 groupUsersIdentity,
335                 groupAdministratorsIdentity
336             },
337             errors
338         );
339         if(contactIdentity == null) return;
340
341         this.plugin.createPrincipal(
342             SecurityKeys.USER_GROUP_UNSPECIFIED,
343             realmIdentity,
344             SecurityKeys.PRINCIPAL_TYPE_GROUP,
345             new Path[]{},
346             null,
347             errors
348         );
349         if(errors.size() > 0) return;
350         
351         this.plugin.createPrincipal(
352             SecurityKeys.USER_GROUP_ADMINISTRATORS,
353             realmIdentity,
354             SecurityKeys.PRINCIPAL_TYPE_GROUP,
355             new Path[]{
356                 groupUnspecifiedIdentity
357             },
358             null,
359             errors
360         );
361         if(errors.size() > 0) return;
362
363         this.plugin.createPrincipal(
364             SecurityKeys.USER_GROUP_USERS,
365             realmIdentity,
366             SecurityKeys.PRINCIPAL_TYPE_GROUP,
367             new Path[]{
368                 groupUnspecifiedIdentity
369             },
370             null,
371             errors
372         );
373         if(errors.size() > 0) return;
374
375         this.plugin.createPrincipal(
376             SecurityKeys.USER_GROUP_UNASSIGNED,
377             realmIdentity,
378             SecurityKeys.PRINCIPAL_TYPE_GROUP,
379             new Path[]{
380                 groupUsersIdentity
381             },
382             null,
383             errors
384         );
385         if(errors.size() > 0) return;
386                 
387         // Create user home principalName
388
this.plugin.userHomes.createUserHome(
389             loginRealmIdentity,
390             realmIdentity,
391             contactIdentity,
392             groupAdministratorsIdentity,
393             principalName,
394             true,
395             initialPassword,
396             initialPasswordVerification,
397             errors
398         );
399         
400     }
401     
402     //-----------------------------------------------------------------------
403
private DataproviderObject_1_0 retrievePrincipal(
404         Path realm,
405         String JavaDoc principalName
406     ) {
407         try {
408             return this.plugin.retrieveObjectFromDelegation(
409                 realm.getDescendant(new String JavaDoc[]{"principal", principalName})
410             );
411         }
412         catch(Exception JavaDoc e) {
413             return null;
414         }
415     }
416     
417     //-----------------------------------------------------------------------
418
private DataproviderObject retrievePrincipalForModification(
419         Path realm,
420         String JavaDoc principalName
421     ) {
422         try {
423             return this.plugin.retrieveObjectForModification(
424                 realm.getDescendant(new String JavaDoc[]{"principal", principalName})
425             );
426         }
427         catch(Exception JavaDoc e) {
428             return null;
429         }
430     }
431     
432     //-----------------------------------------------------------------------
433
private DataproviderObject_1_0 retrieveSubject(
434         Path identitySegment,
435         String JavaDoc subjectName
436     ) {
437         try {
438             return this.plugin.retrieveObjectFromDelegation(
439                 identitySegment.getDescendant(new String JavaDoc[]{"subject", subjectName})
440             );
441         }
442         catch(Exception JavaDoc e) {
443             return null;
444         }
445     }
446     
447     //-------------------------------------------------------------------------
448
public String JavaDoc importLoginPrincipals(
449         DataproviderObject_1_0 adminSegment,
450         byte[] item
451     ) throws ServiceException {
452         BufferedReader JavaDoc reader = new BufferedReader JavaDoc(
453             new InputStreamReader JavaDoc(new ByteArrayInputStream JavaDoc(item))
454         );
455         DataproviderObject_1_0 loginRealm = this.plugin.retrieveObjectFromDelegation(
456             new Path("xri:@openmdx:org.openmdx.security.realm1/provider/" + adminSegment.path().get(2) + "/segment/Root/realm/Default")
457         );
458         DataproviderObject_1_0 identitySegment = this.plugin.retrieveObjectFromDelegation(
459             new Path("xri:@openmdx:org.opencrx.security.identity1/provider/" + adminSegment.path().get(2) + "/segment/Root")
460         );
461         int nCreatedPrincipals = 0;
462         int nExistingPrincipals = 0;
463         int nFailedPrincipals = 0;
464         int nCreatedSubjects = 0;
465         int nExistingSubjects = 0;
466         int nFailedSubjects = 0;
467         try {
468             while(reader.ready()) {
469                 String JavaDoc l = reader.readLine();
470                 if(l.startsWith("Principal")) {
471                     StringTokenizer JavaDoc t = new StringTokenizer JavaDoc(l, ";");
472                     String JavaDoc command = t.nextToken();
473                     String JavaDoc principalName = t.nextToken();
474                     String JavaDoc principalDescription = t.nextToken();
475                     String JavaDoc subjectName = t.nextToken();
476                     String JavaDoc groups = t.nextToken();
477                     DataproviderObject principal = null;
478                     if((principal = this.retrievePrincipalForModification(loginRealm.path(), principalName)) == null) {
479                         try {
480                             DataproviderObject_1_0 subject = this.plugin.retrieveObjectFromDelegation(
481                                 identitySegment.path().getDescendant(new String JavaDoc[]{"subject", subjectName})
482                             );
483                             principal = new DataproviderObject(
484                                 loginRealm.path().getDescendant(new String JavaDoc[]{"principal", principalName})
485                             );
486                             principal.values(SystemAttributes.OBJECT_CLASS).add(
487                                 "org:opencrx:security:realm1:Principal"
488                             );
489                             principal.values("description").add(principalDescription);
490                             principal.values("disabled").add(Boolean.FALSE);
491                             principal.values("subject").add(subject.path());
492                             this.delegation.addCreateRequest(
493                                 principal
494                             );
495                             principal = this.retrievePrincipalForModification(
496                                 loginRealm.path(),
497                                 principalName
498                             );
499                             nCreatedPrincipals++;
500                         }
501                         catch(Exception JavaDoc e) {
502                             new ServiceException(e).log();
503                             nFailedPrincipals++;
504                         }
505                     }
506                     else {
507                         nExistingPrincipals++;
508                     }
509                     if(principal != null) {
510                         StringTokenizer JavaDoc g = new StringTokenizer JavaDoc(groups, ",");
511                         while(g.hasMoreTokens()) {
512                             String JavaDoc groupPrincipalName = g.nextToken();
513                             DataproviderObject_1_0 groupPrincipal = this.retrievePrincipal(
514                                 loginRealm.path(),
515                                 groupPrincipalName
516                             );
517                             if(!principal.values("isMemberOf").contains(groupPrincipal.path())) {
518                                 principal.values("isMemberOf").add(groupPrincipal.path());
519                             }
520                         }
521                     }
522                 }
523                 else if(l.startsWith("Subject")) {
524                     StringTokenizer JavaDoc t = new StringTokenizer JavaDoc(l, ";");
525                     String JavaDoc command = t.nextToken();
526                     String JavaDoc subjectName = t.nextToken();
527                     String JavaDoc subjectDescription = t.nextToken();
528                     if((this.retrieveSubject(identitySegment.path(), subjectName)) == null) {
529                         try {
530                             DataproviderObject subject = new DataproviderObject(
531                                 identitySegment.path().getDescendant(new String JavaDoc[]{"subject", subjectName})
532                             );
533                             subject.values(SystemAttributes.OBJECT_CLASS).add(
534                                 "org:opencrx:security:identity1:Subject"
535                             );
536                             subject.values("description").add(subjectDescription);
537                             this.delegation.addCreateRequest(
538                                 subject
539                             );
540                             nCreatedSubjects++;
541                         }
542                         catch(Exception JavaDoc e) {
543                             new ServiceException(e).log();
544                             nFailedSubjects++;
545                         }
546                     }
547                     else {
548                         nExistingSubjects++;
549                     }
550                 }
551             }
552         }
553         catch(IOException JavaDoc e) {
554             new ServiceException(e).log();
555         }
556         return
557             "Principals=(created:" + nCreatedPrincipals + ",existing:" + nExistingPrincipals + ",failed:" + nFailedPrincipals + "); " +
558             "Subjects:(created:" + nCreatedSubjects + ",existing:" + nExistingSubjects + ",failed:" + nFailedSubjects + ")";
559     }
560         
561     //-------------------------------------------------------------------------
562
// Members
563
//-------------------------------------------------------------------------
564
private final OpenCrxKernel_1 plugin;
565     private final RequestCollection delegation;
566     private final String JavaDoc passwordEncodingAlgorithm;
567         
568 }
569
570 //--- End of File -----------------------------------------------------------
571
Popular Tags