core/src/main/java/org/apache/ki/realm/text/PropertiesRealm.java - jsecurity - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package org.apache.ki.realm.text;

 import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
 import java.util.Enumeration;
 import java.util.Properties;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
 import java.util.concurrent.ScheduledExecutorService;
 import java.util.concurrent.TimeUnit;

 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;

 import org.apache.ki.KiException;
 import org.apache.ki.cache.CacheManager;
 import org.apache.ki.io.ResourceUtils;
 import org.apache.ki.util.Destroyable;


 /**
  * A subclass of <tt>SimpleAccountRealm</tt> that defers all logic to the parent class, but just enables
  * {@link java.util.Properties Properties} based configuration in addition to the parent class's String configuration.
  *
  * <p>This class allows processing of a single .properties file for user, role, and
  * permission configuration.
  *
  * <p>For convenience, if the {@link #setResourcePath resourcePath} attribute is not set, this class defaults to lookup
  * the properties file definition from <tt>classpath:ki-users.properties</tt> (root of the classpath).
  * This allows you to use this implementation by simply defining this file at the classpath root, instantiating this
  * class, and then calling {@link #init init()}.
  *
  * <p>Or, you may of course specify any other file path using the <tt>url:</tt>, <tt>file:</tt>, or <tt>classpath:</tt>
  * prefixes.</p>
  *
  * <p>If none of these are specified, and the ki-users.properties is not included at the root of the classpath,
  * a default failsafe configuration will be used.  This is not recommended as it only contains a few simple users and
  * roles which are probably of little value to production applications.</p>
  *
  * <p>The Properties format understood by this implementation must be written as follows:
  *
  * <p>Each line's key/value pair represents either a user-to-role(s) mapping <em>or</em> a role-to-permission(s)
  * mapping.
  *
  * <p>The user-to-role(s) lines have this format:</p>
  *
  * <p><code><b>user.</b><em>username</em> = <em>password</em>,role1,role2,...</code></p>
  *
  * <p>Note that each key is prefixed with the token <tt><b>user.</b></tt>  Each value must adhere to the
  * the {@link #setUserDefinitions(String) setUserDefinitions(String)} JavaDoc.</p>
  *
  * <p>The role-to-permission(s) lines have this format:</p>
  *
  * <p><code><b>role.</b><em>rolename</em> = <em>permissionDefinition1</em>, <em>permissionDefinition2</em>, ...</code></p>
  *
  * <p>where each key is prefixed with the token <tt><b>role.</b></tt> and the value adheres to the format specified in
  * the {@link #setRoleDefinitions(String) setRoleDefinitions(String)} JavaDoc.
  *
  * <p>Here is an example of a very simple properties definition that conforms to the above format rules and corresponding
  * method JavaDocs:
  *
  * <code>user.root = <em>rootPassword</em>,administrator<br/>
  * user.jsmith = <em>jsmithPassword</em>,manager,engineer,employee<br/>
  * user.abrown = <em>abrownPassword</em>,qa,employee<br/>
  * user.djones = <em>djonesPassword</em>,qa,contractor<br/>
  * <br/>
  * role.administrator = org.apache.ki.authz.support.AllPermission<br/>
  * role.manager = com.domain.UserPermission,*,read,write;com.domain.FilePermission,/usr/local/emailManagers.sh,execute<br/>
  * role.engineer = com.domain.FilePermission,/usr/local/tomcat/bin/startup.sh,read,execute<br/>
  * role.employee = com.domain.IntranetPermission,useWiki<br/>
  * role.qa = com.domain.QAServerPermission,*,view,start,shutdown,restart;com.domain.ProductionServerPermission,*,view<br/>
  * role.contractor = com.domain.IntranetPermission,useTimesheet</code>
  *
  * @author Les Hazlewood
  * @author Jeremy Haile
  * @since 0.2
  */
 public class PropertiesRealm extends TextConfigurationRealm implements Destroyable, Runnable {

     //TODO - complete JavaDoc

     /*--------------------------------------------
     |             C O N S T A N T S             |
     ============================================*/
     private static final int DEFAULT_RELOAD_INTERVAL_SECONDS = 10;
     private static final String USERNAME_PREFIX = "user.";
     private static final String ROLENAME_PREFIX = "role.";
     private static final String DEFAULT_RESOURCE_PATH = "classpath:ki-users.properties";
     private static final String FAILSAFE_RESOURCE_PATH = "classpath:org/apache/ki/realm/text/default-ki-users.properties";

     /*--------------------------------------------
     |    I N S T A N C E   V A R I A B L E S    |
     ============================================*/
     private static final Log log = LogFactory.getLog(PropertiesRealm.class);

     protected ExecutorService scheduler = null;
     protected boolean useXmlFormat = false;
     protected String resourcePath = DEFAULT_RESOURCE_PATH;
     protected long fileLastModified;
     protected int reloadIntervalSeconds = DEFAULT_RELOAD_INTERVAL_SECONDS;

     public PropertiesRealm() {
         init();
     }

     public PropertiesRealm( CacheManager cacheManager ) {
         if ( cacheManager == null ) {
             throw new IllegalArgumentException( "cacheManager argument cannot be null." );
         }
         setCacheManager(cacheManager);
         init();
     }

     public void afterRoleCacheSet() {
         try {
             loadProperties();
         } catch (Exception e) {
             if (log.isInfoEnabled()) {
                 log.info("Unable to find a ki-users.properties file at location [" + this.resourcePath + "].  " +
                         "Defaulting to Apache Ki's failsafe properties file (demo use only).");
             }
             this.resourcePath = FAILSAFE_RESOURCE_PATH;
             loadProperties();
         }
         //we can only determine if files have been modified at runtime (not classpath entries or urls), so only
         //start the thread in this case:
         if (this.resourcePath.startsWith(ResourceUtils.FILE_PREFIX) && scheduler != null) {
             startReloadThread();
         }
     }

     public void destroy() {
         try {
             if (scheduler != null) {
                 scheduler.shutdown();
             }
         } catch (Exception e) {
             if (log.isInfoEnabled()) {
                 log.info("Unable to cleanly shutdown Scheduler.  Ignoring (shutting down)...", e);
             }
         }
     }

     protected void startReloadThread() {
         if (this.reloadIntervalSeconds > 0) {
             this.scheduler = Executors.newSingleThreadScheduledExecutor();
             ((ScheduledExecutorService) this.scheduler).scheduleAtFixedRate(this, reloadIntervalSeconds, reloadIntervalSeconds, TimeUnit.SECONDS);
         }
     }

     public void run() {
         try {
             reloadPropertiesIfNecessary();
         } catch (Exception e) {
             if (log.isErrorEnabled()) {
                 log.error("Error while reloading property files for realm.", e);
             }
         }
     }

     /*--------------------------------------------
     |  A C C E S S O R S / M O D I F I E R S    |
     ============================================*/

     /**
      * Determines whether or not the properties XML format should be used.  For more information, see
      * {@link Properties#loadFromXML(java.io.InputStream)}
      *
      * @param useXmlFormat true to use XML or false to use the normal format.  Defaults to false.
      */
     public void setUseXmlFormat(boolean useXmlFormat) {
         this.useXmlFormat = useXmlFormat;
     }

     /**
      * Sets the path of the properties file to load user, role, and permission information from.  The properties
      * file will be loaded using {@link ResourceUtils#getInputStreamForPath(String)} so any convention recongized
      * by that method is accepted here.  For example, to load a file from the classpath use
      * <tt>classpath:myfile.properties</tt>; to load a file from disk simply specify the full path; to load
      * a file from a URL use <tt>url:www.mysite.com/myfile.properties</tt>.
      *
      * @param resourcePath the path to load the properties file from.  This is a required property.
      */
     public void setResourcePath(String resourcePath) {
         this.resourcePath = resourcePath;
     }

     /**
      * Sets the interval in seconds at which the property file will be checked for changes and reloaded.  If this is
      * set to zero or less, property file reloading will be disabled.  If it is set to 1 or greater, then a
      * separate thread will be created to monitor the propery file for changes and reload the file if it is updated.
      *
      * @param reloadIntervalSeconds the interval in seconds at which the property file should be examined for changes.
      *                              If set to zero or less, reloading is disabled.
      */
     public void setReloadIntervalSeconds(int reloadIntervalSeconds) {
         this.reloadIntervalSeconds = reloadIntervalSeconds;
     }

     /*--------------------------------------------
     |               M E T H O D S               |
     ============================================*/
     private void loadProperties() {
         if (resourcePath == null || resourcePath.length() == 0) {
             throw new IllegalStateException("The resourcePath property is not set.  " +
                     "It must be set prior to this realm being initialized.");
         }

         if (log.isDebugEnabled()) {
             log.debug("Loading user security information from file [" + resourcePath + "]...");
         }

         Properties properties = loadProperties(resourcePath);
         createRealmEntitiesFromProperties(properties);
     }

     private Properties loadProperties(String resourcePath) {
         Properties props = new Properties();

         InputStream is = null;
         try {

             if (log.isDebugEnabled()) {
                 log.debug("Opening input stream for path [" + resourcePath + "]...");
             }

             is = ResourceUtils.getInputStreamForPath(resourcePath);
             if (useXmlFormat) {

                 if (log.isDebugEnabled()) {
                     log.debug("Loading properties from path [" + resourcePath + "] in XML format...");
                 }

                 props.loadFromXML(is);
             } else {

                 if (log.isDebugEnabled()) {
                     log.debug("Loading properties from path [" + resourcePath + "]...");
                 }

                 props.load(is);
             }

         } catch (IOException e) {
             throw new KiException("Error reading properties path [" + resourcePath + "].  " +
                     "Initializing of the realm from this file failed.", e);
         } finally {
             ResourceUtils.close(is);
         }

         return props;
     }


     private void reloadPropertiesIfNecessary() {
         if (isSourceModified()) {
             restart();
         }
     }

     private boolean isSourceModified() {
         //we can only check last modified times on files - classpath and URL entries can't tell us modification times
         return this.resourcePath.startsWith(ResourceUtils.FILE_PREFIX) && isFileModified();
     }

     private boolean isFileModified() {
         File propertyFile = new File(this.resourcePath);
         long currentLastModified = propertyFile.lastModified();
         if (currentLastModified > this.fileLastModified) {
             this.fileLastModified = currentLastModified;
             return true;
         } else {
             return false;
         }
     }

     @SuppressWarnings("unchecked")
     private void restart() {
         if (resourcePath == null || resourcePath.length() == 0) {
             throw new IllegalStateException("The resourcePath property is not set.  " +
                     "It must be set prior to this realm being initialized.");
         }

         if (log.isDebugEnabled()) {
             log.debug("Loading user security information from file [" + resourcePath + "]...");
         }

         try {
             destroy();
         } catch (Exception e) {
             //ignored
         }
         init();
     }

     @SuppressWarnings("unchecked")
     private void createRealmEntitiesFromProperties(Properties properties) {

         StringBuffer userDefs = new StringBuffer();
         StringBuffer roleDefs = new StringBuffer();

         Enumeration<String> propNames = (Enumeration<String>) properties.propertyNames();

         while (propNames.hasMoreElements()) {

             String key = propNames.nextElement().trim();
             String value = properties.getProperty(key).trim();
             if (log.isTraceEnabled()) {
                 log.trace("Processing properties line - key: [" + key + "], value: [" + value + "].");
             }

             if (isUsername(key)) {
                 String username = getUsername(key);
                 userDefs.append(username).append(" = ").append(value).append("\n");
             } else if (isRolename(key)) {
                 String rolename = getRolename(key);
                 roleDefs.append(rolename).append(" = ").append(value).append("\n");
             } else {
                 String msg = "Encountered unexpected key/value pair.  All keys must be prefixed with either '" +
                         USERNAME_PREFIX + "' or '" + ROLENAME_PREFIX + "'.";
                 throw new IllegalStateException(msg);
             }
         }

         setUserDefinitions(userDefs.toString());
         setRoleDefinitions(roleDefs.toString());
         processDefinitions();
     }

     protected String getName(String key, String prefix) {
         return key.substring(prefix.length(), key.length());
     }

     protected boolean isUsername(String key) {
         return key != null && key.startsWith(USERNAME_PREFIX);
     }

     protected boolean isRolename(String key) {
         return key != null && key.startsWith(ROLENAME_PREFIX);
     }

     protected String getUsername(String key) {
         return getName(key, USERNAME_PREFIX);
     }

     protected String getRolename(String key) {
         return getName(key, ROLENAME_PREFIX);
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/
	package org.apache.ki.realm.text;

	import java.io.File;
	import java.io.IOException;
	import java.io.InputStream;
	import java.util.Enumeration;
	import java.util.Properties;
	import java.util.concurrent.ExecutorService;
	import java.util.concurrent.Executors;
	import java.util.concurrent.ScheduledExecutorService;
	import java.util.concurrent.TimeUnit;

	import org.apache.commons.logging.Log;
	import org.apache.commons.logging.LogFactory;

	import org.apache.ki.KiException;
	import org.apache.ki.cache.CacheManager;
	import org.apache.ki.io.ResourceUtils;
	import org.apache.ki.util.Destroyable;


	/**
	* A subclass of <tt>SimpleAccountRealm</tt> that defers all logic to the parent class, but just enables
	* {@link java.util.Properties Properties} based configuration in addition to the parent class's String configuration.
	*
	* <p>This class allows processing of a single .properties file for user, role, and
	* permission configuration.
	*
	* <p>For convenience, if the {@link #setResourcePath resourcePath} attribute is not set, this class defaults to lookup
	* the properties file definition from <tt>classpath:ki-users.properties</tt> (root of the classpath).
	* This allows you to use this implementation by simply defining this file at the classpath root, instantiating this
	* class, and then calling {@link #init init()}.
	*
	* <p>Or, you may of course specify any other file path using the <tt>url:</tt>, <tt>file:</tt>, or <tt>classpath:</tt>
	* prefixes.</p>
	*
	* <p>If none of these are specified, and the ki-users.properties is not included at the root of the classpath,
	* a default failsafe configuration will be used. This is not recommended as it only contains a few simple users and
	* roles which are probably of little value to production applications.</p>
	*
	* <p>The Properties format understood by this implementation must be written as follows:
	*
	* <p>Each line's key/value pair represents either a user-to-role(s) mapping <em>or</em> a role-to-permission(s)
	* mapping.
	*
	* <p>The user-to-role(s) lines have this format:</p>
	*
	* <p><code><b>user.</b><em>username</em> = <em>password</em>,role1,role2,...</code></p>
	*
	* <p>Note that each key is prefixed with the token <tt><b>user.</b></tt> Each value must adhere to the
	* the {@link #setUserDefinitions(String) setUserDefinitions(String)} JavaDoc.</p>
	*
	* <p>The role-to-permission(s) lines have this format:</p>
	*
	* <p><code><b>role.</b><em>rolename</em> = <em>permissionDefinition1</em>, <em>permissionDefinition2</em>, ...</code></p>
	*
	* <p>where each key is prefixed with the token <tt><b>role.</b></tt> and the value adheres to the format specified in
	* the {@link #setRoleDefinitions(String) setRoleDefinitions(String)} JavaDoc.
	*
	* <p>Here is an example of a very simple properties definition that conforms to the above format rules and corresponding
	* method JavaDocs:
	*
	* <code>user.root = <em>rootPassword</em>,administrator<br/>
	* user.jsmith = <em>jsmithPassword</em>,manager,engineer,employee<br/>
	* user.abrown = <em>abrownPassword</em>,qa,employee<br/>
	* user.djones = <em>djonesPassword</em>,qa,contractor<br/>
	* <br/>
	* role.administrator = org.apache.ki.authz.support.AllPermission<br/>
	* role.manager = com.domain.UserPermission,*,read,write;com.domain.FilePermission,/usr/local/emailManagers.sh,execute<br/>
	* role.engineer = com.domain.FilePermission,/usr/local/tomcat/bin/startup.sh,read,execute<br/>
	* role.employee = com.domain.IntranetPermission,useWiki<br/>
	* role.qa = com.domain.QAServerPermission,,view,start,shutdown,restart;com.domain.ProductionServerPermission,,view<br/>
	* role.contractor = com.domain.IntranetPermission,useTimesheet</code>
	*
	* @author Les Hazlewood
	* @author Jeremy Haile
	* @since 0.2
	*/
	public class PropertiesRealm extends TextConfigurationRealm implements Destroyable, Runnable {

	//TODO - complete JavaDoc

	/*--------------------------------------------
	\| C O N S T A N T S \|
	============================================*/
	private static final int DEFAULT_RELOAD_INTERVAL_SECONDS = 10;
	private static final String USERNAME_PREFIX = "user.";
	private static final String ROLENAME_PREFIX = "role.";
	private static final String DEFAULT_RESOURCE_PATH = "classpath:ki-users.properties";
	private static final String FAILSAFE_RESOURCE_PATH = "classpath:org/apache/ki/realm/text/default-ki-users.properties";

	/*--------------------------------------------
	\| I N S T A N C E V A R I A B L E S \|
	============================================*/
	private static final Log log = LogFactory.getLog(PropertiesRealm.class);

	protected ExecutorService scheduler = null;
	protected boolean useXmlFormat = false;
	protected String resourcePath = DEFAULT_RESOURCE_PATH;
	protected long fileLastModified;
	protected int reloadIntervalSeconds = DEFAULT_RELOAD_INTERVAL_SECONDS;

	public PropertiesRealm() {
	init();
	}

	public PropertiesRealm( CacheManager cacheManager ) {
	if ( cacheManager == null ) {
	throw new IllegalArgumentException( "cacheManager argument cannot be null." );
	}
	setCacheManager(cacheManager);
	init();
	}

	public void afterRoleCacheSet() {
	try {
	loadProperties();
	} catch (Exception e) {
	if (log.isInfoEnabled()) {
	log.info("Unable to find a ki-users.properties file at location [" + this.resourcePath + "]. " +
	"Defaulting to Apache Ki's failsafe properties file (demo use only).");
	}
	this.resourcePath = FAILSAFE_RESOURCE_PATH;
	loadProperties();
	}
	//we can only determine if files have been modified at runtime (not classpath entries or urls), so only
	//start the thread in this case:
	if (this.resourcePath.startsWith(ResourceUtils.FILE_PREFIX) && scheduler != null) {
	startReloadThread();
	}
	}

	public void destroy() {
	try {
	if (scheduler != null) {
	scheduler.shutdown();
	}
	} catch (Exception e) {
	if (log.isInfoEnabled()) {
	log.info("Unable to cleanly shutdown Scheduler. Ignoring (shutting down)...", e);
	}
	}
	}

	protected void startReloadThread() {
	if (this.reloadIntervalSeconds > 0) {
	this.scheduler = Executors.newSingleThreadScheduledExecutor();
	((ScheduledExecutorService) this.scheduler).scheduleAtFixedRate(this, reloadIntervalSeconds, reloadIntervalSeconds, TimeUnit.SECONDS);
	}
	}

	public void run() {
	try {
	reloadPropertiesIfNecessary();
	} catch (Exception e) {
	if (log.isErrorEnabled()) {
	log.error("Error while reloading property files for realm.", e);
	}
	}
	}

	/*--------------------------------------------
	\| A C C E S S O R S / M O D I F I E R S \|
	============================================*/

	/**
	* Determines whether or not the properties XML format should be used. For more information, see
	* {@link Properties#loadFromXML(java.io.InputStream)}
	*
	* @param useXmlFormat true to use XML or false to use the normal format. Defaults to false.
	*/
	public void setUseXmlFormat(boolean useXmlFormat) {
	this.useXmlFormat = useXmlFormat;
	}

	/**
	* Sets the path of the properties file to load user, role, and permission information from. The properties
	* file will be loaded using {@link ResourceUtils#getInputStreamForPath(String)} so any convention recongized
	* by that method is accepted here. For example, to load a file from the classpath use
	* <tt>classpath:myfile.properties</tt>; to load a file from disk simply specify the full path; to load
	* a file from a URL use <tt>url:www.mysite.com/myfile.properties</tt>.
	*
	* @param resourcePath the path to load the properties file from. This is a required property.
	*/
	public void setResourcePath(String resourcePath) {
	this.resourcePath = resourcePath;
	}

	/**
	* Sets the interval in seconds at which the property file will be checked for changes and reloaded. If this is
	* set to zero or less, property file reloading will be disabled. If it is set to 1 or greater, then a
	* separate thread will be created to monitor the propery file for changes and reload the file if it is updated.
	*
	* @param reloadIntervalSeconds the interval in seconds at which the property file should be examined for changes.
	* If set to zero or less, reloading is disabled.
	*/
	public void setReloadIntervalSeconds(int reloadIntervalSeconds) {
	this.reloadIntervalSeconds = reloadIntervalSeconds;
	}

	/*--------------------------------------------
	\| M E T H O D S \|
	============================================*/
	private void loadProperties() {
	if (resourcePath == null \|\| resourcePath.length() == 0) {
	throw new IllegalStateException("The resourcePath property is not set. " +
	"It must be set prior to this realm being initialized.");
	}

	if (log.isDebugEnabled()) {
	log.debug("Loading user security information from file [" + resourcePath + "]...");
	}

	Properties properties = loadProperties(resourcePath);
	createRealmEntitiesFromProperties(properties);
	}

	private Properties loadProperties(String resourcePath) {
	Properties props = new Properties();

	InputStream is = null;
	try {

	if (log.isDebugEnabled()) {
	log.debug("Opening input stream for path [" + resourcePath + "]...");
	}

	is = ResourceUtils.getInputStreamForPath(resourcePath);
	if (useXmlFormat) {

	if (log.isDebugEnabled()) {
	log.debug("Loading properties from path [" + resourcePath + "] in XML format...");
	}

	props.loadFromXML(is);
	} else {

	if (log.isDebugEnabled()) {
	log.debug("Loading properties from path [" + resourcePath + "]...");
	}

	props.load(is);
	}

	} catch (IOException e) {
	throw new KiException("Error reading properties path [" + resourcePath + "]. " +
	"Initializing of the realm from this file failed.", e);
	} finally {
	ResourceUtils.close(is);
	}

	return props;
	}


	private void reloadPropertiesIfNecessary() {
	if (isSourceModified()) {
	restart();
	}
	}

	private boolean isSourceModified() {
	//we can only check last modified times on files - classpath and URL entries can't tell us modification times
	return this.resourcePath.startsWith(ResourceUtils.FILE_PREFIX) && isFileModified();
	}

	private boolean isFileModified() {
	File propertyFile = new File(this.resourcePath);
	long currentLastModified = propertyFile.lastModified();
	if (currentLastModified > this.fileLastModified) {
	this.fileLastModified = currentLastModified;
	return true;
	} else {
	return false;
	}
	}

	@SuppressWarnings("unchecked")
	private void restart() {
	if (resourcePath == null \|\| resourcePath.length() == 0) {
	throw new IllegalStateException("The resourcePath property is not set. " +
	"It must be set prior to this realm being initialized.");
	}

	if (log.isDebugEnabled()) {
	log.debug("Loading user security information from file [" + resourcePath + "]...");
	}

	try {
	destroy();
	} catch (Exception e) {
	//ignored
	}
	init();
	}

	@SuppressWarnings("unchecked")
	private void createRealmEntitiesFromProperties(Properties properties) {

	StringBuffer userDefs = new StringBuffer();
	StringBuffer roleDefs = new StringBuffer();

	Enumeration<String> propNames = (Enumeration<String>) properties.propertyNames();

	while (propNames.hasMoreElements()) {

	String key = propNames.nextElement().trim();
	String value = properties.getProperty(key).trim();
	if (log.isTraceEnabled()) {
	log.trace("Processing properties line - key: [" + key + "], value: [" + value + "].");
	}

	if (isUsername(key)) {
	String username = getUsername(key);
	userDefs.append(username).append(" = ").append(value).append("\n");
	} else if (isRolename(key)) {
	String rolename = getRolename(key);
	roleDefs.append(rolename).append(" = ").append(value).append("\n");
	} else {
	String msg = "Encountered unexpected key/value pair. All keys must be prefixed with either '" +
	USERNAME_PREFIX + "' or '" + ROLENAME_PREFIX + "'.";
	throw new IllegalStateException(msg);
	}
	}

	setUserDefinitions(userDefs.toString());
	setRoleDefinitions(roleDefs.toString());
	processDefinitions();
	}

	protected String getName(String key, String prefix) {
	return key.substring(prefix.length(), key.length());
	}

	protected boolean isUsername(String key) {
	return key != null && key.startsWith(USERNAME_PREFIX);
	}

	protected boolean isRolename(String key) {
	return key != null && key.startsWith(ROLENAME_PREFIX);
	}

	protected String getUsername(String key) {
	return getName(key, USERNAME_PREFIX);
	}

	protected String getRolename(String key) {
	return getName(key, ROLENAME_PREFIX);
	}
	}