| package org.apache.turbine.services.security; |
| |
| |
| import java.util.concurrent.atomic.AtomicInteger; |
| |
| /* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| */ |
| |
| |
| import org.apache.commons.configuration2.Configuration; |
| import org.apache.fulcrum.security.GroupManager; |
| import org.apache.fulcrum.security.PermissionManager; |
| import org.apache.fulcrum.security.RoleManager; |
| import org.apache.fulcrum.security.acl.AccessControlList; |
| import org.apache.fulcrum.security.entity.Group; |
| import org.apache.fulcrum.security.entity.Permission; |
| import org.apache.fulcrum.security.entity.Role; |
| import org.apache.fulcrum.security.model.turbine.TurbineModelManager; |
| import org.apache.fulcrum.security.model.turbine.entity.TurbineRole; |
| import org.apache.fulcrum.security.util.DataBackendException; |
| import org.apache.fulcrum.security.util.EntityExistsException; |
| import org.apache.fulcrum.security.util.GroupSet; |
| import org.apache.fulcrum.security.util.PasswordMismatchException; |
| import org.apache.fulcrum.security.util.PermissionSet; |
| import org.apache.fulcrum.security.util.RoleSet; |
| import org.apache.fulcrum.security.util.UnknownEntityException; |
| import org.apache.logging.log4j.LogManager; |
| import org.apache.logging.log4j.Logger; |
| import org.apache.torque.avalon.Torque; |
| import org.apache.torque.avalon.TorqueComponent; |
| import org.apache.turbine.om.security.User; |
| import org.apache.turbine.services.InitializationException; |
| import org.apache.turbine.services.ServiceManager; |
| import org.apache.turbine.services.TurbineBaseService; |
| import org.apache.turbine.services.TurbineServices; |
| |
| /** |
| * This is a common subset of SecurityService implementation. |
| * |
| * Provided functionality includes: |
| * <ul> |
| * <li> methods for retrieving User objects, that delegates functionality |
| * to the pluggable implementations of the User interface. |
| * <li> synchronization mechanism for methods reading/modifying the security |
| * information, that guarantees that multiple threads may read the |
| * information concurrently, but threads that modify the information |
| * acquires exclusive access. |
| * <li> implementation of convenience methods for retrieving security entities |
| * that maintain in-memory caching of objects for fast access. |
| * </ul> |
| * |
| * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a> |
| * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a> |
| * @author <a href="mailto:marco@intermeta.de">Marco Knüttel</a> |
| * @author <a href="mailto:quintonm@bellsouth.net">Quinton McCombs</a> |
| * @version $Id$ |
| */ |
| public class DefaultSecurityService |
| extends TurbineBaseService |
| implements SecurityService |
| { |
| /** The number of threads concurrently reading security information */ |
| private AtomicInteger readerCount = new AtomicInteger(0); |
| |
| /** The instance of UserManager the SecurityService uses */ |
| private UserManager userManager = null; |
| |
| /** The instance of GroupManager the SecurityService uses */ |
| private GroupManager groupManager; |
| |
| /** The instance of RoleManager the SecurityService uses */ |
| private RoleManager roleManager; |
| |
| /** The instance of PermissionManager the SecurityService uses */ |
| private PermissionManager permissionManager; |
| |
| /** The instance of ModelManager the SecurityService uses */ |
| private TurbineModelManager modelManager; |
| |
| private TorqueComponent backend; |
| |
| /** |
| * The Group object that represents the <a href="#global">global group</a>. |
| */ |
| private static volatile Group globalGroup = null; |
| |
| /** Logging */ |
| private static final Logger log = LogManager.getLogger(DefaultSecurityService.class); |
| |
| /** |
| * Initializes the SecurityService, locating the appropriate UserManager |
| * This is a zero parameter variant which queries the Turbine Servlet |
| * for its config. |
| * |
| * @throws InitializationException Something went wrong in the init stage |
| */ |
| @Override |
| public void init() |
| throws InitializationException |
| { |
| ServiceManager manager = TurbineServices.getInstance(); |
| |
| this.groupManager = (GroupManager)manager.getService(GroupManager.ROLE); |
| this.roleManager = (RoleManager)manager.getService(RoleManager.ROLE); |
| this.permissionManager = (PermissionManager)manager.getService(PermissionManager.ROLE); |
| this.modelManager = (TurbineModelManager)manager.getService(TurbineModelManager.ROLE); |
| // to ensure that it is initialized, non local |
| this.backend = (TorqueComponent)manager.getService(Torque.ROLE); |
| |
| Configuration conf = getConfiguration(); |
| |
| String userManagerClassName = conf.getString( |
| SecurityService.USER_MANAGER_KEY, |
| SecurityService.USER_MANAGER_DEFAULT); |
| |
| try |
| { |
| this.userManager = |
| (UserManager) Class.forName(userManagerClassName).getDeclaredConstructor().newInstance(); |
| |
| userManager.init(conf); |
| } |
| catch (Exception e) |
| { |
| throw new InitializationException("Failed to instantiate UserManager", e); |
| } |
| |
| setInit(true); |
| } |
| |
| /** |
| * Construct a blank User object. |
| * |
| * @return an object implementing User interface. |
| * @throws UnknownEntityException if the object could not be instantiated. |
| */ |
| @Override |
| public <U extends User> U getUserInstance() |
| throws UnknownEntityException |
| { |
| U user; |
| try |
| { |
| user = getUserManager().getUserInstance(); |
| } |
| catch (DataBackendException e) |
| { |
| throw new UnknownEntityException( |
| "Failed instantiate an User implementation object", e); |
| } |
| return user; |
| } |
| |
| /** |
| * Construct a blank User object. |
| * |
| * @param userName The name of the user. |
| * |
| * @return an object implementing User interface. |
| * |
| * @throws UnknownEntityException if the object could not be instantiated. |
| */ |
| @Override |
| public <U extends User> U getUserInstance(String userName) |
| throws UnknownEntityException |
| { |
| U user; |
| try |
| { |
| user = getUserManager().getUserInstance(userName); |
| } |
| catch (DataBackendException e) |
| { |
| throw new UnknownEntityException( |
| "Failed instantiate an User implementation object", e); |
| } |
| return user; |
| } |
| |
| /** |
| * Construct a blank Group object. |
| * |
| * @return an object implementing Group interface. |
| * @throws UnknownEntityException if the object could not be instantiated. |
| */ |
| @Override |
| public <G extends Group> G getGroupInstance() |
| throws UnknownEntityException |
| { |
| G group; |
| try |
| { |
| group = groupManager.getGroupInstance(); |
| } |
| catch (Exception e) |
| { |
| throw new UnknownEntityException("Failed to instantiate a Group implementation object", e); |
| } |
| return group; |
| } |
| |
| /** |
| * Construct a blank Group object. |
| * |
| * @param groupName The name of the Group |
| * |
| * @return an object implementing Group interface. |
| * |
| * @throws UnknownEntityException if the object could not be instantiated. |
| */ |
| @Override |
| public <G extends Group> G getGroupInstance(String groupName) |
| throws UnknownEntityException |
| { |
| G group; |
| try |
| { |
| group = groupManager.getGroupInstance(groupName); |
| } |
| catch (Exception e) |
| { |
| throw new UnknownEntityException("Failed to instantiate a Group implementation object", e); |
| } |
| return group; |
| } |
| |
| /** |
| * Construct a blank Permission object. |
| * |
| * @return an object implementing Permission interface. |
| * @throws UnknownEntityException if the object could not be instantiated. |
| */ |
| @Override |
| public <P extends Permission> P getPermissionInstance() |
| throws UnknownEntityException |
| { |
| P permission; |
| try |
| { |
| permission = permissionManager.getPermissionInstance(); |
| } |
| catch (Exception e) |
| { |
| throw new UnknownEntityException("Failed to instantiate a Permission implementation object", e); |
| } |
| return permission; |
| } |
| |
| /** |
| * Construct a blank Permission object. |
| * |
| * @param permName The name of the permission. |
| * |
| * @return an object implementing Permission interface. |
| * @throws UnknownEntityException if the object could not be instantiated. |
| */ |
| @Override |
| public <P extends Permission> P getPermissionInstance(String permName) |
| throws UnknownEntityException |
| { |
| P permission; |
| try |
| { |
| permission = permissionManager.getPermissionInstance(permName); |
| } |
| catch (Exception e) |
| { |
| throw new UnknownEntityException("Failed to instantiate a Permission implementation object", e); |
| } |
| return permission; |
| } |
| |
| /** |
| * Construct a blank Role object. |
| * |
| * @return an object implementing Role interface. |
| * @throws UnknownEntityException if the object could not be instantiated. |
| */ |
| @Override |
| public <R extends Role> R getRoleInstance() |
| throws UnknownEntityException |
| { |
| R role; |
| try |
| { |
| role = roleManager.getRoleInstance(); |
| } |
| catch (Exception e) |
| { |
| throw new UnknownEntityException("Failed to instantiate a Role implementation object", e); |
| } |
| return role; |
| } |
| |
| /** |
| * Construct a blank Role object. |
| * |
| * @param roleName The name of the role. |
| * |
| * @return an object implementing Role interface. |
| * |
| * @throws UnknownEntityException if the object could not be instantiated. |
| */ |
| @Override |
| public <R extends Role> R getRoleInstance(String roleName) |
| throws UnknownEntityException |
| { |
| R role; |
| try |
| { |
| role = roleManager.getRoleInstance(roleName); |
| } |
| catch (Exception e) |
| { |
| throw new UnknownEntityException("Failed to instantiate a Role implementation object", e); |
| } |
| return role; |
| } |
| |
| /** |
| * Returns the configured UserManager. |
| * |
| * @return An UserManager object |
| */ |
| @Override |
| public UserManager getUserManager() |
| { |
| return userManager; |
| } |
| |
| /** |
| * Check whether a specified user's account exists. |
| * |
| * The login name is used for looking up the account. |
| * |
| * @param user The user to be checked. |
| * @return true if the specified account exists |
| * @throws DataBackendException if there was an error accessing the data |
| * backend. |
| */ |
| @Override |
| public boolean accountExists(User user) |
| throws DataBackendException |
| { |
| return getUserManager().accountExists(user); |
| } |
| |
| /** |
| * Check whether a specified user's account exists. |
| * |
| * The login name is used for looking up the account. |
| * |
| * @param userName The name of the user to be checked. |
| * @return true if the specified account exists |
| * @throws DataBackendException if there was an error accessing the data |
| * backend. |
| */ |
| @Override |
| public boolean accountExists(String userName) |
| throws DataBackendException |
| { |
| return getUserManager().accountExists(userName); |
| } |
| |
| /** |
| * Retrieves a User object representing an individual who has |
| * properly identified themselves with their verified |
| * username and password |
| * |
| * @param username The user name. |
| * @param password The user password. |
| * @return An authenticated Turbine User. |
| * @throws PasswordMismatchException if the supplied password was incorrect. |
| * @throws UnknownEntityException if the user's account does not |
| * exist in the database. |
| * @throws DataBackendException if there is a problem accessing the storage. |
| */ |
| @Override |
| public <U extends User> U getAuthenticatedUser(String username, String password) |
| throws DataBackendException, UnknownEntityException, |
| PasswordMismatchException |
| { |
| return getUserManager().retrieve(username, password); |
| } |
| |
| /** |
| * Constructs an User object to represent a registered user of the |
| * application. This method does not authenticate that the proper |
| * credentials were supplied (see @link #getAuthenticatedUser()}) |
| * |
| * @param username The user name. |
| * @return A Turbine User. |
| * @throws UnknownEntityException if the user's account does not exist |
| * @throws DataBackendException if there is a problem accessing the storage. |
| */ |
| @Override |
| public <U extends User> U getUser(String username) |
| throws DataBackendException, UnknownEntityException |
| { |
| return getUserManager().retrieve(username); |
| } |
| |
| /** |
| * Constructs an User object to represent an anonymous user of the |
| * application. |
| * |
| * @return An anonymous Turbine User. |
| * @throws UnknownEntityException if the implementation of User interface |
| * could not be determined, or does not exist. |
| */ |
| @Override |
| public <U extends User> U getAnonymousUser() |
| throws UnknownEntityException |
| { |
| return getUserManager().getAnonymousUser(); |
| } |
| |
| /** |
| * Checks whether a passed user object matches the anonymous user pattern |
| * according to the configured user manager |
| * |
| * @param user An user object |
| * |
| * @return True if this is an anonymous user |
| * |
| */ |
| @Override |
| public boolean isAnonymousUser(User user) |
| { |
| return getUserManager().isAnonymousUser(user); |
| } |
| |
| /** |
| * Saves User's data in the permanent storage. The user account is required |
| * to exist in the storage. |
| * |
| * @param user the User object to save |
| * @throws UnknownEntityException if the user's account does not |
| * exist in the database. |
| * @throws DataBackendException if there is a problem accessing the storage. |
| */ |
| @Override |
| public void saveUser(User user) |
| throws UnknownEntityException, DataBackendException |
| { |
| getUserManager().store(user); |
| } |
| |
| /** |
| * Saves User data when the session is unbound. The user account is required |
| * to exist in the storage. |
| * |
| * LastLogin, AccessCounter, persistent pull tools, and any data stored |
| * in the permData hashmap that is not mapped to a column will be saved. |
| * |
| * @throws UnknownEntityException if the user's account does not |
| * exist in the database. |
| * @throws DataBackendException if there is a problem accessing the |
| * storage. |
| */ |
| @Override |
| public void saveOnSessionUnbind(User user) |
| throws UnknownEntityException, DataBackendException |
| { |
| getUserManager().saveOnSessionUnbind(user); |
| } |
| |
| /** |
| * Creates new user account with specified attributes. |
| * |
| * @param user the object describing account to be created. |
| * @param password The password to use for the account. |
| * |
| * @throws DataBackendException if there was an error accessing the |
| * data backend. |
| * @throws EntityExistsException if the user account already exists. |
| */ |
| @Override |
| public void addUser(User user, String password) |
| throws UnknownEntityException,DataBackendException, EntityExistsException |
| { |
| getUserManager().createAccount(user, password); |
| } |
| |
| /** |
| * Removes an user account from the system. |
| * |
| * @param user the object describing the account to be removed. |
| * @throws DataBackendException if there was an error accessing the data |
| * backend. |
| * @throws UnknownEntityException if the user account is not present. |
| */ |
| @Override |
| public void removeUser(User user) |
| throws DataBackendException, UnknownEntityException |
| { |
| if (user == null) { |
| throw new UnknownEntityException("user is null"); |
| } |
| // revoke all roles form the user |
| modelManager.revokeAll(user.getUserDelegate()); |
| getUserManager().removeAccount(user); |
| } |
| |
| /** |
| * Change the password for an User. |
| * |
| * @param user an User to change password for. |
| * @param oldPassword the current password supplied by the user. |
| * @param newPassword the current password requested by the user. |
| * @throws PasswordMismatchException if the supplied password was incorrect. |
| * @throws UnknownEntityException if the user's record does not |
| * exist in the database. |
| * @throws DataBackendException if there is a problem accessing the storage. |
| */ |
| @Override |
| public void changePassword(User user, String oldPassword, |
| String newPassword) |
| throws PasswordMismatchException, UnknownEntityException, |
| DataBackendException |
| { |
| getUserManager().changePassword(user, oldPassword, newPassword); |
| } |
| |
| /** |
| * Forcibly sets new password for an User. |
| * |
| * This is supposed by the administrator to change the forgotten or |
| * compromised passwords. Certain implementatations of this feature |
| * would require administrative level access to the authenticating |
| * server / program. |
| * |
| * @param user an User to change password for. |
| * @param password the new password. |
| * @throws UnknownEntityException if the user's record does not |
| * exist in the database. |
| * @throws DataBackendException if there is a problem accessing the storage. |
| */ |
| @Override |
| public void forcePassword(User user, String password) |
| throws UnknownEntityException, DataBackendException |
| { |
| getUserManager().forcePassword(user, password); |
| } |
| |
| /** |
| * Acquire a shared lock on the security information repository. |
| * |
| * Methods that read security information need to invoke this |
| * method at the beginning of their body. |
| */ |
| protected void lockShared() |
| { |
| readerCount.incrementAndGet(); |
| } |
| |
| /** |
| * Release a shared lock on the security information repository. |
| * |
| * Methods that read security information need to invoke this |
| * method at the end of their body. |
| */ |
| protected void unlockShared() |
| { |
| readerCount.decrementAndGet(); |
| this.notify(); |
| } |
| |
| /** |
| * Acquire an exclusive lock on the security information repository. |
| * |
| * Methods that modify security information need to invoke this |
| * method at the beginning of their body. Note! Those methods must |
| * be <code>synchronized</code> themselves! |
| */ |
| protected void lockExclusive() |
| { |
| while (readerCount.get() > 0) |
| { |
| try |
| { |
| this.wait(); |
| } |
| catch (InterruptedException e) |
| { |
| // ignore |
| } |
| } |
| } |
| |
| /** |
| * Release an exclusive lock on the security information repository. |
| * |
| * This method is provided only for completeness. It does not really |
| * do anything. Note! Methods that modify security information |
| * must be <code>synchronized</code>! |
| */ |
| protected void unlockExclusive() |
| { |
| // do nothing |
| } |
| |
| /** |
| * Provides a reference to the Group object that represents the |
| * <a href="#global">global group</a>. |
| * |
| * @return a Group object that represents the global group. |
| */ |
| @Override |
| public <G extends Group> G getGlobalGroup() |
| { |
| if (globalGroup == null) |
| { |
| synchronized (DefaultSecurityService.class) |
| { |
| if (globalGroup == null) |
| { |
| try |
| { |
| globalGroup = modelManager.getGlobalGroup(); |
| } |
| catch (DataBackendException e) |
| { |
| log.error("Failed to retrieve global group object: ", e); |
| } |
| } |
| } |
| } |
| @SuppressWarnings("unchecked") |
| G g = (G)globalGroup; |
| return g; |
| } |
| |
| /** |
| * Retrieve a Group object with specified name. |
| * |
| * @param name the name of the Group. |
| * @return an object representing the Group with specified name. |
| * @throws DataBackendException if there was an error accessing the |
| * data backend. |
| * @throws UnknownEntityException if the group does not exist. |
| */ |
| @Override |
| public <G extends Group> G getGroupByName(String name) |
| throws DataBackendException, UnknownEntityException |
| { |
| return groupManager.getGroupByName(name); |
| } |
| |
| /** |
| * Retrieve a Group object with specified Id. |
| * |
| * @param id the id of the Group. |
| * @return an object representing the Group with specified name. |
| * @throws UnknownEntityException if the permission does not |
| * exist in the database. |
| * @throws DataBackendException if there is a problem accessing the |
| * storage. |
| */ |
| @Override |
| public <G extends Group> G getGroupById(int id) |
| throws DataBackendException, UnknownEntityException |
| { |
| return groupManager.getGroupById(Integer.valueOf(id)); |
| } |
| |
| /** |
| * Retrieve a Role object with specified name. |
| * |
| * @param name the name of the Role. |
| * @return an object representing the Role with specified name. |
| * @throws DataBackendException if there was an error accessing the |
| * data backend. |
| * @throws UnknownEntityException if the role does not exist. |
| */ |
| @Override |
| public <R extends Role> R getRoleByName(String name) |
| throws DataBackendException, UnknownEntityException |
| { |
| R role = roleManager.getRoleByName(name); |
| if (role instanceof TurbineRole) |
| { |
| ((TurbineRole)role).setPermissions(getPermissions(role)); |
| } |
| return role; |
| } |
| |
| /** |
| * Retrieve a Role object with specified Id. |
| * @param id the id of the Role. |
| * @return an object representing the Role with specified name. |
| * @throws UnknownEntityException if the permission does not |
| * exist in the database. |
| * @throws DataBackendException if there is a problem accessing the |
| * storage. |
| */ |
| @Override |
| public <R extends Role> R getRoleById(int id) |
| throws DataBackendException, |
| UnknownEntityException |
| { |
| R role = roleManager.getRoleById(Integer.valueOf(id)); |
| if (role instanceof TurbineRole) |
| { |
| ((TurbineRole)role).setPermissions(getPermissions(role)); |
| } |
| return role; |
| } |
| |
| /** |
| * Retrieve a Permission object with specified name. |
| * |
| * @param name the name of the Permission. |
| * @return an object representing the Permission with specified name. |
| * @throws DataBackendException if there was an error accessing the |
| * data backend. |
| * @throws UnknownEntityException if the permission does not exist. |
| */ |
| @Override |
| public <P extends Permission> P getPermissionByName(String name) |
| throws DataBackendException, UnknownEntityException |
| { |
| return permissionManager.getPermissionByName(name); |
| } |
| |
| /** |
| * Retrieve a Permission object with specified Id. |
| * |
| * @param id the id of the Permission. |
| * @return an object representing the Permission with specified name. |
| * @throws UnknownEntityException if the permission does not |
| * exist in the database. |
| * @throws DataBackendException if there is a problem accessing the |
| * storage. |
| */ |
| @Override |
| public <P extends Permission> P getPermissionById(int id) |
| throws DataBackendException, |
| UnknownEntityException |
| { |
| return permissionManager.getPermissionById(Integer.valueOf(id)); |
| } |
| |
| /** |
| * Retrieves all groups defined in the system. |
| * |
| * @return the names of all groups defined in the system. |
| * @throws DataBackendException if there was an error accessing the |
| * data backend. |
| */ |
| @Override |
| public GroupSet getAllGroups() throws DataBackendException |
| { |
| return groupManager.getAllGroups(); |
| } |
| |
| /** |
| * Retrieves all roles defined in the system. |
| * |
| * @return the names of all roles defined in the system. |
| * @throws DataBackendException if there was an error accessing the |
| * data backend. |
| */ |
| @Override |
| public RoleSet getAllRoles() throws DataBackendException |
| { |
| return roleManager.getAllRoles(); |
| } |
| |
| /** |
| * Retrieves all permissions defined in the system. |
| * |
| * @return the names of all roles defined in the system. |
| * @throws DataBackendException if there was an error accessing the |
| * data backend. |
| */ |
| @Override |
| public PermissionSet getAllPermissions() throws DataBackendException |
| { |
| return permissionManager.getAllPermissions(); |
| } |
| |
| /*----------------------------------------------------------------------- |
| Creation of AccessControlLists |
| -----------------------------------------------------------------------*/ |
| |
| /** |
| * Constructs an AccessControlList for a specific user. |
| * |
| * @param user the user for whom the AccessControlList are to be retrieved |
| * @return The AccessControList object constructed from the user object. |
| * @throws DataBackendException if there was an error accessing the data |
| * backend. |
| * @throws UnknownEntityException if user account is not present. |
| */ |
| @Override |
| public <A extends AccessControlList> A getACL(User user) |
| throws DataBackendException, UnknownEntityException |
| { |
| return getUserManager().getACL(user); |
| } |
| |
| /*----------------------------------------------------------------------- |
| Security management |
| -----------------------------------------------------------------------*/ |
| |
| /** |
| * Grant an User a Role in a Group. |
| * |
| * @param user the user. |
| * @param group the group. |
| * @param role the role. |
| * @throws DataBackendException if there was an error accessing the data |
| * backend. |
| * @throws UnknownEntityException if user account, group or role is not |
| * present. |
| */ |
| @Override |
| public void grant(User user, Group group, Role role) |
| throws DataBackendException, UnknownEntityException |
| { |
| if (user == null) { |
| throw new UnknownEntityException("user is null"); |
| } |
| modelManager.grant(user.getUserDelegate(), group, role); |
| } |
| |
| /** |
| * Revoke a Role in a Group from an User. |
| * |
| * @param user the user. |
| * @param group the group. |
| * @param role the role. |
| * @throws DataBackendException if there was an error accessing the data |
| * backend. |
| * @throws UnknownEntityException if user account, group or role is not |
| * present. |
| */ |
| @Override |
| public void revoke(User user, Group group, Role role) |
| throws DataBackendException, UnknownEntityException |
| { |
| if (user == null) { |
| throw new UnknownEntityException("user is null"); |
| } |
| modelManager.revoke(user.getUserDelegate(), group, role); |
| } |
| |
| /** |
| * Replaces transactionally the first role with second role for the given user. |
| * |
| * @param user the user. |
| * @param role the old role |
| * @param newRole the new role |
| * |
| * @throws DataBackendException if there was an error accessing the data |
| * backend. |
| * @throws UnknownEntityException if user account, group or role is not |
| * present. |
| */ |
| @Override |
| public void replaceRole(User user, Role role, Role newRole) |
| throws DataBackendException, UnknownEntityException |
| { |
| modelManager.replace( user, role, newRole ); |
| } |
| |
| /** |
| * Revokes all roles from an User. |
| * |
| * This method is used when deleting an account. |
| * |
| * @param user the User. |
| * @throws DataBackendException if there was an error accessing the data |
| * backend. |
| * @throws UnknownEntityException if the account is not present. |
| */ |
| @Override |
| public void revokeAll(User user) |
| throws DataBackendException, UnknownEntityException |
| { |
| if (user == null) { |
| throw new UnknownEntityException("user is null"); |
| } |
| modelManager.revokeAll(user.getUserDelegate()); |
| } |
| |
| /** |
| * Grants a Role a Permission |
| * |
| * @param role the Role. |
| * @param permission the Permission. |
| * @throws DataBackendException if there was an error accessing the data |
| * backend. |
| * @throws UnknownEntityException if role or permission is not present. |
| */ |
| @Override |
| public void grant(Role role, Permission permission) |
| throws DataBackendException, UnknownEntityException |
| { |
| modelManager.grant(role, permission); |
| } |
| |
| /** |
| * Revokes a Permission from a Role. |
| * |
| * @param role the Role. |
| * @param permission the Permission. |
| * @throws DataBackendException if there was an error accessing the data |
| * backend. |
| * @throws UnknownEntityException if role or permission is not present. |
| */ |
| @Override |
| public void revoke(Role role, Permission permission) |
| throws DataBackendException, UnknownEntityException |
| { |
| modelManager.revoke(role, permission); |
| } |
| |
| /** |
| * Revokes all permissions from a Role. |
| * |
| * This method is used when deleting a Role. |
| * |
| * @param role the Role |
| * @throws DataBackendException if there was an error accessing the data |
| * backend. |
| * @throws UnknownEntityException if the Role is not present. |
| */ |
| @Override |
| public void revokeAll(Role role) |
| throws DataBackendException, UnknownEntityException |
| { |
| modelManager.revokeAll(role); |
| } |
| |
| /** |
| * Revokes by default all permissions from a Role and if flag is set |
| * all group and user relationships with this role |
| * |
| * This method is used when deleting a Role. |
| * |
| * @param role |
| * the Role |
| * @param cascadeDelete |
| * if <code>true </code> removes all groups and user for this role. |
| * @throws DataBackendException |
| * if there was an error accessing the data backend. |
| * @throws UnknownEntityException |
| * if the Role is not present. |
| */ |
| @Override |
| public void revokeAll( Role role, boolean cascadeDelete ) |
| throws DataBackendException, UnknownEntityException |
| { |
| modelManager.revokeAll(role, cascadeDelete); |
| } |
| |
| /** |
| * Retrieves all permissions associated with a role. |
| * |
| * @param role the role name, for which the permissions are to be retrieved. |
| * @return the Permissions for the specified role |
| * @throws DataBackendException if there was an error accessing the data |
| * backend. |
| * @throws UnknownEntityException if the role is not present. |
| */ |
| @Override |
| public PermissionSet getPermissions(Role role) |
| throws DataBackendException, UnknownEntityException |
| { |
| return ((TurbineRole)role).getPermissions(); |
| } |
| |
| /** |
| * Creates a new group with specified attributes. |
| * |
| * @param group the object describing the group to be created. |
| * @throws DataBackendException if there was an error accessing the data |
| * backend. |
| * @throws EntityExistsException if the group already exists. |
| */ |
| @Override |
| public <G extends Group> G addGroup(G group) |
| throws DataBackendException, EntityExistsException |
| { |
| return groupManager.addGroup(group); |
| } |
| |
| /** |
| * Creates a new role with specified attributes. |
| * |
| * @param role the objects describing the role to be created. |
| * @throws DataBackendException if there was an error accessing the data |
| * backend. |
| * @throws EntityExistsException if the role already exists. |
| */ |
| @Override |
| public <R extends Role> R addRole(R role) |
| throws DataBackendException, EntityExistsException |
| { |
| return roleManager.addRole(role); |
| } |
| |
| /** |
| * Creates a new permission with specified attributes. |
| * |
| * @param permission the objects describing the permission to be created. |
| * @throws DataBackendException if there was an error accessing the data |
| * backend. |
| * @throws EntityExistsException if the permission already exists. |
| */ |
| @Override |
| public <P extends Permission> P addPermission(P permission) |
| throws DataBackendException, EntityExistsException |
| { |
| return permissionManager.addPermission(permission); |
| } |
| |
| /** |
| * Removes a Group from the system. |
| * |
| * @param group the object describing group to be removed. |
| * @throws DataBackendException if there was an error accessing the data |
| * backend. |
| * @throws UnknownEntityException if the group does not exist. |
| */ |
| @Override |
| public void removeGroup(Group group) |
| throws DataBackendException, UnknownEntityException |
| { |
| groupManager.removeGroup(group); |
| } |
| |
| /** |
| * Removes a Role from the system. |
| * |
| * @param role The object describing the role to be removed. |
| * @throws DataBackendException if there was an error accessing the data backend. |
| * @throws UnknownEntityException if the role does not exist. |
| */ |
| @Override |
| public void removeRole(Role role) |
| throws DataBackendException, UnknownEntityException |
| { |
| roleManager.removeRole(role); |
| } |
| |
| /** |
| * Removes a Permission from the system. |
| * |
| * @param permission The object describing the permission to be removed. |
| * @throws DataBackendException if there was an error accessing the data |
| * backend. |
| * @throws UnknownEntityException if the permission does not exist. |
| */ |
| @Override |
| public void removePermission(Permission permission) |
| throws DataBackendException, UnknownEntityException |
| { |
| permissionManager.removePermission(permission); |
| } |
| |
| /** |
| * Renames an existing Group. |
| * |
| * @param group The object describing the group to be renamed. |
| * @param name the new name for the group. |
| * @throws DataBackendException if there was an error accessing the data |
| * backend. |
| * @throws UnknownEntityException if the group does not exist. |
| */ |
| @Override |
| public void renameGroup(Group group, String name) |
| throws DataBackendException, UnknownEntityException |
| { |
| groupManager.renameGroup(group, name); |
| } |
| |
| /** |
| * Renames an existing Role. |
| * |
| * @param role The object describing the role to be renamed. |
| * @param name the new name for the role. |
| * @throws DataBackendException if there was an error accessing the data |
| * backend. |
| * @throws UnknownEntityException if the role does not exist. |
| */ |
| @Override |
| public void renameRole(Role role, String name) |
| throws DataBackendException, UnknownEntityException |
| { |
| roleManager.renameRole(role, name); |
| } |
| |
| /** |
| * Renames an existing Permission. |
| * |
| * @param permission The object describing the permission to be renamed. |
| * @param name the new name for the permission. |
| * @throws DataBackendException if there was an error accessing the data |
| * backend. |
| * @throws UnknownEntityException if the permission does not exist. |
| */ |
| @Override |
| public void renamePermission(Permission permission, String name) |
| throws DataBackendException, UnknownEntityException |
| { |
| permissionManager.renamePermission(permission, name); |
| } |
| } |