dlestrat 2004/10/02 16:05:09 Modified: components/security/src/java/org/apache/jetspeed/security/impl GroupManagerImpl.java PermissionManagerImpl.java RoleManagerImpl.java Removed: components/security/src/java/org/apache/jetspeed/security/impl BaseSecurityImpl.java Log: http://nagoya.apache.org/jira/browse/JS2-114#action_53626 Revision Changes Path 1.9 +66 -147 jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/impl/GroupManagerImpl.java Index: GroupManagerImpl.java =================================================================== RCS file: /home/cvs/jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/impl/GroupManagerImpl.java,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- GroupManagerImpl.java 25 Sep 2004 23:03:17 -0000 1.8 +++ GroupManagerImpl.java 2 Oct 2004 23:05:09 -0000 1.9 @@ -15,7 +15,6 @@ package org.apache.jetspeed.security.impl; import java.security.Principal; -import java.sql.Timestamp; import java.util.ArrayList; import java.util.Collection; import java.util.Iterator; @@ -25,16 +24,11 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.apache.jetspeed.components.persistence.store.Filter; -import org.apache.jetspeed.components.persistence.store.PersistenceStore; import org.apache.jetspeed.security.Group; import org.apache.jetspeed.security.GroupManager; import org.apache.jetspeed.security.GroupPrincipal; import org.apache.jetspeed.security.SecurityException; import org.apache.jetspeed.security.SecurityProvider; -import org.apache.jetspeed.security.om.InternalGroupPrincipal; -import org.apache.jetspeed.security.om.InternalUserPrincipal; -import org.apache.jetspeed.security.om.impl.InternalGroupPrincipalImpl; import org.apache.jetspeed.security.spi.GroupSecurityHandler; import org.apache.jetspeed.security.spi.SecurityMappingHandler; import org.apache.jetspeed.util.ArgUtil; @@ -56,7 +50,7 @@ * * @author <a href="mailto:[EMAIL PROTECTED]">David Le Strat </a> */ -public class GroupManagerImpl extends BaseSecurityImpl implements GroupManager +public class GroupManagerImpl implements GroupManager { /** The logger. */ private static final Log log = LogFactory.getLog(GroupManagerImpl.class); @@ -68,19 +62,10 @@ private SecurityMappingHandler securityMappingHandler = null; /** - * @param persistenceStore - */ - public GroupManagerImpl(PersistenceStore persistenceStore) - { - super(persistenceStore); - } - - /** * @param securityProvider The security provider. */ - public GroupManagerImpl(PersistenceStore persistenceStore, SecurityProvider securityProvider) + public GroupManagerImpl(SecurityProvider securityProvider) { - super(persistenceStore); this.groupSecurityHandler = securityProvider.getGroupSecurityHandler(); this.securityMappingHandler = securityProvider.getSecurityMappingHandler(); } @@ -93,32 +78,47 @@ ArgUtil.notNull(new Object[] { groupFullPathName }, new String[] { "groupFullPathName" }, "addGroup(java.lang.String)"); - GroupPrincipal groupPrincipal = new GroupPrincipalImpl(groupFullPathName); - String fullPath = groupPrincipal.getFullPath(); // Check if group already exists. if (groupExists(groupFullPathName)) { throw new SecurityException(SecurityException.GROUP_ALREADY_EXISTS + " " + groupFullPathName); } - // If does not exist, create. - InternalGroupPrincipal omGroup = new InternalGroupPrincipalImpl(fullPath); + GroupPrincipal groupPrincipal = new GroupPrincipalImpl(groupFullPathName); + String fullPath = groupPrincipal.getFullPath(); + // Add the preferences. Preferences preferences = Preferences.userRoot().node(fullPath); - PersistenceStore store = getPersistenceStore(); + if (log.isDebugEnabled()) + { + log.debug("Added group preferences node: " + fullPath); + } try { if ((null != preferences) && preferences.absolutePath().equals(fullPath)) { - store.lockForWrite(omGroup); - store.getTransaction().checkpoint(); + // Add role principal. + groupSecurityHandler.setGroupPrincipal(groupPrincipal); + if (log.isDebugEnabled()) + { + log.debug("Added group: " + fullPath); + } } } - catch (Exception e) + catch (SecurityException se) { - String msg = "Unable to lock Group for update."; - log.error(msg, e); - store.getTransaction().rollback(); - throw new SecurityException(msg, e); + String msg = "Unable to create the role."; + log.error(msg, se); + + // Remove the preferences node. + try + { + preferences.removeNode(); + } + catch (BackingStoreException bse) + { + bse.printStackTrace(); + } + throw new SecurityException(msg, se); } } @@ -130,71 +130,35 @@ ArgUtil.notNull(new Object[] { groupFullPathName }, new String[] { "groupFullPathName" }, "removeGroup(java.lang.String)"); - InternalGroupPrincipal omParentGroup = super.getJetspeedGroupPrincipal(groupFullPathName); - if (null != omParentGroup) + // Resolve the group hierarchy. + Preferences prefs = Preferences.userRoot().node( + GroupPrincipalImpl.getFullPathFromPrincipalName(groupFullPathName)); + String[] groups = securityMappingHandler.getGroupHierarchyResolver().resolveChildren(prefs); + for (int i = 0; i < groups.length; i++) { - PersistenceStore store = getPersistenceStore(); - Filter filter = store.newFilter(); - filter.addLike("fullPath", omParentGroup.getFullPath() + "/*"); - Object query = store.newQuery(InternalGroupPrincipalImpl.class, filter); - Collection omGroups = store.getCollectionByQuery(query); - if (null == omGroups) + try { - omGroups = new ArrayList(); + groupSecurityHandler.removeGroupPrincipal(new GroupPrincipalImpl(GroupPrincipalImpl + .getPrincipalNameFromFullPath((String) groups[i]))); } - omGroups.add(omParentGroup); - // Remove each group in the collection. - Iterator omGroupsIterator = omGroups.iterator(); - while (omGroupsIterator.hasNext()) + catch (Exception e) { - InternalGroupPrincipal omGroup = (InternalGroupPrincipal) omGroupsIterator.next(); - // TODO This should be managed in a transaction. - Collection omUsers = omGroup.getUserPrincipals(); - if (null != omUsers) - { - omUsers.clear(); - } - Collection omRoles = omGroup.getRolePrincipals(); - if (null != omRoles) - { - omRoles.clear(); - } - Collection omPermissions = omGroup.getPermissions(); - if (null != omPermissions) - { - omPermissions.clear(); - } - try - { - // TODO Can this be done in one shot? - // Remove dependencies. - store.lockForWrite(omGroup); - omGroup.setUserPrincipals(omUsers); - omGroup.setRolePrincipals(omRoles); - omGroup.setPermissions(omPermissions); - store.getTransaction().checkpoint(); - - // Remove group. - store.deletePersistent(omGroup); - store.getTransaction().checkpoint(); - } - catch (Exception e) - { - String msg = "Unable to lock Group for update."; - log.error(msg, e); - store.getTransaction().rollback(); - throw new SecurityException(msg, e); - } - // Remove preferences - Preferences preferences = Preferences.userRoot().node(omGroup.getFullPath()); - try - { - preferences.removeNode(); - } - catch (BackingStoreException bse) - { - bse.printStackTrace(); - } + String msg = "Unable to remove group: " + + GroupPrincipalImpl.getPrincipalNameFromFullPath((String) groups[i]); + log.error(msg, e); + throw new SecurityException(msg, e); + } + // Remove preferences + Preferences groupPref = Preferences.userRoot().node((String) groups[i]); + try + { + groupPref.removeNode(); + } + catch (BackingStoreException bse) + { + String msg = "Unable to remove group preferences: " + groups[i]; + log.error(msg, bse); + throw new SecurityException(msg, bse); } } } @@ -289,41 +253,18 @@ ArgUtil.notNull(new Object[] { username, groupFullPathName }, new String[] { "username", "groupFullPathName" }, "addUserToGroup(java.lang.String, java.lang.String)"); - InternalUserPrincipal omUser = super.getJetspeedUserPrincipal(username); - if (null == omUser) - { - throw new SecurityException(SecurityException.USER_DOES_NOT_EXIST + " " + username); - } - - InternalGroupPrincipal omGroup = super.getJetspeedGroupPrincipal(groupFullPathName); - if (null == omGroup) + // Get the group principal to add to user. + Principal groupPrincipal = groupSecurityHandler.getGroupPrincipal(groupFullPathName); + if (null == groupPrincipal) { throw new SecurityException(SecurityException.GROUP_DOES_NOT_EXIST + " " + groupFullPathName); } - - Collection omUserGroups = omUser.getGroupPrincipals(); - if (null == omUserGroups) - { - omUserGroups = new ArrayList(); - } - if (!omUserGroups.contains(omGroup)) + // Get the user groups. + Set groupPrincipals = securityMappingHandler.getGroupPrincipals(username); + // Add group to user. + if (!groupPrincipals.contains(groupPrincipal)) { - omUserGroups.add(omGroup); - PersistenceStore store = getPersistenceStore(); - try - { - store.lockForWrite(omUser); - omUser.setModifiedDate(new Timestamp(System.currentTimeMillis())); - omUser.setGroupPrincipals(omUserGroups); - store.getTransaction().checkpoint(); - } - catch (Exception e) - { - String msg = "Unable to lock User for update."; - log.error(msg, e); - store.getTransaction().rollback(); - throw new SecurityException(msg, e); - } + securityMappingHandler.setUserPrincipalInGroup(username, groupFullPathName); } } @@ -336,33 +277,11 @@ ArgUtil.notNull(new Object[] { username, groupFullPathName }, new String[] { "username", "groupFullPathName" }, "removeUserFromGroup(java.lang.String, java.lang.String)"); - InternalUserPrincipal omUser = super.getJetspeedUserPrincipal(username); - // TODO This should be managed in a transaction. - if (null != omUser) + // Get the group principal to remove. + Principal groupPrincipal = groupSecurityHandler.getGroupPrincipal(groupFullPathName); + if (null != groupPrincipal) { - Collection omGroups = omUser.getGroupPrincipals(); - if (null != omGroups) - { - Collection newOmGroups = super.removeGroup(omGroups, groupFullPathName); - if (newOmGroups.size() < omGroups.size()) - { - PersistenceStore store = getPersistenceStore(); - try - { - store.lockForWrite(omUser); - omUser.setModifiedDate(new Timestamp(System.currentTimeMillis())); - omUser.setGroupPrincipals(newOmGroups); - store.getTransaction().checkpoint(); - } - catch (Exception e) - { - String msg = "Unable to lock User for update."; - log.error(msg, e); - store.getTransaction().rollback(); - throw new SecurityException(msg, e); - } - } - } + securityMappingHandler.removeUserPrincipalInGroup(username, groupFullPathName); } } 1.7 +17 -6 jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/impl/PermissionManagerImpl.java Index: PermissionManagerImpl.java =================================================================== RCS file: /home/cvs/jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/impl/PermissionManagerImpl.java,v retrieving revision 1.6 retrieving revision 1.7 diff -u -r1.6 -r1.7 --- PermissionManagerImpl.java 28 Sep 2004 04:23:52 -0000 1.6 +++ PermissionManagerImpl.java 2 Oct 2004 23:05:09 -0000 1.7 @@ -27,6 +27,7 @@ import org.apache.commons.logging.LogFactory; import org.apache.jetspeed.components.persistence.store.Filter; import org.apache.jetspeed.components.persistence.store.PersistenceStore; +import org.apache.jetspeed.components.persistence.store.Transaction; import org.apache.jetspeed.security.PermissionManager; import org.apache.jetspeed.security.SecurityException; import org.apache.jetspeed.security.SecurityHelper; @@ -203,8 +204,10 @@ .getName(), permission.getActions()); try { + Transaction tx = persistenceStore.getTransaction(); + tx.begin(); persistenceStore.lockForWrite(internalPermission); - persistenceStore.getTransaction().checkpoint(); + tx.commit(); } catch (Exception e) { @@ -229,8 +232,10 @@ try { // Remove permission. + Transaction tx = persistenceStore.getTransaction(); + tx.begin(); persistenceStore.deletePersistent(internalPermission); - persistenceStore.getTransaction().checkpoint(); + tx.commit(); } catch (Exception e) { @@ -262,10 +267,12 @@ } try { + Transaction tx = persistenceStore.getTransaction(); + tx.begin(); persistenceStore.lockForWrite(internalPrincipal); internalPrincipal.setModifiedDate(new Timestamp(System.currentTimeMillis())); internalPrincipal.setPermissions(internalPermissions); - persistenceStore.getTransaction().checkpoint(); + tx.commit(); } catch (Exception e) { @@ -311,10 +318,12 @@ } try { + Transaction tx = persistenceStore.getTransaction(); + tx.begin(); persistenceStore.lockForWrite(internalPrincipal); internalPrincipal.setModifiedDate(new Timestamp(System.currentTimeMillis())); internalPrincipal.setPermissions(internalPermissions); - persistenceStore.getTransaction().checkpoint(); + tx.commit(); } catch (Exception e) { @@ -377,14 +386,16 @@ { try { + Transaction tx = persistenceStore.getTransaction(); + tx.begin(); persistenceStore.lockForWrite(internalPrincipal); internalPrincipal.setModifiedDate(new Timestamp(System.currentTimeMillis())); internalPrincipal.setPermissions(newInternalPermissions); - persistenceStore.getTransaction().checkpoint(); + tx.commit(); } catch (Exception e) { - String msg = "Unable to lock Principal for update."; + String msg = "Unable to lock principal for update."; log.error(msg, e); persistenceStore.getTransaction().rollback(); throw new SecurityException(msg, e); 1.10 +24 -133 jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/impl/RoleManagerImpl.java Index: RoleManagerImpl.java =================================================================== RCS file: /home/cvs/jakarta-jetspeed-2/components/security/src/java/org/apache/jetspeed/security/impl/RoleManagerImpl.java,v retrieving revision 1.9 retrieving revision 1.10 diff -u -r1.9 -r1.10 --- RoleManagerImpl.java 30 Sep 2004 04:01:41 -0000 1.9 +++ RoleManagerImpl.java 2 Oct 2004 23:05:09 -0000 1.10 @@ -15,7 +15,6 @@ package org.apache.jetspeed.security.impl; import java.security.Principal; -import java.sql.Timestamp; import java.util.ArrayList; import java.util.Collection; import java.util.Iterator; @@ -25,15 +24,11 @@ import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.apache.jetspeed.components.persistence.store.PersistenceStore; import org.apache.jetspeed.security.Role; import org.apache.jetspeed.security.RoleManager; import org.apache.jetspeed.security.RolePrincipal; import org.apache.jetspeed.security.SecurityException; import org.apache.jetspeed.security.SecurityProvider; -import org.apache.jetspeed.security.om.InternalGroupPrincipal; -import org.apache.jetspeed.security.om.InternalRolePrincipal; -import org.apache.jetspeed.security.om.InternalUserPrincipal; import org.apache.jetspeed.security.spi.RoleSecurityHandler; import org.apache.jetspeed.security.spi.SecurityMappingHandler; import org.apache.jetspeed.util.ArgUtil; @@ -55,7 +50,7 @@ * * @author <a href="mailto:[EMAIL PROTECTED]">David Le Strat </a> */ -public class RoleManagerImpl extends BaseSecurityImpl implements RoleManager +public class RoleManagerImpl implements RoleManager { /** The logger. */ private static final Log log = LogFactory.getLog(RoleManagerImpl.class); @@ -67,19 +62,10 @@ private SecurityMappingHandler securityMappingHandler = null; /** - * @param persistenceStore - */ - public RoleManagerImpl(PersistenceStore persistenceStore) - { - super(persistenceStore); - } - - /** * @param securityProvider The security provider. */ - public RoleManagerImpl(PersistenceStore persistenceStore, SecurityProvider securityProvider) + public RoleManagerImpl(SecurityProvider securityProvider) { - super(persistenceStore); this.roleSecurityHandler = securityProvider.getRoleSecurityHandler(); this.securityMappingHandler = securityProvider.getSecurityMappingHandler(); } @@ -267,40 +253,18 @@ ArgUtil.notNull(new Object[] { username, roleFullPathName }, new String[] { "username", "roleFullPathName" }, "addUserToRole(java.lang.String, java.lang.String)"); - InternalUserPrincipal omUser = super.getJetspeedUserPrincipal(username); - if (null == omUser) - { - throw new SecurityException(SecurityException.USER_DOES_NOT_EXIST + " " + username); - } - InternalRolePrincipal omRole = super.getJetspeedRolePrincipal(roleFullPathName); - if (null == omRole) + // Get the role principal to add to user. + Principal rolePrincipal = roleSecurityHandler.getRolePrincipal(roleFullPathName); + if (null == rolePrincipal) { throw new SecurityException(SecurityException.ROLE_DOES_NOT_EXIST + " " + roleFullPathName); } - - Collection omUserRoles = omUser.getRolePrincipals(); - if (null == omUserRoles) + // Get the user roles. + Set rolePrincipals = securityMappingHandler.getRolePrincipals(username); + // Add role to user. + if (!rolePrincipals.contains(rolePrincipal)) { - omUserRoles = new ArrayList(); - } - if (!omUserRoles.contains(omRole)) - { - omUserRoles.add(omRole); - PersistenceStore store = getPersistenceStore(); - try - { - store.lockForWrite(omUser); - omUser.setModifiedDate(new Timestamp(System.currentTimeMillis())); - omUser.setRolePrincipals(omUserRoles); - store.getTransaction().checkpoint(); - } - catch (Exception e) - { - String msg = "Unable to lock User for update."; - log.error(msg, e); - store.getTransaction().rollback(); - throw new SecurityException(msg, e); - } + securityMappingHandler.setRolePrincipal(username, roleFullPathName); } } @@ -313,33 +277,11 @@ ArgUtil.notNull(new Object[] { username, roleFullPathName }, new String[] { "username", "roleFullPathName" }, "removeRoleFromUser(java.lang.String, java.lang.String)"); - InternalUserPrincipal omUser = super.getJetspeedUserPrincipal(username); - // TODO This should be managed in a transaction. - if (null != omUser) + // Get the role principal to remove. + Principal rolePrincipal = roleSecurityHandler.getRolePrincipal(roleFullPathName); + if (null != rolePrincipal) { - Collection omRoles = omUser.getRolePrincipals(); - if (null != omRoles) - { - Collection newOmRoles = super.removeRole(omRoles, roleFullPathName); - if (newOmRoles.size() < omRoles.size()) - { - PersistenceStore store = getPersistenceStore(); - try - { - store.lockForWrite(omUser); - omUser.setModifiedDate(new Timestamp(System.currentTimeMillis())); - omUser.setRolePrincipals(newOmRoles); - store.getTransaction().checkpoint(); - } - catch (Exception e) - { - String msg = "Unable to lock User for update."; - log.error(msg, e); - store.getTransaction().rollback(); - throw new SecurityException(msg, e); - } - } - } + securityMappingHandler.removeRolePrincipal(username, roleFullPathName); } } @@ -372,42 +314,13 @@ ArgUtil.notNull(new Object[] { roleFullPathName, groupFullPathName }, new String[] { "roleFullPathName", "groupFullPathName" }, "addRoleToGroup(java.lang.String, java.lang.String)"); - InternalRolePrincipal omRole = super.getJetspeedRolePrincipal(roleFullPathName); - if (null == omRole) + // Get the role principal to add to group. + Principal rolePrincipal = roleSecurityHandler.getRolePrincipal(roleFullPathName); + if (null == rolePrincipal) { throw new SecurityException(SecurityException.ROLE_DOES_NOT_EXIST + " " + roleFullPathName); } - - InternalGroupPrincipal omGroup = super.getJetspeedGroupPrincipal(groupFullPathName); - if (null == omGroup) - { - throw new SecurityException(SecurityException.GROUP_DOES_NOT_EXIST + " " + groupFullPathName); - } - - Collection omGroupRoles = omGroup.getRolePrincipals(); - if (null == omGroupRoles) - { - omGroupRoles = new ArrayList(); - } - if (!omGroupRoles.contains(omRole)) - { - omGroupRoles.add(omRole); - PersistenceStore store = getPersistenceStore(); - try - { - store.lockForWrite(omGroup); - omGroup.setModifiedDate(new Timestamp(System.currentTimeMillis())); - omGroup.setRolePrincipals(omGroupRoles); - store.getTransaction().checkpoint(); - } - catch (Exception e) - { - String msg = "Unable to lock Group for update."; - log.error(msg, e); - store.getTransaction().rollback(); - throw new SecurityException(msg, e); - } - } + securityMappingHandler.setRolePrincipalInGroup(groupFullPathName, roleFullPathName); } /** @@ -418,34 +331,12 @@ { ArgUtil.notNull(new Object[] { roleFullPathName, groupFullPathName }, new String[] { "roleFullPathName", "groupFullPathName" }, "removeRoleFromGroup(java.lang.String, java.lang.String)"); - - InternalGroupPrincipal omGroup = super.getJetspeedGroupPrincipal(groupFullPathName); - // TODO This should be managed in a transaction. - if (null != omGroup) + + // Get the role principal to remove. + Principal rolePrincipal = roleSecurityHandler.getRolePrincipal(roleFullPathName); + if (null != rolePrincipal) { - Collection omRoles = omGroup.getRolePrincipals(); - if (null != omRoles) - { - Collection newOmRoles = super.removeRole(omRoles, roleFullPathName); - if (newOmRoles.size() < omRoles.size()) - { - PersistenceStore store = getPersistenceStore(); - try - { - store.lockForWrite(omGroup); - omGroup.setModifiedDate(new Timestamp(System.currentTimeMillis())); - omGroup.setRolePrincipals(newOmRoles); - store.getTransaction().checkpoint(); - } - catch (Exception e) - { - String msg = "Unable to lock Group for update."; - log.error(msg, e); - store.getTransaction().rollback(); - throw new SecurityException(msg, e); - } - } - } + securityMappingHandler.removeRolePrincipalInGroup(groupFullPathName, roleFullPathName); } } @@ -466,7 +357,7 @@ { isGroupInRole = true; } - + return isGroupInRole; }
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]