PageRenderTime 97ms CodeModel.GetById 30ms app.highlight 43ms RepoModel.GetById 17ms app.codeStats 0ms

/src/java/org/infoglue/cms/security/GenericCombinedAuthorizationModule.java

https://github.com/aboutyang/infoglue
Java | 673 lines | 419 code | 127 blank | 127 comment | 40 complexity | 4b2d9b6c66960e196898fa830d375503 MD5 | raw file
  1/* ===============================================================================
  2 *
  3 * Part of the InfoGlue Content Management Platform (www.infoglue.org)
  4 *
  5 * ===============================================================================
  6 *
  7 *  Copyright (C)
  8 * 
  9 * This program is free software; you can redistribute it and/or modify it under
 10 * the terms of the GNU General Public License version 2, as published by the
 11 * Free Software Foundation. See the file LICENSE.html for more information.
 12 * 
 13 * This program is distributed in the hope that it will be useful, but WITHOUT
 14 * ANY WARRANTY, including the implied warranty of MERCHANTABILITY or FITNESS
 15 * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
 16 * 
 17 * You should have received a copy of the GNU General Public License along with
 18 * this program; if not, write to the Free Software Foundation, Inc. / 59 Temple
 19 * Place, Suite 330 / Boston, MA 02111-1307 / USA.
 20 *
 21 * ===============================================================================
 22 */
 23
 24package org.infoglue.cms.security;
 25
 26import java.io.Serializable;
 27import java.util.ArrayList;
 28import java.util.Collections;
 29import java.util.Iterator;
 30import java.util.List;
 31import java.util.Properties;
 32
 33import org.apache.log4j.Logger;
 34import org.exolab.castor.jdo.Database;
 35import org.infoglue.cms.entities.management.GroupVO;
 36import org.infoglue.cms.entities.management.RoleVO;
 37import org.infoglue.cms.entities.management.SystemUserVO;
 38import org.infoglue.cms.exception.SystemException;
 39import org.infoglue.cms.util.CmsPropertyHandler;
 40import org.infoglue.cms.util.sorters.ReflectionComparator;
 41
 42/**
 43 * @author Mattias Bogeblad
 44 *
 45 * This authorization module is a generic multi-source authorization module. With this you can
 46 * define any number of underlying authorization modules which is combined by this module. The order of lookup
 47 * is the same as the order the underlying modules are defined in.
 48 * 
 49 * To use this you state org.infoglue.cms.security.GenericCombinedAuthorizationModule as AuthorizationModule
 50 * and then you add the underlying modules in Extra security parameters as index based properties like this:
 51 * 
 52 * 	0.authorizerClassName=org.infoglue.cms.security.JNDIBasicAuthorizationModule
 53 *	1.authorizerClassName=org.infoglue.cms.security.InfoGlueBasicAuthorizationModule
 54 *  2.authorizerClassName=com.mycompany.cms.security.MyCustomAuthorizationModule
 55 *
 56 *	Then all modules in turn are asked the queries and if not found the next module is asked.
 57 *  If you for example want to have several JNDI-sources you are free to define the same module several times and
 58 *  you can differentiate what properties it should use by setting the index in front of the properties.
 59 *  For example if you have 2 JNDI sources and they differ in among other things 
 60 *  roleBase=cn=groups,dc=infoglue,dc=org you add the index in front of two lines of this:
 61 *  
 62 *  0.roleBase=cn=groups,dc=infoglue,dc=org
 63 *  1.roleBase=cn=internal,cn=groups,dc=companyx,dc=com
 64 *  
 65 *  That way the module with index 0 will get all properties without an index and all properties with index 0 will 
 66 *  override the properties without index for just that module. That way you can also have some parameters in common
 67 *  between two of the same modules.
 68 */
 69
 70public class GenericCombinedAuthorizationModule extends BasicAuthorizationModule implements AuthorizationModule, Serializable
 71{
 72    private final static Logger logger = Logger.getLogger(GenericCombinedAuthorizationModule.class.getName());
 73
 74	protected Properties extraProperties = null;
 75	private Database transactionObject 	= null;
 76
 77	private List authorizationModules = new ArrayList();
 78
 79	private AuthorizationModule getAuthorizationModule(String authorizationModuleClassName, int index) throws SystemException
 80	{
 81		AuthorizationModule authorizationModule = null;
 82		
 83		try
 84    	{
 85			Properties localProperties = new Properties();
 86			Iterator propertiesIterator = this.extraProperties.keySet().iterator();
 87			while(propertiesIterator.hasNext())
 88			{
 89				String property = (String)propertiesIterator.next();
 90				String value = this.extraProperties.getProperty(property);
 91				if(property.startsWith("" + index + "."))
 92					property = property.substring(2);
 93				
 94				localProperties.setProperty(property, value);
 95			}
 96			localProperties.setProperty("authorizerIndex", "" + index);
 97				
 98			if(logger.isInfoEnabled())
 99				logger.info("InfoGlueAuthenticationFilter.authorizerClass:" + authorizationModuleClassName);
100			
101			authorizationModule = (AuthorizationModule)Class.forName(authorizationModuleClassName).newInstance();
102			
103			if(logger.isInfoEnabled())
104				logger.info("authorizationModule:" + authorizationModule);
105			
106			authorizationModule.setExtraProperties(localProperties);
107			authorizationModule.setTransactionObject(this.getTransactionObject());
108    	}
109    	catch(Exception e)
110    	{
111    		logger.error("There was an error initializing the authorizerClass:" + e.getMessage(), e);
112    		throw new SystemException("There was an error initializing the authorizerClass:" + e.getMessage(), e);
113    	}
114	   
115		return authorizationModule;
116	}
117
118	/**
119	 * Gets an authorized InfoGluePrincipal. If the user has logged in with the root-account
120	 * we immediately return - otherwise we populate it.
121	 */
122	
123	public InfoGluePrincipal getAuthorizedInfoGluePrincipal(String userName) throws Exception
124	{
125		InfoGluePrincipal infogluePrincipal = null;
126		
127		int i=0;
128		String authorizerClassName = this.extraProperties.getProperty("" + i + ".authorizerClassName");
129		while(authorizerClassName != null && !authorizerClassName.equals("") && infogluePrincipal == null)
130		{
131			if(logger.isInfoEnabled())
132				logger.info("getAuthorizedInfoGluePrincipal in " + authorizerClassName);
133			
134			try
135			{
136				infogluePrincipal = getAuthorizationModule(authorizerClassName, i).getAuthorizedInfoGluePrincipal(userName);
137			}
138			catch(Exception e)
139			{
140				e.printStackTrace();
141			}
142			
143			i++;
144			authorizerClassName = this.extraProperties.getProperty("" + i + ".authorizerClassName");
145		}
146
147		return infogluePrincipal;
148	}
149
150	/**
151	 * Gets an authorized InfoGlueRole.
152	 */
153
154	public InfoGlueRole getAuthorizedInfoGlueRole(String roleName) throws Exception
155	{
156		InfoGlueRole role = null;
157
158		int i=0;
159		String authorizerClassName = this.extraProperties.getProperty("" + i + ".authorizerClassName");
160		while(authorizerClassName != null && !authorizerClassName.equals("") && role == null)
161		{
162			try
163			{
164				role = getAuthorizationModule(authorizerClassName, i).getAuthorizedInfoGlueRole(roleName);
165			}
166			catch(Exception e)
167			{
168				e.printStackTrace();
169			}
170			
171			i++;
172			authorizerClassName = this.extraProperties.getProperty("" + i + ".authorizerClassName");
173		}
174		
175		return role;
176	}
177
178	/**
179	 * Gets an authorized InfoGlueGroup.
180	 */
181
182	public InfoGlueGroup getAuthorizedInfoGlueGroup(String groupName) throws Exception
183	{
184		InfoGlueGroup group = null;
185
186		int i=0;
187		String authorizerClassName = this.extraProperties.getProperty("" + i + ".authorizerClassName");
188		while(authorizerClassName != null && !authorizerClassName.equals("") && group == null)
189		{
190			try
191			{
192				group = getAuthorizationModule(authorizerClassName, i).getAuthorizedInfoGlueGroup(groupName);
193			}
194			catch(Exception e)
195			{
196				e.printStackTrace();
197			}
198			
199			i++;
200			authorizerClassName = this.extraProperties.getProperty("" + i + ".authorizerClassName");
201		}
202
203		return group;
204	}
205
206	
207	/**
208	 * This method gets a users roles
209	 */
210/*
211	public List authorizeUser(String userName) throws Exception
212	{
213		List roles = new ArrayList();
214		
215		int i=0;
216		String authorizerClassName = this.extraProperties.getProperty("" + i + ".authorizerClassName");
217		while(authorizerClassName != null && !authorizerClassName.equals(""))
218		{
219			try
220			{
221				roles.addAll(getAuthorizationModule(authorizerClassName, i).authorizeUser(userName));
222			}
223			catch(Exception e)
224			{
225				e.printStackTrace();
226			}
227			
228			i++;
229			authorizerClassName = this.extraProperties.getProperty("" + i + ".authorizerClassName");
230		}
231
232		return roles;
233	}
234*/
235	
236	/**
237	 * This method gets a list of roles
238	 */
239	
240	public List getRoles() throws Exception
241	{
242		List roles = new ArrayList();
243
244		int i=0;
245		String authorizerClassName = this.extraProperties.getProperty("" + i + ".authorizerClassName");
246		while(authorizerClassName != null && !authorizerClassName.equals(""))
247		{
248			try
249			{
250				List systemRoles = getAuthorizationModule(authorizerClassName, i).getRoles();
251				if(logger.isInfoEnabled())
252					logger.info("\nFound:" + systemRoles.size() + " roles in " + i);
253				roles.addAll(systemRoles);
254			}
255			catch(Exception e)
256			{
257				e.printStackTrace();
258			}
259			
260			i++;
261			authorizerClassName = this.extraProperties.getProperty("" + i + ".authorizerClassName");
262		}
263
264		Collections.sort(roles, new ReflectionComparator("displayName"));
265
266		return roles;
267	}
268
269	/**
270	 * This method gets a list of groups
271	 */
272
273    public List getGroups() throws Exception
274    {
275		List groups = new ArrayList();
276
277		int i=0;
278		String authorizerClassName = this.extraProperties.getProperty("" + i + ".authorizerClassName");
279		while(authorizerClassName != null && !authorizerClassName.equals(""))
280		{
281			if(logger.isInfoEnabled())
282				logger.info("Looking for user in " + authorizerClassName);
283			
284			try
285			{
286				groups.addAll(getAuthorizationModule(authorizerClassName, i).getGroups());
287			}
288			catch(Exception e)
289			{
290				e.printStackTrace();
291			}
292			
293			i++;
294			authorizerClassName = this.extraProperties.getProperty("" + i + ".authorizerClassName");
295		}
296		
297		Collections.sort(groups, new ReflectionComparator("displayName"));
298
299		return groups;
300    }
301    
302	/**
303	 * This method gets a list of users
304	 */
305
306	public List getUsers() throws Exception
307	{
308		List users = new ArrayList();
309
310		int i=0;
311		String authorizerClassName = this.extraProperties.getProperty("" + i + ".authorizerClassName");
312		while(authorizerClassName != null && !authorizerClassName.equals(""))
313		{
314			if(logger.isInfoEnabled())
315				logger.info("Looking for users in " + authorizerClassName);
316			
317			try
318			{
319				users.addAll(getAuthorizationModule(authorizerClassName, i).getUsers());
320			}
321			catch(Exception e)
322			{
323				e.printStackTrace();
324			}
325			
326			i++;
327			authorizerClassName = this.extraProperties.getProperty("" + i + ".authorizerClassName");
328		}
329		
330		Collections.sort(users, new ReflectionComparator("displayName"));
331
332		return users;
333	}
334
335	public List getFilteredUsers(Integer offset, Integer limit,	String sortProperty, String direction, String searchString, boolean populateRolesAndGroups) throws Exception 
336	{
337		List users = new ArrayList();
338
339		int i=0;
340		String authorizerClassName = this.extraProperties.getProperty("" + i + ".authorizerClassName");
341		while(authorizerClassName != null && !authorizerClassName.equals(""))
342		{
343			if(logger.isInfoEnabled())
344				logger.info("Looking for users in " + authorizerClassName);
345			
346			try
347			{
348				users.addAll(getAuthorizationModule(authorizerClassName, i).getFilteredUsers(offset, limit, sortProperty, direction, searchString, populateRolesAndGroups));
349			}
350			catch(Exception e)
351			{
352				e.printStackTrace();
353			}
354			
355			i++;
356			authorizerClassName = this.extraProperties.getProperty("" + i + ".authorizerClassName");
357		}
358		
359		Collections.sort(users, new ReflectionComparator("displayName"));
360
361		return users;	
362	}
363
364	/*
365	public List getFilteredUsers(String firstName, String lastName, String userName, String email, String[] roleIds) throws Exception
366	{
367		throw new Exception("Unsupported operation");
368		//return null;
369	}
370	 */
371	
372	public List getUsers(String roleName) throws Exception
373	{
374		return getRoleUsers(roleName);
375	}
376
377    public List getRoleUsers(String roleName) throws Exception
378    {
379		List users = new ArrayList();
380		
381		InfoGlueRole role = getAuthorizedInfoGlueRole(roleName);
382		
383		users.addAll(role.getAutorizationModule().getRoleUsers(roleName));
384		
385    	return users;
386	}
387
388    public List getGroupUsers(String groupName) throws Exception
389    {
390    	List users = new ArrayList();
391		
392    	InfoGlueGroup group = getAuthorizedInfoGlueGroup(groupName);
393
394    	users.addAll(group.getAutorizationModule().getGroupUsers(groupName));
395    	
396    	return users;
397    }
398
399    
400	public void createInfoGluePrincipal(SystemUserVO systemUserVO) throws Exception
401	{		
402		int i=0;
403		String authorizerClassName = this.extraProperties.getProperty("" + i + ".authorizerClassName");
404		while(authorizerClassName != null && !authorizerClassName.equals(""))
405		{
406			if(logger.isInfoEnabled())
407				logger.info("Creating user in " + authorizerClassName);
408			
409			try
410			{
411				getAuthorizationModule(authorizerClassName, i).createInfoGluePrincipal(systemUserVO);
412			}
413			catch(Exception e)
414			{
415				e.printStackTrace();
416			}
417			
418			i++;
419			authorizerClassName = this.extraProperties.getProperty("" + i + ".authorizerClassName");
420		}
421	}
422
423	public void updateInfoGluePrincipal(SystemUserVO systemUserVO, String[] roleNames, String[] groupNames) throws Exception
424	{
425		InfoGluePrincipal principal = getAuthorizedInfoGluePrincipal(systemUserVO.getUserName());
426		
427		principal.getAutorizationModule().updateInfoGluePrincipal(systemUserVO, roleNames, groupNames);
428	}
429
430	public void updateInfoGluePrincipal(SystemUserVO systemUserVO, String oldPassword, String[] roleNames, String[] groupNames) throws Exception
431	{
432		InfoGluePrincipal principal = getAuthorizedInfoGluePrincipal(systemUserVO.getUserName());
433		
434		principal.getAutorizationModule().updateInfoGluePrincipal(systemUserVO, oldPassword, roleNames, groupNames);
435	}
436
437	/**
438	 * This method is used to send out a newpassword to an existing users.  
439	 */
440
441	public void updateInfoGluePrincipalPassword(String userName) throws Exception
442	{
443		InfoGluePrincipal principal = getAuthorizedInfoGluePrincipal(userName);
444		
445		principal.getAutorizationModule().updateInfoGluePrincipalPassword(userName);
446	}
447	
448	/**
449	 * This method is used to send out a newpassword to an existing users.  
450	 */
451
452	public void updateInfoGlueAnonymousPrincipalPassword() throws Exception
453	{
454		InfoGluePrincipal principal = getAuthorizedInfoGluePrincipal(CmsPropertyHandler.getAnonymousUser());
455		
456		principal.getAutorizationModule().updateInfoGlueAnonymousPrincipalPassword();
457	}
458	
459	/**
460	 * This method is used to let a user update his password by giving his/her old one first.  
461	 */
462
463	public void updateInfoGluePrincipalPassword(String userName, String oldPassword, String newPassword) throws Exception
464	{
465		InfoGluePrincipal principal = getAuthorizedInfoGluePrincipal(userName);
466		
467		principal.getAutorizationModule().updateInfoGluePrincipalPassword(userName, oldPassword, newPassword);
468	}
469
470	public void changeInfoGluePrincipalUserName(String userName, String newUserName) throws Exception
471	{
472		throw new SystemException("This AuthorizationModule does not support changing user name of a principal");
473	}
474
475	public void deleteInfoGluePrincipal(String userName) throws Exception
476	{
477		InfoGluePrincipal principal = getAuthorizedInfoGluePrincipal(userName);
478		
479		principal.getAutorizationModule().deleteInfoGluePrincipal(userName);
480	}
481
482	public void createInfoGlueRole(RoleVO roleVO) throws Exception
483	{
484		int i=0;
485		String authorizerClassName = this.extraProperties.getProperty("" + i + ".authorizerClassName");
486		while(authorizerClassName != null && !authorizerClassName.equals(""))
487		{
488			if(logger.isInfoEnabled())
489				logger.info("Creating role in " + authorizerClassName);
490			
491			try
492			{
493				getAuthorizationModule(authorizerClassName, i).createInfoGlueRole(roleVO);
494			}
495			catch(Exception e)
496			{
497				e.printStackTrace();
498			}
499			
500			i++;
501			authorizerClassName = this.extraProperties.getProperty("" + i + ".authorizerClassName");
502		}
503	}
504
505	public void deleteInfoGlueRole(String roleName) throws Exception
506	{
507		InfoGlueRole role = getAuthorizedInfoGlueRole(roleName);
508
509		role.getAutorizationModule().deleteInfoGlueRole(roleName);
510	}
511
512	public void updateInfoGlueRole(RoleVO roleVO, String[] userNames) throws Exception
513	{
514		InfoGlueRole role = getAuthorizedInfoGlueRole(roleVO.getRoleName());
515		
516		role.getAutorizationModule().updateInfoGlueRole(roleVO, userNames);
517	}
518
519	public void createInfoGlueGroup(GroupVO groupVO) throws Exception
520	{
521		int i=0;
522		String authorizerClassName = this.extraProperties.getProperty("" + i + ".authorizerClassName");
523		while(authorizerClassName != null && !authorizerClassName.equals(""))
524		{
525			if(logger.isInfoEnabled())
526				logger.info("Creating Group in " + authorizerClassName);
527			
528			try
529			{
530				getAuthorizationModule(authorizerClassName, i).createInfoGlueGroup(groupVO);
531			}
532			catch(Exception e)
533			{
534				e.printStackTrace();
535			}
536			
537			i++;
538			authorizerClassName = this.extraProperties.getProperty("" + i + ".authorizerClassName");
539		}
540	}
541
542	public void deleteInfoGlueGroup(String groupName) throws Exception
543	{
544		InfoGlueGroup group = getAuthorizedInfoGlueGroup(groupName);
545
546		group.getAutorizationModule().deleteInfoGlueGroup(groupName);
547	}
548
549	public void updateInfoGlueGroup(GroupVO groupVO, String[] userNames) throws Exception
550	{
551		InfoGlueGroup group = getAuthorizedInfoGlueGroup(groupVO.getGroupName());
552		
553		group.getAutorizationModule().updateInfoGlueGroup(groupVO, userNames);
554	}
555
556	public void addUserToGroup(String groupName, String userName) throws Exception
557	{
558		InfoGlueGroup group = getAuthorizedInfoGlueGroup(groupName);
559
560		group.getAutorizationModule().addUserToGroup(groupName, userName);
561	}
562	
563	public void addUserToRole(String roleName, String userName) throws Exception
564	{
565		InfoGlueRole role = getAuthorizedInfoGlueRole(roleName);
566		
567		role.getAutorizationModule().addUserToRole(roleName, userName);
568	}
569
570	/**
571	 * This method is used to remove user from a role.  
572	 */
573    public void removeUserFromRole(String roleName, String userName) throws Exception
574    {
575		InfoGlueRole role = getAuthorizedInfoGlueRole(roleName);
576
577		role.getAutorizationModule().removeUserFromRole(roleName, userName);
578    }
579
580	/**
581	 * This method is used to remove user from a group.  
582	 */
583    public void removeUserFromGroup(String groupName, String userName) throws Exception
584    {
585		InfoGlueGroup group = getAuthorizedInfoGlueGroup(groupName);
586
587		group.getAutorizationModule().removeUserFromGroup(groupName, userName);    	
588    }
589
590	/**
591	 * This method is used find out if a user exists. Much quicker than getAuthorizedPrincipal 
592	 */
593	
594    public boolean userExists(String userName) throws Exception
595    {
596    	return (getAuthorizedInfoGluePrincipal(userName) == null ? false : true);
597    }
598
599	/**
600	 * This method is used find out if a role exists. Much quicker than getRole 
601	 */
602    public boolean roleExists(String roleName) throws Exception
603    {
604    	return (getAuthorizedInfoGlueRole(roleName) == null ? false : true);
605    }
606    
607	/**
608	 * This method is used find out if a group exists. Much quicker than getGroup 
609	 */
610    public boolean groupExists(String groupName) throws Exception
611    {
612    	return (getAuthorizedInfoGlueGroup(groupName) == null ? false : true);
613    }
614
615	public boolean getSupportUpdate()
616	{
617		return true;
618	}
619
620	public boolean getSupportDelete()
621	{
622		return true;
623	}
624
625	public boolean getSupportCreate()
626	{
627		return true;
628	}
629
630	public List getFilteredUsers(String firstName, String lastName, String userName, String email, String[] roleIds) throws Exception
631	{
632		return null;
633	}
634
635	public Properties getExtraProperties()
636	{
637		return this.extraProperties;
638	}
639
640	public void setExtraProperties(Properties properties)
641	{
642		this.extraProperties = properties;
643	}
644
645    public void setTransactionObject(Object transactionObject)
646    {
647    	this.transactionObject = (Database)transactionObject;
648    }
649
650    public Object getTransactionObject()
651    {
652        return this.transactionObject;
653    }
654
655	@Override
656	public Integer getRoleCount(String searchString) throws Exception 
657	{
658		return getRoles().size();
659	}
660
661	@Override
662	public Integer getGroupCount(String searchString) throws Exception 
663	{
664		return getGroups().size();
665	}
666
667	@Override
668	public Integer getUserCount(String searchString) throws Exception 
669	{
670		return getUsers().size();
671	}
672
673}