0001: /*
0002: jGuard is a security framework based on top of jaas (java authentication and authorization security).
0003: it is written for web applications, to resolve simply, access control problems.
0004: version $Name$
0005: http://sourceforge.net/projects/jguard/
0006:
0007: Copyright (C) 2004 Charles GAY
0008:
0009: This library is free software; you can redistribute it and/or
0010: modify it under the terms of the GNU Lesser General Public
0011: License as published by the Free Software Foundation; either
0012: version 2.1 of the License, or (at your option) any later version.
0013:
0014: This library is distributed in the hope that it will be useful,
0015: but WITHOUT ANY WARRANTY; without even the implied warranty of
0016: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
0017: Lesser General Public License for more details.
0018:
0019: You should have received a copy of the GNU Lesser General Public
0020: License along with this library; if not, write to the Free Software
0021: Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
0022:
0023:
0024: jGuard project home page:
0025: http://sourceforge.net/projects/jguard/
0026:
0027: */
0028: package net.sf.jguard.ext.authorization.manager;
0029:
0030: import java.io.File;
0031: import java.io.FileInputStream;
0032: import java.io.FileNotFoundException;
0033: import java.io.IOException;
0034: import java.net.URI;
0035: import java.net.URISyntaxException;
0036: import java.security.Permission;
0037: import java.security.Principal;
0038: import java.sql.Connection;
0039: import java.sql.PreparedStatement;
0040: import java.sql.ResultSet;
0041: import java.sql.SQLException;
0042: import java.util.ArrayList;
0043: import java.util.Arrays;
0044: import java.util.HashMap;
0045: import java.util.HashSet;
0046: import java.util.Iterator;
0047: import java.util.List;
0048: import java.util.Map;
0049: import java.util.Properties;
0050: import java.util.Set;
0051: import java.util.Stack;
0052: import java.util.logging.Level;
0053: import java.util.logging.Logger;
0054:
0055: import net.sf.jguard.core.CoreConstants;
0056: import net.sf.jguard.core.authorization.permissions.Domain;
0057: import net.sf.jguard.core.authorization.permissions.JGPermissionCollection;
0058: import net.sf.jguard.core.authorization.permissions.JGPositivePermissionCollection;
0059: import net.sf.jguard.core.authorization.permissions.NoSuchPermissionException;
0060: import net.sf.jguard.core.authorization.permissions.PermissionUtils;
0061: import net.sf.jguard.core.principals.RolePrincipal;
0062: import net.sf.jguard.core.util.FileUtils;
0063: import net.sf.jguard.ext.SecurityConstants;
0064: import net.sf.jguard.ext.authorization.AuthorizationException;
0065: import net.sf.jguard.ext.database.ConnectionFactory;
0066: import net.sf.jguard.ext.database.DatabaseUtils;
0067: import net.sf.jguard.ext.util.XMLUtils;
0068:
0069: /**
0070: * jdbc-based AuthorizationManager class used for all database backend.
0071: * @author <a href="mailto:diabolo512@users.sourceforge.net">Charles Gay</a>
0072: * @author <a href="mailto:vinipitta@users.sourceforge.net">Vinicius Pitta Lima de Araujo</a>
0073: * @author <a href="mailto:tandilero@users.sourceforge.net">Maximiliano Batelli</a>
0074: */
0075: public class JdbcAuthorizationManager extends
0076: AbstractAuthorizationManager implements AuthorizationManager {
0077:
0078: private static final Logger logger = Logger
0079: .getLogger(JdbcAuthorizationManager.class.getName());
0080:
0081: protected static final String NAME = "name";
0082: protected static final String DOMAIN_NAME = "domain_name";
0083:
0084: //domainIds is only dedicated to the jdbc subclasses
0085: protected Map domainIds;
0086:
0087: //table and index names
0088: protected static String jgDomainSeq = "jg_domain_seq";
0089: protected static String jgPermissionSeq = "jg_permission_seq";
0090: protected static String jgAppPrincipalSeq = "jg_app_principal_seq";
0091: protected static String jgUrlQuerySeq = "jg_url_query_seq";
0092: protected static String jgPrincipalDomain = "jg_principal_domain";
0093: protected static String jgDomain = "jg_domain";
0094: protected static String jgAppPrincipal = "jg_app_principal";
0095: protected static String jgPrincipalPermission = "jg_principal_permission";
0096: protected static String jgPermission = "jg_permission";
0097: protected static String jgUrlQuery = "jg_urlquery";
0098: protected static String jgPrincipalHierarchy = "jg_principal_principal";
0099:
0100: //SQL queries
0101: protected String PRINCIPALS_HIERARCHY = "PRINCIPALS_HIERARCHY";
0102: protected String CREATE_PRINCIPAL_INHERITANCE = "CREATE_PRINCIPAL_INHERITANCE";
0103: protected String DELETE_PRINCIPAL_INHERITANCE = "DELETE_PRINCIPAL_INHERITANCE";
0104:
0105: protected String PRINCIPALS = "PRINCIPALS";
0106: protected String PERMISSIONS_FROM_PRINCIPAL = "PERMISSIONS_FROM_PRINCIPAL";
0107: protected String PERMISSIONS_FROM_DOMAINS = "PERMISSIONS_FROM_DOMAINS";
0108: protected String PERMISSIONS = "PERMISSIONS";
0109: protected String CREATE_PERMISSION = "CREATE_PERMISSION";
0110: protected String CREATE_DOMAIN = "CREATE_DOMAIN";
0111: protected String CREATE_PRINCIPAL_PERMISSION = "CREATE_PRINCIPAL_PERMISSION";
0112: protected String CREATE_PRINCIPAL_DOMAIN = "CREATE_PRINCIPAL_DOMAIN";
0113: protected String DOMAINS = "DOMAINS";
0114: //delete a domain
0115: protected String DELETE_DOMAIN = "DELETE_DOMAIN";
0116: //delete all the association in jg_principal_domain for a specific principal
0117: protected String DELETE_PRINCIPAL_DOMAIN = "DELETE_PRINCIPAL_DOMAIN";
0118: //delete the associations in jg_principal_domain for a specific domain
0119: protected String DELETE_DOMAIN_PRINCIPAL = "DELETE_DOMAIN_PRINCIPAL";
0120:
0121: protected String UPDATE_DOMAIN = "UPDATE_DOMAIN";
0122: protected String UPDATE_PERMISSION = "UPDATE_PERMISSION";
0123: protected String CHANGE_DOMAIN_PERMISSION = "CHANGE_DOMAIN_PERMISSION";
0124: protected String DELETE_PRINCIPAL = "DELETE_PRINCIPAL";
0125: protected String CREATE_PRINCIPAL = "CREATE_PRINCIPAL";
0126: protected String UPDATE_PRINCIPAL = "UPDATE_PRINCIPAL";
0127: //delete a permission
0128: protected String DELETE_PERMISSION = "DELETE_PERMISSION";
0129: //delete all the association in jg_principal_domain for a specific principal
0130: protected String DELETE_PRINCIPAL_PERMISSION = "DELETE_PRINCIPAL_PERMISSION";
0131: //delete the associations in jg_principal_permission for a specific permission
0132: protected String DELETE_PERMISSION_PRINCIPAL = "DELETE_PERMISSION_PRINCIPAL";
0133: protected String READ_PERMISSION_ID = "READ_PERMISSION_ID";
0134: protected String READ_DOMAIN_ID = "READ_DOMAIN_ID";
0135: protected String READ_PRINCIPAL_ID = "READ_PRINCIPAL_ID";
0136:
0137: private Properties props;
0138: private String dbPropertiesLocation;
0139: protected ConnectionFactory connectionFactory = null;
0140:
0141: /**
0142: * JdbcAuthorizationManager constructor.
0143: */
0144: public JdbcAuthorizationManager() {
0145: super ();
0146: domainIds = new HashMap();
0147: }
0148:
0149: /**
0150: * return needed initialization parameters.
0151: * @return initialization parameters' list
0152: * @see net.sf.jguard.ext.authorization.manager.AuthorizationManager#getInitParameters()
0153: */
0154: public List getInitParameters() {
0155:
0156: String[] authorizationParameters = { "authorizationUrl",
0157: "authorizationLogin", "authorizationPassword",
0158: "authorizationDriver" };
0159: return Arrays.asList(authorizationParameters);
0160: }
0161:
0162: /**
0163: * initialize principals.
0164: * regroup Principals in a Set.
0165: * @return principals Set
0166: */
0167: private Set initPrincipals() {
0168:
0169: Set ppals = new HashSet();
0170: Map principalsMap = new HashMap();
0171: PreparedStatement pst;
0172: PreparedStatement pst2;
0173: PreparedStatement pst3;
0174: ResultSet rs;
0175: ResultSet rs2;
0176: ResultSet rs3;
0177:
0178: Connection connection = null;
0179: try {
0180: connection = connectionFactory.getConnection();
0181: pst = connection.prepareStatement(props
0182: .getProperty(PRINCIPALS));
0183: rs = pst.executeQuery();
0184:
0185: while (rs.next()) {
0186: RolePrincipal tempJGuardPrincipal = new RolePrincipal();
0187: tempJGuardPrincipal.setName(this .applicationName + "#"
0188: + rs.getString(NAME));
0189: String name = rs.getString(NAME);
0190:
0191: //domains names owned by this principal
0192: Set domainNames = new HashSet();
0193:
0194: //add permissions from principal via domains
0195: pst3 = connection.prepareStatement(props
0196: .getProperty(PERMISSIONS_FROM_DOMAINS));
0197: pst3.setString(1, name);
0198: rs3 = pst3.executeQuery();
0199:
0200: //fill principal object with the permissions bound to domains owned by the current principal
0201: while (rs3.next()) {
0202: String domainName = rs3.getString(DOMAIN_NAME);
0203: if (!domainNames.contains(domainName)) {
0204: domainNames.add(domainName);
0205: logger.finest(" add domain " + domainName
0206: + " to principal "
0207: + tempJGuardPrincipal.getLocalName());
0208: JGPermissionCollection domainTemp = (JGPermissionCollection) domains
0209: .get(domainName);
0210: tempJGuardPrincipal.addDomain(domainTemp);
0211: }
0212:
0213: }
0214:
0215: //add permissions not bound with a domain owned by this principal
0216: pst2 = connection.prepareStatement(props
0217: .getProperty(PERMISSIONS_FROM_PRINCIPAL));
0218: pst2.setString(1, name);
0219: rs2 = pst2.executeQuery();
0220:
0221: //fill principal object with their permissions
0222: while (rs2.next()) {
0223: String permissionName = rs2.getString(NAME);
0224: Permission perm;
0225: try {
0226: perm = (Permission) urlp
0227: .getPermission(permissionName);
0228: tempJGuardPrincipal.addPermission(perm);
0229: } catch (NoSuchPermissionException e) {
0230: logger
0231: .warning(" permission "
0232: + permissionName
0233: + " is not present in the JGPermissionCollection ");
0234: }
0235: }
0236:
0237: ppals.add(tempJGuardPrincipal);
0238: principalsMap.put(tempJGuardPrincipal.getLocalName(),
0239: tempJGuardPrincipal);
0240: }
0241:
0242: rs.close();
0243: pst.close();
0244:
0245: pst = connection.prepareStatement(props
0246: .getProperty(PRINCIPALS_HIERARCHY));
0247: rs = pst.executeQuery();
0248:
0249: RolePrincipal ascendantPrincipal = null;
0250:
0251: while (rs.next()) {
0252: String principalAscendantName = rs.getString(1);
0253: String principalDescendantName = rs.getString(2);
0254:
0255: if (ascendantPrincipal == null
0256: || !ascendantPrincipal.getLocalName().equals(
0257: principalAscendantName)) {
0258: ascendantPrincipal = (RolePrincipal) principalsMap
0259: .get(principalAscendantName);
0260: }
0261:
0262: RolePrincipal descendant = (RolePrincipal) principalsMap
0263: .get(principalDescendantName);
0264: ascendantPrincipal.getDescendants().add(descendant);
0265:
0266: logger.info("Principal " + principalAscendantName
0267: + " inherites from principal "
0268: + principalDescendantName);
0269: }
0270:
0271: rs.close();
0272: pst.close();
0273:
0274: } catch (SQLException e) {
0275: if (logger.isLoggable(Level.FINEST)) {
0276: logger
0277: .finest("initPrincipals in AuthorizationManager SQL ERROR "
0278: + e.getMessage());
0279: }
0280: } finally {
0281: try {
0282: connection.close();
0283: } catch (SQLException e1) {
0284: logger.log(Level.SEVERE, "listPrincipals()", e1);
0285: }
0286: }
0287:
0288: return ppals;
0289: }
0290:
0291: /**
0292: * initialize permissions.
0293: * regroup permissions in a JGPermissionCollection.
0294: * @return JGPermissionCollection
0295: */
0296: private JGPermissionCollection initPermissions() {
0297:
0298: JGPermissionCollection urlPc = new JGPositivePermissionCollection();
0299: Permission tempPermission = null;
0300: String tempPermissionName = "";
0301: Connection connection2 = null;
0302: try {
0303: //get the domains (although the empty domains)
0304: connection2 = connectionFactory.getConnection();
0305: PreparedStatement pst2 = connection2.prepareStatement(props
0306: .getProperty(DOMAINS));
0307: ResultSet rs2 = pst2.executeQuery();
0308: while (rs2.next()) {
0309: String domainName = rs2.getString(NAME);
0310: Long domainId = new Long((rs2.getInt("id")));
0311: JGPermissionCollection domain = new Domain(domainName);
0312: domainsSet.add(domain);
0313: domains.put(domainName, domain);
0314: domainIds.put(domainName, domainId);
0315: Connection connection = null;
0316: try {
0317: connection = connectionFactory.getConnection();
0318: PreparedStatement pst = connection
0319: .prepareStatement(props
0320: .getProperty(PERMISSIONS));
0321: pst.setLong(1, domainId.longValue());
0322: ResultSet rs = pst.executeQuery();
0323:
0324: //get the corresponding permissions
0325: while (rs.next()) {
0326:
0327: //new permission
0328: if (rs.getString(NAME).equals(
0329: tempPermissionName) == false) {
0330: if (tempPermission != null) {
0331: urlPc.add(tempPermission);
0332: }
0333: String clazz = rs.getString(("class"));
0334: String actions = rs.getString(("actions"));
0335: try {
0336: tempPermission = PermissionUtils
0337: .getPermission(clazz, rs
0338: .getString(NAME),
0339: actions);
0340: } catch (ClassNotFoundException e) {
0341: logger.warning(e.getMessage());
0342: continue;
0343: }
0344: permissions.put(tempPermission.getName(),
0345: tempPermission);
0346: permissionsSet.add(tempPermission);
0347: //add the Permission to the domain
0348: ((JGPermissionCollection) domains
0349: .get(domainName))
0350: .add(tempPermission);
0351:
0352: }
0353: }
0354:
0355: //add the last permission
0356: if (tempPermission != null) {
0357: urlPc.add(tempPermission);
0358: }
0359: } finally {
0360: connection.close();
0361: }
0362:
0363: }
0364:
0365: } catch (SQLException e) {
0366:
0367: if (logger.isLoggable(Level.FINEST)) {
0368: logger
0369: .finest("listPermissions() - initializePermissions in AuthorizationManager SQL ERROR "
0370: + e.getMessage());
0371: }
0372:
0373: } finally {
0374: try {
0375: connection2.close();
0376: } catch (SQLException e) {
0377: throw new RuntimeException(e);
0378: }
0379: }
0380:
0381: return urlPc;
0382: }
0383:
0384: /**
0385: * initialize this jdbc permission manager.
0386: * @param options a Map which contains informations to configure the AuthorizationManager implementation.
0387: * @see net.sf.jguard.ext.authorization.manager.AuthorizationManager#init(java.util.Properties)
0388: */
0389: public void init(Map options) {
0390: super .init(options);
0391: String applicationName = (String) options
0392: .get(CoreConstants.APPLICATION_NAME);
0393: if (applicationName == null) {
0394: throw new IllegalArgumentException(
0395: " applicationName is null");
0396: }
0397: this .setApplicationName(applicationName);
0398: super .options = options;
0399: dbPropertiesLocation = (String) options
0400: .get(SecurityConstants.AUTHORIZATION_DATABASE_FILE_LOCATION);
0401: dbPropertiesLocation = XMLUtils
0402: .resolveLocation(dbPropertiesLocation);
0403: props = new Properties();
0404: try {
0405: File file = FileUtils
0406: .getFile(new URI(dbPropertiesLocation));
0407: props.load(new FileInputStream(file));
0408: logger.finest(" JdbcAuthorizationManager properties = "
0409: + props);
0410: } catch (FileNotFoundException e2) {
0411: logger
0412: .severe(" authorization database properties file is not found at this location "
0413: + dbPropertiesLocation);
0414: e2.printStackTrace();
0415: } catch (IOException e2) {
0416: logger
0417: .severe(" authorization database properties file is not accesible this location "
0418: + dbPropertiesLocation
0419: + "\n "
0420: + e2.getMessage());
0421: } catch (URISyntaxException e) {
0422: logger
0423: .log(
0424: Level.SEVERE,
0425: " uri of the authorization database properties file hasn't got a valid synthax ",
0426: e);
0427: }
0428:
0429: //initialize database connection factory
0430: connectionFactory = new ConnectionFactory(options);
0431: createRequiredDatabaseEntities(props, connectionFactory);
0432: boolean empty = isEmpty();
0433: if (empty) {
0434: insertRequiredData();
0435: }
0436:
0437: urlp = initPermissions();
0438: principalsSet = initPrincipals();
0439: Iterator itPrincipalsSet = principalsSet.iterator();
0440:
0441: //populate the corresponding Map to the Set
0442: while (itPrincipalsSet.hasNext()) {
0443: RolePrincipal tempPrincipal = (RolePrincipal) itPrincipalsSet
0444: .next();
0445: principals.put(tempPrincipal.getLocalName(), tempPrincipal);
0446: }
0447:
0448: }
0449:
0450: private static void createRequiredDatabaseEntities(
0451: Properties properties, ConnectionFactory connectionFactory) {
0452:
0453: //we create tables
0454: List tablesNames = new ArrayList();
0455: tablesNames.add("JG_DOMAIN");
0456: tablesNames.add("JG_APP_PRINCIPAL");
0457: tablesNames.add("JG_PERMISSION");
0458: tablesNames.add("JG_PRINCIPAL_PERMISSION");
0459: tablesNames.add("JG_PRINCIPAL_DOMAIN");
0460: tablesNames.add("JG_PRINCIPAL_HIERARCHY");
0461:
0462: List sequencesNames = new ArrayList();
0463: sequencesNames.add("JG_APP_PRINCIPAL_SEQ");
0464: sequencesNames.add("JG_PERMISSION_SEQ");
0465: sequencesNames.add("JG_DOMAIN_SEQ");
0466:
0467: List foreignkeysNames = new ArrayList();
0468: foreignkeysNames.add("FK_PERMISSION_PRINCIPAL");
0469: foreignkeysNames.add("FK_PRINCIPAL_PERMISSION");
0470: foreignkeysNames.add("FK_DOMAIN_PRINCIPAL");
0471: foreignkeysNames.add("FK_PRINCIPAL_DOMAIN");
0472: foreignkeysNames.add("FK_PERMISSION_DOMAIN");
0473: foreignkeysNames.add("FK_PRINCIPAL_HIERARCHY_PRINCIPAL");
0474: foreignkeysNames.add("FK_PRINCIPAL_HIERARCHY_PRINCIPAL2");
0475:
0476: //initialise database
0477: DatabaseUtils.createRequiredDatabaseEntities(properties,
0478: connectionFactory, sequencesNames, tablesNames,
0479: foreignkeysNames);
0480:
0481: }
0482:
0483: /**
0484: * create an URLPermission int the corresponding backend.
0485: * @param permission URLPermission
0486: * @param domainName the domain the permission belongs to
0487: * @throws AuthorizationException
0488: * @see net.sf.jguard.ext.authorization.manager.AuthorizationManager#createPermission(java.security.Permission, java.lang.String)
0489: */
0490: public void createPermission(Permission permission,
0491: String domainName) throws AuthorizationException {
0492:
0493: Connection conn = null;
0494: PreparedStatement pst = null;
0495: //name,uri,description,scheme,domain_id
0496: try {
0497: conn = connectionFactory.getConnection();
0498: pst = conn.prepareStatement(props
0499: .getProperty(CREATE_PERMISSION));
0500:
0501: pst.setString(1, permission.getName());
0502: pst.setString(2, permission.getActions());
0503: pst.setString(3, permission.getClass().getName());
0504: Long domainId = (Long) domainIds.get(domainName);
0505: pst.setLong(4, domainId.longValue());
0506: pst.executeUpdate();
0507:
0508: //add the permission to the permissionCollection
0509: urlp.add(permission);
0510: if (logger.isLoggable(Level.FINEST)) {
0511: logger.finest("createPermission() - " + permission
0512: + " added!");
0513: logger.finest("createPermission() - permissions: "
0514: + urlp);
0515: }
0516: //add the permission to its Domain
0517: JGPermissionCollection domain = (JGPermissionCollection) domains
0518: .get(domainName);
0519: domain.add(permission);
0520: permissions.put(permission.getName(), permission);
0521: permissionsSet.add(permission);
0522:
0523: /*
0524: * udpate the permission list from all principals that have relationship with this
0525: * domain. Is this is not done the change will not affect the users principals in this webapp
0526: * while the application is not reloaded.
0527: */
0528: this .updatePrincipals(permission);
0529:
0530: } catch (SQLException e) {
0531: logger.log(Level.SEVERE,
0532: "createPermission(URLPermission, String)", e);
0533: } finally {
0534: try {
0535: pst.close();
0536: conn.close();
0537: } catch (SQLException e1) {
0538: logger.log(Level.SEVERE,
0539: "createPermission(URLPermission, String)", e1);
0540: }
0541: }
0542:
0543: }
0544:
0545: /**
0546: * update the URLPermission.
0547: * @param oldPermissionName
0548: * @param perm
0549: * @param newDomainName
0550: * @throws AuthorizationException
0551: * @see net.sf.jguard.ext.authorization.manager.AuthorizationManager#updatePermission(java.lang.String, java.security.Permission, java.lang.String)
0552: */
0553: public void updatePermission(String oldPermissionName,
0554: Permission perm, String newDomainName)
0555: throws AuthorizationException {
0556:
0557: PreparedStatement pst;
0558: Connection conn = null;
0559:
0560: try {
0561: conn = connectionFactory.getConnection();
0562: conn.setAutoCommit(false);
0563: pst = conn.prepareStatement(props
0564: .getProperty(UPDATE_PERMISSION));
0565:
0566: // name
0567: pst.setString(1, perm.getName());
0568: //actions
0569: pst.setString(2, perm.getActions());
0570: //class
0571: pst.setString(3, perm.getClass().getName());
0572: //domainId
0573: pst.setLong(4, ((Long) domainIds.get(newDomainName))
0574: .longValue());
0575: //old Permission Name
0576: pst.setString(5, oldPermissionName);
0577: pst.executeUpdate();
0578:
0579: JGPermissionCollection newDomain = (JGPermissionCollection) domains
0580: .get(newDomainName);
0581:
0582: // we are looking for the old domain which contains the updated permission
0583: Iterator itDomains = domainsSet.iterator();
0584: Permission oldPermission = (Permission) permissions
0585: .get(oldPermissionName);
0586: while (itDomains.hasNext()) {
0587: JGPermissionCollection domain = (JGPermissionCollection) itDomains
0588: .next();
0589:
0590: if (domain.containsPermission(oldPermission)) {
0591: domain.removePermission(oldPermission);
0592: //only one domain can contain a permission
0593: //so, when we found the 'old' domain which contain the searched permission
0594: //we break the loop
0595: break;
0596: }
0597: }
0598:
0599: //update the "in memory" permission
0600: urlp.removePermission(oldPermission);
0601: urlp.add(perm);
0602: permissions.remove(oldPermissionName);
0603: permissions.put(perm.getName(), perm);
0604: Iterator itPermissionsSet = permissionsSet.iterator();
0605: while (itPermissionsSet.hasNext()) {
0606: Permission tempPerm = (Permission) itPermissionsSet
0607: .next();
0608: if (tempPerm.getName().equals(oldPermissionName)) {
0609: permissionsSet.remove(tempPerm);
0610: break;
0611: }
0612: }
0613: permissionsSet.add(perm);
0614: //add the updated permission to the new domain
0615: newDomain.add(perm);
0616:
0617: //update principals
0618: this .updatePrincipals(perm);
0619: //we only commit SQL changes if SQL and memory changes are synchronized:
0620: //i.e no exception has been raised on the memory scope
0621: conn.commit();
0622: } catch (SQLException e) {
0623: throw new AuthorizationException(e);
0624: } finally {
0625: try {
0626: conn.close();
0627: } catch (SQLException e1) {
0628: logger
0629: .log(
0630: Level.SEVERE,
0631: "updatePermission(String, URLPermission, String)",
0632: e1);
0633: }
0634: }
0635: }
0636:
0637: /**
0638: * delete the permission.
0639: * @param permissionName
0640: * @see net.sf.jguard.ext.authorization.manager.AuthorizationManager#deletePermission(java.lang.String)
0641: */
0642: public void deletePermission(String permissionName)
0643: throws AuthorizationException {
0644:
0645: PreparedStatement pst;
0646: PreparedStatement pst2;
0647: Connection conn = null;
0648: try {
0649: conn = connectionFactory.getConnection();
0650: conn.setAutoCommit(false);
0651: //delete associations in jg_principal_permisison
0652: //before suppress the corresponding permission
0653: pst = conn.prepareStatement(props
0654: .getProperty(DELETE_PERMISSION_PRINCIPAL));
0655: pst.setString(1, permissionName);
0656: logger.finest(props
0657: .getProperty(DELETE_PERMISSION_PRINCIPAL));
0658: logger.finest("permissionName=" + permissionName);
0659: pst.executeUpdate();
0660: pst.close();
0661:
0662: pst2 = conn.prepareStatement(props
0663: .getProperty(DELETE_PERMISSION));
0664: pst2.setString(1, permissionName);
0665: pst2.executeUpdate();
0666:
0667: this .removePermissionFromPrincipals(permissionName);
0668: Permission permission = null;
0669: try {
0670: permission = (Permission) urlp
0671: .getPermission(permissionName);
0672: } catch (NoSuchPermissionException e) {
0673: throw new AuthorizationException(e);
0674: }
0675: Domain domain = getDomain(permission);
0676: domain.removePermission(permission);
0677: permissions.remove(permission.getName());
0678: permissionsSet.remove(permission);
0679: urlp.removePermission(permission);
0680: //update the principals that have this permission by the domain that own this permission
0681: this .updatePrincipals(domain);
0682:
0683: Iterator urlpIt = urlp.getPermissions().iterator();
0684: while (urlpIt.hasNext()) {
0685: Permission tempPermission = (Permission) urlpIt.next();
0686: if (tempPermission.getName().equals(permissionName)) {
0687: //remove the permission in the Set
0688: getDomain(tempPermission).removePermission(
0689: tempPermission);
0690: //remove the permission in the permissionCollection
0691: urlpIt.remove();
0692: break;
0693: }
0694:
0695: }
0696: conn.commit();
0697: } catch (SQLException e) {
0698: logger.log(Level.SEVERE, "deletePermission(String)", e);
0699: } finally {
0700: try {
0701: conn.close();
0702: } catch (SQLException e1) {
0703: logger
0704: .log(Level.SEVERE, "deletePermission(String)",
0705: e1);
0706: }
0707: }
0708:
0709: }
0710:
0711: /**
0712: * create a new domain.
0713: * @param domainName
0714: * @see net.sf.jguard.ext.authorization.manager.AuthorizationManager#createDomain(java.lang.String)
0715: */
0716: public void createDomain(String domainName)
0717: throws AuthorizationException {
0718:
0719: PreparedStatement pst;
0720: PreparedStatement pst2;
0721: ResultSet rs2;
0722: Connection conn = null;
0723: try {
0724: conn = connectionFactory.getConnection();
0725: pst = conn.prepareStatement(props
0726: .getProperty(CREATE_DOMAIN));
0727: pst.setString(1, domainName);
0728: pst.executeUpdate();
0729: JGPermissionCollection newDomain = new Domain(domainName);
0730: pst2 = conn.prepareStatement(props
0731: .getProperty(READ_DOMAIN_ID));
0732: pst2.setString(1, domainName);
0733: rs2 = pst2.executeQuery();
0734: //there must be only one result
0735: rs2.next();
0736: domains.put(domainName, newDomain);
0737: domainsSet.add(newDomain);
0738: domainIds.put(domainName, new Long(rs2.getLong("id")));
0739:
0740: } catch (SQLException e) {
0741: logger.log(Level.SEVERE, "createDomain(String)", e);
0742: } finally {
0743: try {
0744: conn.close();
0745: } catch (SQLException e1) {
0746: logger.log(Level.SEVERE, "createDomain(String)", e1);
0747: }
0748: }
0749:
0750: }
0751:
0752: /**
0753: * change the domain name.
0754: * @param newDomainName
0755: * @param oldDomainName
0756: * @see net.sf.jguard.ext.authorization.manager.AuthorizationManager#updateDomain(java.lang.String, java.lang.String)
0757: */
0758: public void updateDomain(String newDomainName, String oldDomainName)
0759: throws AuthorizationException {
0760:
0761: PreparedStatement pst;
0762: PreparedStatement pst2;
0763: ResultSet rs2;
0764: Connection conn = null;
0765: try {
0766: conn = connectionFactory.getConnection();
0767: pst = conn.prepareStatement(props
0768: .getProperty(UPDATE_DOMAIN));
0769: pst.setString(1, newDomainName);
0770: pst.setString(2, oldDomainName);
0771: pst.executeUpdate();
0772: //if the database update is right, we can update the in memory reference
0773: Domain updatedDomain = ((Domain) domains.get(oldDomainName));
0774: /*
0775: * 2005-05-18 VinÃÂcius: Order of methods call changed to fix the
0776: * bug 1205011
0777: *
0778: * before update the domain name we must remove the domain from
0779: * domainsSet set because this operations depends of equals method
0780: * from Domain that compare the domains names, otherwise the
0781: * remove method from the Set final type will not be able to find
0782: * the right instance with the equals method and will not remove
0783: * the Domain from domainsSet. The wrong call sequence cause the
0784: * domain to be duplicated in the set (in memory domain list).
0785: *
0786: * I am note sure about "why" the old domain instance on the
0787: * domainsSet still with the old name because the domainsSet and
0788: * domains map are supposed to share the same instance of Domain.
0789: * So the change on domain instance from the domains map must to
0790: * means one change on domain instance from domainsSet that share the
0791: * same instance!
0792: *
0793: * I conclude that in some place of the code that load domains
0794: * and permissions, more than one Domain instance are created
0795: * to represents the same domain.
0796: */
0797: domainsSet.remove(domains.get(oldDomainName));
0798: //now we can safe update the domain name
0799: updatedDomain.setName(newDomainName);
0800:
0801: domains.remove(oldDomainName);
0802: //I think that this call was forgotten
0803: domainIds.remove(oldDomainName);
0804:
0805: domains.put(newDomainName, updatedDomain);
0806:
0807: pst2 = conn.prepareStatement(props
0808: .getProperty(READ_DOMAIN_ID));
0809: pst2.setString(1, newDomainName);
0810: rs2 = pst2.executeQuery();
0811: //there must be only one result
0812: rs2.next();
0813: domainIds.put(newDomainName, new Long(rs2.getLong("id")));
0814: domainsSet.add(domains.get(updatedDomain.getName()));
0815:
0816: //update principals relationship with this domain
0817: this .updatePrincipals(updatedDomain, oldDomainName);
0818: } catch (SQLException e) {
0819: logger.log(Level.SEVERE, "updateDomain(String, String)", e);
0820: } finally {
0821: try {
0822: conn.close();
0823: } catch (SQLException e1) {
0824: logger.log(Level.SEVERE,
0825: "updateDomain(String, String)", e1);
0826: }
0827: }
0828:
0829: }
0830:
0831: /**
0832: * delete a domain.
0833: * a domain can be deleted only if no permissions are bound to it.
0834: * @param domainName
0835: * @see net.sf.jguard.ext.authorization.manager.AuthorizationManager#deleteDomain(java.lang.String)
0836: */
0837: public void deleteDomain(String domainName)
0838: throws AuthorizationException {
0839: if (domains.get(domainName) == null) {
0840: throw new AuthorizationException(
0841: " this domain does not exists ");
0842: } else if (((JGPermissionCollection) domains.get(domainName))
0843: .getPermissions().isEmpty() == false) {
0844: throw new AuthorizationException(
0845: " there are "
0846: + ((JGPermissionCollection) domains
0847: .get(domainName)).getPermissions()
0848: .size()
0849: + " permissions bound to this domain ");
0850: } else {
0851:
0852: PreparedStatement pst;
0853: PreparedStatement pst2;
0854: Connection conn = null;
0855: try {
0856: conn = connectionFactory.getConnection();
0857: //delete associations between principals and this domain
0858: pst2 = conn.prepareStatement(props
0859: .getProperty(DELETE_DOMAIN_PRINCIPAL));
0860: pst2.setString(1, domainName);
0861: pst2.executeUpdate();
0862:
0863: pst = conn.prepareStatement(props
0864: .getProperty(DELETE_DOMAIN));
0865: pst.setString(1, domainName);
0866: pst.executeUpdate();
0867: domainIds.remove(((Domain) domains.get(domainName))
0868: .getName());
0869: domainsSet.remove(domains.get(domainName));
0870: //if the database remove is right, we can remove the in memory reference
0871: domains.remove(domainName);
0872:
0873: //update principals that have relationship with this domain
0874: super .removeDomainFromPrincipals(domainName);
0875: } catch (SQLException e) {
0876: logger.log(Level.SEVERE, "deleteDomain(String)", e);
0877: } finally {
0878: try {
0879: conn.close();
0880: } catch (SQLException e1) {
0881: logger
0882: .log(Level.SEVERE, "deleteDomain(String)",
0883: e1);
0884: }
0885: }
0886: }
0887: }
0888:
0889: /**
0890: * update the application Principal (role).
0891: * @param oldPrincipalName name of the principal to be replaced
0892: * @param principal the new principal updated
0893: * @see net.sf.jguard.ext.authorization.manager.AuthorizationManager#updatePrincipal(net.sf.jguard.core.principals.RolePrincipal)
0894: * @throws AuthorizationException
0895: */
0896: public void updatePrincipal(String oldPrincipalName,
0897: Principal principal) throws AuthorizationException {
0898:
0899: PreparedStatement pst;
0900: PreparedStatement pst2;
0901: PreparedStatement pst3;
0902: Connection conn = null;
0903:
0904: try {
0905: conn = connectionFactory.getConnection();
0906: //delete old assocations between principal and permissions
0907: pst2 = conn.prepareStatement(props
0908: .getProperty(DELETE_PRINCIPAL_PERMISSION));
0909: pst2.setString(1, oldPrincipalName);
0910: logger.finest(props
0911: .getProperty(DELETE_PRINCIPAL_PERMISSION));
0912: logger.finest(oldPrincipalName);
0913: pst2.executeUpdate();
0914:
0915: //delete old assocations between principal and domains
0916: pst3 = conn.prepareStatement(props
0917: .getProperty(DELETE_PRINCIPAL_DOMAIN));
0918: pst3.setString(1, oldPrincipalName);
0919: pst3.executeUpdate();
0920:
0921: //update the principal name
0922: pst = conn.prepareStatement(props
0923: .getProperty(UPDATE_PRINCIPAL));
0924: pst.setString(1, getLocalName(principal));
0925: pst.setString(2, oldPrincipalName);
0926: pst.executeUpdate();
0927: } catch (SQLException e) {
0928: logger.log(Level.SEVERE,
0929: "updatePrincipal(String, RolePrincipal)", e);
0930: throw new AuthorizationException(e);
0931: } finally {
0932: try {
0933: conn.close();
0934: } catch (SQLException e1) {
0935: throw new AuthorizationException(
0936: " connection cannot be closed ", e1);
0937: }
0938: }
0939: if (principal.getClass().equals(RolePrincipal.class)) {
0940: addDomainsAndPermissions((RolePrincipal) principal);
0941: }
0942: //if the database update is right, we can update the in memory reference
0943: Principal oldPal = (Principal) principals
0944: .remove(oldPrincipalName);
0945: principalsSet.remove(oldPal);
0946: principals.put(getLocalName(principal), principal);
0947: principalsSet.add(principal);
0948:
0949: }
0950:
0951: /**
0952: * @param principal
0953: * @throws AuthorizationException
0954: */
0955: private void addDomainsAndPermissions(RolePrincipal principal)
0956: throws AuthorizationException {
0957:
0958: PreparedStatement pst4;
0959: PreparedStatement pst5;
0960: PreparedStatement pst6;
0961: PreparedStatement pst7;
0962: PreparedStatement pst8;
0963: ResultSet rs5;
0964: ResultSet rs6;
0965: ResultSet rs7;
0966: Connection conn = null;
0967: try {
0968: conn = connectionFactory.getConnection();
0969: //retrieve the principal id
0970: pst6 = conn.prepareStatement(props
0971: .getProperty(READ_PRINCIPAL_ID));
0972:
0973: pst6.setString(1, getLocalName(principal));
0974: rs6 = pst6.executeQuery();
0975: long idPrincipal;
0976: if (rs6.next()) {
0977: idPrincipal = rs6.getLong(1);
0978: } else {
0979: throw new AuthorizationException(
0980: " the principal "
0981: + principal.getLocalName()
0982: + " is not present in the database : it hasn't got any id ");
0983: }
0984: //add new assocations between principal and permissions
0985: Set orphanedPermissions = principal
0986: .getOrphanedPermissions();
0987: Iterator itOrphanedPermissions = orphanedPermissions
0988: .iterator();
0989: long idPermission;
0990:
0991: while (itOrphanedPermissions.hasNext()) {
0992: Permission perm = (Permission) itOrphanedPermissions
0993: .next();
0994: pst5 = conn.prepareStatement(props
0995: .getProperty(READ_PERMISSION_ID));
0996: pst5.setString(1, perm.getName());
0997: rs5 = pst5.executeQuery();
0998: rs5.next();
0999: idPermission = rs5.getLong(1);
1000:
1001: pst8 = conn.prepareStatement(props
1002: .getProperty(CREATE_PRINCIPAL_PERMISSION));
1003: pst8.setLong(1, idPrincipal);
1004: pst8.setLong(2, idPermission);
1005: pst8.executeUpdate();
1006: }
1007:
1008: //add new assocations between principal and domains
1009: Set doms = principal.getDomains();
1010: Iterator itDomains = doms.iterator();
1011: long idDomain;
1012: while (itDomains.hasNext()) {
1013: Domain dom = (Domain) itDomains.next();
1014: pst7 = conn.prepareStatement(props
1015: .getProperty(READ_DOMAIN_ID));
1016: pst7.setString(1, dom.getName());
1017: rs7 = pst7.executeQuery();
1018: rs7.next();
1019: idDomain = rs7.getLong(1);
1020:
1021: pst4 = conn.prepareStatement(props
1022: .getProperty(CREATE_PRINCIPAL_DOMAIN));
1023: pst4.setLong(1, idPrincipal);
1024: pst4.setLong(2, idDomain);
1025: pst4.executeUpdate();
1026: }
1027:
1028: } catch (SQLException e) {
1029: throw new AuthorizationException(
1030: " an SQLException has been raised in the addDomainsAndPermissions method ",
1031: e);
1032: } finally {
1033: try {
1034: conn.close();
1035: } catch (SQLException e1) {
1036: throw new AuthorizationException(
1037: " connection cannot be closed ", e1);
1038: }
1039: }
1040: }
1041:
1042: /**
1043: * delete principal.
1044: * @param principal
1045: * @see net.sf.jguard.ext.authorization.manager.AuthorizationManager#deletePrincipal(java.security.Principal)
1046: */
1047: public void deletePrincipal(Principal principal)
1048: throws AuthorizationException {
1049:
1050: PreparedStatement pst;
1051: PreparedStatement pst2;
1052: PreparedStatement pst3;
1053: Connection conn = null;
1054: try {
1055: conn = connectionFactory.getConnection();
1056: pst = conn.prepareStatement(props
1057: .getProperty(DELETE_PRINCIPAL_PERMISSION));
1058: pst.setString(1, getLocalName(principal));
1059: pst.executeUpdate();
1060:
1061: pst3 = conn.prepareStatement(props
1062: .getProperty(DELETE_PRINCIPAL_DOMAIN));
1063: pst3.setString(1, getLocalName(principal));
1064: pst3.executeUpdate();
1065:
1066: pst2 = conn.prepareStatement(props
1067: .getProperty(DELETE_PRINCIPAL));
1068: pst2.setString(1, getLocalName(principal));
1069: pst2.executeUpdate();
1070: principals.remove(getLocalName(principal));
1071: RolePrincipal ppal = new RolePrincipal();
1072: ppal.setLocalName(getLocalName(principal));
1073: ppal.setApplicationName(applicationName);
1074: principalsSet.remove(ppal);
1075:
1076: } catch (SQLException e) {
1077: logger.log(Level.SEVERE, "deletePrincipal(String)", e);
1078: } finally {
1079: try {
1080: conn.close();
1081: } catch (SQLException e1) {
1082: logger.log(Level.SEVERE, "deletePrincipal(String)", e1);
1083: }
1084: }
1085:
1086: }
1087:
1088: /**
1089: * update the permission to bound it to another Domain.
1090: * @param permissionName name of the permission to update
1091: * @param newDomainName name of the Domain to bound this permission
1092: * @throws AuthorizationException
1093: */
1094: public void changeDomainPermission(String permissionName,
1095: String newDomainName) throws AuthorizationException {
1096:
1097: PreparedStatement pst;
1098: Connection conn = null;
1099: try {
1100: conn = connectionFactory.getConnection();
1101: conn.setAutoCommit(false);
1102: pst = conn.prepareStatement(props
1103: .getProperty(CHANGE_DOMAIN_PERMISSION));
1104: pst.setString(1, newDomainName);
1105: pst.setString(2, permissionName);
1106: pst.executeUpdate();
1107: Permission perm;
1108: try {
1109: perm = (Permission) urlp.getPermission(permissionName);
1110: } catch (NoSuchPermissionException e) {
1111: throw new AuthorizationException(e);
1112: }
1113: JGPermissionCollection oldDomain = getDomain(perm);
1114: oldDomain.removePermission(perm);
1115: JGPermissionCollection newDomain = (JGPermissionCollection) domains
1116: .get(newDomainName);
1117: newDomain.add(perm);
1118: conn.commit();
1119: } catch (SQLException e) {
1120: logger.log(Level.SEVERE,
1121: "changeDomainPermission(String, String)", e);
1122: } finally {
1123: try {
1124: conn.close();
1125: } catch (SQLException e1) {
1126: logger.log(Level.SEVERE,
1127: "changeDomainPermission(String, String)", e1);
1128: }
1129: }
1130:
1131: }
1132:
1133: public void createPrincipal(Principal principal)
1134: throws AuthorizationException {
1135:
1136: PreparedStatement pst;
1137: Connection conn = null;
1138: //create the principal
1139: try {
1140: conn = connectionFactory.getConnection();
1141: pst = conn.prepareStatement(props
1142: .getProperty(CREATE_PRINCIPAL));
1143: pst.setString(1, getLocalName(principal));
1144: int result = pst.executeUpdate();
1145: if (result == 0) {
1146: throw new AuthorizationException("principal "
1147: + getLocalName(principal)
1148: + " has not been created");
1149: }
1150: } catch (SQLException e) {
1151: logger.log(Level.SEVERE, "createPrincipal(RolePrincipal)",
1152: e);
1153: throw new AuthorizationException(e);
1154: } finally {
1155: try {
1156: conn.close();
1157: } catch (SQLException e1) {
1158: logger.log(Level.SEVERE,
1159: "createPrincipal(RolePrincipal)", e1);
1160: throw new AuthorizationException(e1);
1161: }
1162: }
1163: if (principal.getClass().equals(RolePrincipal.class)) {
1164: addDomainsAndPermissions((RolePrincipal) principal);
1165: }
1166: principals.put(getLocalName(principal), principal);
1167:
1168: principalsSet.add(principal);
1169:
1170: }
1171:
1172: /**
1173: * This commands establishes a new immediate inheritance relationship
1174: * between the existing principals principalAsc and the principalDesc.
1175: * The command is valid if and only if the principal principalAsc is not an immediate
1176: * ascendant of principalDesc, and descendant does
1177: * not properly inherit principalAsc principal(in order to avoid cycle creation).
1178: *
1179: * @param principalAscName the principal that will inherite.
1180: * @param principalDescName the principal that will be inherited.
1181: * @throws AuthorizationException if the inheritance already exists or create a cycle.
1182: */
1183: public void addInheritance(String principalAscName,
1184: String principalDescName) throws AuthorizationException {
1185: //getting the principals
1186: RolePrincipal principalAsc = (RolePrincipal) principals
1187: .get(principalAscName);
1188: RolePrincipal principalDesc = (RolePrincipal) principals
1189: .get(principalDescName);
1190:
1191: if (principalAsc == null) {
1192: logger.severe("Principal " + principalAscName
1193: + " not found!");
1194: throw new AuthorizationException("Principal "
1195: + principalAscName + " not found!");
1196: }
1197:
1198: if (principalDesc == null) {
1199: logger.severe("Principal " + principalDescName
1200: + " not found!");
1201: throw new AuthorizationException("Principal "
1202: + principalDescName + " not found!");
1203: }
1204:
1205: //check if the principalAsc is immediate ascendant of principalDesc
1206: for (Iterator it = principalAsc.getDescendants().iterator(); it
1207: .hasNext();) {
1208: if (principalDesc.equals(it.next())) {
1209: logger.warning("Principal " + principalAscName
1210: + " is immediate ascendant of Principal "
1211: + principalDescName + "!");
1212: }
1213: }
1214:
1215: //check if principalDesc inherit principalAsc
1216: //use a stack instead of a recursive method
1217: Stack principalsToCheck = new Stack();
1218: //used to check first all principals from one level before check the next level
1219: Stack principalsFromNextLevel = new Stack();
1220: principalsToCheck.addAll(principalDesc.getDescendants());
1221:
1222: while (!principalsToCheck.isEmpty()) {
1223: RolePrincipal principal = (RolePrincipal) principalsToCheck
1224: .pop();
1225: if (principalAsc.equals(principal)) {
1226: logger.severe("Principal " + principalAscName
1227: + " cannot inherit Principal "
1228: + principalDescName + " because "
1229: + principalDescName + " inherit "
1230: + principalAscName);
1231: throw new AuthorizationException("Principal "
1232: + principalAscName
1233: + " cannot inherit Principal "
1234: + principalDescName + " because "
1235: + principalDescName + " inherit "
1236: + principalAscName);
1237: }
1238:
1239: principalsFromNextLevel.addAll(principal.getDescendants());
1240:
1241: //is time to go to next level
1242: if (principalsToCheck.isEmpty()) {
1243: principalsToCheck.addAll(principalsFromNextLevel);
1244:
1245: //clear the second level stack
1246: principalsFromNextLevel.clear();
1247: }
1248: }
1249:
1250: PreparedStatement pst;
1251: Connection conn = null;
1252: try {
1253: conn = connectionFactory.getConnection();
1254: //get principalAsc id
1255: pst = conn.prepareStatement(props
1256: .getProperty(READ_PRINCIPAL_ID));
1257: pst.setString(1, principalAscName);
1258: ResultSet rs = pst.executeQuery();
1259: rs.next();
1260: int principalAscId = rs.getInt(1);
1261: rs.close();
1262:
1263: //get principalDesc id
1264: pst.setString(1, principalDescName);
1265: rs = pst.executeQuery();
1266: rs.next();
1267: int principalDescId = rs.getInt(1);
1268: rs.close();
1269: pst.close();
1270:
1271: //update the backend
1272: pst = conn.prepareStatement(props
1273: .getProperty(CREATE_PRINCIPAL_INHERITANCE));
1274: pst.setInt(1, principalAscId);
1275: pst.setInt(2, principalDescId);
1276: pst.executeUpdate();
1277: pst.close();
1278:
1279: //update in-memory principal
1280: principalAsc.getDescendants().add(principalDesc);
1281:
1282: } catch (SQLException e) {
1283: logger
1284: .log(
1285: Level.SEVERE,
1286: "addInheritance(principalAscName, principalDescName)",
1287: e);
1288: } finally {
1289: try {
1290: conn.close();
1291: } catch (SQLException e1) {
1292: logger
1293: .log(
1294: Level.SEVERE,
1295: "addInheritance(principalAscName, principalDescName)",
1296: e1);
1297: }
1298: }
1299:
1300: }
1301:
1302: /**
1303: * Delete the inheritance beteween two existings principals.
1304: * @param principalAscName
1305: * @param principalDescName
1306: */
1307: public void deleteInheritance(String principalAscName,
1308: String principalDescName) throws AuthorizationException {
1309:
1310: PreparedStatement pst;
1311: Connection conn = null;
1312: try {
1313: conn = connectionFactory.getConnection();
1314: //get principalAsc id
1315: pst = conn.prepareStatement(props
1316: .getProperty(READ_PRINCIPAL_ID));
1317: pst.setString(1, principalAscName);
1318: ResultSet rs = pst.executeQuery();
1319: rs.next();
1320: int principalAscId = rs.getInt(1);
1321: rs.close();
1322:
1323: //get principalDesc id
1324: pst.setString(1, principalDescName);
1325: rs = pst.executeQuery();
1326: rs.next();
1327: int principalDescId = rs.getInt(1);
1328: rs.close();
1329: pst.close();
1330:
1331: //delete the principal inheritance
1332: pst = conn.prepareStatement(props
1333: .getProperty(DELETE_PRINCIPAL_INHERITANCE));
1334: pst.setInt(1, principalAscId);
1335: pst.setInt(2, principalDescId);
1336: pst.executeUpdate();
1337:
1338: pst.close();
1339:
1340: RolePrincipal principalAsc = (RolePrincipal) principals
1341: .get(principalAscName);
1342: principalAsc.getDescendants().remove(
1343: principals.get(principalDescName));
1344:
1345: logger.info("Inheritance beteween principal "
1346: + principalAscName + " and " + principalDescName
1347: + " was been deleted.");
1348: } catch (SQLException e) {
1349: logger.log(Level.SEVERE,
1350: "assemblyPrincipalHierarchy(RolePrincipal)", e);
1351: } finally {
1352: try {
1353: conn.close();
1354: } catch (SQLException e1) {
1355: logger
1356: .log(
1357: Level.SEVERE,
1358: "assemblyPrincipalHierarchy(RolePrincipal)",
1359: e1);
1360: }
1361: }
1362: }
1363:
1364: /**
1365: * import required datas from XML datastore.
1366: */
1367: private void insertRequiredData() {
1368: AuthorizationManager authManager = new XmlAuthorizationManager();
1369: Map options = new HashMap();
1370: String XmlFileLocation = dbPropertiesLocation.substring(0,
1371: dbPropertiesLocation.lastIndexOf('/'))
1372: + "/jGuardPrincipalsPermissions.xml";
1373: options.put(SecurityConstants.AUTHORIZATION_XML_FILE_LOCATION,
1374: XmlFileLocation);
1375: options.put(CoreConstants.APPLICATION_NAME,
1376: this .applicationName);
1377: authManager.init(options);
1378:
1379: try {
1380: importAuthorizationManager(authManager);
1381: } catch (AuthorizationException e) {
1382: logger
1383: .severe(" error importing AuthorizationManager with options "
1384: + options);
1385: }
1386:
1387: }
1388:
1389: public boolean isEmpty() {
1390: List selectQueries = new ArrayList();
1391: selectQueries.add("PRINCIPALS");
1392: selectQueries.add("ALL_PERMISSIONS");
1393: selectQueries.add("DOMAINS");
1394: return DatabaseUtils.isEmpty(this.props, connectionFactory,
1395: selectQueries);
1396:
1397: }
1398:
1399: }
|