001: /*
002: * Copyright 2004 Anite - Central Government Division
003: * http://www.anite.com/publicsector
004: *
005: * Licensed under the Apache License, Version 2.0 (the "License");
006: * you may not use this file except in compliance with the License.
007: * You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */
017:
018: package com.anite.antelope.security;
019:
020: import org.apache.commons.logging.Log;
021: import org.apache.commons.logging.LogFactory;
022: import org.apache.fulcrum.security.GroupManager;
023: import org.apache.fulcrum.security.PermissionManager;
024: import org.apache.fulcrum.security.RoleManager;
025: import org.apache.fulcrum.security.SecurityService;
026: import org.apache.fulcrum.security.UserManager;
027: import org.apache.fulcrum.security.entity.Group;
028: import org.apache.fulcrum.security.entity.Permission;
029: import org.apache.fulcrum.security.entity.Role;
030: import org.apache.fulcrum.security.entity.User;
031: import org.apache.fulcrum.security.model.dynamic.DynamicModelManager;
032: import org.apache.fulcrum.security.model.dynamic.entity.DynamicGroup;
033: import org.apache.fulcrum.security.model.dynamic.entity.DynamicUser;
034: import org.apache.fulcrum.security.util.DataBackendException;
035: import org.apache.fulcrum.security.util.EntityExistsException;
036: import org.apache.fulcrum.security.util.UnknownEntityException;
037: import org.apache.turbine.services.InitializationException;
038:
039: import com.anite.antelope.utils.AvalonServiceHelper;
040:
041: /**
042: * This class has standard code in it that helps the workflow engine work
043: * with the Fulcrum security API.
044: *
045: * Specifically whenever a user is created a group and role and permission
046: * with the same name is created and granted. If it does exist it is simply granted.
047: *
048: * @author Ben.Gidley
049: */
050: public class UserGroupPermissionsHelper {
051:
052: private final static Log log = LogFactory
053: .getLog(UserGroupPermissionsHelper.class);
054:
055: private static UserGroupPermissionsHelper instance;
056:
057: private UserManager userManager;
058:
059: private DynamicModelManager modelManager;
060:
061: private GroupManager groupManager;
062:
063: private PermissionManager permissionManager;
064:
065: private RoleManager roleManager;
066:
067: private SecurityService securityService;
068:
069: private UserGroupPermissionsHelper() {
070: try {
071: SecurityService securityService = AvalonServiceHelper
072: .instance().getSecurityService();
073: this .securityService = securityService;
074: this .userManager = securityService.getUserManager();
075: this .groupManager = securityService.getGroupManager();
076: this .modelManager = (DynamicModelManager) securityService
077: .getModelManager();
078: this .roleManager = securityService.getRoleManager();
079: this .permissionManager = securityService
080: .getPermissionManager();
081:
082: } catch (InitializationException e) {
083: log.error("Could not get security service", e);
084: throw new RuntimeException(e);
085: }
086:
087: }
088:
089: public static UserGroupPermissionsHelper getInstance() {
090: if (instance == null) {
091: instance = new UserGroupPermissionsHelper();
092: }
093: return instance;
094: }
095:
096: /**
097: * Create a fulcrum user and a group/role/permission for it
098: * @param userName
099: * @param password
100: * @return
101: * @throws EntityExistsException
102: * @throws DataBackendException
103: * @throws UnknownEntityException
104: */
105: public User createUser(String userName, String password)
106: throws EntityExistsException, DataBackendException,
107: UnknownEntityException {
108: if (userManager.checkExists(userName)) {
109: throw new EntityExistsException(userName);
110: }
111:
112: User user = userManager.getUserInstance(userName);
113: userManager.addUser(user, password);
114:
115: Group group = createOrFetchGroup(userName);
116:
117: modelManager.grant(user, group);
118: return user;
119:
120: }
121:
122: /**
123: * Create or fetch a group (and role/permission) for that group)
124: * @param groupName
125: * @return
126: * @throws DataBackendException
127: * @throws UnknownEntityException
128: * @throws EntityExistsException
129: */
130: public Group createOrFetchGroup(String groupName)
131: throws DataBackendException, UnknownEntityException,
132: EntityExistsException {
133:
134: if (groupManager.checkExists(groupName)) {
135: return groupManager.getGroupByName(groupName);
136: } else {
137: Group group = groupManager.getGroupInstance(groupName);
138: groupManager.addGroup(group);
139:
140: Permission permission;
141: if (permissionManager.checkExists(groupName)) {
142: permission = permissionManager
143: .getPermissionByName(groupName);
144: } else {
145: permission = permissionManager
146: .getPermissionInstance(groupName);
147: permissionManager.addPermission(permission);
148: }
149:
150: Role role;
151: if (roleManager.checkExists(groupName)) {
152: role = roleManager.getRoleByName(groupName);
153: } else {
154: role = roleManager.getRoleInstance(groupName);
155: roleManager.addRole(role);
156: }
157:
158: modelManager.grant(role, permission);
159: modelManager.grant(group, role);
160: return group;
161: }
162: }
163:
164: public DynamicGroup getUserGroup(DynamicUser user) {
165: return (DynamicGroup) user.getGroups().getGroupsArray()[0];
166: }
167:
168: public void grantUserGroup(DynamicUser user, DynamicGroup newGroup)
169: throws Exception {
170: modelManager.grant(user, newGroup);
171: }
172:
173: public void revokeUserGroup(DynamicUser user, DynamicGroup newGroup)
174: throws Exception {
175: modelManager.revoke(user, getUserGroup(user));
176: }
177:
178: /**
179: * @return Returns the groupManager.
180: */
181: public GroupManager getGroupManager() {
182: return groupManager;
183: }
184:
185: /**
186: * @return Returns the modelManager.
187: */
188: public DynamicModelManager getModelManager() {
189: return modelManager;
190: }
191:
192: /**
193: * @return Returns the permissionManager.
194: */
195: public PermissionManager getPermissionManager() {
196: return permissionManager;
197: }
198:
199: /**
200: * @return Returns the roleManager.
201: */
202: public RoleManager getRoleManager() {
203: return roleManager;
204: }
205:
206: /**
207: * @return Returns the userManager.
208: */
209: public UserManager getUserManager() {
210: return userManager;
211: }
212:
213: /**
214: * @return Returns the securityService.
215: */
216: public SecurityService getSecurityService() {
217: return securityService;
218: }
219: }
|