Java tutorial
/*L * Copyright Ekagra Software Technologies Ltd. * Copyright SAIC, SAIC-Frederick * * Distributed under the OSI-approved BSD 3-Clause License. * See http://ncip.github.com/common-security-module/LICENSE.txt for details. */ package gov.nih.nci.security.dao; /** * *<!-- LICENSE_TEXT_START --> * *The NCICB Common Security Module (CSM) Software License, Version 3.0 Copyright *2004-2005 Ekagra Software Technologies Limited ('Ekagra') * *Copyright Notice. The software subject to this notice and license includes both *human readable source code form and machine readable, binary, object code form *(the 'CSM Software'). The CSM Software was developed in conjunction with the *National Cancer Institute ('NCI') by NCI employees and employees of Ekagra. To *the extent government employees are authors, any rights in such works shall be *subject to Title 17 of the United States Code, section 105. * *This CSM Software License (the 'License') is between NCI and You. 'You (or *'Your') shall mean a person or an entity, and all other entities that control, *are controlled by, or are under common control with the entity. 'Control' for *purposes of this definition means (i) the direct or indirect power to cause the *direction or management of such entity, whether by contract or otherwise, or *(ii) ownership of fifty percent (50%) or more of the outstanding shares, or *(iii) beneficial ownership of such entity. * *This License is granted provided that You agree to the conditions described *below. NCI grants You a non-exclusive, worldwide, perpetual, fully-paid-up, *no-charge, irrevocable, transferable and royalty-free right and license in its *rights in the CSM Software to (i) use, install, access, operate, execute, copy, *modify, translate, market, publicly display, publicly perform, and prepare *derivative works of the CSM Software; (ii) distribute and have distributed to *and by third parties the CSM Software and any modifications and derivative works *thereof; and (iii) sublicense the foregoing rights set out in (i) and (ii) to *third parties, including the right to license such rights to further third *parties. For sake of clarity, and not by way of limitation, NCI shall have no *right of accounting or right of payment from You or Your sublicensees for the *rights granted under this License. This License is granted at no charge to You. * *1. Your redistributions of the source code for the Software must retain the *above copyright notice, this list of conditions and the disclaimer and *limitation of liability of Article 6 below. Your redistributions in object code *form must reproduce the above copyright notice, this list of conditions and the *disclaimer of Article 6 in the documentation and/or other materials provided *with the distribution, if any. *2. Your end-user documentation included with the redistribution, if any, must *include the following acknowledgment: 'This product includes software developed *by Ekagra and the National Cancer Institute.' If You do not include such *end-user documentation, You shall include this acknowledgment in the Software *itself, wherever such third-party acknowledgments normally appear. * *3. You may not use the names 'The National Cancer Institute', 'NCI' 'Ekagra *Software Technologies Limited' and 'Ekagra' to endorse or promote products *derived from this Software. This License does not authorize You to use any *trademarks, service marks, trade names, logos or product names of either NCI or *Ekagra, except as required to comply with the terms of this License. * *4. For sake of clarity, and not by way of limitation, You may incorporate this *Software into Your proprietary programs and into any third party proprietary *programs. However, if You incorporate the Software into third party proprietary *programs, You agree that You are solely responsible for obtaining any permission *from such third parties required to incorporate the Software into such third *party proprietary programs and for informing Your sublicensees, including *without limitation Your end-users, of their obligation to secure any required *permissions from such third parties before incorporating the Software into such *third party proprietary software programs. In the event that You fail to obtain *such permissions, You agree to indemnify NCI for any claims against NCI by such *third parties, except to the extent prohibited by law, resulting from Your *failure to obtain such permissions. * *5. For sake of clarity, and not by way of limitation, You may add Your own *copyright statement to Your modifications and to the derivative works, and You *may provide additional or different license terms and conditions in Your *sublicenses of modifications of the Software, or any derivative works of the *Software as a whole, provided Your use, reproduction, and distribution of the *Work otherwise complies with the conditions stated in this License. * *6. THIS SOFTWARE IS PROVIDED 'AS IS,' AND ANY EXPRESSED OR IMPLIED WARRANTIES, *(INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, *NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE) ARE DISCLAIMED. IN NO *EVENT SHALL THE NATIONAL CANCER INSTITUTE, EKAGRA, OR THEIR AFFILIATES BE LIABLE *FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL *DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR *SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER *CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR *TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF *THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * *<!-- LICENSE_TEXT_END --> * */ import gov.nih.nci.logging.api.logger.hibernate.HibernateSessionFactoryHelper; import gov.nih.nci.security.authentication.helper.RDBMSHelper; import gov.nih.nci.security.authorization.ObjectAccessMap; import gov.nih.nci.security.authorization.ObjectPrivilegeMap; import gov.nih.nci.security.authorization.domainobjects.Application; import gov.nih.nci.security.authorization.domainobjects.ApplicationContext; import gov.nih.nci.security.authorization.domainobjects.Group; import gov.nih.nci.security.authorization.domainobjects.InstanceLevelMappingElement; import gov.nih.nci.security.authorization.domainobjects.Privilege; import gov.nih.nci.security.authorization.domainobjects.ProtectionElement; import gov.nih.nci.security.authorization.domainobjects.ProtectionElementPrivilegeContext; import gov.nih.nci.security.authorization.domainobjects.ProtectionGroup; import gov.nih.nci.security.authorization.domainobjects.ProtectionGroupRoleContext; import gov.nih.nci.security.authorization.domainobjects.Role; import gov.nih.nci.security.authorization.domainobjects.User; import gov.nih.nci.security.authorization.domainobjects.UserGroupRoleProtectionGroup; import gov.nih.nci.security.authorization.jaas.AccessPermission; import gov.nih.nci.security.constants.Constants; import gov.nih.nci.security.dao.hibernate.ProtectionGroupProtectionElement; import gov.nih.nci.security.dao.hibernate.UserGroup; import gov.nih.nci.security.exceptions.CSConfigurationException; import gov.nih.nci.security.exceptions.CSDataAccessException; import gov.nih.nci.security.exceptions.CSException; import gov.nih.nci.security.exceptions.CSObjectNotFoundException; import gov.nih.nci.security.exceptions.CSTransactionException; import gov.nih.nci.security.exceptions.internal.CSInternalConfigurationException; import gov.nih.nci.security.util.ConfigurationHelper; import gov.nih.nci.security.util.ObjectUpdater; import gov.nih.nci.security.util.StringEncrypter; import gov.nih.nci.security.util.StringUtilities; import gov.nih.nci.security.util.StringEncrypter.EncryptionException; import java.lang.reflect.Field; import java.lang.reflect.Method; import java.lang.reflect.Modifier; import java.security.Principal; import java.sql.Connection; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; import java.util.ArrayList; import java.util.Collection; import java.util.Collections; import java.util.Date; import java.util.Enumeration; import java.util.HashMap; import java.util.HashSet; import java.util.Hashtable; import java.util.Iterator; import java.util.List; import java.util.Set; import java.util.TreeSet; import java.util.regex.Pattern; import javax.security.auth.Subject; import javax.security.auth.login.LoginException; import org.hibernate.Criteria; import org.hibernate.HibernateException; import org.hibernate.PropertyValueException; import org.hibernate.Query; import org.hibernate.Session; import org.hibernate.SessionFactory; import org.hibernate.Transaction; import org.hibernate.criterion.Example; import org.hibernate.criterion.Restrictions; import org.hibernate.exception.ConstraintViolationException; import org.hibernate.exception.GenericJDBCException; import org.apache.commons.configuration.DataConfiguration; import org.apache.log4j.Logger; /** * @author parmarv * */ public class AuthorizationDAOImpl implements AuthorizationDAO { static final Logger log = Logger.getLogger(AuthorizationDAOImpl.class.getName()); /** * auditLog is an instance of Logger , which is used for Audit Logging */ private static final Logger auditLog = Logger.getLogger("CSM.Audit.Logging.Event.Authorization"); private SessionFactory sf = null; private Application application = null; private boolean isEncryptionEnabled = true; private String typeOfAccess = "MIXED"; private static final String SEPERATOR = "#@#"; private String localUserOrGroupName = ""; private int cacheLevel = 0; private HashMap localCache = new HashMap(); public AuthorizationDAOImpl(SessionFactory sf, String applicationContextName) throws CSConfigurationException { setHibernateSessionFactory(sf); Application app; try { app = this.getApplicationByName(applicationContextName); } catch (CSObjectNotFoundException e) { if (log.isDebugEnabled()) log.debug("Authorization|" + applicationContextName + "||AuthorizationDAOImpl|Failure|No Application found for the Context Name|"); throw new CSConfigurationException("No Application found for the Context Name. " + e.getMessage()); } if (app == null) { if (log.isDebugEnabled()) log.debug("Authorization|" + applicationContextName + "||AuthorizationDAOImpl|Failure|No Application found for the Context Name|"); throw new CSConfigurationException("Unable to retrieve Application with this Context Name"); } this.setApplication(app); if (log.isDebugEnabled()) log.debug("Authorization|" + applicationContextName + "||AuthorizationDAOImpl|Success|Instantiated AuthorizationDAOImpl|"); } public AuthorizationDAOImpl(SessionFactory sf, String applicationContextName, String userOrGroupName, boolean isUserName) { setHibernateSessionFactory(sf); try { Application app = this.getApplicationByName(applicationContextName); if (app == null) { if (log.isDebugEnabled()) log.debug("Authorization|" + applicationContextName + "||AuthorizationDAOImpl|Failure|No Application found for the Context Name|"); throw new Exception("Unable to retrieve Application with this Context Name"); } this.setApplication(app); } catch (Exception ex) { if (log.isDebugEnabled()) log.debug("Authorization|" + applicationContextName + "||AuthorizationDAOImpl|Failure|Cannot instantiate AuthorizationDAOImpl|" + ex.getMessage()); throw new RuntimeException("Unable to Instantiate the AuthorizationDAOImpl"); } populateCache(userOrGroupName, isUserName); localUserOrGroupName = userOrGroupName; if (isUserName) cacheLevel = 1; else cacheLevel = 2; if (log.isDebugEnabled()) log.debug("Authorization|" + applicationContextName + "||AuthorizationDAOImpl|Success|Instantiated AuthorizationDAOImpl|"); } private void populateCache(String userOrGroupName, boolean isUserName) { Collection protectionElementPrivilegeContexts = null; if (isUserName) { User user = getUser(userOrGroupName); if (user == null) { throw new RuntimeException("User Name doesnot Exist"); } try { protectionElementPrivilegeContexts = getProtectionElementPrivilegeContextForUser( user.getUserId().toString()); } catch (CSObjectNotFoundException e) { throw new RuntimeException("User Name doesnot Exist"); } } else { Group group = new Group(); group.setGroupName(userOrGroupName); List groups = getObjects(new GroupSearchCriteria(group)); if (groups == null || groups.size() == 0) { throw new RuntimeException("Group Name doesnot Exist"); } try { protectionElementPrivilegeContexts = getProtectionElementPrivilegeContextForGroup( ((Group) groups.get(0)).getGroupId().toString()); } catch (CSObjectNotFoundException e) { throw new RuntimeException("Group Name doesnot Exist"); } } if (protectionElementPrivilegeContexts != null && protectionElementPrivilegeContexts.size() != 0) { Iterator iterator = protectionElementPrivilegeContexts.iterator(); String key = null; while (iterator.hasNext()) { ProtectionElementPrivilegeContext protectionElementPrivilegeContext = (ProtectionElementPrivilegeContext) iterator .next(); ProtectionElement protectionElement = protectionElementPrivilegeContext.getProtectionElement(); Set privileges = protectionElementPrivilegeContext.getPrivileges(); Iterator iterator2 = privileges.iterator(); List privilegesName = new ArrayList(); while (iterator2.hasNext()) { privilegesName.add(((Privilege) iterator2.next()).getName()); } if (protectionElement.getAttribute() != null && protectionElement.getAttribute().trim().length() != 0) key = protectionElement.getObjectId() + AuthorizationDAOImpl.SEPERATOR + protectionElement.getAttribute(); else key = protectionElement.getObjectId(); localCache.put(key, privilegesName); } } if (log.isDebugEnabled()) { if (isUserName) log.debug("Authorization|||populateCache|Success|Loaded Cache for User " + userOrGroupName + "|"); else log.debug("Authorization|||populateCache|Success|Loaded Cache for Group " + userOrGroupName + "|"); } } private boolean checkCachedPermission(String userOrGroupName, String objectId, String attribute, String privilege) { boolean isAllowed = false; String key = null; List privileges = null; if (attribute != null) key = objectId + AuthorizationDAOImpl.SEPERATOR + attribute; else key = objectId; if (localCache.containsKey(key)) { privileges = (List) localCache.get(key); } if (privileges != null && (privileges.contains("OWNER") || privileges.contains(privilege))) isAllowed = true; return isAllowed; } public void finalize() throws Throwable { super.finalize(); } public void setHibernateSessionFactory(SessionFactory sf) { this.sf = sf; } public boolean checkPermissionForUserProvisioningOperation(String linkName, String loginName, String applicationContext) throws CSTransactionException { ResultSet rs = null; PreparedStatement preparedStatement = null; Session s = null; Long applId = 0L; Connection connection = null; if (StringUtilities.isBlank(linkName)) { throw new CSTransactionException("Link name :" + linkName + " can't be null!"); } if (StringUtilities.isBlank(loginName)) { throw new CSTransactionException("User loninName :" + loginName + " can't be null!"); } try { s = HibernateSessionFactoryHelper.getAuditSession(sf); connection = s.connection(); if (this.application.getApplicationName().equals(applicationContext)) applId = this.application.getApplicationId(); else applId = getApplicationByName(applicationContext).getApplicationId(); preparedStatement = Queries.getQueryforUptOperationPE(linkName, loginName, applId, connection); rs = preparedStatement.executeQuery(); if (rs.next()) return false; } catch (Exception ex) { if (log.isDebugEnabled()) log.debug("Failed to get checkLinkAccessible for " + linkName + "|" + ex.getMessage()); throw new CSTransactionException( "Failed to get checkLinkAccessible for " + linkName + "|" + ex.getMessage(), ex); } finally { try { s.close(); rs.close(); preparedStatement.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||checkLinkAccessible|Failure|Error in Closing Session |" + ex2.getMessage()); } } return true; } /* * (non-Javadoc) * * @see gov.nih.nci.security.UserProvisioningManager#assignUserToGroup(java.lang.String, * java.lang.String) */ public void assignUserToGroup(String userName, String groupName) throws CSTransactionException { Session s = null; Transaction t = null; try { if (StringUtilities.isBlank(userName)) { throw new CSTransactionException("The userName can't be null"); } if (StringUtilities.isBlank(groupName)) { throw new CSTransactionException("The groupName can't be null"); } Group group = getGroup(groupName); if (group == null) { throw new CSTransactionException("Group does not exist."); } User user = getUser(userName); if (user == null) { throw new CSTransactionException("User does not exist."); } try { user = (User) performEncrytionDecryption(user, true); } catch (EncryptionException e) { throw new CSObjectNotFoundException(e); } log.debug("The Group ID: " + group.getGroupId()); log.debug("The User ID: " + user.getUserId()); Set groups = getGroups("" + user.getUserId()); boolean hasGroupAlready = false; if ((null != groups) && (!groups.isEmpty())) { Iterator i = groups.iterator(); while (i.hasNext()) { Group temp = (Group) i.next(); if (group.getGroupName().equals(temp.getGroupName())) { hasGroupAlready = true; break; } } } s = HibernateSessionFactoryHelper.getAuditSession(sf); t = s.beginTransaction(); if (!hasGroupAlready) { UserGroup ug = new UserGroup(); ug.setGroup(group); ug.setUser(user); s.save(ug); } t.commit(); s.flush(); } catch (Exception ex) { log.error("Fatal error occurred while attempting to associate User " + userName + " with Group " + groupName, ex); try { t.rollback(); } catch (Exception ex3) { } throw new CSTransactionException("An error occurred in assignUserToGroup\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { } } auditLog.info("Assigning User " + userName + " to Group " + groupName); } public void addGroupsToUser(String userId, String[] groupIds) throws CSTransactionException { Session s = null; Transaction t = null; try { s = HibernateSessionFactoryHelper.getAuditSession(sf); User user = (User) s.load(User.class, new Long(userId)); if (user == null) throw new CSTransactionException( "Authorization|||addGroupsToUser || Unable to retrieve User with Id :" + userId); Set groupSet = user.getGroups(); if (groupSet == null) groupSet = new HashSet(); for (int i = 0; i < groupIds.length; i++) { boolean assigned = false; Iterator iterator = groupSet.iterator(); while (iterator.hasNext()) { Group group = (Group) iterator.next(); if (groupIds[i].equalsIgnoreCase(group.getGroupId().toString())) assigned = true; } if (!assigned) { Group group = (Group) s.load(Group.class, Long.parseLong(groupIds[i])); if (group != null) groupSet.add(group); } } t = s.beginTransaction(); s.update(user); t.commit(); s.flush(); } catch (Exception ex) { log.error(ex); try { t.rollback(); } catch (Exception ex3) { if (log.isDebugEnabled()) log.debug("Authorization|||addGroupsToUser|Failure|Error in Rolling Back Transaction|" + ex3.getMessage()); } if (log.isDebugEnabled()) log.debug("Authorization|||addGroupsToUser|Failure|Error occurred in assigning Groups " + StringUtilities.stringArrayToString(groupIds) + " to User " + userId + "|" + ex.getMessage()); throw new CSTransactionException("An error occurred in adding Groups to User\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||addGroupsToUser|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug("Authorization|||addGroupsToUser|Success|Successful in assigning Groups " + StringUtilities.stringArrayToString(groupIds) + " to User " + userId + "|"); auditLog.info("Assigning User " + userId + " to Groups"); } public void assignGroupsToUser(String userId, String[] groupIds) throws CSTransactionException { Session s = null; Transaction t = null; try { s = HibernateSessionFactoryHelper.getAuditSession(sf); User user = (User) this.getObjectByPrimaryKey(s, User.class, new Long(userId)); HashSet newGroups = new HashSet(); for (int k = 0; k < groupIds.length; k++) { Group group = (Group) this.getObjectByPrimaryKey(Group.class, groupIds[k]); if (group != null) { newGroups.add(group); } } user.setGroups(newGroups); try { user = (User) performEncrytionDecryption(user, true); } catch (EncryptionException e) { throw new CSObjectNotFoundException(e); } t = s.beginTransaction(); s.update(user); t.commit(); s.flush(); } catch (Exception ex) { log.error(ex); try { t.rollback(); } catch (Exception ex3) { if (log.isDebugEnabled()) log.debug("Authorization|||assignGroupsToUser|Failure|Error in Rolling Back Transaction|" + ex3.getMessage()); } if (log.isDebugEnabled()) log.debug("Authorization|||assignGroupsToUser|Failure|Error occurred in assigning Groups " + StringUtilities.stringArrayToString(groupIds) + " to User " + userId + "|" + ex.getMessage()); throw new CSTransactionException("An error occurred in assigning Groups to User\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||assignGroupsToUser|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug("Authorization|||assignGroupsToUser|Success|Successful in assigning Groups " + StringUtilities.stringArrayToString(groupIds) + " to User " + userId + "|"); auditLog.info("Assigning User " + userId + " to Groups"); } public void addUsersToGroup(String groupId, String[] userIds) throws CSTransactionException { Session s = null; Transaction t = null; try { s = HibernateSessionFactoryHelper.getAuditSession(sf); Group group = (Group) s.load(Group.class, new Long(groupId)); if (group == null) throw new CSTransactionException( "Authorization|||addUsersToGroup|| Unable to retrieve Group with Id :" + groupId); Set userSet = group.getUsers(); for (int k = 0; k < userIds.length; k++) { boolean assigned = false; Iterator iterator = userSet.iterator(); while (iterator.hasNext()) { User user = (User) iterator.next(); if (user.getUserId().toString().equalsIgnoreCase(userIds[k])) assigned = true; } if (!assigned) { User user = (User) s.load(User.class, Long.parseLong(userIds[k])); if (user != null) userSet.add(user); } } t = s.beginTransaction(); s.update(group); t.commit(); s.flush(); } catch (Exception ex) { log.error(ex); try { t.rollback(); } catch (Exception ex3) { if (log.isDebugEnabled()) log.debug("Authorization|||addUsersToGroup|Failure|Error in Rolling Back Transaction|" + ex3.getMessage()); } if (log.isDebugEnabled()) log.debug("Authorization|||addUsersToGroup|Failure|Error occurred in assigning Users " + StringUtilities.stringArrayToString(userIds) + " to Group " + groupId + "|" + ex.getMessage()); throw new CSTransactionException("An error occurred in adding Users to Group\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||addUsersToGroup|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug("Authorization|||addUsersToGroup|Success|Successful in assigning Users " + StringUtilities.stringArrayToString(userIds) + " to Group " + groupId + "|"); auditLog.info("Adding Group " + groupId + " to Users"); } public void assignUsersToGroup(String groupId, String[] userIds) throws CSTransactionException { Session s = null; Transaction t = null; try { s = HibernateSessionFactoryHelper.getAuditSession(sf); Group group = (Group) this.getObjectByPrimaryKey(s, Group.class, new Long(groupId)); HashSet newUsers = new HashSet(); for (int k = 0; k < userIds.length; k++) { User user = (User) this.getObjectByPrimaryKey(User.class, userIds[k]); try { user = (User) performEncrytionDecryption(user, true); } catch (EncryptionException e) { throw new CSObjectNotFoundException(e); } if (user != null) { newUsers.add(user); } } group.setUsers(newUsers); t = s.beginTransaction(); s.update(group); t.commit(); s.flush(); } catch (Exception ex) { log.error(ex); try { t.rollback(); } catch (Exception ex3) { if (log.isDebugEnabled()) log.debug("Authorization|||assignUsersToGroup|Failure|Error in Rolling Back Transaction|" + ex3.getMessage()); } if (log.isDebugEnabled()) log.debug("Authorization|||assignUsersToGroup|Failure|Error occurred in assigning Users " + StringUtilities.stringArrayToString(userIds) + " to Group " + groupId + "|" + ex.getMessage()); throw new CSTransactionException("An error occurred in assigning Users to Group\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||assignUsersToGroup|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug("Authorization|||assignUsersToGroup|Success|Successful in assigning Users " + StringUtilities.stringArrayToString(userIds) + " to Group " + groupId + "|"); auditLog.info("Assigning Group " + groupId + " to Users"); } /* * (non-Javadoc) * * @see gov.nih.nci.security.dao.AuthorizationDAO#assignGroupRoleToProtectionGroup(java.lang.String, * java.lang.String, java.lang.String) */ public void addGroupRoleToProtectionGroup(String protectionGroupId, String groupId, String[] rolesId) throws CSTransactionException { Session s = null; Transaction t = null; ArrayList roles = new ArrayList(); try { s = HibernateSessionFactoryHelper.getAuditSession(sf); for (int i = 0; i < rolesId.length; i++) { Role role = (Role) this.getObjectByPrimaryKey(s, Role.class, new Long(rolesId[i])); roles.add(role); } ProtectionGroup pgroup = (ProtectionGroup) s.load(ProtectionGroup.class, new Long(protectionGroupId)); if (pgroup == null) throw new CSTransactionException( "Authorization|||addGroupRoleToProtectionGroup || Unable to retrieve Protection Group with Id :" + protectionGroupId); Group group = (Group) s.load(Group.class, new Long(groupId)); if (group == null) throw new CSTransactionException( "Authorization|||addGroupRoleToProtectionGroup || Unable to retrieve Group with Id :" + groupId); Criteria criteria = s.createCriteria(UserGroupRoleProtectionGroup.class); criteria.add(Restrictions.eq("protectionGroup", pgroup)); criteria.add(Restrictions.eq("group", group)); List list = criteria.list(); for (int k = 0; k < list.size(); k++) { UserGroupRoleProtectionGroup ugrpg = (UserGroupRoleProtectionGroup) list.get(k); Role r = ugrpg.getRole(); if (roles.contains(r)) { roles.remove(r); } } t = s.beginTransaction(); for (int j = 0; j < roles.size(); j++) { Role leftOverRole = (Role) roles.get(j); UserGroupRoleProtectionGroup toBeSaved = new UserGroupRoleProtectionGroup(); toBeSaved.setGroup(group); toBeSaved.setProtectionGroup(pgroup); toBeSaved.setRole(leftOverRole); toBeSaved.setUpdateDate(new Date()); s.save(toBeSaved); } t.commit(); s.flush(); auditLog.info("Adding Roles to Group " + group.getGroupName() + " for Protection Group " + pgroup.getProtectionGroupName()); } catch (Exception ex) { log.error(ex); try { t.rollback(); } catch (Exception ex3) { if (log.isDebugEnabled()) log.debug("Authorization|||addGroupsToUser|Failure|Error in Rolling Back Transaction|" + ex3.getMessage()); } if (log.isDebugEnabled()) log.debug("Authorization|||addGroupRoleToProtectionGroup|Failure|Error Occured in assigning Roles " + StringUtilities.stringArrayToString(rolesId) + " to Group " + groupId + " and Protection Group" + protectionGroupId + "|" + ex.getMessage()); throw new CSTransactionException( "An error occurred in adding Protection Group and Roles to a Group\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||addGroupRoleToProtectionGroup|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug("Authorization|||GroupRoleToProtectionGroup|Success|Successful in assigning Roles " + StringUtilities.stringArrayToString(rolesId) + " to Group " + groupId + " and Protection Group" + protectionGroupId + "|"); } /* * (non-Javadoc) * * @see gov.nih.nci.security.dao.AuthorizationDAO#assignGroupRoleToProtectionGroup(java.lang.String, * java.lang.String, java.lang.String) */ public void assignGroupRoleToProtectionGroup(String protectionGroupId, String groupId, String[] rolesId) throws CSTransactionException { Session s = null; Transaction t = null; ArrayList roles = new ArrayList(); try { s = HibernateSessionFactoryHelper.getAuditSession(sf); for (int i = 0; i < rolesId.length; i++) { Role role = (Role) this.getObjectByPrimaryKey(s, Role.class, new Long(rolesId[i])); roles.add(role); } ProtectionGroup pgroup = (ProtectionGroup) this.getObjectByPrimaryKey(s, ProtectionGroup.class, new Long(protectionGroupId)); Group group = (Group) this.getObjectByPrimaryKey(s, Group.class, new Long(groupId)); Criteria criteria = s.createCriteria(UserGroupRoleProtectionGroup.class); criteria.add(Restrictions.eq("protectionGroup", pgroup)); criteria.add(Restrictions.eq("group", group)); List list = criteria.list(); t = s.beginTransaction(); for (int k = 0; k < list.size(); k++) { UserGroupRoleProtectionGroup ugrpg = (UserGroupRoleProtectionGroup) list.get(k); Role r = ugrpg.getRole(); if (!roles.contains(r)) { s.delete(ugrpg); } else { roles.remove(r); } } for (int j = 0; j < roles.size(); j++) { Role leftOverRole = (Role) roles.get(j); UserGroupRoleProtectionGroup toBeSaved = new UserGroupRoleProtectionGroup(); toBeSaved.setGroup(group); toBeSaved.setProtectionGroup(pgroup); toBeSaved.setRole(leftOverRole); toBeSaved.setUpdateDate(new Date()); s.save(toBeSaved); } t.commit(); s.flush(); auditLog.info("Assigning Roles to Group " + group.getGroupName() + " for Protection Group " + pgroup.getProtectionGroupName()); } catch (Exception ex) { log.error(ex); try { t.rollback(); } catch (Exception ex3) { if (log.isDebugEnabled()) log.debug("Authorization|||assignGroupsToUser|Failure|Error in Rolling Back Transaction|" + ex3.getMessage()); } if (log.isDebugEnabled()) log.debug( "Authorization|||assignGroupRoleToProtectionGroup|Failure|Error Occured in assigning Roles " + StringUtilities.stringArrayToString(rolesId) + " to Group " + groupId + " and Protection Group" + protectionGroupId + "|" + ex.getMessage()); throw new CSTransactionException( "An error occurred in assigning Protection Group and Roles to a Group\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||assignGroupRoleToProtectionGroup|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug("Authorization|||assignGroupRoleToProtectionGroup|Success|Successful in assigning Roles " + StringUtilities.stringArrayToString(rolesId) + " to Group " + groupId + " and Protection Group" + protectionGroupId + "|"); } /* * (non-Javadoc) * * @see gov.nih.nci.security.dao.AuthorizationDAO#assignPrivilegesToRole(java.lang.String[], * java.lang.String) */ public void addPrivilegesToRole(String roleId, String[] privilegeIds) throws CSTransactionException { Session s = null; Transaction t = null; try { s = HibernateSessionFactoryHelper.getAuditSession(sf); Role role = (Role) s.load(Role.class, new Long(roleId)); if (role == null) throw new CSTransactionException( "Authorization|||addPrivilegesToRole|| Unable to retrieve Role with Id :" + roleId); Set<Privilege> privs = role.getPrivileges(); for (int k = 0; k < privilegeIds.length; k++) { boolean assigned = false; if (privilegeIds[k] != null && privilegeIds[k].length() > 0) { Privilege pr = (Privilege) s.load(Privilege.class, new Long(privilegeIds[k])); if (pr != null) { Iterator it = privs.iterator(); while (it.hasNext()) { Privilege p = (Privilege) it.next(); if (p.equals(pr)) assigned = true; } if (!assigned) privs.add(pr); } } } role.setPrivileges(privs); t = s.beginTransaction(); s.update(role); t.commit(); s.flush(); auditLog.info("Adding Privileges to Role " + role.getName()); } catch (Exception ex) { log.error(ex); try { t.rollback(); } catch (Exception ex3) { if (log.isDebugEnabled()) log.debug("Authorization|||addPrivilegesToRole|Failure|Error in Rolling Back Transaction|" + ex3.getMessage()); } if (log.isDebugEnabled()) log.debug("Authorization|||addPrivilegesToRole|Failure|Error Occured in assigning Privilege " + StringUtilities.stringArrayToString(privilegeIds) + " to Role " + roleId + "|" + ex.getMessage()); throw new CSTransactionException("An error occurred in adding Privileges to Role\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||addPrivilegesToRole|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug("Authorization|||addPrivilegesToRole|Success|Success in assigning Privilege " + StringUtilities.stringArrayToString(privilegeIds) + " to Role " + roleId + "|"); } /* * (non-Javadoc) * * @see gov.nih.nci.security.dao.AuthorizationDAO#assignPrivilegesToRole(java.lang.String[], * java.lang.String) */ public void assignPrivilegesToRole(String roleId, String[] privilegeIds) throws CSTransactionException { Session s = null; Transaction t = null; try { s = HibernateSessionFactoryHelper.getAuditSession(sf); Role role = (Role) this.getObjectByPrimaryKey(s, Role.class, new Long(roleId)); //Set currPriv = role.getPrivileges(); Set newPrivs = new HashSet(); for (int k = 0; k < privilegeIds.length; k++) { log.debug("The new list:" + privilegeIds[k]); Privilege pr = (Privilege) this.getObjectByPrimaryKey(Privilege.class, privilegeIds[k]); if (pr != null) { newPrivs.add(pr); } } role.setPrivileges(newPrivs); t = s.beginTransaction(); s.update(role); t.commit(); s.flush(); auditLog.info("Assigning Privileges to Role " + role.getName()); } catch (Exception ex) { log.error(ex); try { t.rollback(); } catch (Exception ex3) { if (log.isDebugEnabled()) log.debug("Authorization|||assignPrivilegesToRole|Failure|Error in Rolling Back Transaction|" + ex3.getMessage()); } if (log.isDebugEnabled()) log.debug("Authorization|||assignPrivilegesToRole|Failure|Error Occured in assigning Privilege " + StringUtilities.stringArrayToString(privilegeIds) + " to Role " + roleId + "|" + ex.getMessage()); throw new CSTransactionException( "An error occurred in assigning Privileges to Role\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||assignPrivilegesToRole|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug("Authorization|||assignPrivilegesToRole|Success|Success in assigning Privilege " + StringUtilities.stringArrayToString(privilegeIds) + " to Role " + roleId + "|"); } /* * (non-Javadoc) * * @see gov.nih.nci.security.dao.AuthorizationDAO#assignProtectionElements(java.lang.String, * java.lang.String[], java.lang.String[]) */ public void assignProtectionElement(String protectionGroupName, String protectionElementObjectId, String protectionElementAttributeName) throws CSTransactionException { Session s = null; Transaction t = null; try { s = HibernateSessionFactoryHelper.getAuditSession(sf); t = s.beginTransaction(); if (StringUtilities.isBlank(protectionGroupName)) { throw new CSTransactionException("The protectionGroupName can't be null"); } if (StringUtilities.isBlank(protectionElementObjectId)) { throw new CSTransactionException("The protectionElementObjectId can't be null"); } ProtectionGroup protectionGroup = getProtectionGroup(protectionGroupName); ProtectionElement protectionElement = getProtectionElement(protectionElementObjectId, protectionElementAttributeName); Criteria criteria = s.createCriteria(ProtectionGroupProtectionElement.class); criteria.add(Restrictions.eq("protectionGroup", protectionGroup)); criteria.add(Restrictions.eq("protectionElement", protectionElement)); List list = criteria.list(); if (list.size() == 0) { ProtectionGroupProtectionElement pgpe = new ProtectionGroupProtectionElement(); pgpe.setProtectionElement(protectionElement); pgpe.setProtectionGroup(protectionGroup); pgpe.setUpdateDate(new Date()); s.save(pgpe); } else { throw new CSTransactionException("This association already exist!"); } t.commit(); s.flush(); auditLog.info("Assigning Protection Element with Object Id " + protectionElementObjectId + "Attribute " + protectionElementAttributeName + "to Protection Group" + protectionGroupName); } catch (Exception ex) { log.error(ex); try { t.rollback(); } catch (Exception ex3) { if (log.isDebugEnabled()) log.debug("Authorization|||assignProtectionElements|Failure|Error in Rolling Back Transaction|" + ex3.getMessage()); } if (log.isDebugEnabled()) log.debug( "Authorization|||assignProtectionElements|Failure|Error Occured in assigning Protection Element with Object Id " + protectionElementObjectId + " with protection element attribute " + protectionElementAttributeName + " to protection group name: " + protectionGroupName + "|" + ex.getMessage()); throw new CSTransactionException( "An error occurred in assigning Protection Element to Protection Group\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||assignProtectionElements|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug( "Authorization|||assignProtectionElements|Success|Successful in assigning Protection Element with Object Id " + protectionElementObjectId + " with protection element attribute " + protectionElementAttributeName + " to protection group name: " + protectionGroupName + "|"); } /* * (non-Javadoc) * * @see gov.nih.nci.security.dao.AuthorizationDAO#assignProtectionElement(java.lang.String, * java.lang.String[]) */ public void assignProtectionElement(String protectionGroupName, String protectionElementObjectId) throws CSTransactionException { this.assignProtectionElement(protectionGroupName, protectionElementObjectId, null); } /* * (non-Javadoc) * * @see gov.nih.nci.security.dao.AuthorizationDAO#assignUserRoleToProtectionGroup(java.lang.String, * java.lang.String[], java.lang.String) */ public void addUserRoleToProtectionGroup(String userId, String[] rolesId, String protectionGroupId) throws CSTransactionException { Session s = null; Transaction t = null; ArrayList roles = new ArrayList(); try { s = HibernateSessionFactoryHelper.getAuditSession(sf); for (int i = 0; i < rolesId.length; i++) { Role role = (Role) s.load(Role.class, new Long(rolesId[i])); if (role != null) roles.add(role); } ProtectionGroup pgroup = (ProtectionGroup) s.load(ProtectionGroup.class, new Long(protectionGroupId)); if (pgroup == null) throw new CSTransactionException( "Authorization|||addUserRoleToProtectionGroup || Unable to retrieve Protection Group with ID :" + protectionGroupId); User user = (User) s.load(User.class, new Long(userId)); if (user == null) throw new CSTransactionException( "Authorization|||addUserRoleToProtectionGroup || Unable to retrieve User with ID :" + userId); Criteria criteria = s.createCriteria(UserGroupRoleProtectionGroup.class); criteria.add(Restrictions.eq("protectionGroup", pgroup)); criteria.add(Restrictions.eq("user", user)); List list = criteria.list(); for (int k = 0; k < list.size(); k++) { UserGroupRoleProtectionGroup ugrpg = (UserGroupRoleProtectionGroup) list.get(k); Role r = ugrpg.getRole(); if (roles.contains(r)) { roles.remove(r); } } t = s.beginTransaction(); for (int j = 0; j < roles.size(); j++) { Role leftOverRole = (Role) roles.get(j); UserGroupRoleProtectionGroup toBeSaved = new UserGroupRoleProtectionGroup(); toBeSaved.setUser(user); toBeSaved.setProtectionGroup(pgroup); toBeSaved.setRole(leftOverRole); toBeSaved.setUpdateDate(new Date()); s.save(toBeSaved); } t.commit(); s.flush(); auditLog.info("Adding Roles to User " + user.getLoginName() + " for Protection Group " + pgroup.getProtectionGroupName()); } catch (Exception ex) { log.error(ex); try { t.rollback(); } catch (Exception ex3) { if (log.isDebugEnabled()) log.debug( "Authorization|||addUserRoleToProtectionGroup|Failure|Error in Rolling Back Transaction|" + ex3.getMessage()); } if (log.isDebugEnabled()) log.debug("Authorization|||addGroupRoleToProtectionGroup|Failure|Error Occured in adding Roles " + StringUtilities.stringArrayToString(rolesId) + " to User " + userId + " and Protection Group" + protectionGroupId + "|" + ex.getMessage()); throw new CSTransactionException( "An error occurred in adding Protection Group and Roles to a User\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||addUserRoleToProtectionGroup|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug("Authorization|||addGroupRoleToProtectionGroup|Success|Successful in assigning Roles " + StringUtilities.stringArrayToString(rolesId) + " to User " + userId + " and Protection Group" + protectionGroupId + "|"); } /* * (non-Javadoc) * * @see gov.nih.nci.security.dao.AuthorizationDAO#assignUserRoleToProtectionGroup(java.lang.String, * java.lang.String[], java.lang.String) */ public void assignUserRoleToProtectionGroup(String userId, String[] rolesId, String protectionGroupId) throws CSTransactionException { Session s = null; Transaction t = null; ArrayList roles = new ArrayList(); try { s = HibernateSessionFactoryHelper.getAuditSession(sf); for (int i = 0; i < rolesId.length; i++) { Role role = (Role) this.getObjectByPrimaryKey(s, Role.class, new Long(rolesId[i])); roles.add(role); } ProtectionGroup pgroup = (ProtectionGroup) this.getObjectByPrimaryKey(s, ProtectionGroup.class, new Long(protectionGroupId)); User user = (User) this.getObjectByPrimaryKey(s, User.class, new Long(userId)); try { user = (User) performEncrytionDecryption(user, true); } catch (EncryptionException e) { throw new CSObjectNotFoundException(e); } Criteria criteria = s.createCriteria(UserGroupRoleProtectionGroup.class); criteria.add(Restrictions.eq("protectionGroup", pgroup)); criteria.add(Restrictions.eq("user", user)); t = s.beginTransaction(); List list = criteria.list(); for (int k = 0; k < list.size(); k++) { UserGroupRoleProtectionGroup ugrpg = (UserGroupRoleProtectionGroup) list.get(k); Role r = ugrpg.getRole(); if (!roles.contains(r)) { s.delete(ugrpg); } else { roles.remove(r); } } for (int j = 0; j < roles.size(); j++) { Role leftOverRole = (Role) roles.get(j); UserGroupRoleProtectionGroup toBeSaved = new UserGroupRoleProtectionGroup(); toBeSaved.setUser(user); toBeSaved.setProtectionGroup(pgroup); toBeSaved.setRole(leftOverRole); toBeSaved.setUpdateDate(new Date()); s.save(toBeSaved); } t.commit(); s.flush(); auditLog.info("Assigning Roles to User " + user.getLoginName() + " for Protection Group " + pgroup.getProtectionGroupName()); } catch (Exception ex) { log.error(ex); try { t.rollback(); } catch (Exception ex3) { if (log.isDebugEnabled()) log.debug( "Authorization|||assignUserRoleToProtectionGroup|Failure|Error in Rolling Back Transaction|" + ex3.getMessage()); } if (log.isDebugEnabled()) log.debug( "Authorization|||assignGroupRoleToProtectionGroup|Failure|Error Occured in assigning Roles " + StringUtilities.stringArrayToString(rolesId) + " to User " + userId + " and Protection Group" + protectionGroupId + "|" + ex.getMessage()); throw new CSTransactionException( "An error occurred in assigning Protection Group and Roles to a User\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||assignUserRoleToProtectionGroup|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug("Authorization|||assignGroupRoleToProtectionGroup|Success|Successful in assigning Roles " + StringUtilities.stringArrayToString(rolesId) + " to User " + userId + " and Protection Group" + protectionGroupId + "|"); } /* * (non-Javadoc) * * @see gov.nih.nci.security.dao.AuthorizationDAO#checkPermission(gov.nih.nci.security.authorization.jaas.AccessPermission, * java.lang.String) */ public boolean checkPermission(AccessPermission permission, String userName) throws CSException { if (permission == null) { throw new CSException("permission can't be null !"); } String objectId = permission.getName(); String privilege = permission.getActions(); return checkPermission(userName, objectId, privilege); } /* * (non-Javadoc) * * @see gov.nih.nci.security.dao.AuthorizationDAO#checkPermission(gov.nih.nci.security.authorization.jaas.AccessPermission, * javax.security.auth.Subject) */ public boolean checkPermission(AccessPermission permission, Subject subject) throws CSException { boolean test = false; if (permission == null) { throw new CSException("permission can't be null!"); } String objectId = permission.getName(); String privilege = permission.getActions(); if (subject == null) { throw new CSException("subject can't be null!"); } Set ps = subject.getPrincipals(); if (ps.size() == 0) { throw new CSException("The subject has no principals!"); } Iterator it = ps.iterator(); while (it.hasNext()) { Principal p = (Principal) it.next(); String userName = p.getName(); test = this.checkPermission(userName, objectId, privilege); if (test) break; } return test; } /* * (non-Javadoc) * * @see gov.nih.nci.security.dao.AuthorizationDAO#checkPermission(java.lang.String, * java.lang.String, java.lang.String, java.lang.String) */ public boolean checkPermission(String userName, String objectId, String attributeName, String privilegeName) throws CSException { ResultSet rs = null; PreparedStatement preparedStatement = null; boolean test = false; Session s = null; Connection connection = null; if (StringUtilities.isBlank(userName)) { throw new CSException("user name can't be null!"); } if (StringUtilities.isBlank(objectId)) { throw new CSException("objectId can't be null!"); } // Check if cache is enabled for user if (cacheLevel == 1 && localUserOrGroupName.equals(userName)) return checkCachedPermission(userName, objectId, attributeName, privilegeName); test = this.checkOwnership(userName, objectId); if (test) return true; if (attributeName == null || privilegeName == null) { return false; } try { s = HibernateSessionFactoryHelper.getAuditSession(sf); connection = s.connection(); preparedStatement = Queries.getQueryForUserAndGroupForAttribute(userName, objectId, attributeName, privilegeName, this.application.getApplicationId().intValue(), connection); rs = preparedStatement.executeQuery(); if (rs.next()) { test = true; } rs.close(); preparedStatement.close(); } catch (Exception ex) { if (log.isDebugEnabled()) log.debug("Failed to get privileges for " + userName + "|" + ex.getMessage()); throw new CSException("Failed to get privileges for " + userName + "|" + ex.getMessage(), ex); } finally { try { s.close(); rs.close(); preparedStatement.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||getPrivilegeMap|Failure|Error in Closing Session |" + ex2.getMessage()); } } return test; } public boolean checkPermission(String userName, String objectId, String attributeName, String attributeValue, String privilegeName) throws CSException { ResultSet rs = null; PreparedStatement preparedStatement = null; boolean test = false; Session s = null; Connection connection = null; if (StringUtilities.isBlank(userName)) { throw new CSException("user name can't be null!"); } if (StringUtilities.isBlank(objectId)) { throw new CSException("objectId can't be null!"); } test = this.checkOwnership(userName, objectId); if (test) return true; if (attributeName == null || attributeValue == null || privilegeName == null) { return false; } try { s = HibernateSessionFactoryHelper.getAuditSession(sf); connection = s.connection(); preparedStatement = Queries.getQueryForUserAndGroupForAttributeValue(userName, objectId, attributeName, attributeValue, privilegeName, this.application.getApplicationId().intValue(), connection); rs = preparedStatement.executeQuery(); if (rs.next()) { test = true; } rs.close(); preparedStatement.close(); } catch (Exception ex) { if (log.isDebugEnabled()) log.debug("Failed to get privileges for " + userName + "|" + ex.getMessage()); throw new CSException("Failed to get privileges for " + userName + "|" + ex.getMessage(), ex); } finally { try { s.close(); rs.close(); preparedStatement.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||checkPermissiong|Failure|Error in Closing Session |" + ex2.getMessage()); } } return test; } public boolean checkPermission(String userName, String objectId, String privilegeName) throws CSException { boolean test = false; if (StringUtilities.isBlank(userName)) { throw new CSException("user name can't be null!"); } if (StringUtilities.isBlank(objectId)) { throw new CSException("objectId can't be null!"); } // Check if cache is enabled for user if (cacheLevel == 1 && localUserOrGroupName.equals(userName)) return checkCachedPermission(userName, objectId, null, privilegeName); test = this.checkOwnership(userName, objectId); if (test) return true; if (typeOfAccess.equalsIgnoreCase("MIXED")) { test = this.checkPermissionForUserAndGroup(userName, objectId, privilegeName); return test; } if (typeOfAccess.equalsIgnoreCase("GROUP_ONLY")) { test = this.checkPermissionForUserGroup(userName, objectId, privilegeName); return test; } if (typeOfAccess.equalsIgnoreCase("USER_ONLY")) { test = this.checkPermissionForUser(userName, objectId, privilegeName); return test; } return test; } public boolean checkPermissionForGroup(String groupName, String objectId, String attributeName, String privilegeName) throws CSException { boolean hasAccess = false; Session session = null; PreparedStatement preparedStatement = null; ResultSet resultSet = null; Connection connection = null; if (StringUtilities.isBlank(groupName)) { throw new CSException("Group name can't be null!"); } if (StringUtilities.isBlank(objectId)) { throw new CSException("Object Id can't be null!"); } if (StringUtilities.isBlank(privilegeName)) { throw new CSException("Privilege can't be null!"); } // Check if cache is enabled for group if (cacheLevel == 2 && localUserOrGroupName.equals(groupName)) return checkCachedPermission(groupName, objectId, attributeName, privilegeName); try { session = HibernateSessionFactoryHelper.getAuditSession(sf); connection = session.connection(); preparedStatement = Queries.getQueryForCheckPermissionForOnlyGroup(groupName, objectId, attributeName, privilegeName, this.application.getApplicationId().intValue(), connection); resultSet = preparedStatement.executeQuery(); if (resultSet.next()) { hasAccess = true; } resultSet.close(); preparedStatement.close(); } catch (Exception ex) { log.error(ex); if (log.isDebugEnabled()) log.debug("Authorization||" + groupName + "|checkPermission|Failure|Error Occured in checking permissions with group name " + groupName + " object id: " + objectId + " and privilege name " + privilegeName + "|" + ex.getMessage()); throw new CSException("An error occurred while checking permissions\n" + ex.getMessage(), ex); } finally { try { session.close(); resultSet.close(); preparedStatement.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||checkPermission|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug("Authorization||" + groupName + "|checkPermission|Success|Successful in checking permissions with group id " + groupName + " object id: " + objectId + " and privilege name " + privilegeName + " and the result is " + hasAccess + "|"); return hasAccess; } public boolean checkPermissionForGroup(String groupName, String objectId, String attributeName, String attributeValue, String privilegeName) throws CSException { boolean hasAccess = false; Session session = null; PreparedStatement preparedStatement = null; ResultSet resultSet = null; Connection connection = null; if (StringUtilities.isBlank(groupName)) { throw new CSException("Group name can't be null!"); } if (StringUtilities.isBlank(objectId)) { throw new CSException("Object Id can't be null!"); } if (StringUtilities.isBlank(privilegeName)) { throw new CSException("Privilege can't be null!"); } try { session = HibernateSessionFactoryHelper.getAuditSession(sf); connection = session.connection(); preparedStatement = Queries.getQueryForCheckPermissionForOnlyGroup(groupName, objectId, attributeName, attributeValue, privilegeName, this.application.getApplicationId().intValue(), connection); resultSet = preparedStatement.executeQuery(); if (resultSet.next()) { hasAccess = true; } resultSet.close(); preparedStatement.close(); } catch (Exception ex) { log.error(ex); if (log.isDebugEnabled()) log.debug("Authorization||" + groupName + "|checkPermissionForGroup|Failure|Error Occured in checking permissions with group name " + groupName + " object id: " + objectId + " and privilege name " + privilegeName + "|" + ex.getMessage()); throw new CSException("An error occurred while checking permissions\n" + ex.getMessage(), ex); } finally { try { session.close(); resultSet.close(); preparedStatement.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||checkPermissionForGroup|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug("Authorization||" + groupName + "|checkPermissionForGroup|Success|Successful in checking permissions with group id " + groupName + " object id: " + objectId + " and privilege name " + privilegeName + " and the result is " + hasAccess + "|"); return hasAccess; } public boolean checkPermissionForGroup(String groupName, String objectId, String privilegeName) throws CSException { boolean hasAccess = false; Session session = null; PreparedStatement preparedStatement = null; ResultSet resultSet = null; Connection connection = null; if (StringUtilities.isBlank(groupName)) { throw new CSException("Group name can't be null!"); } if (StringUtilities.isBlank(objectId)) { throw new CSException("Object Id can't be null!"); } if (StringUtilities.isBlank(privilegeName)) { throw new CSException("Privilege can't be null!"); } // Check if cache is enabled for group if (cacheLevel == 2 && localUserOrGroupName.equals(groupName)) return checkCachedPermission(groupName, objectId, null, privilegeName); try { session = HibernateSessionFactoryHelper.getAuditSession(sf); connection = session.connection(); preparedStatement = Queries.getQueryForCheckPermissionForOnlyGroup(groupName, objectId, privilegeName, this.application.getApplicationId().intValue(), connection); resultSet = preparedStatement.executeQuery(); if (resultSet.next()) { hasAccess = true; } resultSet.close(); preparedStatement.close(); } catch (Exception ex) { log.error(ex); if (log.isDebugEnabled()) log.debug("Authorization||" + groupName + "|checkPermission|Failure|Error Occured in checking permissions with group name " + groupName + " object id: " + objectId + " and privilege name " + privilegeName + "|" + ex.getMessage()); throw new CSException("An error occurred while checking permissions\n" + ex.getMessage(), ex); } finally { try { session.close(); resultSet.close(); preparedStatement.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||checkPermission|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug("Authorization||" + groupName + "|checkPermission|Success|Successful in checking permissions with group id " + groupName + " object id: " + objectId + " and privilege name " + privilegeName + " and the result is " + hasAccess + "|"); return hasAccess; } public List getAccessibleGroups(String objectId, String privilegeName) throws CSException { return getAccessibleGroups(objectId, null, privilegeName); } public List getAccessibleGroups(String objectId, String attributeName, String privilegeName) throws CSException { Session session = null; PreparedStatement preparedStatement = null; ResultSet resultSet = null; Connection connection = null; List groupIds = new ArrayList(); List groups = null; if (StringUtilities.isBlank(objectId)) { throw new CSException("Object Id can't be null!"); } if (StringUtilities.isBlank(privilegeName)) { throw new CSException("Privilege can't be null!"); } if (attributeName != null && (attributeName.trim()).equals("")) throw new CSException("Attribute can't be null!"); try { session = HibernateSessionFactoryHelper.getAuditSession(sf); connection = session.connection(); if (null == attributeName) preparedStatement = Queries.getQueryForAccessibleGroups(objectId, privilegeName, this.application.getApplicationId().intValue(), connection); else preparedStatement = Queries.getQueryForAccessibleGroupsWithAttribute(objectId, attributeName, privilegeName, this.application.getApplicationId().intValue(), connection); resultSet = preparedStatement.executeQuery(); while (resultSet.next()) { if (null == groups) groups = new ArrayList(); groupIds.add(resultSet.getString(1)); //String groupId = resultSet.getString(1); //Group group = (Group) this.getObjectByPrimaryKey(session, Group.class, new Long(groupId)); //groups.add(group); } resultSet.close(); preparedStatement.close(); for (int i = 0; i < groupIds.size(); i++) { Group group = (Group) this.getObjectByPrimaryKey(session, Group.class, new Long(groupIds.get(i).toString())); groups.add(group); } } catch (Exception e) { throw new CSException("Attribute can't be null!"); } finally { try { if (resultSet != null) resultSet.close(); if (connection != null) connection.close(); if (preparedStatement != null) preparedStatement.close(); if (session != null) session.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||getAccessibleGroups||Failure|Error in Closing Session |" + ex2.getMessage()); } } return groups; } private boolean checkPermissionForUser(String userName, String objectId, String privilegeName) throws CSException { boolean test = false; Session s = null; PreparedStatement preparedStatement = null; ResultSet rs = null; Connection connection = null; if (userName == null || objectId == null || privilegeName == null) { return false; } try { s = HibernateSessionFactoryHelper.getAuditSession(sf); connection = s.connection(); preparedStatement = Queries.getQueryForCheckPermissionForUser(userName, objectId, privilegeName, this.application.getApplicationId().intValue(), connection); rs = preparedStatement.executeQuery(); if (rs.next()) { test = true; } rs.close(); preparedStatement.close(); } catch (Exception ex) { log.error(ex); if (log.isDebugEnabled()) log.debug("Authorization||" + userName + "|checkPermission|Failure|Error Occured in checking permissions with user id " + userName + " object id: " + objectId + " and privilege name " + privilegeName + "|" + ex.getMessage()); throw new CSException("An error occurred while checking permissions\n" + ex.getMessage(), ex); } finally { try { s.close(); rs.close(); preparedStatement.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||checkPermission|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug("Authorization||" + userName + "|checkPermission|Success|Successful in checking permissions with user id " + userName + " object id: " + objectId + " and privilege name " + privilegeName + " and the result is " + test + "|"); return test; } private boolean checkPermissionForUserAndGroup(String userName, String objectId, String privilegeName) throws CSException { log.debug("Method:checkPermissionForUserAndGroup()"); boolean test = false; Session s = null; PreparedStatement preparedStatement = null; ResultSet rs = null; Connection connection = null; if (userName == null || objectId == null || privilegeName == null) { return false; } try { s = HibernateSessionFactoryHelper.getAuditSession(sf); connection = s.connection(); preparedStatement = Queries.getQueryForCheckPermissionForUserAndGroup(userName, objectId, privilegeName, this.application.getApplicationId().intValue(), connection); //log.debug("The User/Group query is: " + sql); rs = preparedStatement.executeQuery(); if (rs.next()) { test = true; } rs.close(); preparedStatement.close(); } catch (Exception ex) { log.error(ex); if (log.isDebugEnabled()) log.debug("Authorization||" + userName + "|checkPermission|Failure|Error Occured in checking permissions with user id " + userName + " object id: " + objectId + " and privilege name " + privilegeName + "|" + ex.getMessage()); throw new CSException("An error occurred while checking permissions\n" + ex.getMessage(), ex); } finally { try { s.close(); rs.close(); preparedStatement.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||checkPermission|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug("Authorization||" + userName + "|checkPermission|Success|Successful in checking permissions with user id " + userName + " object id: " + objectId + " and privilege name " + privilegeName + " and the result is " + test + "|"); return test; } private boolean checkPermissionForUserGroup(String userName, String objectId, String privilegeName) throws CSException { boolean test = false; Session s = null; PreparedStatement preparedStatement = null; ResultSet rs = null; Connection connection = null; try { if (privilegeName == null) { return false; } s = HibernateSessionFactoryHelper.getAuditSession(sf); connection = s.connection(); preparedStatement = Queries.getQueryForCheckPermissionForGroup(userName, objectId, privilegeName, this.application.getApplicationId().intValue(), connection); rs = preparedStatement.executeQuery(); if (rs.next()) { test = true; } rs.close(); preparedStatement.close(); } catch (Exception ex) { log.error(ex); if (log.isDebugEnabled()) log.debug("Authorization||" + userName + "|checkPermission|Failure|Error Occured in checking permissions with user id " + userName + " object id: " + objectId + " and privilege name " + privilegeName + "|" + ex.getMessage()); throw new CSException("An error occurred while checking permissions\n" + ex.getMessage(), ex); } finally { try { s.close(); rs.close(); preparedStatement.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||checkPermission|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug("Authorization||" + userName + "|checkPermission|Success|Successful in checking permissions with user id " + userName + " object id: " + objectId + " and privilege name " + privilegeName + " and the result is " + test + "|"); return test; } /* * (non-Javadoc) * * @see gov.nih.nci.security.dao.AuthorizationDAO#getApplicationContext() */ public ApplicationContext getApplicationContext() { ApplicationContext applicationContext = this.getApplication(); return applicationContext; } /* * (non-Javadoc) * * @see gov.nih.nci.security.dao.AuthorizationDAO#getObjects(gov.nih.nci.security.dao.SearchCriteria) */ public List getObjects(SearchCriteria searchCriteria) { Session s = null; List result = new ArrayList(); try { s = HibernateSessionFactoryHelper.getAuditSession(sf); Criteria criteria = s.createCriteria(searchCriteria.getObjectType()); Hashtable fieldValues = searchCriteria.getFieldAndValues(); Enumeration enKeys = fieldValues.keys(); while (enKeys.hasMoreElements()) { String fieldKey = (String) enKeys.nextElement(); String fieldValue = (String) fieldValues.get(fieldKey); String fieldValue_ = StringUtilities.replaceInString(fieldValue.trim(), "*", "%"); int i = fieldValue_.indexOf("%"); if (i != -1) { criteria.add(Restrictions.like(fieldKey, fieldValue_)); } else { criteria.add(Restrictions.eq(fieldKey, fieldValue_)); } } if (fieldValues.size() == 0) { criteria.add(Restrictions.eqProperty("1", "1")); } log.debug("Message from debug: ObjectType=" + searchCriteria.getObjectType().getName()); if (!(searchCriteria.getObjectType().getName() .equalsIgnoreCase("gov.nih.nci.security.authorization.domainobjects.User") || searchCriteria.getObjectType().getName() .equalsIgnoreCase("gov.nih.nci.security.authorization.domainobjects.Privilege") || searchCriteria.getObjectType().getName() .equalsIgnoreCase("gov.nih.nci.security.authorization.domainobjects.Application") || searchCriteria.getObjectType().getName().equalsIgnoreCase( "gov.nih.nci.security.authorization.domainobjects.ConfigurationProperties") )) { criteria.add(Restrictions.eq("application", this.application)); } List list = new ArrayList(); list = criteria.list(); if (searchCriteria.getObjectType().getName() .equalsIgnoreCase("gov.nih.nci.security.authorization.domainobjects.User")) { list = decryptUserInformation(list); } Collections.sort(list); result.clear(); result.addAll(list); } catch (Exception ex) { ex.printStackTrace(); if (log.isDebugEnabled()) log.debug("Authorization|||getObjects|Failure|Error in Obtaining Search Objects from Database |" + ex.getMessage()); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||getObjects|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug("Authorization|||getObjects|Success|Successful in Searching objects from the database |"); return result; } /* * (non-Javadoc) * * @see gov.nih.nci.security.dao.AuthorizationDAO#getObjects(gov.nih.nci.security.dao.SearchCriteria) */ public List getUsers(SearchCriteria searchCriteria) { System.out.println("AuthorizationDAOImpl getUsers..."); Session s = null; List result = new ArrayList(); try { //This is a hack (temporary fix) to support wildcard search on AES encrypted values //MySql has inbuilt encrypt and decrypt fucntions, but adopting requires tech stack upgrade for MySQL which is not scope for this fix. List<User> users = getUsers(); if (users == null || users.size() == 0) return users; List<User> filteredList = new ArrayList<User>(); for (User user : users) { Hashtable fieldValues = searchCriteria.getFieldAndValues(); Enumeration enKeys = fieldValues.keys(); boolean matched = true; while (enKeys.hasMoreElements()) { String fieldKey = (String) enKeys.nextElement(); if (fieldKey.equals("loginName")) { String fieldValue = (String) fieldValues.get(fieldKey); String fieldValue_ = StringUtilities.wildcardToRegex(fieldValue); if (user.getLoginName() == null || !user.getLoginName().matches(fieldValue_)) { matched = false; break; } } if (fieldKey.equals("firstName")) { String fieldValue = (String) fieldValues.get(fieldKey); String fieldValue_ = StringUtilities.wildcardToRegex(fieldValue); if (user.getFirstName() == null || !user.getFirstName().matches(fieldValue_)) { matched = false; break; } } if (fieldKey.equals("lastName")) { String fieldValue = (String) fieldValues.get(fieldKey); String fieldValue_ = StringUtilities.wildcardToRegex(fieldValue); if (user.getLastName() == null || !user.getLastName().matches(fieldValue_)) { matched = false; break; } } if (fieldKey.equals("organization")) { String fieldValue = (String) fieldValues.get(fieldKey); String fieldValue_ = StringUtilities.wildcardToRegex(fieldValue); if (user.getOrganization() == null || !user.getOrganization().matches(fieldValue_)) { matched = false; break; } } if (fieldKey.equals("department")) { String fieldValue = (String) fieldValues.get(fieldKey); String fieldValue_ = StringUtilities.wildcardToRegex(fieldValue); if (user.getDepartment() == null || !user.getDepartment().matches(fieldValue_)) { matched = false; break; } } if (fieldKey.equals("emailId")) { String fieldValue = (String) fieldValues.get(fieldKey); String fieldValue_ = StringUtilities.wildcardToRegex(fieldValue); if (user.getEmailId() == null || !user.getEmailId().matches(fieldValue_)) { matched = false; break; } } } if (matched) filteredList.add(user); } Collections.sort(filteredList); return filteredList; } catch (Exception ex) { ex.printStackTrace(); if (log.isDebugEnabled()) log.debug("Authorization|||getUsers|Failure|Error in Obtaining Search Users from Database |" + ex.getMessage()); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||getUsers|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug("Authorization|||getUsers|Success|Successful in Searching Users from the database |"); return result; } private List decryptUserInformation(List list) throws CSObjectNotFoundException { Iterator iterator = list.iterator(); List userList = new ArrayList(); while (iterator.hasNext()) { User user = (User) iterator.next(); try { user = (User) performEncrytionDecryption(user, false); } catch (EncryptionException e) { throw new CSObjectNotFoundException(e); } userList.add(user); } return userList; } private List getObjects(Session s, SearchCriteria searchCriteria) { List result = new ArrayList(); try { Criteria criteria = s.createCriteria(searchCriteria.getObjectType()); Hashtable fieldValues = searchCriteria.getFieldAndValues(); Enumeration en = fieldValues.keys(); while (en.hasMoreElements()) { String str = (String) en.nextElement(); String fieldValue = (String) fieldValues.get(str); String fieldValue_ = StringUtilities.replaceInString(fieldValue, "*", "%"); //int i = ((String) fieldValues.get(str)).indexOf("%"); int i = fieldValue_.indexOf("%"); if (i != -1) { //criteria.add(Restrictions.like(str, fieldValues.get(str))); criteria.add(Restrictions.like(str, fieldValue_)); } else { //criteria.add(Restrictions.eq(str, fieldValues.get(str))); criteria.add(Restrictions.eq(str, fieldValue_)); } } if (fieldValues.size() == 0) { criteria.add(Restrictions.eqProperty("1", "1")); } log.debug("Message from debug: ObjectType=" + searchCriteria.getObjectType().getName()); //boolean t = // searchCriteria.getObjectType().getName().equalsIgnoreCase("gov.nih.nci.security.authorization.domainobjects.User")||searchCriteria.getObjectType().getName().equalsIgnoreCase("gov.nih.nci.security.authorization.domainobjects.Privilege"); //log.debug("Test:"+t); //if(!t){ // criteria.add(Restrictions.eq("application", this.application)); //} if (!(searchCriteria.getObjectType().getName() .equalsIgnoreCase("gov.nih.nci.security.authorization.domainobjects.User") || searchCriteria.getObjectType().getName() .equalsIgnoreCase("gov.nih.nci.security.authorization.domainobjects.Privilege") || searchCriteria.getObjectType().getName() .equalsIgnoreCase("gov.nih.nci.security.authorization.domainobjects.Application"))) { criteria.add(Restrictions.eq("application", this.application)); } result = criteria.list(); Collections.sort(result); } catch (Exception ex) { ex.printStackTrace(); if (log.isDebugEnabled()) log.debug("Authorization|||getObjects|Failure|Error in Obtaining Search Objects from Database |" + ex.getMessage()); } if (log.isDebugEnabled()) log.debug("Authorization|||getObjects|Success|Successful in Searching objects from the database |"); return result; } /* * (non-Javadoc) * * @see gov.nih.nci.security.dao.AuthorizationDAO#getPrincipals(java.lang.String) */ public Principal[] getPrincipals(String userName) { ArrayList al = new ArrayList(); Set groups = new HashSet(); Principal[] ps = null; if (StringUtilities.isBlank(userName)) { return null; } try { User user = this.getUser(userName); if (user == null) { return null; } al.add((Principal) user); groups = this.getGroups(user.getUserId().toString()); Iterator it = groups.iterator(); while (it.hasNext()) { Group grp = (Group) it.next(); al.add((Principal) grp); } } catch (Exception ex) { ex.printStackTrace(); } //TypeuWant[] a = (TypeuWant [] ) arraylist.toArray(new // TypeUWant[arraylist.size()]) ps = (Principal[]) al.toArray(new Principal[al.size()]); return ps; } /* * (non-Javadoc) * * @see gov.nih.nci.security.dao.AuthorizationDAO#getPrivilege(java.lang.String) */ /* * (non-Javadoc) * * @see gov.nih.nci.security.dao.AuthorizationDAO#getProtectionElement(java.lang.String) */ public ProtectionElement getProtectionElement(String objectId, String attribute) throws CSObjectNotFoundException { Session s = null; ProtectionElement pe = null; if (StringUtilities.isBlank(objectId)) { throw new CSObjectNotFoundException("The protection element can't be searched with null objectId"); } try { s = HibernateSessionFactoryHelper.getAuditSession(sf); ProtectionElement search = new ProtectionElement(); search.setObjectId(objectId); search.setApplication(application); if (attribute != null && attribute.length() > 0) { search.setAttribute(attribute); } //String query = "FROM // gov.nih.nci.security.authorization.domianobjects.Application"; Criteria c = s.createCriteria(ProtectionElement.class); c.add(Example.create(search)); List list = c.list(); if (list.isEmpty()) { if (log.isDebugEnabled()) log.debug( "Authorization|||getProtectionElement|Failure|Protection Element not found for object id " + objectId + " and attribute " + attribute + "|"); throw new CSObjectNotFoundException("Protection Element not found with these attributes"); } pe = (ProtectionElement) list.get(0); } catch (Exception ex) { if (log.isDebugEnabled()) log.error( "Authorization|||getProtectionElement|Failure|Error in obtaining Protection Element for object id " + objectId + " and attribute " + attribute + "|", ex); throw new CSObjectNotFoundException("Protection Element is not found with object id= " + objectId + " and attributeName= " + attribute); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||getProtectionElement|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug( "Authorization|||getProtectionElement|Success|Successful in obtaining Protection Element for object id " + objectId + " and attribute " + attribute + "|"); return pe; } /* * (non-Javadoc) * * @see gov.nih.nci.security.dao.AuthorizationDAO#getProtectionElement(java.lang.String) */ public ProtectionElement getProtectionElement(String objectId) throws CSObjectNotFoundException { return getProtectionElement(objectId, null); } /* * (non-Javadoc) * * @see gov.nih.nci.security.dao.AuthorizationDAO#getProtectionGroup(java.lang.String) */ public ProtectionGroup getProtectionGroup(String protectionGroupName) throws CSObjectNotFoundException { Session s = null; ProtectionGroup pgrp = null; if (StringUtilities.isBlank(protectionGroupName)) { throw new CSObjectNotFoundException("The protection group can't searched with null name"); } try { ProtectionGroup search = new ProtectionGroup(); search.setProtectionGroupName(protectionGroupName); search.setApplication(application); //String query = "FROM // gov.nih.nci.security.authorization.domianobjects.Application"; s = HibernateSessionFactoryHelper.getAuditSession(sf); List list = s.createCriteria(ProtectionGroup.class).add(Example.create(search)).list(); if (list.size() == 0) { if (log.isDebugEnabled()) log.debug("Authorization|||getProtectionGroup|Failure|Protection Group not found for name " + protectionGroupName + "|"); throw new CSObjectNotFoundException("Protection Group not found"); } pgrp = (ProtectionGroup) list.get(0); } catch (Exception ex) { if (log.isDebugEnabled()) { log.debug("Authorization|||getProtectionGroup|Failure|Protection Group not found for name " + protectionGroupName + "|" + ex.getMessage()); } throw new CSObjectNotFoundException("Protection Group not found for name " + protectionGroupName); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||getProtectionGroup|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug("Authorization|||getProtectionGroup|Success|Protection Group found for name " + protectionGroupName + "|"); return pgrp; } /* * (non-Javadoc) * * @see gov.nih.nci.security.dao.AuthorizationDAO#getRole(java.lang.String) */ public Role getRole(String roleName) throws CSObjectNotFoundException { Session s = null; Role role = null; try { Role search = new Role(); search.setName(roleName); search.setApplication(application); //String query = "FROM // gov.nih.nci.security.authorization.domianobjects.Application"; s = HibernateSessionFactoryHelper.getAuditSession(sf); List list = s.createCriteria(Role.class).add(Example.create(search)).list(); if (list.size() == 0) { if (log.isDebugEnabled()) log.debug("Authorization|||getRole|Failure|Role not found for name " + roleName + "|"); throw new CSObjectNotFoundException("Role not found"); } role = (Role) list.get(0); } catch (Exception ex) { if (log.isDebugEnabled()) log.debug("Authorization|||getRole|Failure|Error in obtaining the Role for name " + roleName + "|" + ex.getMessage()); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||assignGroupRoleToProtectionGroup|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug( "Authorization|||getRole|Success|Successful in obtaining the Role for name " + roleName + "|"); return role; } /* * (non-Javadoc) * * @see gov.nih.nci.security.dao.AuthorizationDAO#getUser(java.lang.String) */ public User getUser(String loginName) { Session s = null; User user = null; try { User search = new User(); search.setLoginName(loginName); //String query = "FROM // gov.nih.nci.security.authorization.domianobjects.Application"; s = HibernateSessionFactoryHelper.getAuditSession(sf); SearchCriteria sc = new UserSearchCriteria(search); List list = getObjects(sc); // List list = s.createCriteria(User.class) // .add(Example.create(search)).list(); //p = (Privilege)s.load(Privilege.class,new Long(privilegeId)); if (list.size() != 0) { user = (User) list.get(0); } /* try { user = (User)performEncrytionDecryption(user, false); } catch (EncryptionException e) { throw new CSObjectNotFoundException(e); } */ } catch (Exception ex) { if (log.isDebugEnabled()) log.error( "Authorization|||getUser|Failure|Error Occured in Getting User for Name " + loginName + "|", ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||getUser|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug("Authorization|||getUser|Success|Success in Getting User for Name " + loginName + "|"); return user; } /* * (non-Javadoc) * * @see gov.nih.nci.security.dao.AuthorizationDAO#getUser(java.lang.String) */ public List<User> getUsers() { Session s = null; List<User> list = null; try { log.info("AuthorizationDAOImpl inside getUsers list******"); User search = new User(); //search.setLoginName(loginName); //String query = "FROM // gov.nih.nci.security.authorization.domianobjects.Application"; s = HibernateSessionFactoryHelper.getAuditSession(sf); SearchCriteria sc = new UserSearchCriteria(search); list = getObjects(sc); } catch (Exception ex) { if (log.isDebugEnabled()) log.error("Authorization|||getUser|Failure|Error Occured in Getting User for Name " + "|", ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||getUser|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug("Authorization|||getUser|Success|Success in Getting User for Name " + "|"); return list; } public Set getUsers(String groupId) throws CSObjectNotFoundException { //todo Session s = null; Set users = new HashSet(); try { s = HibernateSessionFactoryHelper.getAuditSession(sf); Group group = (Group) this.getObjectByPrimaryKey(s, Group.class, new Long(groupId)); users = group.getUsers(); List list = new ArrayList(); Iterator toSortIterator = users.iterator(); while (toSortIterator.hasNext()) { User user = (User) toSortIterator.next(); try { user = (User) performEncrytionDecryption(user, false); } catch (EncryptionException e) { throw new CSObjectNotFoundException(e); } list.add(user); } Collections.sort(list); users.clear(); users.addAll(list); log.debug("The result size:" + users.size()); } catch (Exception ex) { log.error(ex); if (log.isDebugEnabled()) log.debug("Authorization|||getUsers|Failure|Error in obtaining Users for Group Id " + groupId + "|" + ex.getMessage()); throw new CSObjectNotFoundException( "An error occurred while obtaining Associated Users for the Group\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||getUsers|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug( "Authorization|||getUsers|Success|Successful in obtaining Users for Group Id " + groupId + "|"); return users; } private Group getGroup(String groupName) { Session s = null; Group group = null; try { Group search = new Group(); search.setGroupName(groupName); search.setApplication(getApplication()); //String query = "FROM // gov.nih.nci.security.authorization.domianobjects.Application"; s = HibernateSessionFactoryHelper.getAuditSession(sf); List list = s.createCriteria(Group.class).add(Example.create(search)).list(); //p = (Privilege)s.load(Privilege.class,new Long(privilegeId)); if (list.size() != 0) { group = (Group) list.get(0); } } catch (Exception ex) { if (log.isDebugEnabled()) log.error("Authorization|||getGroup in Getting Group for Name " + groupName + "|", ex); } finally { try { s.close(); } catch (Exception ex2) { } } return group; } /* * (non-Javadoc) * * @see gov.nih.nci.security.dao.AuthorizationDAO#removeGroupFromProtectionGroup(java.lang.String, * java.lang.String) */ public void removeGroupFromProtectionGroup(String protectionGroupId, String groupId) throws CSTransactionException { Session s = null; Transaction t = null; Connection connection = null; try { s = HibernateSessionFactoryHelper.getAuditSession(sf); t = s.beginTransaction(); connection = s.connection(); String sql = "delete from csm_user_group_role_pg where protection_group_id=? and group_id=?"; PreparedStatement pstmt = connection.prepareStatement(sql); Long pg_id = new Long(protectionGroupId); Long g_id = new Long(groupId); pstmt.setLong(1, pg_id.longValue()); pstmt.setLong(2, g_id.longValue()); int i = pstmt.executeUpdate(); t.commit(); s.flush(); auditLog.info("Deassigning Roles and Protection Group Assignment from Group"); } catch (Exception ex) { log.error(ex); try { t.rollback(); } catch (Exception ex3) { if (log.isDebugEnabled()) log.debug( "Authorization|||removeGroupFromProtectionGroup|Failure|Error in Rolling Back Transaction|" + ex3.getMessage()); } if (log.isDebugEnabled()) log.debug( "Authorization|||assignGroupRoleToProtectionGroup|Failure|Error Occured in deassigning Group " + groupId + " and Protection Group" + protectionGroupId + "|" + ex.getMessage()); throw new CSTransactionException( "An error occured in deassigning Group and Protection Group\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||removeGroupFromProtectionGroup|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug("Authorization|||assignGroupRoleToProtectionGroup|Success|Success in deassigning Group " + groupId + " and Protection Group" + protectionGroupId + "|"); } /* * (non-Javadoc) * * @see gov.nih.nci.security.dao.AuthorizationDAO#removeGroupFromProtectionGroup(java.lang.String, * java.lang.String) */ public void insertIntoPasswordHistory(String userID, String password) throws CSTransactionException { Session s = null; Transaction t = null; Connection connection = null; boolean recordExists = false; try { s = HibernateSessionFactoryHelper.getAuditSession(sf); t = s.beginTransaction(); connection = s.connection(); // PV check if the password already exists String sqlSelect = "select * from CSM_PASSWORD_HISTORY where LOGIN_NAME = ? and PASSWORD = ?"; PreparedStatement statementSelect = connection.prepareStatement(sqlSelect); statementSelect.setString(1, userID); statementSelect.setString(2, encryptPassword(password, "YES")); ResultSet rs = statementSelect.executeQuery(); auditLog.info("Before select in.... password history tables!!!"); while (rs.next()) { auditLog.info("Inside select in.... password history tables!!!"); recordExists = true; break; } rs.close(); statementSelect.close(); // PV if (!recordExists) { String sql = "INSERT INTO CSM_PASSWORD_HISTORY (LOGIN_NAME, PASSWORD) VALUES (?, ?) "; ; PreparedStatement statement = connection.prepareStatement(sql); statement = connection.prepareStatement(sql); statement.setString(1, userID); statement.setString(2, encryptPassword(password, "YES")); int i = statement.executeUpdate(); t.commit(); s.flush(); statement.close(); auditLog.info("inserting record into password history tables!!!"); } } catch (Exception ex) { log.error(ex); try { t.rollback(); } catch (Exception ex3) { if (log.isDebugEnabled()) log.debug("Authorization|||insertIntoPasswordHistory|Failure|Error in Rolling Back Transaction|" + ex3.getMessage()); } if (log.isDebugEnabled()) log.debug("Authorization|||insertIntoPasswordHistory|Failure|Error Occured in insert " + "|" + ex.getMessage()); throw new CSTransactionException( "An error occured in while inserting record into insertIntoPasswordHistory\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||insertIntoPasswordHistory|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug( "Authorization|||insertIntoPasswordHistory|Success|Success in inserting into password history "); } /* * (non-Javadoc) * * @see gov.nih.nci.security.dao.AuthorizationDAO#removeGroupRoleFromProtectionGroup(java.lang.String, * java.lang.String, java.lang.String[]) */ public void removeGroupRoleFromProtectionGroup(String protectionGroupId, String groupId, String[] rolesId) throws CSTransactionException { Session s = null; Transaction t = null; try { s = HibernateSessionFactoryHelper.getAuditSession(sf); ProtectionGroup pgroup = (ProtectionGroup) this.getObjectByPrimaryKey(s, ProtectionGroup.class, new Long(protectionGroupId)); Group group = (Group) this.getObjectByPrimaryKey(s, Group.class, new Long(groupId)); ArrayList roles = new ArrayList(); for (int i = 0; i < rolesId.length; i++) { Role role = (Role) this.getObjectByPrimaryKey(s, Role.class, new Long(rolesId[i])); roles.add(role); } Criteria criteria = s.createCriteria(UserGroupRoleProtectionGroup.class); criteria.add(Restrictions.eq("protectionGroup", pgroup)); criteria.add(Restrictions.eq("group", group)); List list = criteria.list(); t = s.beginTransaction(); for (int k = 0; k < list.size(); k++) { UserGroupRoleProtectionGroup ugrpg = (UserGroupRoleProtectionGroup) list.get(k); Role r = ugrpg.getRole(); if (roles.contains(r)) { s.delete(ugrpg); } } t.commit(); s.flush(); auditLog.info("Deassigning Roles From Group " + group.getGroupName() + " for Protection Group " + pgroup.getProtectionGroupName()); } catch (Exception ex) { log.error(ex); try { t.rollback(); } catch (Exception ex3) { if (log.isDebugEnabled()) log.debug( "Authorization|||removeGroupRoleFromProtectionGroup|Failure|Error in Rolling Back Transaction|" + ex3.getMessage()); } if (log.isDebugEnabled()) log.debug( "Authorization|||removeGroupRoleFromProtectionGroup|Failure|Error Occured in assigning Roles " + StringUtilities.stringArrayToString(rolesId) + " to Group " + groupId + " and Protection Group" + protectionGroupId + "|" + ex.getMessage()); throw new CSTransactionException( "An error occured in assigning Roles and Protection Group to a Group\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||assignGroupRoleToProtectionGroup|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug("Authorization|||removeGroupRoleFromProtectionGroup|Success|Successful in assigning Roles " + StringUtilities.stringArrayToString(rolesId) + " to Group " + groupId + " and Protection Group" + protectionGroupId + "|"); } /* * (non-Javadoc) * * @see gov.nih.nci.security.dao.AuthorizationDAO#removeRole(java.lang.String) */ /* * (non-Javadoc) * * @see gov.nih.nci.security.dao.AuthorizationDAO#removeUserFromGroup(java.lang.String, * java.lang.String) */ public void removeUserFromGroup(String groupId, String userId) throws CSTransactionException { Session s = null; Transaction t = null; try { s = HibernateSessionFactoryHelper.getAuditSession(sf); User user = (User) this.getObjectByPrimaryKey(s, User.class, new Long(userId)); Group group = (Group) this.getObjectByPrimaryKey(s, Group.class, new Long(groupId)); Set groups = user.getGroups(); if (groups.contains(group)) { groups.remove(group); user.setGroups(groups); try { user = (User) performEncrytionDecryption(user, true); } catch (EncryptionException e) { throw new CSObjectNotFoundException(e); } t = s.beginTransaction(); s.update(user); t.commit(); s.flush(); } else { //t.rollback(); } //t.commit(); //s.flush(); auditLog.info("Deassigning User " + user.getLoginName() + " from Group " + group.getGroupName()); } catch (Exception ex) { log.error(ex); try { t.rollback(); } catch (Exception ex3) { if (log.isDebugEnabled()) log.debug("Authorization|||removeUserFromGroup|Failure|Error in Rolling Back Transaction|" + ex3.getMessage()); } if (log.isDebugEnabled()) log.debug("Authorization|||removeUserFromGroup|Failure|Error Occured in deassigning User " + userId + " from Group " + groupId + "|" + ex.getMessage()); throw new CSTransactionException( "An error occured in deassigning User from a Group\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||removeUserFromGroup|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug("Authorization|||removeUserFromGroup|Success|Successful in deassigning User " + userId + " from Group " + groupId + "|"); } /* * (non-Javadoc) * * @see gov.nih.nci.security.dao.AuthorizationDAO#removeUserFromProtectionGroup(java.lang.String, * java.lang.String) */ public void removeUserFromProtectionGroup(String protectionGroupId, String userId) throws CSTransactionException { Session s = null; Transaction t = null; Connection connection = null; try { s = HibernateSessionFactoryHelper.getAuditSession(sf); t = s.beginTransaction(); connection = s.connection(); String sql = "delete from csm_user_group_role_pg where protection_group_id=? and user_id=?"; PreparedStatement pstmt = connection.prepareStatement(sql); Long pg_id = new Long(protectionGroupId); Long u_id = new Long(userId); pstmt.setLong(1, pg_id.longValue()); pstmt.setLong(2, u_id.longValue()); int i = pstmt.executeUpdate(); pstmt.close(); t.commit(); s.flush(); auditLog.info("Deassigning Roles and Protection Group Assignment from User"); } catch (Exception ex) { log.error(ex); try { t.rollback(); } catch (Exception ex3) { if (log.isDebugEnabled()) log.debug( "Authorization|||removeUserFromProtectionGroup|Failure|Error in Rolling Back Transaction|" + ex3.getMessage()); } if (log.isDebugEnabled()) log.debug("Authorization|||removeUserFromProtectionGroup|Failure|Error Occured in deassigning User " + userId + " from Protection Group " + protectionGroupId + "|" + ex.getMessage()); throw new CSTransactionException( "An error occured in deassigning User from Protection Group\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||removeUserFromProtectionGroup|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug("Authorization|||removeUserFromProtectionGroup|Success|Successful in deassigning User " + userId + " from Protection Group " + protectionGroupId + "|"); } /* * (non-Javadoc) * * @see gov.nih.nci.security.dao.AuthorizationDAO#removeUserRoleFromProtectionGroup(java.lang.String, * java.lang.String, java.lang.String[]) */ public void removeUserRoleFromProtectionGroup(String protectionGroupId, String userId, String[] rolesId) throws CSTransactionException { Session s = null; Transaction t = null; try { s = HibernateSessionFactoryHelper.getAuditSession(sf); ProtectionGroup pgroup = (ProtectionGroup) this.getObjectByPrimaryKey(s, ProtectionGroup.class, new Long(protectionGroupId)); User user = (User) this.getObjectByPrimaryKey(s, User.class, new Long(userId)); //encrypt password for User. this.performEncrytionDecryption(user, true); ArrayList roles = new ArrayList(); for (int i = 0; i < rolesId.length; i++) { Role role = (Role) this.getObjectByPrimaryKey(s, Role.class, new Long(rolesId[i])); roles.add(role); } Criteria criteria = s.createCriteria(UserGroupRoleProtectionGroup.class); criteria.add(Restrictions.eq("protectionGroup", pgroup)); criteria.add(Restrictions.eq("user", user)); List list = criteria.list(); t = s.beginTransaction(); for (int k = 0; k < list.size(); k++) { UserGroupRoleProtectionGroup ugrpg = (UserGroupRoleProtectionGroup) list.get(k); Role r = ugrpg.getRole(); if (roles.contains(r)) { s.delete(ugrpg); } } t.commit(); s.flush(); auditLog.info("Deassigning Roles From User " + user.getLoginName() + " for Protection Group " + pgroup.getProtectionGroupName()); } catch (Exception ex) { log.error(ex); try { t.rollback(); } catch (Exception ex3) { if (log.isDebugEnabled()) log.debug( "Authorization|||removeUserRoleFromProtectionGroup|Failure|Error in Rolling Back Transaction|" + ex3.getMessage()); } if (log.isDebugEnabled()) log.debug( "Authorization|||removeUserRoleFromProtectionGroup|Failure|Error Occured in deassigning Roles " + StringUtilities.stringArrayToString(rolesId) + " and Protection Group " + protectionGroupId + " for user " + userId + "|" + ex.getMessage()); throw new CSTransactionException( "An error occured in deassigning Roles and Protection Group for the User\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||removeUserRoleFromProtectionGroup|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug("Authorization|||removeUserRoleFromProtectionGroup|Success|Successful in deassigning Roles " + StringUtilities.stringArrayToString(rolesId) + " and Protection Group " + protectionGroupId + " for user " + userId + "|"); } /** * */ private User getLightWeightUser(String loginName) { Session s = null; User user = null; try { User search = new User(); search.setLoginName(loginName); s = HibernateSessionFactoryHelper.getAuditSession(sf); List list = s.createCriteria(User.class).add(Example.create(search)).list(); if (list.size() != 0) { user = (User) list.get(0); } } catch (Exception ex) { log.fatal("Unable to find Group\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||assignGroupRoleToProtectionGroup|Failure|Error in Closing Session |" + ex2.getMessage()); } } return user; } /* * (non-Javadoc) * * @see gov.nih.nci.security.dao.AuthorizationDAO#setOwnerForProtectionElement(java.lang.String, * java.lang.String, java.lang.String) */ public void setOwnerForProtectionElement(String loginName, String protectionElementObjectId, String protectionElementAttributeName) throws CSTransactionException { Session s = null; Transaction t = null; if (StringUtilities.isBlank(loginName)) { throw new CSTransactionException("Login Name can't be null"); } if (StringUtilities.isBlank(protectionElementObjectId)) { throw new CSTransactionException("Object Id can't be null"); } try { s = HibernateSessionFactoryHelper.getAuditSession(sf); User user = getLightWeightUser(loginName); if (user == null) { throw new CSTransactionException("No user found for this login name"); } ProtectionElement pe = new ProtectionElement(); pe.setObjectId(protectionElementObjectId); pe.setApplication(application); if (protectionElementAttributeName != null && protectionElementAttributeName.length() > 0) { pe.setAttribute(protectionElementAttributeName); } SearchCriteria sc = new ProtectionElementSearchCriteria(pe); List l = this.getObjects(s, sc); if (l.size() == 0) { throw new CSTransactionException( "No Protection Element found for the given object id and attribute"); } ProtectionElement protectionElement = (ProtectionElement) l.get(0); Set ownerList = protectionElement.getOwners(); if (ownerList == null || ownerList.size() == 0) { ownerList = new HashSet(); ownerList.add(user); } else { if (!ownerList.contains(user)) { ownerList.add(user); } } protectionElement.setOwners(ownerList); t = s.beginTransaction(); s.save(protectionElement); t.commit(); s.flush(); auditLog.info("Assinging User " + loginName + " as Owner for Protection Element with Object Id " + protectionElement.getObjectId() + " and Attribute " + protectionElement.getAttribute()); } catch (Exception ex) { log.error(ex); try { t.rollback(); } catch (Exception ex3) { if (log.isDebugEnabled()) log.debug( "Authorization|||setOwnerForProtectionElement|Failure|Error in Rolling Back Transaction|" + ex3.getMessage()); } if (log.isDebugEnabled()) log.debug( "Authorization|||setOwnerForProtectionElement|Failure|Error Setting owner for Protection Element object Name" + protectionElementObjectId + " and Attribute Id " + protectionElementAttributeName + " for user " + loginName + "|" + ex.getMessage()); throw new CSTransactionException( "An error occured in setting owner for the Protection Element\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||setOwnerForProtectionElement|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug( "Authorization|||setOwnerForProtectionElement|Success|Success in Setting owner for Protection Element object Name" + protectionElementObjectId + " and Attribute Id " + protectionElementAttributeName + " for user " + loginName + "|"); } /* * (non-Javadoc) * * @see gov.nih.nci.security.dao.AuthorizationDAO#setOwnerForProtectionElement(java.lang.String, * java.lang.String) */ public void setOwnerForProtectionElement(String protectionElementObjectId, String[] userNames) throws CSTransactionException { Session s = null; Transaction t = null; if (StringUtilities.isBlank(protectionElementObjectId)) { throw new CSTransactionException("object Id can't be null!"); } try { Set users = new HashSet(); for (int i = 0; i < userNames.length; i++) { User user = this.getUser(userNames[i]); if (user != null) { users.add(user); } } ProtectionElement pe = new ProtectionElement(); pe.setObjectId(protectionElementObjectId); pe.setApplication(application); SearchCriteria sc = new ProtectionElementSearchCriteria(pe); List l = this.getObjects(sc); ProtectionElement protectionElement = (ProtectionElement) l.get(0); protectionElement.setOwners(users); s = HibernateSessionFactoryHelper.getAuditSession(sf); t = s.beginTransaction(); s.update(protectionElement); t.commit(); s.flush(); auditLog.info("Assigning Users as Owner for Protection Element with Object Id " + protectionElement.getObjectId() + " and Attribute " + protectionElement.getAttribute()); } catch (Exception ex) { log.error(ex); try { t.rollback(); } catch (Exception ex3) { if (log.isDebugEnabled()) log.debug( "Authorization|||setOwnerForProtectionElement|Failure|Error in Rolling Back Transaction|" + ex3.getMessage()); } if (log.isDebugEnabled()) log.debug( "Authorization|||setOwnerForProtectionElement|Failure|Error Setting owner for Protection Element object Name" + protectionElementObjectId + " for users " + StringUtilities.stringArrayToString(userNames) + "|" + ex.getMessage()); throw new CSTransactionException( "An error occured in setting multiple owners for the Protection Element\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||setOwnerForProtectionElement|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug( "Authorization|||setOwnerForProtectionElement|Success|Successful in Setting owner for Protection Element object Name" + protectionElementObjectId + " for users " + StringUtilities.stringArrayToString(userNames) + "|"); } public Set getPrivileges(String roleId) throws CSObjectNotFoundException { Session s = null; Set result = new HashSet(); try { s = HibernateSessionFactoryHelper.getAuditSession(sf); Role role = (Role) this.getObjectByPrimaryKey(s, Role.class, new Long(roleId)); result = role.getPrivileges(); List list = new ArrayList(); Iterator toSortIterator = result.iterator(); while (toSortIterator.hasNext()) { list.add(toSortIterator.next()); } Collections.sort(list); result.clear(); result.addAll(list); log.debug("The result size is: " + result.size()); } catch (Exception ex) { if (log.isDebugEnabled()) log.debug("Authorization|||getPrivileges|Failure|Error obtaining Associated Privileges for Role id " + roleId + "|" + ex.getMessage()); throw new CSObjectNotFoundException( "An error occured in obtaining associated Privileges for the given Role\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||assignGroupRoleToProtectionGroup|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug( "Authorization|||getPrivileges|Success|Successful in obtaining Associated Privileges for Role id " + roleId + "|"); return result; } /** * public void createUser(User user) throws CSTransactionException { Session * s = null; Transaction t = null; try { s = HibernateSessionFactoryHelper.getAuditSession(sf); t = * s.beginTransaction(); user.setUpdateDate(new Date()); s.save(user); * t.commit(); log.debug("User ID is: " + user.getUserId()); } catch * (Exception ex) { log.error(ex); try { t.rollback(); } catch (Exception * ex3) { } throw new CSTransactionException("Could not create the user", * ex); } finally { try { s.close(); } catch { } } } */ public void assignProtectionElements(String protectionGroupId, String[] protectionElementIds) throws CSTransactionException { Session s = null; Transaction t = null; Set pes = new HashSet(); try { s = HibernateSessionFactoryHelper.getAuditSession(sf); ProtectionGroup protectionGroup = (ProtectionGroup) this.getObjectByPrimaryKey(s, ProtectionGroup.class, new Long(protectionGroupId)); for (int i = 0; i < protectionElementIds.length; i++) { ProtectionElement protectionElement = (ProtectionElement) this .getObjectByPrimaryKey(ProtectionElement.class, protectionElementIds[i]); pes.add(protectionElement); } protectionGroup.setProtectionElements(pes); t = s.beginTransaction(); s.update(protectionGroup); t.commit(); s.flush(); auditLog.info("Assinging Protection Elements to Protection Group " + protectionGroup.getProtectionGroupName()); } catch (Exception ex) { log.error(ex); try { t.rollback(); } catch (Exception ex3) { if (log.isDebugEnabled()) log.debug("Authorization|||assignProtectionElements|Failure|Error in Rolling Back Transaction|" + ex3.getMessage()); } if (log.isDebugEnabled()) log.debug( "Authorization|||assignProtectionElements|Failure|Error Occured in assigning Protection Elements " + StringUtilities.stringArrayToString(protectionElementIds) + " to Protection Group" + protectionGroupId + "|" + ex.getMessage()); throw new CSTransactionException( "An error occured in assigning Protection Elements to the Protection Group\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||assignProtectionElements|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug( "Authorization|||assignProtectionElements|Success|Successful in assigning Protection Elements " + StringUtilities.stringArrayToString(protectionElementIds) + " to Protection Group" + protectionGroupId + "|"); } public void addProtectionElements(String protectionGroupId, String[] protectionElementIds) throws CSTransactionException { Session s = null; Transaction t = null; try { s = HibernateSessionFactoryHelper.getAuditSession(sf); ProtectionGroup protectionGroup = (ProtectionGroup) s.load(ProtectionGroup.class, new Long(protectionGroupId)); if (protectionGroup == null) throw new CSTransactionException( "Authorization|||addProtectionElements|| Unable to retrieve ProtectionGroup with Id :" + protectionGroupId); Set protectionElementSet = protectionGroup.getProtectionElements(); if (protectionElementSet == null) protectionElementSet = new HashSet(); for (int i = 0; i < protectionElementIds.length; i++) { boolean assigned = false; Iterator iterator = protectionElementSet.iterator(); while (iterator.hasNext()) { ProtectionElement protectionElement = (ProtectionElement) iterator.next(); if (protectionElementIds[i] .equalsIgnoreCase(protectionElement.getProtectionElementId().toString())) assigned = true; } if (!assigned) { ProtectionElement protectionElement = (ProtectionElement) s.load(ProtectionElement.class, Long.parseLong(protectionElementIds[i])); if (protectionElement != null) protectionElementSet.add(protectionElement); } } t = s.beginTransaction(); s.update(protectionGroup); t.commit(); s.flush(); auditLog.info( "Adding Protection Elements to Protection Group " + protectionGroup.getProtectionGroupName()); } catch (Exception ex) { log.error(ex); try { t.rollback(); } catch (Exception ex3) { if (log.isDebugEnabled()) log.debug("Authorization|||addProtectionElements|Failure|Error in Rolling Back Transaction|" + ex3.getMessage()); } if (log.isDebugEnabled()) log.debug( "Authorization|||addProtectionElements|Failure|Error Occured in addding Protection Elements " + StringUtilities.stringArrayToString(protectionElementIds) + " to Protection Group" + protectionGroupId + "|" + ex.getMessage()); throw new CSTransactionException( "An error occured in adding Protection Elements to the Protection Group\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||addProtectionElements|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug("Authorization|||addProtectionElements|Success|Successful in adding Protection Elements " + StringUtilities.stringArrayToString(protectionElementIds) + " to Protection Group" + protectionGroupId + "|"); } /* * (non-Javadoc) * * @see gov.nih.nci.security.dao.AuthorizationDAO#deAssignProtectionElements(java.lang.String[], * java.lang.String) */ /** * @param protectionGroupName * @param protectionElementObjectId * */ public void deAssignProtectionElements(String protectionGroupName, String protectionElementObjectId) throws CSTransactionException { Session s = null; Transaction t = null; try { s = HibernateSessionFactoryHelper.getAuditSession(sf); t = s.beginTransaction(); if (StringUtilities.isBlank(protectionGroupName)) { throw new CSTransactionException("The protectionGroupName can't be null"); } if (StringUtilities.isBlank(protectionElementObjectId)) { throw new CSTransactionException("The protectionElementObjectId can't be null"); } ProtectionGroup protectionGroup = getProtectionGroup(protectionGroupName); ProtectionElement protectionElement = getProtectionElement(protectionElementObjectId, null); ProtectionGroup newPG = new ProtectionGroup(); newPG.setProtectionGroupId(protectionGroup.getProtectionGroupId()); ProtectionElement newPE = new ProtectionElement(); newPE.setProtectionElementId(protectionElement.getProtectionElementId()); Criteria criteria = s.createCriteria(ProtectionGroupProtectionElement.class); criteria.add(Restrictions.eq("protectionGroup", newPG)); criteria.add(Restrictions.eq("protectionElement", newPE)); List list = criteria.list(); if (list.size() == 0) { throw new CSTransactionException( "Protection Element association to Protection Group does not exist!"); } else { ProtectionGroupProtectionElement pgpe = (ProtectionGroupProtectionElement) list.iterator().next(); s.delete(pgpe); } t.commit(); s.flush(); auditLog.info("Deassigning Protection Element with Object Id " + protectionElementObjectId + " from Protection Group" + protectionGroupName); } catch (Exception ex) { log.error(ex); try { t.rollback(); } catch (Exception ex3) { if (log.isDebugEnabled()) log.debug( "Authorization|||deAssignProtectionElements|Failure|Error in Rolling Back Transaction|" + ex3.getMessage()); } if (log.isDebugEnabled()) log.debug( "Authorization|||deAssignProtectionElements|Failure|Error Occured in deassigning Protection Element with Object Id " + protectionElementObjectId + " from protection group name: " + protectionGroupName + "|" + ex.getMessage()); throw new CSTransactionException( "An error occurred in deassigning Protection Element from Protection Group\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||deAssignProtectionElements|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug( "Authorization|||deAssignProtectionElements|Success|Successful in deassigning Protection Element with Object Id " + protectionElementObjectId + " from protection group name: " + protectionGroupName + "|"); } public void removeProtectionElementsFromProtectionGroup(String protectionGroupId, String[] protectionElementIds) throws CSTransactionException { Session s = null; Transaction t = null; Set pgpes = new HashSet(); try { s = HibernateSessionFactoryHelper.getAuditSession(sf); ProtectionGroup protectionGroup = (ProtectionGroup) this.getObjectByPrimaryKey(s, ProtectionGroup.class, new Long(protectionGroupId)); for (int i = 0; i < protectionElementIds.length; i++) { ProtectionElement protectionElement = (ProtectionElement) this.getObjectByPrimaryKey(s, ProtectionElement.class, new Long(protectionElementIds[i])); Criteria criteria = s.createCriteria(ProtectionGroupProtectionElement.class); criteria.add(Restrictions.eq("protectionGroup", protectionGroup)); criteria.add(Restrictions.eq("protectionElement", protectionElement)); List list = criteria.list(); if (list != null && !list.isEmpty()) { Iterator it = list.iterator(); while (it.hasNext()) pgpes.add(it.next()); } else { throw new CSTransactionException("This association does not exist!"); } } t = s.beginTransaction(); Iterator iter = pgpes.iterator(); while (iter.hasNext()) { this.removeObject((ProtectionGroupProtectionElement) iter.next()); } t.commit(); s.flush(); auditLog.info("Deassinging Protection Elements from Protection Group " + protectionGroup.getProtectionGroupName()); } catch (Exception ex) { log.error(ex); try { t.rollback(); } catch (Exception ex3) { if (log.isDebugEnabled()) log.debug( "Authorization|||removeProtectionElementsFromProtectionGroup|Failure|Error in Rolling Back Transaction|" + ex3.getMessage()); } log.debug( "Authorization|||removeProtectionElementsFromProtectionGroup|Failure|Error Occured in deassigning Protection Elements " + StringUtilities.stringArrayToString(protectionElementIds) + " to Protection Group" + protectionGroupId + "|" + ex.getMessage()); throw new CSTransactionException( "An error occured in deassigning Protection Elements from Protection Group\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug( "Authorization|||removeProtectionElementsFromProtectionGroup|Failure|Error in Closing Session |" + ex2.getMessage()); } } log.debug( "Authorization|||removeProtectionElementsFromProtectionGroup|Success|Success in deassigning Protection Elements " + StringUtilities.stringArrayToString(protectionElementIds) + " to Protection Group" + protectionGroupId + "|"); } private Object getObjectByPrimaryKey(Session s, Class objectType, Long primaryKey) throws HibernateException, CSObjectNotFoundException { if (primaryKey == null) { throw new CSObjectNotFoundException("The primary key can't be null"); } Object obj = s.load(objectType, primaryKey); try { obj = performEncrytionDecryption(obj, false); } catch (EncryptionException e) { throw new CSObjectNotFoundException(e); } if (obj == null) { log.debug("Authorization|||getObjectByPrimaryKey|Failure|Not found object of type " + objectType.getName() + "|"); throw new CSObjectNotFoundException(objectType.getName() + " not found"); } log.debug("Authorization|||getObjectByPrimaryKey|Success|Success in retrieving object of type " + objectType.getName() + "|"); return obj; } public Object getObjectByPrimaryKey(Class objectType, String primaryKey) throws CSObjectNotFoundException { Object oj = null; Session s = null; if (StringUtilities.isBlank(primaryKey)) { throw new CSObjectNotFoundException("The primary key can't be null"); } try { s = HibernateSessionFactoryHelper.getAuditSession(sf); oj = getObjectByPrimaryKey(s, objectType, new Long(primaryKey)); } catch (Exception ex) { log.debug("Authorization|||getObjectByPrimaryKey|Failure|Error in retrieving object of type " + objectType.getName() + "|" + ex.getMessage()); throw new CSObjectNotFoundException(objectType.getName() + " not found\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||getObjectByPrimaryKey|Failure|Error in Closing Session |" + ex2.getMessage()); } } log.debug("Authorization|||getObjectByPrimaryKey|Success|Success in retrieving object of type " + objectType.getName() + "|"); return oj; } public void removeObject(Object oj) throws CSTransactionException { Session s = null; Transaction t = null; try { s = HibernateSessionFactoryHelper.getAuditSession(sf); t = s.beginTransaction(); s.delete(oj); t.commit(); s.flush(); auditLog.info("Deleting the " + oj.getClass().getName().substring(oj.getClass().getName().lastIndexOf(".") + 1) + " Object "); } catch (Exception ex) { log.error(ex); try { t.rollback(); } catch (Exception ex3) { if (log.isDebugEnabled()) log.debug("Authorization|||removeObject|Failure|Error in Rolling Back Transaction|" + ex3.getMessage()); } if (log.isDebugEnabled()) log.debug("Authorization|||removeObject|Failure|Error in removing object of type " + oj.getClass().getName() + "|" + ex.getMessage()); throw new CSTransactionException("An error occured in removing object of type " + oj.getClass().getName() + "\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||removeObject|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug("Authorization|||removeObject|Success|Success in removing object of type " + oj.getClass().getName() + "|"); } private Application getApplicationByName(String contextName) throws CSObjectNotFoundException { Session s = null; Application app = null; try { Application search = new Application(); search.setApplicationName(contextName); s = HibernateSessionFactoryHelper.getAuditSession(sf); Query q = s.createQuery("from Application as app where app.applicationName='" + contextName + "'"); List list = q.list(); if (list.size() == 0) { if (log.isDebugEnabled()) log.debug("Authorization|" + contextName + "||getApplicationByName|Failure|No Application Found for the Context Name " + contextName + "|"); throw new CSObjectNotFoundException("No Application Found for the given Context Name"); } app = (Application) list.get(0); //decrypt try { app = (Application) performEncrytionDecryption(app, false); } catch (EncryptionException e) { throw new CSObjectNotFoundException(e); } log.debug("Found the Application"); } catch (GenericJDBCException eex) { if (log.isDebugEnabled()) log.debug("Authorization|" + contextName + "||getApplicationByName|Failure|Error in obtaining database connection. Invalid database login credentials in the application hibernate configuration file"); throw new CSObjectNotFoundException( " Invalid database login credentials in the application hibernate configuration file.", eex); } catch (Exception ex) { if (log.isDebugEnabled()) log.debug("Authorization|" + contextName + "||getApplicationByName|Failure|Error in obtaining application " + contextName + "|" + ex.getMessage()); throw new CSObjectNotFoundException( "An error occured in retrieving Application for the given Context Name\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||getApplicationByName|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug("Authorization|" + contextName + "||getApplicationByName|Success|Application Found for the Context Name " + contextName + "|"); return app; } /* * (non-Javadoc) * * @see gov.nih.nci.security.AuthorizationManager#initialize(java.lang.String) */ public void initialize(String applicationContextName) { //do nothing... } /* * (non-Javadoc) * * @see gov.nih.nci.security.UserProvisioningManager#getProtectionGroupRoleContext() * We might not implement this method */ public Set getProtectionGroupRoleContextForUser(String userId) throws CSObjectNotFoundException { Set result = new HashSet(); Session s = null; Connection connection = null; ArrayList pgIds = new ArrayList(); try { s = HibernateSessionFactoryHelper.getAuditSession(sf); connection = s.connection(); StringBuffer stbr = new StringBuffer(); stbr.append("SELECT distinct ugrp.protection_group_id "); stbr.append("FROM csm_user_group_role_pg ugrp , csm_protection_group pg "); stbr.append("where ugrp.protection_group_id = pg.protection_group_id and "); stbr.append("ugrp.user_id = ?"); stbr.append(" and pg.application_id = ?"); PreparedStatement preparedStatement = connection.prepareStatement(stbr.toString()); ; int i = 1; preparedStatement.setInt(i++, new Integer(userId).intValue()); preparedStatement.setInt(i++, this.application.getApplicationId().intValue()); ResultSet rs = preparedStatement.executeQuery(); while (rs.next()) { String pg_id = rs.getString(1); pgIds.add(pg_id); } rs.close(); preparedStatement.close(); } catch (Exception ex) { if (log.isDebugEnabled()) log.debug( "Authorization|||getProtectionGroupRoleContextForUser|Failure|Error in obtaining the Protection Group - Role Context for the User Id " + userId + "|" + ex.getMessage()); throw new CSObjectNotFoundException( "An error occured in obtaining the Protection Group - Role Context for the User\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug( "Authorization|||getProtectionGroupRoleContextForUser|Failure|Error in Closing Session |" + ex2.getMessage()); } } try { s = HibernateSessionFactoryHelper.getAuditSession(sf); User user = (User) this.getObjectByPrimaryKey(User.class, userId); for (int i = 0; i < pgIds.size(); i++) { ProtectionGroup pg = (ProtectionGroup) this.getObjectByPrimaryKey(ProtectionGroup.class, pgIds.get(i).toString()); Criteria criteria = s.createCriteria(UserGroupRoleProtectionGroup.class); criteria.add(Restrictions.eq("user", user)); criteria.add(Restrictions.eq("protectionGroup", pg)); List list = criteria.list(); Iterator it = list.iterator(); Set roles = new HashSet(); while (it.hasNext()) { UserGroupRoleProtectionGroup ugrpg = (UserGroupRoleProtectionGroup) it.next(); roles.add(ugrpg.getRole()); } ProtectionGroupRoleContext pgrc = new ProtectionGroupRoleContext(); pgrc.setProtectionGroup(pg); pgrc.setRoles(roles); result.add(pgrc); } } catch (Exception ex) { if (log.isDebugEnabled()) log.debug( "Authorization|||getProtectionGroupRoleContextForUser|Failure|Error in obtaining the Protection Group - Role Context for the User Id " + userId + "|" + ex.getMessage()); throw new CSObjectNotFoundException( "An error occured in obtaining the Protection Group - Role Context for the User\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug( "Authorization|||getProtectionGroupRoleContextForUser|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug( "Authorization|||getProtectionGroupRoleContextForUser|Success|Successful in obtaining the Protection Group - Role Context for the User Id " + userId + "|"); return result; } public Set getProtectionGroupRoleContextForGroup(String groupId) throws CSObjectNotFoundException { Set result = new HashSet(); Session s = null; Connection connection = null; ArrayList pgIds = new ArrayList(); try { s = HibernateSessionFactoryHelper.getAuditSession(sf); connection = s.connection(); StringBuffer stbr = new StringBuffer(); stbr.append("SELECT distinct ugrp.protection_group_id "); stbr.append("FROM csm_user_group_role_pg ugrp , csm_group g "); stbr.append("where ugrp.group_id = g.group_id and "); stbr.append("ugrp.group_id = ?"); stbr.append(" and g.application_id = ?"); PreparedStatement preparedStatement = connection.prepareStatement(stbr.toString()); ; int i = 1; preparedStatement.setInt(i++, new Integer(groupId).intValue()); preparedStatement.setInt(i++, this.application.getApplicationId().intValue()); ResultSet rs = preparedStatement.executeQuery(); while (rs.next()) { String pg_id = rs.getString(1); pgIds.add(pg_id); } rs.close(); preparedStatement.close(); } catch (Exception ex) { if (log.isDebugEnabled()) log.debug( "Authorization|||getProtectionGroupRoleContextForUser|Failure|Error in obtaining the Protection Group - Role Context for the Group Id " + groupId + "|" + ex.getMessage()); throw new CSObjectNotFoundException( "An error occured in obtaining the Protection Group - Role Context for the Group\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug( "Authorization|||getProtectionGroupRoleContextForUser|Failure|Error in Closing Session |" + ex2.getMessage()); } } try { s = HibernateSessionFactoryHelper.getAuditSession(sf); Group group = (Group) this.getObjectByPrimaryKey(Group.class, groupId); for (int i = 0; i < pgIds.size(); i++) { ProtectionGroup pg = (ProtectionGroup) this.getObjectByPrimaryKey(ProtectionGroup.class, pgIds.get(i).toString()); Criteria criteria = s.createCriteria(UserGroupRoleProtectionGroup.class); criteria.add(Restrictions.eq("group", group)); criteria.add(Restrictions.eq("protectionGroup", pg)); List list = criteria.list(); Iterator it = list.iterator(); Set roles = new HashSet(); while (it.hasNext()) { UserGroupRoleProtectionGroup ugrpg = (UserGroupRoleProtectionGroup) it.next(); roles.add(ugrpg.getRole()); } ProtectionGroupRoleContext pgrc = new ProtectionGroupRoleContext(); pgrc.setProtectionGroup(pg); pgrc.setRoles(roles); result.add(pgrc); } } catch (Exception ex) { if (log.isDebugEnabled()) log.debug( "Authorization|||getProtectionGroupRoleContextForUser|Failure|Error in obtaining the Protection Group - Role Context for the Group Id " + groupId + "|" + ex.getMessage()); throw new CSObjectNotFoundException( "An error occured in obtaining the Protection Group - Role Context for the Group\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug( "Authorization|||getProtectionGroupRoleContextForUser|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug( "Authorization|||getProtectionGroupRoleContextForUser|Success|Successful in obtaining the Protection Group - Role Context for the Group Id " + groupId + "|"); return result; } /* (non-Javadoc) * @see gov.nih.nci.security.dao.AuthorizationDAO#getProtectionElementPrivilegeContextForUser(java.lang.String) */ public Set getProtectionElementPrivilegeContextForUser(String userId) throws CSObjectNotFoundException { Set protectionElementPrivilegeContextSet = new HashSet(); Session s = null; Connection connection = null; PreparedStatement preparedStatement = null; ResultSet rs = null; String currPEId = null; String prevPEId = null; String currPrivilegeId = null; Set privileges = null; Privilege privilege = null; List peList = new ArrayList(); List privList = new ArrayList(); boolean firstTime = true; ProtectionElementPrivilegeContext protectionElementPrivilegeContext = null; try { s = HibernateSessionFactoryHelper.getAuditSession(sf); connection = s.connection(); preparedStatement = Queries.getQueryforUserPEPrivilegeMap(userId, this.application.getApplicationId().intValue(), connection); rs = preparedStatement.executeQuery(); while (rs.next()) { peList.add(rs.getString(1)); privList.add(rs.getString(2)); } Iterator currPEIdIterator = peList.iterator(); Iterator currPrivilegeIdIterator = privList.iterator(); while (currPEIdIterator.hasNext()) { currPEId = (String) currPEIdIterator.next(); currPrivilegeId = (String) currPrivilegeIdIterator.next(); if (!currPEId.equals(prevPEId)) { protectionElementPrivilegeContext = new ProtectionElementPrivilegeContext(); protectionElementPrivilegeContextSet.add(protectionElementPrivilegeContext); ProtectionElement protectionElement = (ProtectionElement) this.getObjectByPrimaryKey(s, ProtectionElement.class, new Long(currPEId)); protectionElementPrivilegeContext.setProtectionElement(protectionElement); privileges = new HashSet(); protectionElementPrivilegeContext.setPrivileges(privileges); prevPEId = currPEId; } if (currPrivilegeId.equals("0")) { privilege = new Privilege(); privilege.setName("OWNER"); } else { privilege = (Privilege) this.getObjectByPrimaryKey(s, Privilege.class, new Long(currPrivilegeId)); } privileges.add(privilege); } } catch (Exception ex) { ex.printStackTrace(); if (log.isDebugEnabled()) log.debug( "Authorization|||getProtectionElementPrivilegeContextForUser|Failure|Error in Obtaining the PE Privileges Map|" + ex.getMessage()); } finally { try { preparedStatement.close(); rs.close(); } catch (Exception ex2) { } try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug( "Authorization|||getProtectionElementPrivilegeContextForUser|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug( "Authorization|||getProtectionElementPrivilegeContextForUser|Success|Successful in Obtaining the PE Privileges Map|"); return protectionElementPrivilegeContextSet; } /* (non-Javadoc) * @see gov.nih.nci.security.dao.AuthorizationDAO#getProtectionElementPrivilegeContextForGroup(java.lang.String) */ public Set getProtectionElementPrivilegeContextForGroup(String groupId) throws CSObjectNotFoundException { Set protectionElementPrivilegeContextSet = new HashSet(); Session s = null; Connection connection = null; PreparedStatement preparedStatement = null; ResultSet rs = null; String currPEId = null; String prevPEId = null; String currPrivilegeId = null; Set privileges = null; Privilege privilege = null; List peList = new ArrayList(); List privList = new ArrayList(); boolean firstTime = true; ProtectionElementPrivilegeContext protectionElementPrivilegeContext = null; try { s = HibernateSessionFactoryHelper.getAuditSession(sf); connection = s.connection(); preparedStatement = Queries.getQueryforGroupPEPrivilegeMap(groupId, this.application.getApplicationId().intValue(), connection); rs = preparedStatement.executeQuery(); while (rs.next()) { peList.add(rs.getString(1)); privList.add(rs.getString(2)); } Iterator currPEIdIterator = peList.iterator(); Iterator currPrivilegeIdIterator = privList.iterator(); while (currPEIdIterator.hasNext()) { currPEId = (String) currPEIdIterator.next(); currPrivilegeId = (String) currPrivilegeIdIterator.next(); if (!currPEId.equals(prevPEId)) { protectionElementPrivilegeContext = new ProtectionElementPrivilegeContext(); protectionElementPrivilegeContextSet.add(protectionElementPrivilegeContext); ProtectionElement protectionElement = (ProtectionElement) this.getObjectByPrimaryKey(s, ProtectionElement.class, new Long(currPEId)); protectionElementPrivilegeContext.setProtectionElement(protectionElement); privileges = new HashSet(); protectionElementPrivilegeContext.setPrivileges(privileges); prevPEId = currPEId; } if (currPrivilegeId.equals("0")) { privilege = new Privilege(); privilege.setName("OWNER"); } else { privilege = (Privilege) this.getObjectByPrimaryKey(s, Privilege.class, new Long(currPrivilegeId)); } privileges.add(privilege); } } catch (Exception ex) { ex.printStackTrace(); if (log.isDebugEnabled()) log.debug( "Authorization|||getProtectionElementPrivilegeContextForGroup|Failure|Error in Obtaining the PE Privileges Map|" + ex.getMessage()); } finally { try { preparedStatement.close(); rs.close(); } catch (Exception ex2) { } try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug( "Authorization|||getProtectionElementPrivilegeContextForGroup|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug( "Authorization|||getProtectionElementPrivilegeContextForGroup|Success|Successful in Obtaining the PE Privileges Map|"); return protectionElementPrivilegeContextSet; } public void modifyObject(Object obj) throws CSTransactionException { Session s = null; Transaction t = null; try { s = HibernateSessionFactoryHelper.getAuditSession(sf); t = s.beginTransaction(); try { obj = performEncrytionDecryption(obj, true); } catch (EncryptionException e) { throw new CSObjectNotFoundException(e); } try { obj = ObjectUpdater.trimObjectsStringFieldValues(obj); } catch (Exception e) { throw new CSObjectNotFoundException(e); } s.update(obj); t.commit(); s.flush(); auditLog.info("Updating the " + obj.getClass().getName().substring(obj.getClass().getName().lastIndexOf(".") + 1) + " Object "); } catch (PropertyValueException pve) { try { t.rollback(); } catch (Exception ex3) { if (log.isDebugEnabled()) log.debug("Authorization|||createObject|Failure|Error in Rolling Back Transaction|" + ex3.getMessage()); } if (log.isDebugEnabled()) log.debug("Authorization|||createObject|Failure|Error in Rolling Back Transaction|" + pve.getMessage()); throw new CSTransactionException( "An error occured in updating the " + StringUtilities.getClassName(obj.getClass().getName()) + ".\n" + " A null value was passed for a required attribute " + pve.getMessage().substring(pve.getMessage().indexOf(":")), pve); } catch (ConstraintViolationException cve) { try { t.rollback(); } catch (Exception ex3) { if (log.isDebugEnabled()) log.debug("Authorization|||createObject|Failure|Error in Rolling Back Transaction|" + ex3.getMessage()); } if (log.isDebugEnabled()) log.debug("Authorization|||createObject|Failure|Error in Rolling Back Transaction|" + cve.getMessage()); throw new CSTransactionException( "An error occured in updating the " + StringUtilities.getClassName(obj.getClass().getName()) + ".\n" + " Duplicate entry was found in the database for the entered data", cve); } catch (Exception ex) { log.error(ex); try { t.rollback(); } catch (Exception ex3) { if (log.isDebugEnabled()) log.debug("Authorization|||modifyObject|Failure|Error in Rolling Back Transaction|" + ex3.getMessage()); } if (log.isDebugEnabled()) log.debug("Authorization|||modifyObject|Failure|Error in modifying the " + obj.getClass().getName() + "|" + ex.getMessage()); throw new CSTransactionException("An error occured in modifying the " + StringUtilities.getClassName(obj.getClass().getName()) + "\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||modifyObject|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug("Authorization|||modifyObject|Success|Successful in modifying the " + obj.getClass().getName() + "|"); } public Application getApplication() { return this.application; } public void createObject(Object obj) throws CSTransactionException { Session s = null; Transaction t = null; try { try { obj = performEncrytionDecryption(obj, true); } catch (EncryptionException e) { throw new CSObjectNotFoundException(e); } try { obj = ObjectUpdater.trimObjectsStringFieldValues(obj); } catch (Exception e) { throw new CSObjectNotFoundException(e); } s = HibernateSessionFactoryHelper.getAuditSession(sf); t = s.beginTransaction(); s.save(obj); t.commit(); s.flush(); auditLog.info("Creating the " + obj.getClass().getName().substring(obj.getClass().getName().lastIndexOf(".") + 1) + " Object "); } catch (PropertyValueException pve) { try { t.rollback(); } catch (Exception ex3) { if (log.isDebugEnabled()) log.debug("Authorization|||createObject|Failure|Error in Rolling Back Transaction|" + ex3.getMessage()); } if (log.isDebugEnabled()) log.debug("Authorization|||createObject|Failure|Error in Rolling Back Transaction|" + pve.getMessage()); throw new CSTransactionException( "An error occured in creating the " + StringUtilities.getClassName(obj.getClass().getName()) + ".\n" + " A null value was passed for a required attribute " + pve.getMessage().substring(pve.getMessage().indexOf(":")), pve); } catch (ConstraintViolationException cve) { try { t.rollback(); } catch (Exception ex3) { if (log.isDebugEnabled()) log.debug("Authorization|||createObject|Failure|Error in Rolling Back Transaction|" + ex3.getMessage()); } if (log.isDebugEnabled()) log.debug("Authorization|||createObject|Failure|Error in Rolling Back Transaction|" + cve.getMessage()); throw new CSTransactionException( "An error occured in creating the " + StringUtilities.getClassName(obj.getClass().getName()) + ".\n" + " Duplicate entry was found in the database for the entered data", cve); } catch (Exception ex) { log.error(ex); try { t.rollback(); } catch (Exception ex3) { if (log.isDebugEnabled()) log.debug("Authorization|||createObject|Failure|Error in Rolling Back Transaction|" + ex3.getMessage()); } if (log.isDebugEnabled()) log.debug("Authorization|||createObject|Failure|Error in creating the " + obj.getClass().getName() + "|" + ex.getMessage()); throw new CSTransactionException("An error occured in creating the " + StringUtilities.getClassName(obj.getClass().getName()) + "\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||createObject|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug("Authorization|||createObject|Success|Successful in creating the " + obj.getClass().getName() + "|"); } /** * @param application * The application to set. */ public void setApplication(Application application) { this.application = application; } public Set getGroups(String userId) throws CSObjectNotFoundException { Session s = null; Set groups = new HashSet(); try { s = HibernateSessionFactoryHelper.getAuditSession(sf); User user = (User) this.getObjectByPrimaryKey(s, User.class, new Long(userId)); groups = user.getGroups(); Iterator groupIterator = groups.iterator(); Set removedGroups = new HashSet(); while (groupIterator.hasNext()) { Group g = (Group) groupIterator.next(); if (g.getApplication().getApplicationId().intValue() != this.application.getApplicationId() .intValue()) { removedGroups.add(g); } } groups.removeAll(removedGroups); List list = new ArrayList(); Iterator toSortIterator = groups.iterator(); while (toSortIterator.hasNext()) { list.add(toSortIterator.next()); } Collections.sort(list); groups.clear(); groups.addAll(list); log.debug("The result size:" + groups.size()); } catch (Exception ex) { log.error(ex); if (log.isDebugEnabled()) log.debug("Authorization|||getGroups|Failure|Error in obtaining Groups for User Id " + userId + "|" + ex.getMessage()); throw new CSObjectNotFoundException( "An error occurred while obtaining Associated Groups for the User\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||getGroups|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug( "Authorization|||getGroups|Success|Successful in obtaining Groups for User Id " + userId + "|"); return groups; } public Set getProtectionElements(String protectionGroupId) throws CSObjectNotFoundException { Session s = null; Set result = new HashSet(); try { s = HibernateSessionFactoryHelper.getAuditSession(sf); ProtectionGroup protectionGroup = (ProtectionGroup) this.getObjectByPrimaryKey(s, ProtectionGroup.class, new Long(protectionGroupId)); result = protectionGroup.getProtectionElements(); List list = new ArrayList(); Iterator toSortIterator = result.iterator(); while (toSortIterator.hasNext()) { list.add(toSortIterator.next()); } Collections.sort(list); result.clear(); result.addAll(list); log.debug("The result size is: " + result.size()); } catch (Exception ex) { if (log.isDebugEnabled()) log.debug( "Authorization|||getProtectionElements|Failure|Error in obtaining Protection Elements for Protection Group Id " + protectionGroupId + "|" + ex.getMessage()); throw new CSObjectNotFoundException( "An error occurred while obtaining Associated Protection Elements for the Protection Group\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||getProtectionElements|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug( "Authorization|||getProtectionElements|Success|Succesful in obtaining Protection Elements for Protection Group Id " + protectionGroupId + "|"); return result; } public Set getProtectionGroups(String protectionElementId) throws CSObjectNotFoundException { Session s = null; Set result = new HashSet(); try { s = HibernateSessionFactoryHelper.getAuditSession(sf); if (StringUtilities.isBlank(protectionElementId)) { throw new CSObjectNotFoundException("Primary key can't be null"); } ProtectionElement protectionElement = (ProtectionElement) this.getObjectByPrimaryKey(s, ProtectionElement.class, new Long(protectionElementId)); result = protectionElement.getProtectionGroups(); List list = new ArrayList(); Iterator toSortIterator = result.iterator(); while (toSortIterator.hasNext()) { list.add(toSortIterator.next()); } Collections.sort(list); result.clear(); result.addAll(list); log.debug("The result size:" + result.size()); } catch (Exception ex) { if (log.isDebugEnabled()) log.debug( "Authorization|||getProtectionGroups|Failure|Error in obtaining Protection Groups for Protection Element Id " + protectionElementId + "|" + ex.getMessage()); throw new CSObjectNotFoundException( "An error occurred while obtaining Associated Protection Groups for the Protection Element\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||getProtectionGroups|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug( "Authorization|||getProtectionGroups|Success|Successful in obtaining Protection Groups for Protection Element Id " + protectionElementId + "|"); return result; } public void addToProtectionGroups(String protectionElementId, String[] protectionGroupIds) throws CSTransactionException { Session s = null; Transaction t = null; try { s = HibernateSessionFactoryHelper.getAuditSession(sf); ProtectionElement protectionElement = (ProtectionElement) s.load(ProtectionElement.class, new Long(protectionElementId)); if (protectionElement == null) throw new CSTransactionException( "Authorization|||addToProtectionGroups|| Unable to retrieve Protection Element with ProtectionElementId :" + protectionElementId); Set<ProtectionGroup> protectionGroups = protectionElement.getProtectionGroups(); if (protectionGroups == null) protectionGroups = new HashSet(); for (int k = 0; k < protectionGroupIds.length; k++) { boolean assigned = false; if (protectionGroupIds[k] != null && protectionGroupIds[k].length() > 0) { ProtectionGroup pr = (ProtectionGroup) s.load(ProtectionGroup.class, new Long(protectionGroupIds[k])); if (pr != null) { Iterator it = protectionGroups.iterator(); while (it.hasNext()) { ProtectionGroup p = (ProtectionGroup) it.next(); if (p.equals(pr)) assigned = true; } if (!assigned) protectionGroups.add(pr); } } } protectionElement.setProtectionGroups(protectionGroups); t = s.beginTransaction(); s.update(protectionElement); t.commit(); s.flush(); auditLog.info("Adding Protection Groups to Protection Element with Object Id " + protectionElement.getObjectId() + " and Attribute " + protectionElement.getAttribute()); } catch (Exception ex) { log.error(ex); try { t.rollback(); } catch (Exception ex3) { if (log.isDebugEnabled()) log.debug("Authorization|||addToProtectionGroups|Failure|Error in Rolling Back Transaction|" + ex3.getMessage()); } if (log.isDebugEnabled()) log.debug("Authorization|||addToProtectionGroups|Failure|Error in assigning Protection Groups " + StringUtilities.stringArrayToString(protectionGroupIds) + " to protection element id " + protectionElementId + "|" + ex.getMessage()); throw new CSTransactionException( "An error occurred in adding Protection Groups to the Protection Element\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||addToProtectionGroups|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug("Authorization|||addToProtectionGroups|Success|Successful in adding Protection Groups" + StringUtilities.stringArrayToString(protectionGroupIds) + " to protection element id " + protectionElementId + "|"); } public void assignToProtectionGroups(String protectionElementId, String[] protectionGroupIds) throws CSTransactionException { Session s = null; Transaction t = null; try { s = HibernateSessionFactoryHelper.getAuditSession(sf); ProtectionElement protectionElement = (ProtectionElement) this.getObjectByPrimaryKey(s, ProtectionElement.class, new Long(protectionElementId)); s.close(); Set newSet = new HashSet(); for (int k = 0; k < protectionGroupIds.length; k++) { log.debug("The new list:" + protectionGroupIds[k]); ProtectionGroup pg = (ProtectionGroup) this.getObjectByPrimaryKey(ProtectionGroup.class, protectionGroupIds[k]); if (pg != null) { newSet.add(pg); } } protectionElement.setProtectionGroups(newSet); s = HibernateSessionFactoryHelper.getAuditSession(sf); t = s.beginTransaction(); s.update(protectionElement); t.commit(); s.flush(); auditLog.info("Assigning Protection Groups to Protection Element with Object Id " + protectionElement.getObjectId() + " and Attribute " + protectionElement.getAttribute()); } catch (Exception ex) { log.error(ex); try { t.rollback(); } catch (Exception ex3) { if (log.isDebugEnabled()) log.debug("Authorization|||assignToProtectionGroups|Failure|Error in Rolling Back Transaction|" + ex3.getMessage()); } if (log.isDebugEnabled()) log.debug("Authorization|||assignToProtectionGroups|Failure|Error in assigning Protection Groups " + StringUtilities.stringArrayToString(protectionGroupIds) + " to protection element id " + protectionElementId + "|" + ex.getMessage()); throw new CSTransactionException( "An error occurred in assigning Protection Groups to the Protection Element\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||assignToProtectionGroups|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug( "Authorization|||assignToProtectionGroups|Success|Successful in assigning Protection Groups Back Transaction" + StringUtilities.stringArrayToString(protectionGroupIds) + " to protection element id " + protectionElementId + "|"); } public void assignParentProtectionGroup(String parentProtectionGroupId, String childProtectionGroupId) throws CSTransactionException { Session s = null; Transaction t = null; try { s = HibernateSessionFactoryHelper.getAuditSession(sf); ProtectionGroup parent = null; ProtectionGroup child = (ProtectionGroup) this.getObjectByPrimaryKey(s, ProtectionGroup.class, new Long(childProtectionGroupId)); if (parentProtectionGroupId != null) { parent = (ProtectionGroup) this.getObjectByPrimaryKey(s, ProtectionGroup.class, new Long(parentProtectionGroupId)); } else { parent = null; } child.setParentProtectionGroup(parent); t = s.beginTransaction(); s.update(child); t.commit(); s.flush(); if (parent == null) { auditLog.info( "Parent of Protection Group " + child.getProtectionGroupName() + " successfully removed"); } else { auditLog.info("Assigning Protection Group " + parent.getProtectionGroupName() + " as Parent of Protection Group " + child.getProtectionGroupName()); } } catch (Exception ex) { log.error(ex); try { t.rollback(); } catch (Exception ex3) { if (log.isDebugEnabled()) log.debug( "Authorization|||assignParentProtectionGroup|Failure|Error in Rolling Back Transaction|" + ex3.getMessage()); } if (log.isDebugEnabled()) log.debug( "Authorization|||assignParentProtectionGroup|Failure|Error in assigning Parent Protection Groups" + parentProtectionGroupId + " to protection group id " + childProtectionGroupId + "|" + ex.getMessage()); throw new CSTransactionException( "An error occurred in assigning Parent Protection Group to the Protection Group\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||assignParentProtectionGroup|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug( "Authorization|||assignParentProtectionGroup|Success|Successful in assigning Parent Protection Groups" + parentProtectionGroupId + " to protection group id " + childProtectionGroupId + "|"); } private ObjectAccessMap getObjectAccessMap(String objectTypeName, String loginName, String privilegeName) { Hashtable accessMap = new Hashtable(); Session s = null; Connection connection = null; PreparedStatement preparedStatement = null; ResultSet rs = null; try { s = HibernateSessionFactoryHelper.getAuditSession(sf); connection = s.connection(); preparedStatement = Queries.getQueryForObjectMap(loginName, objectTypeName, privilegeName, this.application.getApplicationId().intValue(), connection); rs = preparedStatement.executeQuery(); while (rs.next()) { String att = rs.getString("attribute"); log.debug("The attribute is: " + att); Boolean b = new Boolean(true); accessMap.put(att.toLowerCase(), b); } } catch (Exception ex) { ex.printStackTrace(); if (log.isDebugEnabled()) log.debug("Authorization|||getObjectAccessMap|Failure|Error in Obtaining the Object Access Map|" + ex.getMessage()); } finally { try { preparedStatement.close(); rs.close(); } catch (Exception ex2) { ex2.printStackTrace(); } try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||getObjectAccessMap|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug("Authorization|||getObjectAccessMap|Success|Successful in Obtaining the Object Access Map|"); return new ObjectAccessMap(objectTypeName, accessMap); } public Object secureObject(String userName, Object obj) throws CSException { Object o = null; if (StringUtilities.isBlank(userName)) { throw new CSException("No user name have been supplied!"); } if (obj == null) { return obj; } Field[] fields = obj.getClass().getDeclaredFields(); for (int i = 0; i < fields.length; i++) { if (fields[i].getType().isPrimitive()) throw new CSException("The Object to be secured does not follow Java Bean Specification"); } try { Class cl = obj.getClass(); log.debug(cl.getName()); ObjectAccessMap accessMap = this.getObjectAccessMap(cl.getName(), userName, "READ"); log.debug(accessMap.toString()); o = cl.newInstance(); Method methods[] = cl.getDeclaredMethods(); for (int i = 0; i < methods.length; i++) { Method m = methods[i]; String name = m.getName(); //log.debug("Name from outer block"+name); //log.debug("Para type"+m.getParameterTypes()); if (name.startsWith("set") && (m.getModifiers() == Modifier.PUBLIC)) { String att = name.substring(3, name.length()); String methodName = "get" + att; //log.debug(methodName); Method m2 = cl.getMethod(methodName, (Class[]) null); //log.debug("Method Name m2"+m2.getName()); //log.debug(m2.invoke(obj,null)); if (!accessMap.hasAccess(att)) { m.invoke(o, new Object[] { null }); } else { m.invoke(o, new Object[] { m2.invoke(obj, (Object[]) null) }); } } } } catch (Exception ex) { if (log.isDebugEnabled()) log.debug("Authorization||" + userName + "|secureObject|Failure|Error in Secure Object|" + ex.getMessage()); throw new CSException("Failed to secure the object:" + ex.getMessage(), ex); } return o; } public Collection secureCollection(String userName, Collection collection) throws CSException { ArrayList result = new ArrayList(); if (collection.size() == 0) { return collection; } if (StringUtilities.isBlank(userName)) { throw new CSException("No userName have been supplied!"); } try { Iterator it = collection.iterator(); List l = (List) collection; Object obj_ = (Object) l.get(0); Class cl = obj_.getClass(); log.debug(cl.getName()); ObjectAccessMap accessMap = this.getObjectAccessMap(cl.getName(), userName, "READ"); while (it.hasNext()) { Object obj = (Object) it.next(); Object o = cl.newInstance(); Method methods[] = cl.getDeclaredMethods(); for (int i = 0; i < methods.length; i++) { Method m = methods[i]; String name = m.getName(); //log.debug("Name from outer block"+name); //log.debug("Para type"+m.getParameterTypes()); if (name.startsWith("set") && (m.getModifiers() == Modifier.PUBLIC)) { String att = name.substring(3, name.length()); String methodName = "get" + att; //log.debug(methodName); Method m2 = cl.getMethod(methodName, (Class[]) null); //log.debug("Method Name m2"+m2.getName()); //log.debug(m2.invoke(obj,null)); if (!accessMap.hasAccess(att)) { m.invoke(o, new Object[] { null }); } else { m.invoke(o, new Object[] { m2.invoke(obj, (Object[]) null) }); } } } result.add(o); } } catch (Exception ex) { if (log.isDebugEnabled()) log.debug("Authorization||" + userName + "|secureCollection|Failure|Error in Secure Collection|" + ex.getMessage()); throw new CSException("Failed to secure Collection:" + ex.getMessage(), ex); } return result; } public Object secureUpdate(String userName, Object originalObject, Object mutatedObject) throws CSException { //Object o = null; if (StringUtilities.isBlank(userName)) { throw new CSException("No user name have been supplied!"); } if (originalObject == null || mutatedObject == null) { return originalObject; } try { Class cl = originalObject.getClass(); log.debug(cl.getName()); ObjectAccessMap accessMap = this.getObjectAccessMap(cl.getName(), userName, "UPDATE"); //o = cl.newInstance(); Method methods[] = cl.getDeclaredMethods(); for (int i = 0; i < methods.length; i++) { Method m = methods[i]; String name = m.getName(); log.debug("Method is: " + name); //log.debug("Name from outer block"+name); //log.debug("Para type"+m.getParameterTypes()); if (name.startsWith("set") && (m.getModifiers() == Modifier.PUBLIC)) { String att = name.substring(3, name.length()); log.debug("Attribute is: " + att); String methodName = "get" + att; //log.debug(methodName); Method m2 = cl.getMethod(methodName, (Class[]) null); //log.debug("Method Name m2"+m2.getName()); //log.debug(m2.invoke(obj,null)); if (!accessMap.hasAccess(att)) { log.debug("No Access to update attribute: " + att); Object origValue = m2.invoke(originalObject, (Object[]) null); if (origValue != null) { log.debug("Original value is: " + origValue.toString()); } m.invoke(mutatedObject, new Object[] { origValue }); } else { log.debug("Access permitted to update attribute: " + att); } } } } catch (Exception ex) { log.error("Error Securing object", ex); if (log.isDebugEnabled()) log.debug("Authorization||" + userName + "|secureUpdate|Failure|Error in Secure Update|" + ex.getMessage()); throw new CSException("Failed to secure update the object:" + ex.getMessage(), ex); } return mutatedObject; } public Set getOwners(String protectionElementId) throws CSObjectNotFoundException { Session s = null; Set result = new TreeSet(); try { s = HibernateSessionFactoryHelper.getAuditSession(sf); ProtectionElement protectionElement = (ProtectionElement) this.getObjectByPrimaryKey(s, ProtectionElement.class, new Long(protectionElementId)); Set reresult = protectionElement.getOwners(); List list = new ArrayList(); Iterator toSortIterator = reresult.iterator(); while (toSortIterator.hasNext()) { list.add(toSortIterator.next()); } Collections.sort(list); result.addAll(list); log.debug("The result size is: " + result.size()); } catch (Exception ex) { if (log.isDebugEnabled()) log.debug( "Authorization|||getOwners|Failure|An Error occured in retrieving the Owners for the Protection Element Id " + protectionElementId + "|" + ex.getMessage()); throw new CSObjectNotFoundException( "An error occured in retrieving the Owners for the Protection Element\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||getOwners|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug( "Authorization|||getOwners|Success|Successful in retrieving the Owners for the Protection Element Id " + protectionElementId + "|"); return result; } public void addOwners(String protectionElementId, String[] userIds) throws CSTransactionException { Session s = null; Transaction t = null; try { s = HibernateSessionFactoryHelper.getAuditSession(sf); ProtectionElement protectionElement = (ProtectionElement) s.load(ProtectionElement.class, Long.parseLong(protectionElementId)); if (protectionElement == null) throw new CSTransactionException( "Authorization|||addOwners|| Unable to retrieve ProtectionElement with Id :" + protectionElementId); Set userSet = protectionElement.getOwners(); if (userSet == null) userSet = new HashSet(); for (int i = 0; i < userIds.length; i++) { boolean assigned = false; Iterator iterator = userSet.iterator(); while (iterator.hasNext()) { User us = (User) iterator.next(); if (userIds[i].equalsIgnoreCase(us.getUserId().toString())) ; assigned = true; } if (!assigned) { User user = (User) s.load(User.class, Long.parseLong(userIds[i])); if (user != null) userSet.add(user); } } t = s.beginTransaction(); s.update(protectionElement); t.commit(); s.flush(); auditLog.info("Adding Users as Owner of Protection Element with Object Id " + protectionElement.getObjectId() + " and Attribute " + protectionElement.getAttribute()); } catch (Exception ex) { log.error(ex); try { t.rollback(); } catch (Exception ex3) { if (log.isDebugEnabled()) log.debug("Authorization|||addOwners|Failure|Error in Rolling Back Transaction|" + ex3.getMessage()); } if (log.isDebugEnabled()) log.debug("Authorization|||addOwners|Failure|Error in assigning the Owners " + StringUtilities.stringArrayToString(userIds) + "for the Protection Element Id " + protectionElementId + "|"); throw new CSTransactionException( "An error occured in assigning Owners to the Protection Element\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||addOwners|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug("Authorization|||addOwners|Success|Successful in adding the Owners to Protection Element" + StringUtilities.stringArrayToString(userIds) + "for the Protection Element Id " + protectionElementId + "|"); } public void assignOwners(String protectionElementId, String[] userIds) throws CSTransactionException { Session s = null; Transaction t = null; try { Set users = new HashSet(); for (int i = 0; i < userIds.length; i++) { User user = (User) this.getObjectByPrimaryKey(User.class, userIds[i]); users.add(user); } ProtectionElement pe = (ProtectionElement) this.getObjectByPrimaryKey(ProtectionElement.class, protectionElementId); pe.setOwners(users); s = HibernateSessionFactoryHelper.getAuditSession(sf); t = s.beginTransaction(); s.update(pe); t.commit(); s.flush(); auditLog.info("Assigning Users as Owner of Protection Element with Object Id " + pe.getObjectId() + " and Attribute " + pe.getAttribute()); } catch (Exception ex) { log.error(ex); try { t.rollback(); } catch (Exception ex3) { if (log.isDebugEnabled()) log.debug("Authorization|||setOwners|Failure|Error in Rolling Back Transaction|" + ex3.getMessage()); } if (log.isDebugEnabled()) log.debug("Authorization|||setOwners|Failure|Error in assigning the Owners " + StringUtilities.stringArrayToString(userIds) + "for the Protection Element Id " + protectionElementId + "|"); throw new CSTransactionException( "An error occured in assigning Owners to the Protection Element\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||setOwners|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug("Authorization|||setOwners|Success|Successful in assigning the Owners " + StringUtilities.stringArrayToString(userIds) + "for the Protection Element Id " + protectionElementId + "|"); } public boolean checkOwnership(String userName, String protectionElementObjectId) { boolean test = false; Session s = null; PreparedStatement preparedStatement = null; Connection connection = null; ResultSet rs = null; try { s = HibernateSessionFactoryHelper.getAuditSession(sf); connection = s.connection(); StringBuffer stbr = new StringBuffer(); stbr.append("Select user_protection_element_id from" + " csm_user_pe upe, csm_user u, csm_protection_element pe" + " where pe.object_id = ? and u.login_name = ?" + " and upe.protection_element_id=pe.protection_element_id" + " and upe.user_id = u.user_id"); preparedStatement = connection.prepareStatement(stbr.toString()); ; int i = 1; preparedStatement.setString(i++, protectionElementObjectId); preparedStatement.setString(i++, userName); rs = preparedStatement.executeQuery(); if (rs.next()) { test = true; } } catch (Exception ex) { if (log.isDebugEnabled()) log.debug("Authorization||" + userName + "|checkOwnerShip|Failure|Error in checking ownership for user " + userName + " and Protection Element " + protectionElementObjectId + "|" + ex.getMessage()); } finally { try { rs.close(); preparedStatement.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug( "Authorization|||checkOwnerShip|Failure|Error in Closing Session |" + ex2.getMessage()); } try { s.close(); } catch (Exception ex) { } } if (log.isDebugEnabled()) log.debug("Authorization||" + userName + "|checkOwnerShip|Success|Successful in checking ownership for user " + userName + " and Protection Element " + protectionElementObjectId + "|"); return test; } public Collection getPrivilegeMap(String userName, Collection pEs) throws CSException { ArrayList result = new ArrayList(); ResultSet rs = null; PreparedStatement pstmt = null; boolean test = false; Session s = null; Connection connection = null; if (StringUtilities.isBlank(userName)) { throw new CSException("userName can't be null!"); } if (pEs == null) { throw new CSException("protection elements collection can't be null!"); } if (pEs.size() == 0) { return result; } try { s = HibernateSessionFactoryHelper.getAuditSession(sf); connection = s.connection(); StringBuffer stbr = new StringBuffer(); stbr.append(" select distinct(p.privilege_name)"); stbr.append(" from csm_protection_group pg,"); stbr.append(" csm_protection_element pe,"); stbr.append(" csm_pg_pe pgpe,"); stbr.append(" csm_user_group_role_pg ugrpg,"); stbr.append(" csm_user u,"); stbr.append(" csm_group g,"); stbr.append(" csm_user_group ug,"); stbr.append(" csm_role_privilege rp,"); stbr.append(" csm_privilege p "); stbr.append(" where pgpe.protection_group_id = pg.protection_group_id"); stbr.append(" and pgpe.protection_element_id = pe.protection_element_id"); stbr.append(" and pe.object_id= ?"); stbr.append(" and (pe.attribute is null or pe.attribute=?)"); stbr.append(" and pg.protection_group_id = ugrpg.protection_group_id "); stbr.append(" and (( ugrpg.group_id = g.group_id"); stbr.append(" and g.group_id = ug.group_id"); stbr.append(" and ug.user_id = u.user_id)"); stbr.append(" or "); stbr.append(" (ugrpg.user_id = u.user_id))"); stbr.append(" and u.login_name=?"); stbr.append(" and ugrpg.role_id = rp.role_id "); stbr.append(" and rp.privilege_id = p.privilege_id"); String sql = stbr.toString(); pstmt = connection.prepareStatement(sql); Iterator it = pEs.iterator(); while (it.hasNext()) { ProtectionElement pe = (ProtectionElement) it.next(); ArrayList privs = new ArrayList(); if (pe.getObjectId() != null) { pstmt.setString(1, pe.getObjectId()); if (pe.getAttribute() != null) { pstmt.setString(2, pe.getAttribute()); } else { // Using blank string to act as NULL pstmt.setString(2, ""); } pstmt.setString(3, userName); } rs = pstmt.executeQuery(); while (rs.next()) { String priv = rs.getString(1); Privilege p = new Privilege(); p.setName(priv); privs.add(p); } rs.close(); ObjectPrivilegeMap opm = new ObjectPrivilegeMap(pe, privs); result.add(opm); } //Collections.sort(result); pstmt.close(); } catch (Exception ex) { if (log.isDebugEnabled()) log.debug("Failed to get privileges for " + userName + "|" + ex.getMessage()); throw new CSException("Failed to get privileges for " + userName + "|" + ex.getMessage(), ex); } finally { try { s.close(); rs.close(); pstmt.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||getPrivilegeMap|Failure|Error in Closing Session |" + ex2.getMessage()); } } return result; } private Object performEncrytionDecryption(Object obj, boolean encrypt) throws EncryptionException { if (obj instanceof User) { User user = (User) obj; //if(this.isEncryptionEnabled && StringUtilities.initTrimmedString(user.getPassword()).length()>0){ if (this.isEncryptionEnabled) { StringEncrypter stringEncrypter = new StringEncrypter(); if (encrypt) { if (user.getPassword() != null && !user.getPassword().equals("")) user.setPassword(stringEncrypter.encrypt(user.getPassword().trim())); if (user.getFirstName() != null && !user.getFirstName().equals("")) user.setFirstName(stringEncrypter.encrypt(user.getFirstName().trim())); if (user.getLastName() != null && !user.getLastName().equals("")) user.setLastName(stringEncrypter.encrypt(user.getLastName().trim())); if (user.getOrganization() != null && !user.getOrganization().equals("")) user.setOrganization(stringEncrypter.encrypt(user.getOrganization().trim())); if (user.getDepartment() != null && !user.getDepartment().equals("")) user.setDepartment(stringEncrypter.encrypt(user.getDepartment().trim())); if (user.getTitle() != null && !user.getTitle().equals("")) user.setTitle(stringEncrypter.encrypt(user.getTitle().trim())); if (user.getPhoneNumber() != null && !user.getPhoneNumber().equals("")) user.setPhoneNumber(stringEncrypter.encrypt(user.getPhoneNumber().trim())); if (user.getEmailId() != null && !user.getEmailId().equals("")) user.setEmailId(stringEncrypter.encrypt(user.getEmailId().trim())); } else { if (user.getPassword() != null && !user.getPassword().equals("")) user.setPassword(stringEncrypter.decrypt(user.getPassword().trim())); if (user.getFirstName() != null && !user.getFirstName().equals("")) user.setFirstName(stringEncrypter.decrypt(user.getFirstName().trim())); if (user.getLastName() != null && !user.getLastName().equals("")) user.setLastName(stringEncrypter.decrypt(user.getLastName().trim())); if (user.getOrganization() != null && !user.getOrganization().equals("")) user.setOrganization(stringEncrypter.decrypt(user.getOrganization().trim())); if (user.getDepartment() != null && !user.getDepartment().equals("")) user.setDepartment(stringEncrypter.decrypt(user.getDepartment().trim())); if (user.getTitle() != null && !user.getTitle().equals("")) user.setTitle(stringEncrypter.decrypt(user.getTitle().trim())); if (user.getPhoneNumber() != null && !user.getPhoneNumber().equals("")) user.setPhoneNumber(stringEncrypter.decrypt(user.getPhoneNumber().trim())); if (user.getEmailId() != null && !user.getEmailId().equals("")) user.setEmailId(stringEncrypter.decrypt(user.getEmailId().trim())); } } return user; } if (obj instanceof Application) { Application application = (Application) obj; if (this.isEncryptionEnabled && StringUtilities.initTrimmedString(application.getDatabasePassword()).length() > 0) { StringEncrypter stringEncrypter = new StringEncrypter(); if (encrypt) { application .setDatabasePassword(stringEncrypter.encrypt(application.getDatabasePassword().trim())); } else { application .setDatabasePassword(stringEncrypter.decrypt(application.getDatabasePassword().trim())); } } return application; } return obj; } public Application getApplication(String applicationContextName) throws CSObjectNotFoundException { return getApplicationByName(applicationContextName); } public void removeOwnerForProtectionElement(String loginName, String protectionElementObjectId, String protectionElementAttributeName) throws CSTransactionException { Session s = null; Transaction t = null; if (StringUtilities.isBlank(loginName)) { throw new CSTransactionException("Login Name can't be null"); } if (StringUtilities.isBlank(protectionElementObjectId)) { throw new CSTransactionException("Object Id can't be null"); } try { s = HibernateSessionFactoryHelper.getAuditSession(sf); User user = getLightWeightUser(loginName); if (user == null) { throw new CSTransactionException("No user found for this login name"); } ProtectionElement pe = new ProtectionElement(); pe.setObjectId(protectionElementObjectId); pe.setApplication(application); if (protectionElementAttributeName != null && protectionElementAttributeName.length() > 0) { pe.setAttribute(protectionElementAttributeName); } SearchCriteria sc = new ProtectionElementSearchCriteria(pe); List l = this.getObjects(s, sc); if (l.size() == 0) { throw new CSTransactionException( "No Protection Element found for the given object id and attribute"); } ProtectionElement protectionElement = (ProtectionElement) l.get(0); Set ownerList = protectionElement.getOwners(); if (ownerList == null || ownerList.size() == 0) { /*ownerList = new HashSet(); ownerList.add(user);*/ } else { if (ownerList.contains(user)) { ownerList.remove(user); } } protectionElement.setOwners(ownerList); t = s.beginTransaction(); s.save(protectionElement); t.commit(); s.flush(); auditLog.info("Removing User " + loginName + " as Owner for Protection Element with Object Id " + protectionElement.getObjectId() + " and Attribute " + protectionElement.getAttribute()); } catch (Exception ex) { log.error(ex); try { t.rollback(); } catch (Exception ex3) { if (log.isDebugEnabled()) log.debug( "Authorization|||removeOwnerForProtectionElement|Failure|Error in Rolling Back Transaction|" + ex3.getMessage()); } if (log.isDebugEnabled()) log.debug( "Authorization|||removeOwnerForProtectionElement|Failure|Error removing owner for Protection Element object Name" + protectionElementObjectId + " and Attribute Id " + protectionElementAttributeName + " for user " + loginName + "|" + ex.getMessage()); throw new CSTransactionException( "An error occured in removing owner for the Protection Element\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||removeOwnerForProtectionElement|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug( "Authorization|||setOwnerForProtectionElement|Success|Success in removing owner for Protection Element object Name" + protectionElementObjectId + " and Attribute Id " + protectionElementAttributeName + " for user " + loginName + "|"); } public void removeOwnerForProtectionElement(String protectionElementObjectId, String[] userNames) throws CSTransactionException { Session s = null; Transaction t = null; if (StringUtilities.isBlank(protectionElementObjectId)) { throw new CSTransactionException("object Id can't be null!"); } try { Set users = new HashSet(); for (int i = 0; i < userNames.length; i++) { User user = this.getUser(userNames[i]); if (user != null) { users.add(user); } } ProtectionElement pe = new ProtectionElement(); pe.setObjectId(protectionElementObjectId); pe.setApplication(application); SearchCriteria sc = new ProtectionElementSearchCriteria(pe); List l = this.getObjects(sc); ProtectionElement protectionElement = (ProtectionElement) l.get(0); Set ownerList = protectionElement.getOwners(); if (ownerList != null && ownerList.size() > 0) { Iterator iterator = users.iterator(); while (iterator.hasNext()) { User user = (User) iterator.next(); if (ownerList.contains(user)) { ownerList.remove(user); } } } protectionElement.setOwners(ownerList); s = HibernateSessionFactoryHelper.getAuditSession(sf); t = s.beginTransaction(); s.update(protectionElement); t.commit(); s.flush(); auditLog.info("Removing Users as Owner for Protection Element with Object Id " + protectionElement.getObjectId() + " and Attribute " + protectionElement.getAttribute()); } catch (Exception ex) { log.error(ex); try { t.rollback(); } catch (Exception ex3) { if (log.isDebugEnabled()) log.debug( "Authorization|||removeOwnerForProtectionElement|Failure|Error in Rolling Back Transaction|" + ex3.getMessage()); } if (log.isDebugEnabled()) log.debug( "Authorization|||removeOwnerForProtectionElement|Failure|Error removing owner for Protection Element object Name" + protectionElementObjectId + " for users " + StringUtilities.stringArrayToString(userNames) + "|" + ex.getMessage()); throw new CSTransactionException( "An error occured in removing multiple owners for the Protection Element\n" + ex.getMessage(), ex); } finally { try { s.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||removeOwnerForProtectionElement|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug( "Authorization|||removeOwnerForProtectionElement|Success|Successful in removing owner for Protection Element object Name" + protectionElementObjectId + " for users " + StringUtilities.stringArrayToString(userNames) + "|"); } public List getAttributeMap(String userName, String className, String privilegeName) { List attributeList = new ArrayList(); ResultSet resultSet = null; Session session = HibernateSessionFactoryHelper.getAuditSession(sf); Connection connection = session.connection(); PreparedStatement preparedStatement = null; try { preparedStatement = Queries.getQueryforUserAttributeMap(userName, className, privilegeName, this.application.getApplicationId().intValue(), connection); resultSet = preparedStatement.executeQuery(); while (resultSet.next()) { attributeList.add(resultSet.getString(1)); } } catch (Exception ex) { ex.printStackTrace(); if (log.isDebugEnabled()) log.debug("Authorization|||getAttributeMap|Failure|Error in Obtaining the Attribute Map|" + ex.getMessage()); } finally { try { preparedStatement.close(); resultSet.close(); } catch (Exception ex2) { } try { session.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||getAttributeMap|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug("Authorization|||getAttributeMap|Success|Successful in Obtaining the Attribute Map|"); return attributeList; } public List getAttributeMapForGroup(String groupName, String className, String privilegeName) { List attributeList = new ArrayList(); ResultSet resultSet = null; Session session = HibernateSessionFactoryHelper.getAuditSession(sf); Connection connection = session.connection(); PreparedStatement preparedStatement = null; try { preparedStatement = Queries.getQueryforGroupAttributeMap(groupName, className, privilegeName, this.application.getApplicationId().intValue(), connection); resultSet = preparedStatement.executeQuery(); while (resultSet.next()) { attributeList.add(resultSet.getString(1)); } } catch (Exception ex) { ex.printStackTrace(); if (log.isDebugEnabled()) log.debug("Authorization|||getAttributeMapForGroups|Failure|Error in Obtaining the Attribute Map|" + ex.getMessage()); } finally { try { preparedStatement.close(); resultSet.close(); } catch (Exception ex2) { } try { session.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||getAttributeMapForGroups|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug( "Authorization|||getAttributeMapForGroups|Success|Successful in Obtaining the Attribute Map|"); return attributeList; } public void refreshInstanceTables(boolean instanceLevelSecurityForUser) throws CSObjectNotFoundException, CSDataAccessException { //Get Mapping Table Entries for Instance Level Security performance. InstanceLevelMappingElement mappingElement = new InstanceLevelMappingElement(); List<InstanceLevelMappingElement> mappingElements = getObjects( new InstanceLevelMappingElementSearchCriteria(mappingElement)); if (mappingElements == null || mappingElements.size() == 0) { //throw new RuntimeException ("Instance Level Mappging Elements does not exist"); throw new CSObjectNotFoundException("Instance Level Mapping Elements do not exist."); } Statement statement = null; Transaction transaction = null; Session session = null; Connection connection = null; try { session = HibernateSessionFactoryHelper.getAuditSession(sf); transaction = session.beginTransaction(); //transaction.setTimeout(10000); connection = session.connection(); connection.setAutoCommit(false); statement = connection.createStatement(); Iterator mappingElementsIterator = mappingElements.iterator(); while (mappingElementsIterator.hasNext()) { InstanceLevelMappingElement instanceLevelMappingEntry = (InstanceLevelMappingElement) mappingElementsIterator .next(); if (instanceLevelMappingEntry != null) { if (instanceLevelMappingEntry.getActiveFlag() == 0) { // Not active, so ignore this Object + Attribute from refresh logic. continue; } if (!StringUtilities.isAlphaNumeric(instanceLevelMappingEntry.getAttributeName()) || !StringUtilities.isAlphaNumeric(instanceLevelMappingEntry.getObjectName())) { //Mapping Entry is invalid. throw new CSObjectNotFoundException( "Invalid Instance Level Mapping Element. Instance Level Security breach is possible."); } } else { //Mapping Entry is invalid. continue; //throw new Exception("Invalid Instance Level Mapping Element. Instance Level Security breach is possible."); } //get the Table Name and View Name for each object. String applicationID = this.application.getApplicationId().toString(); String peiTableName, tableNameUser, viewNameUser, tableNameGroup, viewNameGroup = null; String peiObjectId = null; if (StringUtilities.isBlank(instanceLevelMappingEntry.getObjectPackageName())) { peiObjectId = instanceLevelMappingEntry.getObjectName().trim(); } else { peiObjectId = instanceLevelMappingEntry.getObjectPackageName().trim() + "." + instanceLevelMappingEntry.getObjectName().trim(); } String peiAttribute = instanceLevelMappingEntry.getAttributeName().trim(); if (StringUtilities.isBlank(instanceLevelMappingEntry.getTableName())) { peiTableName = "CSM_PEI_" + instanceLevelMappingEntry.getObjectName() + "_" + instanceLevelMappingEntry.getAttributeName(); } else { peiTableName = instanceLevelMappingEntry.getTableName(); } if (StringUtilities.isBlank(instanceLevelMappingEntry.getTableNameForUser())) { tableNameUser = "CSM_" + instanceLevelMappingEntry.getObjectName() + "_" + instanceLevelMappingEntry.getAttributeName() + "_USER"; } else { tableNameUser = instanceLevelMappingEntry.getTableNameForUser(); } if (StringUtilities.isBlank(instanceLevelMappingEntry.getViewNameForUser())) { viewNameUser = "CSM_VW_" + instanceLevelMappingEntry.getObjectName() + "_" + instanceLevelMappingEntry.getAttributeName() + "_USER"; } else { viewNameUser = instanceLevelMappingEntry.getViewNameForUser(); } if (StringUtilities.isBlank(instanceLevelMappingEntry.getTableNameForGroup())) { tableNameGroup = "CSM_" + instanceLevelMappingEntry.getObjectName() + "_" + instanceLevelMappingEntry.getAttributeName() + "_GROUP"; } else { tableNameGroup = instanceLevelMappingEntry.getTableNameForGroup(); } if (StringUtilities.isBlank(instanceLevelMappingEntry.getViewNameForGroup())) { viewNameGroup = "CSM_VW_" + instanceLevelMappingEntry.getObjectName() + "_" + instanceLevelMappingEntry.getAttributeName() + "_GROUP"; } else { viewNameGroup = instanceLevelMappingEntry.getViewNameForGroup(); } /* Optional: Add Additional checks regarding Table and View record count. * At the time of delete, if the MINUS is close to or greater than 50% of the records of the Table, * then truncate table instead of deleting using delete statement. * * Note: No buffering until real tests warrant buffering. */ byte activeFlag = instanceLevelMappingEntry.getActiveFlag(); if (activeFlag == 1) { //refresh PEI Table statement.addBatch("alter table " + peiTableName + " disable keys"); statement.addBatch("truncate " + peiTableName); statement.addBatch("delete from " + peiTableName + " where application_id = " + applicationID + " and protection_element_id " + " not in (" + " select pe.protection_element_id from csm_protection_element pe" + " where pe.object_id = '" + peiObjectId + "' and pe.attribute = '" + peiAttribute + "' and pe.application_id = " + applicationID + " )"); statement.executeBatch(); statement.addBatch("insert into " + peiTableName + " (protection_element_id, attribute_value, application_id) " + " select protection_element_id, attribute_value,application_id from csm_protection_element pe" + " where pe.object_id = '" + peiObjectId + "' and pe.attribute = '" + peiAttribute + "' and pe.application_id = " + applicationID + " and pe.attribute_value is not null "); //"and protection_element_id not in (select protection_element_id from "+peiTableName+" )"); statement.addBatch("alter table " + peiTableName + " enable keys"); statement.executeBatch(); if (instanceLevelSecurityForUser) { statement.addBatch("alter table " + tableNameUser + " disable keys"); statement.addBatch("truncate " + tableNameUser); /*statement.addBatch("delete from "+tableNameUser+"" + " where (user_id,privilege_name,attribute_value,application_id) " + " not in (" + " select user_id,privilege_name,attribute_value,application_id from "+viewNameUser+ ");");*/ statement.executeBatch(); statement.addBatch("insert into " + tableNameUser + " (user_id,login_name,privilege_name,attribute_value,application_id) " + " select distinct user_id,login_name,privilege_name,attribute_value,application_id from " + viewNameUser + " " + " where attribute_value is not null "); /*and (user_id,privilege_name,attribute_value,application_id) " + " not in ( select user_id,privilege_name,attribute_value,application_id from "+tableNameUser+" )");*/ statement.addBatch("alter table " + tableNameUser + " enable keys"); statement.executeBatch(); } else { statement.addBatch("alter table " + tableNameGroup + " disable keys"); statement.addBatch("truncate " + tableNameGroup); /*statement.addBatch("delete from "+tableNameGroup+"" + " where (group_id,privilege_name,attribute_value,application_id) " + " not in (" + " select group_id,privilege_name,attribute_value,application_id from "+viewNameGroup+ ")");*/ statement.addBatch("insert into " + tableNameGroup + " (group_id,group_name,privilege_name,attribute_value,application_id) " + " select distinct group_id,group_name,privilege_name,attribute_value,application_id from " + viewNameGroup + " " + " where attribute_value is not null"); /*(group_ID,privilege_name,attribute_value,application_id) " + " not in (" + " select group_id,privilege_name,attribute_value,application_id from "+tableNameGroup+" )");*/ statement.addBatch("alter table " + tableNameGroup + " enable keys"); statement.executeBatch(); } } } transaction.commit(); statement.close(); } catch (CSObjectNotFoundException e1) { if (transaction != null) { try { transaction.rollback(); } catch (Exception ex3) { } } throw new CSObjectNotFoundException(e1.getMessage()); } catch (SQLException e1) { if (transaction != null) { try { transaction.rollback(); } catch (Exception ex3) { } } throw new CSDataAccessException("Unable to perform data refresh for instance level security."); } catch (Exception e) { if (transaction != null) { try { transaction.rollback(); } catch (Exception ex3) { } } throw new CSDataAccessException("Unable to perform data refresh for instance level security."); } finally { try { connection.close(); } catch (Exception ex2) { } try { session.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||refreshInstanceTables|Failure|Error in Closing Session |" + ex2.getMessage()); } } } public void maintainInstanceTables(String instanceLevelMappingElementId) throws CSObjectNotFoundException, CSDataAccessException { // Get Mapping Table Entries for Instance Level Security performance. InstanceLevelMappingElement mappingElement = new InstanceLevelMappingElement(); if (!StringUtilities.isBlank(instanceLevelMappingElementId)) { mappingElement.setMappingId(new Long(instanceLevelMappingElementId)); } List<InstanceLevelMappingElement> mappingElements = getObjects( new InstanceLevelMappingElementSearchCriteria(mappingElement)); if (mappingElements == null || mappingElements.size() == 0) { // No Mapping Elements. So no tables to maintain return; } Statement statement = null; Transaction transaction = null; Session session = null; Connection connection = null; try { session = HibernateSessionFactoryHelper.getAuditSession(sf); transaction = session.beginTransaction(); connection = session.connection(); connection.setAutoCommit(false); statement = connection.createStatement(); //create view CSM_VW_ROLE_PRIV statement.addBatch(" create or replace view csm_vw_role_priv" + " as" + " select crp.role_id, substr(cp.privilege_name, 1, 30) privilege_name, cr.application_id" + " from csm_role_privilege crp, csm_privilege cp, csm_role cr" + " where crp.role_id = cr.role_id and crp.privilege_id = cp.privilege_id" + " and cr.active_flag = 1"); Iterator mappingElementsIterator = mappingElements.iterator(); while (mappingElementsIterator.hasNext()) { InstanceLevelMappingElement instanceLevelMappingEntry = (InstanceLevelMappingElement) mappingElementsIterator .next(); if (instanceLevelMappingEntry != null) { if (instanceLevelMappingEntry.getActiveFlag() == 0) { // Not active, so ignore this Object + Attribute from table/view maintain logic. continue; } if (StringUtilities.isAlphaNumeric(instanceLevelMappingEntry.getAttributeName()) && StringUtilities.isAlphaNumeric(instanceLevelMappingEntry.getObjectName())) { //Mapping Entry is valid. } else { // Mapping Entry is invalid. //ignore this mapping element. continue; } } else { //Mapping Entry is invalid. continue; //throw new Exception("Invalid Instance Level Mapping Element. Instance Level Security breach is possible."); } //mark this mappging entry is maintained. statement.addBatch("update csm_mapping set maintained_flag = '1' " + "where mapping_id = " + instanceLevelMappingEntry.getMappingId()); //get the Table Name and View Name for each object. String peiTableName, tableNameUser, viewNameUser, tableNameGroup, viewNameGroup = null; if (StringUtilities.isBlank(instanceLevelMappingEntry.getTableName())) { peiTableName = "csm_pei_" + instanceLevelMappingEntry.getObjectName() + "_" + instanceLevelMappingEntry.getAttributeName(); } else { peiTableName = instanceLevelMappingEntry.getTableName(); } if (StringUtilities.isBlank(instanceLevelMappingEntry.getTableNameForUser())) { tableNameUser = "csm_" + instanceLevelMappingEntry.getObjectName() + "_" + instanceLevelMappingEntry.getAttributeName() + "_user"; } else { tableNameUser = instanceLevelMappingEntry.getTableNameForUser(); } if (StringUtilities.isBlank(instanceLevelMappingEntry.getViewNameForUser())) { viewNameUser = "csm_vw_" + instanceLevelMappingEntry.getObjectName() + "_" + instanceLevelMappingEntry.getAttributeName() + "_user"; } else { viewNameUser = instanceLevelMappingEntry.getViewNameForUser(); } if (StringUtilities.isBlank(instanceLevelMappingEntry.getTableNameForGroup())) { tableNameGroup = "csm_" + instanceLevelMappingEntry.getObjectName() + "_" + instanceLevelMappingEntry.getAttributeName() + "_group"; } else { tableNameGroup = instanceLevelMappingEntry.getTableNameForGroup(); } if (StringUtilities.isBlank(instanceLevelMappingEntry.getViewNameForGroup())) { viewNameGroup = "csm_vw_" + instanceLevelMappingEntry.getObjectName() + "_" + instanceLevelMappingEntry.getAttributeName() + "_group"; } else { viewNameGroup = instanceLevelMappingEntry.getViewNameForGroup(); } /* Optional: Add Additional checks regarding Table and View record count. * At the time of delete, if the MINUS is close to or greater than 50% of the records of the Table, * then truncate table instead of deleting using delete statement. * * Note: No buffering until real tests warrant buffering. */ byte activeFlag = instanceLevelMappingEntry.getActiveFlag(); if (activeFlag == 1) { //create pei table statement.addBatch("create table if not exists " + peiTableName + " (" + " application_id bigint(20) not null," + " attribute_value bigint(20) not null," + " protection_element_id bigint(20) not null," + " primary key (protection_element_id)," + " unique key uq_mp_obj_name_attri_val_app_id (protection_element_id,attribute_value,application_id)," + " key idx_application_id (application_id)," + " constraint fk_pe_application1 foreign key fk_pe_application1 (application_id) references csm_application (application_id) on delete cascade on update cascade" + " );"); //create tableNameForUser statement.addBatch("create table if not exists " + tableNameUser + " (" + " user_id bigint(20) not null," + " login_name varchar(200) not null," + " privilege_name varchar(30) not null," + " application_id bigint(20) not null," + " attribute_value bigint(20) not null," + " unique key uq_userid_aid_pri_atr (user_id,application_id, privilege_name,attribute_value)," + " unique key uq_lgnnam_aid_pri_atr (login_name,application_id, privilege_name,attribute_value)," + " key idx_user_id (user_id)," + " key idx_login_name (login_name)," + " key idx_application_id (application_id)," + " key idx_privilege_name (privilege_name)," + " key idx_attribute_value(attribute_value)" + " );"); //create tableNameForGroup statement.addBatch("create table if not exists " + tableNameGroup + " (" + " group_id bigint(20) not null," + " group_name varchar(100) not null," + " privilege_name varchar(30) not null," + " application_id bigint(20) not null," + " attribute_value bigint(20) not null," + " unique key uq_grpid_aid_pri_atr (group_id,application_id, privilege_name,attribute_value)," + " unique key grpnm_aid_pri_atr (group_name,application_id, privilege_name,attribute_value)," + " key idx_group_id (group_id)," + " key idx_group_name (group_name)," + " key idx_application_id (application_id)," + " key idx_privilege_name (privilege_name)," + " key idx_attribute_value(attribute_value)" + " );"); statement.executeBatch(); //create viewNameForUser //Note: the User level view does not consider 'Owner' users in this View/ Filter Query. statement.addBatch("create or replace view " + viewNameUser + "_temp" + " as select pr.user_id,u.login_name,pr.role_id,pe.application_id,pe.attribute_value" + " from csm_pg_pe cp, " + peiTableName + " pe, csm_user_group_role_pg pr, csm_user u" + " where cp.protection_element_id = pe.protection_element_id and cp.protection_group_id = pr.protection_group_id and pr.user_id = u.user_id;"); statement.executeBatch(); statement.addBatch("create or replace view " + viewNameUser + " as" + " select pe.user_id, pe.login_name ,pr.privilege_name,pe.application_id,pe.attribute_value" + " from " + viewNameUser + "_temp pe,csm_vw_role_priv pr" + " where pe.role_id = pr.role_id"); //create viewNameForGroup statement.addBatch("create or replace view " + viewNameGroup + "_temp" + " as" + " select pr.group_id, g.group_name,pr.role_id, pe.application_id, pe.attribute_value" + " from csm_pg_pe cp, " + peiTableName + " pe, csm_user_group_role_pg pr, csm_group g" + " where cp.protection_element_id = pe.protection_element_id" + " and cp.protection_group_id = pr.protection_group_id and pr.group_id = g.group_id"); statement.executeBatch(); statement.addBatch("create or replace view " + viewNameGroup + " as" + " select pe.group_id, pe.group_name, pr.privilege_name, pe.application_id, pe.attribute_value" + " from " + viewNameGroup + "_temp pe, csm_vw_role_priv pr" + " where pe.role_id = pr.role_id"); } } statement.executeBatch(); transaction.commit(); statement.close(); } catch (SQLException e1) { if (transaction != null) { try { transaction.rollback(); } catch (Exception ex3) { } } throw new CSDataAccessException("Unable to maintain tables/views for instance level security."); } catch (Exception e) { if (transaction != null) { try { transaction.rollback(); } catch (Exception ex3) { } } throw new CSDataAccessException("Unable to maintain tables/views for instance level security."); } finally { try { connection.close(); } catch (Exception ex2) { } try { session.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||maintainInstanceTables|Failure|Error in Closing Session |" + ex2.getMessage()); } } } @Override public void validateUser(User user) throws CSException { //For LDAP user, password is empty. Password is not a required field. DataConfiguration config = ConfigurationHelper.getConfiguration(); log.info("******Inside Validate User(((((()))))))))...."); if (user.getPassword() != null && user.getPassword().trim().length() > 0) { validatePassword(user.getPassword()); // added PV below if (user.getLoginName().equalsIgnoreCase(user.getPassword())) { throw new CSException("The password and LoginName should be different values..."); } // added PV below if (checkPasswordHistory(user.getLoginName(), user.getPassword(), Integer.parseInt(config.getString("PASSWORD_MATCH_NUM")))) { throw new CSException("The password should be different from the previous passwords"); } } } private void validatePassword(String password) throws CSTransactionException { //String passwordDesc = "The password has to be atleast 8 characters and have atleast a special character and atleast an uppercase letter"; try { String passwordDesc = "Password should have: " + ConfigurationHelper.getConfiguration().getString("PASSWORD_PATTERN_DESCRIPTION"); if (!StringUtilities.checkPatternMatches(password, ConfigurationHelper.getConfiguration().getString("PASSWORD_PATTERN_MATCH"))) throw new CSTransactionException(passwordDesc); } catch (CSConfigurationException e) { if (log.isDebugEnabled()) log.debug("Authorization|||Configuration Exception while getting the pattern |" + e.getMessage()); } } // added PV start private static String encryptPassword(String encryptedPassword, String encryptionEnabled) { if (!StringUtilities.isBlank(encryptionEnabled) && encryptionEnabled.equalsIgnoreCase(Constants.YES)) { StringEncrypter se; try { se = new StringEncrypter(); encryptedPassword = se.encrypt(new String(encryptedPassword)); } catch (EncryptionException e) { e.printStackTrace(); } } return encryptedPassword; } public boolean checkPasswordHistory(String userID, String newPassword, int passwordNum) throws CSException { boolean passwordMatch = false; log.info("******Inside passwordhistory check...."); Session session = null; PreparedStatement preparedStatement = null; ResultSet resultSet = null; Connection connection = null; String encryptPassword = encryptPassword(newPassword, "YES"); String query = new String(); query = "SELECT PASSWORD FROM CSM_PASSWORD_HISTORY WHERE LOGIN_NAME = ? ORDER BY CSM_PASSWORD_HISTORY_ID DESC"; try { session = HibernateSessionFactoryHelper.getAuditSession(sf); connection = session.connection(); preparedStatement = connection.prepareStatement(query); preparedStatement.setString(1, userID); //preparedStatement= Queries.getQueryForCheckPermissionForOnlyGroup(groupName, objectId, privilegeName, this.application.getApplicationId().intValue(),connection); resultSet = preparedStatement.executeQuery(); if (resultSet != null) { try { int matchCount = 0; while (resultSet.next()) { log.info("New password " + encryptPassword + "...." + "Old password from hist" + resultSet.getString("PASSWORD")); if (matchCount < passwordNum) { String prevPassword = resultSet.getString("PASSWORD"); if (encryptPassword != null && prevPassword.equals(encryptPassword)) { log.info("******Password matched with earlier passwords...."); log.info("New password " + encryptPassword + "...." + "Old password from hist" + prevPassword); passwordMatch = true; break; } matchCount++; } } } catch (SQLException e) { throw new CSInternalConfigurationException( "Unable to execute the query to check if the passwords are matched"); } } resultSet.close(); preparedStatement.close(); } catch (Exception ex) { log.error(ex); if (log.isDebugEnabled()) log.debug("Authentication||" + userID + "|executeQuery|Success| is Login First Time" + passwordMatch + " for the user"); throw new CSException("An error occurred while checking permissions\n" + ex.getMessage(), ex); } finally { try { session.close(); resultSet.close(); preparedStatement.close(); } catch (Exception ex2) { if (log.isDebugEnabled()) log.debug("Authorization|||checkPermission|Failure|Error in Closing Session |" + ex2.getMessage()); } } if (log.isDebugEnabled()) log.debug("Authentication||" + userID + "|executeQuery|Success| is Login First Time" + passwordMatch + " for the user"); return passwordMatch; } // added PV end }