Java tutorial
/* * The contents of this file are subject to the Mozilla Public License * Version 1.1 (the "License"); you may not use this file except in * compliance with the License. You may obtain a copy of the License at * http://www.mozilla.org/MPL/ * * Software distributed under the License is distributed on an "AS IS" * basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See the * License for the specific language governing rights and limitations * under the License. * * The Original Code is Ziptie Client Framework. * * The Initial Developer of the Original Code is AlterPoint. * Portions created by AlterPoint are Copyright (C) 2006, * AlterPoint, Inc. All Rights Reserved. * * Contributor(s): */ package org.xerela.provider.security; import java.security.Principal; import java.util.ArrayList; import java.util.Collections; import java.util.Comparator; import java.util.HashSet; import java.util.List; import java.util.Set; import org.apache.log4j.Logger; import org.hibernate.Criteria; import org.hibernate.SessionFactory; import org.hibernate.classic.Session; import org.xerela.provider.security.internal.LicenseElf; import org.xerela.provider.security.internal.SecurityProviderActivator; import org.xerela.server.security.SecurityElf; import org.xerela.server.security.ZPrincipal; import org.xerela.server.security.ZRole; import org.xerela.zap.security.IUserSession; /** * SecurityProvider */ public class SecurityProvider implements ISecurityProvider { private static final Logger LOGGER = Logger.getLogger(SecurityProvider.class); /** Special permission only possessed by 'admin' users. Expands into all * available permissions. */ private static final String ORG_XERELA_ACCESS_ALL = "org.xerela.access.all"; //$NON-NLS-1$ private static final String ADMIN_USER = "admin"; //$NON-NLS-1$ private static final String ADMINISTRATOR_ROLE = "Administrator"; //$NON-NLS-1$ /** {@inheritDoc} */ public void logoutCurrentUser() { IUserSession userSession = SecurityProviderActivator.getSecurityService().getUserSession(); if (userSession != null) { userSession.invalidate(); } else { LOGGER.warn("Logout performed against non-existent session."); //$NON-NLS-1$ } } /** {@inheritDoc} */ public void changePassword(String username, String password) { SessionFactory sessionFactory = SecurityProviderActivator.getSessionFactory(); Session session = sessionFactory.getCurrentSession(); ZPrincipal zprincipal = (ZPrincipal) session.get(ZPrincipal.class, username); zprincipal.setMD5Password(SecurityElf.calcMD5(username, password)); session.update(zprincipal); } /** {@inheritDoc} */ public void changeMyPassword(String password) { // Get the invoking user Principal principal = SecurityProviderActivator.getSecurityService().getUserSession().getPrincipal(); SessionFactory sessionFactory = SecurityProviderActivator.getSessionFactory(); Session session = sessionFactory.getCurrentSession(); ZPrincipal zprincipal = (ZPrincipal) session.get(ZPrincipal.class, principal.getName()); zprincipal.setMD5Password(SecurityElf.calcMD5(principal.getName(), password)); session.update(zprincipal); } /** {@inheritDoc} */ public ZRole getRole(String role) { SessionFactory sessionFactory = SecurityProviderActivator.getSessionFactory(); Session session = sessionFactory.getCurrentSession(); ZRole zrole = (ZRole) session.get(ZRole.class, role); if (zrole != null) { // Expand ORG_XERELA_ACCESS_ALL permission into all available permissions. if (zrole.hasPermission(ORG_XERELA_ACCESS_ALL)) { // We're about to change the ZRole object at runtime, we don't want these // changes persisted session.setReadOnly(zrole, true); Set<String> permissions = new HashSet<String>(); for (String perm : getAvailablePermissions()) { String[] split = perm.split("="); //$NON-NLS-1$ permissions.add(split[0]); } zrole.setPermissionSet(permissions); } } return zrole; } /** {@inheritDoc} */ public void createRole(String role, List<String> permissions) { SessionFactory sessionFactory = SecurityProviderActivator.getSessionFactory(); Session session = sessionFactory.getCurrentSession(); ZRole zrole = new ZRole(role); Set<String> permSet = new HashSet<String>(); permSet.addAll(permissions); zrole.setPermissionSet(permSet); session.save(zrole); } /** {@inheritDoc} */ public void updateRole(ZRole zrole) { if (zrole.getName().equals(ADMINISTRATOR_ROLE)) { throw new SecurityException("Updating the Administrator role is not allowed."); //$NON-NLS-1$ } SessionFactory sessionFactory = SecurityProviderActivator.getSessionFactory(); Session session = sessionFactory.getCurrentSession(); session.update(zrole); } /** {@inheritDoc} */ public void deleteRole(String role) { if (role.equals(ADMINISTRATOR_ROLE)) { throw new SecurityException("Deleting the Administrator role is not allowed."); //$NON-NLS-1$ } SessionFactory sessionFactory = SecurityProviderActivator.getSessionFactory(); Session session = sessionFactory.getCurrentSession(); session.delete(new ZRole(role)); } /** {@inheritDoc} */ public void createUser(String username, String fullName, String email, String password, String role) { SessionFactory sessionFactory = SecurityProviderActivator.getSessionFactory(); Session session = sessionFactory.getCurrentSession(); ZRole zrole = getRole(role); ZPrincipal newUser = new ZPrincipal(username, fullName, email, SecurityElf.calcMD5(username, password), zrole); session.save(newUser); } /** {@inheritDoc} */ public void updateUser(String username, String fullName, String email, String role) { if (username.equals(ADMIN_USER) && !role.equals(ADMINISTRATOR_ROLE)) { throw new SecurityException("You cannot change the role of the 'admin' account."); //$NON-NLS-1$ } SessionFactory sessionFactory = SecurityProviderActivator.getSessionFactory(); Session session = sessionFactory.getCurrentSession(); ZPrincipal principal = (ZPrincipal) session.get(ZPrincipal.class, username); if (principal != null) { principal.setFullName(fullName); principal.setEmail(email); ZRole newRole = (ZRole) session.get(ZRole.class, role); if (newRole == null) { throw new SecurityException("Specified role " + role + " does not exist."); //$NON-NLS-1$ //$NON-NLS-2$ } principal.setRole(newRole); session.update(principal); } } /** {@inheritDoc} */ public void deleteUser(String username) { if (username.equals(ADMIN_USER)) { throw new SecurityException("You cannot delete Administrator role."); //$NON-NLS-1$ } SessionFactory sessionFactory = SecurityProviderActivator.getSessionFactory(); Session session = sessionFactory.getCurrentSession(); ZPrincipal principal = (ZPrincipal) session.get(ZPrincipal.class, username); session.delete(principal); } /** {@inheritDoc} */ public ZPrincipal getUser(String username) { return SecurityProviderActivator.getSecurityService().getZPrincipal(username); } /** {@inheritDoc} */ @SuppressWarnings("unchecked") public List<ZPrincipal> listUsers() { SessionFactory sessionFactory = SecurityProviderActivator.getSessionFactory(); Session session = sessionFactory.getCurrentSession(); Criteria criteria = session.createCriteria(ZPrincipal.class); List<ZPrincipal> list = criteria.list(); Collections.sort(list, new Comparator<ZPrincipal>() { public int compare(ZPrincipal p1, ZPrincipal p2) { return p1.getName().compareToIgnoreCase(p2.getName()); } }); return list; } /** {@inheritDoc} */ public List<String> getAvailablePermissions() { List<String> availablePermissions = SecurityProviderActivator.getSecurityService() .getAvailablePermissions(); return availablePermissions; } /** {@inheritDoc} */ @SuppressWarnings("unchecked") public List<ZRole> getAvailableRoles() { SessionFactory sessionFactory = SecurityProviderActivator.getSessionFactory(); Session session = sessionFactory.getCurrentSession(); Criteria criteria = session.createCriteria(ZRole.class); List<ZRole> list = new ArrayList<ZRole>(); for (ZRole role : (List<ZRole>) criteria.list()) { session.evict(role); if (role.getName().equals(ADMINISTRATOR_ROLE)) { list.add(getRole(ADMINISTRATOR_ROLE)); } else { list.add(role); } } return list; } /** {@inheritDoc} */ public ZPrincipal getCurrentUser() { return (ZPrincipal) SecurityProviderActivator.getSecurityService().getUserSession().getPrincipal(); } /** {@inheritDoc} */ public License getLicense() { return LicenseElf.loadLicense(); } }