1 /*
2 * Copyright (c) 2003
3 * Information Desire GmbH
4 * All rights reserved.
5 */
6 package com.infodesire.infobit.dao;
7
8 import com.infodesire.infobit.security.SecurityProvider;
9 import com.infodesire.infobit.hibernate.SessionProvider;
10
11 import com.infodesire.infobit.data.Acl;
12 import com.infodesire.infobit.data.Capability;
13 import com.infodesire.infobit.InfobitException;
14 import com.infodesire.infobit.InfobitSecurityException;
15 import com.infodesire.infobit.InfobitIntegrityException;
16 import com.infodesire.infobit.AclManager;
17
18 import java.io.Serializable;
19
20 import net.sf.hibernate.Session;
21 import net.sf.hibernate.HibernateException;
22
23 import org.apache.commons.logging.Log;
24 import org.apache.commons.logging.LogFactory;
25
26 import java.util.Collection;
27 import java.util.Collections;
28 import java.util.List;
29 import java.util.Map;
30 import java.util.HashMap;
31
32 /***
33 * DAO for ACL. encapsulates all aspects of ACL life and management. Currently
34 * ACL manipulation is allowed only for those holding "supersuser" permission
35 * according to respective security manager
36 *
37 * @author konstantin
38 * @created August 8, 2003
39 * @version $Revision: 1.7 $
40 */
41 public final class AclDAO extends BaseDAO implements AclManager {
42 private static Log _log = LogFactory.getLog(AclDAO.class);
43
44
45 /***
46 * construct dao for ACL
47 *
48 * @param sec Description of Parameter
49 * @param sess Description of Parameter
50 */
51 public AclDAO(SecurityProvider sec, SessionProvider sess) {
52 super(sec, sess);
53 }
54
55
56 /***
57 * find acl by name
58 *
59 * @param name Description of Parameter
60 * @return The Acl value
61 * @exception InfobitException Description of Exception
62 */
63 public Acl getAcl(String name) throws InfobitException {
64 Acl acl = null;
65 Map map = new HashMap();
66 map.put("name", name);
67 try {
68 List alist = performQuery("aclByName", map);
69 if (alist.size() > 0) {
70 acl = (Acl) alist.get(0);
71 }
72 } catch (Exception ex) {
73 _log.error("error loading acl with name: " + name, ex);
74 throw new InfobitException("error loading acl with name: " + name, ex);
75 }
76
77 return acl;
78 }
79
80
81 /***
82 * find capability by name
83 *
84 * @param name Description of Parameter
85 * @return The Acl value
86 * @exception InfobitException Description of Exception
87 */
88 public Capability getCapability(String name) throws InfobitException {
89 Capability cap = null;
90 Map map = new HashMap();
91 map.put("name", name);
92 try {
93 List alist = performQuery("capabilityByName", map);
94 if (alist.size() > 0) {
95 cap = (Capability) alist.get(0);
96 }
97 } catch (Exception ex) {
98 _log.error("error loading capability with name: " + name, ex);
99 throw new InfobitException("error loading capability with name: " + name, ex);
100 }
101
102 return cap;
103 }
104
105
106 /***
107 * create capability
108 *
109 * @param name Description of Parameter
110 * @return Description of the Returned Value
111 * @exception InfobitException Description of Exception
112 * @exception InfobitSecurityException Description of Exception
113 */
114 public Capability createCapability(String name) throws InfobitException, InfobitSecurityException {
115 checkSuperuser();
116 CapabilityImpl cap = new CapabilityImpl();
117 cap.setName(name);
118 try {
119 doCreate(cap);
120 } catch (Exception ex) {
121 _log.error("error creating capability", ex);
122 throw new InfobitException("error creating capability", ex);
123 }
124 return cap;
125 }
126
127
128 /***
129 * update instance of capability
130 *
131 * @param cap Description of Parameter
132 * @exception InfobitException Description of Exception
133 * @exception InfobitSecurityException Description of Exception
134 */
135 public void updateCapability(Capability cap) throws InfobitException, InfobitSecurityException {
136 checkSuperuser();
137 if (!(cap instanceof CapabilityImpl)) {
138 throw new InfobitSecurityException("wrong capability implementation supplied");
139 }
140 try {
141 doUpdate(cap);
142 } catch (Exception ex) {
143 _log.error("error while updating capability", ex);
144 throw new InfobitException("error while updating capability", ex);
145 }
146 }
147
148
149 /***
150 * remove certain capability
151 *
152 * @param cap Description of Parameter
153 * @exception InfobitException Description of Exception
154 * @exception InfobitSecurityException Description of Exception
155 */
156 public void removeCapability(Capability cap) throws InfobitException, InfobitSecurityException {
157 checkSuperuser();
158 if (!(cap instanceof CapabilityImpl)) {
159 throw new InfobitSecurityException("wrong capability implementation supplied");
160 }
161 try {
162 doRemove(cap);
163 } catch (Exception ex) {
164 _log.error("error while removing capability", ex);
165 throw new InfobitException("error while removing capability", ex);
166 }
167 }
168
169
170 /***
171 * create new ACL. if caller has sufficient permissions
172 *
173 * @param name name for a new acl
174 * @return Description of the Returned Value
175 * @exception InfobitException will be thrown if something goes
176 * wrong. like duplicate name or insufficient permissions
177 * @exception InfobitSecurityException Description of Exception
178 */
179 public Acl createAcl(String name) throws InfobitException, InfobitSecurityException {
180 checkSuperuser();
181 AclImpl acl = new AclImpl();
182 acl.setName(name);
183
184 try {
185 doCreate(acl);
186 } catch (Exception ex) {
187 _log.error("error creating acl", ex);
188 throw new InfobitException("error creating acl", ex);
189 }
190 return acl;
191 }
192
193
194 /***
195 * remove acl in question but only if no infobit uses it.
196 *
197 * @param acl Description of Parameter
198 * @exception InfobitException will be thrown if acl still
199 * referenced by infobits.
200 * @exception InfobitSecurityException Description of Exception
201 * @exception InfobitIntegrityException Description of Exception
202 */
203 public void removeAcl(Acl acl) throws InfobitException, InfobitIntegrityException, InfobitSecurityException {
204 checkSuperuser();
205 if (acl.getInfobits() != null && acl.getInfobits().size() > 0) {
206 throw new InfobitIntegrityException("acl " + acl.getName() + " can not be removed because infobits are using it");
207 }
208 try {
209 doRemove(acl);
210 } catch (Exception ex) {
211 _log.error("error while ACL removal", ex);
212 throw new InfobitException("error while ACL removal", ex);
213 }
214 }
215
216
217 /***
218 * update given ACL
219 *
220 * @param acl Description of Parameter
221 * @return Description of the Returned Value
222 * @exception InfobitException Description of Exception
223 * @exception InfobitSecurityException Description of Exception
224 */
225 public Acl updateAcl(Acl acl) throws InfobitException, InfobitSecurityException {
226 checkSuperuser();
227 return null;
228 }
229
230
231 /***
232 * list all ACL entities known to system.
233 *
234 * @return Description of the Returned Value
235 * @exception InfobitException Description of Exception
236 */
237 public Collection listAcl() throws InfobitException {
238 Map map = new HashMap();
239 Collection retval = Collections.EMPTY_LIST;
240 try {
241 retval = performQuery("listAclByName", Collections.EMPTY_MAP);
242 } catch (Exception ex) {
243 _log.error("error listing acl", ex);
244 throw new InfobitException("error listing capabilities", ex);
245 }
246
247 return retval;
248 }
249
250
251 /***
252 * list all capabilities entities known to system.
253 *
254 * @return Description of the Returned Value
255 * @exception InfobitException Description of Exception
256 */
257 public Collection listCapabilities() throws InfobitException {
258 Map map = new HashMap();
259 Collection retval = Collections.EMPTY_LIST;
260 try {
261 retval = performQuery("listCapabilitiesByName", Collections.EMPTY_MAP);
262 } catch (Exception ex) {
263 _log.error("error listing capabilities", ex);
264 throw new InfobitException("error listing capabilities", ex);
265 }
266
267 return retval;
268 }
269
270
271 /***
272 * grant permission for acl on given capability
273 *
274 * @param capability Description of Parameter
275 * @param role Description of Parameter
276 * @param acl Description of Parameter
277 * @exception InfobitException Description of Exception
278 * @exception InfobitSecurityException Description of Exception
279 */
280 public void grantPermission(Acl acl, Capability capability, String role) throws InfobitException, InfobitSecurityException {
281 checkSuperuser();
282 /*
283 * try {
284 * AclImpl acli = (AclImpl) acl;
285 * SecurityLink sl = (SecurityLink) acli.getSecurityLinkMap().get(capability);
286 * if (sl == null) {
287 * sl = new SecurityLink();
288 * sl.setAcl(acli);
289 * sl.setCapability((CapabilityImpl) capability);
290 * sl = (SecurityLink) doCreate(sl);
291 * }
292 * sl.getRoles().add(role);
293 * doUpdate(sl);
294 * } catch (Exception ex) {
295 * _log.error("exception occured while granting permission", ex);
296 * throw new InfobitException("exception occured while granting permission", ex);
297 * }
298 */
299 }
300
301
302 /***
303 * DOCUMENT METHOD
304 *
305 * @param capability Description of Parameter
306 * @param role Description of Parameter
307 * @param acl Description of Parameter
308 * @exception InfobitException Description of Exception
309 * @exception InfobitSecurityException Description of Exception
310 */
311 public void revokePermission(Acl acl, Capability capability, String role) throws InfobitException, InfobitSecurityException {
312 checkSuperuser();
313 // throw new InfobitException("not implemented");
314 }
315
316
317
318 /***
319 * check that user has superuser permission. if not - bomb em all...
320 *
321 * @exception InfobitSecurityException Description of Exception
322 */
323 void checkSuperuser() throws InfobitSecurityException {
324 if (!getSecurityProvider().isSuperuser()) {
325 throw new InfobitSecurityException("desired operation not allowed");
326 }
327 }
328 }
This page was automatically generated by Maven