1 package org.apache.turbine.services.security;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24 import java.util.Map;
25
26 import javax.servlet.ServletConfig;
27
28 import org.apache.commons.configuration.Configuration;
29 import org.apache.commons.lang.StringUtils;
30 import org.apache.commons.logging.Log;
31 import org.apache.commons.logging.LogFactory;
32 import org.apache.fulcrum.crypto.CryptoAlgorithm;
33 import org.apache.fulcrum.crypto.CryptoService;
34 import org.apache.fulcrum.factory.FactoryService;
35 import org.apache.turbine.om.security.Group;
36 import org.apache.turbine.om.security.Permission;
37 import org.apache.turbine.om.security.Role;
38 import org.apache.turbine.om.security.User;
39 import org.apache.turbine.services.InitializationException;
40 import org.apache.turbine.services.ServiceManager;
41 import org.apache.turbine.services.TurbineBaseService;
42 import org.apache.turbine.services.TurbineServices;
43 import org.apache.turbine.util.security.AccessControlList;
44 import org.apache.turbine.util.security.DataBackendException;
45 import org.apache.turbine.util.security.EntityExistsException;
46 import org.apache.turbine.util.security.GroupSet;
47 import org.apache.turbine.util.security.PasswordMismatchException;
48 import org.apache.turbine.util.security.PermissionSet;
49 import org.apache.turbine.util.security.RoleSet;
50 import org.apache.turbine.util.security.UnknownEntityException;
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73 public abstract class BaseSecurityService
74 extends TurbineBaseService
75 implements SecurityService
76 {
77
78 private int readerCount = 0;
79
80
81 private UserManager userManager = null;
82
83
84 private Class userClass = null;
85
86
87 private Class groupClass = null;
88
89
90 private Class permissionClass = null;
91
92
93 private Class roleClass = null;
94
95
96 private Class aclClass = null;
97
98
99 private FactoryService aclFactoryService = null;
100
101
102
103
104 private static Group globalGroup = null;
105
106
107 private static Log log = LogFactory.getLog(BaseSecurityService.class);
108
109
110
111
112
113
114
115
116
117
118
119
120
121 public String encryptPassword(String password)
122 {
123 return encryptPassword(password, null);
124 }
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144 public String encryptPassword(String password, String salt)
145 {
146 if (password == null)
147 {
148 return null;
149 }
150 String secure = getConfiguration().getString(
151 SecurityService.SECURE_PASSWORDS_KEY,
152 SecurityService.SECURE_PASSWORDS_DEFAULT).toLowerCase();
153
154 String algorithm = getConfiguration().getString(
155 SecurityService.SECURE_PASSWORDS_ALGORITHM_KEY,
156 SecurityService.SECURE_PASSWORDS_ALGORITHM_DEFAULT);
157
158 CryptoService cs = null;
159 try {
160 ServiceManager serviceManager = TurbineServices.getInstance();
161 cs = (CryptoService)serviceManager.getService(CryptoService.ROLE);
162 }
163 catch (Exception e){
164 throw new RuntimeException("Could not access Crypto Service",e);
165 }
166
167 if (cs != null && (secure.equals("true") || secure.equals("yes")))
168 {
169 try
170 {
171 CryptoAlgorithm ca = cs.getCryptoAlgorithm(algorithm);
172
173 ca.setSeed(salt);
174
175 String result = ca.encrypt(password);
176
177 return result;
178 }
179 catch (Exception e)
180 {
181 log.error("Unable to encrypt password: ", e);
182
183 return null;
184 }
185 }
186 else
187 {
188 return password;
189 }
190 }
191
192
193
194
195
196
197
198
199
200
201
202 public boolean checkPassword(String checkpw, String encpw)
203 {
204 String result = encryptPassword(checkpw, encpw);
205
206 return (result == null) ? false : result.equals(encpw);
207 }
208
209
210
211
212
213
214
215
216 public void init()
217 throws InitializationException
218 {
219 Configuration conf = getConfiguration();
220
221 String userManagerClassName = conf.getString(
222 SecurityService.USER_MANAGER_KEY,
223 SecurityService.USER_MANAGER_DEFAULT);
224
225 String userClassName = conf.getString(
226 SecurityService.USER_CLASS_KEY,
227 SecurityService.USER_CLASS_DEFAULT);
228
229 String groupClassName = conf.getString(
230 SecurityService.GROUP_CLASS_KEY,
231 SecurityService.GROUP_CLASS_DEFAULT);
232
233 String permissionClassName = conf.getString(
234 SecurityService.PERMISSION_CLASS_KEY,
235 SecurityService.PERMISSION_CLASS_DEFAULT);
236
237 String roleClassName = conf.getString(
238 SecurityService.ROLE_CLASS_KEY,
239 SecurityService.ROLE_CLASS_DEFAULT);
240
241 String aclClassName = conf.getString(
242 SecurityService.ACL_CLASS_KEY,
243 SecurityService.ACL_CLASS_DEFAULT);
244
245 try
246 {
247 userClass = Class.forName(userClassName);
248 groupClass = Class.forName(groupClassName);
249 permissionClass = Class.forName(permissionClassName);
250 roleClass = Class.forName(roleClassName);
251 aclClass = Class.forName(aclClassName);
252 }
253 catch (Exception e)
254 {
255 if (userClass == null)
256 {
257 throw new InitializationException(
258 "Failed to create a Class object for User implementation", e);
259 }
260 if (groupClass == null)
261 {
262 throw new InitializationException(
263 "Failed to create a Class object for Group implementation", e);
264 }
265 if (permissionClass == null)
266 {
267 throw new InitializationException(
268 "Failed to create a Class object for Permission implementation", e);
269 }
270 if (roleClass == null)
271 {
272 throw new InitializationException(
273 "Failed to create a Class object for Role implementation", e);
274 }
275 if (aclClass == null)
276 {
277 throw new InitializationException(
278 "Failed to create a Class object for ACL implementation", e);
279 }
280 }
281
282 try
283 {
284 UserManager userManager =
285 (UserManager) Class.forName(userManagerClassName).newInstance();
286
287 userManager.init(conf);
288
289 setUserManager(userManager);
290 }
291 catch (Exception e)
292 {
293 throw new InitializationException("Failed to instantiate UserManager", e);
294 }
295
296 try
297 {
298 aclFactoryService = (FactoryService)TurbineServices.getInstance().getService(FactoryService.ROLE);
299 }
300 catch (Exception e)
301 {
302 throw new InitializationException(
303 "BaseSecurityService.init: Failed to get the Factory Service object", e);
304 }
305
306 setInit(true);
307 }
308
309
310
311
312
313
314
315
316
317 public Class getUserClass()
318 throws UnknownEntityException
319 {
320 if (userClass == null)
321 {
322 throw new UnknownEntityException(
323 "Failed to create a Class object for User implementation");
324 }
325 return userClass;
326 }
327
328
329
330
331
332
333
334
335
336
337 public User getUserInstance()
338 throws UnknownEntityException
339 {
340 User user;
341 try
342 {
343 user = (User) getUserClass().newInstance();
344 }
345 catch (Exception e)
346 {
347 throw new UnknownEntityException(
348 "Failed instantiate an User implementation object", e);
349 }
350 return user;
351 }
352
353
354
355
356
357
358
359
360
361
362
363
364
365 public User getUserInstance(String userName)
366 throws UnknownEntityException
367 {
368 User user = getUserInstance();
369 user.setName(userName);
370 return user;
371 }
372
373
374
375
376
377
378
379
380
381 public Class getGroupClass()
382 throws UnknownEntityException
383 {
384 if (groupClass == null)
385 {
386 throw new UnknownEntityException(
387 "Failed to create a Class object for Group implementation");
388 }
389 return groupClass;
390 }
391
392
393
394
395
396
397
398
399
400
401 public Group getGroupInstance()
402 throws UnknownEntityException
403 {
404 Group group;
405 try
406 {
407 group = (Group) getGroupClass().newInstance();
408 }
409 catch (Exception e)
410 {
411 throw new UnknownEntityException("Failed to instantiate a Group implementation object", e);
412 }
413 return group;
414 }
415
416
417
418
419
420
421
422
423
424
425
426
427
428 public Group getGroupInstance(String groupName)
429 throws UnknownEntityException
430 {
431 Group group = getGroupInstance();
432 group.setName(groupName);
433 return group;
434 }
435
436
437
438
439
440
441
442
443
444 public Class getPermissionClass()
445 throws UnknownEntityException
446 {
447 if (permissionClass == null)
448 {
449 throw new UnknownEntityException(
450 "Failed to create a Class object for Permission implementation");
451 }
452 return permissionClass;
453 }
454
455
456
457
458
459
460
461
462
463
464 public Permission getPermissionInstance()
465 throws UnknownEntityException
466 {
467 Permission permission;
468 try
469 {
470 permission = (Permission) getPermissionClass().newInstance();
471 }
472 catch (Exception e)
473 {
474 throw new UnknownEntityException("Failed to instantiate a Permission implementation object", e);
475 }
476 return permission;
477 }
478
479
480
481
482
483
484
485
486
487
488
489
490 public Permission getPermissionInstance(String permName)
491 throws UnknownEntityException
492 {
493 Permission perm = getPermissionInstance();
494 perm.setName(permName);
495 return perm;
496 }
497
498
499
500
501
502
503
504
505
506 public Class getRoleClass()
507 throws UnknownEntityException
508 {
509 if (roleClass == null)
510 {
511 throw new UnknownEntityException(
512 "Failed to create a Class object for Role implementation");
513 }
514 return roleClass;
515 }
516
517
518
519
520
521
522
523
524
525
526 public Role getRoleInstance()
527 throws UnknownEntityException
528 {
529 Role role;
530
531 try
532 {
533 role = (Role) getRoleClass().newInstance();
534 }
535 catch (Exception e)
536 {
537 throw new UnknownEntityException("Failed to instantiate a Role implementation object", e);
538 }
539 return role;
540 }
541
542
543
544
545
546
547
548
549
550
551
552
553
554 public Role getRoleInstance(String roleName)
555 throws UnknownEntityException
556 {
557 Role role = getRoleInstance();
558 role.setName(roleName);
559 return role;
560 }
561
562
563
564
565
566
567
568
569
570 public Class getAclClass()
571 throws UnknownEntityException
572 {
573 if (aclClass == null)
574 {
575 throw new UnknownEntityException(
576 "Failed to create a Class object for ACL implementation");
577 }
578 return aclClass;
579 }
580
581
582
583
584
585
586
587
588
589
590
591
592
593 public AccessControlList getAclInstance(Map roles, Map permissions)
594 throws UnknownEntityException
595 {
596 Object[] objects = {roles, permissions};
597 String[] signatures = {Map.class.getName(), Map.class.getName()};
598 AccessControlList accessControlList;
599
600 try
601 {
602 accessControlList =
603 (AccessControlList) aclFactoryService.getInstance(aclClass.getName(),
604 objects,
605 signatures);
606 }
607 catch (Exception e)
608 {
609 throw new UnknownEntityException(
610 "Failed to instantiate an ACL implementation object", e);
611 }
612
613 return accessControlList;
614 }
615
616
617
618
619
620
621 public UserManager getUserManager()
622 {
623 return userManager;
624 }
625
626
627
628
629
630
631 public void setUserManager(UserManager userManager)
632 {
633 this.userManager = userManager;
634 }
635
636
637
638
639
640
641
642
643
644
645
646 public boolean accountExists(User user)
647 throws DataBackendException
648 {
649 return getUserManager().accountExists(user);
650 }
651
652
653
654
655
656
657
658
659
660
661
662 public boolean accountExists(String userName)
663 throws DataBackendException
664 {
665 return getUserManager().accountExists(userName);
666 }
667
668
669
670
671
672
673
674
675
676
677
678
679
680 public User getAuthenticatedUser(String username, String password)
681 throws DataBackendException, UnknownEntityException,
682 PasswordMismatchException
683 {
684 return getUserManager().retrieve(username, password);
685 }
686
687
688
689
690
691
692
693
694
695
696 public User getUser(String username)
697 throws DataBackendException, UnknownEntityException
698 {
699 return getUserManager().retrieve(username);
700 }
701
702
703
704
705
706
707
708
709
710
711 public User getAnonymousUser()
712 throws UnknownEntityException
713 {
714 User user = getUserInstance();
715 user.setName("");
716 return user;
717 }
718
719
720
721
722
723
724
725
726
727
728 public boolean isAnonymousUser(User user)
729 {
730
731 return (user == null) || StringUtils.isEmpty(user.getName());
732 }
733
734
735
736
737
738
739
740
741
742
743 public void saveUser(User user)
744 throws UnknownEntityException, DataBackendException
745 {
746 getUserManager().store(user);
747 }
748
749
750
751
752
753
754
755
756
757
758
759
760
761 public void saveOnSessionUnbind(User user)
762 throws UnknownEntityException, DataBackendException
763 {
764 userManager.saveOnSessionUnbind(user);
765 }
766
767
768
769
770
771
772
773
774
775
776
777 public void addUser(User user, String password)
778 throws DataBackendException, EntityExistsException
779 {
780 getUserManager().createAccount(user, password);
781 }
782
783
784
785
786
787
788
789
790
791 public void removeUser(User user)
792 throws DataBackendException, UnknownEntityException
793 {
794
795 revokeAll(user);
796
797 getUserManager().removeAccount(user);
798 }
799
800
801
802
803
804
805
806
807
808
809
810
811 public void changePassword(User user, String oldPassword,
812 String newPassword)
813 throws PasswordMismatchException, UnknownEntityException,
814 DataBackendException
815 {
816 getUserManager().changePassword(user, oldPassword, newPassword);
817 }
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833 public void forcePassword(User user, String password)
834 throws UnknownEntityException, DataBackendException
835 {
836 getUserManager().forcePassword(user, password);
837 }
838
839
840
841
842
843
844
845 protected synchronized void lockShared()
846 {
847 readerCount++;
848 }
849
850
851
852
853
854
855
856 protected synchronized void unlockShared()
857 {
858 readerCount--;
859 this.notify();
860 }
861
862
863
864
865
866
867
868
869 protected void lockExclusive()
870 {
871 while (readerCount > 0)
872 {
873 try
874 {
875 this.wait();
876 }
877 catch (InterruptedException e)
878 {
879 }
880 }
881 }
882
883
884
885
886
887
888
889
890 protected void unlockExclusive()
891 {
892
893 }
894
895
896
897
898
899
900
901 public Group getGlobalGroup()
902 {
903 if (globalGroup == null)
904 {
905 synchronized (BaseSecurityService.class)
906 {
907 if (globalGroup == null)
908 {
909 try
910 {
911 globalGroup = getAllGroups()
912 .getGroupByName(Group.GLOBAL_GROUP_NAME);
913 }
914 catch (DataBackendException e)
915 {
916 log.error("Failed to retrieve global group object: ", e);
917 }
918 }
919 }
920 }
921 return globalGroup;
922 }
923
924
925
926
927
928
929
930
931
932
933 public Group getGroupByName(String name)
934 throws DataBackendException, UnknownEntityException
935 {
936 Group group = getAllGroups().getGroupByName(name);
937 if (group == null)
938 {
939 throw new UnknownEntityException(
940 "The specified group does not exist");
941 }
942 return group;
943 }
944
945
946
947
948
949
950
951
952
953
954
955 public Group getGroupById(int id)
956 throws DataBackendException, UnknownEntityException
957 {
958 Group group = getAllGroups().getGroupById(id);
959 if (group == null)
960 {
961 throw new UnknownEntityException(
962 "The specified group does not exist");
963 }
964 return group;
965 }
966
967
968
969
970
971
972
973
974
975
976 public Role getRoleByName(String name)
977 throws DataBackendException, UnknownEntityException
978 {
979 Role role = getAllRoles().getRoleByName(name);
980 if (role == null)
981 {
982 throw new UnknownEntityException(
983 "The specified role does not exist");
984 }
985 role.setPermissions(getPermissions(role));
986 return role;
987 }
988
989
990
991
992
993
994
995
996
997
998 public Role getRoleById(int id)
999 throws DataBackendException,
1000 UnknownEntityException
1001 {
1002 Role role = getAllRoles().getRoleById(id);
1003 if (role == null)
1004 {
1005 throw new UnknownEntityException(
1006 "The specified role does not exist");
1007 }
1008 role.setPermissions(getPermissions(role));
1009 return role;
1010 }
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021 public Permission getPermissionByName(String name)
1022 throws DataBackendException, UnknownEntityException
1023 {
1024 Permission permission = getAllPermissions().getPermissionByName(name);
1025 if (permission == null)
1026 {
1027 throw new UnknownEntityException(
1028 "The specified permission does not exist");
1029 }
1030 return permission;
1031 }
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043 public Permission getPermissionById(int id)
1044 throws DataBackendException,
1045 UnknownEntityException
1046 {
1047 Permission permission = getAllPermissions().getPermissionById(id);
1048 if (permission == null)
1049 {
1050 throw new UnknownEntityException(
1051 "The specified permission does not exist");
1052 }
1053 return permission;
1054 }
1055
1056
1057
1058
1059
1060
1061
1062
1063 public abstract GroupSet getAllGroups()
1064 throws DataBackendException;
1065
1066
1067
1068
1069
1070
1071
1072
1073 public abstract RoleSet getAllRoles()
1074 throws DataBackendException;
1075
1076
1077
1078
1079
1080
1081
1082
1083 public abstract PermissionSet getAllPermissions()
1084 throws DataBackendException;
1085 }