http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/security-admin/src/main/java/com/xasecure/biz/AssetMgrBase.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/com/xasecure/biz/AssetMgrBase.java b/security-admin/src/main/java/com/xasecure/biz/AssetMgrBase.java deleted file mode 100644 index a5953be..0000000 --- a/security-admin/src/main/java/com/xasecure/biz/AssetMgrBase.java +++ /dev/null @@ -1,174 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - package com.xasecure.biz; - -import com.xasecure.common.*; -import com.xasecure.service.*; -import com.xasecure.view.*; -import org.springframework.beans.factory.annotation.Autowired; -public class AssetMgrBase { - - @Autowired - RESTErrorUtil restErrorUtil; - - @Autowired - XAssetService xAssetService; - - @Autowired - XResourceService xResourceService; - - @Autowired - XCredentialStoreService xCredentialStoreService; - - @Autowired - XPolicyExportAuditService xPolicyExportAuditService; - public VXAsset getXAsset(Long id){ - return (VXAsset)xAssetService.readResource(id); - } - - public VXAsset createXAsset(VXAsset vXAsset){ - vXAsset = (VXAsset)xAssetService.createResource(vXAsset); - return vXAsset; - } - - public VXAsset updateXAsset(VXAsset vXAsset) { - vXAsset = (VXAsset)xAssetService.updateResource(vXAsset); - return vXAsset; - } - - public void deleteXAsset(Long id, boolean force) { - if (force) { - xAssetService.deleteResource(id); - } else { - throw restErrorUtil.createRESTException( - "serverMsg.modelMgrBaseDeleteModel", - MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY); - } - } - - public VXAssetList searchXAssets(SearchCriteria searchCriteria) { - return xAssetService.searchXAssets(searchCriteria); - } - - public VXLong getXAssetSearchCount(SearchCriteria searchCriteria) { - return xAssetService.getSearchCount(searchCriteria, - xAssetService.searchFields); - } - - public VXResource getXResource(Long id){ - return (VXResource)xResourceService.readResource(id); - } - - public VXResource createXResource(VXResource vXResource){ - vXResource = (VXResource)xResourceService.createResource(vXResource); - return vXResource; - } - - public VXResource updateXResource(VXResource vXResource) { - vXResource = (VXResource)xResourceService.updateResource(vXResource); - return vXResource; - } - - public void deleteXResource(Long id, boolean force) { - if (force) { - xResourceService.deleteResource(id); - } else { - throw restErrorUtil.createRESTException( - "serverMsg.modelMgrBaseDeleteModel", - MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY); - } - } - - public VXResourceList searchXResources(SearchCriteria searchCriteria) { - return xResourceService.searchXResources(searchCriteria); - } - - public VXLong getXResourceSearchCount(SearchCriteria searchCriteria) { - return xResourceService.getSearchCount(searchCriteria, - xResourceService.searchFields); - } - - public VXCredentialStore getXCredentialStore(Long id){ - return (VXCredentialStore)xCredentialStoreService.readResource(id); - } - - public VXCredentialStore createXCredentialStore(VXCredentialStore vXCredentialStore){ - vXCredentialStore = (VXCredentialStore)xCredentialStoreService.createResource(vXCredentialStore); - return vXCredentialStore; - } - - public VXCredentialStore updateXCredentialStore(VXCredentialStore vXCredentialStore) { - vXCredentialStore = (VXCredentialStore)xCredentialStoreService.updateResource(vXCredentialStore); - return vXCredentialStore; - } - - public void deleteXCredentialStore(Long id, boolean force) { - if (force) { - xCredentialStoreService.deleteResource(id); - } else { - throw restErrorUtil.createRESTException( - "serverMsg.modelMgrBaseDeleteModel", - MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY); - } - } - - public VXCredentialStoreList searchXCredentialStores(SearchCriteria searchCriteria) { - return xCredentialStoreService.searchXCredentialStores(searchCriteria); - } - - public VXLong getXCredentialStoreSearchCount(SearchCriteria searchCriteria) { - return xCredentialStoreService.getSearchCount(searchCriteria, - xCredentialStoreService.searchFields); - } - - public VXPolicyExportAudit getXPolicyExportAudit(Long id){ - return (VXPolicyExportAudit)xPolicyExportAuditService.readResource(id); - } - - public VXPolicyExportAudit createXPolicyExportAudit(VXPolicyExportAudit vXPolicyExportAudit){ - vXPolicyExportAudit = (VXPolicyExportAudit)xPolicyExportAuditService.createResource(vXPolicyExportAudit); - return vXPolicyExportAudit; - } - - public VXPolicyExportAudit updateXPolicyExportAudit(VXPolicyExportAudit vXPolicyExportAudit) { - vXPolicyExportAudit = (VXPolicyExportAudit)xPolicyExportAuditService.updateResource(vXPolicyExportAudit); - return vXPolicyExportAudit; - } - - public void deleteXPolicyExportAudit(Long id, boolean force) { - if (force) { - xPolicyExportAuditService.deleteResource(id); - } else { - throw restErrorUtil.createRESTException( - "serverMsg.modelMgrBaseDeleteModel", - MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY); - } - } - - public VXPolicyExportAuditList searchXPolicyExportAudits(SearchCriteria searchCriteria) { - return xPolicyExportAuditService.searchXPolicyExportAudits(searchCriteria); - } - - public VXLong getXPolicyExportAuditSearchCount(SearchCriteria searchCriteria) { - return xPolicyExportAuditService.getSearchCount(searchCriteria, - xPolicyExportAuditService.searchFields); - } - -}
http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/security-admin/src/main/java/com/xasecure/biz/BaseMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/com/xasecure/biz/BaseMgr.java b/security-admin/src/main/java/com/xasecure/biz/BaseMgr.java deleted file mode 100644 index 53bb733..0000000 --- a/security-admin/src/main/java/com/xasecure/biz/BaseMgr.java +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - /** - * - */ -package com.xasecure.biz; - -import org.apache.log4j.Logger; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Component; - -import com.xasecure.common.XAConstants; -import com.xasecure.common.MessageEnums; -import com.xasecure.common.RESTErrorUtil; -import com.xasecure.common.db.BaseDao; -import com.xasecure.db.XADaoManager; -import com.xasecure.entity.XXDBBase; - -@Component -public abstract class BaseMgr { - static final Logger logger = Logger.getLogger(BaseMgr.class); - - @Autowired - XADaoManager daoManager; - - @Autowired - RESTErrorUtil restErrorUtil; - - public XADaoManager getDaoManager() { - return daoManager; - } - - public void deleteEntity(BaseDao<? extends XXDBBase> baseDao, Long id, - String entityName) { - XXDBBase entity = baseDao.getById(id); - if (entity != null) { - try { - baseDao.remove(id); - } catch (Exception e) { - logger.error("Error deleting " + entityName + ". Id=" + id, e); - throw restErrorUtil.createRESTException("This " + entityName - + " can't be deleted", - MessageEnums.OPER_NOT_ALLOWED_FOR_STATE, id, null, "" - + id + ", error=" + e.getMessage()); - } - } else { - // Return without error - logger.info("Delete ignored for non-existent " + entityName - + " id=" + id); - } - } - - /** - * @param objectClassType - */ - protected void validateClassType(int objectClassType) { - // objectClassType - restErrorUtil.validateMinMax(objectClassType, 1, - XAConstants.ClassTypes_MAX, "Invalid classType", null, - "objectClassType"); - } - -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/security-admin/src/main/java/com/xasecure/biz/HadoopFSMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/com/xasecure/biz/HadoopFSMgr.java b/security-admin/src/main/java/com/xasecure/biz/HadoopFSMgr.java deleted file mode 100644 index e77a4f1..0000000 --- a/security-admin/src/main/java/com/xasecure/biz/HadoopFSMgr.java +++ /dev/null @@ -1,84 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - /** - * - */ -package com.xasecure.biz; - -import org.apache.log4j.Logger; -import org.springframework.context.annotation.Scope; -import org.springframework.stereotype.Component; - -import com.xasecure.hadoop.client.HadoopFS; - -/** - * - * - */ - -@Component -@Scope("singleton") -public class HadoopFSMgr { - - private HadoopFS fs; - private String dataSource; - private static Logger logger = Logger.getLogger(HadoopFSMgr.class); - - public HadoopFSMgr() { - init(); - } - - public HadoopFSMgr(String dataSource) { - this.dataSource = dataSource; - init(); - } - - private void init() { - try { -// if (dataSource != null) { -// fs = new HadoopFS(dataSource); -// } else { -// fs = new HadoopFS("hadoopdev"); -// } - } catch (Exception e) { - logger.error("Error connecting hive client", e); - } - } - - protected HadoopFS getInstance(String dataSourceName) { - if (dataSourceName == null) { - logger.info("Hadoop client name not provided."); - return fs; - } else { - if (fs.getDataSource() != null) { - if (fs.getDataSource().equalsIgnoreCase(dataSourceName)) { - return fs; - } else { - fs = new HadoopFS(dataSourceName); - return fs; - } - } else { - fs = new HadoopFS(dataSourceName); - return fs; - } - } - } - -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/security-admin/src/main/java/com/xasecure/biz/HiveFSMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/com/xasecure/biz/HiveFSMgr.java b/security-admin/src/main/java/com/xasecure/biz/HiveFSMgr.java deleted file mode 100644 index e0cbcf1..0000000 --- a/security-admin/src/main/java/com/xasecure/biz/HiveFSMgr.java +++ /dev/null @@ -1,83 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - /** - * - */ -package com.xasecure.biz; - -import org.apache.log4j.Logger; -import org.springframework.context.annotation.Scope; -import org.springframework.stereotype.Component; -import com.xasecure.hive.client.HiveClient; - -/** - * - */ - -// @Component -// @Scope("singleton") - -public class HiveFSMgr { - - private HiveClient fs; - private String dataSource; - private static Logger logger = Logger.getLogger(HiveFSMgr.class); - - public HiveFSMgr() { - init(); - } - - public HiveFSMgr(String dataSource) { - this.dataSource = dataSource; - init(); - } - - private void init() { - try { - if (dataSource != null) { - fs = new HiveClient(dataSource); - } else { - fs = new HiveClient("dev-hive"); - } - } catch (Exception e) { - logger.error("Error connecting hive client", e); - } - } - - protected HiveClient getInstance(String dataSourceName) { - if (dataSourceName == null) { - logger.info("Hive client name not provided."); - return fs; - } else { - if (fs.getDataSource() != null) { - if (fs.getDataSource().equalsIgnoreCase(dataSourceName)) { - return fs; - } else { - fs = new HiveClient(dataSourceName); - return fs; - } - } else { - fs = new HiveClient(dataSourceName); - return fs; - } - } - } - -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/security-admin/src/main/java/com/xasecure/biz/SessionMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/com/xasecure/biz/SessionMgr.java b/security-admin/src/main/java/com/xasecure/biz/SessionMgr.java deleted file mode 100644 index ee6e29b..0000000 --- a/security-admin/src/main/java/com/xasecure/biz/SessionMgr.java +++ /dev/null @@ -1,342 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - package com.xasecure.biz; - -import java.util.ArrayList; -import java.util.List; - -import javax.servlet.http.HttpServletRequest; - -import com.xasecure.common.XACommonEnums; -import com.xasecure.common.XAConstants; -import com.xasecure.common.DateUtil; -import com.xasecure.common.HTTPUtil; -import com.xasecure.common.MessageEnums; -import com.xasecure.common.RESTErrorUtil; -import com.xasecure.common.SearchCriteria; -import com.xasecure.common.StringUtil; -import com.xasecure.common.UserSessionBase; -import com.xasecure.db.XADaoManager; -import com.xasecure.entity.XXAuthSession; -import com.xasecure.entity.XXPortalUser; -import com.xasecure.entity.XXPortalUserRole; -import com.xasecure.service.AuthSessionService; -import com.xasecure.util.RestUtil; -import com.xasecure.view.VXAuthSession; -import com.xasecure.view.VXAuthSessionList; -import com.xasecure.view.VXLong; - -import org.apache.log4j.Logger; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.web.authentication.WebAuthenticationDetails; -import org.springframework.stereotype.Component; -import org.springframework.transaction.annotation.Propagation; -import org.springframework.transaction.annotation.Transactional; - -import com.xasecure.security.context.XAContextHolder; -import com.xasecure.security.context.XASecurityContext; - -@Component -@Transactional -public class SessionMgr { - - static final Logger logger = Logger.getLogger(SessionMgr.class); - - @Autowired - RESTErrorUtil restErrorUtil; - - @Autowired - XADaoManager daoManager; - - @Autowired - AuthSessionService authSessionService; - - @Autowired - HTTPUtil httpUtil; - - @Autowired - StringUtil stringUtil; - - public SessionMgr() { - logger.debug("SessionManager created"); - } - - public UserSessionBase processSuccessLogin(int authType, String userAgent) { - return processSuccessLogin(authType, userAgent, null); - } - - public UserSessionBase processSuccessLogin(int authType, String userAgent, - HttpServletRequest httpRequest) { - boolean newSessionCreation = true; - UserSessionBase userSession = null; - - XASecurityContext context = XAContextHolder.getSecurityContext(); - if (context != null) { - userSession = context.getUserSession(); - } - - Authentication authentication = SecurityContextHolder.getContext() - .getAuthentication(); - WebAuthenticationDetails details = (WebAuthenticationDetails) authentication - .getDetails(); - - String currentLoginId = authentication.getName(); - if (userSession != null) { - if (validateUserSession(userSession, currentLoginId)) { - newSessionCreation = false; - } - } - - if (newSessionCreation) { - // Need to build the UserSession - XXPortalUser gjUser = daoManager.getXXPortalUser().findByLoginId(currentLoginId); - if (gjUser == null) { - logger.error( - "Error getting user for loginId=" + currentLoginId, - new Exception()); - return null; - } - - XXAuthSession gjAuthSession = new XXAuthSession(); - gjAuthSession.setLoginId(currentLoginId); - gjAuthSession.setUserId(gjUser.getId()); - gjAuthSession.setAuthTime(DateUtil.getUTCDate()); - gjAuthSession.setAuthStatus(XXAuthSession.AUTH_STATUS_SUCCESS); - gjAuthSession.setAuthType(authType); - if (details != null) { - gjAuthSession.setExtSessionId(details.getSessionId()); - gjAuthSession.setRequestIP(details.getRemoteAddress()); - } - - if (userAgent != null) { - gjAuthSession.setRequestUserAgent(userAgent); - } - gjAuthSession.setDeviceType(httpUtil.getDeviceType(userAgent)); - gjAuthSession = storeAuthSession(gjAuthSession); - - userSession = new UserSessionBase(); - userSession.setXXPortalUser(gjUser); - userSession.setXXAuthSession(gjAuthSession); - resetUserSessionForProfiles(userSession); - - if (details != null) { - logger.info("Login Success: loginId=" + currentLoginId - + ", sessionId=" + gjAuthSession.getId() - + ", sessionId=" + details.getSessionId() - + ", requestId=" + details.getRemoteAddress()); - } else { - logger.info("Login Success: loginId=" + currentLoginId - + ", sessionId=" + gjAuthSession.getId() - + ", details is null"); - } - - } - - return userSession; - } - - public void resetUserSessionForProfiles(UserSessionBase userSession) { - if (userSession == null) { - // Nothing to reset - return; - } - - // Let's get the Current User Again - String currentLoginId = userSession.getLoginId(); - - XXPortalUser gjUser = daoManager.getXXPortalUser().findByLoginId(currentLoginId); - userSession.setXXPortalUser(gjUser); - - setUserRoles(userSession); - - } - - private void setUserRoles(UserSessionBase userSession) { - - List<String> strRoleList = new ArrayList<String>(); - List<XXPortalUserRole> roleList = daoManager.getXXPortalUserRole().findByUserId( - userSession.getUserId()); - for (XXPortalUserRole gjUserRole : roleList) { - String userRole = gjUserRole.getUserRole(); - - strRoleList.add(userRole); - if (userRole.equals(XAConstants.ROLE_SYS_ADMIN)) { - userSession.setUserAdmin(true); - } - } - userSession.setUserRoleList(strRoleList); - } - - public XXAuthSession processFailureLogin(int authStatus, int authType, - String loginId, String remoteAddr, String sessionId) { - XXAuthSession gjAuthSession = new XXAuthSession(); - gjAuthSession.setLoginId(loginId); - gjAuthSession.setUserId(null); - gjAuthSession.setAuthTime(DateUtil.getUTCDate()); - gjAuthSession.setAuthStatus(authStatus); - gjAuthSession.setAuthType(authType); - gjAuthSession.setDeviceType(XACommonEnums.DEVICE_UNKNOWN); - gjAuthSession.setExtSessionId(sessionId); - gjAuthSession.setRequestIP(remoteAddr); - gjAuthSession.setRequestUserAgent(null); - - gjAuthSession = storeAuthSession(gjAuthSession); - return gjAuthSession; - } - - protected boolean validateUserSession(UserSessionBase userSession, - String currentLoginId) { - if (currentLoginId - .equalsIgnoreCase(userSession.getXXPortalUser().getLoginId())) { - return true; - } else { - logger.info( - "loginId doesn't match loginId from HTTPSession. Will create new session. loginId=" - + currentLoginId + ", userSession=" + userSession, - new Exception()); - return false; - } - } - - @Transactional(readOnly = false, propagation = Propagation.REQUIRES_NEW) - protected XXAuthSession storeAuthSession(XXAuthSession gjAuthSession) { - // daoManager.getEntityManager().getTransaction().begin(); - XXAuthSession dbMAuthSession = daoManager.getXXAuthSession().create( - gjAuthSession); - // daoManager.getEntityManager().getTransaction().commit(); - return dbMAuthSession; - } - - // non-WEB processing - public UserSessionBase processStandaloneSuccessLogin(int authType, - String ipAddress) { - Authentication authentication = SecurityContextHolder.getContext() - .getAuthentication(); - - String currentLoginId = authentication.getName(); - - // Need to build the UserSession - XXPortalUser gjUser = daoManager.getXXPortalUser().findByLoginId(currentLoginId); - if (gjUser == null) { - logger.error("Error getting user for loginId=" + currentLoginId, - new Exception()); - return null; - } - - XXAuthSession gjAuthSession = new XXAuthSession(); - gjAuthSession.setLoginId(currentLoginId); - gjAuthSession.setUserId(gjUser.getId()); - gjAuthSession.setAuthTime(DateUtil.getUTCDate()); - gjAuthSession.setAuthStatus(XXAuthSession.AUTH_STATUS_SUCCESS); - gjAuthSession.setAuthType(authType); - gjAuthSession.setDeviceType(XACommonEnums.DEVICE_UNKNOWN); - gjAuthSession.setExtSessionId(null); - gjAuthSession.setRequestIP(ipAddress); - gjAuthSession.setRequestUserAgent(null); - - gjAuthSession = storeAuthSession(gjAuthSession); - - UserSessionBase userSession = new UserSessionBase(); - userSession.setXXPortalUser(gjUser); - userSession.setXXAuthSession(gjAuthSession); - - // create context with user-session and set in thread-local - XASecurityContext context = new XASecurityContext(); - context.setUserSession(userSession); - XAContextHolder.setSecurityContext(context); - - resetUserSessionForProfiles(userSession); - - return userSession; - } - - /** - * @param searchCriteria - * @return - */ - public VXAuthSessionList searchAuthSessions(SearchCriteria searchCriteria) { - - if (searchCriteria != null && searchCriteria.getParamList() != null - && searchCriteria.getParamList().size() > 0) { - - int clientTimeOffsetInMinute=RestUtil.getClientTimeOffset(); - java.util.Date temp = null; - DateUtil dateUtil = new DateUtil(); - if (searchCriteria.getParamList().containsKey("startDate")) { - temp = (java.util.Date) searchCriteria.getParamList().get( - "startDate"); - temp = dateUtil.getDateFromGivenDate(temp, 0, 0, 0, 0); - temp = dateUtil.addTimeOffset(temp, clientTimeOffsetInMinute); - searchCriteria.getParamList().put("startDate", temp); - } - if (searchCriteria.getParamList().containsKey("endDate")) { - temp = (java.util.Date) searchCriteria.getParamList().get( - "endDate"); - temp = dateUtil.getDateFromGivenDate(temp, 0, 23, 59, 59); - temp = dateUtil.addTimeOffset(temp, clientTimeOffsetInMinute); - searchCriteria.getParamList().put("endDate", temp); - } - } - - return authSessionService.search(searchCriteria); - } - - public VXLong countAuthSessions(SearchCriteria searchCriteria) { - return authSessionService.getSearchCount(searchCriteria, - AuthSessionService.AUTH_SESSION_SEARCH_FLDS); - } - - public VXAuthSession getAuthSession(Long id) { - return authSessionService.readResource(id); - } - - public VXAuthSession getAuthSessionBySessionId(String authSessionId) { - if(stringUtil.isEmpty(authSessionId)){ - throw restErrorUtil.createRESTException("Please provide the auth session id.", - MessageEnums.INVALID_INPUT_DATA); - } - - XXAuthSession xXAuthSession = daoManager.getXXAuthSession() - .getAuthSessionBySessionId(authSessionId); - - if(xXAuthSession==null){ - throw restErrorUtil.createRESTException("Please provide a valid " - + "session id.", MessageEnums.INVALID_INPUT_DATA); - } - - VXAuthSession vXAuthSession = authSessionService.populateViewBean(xXAuthSession); - return vXAuthSession; - } - - public boolean isValidXAUser(String loginId) { - XXPortalUser pUser = daoManager.getXXPortalUser().findByLoginId(loginId); - if (pUser == null) { - logger.error("Error getting user for loginId=" + loginId); - return false; - } else { - logger.info(loginId+" is a valid user"); - return true; - } - - } - -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/security-admin/src/main/java/com/xasecure/biz/UserMgr.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/com/xasecure/biz/UserMgr.java b/security-admin/src/main/java/com/xasecure/biz/UserMgr.java deleted file mode 100644 index 58b1c8c..0000000 --- a/security-admin/src/main/java/com/xasecure/biz/UserMgr.java +++ /dev/null @@ -1,1150 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - package com.xasecure.biz; - -import java.util.ArrayList; -import java.util.Collection; -import java.util.HashMap; -import java.util.List; - -import javax.persistence.Query; - -import com.xasecure.common.AppConstants; -import com.xasecure.common.XACommonEnums; -import com.xasecure.common.XAConstants; -import com.xasecure.common.ContextUtil; -import com.xasecure.common.GUIDUtil; -import com.xasecure.common.MessageEnums; -import com.xasecure.common.RESTErrorUtil; -import com.xasecure.common.SearchCriteria; -import com.xasecure.common.SearchUtil; -import com.xasecure.common.StringUtil; -import com.xasecure.common.UserSessionBase; -import com.xasecure.common.DateUtil; -import com.xasecure.common.XAConfigUtil; -import com.xasecure.db.XADaoManager; -import com.xasecure.entity.XXPortalUser; -import com.xasecure.entity.XXPortalUserRole; -import com.xasecure.entity.XXTrxLog; -import com.xasecure.service.XPortalUserService; -import com.xasecure.view.VXPasswordChange; -import com.xasecure.view.VXResponse; -import com.xasecure.view.VXString; -import com.xasecure.view.VXPortalUser; -import com.xasecure.view.VXPortalUserList; - -import org.apache.log4j.Logger; -import org.apache.velocity.Template; -import org.apache.velocity.app.VelocityEngine; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.authentication.encoding.Md5PasswordEncoder; -import org.springframework.stereotype.Component; -import org.springframework.transaction.annotation.Propagation; -import org.springframework.transaction.annotation.Transactional; - -@Component -public class UserMgr { - - static final Logger logger = Logger.getLogger(UserMgr.class); - private static final Md5PasswordEncoder md5Encoder = new Md5PasswordEncoder(); - - @Autowired - XADaoManager daoManager; - - @Autowired - RESTErrorUtil restErrorUtil; - - @Autowired - StringUtil stringUtil; - - @Autowired - SearchUtil searchUtil; - - @Autowired - XABizUtil msBizUtil; - - @Autowired - SessionMgr sessionMgr; - - @Autowired - VelocityEngine velocityEngine; - Template t; - - @Autowired - DateUtil dateUtil; - - @Autowired - XAConfigUtil configUtil; - - @Autowired - XPortalUserService xPortalUserService; - - String publicRoles[] = new String[] { XAConstants.ROLE_USER, - XAConstants.ROLE_OTHER }; - - private static final List<String> DEFAULT_ROLE_LIST = new ArrayList<String>( - 1); - - private static final List<String> VALID_ROLE_LIST = new ArrayList<String>(2); - - static { - DEFAULT_ROLE_LIST.add(XAConstants.ROLE_USER); - VALID_ROLE_LIST.add(XAConstants.ROLE_SYS_ADMIN); - VALID_ROLE_LIST.add(XAConstants.ROLE_USER); - } - - public UserMgr() { - if (logger.isDebugEnabled()) { - logger.debug("UserMgr()"); - } - } - - public XXPortalUser createUser(VXPortalUser userProfile, int userStatus, - Collection<String> userRoleList) { - XXPortalUser user = mapVXPortalUserToXXPortalUser(userProfile); - user = createUser(user, userStatus, userRoleList); - - return user; - } - - public XXPortalUser createUser(XXPortalUser user, int userStatus, - Collection<String> userRoleList) { - user.setStatus(userStatus); - String saltEncodedpasswd = encrypt(user.getLoginId(), - user.getPassword()); - user.setPassword(saltEncodedpasswd); - user = daoManager.getXXPortalUser().create(user); - - // Create the UserRole for this user - List<XXPortalUserRole> gjUserRoleList = new ArrayList<XXPortalUserRole>(); - if (userRoleList != null) { - for (String userRole : userRoleList) { - XXPortalUserRole gjUserRole = addUserRole(user.getId(), userRole); - if (gjUserRole != null) { - gjUserRoleList.add(gjUserRole); - } - } - } - - return user; - } - - public XXPortalUser createUser(VXPortalUser userProfile, int userStatus) { - ArrayList<String> roleList = new ArrayList<String>(); - Collection<String> reqRoleList = userProfile.getUserRoleList(); - if (reqRoleList != null && reqRoleList.size()>0) { - for (String role : reqRoleList) { - roleList.add(role); - } - }else{ - roleList.add(XAConstants.ROLE_USER); - } - - return createUser(userProfile, userStatus, roleList); - } - - /** - * @param userProfile - * @return - */ - public XXPortalUser updateUser(VXPortalUser userProfile) { - XXPortalUser gjUser = daoManager.getXXPortalUser().getById( - userProfile.getId()); - - if (gjUser == null) { - logger.error("updateUser(). User not found. userProfile=" - + userProfile); - return null; - } - - checkAccess(gjUser); - - boolean updateUser = false; - // Selectively update fields - - // status - if (userProfile.getStatus() != gjUser.getStatus()) { - updateUser = true; - } - - // Allowing email address update even when its set to empty. - // emailAddress - String emailAddress = userProfile.getEmailAddress(); - if (stringUtil.isEmpty(emailAddress)) { - String randomString = GUIDUtil.genGUI(); - userProfile.setEmailAddress(randomString); - updateUser = true; - } else { - if (stringUtil.validateEmail(emailAddress)) { - XXPortalUser checkUser = daoManager.getXXPortalUser() - .findByEmailAddress(emailAddress); - if (checkUser != null) { - String loginId = userProfile.getLoginId(); - if (loginId == null) { - throw restErrorUtil.createRESTException( - "Invalid user, please provide valid " - + "username.", - MessageEnums.INVALID_INPUT_DATA); - } else if (!loginId.equals(checkUser.getLoginId())) { - throw restErrorUtil - .createRESTException( - "The email address " - + "you've provided already exists in system.", - MessageEnums.INVALID_INPUT_DATA); - } else { - userProfile.setEmailAddress(emailAddress); - updateUser = true; - } - } else { - userProfile.setEmailAddress(emailAddress); - updateUser = true; - } - } else { - throw restErrorUtil.createRESTException( - "Please provide valid email address.", - MessageEnums.INVALID_INPUT_DATA); - } - } - - // loginId - // if (!stringUtil.isEmpty(userProfile.getLoginId()) - // && !userProfile.getLoginId().equals(gjUser.getLoginId())) { - // gjUser.setLoginId(userProfile.getLoginId()); - // updateUser = true; - // } - - // firstName - if (!stringUtil.isEmpty(userProfile.getFirstName()) - && !userProfile.getFirstName().equals(gjUser.getFirstName())) { - userProfile.setFirstName(stringUtil.toCamelCaseAllWords(userProfile - .getFirstName())); - updateUser = true; - } - - // lastName allowed to be empty - if (userProfile.getLastName() != null - && !userProfile.getLastName().equals(gjUser.getLastName())) { - userProfile.setLastName(stringUtil.toCamelCaseAllWords(userProfile - .getLastName())); - updateUser = true; - } - - // publicScreenName - if (!stringUtil.isEmpty(userProfile.getPublicScreenName()) - && !userProfile.getPublicScreenName().equals( - gjUser.getPublicScreenName())) { - userProfile.setPublicScreenName(userProfile.getFirstName() + " " - + userProfile.getLastName()); - updateUser = true; - } - - // notes - /*if (!stringUtil.isEmpty(userProfile.getNotes()) - && !userProfile.getNotes().equalsIgnoreCase(gjUser.getNotes())) { - updateUser = true; - }*/ - - // userRoleList - updateRoles(userProfile.getId(), userProfile.getUserRoleList()); - - if (updateUser) { - - List<XXTrxLog> trxLogList = xPortalUserService.getTransactionLog( - userProfile, gjUser, "update"); - - userProfile.setPassword(gjUser.getPassword()); - userProfile = xPortalUserService.updateResource(userProfile); - sessionMgr.resetUserSessionForProfiles(ContextUtil - .getCurrentUserSession()); - - msBizUtil.createTrxLog(trxLogList); - } - - return gjUser; - } - - private boolean updateRoles(Long userId, Collection<String> rolesList) { - boolean rolesUpdated = false; - if (rolesList == null || rolesList.size() == 0) { - return false; - } - - // Let's first delete old roles - List<XXPortalUserRole> gjUserRoles = daoManager.getXXPortalUserRole().findByUserId( - userId); - - for (XXPortalUserRole gjUserRole : gjUserRoles) { - boolean found = false; - for (String userRole : rolesList) { - if (gjUserRole.getUserRole().equalsIgnoreCase(userRole)) { - found = true; - break; - } - } - if (!found) { - if (deleteUserRole(userId, gjUserRole)) { - rolesUpdated = true; - } - } - } - - // Let's add new roles - for (String userRole : rolesList) { - boolean found = false; - for (XXPortalUserRole gjUserRole : gjUserRoles) { - if (gjUserRole.getUserRole().equalsIgnoreCase(userRole)) { - found = true; - break; - } - } - if (!found) { - if (addUserRole(userId, userRole) != null) { - rolesUpdated = true; - } - } - } - return rolesUpdated; - } - - /** - * @param userId - * @param vStrings - */ - public void setUserRoles(Long userId, List<VXString> vStringRolesList) { - List<String> stringRolesList = new ArrayList<String>(); - for (VXString vXString : vStringRolesList) { - stringRolesList.add(vXString.getValue()); - } - updateRoles(userId, stringRolesList); - } - - /** - * @param pwdChange - * @return - */ - public VXResponse changePassword(VXPasswordChange pwdChange) { - // First let's get the XXPortalUser for the current logged in user - String currentUserLoginId = ContextUtil.getCurrentUserLoginId(); - XXPortalUser gjUserCurrent = daoManager.getXXPortalUser() - .findByLoginId(currentUserLoginId); - - String encryptedOldPwd = encrypt(gjUserCurrent.getLoginId(), - pwdChange.getOldPassword()); - - VXResponse ret = new VXResponse(); - - if (!stringUtil.equals(encryptedOldPwd, gjUserCurrent.getPassword())) { - logger.info("changePassword(). Invalid old password. userId=" - + pwdChange.getId()); - - throw restErrorUtil.createRESTException( - "serverMsg.userMgrPassword", - MessageEnums.OPER_NO_PERMISSION, null, null, - "" + pwdChange.getId()); - } - - // Get the user for whom we want to change the password - XXPortalUser gjUser = daoManager.getXXPortalUser().getById( - pwdChange.getId()); - if (gjUser == null) { - logger.warn("SECURITY:changePassword(). User not found. userId=" - + pwdChange.getId()); - throw restErrorUtil.createRESTException( - "serverMsg.userMgrInvalidUser", - MessageEnums.DATA_NOT_FOUND, null, null, - "" + pwdChange.getId()); - } - - if (!stringUtil - .validatePassword( - pwdChange.getUpdPassword(), - new String[] { gjUser.getFirstName(), - gjUser.getLastName(), gjUser.getLoginId(), - gjUserCurrent.getFirstName(), - gjUserCurrent.getLastName(), - gjUserCurrent.getLoginId() })) { - logger.warn("SECURITY:changePassword(). Invalid new password. userId=" - + pwdChange.getId()); - - throw restErrorUtil.createRESTException( - "serverMsg.userMgrNewPassword", - MessageEnums.INVALID_PASSWORD, null, null, - "" + pwdChange.getId()); - } - - String encryptedNewPwd = encrypt(gjUser.getLoginId(), - pwdChange.getUpdPassword()); - - String currentPassword = gjUser.getPassword(); - - if (!encryptedNewPwd.equals(currentPassword)) { - - List<XXTrxLog> trxLogList = new ArrayList<XXTrxLog>(); - XXTrxLog xTrxLog = new XXTrxLog(); - - xTrxLog.setAttributeName("Password"); - xTrxLog.setPreviousValue(currentPassword); - xTrxLog.setNewValue(encryptedNewPwd); - xTrxLog.setAction("password change"); - xTrxLog.setObjectClassType(AppConstants.CLASS_TYPE_PASSWORD_CHANGE); - xTrxLog.setObjectId(pwdChange.getId()); - xTrxLog.setObjectName(pwdChange.getLoginId()); - trxLogList.add(xTrxLog); - - msBizUtil.createTrxLog(trxLogList); - - gjUser.setPassword(encryptedNewPwd); - gjUser = daoManager.getXXPortalUser().update(gjUser); - - ret.setMsgDesc("Password successfully updated"); - ret.setStatusCode(VXResponse.STATUS_SUCCESS); - } else { - ret.setMsgDesc("Password update failed"); - ret.setStatusCode(VXResponse.STATUS_ERROR); - throw restErrorUtil.createRESTException( - "serverMsg.userMgrOldPassword", - MessageEnums.INVALID_INPUT_DATA, gjUser.getId(), - "password", gjUser.toString()); - } - return ret; - } - - /** - * @param gjUser - * @param changeEmail - * @return - */ - public VXPortalUser changeEmailAddress(XXPortalUser gjUser, - VXPasswordChange changeEmail) { - - if (gjUser.getEmailAddress() != null) { - throw restErrorUtil.createRESTException( - "serverMsg.userMgrEmailChange", - MessageEnums.OPER_NO_PERMISSION, null, null, "" - + changeEmail); - } - - String encryptedOldPwd = encrypt(gjUser.getLoginId(), - changeEmail.getOldPassword()); - - if (!stringUtil.validateEmail(changeEmail.getEmailAddress())) { - logger.info("Invalid email address." + changeEmail); - throw restErrorUtil.createRESTException( - "serverMsg.userMgrInvalidEmail", - MessageEnums.INVALID_INPUT_DATA, changeEmail.getId(), - "emailAddress", changeEmail.toString()); - - } - - if (!stringUtil.equals(encryptedOldPwd, gjUser.getPassword())) { - logger.info("changeEmailAddress(). Invalid password. changeEmail=" - + changeEmail); - - throw restErrorUtil.createRESTException( - "serverMsg.userMgrWrongPassword", - MessageEnums.OPER_NO_PERMISSION, null, null, "" - + changeEmail); - } - - // Normalize email. Make it lower case - gjUser.setEmailAddress(stringUtil.normalizeEmail(changeEmail - .getEmailAddress())); - - // loginId - gjUser.setLoginId(gjUser.getEmailAddress()); - - String saltEncodedpasswd = encrypt(gjUser.getLoginId(), - changeEmail.getOldPassword()); - - gjUser.setPassword(saltEncodedpasswd); - - daoManager.getXXPortalUser().update(gjUser); - return mapXXPortalUserVXPortalUser(gjUser); - } - - /** - * @param userId - */ - public VXPortalUser deactivateUser(XXPortalUser gjUser) { - if (gjUser != null - && gjUser.getStatus() != XAConstants.ACT_STATUS_DEACTIVATED) { - logger.info("Marking user " + gjUser.getLoginId() + " as deleted"); - gjUser.setStatus(XAConstants.ACT_STATUS_DEACTIVATED); - gjUser = daoManager.getXXPortalUser().update(gjUser); - return mapXXPortalUserVXPortalUser(gjUser); - } - return null; - } - - public VXPortalUser getUserProfile(Long id) { - XXPortalUser user = daoManager.getXXPortalUser().getById(id); - if (user != null) { - checkAccessForRead(user); - return mapXXPortalUserVXPortalUser(user); - } else { - if (logger.isDebugEnabled()) { - logger.debug("User not found. userId=" + id); - } - return null; - } - } - - public VXPortalUser getUserProfileByLoginId() { - String loginId = ContextUtil.getCurrentUserLoginId(); - return getUserProfileByLoginId(loginId); - } - - public VXPortalUser getUserProfileByLoginId(String loginId) { - XXPortalUser user = daoManager.getXXPortalUser().findByLoginId(loginId); - if (user != null) { - return mapXXPortalUserVXPortalUser(user); - } else { - if (logger.isDebugEnabled()) { - logger.debug("User not found. loginId=" + loginId); - } - return null; - } - } - - public XXPortalUser mapVXPortalUserToXXPortalUser(VXPortalUser userProfile) { - XXPortalUser gjUser = new XXPortalUser(); - gjUser.setEmailAddress(userProfile.getEmailAddress()); - gjUser.setFirstName(userProfile.getFirstName()); - gjUser.setLastName(userProfile.getLastName()); - gjUser.setLoginId(userProfile.getLoginId()); - gjUser.setPassword(userProfile.getPassword()); - gjUser.setUserSource(userProfile.getUserSource()); - gjUser.setPublicScreenName(userProfile.getPublicScreenName()); - return gjUser; - } - - /** - * @param user - * @return - */ - public VXPortalUser mapXXPortalUserToVXPortalUser(XXPortalUser user, - Collection<String> userRoleList) { - if (user == null) { - return null; - } - UserSessionBase sess = ContextUtil.getCurrentUserSession(); - if (sess == null) { - return null; - } - - VXPortalUser userProfile = new VXPortalUser(); - gjUserToUserProfile(user, userProfile); - if (sess.isUserAdmin() || sess.getXXPortalUser().getId().equals(user.getId())) { - if (userRoleList == null) { - userRoleList = new ArrayList<String>(); - List<XXPortalUserRole> gjUserRoleList = daoManager.getXXPortalUserRole() - .findByParentId(user.getId()); - - for (XXPortalUserRole userRole : gjUserRoleList) { - userRoleList.add(userRole.getUserRole()); - } - } - - userProfile.setUserRoleList(userRoleList); - } - userProfile.setUserSource(user.getUserSource()); - return userProfile; - } - - private void gjUserToUserProfile(XXPortalUser user, VXPortalUser userProfile) { - UserSessionBase sess = ContextUtil.getCurrentUserSession(); - if (sess == null) { - return; - } - - // Is accessed by peer from the same account - boolean isPeer = false; - boolean isAccountAdmin = false; - - // Admin - if (sess.isUserAdmin() || sess.getXXPortalUser().getId().equals(user.getId())) { - userProfile.setLoginId(user.getLoginId()); - userProfile.setStatus(user.getStatus()); - userProfile.setUserRoleList(new ArrayList<String>()); - String emailAddress = user.getEmailAddress(); - - if (emailAddress != null && stringUtil.validateEmail(emailAddress)) { - userProfile.setEmailAddress(user.getEmailAddress()); - } - - if (sess != null) { - userProfile.setUserSource(sess.getAuthProvider()); - } - - List<XXPortalUserRole> gjUserRoleList = daoManager.getXXPortalUserRole() - .findByParentId(user.getId()); - - for (XXPortalUserRole gjUserRole : gjUserRoleList) { - userProfile.getUserRoleList().add(gjUserRole.getUserRole()); - } - } - - if (sess.isUserAdmin() || sess.getXXPortalUser().getId().equals(user.getId()) - || isPeer) { - userProfile.setId(user.getId()); - userProfile.setFirstName(user.getFirstName()); - userProfile.setLastName(user.getLastName()); - userProfile.setPublicScreenName(user.getPublicScreenName()); - if (isAccountAdmin) { - userProfile.setEmailAddress(user.getEmailAddress()); - } - } - - } - - /** - * Translates XXPortalUser to VUserProfile. This method should be called in the - * same transaction in which the XXPortalUser was retrieved from the database - * - * @param user - * @return - */ - public VXPortalUser mapXXPortalUserVXPortalUser(XXPortalUser user) { - return mapXXPortalUserToVXPortalUser(user, null); - } - - /** - * @param emailId - * @return - */ - public XXPortalUser findByEmailAddress(String emailId) { - return daoManager.getXXPortalUser().findByEmailAddress(emailId); - } - - public XXPortalUser findByLoginId(String loginId) { - return daoManager.getXXPortalUser().findByLoginId(loginId); - } - - @Transactional(readOnly = true, propagation = Propagation.REQUIRED) - public Collection<String> getRolesForUser(XXPortalUser user) { - Collection<String> roleList = new ArrayList<String>(); - - Collection<XXPortalUserRole> roleCollection = daoManager.getXXPortalUserRole() - .findByUserId(user.getId()); - for (XXPortalUserRole role : roleCollection) { - roleList.add(role.getUserRole()); - } - return roleList; - } - - /** - * @param searchCriteria - * @return - */ - public VXPortalUserList searchUsers(SearchCriteria searchCriteria) { - - VXPortalUserList returnList = new VXPortalUserList(); - ArrayList<VXPortalUser> objectList = new ArrayList<VXPortalUser>(); - String queryStr = "SELECT u FROM XXPortalUser u "; - String countQueryStr = "SELECT COUNT(u) FROM XXPortalUser u "; - - // Get total count first - Query query = createUserSearchQuery(countQueryStr, null, searchCriteria); - Long count = (Long) query.getSingleResult(); - if (count == null || count.longValue() == 0) { - return returnList; - } - - // Get actual data - - // Add sort by - String sortBy = searchCriteria.getSortBy(); - String querySortBy = "u.loginId"; - if (!stringUtil.isEmpty(sortBy)) { - sortBy = sortBy.trim(); - if (sortBy.equalsIgnoreCase("userId")) { - querySortBy = "u.id"; - } else if (sortBy.equalsIgnoreCase("loginId")) { - querySortBy = "ua.loginId"; - } else if (sortBy.equalsIgnoreCase("emailAddress")) { - querySortBy = "u.emailAddress"; - } else if (sortBy.equalsIgnoreCase("firstName")) { - querySortBy = "u.firstName"; - } else if (sortBy.equalsIgnoreCase("lastName")) { - querySortBy = "u.lastName"; - } else { - sortBy = "loginId"; - logger.error("Invalid sortBy provided. sortBy=" + sortBy); - } - } else { - sortBy = "loginId"; - } - - // Default sort field - String sortClause = " order by " + querySortBy + " "; - - // Add sort type - String sortType = searchCriteria.getSortType(); - String querySortType = "asc"; - if (sortType != null) { - if (sortType.equalsIgnoreCase("asc") - || sortType.equalsIgnoreCase("desc")) { - querySortType = sortType; - } else { - logger.error("Invalid sortType. sortType=" + sortType); - } - } - sortClause += querySortType; - - query = createUserSearchQuery(queryStr, sortClause, searchCriteria); - - // Set start index - query.setFirstResult(searchCriteria.getStartIndex()); - - searchUtil.updateQueryPageSize(query, searchCriteria); - - @SuppressWarnings("rawtypes") - List resultList = query.getResultList(); - // Iterate over the result list and create the return list - for (Object object : resultList) { - XXPortalUser gjUser = (XXPortalUser) object; - VXPortalUser userProfile = new VXPortalUser(); - gjUserToUserProfile(gjUser, userProfile); - objectList.add(userProfile); - } - - returnList.setPageSize(query.getMaxResults()); - returnList.setSortBy(sortBy); - returnList.setSortType(querySortType); - returnList.setStartIndex(query.getFirstResult()); - returnList.setTotalCount(count.longValue()); - returnList.setVXPortalUsers(objectList); - return returnList; - } - - /** - * @param queryStr - * @param sortClause - * @param searchCriteria - * @return - */ - private Query createUserSearchQuery(String queryStr, String sortClause, - SearchCriteria searchCriteria) { - HashMap<String, Object> paramList = searchCriteria.getParamList(); - - String whereClause = "WHERE 1 = 1 "; - - // roles - @SuppressWarnings("unchecked") - List<String> roleList = (List<String>) paramList.get("roleList"); - if (roleList != null && roleList.size() > 0) { - whereClause = ", XXPortalUserRole ur WHERE u.id = ur.userId"; - if (roleList.size() == 1) { - // For only one role, let's do an equal to - whereClause += " and ur.userRole = :role"; - } else { - whereClause += " and ur.userRole in (:roleList)"; - } - } - - // userId - Long userId = (Long) paramList.get("userId"); - if (userId != null) { - whereClause += " and u.id = :userId "; - } - - // loginId - String loginId = (String) paramList.get("loginId"); - if (loginId != null) { - whereClause += " and LOWER(u.loginId) = :loginId "; - } - - // emailAddress - String emailAddress = (String) paramList.get("emailAddress"); - if (emailAddress != null) { - whereClause += " and LOWER(u.emailAddress) = :emailAddress "; - } - - // firstName - String firstName = (String) paramList.get("firstName"); - if (firstName != null) { - whereClause += " and LOWER(u.firstName) = :firstName "; - } - - // lastName - String lastName = (String) paramList.get("lastName"); - if (lastName != null) { - whereClause += " and LOWER(u.lastName) = :lastName "; - } - - // status - Integer status = null; - @SuppressWarnings("unchecked") - List<Integer> statusList = (List<Integer>) paramList.get("statusList"); - if (statusList != null && statusList.size() == 1) { - // use == condition - whereClause += " and u.status = :status"; - status = statusList.get(0); - } else if (statusList != null && statusList.size() > 1) { - // use in operator - whereClause += " and u.status in (:statusList) "; - } - - // publicScreenName - String publicScreenName = (String) paramList.get("publicScreenName"); - if (publicScreenName != null) { - whereClause += " and LOWER(u.publicScreenName) = :publicScreenName "; - } - - // familyScreenName - String familyScreenName = (String) paramList.get("familyScreenName"); - if (familyScreenName != null) { - whereClause += " and LOWER(u.familyScreenName) = :familyScreenName "; - } - - if (sortClause != null) { - whereClause += sortClause; - } - - Query query = daoManager.getEntityManager().createQuery( - queryStr + whereClause); - - if (roleList != null && roleList.size() > 0) { - if (roleList.size() == 1) { - query.setParameter("role", roleList.get(0)); - } else { - query.setParameter("roleList", roleList); - } - } - - if (status != null) { - query.setParameter("status", status); - } - if (statusList != null && statusList.size() > 1) { - query.setParameter("statusList", statusList); - } - if (emailAddress != null) { - query.setParameter("emailAddress", emailAddress.toLowerCase()); - } - - // userId - if (userId != null) { - query.setParameter("userId", userId); - } - // firstName - if (firstName != null) { - query.setParameter("firstName", firstName.toLowerCase()); - } - // lastName - if (lastName != null) { - query.setParameter("lastName", lastName.toLowerCase()); - } - - // loginId - if (loginId != null) { - query.setParameter("loginId", loginId.toLowerCase()); - } - - // publicScreenName - if (publicScreenName != null) { - query.setParameter("publicScreenName", - publicScreenName.toLowerCase()); - } - - // familyScreenName - if (familyScreenName != null) { - query.setParameter("familyScreenName", - familyScreenName.toLowerCase()); - } - - return query; - } - - public boolean deleteUserRole(Long userId, String userRole) { - List<XXPortalUserRole> roleList = daoManager.getXXPortalUserRole().findByUserId( - userId); - for (XXPortalUserRole gjUserRole : roleList) { - if (gjUserRole.getUserRole().equalsIgnoreCase(userRole)) { - return deleteUserRole(userId, gjUserRole); - } - } - return false; - } - - public boolean deleteUserRole(Long userId, XXPortalUserRole gjUserRole) { - /*if (XAConstants.ROLE_USER.equals(gjUserRole.getUserRole())) { - return false; - }*/ - boolean publicRole = false; - for (int i = 0; i < publicRoles.length; i++) { - if (publicRoles[i].equalsIgnoreCase(gjUserRole.getUserRole())) { - publicRole = true; - break; - } - } - if (!publicRole) { - UserSessionBase sess = ContextUtil.getCurrentUserSession(); - if (sess == null || !sess.isUserAdmin()) { - return false; - } - } - - daoManager.getXXPortalUserRole().remove(gjUserRole.getId()); - return true; - } - - public XXPortalUserRole addUserRole(Long userId, String userRole) { - List<XXPortalUserRole> roleList = daoManager.getXXPortalUserRole().findByUserId( - userId); - boolean publicRole = false; - for (int i = 0; i < publicRoles.length; i++) { - if (publicRoles[i].equalsIgnoreCase(userRole)) { - publicRole = true; - break; - } - } - if (!publicRole) { - UserSessionBase sess = ContextUtil.getCurrentUserSession(); - if (sess == null) { - return null; - } - // Admin - if (!sess.isUserAdmin()) { - logger.error( - "SECURITY WARNING: User trying to add non public role. userId=" - + userId + ", role=" + userRole + ", session=" - + sess.toString(), new Throwable()); - return null; - } - } - - for (XXPortalUserRole gjUserRole : roleList) { - if (userRole.equalsIgnoreCase(gjUserRole.getUserRole())) { - return gjUserRole; - } - } - XXPortalUserRole userRoleObj = new XXPortalUserRole(); - userRoleObj.setUserRole(userRole.toUpperCase()); - userRoleObj.setUserId(userId); - userRoleObj.setStatus(XAConstants.STATUS_ENABLED); - daoManager.getXXPortalUserRole().create(userRoleObj); - - // If role is not OTHER, then remove OTHER - if (!XAConstants.ROLE_OTHER.equalsIgnoreCase(userRole)) { - deleteUserRole(userId, XAConstants.ROLE_OTHER); - } - - sessionMgr.resetUserSessionForProfiles(ContextUtil - .getCurrentUserSession()); - return null; - } - - public void checkAccess(Long userId) { - XXPortalUser gjUser = daoManager.getXXPortalUser().getById(userId); - if (gjUser == null) { - throw restErrorUtil - .create403RESTException("serverMsg.userMgrWrongUser" - + userId); - } - - checkAccess(gjUser); - } - - /** - * @param gjUser - * @return - */ - public void checkAccess(XXPortalUser gjUser) { - if (gjUser == null) { - throw restErrorUtil - .create403RESTException("serverMsg.userMgrWrongUser"); - } - UserSessionBase sess = ContextUtil.getCurrentUserSession(); - if (sess != null) { - - // Admin - if (sess != null && sess.isUserAdmin()) { - return; - } - - // Self - if (sess.getXXPortalUser().getId().equals(gjUser.getId())) { - return; - } - - } - throw restErrorUtil.create403RESTException("User " - + " access denied. loggedInUser=" - + (sess != null ? sess.getXXPortalUser().getId() : "Not Logged In") - + ", accessing user=" + gjUser.getId()); - - } - - public void checkAccessForRead(XXPortalUser gjUser) { - if (gjUser == null) { - throw restErrorUtil - .create403RESTException("serverMsg.userMgrWrongUser"); - } - UserSessionBase sess = ContextUtil.getCurrentUserSession(); - if (sess != null) { - - // Admin - if (sess != null && sess.isUserAdmin()) { - return; - } - - // Self - if (sess.getXXPortalUser().getId().equals(gjUser.getId())) { - return; - } - - } - throw restErrorUtil.create403RESTException("User " - + " access denied. loggedInUser=" - + (sess != null ? sess.getXXPortalUser().getId() : "Not Logged In") - + ", accessing user=" + gjUser.getId()); - - } - - public String encrypt(String loginId, String password) { - String saltEncodedpasswd = md5Encoder.encodePassword(password, loginId); - return saltEncodedpasswd; - } - - public VXPortalUser createUser(VXPortalUser userProfile) { - XXPortalUser xXPortalUser = this - .createUser(userProfile, XACommonEnums.STATUS_ENABLED); - return mapXXPortalUserVXPortalUser(xXPortalUser); - } - - public VXPortalUser createDefaultAccountUser(VXPortalUser userProfile) { - if(userProfile.getPassword()==null||userProfile.getPassword().trim().isEmpty()){ - userProfile.setUserSource(XACommonEnums.USER_EXTERNAL); - } - // access control - UserSessionBase session = ContextUtil.getCurrentUserSession(); - if (session != null) { - if (!session.isUserAdmin()) { - throw restErrorUtil.create403RESTException("User " - + "creation denied. LoggedInUser=" - + (session != null ? session.getXXPortalUser().getId() - : "Not Logged In") - + " ,isn't permitted to perform the action."); - - } - } - - XXPortalUser xXPortalUser = null; - String loginId = userProfile.getLoginId(); - String emailAddress = userProfile.getEmailAddress(); - - if (loginId != null && !loginId.isEmpty()) { - xXPortalUser = this.findByLoginId(loginId); - if (xXPortalUser == null) { - if (emailAddress != null && !emailAddress.isEmpty()) { - xXPortalUser = this.findByEmailAddress(emailAddress); - if (xXPortalUser == null) { - xXPortalUser = this.createUser(userProfile, - XACommonEnums.STATUS_ENABLED); - } else { - throw restErrorUtil - .createRESTException( - "The email address " - + emailAddress - + " you've provided already exists. Please try again with different " - + "email address.", - MessageEnums.OPER_NOT_ALLOWED_FOR_STATE); - } - } else { - String randomEmail = GUIDUtil.genGUI(); - userProfile.setEmailAddress(randomEmail); - xXPortalUser = this.createUser(userProfile, - XACommonEnums.STATUS_ENABLED); - } - } else { - /*throw restErrorUtil - .createRESTException( - "The login id " - + loginId - + " you've provided already exists. Please try again with different " - + "login id.", - MessageEnums.OPER_NOT_ALLOWED_FOR_STATE);*/ - } - } - - return mapXXPortalUserToVXPortalUserForDefaultAccount(xXPortalUser); - } - - private VXPortalUser mapXXPortalUserToVXPortalUserForDefaultAccount(XXPortalUser user) { - - VXPortalUser userProfile = new VXPortalUser(); - - userProfile.setLoginId(user.getLoginId()); - userProfile.setEmailAddress(user.getEmailAddress()); - userProfile.setStatus(user.getStatus()); - userProfile.setUserRoleList(new ArrayList<String>()); - userProfile.setId(user.getId()); - userProfile.setFirstName(user.getFirstName()); - userProfile.setLastName(user.getLastName()); - userProfile.setPublicScreenName(user.getPublicScreenName()); - userProfile.setEmailAddress(user.getEmailAddress()); - - List<XXPortalUserRole> gjUserRoleList = daoManager.getXXPortalUserRole() - .findByParentId(user.getId()); - - for (XXPortalUserRole gjUserRole : gjUserRoleList) { - userProfile.getUserRoleList().add(gjUserRole.getUserRole()); - } - - return userProfile; - } - - public boolean isUserInRole(Long userId, String role) { - XXPortalUserRole xXPortalUserRole = daoManager.getXXPortalUserRole().findByRoleUserId( - userId, role); - if (xXPortalUserRole != null) { - String userRole = xXPortalUserRole.getUserRole(); - if (userRole.equalsIgnoreCase(role)) { - return true; - } - } - return false; - } - - public XXPortalUser updateUserWithPass(VXPortalUser userProfile) { - String updatedPassword = userProfile.getPassword(); - XXPortalUser xXPortalUser = this.updateUser(userProfile); - - if (updatedPassword != null && !updatedPassword.isEmpty()) { - if (!stringUtil.validatePassword(updatedPassword, - new String[] { xXPortalUser.getFirstName(), xXPortalUser.getLastName(), - xXPortalUser.getLoginId() })) { - logger.warn("SECURITY:changePassword(). Invalid new password. userId=" - + xXPortalUser.getId()); - - throw restErrorUtil.createRESTException( - "serverMsg.userMgrNewPassword", - MessageEnums.INVALID_PASSWORD, null, null, - "" + xXPortalUser.getId()); - } - - String encryptedNewPwd = encrypt(xXPortalUser.getLoginId(), - updatedPassword); - xXPortalUser.setPassword(encryptedNewPwd); - xXPortalUser = daoManager.getXXPortalUser().update(xXPortalUser); - } - return xXPortalUser; - } -} http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/413fcb68/security-admin/src/main/java/com/xasecure/biz/UserMgrBase.java ---------------------------------------------------------------------- diff --git a/security-admin/src/main/java/com/xasecure/biz/UserMgrBase.java b/security-admin/src/main/java/com/xasecure/biz/UserMgrBase.java deleted file mode 100644 index efdf4bc..0000000 --- a/security-admin/src/main/java/com/xasecure/biz/UserMgrBase.java +++ /dev/null @@ -1,66 +0,0 @@ -/* - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - - package com.xasecure.biz; - -import com.xasecure.common.*; -import com.xasecure.service.*; -import com.xasecure.view.*; -import org.springframework.beans.factory.annotation.Autowired; -public class UserMgrBase { - - @Autowired - RESTErrorUtil restErrorUtil; - - @Autowired - XPortalUserService xPortalUserService; - public VXPortalUser getXPortalUser(Long id){ - return (VXPortalUser)xPortalUserService.readResource(id); - } - - public VXPortalUser createXPortalUser(VXPortalUser vXPortalUser){ - vXPortalUser = (VXPortalUser)xPortalUserService.createResource(vXPortalUser); - return vXPortalUser; - } - - public VXPortalUser updateXPortalUser(VXPortalUser vXPortalUser) { - vXPortalUser = (VXPortalUser)xPortalUserService.updateResource(vXPortalUser); - return vXPortalUser; - } - - public void deleteXPortalUser(Long id, boolean force) { - if (force) { - xPortalUserService.deleteResource(id); - } else { - throw restErrorUtil.createRESTException( - "serverMsg.modelMgrBaseDeleteModel", - MessageEnums.OPER_NOT_ALLOWED_FOR_ENTITY); - } - } - - public VXPortalUserList searchXPortalUsers(SearchCriteria searchCriteria) { - return xPortalUserService.searchXPortalUsers(searchCriteria); - } - - public VXLong getXPortalUserSearchCount(SearchCriteria searchCriteria) { - return xPortalUserService.getSearchCount(searchCriteria, - xPortalUserService.searchFields); - } - -}
