Author: dimuthul
Date: Thu Mar 6 07:49:57 2008
New Revision: 14560
Log:
Decoupling from Default Realm.
Added:
trunk/mashup/java/modules/core/src/org/wso2/mashup/realm/wsas/WSASAccessControlAdmin.java
trunk/mashup/java/modules/core/src/org/wso2/mashup/realm/wsas/WSASAuthorizer.java
Modified:
trunk/mashup/java/modules/core/src/org/wso2/mashup/realm/wsas/WSASRegistryRealm.java
trunk/mashup/java/modules/core/src/org/wso2/mashup/realm/wsas/WSASStrategyImpl.java
trunk/mashup/java/modules/core/src/org/wso2/mashup/realm/wsas/WSASUserStoreAdmin.java
trunk/mashup/java/modules/core/src/org/wso2/mashup/realm/wsas/WSASUserStoreReader.java
trunk/mashup/java/modules/www/stub_gen.jsp
trunk/mashup/java/modules/www/tag_cloud.jsp
Added:
trunk/mashup/java/modules/core/src/org/wso2/mashup/realm/wsas/WSASAccessControlAdmin.java
==============================================================================
--- (empty file)
+++
trunk/mashup/java/modules/core/src/org/wso2/mashup/realm/wsas/WSASAccessControlAdmin.java
Thu Mar 6 07:49:57 2008
@@ -0,0 +1,462 @@
+package org.wso2.mashup.realm.wsas;
+
+import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+
+import javax.sql.DataSource;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.wso2.registry.i18n.Messages;
+import org.wso2.registry.users.AccessControlAdmin;
+import org.wso2.registry.users.UserStoreException;
+import org.wso2.registry.users.def.DefaultAccessControlAdmin;
+import org.wso2.registry.users.def.DefaultAuthorizer;
+import org.wso2.registry.users.def.DefaultDataSupplier;
+import org.wso2.registry.users.def.DefaultRealmConfig;
+import org.wso2.registry.users.def.DefaultRealmConstants;
+import org.wso2.usermanager.UserManagerException;
+import org.wso2.usermanager.readwrite.util.UUIDGenerator;
+
+
+public class WSASAccessControlAdmin extends DefaultAuthorizer
+ implements AccessControlAdmin{
+
+ private static Log log =
LogFactory.getLog(DefaultAccessControlAdmin.class);
+
+ public WSASAccessControlAdmin(DataSource dataSource, String algo) {
+ super(dataSource, algo);
+ }
+
+ public WSASAccessControlAdmin(DataSource dataSource, String algo,
+ DefaultDataSupplier store) {
+ super(dataSource, algo, store);
+ }
+
+ public WSASAccessControlAdmin(DataSource dataSource,
+ DefaultDataSupplier store) {
+ super(dataSource, DefaultRealmConfig.PERMISSION_BLOCK_FIRST, store);
+ }
+
+
+ public void clearUserAuthorization(String userName, String resourceId,
+ String action) throws UserStoreException {
+ Connection dbConnection = null;
+ try {
+ dbConnection = dataSource.getConnection();
+ if (dbConnection == null) {
+ throw new UserStoreException(Messages
+ .getMessage("null_connection"));
+ }
+ dbConnection.setAutoCommit(false);
+ PreparedStatement getPermission = dbConnection
+ .prepareStatement(data
+
.getAuthorizerSQL(DefaultRealmConstants.GET_PERMISSION));
+ getPermission.setString(1, resourceId);
+ getPermission.setString(2, action);
+
+ ResultSet rs = getPermission.executeQuery();
+ int pid = -1;
+ if (rs.next()) {
+ pid = rs.getInt(data
+ .getColumnName(DefaultRealmConstants.COLUMN_ID_ID));
+ } else {
+ throw new UserStoreException(Messages.getMessage("nullData"));
+ }
+ PreparedStatement clearUPStmt = dbConnection
+ .prepareStatement(data
+
.getAccessControlAdminSQL(DefaultRealmConstants.DELETE_USER_PERMISSION));
+ clearUPStmt.setString(1, userName);
+ clearUPStmt.setInt(2, pid);
+ clearUPStmt.executeUpdate();
+ dbConnection.commit();
+ getPermission.close();
+ clearUPStmt.close();
+ } catch (SQLException e) {
+ log.debug(e);
+ throw new UserStoreException(Messages
+ .getMessage("errorModifyingUserStore"), e);
+ } finally {
+ try {
+ if (dbConnection != null) {
+ dbConnection.close();
+ }
+ } catch (SQLException e) {
+ throw new UserStoreException(Messages
+ .getMessage("errorClosingConnection"), e);
+ }
+ }
+ }
+
+ public void denyUser(String userName, String resourceId, String action)
+ throws UserStoreException {
+ short deny = 0;
+ addAllowDenyUserPermission(userName, resourceId, action, deny);
+ }
+
+ public void authorizeRole(String roleName, String resourceId, String
action)
+ throws UserStoreException {
+ short allow = 1;
+ addAllowDenyRolePermission(roleName, resourceId, action, allow);
+
+ }
+
+ public void denyRole(String roleName, String resourceId, String action)
+ throws UserStoreException {
+ short deny = 0;
+ addAllowDenyRolePermission(roleName, resourceId, action, deny);
+ }
+
+ public void clearRoleAuthorization(String roleName, String resourceId,
+ String action) throws UserStoreException {
+ Connection dbConnection = null;
+ try {
+ dbConnection = dataSource.getConnection();
+ if (dbConnection == null) {
+ throw new UserStoreException(Messages
+ .getMessage("null_connection"));
+ }
+ dbConnection.setAutoCommit(false);
+ PreparedStatement getPermission = dbConnection
+ .prepareStatement(data
+
.getAuthorizerSQL(DefaultRealmConstants.GET_PERMISSION));
+ getPermission.setString(1, resourceId);
+ getPermission.setString(2, action);
+
+ ResultSet rs = getPermission.executeQuery();
+ int pid = -1;
+ if (rs.next()) {
+ pid = rs.getInt(data
+ .getColumnName(DefaultRealmConstants.COLUMN_ID_ID));
+ } else {
+ throw new UserStoreException(Messages.getMessage("nullData"));
+ }
+
+ PreparedStatement deleteRolesStmt = dbConnection
+ .prepareStatement(data
+
.getAccessControlAdminSQL(DefaultRealmConstants.DELETE_ROLE_PERMISSION));
+ deleteRolesStmt.setString(1, roleName);
+ deleteRolesStmt.setInt(2, pid);
+ deleteRolesStmt.executeUpdate();
+
+ dbConnection.commit();
+ getPermission.close();
+ deleteRolesStmt.close();
+ } catch (SQLException e) {
+ log.debug(e);
+ throw new UserStoreException(Messages
+ .getMessage("errorModifyingUserStore"), e);
+ } finally {
+ try {
+ if (dbConnection != null) {
+ dbConnection.close();
+ }
+ } catch (SQLException e) {
+ throw new UserStoreException(Messages
+ .getMessage("errorClosingConnection"), e);
+ }
+ }
+
+ }
+
+ public void clearResourceAuthorizations(String resourceId)
+ throws UserStoreException {
+ Connection dbConnection = null;
+ try {
+ dbConnection = dataSource.getConnection();
+ if (dbConnection == null) {
+ throw new UserStoreException(Messages
+ .getMessage("null_connection"));
+ }
+ dbConnection.setAutoCommit(false);
+ PreparedStatement clearResourceAuthorizationsStmt = dbConnection
+ .prepareStatement(data
+
.getAccessControlAdminSQL(DefaultRealmConstants.DELETE_PERMISSION_ON_RESOURCE));
+ clearResourceAuthorizationsStmt.setString(1, resourceId);
+ clearResourceAuthorizationsStmt.executeUpdate();
+ dbConnection.commit();
+ clearResourceAuthorizationsStmt.close();
+ } catch (SQLException e) {
+ log.debug(e);
+ throw new UserStoreException(Messages
+ .getMessage("errorModifyingUserStore"), e);
+ } finally {
+ try {
+ if (dbConnection != null) {
+ dbConnection.close();
+ }
+ } catch (SQLException e) {
+ throw new UserStoreException(Messages
+ .getMessage("errorClosingConnection"), e);
+ }
+ }
+ }
+
+ public void copyAuthorizations(String fromResourceId, String toResourceId)
+ throws UserStoreException {
+ Connection dbConnection = null;
+ try {
+ dbConnection = dataSource.getConnection();
+ if (dbConnection == null) {
+ throw new UserStoreException("null_connection");
+ }
+ dbConnection.setAutoCommit(false);
+ PreparedStatement getResourcePermissionStmt = dbConnection
+ .prepareStatement(data
+
.getAuthorizerSQL(DefaultRealmConstants.GET_RESOURCE_PERMISSION));
+ getResourcePermissionStmt.setString(1, toResourceId);
+ ResultSet rs = getResourcePermissionStmt.executeQuery();
+ if (rs.next()) {
+ throw new UserStoreException(
+ "copyAuthorizationFailedPermissionExist");
+ }
+
+ getResourcePermissionStmt.setString(1, fromResourceId);
+ rs = getResourcePermissionStmt.executeQuery();
+ PreparedStatement addPermissionStmt = dbConnection
+ .prepareStatement(data
+
.getAccessControlAdminSQL(DefaultRealmConstants.ADD_PERMISSION));
+ while (rs.next()) {
+ String action = rs.getString(data
+
.getColumnName(DefaultRealmConstants.COLUMN_ID_ACTION));
+ String oldPermissionId = rs.getString(data
+ .getColumnName(DefaultRealmConstants.COLUMN_ID_ID));
+ String idPermission = UUIDGenerator.getUUID();
+ addPermissionStmt.setString(1, toResourceId);
+ addPermissionStmt.setString(2, action);
+ addPermissionStmt.setString(3, idPermission);
+ addPermissionStmt.executeUpdate();
+
+ PreparedStatement getRolePermissionStmt = dbConnection
+ .prepareStatement(data
+
.getAuthorizerSQL(DefaultRealmConstants.GET_ROLE_PERMISSION));
+
+ getRolePermissionStmt.setString(1, oldPermissionId);
+ ResultSet rsr = getRolePermissionStmt.executeQuery();
+ PreparedStatement addRolePermissionStmt = dbConnection
+ .prepareStatement(data
+
.getAccessControlAdminSQL(DefaultRealmConstants.ADD_ROLE_PERMISSION));
+
+ while (rsr.next()) {
+ String idRolePermission = UUIDGenerator.getUUID();
+ String roleId = rsr
+ .getString(data
+
.getColumnName(DefaultRealmConstants.COLUMN_ID_ROLE_ID));
+ short allow = rsr
+ .getShort(data
+
.getColumnName(DefaultRealmConstants.COLUMN_ID_IS_ALLOWED));
+
+ addRolePermissionStmt.setString(1, idPermission);
+ addRolePermissionStmt.setShort(2, allow);
+ addRolePermissionStmt.setString(3, roleId);
+ addRolePermissionStmt.setString(4, idRolePermission);
+ addRolePermissionStmt.executeUpdate();
+ }
+
+ PreparedStatement getUserPermissionStmt = dbConnection
+ .prepareStatement(data
+
.getAuthorizerSQL(DefaultRealmConstants.GET_USER_PERMISSION));
+
+ getUserPermissionStmt.setString(1, oldPermissionId);
+ ResultSet rsu = getUserPermissionStmt.executeQuery();
+
+ PreparedStatement addUserPermissionStmt = dbConnection
+ .prepareStatement(data
+
.getAccessControlAdminSQL(DefaultRealmConstants.ADD_USER_PERMISSION));
+
+ while (rsu.next()) {
+ String idUserPermission = UUIDGenerator.getUUID();
+ String userId = rsu
+ .getString(data
+
.getColumnName(DefaultRealmConstants.COLUMN_ID_USER_ID));
+ short allow = rsu
+ .getShort(data
+
.getColumnName(DefaultRealmConstants.COLUMN_ID_IS_ALLOWED));
+
+ addUserPermissionStmt.setString(1, idPermission);
+ addUserPermissionStmt.setShort(2, allow);
+ addUserPermissionStmt.setString(3, userId);
+ addUserPermissionStmt.setString(4, idUserPermission);
+ addUserPermissionStmt.executeUpdate();
+ }
+ getRolePermissionStmt.close();
+ addRolePermissionStmt.close();
+ getUserPermissionStmt.close();
+ addUserPermissionStmt.close();
+
+ }
+
+ getResourcePermissionStmt.close();
+ addPermissionStmt.close();
+
+ dbConnection.commit();
+
+ } catch (SQLException e) {
+ log.debug(e);
+ throw new UserStoreException("errorCopyingAuthorizations", e);
+ } finally {
+ try {
+ if (dbConnection != null) {
+ dbConnection.close();
+ }
+ } catch (SQLException e) {
+ throw new UserStoreException("errorClosingConnection", e);
+ }
+ }
+
+ }
+
+ public void authorizeUser(String userName, String resourceId, String
action)
+ throws UserStoreException {
+ short allow = 1;
+ addAllowDenyUserPermission(userName, resourceId, action, allow);
+ }
+
+
+
+ /**
+ * Gets the permission if it exists, else create the permission and returns
+ * the id.
+ *
+ * @return
+ */
+ protected String getOrAddPermissionId(Connection dbConnection, String
resourceId, String action)
+ throws UserStoreException {
+ String permissionId = null;
+ try {
+ PreparedStatement getPermissionStmt = dbConnection
+ .prepareStatement(data
+
.getAuthorizerSQL(DefaultRealmConstants.GET_PERMISSION));
+ getPermissionStmt.setString(1, resourceId);
+ getPermissionStmt.setString(2, action);
+
+ ResultSet rs = getPermissionStmt.executeQuery();
+
+ if (rs.next()) {
+ permissionId = rs.getString(data
+ .getColumnName(DefaultRealmConstants.COLUMN_ID_ID));
+ }
+
+ PreparedStatement addPermissionStmt = dbConnection
+ .prepareStatement(data
+
.getAccessControlAdminSQL(DefaultRealmConstants.ADD_PERMISSION));
+
+ if (permissionId == null) {
+ // no permission so add it
+ String idPermission = UUIDGenerator.getUUID();
+ addPermissionStmt.setString(1, resourceId);
+ addPermissionStmt.setString(2, action);
+ addPermissionStmt.setString(3, idPermission);
+ addPermissionStmt.executeUpdate();
+ dbConnection.commit();
+ permissionId = idPermission;
+ }
+
+ } catch (SQLException e) {
+ log.debug(e);
+ throw new UserStoreException("errorModifyingUserStore", e);
+ }
+ return permissionId;
+
+ }
+
+
+ protected void addAllowDenyUserPermission(String userName, String
resourceId, String action, short allow)
+ throws UserStoreException{
+ Connection dbConnection = null;
+ try {
+
+ String idUserPermission = UUIDGenerator.getUUID();
+
+ dbConnection = dataSource.getConnection();
+ if (dbConnection == null) {
+ throw new UserStoreException("null_connection");
+ }
+ dbConnection.setAutoCommit(false);
+ String permissionId = this.getOrAddPermissionId(dbConnection,
resourceId, action);
+ PreparedStatement clearUPStmt = dbConnection
+ .prepareStatement(data
+
.getAccessControlAdminSQL(DefaultRealmConstants.DELETE_USER_PERMISSION));
+ clearUPStmt.setString(1, userName);
+ clearUPStmt.setString(2, permissionId);
+ clearUPStmt.executeUpdate();
+
+ PreparedStatement addUserPermissionStmt = dbConnection
+ .prepareStatement(data
+
.getAccessControlAdminSQL(DefaultRealmConstants.ADD_USER_PERMISSION));
+ addUserPermissionStmt.setString(1, permissionId);
+ addUserPermissionStmt.setShort(2, allow);
+ addUserPermissionStmt.setString(3, userName);
+ addUserPermissionStmt.setString(4, idUserPermission);
+ addUserPermissionStmt.executeUpdate();
+ dbConnection.commit();
+ addUserPermissionStmt.close();
+ clearUPStmt.close();
+ } catch (SQLException e) {
+ log.debug(e);
+ throw new UserStoreException("errorModifyingUserStore", e);
+ } finally {
+ try {
+ if (dbConnection != null) {
+ dbConnection.close();
+ }
+ } catch (SQLException e) {
+ throw new UserStoreException("errorClosingConnection", e);
+ }
+ }
+
+
+
+ }
+
+ protected void addAllowDenyRolePermission(String roleName, String
resourceId, String action, short allow)
+ throws UserStoreException{
+
+ Connection dbConnection = null;
+
+ try {
+ dbConnection = dataSource.getConnection();
+ if (dbConnection == null) {
+ throw new UserStoreException("null_connection");
+ }
+ dbConnection.setAutoCommit(false);
+ String permissionId = this.getOrAddPermissionId(dbConnection,
resourceId, action);
+ String idRolePermission = UUIDGenerator.getUUID();
+
+ // There can be only one permission for a role and a permission
+ PreparedStatement deleteRolesStmt = dbConnection
+ .prepareStatement(data
+
.getAccessControlAdminSQL(DefaultRealmConstants.DELETE_ROLE_PERMISSION));
+ deleteRolesStmt.setString(1, roleName);
+ deleteRolesStmt.setString(2, permissionId);
+ deleteRolesStmt.executeUpdate();
+
+ PreparedStatement addRolePermissionStmt = dbConnection
+ .prepareStatement(data
+
.getAccessControlAdminSQL(DefaultRealmConstants.ADD_ROLE_PERMISSION));
+ addRolePermissionStmt.setString(1, permissionId);
+ addRolePermissionStmt.setShort(2, allow);
+ addRolePermissionStmt.setString(3, roleName);
+ addRolePermissionStmt.setString(4, idRolePermission);
+ addRolePermissionStmt.executeUpdate();
+ dbConnection.commit();
+ addRolePermissionStmt.close();
+ deleteRolesStmt.close();
+ } catch (SQLException e) {
+ log.debug(e);
+ throw new UserStoreException("errorModifyingUserStore", e);
+ } finally {
+ try {
+ if (dbConnection != null) {
+ dbConnection.close();
+ }
+ } catch (SQLException e) {
+ throw new UserStoreException("errorClosingConnection", e);
+ }
+ }
+ }
+
+
+}
Added:
trunk/mashup/java/modules/core/src/org/wso2/mashup/realm/wsas/WSASAuthorizer.java
==============================================================================
--- (empty file)
+++
trunk/mashup/java/modules/core/src/org/wso2/mashup/realm/wsas/WSASAuthorizer.java
Thu Mar 6 07:49:57 2008
@@ -0,0 +1,355 @@
+package org.wso2.mashup.realm.wsas;
+
+import java.sql.Connection;
+import java.sql.PreparedStatement;
+import java.sql.ResultSet;
+import java.sql.SQLException;
+import java.util.LinkedList;
+import java.util.List;
+
+import javax.sql.DataSource;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+import org.wso2.registry.users.Authorizer;
+import org.wso2.registry.users.UserStoreException;
+import org.wso2.registry.users.def.DefaultDataSupplier;
+import org.wso2.registry.users.def.DefaultRealmConfig;
+import org.wso2.registry.users.def.DefaultRealmConstants;
+import org.wso2.registry.users.def.util.DefaultDataSupplierImpl;
+
+public class WSASAuthorizer implements Authorizer {
+
+ /** DBCP datasource */
+ protected DataSource dataSource = null;
+
+ /** The object that pumps sqls */
+ protected DefaultDataSupplier data = null;
+
+ /** logger */
+ private static Log log = LogFactory.getLog(WSASAuthorizer.class);
+
+ /** Algorithm to authorize users */
+ private String algorithm = null;
+
+ public WSASAuthorizer(DataSource dataSource, String algo) {
+ this.dataSource = dataSource;
+ this.data = new DefaultDataSupplierImpl(dataSource);
+ this.algorithm = algo;
+ }
+
+ public WSASAuthorizer(DataSource dataSource, String algo,
+ DefaultDataSupplier strategy) {
+ this.dataSource = dataSource;
+ if (strategy != null) {
+ this.data = strategy;
+ } else {
+ this.data = new DefaultDataSupplierImpl(dataSource);
+ }
+ this.algorithm = algo;
+ }
+
+ public boolean isRoleAuthorized(String roleName, String resourceId,
+ String action) throws UserStoreException {
+
+ Boolean isAuthorized = getRoleAuthorized(roleName, resourceId, action);
+ if (isAuthorized == null) {
+ return false;
+ } else {
+ return isAuthorized.booleanValue();
+ }
+ }
+
+ public boolean isUserAuthorized(String userName, String resourceId,
+ String action) throws UserStoreException {
+ Boolean isAuthorized = null;
+
+ if (algorithm.equals(DefaultRealmConfig.PERMISSION_USER_ONLY)) {
+ isAuthorized = getUserAuthorized(userName, resourceId, action);
+ } else if
(algorithm.equals(DefaultRealmConfig.PERMISSION_BLOCK_FIRST)) {
+ isAuthorized = getUserAuthorizationConsideringRoles(userName,
+ resourceId, action);
+ }
+
+ if (isAuthorized == null) {
+ return false;
+ } else {
+ return isAuthorized.booleanValue();
+ }
+ }
+
+ public String[] getAllowedUsersForResource(String resourceId, String
action)
+ throws UserStoreException {
+ String[] names = new String[0];
+ Connection dbConnection = null;
+ try {
+ dbConnection = dataSource.getConnection();
+ if (dbConnection == null) {
+ throw new UserStoreException("null_connection");
+ }
+ dbConnection.setAutoCommit(false);
+ PreparedStatement getAuthorizedUsersForResourceStmt = dbConnection
+ .prepareStatement(data
+
.getAuthorizerSQL(DefaultRealmConstants.GET_ALLOWED_USERS_ON_RESOURCE));
+ getAuthorizedUsersForResourceStmt.setString(1, resourceId);
+ getAuthorizedUsersForResourceStmt.setString(2, action);
+ ResultSet rs = getAuthorizedUsersForResourceStmt.executeQuery();
+ List lst = new LinkedList();
+ String colName = data
+ .getColumnName(DefaultRealmConstants.COLUMN_ID_USER_NAME);
+ while (rs.next()) {
+ lst.add(rs.getString(colName));
+ }
+ if (lst.size() > 0) {
+ names = (String[]) lst.toArray(new String[lst.size()]);
+ }
+ getAuthorizedUsersForResourceStmt.close();
+ } catch (SQLException e) {
+ log.debug(e);
+ throw new UserStoreException("errorReadingFromUserStore", e);
+ } finally {
+ try {
+ if (dbConnection != null) {
+ dbConnection.close();
+ }
+ } catch (SQLException e) {
+ throw new UserStoreException("errorClosingConnection", e);
+ }
+ }
+ return names;
+ }
+
+ public String[] getDeniedUsersForResource(String resourceId, String action)
+ throws UserStoreException {
+ String[] names = new String[0];
+ Connection dbConnection = null;
+ try {
+ dbConnection = dataSource.getConnection();
+ if (dbConnection == null) {
+ throw new UserStoreException("null_connection");
+ }
+ dbConnection.setAutoCommit(false);
+ PreparedStatement getAuthorizedUsersForResourceStmt = dbConnection
+ .prepareStatement(data
+
.getAuthorizerSQL(DefaultRealmConstants.GET_DENIED_USERS_ON_RESOURCE));
+ getAuthorizedUsersForResourceStmt.setString(1, resourceId);
+ getAuthorizedUsersForResourceStmt.setString(2, action);
+ ResultSet rs = getAuthorizedUsersForResourceStmt.executeQuery();
+ List lst = new LinkedList();
+ String colName = data
+ .getColumnName(DefaultRealmConstants.COLUMN_ID_USER_NAME);
+ while (rs.next()) {
+ lst.add(rs.getString(colName));
+ }
+ if (lst.size() > 0) {
+ names = (String[]) lst.toArray(new String[lst.size()]);
+ }
+ getAuthorizedUsersForResourceStmt.close();
+ } catch (SQLException e) {
+ log.debug(e);
+ throw new UserStoreException("errorReadingFromUserStore", e);
+ } finally {
+ try {
+ if (dbConnection != null) {
+ dbConnection.close();
+ }
+ } catch (SQLException e) {
+ throw new UserStoreException("errorClosingConnection", e);
+ }
+ }
+ return names;
+ }
+
+ public String[] getAllowedRolesForResource(String resourceId, String
action)
+ throws UserStoreException {
+ String[] names = new String[0];
+ Connection dbConnection = null;
+ try {
+ dbConnection = dataSource.getConnection();
+ if (dbConnection == null) {
+ throw new UserStoreException("null_connection");
+ }
+ dbConnection.setAutoCommit(false);
+ PreparedStatement getAuthorizedRolesForResourceStmt = dbConnection
+ .prepareStatement(data
+
.getAuthorizerSQL(DefaultRealmConstants.GET_ALLOWED_ROLES_FOR_RESOURCE));
+ getAuthorizedRolesForResourceStmt.setString(1, resourceId);
+ getAuthorizedRolesForResourceStmt.setString(2, action);
+ ResultSet rs = getAuthorizedRolesForResourceStmt.executeQuery();
+ List lst = new LinkedList();
+ String colName = data
+ .getColumnName(DefaultRealmConstants.COLUMN_ID_ROLE_NAME);
+ while (rs.next()) {
+ lst.add(rs.getString(colName));
+ }
+ if (lst.size() > 0) {
+ names = (String[]) lst.toArray(new String[lst.size()]);
+ }
+ getAuthorizedRolesForResourceStmt.close();
+ } catch (SQLException e) {
+ log.debug(e);
+ throw new UserStoreException("errorReadingFromUserStore", e);
+ } finally {
+ try {
+ if (dbConnection != null) {
+ dbConnection.close();
+ }
+ } catch (SQLException e) {
+ throw new UserStoreException("errorClosingConnection", e);
+ }
+ }
+ return names;
+ }
+
+ public String[] getDeniedRolesForResource(String resourceId, String action)
+ throws UserStoreException {
+
+ String[] names = new String[0];
+ Connection dbConnection = null;
+ try {
+ dbConnection = dataSource.getConnection();
+ if (dbConnection == null) {
+ throw new UserStoreException("null_connection");
+ }
+ dbConnection.setAutoCommit(false);
+ PreparedStatement getAuthorizedRolesForResourceStmt = dbConnection
+ .prepareStatement(data
+
.getAuthorizerSQL(DefaultRealmConstants.GET_DENIED_ROLES_FOR_RESOURCE));
+ getAuthorizedRolesForResourceStmt.setString(1, resourceId);
+ getAuthorizedRolesForResourceStmt.setString(2, action);
+ ResultSet rs = getAuthorizedRolesForResourceStmt.executeQuery();
+ List lst = new LinkedList();
+ String colName = data
+ .getColumnName(DefaultRealmConstants.COLUMN_ID_ROLE_NAME);
+ while (rs.next()) {
+ lst.add(rs.getString(colName));
+ }
+ if (lst.size() > 0) {
+ names = (String[]) lst.toArray(new String[lst.size()]);
+ }
+ getAuthorizedRolesForResourceStmt.close();
+ } catch (SQLException e) {
+ log.debug(e);
+ throw new UserStoreException("errorReadingFromUserStore", e);
+ } finally {
+ try {
+ if (dbConnection != null) {
+ dbConnection.close();
+ }
+ } catch (SQLException e) {
+ throw new UserStoreException("errorClosingConnection", e);
+ }
+ }
+ return names;
+
+ }
+
+ private Boolean getUserAuthorizationConsideringRoles(String userName,
+ String resourceId, String action) throws UserStoreException {
+ Boolean isAuthorized = getUserAuthorized(userName, resourceId, action);
+
+ boolean onceAllowed = false;
+ if (isAuthorized == null) {
+ String[] roles = data.getUserRoles(userName);
+
+ for (int i = 0; i < roles.length; i++) {
+ String roleName = roles[i];
+ Boolean roleAuth = getRoleAuthorized(roleName, resourceId,
+ action);
+ if (roleAuth != null) {
+ if (roleAuth.booleanValue() == false) {
+ isAuthorized = roleAuth;
+ break;
+ } else {
+ onceAllowed = true;
+ }
+ }
+ }
+ }
+
+ if (isAuthorized == null && onceAllowed == true) {
+ isAuthorized = new Boolean(true);
+ }
+
+ return isAuthorized;
+ }
+
+ private Boolean getRoleAuthorized(String roleName, String resourceId,
+ String action) throws UserStoreException {
+ Boolean isAuthorized = null;
+ Connection dbConnection = null;
+ try {
+ dbConnection = dataSource.getConnection();
+ if (dbConnection == null) {
+ throw new UserStoreException("null_connection");
+ }
+ dbConnection.setAutoCommit(false);
+ PreparedStatement isRoleAuthorizedStmt = dbConnection
+ .prepareStatement(data
+
.getAuthorizerSQL(DefaultRealmConstants.GET_ROLE_AUTHORIZED));
+ isRoleAuthorizedStmt.setString(1, resourceId);
+ isRoleAuthorizedStmt.setString(2, action);
+ isRoleAuthorizedStmt.setString(3, roleName);
+ ResultSet rs = isRoleAuthorizedStmt.executeQuery();
+ if (rs.next()) {
+ boolean isAuth = rs
+ .getBoolean(data
+
.getColumnName(DefaultRealmConstants.COLUMN_ID_IS_ALLOWED));
+ isAuthorized = Boolean.valueOf(isAuth);
+ }
+ isRoleAuthorizedStmt.close();
+ } catch (SQLException e) {
+ log.debug(e);
+ throw new UserStoreException("errorReadingFromUserStore", e);
+ } finally {
+ try {
+ if (dbConnection != null) {
+ dbConnection.close();
+ }
+ } catch (SQLException e) {
+ throw new UserStoreException("errorClosingConnection", e);
+ }
+ }
+ return isAuthorized;
+ }
+
+ private Boolean getUserAuthorized(String userName, String resourceId,
+ String action) throws UserStoreException {
+ Boolean result = null;
+ Connection dbConnection = null;
+ try {
+ dbConnection = dataSource.getConnection();
+ if (dbConnection == null) {
+ throw new UserStoreException("null_connection");
+ }
+ dbConnection.setAutoCommit(false);
+ PreparedStatement isUserAuthorizedStmt = dbConnection
+ .prepareStatement(data
+
.getAuthorizerSQL(DefaultRealmConstants.GET_USER_AUTHORIZED));
+ isUserAuthorizedStmt.setString(1, resourceId);
+ isUserAuthorizedStmt.setString(2, action);
+ isUserAuthorizedStmt.setString(3, userName);
+ ResultSet rs = isUserAuthorizedStmt.executeQuery();
+ if (rs.next()) {
+ result = Boolean
+ .valueOf(rs
+ .getBoolean(data
+
.getColumnName(DefaultRealmConstants.COLUMN_ID_IS_ALLOWED)));
+ }
+ isUserAuthorizedStmt.close();
+ } catch (SQLException e) {
+ log.debug(e);
+ throw new UserStoreException("errorReadingFromUserStore", e);
+ } finally {
+ try {
+ if (dbConnection != null) {
+ dbConnection.close();
+ }
+ } catch (SQLException e) {
+ throw new UserStoreException("errorClosingConnection", e);
+ }
+ }
+ return result;
+ }
+
+}
Modified:
trunk/mashup/java/modules/core/src/org/wso2/mashup/realm/wsas/WSASRegistryRealm.java
==============================================================================
---
trunk/mashup/java/modules/core/src/org/wso2/mashup/realm/wsas/WSASRegistryRealm.java
(original)
+++
trunk/mashup/java/modules/core/src/org/wso2/mashup/realm/wsas/WSASRegistryRealm.java
Thu Mar 6 07:49:57 2008
@@ -47,8 +47,8 @@
dataSource = (DataSource) basicDataSource;
authenticator = new WSASAuthenticator();
- authorizer = new DefaultAuthorizer(dataSource,
DefaultRealmConfig.PERMISSION_BLOCK_FIRST, (DefaultDataSupplier)new
WSASStrategyImpl());
- aclAdmin = new DefaultAccessControlAdmin(dataSource,
+ authorizer = new WSASAuthorizer(dataSource,
DefaultRealmConfig.PERMISSION_BLOCK_FIRST, (DefaultDataSupplier)new
WSASStrategyImpl());
+ aclAdmin = new WSASAccessControlAdmin(dataSource,
(DefaultDataSupplier)new WSASStrategyImpl());
usAdmin = new WSASUserStoreAdmin(dataSource, new WSASStrategyImpl());
usReader = new WSASUserStoreReader(dataSource, new WSASStrategyImpl());
Modified:
trunk/mashup/java/modules/core/src/org/wso2/mashup/realm/wsas/WSASStrategyImpl.java
==============================================================================
---
trunk/mashup/java/modules/core/src/org/wso2/mashup/realm/wsas/WSASStrategyImpl.java
(original)
+++
trunk/mashup/java/modules/core/src/org/wso2/mashup/realm/wsas/WSASStrategyImpl.java
Thu Mar 6 07:49:57 2008
@@ -83,10 +83,38 @@
" from um_user_attributes " +
" where um_user_attributes.attr_value=?";
-
-
+ public static final String ADD_USER_ATTRIBUTE_SQL = "insert into
um_user_attributes (attr_name, attr_value, user_id, id) values (?, ?, ?, ?)";
+ public static final String ADD_ROLE_ATTRIBUTE_SQL = "insert into
um_role_attributes (attr_name, attr_value, role_id, id) values (?, ?, ?, ?)";
+ public static final String ADD_PERMISSION_SQL = "insert into
um_permissions (resource_id, action, id) values (?, ?, ?)";
+ public static final String ADD_ROLE_PERMISSION_SQL = "insert into
um_role_permissions (permission_id, is_allowed, role_id, id) values (?, ?, ?,
?)";
+ public static final String ADD_USER_PERMISSION_SQL = "insert into
um_user_permissions (permission_id, is_allowed, user_id, id) values (?, ?, ?,
?)";
+
public String getAccessControlAdminSQL(int sqlID) {
- return defaultStrategy.getAccessControlAdminSQL(sqlID);
+ String sqlString = null;
+ switch (sqlID) {
+ case DefaultRealmConstants.ADD_PERMISSION:
+ sqlString = ADD_PERMISSION_SQL;
+ break;
+ case DefaultRealmConstants.ADD_ROLE_PERMISSION:
+ sqlString = ADD_ROLE_PERMISSION_SQL;
+ break;
+ case DefaultRealmConstants.ADD_USER_PERMISSION:
+ sqlString = ADD_USER_PERMISSION_SQL;
+ break;
+ case DefaultRealmConstants.DELETE_PERMISSION_ON_RESOURCE:
+ sqlString =
DefaultRealmConstants.DELETE_PERMISSION_ON_RESOURCE_SQL;
+ break;
+ case DefaultRealmConstants.DELETE_USER_PERMISSION:
+ sqlString = DefaultRealmConstants.DELETE_USER_PERMISSION_SQL;
+ break;
+ case DefaultRealmConstants.DELETE_ROLE_PERMISSION:
+ sqlString = DefaultRealmConstants.DELETE_ROLE_PERMISSION_SQL;
+ break;
+
+ default:
+ break;
+ }
+ return sqlString;
}
public String getAuthenticatorSQL(int sqlID) {
@@ -152,10 +180,10 @@
String sqlString = null;
switch (sqlID) {
case DefaultRealmConstants.ADD_USER_ATTRIBUTE:
- sqlString = DefaultRealmConstants.ADD_USER_ATTRIBUTE_SQL;
+ sqlString = ADD_USER_ATTRIBUTE_SQL;
break;
case DefaultRealmConstants.ADD_ROLE_ATTRIBUTE:
- sqlString = DefaultRealmConstants.ADD_ROLE_ATTRIBUTE_SQL;
+ sqlString = ADD_ROLE_ATTRIBUTE_SQL;
break;
case DefaultRealmConstants.DELETE_ROLE_ATTRIBUTE:
sqlString = DefaultRealmConstants.DELETE_ROLE_ATTRIBUTE_SQL;
@@ -197,14 +225,6 @@
}
return sqlString;
}
-
- public String getRoleId(String roleName) throws UserStoreException {
- return roleName;
- }
-
- public String getUserId(String userName) throws UserStoreException {
- return userName;
- }
public String getCommonSQL(int sqlID) {
return null;
Modified:
trunk/mashup/java/modules/core/src/org/wso2/mashup/realm/wsas/WSASUserStoreAdmin.java
==============================================================================
---
trunk/mashup/java/modules/core/src/org/wso2/mashup/realm/wsas/WSASUserStoreAdmin.java
(original)
+++
trunk/mashup/java/modules/core/src/org/wso2/mashup/realm/wsas/WSASUserStoreAdmin.java
Thu Mar 6 07:49:57 2008
@@ -4,15 +4,22 @@
import java.sql.PreparedStatement;
import java.sql.SQLException;
import java.util.HashMap;
+import java.util.Iterator;
import java.util.Map;
+import java.util.Map.Entry;
import javax.sql.DataSource;
import org.apache.axis2.AxisFault;
+import org.apache.axiom.om.util.UUIDGenerator;
+
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
import org.wso2.mashup.MashupConstants;
import org.wso2.registry.users.UserStoreAdmin;
import org.wso2.registry.users.UserStoreException;
import org.wso2.registry.users.def.DefaultDataSupplier;
+import org.wso2.registry.users.def.DefaultRealmConstants;
import org.wso2.registry.users.def.DefaultUserStoreAdmin;
import org.wso2.wsas.admin.service.UserAdmin;
@@ -20,11 +27,11 @@
public class WSASUserStoreAdmin
extends WSASUserStoreReader implements UserStoreAdmin {
- private UserStoreAdmin defaultAdmin = null;
+ private static Log log = LogFactory.getLog(WSASUserStoreReader.class);
- public WSASUserStoreAdmin(DataSource dSource, DefaultDataSupplier
strategy) throws UserStoreException {
+ public WSASUserStoreAdmin(DataSource dSource, DefaultDataSupplier strategy)
+ throws UserStoreException {
super(dSource, strategy);
- defaultAdmin = new DefaultUserStoreAdmin(dSource, strategy);
}
public void addRole(String roleName) throws UserStoreException {
@@ -65,17 +72,7 @@
try {
UserAdmin admin = new UserAdmin();
admin.deleteRoleCompletely(roleName);
- defaultAdmin.setRoleProperties(roleName, new HashMap());
-
- dbConnection = dataSource.getConnection();
- PreparedStatement deleteUserStmt = dbConnection
- .prepareStatement(WSASStrategyImpl.DELETE_ROLE_PERMISSION);
- deleteUserStmt.setString(1, roleName);
- deleteUserStmt.executeUpdate();
- dbConnection.commit();
- deleteUserStmt.close();
- } catch (SQLException e) {
- throw new UserStoreException("errorModifyingUserStore", e);
+ this.setRoleProperties(roleName, new HashMap());
} catch (AxisFault e) {
throw new UserStoreException(e.getMessage());
} finally {
@@ -95,16 +92,7 @@
try {
UserAdmin admin = new UserAdmin();
admin.deleteUser(userName);
- defaultAdmin.setUserProperties(userName, new HashMap());
- dbConnection = dataSource.getConnection();
- PreparedStatement deleteUserStmt = dbConnection
- .prepareStatement(WSASStrategyImpl.DELETE_USER_PERMISSION);
- deleteUserStmt.setString(1, userName);
- deleteUserStmt.executeUpdate();
- dbConnection.commit();
- deleteUserStmt.close();
- } catch (SQLException e) {
- throw new UserStoreException("errorModifyingUserStore", e);
+ this.setUserProperties(userName, new HashMap());
} catch (AxisFault e) {
throw new UserStoreException(e.getMessage());
} finally {
@@ -118,36 +106,119 @@
}
}
- public void removeUserFromRole(String userName, String roleName)
+ public void setRoleProperties(String roleName, Map properties)
throws UserStoreException {
-
+
+ Connection dbConnection = null;
try {
- UserAdmin admin = new UserAdmin();
- admin.deleteRoleFromUser(userName, roleName);
- } catch (Exception e) {
- throw new UserStoreException(e.getMessage());
- }
+ dbConnection = dataSource.getConnection();
+ if (dbConnection == null) {
+ throw new UserStoreException("null_connection");
+ }
+ dbConnection.setAutoCommit(false);
+ PreparedStatement deleteRolePropsStmt = dbConnection
+ .prepareStatement(strategy
+
.getUserStoreAdminSQL(DefaultRealmConstants.DELETE_ROLE_ATTRIBUTE));
+ deleteRolePropsStmt.setString(1, roleName);
+ deleteRolePropsStmt.executeUpdate();
+
+ PreparedStatement setRolePropertiesStmt = dbConnection
+ .prepareStatement(strategy
+
.getUserStoreAdminSQL(DefaultRealmConstants.ADD_ROLE_ATTRIBUTE));
+
+ Iterator ite = properties.entrySet().iterator();
+ while (ite.hasNext()) {
+ Entry entry = (Entry) ite.next();
+ String key = (String) entry.getKey();
+ String value = (String) entry.getValue();
+ if (value != null) {
+ String idRoleAttribute = UUIDGenerator.getUUID();
+ setRolePropertiesStmt.setString(1, key);
+ setRolePropertiesStmt.setString(2, value);
+ setRolePropertiesStmt.setString(3, roleName);
+ setRolePropertiesStmt.setString(4, idRoleAttribute);
+ setRolePropertiesStmt.executeUpdate();
+ }
+ }
+ dbConnection.commit();
- }
+ deleteRolePropsStmt.close();
+ setRolePropertiesStmt.close();
- public void setRoleProperties(String roleName, Map properties)
- throws UserStoreException {
- UserAdmin admin = new UserAdmin();
- defaultAdmin.setRoleProperties(roleName, properties);
+ } catch (SQLException e) {
+ log.debug(e);
+ throw new UserStoreException("errorModifyingUserStore", e);
+ } finally {
+ try {
+ if (dbConnection != null) {
+ dbConnection.close();
+ }
+ } catch (SQLException e) {
+ throw new UserStoreException("errorClosingConnection", e);
+ }
+ }
}
-
+
+
public void setUserProperties(String userName, Map properties)
throws UserStoreException {
- UserAdmin admin = new UserAdmin();
- defaultAdmin.setUserProperties(userName, properties);
+
+
+ Connection dbConnection = null;
+ try {
+ dbConnection = dataSource.getConnection();
+ if (dbConnection == null) {
+ throw new UserStoreException("null_connection");
+ }
+ dbConnection.setAutoCommit(false);
+ PreparedStatement deleteUserPropsStmt = dbConnection
+ .prepareStatement(strategy
+
.getUserStoreAdminSQL(DefaultRealmConstants.DELETE_USER_ATTRIBUTE));
+ deleteUserPropsStmt.setString(1, userName);
+ deleteUserPropsStmt.executeUpdate();
+
+ PreparedStatement setUserPropertiesStmt = dbConnection
+ .prepareStatement(strategy
+
.getUserStoreAdminSQL(DefaultRealmConstants.ADD_USER_ATTRIBUTE));
+
+ if (properties != null) {
+ Iterator ite = properties.entrySet().iterator();
+ while (ite.hasNext()) {
+ Entry entry = (Entry) ite.next();
+ String key = (String) entry.getKey();
+ String value = (String) entry.getValue();
+ if (value != null) {
+ String idUserAttribute = UUIDGenerator.getUUID();
+ setUserPropertiesStmt.setString(1, key);
+ setUserPropertiesStmt.setString(2, value);
+ setUserPropertiesStmt.setString(3, userName);
+ setUserPropertiesStmt.setString(4, idUserAttribute);
+ setUserPropertiesStmt.executeUpdate();
+ }
+ }
+ }
+ dbConnection.commit();
+
+ } catch (SQLException e) {
+ log.debug(e);
+ throw new UserStoreException("errorModifyingUserStore", e);
+ } finally {
+ try {
+ if (dbConnection != null) {
+ dbConnection.close();
+ }
+ } catch (SQLException e) {
+ throw new UserStoreException("errorClosingConnection", e);
+ }
+ }
+
}
- public void updateUser(String userName, Object newCredential)
+ public void updateUser(String userName, Object newCredential)
throws UserStoreException {
throw new UserStoreException("this method not supported");
}
-
public void updateUser(String userName, Object newCredential,
Object oldCredential) throws UserStoreException {
try {
@@ -160,4 +231,15 @@
}
- }
+ public void removeUserFromRole(String userName, String roleName)
+ throws UserStoreException {
+
+ try {
+ UserAdmin admin = new UserAdmin();
+ admin.deleteRoleFromUser(userName, roleName);
+ } catch (Exception e) {
+ throw new UserStoreException(e.getMessage());
+ }
+
+ }
+}
Modified:
trunk/mashup/java/modules/core/src/org/wso2/mashup/realm/wsas/WSASUserStoreReader.java
==============================================================================
---
trunk/mashup/java/modules/core/src/org/wso2/mashup/realm/wsas/WSASUserStoreReader.java
(original)
+++
trunk/mashup/java/modules/core/src/org/wso2/mashup/realm/wsas/WSASUserStoreReader.java
Thu Mar 6 07:49:57 2008
@@ -12,6 +12,7 @@
import org.wso2.registry.users.UserStoreReader;
import org.wso2.registry.users.def.DefaultDataSupplier;
import org.wso2.registry.users.def.DefaultUserStoreReader;
+
import org.wso2.wsas.admin.service.UserAdmin;
import org.wso2.wsas.admin.service.util.RoleData;
import org.wso2.wsas.admin.service.util.UserData;
Modified: trunk/mashup/java/modules/www/stub_gen.jsp
==============================================================================
--- trunk/mashup/java/modules/www/stub_gen.jsp (original)
+++ trunk/mashup/java/modules/www/stub_gen.jsp Thu Mar 6 07:49:57 2008
@@ -40,9 +40,7 @@
<%@ page import="org.wso2.registry.Tag" %>
<%@ page import="org.wso2.registry.jdbc.JDBCRegistry" %>
<%@ page import="org.wso2.registry.secure.SecureRegistry" %>
-<%@ page import="org.wso2.usermanager.Realm" %>
-<%@ page import="org.wso2.usermanager.UserManagerException" %>
-<%@ page import="org.wso2.usermanager.verification.email.EmailVerifier" %>
+<%@ page import="org.wso2.registry.users.verifier.EmailVerifier" %>
<%@ page import="javax.servlet.ServletContext" %>
<%@ page import="java.net.URL" %>
<%@ page import="java.net.URLDecoder" %>
Modified: trunk/mashup/java/modules/www/tag_cloud.jsp
==============================================================================
--- trunk/mashup/java/modules/www/tag_cloud.jsp (original)
+++ trunk/mashup/java/modules/www/tag_cloud.jsp Thu Mar 6 07:49:57 2008
@@ -40,9 +40,7 @@
<%@ page import="org.wso2.registry.Tag" %>
<%@ page import="org.wso2.registry.jdbc.JDBCRegistry" %>
<%@ page import="org.wso2.registry.secure.SecureRegistry" %>
-<%@ page import="org.wso2.usermanager.Realm" %>
-<%@ page import="org.wso2.usermanager.UserManagerException" %>
-<%@ page import="org.wso2.usermanager.verification.email.EmailVerifier" %>
+<%@ page import="org.wso2.registry.users.verifier.EmailVerifier" %>
<%@ page import="javax.servlet.ServletContext" %>
<%@ page import="java.net.URL" %>
<%@ page import="java.net.URLDecoder" %>
_______________________________________________
Mashup-dev mailing list
[email protected]
http://www.wso2.org/cgi-bin/mailman/listinfo/mashup-dev
