Author: keith
Date: Thu Apr 24 21:03:09 2008
New Revision: 16125
Log:
Refractoring initRegistry method into sevaral smaller methods. Mashup-771
Modified:
trunk/mashup/java/modules/core/src/org/wso2/mashup/RegistryInitializer.java
Modified:
trunk/mashup/java/modules/core/src/org/wso2/mashup/RegistryInitializer.java
==============================================================================
--- trunk/mashup/java/modules/core/src/org/wso2/mashup/RegistryInitializer.java
(original)
+++ trunk/mashup/java/modules/core/src/org/wso2/mashup/RegistryInitializer.java
Thu Apr 24 21:03:09 2008
@@ -42,23 +42,85 @@
public static void initRegistry(ConfigurationContext configCtx) throws
MashupFault {
- final String SYSTEM_USER_NAME = "System";
- final String SYSTEM_USER_BIO = "System User";
- final String SAMPLES_USER_NAME = "Samples";
- final String SAMPLES_USER_BIO = "Samples User";
- final String ANNONYMOUS_USER_NAME = "Visitor";
- final String ANNONYMOUS_USER_BIO = "Annonymous User";
- final String ADMIN_USER_BIO = "System Administrator";
- final String NONE = "none";
-
- // flag used to decide weather the creation of a primary account is
needed or not
- boolean createPrimary;
- String primaryName = null;
- String primaryPassword;
UserRegistry systemRegistry;
ServerConfiguration serverConfig = ServerConfiguration.getInstance();
+ try {
+
+ addMashupUserRole();
+
+ UserRealm realm = createRealm(serverConfig);
+
+ UserStoreAdmin userStoreAdmin = realm.getUserStoreAdmin();
+
+ // We use this as a check to check weather the regiatry was
initialized. We dont need to
+ // execute these stuff each time the server is restarted. We need
it only on a first
+ // time start.
+
+ // Add a set of users and roles that is needed by the Mashup Server
+ if
(!userStoreAdmin.isExistingUser(RegistryConstants.ANONYMOUS_USER)) {
+ addInitialUsersToWSAS(userStoreAdmin);
+
+
+ provisionPermissions(realm);
+ }
+
+ EmbeddedRegistry embeddedRegistry = createRegistry(serverConfig,
realm);
+
+ // Add the realm and registry as parameters in the
AxisConfiguration so that they can be
+ // used later on as an when needed
+ configCtx.getAxisConfiguration()
+ .addParameter(RegistryConstants.REGISTRY,
embeddedRegistry);
+
configCtx.getAxisConfiguration().addParameter(RegistryConstants.REGISTRY_REALM,
realm);
+
+ // Instantiating a secure registry using the system account, in
order to create user
+ // profiles.
+ systemRegistry = embeddedRegistry.getSystemRegistry();
+
+ if
(!systemRegistry.resourceExists(MashupConstants.QUERYSTORE_QUERY_PATH)) {
+
+ populatePredefinedCollections(systemRegistry);
+
+ populatePredefinedQueries(systemRegistry);
+
+ createInitialUsersInRegistry(systemRegistry);
+ }
+
+ CreatePrimaryUser(systemRegistry, serverConfig, realm,
userStoreAdmin);
+
+ } catch (UserStoreException e) {
+ throw new MashupFault(e);
+ } catch (RegistryException e) {
+ throw new MashupFault(e);
+ } catch (AxisFault axisFault) {
+ throw new MashupFault(axisFault);
+ }
+ }
+
+ private static void addMashupUserRole() throws AxisFault {
+ // We need to create a new role called mashup_user so that all users
of the mashup
+ // server can be added to this role. We need this to set the defaults
permissions for
+ // users of the server
+ UserAdmin admin = new UserAdmin();
+ boolean hasMashupUserRole = false;
+ String[] roleNames = admin.getRoleNames();
+ for (int i = 0; i < roleNames.length; i++) {
+ if (MashupConstants.MASHUP_USER_ROLE.equals(roleNames[i])) {
+ hasMashupUserRole = true;
+ break;
+ }
+ }
+ if (!hasMashupUserRole) {
+ admin.addRole(MashupConstants.MASHUP_USER_ROLE,
+ MashupConstants.MASHUP_USER_ROLE_NAME);
+ }
+ }
+
+ private static EmbeddedRegistry createRegistry(ServerConfiguration
serverConfig,
+ UserRealm realm)
+ throws MashupFault, RegistryException {
+
// Get the database connection details for the registry database from
the server.xml
String registryDriverClass = serverConfig
.getFirstProperty(MashupConstants.REGISTRY_CONFIG +
MashupConstants.DOT +
@@ -83,6 +145,16 @@
"the registry. The driverClass and the url are
mandatory.");
}
+ RegistryDataSource datasource = new RegistryDataSource(registryUrl,
registryDriverClass,
+
registryUsername,
+
registryPassword);
+
+ return new EmbeddedRegistry(datasource, realm);
+ }
+
+ private static UserRealm createRealm(ServerConfiguration serverConfig)
+ throws MashupFault, UserStoreException {
+
// Get the database connection details for the usermanager database
from the server.xml
String usermanagerDriverClass = serverConfig
.getFirstProperty(
@@ -108,354 +180,357 @@
"the usermanager. The driverClass and the url are
mandatory.");
}
- try {
+ // We create a new WSASRegistryRealm here. The WSASRegistryRealm is
specially designed
+ // so that we have all the authentication details in the WSAS database
while we maintain
+ // the authorization details in a stripped down version of the
usermanager database
+ UserRealm realm = new WSASRegistryRealm();
+ DefaultRealmConfig config = (DefaultRealmConfig)
realm.getRealmConfiguration();
+
+ config.setConnectionURL(usermanagerUrl);
+ config.setDriverName(usermanagerDriverClass);
+ config.setConnectionUserName(usermanagerUsername);
+ config.setConnectionPassword(usermanagerPassword);
+ realm.init(config);
+ return realm;
+ }
- // We need to create a new role called mashup_user so that all
users of the mashup
- // server can be added to this role. We need this to set the
defaults permissions for
- // users of the server
- UserAdmin admin = new UserAdmin();
- boolean hasMashupUserRole = false;
- String[] roleNames = admin.getRoleNames();
- for (int i = 0; i < roleNames.length; i++) {
- if (MashupConstants.MASHUP_USER_ROLE.equals(roleNames[i])) {
- hasMashupUserRole = true;
- break;
- }
- }
- if (!hasMashupUserRole) {
- admin.addRole(MashupConstants.MASHUP_USER_ROLE,
- MashupConstants.MASHUP_USER_ROLE_NAME);
- }
+ private static void CreatePrimaryUser(UserRegistry systemRegistry,
+ ServerConfiguration serverConfig,
UserRealm realm,
+ UserStoreAdmin userStoreAdmin)
+ throws UserStoreException, RegistryException {
- // We create a new WSASRegistryRealm here. The WSASRegistryRealm
is specially designed
- // so that we have all the authentication details in the WSAS
database while we maintain
- // the authorization details in a stripped down version of the
usermanager database
- UserRealm realm = new WSASRegistryRealm();
- DefaultRealmConfig config = (DefaultRealmConfig)
realm.getRealmConfiguration();
-
- config.setConnectionURL(usermanagerUrl);
- config.setDriverName(usermanagerDriverClass);
- config.setConnectionUserName(usermanagerUsername);
- config.setConnectionPassword(usermanagerPassword);
- realm.init(config);
+ final String ADMIN_USER_BIO = "System Administrator";
+ final String NONE = "none";
- UserStoreAdmin us = realm.getUserStoreAdmin();
+ // flag used to decide weather the creation of a primary account is
needed or not
+ boolean createPrimary;
+ createPrimary = Boolean.parseBoolean(
+
serverConfig.getFirstProperty(MashupConstants.PRIMARY_USER_CONFIG + "." +
+ MashupConstants.CREATE_PRIMARY_USER));
+
+ // If the server.xml contains primary account details and if this is
the first startup
+ // then create the primary account
+ if (createPrimary && !MashupUtils.isInitialSetupComplete()) {
+ String primaryName =
+
serverConfig.getFirstProperty(MashupConstants.PRIMARY_USER_CONFIG + "." +
+ MashupConstants.PRIMARY_USER);
+ String primaryPassword =
+
serverConfig.getFirstProperty(MashupConstants.PRIMARY_USER_CONFIG + "." +
+ MashupConstants.PRIMARY_PASSWORD);
+ userStoreAdmin.addUser(primaryName, primaryPassword);
- // We use this as a check to check weather the regiatry was
initialized. We dont need to
- // execute these stuff each time the server is restarted. We need
it only on a first
- // time start.
+ //Create the admin profile using information from a config file.
+ RegistryUtils
+ .createUser(systemRegistry, primaryName, primaryName, NONE,
+ ADMIN_USER_BIO);
+ // Assign system user the 'admin' role and make primary.
+ userStoreAdmin.addUserToRole(primaryName,
RegistryConstants.ADMIN_ROLE);
+ RegistryUtils.makeUserPrimary(realm, primaryName);
+ MashupUtils.setInitialSetupComplete(true);
+ }
+ }
- // Add a set of users and roles that is needed by the Mashup Server
- if (!us.isExistingUser(RegistryConstants.ANONYMOUS_USER)) {
+ private static void createInitialUsersInRegistry(UserRegistry
systemRegistry)
+ throws UserStoreException, RegistryException {
- // Add a user called annonymous. All users not signed into the
server are in this
- // role. Hence permissions assigned to these users are the
default permissions set
- // for guests.
- us.addUser(RegistryConstants.ANONYMOUS_USER,
RegistryConstants.ANONYMOUS_PASSWORD);
-
- // Add a user called system. The system user is managed by the
mashup server and all
- // server management tasks are performed using this user
account
- us.addUser(RegistryConstants.SYSTEM_USER,
RegistryConstants.SYSTEM_PASSWORD);
-
- // Add a user called samples. The sample user is managed by
the mashup server and
- // all samples are deployed using this account
- us.addUser(MashupConstants.SAMPLES_USER,
MashupConstants.SAMPLES_USER_PASSWORD);
-
- // Add an admin role so that admins can be put into this role
- us.addRole(RegistryConstants.ADMIN_ROLE);
-
- // Add an everyone role so that all users are added to this
role
- us.addRole(RegistryConstants.EVERYONE_ROLE);
-
- // Assign system user the 'admin' role.
- us.addUserToRole(MashupConstants.SYSTEM_USER,
RegistryConstants.ADMIN_ROLE);
-
- AccessControlAdmin ac = realm.getAccessControlAdmin();
-
- // Setting permissions for the admin role on user resources
- ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
AccessControlConstants.USER_RESOURCE,
- AccessControlConstants.ADD);
- ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
AccessControlConstants.USER_RESOURCE,
- AccessControlConstants.READ);
- ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
AccessControlConstants.USER_RESOURCE,
- AccessControlConstants.EDIT);
- ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
AccessControlConstants.USER_RESOURCE,
- AccessControlConstants.DELETE);
-
- // Setting permissions for the admin role on role resources
- ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
AccessControlConstants.ROLE_RESOURCE,
- AccessControlConstants.ADD);
- ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
AccessControlConstants.ROLE_RESOURCE,
- AccessControlConstants.READ);
- ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
AccessControlConstants.ROLE_RESOURCE,
- AccessControlConstants.EDIT);
- ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
AccessControlConstants.ROLE_RESOURCE,
- AccessControlConstants.DELETE);
-
- // Setting permissions for the admin role on setting
permissions
- ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
-
AccessControlConstants.USER_PERMISSION_RESOURCE,
- AccessControlConstants.READ);
- ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
-
AccessControlConstants.USER_PERMISSION_RESOURCE,
- AccessControlConstants.ADD);
- ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
-
AccessControlConstants.USER_PERMISSION_RESOURCE,
- AccessControlConstants.EDIT);
- ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
-
AccessControlConstants.USER_PERMISSION_RESOURCE,
- AccessControlConstants.DELETE);
-
- // Setting permissions for the admin role to GET, PUT and
DELETE data from any part
- // of the registry
- ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
RegistryConstants.ROOT_PATH,
- ActionConstants.GET);
- ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
RegistryConstants.ROOT_PATH,
- ActionConstants.PUT);
- ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
RegistryConstants.ROOT_PATH,
- ActionConstants.DELETE);
- ac.authorizeRole(RegistryConstants.ADMIN_ROLE,
RegistryConstants.ROOT_PATH,
- AccessControlConstants.AUTHORIZE);
-
- // Setting permissions for the everyone role to GET data from
any part
- // of the registry
- ac.authorizeRole(RegistryConstants.EVERYONE_ROLE,
RegistryConstants.ROOT_PATH,
- ActionConstants.GET);
- ac.authorizeRole(RegistryConstants.EVERYONE_ROLE,
RegistryConstants.ROOT_PATH,
- ActionConstants.GET);
-
- // Setting permissions for the everyone role to READ and EDIT
user resources
- ac.authorizeRole(RegistryConstants.EVERYONE_ROLE,
- AccessControlConstants.USER_RESOURCE,
AccessControlConstants.READ);
- ac.authorizeRole(RegistryConstants.EVERYONE_ROLE,
- AccessControlConstants.USER_RESOURCE,
AccessControlConstants.EDIT);
-
- // Setting permissions for the everyone role to READ
permissions
- ac.authorizeRole(RegistryConstants.EVERYONE_ROLE,
- AccessControlConstants.ROLE_RESOURCE,
AccessControlConstants.READ);
- ac.authorizeRole(RegistryConstants.EVERYONE_ROLE,
-
AccessControlConstants.USER_PERMISSION_RESOURCE,
- AccessControlConstants.READ);
-
- // Setting permissions for the everyone role to READ all
mashups and queries
- ac.authorizeRole(MashupConstants.EVERYONE_ROLE,
MashupConstants.ALL_MASHUPS_PATH,
- AccessControlConstants.READ);
- ac.authorizeRole(MashupConstants.EVERYONE_ROLE,
- MashupConstants.ALL_MASHUPS_QUERY_PATH,
- AccessControlConstants.READ);
- }
+ final String SYSTEM_USER_NAME = "System";
+ final String SYSTEM_USER_BIO = "System User";
+ final String SAMPLES_USER_NAME = "Samples";
+ final String SAMPLES_USER_BIO = "Samples User";
+ final String ANNONYMOUS_USER_NAME = "Visitor";
+ final String ANNONYMOUS_USER_BIO = "Annonymous User";
+ final String NONE = "none";
+ // Create the anonymous user profile.
+ RegistryUtils.createUser(systemRegistry,
+ RegistryConstants.ANONYMOUS_USER,
ANNONYMOUS_USER_NAME,
+ NONE,
+ ANNONYMOUS_USER_BIO);
+
+ // Create the system user profile.
+ RegistryUtils.createUser(systemRegistry, MashupConstants.SYSTEM_USER,
+ SYSTEM_USER_NAME, NONE, SYSTEM_USER_BIO);
+
+ // Create the samples user and profile.
+ RegistryUtils.createUser(systemRegistry, MashupConstants.SAMPLES_USER,
+ SAMPLES_USER_NAME, NONE, SAMPLES_USER_BIO);
+ }
- createPrimary = Boolean.parseBoolean(
-
serverConfig.getFirstProperty(MashupConstants.PRIMARY_USER_CONFIG + "." +
- MashupConstants.CREATE_PRIMARY_USER));
+ private static void populatePredefinedCollections(UserRegistry
systemRegistry)
+ throws RegistryException {
- // If the server.xml contains primary account details and if this
is the first startup
- // then create the primary account
- if (createPrimary && !MashupUtils.isInitialSetupComplete()) {
- primaryName =
-
serverConfig.getFirstProperty(MashupConstants.PRIMARY_USER_CONFIG + "." +
- MashupConstants.PRIMARY_USER);
- primaryPassword =
-
serverConfig.getFirstProperty(MashupConstants.PRIMARY_USER_CONFIG + "." +
- MashupConstants.PRIMARY_PASSWORD);
- us.addUser(primaryName, primaryPassword);
- }
+ // Create an area in the registry to add queries
+ Collection queryCollection = systemRegistry.newCollection();
+ systemRegistry.put(MashupConstants.QUERYSTORE_QUERY_PATH,
queryCollection);
+
+ // Create a collection for users. All user related data will go in here
+ Collection usersCollection = systemRegistry.newCollection();
+ systemRegistry.put(MashupConstants.USERS_PATH, usersCollection);
+
+ // Create a collection for profiles. All user profiles data will go in
here
+ Collection profileCollection = systemRegistry.newCollection();
+ systemRegistry.put(MashupConstants.PROFILES_PATH, profileCollection);
+
+ // Create a collection for system. All system related data will go in
here
+ Collection systemCollection = systemRegistry.newCollection();
+ systemRegistry.put(MashupConstants.SYSTEM_PATH, systemCollection);
+
+ // Create a collection for /system/queries. All system queries will go
in here
+ Collection queriesCollection = systemRegistry.newCollection();
+ systemRegistry.put(MashupConstants.SYSTEM__QUERIES_PATH,
queriesCollection);
+
+ // Create a collection for mashups. All mashup related data will go in
here
+ Collection mashupsCollection = systemRegistry.newCollection();
+ systemRegistry.put(MashupConstants.ALL_MASHUPS_PATH,
mashupsCollection);
+ }
- RegistryDataSource datasource = new
RegistryDataSource(registryUrl, registryDriverClass,
-
registryUsername,
-
registryPassword);
+ private static void populatePredefinedQueries(UserRegistry systemRegistry)
+ throws RegistryException {
- EmbeddedRegistry embeddedRegistry = new
EmbeddedRegistry(datasource, realm);
+ // All mashups query
+ addQuery(
+ systemRegistry,
+ MashupConstants.ALL_MASHUPS_QUERY_PATH,
+ "SELECT PATH FROM RESOURCE WHERE (MEDIA_TYPE='" +
+ MashupConstants.MASHUP_MEDIA_TYPE + "' OR " +
+ "MEDIA_TYPE='wso2_data_service') ORDER BY
LAST_UPDATED_TIME DESC",
+ RegistryConstants.RESOURCES_RESULT_TYPE
+ );
+
+ // Mashups from a specific user
+ addQuery(
+ systemRegistry,
+ MashupConstants.MY_MASHUPS_QUERY_PATH,
+ "SELECT PATH FROM RESOURCE WHERE CREATOR=? AND " +
+ "(MEDIA_TYPE='" + MashupConstants.MASHUP_MEDIA_TYPE +
"' OR " +
+ "MEDIA_TYPE='wso2_data_service') ORDER BY
LAST_UPDATED_TIME DESC",
+ RegistryConstants.RESOURCES_RESULT_TYPE
+ );
+
+ // Mashups rated 4.0 or better, sorted by rating.
+ addQuery(
+ systemRegistry,
+ MashupConstants.TOP_MASHUPS_QUERY_PATH,
+ "SELECT A.PATH FROM RESOURCE A, RATING R WHERE " +
+ "A.AID=R.AID AND (A.MEDIA_TYPE='" +
+ MashupConstants.MASHUP_MEDIA_TYPE + "' OR " +
+ "A.MEDIA_TYPE='wso2_data_service') GROUP BY A.PATH
HAVING " +
+ "AVG(R.RATING) >= 4.0 ORDER BY AVG(R.RATING) DESC",
+ RegistryConstants.RESOURCES_RESULT_TYPE
+ );
+
+ // Mashups from a specific user rated 4.0 or better, sorted by rating.
+ addQuery(
+ systemRegistry,
+ MashupConstants.MY_TOP_MASHUPS_QUERY_PATH,
+ "SELECT A.PATH FROM RESOURCE A, RATING R WHERE " +
+ "A.AID=R.AID AND A.CREATOR=? AND (A.MEDIA_TYPE='" +
+ MashupConstants.MASHUP_MEDIA_TYPE + "' OR " +
+ "A.MEDIA_TYPE='wso2_data_service') GROUP BY A.PATH
HAVING " +
+ "AVG(R.RATING) >= 4.0 ORDER BY AVG(R.RATING) DESC",
+ RegistryConstants.RESOURCES_RESULT_TYPE
+ );
+
+ // This query accepts a resource path, a username, and a tag name, and
returns the
+ // resource path if that user applied that tag to the resource.
+ // Used for checking whether the current user should be allowed to
delete the tag.
+ addQuery(
+ systemRegistry,
+ MashupConstants.USER_TAGS_QUERY_PATH,
+ "SELECT A.PATH FROM RESOURCE A, TAG T WHERE A.PATH=? " +
+ "AND T.TAG_NAME=? AND T.RID=A.RID AND T.USER_ID=? AND
" +
+ "(A.MEDIA_TYPE='" + MashupConstants.MASHUP_MEDIA_TYPE +
+ "' OR A.MEDIA_TYPE='wso2_data_service')",
+ RegistryConstants.RESOURCES_RESULT_TYPE
+ );
+
+ // Query for mashups based on tag, description, or title
+ // todo: queries aren't case insensitive
+ addQuery(
+ systemRegistry,
+ MashupConstants.CUSTOM_QUERY_PATH,
+ "SELECT DISTINCT A.PATH FROM RESOURCE A, TAG T WHERE " +
+ "(A.PATH LIKE ? OR A.DESCRIPTION LIKE ? OR
(T.TAG_NAME=? AND " +
+ "T.RID=A.RID)) AND (A.MEDIA_TYPE='" + MashupConstants
+ .MASHUP_MEDIA_TYPE +
+ "' OR A.MEDIA_TYPE='wso2_data_service')",
+ RegistryConstants.RESOURCES_RESULT_TYPE
+ );
+
+ // Query for mashups from a specific user based on tag, description,
or title
+ // todo: queries aren't case insensitive
+ addQuery(
+ systemRegistry,
+ MashupConstants.MY_CUSTOM_QUERY_PATH,
+ "SELECT DISTINCT A.PATH FROM RESOURCE A, TAG T WHERE " +
+ "(A.PATH LIKE ? OR A.DESCRIPTION LIKE ? OR
(T.TAG_NAME=? AND " +
+ "T.RID=A.RID)) AND A.CREATOR=? AND (A.MEDIA_TYPE='" +
+ MashupConstants.MASHUP_MEDIA_TYPE +
+ "' OR A.MEDIA_TYPE='wso2_data_service')",
+ RegistryConstants.RESOURCES_RESULT_TYPE
+ );
+
+ // Query for comments
+ addQuery(
+ systemRegistry,
+ MashupConstants.COMMENTS_QUERY_PATH,
+ "SELECT C.CM_ID FROM COMMENT C, RESOURCE A WHERE
C.COMMENT_TEXT " +
+ "LIKE ? AND C.RID=A.RID AND (A.MEDIA_TYPE='" +
+ MashupConstants.MASHUP_MEDIA_TYPE +
+ "' OR A.MEDIA_TYPE='wso2_data_service')",
+ RegistryConstants.COMMENTS_RESULT_TYPE
+ );
+
+ // Query for comments by a particular user
+ addQuery(
+ systemRegistry,
+ MashupConstants.MY_COMMENTS_QUERY_PATH,
+ "SELECT C.CM_ID FROM COMMENT C, RESOURCE A WHERE
C.COMMENT_TEXT " +
+ "LIKE ? AND C.USER_ID=? AND C.RID=A.RID AND " +
+ "(A.MEDIA_TYPE='" + MashupConstants.MASHUP_MEDIA_TYPE +
+ "' OR A.MEDIA_TYPE='wso2_data_service')",
+ RegistryConstants.COMMENTS_RESULT_TYPE
+ );
+
+ // Query for all comments by a particular user
+ addQuery(
+ systemRegistry,
+ MashupConstants.USERS_COMMENTS_QUERY_PATH,
+ "SELECT C.CM_ID FROM COMMENT C, RESOURCE A WHERE C.USER_ID=?
AND " +
+ "C.RID=A.RID AND AND (A.MEDIA_TYPE='" +
+ MashupConstants.MASHUP_MEDIA_TYPE +
+ "' OR A.MEDIA_TYPE='wso2_data_service')",
+ RegistryConstants.COMMENTS_RESULT_TYPE
+ );
+ }
- // Add the realm and registry as parameters in the
AxisConfiguration so that they can be
- // used later on as an when needed
- configCtx.getAxisConfiguration()
- .addParameter(RegistryConstants.REGISTRY,
embeddedRegistry);
-
configCtx.getAxisConfiguration().addParameter(RegistryConstants.REGISTRY_REALM,
realm);
+ private static void provisionPermissions(UserRealm realm) throws
UserStoreException {
- // Instantiating a secure registry using the system account, in
order to create user
- // profiles.
- systemRegistry = embeddedRegistry.getSystemRegistry();
+ AccessControlAdmin accessControlAdmin = realm.getAccessControlAdmin();
- if
(!systemRegistry.resourceExists(MashupConstants.QUERYSTORE_QUERY_PATH)) {
+ // Setting permissions for the admin role on user resources
+ accessControlAdmin.authorizeRole(RegistryConstants.ADMIN_ROLE,
+ AccessControlConstants.USER_RESOURCE,
+ AccessControlConstants.ADD);
+ accessControlAdmin.authorizeRole(RegistryConstants.ADMIN_ROLE,
+ AccessControlConstants.USER_RESOURCE,
+ AccessControlConstants.READ);
+ accessControlAdmin.authorizeRole(RegistryConstants.ADMIN_ROLE,
+ AccessControlConstants.USER_RESOURCE,
+ AccessControlConstants.EDIT);
+ accessControlAdmin.authorizeRole(RegistryConstants.ADMIN_ROLE,
+ AccessControlConstants.USER_RESOURCE,
+ AccessControlConstants.DELETE);
+
+ // Setting permissions for the admin role on role resources
+ accessControlAdmin.authorizeRole(RegistryConstants.ADMIN_ROLE,
+ AccessControlConstants.ROLE_RESOURCE,
+ AccessControlConstants.ADD);
+ accessControlAdmin.authorizeRole(RegistryConstants.ADMIN_ROLE,
+ AccessControlConstants.ROLE_RESOURCE,
+ AccessControlConstants.READ);
+ accessControlAdmin.authorizeRole(RegistryConstants.ADMIN_ROLE,
+ AccessControlConstants.ROLE_RESOURCE,
+ AccessControlConstants.EDIT);
+ accessControlAdmin.authorizeRole(RegistryConstants.ADMIN_ROLE,
+ AccessControlConstants.ROLE_RESOURCE,
+ AccessControlConstants.DELETE);
+
+ // Setting permissions for the admin role on setting permissions
+ accessControlAdmin.authorizeRole(RegistryConstants.ADMIN_ROLE,
+
AccessControlConstants.USER_PERMISSION_RESOURCE,
+ AccessControlConstants.READ);
+ accessControlAdmin.authorizeRole(RegistryConstants.ADMIN_ROLE,
+
AccessControlConstants.USER_PERMISSION_RESOURCE,
+ AccessControlConstants.ADD);
+ accessControlAdmin.authorizeRole(RegistryConstants.ADMIN_ROLE,
+
AccessControlConstants.USER_PERMISSION_RESOURCE,
+ AccessControlConstants.EDIT);
+ accessControlAdmin.authorizeRole(RegistryConstants.ADMIN_ROLE,
+
AccessControlConstants.USER_PERMISSION_RESOURCE,
+ AccessControlConstants.DELETE);
+
+ // Setting permissions for the admin role to GET, PUT and DELETE data
from any part
+ // of the registry
+ accessControlAdmin
+ .authorizeRole(RegistryConstants.ADMIN_ROLE,
RegistryConstants.ROOT_PATH,
+ ActionConstants.GET);
+ accessControlAdmin
+ .authorizeRole(RegistryConstants.ADMIN_ROLE,
RegistryConstants.ROOT_PATH,
+ ActionConstants.PUT);
+ accessControlAdmin
+ .authorizeRole(RegistryConstants.ADMIN_ROLE,
RegistryConstants.ROOT_PATH,
+ ActionConstants.DELETE);
+ accessControlAdmin
+ .authorizeRole(RegistryConstants.ADMIN_ROLE,
RegistryConstants.ROOT_PATH,
+ AccessControlConstants.AUTHORIZE);
+
+ // Setting permissions for the everyone role to GET data from any part
+ // of the registry
+ accessControlAdmin
+ .authorizeRole(RegistryConstants.EVERYONE_ROLE,
RegistryConstants.ROOT_PATH,
+ ActionConstants.GET);
+ accessControlAdmin
+ .authorizeRole(RegistryConstants.EVERYONE_ROLE,
RegistryConstants.ROOT_PATH,
+ ActionConstants.GET);
+
+ // Setting permissions for the everyone role to READ and EDIT user
resources
+ accessControlAdmin.authorizeRole(RegistryConstants.EVERYONE_ROLE,
+ AccessControlConstants.USER_RESOURCE,
+ AccessControlConstants.READ);
+ accessControlAdmin.authorizeRole(RegistryConstants.EVERYONE_ROLE,
+ AccessControlConstants.USER_RESOURCE,
+ AccessControlConstants.EDIT);
+
+ // Setting permissions for the everyone role to READ permissions
+ accessControlAdmin.authorizeRole(RegistryConstants.EVERYONE_ROLE,
+ AccessControlConstants.ROLE_RESOURCE,
+ AccessControlConstants.READ);
+ accessControlAdmin.authorizeRole(RegistryConstants.EVERYONE_ROLE,
+
AccessControlConstants.USER_PERMISSION_RESOURCE,
+ AccessControlConstants.READ);
+
+ // Setting permissions for the everyone role to READ all mashups and
queries
+ accessControlAdmin.authorizeRole(MashupConstants.EVERYONE_ROLE,
+ MashupConstants.ALL_MASHUPS_PATH,
+ AccessControlConstants.READ);
+ accessControlAdmin.authorizeRole(MashupConstants.EVERYONE_ROLE,
+
MashupConstants.ALL_MASHUPS_QUERY_PATH,
+ AccessControlConstants.READ);
+ }
- // Create an area in the registry to add queries
- Collection queryCollection = systemRegistry.newCollection();
- systemRegistry.put(MashupConstants.QUERYSTORE_QUERY_PATH,
queryCollection);
-
- // All mashups query
- addQuery(
- systemRegistry,
- MashupConstants.ALL_MASHUPS_QUERY_PATH,
- "SELECT PATH FROM RESOURCE WHERE (MEDIA_TYPE='" +
- MashupConstants.MASHUP_MEDIA_TYPE + "' OR " +
- "MEDIA_TYPE='wso2_data_service') ORDER BY
LAST_UPDATED_TIME DESC",
- RegistryConstants.RESOURCES_RESULT_TYPE
- );
-
- // Mashups from a specific user
- addQuery(
- systemRegistry,
- MashupConstants.MY_MASHUPS_QUERY_PATH,
- "SELECT PATH FROM RESOURCE WHERE CREATOR=? AND " +
- "(MEDIA_TYPE='" +
MashupConstants.MASHUP_MEDIA_TYPE + "' OR " +
- "MEDIA_TYPE='wso2_data_service') ORDER BY
LAST_UPDATED_TIME DESC",
- RegistryConstants.RESOURCES_RESULT_TYPE
- );
-
- // Mashups rated 4.0 or better, sorted by rating.
- addQuery(
- systemRegistry,
- MashupConstants.TOP_MASHUPS_QUERY_PATH,
- "SELECT A.PATH FROM RESOURCE A, RATING R WHERE " +
- "A.AID=R.AID AND (A.MEDIA_TYPE='" +
- MashupConstants.MASHUP_MEDIA_TYPE + "' OR " +
- "A.MEDIA_TYPE='wso2_data_service') GROUP BY
A.PATH HAVING " +
- "AVG(R.RATING) >= 4.0 ORDER BY AVG(R.RATING)
DESC",
- RegistryConstants.RESOURCES_RESULT_TYPE
- );
-
- // Mashups from a specific user rated 4.0 or better, sorted by
rating.
- addQuery(
- systemRegistry,
- MashupConstants.MY_TOP_MASHUPS_QUERY_PATH,
- "SELECT A.PATH FROM RESOURCE A, RATING R WHERE " +
- "A.AID=R.AID AND A.CREATOR=? AND
(A.MEDIA_TYPE='" +
- MashupConstants.MASHUP_MEDIA_TYPE + "' OR " +
- "A.MEDIA_TYPE='wso2_data_service') GROUP BY
A.PATH HAVING " +
- "AVG(R.RATING) >= 4.0 ORDER BY AVG(R.RATING)
DESC",
- RegistryConstants.RESOURCES_RESULT_TYPE
- );
-
- // Create a collection for users. All user related data will
go in here
- Collection usersCollection = systemRegistry.newCollection();
- systemRegistry.put(MashupConstants.USERS_PATH,
usersCollection);
-
- // Create a collection for profiles. All user profiles data
will go in here
- Collection profileCollection = systemRegistry.newCollection();
- systemRegistry.put(MashupConstants.PROFILES_PATH,
profileCollection);
-
- // Create a collection for system. All system related data
will go in here
- Collection systemCollection = systemRegistry.newCollection();
- systemRegistry.put(MashupConstants.SYSTEM_PATH,
systemCollection);
-
- // Create a collection for /system/queries. All system queries
will go in here
- Collection queriesCollection = systemRegistry.newCollection();
- systemRegistry.put(MashupConstants.SYSTEM__QUERIES_PATH,
queriesCollection);
-
- // Create a collection for mashups. All mashup related data
will go in here
- Collection mashupsCollection = systemRegistry.newCollection();
- systemRegistry.put(MashupConstants.ALL_MASHUPS_PATH,
mashupsCollection);
-
- // This query accepts a resource path, a username, and a tag
name, and returns the
- // resource path if that user applied that tag to the resource.
- // Used for checking whether the current user should be
allowed to delete the tag.
- addQuery(
- systemRegistry,
- MashupConstants.USER_TAGS_QUERY_PATH,
- "SELECT A.PATH FROM RESOURCE A, TAG T WHERE A.PATH=? "
+
- "AND T.TAG_NAME=? AND T.RID=A.RID AND
T.USER_ID=? AND " +
- "(A.MEDIA_TYPE='" +
MashupConstants.MASHUP_MEDIA_TYPE +
- "' OR A.MEDIA_TYPE='wso2_data_service')",
- RegistryConstants.RESOURCES_RESULT_TYPE
- );
-
- // Query for mashups based on tag, description, or title
- // todo: queries aren't case insensitive
- addQuery(
- systemRegistry,
- MashupConstants.CUSTOM_QUERY_PATH,
- "SELECT DISTINCT A.PATH FROM RESOURCE A, TAG T WHERE "
+
- "(A.PATH LIKE ? OR A.DESCRIPTION LIKE ? OR
(T.TAG_NAME=? AND " +
- "T.RID=A.RID)) AND (A.MEDIA_TYPE='" +
MashupConstants
- .MASHUP_MEDIA_TYPE +
- "' OR A.MEDIA_TYPE='wso2_data_service')",
- RegistryConstants.RESOURCES_RESULT_TYPE
- );
-
- // Query for mashups from a specific user based on tag,
description, or title
- // todo: queries aren't case insensitive
- addQuery(
- systemRegistry,
- MashupConstants.MY_CUSTOM_QUERY_PATH,
- "SELECT DISTINCT A.PATH FROM RESOURCE A, TAG T WHERE "
+
- "(A.PATH LIKE ? OR A.DESCRIPTION LIKE ? OR
(T.TAG_NAME=? AND " +
- "T.RID=A.RID)) AND A.CREATOR=? AND
(A.MEDIA_TYPE='" +
- MashupConstants.MASHUP_MEDIA_TYPE +
- "' OR A.MEDIA_TYPE='wso2_data_service')",
- RegistryConstants.RESOURCES_RESULT_TYPE
- );
-
- // Query for comments
- addQuery(
- systemRegistry,
- MashupConstants.COMMENTS_QUERY_PATH,
- "SELECT C.CM_ID FROM COMMENT C, RESOURCE A WHERE
C.COMMENT_TEXT " +
- "LIKE ? AND C.RID=A.RID AND (A.MEDIA_TYPE='" +
- MashupConstants.MASHUP_MEDIA_TYPE +
- "' OR A.MEDIA_TYPE='wso2_data_service')",
- RegistryConstants.COMMENTS_RESULT_TYPE
- );
-
- // Query for comments by a particular user
- addQuery(
- systemRegistry,
- MashupConstants.MY_COMMENTS_QUERY_PATH,
- "SELECT C.CM_ID FROM COMMENT C, RESOURCE A WHERE
C.COMMENT_TEXT " +
- "LIKE ? AND C.USER_ID=? AND C.RID=A.RID AND " +
- "(A.MEDIA_TYPE='" +
MashupConstants.MASHUP_MEDIA_TYPE +
- "' OR A.MEDIA_TYPE='wso2_data_service')",
- RegistryConstants.COMMENTS_RESULT_TYPE
- );
-
- // Query for all comments by a particular user
- addQuery(
- systemRegistry,
- MashupConstants.USERS_COMMENTS_QUERY_PATH,
- "SELECT C.CM_ID FROM COMMENT C, RESOURCE A WHERE
C.USER_ID=? AND " +
- "C.RID=A.RID AND AND (A.MEDIA_TYPE='" +
- MashupConstants.MASHUP_MEDIA_TYPE +
- "' OR A.MEDIA_TYPE='wso2_data_service')",
- RegistryConstants.COMMENTS_RESULT_TYPE
- );
-
- // Create the anonymous user profile.
- RegistryUtils.createUser(systemRegistry,
- RegistryConstants.ANONYMOUS_USER,
ANNONYMOUS_USER_NAME,
- NONE,
- ANNONYMOUS_USER_BIO);
-
- // Create the system user profile.
- RegistryUtils.createUser(systemRegistry,
MashupConstants.SYSTEM_USER,
- SYSTEM_USER_NAME, NONE,
SYSTEM_USER_BIO);
-
- // Create the samples user and profile.
- RegistryUtils.createUser(systemRegistry,
MashupConstants.SAMPLES_USER,
- SAMPLES_USER_NAME, NONE,
SAMPLES_USER_BIO);
- }
+ private static void addInitialUsersToWSAS(UserStoreAdmin userStoreAdmin)
+ throws UserStoreException {
- // If primary user has not been created, do so.
- if (createPrimary && !MashupUtils.isInitialSetupComplete()) {
- //Create the admin profile using information from a config
file.
- RegistryUtils
- .createUser(systemRegistry, primaryName, primaryName,
NONE,
- ADMIN_USER_BIO);
- // Assign system user the 'admin' role and make primary.
- us.addUserToRole(primaryName, RegistryConstants.ADMIN_ROLE);
- RegistryUtils.makeUserPrimary(realm, primaryName);
- MashupUtils.setInitialSetupComplete(true);
- }
- } catch (UserStoreException e) {
- throw new MashupFault(e);
- } catch (RegistryException e) {
- throw new MashupFault(e);
- } catch (AxisFault axisFault) {
- throw new MashupFault(axisFault);
- }
+ // Add a user called annonymous. All users not signed into the server
are in this
+ // role. Hence permissions assigned to these users are the default
permissions set
+ // for guests.
+ userStoreAdmin.addUser(RegistryConstants.ANONYMOUS_USER,
+ RegistryConstants.ANONYMOUS_PASSWORD);
+
+ // Add a user called system. The system user is managed by the mashup
server and all
+ // server management tasks are performed using this user account
+ userStoreAdmin
+ .addUser(RegistryConstants.SYSTEM_USER,
RegistryConstants.SYSTEM_PASSWORD);
+
+ // Add a user called samples. The sample user is managed by the mashup
server and
+ // all samples are deployed using this account
+ userStoreAdmin.addUser(MashupConstants.SAMPLES_USER,
+ MashupConstants.SAMPLES_USER_PASSWORD);
+
+ // Add an admin role so that admins can be put into this role
+ userStoreAdmin.addRole(RegistryConstants.ADMIN_ROLE);
+
+ // Add an everyone role so that all users are added to this role
+ userStoreAdmin.addRole(RegistryConstants.EVERYONE_ROLE);
+
+ // Assign system user the 'admin' role.
+ userStoreAdmin
+ .addUserToRole(MashupConstants.SYSTEM_USER,
RegistryConstants.ADMIN_ROLE);
}
private static void addQuery(Registry registry, String path, String sql,
String type)
throws RegistryException {
+
ResourceImpl q = new ResourceImpl();
q.setContent(sql);
q.setMediaType(RegistryConstants.SQL_QUERY_MEDIA_TYPE);
_______________________________________________
Mashup-dev mailing list
[email protected]
http://www.wso2.org/cgi-bin/mailman/listinfo/mashup-dev
