org.apache.turbine.services.security
Class BaseSecurityService

java.lang.Object
  |
  +--org.apache.turbine.services.BaseInitable
        |
        +--org.apache.turbine.services.BaseService
              |
              +--org.apache.turbine.services.TurbineBaseService
                    |
                    +--org.apache.turbine.services.security.BaseSecurityService
All Implemented Interfaces:
Initable, SecurityService, Service
Direct Known Subclasses:
DBSecurityService, LDAPSecurityService

public abstract class BaseSecurityService
extends TurbineBaseService
implements SecurityService

This is a common subset of SecurityService implementation. Provided functionality includes:

Version:
$Id$
Author:
Rafal Krzewski

Field Summary
private  GroupSet allGroups
          Holds a list of all groups in the systems, for speeding up the access
private  PermissionSet allPermissions
          Holds a list of all permissions in the systems, for speeding up the access
private  RoleSet allRoles
          Holds a list of all roles in the systems, for speeding up the access
private static Group globalGroup
          The Group object that represents the global group.
private  int readerCount
          The number of threads concurrently reading security information
private  java.lang.Class userClass
          The class of User the SecurityService uses
private  UserManager userManager
          The instance of UserManager the SecurityService uses
 
Fields inherited from class org.apache.turbine.services.BaseService
configuration, name, properties, serviceBroker
 
Fields inherited from class org.apache.turbine.services.BaseInitable
initableBroker, isInitialized
 
Fields inherited from interface org.apache.turbine.services.security.SecurityService
SECURE_PASSWORDS_ALGORITHM_DEFAULT, SECURE_PASSWORDS_ALGORITHM_KEY, SECURE_PASSWORDS_DEFAULT, SECURE_PASSWORDS_KEY, SERVICE_NAME, USER_CLASS_DEFAULT, USER_CLASS_KEY, USER_MANAGER_DEFAULT, USER_MANAGER_KEY
 
Constructor Summary
BaseSecurityService()
           
 
Method Summary
 boolean accountExists(java.lang.String username)
          Check whether a specified user's account exists.
 boolean accountExists(User user)
          Check whether a specified user's account exists.
 void addUser(User user, java.lang.String password)
          Creates new user account with specified attributes.
 void changePassword(User user, java.lang.String oldPassword, java.lang.String newPassword)
          Change the password for an User.
 java.lang.String encryptPassword(java.lang.String password)
          This method provides client-side encryption of passwords.
 void forcePassword(User user, java.lang.String password)
          Forcibly sets new password for an User.
 GroupSet getAllGroups()
          Retrieves all groups defined in the system.
 PermissionSet getAllPermissions()
          Retrieves all permissions defined in the system.
 RoleSet getAllRoles()
          Retrieves all roles defined in the system.
 User getAnonymousUser()
          Constructs an User object to represent an anonymous user of the application.
 User getAuthenticatedUser(java.lang.String username, java.lang.String password)
          Authenticates an user, and constructs an User object to represent him/her.
 Group getGlobalGroup()
          Provides a reference to the Group object that represents the global group.
 Group getGroup(java.lang.String name)
          Retrieve a Group object with specified name.
 Permission getPermission(java.lang.String name)
          Retrieve a Permission object with specified name.
 Role getRole(java.lang.String name)
          Retrieve a Role object with specified name.
 User getUser(java.lang.String username)
          Constructs an User object to represent a registered user of the application.
 java.lang.Class getUserClass()
          Return a Class object representing the system's chosen implementation of of User interface.
 User getUserInstance()
          Construct a blank User object.
 User[] getUsers(Criteria criteria)
          Retrieve a set of users that meet the specified criteria.
 void init(javax.servlet.ServletConfig config)
          Initializes the SecurityService, locating the apropriate UserManager
protected  void lockExclusive()
          Acquire an exclusive lock on the security information repository.
protected  void lockShared()
          Acquire a shared lock on the security information repository.
 void removeUser(User user)
          Removes an user account from the system.
 void saveUser(User user)
          Saves User's data in the permanent storage.
protected  void unlockExclusive()
          Release an exclusive lock on the security information repository.
protected  void unlockShared()
          Release a shared lock on the security information repository.
 
Methods inherited from class org.apache.turbine.services.TurbineBaseService
init, init, init, shutdown
 
Methods inherited from class org.apache.turbine.services.BaseService
getConfiguration, getName, getProperties, getServiceBroker, setName, setServiceBroker
 
Methods inherited from class org.apache.turbine.services.BaseInitable
getInit, getInitableBroker, setInit, setInitableBroker
 
Methods inherited from class java.lang.Object
, clone, equals, finalize, getClass, hashCode, notify, notifyAll, registerNatives, toString, wait, wait, wait
 
Methods inherited from interface org.apache.turbine.services.security.SecurityService
addGroup, addPermission, addRole, getACL, getGroups, getNewGroup, getNewPermission, getNewRole, getPermissions, getPermissions, getRoles, grant, grant, removeGroup, removePermission, removeRole, renameGroup, renamePermission, renameRole, revoke, revoke, revokeAll, revokeAll, saveGroup, savePermission, saveRole
 
Methods inherited from interface org.apache.turbine.services.Service
getConfiguration, getProperties, setName, setServiceBroker
 
Methods inherited from interface org.apache.turbine.services.Initable
getInit, init, init, setInitableBroker, shutdown
 

Field Detail

allGroups

private GroupSet allGroups
Holds a list of all groups in the systems, for speeding up the access

allRoles

private RoleSet allRoles
Holds a list of all roles in the systems, for speeding up the access

allPermissions

private PermissionSet allPermissions
Holds a list of all permissions in the systems, for speeding up the access

readerCount

private int readerCount
The number of threads concurrently reading security information

userManager

private UserManager userManager
The instance of UserManager the SecurityService uses

userClass

private java.lang.Class userClass
The class of User the SecurityService uses

globalGroup

private static Group globalGroup
The Group object that represents the global group.
Constructor Detail

BaseSecurityService

public BaseSecurityService()
Method Detail

encryptPassword

public java.lang.String encryptPassword(java.lang.String password)
This method provides client-side encryption of passwords. If secure.passwords are enabled in TurbineResources, the password will be encrypted, if not, it will be returned unchanged. The secure.passwords.algorithm property can be used to chose which digest algorithm should be used for performing the encryption. SHA is used by default.
Specified by:
encryptPassword in interface SecurityService
Parameters:
password - the password to process
Returns:
processed password

init

public void init(javax.servlet.ServletConfig config)
          throws InitializationException
Initializes the SecurityService, locating the apropriate UserManager
Overrides:
init in class TurbineBaseService
Parameters:
config - a ServletConfig, to enforce early initialization

getUserClass

public java.lang.Class getUserClass()
                             throws UnknownEntityException
Return a Class object representing the system's chosen implementation of of User interface.
Specified by:
getUserClass in interface SecurityService
Returns:
systems's chosen implementation of User interface.
Throws:
UnknownEntityException - if the implementation of User interface could not be determined, or does not exist.

getUserInstance

public User getUserInstance()
                     throws UnknownEntityException
Construct a blank User object. This method calls getUserClass, and then creates a new object using the default constructor.
Specified by:
getUserInstance in interface SecurityService
Returns:
an object implementing User interface.
Throws:
UnknownEntityException - if the object could not be instantiated.

accountExists

public boolean accountExists(User user)
                      throws DataBackendException
Check whether a specified user's account exists. The login name is used for looking up the account.
Specified by:
accountExists in interface SecurityService
Parameters:
user - The user to be checked.
Returns:
true if the specified account exists
Throws:
DataBackendException - if there was an error accessing the data backend.

accountExists

public boolean accountExists(java.lang.String username)
                      throws DataBackendException
Check whether a specified user's account exists. The login name is used for looking up the account.
Specified by:
accountExists in interface SecurityService
Parameters:
usename - The name of the user to be checked.
Returns:
true if the specified account exists
Throws:
DataBackendException - if there was an error accessing the data backend.

getAuthenticatedUser

public User getAuthenticatedUser(java.lang.String username,
                                 java.lang.String password)
                          throws DataBackendException,
                                 UnknownEntityException,
                                 PasswordMismatchException
Authenticates an user, and constructs an User object to represent him/her.
Specified by:
getAuthenticatedUser in interface SecurityService
Parameters:
username - The user name.
password - The user password.
Returns:
An authenticated Turbine User.
Throws:
PasswordMismatchException - if the supplied password was incorrect.
UnknownEntityException - if the user's account does not exist in the database.
DataBackendException - if there is a problem accessing the storage.

getUser

public User getUser(java.lang.String username)
             throws DataBackendException,
                    UnknownEntityException
Constructs an User object to represent a registered user of the application.
Specified by:
getUser in interface SecurityService
Parameters:
username - The user name.
Returns:
A Turbine User.
Throws:
UnknownEntityException - if the user's account does not exist in the database.
DataBackendException - if there is a problem accessing the storage.

getUsers

public User[] getUsers(Criteria criteria)
                throws DataBackendException
Retrieve a set of users that meet the specified criteria. As the keys for the criteria, you should use the constants that are defined in User interface, plus the names of the custom attributes you added to your user representation in the data storage. Use verbatim names of the attributes - without table name prefix in case of DB implementation.
Specified by:
getUsers in interface SecurityService
Parameters:
criteria - The criteria of selection.
Returns:
a List of users meeting the criteria.
Throws:
DataBackendException - if there is a problem accessing the storage.

getAnonymousUser

public User getAnonymousUser()
                      throws UnknownEntityException
Constructs an User object to represent an anonymous user of the application.
Specified by:
getAnonymousUser in interface SecurityService
Returns:
An anonymous Turbine User.
Throws:
UnknownEntityException - if the implementation of User interface could not be determined, or does not exist.

saveUser

public void saveUser(User user)
              throws UnknownEntityException,
                     DataBackendException
Saves User's data in the permanent storage. The user account is required to exist in the storage.
Specified by:
saveUser in interface SecurityService
Throws:
UnknownEntityException - if the user's account does not exist in the database.
DataBackendException - if there is a problem accessing the storage.

addUser

public void addUser(User user,
                    java.lang.String password)
             throws DataBackendException,
                    EntityExistsException
Creates new user account with specified attributes.
Specified by:
addUser in interface SecurityService
Parameters:
user - the object describing account to be created.
Throws:
DataBackendException - if there was an error accessing the data backend.
EntityExistsException - if the user account already exists.

removeUser

public void removeUser(User user)
                throws DataBackendException,
                       UnknownEntityException
Removes an user account from the system.
Specified by:
removeUser in interface SecurityService
Parameters:
user - the object describing the account to be removed.
Throws:
DataBackendException - if there was an error accessing the data backend.
UnknownEntityException - if the user account is not present.

changePassword

public void changePassword(User user,
                           java.lang.String oldPassword,
                           java.lang.String newPassword)
                    throws PasswordMismatchException,
                           UnknownEntityException,
                           DataBackendException
Change the password for an User.
Specified by:
changePassword in interface SecurityService
Parameters:
user - an User to change password for.
oldPassword - the current password supplied by the user.
newPassword - the current password requested by the user.
Throws:
PasswordMismatchException - if the supplied password was incorrect.
UnknownEntityException - if the user's record does not exist in the database.
DataBackendException - if there is a problem accessing the storage.

forcePassword

public void forcePassword(User user,
                          java.lang.String password)
                   throws UnknownEntityException,
                          DataBackendException
Forcibly sets new password for an User. This is supposed by the administrator to change the forgotten or compromised passwords. Certain implementatations of this feature would require administrative level access to the authenticating server / program.
Specified by:
forcePassword in interface SecurityService
Parameters:
user - an User to change password for.
password - the new password.
Throws:
UnknownEntityException - if the user's record does not exist in the database.
DataBackendException - if there is a problem accessing the storage.

lockShared

protected void lockShared()
Acquire a shared lock on the security information repository. Methods that read security information need to invoke this method at the beginning of their body.

unlockShared

protected void unlockShared()
Release a shared lock on the security information repository. Methods that read security information need to invoke this method at the end of their body.

lockExclusive

protected void lockExclusive()
Acquire an exclusive lock on the security information repository. Methods that modify security information need to invoke this method at the beginning of their body. Note! Those methods must be synchronized themselves!

unlockExclusive

protected void unlockExclusive()
Release an exclusive lock on the security information repository. This method is provided only for completeness. It does not really do anything. Note! Methods that modify security information must be synchronized!

getGlobalGroup

public Group getGlobalGroup()
Provides a reference to the Group object that represents the global group.
Specified by:
getGlobalGroup in interface SecurityService
Returns:
a Group object that represents the global group.

getGroup

public Group getGroup(java.lang.String name)
               throws DataBackendException,
                      UnknownEntityException
Retrieve a Group object with specified name.
Specified by:
getGroup in interface SecurityService
Parameters:
name - the name of the Group.
Returns:
an object representing the Group with specified name.

getRole

public Role getRole(java.lang.String name)
             throws DataBackendException,
                    UnknownEntityException
Retrieve a Role object with specified name.
Specified by:
getRole in interface SecurityService
Parameters:
name - the name of the Role.
Returns:
an object representing the Role with specified name.

getPermission

public Permission getPermission(java.lang.String name)
                         throws DataBackendException,
                                UnknownEntityException
Retrieve a Permission object with specified name.
Specified by:
getPermission in interface SecurityService
Parameters:
name - the name of the Permission.
Returns:
an object representing the Permission with specified name.

getAllGroups

public GroupSet getAllGroups()
                      throws DataBackendException
Retrieves all groups defined in the system.
Specified by:
getAllGroups in interface SecurityService
Returns:
the names of all groups defined in the system.
Throws:
DataBackendException - if there was an error accessing the data backend.

getAllRoles

public RoleSet getAllRoles()
                    throws DataBackendException
Retrieves all roles defined in the system.
Specified by:
getAllRoles in interface SecurityService
Returns:
the names of all roles defined in the system.
Throws:
DataBackendException - if there was an error accessing the data backend.

getAllPermissions

public PermissionSet getAllPermissions()
                                throws DataBackendException
Retrieves all permissions defined in the system.
Specified by:
getAllPermissions in interface SecurityService
Returns:
the names of all roles defined in the system.
Throws:
DataBackendException - if there was an error accessing the data backend.


Copyright © 1999-2001 Apache Software Foundation. All Rights Reserved.