org.jwarp.service.security
Class SQLSecurity

java.lang.Object
  |
  +--org.jwarp.service.security.ASecurity
        |
        +--org.jwarp.service.security.SQLSecurity

All Implemented Interfaces:

IConfigurable, ISecurity, ISecurityAware

public class SQLSecurity

extends ASecurity

implements IConfigurable

Field Summary

protected java.util.Hashtable	cachedGroups
protected java.util.Hashtable	cachedGroupsByName
protected java.util.Hashtable	cachedObjects
protected java.util.Hashtable	cachedObjectsByName
protected java.util.Hashtable	cachedUsers
protected java.util.Hashtable	cachedUsersByUid
protected ConnectionPool	connectionPool
protected java.lang.String	SQLaccessGranted
protected java.lang.String	SQLaddMember
protected java.lang.String	SQLaddRights
protected java.lang.String	SQLdeleteAccesses
protected java.lang.String	SQLdeleteGroup
protected java.lang.String	SQLdeleteGroups
protected java.lang.String	SQLdeleteMember
protected java.lang.String	SQLdeleteMembers
protected java.lang.String	SQLdeleteObject
protected java.lang.String	SQLdeleteObjects
protected java.lang.String	SQLdeleteUser
protected java.lang.String	SQLdeleteUsers
protected java.lang.String	SQLgetGroupWithName
protected java.lang.String	SQLgetMembers
protected java.lang.String	SQLgetObjectWithName
protected java.lang.String	SQLgetUserWithUid
protected java.lang.String	SQLgrantCreateInsert
protected java.lang.String	SQLgrantCreateUpdate
protected java.lang.String	SQLgrantDeleteInsert
protected java.lang.String	SQLgrantDeleteUpdate
protected java.lang.String	SQLgrantFullAccessInsert
protected java.lang.String	SQLgrantFullAccessUpdate
protected java.lang.String	SQLgrantGrantInsert
protected java.lang.String	SQLgrantGrantUpdate
protected java.lang.String	SQLgrantReadInsert
protected java.lang.String	SQLgrantReadUpdate
protected java.lang.String	SQLgrantUpdateInsert
protected java.lang.String	SQLgrantUpdateUpdate
protected java.lang.String	SQLlogin
protected java.lang.String	SQLreadAccessList
protected java.lang.String	SQLreadRights
protected java.lang.String	SQLselectGroups
protected java.lang.String	SQLselectObjects
protected java.lang.String	SQLselectUsers
protected java.lang.String	SQLsetRights
static int	TYPE_GROUP
static int	TYPE_OBJECT
static int	TYPE_USER

Fields inherited from class org.jwarp.service.security.ASecurity

defaultExpireSeconds, listeners, system, systemContext, systemSec, systemTicket, tickets

Fields inherited from interface org.jwarp.service.security.ISecurity

ALL_USERS, LEVEL_CREATE, LEVEL_DELETE, LEVEL_FULLACCESS, LEVEL_GRANT, LEVEL_READ, LEVEL_UPDATE

Constructor Summary

SQLSecurity(ITicket systemTicket)

Method Summary

protected boolean	accessGranted(int objectID, int level, int type, int id, ITicket userTicket) Returns true if the user is granted access of the given level to the object with the given ID.
boolean	accessGranted(ISecurityObject object, int level, ITicket userTicket) Returns true if the user is granted access of the given level to the object with the given ID.
boolean	accessGranted(java.lang.String objectName, int level, ITicket userTicket) Returns true if the user is granted access of the given level to the object with the given ID.
protected void	addMember(int group, int type, int id, ITicket admin) Add a user to a group
void	addMember(ISecurityGroup group, ISecurityGroup member, ITicket admin) Add a user to a group
void	addMember(ISecurityGroup group, ISecurityUser member, ITicket admin) Add a user to a group
void	configure(org.jdom.Element config) Pass the Configuration to the Configurable class.
ISecurityGroup	createGroup(java.lang.String name, java.lang.String description, java.lang.Object additional, ITicket admin) Create a new group with the setings given.
ISecurityObject	createObject(java.lang.String name, java.lang.String description, java.lang.Object additional, ITicket admin) Create a new group with the setings given.
ISecurityUser	createUser(java.lang.String uid, java.lang.String pwd, java.lang.String name, java.lang.String description, java.lang.Object additional, ITicket admin) Create a new user with the setings given.
void	delete(ISecurityGroup group, ITicket admin)
void	delete(ISecurityObject object, ITicket admin)
void	delete(ISecurityUser user, ITicket admin)
ISecurityGroup	getGroup(int id, ITicket admin) Returns the group with the given id.
ISecurityGroup	getGroup(java.lang.String name, ITicket admin) Returns the group with the given name.
java.util.Iterator	getGroups(ITicket admin) Returns all defined users.
java.util.Iterator	getMembers(ISecurityGroup group, ITicket admin) Returns all defined users.
ISecurityObject	getObject(int id, ITicket admin) Returns the object with the given id.
ISecurityObject	getObject(java.lang.String name, ITicket admin) Returns the object with the given name.
java.util.Iterator	getObjects(ITicket admin) Returns all defined users.
ISecurityUser	getUser(int id, ITicket admin) Returns the user with the given id.
ISecurityUser	getUser(java.lang.String uid, ITicket admin) Returns the user with the given uid.
java.util.Iterator	getUsers(ITicket admin) Returns all defined users.
protected void	grant(int objectID, int level, int type, int id, ITicket admin) Tries to revoke rights to access the object given the ID with the level passed.
void	grant(ISecurityObject object, int level, ISecurityGroup group, ITicket admin) Tries to grant rights to access the object given the ID with the level passed.
void	grant(ISecurityObject object, int level, ISecurityUser user, ITicket admin) Tries to grant rights to access the object given the ID with the level passed.
void	grant(java.lang.String object, int level, ISecurityGroup group, ITicket admin) Tries to grant rights to access the object given the ID with the level passed.
void	grant(java.lang.String object, int level, ISecurityUser user, ITicket admin) Tries to grant rights to access the object given the ID with the level passed.
void	initSecurity(ISecurity security, ITicket systemTicket) This method is called after all system related objects are defined.
protected void	initSysTypes()
protected boolean	isMember(int group, int item, int type)
ITicket	login(java.lang.String uid, java.lang.String pwd) Tries to login the user and gives back the users object.
static void	main(java.lang.String[] args)
protected void	removeMember(int group, int type, int id, ITicket admin) Remove a user from a group
void	removeMember(ISecurityGroup group, ISecurityGroup member, ITicket admin) Remove a user from a group
void	removeMember(ISecurityGroup group, ISecurityUser user, ITicket admin) Remove a user from a group
void	reset(ITicket admin)
protected void	revoke(int objectID, int level, int type, int id, ITicket admin) Tries to revoke rights to access the object given the ID with the level passed.
void	revoke(ISecurityObject object, int level, ISecurityGroup group, boolean force, ITicket admin) Tries to revoke rights to access the object given the ID with the level passed.
void	revoke(ISecurityObject object, int level, ISecurityUser user, boolean force, ITicket admin) Tries to revoke rights to access the object given the ID with the level passed.
void	revoke(java.lang.String objectID, int level, ISecurityGroup group, boolean force, ITicket admin) Tries to revoke rights to access the object given the ID with the level passed.
void	revoke(java.lang.String objectID, int level, ISecurityUser user, boolean force, ITicket admin) Tries to revoke rights to access the object given the ID with the level passed.

Methods inherited from class org.jwarp.service.security.ASecurity

addSecurityListener, checkAdmin, checkTicket, fireSecurityEvent, getContext, getExpireExtendSeconds, getExpireSeconds, getSecurityObjects, isLoggedIn, removeSecurityListener, setContext

Methods inherited from class java.lang.Object

, clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

TYPE_USER

public static final int TYPE_USER

TYPE_GROUP

public static final int TYPE_GROUP

TYPE_OBJECT

public static final int TYPE_OBJECT

SQLgetObjectWithName

protected java.lang.String SQLgetObjectWithName

SQLgetUserWithUid

protected java.lang.String SQLgetUserWithUid

SQLlogin

protected java.lang.String SQLlogin

SQLgetGroupWithName

protected java.lang.String SQLgetGroupWithName

SQLselectUsers

protected java.lang.String SQLselectUsers

SQLselectGroups

protected java.lang.String SQLselectGroups

SQLselectObjects

protected java.lang.String SQLselectObjects

SQLreadRights

protected java.lang.String SQLreadRights

SQLsetRights

protected java.lang.String SQLsetRights

SQLaddRights

protected java.lang.String SQLaddRights

SQLaddMember

protected java.lang.String SQLaddMember

SQLdeleteMember

protected java.lang.String SQLdeleteMember

SQLgetMembers

protected java.lang.String SQLgetMembers

SQLaccessGranted

protected java.lang.String SQLaccessGranted

SQLreadAccessList

protected java.lang.String SQLreadAccessList

SQLgrantReadInsert

protected java.lang.String SQLgrantReadInsert

SQLgrantCreateInsert

protected java.lang.String SQLgrantCreateInsert

SQLgrantUpdateInsert

protected java.lang.String SQLgrantUpdateInsert

SQLgrantDeleteInsert

protected java.lang.String SQLgrantDeleteInsert

SQLgrantGrantInsert

protected java.lang.String SQLgrantGrantInsert

SQLgrantFullAccessInsert

protected java.lang.String SQLgrantFullAccessInsert

SQLgrantCreateUpdate

protected java.lang.String SQLgrantCreateUpdate

SQLgrantReadUpdate

protected java.lang.String SQLgrantReadUpdate

SQLgrantUpdateUpdate

protected java.lang.String SQLgrantUpdateUpdate

SQLgrantDeleteUpdate

protected java.lang.String SQLgrantDeleteUpdate

SQLgrantGrantUpdate

protected java.lang.String SQLgrantGrantUpdate

SQLgrantFullAccessUpdate

protected java.lang.String SQLgrantFullAccessUpdate

SQLdeleteAccesses

protected java.lang.String SQLdeleteAccesses

SQLdeleteMembers

protected java.lang.String SQLdeleteMembers

SQLdeleteGroups

protected java.lang.String SQLdeleteGroups

SQLdeleteUsers

protected java.lang.String SQLdeleteUsers

SQLdeleteObjects

protected java.lang.String SQLdeleteObjects

SQLdeleteGroup

protected java.lang.String SQLdeleteGroup

SQLdeleteUser

protected java.lang.String SQLdeleteUser

SQLdeleteObject

protected java.lang.String SQLdeleteObject

connectionPool

protected ConnectionPool connectionPool

cachedUsersByUid

protected java.util.Hashtable cachedUsersByUid

cachedUsers

protected java.util.Hashtable cachedUsers

cachedGroups

protected java.util.Hashtable cachedGroups

cachedGroupsByName

protected java.util.Hashtable cachedGroupsByName

cachedObjects

protected java.util.Hashtable cachedObjects

cachedObjectsByName

protected java.util.Hashtable cachedObjectsByName

Constructor Detail

SQLSecurity

public SQLSecurity(ITicket systemTicket)

Method Detail

initSecurity

public void initSecurity(ISecurity security,
                         ITicket systemTicket)

Description copied from interface: ISecurityAware

This method is called after all system related objects are defined. Note that if no security is available null is passed as security parameter.

Overrides:

initSecurity in class ASecurity

initSysTypes

protected void initSysTypes()

configure

public void configure(org.jdom.Element config)

Description copied from interface: IConfigurable

Pass the Configuration to the Configurable class. This method must always be called after the constructor and before any other method.

Specified by:

configure in interface IConfigurable

Following copied from interface: org.jwarp.service.configuration.IConfigurable

Parameters:

configuration - the class configurations.

createUser

public ISecurityUser createUser(java.lang.String uid,
                                java.lang.String pwd,
                                java.lang.String name,
                                java.lang.String description,
                                java.lang.Object additional,
                                ITicket admin)
                         throws java.lang.SecurityException,
                                java.lang.RuntimeException

Create a new user with the setings given. The relationID is used to have a reference to whatever data the user needs, e.g. the primary key in the enterpise's personal db or a more complex string containing several infos.

Parameters:

uid - The user's identification

pwd - The user's password

name - The user's name

description - An optional description

relationID - An optional relation ID

admin - The user who tries to create the new user

Throws:

java.lang.SecurityException - If the creation failed.

createGroup

public ISecurityGroup createGroup(java.lang.String name,
                                  java.lang.String description,
                                  java.lang.Object additional,
                                  ITicket admin)
                           throws java.lang.SecurityException,
                                  java.lang.RuntimeException

Create a new group with the setings given. The relationID is used to have a reference to whatever data the user needs, e.g. the primary key in the enterpise's db or a more complex string containing several infos.

Parameters:

name - The user's name

description - An optional description

relationID - An optional relation ID

admin - The user who tries to create the new user

Throws:

java.lang.SecurityException - If the creation failed.

createObject

public ISecurityObject createObject(java.lang.String name,
                                    java.lang.String description,
                                    java.lang.Object additional,
                                    ITicket admin)
                             throws java.lang.SecurityException,
                                    java.lang.RuntimeException

Create a new group with the setings given. The relationID is used to have a reference to whatever data the user needs, e.g. the primary key in the enterpise's db or a more complex string containing several infos.

Parameters:

name - The user's name

description - An optional description

relationID - An optional relation ID

admin - The user who tries to create the new user

Throws:

java.lang.SecurityException - If the creation failed.

delete

public void delete(ISecurityGroup group,
                   ITicket admin)
            throws java.lang.SecurityException,
                   java.lang.RuntimeException

delete

public void delete(ISecurityUser user,
                   ITicket admin)
            throws java.lang.SecurityException,
                   java.lang.RuntimeException

delete

public void delete(ISecurityObject object,
                   ITicket admin)
            throws java.lang.SecurityException,
                   java.lang.RuntimeException

getUser

public ISecurityUser getUser(int id,
                             ITicket admin)
                      throws java.lang.SecurityException

Returns the user with the given id.

Returns:

The corresponding user or null

getUser

public ISecurityUser getUser(java.lang.String uid,
                             ITicket admin)
                      throws java.lang.SecurityException

Returns the user with the given uid.

Returns:

The corresponding user or null

getGroup

public ISecurityGroup getGroup(int id,
                               ITicket admin)
                        throws java.lang.SecurityException

Returns the group with the given id.

Returns:

The corresponding group or null

getGroup

public ISecurityGroup getGroup(java.lang.String name,
                               ITicket admin)
                        throws java.lang.SecurityException

Returns the group with the given name.

Returns:

The corresponding group or null

getObject

public ISecurityObject getObject(int id,
                                 ITicket admin)
                          throws java.lang.SecurityException

Returns the object with the given id.

Returns:

The corresponding object or null

getObject

public ISecurityObject getObject(java.lang.String name,
                                 ITicket admin)
                          throws java.lang.SecurityException

Returns the object with the given name.

Returns:

The corresponding object or null

getUsers

public java.util.Iterator getUsers(ITicket admin)
                            throws java.lang.SecurityException

Returns all defined users.

Parameters:

admin - The administrator who triggers the call

Throws:

java.lang.SecurityException - If the Administrator was denied access.

getGroups

public java.util.Iterator getGroups(ITicket admin)
                             throws java.lang.SecurityException

Returns all defined users.

Parameters:

admin - The administrator who triggers the call

Throws:

java.lang.SecurityException - If the Administrator was denied access.

getObjects

public java.util.Iterator getObjects(ITicket admin)
                              throws java.lang.SecurityException

Returns all defined users.

Parameters:

admin - The administrator who triggers the call

Throws:

java.lang.SecurityException - If the Administrator was denied access.

addMember

public void addMember(ISecurityGroup group,
                      ISecurityGroup member,
                      ITicket admin)
               throws java.lang.SecurityException,
                      java.lang.RuntimeException

Add a user to a group

Parameters:

user - The user

group - The group

admin - The admin user

Throws:

java.lang.SecurityException - If the setting failed.

addMember

public void addMember(ISecurityGroup group,
                      ISecurityUser member,
                      ITicket admin)
               throws java.lang.SecurityException,
                      java.lang.RuntimeException

Add a user to a group

Parameters:

user - The user

group - The group

admin - The admin user

Throws:

java.lang.SecurityException - If the setting failed.

addMember

protected void addMember(int group,
                         int type,
                         int id,
                         ITicket admin)
                  throws java.lang.SecurityException,
                         java.lang.RuntimeException

Add a user to a group

Parameters:

user - The user

group - The group

admin - The admin user

Throws:

java.lang.SecurityException - If the setting failed.

removeMember

public void removeMember(ISecurityGroup group,
                         ISecurityGroup member,
                         ITicket admin)
                  throws java.lang.SecurityException,
                         java.lang.RuntimeException

Remove a user from a group

Parameters:

user - The user

group - The group

admin - The admin user

Throws:

java.lang.SecurityException - If the setting failed.

removeMember

public void removeMember(ISecurityGroup group,
                         ISecurityUser user,
                         ITicket admin)
                  throws java.lang.SecurityException,
                         java.lang.RuntimeException

Remove a user from a group

Parameters:

user - The user

group - The group

admin - The admin user

Throws:

java.lang.SecurityException - If the setting failed.

removeMember

protected void removeMember(int group,
                            int type,
                            int id,
                            ITicket admin)
                     throws java.lang.SecurityException,
                            java.lang.RuntimeException

Remove a user from a group

Parameters:

user - The user

group - The group

admin - The admin user

Throws:

java.lang.SecurityException - If the setting failed.

grant

public void grant(java.lang.String object,
                  int level,
                  ISecurityUser user,
                  ITicket admin)
           throws java.lang.SecurityException,
                  java.lang.RuntimeException

Tries to grant rights to access the object given the ID with the level passed.

Parameters:

objectID - The object's id

level - The access level

user - The user the access is granted, null grants the right to all users.

admin - The admin who triggers the request.

Throws:

java.lang.SecurityException -

grant

public void grant(java.lang.String object,
                  int level,
                  ISecurityGroup group,
                  ITicket admin)
           throws java.lang.SecurityException,
                  java.lang.RuntimeException

Tries to grant rights to access the object given the ID with the level passed.

Parameters:

objectID - The object's id

level - The access level

user - The user the access is granted, null grants the right to all users.

admin - The admin who triggers the request.

Throws:

java.lang.SecurityException -

grant

public void grant(ISecurityObject object,
                  int level,
                  ISecurityUser user,
                  ITicket admin)
           throws java.lang.SecurityException,
                  java.lang.RuntimeException

Tries to grant rights to access the object given the ID with the level passed.

Parameters:

objectID - The object's id

level - The access level

user - The user the access is granted, null grants the right to all users.

admin - The admin who triggers the request.

Throws:

java.lang.SecurityException -

grant

public void grant(ISecurityObject object,
                  int level,
                  ISecurityGroup group,
                  ITicket admin)
           throws java.lang.SecurityException,
                  java.lang.RuntimeException

Tries to grant rights to access the object given the ID with the level passed.

Parameters:

objectID - The object's id

level - The access level

user - The user the access is granted, null grants the right to all users.

admin - The admin who triggers the request.

Throws:

java.lang.SecurityException -

revoke

public void revoke(java.lang.String objectID,
                   int level,
                   ISecurityGroup group,
                   boolean force,
                   ITicket admin)
            throws java.lang.SecurityException,
                   java.lang.RuntimeException

Tries to revoke rights to access the object given the ID with the level passed. Force means that it is tried to revoke the rights immedeately.

Parameters:

objectID - The object's id

level - The access level

group - The grouper the access is revoked.

force - Try to revoke emmedeately or after next login

admin - The admin who triggers the request.

Throws:

java.lang.SecurityException -

grant

protected void grant(int objectID,
                     int level,
                     int type,
                     int id,
                     ITicket admin)

Tries to revoke rights to access the object given the ID with the level passed. Force means that it is tried to revoke the rights immedeately.

Parameters:

objectID - The object's id

level - The access level

group - The grouper the access is revoked.

force - Try to revoke emmedeately or after next login

admin - The admin who triggers the request.

Throws:

java.lang.SecurityException -

revoke

protected void revoke(int objectID,
                      int level,
                      int type,
                      int id,
                      ITicket admin)

Tries to revoke rights to access the object given the ID with the level passed. Force means that it is tried to revoke the rights immedeately.

Parameters:

objectID - The object's id

level - The access level

group - The grouper the access is revoked.

force - Try to revoke emmedeately or after next login

admin - The admin who triggers the request.

Throws:

java.lang.SecurityException -

revoke

public void revoke(java.lang.String objectID,
                   int level,
                   ISecurityUser user,
                   boolean force,
                   ITicket admin)
            throws java.lang.SecurityException,
                   java.lang.RuntimeException

Tries to revoke rights to access the object given the ID with the level passed. Force means that it is tried to revoke the rights immedeately.

Parameters:

objectID - The object's id

level - The access level

group - The grouper the access is revoked.

force - Try to revoke emmedeately or after next login

admin - The admin who triggers the request.

Throws:

java.lang.SecurityException -

revoke

public void revoke(ISecurityObject object,
                   int level,
                   ISecurityUser user,
                   boolean force,
                   ITicket admin)
            throws java.lang.SecurityException,
                   java.lang.RuntimeException

Tries to revoke rights to access the object given the ID with the level passed. Force means that it is tried to revoke the rights immedeately.

Parameters:

objectID - The object's id

level - The access level

group - The grouper the access is revoked.

force - Try to revoke emmedeately or after next login

admin - The admin who triggers the request.

Throws:

java.lang.SecurityException -

revoke

public void revoke(ISecurityObject object,
                   int level,
                   ISecurityGroup group,
                   boolean force,
                   ITicket admin)
            throws java.lang.SecurityException,
                   java.lang.RuntimeException

Tries to revoke rights to access the object given the ID with the level passed. Force means that it is tried to revoke the rights immedeately.

Parameters:

objectID - The object's id

level - The access level

group - The grouper the access is revoked.

force - Try to revoke emmedeately or after next login

admin - The admin who triggers the request.

Throws:

java.lang.SecurityException -

getMembers

public java.util.Iterator getMembers(ISecurityGroup group,
                                     ITicket admin)
                              throws java.lang.SecurityException

Returns all defined users.

Parameters:

admin - The administrator who triggers the call

Throws:

java.lang.SecurityException - If the Administrator was denied access.

accessGranted

public boolean accessGranted(java.lang.String objectName,
                             int level,
                             ITicket userTicket)

Returns true if the user is granted access of the given level to the object with the given ID. This is the cetral access control method of the WHOLE security system.

Returns:

true if the user is a member

accessGranted

public boolean accessGranted(ISecurityObject object,
                             int level,
                             ITicket userTicket)

Returns true if the user is granted access of the given level to the object with the given ID. This is the cetral access control method of the WHOLE security system.

Returns:

true if the user is a member

accessGranted

protected boolean accessGranted(int objectID,
                                int level,
                                int type,
                                int id,
                                ITicket userTicket)

Returns true if the user is granted access of the given level to the object with the given ID. This is the cetral access control method of the WHOLE security system.

Returns:

true if the user is a member

isMember

protected boolean isMember(int group,
                           int item,
                           int type)

login

public ITicket login(java.lang.String uid,
                     java.lang.String pwd)
              throws LoginException

Tries to login the user and gives back the users object. If the login fails a LoginException is raised.

reset

public void reset(ITicket admin)

main

public static void main(java.lang.String[] args)