[jboss-svn-commits] JBL Code SVN: r18349 - in labs/jbosslabs/labs-3.0-build: core/core-model/src/main/java/org/jboss/labs/core/model/auth and 3 other directories.

[jboss-svn-commits at lists.jboss.org]

Author: szimano
Date: 2008-02-06 12:20:25 -0500 (Wed, 06 Feb 2008)
New Revision: 18349

Added:
   labs/jbosslabs/labs-3.0-build/core/core-model/src/main/java/org/jboss/labs/core/model/auth/SuperUsers.java
Modified:
   labs/jbosslabs/labs-3.0-build/core/core-api/src/main/java/org/jboss/labs/auth/AuthenticationService.java
   labs/jbosslabs/labs-3.0-build/core/core-api/src/main/java/org/jboss/labs/auth/RoleBinderService.java
   labs/jbosslabs/labs-3.0-build/core/core-api/src/main/java/org/jboss/labs/auth/UserService.java
   labs/jbosslabs/labs-3.0-build/core/core-model/src/main/java/org/jboss/labs/core/model/auth/ServiceRole.java
   labs/jbosslabs/labs-3.0-build/core/core-model/src/main/java/org/jboss/labs/core/model/auth/UserRole.java
   labs/jbosslabs/labs-3.0-build/services/credential/src/main/java/org/jboss/labs/auth/AuthHelper.java
   labs/jbosslabs/labs-3.0-build/services/credential/src/main/java/org/jboss/labs/auth/impl/AuthenticationServiceImpl.java
   labs/jbosslabs/labs-3.0-build/services/credential/src/main/java/org/jboss/labs/auth/impl/RoleBinderServiceImpl.java
   labs/jbosslabs/labs-3.0-build/services/credential/src/main/java/org/jboss/labs/auth/impl/UserServiceImpl.java
   labs/jbosslabs/labs-3.0-build/services/credential/src/main/resources/META-INF/persistence.xml
Log:
auth services implementation

Modified: labs/jbosslabs/labs-3.0-build/core/core-api/src/main/java/org/jboss/labs/auth/AuthenticationService.java
===================================================================
--- labs/jbosslabs/labs-3.0-build/core/core-api/src/main/java/org/jboss/labs/auth/AuthenticationService.java	2008-02-06 15:58:56 UTC (rev 18348)
+++ labs/jbosslabs/labs-3.0-build/core/core-api/src/main/java/org/jboss/labs/auth/AuthenticationService.java	2008-02-06 17:20:25 UTC (rev 18349)
@@ -24,6 +24,9 @@
 
 import java.security.Principal;
 
+import org.jboss.labs.core.model.auth.CustomID;
+import org.jboss.labs.exception.auth.NoSuchUserException;
+
 public interface AuthenticationService {
 
 	/**
@@ -40,9 +43,10 @@
 	 *            Id of a project to check. If null, then global privileges are
 	 *            checked
 	 * @return True if a user is authorized. False otherwise.
+	 * @throws NoSuchUserException 
 	 */
 	public <E extends Enum<E>> boolean isAllowedProject(Principal user,
-			E serviceRole, String projectId);
+			E serviceRole, String projectId) throws NoSuchUserException;
 
 	/**
 	 * Checks if a user is allowed to perform actions bound to given service
@@ -58,10 +62,11 @@
 	 *            Custom if of a service to check. If null, then global
 	 *            privileges are checked
 	 * @return True if a user is authorized. False otherwise.
+	 * @throws NoSuchUserException 
 	 * @see org.jboss.labs.core.model.auth.CustomID
 	 * @see org.jboss.labs.auth.custom.CustomIDProvider
 	 */
 	public <E extends Enum<E>> boolean isAllowedCustom(Principal user,
-			E serviceRole, String customId);
+			E serviceRole, CustomID customId) throws NoSuchUserException;
 
 }

Modified: labs/jbosslabs/labs-3.0-build/core/core-api/src/main/java/org/jboss/labs/auth/RoleBinderService.java
===================================================================
--- labs/jbosslabs/labs-3.0-build/core/core-api/src/main/java/org/jboss/labs/auth/RoleBinderService.java	2008-02-06 15:58:56 UTC (rev 18348)
+++ labs/jbosslabs/labs-3.0-build/core/core-api/src/main/java/org/jboss/labs/auth/RoleBinderService.java	2008-02-06 17:20:25 UTC (rev 18349)
@@ -26,10 +26,12 @@
 
 import org.jboss.labs.auth.custom.CustomIDProvider;
 import org.jboss.labs.core.model.auth.CustomID;
+import org.jboss.labs.core.model.auth.ProjectID;
 import org.jboss.labs.core.model.auth.ServiceRole;
 import org.jboss.labs.core.model.auth.UserRole;
 import org.jboss.labs.exception.auth.BindingAlreadyExistsException;
 import org.jboss.labs.exception.auth.NoSuchServiceRoleException;
+import org.jboss.labs.exception.auth.NoSuchUserException;
 import org.jboss.labs.exception.auth.NoSuchUserRoleException;
 
 /**
@@ -125,8 +127,9 @@
 	 *            User
 	 * @param projectId
 	 *            Project id
+	 * @throws NoSuchUserException When specified user doesn't exist
 	 */
-	public void grantUserProjectSuperrole(Principal user, String projectId);
+	public void grantUserProjectSuperrole(Principal user, String projectId) throws NoSuchUserException;
 
 	/**
 	 * Grants global superrole to a user. User with a superrole can perform any
@@ -135,8 +138,9 @@
 	 * 
 	 * @param user
 	 *            User
+	 * @throws NoSuchUserException When specified user doesn't exist
 	 */
-	public void grantUserSuperrole(Principal user);
+	public void grantUserSuperrole(Principal user) throws NoSuchUserException;
 
 	/**
 	 * Returns service role object.
@@ -148,4 +152,15 @@
 	 * @return Service role object
 	 */
 	public <E extends Enum<E>> ServiceRole getServiceRole(E serviceRole);
+	
+	/** Returns entity of project id. Creates new one if it's not in the database.
+	 * @param projectID New project id.
+	 * @return Project id.
+	 */
+	public ProjectID getProjectID(String projectID);
+	
+	/** Returns object of project id for the global architecture.
+	 * @return Object of global project id.
+	 */
+	public ProjectID getGlobalProjectID();
 }

Modified: labs/jbosslabs/labs-3.0-build/core/core-api/src/main/java/org/jboss/labs/auth/UserService.java
===================================================================
--- labs/jbosslabs/labs-3.0-build/core/core-api/src/main/java/org/jboss/labs/auth/UserService.java	2008-02-06 15:58:56 UTC (rev 18348)
+++ labs/jbosslabs/labs-3.0-build/core/core-api/src/main/java/org/jboss/labs/auth/UserService.java	2008-02-06 17:20:25 UTC (rev 18349)
@@ -33,6 +33,10 @@
 import org.jboss.labs.exception.auth.RoleExistsException;
 import org.jboss.labs.exception.auth.UserExistsException;
 
+/**
+ * @author tomaszszymanski
+ * 
+ */
 public interface UserService {
 
 	/**
@@ -54,7 +58,8 @@
 	 * @return Set of user roles if there are any or empty set if there are no
 	 *         user roles for a user
 	 */
-	public Set<UserRole> getRolesForUser(Principal user) throws NoSuchUserException;
+	public Set<UserRole> getRolesForUser(Principal user)
+			throws NoSuchUserException;
 
 	/**
 	 * Returns set of user roles for a user by a login.
@@ -64,7 +69,8 @@
 	 * @return Set of user roles if there are any or empty set if there are no
 	 *         user roles for a user
 	 */
-	public Set<UserRole> getRolesForUser(String login) throws NoSuchUserException;
+	public Set<UserRole> getRolesForUser(String login)
+			throws NoSuchUserException;
 
 	/**
 	 * Binds user role to a user. If role doesn't exists it will be created.
@@ -74,7 +80,8 @@
 	 * @param role
 	 *            User role
 	 */
-	public void bindRoleToUser(Principal user, UserRole role) throws NoSuchUserException;
+	public void bindRoleToUser(Principal user, UserRole role)
+			throws NoSuchUserException;
 
 	/**
 	 * Removes user role from a user
@@ -88,7 +95,7 @@
 	 */
 	public void removeRoleFromUser(Principal user, UserRole role)
 			throws NoSuchUserException, NoSuchRoleForUserException;
-	
+
 	/**
 	 * Stores new user in the database.
 	 * 
@@ -98,30 +105,80 @@
 	 *             when user already exists
 	 */
 	public void addNewUser(User user) throws UserExistsException;
-	
-	/** Adds new user role.
-	 * @param role User role to add
-	 * @throws RoleExistsException If role exists
+
+	/**
+	 * Adds new user role.
+	 * 
+	 * @param role
+	 *            User role to add
+	 * @throws RoleExistsException
+	 *             If role exists
 	 */
 	public void addUserRole(UserRole role) throws RoleExistsException;
-	
-	/** Removes user role.
-	 * @param role User role to remove.
-	 * @throws NoSuchUserRoleException If role doesn't exist
+
+	/**
+	 * Removes user role.
+	 * 
+	 * @param role
+	 *            User role to remove.
+	 * @throws NoSuchUserRoleException
+	 *             If role doesn't exist
 	 */
 	public void removeUserRole(UserRole role) throws NoSuchUserRoleException;
-	
-	/** Get's user role by checking for the actual existence of UserRole in database
-	 * @param role Role to get (looks on id)
+
+	/**
+	 * Get's user role by checking for the actual existence of UserRole in
+	 * database
+	 * 
+	 * @param role
+	 *            Role to get (looks on id)
 	 * @return Role if it exists
-	 * @throws NoSuchUserRoleException if the role doesn't exist
+	 * @throws NoSuchUserRoleException
+	 *             if the role doesn't exist
 	 */
 	public UserRole getUserRole(UserRole role) throws NoSuchUserRoleException;
-	
-	/** Get's role by it's ID
-	 * @param roleID Id of a role
+
+	/**
+	 * Get's role by it's ID
+	 * 
+	 * @param roleID
+	 *            Id of a role
 	 * @return Role if it exists
-	 * @throws NoSuchUserRoleException if teh role doesn't exist
+	 * @throws NoSuchUserRoleException
+	 *             if teh role doesn't exist
 	 */
 	public UserRole getUserRole(String roleID) throws NoSuchUserRoleException;
+
+	/**
+	 * Returns superusers associated with given project.
+	 * 
+	 * @param projectId
+	 *            Project id of a project to look for.
+	 * @return Set of super users for a project.
+	 */
+	public Set<User> getSuperusersForProject(String projectId);
+
+	/**
+	 * Returns global super users.
+	 * 
+	 * @return Set of global super users.
+	 */
+	public Set<User> getSuperusers();
+	
+	/** Adds a role to a user
+	 * @param role Role to add
+	 * @param user User
+	 * @throws NoSuchUserException If user doesn't exist
+	 * @throws NoSuchUserRoleException If the role doesn't exist
+	 */
+	public void addUserRoleToUser(Principal user, UserRole role) throws NoSuchUserException, NoSuchUserRoleException;
+	
+	/** Removes set of roles from a user
+	 * @param user User
+	 * @param userRoles Roles to remove
+	 * @throws NoSuchUserException If the use doesn't exist
+	 * @throws NoSuchUserRoleException If the role doesn't exist
+	 * @throws NoSuchRoleForUserException If the user doesn't have one of the role
+	 */
+	public void removeRolesFromUser(Principal user, UserRole... userRoles) throws NoSuchUserException, NoSuchUserRoleException, NoSuchRoleForUserException;
 }

Modified: labs/jbosslabs/labs-3.0-build/core/core-model/src/main/java/org/jboss/labs/core/model/auth/ServiceRole.java
===================================================================
--- labs/jbosslabs/labs-3.0-build/core/core-model/src/main/java/org/jboss/labs/core/model/auth/ServiceRole.java	2008-02-06 15:58:56 UTC (rev 18348)
+++ labs/jbosslabs/labs-3.0-build/core/core-model/src/main/java/org/jboss/labs/core/model/auth/ServiceRole.java	2008-02-06 17:20:25 UTC (rev 18349)
@@ -24,26 +24,31 @@
 
 import javax.persistence.Entity;
 import javax.persistence.Id;
+import javax.persistence.ManyToOne;
 
-/**
- * 
- * 
+/**
+ * 
+ * 
  */
 @Entity
 public class ServiceRole implements Comparable<ServiceRole> {
-	
+
 	@Id
 	private String id;
-	
+
 	private Boolean available;
 
+	@ManyToOne
+	private Service service;
+
 	public String getId() {
 		return id;
 	}
-	
-	public ServiceRole(String id) {
+
+	public ServiceRole(String id, Service service) {
 		this.id = id;
 		available = true;
+		this.service = service;
 	}
 
 	public Boolean getAvailable() {
@@ -57,8 +62,15 @@
 	public int compareTo(ServiceRole o) {
 		return id.compareTo(o.getId());
 	}
-	
+
 	public boolean equals(ServiceRole o) {
 		return id.equals(o.getId());
 	}
- }
+
+	/**
+	 * @return
+	 */
+	public Service getService() {
+		return service;
+	}
+}

Added: labs/jbosslabs/labs-3.0-build/core/core-model/src/main/java/org/jboss/labs/core/model/auth/SuperUsers.java
===================================================================
--- labs/jbosslabs/labs-3.0-build/core/core-model/src/main/java/org/jboss/labs/core/model/auth/SuperUsers.java	                        (rev 0)
+++ labs/jbosslabs/labs-3.0-build/core/core-model/src/main/java/org/jboss/labs/core/model/auth/SuperUsers.java	2008-02-06 17:20:25 UTC (rev 18349)
@@ -0,0 +1,64 @@
+/*
+ * JBoss Labs. http://labs.jboss.com/jbosslabs
+ * 
+ * Copyright © 2008  Red Hat Middleware, LLC. All rights reserved.
+ * 
+ * This copyrighted material is made available to anyone wishing to use,
+ * modify, copy, or redistribute it subject to the terms and conditions
+ * of the GNU Lesser General Public License, v. 2.1.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT A WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License, v.2.1 along with this distribution; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+ * 02110-1301, USA.
+ * 
+ * Red Hat Author(s): Bob McWhirter, Przemyslaw Dej, Ryszard Kozmik, 
+ * 	Tomasz Szymanski, Adam Warski, Pawel Wrzeszcz
+ */
+/**
+ * 
+ */
+package org.jboss.labs.core.model.auth;
+
+import java.util.Set;
+import java.util.TreeSet;
+
+import javax.persistence.Entity;
+import javax.persistence.Id;
+import javax.persistence.OneToMany;
+
+/**
+ * @author tomaszszymanski
+ *
+ */
+
+ at Entity
+public class SuperUsers {
+	
+	@Id
+	private AuthID id;
+
+	@OneToMany
+	private Set<User> superUsers;
+	
+	public SuperUsers(AuthID id) {
+		this.id = id;
+	}
+	
+	public Set<User> getSuperUsers() {
+		return superUsers;
+	}
+	
+	public void addSuperUser(User user) {
+		if (superUsers == null) {
+			superUsers = new TreeSet<User>();
+		}
+		
+		superUsers.add(user);
+	}
+}

Modified: labs/jbosslabs/labs-3.0-build/core/core-model/src/main/java/org/jboss/labs/core/model/auth/UserRole.java
===================================================================
--- labs/jbosslabs/labs-3.0-build/core/core-model/src/main/java/org/jboss/labs/core/model/auth/UserRole.java	2008-02-06 15:58:56 UTC (rev 18348)
+++ labs/jbosslabs/labs-3.0-build/core/core-model/src/main/java/org/jboss/labs/core/model/auth/UserRole.java	2008-02-06 17:20:25 UTC (rev 18349)
@@ -31,6 +31,11 @@
 	private String id;
 	
 	private String description;
+	
+	public UserRole(String id, String description) {
+		this.id = id;
+		this.description = description;
+	}
 
 	public String getDescription() {
 		return description;

Modified: labs/jbosslabs/labs-3.0-build/services/credential/src/main/java/org/jboss/labs/auth/AuthHelper.java
===================================================================
--- labs/jbosslabs/labs-3.0-build/services/credential/src/main/java/org/jboss/labs/auth/AuthHelper.java	2008-02-06 15:58:56 UTC (rev 18348)
+++ labs/jbosslabs/labs-3.0-build/services/credential/src/main/java/org/jboss/labs/auth/AuthHelper.java	2008-02-06 17:20:25 UTC (rev 18349)
@@ -31,6 +31,8 @@
 	
 	private final static Logger log = Logger.getLogger(AuthHelper.class);
 	
+	public static final String GLOBAL_PROJECT = "Labs::Global::Project";
+	
 	public static String countMD5(String password) {
 		try {
 			

Modified: labs/jbosslabs/labs-3.0-build/services/credential/src/main/java/org/jboss/labs/auth/impl/AuthenticationServiceImpl.java
===================================================================
--- labs/jbosslabs/labs-3.0-build/services/credential/src/main/java/org/jboss/labs/auth/impl/AuthenticationServiceImpl.java	2008-02-06 15:58:56 UTC (rev 18348)
+++ labs/jbosslabs/labs-3.0-build/services/credential/src/main/java/org/jboss/labs/auth/impl/AuthenticationServiceImpl.java	2008-02-06 17:20:25 UTC (rev 18349)
@@ -23,26 +23,82 @@
 package org.jboss.labs.auth.impl;
 
 import java.security.Principal;
+import java.util.Collections;
+import java.util.List;
 
+import javax.ejb.EJB;
 import javax.ejb.Local;
 import javax.ejb.Stateless;
+import javax.persistence.EntityManager;
+import javax.persistence.PersistenceContext;
 
 import org.jboss.labs.auth.AuthenticationService;
+import org.jboss.labs.auth.RoleBinderService;
+import org.jboss.labs.auth.UserService;
+import org.jboss.labs.core.model.auth.AuthID;
+import org.jboss.labs.core.model.auth.CustomID;
+import org.jboss.labs.core.model.auth.ProjectID;
+import org.jboss.labs.core.model.auth.Service;
+import org.jboss.labs.core.model.auth.ServiceRole;
+import org.jboss.labs.core.model.auth.User;
+import org.jboss.labs.core.model.auth.UserRole;
+import org.jboss.labs.exception.auth.NoSuchUserException;
 
 @Local
 @Stateless
 public class AuthenticationServiceImpl implements AuthenticationService {
 
-	public <E extends Enum<E>> boolean isAllowedProject(Principal user, E serviceRole, String projectId) {
-		// TODO Auto-generated method stub
-		return false;
+	@EJB
+	private UserService userService;
+
+	@EJB
+	private RoleBinderService binderService;
+
+	@PersistenceContext(name = "auth_model")
+	private EntityManager manager;
+
+	public <E extends Enum<E>> boolean isAllowedProject(Principal user,
+			E serviceRole, String projectId) throws NoSuchUserException {
+		User userEn = userService.getUserByLogin(user.getName());
+		ServiceRole sRole = binderService.getServiceRole(serviceRole);
+		ProjectID pid = binderService.getProjectID(projectId);
+
+		return isAllowed(userEn, sRole, pid);
 	}
 
-	public <E extends Enum<E>> boolean isAllowedCustom(Principal user, E serviceRole,
-			String customId) {
-		// TODO Auto-generated method stub
-		return false;
+	public <E extends Enum<E>> boolean isAllowedCustom(Principal user,
+			E serviceRole, CustomID customId) throws NoSuchUserException {
+		User userEn = userService.getUserByLogin(user.getName());
+		ServiceRole sRole = binderService.getServiceRole(serviceRole);
+
+		return isAllowed(userEn, sRole, customId);
 	}
 
+	@SuppressWarnings("unchecked")
+	private boolean isAllowed(User user, ServiceRole serviceRole, AuthID id) {
+		Service service = serviceRole.getService();
 
+		// check superusers
+		if (userService.getSuperusers().contains(user)) {
+			return true;
+		}
+
+		// check project superusers if this is a project
+
+		if (id instanceof ProjectID
+				&& userService.getSuperusersForProject(id.getId()).contains(
+						user)) {
+			return true;
+		}
+
+		// check bindings
+		List<UserRole> results = (List<UserRole>)manager
+				.createQuery(
+						"SELECT userRole FROM Binding b WHERE b.authId = :id AND b.serviceRole = :serviceRole AND b.service = :service")
+				.setParameter("id", id)
+				.setParameter("serviceRole", serviceRole).setParameter(
+						"service", service).getResultList();
+		
+		return !Collections.disjoint(user.getUserRoles(), results);
+	}
 }

Modified: labs/jbosslabs/labs-3.0-build/services/credential/src/main/java/org/jboss/labs/auth/impl/RoleBinderServiceImpl.java
===================================================================
--- labs/jbosslabs/labs-3.0-build/services/credential/src/main/java/org/jboss/labs/auth/impl/RoleBinderServiceImpl.java	2008-02-06 15:58:56 UTC (rev 18348)
+++ labs/jbosslabs/labs-3.0-build/services/credential/src/main/java/org/jboss/labs/auth/impl/RoleBinderServiceImpl.java	2008-02-06 17:20:25 UTC (rev 18349)
@@ -26,7 +26,6 @@
 import java.util.Set;
 import java.util.TreeSet;
 
-import javax.annotation.PostConstruct;
 import javax.ejb.EJB;
 import javax.ejb.Local;
 import javax.ejb.Stateless;
@@ -45,9 +44,12 @@
 import org.jboss.labs.core.model.auth.ProjectID;
 import org.jboss.labs.core.model.auth.Service;
 import org.jboss.labs.core.model.auth.ServiceRole;
+import org.jboss.labs.core.model.auth.SuperUsers;
+import org.jboss.labs.core.model.auth.User;
 import org.jboss.labs.core.model.auth.UserRole;
 import org.jboss.labs.exception.auth.BindingAlreadyExistsException;
 import org.jboss.labs.exception.auth.NoSuchServiceRoleException;
+import org.jboss.labs.exception.auth.NoSuchUserException;
 import org.jboss.labs.exception.auth.NoSuchUserRoleException;
 
 @Stateless
@@ -65,12 +67,7 @@
 
 	private final static Logger log = Logger
 			.getLogger(RoleBinderServiceImpl.class);
-
-	@PostConstruct
-	public void init() {
-		log.info(customIDService);
-	}
-
+	
 	public <E extends Enum<E>> void bindRolesWithId(E serviceRole,
 			UserRole role, CustomID customId) throws NoSuchUserRoleException, BindingAlreadyExistsException {
 		bindRolesWith(serviceRole, role, customId);
@@ -119,7 +116,7 @@
 			ServiceRole sr = service.getServiceRole(role);
 
 			if (sr == null) {
-				sr = new ServiceRole(AuthHelper.getServiceID(role));
+				sr = new ServiceRole(AuthHelper.getServiceID(role), service);
 				manager.persist(sr);
 
 				service.addServiceRole(sr);
@@ -152,14 +149,24 @@
 
 	}
 
-	public void grantUserProjectSuperrole(Principal user, String projectId) {
-		// TODO Auto-generated method stub
-
+	public void grantUserProjectSuperrole(Principal user, String projectId) throws NoSuchUserException {
+		User userEn = userService.getUserByLogin(user.getName());
+		ProjectID pid = getProjectID(projectId);
+		
+		SuperUsers su = manager.find(SuperUsers.class, pid);
+		
+		if (su == null) {
+			su = new SuperUsers(pid);
+			manager.persist(su);
+		}
+		
+		su.addSuperUser(userEn);
+		
+		manager.merge(su);
 	}
 
-	public void grantUserSuperrole(Principal user) {
-		// TODO Auto-generated method stub
-
+	public void grantUserSuperrole(Principal user) throws NoSuchUserException {
+		grantUserProjectSuperrole(user, AuthHelper.GLOBAL_PROJECT);
 	}
 
 	public <E extends Enum<E>> ServiceRole getServiceRole(E serviceRole)
@@ -197,7 +204,7 @@
 		return service;
 	}
 
-	private ProjectID getProjectID(String projectID) {
+	public ProjectID getProjectID(String projectID) {
 		ProjectID pidEn = manager.find(ProjectID.class, projectID);
 
 		if (pidEn == null) {
@@ -206,4 +213,13 @@
 
 		return pidEn;
 	}
+
+	/* (non-Javadoc)
+	 * @see org.jboss.labs.auth.RoleBinderService#getGlobalProjectID()
+	 */
+	public ProjectID getGlobalProjectID() {
+		return getProjectID(AuthHelper.GLOBAL_PROJECT);
+	}
+	
+
 }

Modified: labs/jbosslabs/labs-3.0-build/services/credential/src/main/java/org/jboss/labs/auth/impl/UserServiceImpl.java
===================================================================
--- labs/jbosslabs/labs-3.0-build/services/credential/src/main/java/org/jboss/labs/auth/impl/UserServiceImpl.java	2008-02-06 15:58:56 UTC (rev 18348)
+++ labs/jbosslabs/labs-3.0-build/services/credential/src/main/java/org/jboss/labs/auth/impl/UserServiceImpl.java	2008-02-06 17:20:25 UTC (rev 18349)
@@ -23,27 +23,29 @@
 
 package org.jboss.labs.auth.impl;
 
-import java.security.Principal; 
+import java.security.Principal;
 import java.util.Set;
+import java.util.TreeSet;
 
 import javax.annotation.PostConstruct;
+import javax.ejb.EJB;
 import javax.ejb.Local;
 import javax.ejb.Stateless;
 import javax.persistence.EntityManager;
 import javax.persistence.PersistenceContext;
-import javax.xml.rpc.ServiceException;
 
 import org.apache.log4j.Logger;
+import org.jboss.labs.auth.AuthHelper;
+import org.jboss.labs.auth.RoleBinderService;
 import org.jboss.labs.auth.UserService;
 import org.jboss.labs.core.model.auth.User;
 import org.jboss.labs.core.model.auth.UserRole;
+import org.jboss.labs.exception.LabsException;
 import org.jboss.labs.exception.auth.NoSuchRoleForUserException;
 import org.jboss.labs.exception.auth.NoSuchUserRoleException;
 import org.jboss.labs.exception.auth.NoSuchUserException;
 import org.jboss.labs.exception.auth.RoleExistsException;
 import org.jboss.labs.exception.auth.UserExistsException;
-import org.josso.gateway.identity.service.ws.impl.SSOIdentityManager;
-import org.josso.gateway.identity.service.ws.impl.SSOIdentityManagerServiceLocator;
 
 @Stateless
 @Local
@@ -52,19 +54,71 @@
 	@PersistenceContext(name = "auth_model")
 	private EntityManager manager;
 
-	private SSOIdentityManager identityManager;
+	@EJB
+	private RoleBinderService binderService;
 
 	private final static Logger log = Logger.getLogger(UserServiceImpl.class);
 
 	@PostConstruct
 	public void init() {
-		try {
-			identityManager = new SSOIdentityManagerServiceLocator()
-					.getSSOIdentityManager();
+		// if user db is empty add admin and a user with dummy roles
+		// Administrators and Users and make admin a super user
+		if (manager.createQuery("SELECT * FROM User").setMaxResults(1)
+				.getResultList().size() == 0) {
+			User admin = new User("admin");
+			admin.setPassword(AuthHelper.countMD5("admin"));
+			User user = new User("user");
+			user.setPassword(AuthHelper.countMD5("user"));
 
-		} catch (ServiceException e) {
-			log.error("No identityManager", e);
-			throw new RuntimeException("Couldn't access identity manager", e);
+			try {
+				addNewUser(user);
+				addNewUser(admin);
+			} catch (UserExistsException e2) {
+				// won't happen
+				log.error(e2);
+			}
+
+			UserRole adminRole = new UserRole("Administrators",
+					"System administartors");
+			UserRole userRole = new UserRole("Users", "System users");
+
+			try {
+				addUserRole(adminRole);
+			} catch (RoleExistsException e) {
+				try {
+					adminRole = getUserRole("Administrators");
+				} catch (NoSuchUserRoleException e1) {
+					// won't happen
+					log.error(e1);
+				}
+			}
+			
+			try {
+				addUserRoleToUser(admin, adminRole);
+			} catch (LabsException e2) {
+				// ignore
+				log.error(e2);
+			}
+
+			try {
+				addUserRole(userRole);
+			} catch (RoleExistsException e) {
+				try {
+					userRole = getUserRole("Users");
+				} catch (NoSuchUserRoleException e1) {
+					// won't happen
+					log.error(e1);
+				}
+			}
+			
+
+			try {
+				addUserRoleToUser(user, userRole);
+			} catch (LabsException e2) {
+				// ignore
+				log.error(e2);
+			}
+
 		}
 	}
 
@@ -123,7 +177,7 @@
 		try {
 			// check if user exists
 			getUser(user);
-			
+
 			throw new UserExistsException("User " + user.getName()
 					+ " already exists");
 		} catch (NoSuchUserException e) {
@@ -145,40 +199,120 @@
 
 		return userEn;
 	}
-	
+
 	public UserRole getUserRole(UserRole role) throws NoSuchUserRoleException {
 		return getUserRole(role.getId());
 	}
-	
+
 	public UserRole getUserRole(String roleID) throws NoSuchUserRoleException {
 		UserRole roleEn = manager.find(UserRole.class, roleID);
-		
+
 		if (roleEn == null) {
-			throw new NoSuchUserRoleException("Role "+roleID + "doesn't exist");
+			throw new NoSuchUserRoleException("Role " + roleID
+					+ "doesn't exist");
 		}
-		
+
 		return roleEn;
 	}
 
-	/* (non-Javadoc)
+	/*
+	 * (non-Javadoc)
+	 * 
 	 * @see org.jboss.labs.auth.UserService#addUserRole(org.jboss.labs.core.model.auth.UserRole)
 	 */
 	public void addUserRole(UserRole role) throws RoleExistsException {
 		try {
 			getUserRole(role);
-			throw new RoleExistsException("Role "+role.getId()+" already exist");
+			throw new RoleExistsException("Role " + role.getId()
+					+ " already exist");
 		} catch (NoSuchUserRoleException e) {
 		}
-		
+
 		manager.persist(role);
 	}
 
-	/* (non-Javadoc)
+	/*
+	 * (non-Javadoc)
+	 * 
 	 * @see org.jboss.labs.auth.UserService#removeUserRole(org.jboss.labs.core.model.auth.UserRole)
 	 */
 	public void removeUserRole(UserRole role) throws NoSuchUserRoleException {
 		UserRole roleEn = getUserRole(role);
-		
+
 		manager.remove(roleEn);
 	}
+
+	/*
+	 * (non-Javadoc)
+	 * 
+	 * @see org.jboss.labs.auth.UserService#getSuperusers()
+	 */
+	@SuppressWarnings("unchecked")
+	public Set<User> getSuperusers() {
+		Set<User> usrs = (Set<User>) manager.createQuery(
+				"SELECT superUsers FROM SuperUsers su WHERE su.id = :project")
+				.setParameter("project", binderService.getGlobalProjectID())
+				.getSingleResult();
+
+		if (usrs != null) {
+			return new TreeSet<User>(usrs);
+		} else {
+			return new TreeSet<User>();
+		}
+	}
+
+	/*
+	 * (non-Javadoc)
+	 * 
+	 * @see org.jboss.labs.auth.UserService#getSuperusersForProject(java.lang.String)
+	 */
+	@SuppressWarnings("unchecked")
+	public Set<User> getSuperusersForProject(String projectId) {
+		Set<User> usrs = (Set<User>) manager.createQuery(
+				"SELECT superUsers FROM SuperUsers su WHERE su.id = :project")
+				.setParameter("project", binderService.getProjectID(projectId))
+				.getSingleResult();
+
+		if (usrs != null) {
+			return new TreeSet<User>(usrs);
+		} else {
+			return new TreeSet<User>();
+		}
+	}
+
+	/*
+	 * (non-Javadoc)
+	 * 
+	 * @see org.jboss.labs.auth.UserService#addUserRoleToUser(java.security.Principal,
+	 *      org.jboss.labs.core.model.auth.UserRole)
+	 */
+	public void addUserRoleToUser(Principal user, UserRole role)
+			throws NoSuchUserException, NoSuchUserRoleException {
+		User userEn = getUser(user);
+		UserRole roleEn = getUserRole(role);
+
+		userEn.addRole(roleEn);
+
+		manager.persist(userEn);
+	}
+
+	/*
+	 * (non-Javadoc)
+	 * 
+	 * @see org.jboss.labs.auth.UserService#removeRolesFromUser(java.security.Principal,
+	 *      org.jboss.labs.core.model.auth.UserRole[])
+	 */
+	public void removeRolesFromUser(Principal user, UserRole... userRoles)
+			throws NoSuchUserException, NoSuchUserRoleException,
+			NoSuchRoleForUserException {
+		User userEn = getUser(user);
+
+		for (UserRole role : userRoles) {
+			UserRole roleEn = getUserRole(role);
+
+			userEn.removeRole(roleEn);
+		}
+
+		manager.persist(userEn);
+	}
 }

Modified: labs/jbosslabs/labs-3.0-build/services/credential/src/main/resources/META-INF/persistence.xml
===================================================================
--- labs/jbosslabs/labs-3.0-build/services/credential/src/main/resources/META-INF/persistence.xml	2008-02-06 15:58:56 UTC (rev 18348)
+++ labs/jbosslabs/labs-3.0-build/services/credential/src/main/resources/META-INF/persistence.xml	2008-02-06 17:20:25 UTC (rev 18349)
@@ -12,6 +12,7 @@
                 <class>org.jboss.labs.core.model.auth.ProjectID</class>
                 <class>org.jboss.labs.core.model.auth.Service</class>
                 <class>org.jboss.labs.core.model.auth.ServiceRole</class>
+                <class>org.jboss.labs.core.model.auth.SuperUsers</class>
                 <class>org.jboss.labs.core.model.auth.UserRole</class>
                 <class>org.jboss.labs.core.model.auth.User</class>
         </persistence-unit>