[seam-commits] Seam SVN: r7402 - trunk/src/main/org/jboss/seam/security/management.
seam-commits at lists.jboss.org
seam-commits at lists.jboss.org
Sat Feb 9 00:21:07 EST 2008
Author: shane.bryzak at jboss.com
Date: 2008-02-09 00:21:07 -0500 (Sat, 09 Feb 2008)
New Revision: 7402
Added:
trunk/src/main/org/jboss/seam/security/management/NoSuchRoleException.java
Modified:
trunk/src/main/org/jboss/seam/security/management/IdentityManager.java
trunk/src/main/org/jboss/seam/security/management/IdentityStore.java
trunk/src/main/org/jboss/seam/security/management/JpaIdentityStore.java
trunk/src/main/org/jboss/seam/security/management/NoSuchUserException.java
Log:
Refactored, improved exception handling, more sensible API, support for role management
Modified: trunk/src/main/org/jboss/seam/security/management/IdentityManager.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/management/IdentityManager.java 2008-02-09 05:02:33 UTC (rev 7401)
+++ trunk/src/main/org/jboss/seam/security/management/IdentityManager.java 2008-02-09 05:21:07 UTC (rev 7402)
@@ -31,6 +31,11 @@
public static final String IDENTITY_STORE_COMPONENT_NAME = "identityStore";
public static final String ACCOUNT_PERMISSION_NAME = "seam.account";
+ public static final String PERMISSION_CREATE = "create";
+ public static final String PERMISSION_READ = "read";
+ public static final String PERMISSION_UPDATE = "update";
+ public static final String PERMISSION_DELETE = "delete";
+
private static final LogProvider log = Logging.getLogProvider(IdentityManager.class);
private IdentityStore identityStore;
@@ -73,63 +78,81 @@
return instance;
}
- public boolean createAccount(String name, String password)
+ public boolean createUser(String name, String password)
{
- Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, "create");
- return identityStore.createAccount(name, password);
+ Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, PERMISSION_CREATE);
+ return identityStore.createUser(name, password);
}
- public boolean deleteAccount(String name)
+ public boolean deleteUser(String name)
{
- Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, "delete");
- return identityStore.deleteAccount(name);
+ Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, PERMISSION_DELETE);
+ return identityStore.deleteUser(name);
}
- public boolean enableAccount(String name)
+ public boolean enableUser(String name)
{
- Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, "update");
- return identityStore.enableAccount(name);
+ Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, PERMISSION_UPDATE);
+ return identityStore.enableUser(name);
}
- public boolean disableAccount(String name)
+ public boolean disableUser(String name)
{
- Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, "update");
- return identityStore.disableAccount(name);
+ Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, PERMISSION_UPDATE);
+ return identityStore.disableUser(name);
}
public boolean changePassword(String name, String password)
{
- Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, "update");
+ Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, PERMISSION_UPDATE);
return identityStore.changePassword(name, password);
}
- public boolean isEnabled(String name)
+ public boolean isUserEnabled(String name)
{
- Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, "read");
- return identityStore.isEnabled(name);
+ Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, PERMISSION_READ);
+ return identityStore.isUserEnabled(name);
}
public boolean grantRole(String name, String role)
{
- Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, "update");
+ Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, PERMISSION_UPDATE);
return identityStore.grantRole(name, role);
}
public boolean revokeRole(String name, String role)
{
- Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, "update");
+ Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, PERMISSION_UPDATE);
return identityStore.revokeRole(name, role);
}
- public boolean accountExists(String name)
+ public boolean createRole(String role)
{
- Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, "read");
- return identityStore.accountExists(name);
+ Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, PERMISSION_CREATE);
+ return identityStore.createRole(role);
}
+ public boolean deleteRole(String role)
+ {
+ Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, PERMISSION_DELETE);
+ return identityStore.deleteRole(role);
+ }
+
+ public boolean userExists(String name)
+ {
+ Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, PERMISSION_READ);
+ return identityStore.userExists(name);
+ }
+
+ public boolean roleExists(String name)
+ {
+ Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, PERMISSION_READ);
+ return identityStore.roleExists(name);
+ }
+
public List<String> listUsers()
{
- Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, "read");
+ Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, PERMISSION_READ);
List<String> users = identityStore.listUsers();
Collections.sort(users, new Comparator<String>() {
@@ -143,7 +166,7 @@
public List<String> listUsers(String filter)
{
- Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, "read");
+ Identity.instance().checkPermission(ACCOUNT_PERMISSION_NAME, PERMISSION_READ);
List<String> users = identityStore.listUsers(filter);
Collections.sort(users, new Comparator<String>() {
Modified: trunk/src/main/org/jboss/seam/security/management/IdentityStore.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/management/IdentityStore.java 2008-02-09 05:02:33 UTC (rev 7401)
+++ trunk/src/main/org/jboss/seam/security/management/IdentityStore.java 2008-02-09 05:21:07 UTC (rev 7402)
@@ -10,18 +10,20 @@
*/
public interface IdentityStore
{
- boolean createAccount(String username, String password);
- boolean deleteAccount(String name);
+ boolean createUser(String username, String password);
+ boolean deleteUser(String name);
+ boolean enableUser(String name);
+ boolean disableUser(String name);
+ boolean isUserEnabled(String name);
+ boolean changePassword(String name, String password);
+ boolean userExists(String name);
+ boolean createRole(String role);
boolean grantRole(String name, String role);
boolean revokeRole(String name, String role);
-
- boolean enableAccount(String name);
- boolean disableAccount(String name);
- boolean isEnabled(String name);
- boolean changePassword(String name, String password);
-
- boolean accountExists(String name);
+ boolean deleteRole(String role);
+ boolean roleExists(String name);
+
List<String> listUsers();
List<String> listUsers(String filter);
List<String> listRoles();
Modified: trunk/src/main/org/jboss/seam/security/management/JpaIdentityStore.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/management/JpaIdentityStore.java 2008-02-09 05:02:33 UTC (rev 7401)
+++ trunk/src/main/org/jboss/seam/security/management/JpaIdentityStore.java 2008-02-09 05:21:07 UTC (rev 7402)
@@ -68,7 +68,7 @@
}
}
- public boolean createAccount(String username, String password)
+ public boolean createUser(String username, String password)
{
try
{
@@ -77,7 +77,7 @@
throw new IdentityManagementException("Could not create account, accountClass not set");
}
- if (accountExists(username))
+ if (userExists(username))
{
throw new IdentityManagementException("Could not create account, already exists");
}
@@ -115,35 +115,31 @@
}
}
- public boolean deleteAccount(String name)
+ public boolean deleteUser(String name)
{
- UserAccount account;
- try
+ UserAccount account = validateAccount(name);
+ if (account == null || !account.getAccountType().equals(AccountType.user))
{
- account = validateUser(name);
- }
- catch (NoSuchUserException e)
- {
- return false;
+ throw new NoSuchUserException("Could not delete account, no such user '" + name + "'");
}
+
getEntityManager().remove(account);
return true;
}
public boolean grantRole(String name, String role)
{
- UserAccount account;
-
- try
+ UserAccount account = validateAccount(name);
+ if (account == null)
{
- account = validateUser(name);
+ throw new NoSuchUserException("Could not grant role, no such user or role '" + name + "'");
}
- catch (NoSuchUserException ex)
+
+ UserAccount roleToGrant = validateAccount(role);
+ if (roleToGrant == null)
{
- return false;
+ throw new NoSuchRoleException("Could not grant role, role '" + role + "' does not exist");
}
-
- UserAccount roleToGrant = validateRole(role);
if (account.getMemberships() == null)
{
@@ -162,34 +158,78 @@
public boolean revokeRole(String name, String role)
{
- UserAccount account;
- try
+ UserAccount account = validateAccount(name);
+ if (account == null)
{
- account = validateUser(name);
- }
- catch (NoSuchUserException e)
- {
- return false;
+ throw new NoSuchUserException("Could not revoke role, no such user or role '" + name + "'");
}
- UserAccount roleToRevoke = validateRole(role);
+ UserAccount roleToRevoke = validateAccount(role);
+ if (roleToRevoke == null)
+ {
+ throw new NoSuchRoleException("Could not revoke role, role '" + role + "' does not exist");
+ }
+
boolean success = account.getMemberships().remove(roleToRevoke);
mergeAccount(account);
return success;
}
- public boolean enableAccount(String name)
+ public boolean createRole(String role)
{
- UserAccount account;
try
{
- account = validateUser(name);
- }
- catch (NoSuchUserException e)
+ if (accountClass == null)
+ {
+ throw new IdentityManagementException("Could not create role, accountClass not set");
+ }
+
+ if (roleExists(role))
+ {
+ throw new IdentityManagementException("Could not create role, already exists");
+ }
+
+ UserAccount account = accountClass.newInstance();
+ account.setAccountType(UserAccount.AccountType.role);
+ account.setUsername(role);
+
+ persistAccount(account);
+
+ return true;
+ }
+ catch (Exception ex)
{
- return false;
+ if (ex instanceof IdentityManagementException)
+ {
+ throw (IdentityManagementException) ex;
+ }
+ else
+ {
+ throw new IdentityManagementException("Could not create role", ex);
+ }
+ }
+ }
+
+ public boolean deleteRole(String role)
+ {
+ UserAccount roleToDelete = validateAccount(role);
+ if (roleToDelete == null)
+ {
+ throw new NoSuchRoleException("Could not delete role, role '" + role + "' does not exist");
}
+ getEntityManager().remove(roleToDelete);
+ return true;
+ }
+
+ public boolean enableUser(String name)
+ {
+ UserAccount account = validateAccount(name);
+ if (account == null || !account.getAccountType().equals(AccountType.user))
+ {
+ throw new NoSuchUserException("Could not enable account, user '" + name + "' does not exist");
+ }
+
// If it's already enabled return false
if (account.isEnabled())
{
@@ -202,17 +242,13 @@
return true;
}
- public boolean disableAccount(String name)
+ public boolean disableUser(String name)
{
- UserAccount account;
- try
+ UserAccount account = validateAccount(name);
+ if (account == null || !account.getAccountType().equals(AccountType.user))
{
- account = validateUser(name);
- }
- catch (NoSuchUserException e)
- {
- return false;
- }
+ throw new NoSuchUserException("Could not disable account, user '" + name + "' does not exist");
+ }
// If it's already enabled return false
if (!account.isEnabled())
@@ -228,63 +264,42 @@
public boolean changePassword(String name, String password)
{
- UserAccount account;
- try
+ UserAccount account = validateAccount(name);
+ if (account == null || !account.getAccountType().equals(AccountType.user))
{
- account = validateUser(name);
- account.setPasswordHash(hashPassword(password, name));
- mergeAccount(account);
- return true;
- }
- catch (NoSuchUserException e)
- {
- return false;
- }
+ throw new NoSuchUserException("Could not change password, user '" + name + "' does not exist");
+ }
+
+ account.setPasswordHash(hashPassword(password, name));
+ mergeAccount(account);
+ return true;
}
- public boolean accountExists(String name)
+ public boolean userExists(String name)
{
- UserAccount account;
- try
- {
- account = validateUser(name);
- return account != null;
- }
- catch (NoSuchUserException e)
- {
- return false;
- }
+ UserAccount account = validateAccount(name);
+ return account != null && account.getAccountType().equals(AccountType.user);
}
- public boolean isEnabled(String name)
+ public boolean roleExists(String name)
{
- UserAccount account;
- try
- {
- account = validateUser(name);
- }
- catch (NoSuchUserException e)
- {
- return false;
- }
-
- return account.isEnabled();
+ UserAccount role = validateAccount(name);
+ return role != null && role.getAccountType().equals(AccountType.role);
}
+ public boolean isUserEnabled(String name)
+ {
+ UserAccount account = validateAccount(name);
+ return account != null && account.getAccountType().equals(AccountType.user)
+ && account.isEnabled();
+ }
+
public List<String> getGrantedRoles(String name)
{
- UserAccount account;
- try
- {
- account = validateUser(name);
- }
- catch (NoSuchUserException e)
- {
- return null;
- }
+ UserAccount account = validateAccount(name);
+ if (account == null) throw new NoSuchUserException("No such user '" + name + "'");
- List<String> roles = new ArrayList<String>();
-
+ List<String> roles = new ArrayList<String>();
if (account.getMemberships() != null)
{
for (UserAccount membership : account.getMemberships())
@@ -301,15 +316,8 @@
public List<String> getImpliedRoles(String name)
{
- UserAccount account;
- try
- {
- account = validateUser(name);
- }
- catch (NoSuchUserException e)
- {
- return null;
- }
+ UserAccount account = validateAccount(name);
+ if (account == null) throw new NoSuchUserException("No such user '" + name + "'");
Set<String> roles = new HashSet<String>();
@@ -339,17 +347,7 @@
public boolean authenticate(String username, String password)
{
- UserAccount account = null;
-
- try
- {
- account = validateUser(username);
- }
- catch (NoSuchUserException ex)
- {
- return false;
- }
-
+ UserAccount account = validateAccount(username);
if (account == null || !account.getAccountType().equals(AccountType.user)
|| !account.isEnabled())
{
@@ -366,66 +364,32 @@
return success;
}
- /**
- * Retrieves a user UserAccount from persistent storage. If the UserAccount does
- * not exist, an IdentityManagementException is thrown.
- *
- * @param name The user's username
- * @return The UserAccount for the specified user
- */
- protected UserAccount validateUser(String name) throws NoSuchUserException
- {
+ protected UserAccount validateAccount(String name)
+ {
try
{
- return (UserAccount) getEntityManager().createQuery(
- "from " + accountClass.getName() + " where username = :username and " +
- "accountType = :accountType")
+ UserAccount account = (UserAccount) getEntityManager().createQuery(
+ "from " + accountClass.getName() + " where username = :username")
.setParameter("username", name)
- .setParameter("accountType", AccountType.user)
.getSingleResult();
- }
- catch (NoResultException ex)
- {
- throw new NoSuchUserException("No such user: " + name);
- }
- }
-
- /**
- * Retrieves a role UserAccount from persistent storage. If the UserAccount
- * does not exist, an IdentityManagementException is thrown.
- *
- * @param name The role name
- * @return The UserAccount for the specific role
- */
- protected UserAccount validateRole(String name)
- {
- try
- {
- // As a last ditch effort, check the db
- UserAccount role = (UserAccount) getEntityManager().createQuery(
- "from " + accountClass.getName() + " where username = :username and " +
- "accountType = :accountType")
- .setParameter("username", name)
- .setParameter("accountType", AccountType.role)
- .getSingleResult();
-
- if (!roleCache.containsKey(role.getUsername()))
+
+ if (account.getAccountType().equals(AccountType.role) &&
+ !roleCache.containsKey(account.getUsername()))
{
Set<String> memberships = new HashSet<String>();
- for (UserAccount m : role.getMemberships())
+ for (UserAccount m : account.getMemberships())
{
memberships.add(m.getUsername());
}
- roleCache.put(role.getUsername(), memberships);
+ roleCache.put(account.getUsername(), memberships);
}
- return role;
+ return account;
}
catch (NoResultException ex)
{
- roleCache.remove(name);
- throw new IdentityManagementException("No such role: " + name);
+ return null;
}
}
Added: trunk/src/main/org/jboss/seam/security/management/NoSuchRoleException.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/management/NoSuchRoleException.java (rev 0)
+++ trunk/src/main/org/jboss/seam/security/management/NoSuchRoleException.java 2008-02-09 05:21:07 UTC (rev 7402)
@@ -0,0 +1,19 @@
+package org.jboss.seam.security.management;
+
+/**
+ * Thrown when an operation is performed on a non-existent role.
+ *
+ * @author Shane Bryzak
+ */
+public class NoSuchRoleException extends RuntimeException
+{
+ public NoSuchRoleException(String message)
+ {
+ super(message);
+ }
+
+ public NoSuchRoleException(String message, Throwable cause)
+ {
+ super(message, cause);
+ }
+}
Modified: trunk/src/main/org/jboss/seam/security/management/NoSuchUserException.java
===================================================================
--- trunk/src/main/org/jboss/seam/security/management/NoSuchUserException.java 2008-02-09 05:02:33 UTC (rev 7401)
+++ trunk/src/main/org/jboss/seam/security/management/NoSuchUserException.java 2008-02-09 05:21:07 UTC (rev 7402)
@@ -1,11 +1,11 @@
package org.jboss.seam.security.management;
/**
- * Thrown when an operation is attempted on a non-existant user.
+ * Thrown when an operation is attempted on a non-existent user.
*
* @author Shane Bryzak
*/
-public class NoSuchUserException extends Exception
+public class NoSuchUserException extends RuntimeException
{
public NoSuchUserException(String message)
{
More information about the seam-commits
mailing list