/* * $Id: AuthenticationBusinessBean.java,v 1.14 2009/01/14 14:21:55 civilis Exp $ * Created on 9.12.2004 * * Copyright (C) 2004 Idega Software hf. All Rights Reserved. * * This software is the proprietary information of Idega hf. * Use is subject to license terms. */ package com.idega.slide.authentication; import java.io.IOException; import java.rmi.RemoteException; import java.util.Collection; import java.util.Enumeration; import java.util.HashSet; import java.util.Iterator; import java.util.Set; import java.util.logging.Level; import java.util.logging.Logger; import javax.servlet.http.HttpServletRequest; import org.apache.commons.httpclient.HttpException; import org.apache.commons.httpclient.UsernamePasswordCredentials; import org.apache.webdav.lib.Ace; import org.apache.webdav.lib.Privilege; import org.apache.webdav.lib.PropertyName; import org.apache.webdav.lib.WebdavResource; import org.apache.webdav.lib.WebdavResources; import com.idega.business.IBOLookup; import com.idega.business.IBOLookupException; import com.idega.business.IBOServiceBean; import com.idega.core.accesscontrol.business.LoginBusinessBean; import com.idega.core.accesscontrol.business.StandardRoles; import com.idega.slide.business.IWSlideService; import com.idega.slide.util.AccessControlEntry; import com.idega.slide.util.AccessControlList; import com.idega.slide.util.IWSlideConstants; import com.idega.slide.util.PropertyParser; import com.idega.util.StringHandler; /** * Last modified: $Date: 2009/01/14 14:21:55 $ by $Author: civilis $ * * @author <a href="mailto:gummi@idega.com">Gudmundur Agust Saemundsson</a> * @version $Revision: 1.14 $ */ public class AuthenticationBusinessBean extends IBOServiceBean implements AuthenticationBusiness { private static final long serialVersionUID = 5768690543595785783L; // TODO extend Authenticationbusiness from core private static final String PATH_USERS = IWSlideConstants.PATH_USERS; private static final String PATH_GROUPS = IWSlideConstants.PATH_GROUPS; private static final String PATH_ROLES = IWSlideConstants.PATH_ROLES; private static final String SLASH = "/"; // private static final String SLIDE_ROLE_NAME_ROOT = "root"; private static final String SLIDE_DEFAULT_ROOT_USER = "root"; private static final String SLIDE_ROLE_NAME_USER = "user"; // private static final String SLIDE_ROLE_NAME_GUEST = "guset"; private IWSlideService slideService = null; private static final String GROUP_MEMBER_SET = "group-member-set"; private static final PropertyName GROUP_MEMBER_SET_PROPERTY_NAME = new PropertyName( "DAV:", GROUP_MEMBER_SET); private static final String NO_PASSWORD = "no_password"; private static final String ROOT_USER_NAME = "root"; private final UsernamePasswordCredentials rootCredential = new UsernamePasswordCredentials( ROOT_USER_NAME, NO_PASSWORD); // private LoginBusinessBean _loginBusiness = new LoginBusinessBean(); public WebdavResources getAllRoles() throws HttpException, RemoteException, IOException { return getAllRoles(null); } public WebdavResources getAllRoles(UsernamePasswordCredentials credentials) throws HttpException, RemoteException, IOException { IWSlideService service = getSlideServiceInstance(); WebdavResource rolesFolder = new WebdavResource(service.getWebdavServerURL(credentials, PATH_ROLES)); return rolesFolder.getChildResources(); } public String getUserURI(String userName) throws RemoteException { IWSlideService service = getSlideServiceInstance(); return service.getWebdavServerURI() + getUserPath(userName); } public String getUserPath(String userName) throws RemoteException { return PATH_USERS + SLASH + userName; } public String getGroupURI(String groupName) throws RemoteException { IWSlideService service = getSlideServiceInstance(); return service.getWebdavServerURI() + getGroupPath(groupName); } public String getGroupPath(String groupName) throws RemoteException { return PATH_GROUPS + SLASH + groupName; } public String getRoleURI(String roleName) throws RemoteException { IWSlideService service = getSlideServiceInstance(); return service.getWebdavServerURI() + getRolePath(roleName); } public String getRolePath(String roleName) throws RemoteException { return PATH_ROLES + SLASH + roleName; } /** * @param loginName * @param roleNamesForUser * @param loginNameOfAllLoggedOnUsers * Set of all users that are logged on, other users are removed from roles. If the * set is null no users are removed from roles. * @throws IOException * @throws RemoteException * @throws HttpException */ public void updateRoleMembershipForUser(String userLoginName, Set roleNamesForUser, Set loginNamesOfAllLoggedOnUsers) throws HttpException, RemoteException, IOException { if (userLoginName != null && userLoginName.length() > 0 && !userLoginName.equals(SLIDE_DEFAULT_ROOT_USER)) { IWSlideService service = getSlideServiceInstance(); UsernamePasswordCredentials rCredentials = service.getRootUserCredentials(); Set newRoles = new HashSet(roleNamesForUser); Enumeration e = getAllRoles(rCredentials).getResources(); String userURI = getUserURI(userLoginName); while (e.hasMoreElements()) { WebdavResource role = (WebdavResource) e.nextElement(); newRoles.remove(role.getDisplayName()); updateRoleMembershipForUser(role, userURI, roleNamesForUser, loginNamesOfAllLoggedOnUsers); } // Add Roles that don't exist for (Iterator iter = newRoles.iterator(); iter.hasNext();) { String sRole = (String) iter.next(); if (!service.getExistence(getRolePath(sRole))) { WebdavResource newRole = new WebdavResource(service.getWebdavServerURL(rCredentials, getRolePath(sRole)), WebdavResource.NOACTION, 0); newRole.mkcolMethod(); updateRoleMembershipForUser(newRole, userURI, roleNamesForUser, loginNamesOfAllLoggedOnUsers); newRole.close(); } } } } private void updateRoleMembershipForUser(WebdavResource role, String userURI, Set roleNamesForUser, Set userpathsOfAllLoggedOnUsers) throws HttpException, RemoteException, IOException { // System.out.println("[AuthenticationBusiness]: resouce "+role.getDisplayName()+" begins"); boolean someChanges = false; try { Enumeration e = role.propfindMethod(GROUP_MEMBER_SET); String propertyString = ""; while (e.hasMoreElements()) { propertyString += (String) e.nextElement(); } // System.out.println("\t[group-member-set1]: "+propertyString); Set userSet = parseGroupMemberSetPropertyString(propertyString); if (userpathsOfAllLoggedOnUsers != null) { String rootUser = getUserURI(SLIDE_DEFAULT_ROOT_USER); for (Iterator iter = userSet.iterator(); iter.hasNext();) { String token = (String) iter.next(); if (!rootUser.equals(token) && !userpathsOfAllLoggedOnUsers.contains(token)) { userSet.remove(token); someChanges = true; } } } boolean userIsInRole = userSet.contains(userURI); boolean userShouldBeInRole = SLIDE_ROLE_NAME_USER.equals(role .getDisplayName()) || roleNamesForUser.contains(role.getDisplayName()); if (!userIsInRole && userShouldBeInRole) { userSet.add(userURI); someChanges = true; } else if (userIsInRole && !userShouldBeInRole) { userSet.remove(userURI); someChanges = true; } if (someChanges) { String newGroupMemberSet = encodeGroupMemberSetPropertyString(userSet); role.proppatchMethod(GROUP_MEMBER_SET_PROPERTY_NAME, newGroupMemberSet, true); // Enumeration e2 = role.propfindMethod(GROUP_MEMBER_SET); // if (e2.hasMoreElements()) { // String element2 = (String) e2.nextElement(); // System.out.println("\t[group-member-set2]: "+element2); // } } } catch (HttpException e) { e.printStackTrace(); } catch (IOException e) { e.printStackTrace(); } // System.out.println("[AuthenticationBusiness]: resouce "+role.getDisplayName()+" ends"); } /** * @param userSet * Set of userpaths or grouppaths * @see getUserURI(String) * @see getGroupURI(String) * @return */ private String encodeGroupMemberSetPropertyString(Set userOrGroupSet) { return PropertyParser.encodePropertyString(null, userOrGroupSet); } /** * @param element * @return * @throws RemoteException */ private Set parseGroupMemberSetPropertyString(String propertyString) throws RemoteException { return PropertyParser.parsePropertyString(null, propertyString); } protected IWSlideService getSlideServiceInstance() throws IBOLookupException { if (this.slideService == null) { this.slideService = (IWSlideService) IBOLookup.getServiceInstance( getIWApplicationContext(), IWSlideService.class); } return this.slideService; } public UsernamePasswordCredentials getRootUserCredentials() { if (NO_PASSWORD.equals(this.rootCredential.getPassword())) { this.rootCredential.setPassword(StringHandler.getRandomString(20)); } return this.rootCredential; } public boolean isRootUser(HttpServletRequest request) { // HttpServletRequest request = iwc.getRequest(); LoginBusinessBean loginBusiness = getLoginBusiness(); String[] usernameAndPassword = loginBusiness .getLoginNameAndPasswordFromBasicAuthenticationRequest(request); UsernamePasswordCredentials tmpCredential = getRootUserCredentials(); return tmpCredential.getUserName().equals(usernameAndPassword[0]) && tmpCredential.getPassword().equals(usernameAndPassword[1]); } protected LoginBusinessBean getLoginBusiness() { // return _loginBusiness; return LoginBusinessBean .getLoginBusinessBean(getIWApplicationContext()); } public AccessControlList applyDefaultPermissionsToRepository( AccessControlList acl) { return applyPermissionsToRepository(acl, StandardRoles.ALL_STANDARD_ROLES); } public AccessControlList applyPermissionsToRepository( AccessControlList acl, Collection<String> roles) { try { for (String role : roles) { String roleUri = getRoleURI(role); Ace newAce = new Ace(roleUri); newAce.addPrivilege(Privilege.READ); newAce.addPrivilege(Privilege.WRITE); AccessControlEntry editorEntry = new AccessControlEntry(newAce, AccessControlEntry.PRINCIPAL_TYPE_ROLE); acl.add(editorEntry); } } catch (Exception e) { Logger.getLogger(getClass().getName()).log( Level.SEVERE, "Exception while applying roles permissions to repo, roles=" + roles + ", repo path=" + acl.getResourcePath(), e); return null; } return acl; } }