Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $
You can buy this project and download/modify it how often you want.
org.exist.security.AbstractGroup Maven / Gradle / Ivy
/*
* eXist-db Open Source Native XML Database
* Copyright (C) 2001 The eXist-db Authors
*
* [email protected]
* http://www.exist-db.org
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
*/
package org.exist.security;
import java.util.*;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.exist.config.Configuration;
import org.exist.config.ConfigurationException;
import org.exist.config.Configurator;
import org.exist.config.Reference;
import org.exist.config.ReferenceImpl;
import org.exist.config.annotation.ConfigurationClass;
import org.exist.config.annotation.ConfigurationFieldAsElement;
import org.exist.config.annotation.ConfigurationReferenceBy;
import org.exist.security.internal.GroupImpl;
import org.exist.storage.DBBroker;
@ConfigurationClass("")
public abstract class AbstractGroup extends AbstractPrincipal implements Comparable, Group {
private final static Logger LOG = LogManager.getLogger(AbstractGroup.class);
@ConfigurationFieldAsElement("manager")
@ConfigurationReferenceBy("name")
private List> managers = new ArrayList<>();
@ConfigurationFieldAsElement("metadata")
private Map metadata = new HashMap<>();
public AbstractGroup(final DBBroker broker, final AbstractRealm realm, final int id, final String name, final List managers) throws ConfigurationException {
super(broker, realm, realm.collectionGroups, id, name);
if(managers != null) {
for(final Account manager : managers) {
_addManager(manager);
}
}
}
public AbstractGroup(final DBBroker broker, final AbstractRealm realm, final String name) throws ConfigurationException {
super(broker, realm, realm.collectionGroups, UNDEFINED_ID, name);
}
public AbstractGroup(final AbstractRealm realm, final Configuration configuration) throws ConfigurationException {
super(realm, configuration);
//it require, because class's fields initializing after super constructor
if (this.configuration != null) {
this.configuration = Configurator.configure(this, this.configuration);
}
}
@Override
public int compareTo(final Object other) {
if(!(other instanceof GroupImpl)) {
throw new IllegalArgumentException("wrong type");
}
return name.compareTo(((GroupImpl)other).name);
}
@Override
public String toString() {
final StringBuilder buf = new StringBuilder();
buf.append("");
try {
for(final Account manager : getManagers()) {
buf.append("");
}
} catch(final Throwable e) {
e.printStackTrace();
buf.append("");
}
buf.append(" ");
return buf.toString();
}
@Override
public void assertCanModifyGroup(final Account user) throws PermissionDeniedException {
if(user == null) {
throw new PermissionDeniedException("Unspecified Account is not allowed to modify group '" + getName() + "'");
} else if(!user.hasDbaRole() && !isManager(user)) {
throw new PermissionDeniedException("Account '" + user.getName() + "' is not allowed to modify group '" + getName() + "'");
}
}
@Override
public boolean isManager(final Account account) {
for(final Reference manager : managers) {
final Account acc = manager.resolve();
if(acc != null && acc.equals(account)) {
return true;
}
}
return false;
}
protected void _addManager(final Account account) {
//check the manager is not already present
for(final Reference manager : managers) {
final String refName = manager.getName();
if(refName != null && refName.equals(account.getName())) {
return;
}
}
//add the manager
managers.add(
new ReferenceImpl<>(
getRealm().getSecurityManager(),
account,
account.getName()
)
);
}
@Override
public void addManager(final Account manager) throws PermissionDeniedException {
final Subject subject = getDatabase().getActiveBroker().getCurrentSubject();
assertCanModifyGroup(subject);
_addManager(manager);
}
@Override
public void addManagers(final List managers) throws PermissionDeniedException {
if(managers != null) {
for(final Account manager : managers) {
addManager(manager);
}
}
}
public void addManager(final String name) throws PermissionDeniedException {
final Subject subject = getDatabase().getActiveBroker().getCurrentSubject();
assertCanModifyGroup(subject);
//check the manager is not already present
for(final Reference ref : managers) {
final String refName = ref.getName();
if(refName != null && refName.equals(name)) {
return;
}
}
managers.add(new ReferenceImpl<>(getRealm().getSecurityManager(), "getAccount", name));
}
//this method is used by Configurator
public final void insertManager(final int index, final String name) throws PermissionDeniedException {
final Subject subject = getDatabase().getActiveBroker().getCurrentSubject();
assertCanModifyGroup(subject);
//check the manager is not already present
for(final Reference ref : managers) {
final String refName = ref.getName();
if(refName != null && refName.equals(name)) {
return;
}
}
managers.add(index, new ReferenceImpl<>(getRealm().getSecurityManager(), "getAccount", name));
}
@Override
public List getManagers() {
//we use a HashSet to ensure a unique set of managers
//under some cases it is possible for the same manager to
//appear twice in a group config file, but we only want
//to know about them once!
final Set set = new HashSet<>();
if(managers != null) {
for(final Reference ref : managers) {
final Account acc = ref.resolve();
if(acc != null) {
set.add(acc);
} else {
LOG.warn("Unable to resolve reference to group manager '{}' for group '{}'", ref.getName(), getName());
}
}
}
return new ArrayList<>(set);
}
@Override
public void removeManager(final Account account) throws PermissionDeniedException {
final Subject subject = getDatabase().getActiveBroker().getCurrentSubject();
assertCanModifyGroup(subject);
for(final Reference ref : managers) {
final Account acc = ref.resolve();
if(acc.getName().equals(account.getName())) {
managers.remove(ref);
break;
}
}
}
//this method used only at tests, don't use it other places
public void setManagers(final List> managers) {
this.managers = managers;
}
@Override
public String getMetadataValue(final SchemaType schemaType) {
return metadata.get(schemaType.getNamespace());
}
@Override
public void setMetadataValue(final SchemaType schemaType, final String value) {
metadata.put(schemaType.getNamespace(), value);
}
@Override
public Set getMetadataKeys() {
final Set metadataKeys = new HashSet<>();
for(final String key : metadata.keySet()) {
//XXX: other types?
if(AXSchemaType.valueOfNamespace(key) != null) {
metadataKeys.add(AXSchemaType.valueOfNamespace(key));
} else if(EXistSchemaType.valueOfNamespace(key) != null){
metadataKeys.add(EXistSchemaType.valueOfNamespace(key));
}
}
return metadataKeys;
}
@Override
public void clearMetadata() {
metadata.clear();
}
}
