org.opencms.db.jpa.CmsUserDriver Maven / Gradle / Ivy
Show all versions of opencms-test Show documentation
/*
* This library is part of OpenCms -
* the Open Source Content Management System
*
* Copyright (c) Alkacon Software GmbH & Co. KG (http://www.alkacon.com)
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* For further information about Alkacon Software, please see the
* company website: http://www.alkacon.com
*
* For further information about OpenCms, please see the
* project website: http://www.opencms.org
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
package org.opencms.db.jpa;
import org.opencms.configuration.CmsConfigurationManager;
import org.opencms.configuration.CmsParameterConfiguration;
import org.opencms.db.CmsDbContext;
import org.opencms.db.CmsDbEntryAlreadyExistsException;
import org.opencms.db.CmsDbEntryNotFoundException;
import org.opencms.db.CmsDbIoException;
import org.opencms.db.CmsDbSqlException;
import org.opencms.db.CmsDriverManager;
import org.opencms.db.CmsUserSettings;
import org.opencms.db.CmsVisitEntryFilter;
import org.opencms.db.I_CmsProjectDriver;
import org.opencms.db.I_CmsUserDriver;
import org.opencms.db.generic.CmsUserQueryBuilder;
import org.opencms.db.generic.Messages;
import org.opencms.db.jpa.persistence.CmsDAOGroupUsers;
import org.opencms.db.jpa.persistence.CmsDAOGroupUsers.CmsDAOGroupUsersPK;
import org.opencms.db.jpa.persistence.CmsDAOGroups;
import org.opencms.db.jpa.persistence.CmsDAOOfflineAccessControl;
import org.opencms.db.jpa.persistence.CmsDAOOnlineAccessControl;
import org.opencms.db.jpa.persistence.CmsDAOUserData;
import org.opencms.db.jpa.persistence.CmsDAOUsers;
import org.opencms.db.jpa.persistence.I_CmsDAOAccessControl;
import org.opencms.file.CmsDataAccessException;
import org.opencms.file.CmsFolder;
import org.opencms.file.CmsGroup;
import org.opencms.file.CmsProject;
import org.opencms.file.CmsProperty;
import org.opencms.file.CmsPropertyDefinition;
import org.opencms.file.CmsResource;
import org.opencms.file.CmsResourceFilter;
import org.opencms.file.CmsUser;
import org.opencms.file.CmsUserSearchParameters;
import org.opencms.file.CmsVfsResourceNotFoundException;
import org.opencms.file.types.CmsResourceTypeFolder;
import org.opencms.i18n.CmsEncoder;
import org.opencms.i18n.CmsLocaleManager;
import org.opencms.i18n.CmsMessageContainer;
import org.opencms.main.CmsEvent;
import org.opencms.main.CmsException;
import org.opencms.main.CmsInitException;
import org.opencms.main.CmsLog;
import org.opencms.main.I_CmsEventListener;
import org.opencms.main.OpenCms;
import org.opencms.monitor.CmsMemoryMonitor;
import org.opencms.relations.CmsRelation;
import org.opencms.relations.CmsRelationFilter;
import org.opencms.relations.CmsRelationType;
import org.opencms.security.CmsAccessControlEntry;
import org.opencms.security.CmsOrganizationalUnit;
import org.opencms.security.CmsPasswordEncryptionException;
import org.opencms.security.CmsRole;
import org.opencms.security.I_CmsPrincipal;
import org.opencms.util.CmsDataTypeUtil;
import org.opencms.util.CmsMacroResolver;
import org.opencms.util.CmsPair;
import org.opencms.util.CmsStringUtil;
import org.opencms.util.CmsUUID;
import java.io.IOException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import javax.persistence.NoResultException;
import javax.persistence.PersistenceException;
import javax.persistence.Query;
import org.apache.commons.logging.Log;
/**
* JPA database server implementation of the user driver methods.
*
* @since 8.0.0
*/
public class CmsUserDriver implements I_CmsUserDriver {
/** The root path for organizational units. */
public static final String ORGUNIT_BASE_FOLDER = "/system/orgunits/";
/** The internal request attribute to indicate that the password has not to be digested. */
public static final String REQ_ATTR_DONT_DIGEST_PASSWORD = "DONT_DIGEST_PASSWORD";
// TODO: remove all these constants
/** Attribute WRITE USER_ADDINFO. */
private static final String ATTRIBUTE_USERADDINFO = "A_USERADDINFO";
/** Attribute WRITE USER_ADDINFO value delete. */
private static final String ATTRIBUTE_USERADDINFO_VALUE_DELETE = "delete";
/** Attribute WRITE USER_ADDINFO value insert. */
private static final String ATTRIBUTE_USERADDINFO_VALUE_INSERT = "insert";
/** Attribute WRITE USER_ADDINFO value update. */
private static final String ATTRIBUTE_USERADDINFO_VALUE_UPDATE = "update";
/** Query key. */
private static final String C_ACCESS_READ_ENTRIES_0 = "C_ACCESS_READ_ENTRIES_0";
/** Query key. */
private static final String C_ACCESS_READ_ENTRIES_1 = "C_ACCESS_READ_ENTRIES_1";
/** Query key. */
private static final String C_ACCESS_READ_ENTRY_2 = "C_ACCESS_READ_ENTRY_2";
/** Query key. */
private static final String C_ACCESS_REMOVE_2 = "C_ACCESS_REMOVE_2";
/** Query key. */
private static final String C_ACCESS_REMOVE_ALL_1 = "C_ACCESS_REMOVE_ALL_1";
/** Query key. */
private static final String C_ACCESS_REMOVE_ALL_FOR_PRINCIPAL_1 = "C_ACCESS_REMOVE_ALL_FOR_PRINCIPAL_1";
/** Query key. */
private static final String C_ACCESS_UPDATE_5 = "C_ACCESS_UPDATE_5";
/** Query key. */
private static final String C_GROUPS_CHECK_BY_NAME_2 = "C_GROUPS_CHECK_BY_NAME_2";
/** Query key. */
private static final String C_GROUPS_DELETE_GROUP_2 = "C_GROUPS_DELETE_GROUP_2";
/** Query key. */
private static final String C_GROUPS_GET_ALL_USERS_OF_GROUP_2 = "C_GROUPS_GET_ALL_USERS_OF_GROUP_2";
/** Query key. */
private static final String C_GROUPS_GET_CHILD_1 = "C_GROUPS_GET_CHILD_1";
/** Query key. */
private static final String C_GROUPS_GET_GROUPS_0 = "C_GROUPS_GET_GROUPS_0";
/** Query key. */
private static final String C_GROUPS_GET_GROUPS_OF_USER_1 = "C_GROUPS_GET_GROUPS_OF_USER_1";
/** Query key. */
private static final String C_GROUPS_GET_USERS_OF_GROUP_2 = "C_GROUPS_GET_USERS_OF_GROUP_2";
/** Query key. */
private static final String C_GROUPS_GROUP_OU_EQUALS_1 = "C_GROUPS_GROUP_OU_EQUALS_1";
/** Query key. */
private static final String C_GROUPS_GROUP_OU_LIKE_1 = "C_GROUPS_GROUP_OU_LIKE_1";
/** Query key. */
private static final String C_GROUPS_ORDER_0 = "C_GROUPS_ORDER_0";
/** Query key. */
private static final String C_GROUPS_READ_BY_NAME_2 = "C_GROUPS_READ_BY_NAME_2";
/** Query key. */
private static final String C_GROUPS_SELECT_GROUPS_1 = "C_GROUPS_SELECT_GROUPS_1";
/** Query key. */
private static final String C_GROUPS_SELECT_ROLES_1 = "C_GROUPS_SELECT_ROLES_1";
/** Query key. */
private static final String C_GROUPS_USER_IN_GROUP_2 = "C_GROUPS_USER_IN_GROUP_2";
/** Query key. */
private static final String C_GROUPS_WRITE_GROUP_4 = "C_GROUPS_WRITE_GROUP_4";
/** Query key. */
private static final String C_USERDATA_DELETE_2 = "C_USERDATA_DELETE_2";
/** Query key. */
private static final String C_USERDATA_READ_1 = "C_USERDATA_READ_1";
/** Query key. */
private static final String C_USERDATA_UPDATE_4 = "C_USERDATA_UPDATE_4";
/** Query key. */
private static final String C_USERS_CHECK_BY_NAME_2 = "C_USERS_CHECK_BY_NAME_2";
/** Query key. */
private static final String C_USERS_DELETE_2 = "C_USERS_DELETE_2";
/** Query key. */
private static final String C_USERS_GET_USERS_FOR_ORGUNIT_1 = "C_USERS_GET_USERS_FOR_ORGUNIT_1";
/** Query key. */
private static final String C_USERS_GET_WEBUSERS_FOR_ORGUNIT_1 = "C_USERS_GET_WEBUSERS_FOR_ORGUNIT_1";
/** Query key. */
private static final String C_USERS_READ_BY_NAME_2 = "C_USERS_READ_BY_NAME_2";
/** Query key. */
private static final String C_USERS_READ_WITH_PWD_3 = "C_USERS_READ_WITH_PWD_3";
/** Query key. */
private static final String C_USERS_SET_ORGUNIT_2 = "C_USERS_SET_ORGUNIT_2";
/** Query key. */
private static final String C_USERS_SET_PWD_3 = "C_USERS_SET_PWD_3";
/** Query key. */
private static final String C_USERS_WRITE_2 = "C_USERS_WRITE_2";
/** Query key. */
private static final String C_USERS_WRITE_6 = "C_USERS_WRITE_6";
/** The log object for this class. */
private static final Log LOG = CmsLog.getLog(org.opencms.db.jpa.CmsUserDriver.class);
/** The name of the offline project. */
private static final String OFFLINE_PROJECT_NAME = "Offline";
/** Property for the organizational unit description. */
private static final String ORGUNIT_PROPERTY_DESCRIPTION = CmsPropertyDefinition.PROPERTY_DESCRIPTION;
/** Property for the organizational unit default project id. */
private static final String ORGUNIT_PROPERTY_PROJECTID = CmsPropertyDefinition.PROPERTY_KEYWORDS;
/** A digest to encrypt the passwords. */
protected MessageDigest m_digest;
/** The algorithm used to encode passwords. */
protected String m_digestAlgorithm;
/** The file.encoding to code passwords after encryption with digest. */
protected String m_digestFileEncoding;
/** The driver manager. */
protected CmsDriverManager m_driverManager;
/** The SQL manager. */
protected CmsSqlManager m_sqlManager;
/**
* @see org.opencms.db.I_CmsUserDriver#addResourceToOrganizationalUnit(org.opencms.db.CmsDbContext, org.opencms.security.CmsOrganizationalUnit, org.opencms.file.CmsResource)
*/
public void addResourceToOrganizationalUnit(CmsDbContext dbc, CmsOrganizationalUnit orgUnit, CmsResource resource)
throws CmsDataAccessException {
try {
// check if the resource is a folder
if (resource.isFile()) {
throw new CmsDataAccessException(
Messages.get().container(
Messages.ERR_ORGUNIT_RESOURCE_IS_NOT_FOLDER_2,
orgUnit.getName(),
dbc.removeSiteRoot(resource.getRootPath())));
}
// read the resource representing the organizational unit
CmsResource ouResource = m_driverManager.readResource(
dbc,
ORGUNIT_BASE_FOLDER + orgUnit.getName(),
CmsResourceFilter.ALL);
// get the associated resources
List vfsPaths = new ArrayList(internalResourcesForOrgUnit(dbc, ouResource));
// check resource scope for non root ous
if (orgUnit.getParentFqn() != null) {
// get the parent ou
CmsOrganizationalUnit parentOu = m_driverManager.readOrganizationalUnit(dbc, orgUnit.getParentFqn());
// validate
internalValidateResourceForOrgUnit(dbc, parentOu, resource.getRootPath());
} else {
// allow to set the first resource
if (!vfsPaths.isEmpty()) {
throw new CmsDataAccessException(
org.opencms.security.Messages.get().container(
org.opencms.security.Messages.ERR_ORGUNIT_ROOT_EDITION_0));
}
}
// add the new resource
CmsRelation relation = new CmsRelation(ouResource, resource, CmsRelationType.OU_RESOURCE);
m_driverManager.getVfsDriver(dbc).createRelation(dbc, dbc.currentProject().getUuid(), relation);
m_driverManager.getVfsDriver(dbc).createRelation(dbc, CmsProject.ONLINE_PROJECT_ID, relation);
try {
// be sure the project was not deleted
CmsProject project = m_driverManager.readProject(dbc, orgUnit.getProjectId());
// maintain the default project synchronized
m_driverManager.getProjectDriver(dbc).createProjectResource(
dbc,
orgUnit.getProjectId(),
resource.getRootPath());
OpenCms.fireCmsEvent(
I_CmsEventListener.EVENT_PROJECT_MODIFIED,
Collections. singletonMap("project", project));
} catch (CmsDbEntryNotFoundException e) {
// ignore
} finally {
// fire a resource modification event
Map data = new HashMap(2);
data.put(I_CmsEventListener.KEY_RESOURCE, ouResource);
data.put(I_CmsEventListener.KEY_CHANGE, new Integer(CmsDriverManager.CHANGED_RESOURCE));
OpenCms.fireCmsEvent(new CmsEvent(I_CmsEventListener.EVENT_RESOURCE_MODIFIED, data));
}
} catch (CmsException e) {
throw new CmsDataAccessException(e.getMessageContainer(), e);
}
}
/**
* @see org.opencms.db.I_CmsUserDriver#countUsers(org.opencms.db.CmsDbContext, org.opencms.file.CmsUserSearchParameters)
*/
public long countUsers(CmsDbContext dbc, CmsUserSearchParameters searchParams) throws CmsDataAccessException {
long userCount = -1;
try {
CmsUserQueryBuilder builder = new CmsJpaUserQueryBuilder();
CmsPair> queryData = builder.createUserQuery(searchParams, true);
Query q = m_sqlManager.createQueryWithParametersFromJPQL(dbc, queryData.getFirst(), queryData.getSecond());
Number number = (Number)q.getSingleResult();
userCount = number.intValue();
} catch (PersistenceException e) {
throw new CmsDataAccessException(Messages.get().container(Messages.ERR_JPA_PERSITENCE_1, e), e);
}
return userCount;
}
/**
* @see org.opencms.db.I_CmsUserDriver#createAccessControlEntry(org.opencms.db.CmsDbContext, org.opencms.file.CmsProject, org.opencms.util.CmsUUID, org.opencms.util.CmsUUID, int, int, int)
*/
public void createAccessControlEntry(
CmsDbContext dbc,
CmsProject project,
CmsUUID resource,
CmsUUID principal,
int allowed,
int denied,
int flags) throws CmsDataAccessException {
try {
I_CmsDAOAccessControl pac = CmsProject.isOnlineProject(project.getUuid())
? new CmsDAOOnlineAccessControl()
: new CmsDAOOfflineAccessControl();
pac.setResourceId(resource.toString());
pac.setPrincipalId(principal.toString());
pac.setAccessAllowed(allowed);
pac.setAccessDenied(denied);
pac.setAccessFlags(flags);
m_sqlManager.persist(dbc, pac);
} catch (PersistenceException e) {
throw new CmsDataAccessException(Messages.get().container(Messages.ERR_JPA_PERSITENCE_1, e), e);
}
}
/**
* @see org.opencms.db.I_CmsUserDriver#createGroup(org.opencms.db.CmsDbContext, org.opencms.util.CmsUUID, java.lang.String, java.lang.String, int, java.lang.String)
*/
public CmsGroup createGroup(
CmsDbContext dbc,
CmsUUID groupId,
String groupFqn,
String description,
int flags,
String parentGroupFqn) throws CmsDataAccessException {
CmsUUID parentId = CmsUUID.getNullUUID();
CmsGroup group = null;
if (existsGroup(dbc, groupFqn)) {
CmsMessageContainer message = Messages.get().container(
Messages.ERR_GROUP_WITH_NAME_ALREADY_EXISTS_1,
groupFqn);
if (LOG.isErrorEnabled()) {
LOG.error(message.key());
}
throw new CmsDbEntryAlreadyExistsException(message);
}
try {
// get the id of the parent group if necessary
if (CmsStringUtil.isNotEmpty(parentGroupFqn)) {
parentId = readGroup(dbc, parentGroupFqn).getId();
}
CmsDAOGroups g = new CmsDAOGroups();
g.setGroupId(groupId.toString());
g.setParentGroupId(parentId.toString());
g.setGroupName(CmsOrganizationalUnit.getSimpleName(groupFqn));
g.setGroupDescription(m_sqlManager.validateEmpty(description));
g.setGroupFlags(flags);
g.setGroupOu(CmsOrganizationalUnit.SEPARATOR + CmsOrganizationalUnit.getParentFqn(groupFqn));
m_sqlManager.persist(dbc, g);
group = new CmsGroup(groupId, parentId, groupFqn, description, flags);
} catch (PersistenceException e) {
throw new CmsDataAccessException(Messages.get().container(Messages.ERR_JPA_PERSITENCE_1, e), e);
}
return group;
}
/**
* @see org.opencms.db.I_CmsUserDriver#createOrganizationalUnit(org.opencms.db.CmsDbContext, java.lang.String, java.lang.String, int, org.opencms.security.CmsOrganizationalUnit, String)
*/
public CmsOrganizationalUnit createOrganizationalUnit(
CmsDbContext dbc,
String name,
String description,
int flags,
CmsOrganizationalUnit parent,
String associatedResource) throws CmsDataAccessException {
// check the parent
if ((parent == null) && !name.equals("")) {
throw new CmsDataAccessException(
org.opencms.db.Messages.get().container(org.opencms.db.Messages.ERR_PARENT_ORGUNIT_NULL_0));
}
try {
// get the parent ou folder
CmsResource parentFolder = internalOrgUnitFolder(dbc, parent);
CmsResource resource = null;
// only normal OUs have to have at least one resource
if (((flags & CmsOrganizationalUnit.FLAG_WEBUSERS) == 0) || (associatedResource != null)) {
// check that the associated resource exists and if is a folder
resource = m_driverManager.readFolder(dbc, associatedResource, CmsResourceFilter.ALL);
}
String ouPath = ORGUNIT_BASE_FOLDER;
// validate resource
if ((parentFolder != null) && (resource != null)) {
internalValidateResourceForOrgUnit(
dbc,
internalCreateOrgUnitFromResource(dbc, parentFolder),
resource.getRootPath());
}
if (parentFolder != null) {
ouPath = parentFolder.getRootPath();
if (!ouPath.endsWith("/")) {
ouPath += "/";
}
}
// create the resource
CmsResource ouFolder = internalCreateResourceForOrgUnit(dbc, ouPath + name, flags);
// write description property
internalWriteOrgUnitProperty(
dbc,
ouFolder,
new CmsProperty(ORGUNIT_PROPERTY_DESCRIPTION, description, null));
// create the ou object
CmsOrganizationalUnit ou = internalCreateOrgUnitFromResource(dbc, ouFolder);
if ((ou.getParentFqn() != null)) {
// if not the root ou, create default roles & groups
// for the root ou, are created in #fillDefaults
Locale locale = CmsLocaleManager.getDefaultLocale();
if (dbc.getRequestContext() != null) {
locale = dbc.getRequestContext().getLocale();
}
// create default groups
internalCreateDefaultGroups(dbc, ou.getName(), ou.getDisplayName(locale), ou.hasFlagWebuser());
if (!ou.hasFlagWebuser()) {
// create default project
CmsProject project = m_driverManager.createProject(
dbc,
ou.getName() + OFFLINE_PROJECT_NAME,
"",
ou.getName() + OpenCms.getDefaultUsers().getGroupUsers(),
ou.getName() + OpenCms.getDefaultUsers().getGroupUsers(),
CmsProject.PROJECT_TYPE_NORMAL);
// write project id property
internalWriteOrgUnitProperty(
dbc,
ouFolder,
new CmsProperty(ORGUNIT_PROPERTY_PROJECTID, project.getUuid().toString(), null));
} else {
// write project id property
internalWriteOrgUnitProperty(
dbc,
ouFolder,
new CmsProperty(ORGUNIT_PROPERTY_PROJECTID, CmsUUID.getNullUUID().toString(), null));
}
} else {
// write project id property
internalWriteOrgUnitProperty(
dbc,
ouFolder,
new CmsProperty(ORGUNIT_PROPERTY_PROJECTID, CmsUUID.getNullUUID().toString(), null));
}
// reread the ou, to actualize the project id
ou = internalCreateOrgUnitFromResource(dbc, ouFolder);
if (resource != null) {
// add the given resource
m_driverManager.addResourceToOrgUnit(dbc, ou, resource);
}
OpenCms.fireCmsEvent(I_CmsEventListener.EVENT_CLEAR_ONLINE_CACHES, null);
// return the new created ou
return ou;
} catch (CmsException e) {
throw new CmsDataAccessException(e.getMessageContainer(), e);
}
}
/**
* @see org.opencms.db.I_CmsUserDriver#createRootOrganizationalUnit(org.opencms.db.CmsDbContext)
*/
public void createRootOrganizationalUnit(CmsDbContext dbc) {
try {
readOrganizationalUnit(dbc, "");
} catch (CmsException e) {
try {
CmsProject onlineProject = dbc.currentProject();
CmsProject setupProject = onlineProject;
// get the right offline project
try {
// this if setting up OpenCms
setupProject = m_driverManager.readProject(dbc, I_CmsProjectDriver.SETUP_PROJECT_NAME);
} catch (CmsException exc) {
// this if updating OpenCms
try {
setupProject = m_driverManager.readProject(dbc, "Offline");
} catch (CmsException exc2) {
// there is nothing to do, if no offline project found
}
}
dbc.getRequestContext().setCurrentProject(setupProject);
try {
createOrganizationalUnit(
dbc,
"",
CmsMacroResolver.localizedKeyMacro(Messages.GUI_ORGUNIT_ROOT_DESCRIPTION_0, null),
0,
null,
"/");
} finally {
dbc.getRequestContext().setCurrentProject(onlineProject);
}
if (CmsLog.INIT.isInfoEnabled()) {
CmsLog.INIT.info(Messages.get().getBundle().key(Messages.INIT_ROOT_ORGUNIT_DEFAULTS_INITIALIZED_0));
}
} catch (CmsException exc) {
if (CmsLog.INIT.isErrorEnabled()) {
CmsLog.INIT.error(
Messages.get().getBundle().key(Messages.INIT_ROOT_ORGUNIT_INITIALIZATION_FAILED_0),
exc);
}
throw new CmsInitException(
org.opencms.db.generic.Messages.get().container(
org.opencms.db.generic.Messages.ERR_INITIALIZING_USER_DRIVER_0),
exc);
}
}
}
/**
* @see org.opencms.db.I_CmsUserDriver#createUser(CmsDbContext, CmsUUID, String, String, String, String, String, long, int, long, Map)
*/
public CmsUser createUser(
CmsDbContext dbc,
CmsUUID id,
String userFqn,
String password,
String firstname,
String lastname,
String email,
long lastlogin,
int flags,
long dateCreated,
Map additionalInfos) throws CmsDataAccessException {
if (existsUser(dbc, userFqn)) {
CmsMessageContainer message = Messages.get().container(
Messages.ERR_USER_WITH_NAME_ALREADY_EXISTS_1,
userFqn);
if (LOG.isErrorEnabled()) {
LOG.error(message.key());
}
throw new CmsDbEntryAlreadyExistsException(message);
}
try {
CmsDAOUsers u = new CmsDAOUsers();
u.setUserId(id.toString());
u.setUserName(CmsOrganizationalUnit.getSimpleName(userFqn));
u.setUserPassword(password);
u.setUserFirstName(m_sqlManager.validateEmpty(firstname));
u.setUserLastName(m_sqlManager.validateEmpty(lastname));
u.setUserEmail(m_sqlManager.validateEmpty(email));
u.setUserLastLogin(lastlogin);
u.setUserFlags(flags);
u.setUserOu(CmsOrganizationalUnit.SEPARATOR + CmsOrganizationalUnit.getParentFqn(userFqn));
u.setUserDateCreated((dateCreated == 0 ? System.currentTimeMillis() : dateCreated));
m_sqlManager.persist(dbc, u);
} catch (PersistenceException e) {
throw new CmsDataAccessException(Messages.get().container(Messages.ERR_JPA_PERSITENCE_1, e), e);
}
internalWriteUserInfos(dbc, id, additionalInfos);
return readUser(dbc, id);
}
/**
* @see org.opencms.db.I_CmsUserDriver#createUserInGroup(org.opencms.db.CmsDbContext, org.opencms.util.CmsUUID, org.opencms.util.CmsUUID)
*/
public void createUserInGroup(CmsDbContext dbc, CmsUUID userId, CmsUUID groupId) throws CmsDataAccessException {
// check if user is already in group
if (!internalValidateUserInGroup(dbc, userId, groupId)) {
// if not, add this user to the group
try {
CmsDAOGroupUsers gu = new CmsDAOGroupUsers();
gu.setGroupId(groupId.toString());
gu.setUserId(userId.toString());
// flag field is not used yet
gu.setGroupUserFlags(0);
m_sqlManager.persist(dbc, gu);
} catch (PersistenceException e) {
throw new CmsDataAccessException(Messages.get().container(Messages.ERR_JPA_PERSITENCE_1, e), e);
}
}
}
/**
* Possibly there is no need for this method.
*
* TODO: check if this method is used somewhere
* TODO: remove this method
*
* @param dbc the db context
* @param project the project
* @param resource the resource's UUID
*
* @throws CmsDataAccessException if something goes wrong
*/
public void deleteAccessControlEntries(CmsDbContext dbc, CmsProject project, CmsUUID resource)
throws CmsDataAccessException {
removeAccessControlEntries(dbc, project, resource);
}
/**
* @see org.opencms.db.I_CmsUserDriver#deleteGroup(org.opencms.db.CmsDbContext, java.lang.String)
*/
public void deleteGroup(CmsDbContext dbc, String groupFqn) throws CmsDataAccessException {
try {
Query q = m_sqlManager.createQuery(dbc, C_GROUPS_DELETE_GROUP_2);
q.setParameter(1, CmsOrganizationalUnit.getSimpleName(groupFqn));
q.setParameter(2, CmsOrganizationalUnit.SEPARATOR + CmsOrganizationalUnit.getParentFqn(groupFqn));
List res = q.getResultList();
for (CmsDAOGroups g : res) {
m_sqlManager.remove(dbc, g);
}
} catch (PersistenceException e) {
throw new CmsDataAccessException(Messages.get().container(Messages.ERR_JPA_PERSITENCE_1, e), e);
}
}
/**
* @see org.opencms.db.I_CmsUserDriver#deleteOrganizationalUnit(org.opencms.db.CmsDbContext, org.opencms.security.CmsOrganizationalUnit)
*/
public void deleteOrganizationalUnit(CmsDbContext dbc, CmsOrganizationalUnit organizationalUnit)
throws CmsDataAccessException {
try {
CmsResource resource = m_driverManager.readResource(
dbc,
ORGUNIT_BASE_FOLDER + organizationalUnit.getName(),
CmsResourceFilter.DEFAULT);
internalDeleteOrgUnitResource(dbc, resource);
if (organizationalUnit.getProjectId() != null) {
try {
// maintain the default project synchronized
m_driverManager.deleteProject(
dbc,
m_driverManager.readProject(dbc, organizationalUnit.getProjectId()));
} catch (CmsDbEntryNotFoundException e) {
// ignore
}
}
} catch (CmsException e) {
throw new CmsDataAccessException(e.getMessageContainer(), e);
}
}
/**
* @see org.opencms.db.I_CmsUserDriver#deleteUser(org.opencms.db.CmsDbContext, java.lang.String)
*/
public void deleteUser(CmsDbContext dbc, String userFqn) throws CmsDataAccessException {
CmsUser user = readUser(dbc, userFqn);
try {
Query q = m_sqlManager.createQuery(dbc, C_USERS_DELETE_2);
q.setParameter(1, CmsOrganizationalUnit.getSimpleName(userFqn));
q.setParameter(2, CmsOrganizationalUnit.SEPARATOR + CmsOrganizationalUnit.getParentFqn(userFqn));
List res = q.getResultList();
for (CmsDAOUsers u : res) {
m_sqlManager.remove(dbc, u);
}
} catch (PersistenceException e) {
throw new CmsDataAccessException(Messages.get().container(Messages.ERR_JPA_PERSITENCE_1, e), e);
}
// delete the additional infos
deleteUserInfos(dbc, user.getId());
if (OpenCms.getSubscriptionManager().isEnabled()) {
// delete visited resource information from log
CmsVisitEntryFilter filter = CmsVisitEntryFilter.ALL.filterUser(user.getId());
m_driverManager.getSubscriptionDriver().deleteVisits(
dbc,
OpenCms.getSubscriptionManager().getPoolName(),
filter);
// delete all subscribed resources for user
m_driverManager.getSubscriptionDriver().unsubscribeAllResourcesFor(
dbc,
OpenCms.getSubscriptionManager().getPoolName(),
user);
}
}
/**
* @see org.opencms.db.I_CmsUserDriver#deleteUserInfos(org.opencms.db.CmsDbContext, org.opencms.util.CmsUUID)
*/
public void deleteUserInfos(CmsDbContext dbc, CmsUUID userId) throws CmsDataAccessException {
try {
Query q = m_sqlManager.createQuery(dbc, C_USERDATA_READ_1);
q.setParameter(1, userId.toString());
List res = q.getResultList();
for (CmsDAOUserData ud : res) {
m_sqlManager.remove(dbc, ud);
}
} catch (PersistenceException e) {
throw new CmsDataAccessException(Messages.get().container(Messages.ERR_JPA_PERSITENCE_1, e), e);
}
}
/**
* @see org.opencms.db.I_CmsUserDriver#deleteUserInGroup(org.opencms.db.CmsDbContext, org.opencms.util.CmsUUID, org.opencms.util.CmsUUID)
*/
public void deleteUserInGroup(CmsDbContext dbc, CmsUUID userId, CmsUUID groupId) throws CmsDataAccessException {
try {
CmsDAOGroupUsersPK pk = new CmsDAOGroupUsersPK();
pk.setGroupId(groupId.toString());
pk.setUserId(userId.toString());
CmsDAOGroupUsers gu = m_sqlManager.find(dbc, CmsDAOGroupUsers.class, pk);
if (gu != null) {
m_sqlManager.remove(dbc, gu);
}
} catch (PersistenceException e) {
throw new CmsDataAccessException(Messages.get().container(Messages.ERR_JPA_PERSITENCE_1, e), e);
}
}
/**
* @see org.opencms.db.I_CmsUserDriver#destroy()
*/
public void destroy() throws Throwable {
m_sqlManager = null;
m_driverManager = null;
if (CmsLog.INIT.isInfoEnabled()) {
CmsLog.INIT.info(Messages.get().getBundle().key(Messages.INIT_SHUTDOWN_DRIVER_1, getClass().getName()));
}
}
/**
* @see org.opencms.db.I_CmsUserDriver#existsGroup(org.opencms.db.CmsDbContext, java.lang.String)
*/
public boolean existsGroup(CmsDbContext dbc, String groupFqn) throws CmsDataAccessException {
boolean result = false;
try {
Query q = m_sqlManager.createQuery(dbc, C_GROUPS_CHECK_BY_NAME_2);
q.setParameter(1, CmsOrganizationalUnit.getSimpleName(groupFqn));
q.setParameter(2, CmsOrganizationalUnit.SEPARATOR + CmsOrganizationalUnit.getParentFqn(groupFqn));
int count = CmsDataTypeUtil.numberToInt((Number)q.getSingleResult());
if (count > 0) {
result = true;
}
} catch (PersistenceException e) {
throw new CmsDataAccessException(Messages.get().container(Messages.ERR_JPA_PERSITENCE_1, e), e);
}
return result;
}
/**
* @see org.opencms.db.I_CmsUserDriver#existsUser(org.opencms.db.CmsDbContext, java.lang.String)
*/
public boolean existsUser(CmsDbContext dbc, String userFqn) throws CmsDataAccessException {
boolean result = false;
try {
Query q = m_sqlManager.createQuery(dbc, C_USERS_CHECK_BY_NAME_2);
q.setParameter(1, CmsOrganizationalUnit.getSimpleName(userFqn));
q.setParameter(2, CmsOrganizationalUnit.SEPARATOR + CmsOrganizationalUnit.getParentFqn(userFqn));
int count = CmsDataTypeUtil.numberToInt((Number)q.getSingleResult());
if (count > 0) {
result = true;
}
} catch (PersistenceException e) {
throw new CmsDataAccessException(Messages.get().container(Messages.ERR_JPA_PERSITENCE_1, e), e);
}
return result;
}
/**
* @see org.opencms.db.I_CmsUserDriver#fillDefaults(org.opencms.db.CmsDbContext)
*/
public void fillDefaults(CmsDbContext dbc) throws CmsInitException {
try {
internalCreateDefaultGroups(dbc, "", "", false);
} catch (CmsException e) {
if (CmsLog.INIT.isErrorEnabled()) {
CmsLog.INIT.error(Messages.get().getBundle().key(Messages.INIT_DEFAULT_USERS_CREATION_FAILED_0), e);
}
throw new CmsInitException(Messages.get().container(Messages.ERR_INITIALIZING_USER_DRIVER_0), e);
}
}
/**
* @see org.opencms.db.I_CmsUserDriver#getGroups(org.opencms.db.CmsDbContext, org.opencms.security.CmsOrganizationalUnit, boolean, boolean)
*/
public List getGroups(
CmsDbContext dbc,
CmsOrganizationalUnit orgUnit,
boolean includeSubOus,
boolean readRoles) throws CmsDataAccessException {
// compose the query
String sqlQuery = createRoleQuery(C_GROUPS_GET_GROUPS_0, includeSubOus, readRoles);
// adjust parameter to use with LIKE
String ouFqn = CmsOrganizationalUnit.SEPARATOR + orgUnit.getName();
if (includeSubOus) {
ouFqn += "%";
}
// execute it
List groups = new ArrayList();
try {
// create query
Query q = m_sqlManager.createQueryFromJPQL(dbc, sqlQuery);
q.setParameter(1, ouFqn);
q.setParameter(2, Integer.valueOf(I_CmsPrincipal.FLAG_GROUP_ROLE));
List res = q.getResultList();
// create new Cms group objects
for (CmsDAOGroups g : res) {
groups.add(internalCreateGroup(g));
}
} catch (PersistenceException e) {
throw new CmsDataAccessException(Messages.get().container(Messages.ERR_JPA_PERSITENCE_1, e), e);
}
return groups;
}
/**
* @see org.opencms.db.I_CmsUserDriver#getOrganizationalUnits(org.opencms.db.CmsDbContext, org.opencms.security.CmsOrganizationalUnit, boolean)
*/
public List getOrganizationalUnits(
CmsDbContext dbc,
CmsOrganizationalUnit parent,
boolean includeChildren) throws CmsDataAccessException {
List orgUnits = new ArrayList();
try {
CmsResource parentFolder = internalOrgUnitFolder(dbc, parent);
Iterator itResources = m_driverManager.readResources(
dbc,
parentFolder,
CmsResourceFilter.DEFAULT,
includeChildren).iterator();
while (itResources.hasNext()) {
CmsResource resource = itResources.next();
orgUnits.add(internalCreateOrgUnitFromResource(dbc, resource));
}
} catch (CmsException e) {
throw new CmsDataAccessException(e.getMessageContainer(), e);
}
return orgUnits;
}
/**
* @see org.opencms.db.I_CmsUserDriver#getResourcesForOrganizationalUnit(org.opencms.db.CmsDbContext, org.opencms.security.CmsOrganizationalUnit)
*/
public List getResourcesForOrganizationalUnit(CmsDbContext dbc, CmsOrganizationalUnit orgUnit)
throws CmsDataAccessException {
List result = new ArrayList();
try {
CmsResource ouResource = m_driverManager.readResource(
dbc,
ORGUNIT_BASE_FOLDER + orgUnit.getName(),
CmsResourceFilter.ALL);
Iterator itPaths = internalResourcesForOrgUnit(dbc, ouResource).iterator();
while (itPaths.hasNext()) {
String path = itPaths.next();
try {
result.add(m_driverManager.readResource(dbc, path, CmsResourceFilter.ALL));
} catch (CmsVfsResourceNotFoundException e) {
LOG.error(e.getLocalizedMessage(), e);
}
}
} catch (CmsException e) {
throw new CmsDataAccessException(e.getMessageContainer(), e);
}
return result;
}
/**
* @see org.opencms.db.I_CmsUserDriver#getSqlManager()
*/
public CmsSqlManager getSqlManager() {
return m_sqlManager;
}
/**
* @see org.opencms.db.I_CmsUserDriver#getUsers(org.opencms.db.CmsDbContext, org.opencms.security.CmsOrganizationalUnit, boolean)
*/
public List getUsers(CmsDbContext dbc, CmsOrganizationalUnit orgUnit, boolean recursive)
throws CmsDataAccessException {
List users = new ArrayList();
try {
Query q;
// create statement
if (orgUnit.hasFlagWebuser()) {
q = m_sqlManager.createQuery(dbc, C_USERS_GET_WEBUSERS_FOR_ORGUNIT_1);
} else {
q = m_sqlManager.createQuery(dbc, C_USERS_GET_USERS_FOR_ORGUNIT_1);
}
String param = CmsOrganizationalUnit.SEPARATOR + orgUnit.getName();
if (recursive) {
param += "%";
}
q.setParameter(1, param);
List res = q.getResultList();
// create new Cms group objects
for (CmsDAOUsers u : res) {
users.add(internalCreateUser(dbc, u));
}
} catch (PersistenceException e) {
throw new CmsDataAccessException(Messages.get().container(Messages.ERR_JPA_PERSITENCE_1, e), e);
}
return users;
}
/**
* @see org.opencms.db.I_CmsUserDriver#getUsersWithoutAdditionalInfo(org.opencms.db.CmsDbContext, org.opencms.security.CmsOrganizationalUnit, boolean)
*/
public List getUsersWithoutAdditionalInfo(
CmsDbContext dbc,
CmsOrganizationalUnit orgUnit,
boolean recursive) throws CmsDataAccessException {
//TODO: disable fetching of additional infos
return getUsers(dbc, orgUnit, recursive);
}
/**
* @see org.opencms.db.I_CmsDriver#init(org.opencms.db.CmsDbContext, org.opencms.configuration.CmsConfigurationManager, java.util.List, org.opencms.db.CmsDriverManager)
*/
public void init(
CmsDbContext dbc,
CmsConfigurationManager configurationManager,
List successiveDrivers,
CmsDriverManager driverManager) {
CmsParameterConfiguration config = configurationManager.getConfiguration();
String poolUrl = config.get("db.user.pool");
String classname = config.get("db.user.sqlmanager");
m_sqlManager = initSqlManager(classname);
m_driverManager = driverManager;
if (CmsLog.INIT.isInfoEnabled()) {
CmsLog.INIT.info(Messages.get().getBundle().key(Messages.INIT_ASSIGNED_POOL_1, poolUrl));
}
m_digestAlgorithm = config.getString(CmsDriverManager.CONFIGURATION_DB + ".user.digest.type", "MD5");
if (CmsLog.INIT.isInfoEnabled()) {
CmsLog.INIT.info(Messages.get().getBundle().key(Messages.INIT_DIGEST_ALGORITHM_1, m_digestAlgorithm));
}
m_digestFileEncoding = config.getString(
CmsDriverManager.CONFIGURATION_DB + ".user.digest.encoding",
CmsEncoder.ENCODING_UTF_8);
if (CmsLog.INIT.isInfoEnabled()) {
CmsLog.INIT.info(Messages.get().getBundle().key(Messages.INIT_DIGEST_ENCODING_1, m_digestFileEncoding));
}
// create the digest
try {
m_digest = MessageDigest.getInstance(m_digestAlgorithm);
if (CmsLog.INIT.isInfoEnabled()) {
CmsLog.INIT.info(
Messages.get().getBundle().key(
Messages.INIT_DIGEST_ENC_3,
m_digest.getAlgorithm(),
m_digest.getProvider().getName(),
String.valueOf(m_digest.getProvider().getVersion())));
}
} catch (NoSuchAlgorithmException e) {
if (CmsLog.INIT.isInfoEnabled()) {
CmsLog.INIT.info(Messages.get().getBundle().key(Messages.INIT_SET_DIGEST_ERROR_0), e);
}
}
if ((successiveDrivers != null) && !successiveDrivers.isEmpty()) {
if (LOG.isWarnEnabled()) {
LOG.warn(
Messages.get().getBundle().key(
Messages.LOG_SUCCESSIVE_DRIVERS_UNSUPPORTED_1,
getClass().getName()));
}
}
}
/**
* @see org.opencms.db.I_CmsUserDriver#initSqlManager(String)
*/
public CmsSqlManager initSqlManager(String classname) {
return CmsSqlManager.getInstance(classname);
}
/**
* @see org.opencms.db.I_CmsUserDriver#publishAccessControlEntries(org.opencms.db.CmsDbContext, org.opencms.file.CmsProject, org.opencms.file.CmsProject, org.opencms.util.CmsUUID, org.opencms.util.CmsUUID)
*/
public void publishAccessControlEntries(
CmsDbContext dbc,
CmsProject offlineProject,
CmsProject onlineProject,
CmsUUID offlineId,
CmsUUID onlineId) throws CmsDataAccessException {
// at first, we remove all access contries of this resource in the online project
m_driverManager.getUserDriver(dbc).removeAccessControlEntries(dbc, onlineProject, onlineId);
// then, we copy the access control entries from the offline project into the online project
CmsUUID dbcProjectId = dbc.getProjectId();
if ((dbcProjectId != null) && !dbc.getProjectId().isNullUUID()) {
dbc.setProjectId(offlineProject.getUuid());
} else {
dbc.setProjectId(CmsUUID.getNullUUID());
}
List aces = m_driverManager.getUserDriver(dbc).readAccessControlEntries(
dbc,
offlineProject,
offlineId,
false);
dbc.setProjectId(dbcProjectId);
for (CmsAccessControlEntry ace : aces) {
m_driverManager.getUserDriver(dbc).writeAccessControlEntry(dbc, onlineProject, ace);
}
}
/**
* @see org.opencms.db.I_CmsUserDriver#readAccessControlEntries(org.opencms.db.CmsDbContext, org.opencms.file.CmsProject, org.opencms.util.CmsUUID, boolean)
*/
public List readAccessControlEntries(
CmsDbContext dbc,
CmsProject project,
CmsUUID resource,
boolean inheritedOnly) throws CmsDataAccessException {
List aceList = new ArrayList();
try {
Query q;
if (resource.equals(CmsAccessControlEntry.PRINCIPAL_READALL_ID)) {
q = m_sqlManager.createQuery(dbc, project, C_ACCESS_READ_ENTRIES_0);
} else {
q = m_sqlManager.createQuery(dbc, project, C_ACCESS_READ_ENTRIES_1);
String resId = resource.toString();
q.setParameter(1, resId);
}
List res = q.getResultList();
// create new CmsAccessControlEntry and add to list
for (I_CmsDAOAccessControl ac : res) {
CmsAccessControlEntry ace = internalCreateAce(ac);
if (inheritedOnly && !ace.isInheriting()) {
continue;
}
if (inheritedOnly && ace.isInheriting()) {
ace.setFlags(CmsAccessControlEntry.ACCESS_FLAGS_INHERITED);
}
aceList.add(ace);
}
return aceList;
} catch (PersistenceException e) {
throw new CmsDataAccessException(Messages.get().container(Messages.ERR_JPA_PERSITENCE_1, e), e);
}
}
/**
* @see org.opencms.db.I_CmsUserDriver#readAccessControlEntry(org.opencms.db.CmsDbContext, org.opencms.file.CmsProject, org.opencms.util.CmsUUID, org.opencms.util.CmsUUID)
*/
public CmsAccessControlEntry readAccessControlEntry(
CmsDbContext dbc,
CmsProject project,
CmsUUID resource,
CmsUUID principal) throws CmsDataAccessException {
CmsAccessControlEntry ace = null;
try {
Query q = m_sqlManager.createQuery(dbc, project, C_ACCESS_READ_ENTRY_2);
q.setParameter(1, resource.toString());
q.setParameter(2, principal.toString());
try {
I_CmsDAOAccessControl ac = (I_CmsDAOAccessControl)q.getSingleResult();
ace = internalCreateAce(ac);
} catch (NoResultException e) {
throw new CmsDbEntryNotFoundException(
Messages.get().container(Messages.ERR_NO_ACE_FOUND_2, resource, principal));
}
return ace;
} catch (PersistenceException e) {
throw new CmsDataAccessException(Messages.get().container(Messages.ERR_JPA_PERSITENCE_1, e), e);
}
}
/**
* @see org.opencms.db.I_CmsUserDriver#readChildGroups(org.opencms.db.CmsDbContext, java.lang.String)
*/
public List readChildGroups(CmsDbContext dbc, String parentGroupFqn) throws CmsDataAccessException {
List children = new ArrayList();
try {
// get parent group
CmsGroup parent = m_driverManager.getUserDriver(dbc).readGroup(dbc, parentGroupFqn);
// parent group exists, so get all children
if (parent != null) {
// create statement
Query q = m_sqlManager.createQuery(dbc, C_GROUPS_GET_CHILD_1);
q.setParameter(1, parent.getId().toString());
List res = q.getResultList();
// create new Cms group objects
for (CmsDAOGroups g : res) {
children.add(internalCreateGroup(g));
}
}
} catch (PersistenceException e) {
throw new CmsDataAccessException(Messages.get().container(Messages.ERR_JPA_PERSITENCE_1, e), e);
}
return children;
}
/**
* @see org.opencms.db.I_CmsUserDriver#readGroup(org.opencms.db.CmsDbContext, org.opencms.util.CmsUUID)
*/
public CmsGroup readGroup(CmsDbContext dbc, CmsUUID groupId) throws CmsDataAccessException {
CmsGroup group = null;
try {
CmsDAOGroups g = m_sqlManager.find(dbc, CmsDAOGroups.class, groupId.toString());
if (g != null) {
group = internalCreateGroup(g);
} else {
CmsMessageContainer message = Messages.get().container(Messages.ERR_NO_GROUP_WITH_ID_1, groupId);
if (LOG.isDebugEnabled()) {
LOG.debug(message.key());
}
throw new CmsDbEntryNotFoundException(message);
}
} catch (PersistenceException e) {
throw new CmsDataAccessException(Messages.get().container(Messages.ERR_JPA_PERSITENCE_1, e), e);
}
return group;
}
/**
* @see org.opencms.db.I_CmsUserDriver#readGroup(org.opencms.db.CmsDbContext, java.lang.String)
*/
public CmsGroup readGroup(CmsDbContext dbc, String groupFqn) throws CmsDataAccessException {
CmsGroup group = null;
try {
Query q = m_sqlManager.createQuery(dbc, C_GROUPS_READ_BY_NAME_2);
// read the group from the database
q.setParameter(1, CmsOrganizationalUnit.getSimpleName(groupFqn));
q.setParameter(2, CmsOrganizationalUnit.SEPARATOR + CmsOrganizationalUnit.getParentFqn(groupFqn));
try {
CmsDAOGroups g = (CmsDAOGroups)q.getSingleResult();
group = internalCreateGroup(g);
} catch (NoResultException e) {
CmsMessageContainer message = org.opencms.db.Messages.get().container(
org.opencms.db.Messages.ERR_UNKNOWN_GROUP_1,
groupFqn);
if (LOG.isDebugEnabled()) {
LOG.debug(message.key(), new Exception());
}
throw new CmsDbEntryNotFoundException(message);
}
} catch (PersistenceException e) {
throw new CmsDataAccessException(Messages.get().container(Messages.ERR_JPA_PERSITENCE_1, e), e);
}
return group;
}
/**
* @see org.opencms.db.I_CmsUserDriver#readGroupsOfUser(CmsDbContext, CmsUUID, String, boolean, String, boolean)
*/
public List readGroupsOfUser(
CmsDbContext dbc,
CmsUUID userId,
String ouFqn,
boolean includeChildOus,
String remoteAddress,
boolean readRoles) throws CmsDataAccessException {
// compose the query
String sqlQuery = createRoleQuery(C_GROUPS_GET_GROUPS_OF_USER_1, includeChildOus, readRoles);
// adjust parameter to use with LIKE
String ouFqnParam = CmsOrganizationalUnit.SEPARATOR + ouFqn;
if (includeChildOus) {
ouFqnParam += "%";
}
// execute it
List groups = new ArrayList();
try {
Query q = m_sqlManager.createQueryFromJPQL(dbc, sqlQuery);
// get all all groups of the user
q.setParameter(1, userId.toString());
q.setParameter(2, ouFqnParam);
q.setParameter(3, Integer.valueOf(I_CmsPrincipal.FLAG_GROUP_ROLE));
List