1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.apache.jetspeed.services;
18
19 import java.security.Principal;
20 import java.util.Iterator;
21 import java.util.List;
22
23 import org.apache.jetspeed.om.SecurityReference;
24 import org.apache.jetspeed.om.profile.Entry;
25 import org.apache.jetspeed.om.registry.PortletEntry;
26 import org.apache.jetspeed.om.registry.RegistryEntry;
27 import org.apache.jetspeed.om.security.Group;
28 import org.apache.jetspeed.om.security.JetspeedUser;
29 import org.apache.jetspeed.om.security.Permission;
30 import org.apache.jetspeed.om.security.Role;
31 import org.apache.jetspeed.om.security.UserNamePrincipal;
32 import org.apache.jetspeed.portal.Portlet;
33 import org.apache.jetspeed.services.rundata.JetspeedRunData;
34 import org.apache.jetspeed.services.security.JetspeedGroupManagement;
35 import org.apache.jetspeed.services.security.JetspeedPermissionManagement;
36 import org.apache.jetspeed.services.security.JetspeedRoleManagement;
37 import org.apache.jetspeed.services.security.JetspeedSecurityException;
38 import org.apache.jetspeed.services.security.JetspeedSecurityService;
39 import org.apache.jetspeed.services.security.LoginException;
40 import org.apache.jetspeed.services.security.PortalResource;
41 import org.apache.turbine.om.security.User;
42 import org.apache.turbine.services.TurbineServices;
43
44
45 /***
46 * <P>This is a commodity static accessor class around the
47 * <code>JetspeedSecurityService</code></P>
48 *
49 * @see org.apache.jetspeed.services.security.JetspeedSecurityService
50 * @author <a href="mailto:david@bluesunrise.com">David Sean Taylor</a>
51 * @author <a href="mailto:morciuch@apache.org">Mark Orciuch</a>
52 * @author <a href="mailto:weaver@apache.org">Scott T. Weaver</a>
53 * @version $Id: JetspeedSecurity.java,v 1.21 2004/03/31 04:49:10 morciuch Exp $
54 */
55
56 abstract public class JetspeedSecurity
57 {
58 public static final String PERMISSION_VIEW = "view";
59 public static final String PERMISSION_CUSTOMIZE = "customize";
60 public static final String PERMISSION_MAXIMIZE = "maximize";
61 public static final String PERMISSION_MINIMIZE = "minimize";
62 public static final String PERMISSION_PERSONALIZE = "personalize";
63 public static final String PERMISSION_DETACH = "detach";
64 public static final String PERMISSION_CLOSE = "close";
65 public static final String PERMISSION_INFO = "info";
66 public static final String PERMISSION_PRINT_FRIENDLY = "print_friendly";
67
68
69
70
71 public static final String JETSPEED_GROUP = "Jetspeed";
72 public static final String JETSPEED_GROUP_ID = "1";
73
74 public static final String JETSPEED_ROLE_USER = "user";
75 public static final String JETSPEED_ROLE_ADMIN = "admin";
76
77 /***
78 * Alphabet consisting of upper and lowercase letters A-Z and
79 * the digits 0-9 Used to make a random password.
80 */
81 public static final char[] NUMBERS_AND_LETTERS_ALPHABET = {
82 'A','B','C','D','E','F','G','H',
83 'I','J','K','L','M','N','O','P',
84 'Q','R','S','T','U','V','W','X',
85 'Y','Z','a','b','c','d','e','f',
86 'g','h','i','j','k','l','m','n',
87 'o','p','q','r','s','t','u','v',
88 'w','x','y','z','0','1','2','3',
89 '4','5','6','7','8','9',
90 };
91
92 /***
93 * Alphabet consisting of lowercase letters a-z and
94 * the digits 0-9 Used to make a random password.
95 */
96 public static final char[] LC_NUMBERS_AND_LETTERS_ALPHABET = {
97 'a','b','c','d','e','f',
98 'g','h','i','j','k','l','m','n',
99 'o','p','q','r','s','t','u','v',
100 'w','x','y','z','0','1','2','3',
101 '4','5','6','7','8','9',
102 };
103
104 /***
105 * Commodity method for getting a reference to the service
106 * singleton
107 */
108 public static JetspeedSecurityService getService()
109 {
110 return (JetspeedSecurityService)TurbineServices
111 .getInstance()
112 .getService(JetspeedSecurityService.SERVICE_NAME);
113 }
114
115
116
117
118
119 /***
120 * @see PortalAuthentication#login
121 */
122 public static JetspeedUser login(String username, String password)
123 throws LoginException
124 {
125 return JetspeedAuthentication.login(username, password);
126 }
127
128 /***
129 * @see PortalAuthentication#getAnonymousUser
130 */
131 public static JetspeedUser getAnonymousUser()
132 throws LoginException
133 {
134 return JetspeedAuthentication.getAnonymousUser();
135 }
136
137 /***
138 * @see PortalAuthentication#logout
139 */
140 public static void logout()
141 throws LoginException
142 {
143 JetspeedAuthentication.logout();
144 }
145
146
147
148
149
150
151 /***
152 * @see JetspeedPortalAccessController#checkPermission
153 */
154 public static boolean checkPermission(JetspeedUser user, Entry entry, String action)
155 {
156 return JetspeedPortalAccessController.checkPermission(user, entry, action);
157 }
158
159 /***
160 * @see JetspeedPortalAccessController#checkPermission
161 */
162 public static boolean checkPermission(JetspeedUser user, Portlet portlet, String action)
163 {
164 return JetspeedPortalAccessController.checkPermission(user, portlet, action);
165 }
166
167 /***
168 * @see JetspeedPortalAccessController#checkPermission
169 */
170 public static boolean checkPermission(JetspeedUser user, PortalResource resource, String action)
171 {
172 return JetspeedPortalAccessController.checkPermission(user, resource, action);
173 }
174
175
176
177
178
179
180 /***
181 * @see UserManagement#getUser
182 */
183 public static JetspeedUser getUser(Principal principal)
184 throws JetspeedSecurityException
185 {
186 return JetspeedUserManagement.getUser(principal);
187 }
188
189 /***
190 * @see UserManagement#getUsers
191 */
192 public static Iterator getUsers()
193 throws JetspeedSecurityException
194 {
195 return JetspeedUserManagement.getUsers();
196 }
197
198 /***
199 * @see UserManagement#saveUser
200 */
201 public static void saveUser( JetspeedUser user )
202 throws JetspeedSecurityException
203 {
204 JetspeedUserManagement.saveUser(user);
205 }
206
207 /***
208 * @see UserManagement#addUser
209 */
210 public static void addUser( JetspeedUser user )
211 throws JetspeedSecurityException
212 {
213 JetspeedUserManagement.addUser(user);
214 }
215
216 /***
217 * @see UserManagement#getUsers(String)
218 */
219 public static Iterator getUsers(String filter)
220 throws JetspeedSecurityException
221 {
222 return JetspeedUserManagement.getUsers(filter);
223 }
224
225 /***
226 * @see UserManagement#removeUser
227 */
228 public static void removeUser(Principal principal)
229 throws JetspeedSecurityException
230 {
231 JetspeedUserManagement.removeUser(principal);
232 }
233
234 /***
235 * @see UserManagement#getUser
236 */
237 public static JetspeedUser getUser(String username)
238 throws JetspeedSecurityException
239 {
240 return JetspeedUserManagement.getUser(new UserNamePrincipal(username));
241 }
242
243 /***
244 * @see UserManagement#removeUser
245 */
246 public static void removeUser(String username)
247 throws JetspeedSecurityException
248 {
249 JetspeedUserManagement.removeUser(new UserNamePrincipal(username));
250 }
251
252
253
254
255
256
257 /***
258 * @see CredentialsManagement#changePassword
259 */
260 public static void changePassword( JetspeedUser user,
261 String oldPassword,
262 String newPassword )
263 throws JetspeedSecurityException
264 {
265 JetspeedUserManagement.changePassword(user, oldPassword, newPassword);
266
267 }
268
269 /***
270 * @see CredentialsManagement#forcePassword
271 */
272 public static void forcePassword( JetspeedUser user, String password )
273 throws JetspeedSecurityException
274 {
275 JetspeedUserManagement.forcePassword(user, password);
276 }
277
278 /***
279 * @see CredentialsManagement#encryptPassword
280 */
281 public static String encryptPassword( String password )
282 throws JetspeedSecurityException
283 {
284 return JetspeedUserManagement.encryptPassword(password);
285 }
286
287
288
289
290
291
292
293 /***
294 * @see RoleManagement#getRoles(String)
295 */
296 public static Iterator getRoles(String username)
297 throws JetspeedSecurityException
298 {
299 return JetspeedRoleManagement.getRoles(username);
300 }
301
302 /***
303 * @see RoleManagement#getRoles
304 */
305 public static Iterator getRoles()
306 throws JetspeedSecurityException
307 {
308 return JetspeedRoleManagement.getRoles();
309 }
310
311 /***
312 * @see RoleManagement#addRole
313 */
314 public static void addRole(Role role)
315 throws JetspeedSecurityException
316 {
317 JetspeedRoleManagement.addRole(role);
318 }
319
320 /***
321 * @see RoleManagement#saveRole
322 */
323 public static void saveRole(Role role)
324 throws JetspeedSecurityException
325 {
326 JetspeedRoleManagement.saveRole(role);
327 }
328
329 /***
330 * @see RoleManagement#removeRole
331 */
332 public static void removeRole(String rolename)
333 throws JetspeedSecurityException
334 {
335 JetspeedRoleManagement.removeRole(rolename);
336 }
337
338 /***
339 * @see RoleManagement#grantRole
340 */
341 public static void grantRole(String username, String rolename)
342 throws JetspeedSecurityException
343 {
344 JetspeedRoleManagement.grantRole(username,rolename);
345 }
346
347 /***
348 * @see RoleManagement#grantRole
349 */
350 public static void grantRole(String username, String rolename, String groupname)
351 throws JetspeedSecurityException
352 {
353 JetspeedRoleManagement.grantRole(username,rolename,groupname);
354 }
355
356
357 /***
358 * @see RoleManagement#revokeRole
359 */
360 public static void revokeRole(String username, String rolename)
361 throws JetspeedSecurityException
362 {
363 JetspeedRoleManagement.revokeRole(username,rolename);
364 }
365
366 /***
367 * @see RoleManagement#revokeRole()
368 */
369 public static void revokeRole(String username, String rolename, String groupname)
370 throws JetspeedSecurityException
371 {
372 JetspeedRoleManagement.revokeRole(username, rolename, groupname);
373 }
374
375
376 /***
377 * @see RoleManagement#hasRole
378 */
379 public static boolean hasRole(String username, String rolename)
380 throws JetspeedSecurityException
381 {
382 return JetspeedRoleManagement.hasRole(username,rolename);
383 }
384
385 public static boolean hasRole(String username, String rolename, String groupname)
386 throws JetspeedSecurityException
387 {
388 return JetspeedRoleManagement.hasRole(username, rolename, groupname);
389 }
390
391 /***
392 * @see RoleManagement#getRole
393 */
394 public static Role getRole(String rolename)
395 throws JetspeedSecurityException
396 {
397 return JetspeedRoleManagement.getRole(rolename);
398 }
399
400
401
402
403
404
405
406 /***
407 * @see GroupManagement#getGroups(String)
408 */
409 public static Iterator getGroups(String username)
410 throws JetspeedSecurityException
411 {
412 return JetspeedGroupManagement.getGroups(username);
413 }
414
415 /***
416 * @see GroupManagement#getGroups
417 */
418 public static Iterator getGroups()
419 throws JetspeedSecurityException
420 {
421 return JetspeedGroupManagement.getGroups();
422 }
423
424 /***
425 * @see GroupManagement#addGroup
426 */
427 public static void addGroup(Group group)
428 throws JetspeedSecurityException
429 {
430 JetspeedGroupManagement.addGroup(group);
431 }
432
433 /***
434 * @see GroupManagement#saveGroup
435 */
436 public static void saveGroup(Group group)
437 throws JetspeedSecurityException
438 {
439 JetspeedGroupManagement.saveGroup(group);
440 }
441
442 /***
443 * @see GroupManagement#removeGroup
444 */
445 public static void removeGroup(String groupname)
446 throws JetspeedSecurityException
447 {
448 JetspeedGroupManagement.removeGroup(groupname);
449 }
450
451 /***
452 * @see GroupManagement#joinGroup
453 */
454 public static void joinGroup(String username, String groupname)
455 throws JetspeedSecurityException
456 {
457 JetspeedGroupManagement.joinGroup(username,groupname);
458 }
459
460 /***
461 * @see GroupManagement#joinGroup(String username, String groupname, String rolename)
462 */
463 public static void joinGroup(String username, String groupname, String rolename)
464 throws JetspeedSecurityException
465 {
466 JetspeedGroupManagement.joinGroup(username,groupname,rolename);
467 }
468
469
470 /***
471 * @see GroupManagement#revokeGroup
472 */
473 public static void unjoinGroup(String username, String groupname)
474 throws JetspeedSecurityException
475 {
476 JetspeedGroupManagement.unjoinGroup(username,groupname);
477 }
478
479 /***
480 * @see GroupManagement#revokeGroup(String username, String groupname, String rolename)
481 */
482 public static void unjoinGroup(String username, String groupname, String rolename)
483 throws JetspeedSecurityException
484 {
485 JetspeedGroupManagement.unjoinGroup(username,groupname,rolename);
486 }
487
488 /***
489 * @see GroupManagement#inGroup
490 */
491 public static boolean inGroup(String username, String groupname)
492 throws JetspeedSecurityException
493 {
494 return JetspeedGroupManagement.inGroup(username,groupname);
495 }
496
497 /***
498 * @see GroupManagement#getGroup
499 */
500 public static Group getGroup(String groupname)
501 throws JetspeedSecurityException
502 {
503 return JetspeedGroupManagement.getGroup(groupname);
504 }
505
506
507
508
509
510
511
512
513
514 /***
515 * @see JetspeedSecurityService#getUserInstance
516 */
517 public static JetspeedUser getUserInstance()
518 {
519 return ((JetspeedSecurityService)getService()).getUserInstance();
520 }
521
522
523
524
525
526
527
528
529
530
531 /***
532 * @see JetspeedSecurityService#convertUserName
533 */
534 public static String convertUserName(String username)
535 {
536 return ((JetspeedSecurityService)getService()).convertUserName(username);
537 }
538
539 /***
540 * @see JetspeedSecurityService#convertPassword
541 */
542 public static String convertPassword(String password)
543 {
544 return ((JetspeedSecurityService)getService()).convertPassword(password);
545 }
546
547 /***
548 * @see JetspeedSecurityService#checkDisableAcccount
549 */
550 public static boolean checkDisableAccount(String username)
551 {
552 return ((JetspeedSecurityService)getService()).checkDisableAccount(username);
553 }
554
555 /***
556 * @see JetspeedSecurityService#isDisableCountCheckEnabled
557 */
558 public static boolean isDisableAccountCheckEnabled()
559 {
560 return ((JetspeedSecurityService)getService()).isDisableAccountCheckEnabled();
561 }
562
563 /***
564 * @see JetspeedSecurityService#resetDisableAccountCheck
565 */
566 public static void resetDisableAccountCheck(String username)
567 {
568 ((JetspeedSecurityService)getService()).resetDisableAccountCheck(username);
569 }
570
571 /***
572 * @see JetspeedSecurityService#areActionsDisabledForAnon
573 */
574 public static boolean areActionsDisabledForAnon()
575 {
576 return ((JetspeedSecurityService)getService()).areActionsDisabledForAnon();
577 }
578
579 /***
580 * @see JetspeedSecurityService#areActionsDisabledForAllUsers
581 */
582 public static boolean areActionsDisabledForAllUsers()
583 {
584 return ((JetspeedSecurityService)getService()).areActionsDisabledForAllUsers();
585 }
586
587
588
589
590 public static String getAnonymousUserName()
591 {
592 return ((JetspeedSecurityService)getService()).getAnonymousUserName();
593 }
594
595
596
597
598 public static List getAdminRoles()
599 {
600 return ((JetspeedSecurityService)getService()).getAdminRoles();
601 }
602
603
604
605
606 public static boolean hasAdminRole(User user)
607 {
608 return ((JetspeedSecurityService)getService()).hasAdminRole(user);
609 }
610
611
612
613
614
615
616
617 /***
618 * @see JetspeedSecurityService#checkPermission
619 */
620 public static boolean checkPermission(JetspeedRunData runData, String action, Portlet portlet)
621 {
622 return checkPermission(runData.getJetspeedUser(), portlet, action);
623 }
624
625 /***
626 * @see JetspeedSecurityService#checkPermission
627 */
628 public static boolean checkPermission(JetspeedRunData runData, String action, RegistryEntry entry)
629 {
630 return checkPermission(runData.getJetspeedUser(), new PortalResource(entry), action);
631 }
632
633
634
635
636
637
638 /***
639 * @see PermissionManagement#getPermissions(String)
640 */
641 public static Iterator getPermissions(String rolename)
642 throws JetspeedSecurityException
643 {
644 return JetspeedPermissionManagement.getPermissions(rolename);
645 }
646
647 /***
648 * @see PermissionManagement#getPermissions
649 */
650 public static Iterator getPermissions()
651 throws JetspeedSecurityException
652 {
653 return JetspeedPermissionManagement.getPermissions();
654 }
655
656 /***
657 * @see PermissionManagement#addPermission
658 */
659 public static void addPermission(Permission permission)
660 throws JetspeedSecurityException
661 {
662 JetspeedPermissionManagement.addPermission(permission);
663 }
664
665 /***
666 * @see PermissionManagement#savePermission
667 */
668 public static void savePermission(Permission permission)
669 throws JetspeedSecurityException
670 {
671 JetspeedPermissionManagement.savePermission(permission);
672 }
673
674 /***
675 * @see PermissionManagement#removePermission
676 */
677 public static void removePermission(String permissionName)
678 throws JetspeedSecurityException
679 {
680 JetspeedPermissionManagement.removePermission(permissionName);
681 }
682
683 /***
684 * @see PermissionManagement#grantPermission
685 */
686 public static void grantPermission(String roleName, String permissionName)
687 throws JetspeedSecurityException
688 {
689 JetspeedPermissionManagement.grantPermission(roleName, permissionName);
690 }
691
692 /***
693 * @see PermissionManagement#revokePermission
694 */
695 public static void revokePermission(String roleName, String permissionName)
696 throws JetspeedSecurityException
697 {
698 JetspeedPermissionManagement.revokePermission(roleName, permissionName);
699 }
700
701 /***
702 * @see PermissionManagement#hasPermission
703 */
704 public static boolean hasPermission(String roleName, String permissionName)
705 throws JetspeedSecurityException
706 {
707 return JetspeedPermissionManagement.hasPermission(roleName, permissionName);
708 }
709
710 /***
711 * @see PermissionManagement#getPermission
712 */
713 public static Permission getPermission(String permissionName)
714 throws JetspeedSecurityException
715 {
716 return JetspeedPermissionManagement.getPermission(permissionName);
717 }
718
719 /***
720 * A utility method that will generate a password consisting of random numbers and letters of length N from a specified character array
721 *
722 * @param length
723 * @param characters
724 * @return String
725 * @throws JetspeedSecurityException
726 * @author <a href="mailto:ben.woodward@bbc.co.uk">Ben Woodward</a>
727 */
728 private static String generatePassword(int length, char[] characters)
729 throws JetspeedSecurityException
730 {
731 String password = "";
732 int randomNumber = 0;
733 for (int ia = 0; ia < length; ia++)
734 {
735 randomNumber=(int)(Math.random()*NUMBERS_AND_LETTERS_ALPHABET.length);
736 password += characters[randomNumber];
737 }
738 return password;
739 }
740
741
742 /***
743 * A utility method that will generate a password consisting of random numbers and letters of length N
744 *
745 * @param length
746 * @return String
747 * @throws JetspeedSecurityException
748 * @author <a href="mailto:ben.woodward@bbc.co.uk">Ben Woodward</a>
749 */
750 public static String generateMixedCasePassword(int length)
751 throws JetspeedSecurityException
752 {
753 return generatePassword(length, NUMBERS_AND_LETTERS_ALPHABET);
754 }
755
756 /***
757 * A utility method that will generate a lowercase password consisting of random numbers and letters of length N
758 *
759 * @param length
760 * @return String
761 * @throws JetspeedSecurityException
762 * @author <a href="mailto:ben.woodward@bbc.co.uk">Ben Woodward</a>
763 */
764 public static String generateLowerCasePassword(int length)
765 throws JetspeedSecurityException
766 {
767 return generatePassword(length, LC_NUMBERS_AND_LETTERS_ALPHABET).toLowerCase();
768 }
769
770 /***
771 * A utility method that will generate an uppercase password consisting of random numbers and letters of length N
772 *
773 * @param length
774 * @return String
775 * @throws JetspeedSecurityException
776 */
777 public static String generateUpperCasePassword(int length)
778 throws JetspeedSecurityException
779 {
780 return generatePassword(length, LC_NUMBERS_AND_LETTERS_ALPHABET).toUpperCase();
781 }
782
783 /***
784 * Utility method for retreiving the correct security reference based
785 * on profile and registry information.
786 */
787 public static SecurityReference getSecurityReference(Entry entry, JetspeedRunData rundata)
788 {
789 PortletEntry pEntry = null;
790 if (entry != null)
791 {
792 pEntry = (PortletEntry) Registry.getEntry(Registry.PORTLET, entry.getParent());
793 }
794 SecurityReference securityRef = null;
795
796 if (entry != null)
797 {
798 securityRef = entry.getSecurityRef();
799 }
800
801
802 if (securityRef == null && pEntry != null)
803 {
804 securityRef = pEntry.getSecurityRef();
805 }
806
807
808 if (securityRef == null && rundata != null)
809 {
810 securityRef = PortalToolkit.getDefaultSecurityRef(rundata.getProfile());
811 }
812
813 return securityRef;
814 }
815
816 /***
817 * Checks where the security of this Entry is actually defined.
818 *@return int
819 * <ul>
820 * <li><b>0</b> if there is security assigned at the profile level.</li>
821 * <li><b>1</b> if there is security assigned at the registry level.</li>
822 * <li><b>2</b> if the 2 previous assertion are false (inheriting)</li>
823 * </ul>
824 */
825 public static int getSecuritySource(Entry entry, JetspeedRunData rundata)
826 {
827 PortletEntry pEntry = (PortletEntry) Registry.getEntry(Registry.PORTLET, entry.getParent());
828 if (entry.getSecurityRef() != null)
829 {
830 return 0;
831 }
832
833 if (pEntry != null && pEntry.getSecurityRef() != null)
834 {
835 return 1;
836 }
837
838 return 2;
839 }
840
841 }