1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.apache.jetspeed.portlets.security.users;
18
19 import java.io.IOException;
20 import java.security.Principal;
21 import java.util.ArrayList;
22 import java.util.Collection;
23 import java.util.Date;
24 import java.util.Iterator;
25 import java.util.LinkedHashMap;
26 import java.util.LinkedList;
27 import java.util.List;
28 import java.util.ResourceBundle;
29 import java.util.Set;
30 import java.util.prefs.Preferences;
31
32 import javax.portlet.ActionRequest;
33 import javax.portlet.ActionResponse;
34 import javax.portlet.PortletConfig;
35 import javax.portlet.PortletException;
36 import javax.portlet.PortletMode;
37 import javax.portlet.PortletPreferences;
38 import javax.portlet.PortletRequest;
39 import javax.portlet.RenderRequest;
40 import javax.portlet.RenderResponse;
41 import javax.security.auth.Subject;
42
43 import org.apache.jetspeed.CommonPortletServices;
44 import org.apache.jetspeed.PortalReservedParameters;
45 import org.apache.jetspeed.administration.PortalConfiguration;
46 import org.apache.jetspeed.administration.PortalConfigurationConstants;
47 import org.apache.jetspeed.audit.AuditActivity;
48 import org.apache.jetspeed.components.portletregistry.PortletRegistry;
49 import org.apache.jetspeed.container.JetspeedPortletContext;
50 import org.apache.jetspeed.om.common.UserAttribute;
51 import org.apache.jetspeed.om.common.portlet.MutablePortletApplication;
52 import org.apache.jetspeed.om.folder.Folder;
53 import org.apache.jetspeed.om.folder.FolderNotFoundException;
54 import org.apache.jetspeed.page.PageManager;
55 import org.apache.jetspeed.page.document.NodeSet;
56 import org.apache.jetspeed.portlets.security.SecurityResources;
57 import org.apache.jetspeed.portlets.security.SecurityUtil;
58 import org.apache.jetspeed.profiler.Profiler;
59 import org.apache.jetspeed.profiler.rules.PrincipalRule;
60 import org.apache.jetspeed.request.RequestContext;
61 import org.apache.jetspeed.security.Group;
62 import org.apache.jetspeed.security.GroupManager;
63 import org.apache.jetspeed.security.InvalidNewPasswordException;
64 import org.apache.jetspeed.security.InvalidPasswordException;
65 import org.apache.jetspeed.security.PasswordAlreadyUsedException;
66 import org.apache.jetspeed.security.PasswordCredential;
67 import org.apache.jetspeed.security.Role;
68 import org.apache.jetspeed.security.RoleManager;
69 import org.apache.jetspeed.security.SecurityException;
70 import org.apache.jetspeed.security.User;
71 import org.apache.jetspeed.security.UserManager;
72 import org.apache.jetspeed.security.UserPrincipal;
73 import org.apache.jetspeed.security.om.InternalCredential;
74 import org.apache.portals.bridges.beans.TabBean;
75 import org.apache.portals.bridges.common.GenericServletPortlet;
76 import org.apache.portals.bridges.util.PreferencesHelper;
77 import org.apache.portals.messaging.PortletMessaging;
78
79 /***
80 * This portlet is a tabbed editor user interface for editing user attributes
81 * and security definitions.
82 *
83 * @author <a href="mailto:jford@apache.com">Jeremy Ford</a>
84 * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
85 * @version $Id: UserDetailsPortlet.java 348264 2005-11-22 22:06:45Z taylor $
86 */
87 public class UserDetailsPortlet extends GenericServletPortlet
88 {
89 private final String VIEW_USER = "user";
90 private final String VIEW_ROLES = "roles";
91 private final String VIEW_GROUPS = "groups";
92 private final String VIEW_RULES = "rules";
93 private final String VIEW_CREDENTIAL = "credential";
94 private final String VIEW_ALL_RULES = "prules";
95 private final String VIEW_PA_USER_ATTRIBUTES = "paUserAttributes";
96
97 private final String USER_ACTION_PREFIX = "security_user.";
98 private final String ACTION_EDIT_USER = "edit_user";
99 private final String ACTION_UPDATE_ATTRIBUTE = "update_user_attribute";
100 private final String ACTION_REMOVE_ATTRIBUTE = "remove_user_attribute";
101 private final String ACTION_ADD_ATTRIBUTE = "add_user_attribute";
102 private final String ACTION_REMOVE_ROLE = "remove_user_role";
103 private final String ACTION_ADD_ROLE = "add_user_role";
104 private final String ACTION_REMOVE_GROUP = "remove_user_group";
105 private final String ACTION_ADD_GROUP = "add_user_group";
106 private final String ACTION_REMOVE_RULE = "remove_user_rule";
107 private final String ACTION_ADD_RULE = "add_rule";
108 private final String ACTION_UPDATE_CREDENTIAL = "update_user_credential";
109
110 private final String TAB_USER = "user";
111 private final String TAB_ATTRIBUTES = "user_attributes";
112 private final String TAB_ROLE = "user_role";
113 private final String TAB_GROUP = "user_group";
114 private final String TAB_PROFILE = "user_profile";
115 private final String TAB_CREDENTIAL = "user_credential";
116
117 /*** the id of the roles control */
118 private static final String ROLES_CONTROL = "jetspeedRoles";
119
120 /*** the id of the rules control */
121 private static final String RULES_CONTROL = "jetspeedRules";
122
123 /*** the id of the subsites control */
124 private static final String SUBSITES_CONTROL = "jetspeedSubsites";
125
126 /*** the id of the groups control */
127 private static final String GROUPS_CONTROL = "jetspeedGroups";
128
129 public static final String USER_ADMINISTRATION = "J2 User Administration";
130
131 private PageManager pageManager;
132 private UserManager userManager;
133 private RoleManager roleManager;
134 private GroupManager groupManager;
135 private Profiler profiler;
136 private PortletRegistry registry;
137 private String paIdentifier;
138 private Collection paUserAttributes;
139 private boolean initPrefsAndAttr;
140 private PortalConfiguration configuration;
141 private AuditActivity audit;
142
143 private LinkedHashMap userTabMap;
144 private LinkedHashMap anonymousUserTabMap;
145
146 public void init(PortletConfig config)
147 throws PortletException
148 {
149 super.init(config);
150 userManager = (UserManager)getPortletContext().getAttribute(CommonPortletServices.CPS_USER_MANAGER_COMPONENT);
151 if (null == userManager)
152 {
153 throw new PortletException("Failed to find the User Manager on portlet initialization");
154 }
155 roleManager = (RoleManager)getPortletContext().getAttribute(CommonPortletServices.CPS_ROLE_MANAGER_COMPONENT);
156 if (null == roleManager)
157 {
158 throw new PortletException("Failed to find the Role Manager on portlet initialization");
159 }
160 groupManager = (GroupManager)getPortletContext().getAttribute(CommonPortletServices.CPS_GROUP_MANAGER_COMPONENT);
161 if (null == groupManager)
162 {
163 throw new PortletException("Failed to find the Group Manager on portlet initialization");
164 }
165 profiler = (Profiler)getPortletContext().getAttribute(CommonPortletServices.CPS_PROFILER_COMPONENT);
166 if (null == profiler)
167 {
168 throw new PortletException("Failed to find the Profiler on portlet initialization");
169 }
170 registry = (PortletRegistry)getPortletContext().getAttribute(CommonPortletServices.CPS_REGISTRY_COMPONENT);
171 if (null == registry)
172 {
173 throw new PortletException("Failed to find the Portlet Registry on portlet initialization");
174 }
175
176 pageManager = (PageManager)getPortletContext().getAttribute(CommonPortletServices.CPS_PAGE_MANAGER_COMPONENT);
177 if (null == pageManager)
178 {
179 throw new PortletException("Failed to find the Page Manager on portlet initialization");
180 }
181
182 configuration = (PortalConfiguration)getPortletContext().getAttribute(CommonPortletServices.CPS_PORTAL_CONFIGURATION);
183 if (null == configuration)
184 {
185 throw new PortletException("Failed to find the Portal Configuration on portlet initialization");
186 }
187
188 audit = (AuditActivity)getPortletContext().getAttribute(CommonPortletServices.CPS_AUDIT_ACTIVITY);
189 if (null == audit)
190 {
191 throw new PortletException("Failed to find the Audit Activity on portlet initialization");
192 }
193
194 paIdentifier = ((MutablePortletApplication)((JetspeedPortletContext)config.getPortletContext())
195 .getApplication()).getApplicationIdentifier();
196 }
197
198 public void doView(RenderRequest request, RenderResponse response)
199 throws PortletException, IOException
200 {
201 response.setContentType("text/html");
202
203 if ( !initPrefsAndAttr )
204 {
205 initPrefsAndAttr(request);
206 }
207
208 String userName = (String)PortletMessaging.receive(request,
209 SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_SELECTED);
210
211 User user = null;
212 if (userName != null)
213 {
214 user = lookupUser(request, userName);
215 }
216
217 if (user != null)
218 {
219 LinkedHashMap tabMap = null;
220 if ( userManager.getAnonymousUser().equals(userName) )
221 {
222 tabMap = anonymousUserTabMap;
223 }
224 else
225 {
226 tabMap = userTabMap;
227 }
228
229
230 request.setAttribute("tabs", tabMap.values());
231 TabBean selectedTab =
232 (TabBean) request.getPortletSession().getAttribute(SecurityResources.REQUEST_SELECT_TAB);
233
234 if(selectedTab != null && !tabMap.containsKey(selectedTab.getId()))
235 {
236 selectedTab = null;
237 }
238
239 if(selectedTab == null)
240 {
241 selectedTab = (TabBean) tabMap.values().iterator().next();
242 }
243 JetspeedUserBean bean = new JetspeedUserBean(user);
244 request.setAttribute(VIEW_USER, bean);
245
246 if (selectedTab.getId().equals(TAB_USER))
247 {
248 request.setAttribute(VIEW_PA_USER_ATTRIBUTES, paUserAttributes);
249 if ( "true".equals(request.getPreferences().getValue("showPasswordOnUserTab", "false")))
250 {
251 request.setAttribute(VIEW_CREDENTIAL, getCredential(request, userName));
252 }
253 }
254 else if (selectedTab.getId().equals(TAB_ROLE))
255 {
256 Collection userRoles = getRoles(request, userName);
257 request.setAttribute(VIEW_ROLES, userRoles );
258
259
260 String refreshRoles = (String)PortletMessaging.consume(request, SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_REFRESH_ROLES);
261 List roles = null;
262 if (refreshRoles == null)
263 {
264 roles = (List) request.getPortletSession().getAttribute(ROLES_CONTROL);
265 }
266
267
268 try
269 {
270 if (roles == null)
271 {
272 roles = new LinkedList();
273 Iterator fullRoles = roleManager.getRoles("");
274 while (fullRoles.hasNext())
275 {
276 Role role = (Role)fullRoles.next();
277 roles.add(role.getPrincipal().getName());
278 }
279 request.getPortletSession().setAttribute(ROLES_CONTROL, roles);
280 }
281 }
282 catch (SecurityException se)
283 {
284 throw new PortletException(se);
285 }
286 ArrayList selectableRoles = new ArrayList(roles);
287 Iterator rolesIter = userRoles.iterator();
288 while ( rolesIter.hasNext() )
289 {
290 Role role = (Role)rolesIter.next();
291 int index = selectableRoles.indexOf(role.getPrincipal().getName());
292 if (index != -1)
293 {
294 selectableRoles.remove(index);
295 }
296 }
297 request.setAttribute(ROLES_CONTROL, selectableRoles);
298
299 }
300 else if (selectedTab.getId().equals(TAB_GROUP))
301 {
302 Collection userGroups = getGroups(request, userName);
303 request.setAttribute(VIEW_GROUPS, userGroups);
304
305
306 String refreshGroups = (String)PortletMessaging.consume(request, SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_REFRESH_GROUPS);
307 List groups = null;
308 if (refreshGroups == null)
309 {
310 groups = (List) request.getPortletSession().getAttribute(GROUPS_CONTROL);
311 }
312
313
314 try
315 {
316 if (groups == null)
317 {
318 groups = new LinkedList();
319 Iterator fullGroups = groupManager.getGroups("");
320 while (fullGroups.hasNext())
321 {
322 Group group = (Group)fullGroups.next();
323 groups.add(group.getPrincipal().getName());
324 }
325 request.getPortletSession().setAttribute(GROUPS_CONTROL, groups);
326 }
327 }
328 catch (SecurityException se)
329 {
330 throw new PortletException(se);
331 }
332 ArrayList selectableGroups = new ArrayList(groups);
333 Iterator groupsIter = userGroups.iterator();
334 while ( groupsIter.hasNext() )
335 {
336 Group group = (Group)groupsIter.next();
337 int index = selectableGroups.indexOf(group.getPrincipal().getName());
338 if (index != -1)
339 {
340 selectableGroups.remove(index);
341 }
342 }
343 request.setAttribute(GROUPS_CONTROL, selectableGroups);
344
345 }
346 else if (selectedTab.getId().equals(TAB_PROFILE))
347 {
348 request.setAttribute(VIEW_RULES, getRules(user));
349 request.setAttribute(VIEW_ALL_RULES, getProfilerRules());
350 }
351 else if (selectedTab.getId().equals(TAB_CREDENTIAL))
352 {
353 request.setAttribute(VIEW_CREDENTIAL, getCredential(request, userName));
354 }
355
356 request.setAttribute(SecurityResources.REQUEST_SELECT_TAB, selectedTab);
357 }
358 else
359 {
360 renderRoleInformation(request);
361 renderProfileInformation(request);
362 renderSubsiteInformation(request);
363 }
364
365 ArrayList errorMessages = (ArrayList)PortletMessaging.consume(request, SecurityResources.TOPIC_USER, SecurityResources.ERROR_MESSAGES);
366 if (errorMessages != null )
367 {
368 request.setAttribute(SecurityResources.ERROR_MESSAGES, errorMessages);
369 }
370
371 super.doView(request, response);
372 }
373
374 protected void initPrefsAndAttr(PortletRequest request)
375 {
376 initPrefsAndAttr = true;
377 if ( userTabMap == null )
378 {
379 userTabMap = new LinkedHashMap();
380 anonymousUserTabMap = new LinkedHashMap();
381 }
382 else
383 {
384 userTabMap.clear();
385 anonymousUserTabMap.clear();
386 }
387
388 TabBean tb;
389 PortletPreferences prefs = request.getPreferences();
390
391 if ( "true".equals(prefs.getValue("showUserTab", "true")) )
392 {
393 tb = new TabBean(TAB_USER);
394 userTabMap.put(tb.getId(), tb);
395 }
396 if ( "true".equals(prefs.getValue("showAttributesTab", "true")) )
397 {
398 tb = new TabBean(TAB_ATTRIBUTES);
399 userTabMap.put(tb.getId(), tb);
400 }
401 if ( "true".equals(prefs.getValue("showPasswordTab", "true")) )
402 {
403 tb = new TabBean(TAB_CREDENTIAL);
404 userTabMap.put(tb.getId(), tb);
405 }
406 if ( "true".equals(prefs.getValue("showRoleTab", "true")) )
407 {
408 tb = new TabBean(TAB_ROLE);
409 userTabMap.put(tb.getId(), tb);
410 anonymousUserTabMap.put(tb.getId(), tb);
411 }
412 if ( "true".equals(prefs.getValue("showGroupTab", "true")) )
413 {
414 tb = new TabBean(TAB_GROUP);
415 userTabMap.put(tb.getId(), tb);
416 anonymousUserTabMap.put(tb.getId(), tb);
417 }
418 if ( "true".equals(prefs.getValue("showProfileTab", "true")) )
419 {
420 tb = new TabBean(TAB_PROFILE);
421 userTabMap.put(tb.getId(), tb);
422 anonymousUserTabMap.put(tb.getId(), tb);
423 }
424
425 paUserAttributes = registry.getPortletApplicationByIdentifier(paIdentifier).getUserAttributes();
426 }
427
428 protected void renderRoleInformation(RenderRequest request)
429 throws PortletException
430 {
431
432 String refreshRoles = (String)PortletMessaging.consume(request, SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_REFRESH_ROLES);
433 List roles = null;
434 if (refreshRoles == null)
435 {
436 roles = (List) request.getPortletSession().getAttribute(ROLES_CONTROL);
437 }
438
439
440 try
441 {
442 if (roles == null)
443 {
444 String adminName = configuration.getString(PortalConfigurationConstants.ROLES_DEFAULT_ADMIN, "admin");
445 String managerName = configuration.getString(PortalConfigurationConstants.ROLES_DEFAULT_MANAGER, "manager");
446 roles = new LinkedList();
447 Iterator fullRoles = roleManager.getRoles("");
448 while (fullRoles.hasNext())
449 {
450 Role role = (Role)fullRoles.next();
451 String roleName = role.getPrincipal().getName();
452
453
454 String username = request.getUserPrincipal().getName();
455 if (roleName.equals(adminName))
456 {
457 if (roleManager.isUserInRole(username, adminName))
458 roles.add(roleName);
459 }
460 else if (roleName.equals(managerName))
461 {
462 if (roleManager.isUserInRole(username, managerName))
463 roles.add(roleName);
464 }
465 else
466 {
467 roles.add(roleName);
468 }
469 }
470 request.getPortletSession().setAttribute(ROLES_CONTROL, roles);
471 }
472 }
473 catch (SecurityException se)
474 {
475 throw new PortletException(se);
476 }
477 request.setAttribute(ROLES_CONTROL, roles);
478 }
479
480 protected void renderProfileInformation(RenderRequest request)
481 {
482
483 String refreshProfiles = (String)PortletMessaging.consume(request,
484 SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_REFRESH_PROFILES);
485 Collection rules = null;
486 if (refreshProfiles == null)
487 {
488 rules = (Collection) request.getPortletSession().getAttribute(RULES_CONTROL);
489 }
490
491
492 if (rules == null)
493 {
494 rules = profiler.getRules();
495 request.getPortletSession().setAttribute(RULES_CONTROL, rules);
496 }
497 request.setAttribute(RULES_CONTROL, rules);
498 }
499
500 protected void renderSubsiteInformation(RenderRequest request)
501 {
502
503 String refreshSubsites = (String)PortletMessaging.consume(request,
504 SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_REFRESH_SUBSITES);
505 Collection subsites = null;
506 if (refreshSubsites == null)
507 {
508 subsites = (Collection) request.getPortletSession().getAttribute(SUBSITES_CONTROL);
509 }
510
511
512 if (subsites == null)
513 {
514 subsites = new ArrayList();
515 SubsiteInfo emptyone = new SubsiteInfo("","");
516 subsites.add(emptyone);
517 String subsiteRoot = request.getPreferences().getValue("subsiteRootFolder", "");
518 if (!subsiteRoot.equals(""))
519 {
520 try
521 {
522 Folder subsiteFolder = pageManager.getFolder(subsiteRoot);
523 NodeSet set = pageManager.getFolders(subsiteFolder);
524 if (set != null && !set.isEmpty())
525 {
526 Iterator setIterator = set.iterator();
527 while (setIterator.hasNext())
528 {
529 Folder f = (Folder)setIterator.next();
530 subsites.add(new SubsiteInfo(f.getPath(), f.getTitle()));
531 }
532 }
533 }
534 catch (FolderNotFoundException fnfe)
535 {
536
537 }
538 catch (Exception e)
539 {
540
541 }
542 }
543 request.getPortletSession().setAttribute(SUBSITES_CONTROL, subsites);
544 }
545 request.setAttribute(SUBSITES_CONTROL, subsites);
546 }
547
548 public void doEdit(RenderRequest request, RenderResponse response)
549 throws PortletException, IOException
550 {
551 response.setContentType("text/html");
552 renderRoleInformation(request);
553 renderProfileInformation(request);
554 renderSubsiteInformation(request);
555 super.doEdit(request, response);
556 }
557
558 public void processAction(ActionRequest actionRequest, ActionResponse actionResponse)
559 throws PortletException, IOException
560 {
561 if (actionRequest.getPortletMode() == PortletMode.EDIT)
562 {
563 PortletPreferences prefs = actionRequest.getPreferences();
564 PreferencesHelper.requestParamsToPreferences(actionRequest);
565 prefs.store();
566 actionResponse.setPortletMode(PortletMode.VIEW);
567 initPrefsAndAttr(actionRequest);
568 actionRequest.getPortletSession().removeAttribute(SUBSITES_CONTROL);
569 return;
570 }
571
572 String selectedTab = actionRequest.getParameter(SecurityResources.REQUEST_SELECT_TAB);
573 if (selectedTab != null)
574 {
575 TabBean tab = (TabBean) userTabMap.get(selectedTab);
576 if (tab != null)
577 {
578 actionRequest.getPortletSession().setAttribute(
579 SecurityResources.REQUEST_SELECT_TAB, tab);
580 }
581 }
582 String action = actionRequest.getParameter(SecurityResources.PORTLET_ACTION);
583 if (action != null && action.equals("remove.user"))
584 {
585 removeUser(actionRequest, actionResponse);
586 }
587 else if (action != null && action.equals("add.new.user"))
588 {
589 PortletMessaging.cancel(actionRequest, SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_SELECTED);
590 }
591 else if (action != null && action.equals("add.user"))
592 {
593 addUser(actionRequest);
594 }
595 else if (action != null && isUserPortletAction(action))
596 {
597 action = getAction(USER_ACTION_PREFIX, action);
598 if (action.endsWith(ACTION_EDIT_USER))
599 {
600 editUser(actionRequest, actionResponse);
601 }
602 else if (action.endsWith(ACTION_UPDATE_ATTRIBUTE))
603 {
604 updateUserAttribute(actionRequest, actionResponse);
605 }
606 else if (action.endsWith(ACTION_REMOVE_ATTRIBUTE))
607 {
608 removeUserAttributes(actionRequest, actionResponse);
609 }
610 else if (action.endsWith(ACTION_ADD_ATTRIBUTE))
611 {
612 addUserAttribute(actionRequest, actionResponse);
613 }
614 else if (action.endsWith(ACTION_REMOVE_ROLE))
615 {
616 removeUserRoles(actionRequest, actionResponse);
617 }
618 else if (action.endsWith(ACTION_ADD_ROLE))
619 {
620 addUserRole(actionRequest, actionResponse);
621 }
622 else if (action.endsWith(ACTION_REMOVE_GROUP))
623 {
624 removeUserGroups(actionRequest, actionResponse);
625 }
626 else if (action.endsWith(ACTION_ADD_GROUP))
627 {
628 addUserGroup(actionRequest, actionResponse);
629 }
630 else if (action.endsWith(this.ACTION_ADD_RULE))
631 {
632 addUserProfile(actionRequest, actionResponse);
633 }
634 else if (action.endsWith(this.ACTION_REMOVE_RULE))
635 {
636 removeUserProfile(actionRequest, actionResponse);
637 }
638 else if (action.endsWith(this.ACTION_UPDATE_CREDENTIAL))
639 {
640 updateUserCredential(actionRequest, actionResponse);
641 }
642 }
643 }
644
645 public void removeUser(ActionRequest actionRequest, ActionResponse actionResponse)
646 throws PortletException
647 {
648 String userName = (String)PortletMessaging.receive(actionRequest,
649 SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_SELECTED);
650 User user = lookupUser(actionRequest, userName);
651 if (user != null)
652 {
653 try
654 {
655 Preferences attributes = user.getUserAttributes();
656 String subsite = attributes.get(User.USER_INFO_SUBSITE, null);
657 userManager.removeUser(userName);
658 PortletMessaging.publish(actionRequest, SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_REFRESH, "true");
659 if (subsite == null)
660 {
661 subsite = Folder.USER_FOLDER + userName;
662 }
663 if (pageManager.folderExists(subsite))
664 {
665 Folder folder = pageManager.getFolder(subsite);
666 pageManager.removeFolder(folder);
667 }
668 String firstName = attributes.get("user.name.given", "n/a");
669 String lastName = attributes.get("user.name.family", "n/a");
670 audit.logAdminAttributeActivity(actionRequest.getUserPrincipal().getName(),
671 getIPAddress(actionRequest), userName, AuditActivity.USER_DELETE, "", firstName, lastName, USER_ADMINISTRATION);
672
673 PortletMessaging.cancel(actionRequest,SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_SELECTED);
674
675 }
676 catch (Exception ex)
677 {
678 SecurityUtil.publishErrorMessage(actionRequest, SecurityResources.TOPIC_USER, ex.getMessage());
679 }
680 }
681 }
682
683 public Principal createPrincipal(Subject subject, Class classe)
684 {
685 Principal principal = null;
686 Iterator principals = subject.getPrincipals().iterator();
687 while (principals.hasNext())
688 {
689 Principal p = (Principal) principals.next();
690 if (classe.isInstance(p))
691 {
692 principal = p;
693 break;
694 }
695 }
696 return principal;
697 }
698
699 private void updateUserCredential(ActionRequest actionRequest, ActionResponse actionResponse)
700 {
701 ResourceBundle bundle = ResourceBundle.getBundle("org.apache.jetspeed.portlets.security.resources.UsersResources",actionRequest.getLocale());
702
703 String userName = (String)PortletMessaging.receive(actionRequest,
704 SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_SELECTED);
705 User user = lookupUser(actionRequest, userName);
706 if (user != null)
707 {
708 try
709 {
710 String password = actionRequest.getParameter("user_cred_value");
711 boolean passwordSet = false;
712 if ( password != null && password.trim().length() > 0 )
713 {
714 userManager.setPassword(userName, null, password);
715 audit.logAdminCredentialActivity(actionRequest.getUserPrincipal().getName(), getIPAddress(actionRequest), userName, AuditActivity.PASSWORD_RESET, USER_ADMINISTRATION);
716 passwordSet = true;
717 }
718 PasswordCredential credential = getCredential(actionRequest, userName);
719 if ( credential != null )
720 {
721 String updateRequiredStr = actionRequest.getParameter("user_cred_updreq");
722 if (updateRequiredStr != null)
723 {
724 boolean updateRequired = Boolean.valueOf(updateRequiredStr).booleanValue();
725 if (updateRequired != credential.isUpdateRequired())
726 {
727 userManager.setPasswordUpdateRequired(userName,updateRequired);
728 audit.logAdminCredentialActivity(actionRequest.getUserPrincipal().getName(), getIPAddress(actionRequest), userName, AuditActivity.PASSWORD_UPDATE_REQUIRED, USER_ADMINISTRATION);
729 }
730 }
731 String enabledStr = actionRequest.getParameter("user_cred_enabled");
732 if (enabledStr != null)
733 {
734 boolean enabled = Boolean.valueOf(enabledStr).booleanValue();
735 if (enabled != credential.isEnabled())
736 {
737 userManager.setPasswordEnabled(userName,enabled);
738 String activity = (enabled) ? AuditActivity.PASSWORD_ENABLED : AuditActivity.PASSWORD_DISABLED;
739 audit.logAdminCredentialActivity(actionRequest.getUserPrincipal().getName(), getIPAddress(actionRequest), userName, activity, USER_ADMINISTRATION);
740 }
741 }
742 String expiredFlagStr = actionRequest.getParameter("user_expired_flag");
743 if (expiredFlagStr != null)
744 {
745 if ( !passwordSet && expiredFlagStr.equals("expired"))
746 {
747 java.sql.Date today = new java.sql.Date(new Date().getTime());
748 userManager.setPasswordExpiration(userName,today);
749 audit.logAdminCredentialActivity(actionRequest.getUserPrincipal().getName(), getIPAddress(actionRequest), userName, AuditActivity.PASSWORD_EXPIRE, USER_ADMINISTRATION);
750 }
751 else if (expiredFlagStr.equals("extend"))
752 {
753 userManager.setPasswordExpiration(userName,null);
754 audit.logAdminCredentialActivity(actionRequest.getUserPrincipal().getName(), getIPAddress(actionRequest), userName, AuditActivity.PASSWORD_EXTEND, USER_ADMINISTRATION);
755 }
756 else if (expiredFlagStr.equals("unlimited"))
757 {
758 userManager.setPasswordExpiration(userName,InternalCredential.MAX_DATE);
759 audit.logAdminCredentialActivity(actionRequest.getUserPrincipal().getName(), getIPAddress(actionRequest), userName, AuditActivity.PASSWORD_UNLIMITED, USER_ADMINISTRATION);
760 }
761 }
762 }
763 }
764 catch ( InvalidPasswordException ipe )
765 {
766 SecurityUtil.publishErrorMessage(actionRequest, SecurityResources.TOPIC_USER, bundle.getString("chgpwd.error.invalidPassword"));
767 }
768 catch ( InvalidNewPasswordException inpe )
769 {
770 SecurityUtil.publishErrorMessage(actionRequest, SecurityResources.TOPIC_USER, bundle.getString("chgpwd.error.invalidNewPassword"));
771 }
772 catch ( PasswordAlreadyUsedException paue )
773 {
774 SecurityUtil.publishErrorMessage(actionRequest, SecurityResources.TOPIC_USER, bundle.getString("chgpwd.error.passwordAlreadyUsed"));
775 }
776 catch (SecurityException e)
777 {
778 SecurityUtil.publishErrorMessage(actionRequest, SecurityResources.TOPIC_USER, e.getMessage());
779 }
780 }
781 }
782
783 private void editUser(ActionRequest actionRequest, ActionResponse actionResponse)
784 {
785 String userName = (String)PortletMessaging.receive(actionRequest,
786 SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_SELECTED);
787 User user = lookupUser(actionRequest, userName);
788 if (user != null)
789 {
790 Iterator attrIter = paUserAttributes.iterator();
791 UserAttribute attr;
792 String value;
793 while( attrIter.hasNext() )
794 {
795 attr = (UserAttribute)attrIter.next();
796 value = actionRequest.getParameter("attr_"+attr.getName());
797 if (value != null)
798 {
799 user.getUserAttributes().put(attr.getName(), value);
800 audit.logAdminAttributeActivity(actionRequest.getUserPrincipal().getName(), getIPAddress(actionRequest), userName, AuditActivity.USER_ADD_ATTRIBUTE, attr.getName(), value, value, USER_ADMINISTRATION);
801 }
802 }
803 }
804 if ( "true".equals(actionRequest.getPreferences().getValue("showPasswordOnUserTab", "false")))
805 {
806 updateUserCredential(actionRequest, actionResponse);
807 }
808 }
809
810 private void updateUserAttribute(ActionRequest actionRequest, ActionResponse actionResponse)
811 {
812 String userName = (String)PortletMessaging.receive(actionRequest,
813 SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_SELECTED);
814 User user = lookupUser(actionRequest, userName);
815 if (user != null)
816 {
817 String[] userAttrNames = actionRequest.getParameterValues("user_attr_id");
818 if(userAttrNames != null)
819 {
820 for (int i=0; i<userAttrNames.length; i++)
821 {
822 String userAttrName = userAttrNames[i];
823 String value = actionRequest.getParameter(userAttrName + ":value");
824 String before = user.getUserAttributes().get(userAttrName, "");
825 user.getUserAttributes().put(userAttrName, value);
826 audit.logAdminAttributeActivity(actionRequest.getUserPrincipal().getName(), getIPAddress(actionRequest), userName, AuditActivity.USER_UPDATE_ATTRIBUTE, userAttrName, before, value, USER_ADMINISTRATION);
827 }
828 }
829 }
830 }
831
832 private void addUserAttribute(ActionRequest actionRequest, ActionResponse actionResponse)
833 {
834 String userName = (String)PortletMessaging.receive(actionRequest,
835 SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_SELECTED);
836 User user = lookupUser(actionRequest, userName);
837 if (user != null)
838 {
839 String userAttrName = actionRequest.getParameter("user_attr_name");
840 String userAttrValue = actionRequest.getParameter("user_attr_value");
841 if (userAttrName != null && userAttrName.trim().length() > 0)
842 {
843 Preferences attributes = user.getUserAttributes();
844 attributes.put(userAttrName, userAttrValue);
845 audit.logAdminAttributeActivity(actionRequest.getUserPrincipal().getName(), getIPAddress(actionRequest), userName, AuditActivity.USER_ADD_ATTRIBUTE, userAttrName, "", userAttrValue, USER_ADMINISTRATION);
846 }
847 }
848 }
849
850 private void removeUserAttributes(ActionRequest actionRequest, ActionResponse actionResponse)
851 {
852 String userName = (String)PortletMessaging.receive(actionRequest,
853 SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_SELECTED);
854
855 User user = lookupUser(actionRequest, userName);
856 if (user != null)
857 {
858 String[] userAttrNames = actionRequest.getParameterValues("user_attr_id");
859
860 if(userAttrNames != null)
861 {
862 Preferences attributes = user.getUserAttributes();
863 for(int ix = 0; ix < userAttrNames.length; ix++)
864 {
865 try
866 {
867 String before = attributes.get(userAttrNames[ix], "");
868 attributes.remove(userAttrNames[ix]);
869 audit.logAdminAttributeActivity(actionRequest.getUserPrincipal().getName(), getIPAddress(actionRequest), userName, AuditActivity.USER_DELETE_ATTRIBUTE, userAttrNames[ix], before, "", USER_ADMINISTRATION);
870 }
871 catch (Exception e)
872 {
873 e.printStackTrace();
874 }
875 }
876 }
877 }
878 }
879
880 private void removeUserRoles(ActionRequest actionRequest, ActionResponse actionResponse)
881 {
882 String userName = (String)PortletMessaging.receive(actionRequest,
883 SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_SELECTED);
884 User user = lookupUser(actionRequest, userName);
885 if (user != null)
886 {
887 String[] roleNames = actionRequest.getParameterValues("user_role_id");
888
889 if(roleNames != null)
890 {
891 for (int ix = 0; ix < roleNames.length; ix++)
892 {
893 try
894 {
895 if (roleManager.roleExists(roleNames[ix]))
896 {
897 roleManager.removeRoleFromUser(userName, roleNames[ix]);
898 audit.logAdminAuthorizationActivity(actionRequest.getUserPrincipal().getName(), getIPAddress(actionRequest), userName, AuditActivity.USER_DELETE_ROLE, roleNames[ix], USER_ADMINISTRATION);
899 }
900 }
901 catch (SecurityException e)
902 {
903 SecurityUtil.publishErrorMessage(actionRequest, SecurityResources.TOPIC_USER, e.getMessage());
904 }
905 }
906 }
907 }
908 }
909
910 private void addUserRole(ActionRequest actionRequest, ActionResponse actionResponse)
911 {
912 String userName = (String)PortletMessaging.receive(actionRequest,
913 SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_SELECTED);
914 User user = lookupUser(actionRequest, userName);
915 if (user != null)
916 {
917 String roleName = actionRequest.getParameter("role_name");
918 if (roleName != null && roleName.trim().length() > 0)
919 {
920 try
921 {
922 roleManager.addRoleToUser(userName, roleName);
923 audit.logAdminAuthorizationActivity(actionRequest.getUserPrincipal().getName(), getIPAddress(actionRequest), userName, AuditActivity.USER_ADD_ROLE, roleName, USER_ADMINISTRATION);
924 }
925 catch (SecurityException e)
926 {
927 SecurityUtil.publishErrorMessage(actionRequest, SecurityResources.TOPIC_USER, e.getMessage());
928 }
929 }
930 }
931 }
932
933 private void removeUserGroups(ActionRequest actionRequest, ActionResponse actionResponse)
934 {
935 String userName = (String)PortletMessaging.receive(actionRequest,
936 SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_SELECTED);
937 User user = lookupUser(actionRequest, userName);
938 if (user != null)
939 {
940 String[] groupNames = actionRequest.getParameterValues("user_group_id");
941
942 if(groupNames != null)
943 {
944 for (int ix = 0; ix < groupNames.length; ix++)
945 {
946 try
947 {
948 if (groupManager.groupExists(groupNames[ix]))
949 {
950 groupManager.removeUserFromGroup(userName, groupNames[ix]);
951 audit.logAdminAuthorizationActivity(actionRequest.getUserPrincipal().getName(), getIPAddress(actionRequest), userName, AuditActivity.USER_DELETE_GROUP, groupNames[ix], USER_ADMINISTRATION);
952 }
953 }
954 catch (SecurityException e)
955 {
956 SecurityUtil.publishErrorMessage(actionRequest, SecurityResources.TOPIC_USER, e.getMessage());
957 }
958 }
959 }
960 }
961 }
962
963 private void addUserGroup(ActionRequest actionRequest, ActionResponse actionResponse)
964 {
965 String userName = (String)PortletMessaging.receive(actionRequest,
966 SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_SELECTED);
967 User user = lookupUser(actionRequest, userName);
968 if (user != null)
969 {
970 String groupName = actionRequest.getParameter("group_name");
971 if (groupName != null && groupName.trim().length() > 0)
972 {
973 try
974 {
975 groupManager.addUserToGroup(userName, groupName);
976 audit.logAdminAuthorizationActivity(actionRequest.getUserPrincipal().getName(), getIPAddress(actionRequest), userName, AuditActivity.USER_ADD_GROUP, groupName, USER_ADMINISTRATION);
977 }
978 catch (SecurityException e)
979 {
980 SecurityUtil.publishErrorMessage(actionRequest, SecurityResources.TOPIC_USER, e.getMessage());
981 }
982 }
983 }
984 }
985
986 private String getAction(String prefix, String action)
987 {
988 return action.substring(prefix.length());
989 }
990
991 private boolean isUserPortletAction(String action)
992 {
993 return action.startsWith(USER_ACTION_PREFIX);
994 }
995
996 private Collection getRoles(PortletRequest request, String userName)
997 {
998 try
999 {
1000 return roleManager.getRolesForUser(userName);
1001 }
1002 catch (SecurityException e)
1003 {
1004 SecurityUtil.publishErrorMessage(request, SecurityResources.TOPIC_USER, e.getMessage());
1005 }
1006 return new LinkedList();
1007 }
1008
1009 private Collection getGroups(PortletRequest request, String userName)
1010 {
1011 try
1012 {
1013 return groupManager.getGroupsForUser(userName);
1014 }
1015 catch (SecurityException e)
1016 {
1017 SecurityUtil.publishErrorMessage(request, SecurityResources.TOPIC_USER, e.getMessage());
1018 }
1019 return new LinkedList();
1020 }
1021
1022 private PasswordCredential getCredential(User user)
1023 {
1024 PasswordCredential credential = null;
1025
1026 Set credentials = user.getSubject().getPrivateCredentials();
1027 Iterator iter = credentials.iterator();
1028 while (iter.hasNext())
1029 {
1030 Object o = iter.next();
1031 if (o instanceof PasswordCredential)
1032 {
1033 credential = (PasswordCredential)o;
1034 break;
1035 }
1036 }
1037 return credential;
1038 }
1039 private PasswordCredential getCredential(PortletRequest request, String userName)
1040 {
1041 return getCredential(lookupUser(request, userName));
1042 }
1043
1044 private User lookupUser(PortletRequest request, String userName)
1045 {
1046 User user = null;
1047 try
1048 {
1049 user = userManager.getUser(userName);
1050 }
1051 catch (Exception e)
1052 {
1053 SecurityUtil.publishErrorMessage(request, SecurityResources.TOPIC_USER, e.getMessage());
1054 }
1055 return user;
1056 }
1057
1058 private Collection getProfilerRules()
1059 {
1060 return profiler.getRules();
1061 }
1062
1063 private Collection getRules(User user)
1064 {
1065 Principal userPrincipal = createPrincipal(user.getSubject(), UserPrincipal.class);
1066 return profiler.getRulesForPrincipal(userPrincipal);
1067 }
1068
1069 private void addUserProfile(ActionRequest actionRequest, ActionResponse actionResponse)
1070 {
1071 String userName = (String)PortletMessaging.receive(actionRequest,
1072 SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_SELECTED);
1073 User user = lookupUser(actionRequest, userName);
1074 if (user != null)
1075 {
1076 String locatorName = actionRequest.getParameter("locator_name");
1077 if (locatorName != null && locatorName.trim().length() > 0)
1078 {
1079 try
1080 {
1081 Principal userPrincipal = createPrincipal(user.getSubject(), UserPrincipal.class);
1082 String ruleName = actionRequest.getParameter("select_rule");
1083 profiler.setRuleForPrincipal(userPrincipal,
1084 profiler.getRule(ruleName),
1085 locatorName);
1086 audit.logAdminAuthorizationActivity(actionRequest.getUserPrincipal().getName(), getIPAddress(actionRequest), userName, AuditActivity.USER_ADD_PROFILE, ruleName + "-" + locatorName, USER_ADMINISTRATION);
1087 }
1088 catch (Exception e)
1089 {
1090 SecurityUtil.publishErrorMessage(actionRequest, SecurityResources.TOPIC_USER, e.getMessage());
1091 }
1092 }
1093
1094 }
1095 }
1096
1097 private void removeUserProfile(ActionRequest actionRequest, ActionResponse actionResponse)
1098 {
1099 String userName = (String)PortletMessaging.receive(actionRequest,
1100 SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_SELECTED);
1101 User user = lookupUser(actionRequest, userName);
1102 if (user != null)
1103 {
1104 String[] locatorNames = actionRequest.getParameterValues("user_profile_id");
1105
1106 if(locatorNames != null)
1107 {
1108 Principal userPrincipal = createPrincipal(user.getSubject(), UserPrincipal.class);
1109 Collection rules = profiler.getRulesForPrincipal(userPrincipal);
1110 for (int ix = 0; ix < locatorNames.length; ix++)
1111 {
1112 try
1113 {
1114 Iterator it = rules.iterator();
1115 while (it.hasNext())
1116 {
1117 PrincipalRule rule = (PrincipalRule)it.next();
1118 if (rule.getLocatorName().equals(locatorNames[ix]))
1119 {
1120 profiler.deletePrincipalRule(rule);
1121 audit.logAdminAuthorizationActivity(actionRequest.getUserPrincipal().getName(), getIPAddress(actionRequest), userName, AuditActivity.USER_DELETE_PROFILE, rule.getProfilingRule().getId() + "-" + rule.getLocatorName(), USER_ADMINISTRATION);
1122 }
1123 }
1124 }
1125 catch (Exception e)
1126 {
1127 SecurityUtil.publishErrorMessage(actionRequest, SecurityResources.TOPIC_USER, e.getMessage());
1128 }
1129 }
1130 }
1131 }
1132 }
1133
1134 protected void addUser(ActionRequest actionRequest)
1135 {
1136 String userName = actionRequest.getParameter("jetspeed.user");
1137 String password = actionRequest.getParameter("jetspeed.password");
1138 if (!SecurityUtil.isEmpty(userName))
1139 {
1140 try
1141 {
1142 if (SecurityUtil.isEmpty(password))
1143 {
1144 throw new SecurityException(SecurityException.PASSWORD_REQUIRED);
1145 }
1146 userManager.addUser(userName, password);
1147 audit.logAdminUserActivity(actionRequest.getUserPrincipal().getName(), getIPAddress(actionRequest), userName, AuditActivity.USER_CREATE, USER_ADMINISTRATION);
1148
1149 PortletMessaging.publish(actionRequest, SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_REFRESH, "true");
1150 PortletMessaging.publish(actionRequest, SecurityResources.TOPIC_USERS, SecurityResources.MESSAGE_SELECTED, userName);
1151
1152 User user = userManager.getUser(userName);
1153
1154 PasswordCredential credential = getCredential(user);
1155 if ( credential != null )
1156 {
1157 String updateRequiredStr = actionRequest.getParameter("user_cred_updreq");
1158 if (updateRequiredStr != null)
1159 {
1160 boolean updateRequired = Boolean.valueOf(updateRequiredStr).booleanValue();
1161 if (updateRequired != credential.isUpdateRequired())
1162 {
1163 userManager.setPasswordUpdateRequired(userName,updateRequired);
1164 }
1165 }
1166 }
1167
1168 String requiredRole = actionRequest.getPreferences().getValue("requiredRole", "");
1169 if (!SecurityUtil.isEmpty(requiredRole) && user != null)
1170 {
1171 roleManager.addRoleToUser(userName, requiredRole);
1172 }
1173
1174 String role = actionRequest.getParameter(ROLES_CONTROL);
1175 if (!SecurityUtil.isEmpty(role) && user != null)
1176 {
1177 roleManager.addRoleToUser(userName, role);
1178 }
1179
1180 String templateFolder = actionRequest.getPreferences().getValue("newUserTemplateDirectory", "/_user/template/");
1181 String subsite = actionRequest.getParameter(SUBSITES_CONTROL);
1182 if (SecurityUtil.isEmpty(subsite))
1183 {
1184 subsite = Folder.USER_FOLDER + userName;
1185 }
1186 else
1187 {
1188 subsite = subsite + Folder.USER_FOLDER + userName;
1189 Preferences attributes = user.getUserAttributes();
1190 attributes.put(User.USER_INFO_SUBSITE, subsite);
1191 }
1192
1193
1194 if (!(templateFolder == null || templateFolder.trim().length() == 0))
1195 {
1196 Folder source = pageManager.getFolder(templateFolder);
1197 pageManager.deepCopyFolder(source, subsite, userName);
1198 }
1199
1200
1201 String rule = actionRequest.getParameter(RULES_CONTROL);
1202 if (!SecurityUtil.isEmpty(rule) && user != null)
1203 {
1204 Principal principal = SecurityUtil.getPrincipal(user.getSubject(), UserPrincipal.class);
1205 profiler.setRuleForPrincipal(principal, profiler.getRule(rule), "page");
1206 }
1207
1208 }
1209 catch (SecurityException sex)
1210 {
1211 SecurityUtil.publishErrorMessage(actionRequest, SecurityResources.TOPIC_USER, sex.getMessage());
1212 }
1213 catch (Exception ex)
1214 {
1215 SecurityUtil.publishErrorMessage(actionRequest, SecurityResources.TOPIC_USER, ex.getMessage());
1216 }
1217 }
1218 }
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229 protected String getIPAddress(PortletRequest request)
1230 {
1231 RequestContext context = (RequestContext)request.getAttribute(PortalReservedParameters.REQUEST_CONTEXT_ATTRIBUTE);
1232 if (context == null)
1233 return "";
1234 return context.getRequest().getRemoteAddr();
1235 }
1236 }