Strolch
/
strolch
mirror of https://github.com/strolch-li/strolch.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[Minor] added some java docs

This commit is contained in:
eitch 2010-11-27 21:00:34 +00:00
parent 5d87120675
commit 7d231ebb3a
5 changed files with 377 additions and 141 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/ch/eitchnet/privilege/handler/DefaultEncryptionHandler.java
View File

@ -24,7 +24,7 @@ import ch.eitchnet.privilege.i18n.PrivilegeException;
/**
* <p>
* This default {@link EncryptionHandler} creates nokens by using a {@link SecureRandom} object. Hashing is done by
* This default {@link EncryptionHandler} creates tokens using a {@link SecureRandom} object. Hashing is done by
* using {@link MessageDigest} and the configured algorithm which is passed in the parameters
* </p>
*

108
src/ch/eitchnet/privilege/handler/DefaultPrivilegeHandler.java
View File

@ -33,6 +33,21 @@ import ch.eitchnet.privilege.model.internal.User;
import ch.eitchnet.privilege.policy.PrivilegePolicy;
/**
* <p>
* This is default implementation of the {@link PrivilegeHandler}
* </p>
*
* The following list describes implementation details:
* <ul>
* <li>any methods which change the model are first validated by checking if the certificate is for an admin user by
* calling {@link #validateIsPrivilegeAdmin(Certificate)}</li>
* <li>all model requests are delegated to the configured {@link PrivilegeHandler}, except for the session id to
* {@link Certificate} map, no model data is kept in this implementation. This also means that to return the
* representation objects, for every new model query, a new representation object is created</li>
* <li>when creating new users, or editing users then a null password is understood as no password set</li>
* <li>Password requirements are simple: Non null and non empty/length 0</li>
* </ul>
*
* @author rvonburg
*
*/
@ -106,8 +121,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
validateIsPrivilegeAdmin(certificate);
// create a new privilege
Privilege privilege = new Privilege(privilegeRep.getName(), privilegeRep.getPolicy(), privilegeRep
.isAllAllowed(), privilegeRep.getDenyList(), privilegeRep.getAllowList());
Privilege privilege = new Privilege(privilegeRep.getName(), privilegeRep.getPolicy(),
privilegeRep.isAllAllowed(), privilegeRep.getDenyList(), privilegeRep.getAllowList());
// delegate to persistence handler
this.persistenceHandler.addOrReplacePrivilege(privilege);
@ -151,8 +166,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
}
// create new user
User user = new User(userRep.getUserId(), userRep.getUsername(), passwordHash, userRep.getFirstname(), userRep
.getSurname(), userRep.getUserState(), userRep.getRoles(), userRep.getLocale());
User user = new User(userRep.getUserId(), userRep.getUsername(), passwordHash, userRep.getFirstname(),
userRep.getSurname(), userRep.getUserState(), userRep.getRoles(), userRep.getLocale());
// delegate to persistence handler
this.persistenceHandler.addOrReplaceUser(user);
@ -229,8 +244,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
Set<String> newRoles = new HashSet<String>(currentRoles);
newRoles.add(roleName);
User newUser = new User(user.getUserId(), user.getUsername(), user.getPassword(), user.getFirstname(), user
.getSurname(), user.getUserState(), newRoles, user.getLocale());
User newUser = new User(user.getUserId(), user.getUsername(), user.getPassword(), user.getFirstname(),
user.getSurname(), user.getUserState(), newRoles, user.getLocale());
// delegate user replacement to persistence handler
this.persistenceHandler.addOrReplaceUser(newUser);
@ -334,8 +349,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
// create new user
Set<String> newRoles = new HashSet<String>(currentRoles);
newRoles.remove(roleName);
User newUser = new User(user.getUserId(), user.getUsername(), user.getPassword(), user.getFirstname(), user
.getSurname(), user.getUserState(), newRoles, user.getLocale());
User newUser = new User(user.getUserId(), user.getUsername(), user.getPassword(), user.getFirstname(),
user.getSurname(), user.getUserState(), newRoles, user.getLocale());
// delegate user replacement to persistence handler
this.persistenceHandler.addOrReplaceUser(newUser);
@ -387,8 +402,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
}
// create new privilege
Privilege newPrivilege = new Privilege(privilege.getName(), privilege.getPolicy(), allAllowed, privilege
.getDenyList(), privilege.getAllowList());
Privilege newPrivilege = new Privilege(privilege.getName(), privilege.getPolicy(), allAllowed,
privilege.getDenyList(), privilege.getAllowList());
// delegate privilege replacement to persistence handler
this.persistenceHandler.addOrReplacePrivilege(newPrivilege);
@ -458,20 +473,26 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
throw new PrivilegeException("Privilege " + privilegeName + " does not exist!");
}
// validate that the policy exists
PrivilegePolicy policy = this.persistenceHandler.getPolicy(policyName);
if (policy == null) {
throw new PrivilegeException("No privilege policy exists for the name " + policyName);
}
// create new privilege
Privilege newPrivilege = new Privilege(privilege.getName(), policyName, privilege.isAllAllowed(), privilege
.getDenyList(), privilege.getAllowList());
Privilege newPrivilege = new Privilege(privilege.getName(), policyName, privilege.isAllAllowed(),
privilege.getDenyList(), privilege.getAllowList());
// delegate privilege replacement to persistence handler
this.persistenceHandler.addOrReplacePrivilege(newPrivilege);
}
/**
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#setUserLocaleState(ch.eitchnet.privilege.model.Certificate,
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#setUserLocale(ch.eitchnet.privilege.model.Certificate,
* java.lang.String, java.util.Locale)
*/
@Override
public void setUserLocaleState(Certificate certificate, String username, Locale locale) {
public void setUserLocale(Certificate certificate, String username, Locale locale) {
// validate who is doing this
validateIsPrivilegeAdmin(certificate);
@ -483,8 +504,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
}
// create new user
User newUser = new User(user.getUserId(), user.getUsername(), user.getPassword(), user.getFirstname(), user
.getSurname(), user.getUserState(), user.getRoles(), locale);
User newUser = new User(user.getUserId(), user.getUsername(), user.getPassword(), user.getFirstname(),
user.getSurname(), user.getUserState(), user.getRoles(), locale);
// delegate user replacement to persistence handler
this.persistenceHandler.addOrReplaceUser(newUser);
@ -507,8 +528,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
}
// create new user
User newUser = new User(user.getUserId(), user.getUsername(), user.getPassword(), firstname, surname, user
.getUserState(), user.getRoles(), user.getLocale());
User newUser = new User(user.getUserId(), user.getUsername(), user.getPassword(), firstname, surname,
user.getUserState(), user.getRoles(), user.getLocale());
// delegate user replacement to persistence handler
this.persistenceHandler.addOrReplaceUser(newUser);
@ -541,8 +562,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
}
// create new user
User newUser = new User(user.getUserId(), user.getUsername(), passwordHash, user.getFirstname(), user
.getSurname(), user.getUserState(), user.getRoles(), user.getLocale());
User newUser = new User(user.getUserId(), user.getUsername(), passwordHash, user.getFirstname(),
user.getSurname(), user.getUserState(), user.getRoles(), user.getLocale());
// delegate user replacement to persistence handler
this.persistenceHandler.addOrReplaceUser(newUser);
@ -565,8 +586,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
}
// create new user
User newUser = new User(user.getUserId(), user.getUsername(), user.getPassword(), user.getFirstname(), user
.getSurname(), state, user.getRoles(), user.getLocale());
User newUser = new User(user.getUserId(), user.getUsername(), user.getPassword(), user.getFirstname(),
user.getSurname(), state, user.getRoles(), user.getLocale());
// delegate user replacement to persistence handler
this.persistenceHandler.addOrReplaceUser(newUser);
@ -623,8 +644,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
Certificate certificate = new Certificate(sessionId, username, authToken, authPassword, user.getLocale());
// create and save a new session
Session session = new Session(sessionId, authToken, authPassword, user.getUsername(), System
.currentTimeMillis());
Session session = new Session(sessionId, authToken, authPassword, user.getUsername(),
System.currentTimeMillis());
this.sessionMap.put(sessionId, new CertificateSessionPair(session, certificate));
// log
@ -635,8 +656,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
}
/**
* TODO What is better, validate from {@link Restrictable} to {@link User} or the opposite direction?
*
* Checks if the action is allowed by iterating the roles of the certificates user and then delegating to
* {@link #actionAllowed(Role, Restrictable)}
*
* @throws AccessDeniedException
* if the {@link Certificate} is not for a currently logged in {@link User} or if the user may not
@ -648,6 +669,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
@Override
public boolean actionAllowed(Certificate certificate, Restrictable restrictable) {
// TODO What is better, validate from {@link Restrictable} to {@link User} or the opposite direction?
// first validate certificate
if (!isCertificateValid(certificate)) {
logger.info("Certificate is not valid, so action is not allowed: " + certificate + " for restrictable: "
@ -690,18 +713,43 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
}
/**
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#actionAllowed(ch.eitchnet.privilege.model.internal.Role,
* Checks if the {@link RoleRep} has access to the {@link Restrictable} by delegating to
* {@link PrivilegePolicy#actionAllowed(Role, Privilege, Restrictable)}
*
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#actionAllowed(ch.eitchnet.privilege.model.RoleRep,
* ch.eitchnet.privilege.model.Restrictable)
*/
@Override
public boolean actionAllowed(Role role, Restrictable restrictable) {
public boolean actionAllowed(RoleRep roleRep, Restrictable restrictable) {
// user and restrictable must not be null
if (role == null)
if (roleRep == null)
throw new PrivilegeException("Role may not be null!");
else if (restrictable == null)
throw new PrivilegeException("Restrictable may not be null!");
// get role for the roleRep
Role role = this.persistenceHandler.getRole(roleRep.getName());
// validate that the role exists
if (role == null) {
throw new PrivilegeException("No Role exists with the name " + roleRep.getName());
}
return actionAllowed(role, restrictable);
}
/**
* Checks if the {@link Role} has access to the {@link Restrictable} by delegating to
* {@link PrivilegePolicy#actionAllowed(Role, Privilege, Restrictable)}
*
* @param role
* @param restrictable
*
* @return true if the privilege is granted, false otherwise
*/
protected boolean actionAllowed(Role role, Restrictable restrictable) {
// validate PrivilegeName for this restrictable
String privilegeName = restrictable.getPrivilegeName();
if (privilegeName == null || privilegeName.length() < 3) {
@ -800,6 +848,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
}
/**
* This simple implementation validates that the password is not null, and that the password string is not empty
*
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#validatePassword(java.lang.String)
*/
@Override

16
src/ch/eitchnet/privilege/handler/PersistenceHandler.java
View File

@ -12,6 +12,7 @@ package ch.eitchnet.privilege.handler;
import java.util.Map;
import ch.eitchnet.privilege.i18n.PrivilegeException;
import ch.eitchnet.privilege.model.Restrictable;
import ch.eitchnet.privilege.model.internal.Privilege;
import ch.eitchnet.privilege.model.internal.Role;
@ -67,17 +68,20 @@ public interface PersistenceHandler {
/**
* <p>
* Thus this method instantiates a {@link PrivilegePolicy} object from the given policyName. The
* {@link PrivilegePolicy} is not stored in a database, but rather behind a privilege name a class name is stored
* which then is used to instantiate a new object
* This method instantiates a {@link PrivilegePolicy} object from the given policyName. The {@link PrivilegePolicy}
* is not stored in a database. The privilege name is a class name and is then used to instantiate a new
* {@link PrivilegePolicy} object
* </p>
*
* @param policyName
* the name/id of the {@link PrivilegePolicy} object to return
* the class name of the {@link PrivilegePolicy} object to return
*
* @return the {@link PrivilegePolicy} object, or null if no class is defined for the given policy name
* @return the {@link PrivilegePolicy} object
*
* @throws PrivilegeException
* if the {@link PrivilegePolicy} object for the given policy name could not be instantiated
*/
public PrivilegePolicy getPolicy(String policyName);
public PrivilegePolicy getPolicy(String policyName) throws PrivilegeException;
/**
* Removes a {@link User} with the given name and returns the removed object if it existed

380
src/ch/eitchnet/privilege/handler/PrivilegeHandler.java
View File

@ -10,6 +10,7 @@
package ch.eitchnet.privilege.handler;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
@ -28,6 +29,10 @@ import ch.eitchnet.privilege.model.internal.User;
import ch.eitchnet.privilege.policy.PrivilegePolicy;
/**
* The {@link PrivilegeHandler} is the centrally exposed API for accessing the privilege library. It exposes all needed
* methods to access Privilege data model objects, modify them and validate if users or roles have privileges to perform
* an action
*
* @author rvonburg
*
*/
@ -87,8 +92,14 @@ public interface PrivilegeHandler {
* the username of the user to remove
*
* @return the {@link UserRep} of the user removed, or null if the user did not exist
*
* @throws AccessDeniedException
* if the user for this certificate may not perform the action
* @throws PrivilegeException
* if there is anything wrong with this certificate
*/
public UserRep removeUser(Certificate certificate, String username);
public UserRep removeUser(Certificate certificate, String username) throws AccessDeniedException,
PrivilegeException;
/**
* Removes the role with the given roleName from the user with the given username
@ -98,9 +109,15 @@ public interface PrivilegeHandler {
* @param username
* the username of the user from which the role is to be removed
* @param roleName
* the rolename of the role to remove from the user
* the roleName of the role to remove from the user
*
* @throws AccessDeniedException
* if the user for this certificate may not perform the action
* @throws PrivilegeException
* if there is anything wrong with this certificate
*/
public void removeRoleFromUser(Certificate certificate, String username, String roleName);
public void removeRoleFromUser(Certificate certificate, String username, String roleName)
throws AccessDeniedException, PrivilegeException;
/**
* Removes the role with the given roleName
@ -111,8 +128,14 @@ public interface PrivilegeHandler {
* the roleName of the role to remove
*
* @return the {@link RoleRep} of the role removed, or null if the role did not exist
*
* @throws AccessDeniedException
* if the user for this certificate may not perform the action
* @throws PrivilegeException
* if there is anything wrong with this certificate
*/
public RoleRep removeRole(Certificate certificate, String roleName);
public RoleRep removeRole(Certificate certificate, String roleName) throws AccessDeniedException,
PrivilegeException;
/**
* Removes the privilege with the given privilegeName from the role with the given roleName
@ -123,8 +146,14 @@ public interface PrivilegeHandler {
* the roleName of the role from which the privilege is to be removed
* @param privilegeName
* the privilegeName of the privilege to remove from the role
*
* @throws AccessDeniedException
* if the user for this certificate may not perform the action
* @throws PrivilegeException
* if there is anything wrong with this certificate
*/
public void removePrivilegeFromRole(Certificate certificate, String roleName, String privilegeName);
public void removePrivilegeFromRole(Certificate certificate, String roleName, String privilegeName)
throws AccessDeniedException, PrivilegeException;
/**
* Removes the privilege with the given privilegeName
@ -135,8 +164,14 @@ public interface PrivilegeHandler {
* the privilegeName of the privilege to remove
*
* @return the {@link PrivilegeRep} of the privilege removed, or null if the privilege did not exist
*
* @throws AccessDeniedException
* if the user for this certificate may not perform the action
* @throws PrivilegeException
* if there is anything wrong with this certificate
*/
public PrivilegeRep removePrivilege(Certificate certificate, String privilegeName);
public PrivilegeRep removePrivilege(Certificate certificate, String privilegeName) throws AccessDeniedException,
PrivilegeException;
/**
* <p>
@ -156,8 +191,14 @@ public interface PrivilegeHandler {
* the password of the new user. If the password is null, then this is accepted but the user can not
* login, otherwise the password must be validated against
* {@link PrivilegeHandler#validatePassword(String)}
*
* @throws AccessDeniedException
* if the user for this certificate may not perform the action
* @throws PrivilegeException
* if there is anything wrong with this certificate
*/
public void addOrReplaceUser(Certificate certificate, UserRep userRep, String password);
public void addOrReplaceUser(Certificate certificate, UserRep userRep, String password)
throws AccessDeniedException, PrivilegeException;
/**
* Adds a new role, or replaces the role with the information from this {@link RoleRep} if the role already exists
@ -166,8 +207,14 @@ public interface PrivilegeHandler {
* the {@link Certificate} of the user which has the privilege to perform this action
* @param roleRep
* the {@link RoleRep} containing the information to create the new {@link Role}
*
* @throws AccessDeniedException
* if the user for this certificate may not perform the action
* @throws PrivilegeException
* if there is anything wrong with this certificate
*/
public void addOrReplaceRole(Certificate certificate, RoleRep roleRep);
public void addOrReplaceRole(Certificate certificate, RoleRep roleRep) throws AccessDeniedException,
PrivilegeException;
/**
* Adds a new privilege, or replaces the privilege with the information from this {@link PrivilegeRep} if the
@ -177,8 +224,14 @@ public interface PrivilegeHandler {
* the {@link Certificate} of the user which has the privilege to perform this action
* @param privilegeRep
* the {@link PrivilegeRep} containing the information to create the new {@link Privilege}
*
* @throws AccessDeniedException
* if the user for this certificate may not perform the action
* @throws PrivilegeException
* if there is anything wrong with this certificate
*/
public void addOrReplacePrivilege(Certificate certificate, PrivilegeRep privilegeRep);
public void addOrReplacePrivilege(Certificate certificate, PrivilegeRep privilegeRep) throws AccessDeniedException,
PrivilegeException;
/**
* Adds the role with the given roleName to the {@link User} with the given username
@ -189,8 +242,14 @@ public interface PrivilegeHandler {
* the username of the {@link User} to which the role should be added
* @param roleName
* the roleName of the {@link Role} which should be added to the {@link User}
*
* @throws AccessDeniedException
* if the user for this certificate may not perform the action
* @throws PrivilegeException
* if there is anything wrong with this certificate
*/
public void addRoleToUser(Certificate certificate, String username, String roleName);
public void addRoleToUser(Certificate certificate, String username, String roleName) throws AccessDeniedException,
PrivilegeException;
/**
* Adds the privilege with the given privilegeName to the {@link Role} with the given roleName
@ -201,8 +260,14 @@ public interface PrivilegeHandler {
* the roleName of the {@link Role} to which the privilege should be added
* @param privilegeName
* the privilegeName of the {@link Privilege} which should be added to the {@link Role}
*
* @throws AccessDeniedException
* if the user for this certificate may not perform the action
* @throws PrivilegeException
* if there is anything wrong with this certificate
*/
public void addPrivilegeToRole(Certificate certificate, String roleName, String privilegeName);
public void addPrivilegeToRole(Certificate certificate, String roleName, String privilegeName)
throws AccessDeniedException, PrivilegeException;
/**
* Changes the password for the {@link User} with the given username. If the password is null, then the {@link User}
@ -217,115 +282,213 @@ public interface PrivilegeHandler {
* the new password for this user. If the password is null, then the {@link User} can not login anymore.
* Otherwise the password must meet the requirements of the implementation under
* {@link PrivilegeHandler#validatePassword(String)}
*/
public void setUserPassword(Certificate certificate, String username, String password);
/**
* @param certificate
* the {@link Certificate} of the user which has the privilege to perform this action
* @param username
* @param firstname
* @param surname
*/
public void setUserName(Certificate certificate, String username, String firstname, String surname);
/**
* @param certificate
* the {@link Certificate} of the user which has the privilege to perform this action
* @param username
* @param state
*/
public void setUserState(Certificate certificate, String username, UserState state);
/**
* @param certificate
* the {@link Certificate} of the user which has the privilege to perform this action
* @param username
* @param locale
*/
public void setUserLocaleState(Certificate certificate, String username, Locale locale);
/**
* @param certificate
* the {@link Certificate} of the user which has the privilege to perform this action
* @param privilegeName
* @param policyName
*/
public void setPrivilegePolicy(Certificate certificate, String privilegeName, String policyName);
/**
* @param certificate
* the {@link Certificate} of the user which has the privilege to perform this action
* @param privilegeName
* @param allAllowed
*/
public void setPrivilegeAllAllowed(Certificate certificate, String privilegeName, boolean allAllowed);
/**
* @param certificate
* the {@link Certificate} of the user which has the privilege to perform this action
* @param privilegeName
* @param denyList
*/
public void setPrivilegeDenyList(Certificate certificate, String privilegeName, Set<String> denyList);
/**
* @param certificate
* the {@link Certificate} of the user which has the privilege to perform this action
* @param privilegeName
* @param allowList
*/
public void setPrivilegeAllowList(Certificate certificate, String privilegeName, Set<String> allowList);
/**
* @param username
* @param password
*
* @return
* @throws AccessDeniedException
* if the user for this certificate may not perform the action
* @throws PrivilegeException
* if there is anything wrong with this certificate
*/
public void setUserPassword(Certificate certificate, String username, String password)
throws AccessDeniedException, PrivilegeException;
/**
* Changes the name of the user. This changes the first name and the surname. If either value is null, then that
* value is not changed
*
* @param certificate
* the {@link Certificate} of the user which has the privilege to perform this action
* @param username
* the username of the {@link User} for which the name is to be changed
* @param firstname
* the new first name
* @param surname
* the new surname
*
* @throws AccessDeniedException
* if the user for this certificate may not perform the action
* @throws PrivilegeException
* if there is anything wrong with this certificate
*/
public void setUserName(Certificate certificate, String username, String firstname, String surname)
throws AccessDeniedException, PrivilegeException;
/**
* Changes the {@link UserState} of the user
*
* @param certificate
* the {@link Certificate} of the user which has the privilege to perform this action
* @param username
* the username of the {@link User} for which the {@link UserState} is to be changed
* @param state
* the new state for the user
*
* @throws AccessDeniedException
* if the user for this certificate may not perform the action
* @throws PrivilegeException
* if there is anything wrong with this certificate
*/
public void setUserState(Certificate certificate, String username, UserState state) throws AccessDeniedException,
PrivilegeException;
/**
* Changes the {@link Locale} of the user
*
* @param certificate
* the {@link Certificate} of the user which has the privilege to perform this action
* @param username
* the username of the {@link User} for which the {@link Locale} is to be changed
* @param locale
* the new {@link Locale} for the user
*
* @throws AccessDeniedException
* if the user for this certificate may not perform the action
* @throws PrivilegeException
* if there is anything wrong with this certificate
*/
public void setUserLocale(Certificate certificate, String username, Locale locale) throws AccessDeniedException,
PrivilegeException;
/**
* Sets the class name of the {@link PrivilegePolicy} object for the {@link Privilege} registered for the given
* privilegeName
*
* @param certificate
* the {@link Certificate} of the user which has the privilege to perform this action
* @param privilegeName
* the name of the {@link Privilege} for which the policy is to be changed
* @param policyName
* class name of the {@link PrivilegePolicy} to be registered for this {@link Privilege}
*
* @throws AccessDeniedException
* if the user for this certificate may not perform the action
* @throws PrivilegeException
* if there is anything wrong with this certificate or if the class name of the policy is invalid
*/
public void setPrivilegePolicy(Certificate certificate, String privilegeName, String policyName)
throws AccessDeniedException, PrivilegeException;
/**
* Sets the special flag on the given {@link Privilege} defined by the privilegeName argument so that all is allowed
* and thus the allow and deny list of the privilege are ignored
*
* @param certificate
* the {@link Certificate} of the user which has the privilege to perform this action
* @param privilegeName
* the name of the {@link Privilege} for which the allAllowed value is to be changed
* @param allAllowed
* the boolean defining if all privileges are granted for the value true, or not for the value false
*
* @throws AccessDeniedException
* if the user for this certificate may not perform the action
* @throws PrivilegeException
* if there is anything wrong with this certificate
*/
public void setPrivilegeAllAllowed(Certificate certificate, String privilegeName, boolean allAllowed)
throws AccessDeniedException, PrivilegeException;
/**
* Sets the {@link List} of strings which represent values which denies finer grained privilege rights for the
* {@link Privilege} defined by the privilegeName argument
*
* @param certificate
* the {@link Certificate} of the user which has the privilege to perform this action
* @param privilegeName
* the name of the {@link Privilege} for which the deny list is to be changed
* @param denyList
* the {@link List} of strings which represent values which denies finer grained privilege rights
*
* @throws AccessDeniedException
* if the user for this certificate may not perform the action
* @throws PrivilegeException
* if there is anything wrong with this certificate
*/
public void setPrivilegeDenyList(Certificate certificate, String privilegeName, Set<String> denyList)
throws AccessDeniedException, PrivilegeException;
/**
* Sets the {@link List} of strings which represent values which grants finer grained privilege rights for the
* {@link Privilege} defined by the privilegeName argument
*
* @param certificate
* the {@link Certificate} of the user which has the privilege to perform this action
* @param privilegeName
* the name of the {@link Privilege} for which the allow list is to be changed
* @param allowList
* the {@link List} of strings which represent values which grants finer grained privilege rights
*
* @throws AccessDeniedException
* if the user for this certificate may not perform the action
* @throws PrivilegeException
* if there is anything wrong with this certificate
*/
public void setPrivilegeAllowList(Certificate certificate, String privilegeName, Set<String> allowList)
throws AccessDeniedException, PrivilegeException;
/**
* Authenticates a user by validating that a {@link User} for the given username and password exist and then returns
* a {@link Certificate} with which this user may then perform actions
*
* @param username
* the username of the {@link User} which is registered in the {@link PersistenceHandler}
* @param password
* the password with which this user is to be authenticated. Null passwords are not accepted and they
* must meet the requirements of the {@link #validatePassword(String)}-method
*
* @return a {@link Certificate} with which this user may then perform actions
*
* @throws AccessDeniedException
* if the user credentials are not valid
*/
public Certificate authenticate(String username, String password);
public Certificate authenticate(String username, String password) throws AccessDeniedException;
/**
* Checks if the {@link User} registered to the given {@link Certificate} is allowed to access the
* {@link Restrictable}
*
* @param certificate
* the {@link Certificate} of the user which has the privilege to perform this action
* @param restrictable
* the {@link Restrictable} to which the user wants access
*
* @return
* @return true if the access is allowed, false otherwise
*
* @throws AccessDeniedException
* if the {@link Certificate} is not for a currently logged in {@link User} or if the user may not
* perform the action defined by the {@link Restrictable} implementation
* if the user for this certificate may not perform the action defined by the {@link Restrictable}
* implementation
* @throws PrivilegeException
* if there is anything wrong with this certificate
*/
public boolean actionAllowed(Certificate certificate, Restrictable restrictable);
public boolean actionAllowed(Certificate certificate, Restrictable restrictable) throws AccessDeniedException,
PrivilegeException;
/**
* @param role
* Checks if the {@link RoleRep} is allowed to access the {@link Restrictable}
*
* @param roleRep
* the {@link RoleRep} for which access to the {@link Restrictable} is to be checked
* @param restrictable
* @return
* the {@link Restrictable} to which access is to be checked
*
* @return true if the {@link RoleRep} has access, false otherwise
*
* @throws AccessDeniedException
* if the {@link Certificate} is not for a currently logged in {@link User} or if the user may not
* perform the action defined by the {@link Restrictable} implementation
* @throws PrivilegeException
* if there is anything wrong with this certificate
* if the role may not perform the action defined by the {@link Restrictable} implementation
*/
public boolean actionAllowed(Role role, Restrictable restrictable);
public boolean actionAllowed(RoleRep roleRep, Restrictable restrictable) throws AccessDeniedException;
/**
* @param certificate
* @return
* Checks if the given {@link Certificate} is valid. This means that the certificate is for a valid session and that
* the user exists for the certificate. This method checks if the {@link Certificate} has been tampered with
*
* @param certificate
* the {@link Certificate} to check
*
* @return true if the {@link Certificate} is valid, false otherwise
*
* @throws AccessDeniedException
* if the {@link Certificate} is not for a currently logged in {@link User}
* @throws PrivilegeException
* if there is anything wrong with this certificate
*/
public boolean isCertificateValid(Certificate certificate);
public boolean isCertificateValid(Certificate certificate) throws PrivilegeException;
/**
* <p>
@ -344,39 +507,52 @@ public interface PrivilegeHandler {
* @param certificate
* the {@link Certificate} for which the role should be validated against
*
* @throws ch.eitchnet.privilege.i18n.PrivilegeException
* @throws AccessDeniedException
* if the user does not not have admin privileges
*/
public void validateIsPrivilegeAdmin(Certificate certificate) throws PrivilegeException;
public void validateIsPrivilegeAdmin(Certificate certificate) throws AccessDeniedException;
/**
* Validate that the given password meets any requirements. What these requirements are is a decision made by the
* concrete implementation
* Validate that the given password meets certain requirements. What these requirements are is a decision made by
* the concrete implementation
*
* @param password
* the password to be validated to meet certain requirements
*
* @throws PrivilegeException
* if the password does not implement the requirement of the concrete implementation
*/
public void validatePassword(String password) throws PrivilegeException;
/**
* Persists any changes to the privilege data model. Changes are thus not persisted immediately, but must be
* actively performed
*
* @param certificate
* the {@link Certificate} of the user which has the privilege to perform this action
*
* @return
* @return true if changes were persisted, false if no changes were persisted
*
* @throws AccessDeniedException
* if the users of the given certificate does not have the privilege to perform this action
*/
public boolean persist(Certificate certificate);
public boolean persist(Certificate certificate) throws AccessDeniedException;
/**
* Initialize the concrete {@link EncryptionHandler}. The passed parameter map contains any configuration this map
* might need
* Initializes the concrete {@link EncryptionHandler}. The passed parameter map contains any configuration this
* {@link PrivilegeHandler} might need. This method may only be called once and this must be enforced by the
* concrete implementation
*
* @param parameterMap
* a map containing configuration properties
*
* @param encryptionHandler
* the {@link EncryptionHandler} instance for this {@link PrivilegeHandler}
* @param persistenceHandler
* the {@link PersistenceHandler} instance for this {@link PrivilegeHandler}
*
* @throws PrivilegeException
* if the this method is called multiple times or an initialization exception occurs
*/
public void initialize(Map<String, String> parameterMap, EncryptionHandler encryptionHandler,
PersistenceHandler persistenceHandler);
PersistenceHandler persistenceHandler) throws PrivilegeException;
}

12
src/ch/eitchnet/privilege/handler/XmlPersistenceHandler.java
View File

@ -152,7 +152,13 @@ public class XmlPersistenceHandler implements PersistenceHandler {
}
// instantiate the policy
PrivilegePolicy policy = ClassHelper.instantiateClass(policyClazz);
PrivilegePolicy policy;
try {
policy = ClassHelper.instantiateClass(policyClazz);
} catch (Exception e) {
throw new PrivilegeException("The class for the policy with the name " + policyName + " does not exist!"
+ policyName, e);
}
return policy;
}
@ -431,8 +437,8 @@ public class XmlPersistenceHandler implements PersistenceHandler {
}
// create user
User user = new User(userId, username, password, firstname, surname, userState, Collections
.unmodifiableSet(roles), locale);
User user = new User(userId, username, password, firstname, surname, userState,
Collections.unmodifiableSet(roles), locale);
// put user in map
this.userMap.put(username, user);