[Fix] Don't throw exception on missing roles, privileges or policies
This commit is contained in:
parent
35039f69da
commit
8635e2d96f
|
@ -15,6 +15,7 @@
|
||||||
*/
|
*/
|
||||||
package li.strolch.privilege.handler;
|
package li.strolch.privilege.handler;
|
||||||
|
|
||||||
|
import static java.text.MessageFormat.format;
|
||||||
import static li.strolch.utils.helper.StringHelper.*;
|
import static li.strolch.utils.helper.StringHelper.*;
|
||||||
|
|
||||||
import javax.crypto.SecretKey;
|
import javax.crypto.SecretKey;
|
||||||
|
@ -22,7 +23,6 @@ import java.io.File;
|
||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
import java.io.OutputStream;
|
import java.io.OutputStream;
|
||||||
import java.nio.file.Files;
|
import java.nio.file.Files;
|
||||||
import java.text.MessageFormat;
|
|
||||||
import java.time.ZonedDateTime;
|
import java.time.ZonedDateTime;
|
||||||
import java.util.*;
|
import java.util.*;
|
||||||
import java.util.Map.Entry;
|
import java.util.Map.Entry;
|
||||||
|
@ -385,7 +385,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
// make sure userId is not set
|
// make sure userId is not set
|
||||||
if (isNotEmpty(userRepParam.getUserId())) {
|
if (isNotEmpty(userRepParam.getUserId())) {
|
||||||
String msg = "UserId can not be set when adding a new user!";
|
String msg = "UserId can not be set when adding a new user!";
|
||||||
throw new PrivilegeModelException(MessageFormat.format(msg, userRepParam.getUsername()));
|
throw new PrivilegeModelException(format(msg, userRepParam.getUsername()));
|
||||||
}
|
}
|
||||||
|
|
||||||
UserRep userRep = userRepParam.clone();
|
UserRep userRep = userRepParam.clone();
|
||||||
|
@ -401,7 +401,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
// validate user does not already exist
|
// validate user does not already exist
|
||||||
if (this.persistenceHandler.getUser(userRep.getUsername()) != null) {
|
if (this.persistenceHandler.getUser(userRep.getUsername()) != null) {
|
||||||
String msg = "User {0} can not be added as it already exists!";
|
String msg = "User {0} can not be added as it already exists!";
|
||||||
throw new PrivilegeModelException(MessageFormat.format(msg, userRep.getUsername()));
|
throw new PrivilegeModelException(format(msg, userRep.getUsername()));
|
||||||
}
|
}
|
||||||
|
|
||||||
UserHistory history = new UserHistory();
|
UserHistory history = new UserHistory();
|
||||||
|
@ -465,7 +465,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
// make sure userId is not set
|
// make sure userId is not set
|
||||||
if (isNotEmpty(userRep.getUserId())) {
|
if (isNotEmpty(userRep.getUserId())) {
|
||||||
String msg = "UserId can not be set when adding a new user!";
|
String msg = "UserId can not be set when adding a new user!";
|
||||||
throw new PrivilegeModelException(MessageFormat.format(msg, userRep.getUsername()));
|
throw new PrivilegeModelException(format(msg, userRep.getUsername()));
|
||||||
}
|
}
|
||||||
|
|
||||||
// set userId
|
// set userId
|
||||||
|
@ -536,14 +536,14 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
User existingUser = this.persistenceHandler.getUser(userRep.getUsername());
|
User existingUser = this.persistenceHandler.getUser(userRep.getUsername());
|
||||||
if (existingUser == null) {
|
if (existingUser == null) {
|
||||||
String msg = "User {0} can not be replaced as it does not exist!";
|
String msg = "User {0} can not be replaced as it does not exist!";
|
||||||
throw new PrivilegeModelException(MessageFormat.format(msg, userRep.getUsername()));
|
throw new PrivilegeModelException(format(msg, userRep.getUsername()));
|
||||||
}
|
}
|
||||||
|
|
||||||
// validate same userId
|
// validate same userId
|
||||||
if (!existingUser.getUserId().equals(userRep.getUserId())) {
|
if (!existingUser.getUserId().equals(userRep.getUserId())) {
|
||||||
String msg = "UserId of existing user {0} does not match userRep {1}";
|
String msg = "UserId of existing user {0} does not match userRep {1}";
|
||||||
msg = MessageFormat.format(msg, existingUser.getUserId(), userRep.getUserId());
|
msg = format(msg, existingUser.getUserId(), userRep.getUserId());
|
||||||
throw new PrivilegeModelException(MessageFormat.format(msg, userRep.getUsername()));
|
throw new PrivilegeModelException(format(msg, userRep.getUsername()));
|
||||||
}
|
}
|
||||||
|
|
||||||
UserHistory history = existingUser.getHistory().getClone();
|
UserHistory history = existingUser.getHistory().getClone();
|
||||||
|
@ -588,7 +588,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
for (String role : userRep.getRoles()) {
|
for (String role : userRep.getRoles()) {
|
||||||
if (this.persistenceHandler.getRole(role) == null) {
|
if (this.persistenceHandler.getRole(role) == null) {
|
||||||
String msg = "Can not add user {0} as role {1} does not exist!";
|
String msg = "Can not add user {0} as role {1} does not exist!";
|
||||||
msg = MessageFormat.format(msg, userRep.getUsername(), role);
|
msg = format(msg, userRep.getUsername(), role);
|
||||||
throw new PrivilegeModelException(msg);
|
throw new PrivilegeModelException(msg);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -619,14 +619,13 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
// get existing user
|
// get existing user
|
||||||
User existingUser = this.persistenceHandler.getUser(userRep.getUsername());
|
User existingUser = this.persistenceHandler.getUser(userRep.getUsername());
|
||||||
if (existingUser == null)
|
if (existingUser == null)
|
||||||
throw new PrivilegeModelException(
|
throw new PrivilegeModelException(format("User {0} does not exist!", userRep.getUsername())); //$NON-NLS-1$
|
||||||
MessageFormat.format("User {0} does not exist!", userRep.getUsername())); //$NON-NLS-1$
|
|
||||||
|
|
||||||
// if nothing to do, then stop
|
// if nothing to do, then stop
|
||||||
if (isEmpty(userRep.getFirstname()) && isEmpty(userRep.getLastname()) && userRep.getLocale() == null && (
|
if (isEmpty(userRep.getFirstname()) && isEmpty(userRep.getLastname()) && userRep.getLocale() == null && (
|
||||||
userRep.getProperties() == null || userRep.getProperties().isEmpty())) {
|
userRep.getProperties() == null || userRep.getProperties().isEmpty())) {
|
||||||
throw new PrivilegeModelException(
|
throw new PrivilegeModelException(
|
||||||
MessageFormat.format("All updateable fields are empty for update of user {0}", //$NON-NLS-1$
|
format("All updateable fields are empty for update of user {0}", //$NON-NLS-1$
|
||||||
userRep.getUsername()));
|
userRep.getUsername()));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -693,7 +692,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
User existingUser = this.persistenceHandler.getUser(username);
|
User existingUser = this.persistenceHandler.getUser(username);
|
||||||
if (existingUser == null) {
|
if (existingUser == null) {
|
||||||
String msg = "Can not remove User {0} because user does not exist!";
|
String msg = "Can not remove User {0} because user does not exist!";
|
||||||
throw new PrivilegeModelException(MessageFormat.format(msg, username));
|
throw new PrivilegeModelException(format(msg, username));
|
||||||
}
|
}
|
||||||
|
|
||||||
// validate this user may remove this user
|
// validate this user may remove this user
|
||||||
|
@ -718,7 +717,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
// get user
|
// get user
|
||||||
User existingUser = this.persistenceHandler.getUser(username);
|
User existingUser = this.persistenceHandler.getUser(username);
|
||||||
if (existingUser == null)
|
if (existingUser == null)
|
||||||
throw new PrivilegeModelException(MessageFormat.format("User {0} does not exist!", username)); //$NON-NLS-1$
|
throw new PrivilegeModelException(format("User {0} does not exist!", username)); //$NON-NLS-1$
|
||||||
|
|
||||||
// validate that this user may add this role to this user
|
// validate that this user may add this role to this user
|
||||||
prvCtx.validateAction(new SimpleRestrictable(PRIVILEGE_ADD_ROLE_TO_USER, new Tuple(existingUser, roleName)));
|
prvCtx.validateAction(new SimpleRestrictable(PRIVILEGE_ADD_ROLE_TO_USER, new Tuple(existingUser, roleName)));
|
||||||
|
@ -726,13 +725,13 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
// check that user not already has role
|
// check that user not already has role
|
||||||
Set<String> currentRoles = existingUser.getRoles();
|
Set<String> currentRoles = existingUser.getRoles();
|
||||||
if (currentRoles.contains(roleName)) {
|
if (currentRoles.contains(roleName)) {
|
||||||
String msg = MessageFormat.format("User {0} already has role {1}", username, roleName); //$NON-NLS-1$
|
String msg = format("User {0} already has role {1}", username, roleName); //$NON-NLS-1$
|
||||||
throw new PrivilegeModelException(msg);
|
throw new PrivilegeModelException(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
// validate that the role exists
|
// validate that the role exists
|
||||||
if (this.persistenceHandler.getRole(roleName) == null) {
|
if (this.persistenceHandler.getRole(roleName) == null) {
|
||||||
String msg = MessageFormat.format("Role {0} does not exist!", roleName); //$NON-NLS-1$
|
String msg = format("Role {0} does not exist!", roleName); //$NON-NLS-1$
|
||||||
throw new PrivilegeModelException(msg);
|
throw new PrivilegeModelException(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -770,7 +769,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
// get User
|
// get User
|
||||||
User existingUser = this.persistenceHandler.getUser(username);
|
User existingUser = this.persistenceHandler.getUser(username);
|
||||||
if (existingUser == null)
|
if (existingUser == null)
|
||||||
throw new PrivilegeModelException(MessageFormat.format("User {0} does not exist!", username)); //$NON-NLS-1$
|
throw new PrivilegeModelException(format("User {0} does not exist!", username)); //$NON-NLS-1$
|
||||||
|
|
||||||
// validate that this user may remove this role from this user
|
// validate that this user may remove this role from this user
|
||||||
prvCtx.validateAction(
|
prvCtx.validateAction(
|
||||||
|
@ -779,8 +778,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
// ignore if user does not have role
|
// ignore if user does not have role
|
||||||
Set<String> currentRoles = existingUser.getRoles();
|
Set<String> currentRoles = existingUser.getRoles();
|
||||||
if (!currentRoles.contains(roleName)) {
|
if (!currentRoles.contains(roleName)) {
|
||||||
String msg = MessageFormat
|
String msg = format("User {0} does not have role {1}", existingUser.getUsername(), roleName); //$NON-NLS-1$
|
||||||
.format("User {0} does not have role {1}", existingUser.getUsername(), roleName); //$NON-NLS-1$
|
|
||||||
throw new PrivilegeModelException(msg);
|
throw new PrivilegeModelException(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -814,7 +812,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
// get User
|
// get User
|
||||||
User existingUser = this.persistenceHandler.getUser(username);
|
User existingUser = this.persistenceHandler.getUser(username);
|
||||||
if (existingUser == null)
|
if (existingUser == null)
|
||||||
throw new PrivilegeModelException(MessageFormat.format("User {0} does not exist!", username)); //$NON-NLS-1$
|
throw new PrivilegeModelException(format("User {0} does not exist!", username)); //$NON-NLS-1$
|
||||||
|
|
||||||
// create new user
|
// create new user
|
||||||
User newUser = new User(existingUser.getUserId(), existingUser.getUsername(), existingUser.getPassword(),
|
User newUser = new User(existingUser.getUserId(), existingUser.getUsername(), existingUser.getPassword(),
|
||||||
|
@ -851,11 +849,11 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
// get User
|
// get User
|
||||||
User existingUser = this.persistenceHandler.getUser(username);
|
User existingUser = this.persistenceHandler.getUser(username);
|
||||||
if (existingUser == null)
|
if (existingUser == null)
|
||||||
throw new PrivilegeModelException(MessageFormat.format("User {0} does not exist!", username)); //$NON-NLS-1$
|
throw new PrivilegeModelException(format("User {0} does not exist!", username)); //$NON-NLS-1$
|
||||||
|
|
||||||
if (existingUser.getUserState().isRemote())
|
if (existingUser.getUserState().isRemote())
|
||||||
throw new PrivilegeModelException(
|
throw new PrivilegeModelException(
|
||||||
MessageFormat.format("User {0} is remote and can not set password!", username)); //$NON-NLS-1$
|
format("User {0} is remote and can not set password!", username)); //$NON-NLS-1$
|
||||||
|
|
||||||
// create new user
|
// create new user
|
||||||
User newUser = new User(existingUser.getUserId(), existingUser.getUsername(), existingUser.getPassword(),
|
User newUser = new User(existingUser.getUserId(), existingUser.getUsername(), existingUser.getPassword(),
|
||||||
|
@ -886,8 +884,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
// get User
|
// get User
|
||||||
User existingUser = this.persistenceHandler.getUser(username);
|
User existingUser = this.persistenceHandler.getUser(username);
|
||||||
if (existingUser == null)
|
if (existingUser == null)
|
||||||
throw new PrivilegeModelException(
|
throw new PrivilegeModelException(format("User {0} does not exist!", username)); //$NON-NLS-1$
|
||||||
MessageFormat.format("User {0} does not exist!", username)); //$NON-NLS-1$
|
|
||||||
|
|
||||||
UserHistory history = existingUser.getHistory().getClone();
|
UserHistory history = existingUser.getHistory().getClone();
|
||||||
|
|
||||||
|
@ -952,7 +949,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
// get User
|
// get User
|
||||||
User existingUser = this.persistenceHandler.getUser(username);
|
User existingUser = this.persistenceHandler.getUser(username);
|
||||||
if (existingUser == null)
|
if (existingUser == null)
|
||||||
throw new PrivilegeModelException(MessageFormat.format("User {0} does not exist!", username)); //$NON-NLS-1$
|
throw new PrivilegeModelException(format("User {0} does not exist!", username)); //$NON-NLS-1$
|
||||||
|
|
||||||
// create new user
|
// create new user
|
||||||
User newUser = new User(existingUser.getUserId(), existingUser.getUsername(), existingUser.getPassword(),
|
User newUser = new User(existingUser.getUserId(), existingUser.getUsername(), existingUser.getPassword(),
|
||||||
|
@ -984,7 +981,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
|
|
||||||
// validate role does not exist
|
// validate role does not exist
|
||||||
if (this.persistenceHandler.getRole(roleRep.getName()) != null) {
|
if (this.persistenceHandler.getRole(roleRep.getName()) != null) {
|
||||||
String msg = MessageFormat.format("Can not add role {0} as it already exists!", roleRep.getName());
|
String msg = format("Can not add role {0} as it already exists!", roleRep.getName());
|
||||||
throw new PrivilegeModelException(msg);
|
throw new PrivilegeModelException(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1018,7 +1015,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
// validate role does exist
|
// validate role does exist
|
||||||
Role existingRole = this.persistenceHandler.getRole(roleRep.getName());
|
Role existingRole = this.persistenceHandler.getRole(roleRep.getName());
|
||||||
if (existingRole == null) {
|
if (existingRole == null) {
|
||||||
String msg = MessageFormat.format("Can not replace role {0} as it does not exist!", roleRep.getName());
|
String msg = format("Can not replace role {0} as it does not exist!", roleRep.getName());
|
||||||
throw new PrivilegeModelException(msg);
|
throw new PrivilegeModelException(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1059,7 +1056,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
if (!usersWithRole.isEmpty()) {
|
if (!usersWithRole.isEmpty()) {
|
||||||
String usersS = usersWithRole.stream().map(UserRep::getUsername).collect(Collectors.joining(", "));
|
String usersS = usersWithRole.stream().map(UserRep::getUsername).collect(Collectors.joining(", "));
|
||||||
String msg = "The role {0} can not be removed as the following {1} user have the role assigned: {2}";
|
String msg = "The role {0} can not be removed as the following {1} user have the role assigned: {2}";
|
||||||
msg = MessageFormat.format(msg, roleName, usersWithRole.size(), usersS);
|
msg = format(msg, roleName, usersWithRole.size(), usersS);
|
||||||
throw new PrivilegeModelException(msg);
|
throw new PrivilegeModelException(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1067,7 +1064,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
Role existingRole = this.persistenceHandler.getRole(roleName);
|
Role existingRole = this.persistenceHandler.getRole(roleName);
|
||||||
if (existingRole == null) {
|
if (existingRole == null) {
|
||||||
String msg = "Can not remove Role {0} because role does not exist!";
|
String msg = "Can not remove Role {0} because role does not exist!";
|
||||||
throw new PrivilegeModelException(MessageFormat.format(msg, roleName));
|
throw new PrivilegeModelException(format(msg, roleName));
|
||||||
}
|
}
|
||||||
|
|
||||||
// validate that this user may remove this role
|
// validate that this user may remove this role
|
||||||
|
@ -1094,7 +1091,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
// get role
|
// get role
|
||||||
Role existingRole = this.persistenceHandler.getRole(roleName);
|
Role existingRole = this.persistenceHandler.getRole(roleName);
|
||||||
if (existingRole == null) {
|
if (existingRole == null) {
|
||||||
String msg = MessageFormat.format("Role {0} does not exist!", roleName); //$NON-NLS-1$
|
String msg = format("Role {0} does not exist!", roleName); //$NON-NLS-1$
|
||||||
throw new PrivilegeModelException(msg);
|
throw new PrivilegeModelException(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1102,7 +1099,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
String policy = privilegeRep.getPolicy();
|
String policy = privilegeRep.getPolicy();
|
||||||
if (policy != null && !this.policyMap.containsKey(policy)) {
|
if (policy != null && !this.policyMap.containsKey(policy)) {
|
||||||
String msg = "Policy {0} for Privilege {1} does not exist"; //$NON-NLS-1$
|
String msg = "Policy {0} for Privilege {1} does not exist"; //$NON-NLS-1$
|
||||||
msg = MessageFormat.format(msg, policy, privilegeRep.getName());
|
msg = format(msg, policy, privilegeRep.getName());
|
||||||
throw new PrivilegeModelException(msg);
|
throw new PrivilegeModelException(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1150,13 +1147,12 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
// get role
|
// get role
|
||||||
Role existingRole = this.persistenceHandler.getRole(roleName);
|
Role existingRole = this.persistenceHandler.getRole(roleName);
|
||||||
if (existingRole == null) {
|
if (existingRole == null) {
|
||||||
throw new PrivilegeModelException(MessageFormat.format("Role {0} does not exist!", roleName)); //$NON-NLS-1$
|
throw new PrivilegeModelException(format("Role {0} does not exist!", roleName)); //$NON-NLS-1$
|
||||||
}
|
}
|
||||||
|
|
||||||
// ignore if role does not have privilege
|
// ignore if role does not have privilege
|
||||||
if (!existingRole.hasPrivilege(privilegeName)) {
|
if (!existingRole.hasPrivilege(privilegeName)) {
|
||||||
String msg = MessageFormat
|
String msg = format("Role {0} does not have Privilege {1}", roleName, privilegeName); //$NON-NLS-1$
|
||||||
.format("Role {0} does not have Privilege {1}", roleName, privilegeName); //$NON-NLS-1$
|
|
||||||
throw new PrivilegeModelException(msg);
|
throw new PrivilegeModelException(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1257,13 +1253,13 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
// get User
|
// get User
|
||||||
User user = this.persistenceHandler.getUser(username);
|
User user = this.persistenceHandler.getUser(username);
|
||||||
if (user == null) {
|
if (user == null) {
|
||||||
throw new PrivilegeModelException(MessageFormat.format("User {0} does not exist!", username)); //$NON-NLS-1$
|
throw new PrivilegeModelException(format("User {0} does not exist!", username)); //$NON-NLS-1$
|
||||||
}
|
}
|
||||||
|
|
||||||
// initiate the challenge
|
// initiate the challenge
|
||||||
this.userChallengeHandler.initiateChallengeFor(usage, user, source);
|
this.userChallengeHandler.initiateChallengeFor(usage, user, source);
|
||||||
|
|
||||||
logger.info(MessageFormat.format("Initiated Challenge for {0} with usage {1}", username, usage));
|
logger.info(format("Initiated Challenge for {0} with usage {1}", username, usage));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -1278,7 +1274,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
// get User
|
// get User
|
||||||
User user = this.persistenceHandler.getUser(username);
|
User user = this.persistenceHandler.getUser(username);
|
||||||
if (user == null) {
|
if (user == null) {
|
||||||
throw new PrivilegeModelException(MessageFormat.format("User {0} does not exist!", username)); //$NON-NLS-1$
|
throw new PrivilegeModelException(format("User {0} does not exist!", username)); //$NON-NLS-1$
|
||||||
}
|
}
|
||||||
|
|
||||||
// validate the response
|
// validate the response
|
||||||
|
@ -1301,7 +1297,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
|
|
||||||
persistSessions();
|
persistSessions();
|
||||||
|
|
||||||
logger.info(MessageFormat.format("Challenge validated for user {0} with usage {1}", username, usage));
|
logger.info(format("Challenge validated for user {0} with usage {1}", username, usage));
|
||||||
return certificate;
|
return certificate;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1317,8 +1313,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
try {
|
try {
|
||||||
// username must be at least 2 characters in length
|
// username must be at least 2 characters in length
|
||||||
if (username == null || username.length() < 2) {
|
if (username == null || username.length() < 2) {
|
||||||
String msg = MessageFormat
|
String msg = format("The given username ''{0}'' is shorter than 2 characters", username); //$NON-NLS-1$
|
||||||
.format("The given username ''{0}'' is shorter than 2 characters", username); //$NON-NLS-1$
|
|
||||||
throw new InvalidCredentialsException(msg);
|
throw new InvalidCredentialsException(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1329,7 +1324,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
Set<String> userRoles = user.getRoles();
|
Set<String> userRoles = user.getRoles();
|
||||||
if (userRoles.isEmpty())
|
if (userRoles.isEmpty())
|
||||||
throw new InvalidCredentialsException(
|
throw new InvalidCredentialsException(
|
||||||
MessageFormat.format("User {0} does not have any roles defined!", username)); //$NON-NLS-1$
|
format("User {0} does not have any roles defined!", username)); //$NON-NLS-1$
|
||||||
|
|
||||||
if (user.isPasswordChangeRequested()) {
|
if (user.isPasswordChangeRequested()) {
|
||||||
if (usage == Usage.SINGLE)
|
if (usage == Usage.SINGLE)
|
||||||
|
@ -1361,7 +1356,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
this.persistenceHandler.persist();
|
this.persistenceHandler.persist();
|
||||||
|
|
||||||
// log
|
// log
|
||||||
logger.info(MessageFormat.format("User {0} authenticated: {1}", username, certificate)); //$NON-NLS-1$
|
logger.info(format("User {0} authenticated: {1}", username, certificate)); //$NON-NLS-1$
|
||||||
|
|
||||||
// return the certificate
|
// return the certificate
|
||||||
return certificate;
|
return certificate;
|
||||||
|
@ -1371,7 +1366,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
} catch (RuntimeException e) {
|
} catch (RuntimeException e) {
|
||||||
logger.error(e.getMessage(), e);
|
logger.error(e.getMessage(), e);
|
||||||
String msg = "User {0} failed to authenticate: {1}"; //$NON-NLS-1$
|
String msg = "User {0} failed to authenticate: {1}"; //$NON-NLS-1$
|
||||||
msg = MessageFormat.format(msg, username, e.getMessage());
|
msg = format(msg, username, e.getMessage());
|
||||||
throw new PrivilegeException(msg, e);
|
throw new PrivilegeException(msg, e);
|
||||||
} finally {
|
} finally {
|
||||||
clearPassword(password);
|
clearPassword(password);
|
||||||
|
@ -1423,7 +1418,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
persistSessions();
|
persistSessions();
|
||||||
|
|
||||||
// log
|
// log
|
||||||
logger.info(MessageFormat.format("User {0} authenticated: {1}", user.getUsername(), certificate)); //$NON-NLS-1$
|
logger.info(format("User {0} authenticated: {1}", user.getUsername(), certificate)); //$NON-NLS-1$
|
||||||
|
|
||||||
return certificate;
|
return certificate;
|
||||||
}
|
}
|
||||||
|
@ -1469,8 +1464,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
persistSessions();
|
persistSessions();
|
||||||
|
|
||||||
// log
|
// log
|
||||||
logger.info(MessageFormat
|
logger.info(format("User {0} refreshed session: {1}", user.getUsername(), refreshedCert)); //$NON-NLS-1$
|
||||||
.format("User {0} refreshed session: {1}", user.getUsername(), refreshedCert)); //$NON-NLS-1$
|
|
||||||
|
|
||||||
// return the certificate
|
// return the certificate
|
||||||
return refreshedCert;
|
return refreshedCert;
|
||||||
|
@ -1480,7 +1474,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
} catch (RuntimeException e) {
|
} catch (RuntimeException e) {
|
||||||
logger.error(e.getMessage(), e);
|
logger.error(e.getMessage(), e);
|
||||||
String msg = "User {0} failed to refresh session: {1}"; //$NON-NLS-1$
|
String msg = "User {0} failed to refresh session: {1}"; //$NON-NLS-1$
|
||||||
msg = MessageFormat.format(msg, certificate.getUsername(), e.getMessage());
|
msg = format(msg, certificate.getUsername(), e.getMessage());
|
||||||
throw new PrivilegeException(msg, e);
|
throw new PrivilegeException(msg, e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1617,14 +1611,14 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
User user = this.persistenceHandler.getUser(username);
|
User user = this.persistenceHandler.getUser(username);
|
||||||
// no user means no authentication
|
// no user means no authentication
|
||||||
if (user == null) {
|
if (user == null) {
|
||||||
String msg = MessageFormat.format("There is no user defined with the username {0}", username); //$NON-NLS-1$
|
String msg = format("There is no user defined with the username {0}", username); //$NON-NLS-1$
|
||||||
throw new InvalidCredentialsException(msg);
|
throw new InvalidCredentialsException(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
// make sure not a system user - they may not login in
|
// make sure not a system user - they may not login in
|
||||||
if (user.getUserState() == UserState.SYSTEM) {
|
if (user.getUserState() == UserState.SYSTEM) {
|
||||||
String msg = "User {0} is a system user and may not login!"; //$NON-NLS-1$
|
String msg = "User {0} is a system user and may not login!"; //$NON-NLS-1$
|
||||||
msg = MessageFormat.format(msg, username);
|
msg = format(msg, username);
|
||||||
throw new InvalidCredentialsException(msg);
|
throw new InvalidCredentialsException(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1632,14 +1626,14 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
// this also capture the trying to login of SYSTEM user
|
// this also capture the trying to login of SYSTEM user
|
||||||
if (user.getUserState() != UserState.ENABLED) {
|
if (user.getUserState() != UserState.ENABLED) {
|
||||||
String msg = "User {0} does not have state {1} and can not login!"; //$NON-NLS-1$
|
String msg = "User {0} does not have state {1} and can not login!"; //$NON-NLS-1$
|
||||||
msg = MessageFormat.format(msg, username, UserState.ENABLED);
|
msg = format(msg, username, UserState.ENABLED);
|
||||||
throw new AccessDeniedException(msg);
|
throw new AccessDeniedException(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
byte[] pwHash = user.getPassword();
|
byte[] pwHash = user.getPassword();
|
||||||
if (pwHash == null)
|
if (pwHash == null)
|
||||||
throw new InvalidCredentialsException(
|
throw new InvalidCredentialsException(
|
||||||
MessageFormat.format("User {0} has no password and may not login!", username)); //$NON-NLS-1$
|
format("User {0} has no password and may not login!", username)); //$NON-NLS-1$
|
||||||
byte[] salt = user.getSalt();
|
byte[] salt = user.getSalt();
|
||||||
|
|
||||||
// we only work with hashed passwords
|
// we only work with hashed passwords
|
||||||
|
@ -1656,8 +1650,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
|
|
||||||
// validate password
|
// validate password
|
||||||
if (!Arrays.equals(passwordHash, pwHash))
|
if (!Arrays.equals(passwordHash, pwHash))
|
||||||
throw new InvalidCredentialsException(
|
throw new InvalidCredentialsException(format("Password is incorrect for {0}", username)); //$NON-NLS-1$
|
||||||
MessageFormat.format("Password is incorrect for {0}", username)); //$NON-NLS-1$
|
|
||||||
|
|
||||||
// see if we need to update the hash
|
// see if we need to update the hash
|
||||||
if (user.getHashAlgorithm() == null || user.getHashIterations() != this.encryptionHandler.getIterations()
|
if (user.getHashAlgorithm() == null || user.getHashIterations() != this.encryptionHandler.getIterations()
|
||||||
|
@ -1711,25 +1704,25 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
// get a cache of the privileges and policies for this user
|
// get a cache of the privileges and policies for this user
|
||||||
for (String roleName : userRoles) {
|
for (String roleName : userRoles) {
|
||||||
Role role = this.persistenceHandler.getRole(roleName);
|
Role role = this.persistenceHandler.getRole(roleName);
|
||||||
if (role == null)
|
if (role == null) {
|
||||||
throw new IllegalStateException("Role " + roleName + " does not exist for user " + user.getUsername());
|
logger.error("Role " + roleName + " does not exist for user " + user.getUsername());
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
Set<String> privilegeNames = role.getPrivilegeNames();
|
Set<String> privilegeNames = role.getPrivilegeNames();
|
||||||
for (String privilegeName : privilegeNames) {
|
for (String privilegeName : privilegeNames) {
|
||||||
|
|
||||||
IPrivilege privilege = role.getPrivilege(privilegeName);
|
IPrivilege privilege = role.getPrivilege(privilegeName);
|
||||||
if (privilege == null) {
|
if (privilege == null) {
|
||||||
String msg = "The Privilege {0} does not exist for role {1}"; //$NON-NLS-1$
|
logger.error(format("The Privilege {0} does not exist for role {1}", privilegeName, roleName));
|
||||||
msg = MessageFormat.format(msg, privilegeName, roleName);
|
continue;
|
||||||
throw new PrivilegeModelException(msg);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// cache the privilege
|
// cache the privilege
|
||||||
if (privileges.containsKey(privilegeName)) {
|
if (privileges.containsKey(privilegeName)) {
|
||||||
if (this.privilegeConflictResolution.isStrict()) {
|
if (this.privilegeConflictResolution.isStrict()) {
|
||||||
String msg = "User has conflicts for privilege {0} with role {1}";
|
throw new PrivilegeModelException(
|
||||||
msg = MessageFormat.format(msg, privilegeName, roleName);
|
format("User has conflicts for privilege {0} with role {1}", privilegeName, roleName));
|
||||||
throw new PrivilegeModelException(msg);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
IPrivilege priv = privileges.get(privilegeName);
|
IPrivilege priv = privileges.get(privilegeName);
|
||||||
|
@ -1760,10 +1753,10 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
|
|
||||||
PrivilegePolicy policy = getPolicy(policyName);
|
PrivilegePolicy policy = getPolicy(policyName);
|
||||||
if (policy == null) {
|
if (policy == null) {
|
||||||
String msg = "The Policy {0} does not exist for Privilege {1}"; //$NON-NLS-1$
|
logger.error(format("The Policy {0} does not exist for Privilege {1}", policyName, privilegeName));
|
||||||
msg = MessageFormat.format(msg, policyName, privilegeName);
|
continue;
|
||||||
throw new PrivilegeModelException(msg);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
policies.put(policyName, policy);
|
policies.put(policyName, policy);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1785,7 +1778,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
// return true if object was really removed
|
// return true if object was really removed
|
||||||
boolean loggedOut = privilegeContext != null;
|
boolean loggedOut = privilegeContext != null;
|
||||||
if (loggedOut)
|
if (loggedOut)
|
||||||
logger.info(MessageFormat.format("User {0} logged out.", certificate.getUsername())); //$NON-NLS-1$
|
logger.info(format("User {0} logged out.", certificate.getUsername())); //$NON-NLS-1$
|
||||||
else
|
else
|
||||||
logger.warn("User already logged out!"); //$NON-NLS-1$
|
logger.warn("User already logged out!"); //$NON-NLS-1$
|
||||||
|
|
||||||
|
@ -1806,7 +1799,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
// validate user state is system
|
// validate user state is system
|
||||||
if (ctx.getUserRep().getUserState() != UserState.SYSTEM) {
|
if (ctx.getUserRep().getUserState() != UserState.SYSTEM) {
|
||||||
String msg = "The PrivilegeContext's user {0} does not have expected user state {1}"; //$NON-NLS-1$
|
String msg = "The PrivilegeContext's user {0} does not have expected user state {1}"; //$NON-NLS-1$
|
||||||
msg = MessageFormat.format(msg, ctx.getUserRep().getUsername(), UserState.SYSTEM);
|
msg = format(msg, ctx.getUserRep().getUsername(), UserState.SYSTEM);
|
||||||
throw new PrivilegeException(msg);
|
throw new PrivilegeException(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1814,15 +1807,14 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
Certificate certificate = ctx.getCertificate();
|
Certificate certificate = ctx.getCertificate();
|
||||||
PrivilegeContext privilegeContext = this.privilegeContextMap.get(certificate.getSessionId());
|
PrivilegeContext privilegeContext = this.privilegeContextMap.get(certificate.getSessionId());
|
||||||
if (privilegeContext == null) {
|
if (privilegeContext == null) {
|
||||||
String msg = MessageFormat.format("There is no session information for {0}", certificate); //$NON-NLS-1$
|
String msg = format("There is no session information for {0}", certificate); //$NON-NLS-1$
|
||||||
throw new NotAuthenticatedException(msg);
|
throw new NotAuthenticatedException(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
// validate same privilege contexts
|
// validate same privilege contexts
|
||||||
if (ctx != privilegeContext) {
|
if (ctx != privilegeContext) {
|
||||||
String msg = MessageFormat
|
String msg = format("The given PrivilegeContext {0} is not the same as registered under the sessionId {1}",
|
||||||
.format("The given PrivilegeContext {0} is not the same as registered under the sessionId {1}",
|
ctx.getCertificate().getSessionId(), privilegeContext.getCertificate().getSessionId());
|
||||||
ctx.getCertificate().getSessionId(), privilegeContext.getCertificate().getSessionId());
|
|
||||||
throw new PrivilegeException(msg);
|
throw new PrivilegeException(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1830,7 +1822,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
Certificate sessionCertificate = privilegeContext.getCertificate();
|
Certificate sessionCertificate = privilegeContext.getCertificate();
|
||||||
if (!sessionCertificate.equals(certificate)) {
|
if (!sessionCertificate.equals(certificate)) {
|
||||||
String msg = "Received illegal certificate for session id {0}"; //$NON-NLS-1$
|
String msg = "Received illegal certificate for session id {0}"; //$NON-NLS-1$
|
||||||
msg = MessageFormat.format(msg, certificate.getSessionId());
|
msg = format(msg, certificate.getSessionId());
|
||||||
throw new PrivilegeException(msg);
|
throw new PrivilegeException(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1852,7 +1844,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
// first see if a session exists for this certificate
|
// first see if a session exists for this certificate
|
||||||
PrivilegeContext privilegeContext = this.privilegeContextMap.get(certificate.getSessionId());
|
PrivilegeContext privilegeContext = this.privilegeContextMap.get(certificate.getSessionId());
|
||||||
if (privilegeContext == null) {
|
if (privilegeContext == null) {
|
||||||
String msg = MessageFormat.format("There is no session information for {0}", certificate); //$NON-NLS-1$
|
String msg = format("There is no session information for {0}", certificate); //$NON-NLS-1$
|
||||||
throw new NotAuthenticatedException(msg);
|
throw new NotAuthenticatedException(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1860,7 +1852,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
Certificate sessionCertificate = privilegeContext.getCertificate();
|
Certificate sessionCertificate = privilegeContext.getCertificate();
|
||||||
if (!sessionCertificate.equals(certificate)) {
|
if (!sessionCertificate.equals(certificate)) {
|
||||||
String msg = "Received illegal certificate for session id {0}"; //$NON-NLS-1$
|
String msg = "Received illegal certificate for session id {0}"; //$NON-NLS-1$
|
||||||
msg = MessageFormat.format(msg, certificate.getSessionId());
|
msg = format(msg, certificate.getSessionId());
|
||||||
throw new PrivilegeException(msg);
|
throw new PrivilegeException(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1989,7 +1981,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
logger.info("Enabling automatic persistence when user changes their data."); //$NON-NLS-1$
|
logger.info("Enabling automatic persistence when user changes their data."); //$NON-NLS-1$
|
||||||
} else {
|
} else {
|
||||||
String msg = "Parameter {0} has illegal value {1}. Overriding with {2}"; //$NON-NLS-1$
|
String msg = "Parameter {0} has illegal value {1}. Overriding with {2}"; //$NON-NLS-1$
|
||||||
msg = MessageFormat.format(msg, PARAM_AUTO_PERSIST_ON_USER_CHANGES_DATA, autoPersistS, Boolean.FALSE);
|
msg = format(msg, PARAM_AUTO_PERSIST_ON_USER_CHANGES_DATA, autoPersistS, Boolean.FALSE);
|
||||||
logger.error(msg);
|
logger.error(msg);
|
||||||
this.autoPersistOnUserChangesData = false;
|
this.autoPersistOnUserChangesData = false;
|
||||||
}
|
}
|
||||||
|
@ -2005,29 +1997,29 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
String persistSessionsPathS = parameterMap.get(PARAM_PERSIST_SESSIONS_PATH);
|
String persistSessionsPathS = parameterMap.get(PARAM_PERSIST_SESSIONS_PATH);
|
||||||
if (isEmpty(persistSessionsPathS)) {
|
if (isEmpty(persistSessionsPathS)) {
|
||||||
String msg = "Parameter {0} has illegal value {1}."; //$NON-NLS-1$
|
String msg = "Parameter {0} has illegal value {1}."; //$NON-NLS-1$
|
||||||
msg = MessageFormat.format(msg, PARAM_PERSIST_SESSIONS_PATH, persistSessionsPathS);
|
msg = format(msg, PARAM_PERSIST_SESSIONS_PATH, persistSessionsPathS);
|
||||||
throw new PrivilegeModelException(msg);
|
throw new PrivilegeModelException(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
File persistSessionsPath = new File(persistSessionsPathS);
|
File persistSessionsPath = new File(persistSessionsPathS);
|
||||||
if (!persistSessionsPath.getParentFile().isDirectory()) {
|
if (!persistSessionsPath.getParentFile().isDirectory()) {
|
||||||
String msg = "Path for param {0} is invalid as parent does not exist or is not a directory. Value: {1}"; //$NON-NLS-1$
|
String msg = "Path for param {0} is invalid as parent does not exist or is not a directory. Value: {1}"; //$NON-NLS-1$
|
||||||
msg = MessageFormat.format(msg, PARAM_PERSIST_SESSIONS_PATH, persistSessionsPath.getAbsolutePath());
|
msg = format(msg, PARAM_PERSIST_SESSIONS_PATH, persistSessionsPath.getAbsolutePath());
|
||||||
throw new PrivilegeModelException(msg);
|
throw new PrivilegeModelException(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (persistSessionsPath.exists() && (!persistSessionsPath.isFile() || !persistSessionsPath.canWrite())) {
|
if (persistSessionsPath.exists() && (!persistSessionsPath.isFile() || !persistSessionsPath.canWrite())) {
|
||||||
String msg = "Path for param {0} is invalid as file exists but is not a file or not writeable. Value: {1}"; //$NON-NLS-1$
|
String msg = "Path for param {0} is invalid as file exists but is not a file or not writeable. Value: {1}"; //$NON-NLS-1$
|
||||||
msg = MessageFormat.format(msg, PARAM_PERSIST_SESSIONS_PATH, persistSessionsPath.getAbsolutePath());
|
msg = format(msg, PARAM_PERSIST_SESSIONS_PATH, persistSessionsPath.getAbsolutePath());
|
||||||
throw new PrivilegeModelException(msg);
|
throw new PrivilegeModelException(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
this.persistSessionsPath = persistSessionsPath;
|
this.persistSessionsPath = persistSessionsPath;
|
||||||
logger.info(MessageFormat.format("Enabling persistence of sessions to {0}", //$NON-NLS-1$
|
logger.info(format("Enabling persistence of sessions to {0}", //$NON-NLS-1$
|
||||||
this.persistSessionsPath.getAbsolutePath()));
|
this.persistSessionsPath.getAbsolutePath()));
|
||||||
} else {
|
} else {
|
||||||
String msg = "Parameter {0} has illegal value {1}. Overriding with {2}"; //$NON-NLS-1$
|
String msg = "Parameter {0} has illegal value {1}. Overriding with {2}"; //$NON-NLS-1$
|
||||||
msg = MessageFormat.format(msg, PARAM_PERSIST_SESSIONS, persistSessionsS, Boolean.FALSE);
|
msg = format(msg, PARAM_PERSIST_SESSIONS, persistSessionsS, Boolean.FALSE);
|
||||||
logger.error(msg);
|
logger.error(msg);
|
||||||
this.persistSessions = false;
|
this.persistSessions = false;
|
||||||
}
|
}
|
||||||
|
@ -2038,14 +2030,14 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
if (privilegeConflictResolutionS == null) {
|
if (privilegeConflictResolutionS == null) {
|
||||||
this.privilegeConflictResolution = PrivilegeConflictResolution.STRICT;
|
this.privilegeConflictResolution = PrivilegeConflictResolution.STRICT;
|
||||||
String msg = "No {0} parameter defined. Using {1}";
|
String msg = "No {0} parameter defined. Using {1}";
|
||||||
msg = MessageFormat.format(msg, PARAM_PRIVILEGE_CONFLICT_RESOLUTION, this.privilegeConflictResolution);
|
msg = format(msg, PARAM_PRIVILEGE_CONFLICT_RESOLUTION, this.privilegeConflictResolution);
|
||||||
logger.info(msg);
|
logger.info(msg);
|
||||||
} else {
|
} else {
|
||||||
try {
|
try {
|
||||||
this.privilegeConflictResolution = PrivilegeConflictResolution.valueOf(privilegeConflictResolutionS);
|
this.privilegeConflictResolution = PrivilegeConflictResolution.valueOf(privilegeConflictResolutionS);
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
String msg = "Parameter {0} has illegal value {1}."; //$NON-NLS-1$
|
String msg = "Parameter {0} has illegal value {1}."; //$NON-NLS-1$
|
||||||
msg = MessageFormat.format(msg, PARAM_PRIVILEGE_CONFLICT_RESOLUTION, privilegeConflictResolutionS);
|
msg = format(msg, PARAM_PRIVILEGE_CONFLICT_RESOLUTION, privilegeConflictResolutionS);
|
||||||
throw new PrivilegeModelException(msg);
|
throw new PrivilegeModelException(msg);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -2057,14 +2049,14 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
String secretKeyS = parameterMap.get(PARAM_SECRET_KEY);
|
String secretKeyS = parameterMap.get(PARAM_SECRET_KEY);
|
||||||
if (isEmpty(secretKeyS)) {
|
if (isEmpty(secretKeyS)) {
|
||||||
String msg = "Parameter {0} may not be empty"; //$NON-NLS-1$
|
String msg = "Parameter {0} may not be empty"; //$NON-NLS-1$
|
||||||
msg = MessageFormat.format(msg, PARAM_SECRET_KEY, PARAM_PRIVILEGE_CONFLICT_RESOLUTION);
|
msg = format(msg, PARAM_SECRET_KEY, PARAM_PRIVILEGE_CONFLICT_RESOLUTION);
|
||||||
throw new PrivilegeModelException(msg);
|
throw new PrivilegeModelException(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
String secretSaltS = parameterMap.get(PARAM_SECRET_SALT);
|
String secretSaltS = parameterMap.get(PARAM_SECRET_SALT);
|
||||||
if (isEmpty(secretSaltS)) {
|
if (isEmpty(secretSaltS)) {
|
||||||
String msg = "Parameter {0} may not be empty"; //$NON-NLS-1$
|
String msg = "Parameter {0} may not be empty"; //$NON-NLS-1$
|
||||||
msg = MessageFormat.format(msg, PARAM_SECRET_SALT, PARAM_PRIVILEGE_CONFLICT_RESOLUTION);
|
msg = format(msg, PARAM_SECRET_SALT, PARAM_PRIVILEGE_CONFLICT_RESOLUTION);
|
||||||
throw new PrivilegeModelException(msg);
|
throw new PrivilegeModelException(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2144,7 +2136,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
privilegeNames.put(privilegeName, roleName);
|
privilegeNames.put(privilegeName, roleName);
|
||||||
} else if (!roleOrigin.equals(roleName)) {
|
} else if (!roleOrigin.equals(roleName)) {
|
||||||
String msg = "User {0} has conflicts for privilege {1} on roles {2} and {3}";
|
String msg = "User {0} has conflicts for privilege {1} on roles {2} and {3}";
|
||||||
msg = MessageFormat.format(msg, user.getUsername(), privilegeName, roleOrigin, roleName);
|
msg = format(msg, user.getUsername(), privilegeName, roleOrigin, roleName);
|
||||||
conflicts.add(msg);
|
conflicts.add(msg);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -2165,7 +2157,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
String policy = privilege.getPolicy();
|
String policy = privilege.getPolicy();
|
||||||
if (policy != null && !this.policyMap.containsKey(policy)) {
|
if (policy != null && !this.policyMap.containsKey(policy)) {
|
||||||
String msg = "Policy {0} for Privilege {1} does not exist on role {2}"; //$NON-NLS-1$
|
String msg = "Policy {0} for Privilege {1} does not exist on role {2}"; //$NON-NLS-1$
|
||||||
msg = MessageFormat.format(msg, policy, privilege.getName(), role);
|
msg = format(msg, policy, privilege.getName(), role);
|
||||||
throw new PrivilegeModelException(msg);
|
throw new PrivilegeModelException(msg);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -2257,30 +2249,28 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
|
|
||||||
// no user means no authentication
|
// no user means no authentication
|
||||||
if (user == null) {
|
if (user == null) {
|
||||||
String msg = MessageFormat
|
String msg = format("The system user with username {0} does not exist!", systemUsername); //$NON-NLS-1$
|
||||||
.format("The system user with username {0} does not exist!", systemUsername); //$NON-NLS-1$
|
|
||||||
throw new AccessDeniedException(msg);
|
throw new AccessDeniedException(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
// validate password
|
// validate password
|
||||||
byte[] pwHash = user.getPassword();
|
byte[] pwHash = user.getPassword();
|
||||||
if (pwHash != null) {
|
if (pwHash != null) {
|
||||||
String msg = MessageFormat
|
String msg = format("System users must not have a password: {0}", user.getUsername()); //$NON-NLS-1$
|
||||||
.format("System users must not have a password: {0}", user.getUsername()); //$NON-NLS-1$
|
|
||||||
throw new AccessDeniedException(msg);
|
throw new AccessDeniedException(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
// validate user state is system
|
// validate user state is system
|
||||||
if (user.getUserState() != UserState.SYSTEM) {
|
if (user.getUserState() != UserState.SYSTEM) {
|
||||||
String msg = "The system {0} user does not have expected user state {1}"; //$NON-NLS-1$
|
String msg = "The system {0} user does not have expected user state {1}"; //$NON-NLS-1$
|
||||||
msg = MessageFormat.format(msg, user.getUsername(), UserState.SYSTEM);
|
msg = format(msg, user.getUsername(), UserState.SYSTEM);
|
||||||
throw new PrivilegeException(msg);
|
throw new PrivilegeException(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
// validate user has at least one role
|
// validate user has at least one role
|
||||||
if (user.getRoles().isEmpty()) {
|
if (user.getRoles().isEmpty()) {
|
||||||
String msg = MessageFormat
|
String msg = format("The system user {0} does not have any roles defined!",
|
||||||
.format("The system user {0} does not have any roles defined!", user.getUsername()); //$NON-NLS-1$
|
user.getUsername()); //$NON-NLS-1$
|
||||||
throw new PrivilegeException(msg);
|
throw new PrivilegeException(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2300,7 +2290,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
// log
|
// log
|
||||||
if (logger.isDebugEnabled()) {
|
if (logger.isDebugEnabled()) {
|
||||||
String msg = "The system user ''{0}'' is logged in with session {1}"; //$NON-NLS-1$
|
String msg = "The system user ''{0}'' is logged in with session {1}"; //$NON-NLS-1$
|
||||||
msg = MessageFormat.format(msg, user.getUsername(), systemUserCertificate.getSessionId());
|
msg = format(msg, user.getUsername(), systemUserCertificate.getSessionId());
|
||||||
logger.info(msg);
|
logger.info(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2337,7 +2327,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||||
policy = policyClazz.getConstructor().newInstance();
|
policy = policyClazz.getConstructor().newInstance();
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
String msg = "The class for the policy with the name {0} does not exist!{1}"; //$NON-NLS-1$
|
String msg = "The class for the policy with the name {0} does not exist!{1}"; //$NON-NLS-1$
|
||||||
msg = MessageFormat.format(msg, policyName, policyName);
|
msg = format(msg, policyName, policyName);
|
||||||
throw new PrivilegeModelException(msg, e);
|
throw new PrivilegeModelException(msg, e);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -15,12 +15,12 @@
|
||||||
*/
|
*/
|
||||||
package li.strolch.privilege.handler;
|
package li.strolch.privilege.handler;
|
||||||
|
|
||||||
|
import static java.text.MessageFormat.format;
|
||||||
import static li.strolch.privilege.handler.PrivilegeHandler.PARAM_CASE_INSENSITIVE_USERNAME;
|
import static li.strolch.privilege.handler.PrivilegeHandler.PARAM_CASE_INSENSITIVE_USERNAME;
|
||||||
import static li.strolch.privilege.helper.XmlConstants.*;
|
import static li.strolch.privilege.helper.XmlConstants.*;
|
||||||
import static li.strolch.utils.helper.StringHelper.formatNanoDuration;
|
import static li.strolch.utils.helper.StringHelper.formatNanoDuration;
|
||||||
|
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
import java.text.MessageFormat;
|
|
||||||
import java.util.*;
|
import java.util.*;
|
||||||
|
|
||||||
import li.strolch.privilege.base.PrivilegeException;
|
import li.strolch.privilege.base.PrivilegeException;
|
||||||
|
@ -106,7 +106,7 @@ public class XmlPersistenceHandler implements PersistenceHandler {
|
||||||
public void addUser(User user) {
|
public void addUser(User user) {
|
||||||
String username = this.caseInsensitiveUsername ? user.getUsername().toLowerCase() : user.getUsername();
|
String username = this.caseInsensitiveUsername ? user.getUsername().toLowerCase() : user.getUsername();
|
||||||
if (this.userMap.containsKey(username))
|
if (this.userMap.containsKey(username))
|
||||||
throw new IllegalStateException(MessageFormat.format("The user {0} already exists!", user.getUsername()));
|
throw new IllegalStateException(format("The user {0} already exists!", user.getUsername()));
|
||||||
this.userMap.put(username, user);
|
this.userMap.put(username, user);
|
||||||
this.userMapDirty = true;
|
this.userMapDirty = true;
|
||||||
}
|
}
|
||||||
|
@ -116,7 +116,7 @@ public class XmlPersistenceHandler implements PersistenceHandler {
|
||||||
String username = this.caseInsensitiveUsername ? user.getUsername().toLowerCase() : user.getUsername();
|
String username = this.caseInsensitiveUsername ? user.getUsername().toLowerCase() : user.getUsername();
|
||||||
if (!this.userMap.containsKey(username))
|
if (!this.userMap.containsKey(username))
|
||||||
throw new IllegalStateException(
|
throw new IllegalStateException(
|
||||||
MessageFormat.format("The user {0} can not be replaced as it does not exist!", user.getUsername()));
|
format("The user {0} can not be replaced as it does not exist!", user.getUsername()));
|
||||||
this.userMap.put(username, user);
|
this.userMap.put(username, user);
|
||||||
this.userMapDirty = true;
|
this.userMapDirty = true;
|
||||||
}
|
}
|
||||||
|
@ -124,7 +124,7 @@ public class XmlPersistenceHandler implements PersistenceHandler {
|
||||||
@Override
|
@Override
|
||||||
public void addRole(Role role) {
|
public void addRole(Role role) {
|
||||||
if (this.roleMap.containsKey(role.getName()))
|
if (this.roleMap.containsKey(role.getName()))
|
||||||
throw new IllegalStateException(MessageFormat.format("The role {0} already exists!", role.getName()));
|
throw new IllegalStateException(format("The role {0} already exists!", role.getName()));
|
||||||
this.roleMap.put(role.getName(), role);
|
this.roleMap.put(role.getName(), role);
|
||||||
this.roleMapDirty = true;
|
this.roleMapDirty = true;
|
||||||
}
|
}
|
||||||
|
@ -133,7 +133,7 @@ public class XmlPersistenceHandler implements PersistenceHandler {
|
||||||
public void replaceRole(Role role) {
|
public void replaceRole(Role role) {
|
||||||
if (!this.roleMap.containsKey(role.getName()))
|
if (!this.roleMap.containsKey(role.getName()))
|
||||||
throw new IllegalStateException(
|
throw new IllegalStateException(
|
||||||
MessageFormat.format("The role {0} can not be replaced as it does not exist!", role.getName()));
|
format("The role {0} can not be replaced as it does not exist!", role.getName()));
|
||||||
this.roleMap.put(role.getName(), role);
|
this.roleMap.put(role.getName(), role);
|
||||||
this.roleMapDirty = true;
|
this.roleMapDirty = true;
|
||||||
}
|
}
|
||||||
|
@ -155,8 +155,7 @@ public class XmlPersistenceHandler implements PersistenceHandler {
|
||||||
File basePathF = new File(basePath);
|
File basePathF = new File(basePath);
|
||||||
if (!basePathF.exists() && !basePathF.isDirectory()) {
|
if (!basePathF.exists() && !basePathF.isDirectory()) {
|
||||||
String msg = "[{0}] Defined parameter {1} does not point to a valid path at {2}"; //$NON-NLS-1$
|
String msg = "[{0}] Defined parameter {1} does not point to a valid path at {2}"; //$NON-NLS-1$
|
||||||
msg = MessageFormat
|
msg = format(msg, PersistenceHandler.class.getName(), XML_PARAM_BASE_PATH, basePathF.getAbsolutePath());
|
||||||
.format(msg, PersistenceHandler.class.getName(), XML_PARAM_BASE_PATH, basePathF.getAbsolutePath());
|
|
||||||
throw new PrivilegeException(msg);
|
throw new PrivilegeException(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -164,7 +163,7 @@ public class XmlPersistenceHandler implements PersistenceHandler {
|
||||||
String usersFileName = this.parameterMap.get(XML_PARAM_USERS_FILE);
|
String usersFileName = this.parameterMap.get(XML_PARAM_USERS_FILE);
|
||||||
if (StringHelper.isEmpty(usersFileName)) {
|
if (StringHelper.isEmpty(usersFileName)) {
|
||||||
String msg = "[{0}] Defined parameter {1} is not valid as it is empty!"; //$NON-NLS-1$
|
String msg = "[{0}] Defined parameter {1} is not valid as it is empty!"; //$NON-NLS-1$
|
||||||
msg = MessageFormat.format(msg, PersistenceHandler.class.getName(), XML_PARAM_USERS_FILE);
|
msg = format(msg, PersistenceHandler.class.getName(), XML_PARAM_USERS_FILE);
|
||||||
throw new PrivilegeException(msg);
|
throw new PrivilegeException(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -172,7 +171,7 @@ public class XmlPersistenceHandler implements PersistenceHandler {
|
||||||
String rolesFileName = this.parameterMap.get(XML_PARAM_ROLES_FILE);
|
String rolesFileName = this.parameterMap.get(XML_PARAM_ROLES_FILE);
|
||||||
if (StringHelper.isEmpty(rolesFileName)) {
|
if (StringHelper.isEmpty(rolesFileName)) {
|
||||||
String msg = "[{0}] Defined parameter {1} is not valid as it is empty!"; //$NON-NLS-1$
|
String msg = "[{0}] Defined parameter {1} is not valid as it is empty!"; //$NON-NLS-1$
|
||||||
msg = MessageFormat.format(msg, PersistenceHandler.class.getName(), XML_PARAM_ROLES_FILE);
|
msg = format(msg, PersistenceHandler.class.getName(), XML_PARAM_ROLES_FILE);
|
||||||
throw new PrivilegeException(msg);
|
throw new PrivilegeException(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -181,8 +180,7 @@ public class XmlPersistenceHandler implements PersistenceHandler {
|
||||||
File usersPath = new File(usersPathS);
|
File usersPath = new File(usersPathS);
|
||||||
if (!usersPath.exists()) {
|
if (!usersPath.exists()) {
|
||||||
String msg = "[{0}] Defined parameter {1} is invalid as users file does not exist at path {2}"; //$NON-NLS-1$
|
String msg = "[{0}] Defined parameter {1} is invalid as users file does not exist at path {2}"; //$NON-NLS-1$
|
||||||
msg = MessageFormat
|
msg = format(msg, PersistenceHandler.class.getName(), XML_PARAM_USERS_FILE, usersPath.getAbsolutePath());
|
||||||
.format(msg, PersistenceHandler.class.getName(), XML_PARAM_USERS_FILE, usersPath.getAbsolutePath());
|
|
||||||
throw new PrivilegeException(msg);
|
throw new PrivilegeException(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -191,8 +189,7 @@ public class XmlPersistenceHandler implements PersistenceHandler {
|
||||||
File rolesPath = new File(rolesPathS);
|
File rolesPath = new File(rolesPathS);
|
||||||
if (!rolesPath.exists()) {
|
if (!rolesPath.exists()) {
|
||||||
String msg = "[{0}] Defined parameter {1} is invalid as roles file does not exist at path {2}"; //$NON-NLS-1$
|
String msg = "[{0}] Defined parameter {1} is invalid as roles file does not exist at path {2}"; //$NON-NLS-1$
|
||||||
msg = MessageFormat
|
msg = format(msg, PersistenceHandler.class.getName(), XML_PARAM_ROLES_FILE, rolesPath.getAbsolutePath());
|
||||||
.format(msg, PersistenceHandler.class.getName(), XML_PARAM_ROLES_FILE, rolesPath.getAbsolutePath());
|
|
||||||
throw new PrivilegeException(msg);
|
throw new PrivilegeException(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -241,8 +238,8 @@ public class XmlPersistenceHandler implements PersistenceHandler {
|
||||||
this.userMapDirty = false;
|
this.userMapDirty = false;
|
||||||
this.roleMapDirty = false;
|
this.roleMapDirty = false;
|
||||||
|
|
||||||
logger.info(MessageFormat.format("Read {0} Users", this.userMap.size())); //$NON-NLS-1$
|
logger.info(format("Read {0} Users", this.userMap.size())); //$NON-NLS-1$
|
||||||
logger.info(MessageFormat.format("Read {0} Roles", this.roleMap.size())); //$NON-NLS-1$
|
logger.info(format("Read {0} Roles", this.roleMap.size())); //$NON-NLS-1$
|
||||||
|
|
||||||
// validate referenced roles exist
|
// validate referenced roles exist
|
||||||
for (User user : users) {
|
for (User user : users) {
|
||||||
|
@ -250,9 +247,8 @@ public class XmlPersistenceHandler implements PersistenceHandler {
|
||||||
|
|
||||||
// validate that role exists
|
// validate that role exists
|
||||||
if (getRole(roleName) == null) {
|
if (getRole(roleName) == null) {
|
||||||
String msg = "Role {0} does not exist referenced by user {1}";
|
logger.error(
|
||||||
msg = MessageFormat.format(msg, roleName, user.getUsername());
|
format("Role {0} does not exist referenced by user {1}", roleName, user.getUsername()));
|
||||||
throw new PrivilegeException(msg);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -272,7 +268,7 @@ public class XmlPersistenceHandler implements PersistenceHandler {
|
||||||
String usersFileName = this.parameterMap.get(XML_PARAM_USERS_FILE);
|
String usersFileName = this.parameterMap.get(XML_PARAM_USERS_FILE);
|
||||||
if (usersFileName == null || usersFileName.isEmpty()) {
|
if (usersFileName == null || usersFileName.isEmpty()) {
|
||||||
String msg = "[{0}] Defined parameter {1} is invalid"; //$NON-NLS-1$
|
String msg = "[{0}] Defined parameter {1} is invalid"; //$NON-NLS-1$
|
||||||
msg = MessageFormat.format(msg, PersistenceHandler.class.getName(), XML_PARAM_USERS_FILE);
|
msg = format(msg, PersistenceHandler.class.getName(), XML_PARAM_USERS_FILE);
|
||||||
throw new PrivilegeException(msg);
|
throw new PrivilegeException(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -280,7 +276,7 @@ public class XmlPersistenceHandler implements PersistenceHandler {
|
||||||
String rolesFileName = this.parameterMap.get(XML_PARAM_ROLES_FILE);
|
String rolesFileName = this.parameterMap.get(XML_PARAM_ROLES_FILE);
|
||||||
if (rolesFileName == null || rolesFileName.isEmpty()) {
|
if (rolesFileName == null || rolesFileName.isEmpty()) {
|
||||||
String msg = "[{0}] Defined parameter {1} is invalid"; //$NON-NLS-1$
|
String msg = "[{0}] Defined parameter {1} is invalid"; //$NON-NLS-1$
|
||||||
msg = MessageFormat.format(msg, PersistenceHandler.class.getName(), XML_PARAM_ROLES_FILE);
|
msg = format(msg, PersistenceHandler.class.getName(), XML_PARAM_ROLES_FILE);
|
||||||
throw new PrivilegeException(msg);
|
throw new PrivilegeException(msg);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue