Strolch
/
strolch
mirror of https://github.com/strolch-li/strolch.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[New] added a new PrivilegeHandler.queryUser(UserRep) to query users 

- The querying is done by passing a UserRep with all the fields set
which
need to be equal to select the user. Null fields are understood as not
required

- Performed further clean up in that all password variables have been
changed to type byte[].

- Cleaned up copyright notices in files

- fixed version of Privilege 0.1.0-SNAPSHOT in pom.xml
This commit is contained in:
Robert von Burg 2012-07-29 18:23:31 +02:00
parent f471be1ea7
commit b78e9bb064
34 changed files with 346 additions and 398 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
MANIFEST.MF
View File

@ -1,7 +0,0 @@
Manifest-Version: 1.0
Implementation-Vendor: eitchnet.ch
Implementation-Title: eitchnet Java Privilege implementation
Implementation-Version: 0.0.3
Specification-Vendor: eitchnet.ch
Specification-Title: eitchnet Java Privilege implementation
Specification-Version: 0.1

20
README
View File

@ -17,7 +17,7 @@ a LDAP repository with only the Privilege JAR.
Privilege is distributed under the GNU Lesser General Public License on
Github.com and can be downloaded at
https://github.com/eitch/Privilege
https://github.com/eitch/ch.eitchnet.privilege
The main developer is Robert von Burg <eitch@eitchnet.ch> who also maintains the
Github repository. He is available for all questions regarding Privilege
@ -72,20 +72,10 @@ directory of the Repository
Compiling
################################
Since Privilege is a Java library, it is built using Apache Ant. The build.xml
file is configured to build Privilege directly from the root directory by simply
calling ant at the command line:
Privilege is a Maven3 project and can be built by simply performing the
following command:
$ ant
Buildfile: /data/src/apixxo_WS/Privilege/build.xml
dist:
[mkdir] Created dir: /data/src/apixxo_WS/Privilege/dist
[copy] Copying 28 files to /data/src/apixxo_WS/Privilege/bin
[jar] Building jar: /data/src/apixxo_WS/Privilege/dist/Privilege.jar
BUILD SUCCESSFUL
Total time: 0 seconds
$ mvn compile
Using
################################
@ -96,7 +86,7 @@ which contains a few test cases including showing how to load Privilege.
This documentation is still in need of more work, but for any questions please
don't hesitate to write an e-mail to the developer and we'll find a solution.
Switzerland, the 7. August 2011
Switzerland, the 29. July 2012
Robert von Burg

77
build.xml
View File

@ -1,77 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright (c) 2010, 2011
Robert von Burg <eitch@eitchnet.ch>
This file is part of Privilege.
Privilege is free software: you can redistribute it and/or modify
it under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
Privilege is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
along with Privilege. If not, see <http://www.gnu.org/licenses/>.
-->
<project name="Build Jar" default="dist">
<!-- define export names -->
<property name="projectName" value="Privilege" />
<property name="jar" value="${projectName}.jar" />
<!-- define locations -->
<property name="buildFolder" location="${basedir}/bin" />
<property name="distFolder" location="${basedir}/dist" />
<property name="distJar" location="${distFolder}/${jar}" />
<!-- define class path with eclipse plugins -->
<path id="project.class.path">
<pathelement path="${java.class.path}" />
<fileset dir="${basedir}/lib" includes="*.jar" />
</path>
<target name="dist" description="generate the distribution">
<!-- create dist directory if it does not exist -->
<mkdir dir="${distFolder}" />
<!-- compile classes -->
<javac srcdir="${basedir}/src" destdir="${buildFolder}" classpathref="project.class.path" debug="yes" source="1.6" target="1.6" />
<!-- copy resources -->
<copy todir="${buildFolder}">
<fileset dir="${basedir}/src" defaultexcludes="true" />
<!--fileset dir="${basedir}/i18n" defaultexcludes="true" /-->
</copy>
<!-- create the jar -->
<jar jarfile="${distJar}" basedir="${buildFolder}" manifest="${basedir}/MANIFEST.MF">
<fileset dir="${basedir}" defaultexcludes="true" includes="docs/" />
<fileset dir="${basedir}" defaultexcludes="true" includes="config/" />
<fileset dir="${basedir}" defaultexcludes="true" includes="COPYING*" />
<fileset dir="${basedir}" defaultexcludes="true" includes="README" />
</jar>
</target>
<target name="clean" description="generate the distribution">
<!-- clean up old data -->
<delete includeemptydirs="true" verbose="true">
<fileset dir="${distFolder}" includes="**/*" />
<fileset dir="${buildFolder}" includes="**/*" />
</delete>
</target>
</project>

17
pom.xml
View File

@ -4,7 +4,7 @@
<groupId>ch.eitchnet</groupId>
<artifactId>ch.eitchnet.privilege</artifactId>
<packaging>jar</packaging>
<version>1.0-SNAPSHOT</version>
<version>0.1.0-SNAPSHOT</version>
<name>ch.eitchnet.privilege</name>
<url>https://github.com/eitch/ch.eitchnet.privilege</url>
@ -156,6 +156,21 @@
<target>1.6</target>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-source-plugin</artifactId>
<version>2.1.2</version>
<executions>
<execution>
<id>attach-sources</id>
<phase>verify</phase>
<goals>
<goal>jar-no-fork</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>

24
src/main/java/ch/eitchnet/privilege/handler/DefaultEncryptionHandler.java
View File

@ -1,11 +1,6 @@
/*
* Copyright (c) 2010, 2011
* Copyright (c) 2010 - 2012
*
* Robert von Burg <eitch@eitchnet.ch>
*
*/
/*
* This file is part of Privilege.
*
* Privilege is free software: you can redistribute it and/or modify
@ -22,7 +17,6 @@
* along with Privilege. If not, see <http://www.gnu.org/licenses/>.
*
*/
package ch.eitchnet.privilege.handler;
import java.io.UnsupportedEncodingException;
@ -84,6 +78,22 @@ public class DefaultEncryptionHandler implements EncryptionHandler {
}
}
/**
* @see ch.eitchnet.privilege.handler.EncryptionHandler#convertToHash(java.lang.String)
*/
@Override
public String convertToHash(byte[] bytes) {
try {
return HashHelper.stringToHash(this.hashAlgorithm, bytes);
} catch (NoSuchAlgorithmException e) {
throw new PrivilegeException("Algorithm " + this.hashAlgorithm + " was not found!", e);
} catch (UnsupportedEncodingException e) {
throw new PrivilegeException("Charset ASCII is not supported!", e);
}
}
/**
* @see ch.eitchnet.privilege.handler.EncryptionHandler#nextToken()
*/

280
src/main/java/ch/eitchnet/privilege/handler/DefaultPrivilegeHandler.java
View File

@ -1,11 +1,6 @@
/*
* Copyright (c) 2010, 2011
* Copyright (c) 2010 - 2012
*
* Robert von Burg <eitch@eitchnet.ch>
*
*/
/*
* This file is part of Privilege.
*
* Privilege is free software: you can redistribute it and/or modify
@ -22,12 +17,13 @@
* along with Privilege. If not, see <http://www.gnu.org/licenses/>.
*
*/
package ch.eitchnet.privilege.handler;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
@ -112,7 +108,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
public RoleRep getRole(String roleName) {
Role role = this.persistenceHandler.getRole(roleName);
if (role == null)
throw new PrivilegeException("Role " + roleName + " does not exist!");
return null;
return role.asRoleRep();
}
@ -123,7 +119,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
public UserRep getUser(String username) {
User user = this.persistenceHandler.getUser(username);
if (user == null)
throw new PrivilegeException("User " + username + " does not exist!");
return null;
return user.asUserRep();
}
@ -162,6 +158,135 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
return policy;
}
/**
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#queryUsers(ch.eitchnet.privilege.model.UserRep)
*/
@Override
public List<UserRep> queryUsers(UserRep selectorRep) {
String selUserId = selectorRep.getUserId();
String selUsername = selectorRep.getUsername();
String selFirstname = selectorRep.getFirstname();
String selSurname = selectorRep.getSurname();
UserState selUserState = selectorRep.getUserState();
Locale selLocale = selectorRep.getLocale();
Set<String> selRoles = selectorRep.getRoles();
Map<String, String> selPropertyMap = selectorRep.getProperties();
List<UserRep> result = new ArrayList<UserRep>();
List<User> allUsers = this.persistenceHandler.getAllUsers();
for (User user : allUsers) {
// selections
boolean userIdSelected;
boolean usernameSelected;
boolean firstnameSelected;
boolean surnameSelected;
boolean userStateSelected;
boolean localeSelected;
boolean roleSelected;
boolean propertySelected;
// userId
if (selUserId == null)
userIdSelected = true;
else if (selUserId.equals(user.getUserId()))
userIdSelected = true;
else
userIdSelected = false;
// username
if (selUsername == null)
usernameSelected = true;
else if (selUsername.equals(user.getUsername()))
usernameSelected = true;
else
usernameSelected = false;
// firstname
if (selFirstname == null)
firstnameSelected = true;
else if (selFirstname.equals(user.getFirstname()))
firstnameSelected = true;
else
firstnameSelected = false;
// surname
if (selSurname == null)
surnameSelected = true;
else if (selSurname.equals(user.getSurname()))
surnameSelected = true;
else
surnameSelected = false;
// user state
if (selUserState == null)
userStateSelected = true;
else if (selUserState.equals(user.getUserState()))
userStateSelected = true;
else
userStateSelected = false;
// locale
if (selLocale == null)
localeSelected = true;
else if (selLocale.equals(user.getLocale()))
localeSelected = true;
else
localeSelected = false;
// roles
roleSelected = isSelectedByRole(selRoles, user.getRoles());
// properties
propertySelected = isSelectedByProperty(selPropertyMap, user.getProperties());
boolean selected = userIdSelected && usernameSelected && firstnameSelected && surnameSelected
&& userStateSelected && localeSelected && roleSelected && propertySelected;
if (selected)
result.add(user.asUserRep());
}
return result;
}
/**
* @param selPropertyMap
* @param properties
* @return
*/
private boolean isSelectedByProperty(Map<String, String> selPropertyMap, Map<String, String> properties) {
if (selPropertyMap == null)
return true;
if (selPropertyMap.isEmpty() && properties.isEmpty())
return true;
for (String selKey : selPropertyMap.keySet()) {
String value = properties.get(selKey);
if (value == null || !value.equals(selPropertyMap.get(selKey)))
return false;
}
return true;
}
/**
* @param selRoles
* @param roles
* @return
*/
private boolean isSelectedByRole(Set<String> selRoles, Set<String> roles) {
if (selRoles == null)
return true;
return roles.containsAll(selRoles);
}
/**
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#addOrReplaceRole(ch.eitchnet.privilege.model.Certificate,
* ch.eitchnet.privilege.model.RoleRep)
@ -187,29 +312,34 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
* ch.eitchnet.privilege.model.UserRep, java.lang.String)
*/
@Override
public void addOrReplaceUser(Certificate certificate, UserRep userRep, String password) {
public void addOrReplaceUser(Certificate certificate, UserRep userRep, byte[] password) {
try {
// validate who is doing this
validateIsPrivilegeAdmin(certificate);
// validate who is doing this
validateIsPrivilegeAdmin(certificate);
String passwordHash = null;
if (password != null) {
String passwordHash = null;
if (password != null) {
// validate password meets basic requirements
validatePassword(password);
// validate password meets basic requirements
validatePassword(password);
// hash password
passwordHash = this.encryptionHandler.convertToHash(password);
// hash password
passwordHash = this.encryptionHandler.convertToHash(password);
}
// create new user
// XXX should the collections be recreated and the getRoles() and getProperties() methods be removed?
User user = new User(userRep.getUserId(), userRep.getUsername(), passwordHash, userRep.getFirstname(),
userRep.getSurname(), userRep.getUserState(), userRep.getRoles(), userRep.getLocale(),
userRep.getProperties());
// delegate to persistence handler
this.persistenceHandler.addOrReplaceUser(user);
} finally {
clearPassword(password);
}
// create new user
// XXX should the collections be recreated and the getRoles() and getProperties() methods be removed?
User user = new User(userRep.getUserId(), userRep.getUsername(), passwordHash, userRep.getFirstname(),
userRep.getSurname(), userRep.getUserState(), userRep.getRoles(), userRep.getLocale(),
userRep.getProperties());
// delegate to persistence handler
this.persistenceHandler.addOrReplaceUser(user);
}
/**
@ -450,42 +580,47 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
* java.lang.String, java.lang.String)
*/
@Override
public void setUserPassword(Certificate certificate, String username, String password) {
public void setUserPassword(Certificate certificate, String username, byte[] password) {
try {
// check if certificate is for same user, in which case user is changing their own password
if (certificate.getUsername().equals(username)) {
// check if certificate is for same user, in which case user is changing their own password
if (certificate.getUsername().equals(username)) {
// validate the certificate
isCertificateValid(certificate);
// validate the certificate
isCertificateValid(certificate);
} else {
} else {
// otherwise validate the the certificate is for a privilege admin
validateIsPrivilegeAdmin(certificate);
// otherwise validate the the certificate is for a privilege admin
validateIsPrivilegeAdmin(certificate);
}
// get User
User user = this.persistenceHandler.getUser(username);
if (user == null) {
throw new PrivilegeException("User " + username + " does not exist!");
}
String passwordHash = null;
if (password != null) {
// validate password meets basic requirements
validatePassword(password);
// hash password
passwordHash = this.encryptionHandler.convertToHash(password);
}
// create new user
User newUser = new User(user.getUserId(), user.getUsername(), passwordHash, user.getFirstname(),
user.getSurname(), user.getUserState(), user.getRoles(), user.getLocale(), user.getProperties());
// delegate user replacement to persistence handler
this.persistenceHandler.addOrReplaceUser(newUser);
} finally {
clearPassword(password);
}
// get User
User user = this.persistenceHandler.getUser(username);
if (user == null) {
throw new PrivilegeException("User " + username + " does not exist!");
}
String passwordHash = null;
if (password != null) {
// validate password meets basic requirements
validatePassword(password);
// hash password
passwordHash = this.encryptionHandler.convertToHash(password);
}
// create new user
User newUser = new User(user.getUserId(), user.getUsername(), passwordHash, user.getFirstname(),
user.getSurname(), user.getUserState(), user.getRoles(), user.getLocale(), user.getProperties());
// delegate user replacement to persistence handler
this.persistenceHandler.addOrReplaceUser(newUser);
}
/**
@ -519,16 +654,17 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
* if the user credentials are not valid
*/
@Override
public Certificate authenticate(String username, String password) {
public Certificate authenticate(String username, byte[] password) {
// create certificate
Certificate certificate;
try {
// both username and password must at least have 3 characters in length
// username must be at least 3 characters in length
if (username == null || username.length() < 3)
throw new PrivilegeException("The given username is shorter than 3 characters");
else if (password == null || password.length() < 3)
throw new PrivilegeException("The given password is shorter than 3 characters");
// and validate the password
validatePassword(password);
// we only work with hashed passwords
String passwordHash = this.encryptionHandler.convertToHash(password);
@ -578,6 +714,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
} catch (RuntimeException e) {
logger.error("User " + username + " Failed to authenticate: " + e.getLocalizedMessage());
throw e;
} finally {
clearPassword(password);
}
// return the certificate
@ -801,11 +939,15 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#validatePassword(java.lang.String)
*/
@Override
public void validatePassword(String password) throws PrivilegeException {
public void validatePassword(byte[] password) throws PrivilegeException {
if (password == null || password.isEmpty()) {
if (password == null || password.length == 0) {
throw new PrivilegeException("A password may not be empty!");
}
if (password.length < 3) {
throw new PrivilegeException("The given password is shorter than 3 characters");
}
}
/**
@ -909,4 +1051,14 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
}
}
/**
* @param password
*/
private void clearPassword(byte[] password) {
if (password != null) {
for (int i = 0; i < password.length; i++) {
password[i] = 0;
}
}
}
}

17
src/main/java/ch/eitchnet/privilege/handler/EncryptionHandler.java
View File

@ -1,11 +1,6 @@
/*
* Copyright (c) 2010, 2011
* Copyright (c) 2010 - 2012
*
* Robert von Burg <eitch@eitchnet.ch>
*
*/
/*
* This file is part of Privilege.
*
* Privilege is free software: you can redistribute it and/or modify
@ -22,7 +17,6 @@
* along with Privilege. If not, see <http://www.gnu.org/licenses/>.
*
*/
package ch.eitchnet.privilege.handler;
import java.util.Map;
@ -51,6 +45,15 @@ public interface EncryptionHandler {
* @return the hash of the string after converting
*/
public String convertToHash(String string);
/**
* Converts a given byte array, e.g. a password to a hash which is defined by the concrete implementation
*
* @param bytes
* the bytes to convert
* @return the hash of the string after converting
*/
public String convertToHash(byte[] bytes);
/**
* Initialize the concrete {@link EncryptionHandler}. The passed parameter map contains any configuration the

8
src/main/java/ch/eitchnet/privilege/handler/PersistenceHandler.java
View File

@ -1,11 +1,6 @@
/*
* Copyright (c) 2010, 2011
* Copyright (c) 2010 - 2012
*
* Robert von Burg <eitch@eitchnet.ch>
*
*/
/*
* This file is part of Privilege.
*
* Privilege is free software: you can redistribute it and/or modify
@ -22,7 +17,6 @@
* along with Privilege. If not, see <http://www.gnu.org/licenses/>.
*
*/
package ch.eitchnet.privilege.handler;
import java.util.List;

28
src/main/java/ch/eitchnet/privilege/handler/PrivilegeHandler.java
View File

@ -1,11 +1,6 @@
/*
* Copyright (c) 2010, 2011
* Copyright (c) 2010 - 2012
*
* Robert von Burg <eitch@eitchnet.ch>
*
*/
/*
* This file is part of Privilege.
*
* Privilege is free software: you can redistribute it and/or modify
@ -22,9 +17,9 @@
* along with Privilege. If not, see <http://www.gnu.org/licenses/>.
*
*/
package ch.eitchnet.privilege.handler;
import java.util.List;
import java.util.Locale;
import ch.eitchnet.privilege.i18n.AccessDeniedException;
@ -75,6 +70,17 @@ public interface PrivilegeHandler {
*/
public RoleRep getRole(String roleName);
/**
* Method to query {@link UserRep} which meet the criteria set in the given {@link UserRep}. Null fields mean the
* fields are not relevant.
*
* @param selectorRep
* the {@link UserRep} to use as criteria selection
*
* @return a list of {@link UserRep}s which fit the given criteria
*/
public List<UserRep> queryUsers(UserRep selectorRep);
/**
* Removes the user with the given username
*
@ -171,7 +177,7 @@ public interface PrivilegeHandler {
* @throws PrivilegeException
* if there is anything wrong with this certificate
*/
public void addOrReplaceUser(Certificate certificate, UserRep userRep, String password)
public void addOrReplaceUser(Certificate certificate, UserRep userRep, byte[] password)
throws AccessDeniedException, PrivilegeException;
/**
@ -251,7 +257,7 @@ public interface PrivilegeHandler {
* @throws PrivilegeException
* if there is anything wrong with this certificate
*/
public void setUserPassword(Certificate certificate, String username, String password)
public void setUserPassword(Certificate certificate, String username, byte[] password)
throws AccessDeniedException, PrivilegeException;
/**
@ -326,7 +332,7 @@ public interface PrivilegeHandler {
* @throws AccessDeniedException
* if the user credentials are not valid
*/
public Certificate authenticate(String username, String password) throws AccessDeniedException;
public Certificate authenticate(String username, byte[] password) throws AccessDeniedException;
/**
* Invalidates the {@link Session} for the given {@link Certificate}, effectively logging out the user who was
@ -416,7 +422,7 @@ public interface PrivilegeHandler {
* @throws PrivilegeException
* if the password does not implement the requirement of the concrete implementation
*/
public void validatePassword(String password) throws PrivilegeException;
public void validatePassword(byte[] password) throws PrivilegeException;
/**
* Persists any changes to the privilege data model. Changes are thus not persisted immediately, but must be

8
src/main/java/ch/eitchnet/privilege/handler/XmlPersistenceHandler.java
View File

@ -1,11 +1,6 @@
/*
* Copyright (c) 2010, 2011
* Copyright (c) 2010 - 2012
*
* Robert von Burg <eitch@eitchnet.ch>
*
*/
/*
* This file is part of Privilege.
*
* Privilege is free software: you can redistribute it and/or modify
@ -22,7 +17,6 @@
* along with Privilege. If not, see <http://www.gnu.org/licenses/>.
*
*/
package ch.eitchnet.privilege.handler;
import java.io.File;

8
src/main/java/ch/eitchnet/privilege/helper/BootstrapConfigurationHelper.java
View File

@ -1,11 +1,6 @@
/*
* Copyright (c) 2010, 2011
* Copyright (c) 2010 - 2012
*
* Robert von Burg <eitch@eitchnet.ch>
*
*/
/*
* This file is part of Privilege.
*
* Privilege is free software: you can redistribute it and/or modify
@ -22,7 +17,6 @@
* along with Privilege. If not, see <http://www.gnu.org/licenses/>.
*
*/
package ch.eitchnet.privilege.helper;
import java.io.File;

8
src/main/java/ch/eitchnet/privilege/helper/ClassHelper.java
View File

@ -1,11 +1,6 @@
/*
* Copyright (c) 2010, 2011
* Copyright (c) 2010 - 2012
*
* Robert von Burg <eitch@eitchnet.ch>
*
*/
/*
* This file is part of Privilege.
*
* Privilege is free software: you can redistribute it and/or modify
@ -22,7 +17,6 @@
* along with Privilege. If not, see <http://www.gnu.org/licenses/>.
*
*/
package ch.eitchnet.privilege.helper;
import ch.eitchnet.privilege.i18n.PrivilegeException;

8
src/main/java/ch/eitchnet/privilege/helper/HashHelper.java
View File

@ -1,11 +1,6 @@
/*
* Copyright (c) 2010, 2011
* Copyright (c) 2010 - 2012
*
* Robert von Burg <eitch@eitchnet.ch>
*
*/
/*
* This file is part of Privilege.
*
* Privilege is free software: you can redistribute it and/or modify
@ -22,7 +17,6 @@
* along with Privilege. If not, see <http://www.gnu.org/licenses/>.
*
*/
package ch.eitchnet.privilege.helper;
import java.io.UnsupportedEncodingException;

14
src/main/java/ch/eitchnet/privilege/helper/InitializationHelper.java
View File

@ -1,11 +1,6 @@
/*
* Copyright (c) 2010, 2011
* Copyright (c) 2010 - 2012
*
* Robert von Burg <eitch@eitchnet.ch>
*
*/
/*
* This file is part of Privilege.
*
* Privilege is free software: you can redistribute it and/or modify
@ -22,7 +17,6 @@
* along with Privilege. If not, see <http://www.gnu.org/licenses/>.
*
*/
package ch.eitchnet.privilege.helper;
import java.io.File;
@ -40,6 +34,8 @@ import ch.eitchnet.privilege.handler.PersistenceHandler;
import ch.eitchnet.privilege.handler.PrivilegeHandler;
import ch.eitchnet.privilege.i18n.PrivilegeException;
import ch.eitchnet.privilege.policy.PrivilegePolicy;
import ch.eitchnet.utils.helper.StringHelper;
import ch.eitchnet.utils.helper.SystemHelper;
/**
* This class implements the initializing of the {@link PrivilegeHandler} by loading an XML file containing the
@ -163,6 +159,10 @@ public class InitializationHelper {
for (Element parameter : elements) {
String name = parameter.attributeValue(XmlConstants.XML_ATTR_NAME);
String value = parameter.attributeValue(XmlConstants.XML_ATTR_VALUE);
// replace any defined system properties
value = StringHelper.replaceSystemPropertiesIn(value);
parameterMap.put(name, value);
}

8
src/main/java/ch/eitchnet/privilege/helper/PasswordCreaterUI.java
View File

@ -1,11 +1,6 @@
/*
* Copyright (c) 2010, 2011
* Copyright (c) 2010 - 2012
*
* Robert von Burg <eitch@eitchnet.ch>
*
*/
/*
* This file is part of Privilege.
*
* Privilege is free software: you can redistribute it and/or modify
@ -22,7 +17,6 @@
* along with Privilege. If not, see <http://www.gnu.org/licenses/>.
*
*/
package ch.eitchnet.privilege.helper;
import java.awt.Dimension;

8
src/main/java/ch/eitchnet/privilege/helper/PasswordCreator.java
View File

@ -1,11 +1,6 @@
/*
* Copyright (c) 2010, 2011
* Copyright (c) 2010 - 2012
*
* Robert von Burg <eitch@eitchnet.ch>
*
*/
/*
* This file is part of Privilege.
*
* Privilege is free software: you can redistribute it and/or modify
@ -22,7 +17,6 @@
* along with Privilege. If not, see <http://www.gnu.org/licenses/>.
*
*/
package ch.eitchnet.privilege.helper;
import java.io.BufferedReader;

8
src/main/java/ch/eitchnet/privilege/helper/XmlConstants.java
View File

@ -1,11 +1,6 @@
/*
* Copyright (c) 2010, 2011
* Copyright (c) 2010 - 2012
*
* Robert von Burg <eitch@eitchnet.ch>
*
*/
/*
* This file is part of Privilege.
*
* Privilege is free software: you can redistribute it and/or modify
@ -22,7 +17,6 @@
* along with Privilege. If not, see <http://www.gnu.org/licenses/>.
*
*/
package ch.eitchnet.privilege.helper;
/**

8
src/main/java/ch/eitchnet/privilege/helper/XmlHelper.java
View File

@ -1,11 +1,6 @@
/*
* Copyright (c) 2010, 2011
* Copyright (c) 2010 - 2012
*
* Robert von Burg <eitch@eitchnet.ch>
*
*/
/*
* This file is part of Privilege.
*
* Privilege is free software: you can redistribute it and/or modify
@ -22,7 +17,6 @@
* along with Privilege. If not, see <http://www.gnu.org/licenses/>.
*
*/
package ch.eitchnet.privilege.helper;
import java.io.File;

8
src/main/java/ch/eitchnet/privilege/i18n/AccessDeniedException.java
View File

@ -1,11 +1,6 @@
/*
* Copyright (c) 2010, 2011
* Copyright (c) 2010 - 2012
*
* Robert von Burg <eitch@eitchnet.ch>
*
*/
/*
* This file is part of Privilege.
*
* Privilege is free software: you can redistribute it and/or modify
@ -22,7 +17,6 @@
* along with Privilege. If not, see <http://www.gnu.org/licenses/>.
*
*/
package ch.eitchnet.privilege.i18n;
/**

8
src/main/java/ch/eitchnet/privilege/i18n/PrivilegeException.java
View File

@ -1,11 +1,6 @@
/*
* Copyright (c) 2010, 2011
* Copyright (c) 2010 - 2012
*
* Robert von Burg <eitch@eitchnet.ch>
*
*/
/*
* This file is part of Privilege.
*
* Privilege is free software: you can redistribute it and/or modify
@ -22,7 +17,6 @@
* along with Privilege. If not, see <http://www.gnu.org/licenses/>.
*
*/
package ch.eitchnet.privilege.i18n;
/**

8
src/main/java/ch/eitchnet/privilege/model/Certificate.java
View File

@ -1,11 +1,6 @@
/*
* Copyright (c) 2010, 2011
* Copyright (c) 2010 - 2012
*
* Robert von Burg <eitch@eitchnet.ch>
*
*/
/*
* This file is part of Privilege.
*
* Privilege is free software: you can redistribute it and/or modify
@ -22,7 +17,6 @@
* along with Privilege. If not, see <http://www.gnu.org/licenses/>.
*
*/
package ch.eitchnet.privilege.model;
import java.io.Serializable;

8
src/main/java/ch/eitchnet/privilege/model/PrivilegeRep.java
View File

@ -1,11 +1,6 @@
/*
* Copyright (c) 2010, 2011
* Copyright (c) 2010 - 2012
*
* Robert von Burg <eitch@eitchnet.ch>
*
*/
/*
* This file is part of Privilege.
*
* Privilege is free software: you can redistribute it and/or modify
@ -22,7 +17,6 @@
* along with Privilege. If not, see <http://www.gnu.org/licenses/>.
*
*/
package ch.eitchnet.privilege.model;
import java.io.Serializable;

8
src/main/java/ch/eitchnet/privilege/model/Restrictable.java
View File

@ -1,11 +1,6 @@
/*
* Copyright (c) 2010, 2011
* Copyright (c) 2010 - 2012
*
* Robert von Burg <eitch@eitchnet.ch>
*
*/
/*
* This file is part of Privilege.
*
* Privilege is free software: you can redistribute it and/or modify
@ -22,7 +17,6 @@
* along with Privilege. If not, see <http://www.gnu.org/licenses/>.
*
*/
package ch.eitchnet.privilege.model;
import ch.eitchnet.privilege.model.internal.Privilege;

8
src/main/java/ch/eitchnet/privilege/model/RoleRep.java
View File

@ -1,11 +1,6 @@
/*
* Copyright (c) 2010, 2011
* Copyright (c) 2010 - 2012
*
* Robert von Burg <eitch@eitchnet.ch>
*
*/
/*
* This file is part of Privilege.
*
* Privilege is free software: you can redistribute it and/or modify
@ -22,7 +17,6 @@
* along with Privilege. If not, see <http://www.gnu.org/licenses/>.
*
*/
package ch.eitchnet.privilege.model;
import java.io.Serializable;

8
src/main/java/ch/eitchnet/privilege/model/UserRep.java
View File

@ -1,11 +1,6 @@
/*
* Copyright (c) 2010, 2011
* Copyright (c) 2010 - 2012
*
* Robert von Burg <eitch@eitchnet.ch>
*
*/
/*
* This file is part of Privilege.
*
* Privilege is free software: you can redistribute it and/or modify
@ -22,7 +17,6 @@
* along with Privilege. If not, see <http://www.gnu.org/licenses/>.
*
*/
package ch.eitchnet.privilege.model;
import java.io.Serializable;

8
src/main/java/ch/eitchnet/privilege/model/UserState.java
View File

@ -1,11 +1,6 @@
/*
* Copyright (c) 2010, 2011
* Copyright (c) 2010 - 2012
*
* Robert von Burg <eitch@eitchnet.ch>
*
*/
/*
* This file is part of Privilege.
*
* Privilege is free software: you can redistribute it and/or modify
@ -22,7 +17,6 @@
* along with Privilege. If not, see <http://www.gnu.org/licenses/>.
*
*/
package ch.eitchnet.privilege.model;
import ch.eitchnet.privilege.model.internal.User;

8
src/main/java/ch/eitchnet/privilege/model/internal/Privilege.java
View File

@ -1,11 +1,6 @@
/*
* Copyright (c) 2010, 2011
* Copyright (c) 2010 - 2012
*
* Robert von Burg <eitch@eitchnet.ch>
*
*/
/*
* This file is part of Privilege.
*
* Privilege is free software: you can redistribute it and/or modify
@ -22,7 +17,6 @@
* along with Privilege. If not, see <http://www.gnu.org/licenses/>.
*
*/
package ch.eitchnet.privilege.model.internal;
import java.util.Collections;

8
src/main/java/ch/eitchnet/privilege/model/internal/Role.java
View File

@ -1,11 +1,6 @@
/*
* Copyright (c) 2010, 2011
* Copyright (c) 2010 - 2012
*
* Robert von Burg <eitch@eitchnet.ch>
*
*/
/*
* This file is part of Privilege.
*
* Privilege is free software: you can redistribute it and/or modify
@ -22,7 +17,6 @@
* along with Privilege. If not, see <http://www.gnu.org/licenses/>.
*
*/
package ch.eitchnet.privilege.model.internal;
import java.util.Collections;

8
src/main/java/ch/eitchnet/privilege/model/internal/Session.java
View File

@ -1,11 +1,6 @@
/*
* Copyright (c) 2010, 2011
* Copyright (c) 2010 - 2012
*
* Robert von Burg <eitch@eitchnet.ch>
*
*/
/*
* This file is part of Privilege.
*
* Privilege is free software: you can redistribute it and/or modify
@ -22,7 +17,6 @@
* along with Privilege. If not, see <http://www.gnu.org/licenses/>.
*
*/
package ch.eitchnet.privilege.model.internal;
import ch.eitchnet.privilege.handler.PrivilegeHandler;

8
src/main/java/ch/eitchnet/privilege/model/internal/User.java
View File

@ -1,11 +1,6 @@
/*
* Copyright (c) 2010, 2011
* Copyright (c) 2010 - 2012
*
* Robert von Burg <eitch@eitchnet.ch>
*
*/
/*
* This file is part of Privilege.
*
* Privilege is free software: you can redistribute it and/or modify
@ -22,7 +17,6 @@
* along with Privilege. If not, see <http://www.gnu.org/licenses/>.
*
*/
package ch.eitchnet.privilege.model.internal;
import java.util.Collections;

8
src/main/java/ch/eitchnet/privilege/policy/DefaultPrivilege.java
View File

@ -1,11 +1,6 @@
/*
* Copyright (c) 2010, 2011
* Copyright (c) 2010 - 2012
*
* Robert von Burg <eitch@eitchnet.ch>
*
*/
/*
* This file is part of Privilege.
*
* Privilege is free software: you can redistribute it and/or modify
@ -22,7 +17,6 @@
* along with Privilege. If not, see <http://www.gnu.org/licenses/>.
*
*/
package ch.eitchnet.privilege.policy;
import ch.eitchnet.privilege.i18n.AccessDeniedException;

8
src/main/java/ch/eitchnet/privilege/policy/PrivilegePolicy.java
View File

@ -1,11 +1,6 @@
/*
* Copyright (c) 2010, 2011
* Copyright (c) 2010 - 2012
*
* Robert von Burg <eitch@eitchnet.ch>
*
*/
/*
* This file is part of Privilege.
*
* Privilege is free software: you can redistribute it and/or modify
@ -22,7 +17,6 @@
* along with Privilege. If not, see <http://www.gnu.org/licenses/>.
*
*/
package ch.eitchnet.privilege.policy;
import ch.eitchnet.privilege.i18n.AccessDeniedException;

68
src/test/java/ch/eitchnet/privilege/test/PrivilegeTest.java
View File

@ -1,11 +1,6 @@
/*
* Copyright (c) 2010, 2011
* Copyright (c) 2010 - 2012
*
* Robert von Burg <eitch@eitchnet.ch>
*
*/
/*
* This file is part of Privilege.
*
* Privilege is free software: you can redistribute it and/or modify
@ -22,7 +17,6 @@
* along with Privilege. If not, see <http://www.gnu.org/licenses/>.
*
*/
package ch.eitchnet.privilege.test;
import java.io.File;
@ -58,15 +52,15 @@ import ch.eitchnet.privilege.model.UserState;
public class PrivilegeTest {
private static final String ADMIN = "admin";
private static final String PASS_ADMIN = "admin";
private static final byte[] PASS_ADMIN = "admin".getBytes();
private static final String BOB = "bob";
private static final String TED = "ted";
private static final String PASS_BOB = "admin1";
private static final byte[] PASS_BOB = "admin1".getBytes();
private static final String ROLE_FEATHERLITE_USER = "FeatherliteUser";
private static final String ROLE_USER = "user";
private static final String PASS_DEF = "def";
private static final String PASS_BAD = "123";
private static final String PASS_TED = "12345";
private static final byte[] PASS_DEF = "def".getBytes();
private static final byte[] PASS_BAD = "123".getBytes();
private static final byte[] PASS_TED = "12345".getBytes();
private static final Logger logger = Logger.getLogger(PrivilegeTest.class);
@ -103,11 +97,17 @@ public class PrivilegeTest {
@Test
public void testAuthenticationOk() throws Exception {
Certificate certificate = privilegeHandler.authenticate(ADMIN, PASS_ADMIN);
Certificate certificate = privilegeHandler.authenticate(ADMIN, copyBytes(PASS_ADMIN));
org.junit.Assert.assertTrue("Certificate is null!", certificate != null);
privilegeHandler.invalidateSession(certificate);
}
private byte[] copyBytes(byte[] bytes) {
byte[] copy = new byte[bytes.length];
System.arraycopy(bytes, 0, copy, 0, bytes.length);
return copy;
}
/**
* @throws Exception
* if something goes wrong
@ -115,7 +115,7 @@ public class PrivilegeTest {
@Test(expected = AccessDeniedException.class)
public void testFailAuthenticationNOk() throws Exception {
Certificate certificate = privilegeHandler.authenticate(ADMIN, PASS_BAD);
Certificate certificate = privilegeHandler.authenticate(ADMIN, copyBytes(PASS_BAD));
org.junit.Assert.assertTrue("Certificate is null!", certificate != null);
privilegeHandler.invalidateSession(certificate);
}
@ -139,7 +139,7 @@ public class PrivilegeTest {
@Test
public void testAddUserBobAsAdmin() throws Exception {
Certificate certificate = privilegeHandler.authenticate(ADMIN, PASS_ADMIN);
Certificate certificate = privilegeHandler.authenticate(ADMIN, copyBytes(PASS_ADMIN));
// let's add a new user bob
UserRep userRep = new UserRep("1", BOB, "Bob", "Newman", UserState.NEW, new HashSet<String>(), null,
@ -148,7 +148,7 @@ public class PrivilegeTest {
logger.info("Added user " + BOB);
// set bob's password
privilegeHandler.setUserPassword(certificate, BOB, PASS_BOB);
privilegeHandler.setUserPassword(certificate, BOB, copyBytes(PASS_BOB));
logger.info("Set Bob's password");
privilegeHandler.invalidateSession(certificate);
}
@ -161,7 +161,7 @@ public class PrivilegeTest {
*/
@Test(expected = AccessDeniedException.class)
public void testFailAuthAsBob() throws Exception {
Certificate certificate = privilegeHandler.authenticate(BOB, PASS_BOB);
Certificate certificate = privilegeHandler.authenticate(BOB, copyBytes(PASS_BOB));
privilegeHandler.invalidateSession(certificate);
}
@ -171,7 +171,7 @@ public class PrivilegeTest {
*/
@Test
public void testEnableUserBob() throws Exception {
Certificate certificate = privilegeHandler.authenticate(ADMIN, PASS_ADMIN);
Certificate certificate = privilegeHandler.authenticate(ADMIN, copyBytes(PASS_ADMIN));
privilegeHandler.setUserState(certificate, BOB, UserState.ENABLED);
privilegeHandler.invalidateSession(certificate);
}
@ -185,7 +185,7 @@ public class PrivilegeTest {
@Test(expected = PrivilegeException.class)
public void testFailAuthUserBob() throws Exception {
Certificate certificate = privilegeHandler.authenticate(BOB, PASS_BOB);
Certificate certificate = privilegeHandler.authenticate(BOB, copyBytes(PASS_BOB));
org.junit.Assert.assertTrue("Certificate is null!", certificate != null);
privilegeHandler.invalidateSession(certificate);
}
@ -196,7 +196,7 @@ public class PrivilegeTest {
*/
@Test
public void testAddRole() throws Exception {
Certificate certificate = privilegeHandler.authenticate(ADMIN, PASS_ADMIN);
Certificate certificate = privilegeHandler.authenticate(ADMIN, copyBytes(PASS_ADMIN));
Map<String, PrivilegeRep> privilegeMap = new HashMap<String, PrivilegeRep>();
RoleRep roleRep = new RoleRep(ROLE_USER, privilegeMap);
@ -211,7 +211,7 @@ public class PrivilegeTest {
*/
@Test
public void testAddRoleToBob() throws Exception {
Certificate certificate = privilegeHandler.authenticate(ADMIN, PASS_ADMIN);
Certificate certificate = privilegeHandler.authenticate(ADMIN, copyBytes(PASS_ADMIN));
privilegeHandler.addRoleToUser(certificate, BOB, ROLE_USER);
privilegeHandler.invalidateSession(certificate);
}
@ -222,7 +222,7 @@ public class PrivilegeTest {
*/
@Test
public void testAuthAsBob() throws Exception {
Certificate certificate = privilegeHandler.authenticate(BOB, PASS_BOB);
Certificate certificate = privilegeHandler.authenticate(BOB, copyBytes(PASS_BOB));
privilegeHandler.invalidateSession(certificate);
}
@ -236,7 +236,7 @@ public class PrivilegeTest {
public void testFailAddUserTedAsBob() throws Exception {
// auth as Bog
Certificate certificate = privilegeHandler.authenticate(BOB, PASS_BOB);
Certificate certificate = privilegeHandler.authenticate(BOB, copyBytes(PASS_BOB));
org.junit.Assert.assertTrue("Certificate is null!", certificate != null);
// let's add a new user Ted
@ -254,7 +254,7 @@ public class PrivilegeTest {
@Test
public void testAddAdminRoleToBob() throws Exception {
Certificate certificate = privilegeHandler.authenticate(ADMIN, PASS_ADMIN);
Certificate certificate = privilegeHandler.authenticate(ADMIN, copyBytes(PASS_ADMIN));
privilegeHandler.addRoleToUser(certificate, BOB, PrivilegeHandler.PRIVILEGE_ADMIN_ROLE);
logger.info("Added " + PrivilegeHandler.PRIVILEGE_ADMIN_ROLE + " to " + ADMIN);
privilegeHandler.invalidateSession(certificate);
@ -267,7 +267,7 @@ public class PrivilegeTest {
@Test
public void testAddUserTedAsBob() throws Exception {
Certificate certificate = privilegeHandler.authenticate(BOB, PASS_BOB);
Certificate certificate = privilegeHandler.authenticate(BOB, copyBytes(PASS_BOB));
org.junit.Assert.assertTrue("Certificate is null!", certificate != null);
// let's add a new user ted
@ -288,11 +288,11 @@ public class PrivilegeTest {
@Test
public void testSetTedPwdAsBob() throws Exception {
Certificate certificate = privilegeHandler.authenticate(BOB, PASS_BOB);
Certificate certificate = privilegeHandler.authenticate(BOB, copyBytes(PASS_BOB));
org.junit.Assert.assertTrue("Certificate is null!", certificate != null);
// set ted's password to default
privilegeHandler.setUserPassword(certificate, TED, PASS_DEF);
privilegeHandler.setUserPassword(certificate, TED, copyBytes(PASS_DEF));
privilegeHandler.invalidateSession(certificate);
}
@ -303,8 +303,8 @@ public class PrivilegeTest {
*/
@Test
public void testTedChangesOwnPwd() throws Exception {
Certificate certificate = privilegeHandler.authenticate(TED, PASS_DEF);
privilegeHandler.setUserPassword(certificate, TED, PASS_TED);
Certificate certificate = privilegeHandler.authenticate(TED, copyBytes(PASS_DEF));
privilegeHandler.setUserPassword(certificate, TED, copyBytes(PASS_TED));
privilegeHandler.invalidateSession(certificate);
}
@ -314,7 +314,7 @@ public class PrivilegeTest {
*/
@Test
public void testAuthAsTed() throws Exception {
Certificate certificate = privilegeHandler.authenticate(TED, PASS_TED);
Certificate certificate = privilegeHandler.authenticate(TED, copyBytes(PASS_TED));
privilegeHandler.invalidateSession(certificate);
}
@ -325,7 +325,7 @@ public class PrivilegeTest {
@Test
public void testPerformRestrictableAsAdmin() throws Exception {
Certificate certificate = privilegeHandler.authenticate(ADMIN, PASS_ADMIN);
Certificate certificate = privilegeHandler.authenticate(ADMIN, copyBytes(PASS_ADMIN));
org.junit.Assert.assertTrue("Certificate is null!", certificate != null);
// see if eitch can perform restrictable
@ -342,7 +342,7 @@ public class PrivilegeTest {
*/
@Test(expected = AccessDeniedException.class)
public void testFailPerformRestrictableAsBob() throws Exception {
Certificate certificate = privilegeHandler.authenticate(BOB, PASS_BOB);
Certificate certificate = privilegeHandler.authenticate(BOB, copyBytes(PASS_BOB));
org.junit.Assert.assertTrue("Certificate is null!", certificate != null);
// see if bob can perform restrictable
@ -361,7 +361,7 @@ public class PrivilegeTest {
@Test
public void testAddFeatherliteRoleToBob() throws Exception {
Certificate certificate = privilegeHandler.authenticate(ADMIN, PASS_ADMIN);
Certificate certificate = privilegeHandler.authenticate(ADMIN, copyBytes(PASS_ADMIN));
privilegeHandler.addRoleToUser(certificate, BOB, ROLE_FEATHERLITE_USER);
logger.info("Added " + ROLE_FEATHERLITE_USER + " to " + BOB);
privilegeHandler.invalidateSession(certificate);
@ -375,7 +375,7 @@ public class PrivilegeTest {
*/
@Test
public void testPerformRestrictableAsBob() throws Exception {
Certificate certificate = privilegeHandler.authenticate(BOB, PASS_BOB);
Certificate certificate = privilegeHandler.authenticate(BOB, copyBytes(PASS_BOB));
org.junit.Assert.assertTrue("Certificate is null!", certificate != null);
// see if bob can perform restrictable

8
src/test/java/ch/eitchnet/privilege/test/TestRestrictable.java
View File

@ -1,11 +1,6 @@
/*
* Copyright (c) 2010, 2011
* Copyright (c) 2010 - 2012
*
* Robert von Burg <eitch@eitchnet.ch>
*
*/
/*
* This file is part of Privilege.
*
* Privilege is free software: you can redistribute it and/or modify
@ -22,7 +17,6 @@
* along with Privilege. If not, see <http://www.gnu.org/licenses/>.
*
*/
package ch.eitchnet.privilege.test;
import ch.eitchnet.privilege.model.Restrictable;