001 //$HeadURL: svn+ssh://rbezema@svn.wald.intevation.org/deegree/base/tags/2.1/src/org/deegree/security/drm/model/User.java $
002 /*---------------- FILE HEADER ------------------------------------------
003
004 This file is part of deegree.
005 Copyright (C) 2001-2007 by:
006 EXSE, Department of Geography, University of Bonn
007 http://www.giub.uni-bonn.de/deegree/
008 lat/lon GmbH
009 http://www.lat-lon.de
010
011 This library is free software; you can redistribute it and/or
012 modify it under the terms of the GNU Lesser General Public
013 License as published by the Free Software Foundation; either
014 version 2.1 of the License, or (at your option) any later version.
015
016 This library is distributed in the hope that it will be useful,
017 but WITHOUT ANY WARRANTY; without even the implied warranty of
018 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
019 Lesser General Public License for more details.
020
021 You should have received a copy of the GNU Lesser General Public
022 License along with this library; if not, write to the Free Software
023 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
024
025 Contact:
026
027 Andreas Poth
028 lat/lon GmbH
029 Aennchenstr. 19
030 53115 Bonn
031 Germany
032 E-Mail: poth@lat-lon.de
033
034 Prof. Dr. Klaus Greve
035 Department of Geography
036 University of Bonn
037 Meckenheimer Allee 166
038 53115 Bonn
039 Germany
040 E-Mail: greve@giub.uni-bonn.de
041
042 ---------------------------------------------------------------------------*/
043 package org.deegree.security.drm.model;
044
045 import java.util.HashSet;
046
047 import org.deegree.model.feature.Feature;
048 import org.deegree.security.GeneralSecurityException;
049 import org.deegree.security.drm.SecurityAccess;
050 import org.deegree.security.drm.SecurityRegistry;
051 import org.deegree.security.drm.WrongCredentialsException;
052
053 /**
054 * Implementation of user-objects. <code>User</code> s can be members of <code>Groups</code> and
055 * can be associated with <code>Role</code>s.
056 * <p>
057 * A user is always in one of two states:
058 * <li>
059 * <ul>
060 * Not authenticated: <code>SecurityManager</code> will not issue <code>SecurityAccess</code>
061 * instances for this user
062 * <ul>
063 * Authenticated: achieved by calling <code>authenticate()</code> and submitting the correct
064 * password, afterwards <code>SecurityAccess</code> instances for the user can be issued
065 * </ul>
066 * </li>
067 *
068 * @author <a href="mailto:mschneider@lat-lon.de">Markus Schneider </a>
069 * @version $Revision: 7007 $
070 */
071 public class User extends SecurableObject {
072
073 public final static int ID_SEC_ADMIN = 1;
074
075 private String password;
076
077 private String firstName;
078
079 private String lastName;
080
081 private String emailAddress;
082
083 private boolean isAuthenticated = false;
084
085 /**
086 * Creates a new <code>User</code> -instance.
087 *
088 * @param id
089 * @param name
090 * @param password
091 * null means that password checking is disabled
092 * @param firstName
093 * @param lastName
094 * @param registry
095 */
096 public User( int id, String name, String password, String firstName, String lastName, String emailAddress,
097 SecurityRegistry registry ) {
098 this.id = id;
099 this.name = name;
100 this.password = password;
101 if ( password == null ) {
102 isAuthenticated = true;
103 }
104 if ( lastName == null || firstName == null ) {
105 this.title = name;
106 } else if ( ( lastName == null || lastName.equals( "" ) ) && ( firstName == null || firstName.equals( "" ) ) ) {
107 this.title = name;
108 } else if ( ( !lastName.equals( "" ) ) && ( !firstName.equals( "" ) ) ) {
109 this.title = lastName + ", " + firstName;
110 } else if ( lastName.equals( "" ) ) {
111 this.title = firstName;
112 } else {
113 this.title = lastName;
114 }
115 this.firstName = firstName;
116 this.lastName = lastName;
117 this.emailAddress = emailAddress;
118 this.registry = registry;
119 }
120
121 /**
122 *
123 */
124 public String getFirstName() {
125 return firstName;
126 }
127
128 /**
129 *
130 */
131 public String getLastName() {
132 return lastName;
133 }
134
135 /**
136 *
137 */
138 public String getEmailAddress() {
139 return emailAddress;
140 }
141
142 /**
143 *
144 */
145 public String getPassword() {
146 return password;
147 }
148
149 /**
150 * Returns the groups that this user belongs to.
151 *
152 * @param securityAccess
153 */
154 public Group[] getGroups( SecurityAccess securityAccess )
155 throws GeneralSecurityException {
156 return registry.getGroupsForUser( securityAccess, this );
157 }
158
159 /**
160 * Returns the roles that this is user is associated with (directly and via group memberships).
161 * <p>
162 *
163 * @param securityAccess
164 */
165 public Role[] getRoles( SecurityAccess securityAccess )
166 throws GeneralSecurityException {
167 return securityAccess.getAllRolesForUser( this );
168 }
169
170 /**
171 * Returns the <code>Privileges</code> that the <code>User</code> has (directly and via
172 * group memberships).
173 *
174 * @throws GeneralSecurityException
175 */
176 public Privilege[] getPrivileges( SecurityAccess securityAccess )
177 throws GeneralSecurityException {
178
179 Role[] roles = securityAccess.getAllRolesForUser( this );
180 HashSet<Privilege> privilegeSet = new HashSet<Privilege>();
181 // gather privileges for all associated roles
182 for ( int i = 0; i < roles.length; i++ ) {
183 Privilege[] rolePrivileges = registry.getPrivilegesForRole( securityAccess, roles[i] );
184 for ( int j = 0; j < rolePrivileges.length; j++ ) {
185 privilegeSet.add( rolePrivileges[j] );
186 }
187 }
188 return privilegeSet.toArray( new Privilege[privilegeSet.size()] );
189 }
190
191 /**
192 * Returns whether the <code>User</code> has a certain <code>Privilege</code> (either
193 * directly or via group memberships).
194 *
195 * @param privilege
196 */
197 public boolean hasPrivilege( SecurityAccess securityAccess, Privilege privilege )
198 throws GeneralSecurityException {
199 Privilege[] privileges = getPrivileges( securityAccess );
200 for ( int i = 0; i < privileges.length; i++ ) {
201 if ( privileges[i].equals( privilege ) ) {
202 return true;
203 }
204 }
205 return false;
206 }
207
208 /**
209 * Returns whether the <code>User</code> has a certain privilege (either directly or via group
210 * memberships).
211 *
212 * @param s
213 */
214 public boolean hasPrivilege( SecurityAccess securityAccess, String s )
215 throws GeneralSecurityException {
216 Privilege privilege = registry.getPrivilegeByName( securityAccess, s );
217 return hasPrivilege( securityAccess, privilege );
218 }
219
220 /**
221 * Returns the rights that this <code>User</code> has on the given
222 * <code>SecurableObject</code> (directly and via group memberships).
223 */
224 public RightSet getRights( SecurityAccess securityAccess, SecurableObject object )
225 throws GeneralSecurityException {
226 Role[] roles = securityAccess.getAllRolesForUser( this );
227 RightSet rights = new RightSet();
228
229 for ( int i = 0; i < roles.length; i++ ) {
230 rights = rights.merge( new RightSet( registry.getRights( securityAccess, object, roles[i] ) ) );
231 }
232 return rights;
233 }
234
235 /**
236 * Returns whether the <code>User</code> has a certain <code>Right</code> on this
237 * <code>SecurableObject</code> (directly or via group memberships).
238 */
239 public boolean hasRight( SecurityAccess securityAccess, RightType type, Feature accessParams, SecurableObject object )
240 throws GeneralSecurityException {
241 return getRights( securityAccess, object ).applies( object, type, accessParams );
242 }
243
244 /**
245 * Returns whether the <code>User</code> has a certain <code>Right</code> on this
246 * <code>SecurableObject</code> (directly or via group memberships).
247 */
248 public boolean hasRight( SecurityAccess securityAccess, RightType type, SecurableObject object )
249 throws GeneralSecurityException {
250 return getRights( securityAccess, object ).applies( object, type );
251 }
252
253 /**
254 * Returns whether the <code>User</code> has a certain right on this
255 * <code>SecurableObject</code> (directly or via group memberships).
256 */
257 public boolean hasRight( SecurityAccess securityAccess, String s, SecurableObject object )
258 throws GeneralSecurityException {
259 RightType right = registry.getRightTypeByName( securityAccess, s );
260 return hasRight( securityAccess, right, object );
261 }
262
263 /**
264 * Returns whether the <code>User</code> has already been authenticated by a call to
265 * <code>authenticate()</code> with the correct password (or if the <code>user</code>'s
266 * password is null).
267 *
268 */
269 public boolean isAuthenticated() {
270 return isAuthenticated;
271 }
272
273 /**
274 * Returns a <code>String</code> representation of this object.
275 */
276 public String toString( SecurityAccess securityAccess ) {
277 StringBuffer sb = new StringBuffer( "Name: " ).append( name ).append( ", Title: " ).append( title );
278
279 try {
280 sb.append( ", Groups: [" );
281 Group[] groups = getGroups( securityAccess );
282 for ( int i = 0; i < groups.length; i++ ) {
283 sb.append( groups[i].getName() );
284 if ( i != groups.length - 1 ) {
285 sb.append( ", " );
286 }
287 }
288 sb.append( "]" );
289
290 sb.append( ", Roles: [" );
291 Role[] roles = getRoles( securityAccess );
292 for ( int i = 0; i < roles.length; i++ ) {
293 sb.append( roles[i].getName() );
294 if ( i != roles.length - 1 ) {
295 sb.append( ", " );
296 }
297 }
298 sb.append( "]" );
299
300 sb.append( ", Privileges: [" );
301 Privilege[] privileges = getPrivileges( securityAccess );
302 for ( int i = 0; i < privileges.length; i++ ) {
303 sb.append( privileges[i].getName() );
304 if ( i != privileges.length - 1 ) {
305 sb.append( ", " );
306 }
307 }
308 sb.append( "]" );
309
310 } catch ( GeneralSecurityException e ) {
311 e.printStackTrace();
312 }
313 return sb.toString();
314 }
315
316 /**
317 * Checks if the submitted password is equal to the one of this user instance and sets the state
318 * to "authenticated" in case it is correct.
319 *
320 * @param password
321 */
322 public void authenticate( String password )
323 throws WrongCredentialsException {
324 if ( this.password == null || "".equals( this.password ) ) {
325 isAuthenticated = true;
326 return;
327 }
328 if ( !this.password.equals( password ) ) {
329 isAuthenticated = false;
330 throw new WrongCredentialsException( "The submitted password is incorrect." );
331 }
332 isAuthenticated = true;
333 }
334 }