001 //$HeadURL: svn+ssh://rbezema@svn.wald.intevation.org/deegree/base/branches/2.2_testing/src/org/deegree/security/drm/model/User.java $
002 /*---------------- FILE HEADER ------------------------------------------
003
004 This file is part of deegree.
005 Copyright (C) 2001-2008 by:
006 EXSE, Department of Geography, University of Bonn
007 http://www.giub.uni-bonn.de/deegree/
008 lat/lon GmbH
009 http://www.lat-lon.de
010
011 This library is free software; you can redistribute it and/or
012 modify it under the terms of the GNU Lesser General Public
013 License as published by the Free Software Foundation; either
014 version 2.1 of the License, or (at your option) any later version.
015
016 This library is distributed in the hope that it will be useful,
017 but WITHOUT ANY WARRANTY; without even the implied warranty of
018 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
019 Lesser General Public License for more details.
020
021 You should have received a copy of the GNU Lesser General Public
022 License along with this library; if not, write to the Free Software
023 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
024
025 Contact:
026
027 Andreas Poth
028 lat/lon GmbH
029 Aennchenstr. 19
030 53115 Bonn
031 Germany
032 E-Mail: poth@lat-lon.de
033
034 Prof. Dr. Klaus Greve
035 Department of Geography
036 University of Bonn
037 Meckenheimer Allee 166
038 53115 Bonn
039 Germany
040 E-Mail: greve@giub.uni-bonn.de
041
042 ---------------------------------------------------------------------------*/
043 package org.deegree.security.drm.model;
044
045 import java.util.HashSet;
046
047 import org.deegree.framework.log.ILogger;
048 import org.deegree.framework.log.LoggerFactory;
049 import org.deegree.model.feature.Feature;
050 import org.deegree.security.GeneralSecurityException;
051 import org.deegree.security.drm.SecurityAccess;
052 import org.deegree.security.drm.SecurityRegistry;
053 import org.deegree.security.drm.WrongCredentialsException;
054
055 /**
056 * Implementation of user-objects. <code>User</code> s can be members of <code>Groups</code> and
057 * can be associated with <code>Role</code>s.
058 * <p>
059 * A user is always in one of two states:
060 *
061 * <ul>
062 * <li>
063 * Not authenticated: <code>SecurityManager</code> will not issue <code>SecurityAccess</code>
064 * instances for this user
065 * </li>
066 * <li>
067 * Authenticated: achieved by calling <code>authenticate()</code> and submitting the correct
068 * password, afterwards <code>SecurityAccess</code> instances for the user can be issued
069 * </li>
070 * </ul>
071 *
072 * @author <a href="mailto:mschneider@lat-lon.de">Markus Schneider</a>
073 * @author last edited by: $Author: mays$
074 *
075 * @version $Revision: 9346 $, $Date: 21.08.2007 16:51:15$
076 */
077 public class User extends SecurableObject {
078
079 private ILogger LOG = LoggerFactory.getLogger( User.class );
080
081 /**
082 *
083 */
084 public final static int ID_SEC_ADMIN = 1;
085
086 private String password;
087
088 private String firstName;
089
090 private String lastName;
091
092 private String emailAddress;
093
094 private boolean isAuthenticated = false;
095
096 /**
097 * Creates a new <code>User</code> -instance.
098 *
099 * @param id
100 * @param name
101 * @param password
102 * null means that password checking is disabled
103 * @param firstName
104 * @param lastName
105 * @param emailAddress
106 * @param registry
107 */
108 public User( int id, String name, String password, String firstName, String lastName, String emailAddress,
109 SecurityRegistry registry ) {
110 this.id = id;
111 this.name = name;
112 this.password = password;
113 if ( password == null ) {
114 isAuthenticated = true;
115 }
116 if ( lastName == null || firstName == null ) {
117 this.title = name;
118 } else if ( ( lastName == null || lastName.equals( "" ) ) && ( firstName == null || firstName.equals( "" ) ) ) {
119 this.title = name;
120 } else if ( ( !lastName.equals( "" ) ) && ( !firstName.equals( "" ) ) ) {
121 this.title = lastName + ", " + firstName;
122 } else if ( lastName.equals( "" ) ) {
123 this.title = firstName;
124 } else {
125 this.title = lastName;
126 }
127 this.firstName = firstName;
128 this.lastName = lastName;
129 this.emailAddress = emailAddress;
130 this.registry = registry;
131 }
132
133 /**
134 * @return the first name
135 *
136 */
137 public String getFirstName() {
138 return firstName;
139 }
140
141 /**
142 * @return the last name
143 *
144 */
145 public String getLastName() {
146 return lastName;
147 }
148
149 /**
150 * @return the mail address
151 *
152 */
153 public String getEmailAddress() {
154 return emailAddress;
155 }
156
157 /**
158 * @return the password
159 *
160 */
161 public String getPassword() {
162 return password;
163 }
164
165 /**
166 * Returns the groups that this user belongs to.
167 *
168 * @param securityAccess
169 * @return the user's groups
170 * @throws GeneralSecurityException
171 */
172 public Group[] getGroups( SecurityAccess securityAccess )
173 throws GeneralSecurityException {
174 return registry.getGroupsForUser( securityAccess, this );
175 }
176
177 /**
178 * Returns the roles that this is user is associated with (directly and via group memberships).
179 * <p>
180 *
181 * @param securityAccess
182 * @return the user's roles
183 * @throws GeneralSecurityException
184 */
185 public Role[] getRoles( SecurityAccess securityAccess )
186 throws GeneralSecurityException {
187 return securityAccess.getAllRolesForUser( this );
188 }
189
190 /**
191 * Returns the <code>Privileges</code> that the <code>User</code> has (directly and via
192 * group memberships).
193 *
194 * @param securityAccess
195 * @return the user's privileges
196 * @throws GeneralSecurityException
197 */
198 public Privilege[] getPrivileges( SecurityAccess securityAccess )
199 throws GeneralSecurityException {
200
201 Role[] roles = securityAccess.getAllRolesForUser( this );
202 HashSet<Privilege> privilegeSet = new HashSet<Privilege>();
203 // gather privileges for all associated roles
204 for ( int i = 0; i < roles.length; i++ ) {
205 Privilege[] rolePrivileges = registry.getPrivilegesForRole( securityAccess, roles[i] );
206 for ( int j = 0; j < rolePrivileges.length; j++ ) {
207 privilegeSet.add( rolePrivileges[j] );
208 }
209 }
210 return privilegeSet.toArray( new Privilege[privilegeSet.size()] );
211 }
212
213 /**
214 * Returns whether the <code>User</code> has a certain <code>Privilege</code> (either
215 * directly or via group memberships).
216 *
217 * @param securityAccess
218 * @param privilege
219 * @return true if the user has the specified privilege
220 * @throws GeneralSecurityException
221 */
222 public boolean hasPrivilege( SecurityAccess securityAccess, Privilege privilege )
223 throws GeneralSecurityException {
224 Privilege[] privileges = getPrivileges( securityAccess );
225 for ( int i = 0; i < privileges.length; i++ ) {
226 if ( privileges[i].equals( privilege ) ) {
227 return true;
228 }
229 }
230 return false;
231 }
232
233 /**
234 * Returns whether the <code>User</code> has a certain privilege (either directly or via group
235 * memberships).
236 *
237 * @param securityAccess
238 * @param s
239 * @return true if the user has the specified privilege
240 * @throws GeneralSecurityException
241 */
242 public boolean hasPrivilege( SecurityAccess securityAccess, String s )
243 throws GeneralSecurityException {
244 Privilege privilege = registry.getPrivilegeByName( securityAccess, s );
245 return hasPrivilege( securityAccess, privilege );
246 }
247
248 /**
249 * Returns the rights that this <code>User</code> has on the given
250 * <code>SecurableObject</code> (directly and via group memberships).
251 *
252 * @param securityAccess
253 * @param object
254 * @return the user's right for the specified object
255 * @throws GeneralSecurityException
256 */
257 public RightSet getRights( SecurityAccess securityAccess, SecurableObject object )
258 throws GeneralSecurityException {
259 Role[] roles = securityAccess.getAllRolesForUser( this );
260 RightSet rights = new RightSet();
261
262 for ( int i = 0; i < roles.length; i++ ) {
263 rights = rights.merge( new RightSet( registry.getRights( securityAccess, object, roles[i] ) ) );
264 }
265 return rights;
266 }
267
268 /**
269 * Returns whether the <code>User</code> has a certain <code>Right</code> on this
270 * <code>SecurableObject</code> (directly or via group memberships).
271 *
272 * @param securityAccess
273 * @param type
274 * @param accessParams
275 * @param object
276 * @return true if the user has the right for the specified object
277 * @throws GeneralSecurityException
278 */
279 public boolean hasRight( SecurityAccess securityAccess, RightType type, Feature accessParams, SecurableObject object )
280 throws GeneralSecurityException {
281 LOG.logDebug( "has Right", type );
282 LOG.logDebug( "has Right", object );
283 return getRights( securityAccess, object ).applies( object, type, accessParams );
284 }
285
286 /**
287 * Returns whether the <code>User</code> has a certain <code>Right</code> on this
288 * <code>SecurableObject</code> (directly or via group memberships).
289 *
290 * @param securityAccess
291 * @param type
292 * @param object
293 * @return true if the user has the right for the specified object
294 * @throws GeneralSecurityException
295 */
296 public boolean hasRight( SecurityAccess securityAccess, RightType type, SecurableObject object )
297 throws GeneralSecurityException {
298 return getRights( securityAccess, object ).applies( object, type );
299 }
300
301 /**
302 * Returns whether the <code>User</code> has a certain right on this
303 * <code>SecurableObject</code> (directly or via group memberships).
304 *
305 * @param securityAccess
306 * @param s
307 * @param object
308 * @return true if the user has the right for the specified object
309 * @throws GeneralSecurityException
310 */
311 public boolean hasRight( SecurityAccess securityAccess, String s, SecurableObject object )
312 throws GeneralSecurityException {
313 RightType right = registry.getRightTypeByName( securityAccess, s );
314 return hasRight( securityAccess, right, object );
315 }
316
317 /**
318 * Returns whether the <code>User</code> has already been authenticated by a call to
319 * <code>authenticate()</code> with the correct password (or if the <code>user</code>'s
320 * password is null).
321 *
322 * @return true, if the user is authenticated
323 */
324 public boolean isAuthenticated() {
325 return isAuthenticated;
326 }
327
328 /**
329 * Returns a <code>String</code> representation of this object.
330 *
331 * @param securityAccess
332 * @return the object as string
333 */
334 public String toString( SecurityAccess securityAccess ) {
335 StringBuffer sb = new StringBuffer( "Name: " ).append( name ).append( ", Title: " ).append( title );
336
337 try {
338 sb.append( ", Groups: [" );
339 Group[] groups = getGroups( securityAccess );
340 for ( int i = 0; i < groups.length; i++ ) {
341 sb.append( groups[i].getName() );
342 if ( i != groups.length - 1 ) {
343 sb.append( ", " );
344 }
345 }
346 sb.append( "]" );
347
348 sb.append( ", Roles: [" );
349 Role[] roles = getRoles( securityAccess );
350 for ( int i = 0; i < roles.length; i++ ) {
351 sb.append( roles[i].getName() );
352 if ( i != roles.length - 1 ) {
353 sb.append( ", " );
354 }
355 }
356 sb.append( "]" );
357
358 sb.append( ", Privileges: [" );
359 Privilege[] privileges = getPrivileges( securityAccess );
360 for ( int i = 0; i < privileges.length; i++ ) {
361 sb.append( privileges[i].getName() );
362 if ( i != privileges.length - 1 ) {
363 sb.append( ", " );
364 }
365 }
366 sb.append( "]" );
367
368 } catch ( GeneralSecurityException e ) {
369 LOG.logError( e.getMessage(), e );
370 }
371 return sb.toString();
372 }
373
374 /**
375 * Checks if the submitted password is equal to the one of this user instance and sets the state
376 * to "authenticated" in case it is correct.
377 *
378 * @param password
379 * @throws WrongCredentialsException
380 */
381 public void authenticate( String password )
382 throws WrongCredentialsException {
383 if ( this.password == null || "".equals( this.password ) ) {
384 isAuthenticated = true;
385 return;
386 }
387 if ( !this.password.equals( password ) ) {
388 isAuthenticated = false;
389 throw new WrongCredentialsException( "The submitted password is incorrect." );
390 }
391 isAuthenticated = true;
392 }
393 }