001 //$HeadURL: svn+ssh://jwilden@svn.wald.intevation.org/deegree/base/branches/2.5_testing/src/org/deegree/security/drm/model/User.java $
002 /*----------------------------------------------------------------------------
003 This file is part of deegree, http://deegree.org/
004 Copyright (C) 2001-2009 by:
005 Department of Geography, University of Bonn
006 and
007 lat/lon GmbH
008
009 This library is free software; you can redistribute it and/or modify it under
010 the terms of the GNU Lesser General Public License as published by the Free
011 Software Foundation; either version 2.1 of the License, or (at your option)
012 any later version.
013 This library is distributed in the hope that it will be useful, but WITHOUT
014 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
015 FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
016 details.
017 You should have received a copy of the GNU Lesser General Public License
018 along with this library; if not, write to the Free Software Foundation, Inc.,
019 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
020
021 Contact information:
022
023 lat/lon GmbH
024 Aennchenstr. 19, 53177 Bonn
025 Germany
026 http://lat-lon.de/
027
028 Department of Geography, University of Bonn
029 Prof. Dr. Klaus Greve
030 Postfach 1147, 53001 Bonn
031 Germany
032 http://www.geographie.uni-bonn.de/deegree/
033
034 e-mail: info@deegree.org
035 ----------------------------------------------------------------------------*/
036 package org.deegree.security.drm.model;
037
038 import java.util.HashSet;
039
040 import org.deegree.framework.log.ILogger;
041 import org.deegree.framework.log.LoggerFactory;
042 import org.deegree.model.feature.Feature;
043 import org.deegree.security.GeneralSecurityException;
044 import org.deegree.security.drm.SecurityAccess;
045 import org.deegree.security.drm.SecurityRegistry;
046 import org.deegree.security.drm.WrongCredentialsException;
047
048 /**
049 * Implementation of user-objects. <code>User</code> s can be members of <code>Groups</code> and
050 * can be associated with <code>Role</code>s.
051 * <p>
052 * A user is always in one of two states:
053 *
054 * <ul>
055 * <li>
056 * Not authenticated: <code>SecurityManager</code> will not issue <code>SecurityAccess</code>
057 * instances for this user
058 * </li>
059 * <li>
060 * Authenticated: achieved by calling <code>authenticate()</code> and submitting the correct
061 * password, afterwards <code>SecurityAccess</code> instances for the user can be issued
062 * </li>
063 * </ul>
064 *
065 * @author <a href="mailto:mschneider@lat-lon.de">Markus Schneider</a>
066 * @author last edited by: $Author: mays$
067 *
068 * @version $Revision: 18195 $, $Date: 21.08.2007 16:51:15$
069 */
070 public class User extends SecurableObject {
071
072 private ILogger LOG = LoggerFactory.getLogger( User.class );
073
074 /**
075 *
076 */
077 public final static int ID_SEC_ADMIN = 1;
078
079 private String password;
080
081 private String firstName;
082
083 private String lastName;
084
085 private String emailAddress;
086
087 private boolean isAuthenticated = false;
088
089 /**
090 * Creates a new <code>User</code> -instance.
091 *
092 * @param id
093 * @param name
094 * @param password
095 * null means that password checking is disabled
096 * @param firstName
097 * @param lastName
098 * @param emailAddress
099 * @param registry
100 */
101 public User( int id, String name, String password, String firstName, String lastName, String emailAddress,
102 SecurityRegistry registry ) {
103 this.id = id;
104 this.name = name;
105 this.password = password;
106 if ( password == null ) {
107 isAuthenticated = true;
108 }
109 if ( lastName == null || firstName == null ) {
110 this.title = name;
111 } else if ( ( lastName == null || lastName.equals( "" ) ) && ( firstName == null || firstName.equals( "" ) ) ) {
112 this.title = name;
113 } else if ( ( !lastName.equals( "" ) ) && ( !firstName.equals( "" ) ) ) {
114 this.title = lastName + ", " + firstName;
115 } else if ( lastName.equals( "" ) ) {
116 this.title = firstName;
117 } else {
118 this.title = lastName;
119 }
120 this.firstName = firstName;
121 this.lastName = lastName;
122 this.emailAddress = emailAddress;
123 this.registry = registry;
124 }
125
126 /**
127 * @return the first name
128 *
129 */
130 public String getFirstName() {
131 return firstName;
132 }
133
134 /**
135 * @return the last name
136 *
137 */
138 public String getLastName() {
139 return lastName;
140 }
141
142 /**
143 * @return the mail address
144 *
145 */
146 public String getEmailAddress() {
147 return emailAddress;
148 }
149
150 /**
151 * @return the password
152 *
153 */
154 public String getPassword() {
155 return password;
156 }
157
158 /**
159 * Returns the groups that this user belongs to.
160 *
161 * @param securityAccess
162 * @return the user's groups
163 * @throws GeneralSecurityException
164 */
165 public Group[] getGroups( SecurityAccess securityAccess )
166 throws GeneralSecurityException {
167 return registry.getGroupsForUser( securityAccess, this );
168 }
169
170 /**
171 * Returns the roles that this is user is associated with (directly and via group memberships).
172 * <p>
173 *
174 * @param securityAccess
175 * @return the user's roles
176 * @throws GeneralSecurityException
177 */
178 public Role[] getRoles( SecurityAccess securityAccess )
179 throws GeneralSecurityException {
180 return securityAccess.getAllRolesForUser( this );
181 }
182
183 /**
184 * Returns the <code>Privileges</code> that the <code>User</code> has (directly and via
185 * group memberships).
186 *
187 * @param securityAccess
188 * @return the user's privileges
189 * @throws GeneralSecurityException
190 */
191 public Privilege[] getPrivileges( SecurityAccess securityAccess )
192 throws GeneralSecurityException {
193
194 Role[] roles = securityAccess.getAllRolesForUser( this );
195 HashSet<Privilege> privilegeSet = new HashSet<Privilege>();
196 // gather privileges for all associated roles
197 for ( int i = 0; i < roles.length; i++ ) {
198 Privilege[] rolePrivileges = registry.getPrivilegesForRole( securityAccess, roles[i] );
199 for ( int j = 0; j < rolePrivileges.length; j++ ) {
200 privilegeSet.add( rolePrivileges[j] );
201 }
202 }
203 return privilegeSet.toArray( new Privilege[privilegeSet.size()] );
204 }
205
206 /**
207 * Returns whether the <code>User</code> has a certain <code>Privilege</code> (either
208 * directly or via group memberships).
209 *
210 * @param securityAccess
211 * @param privilege
212 * @return true if the user has the specified privilege
213 * @throws GeneralSecurityException
214 */
215 public boolean hasPrivilege( SecurityAccess securityAccess, Privilege privilege )
216 throws GeneralSecurityException {
217 Privilege[] privileges = getPrivileges( securityAccess );
218 for ( int i = 0; i < privileges.length; i++ ) {
219 if ( privileges[i].equals( privilege ) ) {
220 return true;
221 }
222 }
223 return false;
224 }
225
226 /**
227 * Returns whether the <code>User</code> has a certain privilege (either directly or via group
228 * memberships).
229 *
230 * @param securityAccess
231 * @param s
232 * @return true if the user has the specified privilege
233 * @throws GeneralSecurityException
234 */
235 public boolean hasPrivilege( SecurityAccess securityAccess, String s )
236 throws GeneralSecurityException {
237 Privilege privilege = registry.getPrivilegeByName( securityAccess, s );
238 return hasPrivilege( securityAccess, privilege );
239 }
240
241 /**
242 * Returns the rights that this <code>User</code> has on the given
243 * <code>SecurableObject</code> (directly and via group memberships).
244 *
245 * @param securityAccess
246 * @param object
247 * @return the user's right for the specified object
248 * @throws GeneralSecurityException
249 */
250 public RightSet getRights( SecurityAccess securityAccess, SecurableObject object )
251 throws GeneralSecurityException {
252 Role[] roles = securityAccess.getAllRolesForUser( this );
253 RightSet rights = new RightSet();
254
255 for ( int i = 0; i < roles.length; i++ ) {
256 rights = rights.merge( new RightSet( registry.getRights( securityAccess, object, roles[i] ) ) );
257 }
258 return rights;
259 }
260
261 /**
262 * Returns whether the <code>User</code> has a certain <code>Right</code> on this
263 * <code>SecurableObject</code> (directly or via group memberships).
264 *
265 * @param securityAccess
266 * @param type
267 * @param accessParams
268 * @param object
269 * @return true if the user has the right for the specified object
270 * @throws GeneralSecurityException
271 */
272 public boolean hasRight( SecurityAccess securityAccess, RightType type, Feature accessParams, SecurableObject object )
273 throws GeneralSecurityException {
274 LOG.logDebug( "has Right", type );
275 LOG.logDebug( "has Right", object );
276 return getRights( securityAccess, object ).applies( object, type, accessParams );
277 }
278
279 /**
280 * Returns whether the <code>User</code> has a certain <code>Right</code> on this
281 * <code>SecurableObject</code> (directly or via group memberships).
282 *
283 * @param securityAccess
284 * @param type
285 * @param object
286 * @return true if the user has the right for the specified object
287 * @throws GeneralSecurityException
288 */
289 public boolean hasRight( SecurityAccess securityAccess, RightType type, SecurableObject object )
290 throws GeneralSecurityException {
291 return getRights( securityAccess, object ).applies( object, type );
292 }
293
294 /**
295 * Returns whether the <code>User</code> has a certain right on this
296 * <code>SecurableObject</code> (directly or via group memberships).
297 *
298 * @param securityAccess
299 * @param s
300 * @param object
301 * @return true if the user has the right for the specified object
302 * @throws GeneralSecurityException
303 */
304 public boolean hasRight( SecurityAccess securityAccess, String s, SecurableObject object )
305 throws GeneralSecurityException {
306 RightType right = registry.getRightTypeByName( securityAccess, s );
307 return hasRight( securityAccess, right, object );
308 }
309
310 /**
311 * Returns whether the <code>User</code> has already been authenticated by a call to
312 * <code>authenticate()</code> with the correct password (or if the <code>user</code>'s
313 * password is null).
314 *
315 * @return true, if the user is authenticated
316 */
317 public boolean isAuthenticated() {
318 return isAuthenticated;
319 }
320
321 /**
322 * Returns a <code>String</code> representation of this object.
323 *
324 * @param securityAccess
325 * @return the object as string
326 */
327 public String toString( SecurityAccess securityAccess ) {
328 StringBuffer sb = new StringBuffer( "Name: " ).append( name ).append( ", Title: " ).append( title );
329
330 try {
331 sb.append( ", Groups: [" );
332 Group[] groups = getGroups( securityAccess );
333 for ( int i = 0; i < groups.length; i++ ) {
334 sb.append( groups[i].getName() );
335 if ( i != groups.length - 1 ) {
336 sb.append( ", " );
337 }
338 }
339 sb.append( "]" );
340
341 sb.append( ", Roles: [" );
342 Role[] roles = getRoles( securityAccess );
343 for ( int i = 0; i < roles.length; i++ ) {
344 sb.append( roles[i].getName() );
345 if ( i != roles.length - 1 ) {
346 sb.append( ", " );
347 }
348 }
349 sb.append( "]" );
350
351 sb.append( ", Privileges: [" );
352 Privilege[] privileges = getPrivileges( securityAccess );
353 for ( int i = 0; i < privileges.length; i++ ) {
354 sb.append( privileges[i].getName() );
355 if ( i != privileges.length - 1 ) {
356 sb.append( ", " );
357 }
358 }
359 sb.append( "]" );
360
361 } catch ( GeneralSecurityException e ) {
362 LOG.logError( e.getMessage(), e );
363 }
364 return sb.toString();
365 }
366
367 /**
368 * Checks if the submitted password is equal to the one of this user instance and sets the state
369 * to "authenticated" in case it is correct.
370 *
371 * @param password
372 * @throws WrongCredentialsException
373 */
374 public void authenticate( String password )
375 throws WrongCredentialsException {
376 if ( this.password == null || "".equals( this.password ) ) {
377 isAuthenticated = true;
378 return;
379 }
380 if ( !this.password.equals( password ) ) {
381 isAuthenticated = false;
382 throw new WrongCredentialsException( "The submitted password is incorrect." );
383 }
384 isAuthenticated = true;
385 }
386 }