001    //$HeadURL: svn+ssh://jwilden@svn.wald.intevation.org/deegree/base/branches/2.5_testing/src/org/deegree/security/drm/model/User.java $
002    /*----------------------------------------------------------------------------
003     This file is part of deegree, http://deegree.org/
004     Copyright (C) 2001-2009 by:
005       Department of Geography, University of Bonn
006     and
007       lat/lon GmbH
008    
009     This library is free software; you can redistribute it and/or modify it under
010     the terms of the GNU Lesser General Public License as published by the Free
011     Software Foundation; either version 2.1 of the License, or (at your option)
012     any later version.
013     This library is distributed in the hope that it will be useful, but WITHOUT
014     ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
015     FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
016     details.
017     You should have received a copy of the GNU Lesser General Public License
018     along with this library; if not, write to the Free Software Foundation, Inc.,
019     59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
020    
021     Contact information:
022    
023     lat/lon GmbH
024     Aennchenstr. 19, 53177 Bonn
025     Germany
026     http://lat-lon.de/
027    
028     Department of Geography, University of Bonn
029     Prof. Dr. Klaus Greve
030     Postfach 1147, 53001 Bonn
031     Germany
032     http://www.geographie.uni-bonn.de/deegree/
033    
034     e-mail: info@deegree.org
035    ----------------------------------------------------------------------------*/
036    package org.deegree.security.drm.model;
037    
038    import java.util.HashSet;
039    
040    import org.deegree.framework.log.ILogger;
041    import org.deegree.framework.log.LoggerFactory;
042    import org.deegree.model.feature.Feature;
043    import org.deegree.security.GeneralSecurityException;
044    import org.deegree.security.drm.SecurityAccess;
045    import org.deegree.security.drm.SecurityRegistry;
046    import org.deegree.security.drm.WrongCredentialsException;
047    
048    /**
049     * Implementation of user-objects. <code>User</code> s can be members of <code>Groups</code> and
050     * can be associated with <code>Role</code>s.
051     * <p>
052     * A user is always in one of two states:
053     *
054     * <ul>
055     * <li>
056     * Not authenticated: <code>SecurityManager</code> will not issue <code>SecurityAccess</code>
057     * instances for this user
058     * </li>
059     * <li>
060     * Authenticated: achieved by calling <code>authenticate()</code> and submitting the correct
061     * password, afterwards <code>SecurityAccess</code> instances for the user can be issued
062     * </li>
063     * </ul>
064     *
065     * @author <a href="mailto:mschneider@lat-lon.de">Markus Schneider</a>
066     * @author last edited by: $Author: mays$
067     *
068     * @version $Revision: 18195 $, $Date: 21.08.2007 16:51:15$
069     */
070    public class User extends SecurableObject {
071    
072        private ILogger LOG = LoggerFactory.getLogger( User.class );
073    
074        /**
075         *
076         */
077        public final static int ID_SEC_ADMIN = 1;
078    
079        private String password;
080    
081        private String firstName;
082    
083        private String lastName;
084    
085        private String emailAddress;
086    
087        private boolean isAuthenticated = false;
088    
089        /**
090         * Creates a new <code>User</code> -instance.
091         *
092         * @param id
093         * @param name
094         * @param password
095         *            null means that password checking is disabled
096         * @param firstName
097         * @param lastName
098         * @param emailAddress
099         * @param registry
100         */
101        public User( int id, String name, String password, String firstName, String lastName, String emailAddress,
102                     SecurityRegistry registry ) {
103            this.id = id;
104            this.name = name;
105            this.password = password;
106            if ( password == null ) {
107                isAuthenticated = true;
108            }
109            if ( lastName == null || firstName == null ) {
110                this.title = name;
111            } else if ( ( lastName == null || lastName.equals( "" ) ) && ( firstName == null || firstName.equals( "" ) ) ) {
112                this.title = name;
113            } else if ( ( !lastName.equals( "" ) ) && ( !firstName.equals( "" ) ) ) {
114                this.title = lastName + ", " + firstName;
115            } else if ( lastName.equals( "" ) ) {
116                this.title = firstName;
117            } else {
118                this.title = lastName;
119            }
120            this.firstName = firstName;
121            this.lastName = lastName;
122            this.emailAddress = emailAddress;
123            this.registry = registry;
124        }
125    
126        /**
127         * @return the first name
128         *
129         */
130        public String getFirstName() {
131            return firstName;
132        }
133    
134        /**
135         * @return the last name
136         *
137         */
138        public String getLastName() {
139            return lastName;
140        }
141    
142        /**
143         * @return the mail address
144         *
145         */
146        public String getEmailAddress() {
147            return emailAddress;
148        }
149    
150        /**
151         * @return the password
152         *
153         */
154        public String getPassword() {
155            return password;
156        }
157    
158        /**
159         * Returns the groups that this user belongs to.
160         *
161         * @param securityAccess
162         * @return the user's groups
163         * @throws GeneralSecurityException
164         */
165        public Group[] getGroups( SecurityAccess securityAccess )
166                                throws GeneralSecurityException {
167            return registry.getGroupsForUser( securityAccess, this );
168        }
169    
170        /**
171         * Returns the roles that this is user is associated with (directly and via group memberships).
172         * <p>
173         *
174         * @param securityAccess
175         * @return the user's roles
176         * @throws GeneralSecurityException
177         */
178        public Role[] getRoles( SecurityAccess securityAccess )
179                                throws GeneralSecurityException {
180            return securityAccess.getAllRolesForUser( this );
181        }
182    
183        /**
184         * Returns the <code>Privileges</code> that the <code>User</code> has (directly and via
185         * group memberships).
186         *
187         * @param securityAccess
188         * @return the user's privileges
189         * @throws GeneralSecurityException
190         */
191        public Privilege[] getPrivileges( SecurityAccess securityAccess )
192                                throws GeneralSecurityException {
193    
194            Role[] roles = securityAccess.getAllRolesForUser( this );
195            HashSet<Privilege> privilegeSet = new HashSet<Privilege>();
196            // gather privileges for all associated roles
197            for ( int i = 0; i < roles.length; i++ ) {
198                Privilege[] rolePrivileges = registry.getPrivilegesForRole( securityAccess, roles[i] );
199                for ( int j = 0; j < rolePrivileges.length; j++ ) {
200                    privilegeSet.add( rolePrivileges[j] );
201                }
202            }
203            return privilegeSet.toArray( new Privilege[privilegeSet.size()] );
204        }
205    
206        /**
207         * Returns whether the <code>User</code> has a certain <code>Privilege</code> (either
208         * directly or via group memberships).
209         *
210         * @param securityAccess
211         * @param privilege
212         * @return true if the user has the specified privilege
213         * @throws GeneralSecurityException
214         */
215        public boolean hasPrivilege( SecurityAccess securityAccess, Privilege privilege )
216                                throws GeneralSecurityException {
217            Privilege[] privileges = getPrivileges( securityAccess );
218            for ( int i = 0; i < privileges.length; i++ ) {
219                if ( privileges[i].equals( privilege ) ) {
220                    return true;
221                }
222            }
223            return false;
224        }
225    
226        /**
227         * Returns whether the <code>User</code> has a certain privilege (either directly or via group
228         * memberships).
229         *
230         * @param securityAccess
231         * @param s
232         * @return true if the user has the specified privilege
233         * @throws GeneralSecurityException
234         */
235        public boolean hasPrivilege( SecurityAccess securityAccess, String s )
236                                throws GeneralSecurityException {
237            Privilege privilege = registry.getPrivilegeByName( securityAccess, s );
238            return hasPrivilege( securityAccess, privilege );
239        }
240    
241        /**
242         * Returns the rights that this <code>User</code> has on the given
243         * <code>SecurableObject</code> (directly and via group memberships).
244         *
245         * @param securityAccess
246         * @param object
247         * @return the user's right for the specified object
248         * @throws GeneralSecurityException
249         */
250        public RightSet getRights( SecurityAccess securityAccess, SecurableObject object )
251                                throws GeneralSecurityException {
252            Role[] roles = securityAccess.getAllRolesForUser( this );
253            RightSet rights = new RightSet();
254    
255            for ( int i = 0; i < roles.length; i++ ) {
256                rights = rights.merge( new RightSet( registry.getRights( securityAccess, object, roles[i] ) ) );
257            }
258            return rights;
259        }
260    
261        /**
262         * Returns whether the <code>User</code> has a certain <code>Right</code> on this
263         * <code>SecurableObject</code> (directly or via group memberships).
264         *
265         * @param securityAccess
266         * @param type
267         * @param accessParams
268         * @param object
269         * @return true if the user has the right for the specified object
270         * @throws GeneralSecurityException
271         */
272        public boolean hasRight( SecurityAccess securityAccess, RightType type, Feature accessParams, SecurableObject object )
273                                throws GeneralSecurityException {
274            LOG.logDebug( "has Right", type );
275            LOG.logDebug( "has Right", object );
276            return getRights( securityAccess, object ).applies( object, type, accessParams );
277        }
278    
279        /**
280         * Returns whether the <code>User</code> has a certain <code>Right</code> on this
281         * <code>SecurableObject</code> (directly or via group memberships).
282         *
283         * @param securityAccess
284         * @param type
285         * @param object
286         * @return true if the user has the right for the specified object
287         * @throws GeneralSecurityException
288         */
289        public boolean hasRight( SecurityAccess securityAccess, RightType type, SecurableObject object )
290                                throws GeneralSecurityException {
291            return getRights( securityAccess, object ).applies( object, type );
292        }
293    
294        /**
295         * Returns whether the <code>User</code> has a certain right on this
296         * <code>SecurableObject</code> (directly or via group memberships).
297         *
298         * @param securityAccess
299         * @param s
300         * @param object
301         * @return true if the user has the right for the specified object
302         * @throws GeneralSecurityException
303         */
304        public boolean hasRight( SecurityAccess securityAccess, String s, SecurableObject object )
305                                throws GeneralSecurityException {
306            RightType right = registry.getRightTypeByName( securityAccess, s );
307            return hasRight( securityAccess, right, object );
308        }
309    
310        /**
311         * Returns whether the <code>User</code> has already been authenticated by a call to
312         * <code>authenticate()</code> with the correct password (or if the <code>user</code>'s
313         * password is null).
314         *
315         * @return true, if the user is authenticated
316         */
317        public boolean isAuthenticated() {
318            return isAuthenticated;
319        }
320    
321        /**
322         * Returns a <code>String</code> representation of this object.
323         *
324         * @param securityAccess
325         * @return the object as string
326         */
327        public String toString( SecurityAccess securityAccess ) {
328            StringBuffer sb = new StringBuffer( "Name: " ).append( name ).append( ", Title: " ).append( title );
329    
330            try {
331                sb.append( ", Groups: [" );
332                Group[] groups = getGroups( securityAccess );
333                for ( int i = 0; i < groups.length; i++ ) {
334                    sb.append( groups[i].getName() );
335                    if ( i != groups.length - 1 ) {
336                        sb.append( ", " );
337                    }
338                }
339                sb.append( "]" );
340    
341                sb.append( ", Roles: [" );
342                Role[] roles = getRoles( securityAccess );
343                for ( int i = 0; i < roles.length; i++ ) {
344                    sb.append( roles[i].getName() );
345                    if ( i != roles.length - 1 ) {
346                        sb.append( ", " );
347                    }
348                }
349                sb.append( "]" );
350    
351                sb.append( ", Privileges: [" );
352                Privilege[] privileges = getPrivileges( securityAccess );
353                for ( int i = 0; i < privileges.length; i++ ) {
354                    sb.append( privileges[i].getName() );
355                    if ( i != privileges.length - 1 ) {
356                        sb.append( ", " );
357                    }
358                }
359                sb.append( "]" );
360    
361            } catch ( GeneralSecurityException e ) {
362                LOG.logError( e.getMessage(), e );
363            }
364            return sb.toString();
365        }
366    
367        /**
368         * Checks if the submitted password is equal to the one of this user instance and sets the state
369         * to "authenticated" in case it is correct.
370         *
371         * @param password
372         * @throws WrongCredentialsException
373         */
374        public void authenticate( String password )
375                                throws WrongCredentialsException {
376            if ( this.password == null || "".equals( this.password ) ) {
377                isAuthenticated = true;
378                return;
379            }
380            if ( !this.password.equals( password ) ) {
381                isAuthenticated = false;
382                throw new WrongCredentialsException( "The submitted password is incorrect." );
383            }
384            isAuthenticated = true;
385        }
386    }