001 //$HeadURL: http://svn.wald.intevation.org/svn/deegree/base/trunk/src/org/deegree/security/drm/model/User.java $
002 /*----------------------------------------------------------------------------
003 This file is part of deegree, http://deegree.org/
004 Copyright (C) 2001-2009 by:
005 Department of Geography, University of Bonn
006 and
007 lat/lon GmbH
008
009 This library is free software; you can redistribute it and/or modify it under
010 the terms of the GNU Lesser General Public License as published by the Free
011 Software Foundation; either version 2.1 of the License, or (at your option)
012 any later version.
013 This library is distributed in the hope that it will be useful, but WITHOUT
014 ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
015 FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
016 details.
017 You should have received a copy of the GNU Lesser General Public License
018 along with this library; if not, write to the Free Software Foundation, Inc.,
019 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
020
021 Contact information:
022
023 lat/lon GmbH
024 Aennchenstr. 19, 53177 Bonn
025 Germany
026 http://lat-lon.de/
027
028 Department of Geography, University of Bonn
029 Prof. Dr. Klaus Greve
030 Postfach 1147, 53001 Bonn
031 Germany
032 http://www.geographie.uni-bonn.de/deegree/
033
034 e-mail: info@deegree.org
035 ----------------------------------------------------------------------------*/
036 package org.deegree.security.drm.model;
037
038 import java.util.HashSet;
039
040 import org.deegree.framework.log.ILogger;
041 import org.deegree.framework.log.LoggerFactory;
042 import org.deegree.model.feature.Feature;
043 import org.deegree.security.GeneralSecurityException;
044 import org.deegree.security.drm.SecurityAccess;
045 import org.deegree.security.drm.SecurityRegistry;
046 import org.deegree.security.drm.WrongCredentialsException;
047
048 /**
049 * Implementation of user-objects. <code>User</code> s can be members of <code>Groups</code> and
050 * can be associated with <code>Role</code>s.
051 * <p>
052 * A user is always in one of two states:
053 *
054 * <ul>
055 * <li>
056 * Not authenticated: <code>SecurityManager</code> will not issue <code>SecurityAccess</code>
057 * instances for this user
058 * </li>
059 * <li>
060 * Authenticated: achieved by calling <code>authenticate()</code> and submitting the correct
061 * password, afterwards <code>SecurityAccess</code> instances for the user can be issued
062 * </li>
063 * </ul>
064 *
065 * @author <a href="mailto:mschneider@lat-lon.de">Markus Schneider</a>
066 * @author last edited by: $Author: mays$
067 *
068 * @version $Revision: 29103 $, $Date: 21.08.2007 16:51:15$
069 */
070 public class User extends SecurableObject {
071
072 private ILogger LOG = LoggerFactory.getLogger( User.class );
073
074 /**
075 *
076 */
077 public final static int ID_SEC_ADMIN = 1;
078
079 private String password;
080
081 private String firstName;
082
083 private String lastName;
084
085 private String emailAddress;
086
087 private boolean isAuthenticated = false;
088
089 /**
090 * Creates a new <code>User</code> -instance.
091 *
092 * @param id
093 * @param name
094 * @param password
095 * null means that password checking is disabled
096 * @param firstName
097 * @param lastName
098 * @param emailAddress
099 * @param registry
100 */
101 public User( int id, String name, String password, String firstName, String lastName, String emailAddress,
102 SecurityRegistry registry ) {
103 this.id = id;
104 this.name = name;
105 this.password = password;
106 if ( password == null ) {
107 isAuthenticated = true;
108 }
109 if ( lastName == null || firstName == null ) {
110 this.title = name;
111 } else if ( ( lastName == null || lastName.equals( "" ) ) && ( firstName == null || firstName.equals( "" ) ) ) {
112 this.title = name;
113 } else if ( ( !lastName.equals( "" ) ) && ( !firstName.equals( "" ) ) ) {
114 this.title = lastName + ", " + firstName;
115 } else if ( lastName.equals( "" ) ) {
116 this.title = firstName;
117 } else {
118 this.title = lastName;
119 }
120 this.firstName = firstName;
121 this.lastName = lastName;
122 this.emailAddress = emailAddress;
123 this.registry = registry;
124 }
125
126 /**
127 * @return the first name
128 *
129 */
130 public String getFirstName() {
131 return firstName;
132 }
133
134 /**
135 * @return the last name
136 *
137 */
138 public String getLastName() {
139 return lastName;
140 }
141
142 /**
143 * @return the mail address
144 *
145 */
146 public String getEmailAddress() {
147 return emailAddress;
148 }
149
150 /**
151 * @return the password
152 *
153 */
154 public String getPassword() {
155 return password;
156 }
157
158 /**
159 * Returns the groups that this user belongs to.
160 *
161 * @param securityAccess
162 * @return the user's groups
163 * @throws GeneralSecurityException
164 */
165 public Group[] getGroups( SecurityAccess securityAccess )
166 throws GeneralSecurityException {
167 return registry.getGroupsForUser( securityAccess, this );
168 }
169
170 /**
171 * Returns the roles that this is user is associated with (directly and via group memberships).
172 * <p>
173 *
174 * @param securityAccess
175 * @return the user's roles
176 * @throws GeneralSecurityException
177 */
178 public Role[] getRoles( SecurityAccess securityAccess )
179 throws GeneralSecurityException {
180 return securityAccess.getAllRolesForUser( this );
181 }
182
183 /**
184 * Returns the <code>Privileges</code> that the <code>User</code> has (directly and via
185 * group memberships).
186 *
187 * @param securityAccess
188 * @return the user's privileges
189 * @throws GeneralSecurityException
190 */
191 public Privilege[] getPrivileges( SecurityAccess securityAccess )
192 throws GeneralSecurityException {
193
194 Role[] roles = securityAccess.getAllRolesForUser( this );
195 HashSet<Privilege> privilegeSet = new HashSet<Privilege>();
196 // gather privileges for all associated roles
197 for ( int i = 0; i < roles.length; i++ ) {
198 Privilege[] rolePrivileges = registry.getPrivilegesForRole( securityAccess, roles[i] );
199 for ( int j = 0; j < rolePrivileges.length; j++ ) {
200 privilegeSet.add( rolePrivileges[j] );
201 }
202 }
203 return privilegeSet.toArray( new Privilege[privilegeSet.size()] );
204 }
205
206 /**
207 * Returns whether the <code>User</code> has a certain <code>Privilege</code> (either
208 * directly or via group memberships).
209 *
210 * @param securityAccess
211 * @param privilege
212 * @return true if the user has the specified privilege
213 * @throws GeneralSecurityException
214 */
215 public boolean hasPrivilege( SecurityAccess securityAccess, Privilege privilege )
216 throws GeneralSecurityException {
217 Privilege[] privileges = getPrivileges( securityAccess );
218 for ( int i = 0; i < privileges.length; i++ ) {
219 if ( privileges[i].equals( privilege ) ) {
220 return true;
221 }
222 }
223 return false;
224 }
225
226 /**
227 * Returns whether the <code>User</code> has a certain privilege (either directly or via group
228 * memberships).
229 *
230 * @param securityAccess
231 * @param s
232 * @return true if the user has the specified privilege
233 * @throws GeneralSecurityException
234 */
235 public boolean hasPrivilege( SecurityAccess securityAccess, String s )
236 throws GeneralSecurityException {
237 Privilege privilege = registry.getPrivilegeByName( securityAccess, s );
238 return hasPrivilege( securityAccess, privilege );
239 }
240
241 /**
242 * Returns the rights that this <code>User</code> has on the given
243 * <code>SecurableObject</code> (directly and via group memberships).
244 *
245 * @param securityAccess
246 * @param object
247 * @return the user's right for the specified object
248 * @throws GeneralSecurityException
249 */
250 public RightSet getRights( SecurityAccess securityAccess, SecurableObject object, RightType type )
251 throws GeneralSecurityException {
252 Role[] roles = securityAccess.getAllRolesForUser( this );
253 return new RightSet( registry.getRights( securityAccess, object, roles, type ) );
254 }
255
256 /**
257 * Returns the rights that this <code>User</code> has on the given
258 * <code>SecurableObject</code> (directly and via group memberships).
259 *
260 * @param securityAccess
261 * @param object
262 * @return the user's right for the specified object
263 * @throws GeneralSecurityException
264 */
265 public RightSet getRights( SecurityAccess securityAccess, SecurableObject object )
266 throws GeneralSecurityException {
267 Role[] roles = securityAccess.getAllRolesForUser( this );
268 RightSet rights = new RightSet();
269
270 for ( int i = 0; i < roles.length; i++ ) {
271 rights = rights.merge( new RightSet( registry.getRights( securityAccess, object, roles[i] ) ) );
272 }
273 return rights;
274 }
275
276 /**
277 * Returns whether the <code>User</code> has a certain <code>Right</code> on this
278 * <code>SecurableObject</code> (directly or via group memberships).
279 *
280 * @param securityAccess
281 * @param type
282 * @param accessParams
283 * @param object
284 * @return true if the user has the right for the specified object
285 * @throws GeneralSecurityException
286 */
287 public boolean hasRight( SecurityAccess securityAccess, RightType type, Feature accessParams, SecurableObject object )
288 throws GeneralSecurityException {
289 LOG.logDebug( "has Right", type );
290 LOG.logDebug( "has Right", object );
291 //return getRights( securityAccess, object ).applies( object, type, accessParams );
292 return getRights( securityAccess, object, type ).applies( object, type, accessParams );
293 }
294
295 /**
296 * Returns whether the <code>User</code> has a certain <code>Right</code> on this
297 * <code>SecurableObject</code> (directly or via group memberships).
298 *
299 * @param securityAccess
300 * @param type
301 * @param object
302 * @return true if the user has the right for the specified object
303 * @throws GeneralSecurityException
304 */
305 public boolean hasRight( SecurityAccess securityAccess, RightType type, SecurableObject object )
306 throws GeneralSecurityException {
307 // TODO
308 // must be tested
309 return getRights( securityAccess, object ).applies( object, type );
310 }
311
312 /**
313 * Returns whether the <code>User</code> has a certain right on this
314 * <code>SecurableObject</code> (directly or via group memberships).
315 *
316 * @param securityAccess
317 * @param s
318 * @param object
319 * @return true if the user has the right for the specified object
320 * @throws GeneralSecurityException
321 */
322 public boolean hasRight( SecurityAccess securityAccess, String s, SecurableObject object )
323 throws GeneralSecurityException {
324 RightType right = registry.getRightTypeByName( securityAccess, s );
325 return hasRight( securityAccess, right, object );
326 }
327
328 /**
329 * Returns whether the <code>User</code> has already been authenticated by a call to
330 * <code>authenticate()</code> with the correct password (or if the <code>user</code>'s
331 * password is null).
332 *
333 * @return true, if the user is authenticated
334 */
335 public boolean isAuthenticated() {
336 return isAuthenticated;
337 }
338
339 /**
340 * Returns a <code>String</code> representation of this object.
341 *
342 * @param securityAccess
343 * @return the object as string
344 */
345 public String toString( SecurityAccess securityAccess ) {
346 StringBuffer sb = new StringBuffer( "Name: " ).append( name ).append( ", Title: " ).append( title );
347
348 try {
349 sb.append( ", Groups: [" );
350 Group[] groups = getGroups( securityAccess );
351 for ( int i = 0; i < groups.length; i++ ) {
352 sb.append( groups[i].getName() );
353 if ( i != groups.length - 1 ) {
354 sb.append( ", " );
355 }
356 }
357 sb.append( "]" );
358
359 sb.append( ", Roles: [" );
360 Role[] roles = getRoles( securityAccess );
361 for ( int i = 0; i < roles.length; i++ ) {
362 sb.append( roles[i].getName() );
363 if ( i != roles.length - 1 ) {
364 sb.append( ", " );
365 }
366 }
367 sb.append( "]" );
368
369 sb.append( ", Privileges: [" );
370 Privilege[] privileges = getPrivileges( securityAccess );
371 for ( int i = 0; i < privileges.length; i++ ) {
372 sb.append( privileges[i].getName() );
373 if ( i != privileges.length - 1 ) {
374 sb.append( ", " );
375 }
376 }
377 sb.append( "]" );
378
379 } catch ( GeneralSecurityException e ) {
380 LOG.logError( e.getMessage(), e );
381 }
382 return sb.toString();
383 }
384
385 /**
386 * Checks if the submitted password is equal to the one of this user instance and sets the state
387 * to "authenticated" in case it is correct.
388 *
389 * @param password
390 * @throws WrongCredentialsException
391 */
392 public void authenticate( String password )
393 throws WrongCredentialsException {
394 if ( this.password == null || "".equals( this.password ) ) {
395 isAuthenticated = true;
396 return;
397 }
398 if ( !this.password.equals( password ) ) {
399 isAuthenticated = false;
400 throw new WrongCredentialsException( "The submitted password is incorrect." );
401 }
402 isAuthenticated = true;
403 }
404 }