1 package org.apache.archiva.redback.rbac.jdo;
4 * Licensed to the Apache Software Foundation (ASF) under one
5 * or more contributor license agreements. See the NOTICE file
6 * distributed with this work for additional information
7 * regarding copyright ownership. The ASF licenses this file
8 * to you under the Apache License, Version 2.0 (the
9 * "License"); you may not use this file except in compliance
10 * with the License. You may obtain a copy of the License at
12 * http://www.apache.org/licenses/LICENSE-2.0
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 * KIND, either express or implied. See the License for the
18 * specific language governing permissions and limitations
22 import org.apache.archiva.redback.rbac.AbstractRBACManager;
23 import org.apache.archiva.redback.rbac.Operation;
24 import org.apache.archiva.redback.rbac.RBACManagerListener;
25 import org.apache.archiva.redback.rbac.RbacManagerException;
26 import org.apache.archiva.redback.rbac.RbacObjectInvalidException;
27 import org.apache.archiva.redback.rbac.RbacObjectNotFoundException;
28 import org.apache.archiva.redback.rbac.RbacPermanentException;
29 import org.apache.archiva.redback.rbac.Resource;
30 import org.apache.archiva.redback.rbac.Role;
31 import org.apache.archiva.redback.rbac.UserAssignment;
32 import org.apache.archiva.redback.rbac.Permission;
33 import org.apache.archiva.redback.rbac.RBACObjectAssertions;
34 import org.springframework.stereotype.Service;
36 import javax.annotation.PostConstruct;
37 import javax.inject.Inject;
38 import javax.jdo.JDOHelper;
39 import javax.jdo.PersistenceManager;
40 import javax.jdo.Transaction;
41 import java.util.Collection;
42 import java.util.List;
47 * @author <a href="mailto:joakim@erdfelt.com">Joakim Erdfelt</a>
48 * @author Jesse McConnell <jmcconnell@apache.org>
51 @Service( "rbacManager#jdo" )
52 public class JdoRbacManager
53 extends AbstractRBACManager
54 implements RBACManagerListener
59 private boolean enableCache = true;
61 // private static final String ROLE_DETAIL = "role-child-detail";
62 private static final String ROLE_DETAIL = null;
64 // ----------------------------------------------------------------------
66 // ----------------------------------------------------------------------
69 * Creates an implementation specific {@link Role}.
71 * Note: this method does not add the {@link Role} to the underlying store.
72 * a call to {@link #saveRole(Role)} is required to track the role created with this
75 * @param name the name.
76 * @return the new {@link Role} object with an empty (non-null) {@link Role#getChildRoleNames()} object.
77 * @throws RbacManagerException
79 public Role createRole( String name )
85 role = getRole( name );
87 catch ( RbacManagerException e )
101 public Role saveRole( Role role )
102 throws RbacObjectInvalidException, RbacManagerException
104 RBACObjectAssertions.assertValid( role );
106 return (Role) jdo.saveObject( role, new String[]{ ROLE_DETAIL } );
109 public boolean roleExists( Role role )
111 return jdo.objectExists( role );
114 public boolean roleExists( String name )
118 return jdo.objectExistsById( JdoRole.class, name );
120 catch ( RbacManagerException e )
129 * @throws RbacObjectNotFoundException
130 * @throws RbacManagerException
132 public Role getRole( String roleName )
133 throws RbacObjectNotFoundException, RbacManagerException
135 return jdo.getObjectById( JdoRole.class, roleName, ROLE_DETAIL );
141 @SuppressWarnings( "unchecked" )
142 public List<Role> getAllRoles()
143 throws RbacManagerException
145 return (List<Role>) jdo.getAllObjects( JdoRole.class );
148 public void removeRole( Role role )
149 throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException
151 RBACObjectAssertions.assertValid( role );
153 if ( role.isPermanent() )
155 throw new RbacPermanentException( "Unable to delete permanent role [" + role.getName() + "]" );
158 jdo.removeObject( role );
161 public void saveRoles( Collection<Role> roles )
162 throws RbacObjectInvalidException, RbacManagerException
170 // This is done in JdoRbacManager as opposed to JdoTool as we need to assertValid() on each role and
171 // also wrap the entire collection into a single atomic save/makePersistent.
173 PersistenceManager pm = jdo.getPersistenceManager();
174 Transaction tx = pm.currentTransaction();
180 for ( Role role : roles )
182 if ( ( JDOHelper.getObjectId( role ) != null ) && !JDOHelper.isDetached( role ) )
184 // This is a fatal error that means we need to fix our code.
185 // Leave it as a JDOUserException, it's intentional.
186 throw new RbacManagerException( "Existing Role is not detached: " + role );
189 RBACObjectAssertions.assertValid( role );
191 pm.makePersistent( role );
198 jdo.rollbackIfActive( tx );
202 // ----------------------------------------------------------------------
203 // Permission methods
204 // ----------------------------------------------------------------------
207 * Creates an implementation specific {@link Permission}.
209 * Note: this method does not add the {@link Permission} to the underlying store.
210 * a call to {@link #savePermission(Permission)} is required to track the permission created
211 * with this method call.
213 * @param name the name.
214 * @return the new Permission.
215 * @throws RbacManagerException
217 public Permission createPermission( String name )
218 throws RbacManagerException
220 Permission permission;
224 permission = getPermission( name );
225 log.debug( "Create Permission [{}] Returning Existing.", name );
227 catch ( RbacObjectNotFoundException e )
229 permission = new JdoPermission();
230 permission.setName( name );
231 log.debug( "Create Permission [{}] New JdoPermission.", name );
238 * Creates an implementation specific {@link Permission} with specified {@link Operation},
239 * and {@link Resource} identifiers.
241 * Note: this method does not add the Permission, Operation, or Resource to the underlying store.
242 * a call to {@link #savePermission(Permission)} is required to track the permission, operation,
243 * or resource created with this method call.
245 * @param name the name.
246 * @param operationName the {@link Operation#setName(String)} value
247 * @param resourceIdentifier the {@link Resource#setIdentifier(String)} value
248 * @return the new Permission.
249 * @throws RbacManagerException
251 public Permission createPermission( String name, String operationName, String resourceIdentifier )
252 throws RbacManagerException
254 Permission permission = new JdoPermission();
255 permission.setName( name );
260 operation = getOperation( operationName );
262 catch ( RbacObjectNotFoundException e )
264 operation = new JdoOperation();
265 operation.setName( operationName );
267 permission.setOperation( operation );
272 resource = getResource( resourceIdentifier );
274 catch ( RbacObjectNotFoundException e )
276 resource = new JdoResource();
277 resource.setIdentifier( resourceIdentifier );
279 permission.setResource( resource );
284 public Permission savePermission( Permission permission )
285 throws RbacObjectInvalidException, RbacManagerException
287 RBACObjectAssertions.assertValid( permission );
289 return (Permission) jdo.saveObject( permission, null );
292 public boolean permissionExists( Permission permission )
294 return jdo.objectExists( permission );
297 public boolean permissionExists( String name )
301 return jdo.objectExistsById( JdoPermission.class, name );
303 catch ( RbacManagerException e )
309 public Permission getPermission( String permissionName )
310 throws RbacObjectNotFoundException, RbacManagerException
312 return jdo.getObjectById( JdoPermission.class, permissionName, null );
315 @SuppressWarnings( "unchecked" )
316 public List<Permission> getAllPermissions()
317 throws RbacManagerException
319 return (List<Permission>) jdo.getAllObjects( JdoPermission.class );
322 public void removePermission( Permission permission )
323 throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException
325 RBACObjectAssertions.assertValid( permission );
327 if ( permission.isPermanent() )
329 throw new RbacPermanentException( "Unable to delete permanent permission [" + permission.getName() + "]" );
332 jdo.removeObject( permission );
335 // ----------------------------------------------------------------------
337 // ----------------------------------------------------------------------
340 * Creates an implementation specific {@link Operation}.
342 * Note: this method does not add the {@link Operation} to the underlying store.
343 * a call to {@link #saveOperation(Operation)} is required to track the operation created
344 * with this method call.
346 * @param name the name.
347 * @return the new Operation.
348 * @throws RbacManagerException
350 public Operation createOperation( String name )
351 throws RbacManagerException
357 operation = getOperation( name );
359 catch ( RbacObjectNotFoundException e )
361 operation = new JdoOperation();
362 operation.setName( name );
368 public Operation saveOperation( Operation operation )
369 throws RbacObjectInvalidException, RbacManagerException
371 RBACObjectAssertions.assertValid( operation );
372 return (Operation) jdo.saveObject( operation, null );
375 public boolean operationExists( Operation operation )
377 return jdo.objectExists( operation );
380 public boolean operationExists( String name )
384 return jdo.objectExistsById( JdoOperation.class, name );
386 catch ( RbacManagerException e )
392 public Operation getOperation( String operationName )
393 throws RbacObjectNotFoundException, RbacManagerException
395 return jdo.getObjectById( JdoOperation.class, operationName, null );
398 @SuppressWarnings( "unchecked" )
399 public List<Operation> getAllOperations()
400 throws RbacManagerException
402 return (List<Operation>) jdo.getAllObjects( JdoOperation.class );
405 public void removeOperation( Operation operation )
406 throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException
408 RBACObjectAssertions.assertValid( operation );
410 if ( operation.isPermanent() )
412 throw new RbacPermanentException( "Unable to delete permanent operation [" + operation.getName() + "]" );
415 jdo.removeObject( operation );
418 // ----------------------------------------------------------------------
420 // ----------------------------------------------------------------------
423 * Creates an implementation specific {@link Resource}.
425 * Note: this method does not add the {@link Resource} to the underlying store.
426 * a call to {@link #saveResource(Resource)} is required to track the resource created
427 * with this method call.
429 * @param identifier the identifier.
430 * @return the new Resource.
431 * @throws RbacManagerException
433 public Resource createResource( String identifier )
434 throws RbacManagerException
440 resource = getResource( identifier );
441 log.debug( "Create Resource [ {} ] Returning Existing.", identifier );
443 catch ( RbacObjectNotFoundException e )
445 resource = new JdoResource();
446 resource.setIdentifier( identifier );
447 log.debug( "Create Resource [ {} ] New JdoResource.", identifier );
453 public Resource saveResource( Resource resource )
454 throws RbacObjectInvalidException, RbacManagerException
456 RBACObjectAssertions.assertValid( resource );
457 return (Resource) jdo.saveObject( resource, null );
460 public boolean resourceExists( Resource resource )
462 return jdo.objectExists( resource );
465 public boolean resourceExists( String identifier )
469 return jdo.objectExistsById( JdoResource.class, identifier );
471 catch ( RbacManagerException e )
477 public Resource getResource( String resourceIdentifier )
478 throws RbacObjectNotFoundException, RbacManagerException
480 return jdo.getObjectById( JdoResource.class, resourceIdentifier, null );
483 @SuppressWarnings( "unchecked" )
484 public List<Resource> getAllResources()
485 throws RbacManagerException
487 return (List<Resource>) jdo.getAllObjects( JdoResource.class );
490 public void removeResource( Resource resource )
491 throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException
493 RBACObjectAssertions.assertValid( resource );
495 if ( resource.isPermanent() )
497 throw new RbacPermanentException(
498 "Unable to delete permanent resource [" + resource.getIdentifier() + "]" );
501 jdo.removeObject( resource );
504 // ----------------------------------------------------------------------
505 // User Assignment methods
506 // ----------------------------------------------------------------------
509 * Creates an implementation specific {@link UserAssignment}.
511 * Note: this method does not add the {@link UserAssignment} to the underlying store.
512 * a call to {@link #saveUserAssignment(UserAssignment)} is required to track the user
513 * assignment created with this method call.
515 * @param principal the principal reference to the user.
516 * @return the new UserAssignment with an empty (non-null) {@link UserAssignment#getRoleNames()} object.
517 * @throws RbacManagerException
519 public UserAssignment createUserAssignment( String principal )
525 ua = getUserAssignment( principal );
527 catch ( RbacManagerException e )
529 ua = new JdoUserAssignment();
530 ua.setPrincipal( principal );
537 * Method addUserAssignment
539 * @param userAssignment
541 public UserAssignment saveUserAssignment( UserAssignment userAssignment )
542 throws RbacObjectInvalidException, RbacManagerException
544 RBACObjectAssertions.assertValid( "Save User Assignment", userAssignment );
546 fireRbacUserAssignmentSaved( userAssignment );
548 return (UserAssignment) jdo.saveObject( userAssignment, new String[]{ ROLE_DETAIL } );
551 public boolean userAssignmentExists( String principal )
555 return jdo.objectExistsById( JdoUserAssignment.class, principal );
557 catch ( RbacManagerException e )
563 public boolean userAssignmentExists( UserAssignment assignment )
565 return jdo.objectExists( assignment );
568 public UserAssignment getUserAssignment( String principal )
569 throws RbacObjectNotFoundException, RbacManagerException
571 return jdo.getObjectById( JdoUserAssignment.class, principal, ROLE_DETAIL );
575 * Method getAssignments
577 @SuppressWarnings( "unchecked" )
578 public List<UserAssignment> getAllUserAssignments()
579 throws RbacManagerException
581 return (List<UserAssignment>) jdo.getAllObjects( JdoUserAssignment.class );
585 * Method getUserAssignmentsForRoles
587 @SuppressWarnings( "unchecked" )
588 public List<UserAssignment> getUserAssignmentsForRoles( Collection<String> roleNames )
589 throws RbacManagerException
591 return (List<UserAssignment>) jdo.getUserAssignmentsForRoles( JdoUserAssignment.class, null, roleNames );
595 * Method removeAssignment
597 * @param userAssignment
599 public void removeUserAssignment( UserAssignment userAssignment )
600 throws RbacObjectNotFoundException, RbacObjectInvalidException, RbacManagerException
602 RBACObjectAssertions.assertValid( userAssignment );
604 if ( userAssignment.isPermanent() )
606 throw new RbacPermanentException(
607 "Unable to delete permanent user assignment [" + userAssignment.getPrincipal() + "]" );
610 fireRbacUserAssignmentRemoved( userAssignment );
612 jdo.removeObject( userAssignment );
615 public void eraseDatabase()
617 // Must delete in order so that FK constraints don't get violated
618 jdo.removeAll( JdoRole.class );
619 jdo.removeAll( JdoPermission.class );
620 jdo.removeAll( JdoOperation.class );
621 jdo.removeAll( JdoResource.class );
622 jdo.removeAll( JdoUserAssignment.class );
623 jdo.removeAll( RbacJdoModelModelloMetadata.class );
627 public void initialize()
631 jdo.setListener( this );
634 jdo.enableCache( JdoRole.class );
635 jdo.enableCache( JdoOperation.class );
636 jdo.enableCache( JdoResource.class );
637 jdo.enableCache( JdoUserAssignment.class );
638 jdo.enableCache( JdoPermission.class );
642 public void rbacInit( boolean freshdb )
644 fireRbacInit( freshdb );
647 public void rbacPermissionRemoved( Permission permission )
649 fireRbacPermissionRemoved( permission );
652 public void rbacPermissionSaved( Permission permission )
654 fireRbacPermissionSaved( permission );
657 public void rbacRoleRemoved( Role role )
659 fireRbacRoleRemoved( role );
662 public void rbacRoleSaved( Role role )
664 fireRbacRoleSaved( role );
668 public void rbacUserAssignmentSaved( UserAssignment userAssignment )
670 fireRbacUserAssignmentSaved( userAssignment );
673 public void rbacUserAssignmentRemoved( UserAssignment userAssignment )
675 fireRbacUserAssignmentRemoved( userAssignment );
678 public JdoTool getJdo()
683 public void setJdo( JdoTool jdo )
688 public boolean isEnableCache()
693 public void setEnableCache( boolean enableCache )
695 this.enableCache = enableCache;