LibreCCM
/
libreccm
3
0
Fork 0
Code Issues 10 Pull Requests Packages Releases Wiki Activity

CCM_NG: New API for authentication and authoriziation using Apache Shiro. 

Replaces some classes in org.libreccm.core.


git-svn-id: https://svn.libreccm.org/ccm/ccm_ng@3741 8810af33-2d31-482b-a856-94f89814c4df
pull/2/head
jensp 2015-11-23 09:37:35 +00:00
parent d2c52691ae
commit fb14845775
199 changed files with 11116 additions and 3413 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
ccm-cms-archetype-contenttype/src/site/apt/index.apt
View File

@ -32,22 +32,26 @@ LibreCMS Archetype for Content Types
content type. The following properties are required: content type. The following properties are required:
[groupId] The <<<groupId>>> of the new content type module [groupId] The <<<groupId>>> of the new content type module
[artifactId] The <<<artifactId>>> of the new content type module. It is [artifactId] The <<<artifactId>>> of the new content type module. It is
recommended (for official modules mandatory) to use the recommended (for official modules mandatory) to use the
following pattern for the <<<artifactId>>>: following pattern for the <<<artifactId>>>:
<<<ccm-cms-types-$typename>>>. For special branches like <<<ccm-cms-types-$typename>>>. For special branches like
APLAWS+ or ScientificCMS the pattern might differ. APLAWS+ or ScientificCMS the pattern might differ.
[package] The package for the classes of the new content type module. [package] The package for the classes of the new content type module.
Defaults to the <<<groupId>>>. It is recommanded to place all Defaults to the <<<groupId>>>. It is recommanded to place all
classes belonging to a content type into a separate package. For classes belonging to a content type into a separate package. For
example for the content <<<ccm-cms-types-foo>>> all classes example for the content <<<ccm-cms-types-foo>>> all classes
belonging to that content type should be placed into the package belonging to that content type should be placed into the package
<<<org.librecms.contenttypes.foo>>>. <<<org.librecms.contenttypes.foo>>>.
[typeName] The name of the type. Must be a valid class name. If the [typeName] The name of the type. Must be a valid class name. If the
recommended pattern for the <<<artifactId>>> is used the last recommended pattern for the <<<artifactId>>> is used the last
token of the <<<artifactId>>> (with a capitalised token of the <<<artifactId>>> (with a capitalised
first letter) should be used. For instance the type name of first letter) should be used. For instance the type name of
<<<ccm-cms-types-foo>>> should be <<<Foo>>>. <<<ccm-cms-types-foo>>> should be <<<Foo>>>.
[schemaName] The name of the database schema used to store the tables for [schemaName] The name of the database schema used to store the tables for
the module. Defaults to the <<<artifactId>>>. It is recommended the module. Defaults to the <<<artifactId>>>. It is recommended
to customise the <<<schemaName>>> to avoid problems with SQL. to customise the <<<schemaName>>> to avoid problems with SQL.
@ -58,4 +62,4 @@ LibreCMS Archetype for Content Types
<<<cms_types_foo>>>. <<<cms_types_foo>>>.

12
ccm-cms-types-agenda/pom.xml
View File

@ -4,10 +4,10 @@
<modelVersion>4.0.0</modelVersion> <modelVersion>4.0.0</modelVersion>
<parent> <parent>
<artifactId>libreccm-parent</artifactId> <artifactId>libreccm-parent</artifactId>
<groupId>org.libreccm</groupId> <groupId>org.libreccm</groupId>
<version>7.0.0-SNAPSHOT</version> <version>7.0.0-SNAPSHOT</version>
</parent> </parent>
<properties> <properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
@ -139,7 +139,7 @@
</configuration> </configuration>
</plugin> </plugin>
<plugin> <plugin>
<groupId>org.jacoco</groupId> <groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId> <artifactId>jacoco-maven-plugin</artifactId>
<version>0.7.5.201505241946</version> <version>0.7.5.201505241946</version>
@ -313,7 +313,7 @@
<reportSet> <reportSet>
<reports> <reports>
<report>dependencies</report> <report>dependencies</report>
<report>license</report> <report>license</report>
</reports> </reports>
</reportSet> </reportSet>
</reportSets> </reportSets>

14
ccm-cms/src/main/java/org/librecms/contentsection/ContentSection.java
View File

@ -20,7 +20,7 @@ package org.librecms.contentsection;
import static org.librecms.CmsConstants.*; import static org.librecms.CmsConstants.*;
import org.libreccm.core.Group; import org.libreccm.security.Role;
import org.libreccm.web.CcmApplication; import org.libreccm.web.CcmApplication;
import java.io.Serializable; import java.io.Serializable;
@ -57,10 +57,10 @@ public class ContentSection extends CcmApplication implements Serializable {
private String xmlGeneratorClass; private String xmlGeneratorClass;
@OneToOne @OneToOne
private Group staffGroup; private Role staffGroup;
@OneToOne @OneToOne
private Group viewersGroup; private Role viewersGroup;
@Column(name = "default_locale", length = 10) @Column(name = "default_locale", length = 10)
private String defaultLocale; private String defaultLocale;
@ -107,19 +107,19 @@ public class ContentSection extends CcmApplication implements Serializable {
this.xmlGeneratorClass = xmlGeneratorClass; this.xmlGeneratorClass = xmlGeneratorClass;
} }
public Group getStaffGroup() { public Role getStaffGroup() {
return staffGroup; return staffGroup;
} }
public void setStaffGroup(final Group staffGroup) { public void setStaffGroup(final Role staffGroup) {
this.staffGroup = staffGroup; this.staffGroup = staffGroup;
} }
public Group getViewersGroup() { public Role getViewersGroup() {
return viewersGroup; return viewersGroup;
} }
public void setViewersGroup(final Group viewersGroup) { public void setViewersGroup(final Role viewersGroup) {
this.viewersGroup = viewersGroup; this.viewersGroup = viewersGroup;
} }

17
ccm-core/pom.xml
View File

@ -39,12 +39,6 @@
<scope>provided</scope> <scope>provided</scope>
</dependency> </dependency>
<dependency>
<groupId>org.libreccm</groupId>
<artifactId>ccm-docrepo</artifactId>
<version>${project.parent.version}</version>
</dependency>
<dependency> <dependency>
<groupId>org.hibernate</groupId> <groupId>org.hibernate</groupId>
<artifactId>hibernate-entitymanager</artifactId> <artifactId>hibernate-entitymanager</artifactId>
@ -174,12 +168,17 @@
<artifactId>maven-artifact</artifactId> <artifactId>maven-artifact</artifactId>
</dependency> </dependency>
<dependency>
<groupId>org.apache.shiro</groupId>
<artifactId>shiro-core</artifactId>
</dependency>
<dependency> <dependency>
<groupId>com.h2database</groupId> <groupId>com.h2database</groupId>
<artifactId>h2</artifactId> <artifactId>h2</artifactId>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
</dependencies> </dependencies>
<build> <build>
@ -968,11 +967,11 @@
<!--<version>0.7.5.201505241946</version>--> <!--<version>0.7.5.201505241946</version>-->
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
<!--<dependency> <dependency>
<groupId>org.jboss.arquillian.extension</groupId> <groupId>org.jboss.arquillian.extension</groupId>
<artifactId>arquillian-jacoco</artifactId> <artifactId>arquillian-jacoco</artifactId>
<version>1.0.0.Alpha8</version> <version>1.0.0.Alpha8</version>
</dependency>--> </dependency>
</dependencies> </dependencies>
<build> <build>

24
ccm-core/src/main/java/com/arsdigita/kernel/security/SecurityConfig.java
View File

@ -26,8 +26,6 @@ import com.arsdigita.util.parameter.SpecificClassParameter;
import com.arsdigita.util.parameter.StringArrayParameter; import com.arsdigita.util.parameter.StringArrayParameter;
import com.arsdigita.util.parameter.StringParameter; import com.arsdigita.util.parameter.StringParameter;
import org.libreccm.core.authentication.LocalLoginModule;
import java.util.Arrays; import java.util.Arrays;
import java.util.List; import java.util.List;
@ -78,12 +76,6 @@ public class SecurityConfig extends AbstractConfig {
private final Parameter m_cookieDomain = new StringParameter( private final Parameter m_cookieDomain = new StringParameter(
"waf.cookie_domain", Parameter.OPTIONAL, null); "waf.cookie_domain", Parameter.OPTIONAL, null);
private final Parameter m_loginConfig = new StringArrayParameter(
"waf.login_config", Parameter.REQUIRED,
new String[]{
String.format("Register:%s:requisite",
LocalLoginModule.class.getName())});
private final Parameter m_adminEmail = new StringParameter( private final Parameter m_adminEmail = new StringParameter(
"waf.admin.contact_email", Parameter.OPTIONAL, null); "waf.admin.contact_email", Parameter.OPTIONAL, null);
@ -111,6 +103,12 @@ public class SecurityConfig extends AbstractConfig {
private final Parameter m_saltLength = new IntegerParameter( private final Parameter m_saltLength = new IntegerParameter(
"waf.security.salt_length", Parameter.REQUIRED, 256); "waf.security.salt_length", Parameter.REQUIRED, 256);
/**
* Default number of hash iterations for new passwords.
*/
private final Parameter m_hashIterations = new IntegerParameter(
"waf.security.hash_iterations", Parameter.REQUIRED, 50000);
/** /**
* Constructs an empty SecurityConfig object * Constructs an empty SecurityConfig object
*/ */
@ -120,7 +118,6 @@ public class SecurityConfig extends AbstractConfig {
register(m_excludedExtensions); register(m_excludedExtensions);
register(m_cookieDomain); register(m_cookieDomain);
register(m_loginConfig);
register(m_cookieDurationMinutes); register(m_cookieDurationMinutes);
register(m_adminEmail); register(m_adminEmail);
register(m_autoRegistrationOn); register(m_autoRegistrationOn);
@ -129,6 +126,7 @@ public class SecurityConfig extends AbstractConfig {
register(m_hashAlgorithm); register(m_hashAlgorithm);
register(m_saltLength); register(m_saltLength);
register(m_hashIterations);
loadInfo(); loadInfo();
} }
@ -174,10 +172,6 @@ public class SecurityConfig extends AbstractConfig {
return (String) get(m_cookieDomain); return (String) get(m_cookieDomain);
} }
String[] getLoginConfig() {
return (String[]) get(m_loginConfig);
}
Integer getCookieDurationMinutes() { Integer getCookieDurationMinutes() {
return (Integer) get(m_cookieDurationMinutes); return (Integer) get(m_cookieDurationMinutes);
} }
@ -237,5 +231,9 @@ public class SecurityConfig extends AbstractConfig {
public Integer getSaltLength() { public Integer getSaltLength() {
return (Integer) get(m_saltLength); return (Integer) get(m_saltLength);
} }
public Integer getHashIterations() {
return (Integer) get(m_hashIterations);
}
} }

71
ccm-core/src/main/java/com/arsdigita/ui/admin/AdminServlet.java
View File

@ -32,11 +32,6 @@ import com.arsdigita.xml.Document;
import org.libreccm.cdi.utils.CdiLookupException; import org.libreccm.cdi.utils.CdiLookupException;
import org.libreccm.cdi.utils.CdiUtil; import org.libreccm.cdi.utils.CdiUtil;
import org.libreccm.core.CcmSessionContext;
import org.libreccm.core.PermissionManager;
import org.libreccm.core.Privilege;
import org.libreccm.core.PrivilegeRepository;
import org.libreccm.core.Subject;
import org.libreccm.web.CcmApplication; import org.libreccm.web.CcmApplication;
import java.io.IOException; import java.io.IOException;
@ -107,40 +102,40 @@ public class AdminServlet extends BaseApplicationServlet implements
// /////// Some preparational steps /////////////// // /////// Some preparational steps ///////////////
/* Determine access privilege: only logged in users may access DS */ /* Determine access privilege: only logged in users may access DS */
final CdiUtil cdiUtil = new CdiUtil(); final CdiUtil cdiUtil = new CdiUtil();
final CcmSessionContext sessionContext; // final CcmSessionContext sessionContext;
try { // try {
sessionContext = cdiUtil.findBean( // sessionContext = cdiUtil.findBean(
CcmSessionContext.class); // CcmSessionContext.class);
} catch (CdiLookupException ex) { // } catch (CdiLookupException ex) {
throw new UncheckedWrapperException( // throw new UncheckedWrapperException(
"Failed to lookup session context", ex); // "Failed to lookup session context", ex);
} // }
final Subject subject = sessionContext.getCurrentSubject(); // final Subject subject = sessionContext.getCurrentSubject();
if (subject == null) { // if (subject == null) {
throw new LoginSignal(sreq); // throw new LoginSignal(sreq);
} // }
//
final PrivilegeRepository privilegeRepository; // final PrivilegeRepository privilegeRepository;
try { // try {
privilegeRepository = cdiUtil.findBean(PrivilegeRepository.class); // privilegeRepository = cdiUtil.findBean(PrivilegeRepository.class);
} catch (CdiLookupException ex) { // } catch (CdiLookupException ex) {
throw new UncheckedWrapperException( // throw new UncheckedWrapperException(
"Failed to lookup PrivilegeRepository", ex); // "Failed to lookup PrivilegeRepository", ex);
} // }
final Privilege adminPrivilege = privilegeRepository.retrievePrivilege( // final Privilege adminPrivilege = privilegeRepository.retrievePrivilege(
"admin"); // "admin");
//
final PermissionManager permissionManager; // final PermissionManager permissionManager;
try { // try {
permissionManager = cdiUtil.findBean(PermissionManager.class); // permissionManager = cdiUtil.findBean(PermissionManager.class);
} catch (CdiLookupException ex) { // } catch (CdiLookupException ex) {
throw new UncheckedWrapperException( // throw new UncheckedWrapperException(
"Failed to look up PermissionManager", ex); // "Failed to look up PermissionManager", ex);
} // }
if (!permissionManager.isPermitted(adminPrivilege, null, subject)) { // if (!permissionManager.isPermitted(adminPrivilege, null, subject)) {
throw new AccessDeniedException("User is not an administrator"); // throw new AccessDeniedException("User is not an administrator");
} // }
/* Want admin to always show the latest stuff... */ /* Want admin to always show the latest stuff... */
DispatcherHelper.cacheDisable(sresp); DispatcherHelper.cacheDisable(sresp);

78
ccm-core/src/main/java/com/arsdigita/ui/admin/EmailList.java
View File

@ -35,8 +35,6 @@ import com.arsdigita.util.UncheckedWrapperException;
import org.libreccm.cdi.utils.CdiLookupException; import org.libreccm.cdi.utils.CdiLookupException;
import org.libreccm.cdi.utils.CdiUtil; import org.libreccm.cdi.utils.CdiUtil;
import org.libreccm.core.EmailAddress; import org.libreccm.core.EmailAddress;
import org.libreccm.core.User;
import org.libreccm.core.UserRepository;
import static com.arsdigita.ui.admin.AdminConstants.*; import static com.arsdigita.ui.admin.AdminConstants.*;
@ -105,28 +103,28 @@ class EmailList extends List
final Long userId = (Long) state.getValue(USER_ID_PARAM); final Long userId = (Long) state.getValue(USER_ID_PARAM);
if (userId != null) { if (userId != null) {
final CdiUtil cdiUtil = new CdiUtil(); // final CdiUtil cdiUtil = new CdiUtil();
final UserRepository userRepository; // final UserRepository userRepository;
try { // try {
userRepository = cdiUtil.findBean(UserRepository.class); // userRepository = cdiUtil.findBean(UserRepository.class);
} catch(CdiLookupException ex) { // } catch(CdiLookupException ex) {
throw new UncheckedWrapperException(ex); // throw new UncheckedWrapperException(ex);
} // }
//
final User user = userRepository.findById(userId); // final User user = userRepository.findById(userId);
if (user == null) { // if (user == null) {
return; // return;
} else { // } else {
final String email = (String) getSelectedKey(state); // final String email = (String) getSelectedKey(state);
//
for(EmailAddress addr : user.getEmailAddresses()) { // for(EmailAddress addr : user.getEmailAddresses()) {
if (addr.getAddress().equals(email)) { // if (addr.getAddress().equals(email)) {
user.removeEmailAddress(addr); // user.removeEmailAddress(addr);
} // }
} // }
//
userRepository.save(user); // userRepository.save(user);
} // }
} }
} }
} }
@ -192,20 +190,22 @@ class EmailListModelBuilder extends LockableImpl
@Override @Override
public ListModel makeModel(List l, PageState state) { public ListModel makeModel(List l, PageState state) {
final Long userId = (Long) state.getValue(USER_ID_PARAM); return null;
if (userId == null) {
return null; // final Long userId = (Long) state.getValue(USER_ID_PARAM);
} else { // if (userId == null) {
final CdiUtil cdiUtil = new CdiUtil(); // return null;
final UserRepository userRepository; // } else {
try { // final CdiUtil cdiUtil = new CdiUtil();
userRepository = cdiUtil.findBean(UserRepository.class); // final UserRepository userRepository;
} catch(CdiLookupException ex) { // try {
throw new UncheckedWrapperException(ex); // userRepository = cdiUtil.findBean(UserRepository.class);
} // } catch(CdiLookupException ex) {
final User user = userRepository.findById(userId); // throw new UncheckedWrapperException(ex);
// }
return new EmailListModel(user.getEmailAddresses().iterator()); // final User user = userRepository.findById(userId);
} //
// return new EmailListModel(user.getEmailAddresses().iterator());
// }
} }
} }

48
ccm-core/src/main/java/com/arsdigita/ui/admin/ExistingGroupAddPane.java
View File

@ -18,8 +18,8 @@ import com.arsdigita.util.UncheckedWrapperException;
import org.libreccm.cdi.utils.CdiLookupException; import org.libreccm.cdi.utils.CdiLookupException;
import org.libreccm.cdi.utils.CdiUtil; import org.libreccm.cdi.utils.CdiUtil;
import org.libreccm.core.Group; //import org.libreccm.core.Group;
import org.libreccm.core.GroupRepository; //import org.libreccm.core.GroupRepository;
import static com.arsdigita.ui.admin.AdminConstants.*; import static com.arsdigita.ui.admin.AdminConstants.*;
@ -52,25 +52,27 @@ public class ExistingGroupAddPane extends SimpleContainer implements
@Override @Override
protected Object initialValue(final PageState ps) { protected Object initialValue(final PageState ps) {
String key = (String) groupTree.getSelectedKey(ps); String key = (String) groupTree.getSelectedKey(ps);
//
Group group = null; // Group group = null;
//
if (key != null) { // if (key != null) {
final Long id = new Long(key); // final Long id = new Long(key);
//
final CdiUtil cdiUtil = new CdiUtil(); // final CdiUtil cdiUtil = new CdiUtil();
final GroupRepository groupRepository; // final GroupRepository groupRepository;
try { // try {
groupRepository = cdiUtil.findBean(GroupRepository.class); // groupRepository = cdiUtil.findBean(GroupRepository.class);
} catch (CdiLookupException ex) { // } catch (CdiLookupException ex) {
throw new UncheckedWrapperException( // throw new UncheckedWrapperException(
"Failed to lookup GroupRepository", ex); // "Failed to lookup GroupRepository", ex);
} // }
//
group = groupRepository.findById(id); // group = groupRepository.findById(id);
} // }
//
// return group;
return group; return null;
} }
}; };
@ -197,8 +199,8 @@ public class ExistingGroupAddPane extends SimpleContainer implements
* *
* @return * @return
*/ */
public Group getParentGroup(PageState ps) { // public Group getParentGroup(PageState ps) {
return (Group) parentGroup.get(ps); // return (Group) parentGroup.get(ps);
} // }
} }

98
ccm-core/src/main/java/com/arsdigita/ui/admin/GroupAddForm.java
View File

@ -28,8 +28,6 @@ import com.arsdigita.util.UncheckedWrapperException;
import org.libreccm.cdi.utils.CdiLookupException; import org.libreccm.cdi.utils.CdiLookupException;
import org.libreccm.cdi.utils.CdiUtil; import org.libreccm.cdi.utils.CdiUtil;
import org.libreccm.core.Group;
import org.libreccm.core.GroupRepository;
import static com.arsdigita.ui.admin.AdminConstants.*; import static com.arsdigita.ui.admin.AdminConstants.*;
@ -63,56 +61,58 @@ class GroupAddForm extends GroupForm implements FormProcessListener {
public void process(final FormSectionEvent event) public void process(final FormSectionEvent event)
throws FormProcessException { throws FormProcessException {
PageState ps = event.getPageState(); // PageState ps = event.getPageState();
// Get super parent group.
String key = (String) m_groupTree.getSelectedKey(ps);
final Group parentGroup = null;
// if (key != null) {
// BigDecimal parentID = new BigDecimal(key);
// //
// try { // // Get super parent group.
// parentGroup = new Group(parentID); // String key = (String) m_groupTree.getSelectedKey(ps);
// } catch (DataObjectNotFoundException exc) { //
// // Parent group does not exist. // final Group parentGroup = null;
// // This is normal behavior with the new group //// if (key != null) {
// // been add with no parent. //// BigDecimal parentID = new BigDecimal(key);
// } ////
//// try {
//// parentGroup = new Group(parentID);
//// } catch (DataObjectNotFoundException exc) {
//// // Parent group does not exist.
//// // This is normal behavior with the new group
//// // been add with no parent.
//// }
//// }
//
// final Group group = new Group();
//
// String name = (String) m_name.getValue(ps);
// group.setName(name);
//
// // Workaround for bug #189720: there is no way to remove a
// // Party's primary email address, so we set it directly to
// // null if it's value on the form is null.
//// InternetAddress email = (InternetAddress) m_email.getValue(ps);
//// if (email != null) {
//// group.setPrimaryEmail(new EmailAddress(email.getAddress()));
//// } else {
//// //group.set("primaryEmail", null);
//// group.setPrimaryEmail(null);
//// }
// final CdiUtil cdiUtil = new CdiUtil();
// final GroupRepository groupRepository;
// try {
// groupRepository = cdiUtil.findBean(GroupRepository.class);
// } catch (CdiLookupException ex) {
// throw new UncheckedWrapperException(
// "Failed to lookup GroupRepository", ex);
// } // }
// groupRepository.save(group);
final Group group = new Group(); //
//// if (parentGroup != null) {
String name = (String) m_name.getValue(ps); //// parentGroup.addSubgroup(group);
group.setName(name); //// parentGroup.save();
//// }
// Workaround for bug #189720: there is no way to remove a // if (m_groupTab != null) {
// Party's primary email address, so we set it directly to // m_groupTab.setGroup(ps, group);
// null if it's value on the form is null.
// InternetAddress email = (InternetAddress) m_email.getValue(ps);
// if (email != null) {
// group.setPrimaryEmail(new EmailAddress(email.getAddress()));
// } else {
// //group.set("primaryEmail", null);
// group.setPrimaryEmail(null);
// } // }
final CdiUtil cdiUtil = new CdiUtil();
final GroupRepository groupRepository; throw new UnsupportedOperationException();
try {
groupRepository = cdiUtil.findBean(GroupRepository.class);
} catch (CdiLookupException ex) {
throw new UncheckedWrapperException(
"Failed to lookup GroupRepository", ex);
}
groupRepository.save(group);
// if (parentGroup != null) {
// parentGroup.addSubgroup(group);
// parentGroup.save();
// }
if (m_groupTab != null) {
m_groupTab.setGroup(ps, group);
}
} }
} }

196
ccm-core/src/main/java/com/arsdigita/ui/admin/GroupAdministrationTab.java
View File

@ -53,8 +53,6 @@ import java.util.ArrayList;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
import org.libreccm.cdi.utils.CdiLookupException; import org.libreccm.cdi.utils.CdiLookupException;
import org.libreccm.cdi.utils.CdiUtil; import org.libreccm.cdi.utils.CdiUtil;
import org.libreccm.core.Group;
import org.libreccm.core.GroupRepository;
/** /**
* Constructs the panel for administration of groups. * Constructs the panel for administration of groups.
@ -102,31 +100,31 @@ class GroupAdministrationTab extends LayoutPanel implements AdminConstants,
* *
* @return * @return
*/ */
public Group getGroup(final PageState state) { // public Group getGroup(final PageState state) {
return (Group) requestLocalGroup.get(state); // return (Group) requestLocalGroup.get(state);
} // }
public void setGroup(final PageState state, final Group group) { // public void setGroup(final PageState state, final Group group) {
final String groupId = Long.toString(group.getSubjectId()); // final String groupId = Long.toString(group.getSubjectId());
requestLocalGroup.set(state, group); // requestLocalGroup.set(state, group);
groupTree.setSelectedKey(state, groupId); // groupTree.setSelectedKey(state, groupId);
if (!"-1".equals(groupId)) {
expandGroups(state, group);
groupTree.expand("-1", state);
}
}
private void expandGroups(final PageState state, final Group group) {
// groupTree.expand(Long.toString(group.getSubjectId()), state);
// //
// final List< superGroups = group.getSupergroups(); // if (!"-1".equals(groupId)) {
// Group superGroup; // expandGroups(state, group);
// while (superGroups.next()) { // groupTree.expand("-1", state);
// superGroup = (Group) superGroups.getDomainObject();
// expandGroups(state, superGroup);
// } // }
} // }
// private void expandGroups(final PageState state, final Group group) {
//// groupTree.expand(Long.toString(group.getSubjectId()), state);
////
//// final List< superGroups = group.getSupergroups();
//// Group superGroup;
//// while (superGroups.next()) {
//// superGroup = (Group) superGroups.getDomainObject();
//// expandGroups(state, superGroup);
//// }
// }
/** /**
* Constructor * Constructor
@ -141,26 +139,26 @@ class GroupAdministrationTab extends LayoutPanel implements AdminConstants,
@Override @Override
protected Object initialValue(final PageState state) { protected Object initialValue(final PageState state) {
String key = (String) groupTree.getSelectedKey(state); // String key = (String) groupTree.getSelectedKey(state);
Group group; // Group group;
if (key != null) { // if (key != null) {
final long id = Long.parseLong(key); // final long id = Long.parseLong(key);
//
final CdiUtil cdiUtil = new CdiUtil(); // final CdiUtil cdiUtil = new CdiUtil();
final GroupRepository groupRepository; // final GroupRepository groupRepository;
try { // try {
groupRepository = cdiUtil // groupRepository = cdiUtil
.findBean(GroupRepository.class); // .findBean(GroupRepository.class);
} catch (CdiLookupException ex) { // } catch (CdiLookupException ex) {
throw new UncheckedWrapperException( // throw new UncheckedWrapperException(
"Failed to lookup GroupRepository", ex); // "Failed to lookup GroupRepository", ex);
} // }
//
group = groupRepository.findById(id); // group = groupRepository.findById(id);
//
return group; // return group;
} // }
return null; return null;
} }
@ -268,11 +266,11 @@ class GroupAdministrationTab extends LayoutPanel implements AdminConstants,
@Override @Override
public void prepare(final PrintEvent event) { public void prepare(final PrintEvent event) {
final Label target = (Label) event.getTarget(); // final Label target = (Label) event.getTarget();
final PageState state = event.getPageState(); // final PageState state = event.getPageState();
final Group group = getGroup(state); // final Group group = getGroup(state);
//
target.setLabel(group.getName()); // target.setLabel(group.getName());
} }
}); });
@ -351,13 +349,14 @@ class GroupAdministrationTab extends LayoutPanel implements AdminConstants,
final String key, final String key,
final int index, final int index,
final boolean isSelected) { final boolean isSelected) {
final BoxPanel b = new BoxPanel(BoxPanel.HORIZONTAL); throw new UnsupportedOperationException();
b.add(new Label(((Group) value).getName())); // final BoxPanel b = new BoxPanel(BoxPanel.HORIZONTAL);
final ControlLink removeLink = new ControlLink( // b.add(new Label(((Group) value).getName()));
REMOVE_SUBGROUP_LABEL); // final ControlLink removeLink = new ControlLink(
removeLink.setClassAttr("actionLink"); // REMOVE_SUBGROUP_LABEL);
b.add(removeLink); // removeLink.setClassAttr("actionLink");
return b; // b.add(removeLink);
// return b;
} }
}); });
@ -371,24 +370,24 @@ class GroupAdministrationTab extends LayoutPanel implements AdminConstants,
.getSelectedKey(state); .getSelectedKey(state);
if (key != null) { if (key != null) {
final Long groupId = Long.parseLong(key); // final Long groupId = Long.parseLong(key);
final CdiUtil cdiUtil = new CdiUtil(); // final CdiUtil cdiUtil = new CdiUtil();
final GroupRepository groupRepository; // final GroupRepository groupRepository;
try { // try {
groupRepository = cdiUtil // groupRepository = cdiUtil
.findBean(GroupRepository.class); // .findBean(GroupRepository.class);
} catch (CdiLookupException ex) { // } catch (CdiLookupException ex) {
throw new UncheckedWrapperException( // throw new UncheckedWrapperException(
"Failed to lookup GroupRepository", ex); // "Failed to lookup GroupRepository", ex);
} // }
//
final Group group = groupRepository.findById(groupId); // final Group group = groupRepository.findById(groupId);
final Group parent = getGroup(state); // final Group parent = getGroup(state);
if (parent != null) { // if (parent != null) {
groupRepository.save(parent); // groupRepository.save(parent);
} // }
//
final BigDecimal groupID = new BigDecimal(key); // final BigDecimal groupID = new BigDecimal(key);
// try { // try {
// final Group group = new Group(groupID); // final Group group = new Group(groupID);
// final Group parent = getGroup(state); // final Group parent = getGroup(state);
@ -530,24 +529,24 @@ class GroupAdministrationTab extends LayoutPanel implements AdminConstants,
final ActionLink deleteLink = new ActionLink(DELETE_GROUP_LABEL); final ActionLink deleteLink = new ActionLink(DELETE_GROUP_LABEL);
deleteLink.setClassAttr("actionLink"); deleteLink.setClassAttr("actionLink");
deleteLink.setConfirmation(GROUP_DELETE_CONFIRMATION); deleteLink.setConfirmation(GROUP_DELETE_CONFIRMATION);
deleteLink.addActionListener(new ActionListener() { // deleteLink.addActionListener(new ActionListener() {
//
// @Override
// public void actionPerformed(final ActionEvent event) {
//
// PageState ps = event.getPageState();
@Override // final Group group = (Group) requestLocalGroup.get(ps);
public void actionPerformed(final ActionEvent event) { // if (group != null) {
// final CdiUtil cdiUtil = new CdiUtil();
PageState ps = event.getPageState(); // final GroupRepository groupRepository;
// try {
final Group group = (Group) requestLocalGroup.get(ps); // groupRepository = cdiUtil.findBean(GroupRepository.class);
if (group != null) { // } catch(CdiLookupException ex) {
final CdiUtil cdiUtil = new CdiUtil(); // throw new UncheckedWrapperException(ex);
final GroupRepository groupRepository; // }
try {
groupRepository = cdiUtil.findBean(GroupRepository.class);
} catch(CdiLookupException ex) {
throw new UncheckedWrapperException(ex);
}
groupRepository.delete(group); // groupRepository.delete(group);
// try { // try {
// group.delete(); // group.delete();
@ -556,16 +555,17 @@ class GroupAdministrationTab extends LayoutPanel implements AdminConstants,
// LOGGER.warn("Error deleting subgroup", exc); // LOGGER.warn("Error deleting subgroup", exc);
// displayDeleteFailedPanel(ps); // displayDeleteFailedPanel(ps);
// } // }
} // }
// Select root node // Select root node
} // }
//
}); // });
body.add(deleteLink); // body.add(deleteLink);
return main.addSegment(GROUP_EXTREME_ACTIONS_HEADER, // return main.addSegment(GROUP_EXTREME_ACTIONS_HEADER,
body); // body);
throw new UnsupportedOperationException();
} }
/** /**
@ -624,7 +624,7 @@ class SubGroupListModelBuilder extends LockableImpl implements ListModelBuilder
} }
public ListModel makeModel(final List list, final PageState state) { public ListModel makeModel(final List list, final PageState state) {
final Group group = parent.getGroup(state); // final Group group = parent.getGroup(state);
// if (group != null) { // if (group != null) {
// return new SubGroupListModel(group.getSubgroups()); // return new SubGroupListModel(group.getSubgroups());

74
ccm-core/src/main/java/com/arsdigita/ui/admin/GroupEditForm.java
View File

@ -32,8 +32,8 @@ import com.arsdigita.util.UncheckedWrapperException;
import org.libreccm.cdi.utils.CdiLookupException; import org.libreccm.cdi.utils.CdiLookupException;
import org.libreccm.cdi.utils.CdiUtil; import org.libreccm.cdi.utils.CdiUtil;
import org.libreccm.core.Group; //import org.libreccm.core.Group;
import org.libreccm.core.GroupRepository; //import org.libreccm.core.GroupRepository;
import static com.arsdigita.ui.admin.AdminConstants.*; import static com.arsdigita.ui.admin.AdminConstants.*;
@ -68,22 +68,22 @@ class GroupEditForm extends GroupForm implements FormInitListener,
final PageState state = event.getPageState(); final PageState state = event.getPageState();
final Long id = (Long) state.getValue(USER_ID_PARAM); final Long id = (Long) state.getValue(USER_ID_PARAM);
if (id != null) { // if (id != null) {
final CdiUtil cdiUtil = new CdiUtil(); // final CdiUtil cdiUtil = new CdiUtil();
final GroupRepository groupRepository; // final GroupRepository groupRepository;
//
try { // try {
groupRepository = cdiUtil.findBean( // groupRepository = cdiUtil.findBean(
GroupRepository.class); // GroupRepository.class);
} catch (CdiLookupException ex) { // } catch (CdiLookupException ex) {
throw new UncheckedWrapperException( // throw new UncheckedWrapperException(
"Failed to lookup GroupRepository", ex); // "Failed to lookup GroupRepository", ex);
} // }
//
final Group group = groupRepository.findById(id); // final Group group = groupRepository.findById(id);
//
m_name.setValue(state, group.getName()); // m_name.setValue(state, group.getName());
} // }
} }
/** /**
@ -96,31 +96,31 @@ class GroupEditForm extends GroupForm implements FormInitListener,
final PageState state = event.getPageState(); final PageState state = event.getPageState();
final Long id = (Long) state.getValue(GROUP_ID_PARAM); final Long id = (Long) state.getValue(GROUP_ID_PARAM);
final CdiUtil cdiUtil = new CdiUtil(); final CdiUtil cdiUtil = new CdiUtil();
final GroupRepository groupRepository; // final GroupRepository groupRepository;
try { // try {
groupRepository = cdiUtil.findBean(GroupRepository.class); // groupRepository = cdiUtil.findBean(GroupRepository.class);
} catch (CdiLookupException ex) { // } catch (CdiLookupException ex) {
throw new UncheckedWrapperException( // throw new UncheckedWrapperException(
"Failed to lookup GroupRepository", ex); // "Failed to lookup GroupRepository", ex);
} // }
if (id == null) { if (id == null) {
throw new FormProcessException(GlobalizationUtil.globalize( throw new FormProcessException(GlobalizationUtil.globalize(
"ui.admin.groups.ID_is_null")); "ui.admin.groups.ID_is_null"));
} }
final Group group = groupRepository.findById(id); // final Group group = groupRepository.findById(id);
if (group == null) { // if (group == null) {
throw new FormProcessException(GlobalizationUtil.globalize( // throw new FormProcessException(GlobalizationUtil.globalize(
"ui.admin.groups.couldnt_find_specified_group")); // "ui.admin.groups.couldnt_find_specified_group"));
} // }
//
//
final String name = (String) m_name.getValue(state); // final String name = (String) m_name.getValue(state);
group.setName(name); // group.setName(name);
//
groupRepository.save(group); // groupRepository.save(group);
//
if (m_parent != null) { if (m_parent != null) {
m_parent.displayGroupInfoPanel(state); m_parent.displayGroupInfoPanel(state);
} }

52
ccm-core/src/main/java/com/arsdigita/ui/admin/GroupSearchForm.java
View File

@ -42,8 +42,6 @@ import com.arsdigita.util.UncheckedWrapperException;
import org.libreccm.cdi.utils.CdiLookupException; import org.libreccm.cdi.utils.CdiLookupException;
import org.libreccm.cdi.utils.CdiUtil; import org.libreccm.cdi.utils.CdiUtil;
import org.libreccm.core.Group;
import org.libreccm.core.GroupRepository;
import java.util.Collections; import java.util.Collections;
@ -60,7 +58,7 @@ public class GroupSearchForm extends Form implements FormProcessListener,
private ExistingGroupAddPane parentPane; private ExistingGroupAddPane parentPane;
private TextField m_search; private TextField m_search;
private List<Group> results = null; // private List<Group> results = null;
private static final Logger s_log = Logger.getLogger(GroupSearchForm.class); private static final Logger s_log = Logger.getLogger(GroupSearchForm.class);
@ -91,27 +89,27 @@ public class GroupSearchForm extends Form implements FormProcessListener,
throws FormProcessException { throws FormProcessException {
PageState state = event.getPageState(); PageState state = event.getPageState();
Group parent = parentPane.getParentGroup(state); // Group parent = parentPane.getParentGroup(state);
String search = (String) m_search.getValue(state); // String search = (String) m_search.getValue(state);
//
final CdiUtil cdiUtil = new CdiUtil(); // final CdiUtil cdiUtil = new CdiUtil();
final GroupRepository groupRepository; // final GroupRepository groupRepository;
try { // try {
groupRepository = cdiUtil.findBean(GroupRepository.class); // groupRepository = cdiUtil.findBean(GroupRepository.class);
} catch (CdiLookupException ex) { // } catch (CdiLookupException ex) {
throw new UncheckedWrapperException( // throw new UncheckedWrapperException(
"Failed to lookup GroupRepository", ex); // "Failed to lookup GroupRepository", ex);
} // }
results = groupRepository.searchGroupByName(search); // results = groupRepository.searchGroupByName(search);
//
//
if (results.isEmpty()) { // if (results.isEmpty()) {
parentPane.showNoResults(state); // parentPane.showNoResults(state);
} else { // } else {
// put search string into Page // // put search string into Page
state.setValue(getSearchString(), m_search.getValue(state)); // state.setValue(getSearchString(), m_search.getValue(state));
parentPane.showGroups(state); // parentPane.showGroups(state);
} // }
} }
@ -122,9 +120,9 @@ public class GroupSearchForm extends Form implements FormProcessListener,
* *
* @return * @return
*/ */
public List<Group> getResults() { // public List<Group> getResults() {
return Collections.unmodifiableList(results); // return Collections.unmodifiableList(results);
} // }
private ParameterModel getSearchString() { private ParameterModel getSearchString() {
return parentPane.getSearchString(); return parentPane.getSearchString();

43
ccm-core/src/main/java/com/arsdigita/ui/admin/GroupTreeModel.java
View File

@ -26,8 +26,7 @@ import com.arsdigita.util.UncheckedWrapperException;
import org.libreccm.cdi.utils.CdiLookupException; import org.libreccm.cdi.utils.CdiLookupException;
import org.libreccm.cdi.utils.CdiUtil; import org.libreccm.cdi.utils.CdiUtil;
import org.libreccm.core.Group; import org.libreccm.security.Group;
import org.libreccm.core.GroupRepository;
import java.math.BigDecimal; import java.math.BigDecimal;
@ -106,25 +105,27 @@ public class GroupTreeModel implements TreeModel {
@Override @Override
public Iterator<Group> getChildren(final TreeNode node, public Iterator<Group> getChildren(final TreeNode node,
final PageState state) { final PageState state) {
//
if (node instanceof RootTreeNode) { // if (node instanceof RootTreeNode) {
//
final CdiUtil cdiUtil = new CdiUtil(); // final CdiUtil cdiUtil = new CdiUtil();
final GroupRepository groupRepository; // final GroupRepository groupRepository;
try { // try {
groupRepository = cdiUtil.findBean(GroupRepository.class); // groupRepository = cdiUtil.findBean(GroupRepository.class);
} catch (CdiLookupException ex) { // } catch (CdiLookupException ex) {
throw new UncheckedWrapperException( // throw new UncheckedWrapperException(
"Failed to lookup GroupRepository", ex); // "Failed to lookup GroupRepository", ex);
} // }
final List<Group> groups = groupRepository.findAll(); // final List<Group> groups = groupRepository.findAll();
//
return groups.iterator(); // return groups.iterator();
} else { // } else {
return null; // return null;
} // }
throw new UnsupportedOperationException();
} }
//
} }
class RootTreeNode implements TreeNode { class RootTreeNode implements TreeNode {
@ -147,7 +148,7 @@ class GroupTreeNode implements TreeNode {
private String m_name; private String m_name;
public GroupTreeNode(Group group) { public GroupTreeNode(Group group) {
m_key = Long.toString(group.getSubjectId()); // m_key = Long.toString(group.getSubjectId());
m_name = group.getName(); m_name = group.getName();
} }

12
ccm-core/src/main/java/com/arsdigita/ui/admin/PartyListModel.java
View File

@ -20,7 +20,7 @@ package com.arsdigita.ui.admin;
import com.arsdigita.bebop.list.ListModel; import com.arsdigita.bebop.list.ListModel;
import org.libreccm.core.Subject; import org.libreccm.security.Party;
import java.util.List; import java.util.List;
@ -31,8 +31,8 @@ import java.util.List;
*/ */
class PartyListModel implements ListModel { class PartyListModel implements ListModel {
private final List<Subject> m_parties; private final List<Party> m_parties;
private Subject m_currentParty = null; private Party m_currentParty = null;
private int index = 0; private int index = 0;
/** /**
@ -41,7 +41,7 @@ class PartyListModel implements ListModel {
* *
* @param partys the partyCollection * @param partys the partyCollection
**/ **/
public PartyListModel(final List<Subject> parties) { public PartyListModel(final List<Party> parties) {
m_parties = parties; m_parties = parties;
} }
@ -68,7 +68,7 @@ class PartyListModel implements ListModel {
**/ **/
@Override @Override
public String getKey() { public String getKey() {
return Long.toString(m_currentParty.getSubjectId()); return Long.toString(m_currentParty.getPartyId());
} }
/** /**
@ -78,6 +78,6 @@ class PartyListModel implements ListModel {
**/ **/
@Override @Override
public Object getElement() { public Object getElement() {
return m_currentParty.getSubjectId(); return m_currentParty.getPartyId();
} }
} }

16
ccm-core/src/main/java/com/arsdigita/ui/admin/SelectGroups.java
View File

@ -37,7 +37,7 @@ import com.arsdigita.bebop.form.Option;
import com.arsdigita.bebop.form.OptionGroup; import com.arsdigita.bebop.form.OptionGroup;
import com.arsdigita.bebop.form.Submit; import com.arsdigita.bebop.form.Submit;
import org.libreccm.core.Group; import org.libreccm.security.Group;
import java.util.List; import java.util.List;
@ -147,18 +147,18 @@ public class SelectGroups {
PageState state = e.getPageState(); PageState state = e.getPageState();
OptionGroup cbg = (CheckboxGroup) e.getTarget(); OptionGroup cbg = (CheckboxGroup) e.getTarget();
List<Group> results = searchForm.getResults(); // List<Group> results = searchForm.getResults();
String groupID; String groupID;
String groupName; String groupName;
Group child; Group child;
for(Group group : results) { // for(Group group : results) {
child = group; // child = group;
groupID = Long.toString(child.getSubjectId()); // groupID = Long.toString(child.getSubjectId());
groupName = child.getName(); // groupName = child.getName();
cbg.addOption(new Option(groupID, groupName)); // cbg.addOption(new Option(groupID, groupName));
} // }
} }
} }

122
ccm-core/src/main/java/com/arsdigita/ui/admin/SubMemberPanel.java
View File

@ -34,12 +34,6 @@ import com.arsdigita.util.UncheckedWrapperException;
import org.libreccm.cdi.utils.CdiLookupException; import org.libreccm.cdi.utils.CdiLookupException;
import org.libreccm.cdi.utils.CdiUtil; import org.libreccm.cdi.utils.CdiUtil;
import org.libreccm.core.Group;
import org.libreccm.core.GroupManager;
import org.libreccm.core.GroupMembership;
import org.libreccm.core.GroupRepository;
import org.libreccm.core.User;
import org.libreccm.core.UserRepository;
import static com.arsdigita.ui.admin.AdminConstants.*; import static com.arsdigita.ui.admin.AdminConstants.*;
@ -71,8 +65,8 @@ class SubMemberPanel extends BoxPanel {
final BoxPanel panel = new BoxPanel(BoxPanel.HORIZONTAL); final BoxPanel panel = new BoxPanel(BoxPanel.HORIZONTAL);
Label label = new Label(((User) value).getScreenName()); // Label label = new Label(((User) value).getScreenName());
panel.add(label); // panel.add(label);
ControlLink removeLink = new ControlLink(REMOVE_SUBMEMBER_LABEL); ControlLink removeLink = new ControlLink(REMOVE_SUBMEMBER_LABEL);
removeLink.setClassAttr("actionLink"); removeLink.setClassAttr("actionLink");
@ -91,23 +85,23 @@ class SubMemberPanel extends BoxPanel {
if (key != null) { if (key != null) {
final Long userID = new Long(key); final Long userID = new Long(key);
final CdiUtil cdiUtil = new CdiUtil(); final CdiUtil cdiUtil = new CdiUtil();
final UserRepository userRepository; // final UserRepository userRepository;
final GroupManager groupManager; // final GroupManager groupManager;
final GroupRepository groupRepository; // final GroupRepository groupRepository;
try { // try {
userRepository = cdiUtil.findBean(UserRepository.class); // userRepository = cdiUtil.findBean(UserRepository.class);
groupManager = cdiUtil.findBean(GroupManager.class); // groupManager = cdiUtil.findBean(GroupManager.class);
groupRepository = cdiUtil.findBean(GroupRepository.class); // groupRepository = cdiUtil.findBean(GroupRepository.class);
} catch(CdiLookupException ex) { // } catch(CdiLookupException ex) {
throw new UncheckedWrapperException(ex); // throw new UncheckedWrapperException(ex);
} // }
//
final User user = userRepository.findById(userID); // final User user = userRepository.findById(userID);
final Group group = m_mainTab.getGroup(state); // final Group group = m_mainTab.getGroup(state);
if (group != null) { // if (group != null) {
groupManager.removeUserFromGroup(user, group); // groupManager.removeUserFromGroup(user, group);
groupRepository.save(group); // groupRepository.save(group);
} // }
} }
} }
@ -127,47 +121,47 @@ class SubMemberListModelBuilder extends LockableImpl
@Override @Override
public ListModel makeModel(final List list, final PageState state) { public ListModel makeModel(final List list, final PageState state) {
final Group group = m_mainTab.getGroup(state); // final Group group = m_mainTab.getGroup(state);
final java.util.List<GroupMembership> members; // final java.util.List<GroupMembership> members;
if (group == null) { // if (group == null) {
members = null; // members = null;
} else { // } else {
members = group.getMembers(); // members = group.getMembers();
} // }
return new SubMemberListModel(members); // return new SubMemberListModel(members);
throw new UnsupportedOperationException();
} }
} }
class SubMemberListModel implements ListModel { //class SubMemberListModel implements ListModel {
//
private final java.util.List<GroupMembership> members; //// private final java.util.List<GroupMembership> members;
private int index; // private int index;
//
//
public SubMemberListModel(final java.util.List<GroupMembership> members) { // public SubMemberListModel(final java.util.List<GroupMembership> members) {
this.members = members; // this.members = members;
} // }
//
@Override // @Override
public Object getElement() { // public Object getElement() {
return members.get(index); // return members.get(index);
} // }
//
@Override // @Override
public String getKey() { // public String getKey() {
return Long.toString(members.get(index).getMembershipId()); // return Long.toString(members.get(index).getMembershipId());
} // }
//
@Override // @Override
public boolean next() { // public boolean next() {
if (index < members.size()) { // if (index < members.size()) {
index++; // index++;
return true; // return true;
} else { // } else {
return false; // return false;
} // }
} // }
} //}

233
ccm-core/src/main/java/com/arsdigita/ui/admin/UserBrowsePane.java
View File

@ -64,13 +64,7 @@ import java.util.ArrayList;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
import org.libreccm.cdi.utils.CdiLookupException; import org.libreccm.cdi.utils.CdiLookupException;
import org.libreccm.cdi.utils.CdiUtil; import org.libreccm.cdi.utils.CdiUtil;
import org.libreccm.core.CcmSessionContext; import org.libreccm.security.User;
import org.libreccm.core.Group;
import org.libreccm.core.GroupMembership;
import org.libreccm.core.GroupRepository;
import org.libreccm.core.Subject;
import org.libreccm.core.User;
import org.libreccm.core.UserRepository;
/** /**
* This pane contains three main segmented panel which only one is visible at * This pane contains three main segmented panel which only one is visible at
@ -120,27 +114,27 @@ class UserBrowsePane extends SegmentedPanel
@Override @Override
public void actionPerformed(final ActionEvent event) { public void actionPerformed(final ActionEvent event) {
final PageState state = event.getPageState(); // final PageState state = event.getPageState();
final CdiUtil cdiUtil = new CdiUtil(); // final CdiUtil cdiUtil = new CdiUtil();
final CcmSessionContext sessionContext; // final CcmSessionContext sessionContext;
try { // try {
sessionContext = cdiUtil.findBean(CcmSessionContext.class); // sessionContext = cdiUtil.findBean(CcmSessionContext.class);
} catch (CdiLookupException ex) { // } catch (CdiLookupException ex) {
throw new UncheckedWrapperException(ex); // throw new UncheckedWrapperException(ex);
} // }
//
final Subject subject = sessionContext.getCurrentSubject(); // final Subject subject = sessionContext.getCurrentSubject();
//
final Long userID = (Long) state.getValue(USER_ID_PARAM); // final Long userID = (Long) state.getValue(USER_ID_PARAM);
//
// Bug #167607 remove link for current user // // Bug #167607 remove link for current user
if (m_userInfoPanel.isVisible(state)) { // if (m_userInfoPanel.isVisible(state)) {
if (subject.getSubjectId() == userID) { // if (subject.getSubjectId() == userID) {
m_extremeActionPanel.setVisible(state, false); // m_extremeActionPanel.setVisible(state, false);
} else { // } else {
m_extremeActionPanel.setVisible(state, true); // m_extremeActionPanel.setVisible(state, true);
} // }
} // }
} }
/** /**
@ -154,20 +148,22 @@ class UserBrowsePane extends SegmentedPanel
protected Object initialValue(final PageState state) { protected Object initialValue(final PageState state) {
final Long id = (Long) state.getValue(USER_ID_PARAM); final Long id = (Long) state.getValue(USER_ID_PARAM);
final CdiUtil cdiUtil = new CdiUtil(); // final CdiUtil cdiUtil = new CdiUtil();
final UserRepository userRepository; // final UserRepository userRepository;
try { // try {
userRepository = cdiUtil.findBean(UserRepository.class); // userRepository = cdiUtil.findBean(UserRepository.class);
} catch (CdiLookupException ex) { // } catch (CdiLookupException ex) {
throw new UncheckedWrapperException(ex); // throw new UncheckedWrapperException(ex);
} // }
//
final User user = userRepository.findById(id); // final User user = userRepository.findById(id);
if (user == null) { // if (user == null) {
throw new UncheckedWrapperException(String.format( // throw new UncheckedWrapperException(String.format(
"Failed to retrieve user: %d", id)); // "Failed to retrieve user: %d", id));
} // }
return user; // return user;
throw new UnsupportedOperationException();
} }
}; };
@ -240,7 +236,7 @@ class UserBrowsePane extends SegmentedPanel
final PageState state = event.getPageState(); final PageState state = event.getPageState();
final User user = getUser(state); final User user = getUser(state);
target.setLabel(user.getScreenName()); target.setLabel(user.getName());
} }
}); });
@ -258,7 +254,7 @@ class UserBrowsePane extends SegmentedPanel
final PageState state = event.getPageState(); final PageState state = event.getPageState();
final User user = getUser(state); final User user = getUser(state);
target.setLabel(user.getScreenName()); target.setLabel(user.getName());
} }
}); });
@ -436,15 +432,15 @@ class UserBrowsePane extends SegmentedPanel
final PageState state = event.getPageState(); final PageState state = event.getPageState();
final User user = getUser(state); final User user = getUser(state);
final CdiUtil cdiUtil = new CdiUtil(); // final CdiUtil cdiUtil = new CdiUtil();
final UserRepository userRepository; // final UserRepository userRepository;
try { // try {
userRepository = cdiUtil.findBean(UserRepository.class); // userRepository = cdiUtil.findBean(UserRepository.class);
} catch (CdiLookupException ex) { // } catch (CdiLookupException ex) {
throw new UncheckedWrapperException(ex); // throw new UncheckedWrapperException(ex);
} // }
userRepository.delete(user); // userRepository.delete(user);
displayUserBrowsePanel(state); displayUserBrowsePanel(state);
@ -475,18 +471,18 @@ class UserBrowsePane extends SegmentedPanel
@Override @Override
public void actionPerformed(ActionEvent e) { public void actionPerformed(ActionEvent e) {
PageState state = e.getPageState(); // PageState state = e.getPageState();
User user = getUser(state); // User user = getUser(state);
user.setBanned(true); // user.setBanned(true);
//
final CdiUtil cdiUtil = new CdiUtil(); // final CdiUtil cdiUtil = new CdiUtil();
final UserRepository userRepository; // final UserRepository userRepository;
try { // try {
userRepository = cdiUtil.findBean(UserRepository.class); // userRepository = cdiUtil.findBean(UserRepository.class);
} catch (CdiLookupException ex) { // } catch (CdiLookupException ex) {
throw new UncheckedWrapperException(ex); // throw new UncheckedWrapperException(ex);
} // }
userRepository.save(user); // userRepository.save(user);
} // End ActionPerformed method } // End ActionPerformed method
} // End of new ActionListener definition } // End of new ActionListener definition
@ -509,18 +505,18 @@ class UserBrowsePane extends SegmentedPanel
unbanLink.addActionListener(new ActionListener() { unbanLink.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent e) { public void actionPerformed(ActionEvent e) {
PageState state = e.getPageState(); // PageState state = e.getPageState();
User user = getUser(state); // User user = getUser(state);
user.setBanned(false); // user.setBanned(false);
//
final CdiUtil cdiUtil = new CdiUtil(); // final CdiUtil cdiUtil = new CdiUtil();
final UserRepository userRepository; // final UserRepository userRepository;
try { // try {
userRepository = cdiUtil.findBean(UserRepository.class); // userRepository = cdiUtil.findBean(UserRepository.class);
} catch (CdiLookupException ex) { // } catch (CdiLookupException ex) {
throw new UncheckedWrapperException(ex); // throw new UncheckedWrapperException(ex);
} // }
userRepository.save(user); // userRepository.save(user);
} // End ActionPerformed method } // End ActionPerformed method
} // End of new ActionListener definition } // End of new ActionListener definition
@ -581,14 +577,15 @@ class UserBrowsePane extends SegmentedPanel
@Override @Override
public ListModel makeModel(final List list, final PageState state) { public ListModel makeModel(final List list, final PageState state) {
final User user = getUser(state); final User user = getUser(state);
final java.util.List<GroupMembership> memberships = user // final java.util.List<GroupMembership> memberships = user
.getGroupMemberships(); // .getGroupMemberships();
final java.util.List<Subject> groups = new ArrayList<>(); // final java.util.List<Subject> groups = new ArrayList<>();
for (GroupMembership membership : memberships) { // for (GroupMembership membership : memberships) {
groups.add(membership.getGroup()); // groups.add(membership.getGroup());
} // }
return new PartyListModel(groups); // return new PartyListModel(groups);
throw new UnsupportedOperationException();
} }
} }
@ -696,16 +693,16 @@ class UserBrowsePane extends SegmentedPanel
String id = (String) m_groupList.getSelectedKey(ps); String id = (String) m_groupList.getSelectedKey(ps);
if (id != null) { if (id != null) {
final CdiUtil cdiUtil = new CdiUtil(); final CdiUtil cdiUtil = new CdiUtil();
final GroupRepository groupRepository; // final GroupRepository groupRepository;
try { // try {
groupRepository = cdiUtil // groupRepository = cdiUtil
.findBean(GroupRepository.class); // .findBean(GroupRepository.class);
} catch (CdiLookupException ex) { // } catch (CdiLookupException ex) {
throw new UncheckedWrapperException(ex); // throw new UncheckedWrapperException(ex);
} // }
final Group group = groupRepository.findById(Long.parseLong( // final Group group = groupRepository.findById(Long.parseLong(
id)); // id));
m_groupAdministrationTab.setGroup(ps, group); // m_groupAdministrationTab.setGroup(ps, group);
m_groupAdministrationTab.displayGroupInfoPanel(ps); m_groupAdministrationTab.displayGroupInfoPanel(ps);
m_tabbedPane.setSelectedIndex(ps, GROUP_TAB_INDEX); m_tabbedPane.setSelectedIndex(ps, GROUP_TAB_INDEX);
} else { } else {
@ -733,14 +730,16 @@ class UserTableModel implements TableModel {
public UserTableModel() { public UserTableModel() {
final CdiUtil cdiUtil = new CdiUtil(); final CdiUtil cdiUtil = new CdiUtil();
final UserRepository userRepository; // final UserRepository userRepository;
try { // try {
userRepository = cdiUtil.findBean(UserRepository.class); // userRepository = cdiUtil.findBean(UserRepository.class);
} catch (CdiLookupException ex) { // } catch (CdiLookupException ex) {
throw new UncheckedWrapperException(ex); // throw new UncheckedWrapperException(ex);
} // }
users = userRepository.findAll(); // users = userRepository.findAll();
users = null;
} }
@Override @Override
@ -752,26 +751,28 @@ class UserTableModel implements TableModel {
public Object getElementAt(final int columnIndex) { public Object getElementAt(final int columnIndex) {
final User user = users.get(index); final User user = users.get(index);
if (columnIndex == 0) { // if (columnIndex == 0) {
return user.getSubjectId(); // return user.getSubjectId();
} else if (columnIndex == 1) { // } else if (columnIndex == 1) {
return String.format("%s %s", // return String.format("%s %s",
user.getName().getGivenName(), // user.getName().getGivenName(),
user.getName().getFamilyName()); // user.getName().getFamilyName());
} else if (columnIndex == 2) { // } else if (columnIndex == 2) {
return user.getScreenName(); // return user.getScreenName();
} else if (columnIndex == 3) { // } else if (columnIndex == 3) {
return user.getEmailAddresses().get(0).getAddress(); // return user.getEmailAddresses().get(0).getAddress();
} else if (columnIndex == 4) { // } else if (columnIndex == 4) {
return user.getSsoLogin(); // return user.getSsoLogin();
} else { // } else {
return null; // return null;
} // }
return null;
} }
@Override @Override
public Object getKeyAt(final int columnIndex) { public Object getKeyAt(final int columnIndex) {
return users.get(index).getSubjectId(); return users.get(index).getPartyId();
} }
@Override @Override

86
ccm-core/src/main/java/com/arsdigita/ui/admin/UserEditForm.java
View File

@ -23,21 +23,13 @@ import com.arsdigita.bebop.PageState;
import com.arsdigita.bebop.event.FormInitListener; import com.arsdigita.bebop.event.FormInitListener;
import com.arsdigita.bebop.event.FormProcessListener; import com.arsdigita.bebop.event.FormProcessListener;
import com.arsdigita.bebop.event.FormSectionEvent; import com.arsdigita.bebop.event.FormSectionEvent;
import com.arsdigita.util.UncheckedWrapperException;
import static com.arsdigita.ui.admin.AdminConstants.*; import static com.arsdigita.ui.admin.AdminConstants.*;
import javax.mail.internet.InternetAddress;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
import org.libreccm.cdi.utils.CdiLookupException;
import org.libreccm.cdi.utils.CdiUtil;
import org.libreccm.core.EmailAddress; import org.libreccm.core.EmailAddress;
import org.libreccm.core.PersonName;
import org.libreccm.core.User;
import org.libreccm.core.UserRepository;
import java.io.UncheckedIOException; import org.libreccm.security.User;
/** /**
* Form used to edit the information for a user. * Form used to edit the information for a user.
@ -73,19 +65,19 @@ class UserEditForm extends UserForm
hideSecurityInfo(state); hideSecurityInfo(state);
final User user = m_browsePane.getUser(state); // final User user = m_browsePane.getUser(state);
//
final PersonName name = user.getName(); // final PersonName name = user.getName();
m_firstName.setValue(state, name.getGivenName()); // m_firstName.setValue(state, name.getGivenName());
m_lastName.setValue(state, name.getFamilyName()); // m_lastName.setValue(state, name.getFamilyName());
//
m_primaryEmail.setValue(state, user.getEmailAddresses().get( // m_primaryEmail.setValue(state, user.getEmailAddresses().get(
0).getAddress()); // 0).getAddress());
//
m_screenName.setValue(state, user.getScreenName()); // m_screenName.setValue(state, user.getScreenName());
//
USER_FORM_LABEL_ADDITIONAL_EMAIL_LIST.setVisible(state, true); // USER_FORM_LABEL_ADDITIONAL_EMAIL_LIST.setVisible(state, true);
m_emailList.setVisible(state, true); // m_emailList.setVisible(state, true);
} }
/** /**
@ -97,20 +89,20 @@ class UserEditForm extends UserForm
final PageState state = event.getPageState(); final PageState state = event.getPageState();
final User user = m_browsePane.getUser(state); final User user = m_browsePane.getUser(state);
//
final PersonName name = user.getName(); // final PersonName name = user.getName();
name.setGivenName((String) m_firstName.getValue(state)); // name.setGivenName((String) m_firstName.getValue(state));
name.setFamilyName((String) m_lastName.getValue(state)); // name.setFamilyName((String) m_lastName.getValue(state));
//
user.setScreenName((String) m_screenName.getValue(state)); // user.setScreenName((String) m_screenName.getValue(state));
//
InternetAddress additional = (InternetAddress) m_additionalEmail // InternetAddress additional = (InternetAddress) m_additionalEmail
.getValue(state); // .getValue(state);
if (additional != null) { // if (additional != null) {
final EmailAddress additionalEmail = new EmailAddress(); // final EmailAddress additionalEmail = new EmailAddress();
additional.setAddress(additional.getAddress()); // additional.setAddress(additional.getAddress());
user.addEmailAddress(additionalEmail); // user.addEmailAddress(additionalEmail);
} // }
// Check to see if the primary email address has changed, and // Check to see if the primary email address has changed, and
// if so set it to the new value and delete the association // if so set it to the new value and delete the association
@ -124,19 +116,19 @@ class UserEditForm extends UserForm
s_log.debug("Changing primary email " + oaddr + " to " + naddr); s_log.debug("Changing primary email " + oaddr + " to " + naddr);
} }
user.addEmailAddress(naddr); // user.addEmailAddress(naddr);
user.removeEmailAddress(oaddr); // user.removeEmailAddress(oaddr);
} }
final CdiUtil cdiUtil = new CdiUtil(); // final CdiUtil cdiUtil = new CdiUtil();
final UserRepository userRepository; // final UserRepository userRepository;
try { // try {
userRepository = cdiUtil.findBean(UserRepository.class); // userRepository = cdiUtil.findBean(UserRepository.class);
} catch(CdiLookupException ex) { // } catch(CdiLookupException ex) {
throw new UncheckedWrapperException(ex); // throw new UncheckedWrapperException(ex);
} // }
//
userRepository.save(user); // userRepository.save(user);
m_browsePane.displayUserInfoPanel(state); m_browsePane.displayUserInfoPanel(state);
} }

62
ccm-core/src/main/java/com/arsdigita/ui/admin/UserForm.java
View File

@ -45,8 +45,6 @@ import com.arsdigita.util.UncheckedWrapperException;
import org.libreccm.cdi.utils.CdiLookupException; import org.libreccm.cdi.utils.CdiLookupException;
import org.libreccm.cdi.utils.CdiUtil; import org.libreccm.cdi.utils.CdiUtil;
import org.libreccm.core.User;
import org.libreccm.core.UserRepository;
import java.io.UncheckedIOException; import java.io.UncheckedIOException;
import java.math.BigDecimal; import java.math.BigDecimal;
@ -245,36 +243,36 @@ class UserForm extends Form implements FormValidationListener, AdminConstants {
* Verify that primary email and screen name are unique * Verify that primary email and screen name are unique
*/ */
final CdiUtil cdiUtil = new CdiUtil(); final CdiUtil cdiUtil = new CdiUtil();
final UserRepository userRepository; // final UserRepository userRepository;
try { // try {
userRepository = cdiUtil.findBean(UserRepository.class); // userRepository = cdiUtil.findBean(UserRepository.class);
} catch (CdiLookupException ex) { // } catch (CdiLookupException ex) {
throw new UncheckedWrapperException(ex); // throw new UncheckedWrapperException(ex);
} // }
//
final String screenName = (String) m_screenName.getValue(ps); // final String screenName = (String) m_screenName.getValue(ps);
final User userByScreenname = userRepository.findByScreenName( // final User userByScreenname = userRepository.findByScreenName(
screenName); // screenName);
final String email; // final String email;
if (m_primaryEmail.getValue(ps) != null) { // if (m_primaryEmail.getValue(ps) != null) {
email = ((InternetAddress) m_primaryEmail.getValue(ps)).getAddress(); // email = ((InternetAddress) m_primaryEmail.getValue(ps)).getAddress();
} else { // } else {
email = null; // email = null;
} // }
final User userByEmail = userRepository.findByEmailAddress(email); // final User userByEmail = userRepository.findByEmailAddress(email);
//
if (userByScreenname != null && screenName != null && screenName.equals( // if (userByScreenname != null && screenName != null && screenName.equals(
userByScreenname.getScreenName())) { // userByScreenname.getScreenName())) {
data.addError(USER_FORM_INPUT_SCREEN_NAME, // data.addError(USER_FORM_INPUT_SCREEN_NAME,
USER_FORM_ERROR_SCREEN_NAME_NOT_UNIQUE); // USER_FORM_ERROR_SCREEN_NAME_NOT_UNIQUE);
} // }
//
if (userByEmail != null // if (userByEmail != null
&& email != null // && email != null
&& email.equals(userByEmail.getEmailAddresses().get(0).getAddress())) { // && email.equals(userByEmail.getEmailAddresses().get(0).getAddress())) {
data.addError(USER_FORM_INPUT_PRIMARY_EMAIL, // data.addError(USER_FORM_INPUT_PRIMARY_EMAIL,
USER_FORM_ERROR_PRIMARY_EMAIL_NOT_UNIQUE); // USER_FORM_ERROR_PRIMARY_EMAIL_NOT_UNIQUE);
} // }
} }
/** /**

102
ccm-core/src/main/java/com/arsdigita/ui/admin/UserPasswordForm.java
View File

@ -47,9 +47,7 @@ import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
import org.libreccm.cdi.utils.CdiLookupException; import org.libreccm.cdi.utils.CdiLookupException;
import org.libreccm.cdi.utils.CdiUtil; import org.libreccm.cdi.utils.CdiUtil;
import org.libreccm.core.User; import org.libreccm.security.User;
import org.libreccm.core.UserManager;
import org.libreccm.core.UserRepository;
/** /**
* Form used to update a user's password. It just provides form elements to * Form used to update a user's password. It just provides form elements to
@ -137,19 +135,19 @@ class UserPasswordForm extends Form
final PageState state = event.getPageState(); final PageState state = event.getPageState();
final CdiUtil cdiUtil = new CdiUtil(); // final CdiUtil cdiUtil = new CdiUtil();
final UserRepository userRepository; // final UserRepository userRepository;
try { // try {
userRepository = cdiUtil.findBean(UserRepository.class); // userRepository = cdiUtil.findBean(UserRepository.class);
} catch(CdiLookupException ex) { // } catch(CdiLookupException ex) {
throw new UncheckedWrapperException(ex); // throw new UncheckedWrapperException(ex);
} // }
final User user = userRepository.findById((Long) state.getValue( // final User user = userRepository.findById((Long) state.getValue(
USER_ID_PARAM)); // USER_ID_PARAM));
//
// m_question.setValue(state, user.getPasswordQuestion());
m_question.setValue(state, user.getPasswordQuestion()); // m_ssoLogin.setValue(state, user.getSsoLogin());
m_ssoLogin.setValue(state, user.getSsoLogin());
m_answer.setValue(state, ""); m_answer.setValue(state, "");
} }
@ -164,18 +162,18 @@ class UserPasswordForm extends Form
FormData data = event.getFormData(); FormData data = event.getFormData();
HttpServletRequest req = state.getRequest(); HttpServletRequest req = state.getRequest();
final CdiUtil cdiUtil = new CdiUtil(); // final CdiUtil cdiUtil = new CdiUtil();
final UserRepository userRepository; // final UserRepository userRepository;
try { // try {
userRepository = cdiUtil.findBean(UserRepository.class); // userRepository = cdiUtil.findBean(UserRepository.class);
} catch(CdiLookupException ex) { // } catch(CdiLookupException ex) {
throw new UncheckedWrapperException(ex); // throw new UncheckedWrapperException(ex);
} // }
final User user = userRepository.findById((Long) state.getValue( // final User user = userRepository.findById((Long) state.getValue(
USER_ID_PARAM)); // USER_ID_PARAM));
if (user == null) { // if (user == null) {
return; // return;
} // }
try { try {
// get parameter values // get parameter values
@ -217,36 +215,36 @@ class UserPasswordForm extends Form
final FormData data = event.getFormData(); final FormData data = event.getFormData();
final CdiUtil cdiUtil = new CdiUtil(); final CdiUtil cdiUtil = new CdiUtil();
final UserRepository userRepository; // final UserRepository userRepository;
final UserManager userManager; // final UserManager userManager;
try { // try {
userRepository = cdiUtil.findBean(UserRepository.class); // userRepository = cdiUtil.findBean(UserRepository.class);
userManager = cdiUtil.findBean(UserManager.class); // userManager = cdiUtil.findBean(UserManager.class);
} catch(CdiLookupException ex) { // } catch(CdiLookupException ex) {
throw new UncheckedWrapperException(ex); // throw new UncheckedWrapperException(ex);
} // }
final User user = userRepository.findById((Long) state.getValue( // final User user = userRepository.findById((Long) state.getValue(
USER_ID_PARAM)); // USER_ID_PARAM));
if (user == null) { // if (user == null) {
throw new FormProcessException(GlobalizationUtil.globalize( // throw new FormProcessException(GlobalizationUtil.globalize(
"ui.admin.user.userpasswordform.retrieving_user_failed")); // "ui.admin.user.userpasswordform.retrieving_user_failed"));
} // }
userManager.updatePassword(user, (String) data.get(NEW_PASSWORD_PARAM_NAME)); // userManager.updatePassword(user, (String) data.get(NEW_PASSWORD_PARAM_NAME));
user.setPasswordQuestion((String) m_question.getValue(state)); // user.setPasswordQuestion((String) m_question.getValue(state));
final String answer = (String) m_answer.getValue(state); // final String answer = (String) m_answer.getValue(state);
if (answer != null && answer.length() > 0) { // if (answer != null && answer.length() > 0) {
user.setPasswordAnswer(answer); // user.setPasswordAnswer(answer);
} // }
user.setSsoLogin((String) m_ssoLogin.getValue(state)); // user.setSsoLogin((String) m_ssoLogin.getValue(state));
//
userRepository.save(user); // userRepository.save(user);
BigDecimal id = (BigDecimal) state.getValue(USER_ID_PARAM); BigDecimal id = (BigDecimal) state.getValue(USER_ID_PARAM);
s_log.debug("Committed password change"); s_log.debug("Committed password change");
notifyUser(user); // notifyUser(user);
m_userBrowsePane.displayUserInfoPanel(state); m_userBrowsePane.displayUserInfoPanel(state);
} }
@ -269,7 +267,7 @@ class UserPasswordForm extends Form
StringBuffer sb = new StringBuffer(); StringBuffer sb = new StringBuffer();
sb.append("Dear "); sb.append("Dear ");
sb.append(user.getName().getGivenName()); sb.append(user.getGivenName());
sb.append(":"); sb.append(":");
sb.append(nl).append(nl); sb.append(nl).append(nl);
sb.append("Your password has been changed by the "); sb.append("Your password has been changed by the ");

193
ccm-core/src/main/java/com/arsdigita/ui/login/ChangePasswordForm.java
View File

@ -52,12 +52,7 @@ import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
import org.libreccm.cdi.utils.CdiLookupException; import org.libreccm.cdi.utils.CdiLookupException;
import org.libreccm.cdi.utils.CdiUtil; import org.libreccm.cdi.utils.CdiUtil;
import org.libreccm.core.CcmSessionContext; import org.libreccm.security.User;
import org.libreccm.core.Subject;
import org.libreccm.core.User;
import org.libreccm.core.UserManager;
import org.libreccm.core.UserRepository;
import org.libreccm.core.authentication.LoginManager;
import java.util.logging.Level; import java.util.logging.Level;
@ -132,25 +127,25 @@ public class ChangePasswordForm extends Form
add(m_returnURL); add(m_returnURL);
final CdiUtil cdiUtil = new CdiUtil(); final CdiUtil cdiUtil = new CdiUtil();
final CcmSessionContext sessionContext; // final CcmSessionContext sessionContext;
try { // try {
sessionContext = cdiUtil.findBean(CcmSessionContext.class); // sessionContext = cdiUtil.findBean(CcmSessionContext.class);
} catch (CdiLookupException ex) { // } catch (CdiLookupException ex) {
throw new UncheckedWrapperException(""); // throw new UncheckedWrapperException("");
} // }
final Subject subject = sessionContext.getCurrentSubject(); // final Subject subject = sessionContext.getCurrentSubject();
if (subject != null && subject instanceof User) { // if (subject != null && subject instanceof User) {
final User user = (User) subject; // final User user = (User) subject;
final Label greeting = new Label( // final Label greeting = new Label(
LoginHelper.getMessage( // LoginHelper.getMessage(
"login.changePasswortForm.greeting", // "login.changePasswortForm.greeting",
new Object[]{String.format("%s %s", // new Object[]{String.format("%s %s",
user.getName().getGivenName(), // user.getName().getGivenName(),
user.getName().getFamilyName())})); // user.getName().getFamilyName())}));
greeting.setFontWeight(Label.BOLD); // greeting.setFontWeight(Label.BOLD);
greeting.setClassAttr("greeting"); // greeting.setClassAttr("greeting");
add(greeting); // add(greeting);
} // }
add(new Label(LoginHelper.getMessage( add(new Label(LoginHelper.getMessage(
"login.changePasswortForm.introText"))); "login.changePasswortForm.introText")));
@ -199,7 +194,7 @@ public class ChangePasswordForm extends Form
state.getRequest())); state.getRequest()));
return; return;
} }
User user = m_listener.getUser(state); // User user = m_listener.getUser(state);
// get parameter values // get parameter values
String oldPassword = (String) m_oldPassword.getValue(state); String oldPassword = (String) m_oldPassword.getValue(state);
@ -207,33 +202,33 @@ public class ChangePasswordForm extends Form
String confirmPassword = (String) m_confirmPassword.getValue(state); String confirmPassword = (String) m_confirmPassword.getValue(state);
// check old password unless recovering // check old password unless recovering
try { // try {
// The old password can never be null or contain leading or // // The old password can never be null or contain leading or
// trailing slashes. // // trailing slashes.
if (oldPassword == null // if (oldPassword == null
|| !oldPassword.trim().equals(oldPassword)) { // || !oldPassword.trim().equals(oldPassword)) {
data.addError(OLD_PASSWORD_PARAM_NAME, LoginHelper // data.addError(OLD_PASSWORD_PARAM_NAME, LoginHelper
.localize( // .localize(
"login.changePasswordForm.badPasswordError", // "login.changePasswordForm.badPasswordError",
state.getRequest())); // state.getRequest()));
return; // return;
} // }
//
final CdiUtil cdiUtil = new CdiUtil(); // final CdiUtil cdiUtil = new CdiUtil();
final UserManager userManager = cdiUtil.findBean( //// final UserManager userManager = cdiUtil.findBean(
UserManager.class); //// UserManager.class);
if (!userManager.verifyPasswordForUser( //// if (!userManager.verifyPasswordForUser(
user, oldPassword)) { //// user, oldPassword)) {
data.addError(OLD_PASSWORD_PARAM_NAME, //// data.addError(OLD_PASSWORD_PARAM_NAME,
LoginHelper.localize( //// LoginHelper.localize(
"login.changePasswordForm.badPasswordError", //// "login.changePasswordForm.badPasswordError",
state.getRequest())); //// state.getRequest()));
return; //// return;
} //// }
} catch (CdiLookupException ex) { // } catch (CdiLookupException ex) {
throw new UncheckedWrapperException( // throw new UncheckedWrapperException(
"Failed to lookup UserManager", ex); // "Failed to lookup UserManager", ex);
} // }
// check new password // check new password
if (newPassword.equals(oldPassword)) { if (newPassword.equals(oldPassword)) {
@ -272,54 +267,54 @@ public class ChangePasswordForm extends Form
state.getRequest())); state.getRequest()));
return; return;
} }
User user = m_listener.getUser(state); // User user = m_listener.getUser(state);
//
// set new password // // set new password
try { // try {
final CdiUtil cdiUtil = new CdiUtil(); // final CdiUtil cdiUtil = new CdiUtil();
final UserManager userManager = cdiUtil.findBean(UserManager.class); // final UserManager userManager = cdiUtil.findBean(UserManager.class);
final UserRepository userRepository = cdiUtil.findBean( // final UserRepository userRepository = cdiUtil.findBean(
UserRepository.class); // UserRepository.class);
//
String newPassword = (String) m_newPassword.getValue(state); // String newPassword = (String) m_newPassword.getValue(state);
userManager.updatePassword(user, newPassword); // userManager.updatePassword(user, newPassword);
userRepository.save(user); // userRepository.save(user);
//
s_log.debug("committing password change"); // s_log.debug("committing password change");
} catch (CdiLookupException ex) { // } catch (CdiLookupException ex) {
throw new UncheckedWrapperException( // throw new UncheckedWrapperException(
"Failed to lookup UserManager or UserRepository", ex); // "Failed to lookup UserManager or UserRepository", ex);
} // }
// mail report to user // mail report to user
if (!user.getEmailAddresses().isEmpty()) { // if (!user.getEmailAddresses().isEmpty()) {
//
final HttpServletRequest req = state.getRequest(); // final HttpServletRequest req = state.getRequest();
//
final String to = user.getEmailAddresses().get(0).getAddress(); // final String to = user.getEmailAddresses().get(0).getAddress();
final String from = SecurityConfig.getConfig() // final String from = SecurityConfig.getConfig()
.getAdminContactEmail(); // .getAdminContactEmail();
final String name = user.getName().getGivenName(); // final String name = user.getName().getGivenName();
final String subject = LoginHelper.localize( // final String subject = LoginHelper.localize(
"login.changePasswordForm.mailSubject", req); // "login.changePasswordForm.mailSubject", req);
final String body = LoginHelper.localize( // final String body = LoginHelper.localize(
"login.changePasswordForm.mailBody", // "login.changePasswordForm.mailBody",
new Object[]{name}, // new Object[]{name},
req); // req);
//
// try to send the message, but don't throw the exception // // try to send the message, but don't throw the exception
// if it fails so that the password change is comitted // // if it fails so that the password change is comitted
// anyway. // // anyway.
try { // try {
Mail.send(to, from, subject, body); // Mail.send(to, from, subject, body);
} catch (javax.mail.MessagingException e) { // } catch (javax.mail.MessagingException e) {
s_log.error("Could not notify user of password change", e); // s_log.error("Could not notify user of password change", e);
} // }
} else { // } else {
s_log.debug("Could not notify user of password change: " // s_log.debug("Could not notify user of password change: "
+ "null email, user ID: " // + "null email, user ID: "
+ user.getSubjectId()); // + user.getSubjectId());
} // }
final HttpServletRequest req = state.getRequest(); final HttpServletRequest req = state.getRequest();

66
ccm-core/src/main/java/com/arsdigita/ui/login/EmailInitListener.java
View File

@ -28,8 +28,6 @@ import javax.mail.internet.AddressException;
import javax.mail.internet.InternetAddress; import javax.mail.internet.InternetAddress;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
import org.libreccm.core.CcmSessionContext;
import org.libreccm.core.User;
/** /**
* Initializes the value of the given parameter to the current user's email * Initializes the value of the given parameter to the current user's email
@ -55,40 +53,40 @@ public class EmailInitListener implements FormInitListener {
s_log.debug("START"); s_log.debug("START");
final CcmSessionContext ctx = Web.getUserContext(); // final CcmSessionContext ctx = Web.getUserContext();
if (!ctx.isLoggedIn()) { // if (!ctx.isLoggedIn()) {
s_log.debug("FAILURE not logged in"); // s_log.debug("FAILURE not logged in");
return; // return;
} // }
//
// User user = (User) ctx.getCurrentSubject();
User user = (User) ctx.getCurrentSubject(); // if (user == null) {
// s_log.debug("FAILURE no such user");
if (user == null) { // return;
s_log.debug("FAILURE no such user"); // }
return; //
} // if (user.getEmailAddresses().isEmpty()
// || user.getEmailAddresses().get(0) == null) {
if (user.getEmailAddresses().isEmpty() // s_log.debug("FAILURE null primary email");
|| user.getEmailAddresses().get(0) == null) { // return;
s_log.debug("FAILURE null primary email"); // }
return; //
} // if (user.getEmailAddresses().get(0).getAddress() == null
// || user.getEmailAddresses().get(0).getAddress().isEmpty()) {
if (user.getEmailAddresses().get(0).getAddress() == null // s_log.debug("FAILURE null email address");
|| user.getEmailAddresses().get(0).getAddress().isEmpty()) { // return;
s_log.debug("FAILURE null email address"); // }
return; //
} // try {
// InternetAddress addr = new InternetAddress(user.getEmailAddresses()
try { // .get(0).getAddress());
InternetAddress addr = new InternetAddress(user.getEmailAddresses() // data.put(m_param.getName(), addr);
.get(0).getAddress()); // } catch (AddressException e) {
data.put(m_param.getName(), addr); // s_log.debug("FAILURE badly formed address");
} catch (AddressException e) { // return;
s_log.debug("FAILURE badly formed address"); // }
return;
}
s_log.debug("SUCCESS"); s_log.debug("SUCCESS");
} }

249
ccm-core/src/main/java/com/arsdigita/ui/login/RecoverPasswordPanel.java
View File

@ -62,9 +62,6 @@ import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
import org.libreccm.cdi.utils.CdiLookupException; import org.libreccm.cdi.utils.CdiLookupException;
import org.libreccm.cdi.utils.CdiUtil; import org.libreccm.cdi.utils.CdiUtil;
import org.libreccm.core.User;
import org.libreccm.core.UserManager;
import org.libreccm.core.UserRepository;
import java.security.SecureRandom; import java.security.SecureRandom;
@ -167,31 +164,31 @@ public class RecoverPasswordPanel extends SimpleContainer
final String email = ((InternetAddress) data.get(FORM_EMAIL)) final String email = ((InternetAddress) data.get(FORM_EMAIL))
.getAddress(); .getAddress();
final long userID; final long userID;
try { // try {
final CdiUtil cdiUtil = new CdiUtil(); // final CdiUtil cdiUtil = new CdiUtil();
final UserRepository userRepository = cdiUtil.findBean( // final UserRepository userRepository = cdiUtil.findBean(
UserRepository.class); // UserRepository.class);
final User user = userRepository.findByEmailAddress(email); // final User user = userRepository.findByEmailAddress(email);
if (user == null) { // if (user == null) {
data.addError(FORM_EMAIL, // data.addError(FORM_EMAIL,
(String) ERROR_BAD_EMAIL.localize(event // (String) ERROR_BAD_EMAIL.localize(event
.getPageState().getRequest())); // .getPageState().getRequest()));
return; // return;
} // }
userID = user.getSubjectId(); // userID = user.getSubjectId();
event.getPageState().setValue(USERID_PARAM, userID); // event.getPageState().setValue(USERID_PARAM, userID);
//
if (userID != 0) { // if (userID != 0) {
if (user.isBanned()) { // if (user.isBanned()) {
data.addError(FORM_EMAIL, (String) ERROR_BANNED_EMAIL // data.addError(FORM_EMAIL, (String) ERROR_BANNED_EMAIL
.localize(event.getPageState() // .localize(event.getPageState()
.getRequest())); // .getRequest()));
} // }
} // }
} catch (CdiLookupException ex) { // } catch (CdiLookupException ex) {
throw new UncheckedWrapperException( // throw new UncheckedWrapperException(
"Failed to lookup UserRepository", ex); // "Failed to lookup UserRepository", ex);
} // }
// if the user exists, we need to make sure they are not banned. // if the user exists, we need to make sure they are not banned.
} }
@ -228,27 +225,27 @@ public class RecoverPasswordPanel extends SimpleContainer
throw new IllegalStateException( throw new IllegalStateException(
"userID must not be 0"); "userID must not be 0");
} }
try { // try {
final CdiUtil cdiUtil = new CdiUtil(); // final CdiUtil cdiUtil = new CdiUtil();
final UserRepository userRepository = cdiUtil.findBean( //// final UserRepository userRepository = cdiUtil.findBean(
UserRepository.class); //// UserRepository.class);
final User user = userRepository.findById(userID); //// final User user = userRepository.findById(userID);
if (user == null) { //// if (user == null) {
throw new IllegalStateException( //// throw new IllegalStateException(
"userID must be a valid user"); //// "userID must be a valid user");
} //// }
//
String theQuestion = user.getPasswordQuestion(); // String theQuestion = user.getPasswordQuestion();
if (theQuestion == null) { // if (theQuestion == null) {
throw new IllegalStateException( // throw new IllegalStateException(
"password question must not be null " // "password question must not be null "
+ "(userID == " + userID + ")"); // + "(userID == " + userID + ")");
} // }
label.setLabel(theQuestion); // label.setLabel(theQuestion);
} catch (CdiLookupException ex) { // } catch (CdiLookupException ex) {
throw new UncheckedWrapperException( // throw new UncheckedWrapperException(
"Failed to lookup user repository", ex); // "Failed to lookup user repository", ex);
} // }
} }
}); });
@ -276,25 +273,25 @@ public class RecoverPasswordPanel extends SimpleContainer
throw new IllegalStateException("userID must not be 0"); throw new IllegalStateException("userID must not be 0");
} }
try { // try {
final CdiUtil cdiUtil = new CdiUtil(); // final CdiUtil cdiUtil = new CdiUtil();
final UserRepository userRepository = cdiUtil.findBean( // final UserRepository userRepository = cdiUtil.findBean(
UserRepository.class); // UserRepository.class);
final User user = userRepository.findById(userID); // final User user = userRepository.findById(userID);
if (user == null) { // if (user == null) {
throw new IllegalStateException( // throw new IllegalStateException(
"userID must be a valid user"); // "userID must be a valid user");
} // }
final String correctAnswer = user.getPasswordAnswer(); // final String correctAnswer = user.getPasswordAnswer();
if (!correctAnswer.equals(answer)) { // if (!correctAnswer.equals(answer)) {
data.addError(FORM_PASSWORD_ANSWER, // data.addError(FORM_PASSWORD_ANSWER,
(String) ERROR_BAD_ANSWER.localize(event // (String) ERROR_BAD_ANSWER.localize(event
.getPageState().getRequest())); // .getPageState().getRequest()));
} // }
} catch (CdiLookupException ex) { // } catch (CdiLookupException ex) {
throw new UncheckedWrapperException( // throw new UncheckedWrapperException(
"Failed to lookup UserRepository", ex); // "Failed to lookup UserRepository", ex);
} // }
} }
@ -310,40 +307,40 @@ public class RecoverPasswordPanel extends SimpleContainer
throw new IllegalStateException("userID must not be 0"); throw new IllegalStateException("userID must not be 0");
} }
final CdiUtil cdiUtil = new CdiUtil(); // final CdiUtil cdiUtil = new CdiUtil();
final UserRepository userRepository; // final UserRepository userRepository;
try { // try {
userRepository = cdiUtil.findBean(UserRepository.class); // userRepository = cdiUtil.findBean(UserRepository.class);
} catch (CdiLookupException ex) { // } catch (CdiLookupException ex) {
throw new UncheckedWrapperException( // throw new UncheckedWrapperException(
"Failed to lookup UserRepository", ex); // "Failed to lookup UserRepository", ex);
} // }
final User user = userRepository.findById(userID); // final User user = userRepository.findById(userID);
if (user == null) { // if (user == null) {
throw new IllegalStateException("userID must be a valid user"); // throw new IllegalStateException("userID must be a valid user");
} // }
if (user.getEmailAddresses().isEmpty()) {
mailFailed(event, "null email, user ID: " + user.getSubjectId());
return;
}
String to = user.getEmailAddresses().get(0).getAddress();
String from = Mail.getConfig().getDefaultFrom();
// AFAICT this value below is hard coded to "" !
//KernelHelper.getSystemAdministratorEmailAddress();
String subject = LoginHelper.localize(
"login.recoverPassword.mailSubject", req);
String body = getNotification(user, event, req);
// if (user.getEmailAddresses().isEmpty()) {
// mailFailed(event, "null email, user ID: " + user.getSubjectId());
// return;
// }
//
// String to = user.getEmailAddresses().get(0).getAddress();
// String from = Mail.getConfig().getDefaultFrom();
// // AFAICT this value below is hard coded to "" !
// //KernelHelper.getSystemAdministratorEmailAddress();
// String subject = LoginHelper.localize(
// "login.recoverPassword.mailSubject", req);
// String body = getNotification(user, event, req);
//
// send the message and set next panel to "mail sent" page // send the message and set next panel to "mail sent" page
try { // try {
Mail.send(to, from, subject, body); // Mail.send(to, from, subject, body);
event.getPageState().setValue(DISPLAY_PARAM, MailSentPane.class // event.getPageState().setValue(DISPLAY_PARAM, MailSentPane.class
.getName()); // .getName());
} catch (MessagingException e) { // } catch (MessagingException e) {
mailFailed(event, e.toString()); // mailFailed(event, e.toString());
} // }
} }
} }
@ -376,32 +373,32 @@ public class RecoverPasswordPanel extends SimpleContainer
* Constructs the notification to send users when recovering a password. * Constructs the notification to send users when recovering a password.
* *
*/ */
private static String getNotification(final User user, // private static String getNotification(final User user,
final FormSectionEvent event, // final FormSectionEvent event,
final HttpServletRequest req) { // final HttpServletRequest req) {
final CdiUtil cdiUtil = new CdiUtil(); // final CdiUtil cdiUtil = new CdiUtil();
final UserManager userManager; // final UserManager userManager;
final UserRepository userRepository; // final UserRepository userRepository;
try { // try {
userManager = cdiUtil.findBean(UserManager.class); // userManager = cdiUtil.findBean(UserManager.class);
userRepository = cdiUtil.findBean(UserRepository.class); // userRepository = cdiUtil.findBean(UserRepository.class);
} catch (CdiLookupException ex) { // } catch (CdiLookupException ex) {
throw new UncheckedWrapperException( // throw new UncheckedWrapperException(
"Failed to lookup UserRepository or UserManager", ex); // "Failed to lookup UserRepository or UserManager", ex);
} // }
//
final String name = user.getName().getGivenName(); // final String name = user.getName().getGivenName();
String tmpPassword = RandomStringUtils.random( // String tmpPassword = RandomStringUtils.random(
16, 0, 0, false, false, null, new SecureRandom()); // 16, 0, 0, false, false, null, new SecureRandom());
//
userManager.updatePassword(user, tmpPassword); // userManager.updatePassword(user, tmpPassword);
user.setPasswordResetRequired(true); // user.setPasswordResetRequired(true);
userRepository.save(user); // userRepository.save(user);
//
return LoginHelper.localize("login.recoverPassword.mailBody", // return LoginHelper.localize("login.recoverPassword.mailBody",
new Object[]{name, tmpPassword}, // new Object[]{name, tmpPassword},
req); // req);
} // }
/** /**
* Displays a message that password recovery information couldn't be sent. * Displays a message that password recovery information couldn't be sent.

26
ccm-core/src/main/java/com/arsdigita/ui/login/ScreenNameInitListener.java
View File

@ -26,8 +26,6 @@ import com.arsdigita.bebop.parameters.StringParameter;
import com.arsdigita.web.Web; import com.arsdigita.web.Web;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
import org.libreccm.core.CcmSessionContext;
import org.libreccm.core.User;
// Note: Previously used SiteNodeRequestContext, nows using KernelRequestContext // Note: Previously used SiteNodeRequestContext, nows using KernelRequestContext
@ -62,17 +60,17 @@ public class ScreenNameInitListener implements FormInitListener {
PageState state = event.getPageState(); PageState state = event.getPageState();
FormData data = event.getFormData(); FormData data = event.getFormData();
s_log.debug("START"); s_log.debug("START");
final CcmSessionContext ctx = Web.getUserContext(); // final CcmSessionContext ctx = Web.getUserContext();
if (!ctx.isLoggedIn()) { // if (!ctx.isLoggedIn()) {
s_log.debug("FAILURE not logged in"); // s_log.debug("FAILURE not logged in");
return; // return;
} // }
final User user = (User) ctx.getCurrentSubject(); // final User user = (User) ctx.getCurrentSubject();
if (user.getScreenName() == null) { // if (user.getScreenName() == null) {
s_log.debug("FAILURE null screen name"); // s_log.debug("FAILURE null screen name");
return; // return;
} // }
data.put(m_param.getName(), user.getScreenName()); // data.put(m_param.getName(), user.getScreenName());
s_log.debug("SUCCESS"); // s_log.debug("SUCCESS");
} }
} }

52
ccm-core/src/main/java/com/arsdigita/ui/login/UserAuthenticationListener.java
View File

@ -30,8 +30,7 @@ import com.arsdigita.util.UncheckedWrapperException;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
import org.libreccm.cdi.utils.CdiLookupException; import org.libreccm.cdi.utils.CdiLookupException;
import org.libreccm.cdi.utils.CdiUtil; import org.libreccm.cdi.utils.CdiUtil;
import org.libreccm.core.CcmSessionContext; import org.libreccm.security.User;
import org.libreccm.core.User;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
@ -72,15 +71,17 @@ public class UserAuthenticationListener implements RequestListener {
// Note: aborts processing with an internal error if user not logged in! // Note: aborts processing with an internal error if user not logged in!
// Not suiteable just to check log in status. // Not suiteable just to check log in status.
final CdiUtil cdiUtil = new CdiUtil(); final CdiUtil cdiUtil = new CdiUtil();
try { // try {
final CcmSessionContext context = cdiUtil.findBean( // final CcmSessionContext context = cdiUtil.findBean(
CcmSessionContext.class); // CcmSessionContext.class);
//
return (User) context.getCurrentSubject(); // return (User) context.getCurrentSubject();
} catch (CdiLookupException ex) { // } catch (CdiLookupException ex) {
throw new UncheckedWrapperException( // throw new UncheckedWrapperException(
"Failed get get CcmSessionContext.", ex); // "Failed get get CcmSessionContext.", ex);
} // }
throw new UnsupportedOperationException();
} }
/** /**
@ -91,7 +92,8 @@ public class UserAuthenticationListener implements RequestListener {
* @return true if the user is logged in * @return true if the user is logged in
*/ */
public boolean isLoggedIn(final PageState state) { public boolean isLoggedIn(final PageState state) {
return Web.getUserContext().isLoggedIn(); // return Web.getUserContext().isLoggedIn();
return false;
} }
/** /**
@ -104,19 +106,19 @@ public class UserAuthenticationListener implements RequestListener {
public void pageRequested(final RequestEvent event) { public void pageRequested(final RequestEvent event) {
PageState state = event.getPageState(); PageState state = event.getPageState();
final CcmSessionContext sessionContext; // final CcmSessionContext sessionContext;
try { // try {
final CdiUtil cdiUtil = new CdiUtil(); // final CdiUtil cdiUtil = new CdiUtil();
sessionContext = cdiUtil.findBean( // sessionContext = cdiUtil.findBean(
CcmSessionContext.class); // CcmSessionContext.class);
} catch (CdiLookupException ex) { // } catch (CdiLookupException ex) {
throw new UncheckedWrapperException( // throw new UncheckedWrapperException(
"Failed to lookup CcmSessionContext", ex); // "Failed to lookup CcmSessionContext", ex);
} // }
if (!sessionContext.isLoggedIn()) { // if (!sessionContext.isLoggedIn()) {
s_log.debug("User is not logged in"); // s_log.debug("User is not logged in");
redirectToLoginPage(state); // redirectToLoginPage(state);
} // }
} }
/** /**

79
ccm-core/src/main/java/com/arsdigita/ui/login/UserEditForm.java
View File

@ -40,9 +40,7 @@ import org.apache.log4j.Logger;
import org.libreccm.cdi.utils.CdiLookupException; import org.libreccm.cdi.utils.CdiLookupException;
import org.libreccm.cdi.utils.CdiUtil; import org.libreccm.cdi.utils.CdiUtil;
import org.libreccm.core.EmailAddress; import org.libreccm.core.EmailAddress;
import org.libreccm.core.PersonName; import org.libreccm.security.User;
import org.libreccm.core.User;
import org.libreccm.core.UserRepository;
import java.util.logging.Level; import java.util.logging.Level;
@ -69,19 +67,20 @@ public class UserEditForm extends UserForm
@Override @Override
public Object initialValue(final PageState ps) { public Object initialValue(final PageState ps) {
User result; User result;
final long userId = m_listener.getUser(ps).getSubjectId(); final long userId = m_listener.getUser(ps).getPartyId();
final CdiUtil cdiUtil = new CdiUtil(); // final CdiUtil cdiUtil = new CdiUtil();
final UserRepository userRepository; // final UserRepository userRepository;
try { // try {
userRepository = cdiUtil.findBean(UserRepository.class); // userRepository = cdiUtil.findBean(UserRepository.class);
} catch (CdiLookupException ex) { // } catch (CdiLookupException ex) {
throw new UncheckedWrapperException( // throw new UncheckedWrapperException(
"Failed to lookup UserRepository.", ex); // "Failed to lookup UserRepository.", ex);
} // }
//
result = userRepository.findById(userId); // result = userRepository.findById(userId);
//
return result; // return result;
throw new UnsupportedOperationException();
} }
}; };
@ -122,30 +121,30 @@ public class UserEditForm extends UserForm
"Failed to retrieve user from page state"); "Failed to retrieve user from page state");
} }
final PersonName name = user.getName(); // final PersonName name = user.getName();
name.setGivenName((String) m_firstName.getValue(state)); // name.setGivenName((String) m_firstName.getValue(state));
name.setFamilyName((String) m_lastName.getValue(state)); // name.setFamilyName((String) m_lastName.getValue(state));
//
user.setScreenName((String) m_screenName.getValue(state)); // user.setScreenName((String) m_screenName.getValue(state));
//
final EmailAddress newAddress = new EmailAddress(); // final EmailAddress newAddress = new EmailAddress();
newAddress.setAddress(data.get(FORM_EMAIL).toString()); // newAddress.setAddress(data.get(FORM_EMAIL).toString());
if (user.getEmailAddresses().isEmpty()) { // if (user.getEmailAddresses().isEmpty()) {
user.addEmailAddress(newAddress); // user.addEmailAddress(newAddress);
} else { // } else {
if (!user.getEmailAddresses().get(0).equals(newAddress)) { // if (!user.getEmailAddresses().get(0).equals(newAddress)) {
user.getEmailAddresses().get(0).setAddress(newAddress.getAddress()); // user.getEmailAddresses().get(0).setAddress(newAddress.getAddress());
} // }
} // }
//
final CdiUtil cdiUtil = new CdiUtil(); // final CdiUtil cdiUtil = new CdiUtil();
final UserRepository userRepository; // final UserRepository userRepository;
try { // try {
userRepository = cdiUtil.findBean(UserRepository.class); // userRepository = cdiUtil.findBean(UserRepository.class);
} catch (CdiLookupException ex) { // } catch (CdiLookupException ex) {
throw new UncheckedWrapperException( // throw new UncheckedWrapperException(
"Failed to lookup UserRepository", ex); // "Failed to lookup UserRepository", ex);
} // }
// redirect to workspace or return URL, if specified // redirect to workspace or return URL, if specified
final HttpServletRequest req = state.getRequest(); final HttpServletRequest req = state.getRequest();

46
ccm-core/src/main/java/com/arsdigita/ui/login/UserForm.java
View File

@ -45,9 +45,7 @@ import javax.mail.internet.InternetAddress;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
import org.libreccm.cdi.utils.CdiLookupException; import org.libreccm.cdi.utils.CdiLookupException;
import org.libreccm.cdi.utils.CdiUtil; import org.libreccm.cdi.utils.CdiUtil;
import org.libreccm.core.PersonName; import org.libreccm.security.User;
import org.libreccm.core.User;
import org.libreccm.core.UserRepository;
/** /**
* Common code for user new / add / edit forms. * Common code for user new / add / edit forms.
@ -245,10 +243,8 @@ public abstract class UserForm extends Form
throw new FormProcessException(LoginGlobalizationUtil.globalize( throw new FormProcessException(LoginGlobalizationUtil.globalize(
"login.userForm.couldnt_load_user")); "login.userForm.couldnt_load_user"));
} }
m_firstName.setValue(state, user.getGivenName());
PersonName name = user.getName(); m_lastName.setValue(state, user.getFamilyName());
m_firstName.setValue(state, name.getGivenName());
m_lastName.setValue(state, name.getFamilyName());
InternetAddress address; InternetAddress address;
try { try {
@ -264,7 +260,7 @@ public abstract class UserForm extends Form
} }
m_email.setValue(state, address); m_email.setValue(state, address);
m_screenName.setValue(state, user.getScreenName()); m_screenName.setValue(state, user.getName());
} }
@ -319,24 +315,24 @@ public abstract class UserForm extends Form
final boolean checkPrimaryEmail = KernelConfig.getConfig() final boolean checkPrimaryEmail = KernelConfig.getConfig()
.emailIsPrimaryIdentifier(); .emailIsPrimaryIdentifier();
final UserRepository userRepo; // final UserRepository userRepo;
try { // try {
final CdiUtil cdiUtil = new CdiUtil(); // final CdiUtil cdiUtil = new CdiUtil();
userRepo = cdiUtil.findBean( // userRepo = cdiUtil.findBean(
UserRepository.class); // UserRepository.class);
} catch (CdiLookupException ex) { // } catch (CdiLookupException ex) {
throw new FormProcessException(ex); // throw new FormProcessException(ex);
} // }
final User userByEmail = userRepo.findByEmailAddress(email); // final User userByEmail = userRepo.findByEmailAddress(email);
if (userByEmail != null && checkPrimaryEmail) { // if (userByEmail != null && checkPrimaryEmail) {
data.addError(FORM_EMAIL, ERROR_DUPLICATE_EMAIL); // data.addError(FORM_EMAIL, ERROR_DUPLICATE_EMAIL);
} // }
//
final User userByScreenname = userRepo.findByScreenName(screenName); // final User userByScreenname = userRepo.findByScreenName(screenName);
if (userByScreenname != null) { // if (userByScreenname != null) {
data.addError(FORM_SCREEN_NAME, ERROR_DUPLICATE_SN); // data.addError(FORM_SCREEN_NAME, ERROR_DUPLICATE_SN);
} // }
} finally { } finally {
// if the form has errors, clear the password fields so we don't // if the form has errors, clear the password fields so we don't

10
ccm-core/src/main/java/com/arsdigita/ui/login/UserInfo.java
View File

@ -34,7 +34,7 @@ import java.util.List;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
import org.libreccm.cdi.utils.CdiLookupException; import org.libreccm.cdi.utils.CdiLookupException;
import org.libreccm.cdi.utils.CdiUtil; import org.libreccm.cdi.utils.CdiUtil;
import org.libreccm.core.User; import org.libreccm.security.User;
import org.libreccm.web.ApplicationRepository; import org.libreccm.web.ApplicationRepository;
import org.libreccm.web.CcmApplication; import org.libreccm.web.CcmApplication;
@ -157,7 +157,7 @@ public class UserInfo extends SimpleContainer {
// in any case: add basic user attributes // in any case: add basic user attributes
userElement.addAttribute("id", userElement.addAttribute("id",
Long.toString(user.getSubjectId())); Long.toString(user.getPartyId()));
if (!user.getEmailAddresses().isEmpty()) { if (!user.getEmailAddresses().isEmpty()) {
userElement.addAttribute("email", userElement.addAttribute("email",
user.getEmailAddresses().get(0) user.getEmailAddresses().get(0)
@ -165,9 +165,9 @@ public class UserInfo extends SimpleContainer {
} }
userElement.addAttribute( userElement.addAttribute(
"name", String.format("%s %s", "name", String.format("%s %s",
user.getName().getGivenName(), user.getGivenName(),
user.getName().getFamilyName())); user.getFamilyName()));
userElement.addAttribute("screenName", user.getScreenName()); userElement.addAttribute("screenName", user.getName());
parent.addContent(userElement); parent.addContent(userElement);
} }

60
ccm-core/src/main/java/com/arsdigita/ui/login/UserLoginForm.java
View File

@ -63,8 +63,6 @@ import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
import org.libreccm.cdi.utils.CdiLookupException; import org.libreccm.cdi.utils.CdiLookupException;
import org.libreccm.cdi.utils.CdiUtil; import org.libreccm.cdi.utils.CdiUtil;
import org.libreccm.core.CcmSessionContext;
import org.libreccm.core.authentication.LoginManager;
import java.util.logging.Level; import java.util.logging.Level;
@ -334,35 +332,35 @@ public class UserLoginForm extends Form
throws FormProcessException { throws FormProcessException {
PageState state = event.getPageState(); PageState state = event.getPageState();
try { // try {
final CcmSessionContext ctx = Web.getUserContext(); // final CcmSessionContext ctx = Web.getUserContext();
final String username; // final String username;
if (KernelConfig.getConfig().emailIsPrimaryIdentifier()) { // if (KernelConfig.getConfig().emailIsPrimaryIdentifier()) {
username = ((InternetAddress) m_loginName.getValue(state)). // username = ((InternetAddress) m_loginName.getValue(state)).
getAddress(); // getAddress();
} else { // } else {
username = (String) m_loginName.getValue(state); // username = (String) m_loginName.getValue(state);
} // }
//
final String password = ((String)m_password.getValue(state)).trim(); // final String password = ((String)m_password.getValue(state)).trim();
boolean forever = getPersistentLoginValue(event.getPageState(), // boolean forever = getPersistentLoginValue(event.getPageState(),
false); // false);
// attempt to log in user // // attempt to log in user
final CdiUtil cdiUtil = new CdiUtil(); // final CdiUtil cdiUtil = new CdiUtil();
final LoginManager loginManager; // final LoginManager loginManager;
try { // try {
loginManager = cdiUtil.findBean(LoginManager.class); // loginManager = cdiUtil.findBean(LoginManager.class);
} catch (CdiLookupException ex) { // } catch (CdiLookupException ex) {
throw new UncheckedWrapperException( // throw new UncheckedWrapperException(
"Failed to lookup LoginManager", ex); // "Failed to lookup LoginManager", ex);
} // }
loginManager.login(username, password); // loginManager.login(username, password);
onLoginSuccess(event); // onLoginSuccess(event);
} catch (FailedLoginException e) { // } catch (FailedLoginException e) {
onLoginFail(event, e); // onLoginFail(event, e);
} catch (LoginException e) { // } catch (LoginException e) {
onLoginException(event, e); // onLoginException(event, e);
} // }
} }
/** /**

17
ccm-core/src/main/java/com/arsdigita/ui/login/UserLogoutListener.java
View File

@ -25,7 +25,6 @@ import com.arsdigita.util.UncheckedWrapperException;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
import org.libreccm.cdi.utils.CdiLookupException; import org.libreccm.cdi.utils.CdiLookupException;
import org.libreccm.cdi.utils.CdiUtil; import org.libreccm.cdi.utils.CdiUtil;
import org.libreccm.core.authentication.LoginManager;
/** /**
* An ActionListener that logs out the user. * An ActionListener that logs out the user.
@ -47,14 +46,14 @@ public class UserLogoutListener implements ActionListener {
@Override @Override
public void actionPerformed(final ActionEvent event) { public void actionPerformed(final ActionEvent event) {
final CdiUtil cdiUtil = new CdiUtil(); final CdiUtil cdiUtil = new CdiUtil();
final LoginManager loginManager; // final LoginManager loginManager;
try { // try {
loginManager = cdiUtil.findBean(LoginManager.class); // loginManager = cdiUtil.findBean(LoginManager.class);
} catch (CdiLookupException ex) { // } catch (CdiLookupException ex) {
throw new UncheckedWrapperException("Failed to lookup LoginManager", // throw new UncheckedWrapperException("Failed to lookup LoginManager",
ex); // ex);
} // }
loginManager.logout(); // loginManager.logout();
} }
} }

161
ccm-core/src/main/java/com/arsdigita/ui/login/UserNewForm.java
View File

@ -47,14 +47,9 @@ import org.apache.log4j.Logger;
import org.dom4j.util.UserDataDocumentFactory; import org.dom4j.util.UserDataDocumentFactory;
import org.libreccm.cdi.utils.CdiLookupException; import org.libreccm.cdi.utils.CdiLookupException;
import org.libreccm.cdi.utils.CdiUtil; import org.libreccm.cdi.utils.CdiUtil;
import org.libreccm.core.CcmSessionContext;
import org.libreccm.core.EmailAddress; import org.libreccm.core.EmailAddress;
import org.libreccm.core.PermissionManager; import org.libreccm.security.User;
import org.libreccm.core.PersonName;
import org.libreccm.core.User;
import org.libreccm.core.UserManager;
import org.libreccm.core.UserRepository;
import org.libreccm.core.authentication.LoginManager;
/** /**
* Creates a new user. Collects user's basic info, such as email, password, * Creates a new user. Collects user's basic info, such as email, password,
@ -155,88 +150,88 @@ public class UserNewForm extends UserForm implements FormInitListener,
final Exception[] formExceptions = new Exception[]{null}; final Exception[] formExceptions = new Exception[]{null};
final CdiUtil cdiUtil = new CdiUtil(); // final CdiUtil cdiUtil = new CdiUtil();
final CcmSessionContext sessionContext; // final CcmSessionContext sessionContext;
try { // try {
sessionContext = cdiUtil.findBean(CcmSessionContext.class); // sessionContext = cdiUtil.findBean(CcmSessionContext.class);
} catch (CdiLookupException ex) { // } catch (CdiLookupException ex) {
throw new UncheckedWrapperException( // throw new UncheckedWrapperException(
"Failed to lookup CcmSessionContext", ex); // "Failed to lookup CcmSessionContext", ex);
} // }
//
// final UserRepository userRepository;
// try {
// userRepository = cdiUtil.findBean(UserRepository.class);
// } catch (CdiLookupException ex) {
// throw new UncheckedWrapperException(
// "Failed to lookup UserRepository", ex);
// }
//
// final User systemUser = userRepository.retrieveSystemUser();
//
// sessionContext.sudo(systemUser, new Runnable() {
final UserRepository userRepository; // @Override
try { // public void run() {
userRepository = cdiUtil.findBean(UserRepository.class); // final User user = new User();
} catch (CdiLookupException ex) { // final PersonName userName = new PersonName();
throw new UncheckedWrapperException( // userName.setGivenName(firstName);
"Failed to lookup UserRepository", ex); // userName.setFamilyName(lastName);
} // final EmailAddress emailAddress = new EmailAddress();
// emailAddress.setAddress(email);
final User systemUser = userRepository.retrieveSystemUser(); // user.addEmailAddress(emailAddress);
// if (!KernelConfig.getConfig().emailIsPrimaryIdentifier()) {
sessionContext.sudo(systemUser, new Runnable() { // user.setScreenName(screenName);
// }
@Override // userRepository.save(user);
public void run() { //
final User user = new User(); //// final PermissionManager permissionManager;
final PersonName userName = new PersonName(); //// try {
userName.setGivenName(firstName); //// permissionManager = cdiUtil
userName.setFamilyName(lastName); //// .findBean(PermissionManager.class);
final EmailAddress emailAddress = new EmailAddress(); //// } catch (CdiLookupException ex) {
emailAddress.setAddress(email); //// throw new UncheckedWrapperException(
user.addEmailAddress(emailAddress); //// "Failed to lookup PermissionManager", ex);
if (!KernelConfig.getConfig().emailIsPrimaryIdentifier()) { //// }
user.setScreenName(screenName); ////
} //// permissionManager.grantPermission(null, null, user);
userRepository.save(user); // final UserManager userManager;
// final PermissionManager permissionManager;
// try { // try {
// permissionManager = cdiUtil // userManager = cdiUtil.findBean(UserManager.class);
// .findBean(PermissionManager.class);
// } catch (CdiLookupException ex) { // } catch (CdiLookupException ex) {
// throw new UncheckedWrapperException( // throw new UncheckedWrapperException(
// "Failed to lookup PermissionManager", ex); // "Failed to lookup UserManager", ex);
// } // }
// // userManager.updatePassword(user, password);
// permissionManager.grantPermission(null, null, user); // user.setPasswordQuestion(question);
final UserManager userManager; // user.setPasswordAnswer(answer);
try { // }
userManager = cdiUtil.findBean(UserManager.class); //
} catch (CdiLookupException ex) { // });
throw new UncheckedWrapperException(
"Failed to lookup UserManager", ex);
}
userManager.updatePassword(user, password);
user.setPasswordQuestion(question);
user.setPasswordAnswer(answer);
}
}); // try {
// // finally log the user in (sets the
try { // // appropriate session or permanent cookie)
// finally log the user in (sets the // String loginName = email;
// appropriate session or permanent cookie) // if (!KernelConfig.getConfig().emailIsPrimaryIdentifier()) {
String loginName = email; // loginName = screenName;
if (!KernelConfig.getConfig().emailIsPrimaryIdentifier()) { // }
loginName = screenName; //
} // final LoginManager loginManager;
// try {
final LoginManager loginManager; // loginManager = cdiUtil.findBean(LoginManager.class);
try { // } catch (CdiLookupException ex) {
loginManager = cdiUtil.findBean(LoginManager.class); // throw new UncheckedWrapperException(
} catch (CdiLookupException ex) { // "Failed to lookup LoginManager", ex);
throw new UncheckedWrapperException( // }
"Failed to lookup LoginManager", ex); //
} // loginManager.login(loginName, password);
//
loginManager.login(loginName, password); // } catch (LoginException e) {
// // ERROR: login failed for new user
} catch (LoginException e) { // s_log.error("login failed for new user", e);
// ERROR: login failed for new user // throw new FormProcessException(e);
s_log.error("login failed for new user", e); // }
throw new FormProcessException(e);
}
// redirect to workspace or return URL, if specified // redirect to workspace or return URL, if specified
final HttpServletRequest req = state.getRequest(); final HttpServletRequest req = state.getRequest();

1
ccm-core/src/main/java/com/arsdigita/web/CCMDispatcherServlet.java
View File

@ -35,7 +35,6 @@ import javax.servlet.RequestDispatcher;
import javax.servlet.ServletContext; import javax.servlet.ServletContext;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet; import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;

15
ccm-core/src/main/java/com/arsdigita/web/Web.java
View File

@ -30,7 +30,6 @@ import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
import org.libreccm.core.CcmSessionContext;
/** /**
* An entry point for functions of the web package. * An entry point for functions of the web package.
@ -78,17 +77,14 @@ public class Web {
* Static Initializer block. * Static Initializer block.
*/ */
static void init(final HttpServletRequest sreq, static void init(final HttpServletRequest sreq,
final ServletContext sc, final ServletContext sc) {
final CcmSessionContext uc) {
Assert.exists(sreq, HttpServletRequest.class); Assert.exists(sreq, HttpServletRequest.class);
Assert.exists(sc, ServletContext.class); Assert.exists(sc, ServletContext.class);
Assert.exists(uc, CcmSessionContext.class);
s_request.set(sreq); s_request.set(sreq);
s_servletContext.set(sc); s_servletContext.set(sc);
s_contextPath = CCMDispatcherServlet.getContextPath(); s_contextPath = CCMDispatcherServlet.getContextPath();
s_userContext.set(uc);
} }
/** /**
@ -131,15 +127,6 @@ public class Web {
return (ServletContext) s_servletContext.get(); return (ServletContext) s_servletContext.get();
} }
/**
* Gets the user context object of the current thread.
*
* @return The current <code>UserContext</code> object; it can be null
*/
public static CcmSessionContext getUserContext() {
return (CcmSessionContext) s_userContext.get();
}
/** /**
* Gets the webapp context path portion of the WEB application where this * Gets the webapp context path portion of the WEB application where this
* CCM instance is executed. (I.e. where the WEB-INF directory is located * CCM instance is executed. (I.e. where the WEB-INF directory is located

12
ccm-core/src/main/java/com/arsdigita/web/WebContext.java
View File

@ -23,8 +23,6 @@ import com.arsdigita.util.Assert;
import com.arsdigita.util.Record; import com.arsdigita.util.Record;
import org.apache.log4j.Logger; import org.apache.log4j.Logger;
import org.libreccm.core.CcmSessionContext;
import org.libreccm.core.User;
import org.libreccm.web.CcmApplication; import org.libreccm.web.CcmApplication;
/** /**
@ -100,16 +98,6 @@ public final class WebContext extends Record {
m_requestURL = null; m_requestURL = null;
} }
public final User getUser() {
CcmSessionContext context = Web.getUserContext();
if (context == null || !context.isLoggedIn()) {
return null;
} else {
return (User) context.getCurrentSubject();
}
}
/** /**
* *
* @return * @return

19
ccm-core/src/main/java/org/libreccm/auditing/CcmRevisionListener.java
View File

@ -19,9 +19,6 @@
package org.libreccm.auditing; package org.libreccm.auditing;
import org.hibernate.envers.RevisionListener; import org.hibernate.envers.RevisionListener;
import org.libreccm.core.CcmSessionContext;
import org.libreccm.core.Subject;
import org.libreccm.core.User;
import javax.inject.Inject; import javax.inject.Inject;
@ -32,8 +29,8 @@ import javax.inject.Inject;
*/ */
public class CcmRevisionListener implements RevisionListener { public class CcmRevisionListener implements RevisionListener {
@Inject // @Inject
private transient CcmSessionContext sessionContext; // private transient CcmSessionContext sessionContext;
@Override @Override
public void newRevision(final Object revisionEntity) { public void newRevision(final Object revisionEntity) {
@ -44,11 +41,13 @@ public class CcmRevisionListener implements RevisionListener {
} }
final CcmRevision revision = (CcmRevision) revisionEntity; final CcmRevision revision = (CcmRevision) revisionEntity;
final Subject subject = sessionContext.getCurrentSubject(); //ToDo: Add code using Shiro Subject
if (subject instanceof User) {
final User user = (User) subject; // final Subject subject = sessionContext.getCurrentSubject();
revision.setUserName(user.getScreenName()); // if (subject instanceof User) {
} // final User user = (User) subject;
// revision.setUserName(user.getScreenName());
// }
} }
} }

4
ccm-core/src/main/java/org/libreccm/categorization/Category.java
View File

@ -91,7 +91,7 @@ public class Category extends CcmObject implements Serializable {
*/ */
@Embedded @Embedded
@AssociationOverride( @AssociationOverride(
name = "VALUES", name = "values",
joinTable = @JoinTable(name = "CATEGORY_TITLES", joinTable = @JoinTable(name = "CATEGORY_TITLES",
schema = DB_SCHEMA, schema = DB_SCHEMA,
joinColumns = { joinColumns = {
@ -104,7 +104,7 @@ public class Category extends CcmObject implements Serializable {
*/ */
@Embedded @Embedded
@AssociationOverride( @AssociationOverride(
name = "VALUES", name = "values",
joinTable = @JoinTable(name = "CATEGORY_DESCRIPTIONS", joinTable = @JoinTable(name = "CATEGORY_DESCRIPTIONS",
schema = DB_SCHEMA, schema = DB_SCHEMA,
joinColumns = { joinColumns = {

4
ccm-core/src/main/java/org/libreccm/categorization/Domain.java
View File

@ -115,7 +115,7 @@ public class Domain extends CcmObject implements Serializable {
*/ */
@Embedded @Embedded
@AssociationOverride( @AssociationOverride(
name = "VALUES", name = "values",
joinTable = @JoinTable(name = "DOMAIN_TITLES", joinTable = @JoinTable(name = "DOMAIN_TITLES",
schema = DB_SCHEMA, schema = DB_SCHEMA,
joinColumns = { joinColumns = {
@ -128,7 +128,7 @@ public class Domain extends CcmObject implements Serializable {
*/ */
@Embedded @Embedded
@AssociationOverride( @AssociationOverride(
name = "VALUES", name = "values",
joinTable = @JoinTable(name = "DOMAIN_DESCRIPTIONS", joinTable = @JoinTable(name = "DOMAIN_DESCRIPTIONS",
schema = DB_SCHEMA, schema = DB_SCHEMA,
joinColumns = { joinColumns = {

22
ccm-core/src/main/java/org/libreccm/core/CcmCore.java
View File

@ -24,6 +24,8 @@ import org.libreccm.modules.InstallEvent;
import org.libreccm.modules.Module; import org.libreccm.modules.Module;
import org.libreccm.modules.ShutdownEvent; import org.libreccm.modules.ShutdownEvent;
import org.libreccm.modules.UnInstallEvent; import org.libreccm.modules.UnInstallEvent;
import org.libreccm.security.SystemUsersSetup;
import org.libreccm.security.User;
import javax.persistence.EntityManager; import javax.persistence.EntityManager;
@ -37,15 +39,8 @@ import javax.persistence.EntityManager;
org.libreccm.categorization.Domain.class, org.libreccm.categorization.Domain.class,
org.libreccm.categorization.DomainOwnership.class, org.libreccm.categorization.DomainOwnership.class,
org.libreccm.core.CcmObject.class, org.libreccm.core.CcmObject.class,
org.libreccm.core.Group.class,
org.libreccm.core.GroupMembership.class,
org.libreccm.core.Permission.class,
org.libreccm.core.Privilege.class,
org.libreccm.core.Resource.class, org.libreccm.core.Resource.class,
org.libreccm.core.ResourceType.class, org.libreccm.core.ResourceType.class,
org.libreccm.core.Role.class,
org.libreccm.core.Subject.class,
org.libreccm.core.User.class,
org.libreccm.modules.InstalledModule.class, org.libreccm.modules.InstalledModule.class,
org.libreccm.formbuilder.Component.class, org.libreccm.formbuilder.Component.class,
org.libreccm.formbuilder.DataDrivenSelect.class, org.libreccm.formbuilder.DataDrivenSelect.class,
@ -86,17 +81,8 @@ public class CcmCore implements CcmModule {
public void install(final InstallEvent event) { public void install(final InstallEvent event) {
final EntityManager entityManager = event.getEntityManager(); final EntityManager entityManager = event.getEntityManager();
final User user = new User(); final SystemUsersSetup systemUsersSetup = new SystemUsersSetup(entityManager);
user.setScreenName("public-user"); systemUsersSetup.setupSystemUsers();
final PersonName name = new PersonName();
name.setFamilyName("ccm");
name.setGivenName("public user");
user.setName(name);
final EmailAddress email = new EmailAddress();
email.setAddress("public-user@localhost");
user.addEmailAddress(email);
entityManager.persist(user);
} }
@Override @Override

1
ccm-core/src/main/java/org/libreccm/core/CcmObject.java
View File

@ -23,6 +23,7 @@ import static org.libreccm.core.CoreConstants.*;
import org.libreccm.categorization.Categorization; import org.libreccm.categorization.Categorization;
import org.libreccm.categorization.Category; import org.libreccm.categorization.Category;
import org.libreccm.categorization.CategoryManager; import org.libreccm.categorization.CategoryManager;
import org.libreccm.security.Permission;
import java.io.Serializable; import java.io.Serializable;
import java.util.ArrayList; import java.util.ArrayList;

0
ccm-core/src/main/java/org/libreccm/core/CcmSessionContext.java → ccm-core/src/main/java/org/libreccm/core/CcmSessionContext.java.nolongerinuse
View File

0
ccm-core/src/main/java/org/libreccm/core/Group.java → ccm-core/src/main/java/org/libreccm/core/Group.java.nolongerinuse
View File

0
ccm-core/src/main/java/org/libreccm/core/GroupManager.java → ccm-core/src/main/java/org/libreccm/core/GroupManager.java.nolongerinuse
View File

0
ccm-core/src/main/java/org/libreccm/core/GroupMembership.java → ccm-core/src/main/java/org/libreccm/core/GroupMembership.java.nolongerinuse
View File

0
ccm-core/src/main/java/org/libreccm/core/GroupRepository.java → ccm-core/src/main/java/org/libreccm/core/GroupRepository.java.nolongerinuse
View File

0
ccm-core/src/main/java/org/libreccm/core/Permission.java → ccm-core/src/main/java/org/libreccm/core/Permission.java.nolongerinuse
View File

0
ccm-core/src/main/java/org/libreccm/core/PermissionManager.java → ccm-core/src/main/java/org/libreccm/core/PermissionManager.java.nolongerinuse
View File

0
ccm-core/src/main/java/org/libreccm/core/PermissionRepository.java → ccm-core/src/main/java/org/libreccm/core/PermissionRepository.java.nolongerinuse
View File

0
ccm-core/src/main/java/org/libreccm/core/PersonName.java → ccm-core/src/main/java/org/libreccm/core/PersonName.java.nolongerinuse
View File

0
ccm-core/src/main/java/org/libreccm/core/Privilege.java → ccm-core/src/main/java/org/libreccm/core/Privilege.java.nolongerinuse
View File

0
ccm-core/src/main/java/org/libreccm/core/PrivilegeRepository.java → ccm-core/src/main/java/org/libreccm/core/PrivilegeRepository.java.nolongerinuse
View File

4
ccm-core/src/main/java/org/libreccm/core/Resource.java
View File

@ -66,7 +66,7 @@ public class Resource extends CcmObject implements Serializable {
*/ */
@Embedded @Embedded
@AssociationOverride( @AssociationOverride(
name = "VALUES", name = "values",
joinTable = @JoinTable(name = "RESOURCE_TITLES", joinTable = @JoinTable(name = "RESOURCE_TITLES",
schema = DB_SCHEMA, schema = DB_SCHEMA,
joinColumns = { joinColumns = {
@ -78,7 +78,7 @@ public class Resource extends CcmObject implements Serializable {
*/ */
@Embedded @Embedded
@AssociationOverride( @AssociationOverride(
name = "VALUES", name = "values",
joinTable = @JoinTable(name = "RESOURCE_DESCRIPTIONS", joinTable = @JoinTable(name = "RESOURCE_DESCRIPTIONS",
schema = DB_SCHEMA, schema = DB_SCHEMA,
joinColumns = { joinColumns = {

2
ccm-core/src/main/java/org/libreccm/core/ResourceType.java
View File

@ -70,7 +70,7 @@ public class ResourceType implements Serializable {
@Embedded @Embedded
@AssociationOverride( @AssociationOverride(
name = "VALUES", name = "values",
joinTable = @JoinTable(name = "RESOURCE_TYPE_DESCRIPTIONS", joinTable = @JoinTable(name = "RESOURCE_TYPE_DESCRIPTIONS",
schema = DB_SCHEMA, schema = DB_SCHEMA,
joinColumns = { joinColumns = {

0
ccm-core/src/main/java/org/libreccm/core/Role.java → ccm-core/src/main/java/org/libreccm/core/Role.java.nolongerinuse
View File

0
ccm-core/src/main/java/org/libreccm/core/RoleRepository.java → ccm-core/src/main/java/org/libreccm/core/RoleRepository.java.nolongerinuse
View File

0
ccm-core/src/main/java/org/libreccm/core/Subject.java → ccm-core/src/main/java/org/libreccm/core/Subject.java.nolongerinuse
View File

0
ccm-core/src/main/java/org/libreccm/core/SubjectRepository.java → ccm-core/src/main/java/org/libreccm/core/SubjectRepository.java.nolongerinuse
View File

0
ccm-core/src/main/java/org/libreccm/core/User.java → ccm-core/src/main/java/org/libreccm/core/User.java.nolongerinuse
View File

0
ccm-core/src/main/java/org/libreccm/core/UserManager.java → ccm-core/src/main/java/org/libreccm/core/UserManager.java.nolongerinuse
View File

0
ccm-core/src/main/java/org/libreccm/core/UserNotFoundException.java → ccm-core/src/main/java/org/libreccm/core/UserNotFoundException.java.nolongerinuse
View File

0
ccm-core/src/main/java/org/libreccm/core/UserRepository.java → ccm-core/src/main/java/org/libreccm/core/UserRepository.java.nolongerinuse
View File

0
ccm-core/src/main/java/org/libreccm/core/authentication/AbstractPasswordLoginModule.java → ccm-core/src/main/java/org/libreccm/core/authentication/AbstractPasswordLoginModule.java.nolongerinuse
View File

0
ccm-core/src/main/java/org/libreccm/core/authentication/LocalLoginModule.java → ccm-core/src/main/java/org/libreccm/core/authentication/LocalLoginModule.java.nolongerinuse
View File

0
ccm-core/src/main/java/org/libreccm/core/authentication/LoginConfig.java → ccm-core/src/main/java/org/libreccm/core/authentication/LoginConfig.java.nolongerinuse
View File

0
ccm-core/src/main/java/org/libreccm/core/authentication/LoginConfigBuilder.java → ccm-core/src/main/java/org/libreccm/core/authentication/LoginConfigBuilder.java.nolongerinuse
View File

0
ccm-core/src/main/java/org/libreccm/core/authentication/LoginManager.java → ccm-core/src/main/java/org/libreccm/core/authentication/LoginManager.java.nolongerinuse
View File

0
ccm-core/src/main/java/org/libreccm/core/authentication/UserPrincipal.java → ccm-core/src/main/java/org/libreccm/core/authentication/UserPrincipal.java.nolongerinuse
View File

2
ccm-core/src/main/java/org/libreccm/formbuilder/Component.java
View File

@ -58,7 +58,7 @@ public class Component extends CcmObject implements Serializable {
@Embedded @Embedded
@AssociationOverride( @AssociationOverride(
name = "VALUES", name = "values",
joinTable = @JoinTable(name = "FORMBUILDER_COMPONENT_DESCRIPTIONS", joinTable = @JoinTable(name = "FORMBUILDER_COMPONENT_DESCRIPTIONS",
schema = DB_SCHEMA, schema = DB_SCHEMA,
joinColumns = { joinColumns = {

2
ccm-core/src/main/java/org/libreccm/formbuilder/Option.java
View File

@ -46,7 +46,7 @@ public class Option extends Component implements Serializable {
private String parameterValue; private String parameterValue;
@AssociationOverride( @AssociationOverride(
name = "VALUES", name = "values",
joinTable = @JoinTable(name = "FORMBUILDER_OPTION_LABELS", joinTable = @JoinTable(name = "FORMBUILDER_OPTION_LABELS",
schema = DB_SCHEMA, schema = DB_SCHEMA,
joinColumns = { joinColumns = {

4
ccm-core/src/main/java/org/libreccm/formbuilder/PersistentDataQuery.java
View File

@ -48,7 +48,7 @@ public class PersistentDataQuery extends CcmObject implements Serializable {
private String queryId; private String queryId;
@AssociationOverride( @AssociationOverride(
name = "VALUES", name = "values",
joinTable = @JoinTable( joinTable = @JoinTable(
name = "FORMBUILDER_DATA_QUERY_NAMES", name = "FORMBUILDER_DATA_QUERY_NAMES",
schema = DB_SCHEMA, schema = DB_SCHEMA,
@ -57,7 +57,7 @@ public class PersistentDataQuery extends CcmObject implements Serializable {
private LocalizedString name; private LocalizedString name;
@AssociationOverride( @AssociationOverride(
name = "VALUES", name = "values",
joinTable = @JoinTable( joinTable = @JoinTable(
name = "FORMBUILDER_DATA_QUERY_DESCRIPTIONS", name = "FORMBUILDER_DATA_QUERY_DESCRIPTIONS",
schema = DB_SCHEMA, schema = DB_SCHEMA,

4
ccm-core/src/main/java/org/libreccm/formbuilder/ProcessListener.java
View File

@ -46,7 +46,7 @@ public class ProcessListener extends CcmObject implements Serializable {
private static final long serialVersionUID = -3029184333026605708L; private static final long serialVersionUID = -3029184333026605708L;
@AssociationOverride( @AssociationOverride(
name = "VALUES", name = "values",
joinTable = @JoinTable( joinTable = @JoinTable(
name = "FORMBUILDER_PROCESS_LISTENER_NAMES", name = "FORMBUILDER_PROCESS_LISTENER_NAMES",
schema = DB_SCHEMA, schema = DB_SCHEMA,
@ -55,7 +55,7 @@ public class ProcessListener extends CcmObject implements Serializable {
private LocalizedString name; private LocalizedString name;
@AssociationOverride( @AssociationOverride(
name = "VALUES", name = "values",
joinTable = @JoinTable( joinTable = @JoinTable(
name = "FORMBUILDER_PROCESS_LISTENER_DESCRIPTIONS", name = "FORMBUILDER_PROCESS_LISTENER_DESCRIPTIONS",
schema = DB_SCHEMA, schema = DB_SCHEMA,

8
ccm-core/src/main/java/org/libreccm/messaging/Message.java
View File

@ -22,8 +22,8 @@ import org.libreccm.core.CcmObject;
import static org.libreccm.core.CoreConstants.*; import static org.libreccm.core.CoreConstants.*;
import org.libreccm.core.Subject;
import org.libreccm.jpa.utils.MimeTypeConverter; import org.libreccm.jpa.utils.MimeTypeConverter;
import org.libreccm.security.User;
import java.io.Serializable; import java.io.Serializable;
import java.util.Collections; import java.util.Collections;
@ -59,7 +59,7 @@ public class Message extends CcmObject implements Serializable {
@OneToOne @OneToOne
@JoinColumn(name = "SENDER_ID") @JoinColumn(name = "SENDER_ID")
private Subject sender; private User sender;
@Column(name = "SUBJECT") @Column(name = "SUBJECT")
private String subject; private String subject;
@ -85,11 +85,11 @@ public class Message extends CcmObject implements Serializable {
@OneToMany(mappedBy = "message") @OneToMany(mappedBy = "message")
private List<Attachment> attachments; private List<Attachment> attachments;
public Subject getSender() { public User getSender() {
return sender; return sender;
} }
protected void setSender(final Subject sender) { protected void setSender(final User sender) {
this.sender = sender; this.sender = sender;
} }

14
ccm-core/src/main/java/org/libreccm/notification/Digest.java
View File

@ -22,7 +22,7 @@ import org.libreccm.core.CcmObject;
import static org.libreccm.core.CoreConstants.*; import static org.libreccm.core.CoreConstants.*;
import org.libreccm.core.Subject; import org.libreccm.security.Party;
import java.io.Serializable; import java.io.Serializable;
import java.util.Date; import java.util.Date;
@ -60,7 +60,7 @@ public class Digest extends CcmObject implements Serializable {
@OneToOne @OneToOne
@JoinColumn(name = "FROM_PARTY_ID") @JoinColumn(name = "FROM_PARTY_ID")
private Subject fromParty; private Party fromParty;
@Column(name = "SUBJECT", length = 255, nullable = false) @Column(name = "SUBJECT", length = 255, nullable = false)
private String subject; private String subject;
@ -81,19 +81,19 @@ public class Digest extends CcmObject implements Serializable {
@Temporal(TemporalType.TIMESTAMP) @Temporal(TemporalType.TIMESTAMP)
private Date nextRun; private Date nextRun;
public Subject getFromParty() { public Party getFromParty() {
return fromParty; return fromParty;
} }
public void setFromParty(final Subject fromParty) { public void setFromParty(final Party fromParty) {
this.fromParty = fromParty; this.fromParty = fromParty;
} }
public String getSubject() { public String getParty() {
return subject; return subject;
} }
public void setSubject(final String subject) { public void setParty(final String subject) {
this.subject = subject; this.subject = subject;
} }
@ -185,7 +185,7 @@ public class Digest extends CcmObject implements Serializable {
if (!Objects.equals(fromParty, other.getFromParty())) { if (!Objects.equals(fromParty, other.getFromParty())) {
return false; return false;
} }
if (!Objects.equals(subject, other.getSubject())) { if (!Objects.equals(subject, other.getParty())) {
return false; return false;
} }
if (!Objects.equals(header, other.getHeader())) { if (!Objects.equals(header, other.getHeader())) {

8
ccm-core/src/main/java/org/libreccm/notification/Notification.java
View File

@ -22,8 +22,8 @@ import org.libreccm.core.CcmObject;
import static org.libreccm.core.CoreConstants.*; import static org.libreccm.core.CoreConstants.*;
import org.libreccm.core.Subject;
import org.libreccm.messaging.Message; import org.libreccm.messaging.Message;
import org.libreccm.security.Party;
import java.io.Serializable; import java.io.Serializable;
import java.util.Date; import java.util.Date;
@ -83,7 +83,7 @@ public class Notification extends CcmObject implements Serializable {
@OneToOne @OneToOne
@JoinColumn(name = "RECEIVER_ID") @JoinColumn(name = "RECEIVER_ID")
private Subject receiver; private Party receiver;
@OneToOne @OneToOne
@JoinColumn(name = "DIGEST_ID") @JoinColumn(name = "DIGEST_ID")
@ -122,11 +122,11 @@ public class Notification extends CcmObject implements Serializable {
@Column(name = "EXPUNGE_MESSAGE") @Column(name = "EXPUNGE_MESSAGE")
private boolean expungeMessage; private boolean expungeMessage;
public Subject getReceiver() { public Party getReceiver() {
return receiver; return receiver;
} }
public void setReceiver(final Subject receiver) { public void setReceiver(final Party receiver) {
this.receiver = receiver; this.receiver = receiver;
} }

8
ccm-core/src/main/java/org/libreccm/notification/QueueItem.java
View File

@ -20,8 +20,8 @@ package org.libreccm.notification;
import static org.libreccm.core.CoreConstants.*; import static org.libreccm.core.CoreConstants.*;
import org.libreccm.core.Subject;
import org.libreccm.messaging.Message; import org.libreccm.messaging.Message;
import org.libreccm.security.Party;
import java.io.Serializable; import java.io.Serializable;
import java.util.Objects; import java.util.Objects;
@ -62,7 +62,7 @@ public class QueueItem implements Serializable {
@OneToOne @OneToOne
@JoinColumn(name = "RECEIVER_ID") @JoinColumn(name = "RECEIVER_ID")
private Subject receiver; private Party receiver;
@Column(name = "RETRY_COUNT") @Column(name = "RETRY_COUNT")
private long retryCount; private long retryCount;
@ -91,11 +91,11 @@ public class QueueItem implements Serializable {
this.queueItemId = queueItemId; this.queueItemId = queueItemId;
} }
public Subject getReceiver() { public Party getReceiver() {
return receiver; return receiver;
} }
public void setReceiver(final Subject receiver) { public void setReceiver(final Party receiver) {
this.receiver = receiver; this.receiver = receiver;
} }

14
ccm-core/src/main/java/org/libreccm/search/lucene/Document.java
View File

@ -20,7 +20,7 @@ package org.libreccm.search.lucene;
import static org.libreccm.core.CoreConstants.*; import static org.libreccm.core.CoreConstants.*;
import org.libreccm.core.Subject; import org.libreccm.security.User;
import java.io.Serializable; import java.io.Serializable;
import java.util.Date; import java.util.Date;
@ -94,7 +94,7 @@ public class Document implements Serializable {
@OneToOne @OneToOne
@JoinColumn(name = "CREATED_BY_PARTY_ID") @JoinColumn(name = "CREATED_BY_PARTY_ID")
private Subject createdBy; private User createdBy;
@Column(name = "LAST_MODIFIED") @Column(name = "LAST_MODIFIED")
@Temporal(TemporalType.TIMESTAMP) @Temporal(TemporalType.TIMESTAMP)
@ -102,7 +102,7 @@ public class Document implements Serializable {
@OneToOne @OneToOne
@JoinColumn(name = "LAST_MODIFIED_BY") @JoinColumn(name = "LAST_MODIFIED_BY")
private Subject lastModifiedBy; private User lastModifiedBy;
@Column(name = "CONTENT_SECTION", length = 512) @Column(name = "CONTENT_SECTION", length = 512)
private String contentSection; private String contentSection;
@ -215,11 +215,11 @@ public class Document implements Serializable {
} }
} }
public Subject getCreatedBy() { public User getCreatedBy() {
return createdBy; return createdBy;
} }
public void setCreatedBy(final Subject createdBy) { public void setCreatedBy(final User createdBy) {
this.createdBy = createdBy; this.createdBy = createdBy;
} }
@ -239,11 +239,11 @@ public class Document implements Serializable {
} }
} }
public Subject getLastModifiedBy() { public User getLastModifiedBy() {
return lastModifiedBy; return lastModifiedBy;
} }
public void setLastModifiedBy(final Subject lastModifiedBy) { public void setLastModifiedBy(final User lastModifiedBy) {
this.lastModifiedBy = lastModifiedBy; this.lastModifiedBy = lastModifiedBy;
} }

235
ccm-core/src/main/java/org/libreccm/security/CcmShiroRealm.java 100644
View File

@ -0,0 +1,235 @@
/*
* Copyright (C) 2015 LibreCCM Foundation.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301 USA
*/
package org.libreccm.security;
import com.arsdigita.kernel.KernelConfig;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.enterprise.context.spi.CreationalContext;
import javax.enterprise.inject.spi.Bean;
import javax.enterprise.inject.spi.BeanManager;
import javax.enterprise.inject.spi.CDI;
/**
* Implementation of the Shiro's {@link AuthorizingRealm} to provide Shiro with
* the users, groups, roles and permissions stored in CCM's database.
*
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
*/
public class CcmShiroRealm extends AuthorizingRealm {
@Override
protected AuthorizationInfo doGetAuthorizationInfo(
final PrincipalCollection principals) {
// Get the pricipal (object identifing the user).
final Object principal = principals.getPrimaryPrincipal();
// This realm expects the principal to be a string.
if (!(principal instanceof String)) {
throw new AuthenticationException(String.format(
"Can' process principal of "
+ "type \"%s\".",
principal.getClass().getName()));
}
// Convert the pricipal to a string.
final String userIdentifier = (String) principal;
// Return the permissions of the system user
if ("system-user".equals(userIdentifier)) {
// The system user is a virtual user which has all roles and all
// privileges
final RoleRepository roleRepository;
final BeanManager beanManager = CDI.current().getBeanManager();
final Set<Bean<?>> beans = beanManager.
getBeans(RoleRepository.class);
final Iterator<Bean<?>> iterator = beans.iterator();
if (iterator.hasNext()) {
@SuppressWarnings("unchecked")
final Bean<RoleRepository> bean = (Bean<RoleRepository>) iterator.
next();
final CreationalContext<RoleRepository> ctx = beanManager.
createCreationalContext(bean);
roleRepository = (RoleRepository) beanManager.getReference(
bean, RoleRepository.class, ctx);
} else {
throw new AuthenticationException(
"Failed to retrieve RoleRepository");
}
final List<Role> roles = roleRepository.findAll();
final SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
for(final Role role : roles) {
info.addRole(role.getName());
}
info.addStringPermission("*");
return info;
}
//Find the user identified by the provided pricipal.
final User user = findUser(userIdentifier);
// Create a SimpleAuthorizationInfo instance. Contains the information
// from the database in the format expected by Shiro.
final SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
// Get the Roles directly assigned to the user.
for (final RoleMembership roleMembership : user.getRoleMemberships()) {
// Add the role to the AuthorizationInfo object.
info.addRole(roleMembership.getRole().getName());
// Add the permissions assigned to the role to the AuthorizatonInfo.
for (final Permission permission : roleMembership.getRole()
.getPermissions()) {
info.addStringPermission(permissionToString(permission));
}
}
//Get the Roles assigned to the groups of which the user is member of.
for (final GroupMembership membership : user.getGroupMemberships()) {
// Get the roles assigned to the group
for (final RoleMembership roleMembership : membership.getGroup()
.getRoleMemberships()) {
// Add the role to the AuthorizationInfo
info.addRole(roleMembership.getRole().getName());
// Add the permissions assigned to the role to the
// AuthorizationInfo
for (final Permission permission : roleMembership.getRole()
.getPermissions()) {
info.addStringPermission(permissionToString(permission));
}
}
}
return info;
}
@Override
protected AuthenticationInfo doGetAuthenticationInfo(
final AuthenticationToken token)
throws AuthenticationException {
// Get the pricipal identifing the user
final Object principal = token.getPrincipal();
// This realm expects the pricipal to be a string
if (!(principal instanceof String)) {
throw new AuthenticationException(String.format(
"Can' process authentication token with a principal of "
+ "type \"%s\".",
principal.getClass().getName()));
}
// Convert the pricipal to a string.
final String userIdentifier = (String) principal;
// Find the user identified by the pricipal.
final User user = findUser(userIdentifier);
// Return a SimpleAuthenticationInfo with the information relevant
// for Shiro
return new SimpleAuthenticationInfo(token.getPrincipal(),
user.getPassword(),
"CcmShiroRealm");
}
/**
* Helper method for finding a user by its identifier. Depending on the
* configuration of CCM this is either the name of the user or the email
* address of the user.
*
* @param userIdentifier The identifier of the user.
* @return The User identified by the provided {@code userIdentifier}.
* @throws AuthenticationException if no user for the provided identifier
* could be retrieved.
*/
private User findUser(final String userIdentifier) {
// For some reason we can't use the the CdiUtil class here, therefore
// we have to do the lookup for the UserRepository be ourself.
final UserRepository userRepository;
final BeanManager beanManager = CDI.current().getBeanManager();
final Set<Bean<?>> beans = beanManager.getBeans(
UserRepository.class);
final Iterator<Bean<?>> iterator = beans.iterator();
if (iterator.hasNext()) {
@SuppressWarnings("unchecked")
final Bean<UserRepository> bean = (Bean<UserRepository>) iterator
.next();
final CreationalContext<UserRepository> ctx = beanManager
.createCreationalContext(bean);
userRepository = (UserRepository) beanManager.getReference(
bean, UserRepository.class, ctx);
} else {
throw new AuthenticationException(
"Failed to retrieve UserRepository.");
}
// Depending of the configuration of CCM use the appropriate method
// for finding the user in the database.
final KernelConfig config = KernelConfig.getConfig();
final User user;
if ("email".equals(config.getPrimaryUserIdentifier())) {
user = userRepository.findByEmailAddress(userIdentifier);
} else {
user = userRepository.findByName(userIdentifier);
}
// If no matching user is found throw an AuthenticationException
if (user == null) {
throw new AuthenticationException(String.format(
"No user identified by principal \"%s\" was found. Primary user "
+ "identifier is \"%s\".",
userIdentifier, config.getPrimaryUserIdentifier()));
}
return user;
}
/**
* Helper method for converting a {@link Permission} to the string format
* used by Shiro.
*
* @param permission The permission to convert.
* @return A Shiro permission string.
*/
private String permissionToString(final Permission permission) {
if (permission.getObject() == null) {
return permission.getGrantedPrivilege();
} else {
return String.format("%s:%d",
permission.getGrantedPrivilege(),
permission.getObject().getObjectId());
}
}
}

123
ccm-core/src/main/java/org/libreccm/security/Group.java 100644
View File

@ -0,0 +1,123 @@
/*
* Copyright (C) 2015 LibreCCM Foundation.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301 USA
*/
package org.libreccm.security;
import static org.libreccm.core.CoreConstants.*;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import javax.persistence.Entity;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.OneToMany;
import javax.persistence.Table;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlElementWrapper;
import javax.xml.bind.annotation.XmlRootElement;
/**
* A group is bascially a collection of users.
*
* Group extends the {@link Party} class. Therefore {@link Role}s can be
* assigned to a group. When a {@link Role} is assigned to a group each member
* of the group gets the role and the permissions associated with that role.
*
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
*/
@Entity
@Table(name = "GROUPS", schema = DB_SCHEMA)
@NamedQueries({
@NamedQuery(name = "Group.findByName",
query = "SELECT g FROM Group g WHERE g.name = :name"),
@NamedQuery(name = "Group.searchByName",
query = "SELECT g FROM Group g "
+ "WHERE LOWER(g.name) LIKE '%:name%'")
})
@XmlRootElement(name = "user-group", namespace = CORE_XML_NS)
public class Group extends Party implements Serializable {
private static final long serialVersionUID = -4800759206452780739L;
/**
* The memberships of the group. For adding or removing memberships the
* methods provided by the {@link GroupManager} should be used.
*/
@OneToMany(mappedBy = "group")
@XmlElementWrapper(name = "group-memberships", namespace = CORE_XML_NS)
@XmlElement(name = "group-membership", namespace = CORE_XML_NS)
private List<GroupMembership> memberships = new ArrayList<>();
protected Group() {
super();
}
public List<GroupMembership> getMemberships() {
if (memberships == null) {
return null;
} else {
return Collections.unmodifiableList(memberships);
}
}
protected void setMemberships(final List<GroupMembership> memberships) {
this.memberships = memberships;
}
protected void addMembership(final GroupMembership member) {
memberships.add(member);
}
protected void removeMembership(final GroupMembership member) {
memberships.remove(member);
}
@Override
public boolean equals(final Object obj) {
if (obj == null) {
return false;
}
if (!super.equals(obj)) {
return false;
}
if (!(obj instanceof Group)) {
return false;
}
final Group other = (Group) obj;
return other.canEqual(this);
}
@Override
public boolean canEqual(final Object obj) {
return obj instanceof Group;
}
@Override
public String toString(final String data) {
return super.toString(String.format(", members = { %s }%s",
Objects.toString(memberships),
data));
}
}

142
ccm-core/src/main/java/org/libreccm/security/GroupManager.java 100644
View File

@ -0,0 +1,142 @@
/*
* Copyright (C) 2015 LibreCCM Foundation.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301 USA
*/
package org.libreccm.security;
import java.util.List;
import javax.enterprise.context.RequestScoped;
import javax.inject.Inject;
import javax.persistence.EntityManager;
import javax.persistence.NoResultException;
import javax.persistence.TypedQuery;
/**
* Manager class providing methods for adding and removing members to and from
* a group.
*
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
*/
@RequestScoped
public class GroupManager {
@Inject
private GroupRepository groupRepository;
@Inject
private UserRepository userRepository;
@Inject
private EntityManager entityManager;
/**
* Adds a member to group and saves the changed group and user entities.
*
* If the user is already a member of the group the method will do nothing.
*
* @param user The user to add to a group.
* @param group The group to which the user is added.
*/
public void addMemberToGroup(final User user, final Group group) {
if (user == null) {
throw new IllegalArgumentException(
"Can't add null as user to a group.");
}
if (group == null) {
throw new IllegalArgumentException("Can't add a user to group null");
}
if (isMemberOfGroup(user, group)) {
return;
}
final GroupMembership membership = new GroupMembership();
membership.setGroup(group);
membership.setMember(user);
group.addMembership(membership);
user.addGroupMembership(membership);
entityManager.persist(membership);
groupRepository.save(group);
userRepository.save(user);
}
/**
* Removes a member from a group and saves the changed group an user
* entities.
*
* If the provided {@code User} is not a member of the provided
* {@code Group} the method does nothing.
*
* @param member The user to remove from the group.
* @param group The group from which the user is removed.
*/
public void removeMemberFromGroup(final User member, final Group group) {
if (member == null) {
throw new IllegalArgumentException(
"Can't add null as user to a group.");
}
if (group == null) {
throw new IllegalArgumentException("Can't add a user to group null");
}
final TypedQuery<GroupMembership> query = entityManager
.createNamedQuery("GroupMembership.findByGroupAndUser",
GroupMembership.class);
query.setParameter("member", member);
query.setParameter("group", group);
final GroupMembership delete;
try {
delete = query.getSingleResult();
} catch (NoResultException ex) {
return;
}
group.removeMembership(delete);
member.removeGroupMembership(delete);
entityManager.remove(delete);
groupRepository.save(group);
userRepository.save(member);
}
/**
* Determins if the provided {@link User} is a member of the provided
* {@code Group}.
*
* @param member
* @param group
* @return {@code true} if the provided {@code User} is member of the
* provided {@code Group}, {@code false} if not.
*/
public boolean isMemberOfGroup(final User member, final Group group) {
final TypedQuery<GroupMembership> query = entityManager
.createNamedQuery("GroupMembership.findByGroupAndUser",
GroupMembership.class);
query.setParameter("member", member);
query.setParameter("group", group);
final List<GroupMembership> result = query.getResultList();
return !result.isEmpty();
}
}

146
ccm-core/src/main/java/org/libreccm/security/GroupMembership.java 100644
View File

@ -0,0 +1,146 @@
/*
* Copyright (C) 2015 LibreCCM Foundation.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301 USA
*/
package org.libreccm.security;
import static org.libreccm.core.CoreConstants.*;
import java.io.Serializable;
import java.util.Objects;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.JoinColumn;
import javax.persistence.ManyToOne;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.Table;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
import javax.xml.bind.annotation.XmlTransient;
/**
* A association class representing the assoication between a {@link User} and
* a {@code Group}.
*
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
*/
@Entity
@Table(name = "GROUP_MEMBERSHIPS", schema = DB_SCHEMA)
@NamedQueries({
@NamedQuery(name = "GroupMembership.findByGroupAndUser",
query = "SELECT m FROM GroupMembership m "
+ "WHERE m.member = :member AND m.group = :group")})
@XmlRootElement(name = "group-membership", namespace = CORE_XML_NS)
public class GroupMembership implements Serializable {
private static final long serialVersionUID = 83192968306850665L;
@Id
@Column(name = "MEMBERSHIP_ID")
@GeneratedValue(strategy = GenerationType.AUTO)
@XmlElement(name = "membership-id", namespace = CORE_XML_NS)
private long membershipId;
@ManyToOne
@JoinColumn(name = "GROUP_ID")
@XmlTransient
private Group group;
@ManyToOne
@JoinColumn(name = "MEMBER_ID")
@XmlTransient
private User member;
public long getMembershipId() {
return membershipId;
}
protected void setMembershipId(final long membershipId) {
this.membershipId = membershipId;
}
public Group getGroup() {
return group;
}
protected void setGroup(final Group group) {
this.group = group;
}
public User getMember() {
return member;
}
protected void setMember(final User member) {
this.member = member;
}
@Override
public int hashCode() {
int hash = 3;
hash = 37 * hash
+ (int) (this.membershipId ^ (this.membershipId >>> 32));
hash = 37 * hash + Objects.hashCode(this.group);
hash = 37 * hash + Objects.hashCode(this.member);
return hash;
}
@Override
public boolean equals(final Object obj) {
if (obj == null) {
return false;
}
if (!(obj instanceof GroupMembership)) {
return false;
}
final GroupMembership other = (GroupMembership) obj;
if (!other.canEqual(this)) {
return false;
}
if (this.membershipId != other.getMembershipId()) {
return false;
}
if (!Objects.equals(this.group, other.getGroup())) {
return false;
}
return Objects.equals(this.member, other.getMember());
}
public boolean canEqual(final Object obj) {
return obj instanceof GroupMembership;
}
@Override
public String toString() {
return String.format("%s{ "
+ "membershipId = %d, "
+ "user = %s, "
+ "group = %s, "
+ " },",
super.toString(),
membershipId,
Objects.toString(member),
Objects.toString(group));
}
}

84
ccm-core/src/main/java/org/libreccm/security/GroupRepository.java 100644
View File

@ -0,0 +1,84 @@
/*
* Copyright (C) 2015 LibreCCM Foundation.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301 USA
*/
package org.libreccm.security;
import java.util.List;
import javax.enterprise.context.RequestScoped;
import javax.persistence.TypedQuery;
import org.libreccm.core.AbstractEntityRepository;
/**
* Repository for groups.
*
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
*/
@RequestScoped
public class GroupRepository extends AbstractEntityRepository<Long, Group> {
@Override
public Class<Group> getEntityClass() {
return Group.class;
}
@Override
public boolean isNew(final Group entity) {
if (entity == null) {
throw new IllegalArgumentException("Can't save null");
}
return entity.getPartyId() == 0;
}
/**
* Finds a group by its name.
*
* @param name The name of the group to find.
*
* @return The group identified by the provided name. If there multiple
* groups with the provided name only the first one is returned. If
* there is no group identified by the provided name {@code null} is
* returned.
*/
public Group findByName(final String name) {
final TypedQuery<Group> query = getEntityManager().createNamedQuery(
"Group.findByName", Group.class);
query.setParameter("name", name);
final List<Group> result = query.getResultList();
if (result.isEmpty()) {
return null;
} else {
return result.get(0);
}
}
/**
* Tries to find a group which name contains a provided token.
*
* @param name The name or part of the name of the group to find.
*
* @return A list of a matching groups.
*/
public List<Group> searchGroupByName(final String name) {
final TypedQuery<Group> query = getEntityManager().createNamedQuery(
"Group.searchByName", Group.class);
query.setParameter("name", name);
return query.getResultList();
}
}

31
ccm-core/src/main/java/org/libreccm/security/InheritsPermissions.java 100644
View File

@ -0,0 +1,31 @@
/*
* Copyright (C) 2015 LibreCCM Foundation.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301 USA
*/
package org.libreccm.security;
import org.libreccm.core.CcmObject;
/**
*
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
*/
public interface InheritsPermissions {
CcmObject getParent();
}

175
ccm-core/src/main/java/org/libreccm/security/Party.java 100644
View File

@ -0,0 +1,175 @@
/*
* Copyright (C) 2015 LibreCCM Foundation.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301 USA
*/
package org.libreccm.security;
import static org.libreccm.core.CoreConstants.*;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Inheritance;
import javax.persistence.InheritanceType;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.OneToMany;
import javax.persistence.Table;
import javax.validation.constraints.NotNull;
import javax.validation.constraints.Pattern;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlElementWrapper;
/**
* Party is a base class for {@link User} and {@link Group} defining some common
* characteristics and associations, especially the association to
* {@link Role}s.
*
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
*/
@Entity
@Table(name = "PARTIES", schema = DB_SCHEMA)
@Inheritance(strategy = InheritanceType.JOINED)
@NamedQueries({
@NamedQuery(name = "Party.findByName",
query = "SELECT p FROM Party p WHERE p.name = :name")
})
public class Party implements Serializable {
private static final long serialVersionUID = 3319997992281332204L;
@Id
@Column(name = "PARTY_ID")
@GeneratedValue(strategy = GenerationType.AUTO)
private long partyId;
/**
* The name of the party. Must only contain the letters a to z and A to Z,
* the numbers 0 to 9 the {@code -} (dash) and the {@code _} (underscore).
*/
@Column(name = "NAME", length = 256, nullable = false)
@NotNull
@Pattern(regexp = "[a-zA-Z0-9\\-_]*")
private String name;
/**
* The role memberships the party.
*/
@OneToMany(mappedBy = "member")
@XmlElementWrapper(name = "role-memberships", namespace = CORE_XML_NS)
@XmlElement(name = "role-membership", namespace = CORE_XML_NS)
private List<RoleMembership> roleMemberships = new ArrayList<>();
protected Party() {
super();
}
public long getPartyId() {
return partyId;
}
protected void setPartyId(final long partyId) {
this.partyId = partyId;
}
public String getName() {
return name;
}
public void setName(final String name) {
this.name = name;
}
public List<RoleMembership> getRoleMemberships() {
if (roleMemberships == null) {
return null;
} else {
return Collections.unmodifiableList(roleMemberships);
}
}
protected void setRoleMemberships(final List<RoleMembership> roleMemberships) {
this.roleMemberships = roleMemberships;
}
protected void addRoleMembership(final RoleMembership roleMembership) {
roleMemberships.add(roleMembership);
}
protected void removeRoleMembership(final RoleMembership roleMembership) {
roleMemberships.remove(roleMembership);
}
@Override
public int hashCode() {
int hash = 3;
hash = 37 * hash + (int) (partyId ^ (partyId >>> 32));
hash = 37 * hash + Objects.hashCode(name);
return hash;
}
@Override
public boolean equals(final Object obj) {
if (obj == null) {
return false;
}
if (!(obj instanceof Party)) {
return false;
}
final Party other = (Party) obj;
if (!other.canEqual(this)) {
return false;
}
if (partyId != other.getPartyId()) {
return false;
}
return Objects.equals(name, other.getName());
}
public boolean canEqual(final Object obj) {
return obj instanceof Party;
}
@Override
public final String toString() {
return toString("");
}
public String toString(final String data) {
return String.format("%s{ "
+ "partyId = %d, "
+ "name = \"%s\", "
+ "roles = { %s }%s"
+ " }",
super.toString(),
partyId,
name,
Objects.toString(roleMemberships),
data);
}
}

69
ccm-core/src/main/java/org/libreccm/security/PartyRepository.java 100644
View File

@ -0,0 +1,69 @@
/*
* Copyright (C) 2015 LibreCCM Foundation.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301 USA
*/
package org.libreccm.security;
import javax.enterprise.context.RequestScoped;
import org.libreccm.core.AbstractEntityRepository;
import java.util.List;
import javax.persistence.TypedQuery;
/**
* Repository class for parties.
*
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
*/
@RequestScoped
public class PartyRepository extends AbstractEntityRepository<Long, Party> {
@Override
public Class<Party> getEntityClass() {
return Party.class;
}
@Override
public boolean isNew(final Party entity) {
if (entity == null) {
throw new IllegalArgumentException("Can't save null");
}
return entity.getPartyId() == 0;
}
/**
* Finds a party (which can be a user or group) by its name.
*
* @param name
* @return
*/
public Party findByName(final String name) {
final TypedQuery<Party> query = getEntityManager().createNamedQuery(
"Party.findByName", Party.class);
query.setParameter("name", name);
final List<Party> result = query.getResultList();
if (result.isEmpty()) {
return null;
} else {
return result.get(0);
}
}
}

252
ccm-core/src/main/java/org/libreccm/security/Permission.java 100644
View File

@ -0,0 +1,252 @@
/*
* Copyright (C) 2015 LibreCCM Foundation.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301 USA
*/
package org.libreccm.security;
import static org.libreccm.core.CoreConstants.*;
import org.libreccm.core.CcmObject;
import java.io.Serializable;
import java.util.Date;
import java.util.Objects;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.JoinColumn;
import javax.persistence.ManyToOne;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.OneToOne;
import javax.persistence.Table;
import javax.persistence.Temporal;
import javax.persistence.TemporalType;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
/**
* A permission grants a privilege on an object or systemwide to {@link Role}.
*
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
*/
@Entity
@Table(name = "PERMISSIONS", schema = DB_SCHEMA)
@NamedQueries({
@NamedQuery(name = "Permission.existsForPrivilegeRoleObject",
query = "SELECT COUNT(p) FROM Permission p "
+ "WHERE p.grantedPrivilege = :privilege "
+ "AND p.grantee = :grantee "
+ "AND p.object = :object"),
@NamedQuery(name = "Permission.existsForPrivilegeAndRole",
query = "SELECT count(p) FROM Permission p "
+ "WHERE p.grantedPrivilege = :privilege "
+ "AND p.grantee = :grantee "
+ "AND p.object IS NULL"),
@NamedQuery(name = "Permission.findPermissionsForRole",
query = "SELECT p FROM Permission p "
+ "WHERE p.grantee = :grantee"),
@NamedQuery(name = "Permission.findPermissionsForCcmObject",
query = "SELECT p FROM Permission p "
+ "WHERE p.object = :object")
})
@XmlRootElement(name = "permission", namespace = CORE_XML_NS)
public class Permission implements Serializable {
private static final long serialVersionUID = -5178045844045517958L;
/**
* The database id of the permission.
*/
@Id
@Column(name = "PERMISSION_ID")
@GeneratedValue(strategy = GenerationType.AUTO)
@XmlElement(name = "permission-id", namespace = CORE_XML_NS)
private long permissionId;
/**
* The granted privilege.
*/
@Column(name = "granted_privilege")
@XmlElement(name = "privilege", namespace = CORE_XML_NS)
private String grantedPrivilege;
/**
* The object on which the privilege is granted. My be {@code null}.
*/
@OneToOne
@JoinColumn(name = "OBJECT_ID")
private CcmObject object;
/**
* The role to which the permission is granted.
*/
@ManyToOne
@JoinColumn(name = "GRANTEE_ID")
private Role grantee;
/**
* The {@link User} which created this {@code Permission}. The property can
* be {@code null} if this {@code Permission} was created by a system
* process.
*/
@ManyToOne
@JoinColumn(name = "CREATION_USER_ID")
@XmlElement(name = "creation-user", namespace = CORE_XML_NS)
private User creationUser;
/**
* The date and time on which this {@code Permission} was created. This
* property can be {@code null} if this {@code Permission} was created by a
* system process.
*/
@Column(name = "CREATION_DATE")
@Temporal(TemporalType.TIMESTAMP)
@XmlElement(name = "creation-date", namespace = CORE_XML_NS)
private Date creationDate;
/**
* The IP of the system from which this {@code Permission} was created. This
* property can be {@code null} if this {@code Permission} was created by a
* system process.
*/
@Column(name = "CREATION_IP")
@XmlElement(name = "creation-ip", namespace = CORE_XML_NS)
private String creationIp;
protected Permission() {
//Nothing
}
public long getPermissionId() {
return permissionId;
}
protected void setPermissionId(final long permissionId) {
this.permissionId = permissionId;
}
public String getGrantedPrivilege() {
return grantedPrivilege;
}
public void setGrantedPrivilege(final String grantedPrivilege) {
this.grantedPrivilege = grantedPrivilege;
}
public CcmObject getObject() {
return object;
}
public void setObject(final CcmObject object) {
this.object = object;
}
public Role getGrantee() {
return grantee;
}
public void setGrantee(final Role grantee) {
this.grantee = grantee;
}
public User getCreationUser() {
return creationUser;
}
public void setCreationUser(final User creationUser) {
this.creationUser = creationUser;
}
public Date getCreationDate() {
if (creationDate == null) {
return null;
} else {
return new Date(creationDate.getTime());
}
}
public void setCreationDate(final Date creationDate) {
this.creationDate = new Date(creationDate.getTime());
}
public String getCreationIp() {
return creationIp;
}
public void setCreationIp(final String creationIp) {
this.creationIp = creationIp;
}
@Override
public int hashCode() {
int hash = 3;
hash = 97 * hash + (int) (permissionId ^ (permissionId >>> 32));
hash = 97 * hash + Objects.hashCode(grantedPrivilege);
hash = 97 * hash + Objects.hashCode(creationDate);
hash = 97 * hash + Objects.hashCode(creationIp);
return hash;
}
@Override
public boolean equals(final Object obj) {
if (obj == null) {
return false;
}
if (!(obj instanceof Permission)) {
return false;
}
final Permission other = (Permission) obj;
if (!other.canEqual(this)) {
return false;
}
if (permissionId != other.getPermissionId()) {
return false;
}
if (!Objects.equals(grantedPrivilege, other.getGrantedPrivilege())) {
return false;
}
if (!Objects.equals(creationDate, other.getCreationDate())) {
return false;
}
return Objects.equals(creationIp, other.getCreationIp());
}
public boolean canEqual(final Object obj) {
return obj instanceof Permission;
}
@Override
public String toString() {
return String.format("%s{ "
+ "permissionId = %d, "
+ "grantedPrivilege = { %s }, "
+ "creationDate = %tF %<tT, "
+ "creationIp = %s }",
super.toString(),
permissionId,
Objects.toString(grantedPrivilege),
creationDate,
creationIp);
}
}

191
ccm-core/src/main/java/org/libreccm/security/PermissionChecker.java 100644
View File

@ -0,0 +1,191 @@
/*
* Copyright (C) 2015 LibreCCM Foundation.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301 USA
*/
package org.libreccm.security;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.subject.Subject;
import org.libreccm.core.CcmObject;
import javax.enterprise.context.RequestScoped;
import javax.inject.Inject;
/**
* An utility class for checking permissions. Uses the current {@link Subject}
* as provided by the {@link Shiro} bean.
*
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
*/
@RequestScoped
public class PermissionChecker {
/**
* The current subject as provided by {@link Shiro#getSubject()}.
*/
@Inject
private transient Subject subject;
@Inject
private transient Shiro shiro;
/**
* Checks if the current subject has a permission granting the provided
* privilege.
*
* @param privilege The privilege granted by the permission.
*
* @return {@code true} if the current subject has as permission granting
* the provided {@code privilege}, {@code false} otherwise.
*/
public boolean isPermitted(final String privilege) {
if (subject.isAuthenticated()) {
return subject.isPermitted(generatePermissionString(privilege));
} else {
return shiro.getPublicUser().isPermitted(generatePermissionString(
privilege));
}
}
/**
* Checks if the current subject has a permission granting the provided
* privilege on the provided object or its parent object(s) if the object
* implements the {@link InheritsPermissions} interface.
*
* @param privilege The granted privilege.
* @param object The object on which the privilege is granted.
*
* @return {@code true} if the there is a permission granting the provided
* {@code privilege} on the provided {@code subject}.
*/
public boolean isPermitted(final String privilege, final CcmObject object) {
final boolean result;
if (subject.isAuthenticated()) {
result = subject.isPermitted(generatePermissionString(
privilege, object));
} else {
result = shiro.getPublicUser().isPermitted(generatePermissionString(
privilege, object));
}
if (result) {
return result;
} else if (object instanceof InheritsPermissions) {
if (((InheritsPermissions) object).getParent() == null) {
return result;
} else {
return isPermitted(privilege,
((InheritsPermissions) object).getParent());
}
} else {
return result;
}
}
/**
* Checks if the current subject has a permission granting the provided
* privilege. If the current subject does not have a permission granting the
* privilege an {@link AuthorizationExeeption} is thrown.
*
* @param privilege The privilege to check for.
* @throws AuthorizationException If the current subject has not permission
* granting the provided privilege.
*/
public void checkPermission(final String privilege)
throws AuthorizationException {
if (subject.isAuthenticated()) {
subject.checkPermission(generatePermissionString(privilege));
} else {
shiro.getPublicUser().checkPermission(generatePermissionString(
privilege));
}
}
/**
* Checks if the current subject has a permission granting the provided
* privilege on the provided object. If there is a permission which grants
* the current subject the provided privilege on the provided object the
* method returns the object. Otherwise an {@link AuthorizationException} is
* thrown. This also the use this method in methods which are loading
* objects from the database like this
* <pre>
* public CcmObject findBy(...) {
* // Do JPA stuff
*
* return permissionChecker.checkPermission($privilege, object);
* }
* </pre>
*
* If the object implements the {@link InheritsPermissions} interface the
* method also checks the parent objects for a permission granting the
* provided privilege.
*
* @param privilege The privilige to check for.
* @param object The object on which the privilege is granted.
* @return Th provided object if there is permission granting the current
* subject the provided privilege on the object.
* @throws AuthorizationException If there is not permission granting the
* current subject the provided privilege on the provided object.
*/
public CcmObject checkPermission(final String privilege,
final CcmObject object)
throws AuthorizationException {
if (object instanceof InheritsPermissions) {
final boolean result = isPermitted(privilege, object);
if (result) {
subject.checkPermission(generatePermissionString(privilege,
object));
} else if (((InheritsPermissions) object).getParent() == null) {
subject.checkPermission(generatePermissionString(privilege,
object));
} else {
checkPermission(privilege,
((InheritsPermissions) object).getParent());
}
} else if (subject.isAuthenticated()) {
subject.checkPermission(generatePermissionString(privilege, object));
} else {
shiro.getPublicUser().checkPermission(generatePermissionString(
privilege, object));
}
return object;
}
/**
* Helper method for converting a privilege into a permission string.
*
* @param privilege
* @return
*/
public String generatePermissionString(final String privilege) {
return privilege;
}
/**
* Helper method for converting a privilege into a permission string.
*
* @param privilege
* @param object
* @return
*/
public String generatePermissionString(final String privilege,
final CcmObject object) {
return String.format("%s:%d", privilege, object.getObjectId());
}
}

258
ccm-core/src/main/java/org/libreccm/security/PermissionManager.java 100644
View File

@ -0,0 +1,258 @@
/*
* Copyright (C) 2015 LibreCCM Foundation.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301 USA
*/
package org.libreccm.security;
import java.util.List;
import javax.inject.Inject;
import javax.persistence.EntityManager;
import javax.persistence.Query;
import javax.persistence.TypedQuery;
import org.libreccm.core.CcmObject;
import javax.enterprise.context.RequestScoped;
/**
* Manager class for granting and revoking permissions.
*
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
*/
@RequestScoped
public class PermissionManager {
private static final String QUERY_PARAM_OBJECT = "object";
private static final String QUERY_PARAM_GRANTEE = "grantee";
private static final String QUERY_PARAM_PRIVILEGE = "privilege";
@Inject
private EntityManager entityManager;
/**
* Grants a privilege on an object to a role. If the privilege was already
* granted, the method does nothing.
*
* @param privilege The privilege to grant.
* @param grantee The role to which the privilege is granted.
* @param object The object on which the privilege is granted.
*/
public void grantPrivilege(final String privilege,
final Role grantee,
final CcmObject object) {
if (privilege == null || privilege.isEmpty()) {
throw new IllegalArgumentException(
"Can't grant a permission without a privilege.");
}
if (grantee == null) {
throw new IllegalArgumentException(
"Can't grant a permission to grantee null.");
}
if (object == null) {
throw new IllegalArgumentException(
"Can't grant a permission on object NULL.");
}
if (!existsPermission(privilege, grantee, object)) {
final Permission permission = new Permission();
permission.setGrantee(grantee);
permission.setGrantedPrivilege(privilege);
permission.setObject(object);
entityManager.persist(permission);
}
}
/**
* Grants a privilege to a role. If the privilege was already granted, the
* method does nothing.
*
* @param privilege The privilege to grant.
* @param grantee The role to which the privilege is granted.
*/
public void grantPrivilege(final String privilege,
final Role grantee) {
if (privilege == null || privilege.isEmpty()) {
throw new IllegalArgumentException(
"Can't grant a permission without a privilege.");
}
if (grantee == null) {
throw new IllegalArgumentException(
"Can't grant a permission to grantee null.");
}
if (!existsPermission(privilege, grantee)) {
final Permission permission = new Permission();
permission.setGrantee(grantee);
permission.setGrantedPrivilege(privilege);
permission.setObject(null);
entityManager.persist(permission);
}
}
/**
* Revokes the permissions granting a privilege on an object from a role.
* If no matching permission exists the method will do nothing.
*
* @param privilege The privilege granted by the permission to revoke.
* @param grantee The role to which the privilege was granted.
* @param object The object on which the privilege was granted.
*/
public void revokePrivilege(final String privilege,
final Role grantee,
final CcmObject object) {
if (privilege == null || privilege.isEmpty()) {
throw new IllegalArgumentException(
"Can't revoke a permission without a privilege.");
}
if (grantee == null) {
throw new IllegalArgumentException(
"Can't revoke a permission from grantee null.");
}
if (object == null) {
throw new IllegalArgumentException(
"Can't revoke a permission from object NULL.");
}
if (existsPermission(privilege, grantee, object)) {
final Query query = entityManager.createQuery(
"DELETE FROM Permission p "
+ "WHERE p.grantedPrivilege = :privilege "
+ "AND p.grantee = :grantee "
+ "AND p.object = :object");
query.setParameter(QUERY_PARAM_PRIVILEGE, privilege);
query.setParameter(QUERY_PARAM_GRANTEE, grantee);
query.setParameter(QUERY_PARAM_OBJECT, object);
query.executeUpdate();
}
}
/**
* Revokes the permissions granting a privilege from a role.
* If no matching permission exists the method will do nothing.
*
* @param privilege The privilege granted by the permission to revoke.
* @param grantee The role to which the privilege was granted.
*/
public void revokePrivilege(final String privilege,
final Role grantee) {
if (privilege == null || privilege.isEmpty()) {
throw new IllegalArgumentException(
"Can't revoke a permission without a privilege.");
}
if (grantee == null) {
throw new IllegalArgumentException(
"Can't revoke a permission from grantee null.");
}
if (existsPermission(privilege, grantee)) {
final Query query = entityManager.createQuery(
"DELETE FROM Permission p "
+ "WHERE p.grantedPrivilege = :privilege "
+ "AND p.grantee = :grantee "
+ "AND p.object IS NULL");
query.setParameter(QUERY_PARAM_PRIVILEGE, privilege);
query.setParameter(QUERY_PARAM_GRANTEE, grantee);
query.executeUpdate();
}
}
/**
* Copy the permissions from on {@link CcmObject} to another. The
* permissions granted on the {@code target} object will not be removed.
* Instead the permissions from {@code source} object are added the the
* permissions.
*
*
* @param source
* @param target
*/
public void copyPermissions(final CcmObject source,
final CcmObject target) {
if (source == null) {
throw new IllegalArgumentException(
"Can't copy permissions from source NULL.");
}
if (target == null) {
throw new IllegalArgumentException(
"Can't copy permissions to target NULL.");
}
final TypedQuery<Permission> query = entityManager.createNamedQuery(
"Permission.findPermissionsForCcmObject", Permission.class);
query.setParameter(QUERY_PARAM_OBJECT, source);
final List<Permission> result = query.getResultList();
for (final Permission permission : result) {
grantPrivilege(permission.getGrantedPrivilege(),
permission.getGrantee(),
target);
}
}
/**
* Checks if a permission granting the provided {@code privilege} on the
* provided {@code object} to the provided {@code role} exists.
*
* @param privilege The privilege granted by the permission.
* @param grantee The role to which the privilege was granted.
* @param object The object on which the privilege is granted.
* @return {@code true} if there is a matching permission, {@code false} if
* not.
*/
private boolean existsPermission(final String privilege,
final Role grantee,
final CcmObject object) {
final TypedQuery<Long> query = entityManager.createNamedQuery(
"Permission.existsForPrivilegeRoleObject", Long.class);
query.setParameter(QUERY_PARAM_PRIVILEGE, privilege);
query.setParameter(QUERY_PARAM_GRANTEE, grantee);
query.setParameter(QUERY_PARAM_OBJECT, object);
return query.getSingleResult() > 0;
}
/**
* Checks if a permission granting the provided {@code privilege}to the
* provided {@code role} exists.
*
* @param privilege The privilege granted by the permission.
* @param grantee The role to which the privilege was granted.
* @return {@code true} if there is a matching permission, {@code false} if
* not.
*/
private boolean existsPermission(final String privilege,
final Role grantee) {
final TypedQuery<Long> query = entityManager.createNamedQuery(
"Permission.existsForPrivilegeAndRole", Long.class);
query.setParameter(QUERY_PARAM_PRIVILEGE, privilege);
query.setParameter(QUERY_PARAM_GRANTEE, grantee);
return query.getSingleResult() > 0;
}
}

203
ccm-core/src/main/java/org/libreccm/security/Role.java 100644
View File

@ -0,0 +1,203 @@
/*
* Copyright (C) 2015 LibreCCM Foundation.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301 USA
*/
package org.libreccm.security;
import static org.libreccm.core.CoreConstants.*;
import org.hibernate.validator.constraints.NotBlank;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.OneToMany;
import javax.persistence.Table;
import javax.validation.constraints.Pattern;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlElementWrapper;
import javax.xml.bind.annotation.XmlRootElement;
/**
* A role is basically a collection a {@link Permission}s and {@code Task}s.
*
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
*/
@Entity
@Table(name = "CCM_ROLES", schema = DB_SCHEMA)
@NamedQueries({
@NamedQuery(name = "Role.findByName",
query = "SELECT r FROM Role r "
+ "WHERE r.name = :name")
})
@XmlRootElement(name = "role", namespace = CORE_XML_NS)
@SuppressWarnings({"PMD.ShortClassName"})
public class Role implements Serializable {
private static final long serialVersionUID = -7121296514181469687L;
@Id
@Column(name = "ROLE_ID")
@GeneratedValue(strategy = GenerationType.AUTO)
@XmlElement(name = "role-id", namespace = CORE_XML_NS)
private long roleId;
/**
* The name of the role. May only contain the letters a to z, A to Z, the
* numbers 0 to 9, the {@code -} (dash) and the {@code _} (underscore).
*/
@Column(name = "NAME", length = 512, nullable = false)
@NotBlank
@Pattern(regexp = "[a-zA-Z0-9\\-_]*")
@XmlElement(name = "name", namespace = CORE_XML_NS)
private String name;
/**
* All memberships of the roles.
*/
@OneToMany(mappedBy = "role")
@XmlElementWrapper(name = "role-memberships", namespace = CORE_XML_NS)
@XmlElement(name = "role-membership", namespace = CORE_XML_NS)
private List<RoleMembership> memberships = new ArrayList<>();
/**
* Permissions granted to the role.
*/
@OneToMany(mappedBy = "grantee")
@XmlElementWrapper(name = "permissions", namespace = CORE_XML_NS)
@XmlElement(name = "permission", namespace = CORE_XML_NS)
private List<Permission> permissions = new ArrayList<>();
protected Role() {
super();
}
public long getRoleId() {
return roleId;
}
protected void setRoleId(final long roleId) {
this.roleId = roleId;
}
public String getName() {
return name;
}
public void setName(final String name) {
this.name = name;
}
public List<RoleMembership> getMemberships() {
if (memberships == null) {
return null;
} else {
return Collections.unmodifiableList(memberships);
}
}
protected void setMemberships(final List<RoleMembership> memberships) {
this.memberships = memberships;
}
protected void addMembership(final RoleMembership membership) {
memberships.add(membership);
}
protected void removeMembership(final RoleMembership membership) {
memberships.remove(membership);
}
public List<Permission> getPermissions() {
if (permissions == null) {
return null;
} else {
return Collections.unmodifiableList(permissions);
}
}
protected void setPermissions(final List<Permission> permissions) {
this.permissions = permissions;
}
protected void addPermission(final Permission permission) {
permissions.add(permission);
}
protected void removePermission(final Permission permission) {
permissions.remove(permission);
}
@Override
public int hashCode() {
int hash = 7;
hash = 53 * hash + (int) (roleId ^ (roleId >>> 32));
hash = 53 * hash + Objects.hashCode(name);
hash = 53 * hash + Objects.hashCode(permissions);
return hash;
}
@Override
public boolean equals(final Object obj) {
if (obj == null) {
return false;
}
if (!(obj instanceof Role)) {
return false;
}
final Role other = (Role) obj;
if (!other.canEqual(this)) {
return false;
}
if (roleId != other.getRoleId()) {
return false;
}
if (!Objects.equals(name, other.getName())) {
return false;
}
return Objects.equals(permissions, other.getPermissions());
}
public boolean canEqual(final Object obj) {
return obj instanceof Role;
}
@Override
public String toString() {
return String.format("%s{ "
+ "roldId = %d, "
+ "name = \"%s\", "
+ "permissions = { %s }"
+ " }",
super.toString(),
roleId,
name,
Objects.toString(permissions));
}
}

136
ccm-core/src/main/java/org/libreccm/security/RoleManager.java 100644
View File

@ -0,0 +1,136 @@
/*
* Copyright (C) 2015 LibreCCM Foundation.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301 USA
*/
package org.libreccm.security;
import java.util.List;
import javax.enterprise.context.RequestScoped;
import javax.inject.Inject;
import javax.persistence.EntityManager;
import javax.persistence.NoResultException;
import javax.persistence.TypedQuery;
/**
* Manager for roles providing methods for assigning the role the {@link Party}
* entities and for removing them.
*
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
*/
@RequestScoped
public class RoleManager {
@Inject
private RoleRepository roleRepository;
@Inject
private PartyRepository partyRepository;
@Inject
private EntityManager entityManager;
/**
* Assigns a role to a party and saves the changed {@code Role} and
* {@code Party} entities. If the provided {@code role} has already been
* assigned to the provided {@code party} the method will to nothing.
*
* @param role The role to assign.
* @param party The party which to which to role is assigned.
*/
public void assignRoleToParty(final Role role, final Party party) {
if (role == null) {
throw new IllegalArgumentException("Can't add party to null role");
}
if (party == null) {
throw new IllegalArgumentException("Can't add party null to role");
}
if (hasRole(party, role)) {
return;
}
final RoleMembership membership = new RoleMembership();
membership.setRole(role);
membership.setMember(party);
role.addMembership(membership);
party.addRoleMembership(membership);
entityManager.persist(membership);
roleRepository.save(role);
partyRepository.save(party);
}
/**
* Removes a role from a party and saves the changed {@code Role} and
* {@code Party} entities. If the provided {@code role} is not assigned to
* the provided {@code party} the method does nothing.
*
* @param role
* @param party
*/
public void removeRoleFromParty(final Role role, final Party party) {
if (role == null) {
throw new IllegalArgumentException("Can't add party to null role");
}
if (party == null) {
throw new IllegalArgumentException("Can't add party null to role");
}
final TypedQuery<RoleMembership> query = entityManager
.createNamedQuery("RoleMembership.findByRoleAndMember",
RoleMembership.class);
query.setParameter("member", party);
query.setParameter("role", role);
final RoleMembership delete;
try {
delete = query.getSingleResult();
} catch (NoResultException ex) {
return;
}
role.removeMembership(delete);
party.removeRoleMembership(delete);
entityManager.remove(delete);
roleRepository.save(role);
partyRepository.save(party);
}
/**
* Determines if a role is assigned to a party.
*
* @param party The party to check.
* @param role The role to check.
* @return {@code true} if the provided {@code role} is assigned to the
* provided {@code party}.
*/
public boolean hasRole(final Party party, final Role role) {
final TypedQuery<RoleMembership> query = entityManager
.createNamedQuery("RoleMembership.findByRoleAndMember",
RoleMembership.class);
query.setParameter("member", party);
query.setParameter("role", role);
final List<RoleMembership> result = query.getResultList();
return !result.isEmpty();
}
}

148
ccm-core/src/main/java/org/libreccm/security/RoleMembership.java 100644
View File

@ -0,0 +1,148 @@
/*
* Copyright (C) 2015 LibreCCM Foundation.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301 USA
*/
package org.libreccm.security;
import static org.libreccm.core.CoreConstants.*;
import java.io.Serializable;
import java.util.Objects;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.JoinColumn;
import javax.persistence.ManyToOne;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.Table;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement;
import javax.xml.bind.annotation.XmlTransient;
/**
* Association class representing the association between a {@link Role} and a
* {@code Party}.
*
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
*/
@Entity
@Table(name = "ROLE_MEMBERSHIPS", schema = DB_SCHEMA)
@NamedQueries({
@NamedQuery(name = "RoleMembership.findByRoleAndMember",
query = "SELECT m FROM RoleMembership m "
+ "WHERE m.member = :member AND m.role = :role")
})
@XmlRootElement(name = "role-membership", namespace = CORE_XML_NS)
public class RoleMembership implements Serializable {
private static final long serialVersionUID = -3049727720697964793L;
@Id
@Column(name = "MEMBERSHIP_ID")
@GeneratedValue(strategy = GenerationType.AUTO)
@XmlElement(name = "membership-id", namespace = CORE_XML_NS)
private long membershipId;
@ManyToOne
@JoinColumn(name = "ROLE_ID")
@XmlTransient
private Role role;
@ManyToOne
@JoinColumn(name = "MEMBER_ID")
@XmlTransient
private Party member;
public long getMembershipId() {
return membershipId;
}
protected void setMembershipId(final long membershipId) {
this.membershipId = membershipId;
}
public Role getRole() {
return role;
}
protected void setRole(final Role role) {
this.role = role;
}
public Party getMember() {
return member;
}
protected void setMember(final Party member) {
this.member = member;
}
@Override
public int hashCode() {
int hash = 5;
hash = 37 * hash
+ (int) (membershipId ^ (membershipId >>> 32));
hash = 37 * hash + Objects.hashCode(role);
hash = 37 * hash + Objects.hashCode(member);
return hash;
}
@Override
public boolean equals(final Object obj) {
if (obj == null) {
return false;
}
if (!(obj instanceof RoleMembership)) {
return false;
}
final RoleMembership other = (RoleMembership) obj;
if (!other.canEqual(this)) {
return false;
}
if (membershipId != other.getMembershipId()) {
return false;
}
if (!Objects.equals(role, other.getRole())) {
return false;
}
return Objects.equals(member, other.getMember());
}
public boolean canEqual(final Object obj) {
return obj instanceof RoleMembership;
}
@Override
public String toString() {
return String.format("%s{ "
+ "membershipId = %d, "
+ "user = %s, "
+ "role = %s, "
+ " },",
super.toString(),
membershipId,
Objects.toString(member),
Objects.toString(role));
}
}

66
ccm-core/src/main/java/org/libreccm/security/RoleRepository.java 100644
View File

@ -0,0 +1,66 @@
/*
* Copyright (C) 2015 LibreCCM Foundation.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301 USA
*/
package org.libreccm.security;
import java.util.List;
import javax.enterprise.context.RequestScoped;
import javax.persistence.TypedQuery;
import org.libreccm.core.AbstractEntityRepository;
/**
* Repository class for {@link Role} entities.
*
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
*/
@RequestScoped
public class RoleRepository extends AbstractEntityRepository<Long, Role> {
@Override
public Class<Role> getEntityClass() {
return Role.class;
}
@Override
public boolean isNew(final Role entity) {
if (entity == null) {
throw new IllegalArgumentException("Can't save null.");
}
return entity.getRoleId() == 0;
}
/**
* Finds a role a its name.
*
* @param name The name of the role to retrieve.
* @return The role identified by the provided {@code name} or {@code null}
* if there is no matching role.
*/
public Role findByName(final String name) {
final TypedQuery<Role> query = getEntityManager().createNamedQuery(
"Role.findByName", Role.class);
query.setParameter("name", name);
final List<Role> result = query.getResultList();
if (result.isEmpty()) {
return null;
} else {
return result.get(0);
}
}
}

113
ccm-core/src/main/java/org/libreccm/security/Shiro.java 100644
View File

@ -0,0 +1,113 @@
/*
* Copyright (C) 2015 LibreCCM Foundation.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301 USA
*/
package org.libreccm.security;
import javax.annotation.PostConstruct;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.inject.Produces;
import javax.inject.Named;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.config.IniSecurityManagerFactory;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.SimplePrincipalCollection;
import org.apache.shiro.subject.Subject;
/**
* This application scoped CDI bean acts as bridge between CDI and Shiro. It
* initialises the Shiro environment and provides the Shiro
* {@link SecurityManager} and the current Shiro {@link Subject} via CDI
* producer methods.
*
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
*/
@ApplicationScoped
public class Shiro {
private static final Logger LOGGER = LogManager.getLogger(
Shiro.class);
/**
* Path to the Shiro INI file.
*/
private static final String INI_FILE = "classpath:shiro.ini";
/**
* The Shiro {@code SecurityManager}.
*/
private SecurityManager securityManager;
/**
* Initialises Shiro. The CDI container will call this method after creating
* an instance of this bean.
*/
@PostConstruct
public void init() {
LOGGER.debug("Shiro initialising...");
securityManager = new IniSecurityManagerFactory(INI_FILE)
.createInstance();
LOGGER.debug("Shiro SecurityManager created sucessfully.");
SecurityUtils.setSecurityManager(securityManager);
LOGGER.debug("Shiro initialised successfully.");
}
/**
* Provides access Shiro's {@link SecurityManager}.
*
* @return The Shiro {@link SecurityManager}.
*/
@Produces
@Named("securityManager")
public SecurityManager getSecurityManager() {
return securityManager;
}
/**
* Provides access the the current Shiro {@link Subject}.
*
* @return The current {@link Subject}.
*
*/
@Produces
public Subject getSubject() {
return SecurityUtils.getSubject();
}
public Subject getPublicUser() {
return buildInternalSubject("public-user");
}
public Subject getSystemUser() {
return buildInternalSubject("system-user");
}
private Subject buildInternalSubject(final String userName) {
final PrincipalCollection principals = new SimplePrincipalCollection(
userName, "CcmShiroRealm");
final Subject publicUser = new Subject.Builder()
.principals(principals)
.authenticated(true)
.buildSubject();
return publicUser;
}
}

52
ccm-core/src/main/java/org/libreccm/security/SystemUsersSetup.java 100644
View File

@ -0,0 +1,52 @@
/*
* Copyright (C) 2015 LibreCCM Foundation.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301 USA
*/
package org.libreccm.security;
import org.libreccm.core.CcmCore;
import org.libreccm.core.EmailAddress;
import javax.persistence.EntityManager;
/**
* Class used by {@link CcmCore#install(org.libreccm.modules.InstallEvent)} to
* create the system users.
*
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
*/
public class SystemUsersSetup {
private final EntityManager entityManager;
public SystemUsersSetup(final EntityManager entityManager) {
this.entityManager = entityManager;
}
public void setupSystemUsers() {
final User user = new User();
user.setName("public-user");
user.setFamilyName("ccm");
user.setGivenName("public user");
final EmailAddress email = new EmailAddress();
email.setAddress("public-user@localhost");
user.addEmailAddress(email);
entityManager.persist(user);
}
}

302
ccm-core/src/main/java/org/libreccm/security/User.java 100644
View File

@ -0,0 +1,302 @@
/*
* Copyright (C) 2015 LibreCCM Foundation.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301 USA
*/
package org.libreccm.security;
import static org.libreccm.core.CoreConstants.*;
import org.libreccm.core.EmailAddress;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import javax.persistence.AssociationOverride;
import javax.persistence.CollectionTable;
import javax.persistence.Column;
import javax.persistence.ElementCollection;
import javax.persistence.Embedded;
import javax.persistence.Entity;
import javax.persistence.FetchType;
import javax.persistence.JoinColumn;
import javax.persistence.JoinTable;
import javax.persistence.NamedQueries;
import javax.persistence.NamedQuery;
import javax.persistence.OneToMany;
import javax.persistence.Table;
import javax.validation.constraints.NotNull;
import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlElementWrapper;
import javax.xml.bind.annotation.XmlRootElement;
import javax.xml.bind.annotation.XmlTransient;
/**
* A user is a person (or a system) accessing CCM. A user authenticates itself
* using a password or other credentials.
*
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
*/
@Entity
@Table(name = "USERS", schema = DB_SCHEMA)
@NamedQueries({
@NamedQuery(name = "User.findByName",
query = "SELECT u FROM User u WHERE u.name = :name"),
@NamedQuery(name = "User.findByEmailAddress",
query = "SELECT u FROM User u "
+ "WHERE u.primaryEmailAddress.address = :emailAddress"
)})
@XmlRootElement(name = "user", namespace = CORE_XML_NS)
//Supressing a few warnings from PMD because they misleading here.
//User is perfectly fine class name, and the complexity is not to high...
@SuppressWarnings({"PMD.ShortClassName"})
public class User extends Party implements Serializable {
private static final long serialVersionUID = 4035223413596611393L;
/**
* The given name of the user.
*/
@Column(name = "GIVEN_NAME", length = 512)
@XmlElement(name = "given-name", namespace = CORE_XML_NS)
private String givenName;
/**
* The family name of the user.
*/
@Column(name = "FAMILY_NAME", length = 512)
@XmlElement(name = "family-name", namespace = CORE_XML_NS)
private String familyName;
/**
* The primary email address of the user.
*/
@Embedded
@AssociationOverride(
name = "USER_PRIMARY_EMAIL_ADDRESSES",
joinTable = @JoinTable(name = "USER_PRIMARY_EMAIL_ADDRESSES",
schema = DB_SCHEMA,
joinColumns = {
@JoinColumn(name = "USER_ID")
}))
@NotNull
@XmlElement(name = "primary-email-address", namespace = CORE_XML_NS)
@SuppressWarnings("PMD.LongVariable")
private EmailAddress primaryEmailAddress;
/**
* Additional email addresses of the user.
*/
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(name = "USER_EMAIL_ADDRESSES",
schema = DB_SCHEMA,
joinColumns = {
@JoinColumn(name = "USER_ID")})
@XmlElementWrapper(name = "email-addresses", namespace = CORE_XML_NS)
@XmlElement(name = "email-address", namespace = CORE_XML_NS)
private List<EmailAddress> emailAddresses;
/**
* A user can be banned which means that he or she can't login into
* the system anymore. We use this approach rather than simply deleting users
* to preserve the edit history of several objects.
*/
@Column(name = "BANNED")
@XmlElement(name = "banned", namespace = CORE_XML_NS)
private boolean banned;
/**
* The hashed password of the user. The algorithm used is determined by the
* Shiro configuration. The hash is stored in Shiros hash format which also
* contains the algorithm used, the number of iterations and the salt used.
*/
@Column(name = "PASSWORD", length = 2048)
@XmlTransient
private String password;
/**
* Indicates that the user should be forced to change his or her password on
* the next login.
*/
@Column(name = "PASSWORD_RESET_REQUIRED")
//Can't shorten the name without making the name cryptic.
@SuppressWarnings("PMD.LongVariable")
private boolean passwordResetRequired;
/**
* The groups of which the user is a member.
*/
@OneToMany(mappedBy = "member")
@XmlElementWrapper(name = "group-memberships", namespace = CORE_XML_NS)
@XmlElement(name = "group-membership", namespace = CORE_XML_NS)
private List<GroupMembership> groupMemberships = new ArrayList<>();
protected User() {
super();
emailAddresses = new ArrayList<>();
}
public String getGivenName() {
return givenName;
}
public void setGivenName(final String givenName) {
this.givenName = givenName;
}
public String getFamilyName() {
return familyName;
}
public void setFamilyName(final String familyName) {
this.familyName = familyName;
}
public EmailAddress getPrimaryEmailAddress() {
return primaryEmailAddress;
}
public void setPrimaryEmailAddress(final EmailAddress primaryEmailAddress) {
this.primaryEmailAddress = primaryEmailAddress;
}
public List<EmailAddress> getEmailAddresses() {
if (emailAddresses == null) {
return null;
} else {
return Collections.unmodifiableList(emailAddresses);
}
}
protected void setEmailAddresses(final List<EmailAddress> emailAddresses) {
this.emailAddresses = emailAddresses;
}
protected void addEmailAddress(final EmailAddress emailAddress) {
emailAddresses.add(emailAddress);
}
protected void removeEmailAddress(final EmailAddress emailAddress) {
emailAddresses.remove(emailAddress);
}
public boolean isBanned() {
return banned;
}
protected void setBanned(final boolean banned) {
this.banned = banned;
}
public String getPassword() {
return password;
}
protected void setPassword(final String password) {
this.password = password;
}
public boolean isPasswordResetRequired() {
return passwordResetRequired;
}
@SuppressWarnings("PMD.LongVariable")
protected void setPasswordResetRequired(final boolean passwordResetRequired) {
this.passwordResetRequired = passwordResetRequired;
}
public List<GroupMembership> getGroupMemberships() {
return Collections.unmodifiableList(groupMemberships);
}
protected void setGroupMemberships(
final List<GroupMembership> groupMemberships) {
this.groupMemberships = groupMemberships;
}
protected void addGroupMembership(final GroupMembership groupMembership) {
groupMemberships.add(groupMembership);
}
protected void removeGroupMembership(
final GroupMembership groupMembership) {
groupMemberships.remove(groupMembership);
}
@Override
public int hashCode() {
int hash = super.hashCode();
hash = 31 * hash + Objects.hashCode(givenName);
hash = 31 * hash + Objects.hashCode(familyName);
hash = 31 * hash + Objects.hashCode(primaryEmailAddress);
hash = 31 * hash + (banned ? 1 : 0);
return hash;
}
@Override
public boolean equals(final Object obj) {
if (obj == null) {
return false;
}
if (!super.equals(obj)) {
return false;
}
if (!(obj instanceof User)) {
return false;
}
final User other = (User) obj;
if (!Objects.equals(givenName, other.getGivenName())) {
return false;
}
if (!Objects.equals(familyName, other.getFamilyName())) {
return false;
}
if (!Objects.equals(primaryEmailAddress, other.getPrimaryEmailAddress())) {
return false;
}
return banned == other.isBanned();
}
@Override
public boolean canEqual(final Object obj) {
return obj instanceof User;
}
@Override
public String toString(final String data) {
return super.toString(String.format(
", givenName = \"%s\", "
+ "familyName = \"%s\", "
+ "primaryEmailAddress = { %s }, "
+ "emailAddresses = { %s }, "
+ "banned = %b, "
+ "passwordResetRequired = %b%s",
givenName,
familyName,
Objects.toString(primaryEmailAddress),
Objects.toString(emailAddresses),
banned,
passwordResetRequired,
data
));
}
}

168
ccm-core/src/main/java/org/libreccm/security/UserManager.java 100644
View File

@ -0,0 +1,168 @@
/*
* Copyright (C) 2015 LibreCCM Foundation.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301 USA
*/
package org.libreccm.security;
import com.arsdigita.kernel.security.SecurityConfig;
import javax.enterprise.context.RequestScoped;
import javax.inject.Inject;
import javax.validation.constraints.NotNull;
import javax.validation.constraints.Pattern;
import javax.validation.executable.ValidateOnExecution;
import org.apache.shiro.authc.credential.PasswordMatcher;
import org.apache.shiro.authc.credential.PasswordService;
import org.apache.shiro.crypto.SecureRandomNumberGenerator;
import org.apache.shiro.crypto.hash.SimpleHash;
import org.apache.shiro.crypto.hash.format.DefaultHashFormatFactory;
import org.apache.shiro.crypto.hash.format.HashFormat;
import org.apache.shiro.crypto.hash.format.HashFormatFactory;
import org.apache.shiro.crypto.hash.format.Shiro1CryptFormat;
import org.apache.shiro.util.ByteSource;
import org.libreccm.core.EmailAddress;
/**
* Provides various operations for user objects.
*
*
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
*/
@RequestScoped
public class UserManager {
@Inject
private UserRepository userRepository;
/**
* Creates a new user and saves the user in the database. The method also
* creates the password hash.
*
* @param givenName The given name of the new user.
* @param familyName The family name of the new user.
* @param name The name of the new user.
* @param emailAddress The email address of the new user.
* @param password The password of the new user. The password is hashed
* using the algorithm configured in the {@link SecurityConfig}.
*
* @return The new user.
*/
@ValidateOnExecution
public User createUser(final String givenName,
final String familyName,
@Pattern(regexp = "[a-zA-Z0-9\\-_]*")
final String name,
final String emailAddress,
final String password) {
final User user = new User();
user.setGivenName(givenName);
user.setFamilyName(familyName);
user.setName(name);
final EmailAddress email = new EmailAddress();
email.setAddress(emailAddress);
user.setPrimaryEmailAddress(email);
email.setVerified(true);
user.setPassword(hashPassword(password));
userRepository.save(user);
return user;
}
/**
* Updates the password of a user. This method allows {@code null} as
* password value. If a user has no password in the database this means that
* the user can't login or that the authentication for this user is done by
* an external system.
*
* @param user The user which password should be upgraded.
* @param newPassword The new password. The password is hashed using the
* algorithm configured in the {@link SecurityConfig}.
*/
public void updatePassword(@NotNull final User user,
final String newPassword) {
user.setPassword(hashPassword(newPassword));
userRepository.save(user);
}
/**
* Verifies the password of a user. This can be useful if you want to verify
* the password of a user already logged in again.
*
* @param user The user against which the password is verified.
* @param password The password to verify.
*
* @return {@code true} if the provided passworda matches the password from
* the database, {@code false} otherwise.
*/
public boolean verifyPassword(final User user, final String password) {
//Create a new Shiro PasswordMatcher instance
final PasswordMatcher matcher = new PasswordMatcher();
//Get the PasswordService instance from the matcher (the PasswordService
//class provides the methods we need here).
final PasswordService service = matcher.getPasswordService();
return service.passwordsMatch(password, user.getPassword());
}
/**
* Helper method for creating the hash of a password.
*
* @param password The password to hash.
*
* @return The hashed password.b
*/
private String hashPassword(final String password) {
//Get the values from the SecurityConfig
final String hashAlgo = SecurityConfig.getConfig().getHashAlgorithm();
final int iterations = SecurityConfig.getConfig().getHashIterations();
//Create the hash using Shiro's SimpleHash class
final SimpleHash hash = new SimpleHash(hashAlgo,
password.toCharArray(),
generateSalt(),
iterations);
//We want to use the Shiro1 format for storing the password. This
//format includes the algorithm used, the salt and the number of
//iterations used and the hashed password in special formatted string.
final HashFormatFactory hashFormatFactory = new DefaultHashFormatFactory();
final HashFormat hashFormat = hashFormatFactory.getInstance(
Shiro1CryptFormat.class.getName());
return hashFormat.format(hash);
}
/**
* Helper method for generating a random salt. The length of the generated
* salt is configured in the {@link SecurityConfig}.
*
* @return A new random salt.
*/
private ByteSource generateSalt() {
final int generatedSaltSize = SecurityConfig.getConfig().getSaltLength();
if (generatedSaltSize % 8 != 0) {
throw new IllegalArgumentException(
"Salt length is not a multipe of 8");
}
final SecureRandomNumberGenerator generator = new SecureRandomNumberGenerator();
final int byteSize = generatedSaltSize / 8; //generatedSaltSize is in *bits* - convert to byte size:
return generator.nextBytes(byteSize);
}
}

92
ccm-core/src/main/java/org/libreccm/security/UserRepository.java 100644
View File

@ -0,0 +1,92 @@
/*
* Copyright (C) 2015 LibreCCM Foundation.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301 USA
*/
package org.libreccm.security;
import org.libreccm.core.AbstractEntityRepository;
import java.util.List;
import javax.enterprise.context.RequestScoped;
import javax.persistence.TypedQuery;
/**
* Repository for user objects.
*
* @author <a href="mailto:jens.pelzetter@googlemail.com">Jens Pelzetter</a>
*/
@RequestScoped
public class UserRepository extends AbstractEntityRepository<Long, User> {
@Override
public Class<User> getEntityClass() {
return User.class;
}
@Override
public boolean isNew(final User user) {
if (user == null) {
throw new IllegalArgumentException("Can't save null");
}
return user.getPartyId() == 0;
}
/**
* Finds a user by its user name.
*
* @param name The name of the user to find.
*
* @return The user identified by the provided name. If there are multiple
* user matching the user name (should be possible) the first one is
* returned. If there is no matching user {@code null} is returned.
*/
public User findByName(final String name) {
final TypedQuery<User> query = getEntityManager().createNamedQuery(
"User.findByName",
User.class);
query.setParameter("name", name);
final List<User> result = query.getResultList();
if (result.isEmpty()) {
return null;
} else {
return result.get(0);
}
}
/**
* Finds user by the primary email address.
*
* @param emailAddress The email address which identifies the user.
*
* @return The user identified by the provided email address. If there are
* multiple matching users only the first one is returned. If there is no
* matching user {@code null} is returned.
*/
public User findByEmailAddress(final String emailAddress) {
final TypedQuery<User> query = getEntityManager().createNamedQuery(
"User.findByEmailAddress", User.class);
query.setParameter("emailAddress", emailAddress);
final List<User> result = query.getResultList();
if (result.isEmpty()) {
return null;
} else {
return result.get(0);
}
}
}

41
ccm-core/src/main/java/org/libreccm/security/package-info.java 100644
View File

@ -0,0 +1,41 @@
/*
* Copyright (C) 2015 LibreCCM Foundation.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301 USA
*/
/**
* This package contains all classes dealing with authentication and
* authorisation in LibreCCM.
*
* Most of this classes are only relevant for the developers of the core part
* of LibreCCM and and core administration UI. For developers of modules the
* primary interface is the Apache Shiro Library. Module developers usually have
* the use these classes only in the {@code CcmModule#install(InstallEvent)
* method to create roles and privileges for their module. Therefore most
* methods of these classes can only be invoked by the System user.
*
* The check if the current user is logged in and/or has a certain permission
* you have to obtain the current {@link Subject} from Shiro. In LibreCCM the
* subject is provided using CDI. In classes eligible for injection you simply
* inject the current subject. In other classes you can use the {@link CdiUtil}
* class.
*
* Another option for method of CDI beans is to use the interceptors provided by
* this package.
*
* @see CcmModule
*/
package org.libreccm.security;

42
ccm-core/src/main/java/org/libreccm/web/CcmApplication.java
View File

@ -27,7 +27,6 @@ import org.libreccm.categorization.DomainOwnership;
import static org.libreccm.core.CoreConstants.*; import static org.libreccm.core.CoreConstants.*;
import org.libreccm.core.Resource; import org.libreccm.core.Resource;
import org.libreccm.core.Group;
import java.io.Serializable; import java.io.Serializable;
import java.util.ArrayList; import java.util.ArrayList;
@ -74,11 +73,10 @@ public class CcmApplication extends Resource implements Serializable {
@XmlElement(name = "primary-url", namespace = WEB_XML_NS) @XmlElement(name = "primary-url", namespace = WEB_XML_NS)
private String primaryUrl; private String primaryUrl;
@OneToOne // @OneToOne
@JoinColumn(name = "CONTAINER_GROUP_ID") // @JoinColumn(name = "CONTAINER_GROUP_ID")
@XmlElement(name = "container-group", namespace = WEB_XML_NS) // @XmlElement(name = "container-group", namespace = WEB_XML_NS)
private Group containerGroup; // private Group containerGroup;
/** /**
* Category Domains owned by this {@code CcmObject}. * Category Domains owned by this {@code CcmObject}.
*/ */
@ -108,14 +106,13 @@ public class CcmApplication extends Resource implements Serializable {
this.primaryUrl = primaryUrl; this.primaryUrl = primaryUrl;
} }
public Group getContainerGroup() { // public Group getContainerGroup() {
return containerGroup; // return containerGroup;
} // }
//
public void setContainerGroup(final Group containerGroup) { // public void setContainerGroup(final Group containerGroup) {
this.containerGroup = containerGroup; // this.containerGroup = containerGroup;
} // }
/** /**
* Gets an <strong>unmodifiable</strong> list of the domains which are owned * Gets an <strong>unmodifiable</strong> list of the domains which are owned
* by the {@code CcmApplication}. * by the {@code CcmApplication}.
@ -162,7 +159,7 @@ public class CcmApplication extends Resource implements Serializable {
public int hashCode() { public int hashCode() {
int hash = super.hashCode(); int hash = super.hashCode();
hash = 97 * hash + Objects.hashCode(primaryUrl); hash = 97 * hash + Objects.hashCode(primaryUrl);
hash = 97 * hash + Objects.hashCode(containerGroup); // hash = 97 * hash + Objects.hashCode(containerGroup);
return hash; return hash;
} }
@ -185,10 +182,7 @@ public class CcmApplication extends Resource implements Serializable {
return false; return false;
} }
if (!Objects.equals(primaryUrl, other.getPrimaryUrl())) { return Objects.equals(primaryUrl, other.getPrimaryUrl());
return false;
}
return Objects.equals(containerGroup, other.getContainerGroup());
} }
@Override @Override
@ -198,11 +192,15 @@ public class CcmApplication extends Resource implements Serializable {
@Override @Override
public String toString(final String data) { public String toString(final String data) {
return super.toString(String.format(", primaryUrl = \"%s\", " return super.toString(String.format(", primaryUrl = \"%s\"%s",
+ "containerGroup = %s%s",
primaryUrl, primaryUrl,
Objects.toString(containerGroup),
data)); data));
// return super.toString(String.format(", primaryUrl = \"%s\", "
// + "containerGroup = %s%s",
// primaryUrl,
// Objects.toString(containerGroup),
// data));
} }
} }

4
ccm-core/src/main/java/org/libreccm/workflow/Task.java
View File

@ -70,7 +70,7 @@ public class Task implements Serializable {
@Embedded @Embedded
@AssociationOverride( @AssociationOverride(
name = "VALUES", name = "values",
joinTable = @JoinTable(name = "WORKFLOW_TASK_LABELS", joinTable = @JoinTable(name = "WORKFLOW_TASK_LABELS",
schema = DB_SCHEMA, schema = DB_SCHEMA,
joinColumns = { joinColumns = {
@ -79,7 +79,7 @@ public class Task implements Serializable {
@Embedded @Embedded
@AssociationOverride( @AssociationOverride(
name = "VALUES", name = "values",
joinTable = @JoinTable(name = "WORKFLOW_TASKS_DESCRIPTIONS", joinTable = @JoinTable(name = "WORKFLOW_TASKS_DESCRIPTIONS",
schema = DB_SCHEMA, schema = DB_SCHEMA,
joinColumns = { joinColumns = {

4
ccm-core/src/main/java/org/libreccm/workflow/UserTask.java
View File

@ -20,8 +20,8 @@ package org.libreccm.workflow;
import static org.libreccm.core.CoreConstants.*; import static org.libreccm.core.CoreConstants.*;
import org.libreccm.core.User; import org.libreccm.security.Group;
import org.libreccm.core.Group; import org.libreccm.security.User;
import java.io.Serializable; import java.io.Serializable;
import java.util.ArrayList; import java.util.ArrayList;

4
ccm-core/src/main/java/org/libreccm/workflow/Workflow.java
View File

@ -57,7 +57,7 @@ public class Workflow implements Serializable {
@Embedded @Embedded
@AssociationOverride( @AssociationOverride(
name = "VALUES", name = "values",
joinTable = @JoinTable(name = "WORKFLOW_NAMES", joinTable = @JoinTable(name = "WORKFLOW_NAMES",
schema = DB_SCHEMA, schema = DB_SCHEMA,
joinColumns = { joinColumns = {
@ -66,7 +66,7 @@ public class Workflow implements Serializable {
@Embedded @Embedded
@AssociationOverride( @AssociationOverride(
name = "VALUES", name = "values",
joinTable = @JoinTable(name = "WORKFLOW_DESCRIPTIONS", joinTable = @JoinTable(name = "WORKFLOW_DESCRIPTIONS",
schema = DB_SCHEMA, schema = DB_SCHEMA,
joinColumns = { joinColumns = {

Some files were not shown because too many files have changed in this diff Show More