turbinerolemanagement.java
来自「jetspeed源代码」· Java 代码 · 共 625 行 · 第 1/2 页
JAVA
625 行
{
conn = Torque.getConnection();
Role role = this.getRole(rolename);
Criteria criteria = new Criteria();
criteria.add(TurbineRolePeer.ROLE_NAME, rolename);
if(cascadeDelete)
{
// CASCADE TURBINE_USER_GROUP_ROLE, TURBINE_ROLE_PERMISSION
Criteria criteria1 = new Criteria();
criteria1.add(TurbineUserGroupRolePeer.ROLE_ID, role.getId());
TurbineUserGroupRolePeer.doDelete(criteria1, conn);
Criteria criteria2 = new Criteria();
criteria2.add(TurbineRolePermissionPeer.ROLE_ID, role.getId());
TurbineRolePermissionPeer.doDelete(criteria2, conn);
}
TurbineRolePeer.doDelete(criteria, conn);
PsmlManager.removeRoleDocuments(role);
conn.commit();
if (cachingEnable)
{
JetspeedSecurityCache.removeAllRoles(rolename);
}
}
catch(Exception e)
{
try
{
conn.rollback();
}
catch (java.sql.SQLException sqle)
{
Log.error(sqle);
}
throw new RoleException("Failed to remove role '" +
rolename + "'", e);
}
finally
{
try
{
Torque.closeConnection(conn);
}
catch (Exception e){}
}
}
/**
* Grants a role to a user.
*
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @exception RoleException when the security provider has a general failure retrieving users.
* @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public void grantRole(String username, String rolename)
throws JetspeedSecurityException
{
grantRole(username, rolename, GroupManagement.DEFAULT_GROUP_NAME);
}
public void grantRole(String username, String rolename, String groupname)
throws JetspeedSecurityException
{
try
{
JetspeedUser user = JetspeedSecurity.getUser(username);
Role role = this.getRole(rolename);
Group group = JetspeedSecurity.getGroup(groupname);
Criteria criteria = new Criteria();
criteria.add(TurbineUserGroupRolePeer.USER_ID, user.getUserId());
criteria.add(TurbineUserGroupRolePeer.GROUP_ID, group.getId());
criteria.add(TurbineUserGroupRolePeer.ROLE_ID, role.getId());
TurbineUserGroupRolePeer.doInsert(criteria);
if (cachingEnable)
{
JetspeedSecurityCache.addRole(username, role, group);
}
}
catch(Exception e)
{
throw new RoleException("Grant role '" + rolename + "' to user '" + username + "' failed: ", e);
}
}
/**
* Revokes a role from a user.
*
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @exception RoleException when the security provider has a general failure retrieving users.
* @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public void revokeRole(String username, String rolename)
throws JetspeedSecurityException
{
revokeRole(username, rolename, GroupManagement.DEFAULT_GROUP_NAME);
}
public void revokeRole(String username, String rolename, String groupname)
throws JetspeedSecurityException
{
try
{
JetspeedUser user = JetspeedSecurity.getUser(username);
Role role = this.getRole(rolename);
Group group = JetspeedSecurity.getGroup(groupname);
Criteria criteria = new Criteria();
criteria.add(TurbineUserGroupRolePeer.USER_ID, user.getUserId());
criteria.add(TurbineUserGroupRolePeer.GROUP_ID, group.getId());
criteria.add(TurbineUserGroupRolePeer.ROLE_ID, role.getId());
TurbineUserGroupRolePeer.doDelete(criteria);
if (cachingEnable)
{
JetspeedSecurityCache.removeRole(username, rolename, groupname);
}
}
catch(Exception e)
{
throw new RoleException("Revoke role '" + rolename + "' to user '" + username + "' failed: ", e);
}
}
/**
* Checks for the relationship of user has a role. Returns true when the user has the given role.
*
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @exception RoleException when the security provider has a general failure retrieving users.
* @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public boolean hasRole(String username, String rolename)
throws JetspeedSecurityException
{
return hasRole(username, rolename, GroupManagement.DEFAULT_GROUP_NAME);
}
public boolean hasRole(String username, String rolename, String groupname)
throws JetspeedSecurityException
{
List roles;
try
{
if (cachingEnable)
{
CachedAcl acl = JetspeedSecurityCache.getAcl(username);
if (null != acl)
{
return acl.hasRole(rolename, groupname);
}
}
JetspeedUser user = JetspeedSecurity.getUser(username);
Role role = this.getRole(rolename);
Group group = JetspeedSecurity.getGroup(groupname);
Criteria criteria = new Criteria();
criteria.add(TurbineUserGroupRolePeer.USER_ID, user.getUserId());
criteria.add(TurbineUserGroupRolePeer.GROUP_ID, group.getId());
criteria.add(TurbineUserGroupRolePeer.ROLE_ID, role.getId());
roles = TurbineUserGroupRolePeer.doSelect(criteria);
}
catch(Exception e)
{
throw new RoleException("Failed to check role '" +
rolename + "'", e);
}
return ( roles.size() > 0 );
}
/**
* Retrieves a single <code>Role</code> for a given rolename principal.
*
* The security service may optionally check the current user context
* to determine if the requestor has permission to perform this action.
*
* @param rolename a role principal identity to be retrieved.
* @return Role the role record retrieved.
* @exception RoleException when the security provider has a general failure.
* @exception InsufficientPrivilegeException when the requestor is denied due to insufficient privilege
*/
public Role getRole(String rolename)
throws JetspeedSecurityException
{
List roles;
try
{
Criteria criteria = new Criteria();
criteria.add(TurbineRolePeer.ROLE_NAME, rolename);
roles = TurbineRolePeer.doSelect(criteria);
}
catch(Exception e)
{
throw new RoleException("Failed to retrieve role '" +
rolename + "'", e);
}
if ( roles.size() > 1 )
{
throw new RoleException(
"Multiple Roles with same rolename '" + rolename + "'");
}
if ( roles.size() == 1 )
{
TurbineRole role = (TurbineRole)roles.get(0);
return role;
}
throw new RoleException("Unknown role '" + rolename + "'");
}
///////////////////////////////////////////////////////////////////////////
// Internal
///////////////////////////////////////////////////////////////////////////
protected JetspeedRunData getRunData()
{
JetspeedRunData rundata = null;
if (this.runDataService != null)
{
rundata = this.runDataService.getCurrentRunData();
}
return rundata;
}
/**
* Check whether a specified role exists.
*
* The login name is used for looking up the account.
*
* @param roleName the name of the role to check for existence.
* @return true if the specified account exists
* @throws RoleException if there was a general db access error
*
*/
protected boolean roleExists(String roleName)
throws RoleException
{
Criteria criteria = new Criteria();
criteria.add(TurbineRolePeer.ROLE_NAME, roleName);
List roles;
try
{
roles = TurbineRolePeer.doSelect(criteria);
}
catch(Exception e)
{
throw new RoleException(
"Failed to check account's presence", e);
}
if (roles.size() < 1)
{
return false;
}
return true;
}
///////////////////////////////////////////////////////////////////////////
// Service Init
///////////////////////////////////////////////////////////////////////////
/**
* This is the early initialization method called by the
* Turbine <code>Service</code> framework
* @param conf The <code>ServletConfig</code>
* @exception throws a <code>InitializationException</code> if the service
* fails to initialize
*/
public synchronized void init(ServletConfig conf)
throws InitializationException
{
if (getInit()) return;
super.init(conf);
// get configuration parameters from Jetspeed Resources
ResourceService serviceConf = ((TurbineServices)TurbineServices.getInstance())
.getResources(JetspeedSecurityService.SERVICE_NAME);
this.runDataService =
(JetspeedRunDataService)TurbineServices.getInstance()
.getService(RunDataService.SERVICE_NAME);
cascadeDelete = serviceConf.getBoolean( CASCADE_DELETE, DEFAULT_CASCADE_DELETE );
cachingEnable = serviceConf.getBoolean( CACHING_ENABLE, cachingEnable );
setInit(true);
}
}
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?