1 package org.apache.fulcrum.security.spi;
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21 import org.apache.commons.lang3.StringUtils;
22 import org.apache.fulcrum.security.UserManager;
23 import org.apache.fulcrum.security.acl.AccessControlList;
24 import org.apache.fulcrum.security.authenticator.Authenticator;
25 import org.apache.fulcrum.security.entity.User;
26 import org.apache.fulcrum.security.model.ACLFactory;
27 import org.apache.fulcrum.security.util.DataBackendException;
28 import org.apache.fulcrum.security.util.EntityExistsException;
29 import org.apache.fulcrum.security.util.PasswordMismatchException;
30 import org.apache.fulcrum.security.util.UnknownEntityException;
31
32
33
34
35
36
37
38
39
40
41
42 public abstract class AbstractUserManager extends AbstractEntityManager implements UserManager
43 {
44
45 private static final long serialVersionUID = 1L;
46
47
48
49
50
51
52
53 protected abstract <T extends User> T persistNewUser(T user) throws DataBackendException;
54
55 private ACLFactory aclFactory;
56 private Authenticator authenticator;
57
58
59
60
61 @Override
62 public <T extends AccessControlList> T getACL(User user) throws UnknownEntityException
63 {
64 return getACLFactory().getAccessControlList(user);
65 }
66
67
68
69
70
71
72
73
74
75
76
77
78 @Override
79 public boolean checkExists(User user) throws DataBackendException
80 {
81 return checkExists(user.getName());
82 }
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101 @Override
102 public <T extends User> T getUser(String userName, String password) throws PasswordMismatchException, UnknownEntityException, DataBackendException
103 {
104 T user = getUser(userName);
105 authenticate(user, password);
106 return user;
107 }
108
109 @Override
110 public <T extends User> T getUser(String name) throws DataBackendException, UnknownEntityException
111 {
112 @SuppressWarnings("unchecked")
113 T user = (T)getAllUsers().getByName(name);
114 if (user == null)
115 {
116 throw new UnknownEntityException("The specified user does not exist");
117 }
118 return user;
119 }
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134 @Override
135 public <T extends User> T getUserById(Object id) throws DataBackendException, UnknownEntityException
136 {
137 @SuppressWarnings("unchecked")
138 T user = (T)getAllUsers().getById(id);
139 if (user == null)
140 {
141 throw new UnknownEntityException("The specified user does not exist");
142 }
143 return user;
144 }
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162 @Override
163 public void authenticate(User user, String password) throws PasswordMismatchException, UnknownEntityException, DataBackendException
164 {
165 if (authenticator == null)
166 {
167 authenticator = (Authenticator) resolve(Authenticator.ROLE);
168
169 }
170 if (!authenticator.authenticate(user, password))
171 {
172 throw new PasswordMismatchException("Can not authenticate user.");
173 }
174 }
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193 @Override
194 public void changePassword(User user, String oldPassword, String newPassword) throws PasswordMismatchException, UnknownEntityException,
195 DataBackendException
196 {
197 if (!checkExists(user))
198 {
199 throw new UnknownEntityException("The account '" + user.getName() + "' does not exist");
200 }
201 if (!oldPassword.equals(user.getPassword()))
202 {
203 throw new PasswordMismatchException("The supplied old password for '" + user.getName() + "' was incorrect");
204 }
205 user.setPassword(newPassword);
206
207
208
209 saveUser(user);
210 }
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229 @Override
230 public void forcePassword(User user, String password) throws UnknownEntityException, DataBackendException
231 {
232 if (!checkExists(user))
233 {
234 throw new UnknownEntityException("The account '" + user.getName() + "' does not exist");
235 }
236 user.setPassword(password);
237
238
239
240 saveUser(user);
241 }
242
243
244
245
246
247
248
249
250
251
252
253 @Override
254 public <T extends User> T getUserInstance() throws DataBackendException
255 {
256 try
257 {
258 @SuppressWarnings("unchecked")
259 T user = (T) Class.forName(getClassName()).newInstance();
260 return user;
261 }
262 catch (Exception e)
263 {
264 throw new DataBackendException("Problem creating instance of class " + getClassName(), e);
265 }
266 }
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282 @Override
283 public <T extends User> T getUserInstance(String userName) throws DataBackendException
284 {
285 T user = getUserInstance();
286 user.setName(userName);
287 return user;
288 }
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303 @Override
304 public <T extends User> T addUser(T user, String password) throws DataBackendException, EntityExistsException
305 {
306 if (StringUtils.isEmpty(user.getName()))
307 {
308 throw new DataBackendException("Could not create " + "an user with empty name!");
309 }
310 if (checkExists(user))
311 {
312 throw new EntityExistsException("The account '" + user.getName() + "' already exists");
313 }
314 user.setPassword(password);
315 try
316 {
317 return persistNewUser(user);
318 }
319 catch (Exception e)
320 {
321 throw new DataBackendException("Failed to create account '" + user.getName() + "'", e);
322 }
323 }
324
325
326
327
328 public ACLFactory getACLFactory()
329 {
330 if (aclFactory == null)
331 {
332 aclFactory = (ACLFactory) resolve(ACLFactory.ROLE);
333 }
334 return aclFactory;
335 }
336
337 }