/*
* JBoss, a division of Red Hat
* Copyright 2006, Red Hat Middleware, LLC, and individual contributors as indicated
* by the @authors tag. See the copyright.txt in the distribution for a
* full listing of individual contributors.
*
* This is free software; you can redistribute it and/or modify it
* under the terms of the GNU Lesser General Public License as
* published by the Free Software Foundation; either version 2.1 of
* the License, or (at your option) any later version.
*
* This software is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this software; if not, write to the Free
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
package org.jboss.identity.idm.impl.api.session.managers;
import org.jboss.identity.idm.api.RoleManager;
import org.jboss.identity.idm.api.IdentitySession;
import org.jboss.identity.idm.api.RoleType;
import org.jboss.identity.idm.api.Role;
import org.jboss.identity.idm.api.User;
import org.jboss.identity.idm.api.Group;
import org.jboss.identity.idm.api.IdentityType;
import org.jboss.identity.idm.api.RoleManagerFeaturesDescription;
import org.jboss.identity.idm.api.IdentitySearchControl;
import org.jboss.identity.idm.exception.IdentityException;
import org.jboss.identity.idm.spi.model.IdentityObjectRelationshipType;
import org.jboss.identity.idm.spi.model.IdentityObjectRelationship;
import org.jboss.identity.idm.spi.model.IdentityObjectType;
import org.jboss.identity.idm.spi.model.IdentityObject;
import org.jboss.identity.idm.spi.exception.OperationNotSupportedException;
import org.jboss.identity.idm.spi.searchcontrol.IdentityObjectSearchControl;
import org.jboss.identity.idm.impl.api.session.managers.AbstractManager;
import org.jboss.identity.idm.impl.api.model.SimpleRoleType;
import org.jboss.identity.idm.impl.api.model.SimpleRole;
import java.util.Collection;
import java.util.Set;
import java.util.HashSet;
import java.util.List;
import java.util.LinkedList;
/**
* @author <a href="mailto:boleslaw.dawidowicz at redhat.com">Boleslaw Dawidowicz</a>
* @version : 0.1 $
*/
public class RoleManagerImpl extends AbstractManager implements RoleManager
{
public static final IdentityObjectRelationshipType ROLE = new IdentityObjectRelationshipType()
{
public String getName()
{
return "JBOSS_IDENTITY_ROLE";
}
};
private final RoleManagerFeaturesDescription featuresDescription;
public RoleManagerImpl(IdentitySession session)
{
super(session);
featuresDescription = new RoleManagerFeaturesDescription()
{
public boolean isRoleTypeAddRemoveSupported()
{
return getSessionContext().getIdentityStoreRepository().getSupportedFeatures().isRelationshipNameAddRemoveSupported();
}
public boolean isRoleTypeSearchControlSupported(Class controlClazz)
{
return getSessionContext().getIdentityStoreRepository().getSupportedFeatures().isRoleNameControlSupported(controlClazz);
}
public boolean isRoleTypeSearchControlSupported(IdentitySearchControl control)
{
if (control instanceof IdentityObjectSearchControl)
{
return getSessionContext().getIdentityStoreRepository().getSupportedFeatures().
isRoleNameControlSupported((IdentityObjectSearchControl)control);
}
else
{
return false;
}
}
};
}
public RoleManagerFeaturesDescription getSupportedFeatures()
{
return featuresDescription;
}
public RoleType createRoleType(String name) throws IdentityException
{
checkNotNullArgument(name, "RoleType name");
checkObjectName(name);
String roleType = null;
try
{
roleType = getRepository().createRelationshipName(getInvocationContext(), name);
}
catch (OperationNotSupportedException e)
{
throw new IdentityException("Role management not supported");
}
return new SimpleRoleType(roleType);
}
public void removeRoleType(String name) throws IdentityException
{
checkNotNullArgument(name, "RoleType name");
try
{
getRepository().removeRelationshipName(getInvocationContext(), name);
}
catch (OperationNotSupportedException e)
{
throw new IdentityException("Role management not supported");
}
}
public void removeRoleType(RoleType roleType) throws IdentityException
{
checkNotNullArgument(roleType, "RoleType");
removeRoleType(roleType.getName());
}
public RoleType getRoleType(String name) throws IdentityException
{
checkNotNullArgument(name, "RoleType name");
try
{
Set<String> names = getRepository().getRelationshipNames(getInvocationContext(), null);
if (names.contains(name))
{
return new SimpleRoleType(name);
}
}
catch (OperationNotSupportedException e)
{
throw new IdentityException("Role management not supported");
}
return null;
}
public Collection<RoleType> findRoleTypes(IdentitySearchControl[] controls) throws IdentityException
{
try
{
Set<String> names = getRepository().getRelationshipNames(getInvocationContext(), convertSearchControls(controls));
Set<RoleType> types = new HashSet<RoleType>();
for (String name : names)
{
types.add(new SimpleRoleType(name));
}
return types;
}
catch (OperationNotSupportedException e)
{
throw new IdentityException("Role management not supported");
}
}
public Role createRole(RoleType roleType, User identity, Group group) throws IdentityException
{
checkNotNullArgument(roleType, "RoleType");
checkNotNullArgument(identity, "User");
checkNotNullArgument(group, "Group");
//TODO: add createRoleType switch to the API
IdentityObjectRelationship rel = getRepository().createRelationship(getInvocationContext(), createIdentityObject(group), createIdentityObject(identity), ROLE, roleType.getName(), false);
//TODO: null id - IdentityObjectRelationship doesn't have id
return new SimpleRole(new SimpleRoleType(rel.getName()), createUser(rel.getToIdentityObject()), createGroup(rel.getFromIdentityObject()));
}
public Role createRole(String roleTypeName, String userName, String groupId) throws IdentityException
{
checkNotNullArgument(roleTypeName, "RoleType name");
checkNotNullArgument(userName, "User name");
checkNotNullArgument(groupId, "Group Id");
User user = createUserFromId(userName);
Group group = createGroupFromId(groupId);
return createRole(new SimpleRoleType(roleTypeName), user, group);
}
public void removeRole(RoleType roleType, User identity, Group group) throws IdentityException
{
checkNotNullArgument(roleType, "RoleType");
checkNotNullArgument(identity, "User");
checkNotNullArgument(group, "Group");
getRepository().removeRelationship(getInvocationContext(), createIdentityObject(group), createIdentityObject(identity), ROLE, roleType.getName());
}
public void removeRole(String roleTypeName, String userName, String groupId) throws IdentityException
{
checkNotNullArgument(roleTypeName, "RoleType name");
checkNotNullArgument(userName, "User name");
checkNotNullArgument(groupId, "Group Id");
User user = createUserFromId(userName);
Group group = createGroupFromId(groupId);
removeRole(new SimpleRoleType(roleTypeName), user, group);
}
public void removeRole(Role role) throws IdentityException
{
checkNotNullArgument(role, "Role");
getRepository().removeRelationship(getInvocationContext(), createIdentityObject(role.getGroup()), createIdentityObject(role.getIdentity()), ROLE, role.getRoleType().getName());
}
public boolean hasRole(User identity, Group group, RoleType roleType) throws IdentityException
{
checkNotNullArgument(roleType, "RoleType");
checkNotNullArgument(identity, "User");
checkNotNullArgument(group, "Group");
//TODO: does separate hasRelationship method in IdentityStore makes sense?
Set<IdentityObjectRelationship> rels = getRepository().resolveRelationships(getInvocationContext(), createIdentityObject(group), createIdentityObject(identity), ROLE);
for (IdentityObjectRelationship rel : rels)
{
if (rel.getType().getName().equals(ROLE.getName()) && rel.getName() != null && rel.getName().equals(roleType.getName()))
{
return true;
}
}
return false;
}
public boolean hasRole(String userName, String groupId, String roleTypeName) throws IdentityException
{
checkNotNullArgument(roleTypeName, "RoleType name");
checkNotNullArgument(userName, "User name");
checkNotNullArgument(groupId, "Group Id");
User user = createUserFromId(userName);
Group group = createGroupFromId(groupId);
return hasRole(user, group, new SimpleRoleType(roleTypeName));
}
public Collection<RoleType> findRoleTypes(User identity, Group group) throws IdentityException
{
checkNotNullArgument(identity, "User");
checkNotNullArgument(group, "Group");
return findRoleTypes(identity, group, null);
}
public Collection<RoleType> findRoleTypes(User identity, Group group, IdentitySearchControl[] controls) throws IdentityException
{
checkNotNullArgument(identity, "User");
checkNotNullArgument(group, "Group");
Set<IdentityObjectRelationship> rels = getRepository().resolveRelationships(getInvocationContext(), createIdentityObject(group), createIdentityObject(identity), ROLE);
Set<RoleType> types = new HashSet<RoleType>();
for (IdentityObjectRelationship rel : rels)
{
types.add(new SimpleRoleType(rel.getName()));
}
return types;
}
public Collection<RoleType> findRoleTypes(String userName, String groupId, IdentitySearchControl[] controls) throws IdentityException
{
checkNotNullArgument(userName, "User name");
checkNotNullArgument(groupId, "Group Id");
User user = createUserFromId(userName);
Group group = createGroupFromId(groupId);
return findRoleTypes(user, group, controls);
}
public Collection<RoleType> findUserRoleTypes(User identity) throws IdentityException
{
checkNotNullArgument(identity, "User");
return findUserRoleTypes(identity, null);
}
public Collection<RoleType> findUserRoleTypes(User identity, IdentitySearchControl[] controls) throws IdentityException
{
checkNotNullArgument(identity, "User");
Set<RoleType> types = new HashSet<RoleType>();
try
{
Collection<String> names = getRepository().getRelationshipNames(getInvocationContext(), createIdentityObject(identity), convertSearchControls(controls));
for (String name : names)
{
types.add(new SimpleRoleType(name));
}
return types;
}
catch (OperationNotSupportedException e)
{
throw new IdentityException("Role management not supported", e);
}
}
public Collection<RoleType> findUserRoleTypes(String userName, IdentitySearchControl[] controls) throws IdentityException
{
checkNotNullArgument(userName, "User name");
User user = createUserFromId(userName);
return findUserRoleTypes(user, controls);
}
public Collection<RoleType> findGroupRoleTypes(Group group) throws IdentityException
{
checkNotNullArgument(group, "Group");
return findGroupRoleTypes(group, null);
}
public Collection<RoleType> findGroupRoleTypes(String groupId, IdentitySearchControl[] controls) throws IdentityException
{
checkNotNullArgument(groupId, "Group Id");
Group group = createGroupFromId(groupId);
return findGroupRoleTypes(group, controls);
}
public Collection<RoleType> findGroupRoleTypes(Group group, IdentitySearchControl[] controls) throws IdentityException
{
checkNotNullArgument(group, "Group");
Set<RoleType> types = new HashSet<RoleType>();
try
{
Collection<String> names = getRepository().getRelationshipNames(getInvocationContext(), createIdentityObject(group), convertSearchControls(controls));
for (String name : names)
{
types.add(new SimpleRoleType(name));
}
return types;
}
catch (OperationNotSupportedException e)
{
throw new IdentityException("Role management not supported");
}
}
public Collection<Group> findGroupsWithRelatedRole(User identity, IdentitySearchControl[] controls) throws IdentityException
{
checkNotNullArgument(identity, "User");
List<Group> identities = new LinkedList<Group>();
Collection<IdentityObject> ios = null;
ios = getRepository().findIdentityObject(getInvocationContext(), createIdentityObject(identity), ROLE, false, convertSearchControls(controls));
for (IdentityObject io : ios)
{
identities.add(createGroup(io));
}
return identities;
}
public Collection<Group> findGroupsWithRelatedRole(String userName, IdentitySearchControl[] controls) throws IdentityException
{
checkNotNullArgument(userName, "User name");
User user = createUserFromId(userName);
return findGroupsWithRelatedRole(user, controls);
}
public Collection<Group> findGroupsWithRelatedRole(User identity, String groupType, IdentitySearchControl[] controls) throws IdentityException
{
checkNotNullArgument(identity, "User");
checkNotNullArgument(groupType, "Group type");
List<Group> identities = new LinkedList<Group>();
IdentityObjectType iot = getIdentityObjectType(groupType);
Collection<IdentityObject> ios = null;
ios = getRepository().findIdentityObject(getInvocationContext(), createIdentityObject(identity), ROLE, false, convertSearchControls(controls));
for (IdentityObject io : ios)
{
if (io.getIdentityType().getName().equals(iot.getName()))
{
identities.add(createGroup(io));
}
}
return identities;
}
public Collection<Group> findGroupsWithRelatedRole(String userName, String groupType, IdentitySearchControl[] controls) throws IdentityException
{
checkNotNullArgument(userName, "User name");
checkNotNullArgument(groupType, "Group type");
User user = createUserFromId(userName);
return findGroupsWithRelatedRole(user, groupType, controls);
}
public Collection<Role> findRoles(IdentityType identityType, RoleType roleType) throws IdentityException
{
checkNotNullArgument(identityType, "IdentityType");
checkNotNullArgument(roleType, "RoleType");
Set<Role> roles = new HashSet<Role>();
Set<IdentityObjectRelationship> relationships = null;
// If Identity then search for parent relationships
if (identityType instanceof User)
{
relationships = getRepository().resolveRelationships(getInvocationContext(), createIdentityObject(identityType), ROLE, false, true, null);
}
// If Group then search for child relationships
else
{
relationships = getRepository().resolveRelationships(getInvocationContext(), createIdentityObject(identityType), ROLE, true, true, null);
}
for (IdentityObjectRelationship relationship : relationships)
{
if (roleType.getName().equals(relationship.getName()))
{
roles.add(new SimpleRole(new SimpleRoleType(relationship.getName()), createUser(relationship.getToIdentityObject()), createGroup(relationship.getFromIdentityObject())));
}
}
return roles;
}
public <T extends IdentityType> Collection<Role> findRoles(String id, String roleTypeName) throws IdentityException
{
checkNotNullArgument(id, "Group id or User name");
checkNotNullArgument(roleTypeName, "RoleType name");
return findRoles(createIdentityTypeFromId(id), new SimpleRoleType(roleTypeName));
}
}