[Registry-dev] svn commit r9503 - in
trunk/registry/modules/core/src/main/java/org/wso2/registry:
jdbc/utils secure
svn at wso2.org
svn at wso2.org
Tue Nov 6 17:40:02 PST 2007
Author: chathura
Date: Tue Nov 6 17:40:01 2007
New Revision: 9503
Modified:
trunk/registry/modules/core/src/main/java/org/wso2/registry/jdbc/utils/AuthorizationUtil.java
trunk/registry/modules/core/src/main/java/org/wso2/registry/secure/RegistryRealm.java
trunk/registry/modules/core/src/main/java/org/wso2/registry/secure/RegistryUserManager.java
trunk/registry/modules/core/src/main/java/org/wso2/registry/secure/SecureRegistry.java
Log:
Refactored the registry code to be compatible with the changes of the WSO2 user manager.
Modified: trunk/registry/modules/core/src/main/java/org/wso2/registry/jdbc/utils/AuthorizationUtil.java
==============================================================================
--- trunk/registry/modules/core/src/main/java/org/wso2/registry/jdbc/utils/AuthorizationUtil.java (original)
+++ trunk/registry/modules/core/src/main/java/org/wso2/registry/jdbc/utils/AuthorizationUtil.java Tue Nov 6 17:40:01 2007
@@ -23,6 +23,7 @@
import org.wso2.registry.RegistryException;
import org.wso2.usermanager.Realm;
import org.wso2.usermanager.UserManagerException;
+import org.wso2.usermanager.AccessControlAdmin;
public class AuthorizationUtil {
@@ -32,16 +33,17 @@
throws RegistryException {
try {
+ AccessControlAdmin accessControlAdmin = realm.getAccessControlAdmin();
- realm.authorizeUser(RegistryConstants.ADMIN_USER, path, ActionConstants.GET);
- realm.authorizeUser(RegistryConstants.ADMIN_USER, path, ActionConstants.PUT);
- realm.authorizeUser(RegistryConstants.ADMIN_USER, path, ActionConstants.DELETE);
- realm.authorizeUser(RegistryConstants.ADMIN_USER, path, ActionConstants.AUTHORIZE);
-
- realm.authorizeUser(authorUserName, path, ActionConstants.GET);
- realm.authorizeUser(authorUserName, path, ActionConstants.PUT);
- realm.authorizeUser(authorUserName, path, ActionConstants.DELETE);
- realm.authorizeUser(authorUserName, path, ActionConstants.AUTHORIZE);
+ accessControlAdmin.authorizeUser(RegistryConstants.ADMIN_USER, path, ActionConstants.GET);
+ accessControlAdmin.authorizeUser(RegistryConstants.ADMIN_USER, path, ActionConstants.PUT);
+ accessControlAdmin.authorizeUser(RegistryConstants.ADMIN_USER, path, ActionConstants.DELETE);
+ accessControlAdmin.authorizeUser(RegistryConstants.ADMIN_USER, path, ActionConstants.AUTHORIZE);
+
+ accessControlAdmin.authorizeUser(authorUserName, path, ActionConstants.GET);
+ accessControlAdmin.authorizeUser(authorUserName, path, ActionConstants.PUT);
+ accessControlAdmin.authorizeUser(authorUserName, path, ActionConstants.DELETE);
+ accessControlAdmin.authorizeUser(authorUserName, path, ActionConstants.AUTHORIZE);
} catch (UserManagerException e) {
String msg = "Could not default permissions. \nCaused by: " + e.getMessage();
Modified: trunk/registry/modules/core/src/main/java/org/wso2/registry/secure/RegistryRealm.java
==============================================================================
--- trunk/registry/modules/core/src/main/java/org/wso2/registry/secure/RegistryRealm.java (original)
+++ trunk/registry/modules/core/src/main/java/org/wso2/registry/secure/RegistryRealm.java Tue Nov 6 17:40:01 2007
@@ -24,8 +24,7 @@
import org.wso2.registry.RegistryException;
import org.wso2.registry.jdbc.DatabaseConstants;
import org.wso2.registry.jdbc.ConnectionFactory;
-import org.wso2.usermanager.Realm;
-import org.wso2.usermanager.UserManagerException;
+import org.wso2.usermanager.*;
import org.wso2.usermanager.readwrite.DefaultRealm;
import org.wso2.usermanager.readwrite.DefaultRealmConfig;
@@ -71,50 +70,55 @@
private static void populateRoles(DefaultRealm realm) throws UserManagerException {
- String[] roles = realm.getAllRoleNames();
+
+ UserStoreReader userStoreReader = realm.getUserStoreReader();
+ UserStoreAdmin userStoreAdmin = realm.getUserStoreAdmin();
+ AccessControlAdmin accessControlAdmin = realm.getAccessControlAdmin();
+
+ String[] roles = userStoreReader.getAllRoleNames();
if (!containsString(RegistryConstants.ADMIN_ROLE, roles)) {
- realm.addRole(RegistryConstants.ADMIN_ROLE);
+ userStoreAdmin.addRole(RegistryConstants.ADMIN_ROLE);
- realm.authorizeRole(RegistryConstants.ADMIN_ROLE, RegistryConstants.ROOT_PATH, ActionConstants.GET);
- realm.authorizeRole(RegistryConstants.ADMIN_ROLE, RegistryConstants.ROOT_PATH, ActionConstants.PUT);
- realm.authorizeRole(RegistryConstants.ADMIN_ROLE, RegistryConstants.ROOT_PATH, ActionConstants.DELETE);
- realm.authorizeRole(RegistryConstants.ADMIN_ROLE, RegistryConstants.ROOT_PATH, ActionConstants.AUTHORIZE);
+ accessControlAdmin.authorizeRole(RegistryConstants.ADMIN_ROLE, RegistryConstants.ROOT_PATH, ActionConstants.GET);
+ accessControlAdmin.authorizeRole(RegistryConstants.ADMIN_ROLE, RegistryConstants.ROOT_PATH, ActionConstants.PUT);
+ accessControlAdmin.authorizeRole(RegistryConstants.ADMIN_ROLE, RegistryConstants.ROOT_PATH, ActionConstants.DELETE);
+ accessControlAdmin.authorizeRole(RegistryConstants.ADMIN_ROLE, RegistryConstants.ROOT_PATH, ActionConstants.AUTHORIZE);
// authorizations for registry level actions are set in the root path
- realm.authorizeRole(RegistryConstants.ADMIN_ROLE, RegistryConstants.ROOT_PATH, ActionConstants.ADD_USER);
- realm.authorizeRole(RegistryConstants.ADMIN_ROLE, RegistryConstants.ROOT_PATH, ActionConstants.REMOVE_USER);
- realm.authorizeRole(RegistryConstants.ADMIN_ROLE, RegistryConstants.ROOT_PATH, ActionConstants.ADD_ROLE);
- realm.authorizeRole(RegistryConstants.ADMIN_ROLE, RegistryConstants.ROOT_PATH, ActionConstants.REMOVE_ROLE);
+ accessControlAdmin.authorizeRole(RegistryConstants.ADMIN_ROLE, RegistryConstants.ROOT_PATH, ActionConstants.ADD_USER);
+ accessControlAdmin.authorizeRole(RegistryConstants.ADMIN_ROLE, RegistryConstants.ROOT_PATH, ActionConstants.REMOVE_USER);
+ accessControlAdmin.authorizeRole(RegistryConstants.ADMIN_ROLE, RegistryConstants.ROOT_PATH, ActionConstants.ADD_ROLE);
+ accessControlAdmin.authorizeRole(RegistryConstants.ADMIN_ROLE, RegistryConstants.ROOT_PATH, ActionConstants.REMOVE_ROLE);
}
if (!containsString(RegistryConstants.GUESTS_ROLE, roles)) {
- realm.addRole(RegistryConstants.GUESTS_ROLE);
+ userStoreAdmin.addRole(RegistryConstants.GUESTS_ROLE);
}
// define built in users
- String[] users = realm.getAllUserNames();
+ String[] users = userStoreReader.getAllUserNames();
if (!containsString(RegistryConstants.ADMIN_USER, users)) {
- realm.addUser(RegistryConstants.ADMIN_USER, "admin");
+ userStoreAdmin.addUser(RegistryConstants.ADMIN_USER, "admin");
- realm.authorizeUser(RegistryConstants.ADMIN_USER, RegistryConstants.ROOT_PATH, ActionConstants.GET);
- realm.authorizeUser(RegistryConstants.ADMIN_USER, RegistryConstants.ROOT_PATH, ActionConstants.PUT);
- realm.authorizeUser(RegistryConstants.ADMIN_USER, RegistryConstants.ROOT_PATH, ActionConstants.DELETE);
- realm.authorizeUser(RegistryConstants.ADMIN_USER, RegistryConstants.ROOT_PATH, ActionConstants.AUTHORIZE);
+ accessControlAdmin.authorizeUser(RegistryConstants.ADMIN_USER, RegistryConstants.ROOT_PATH, ActionConstants.GET);
+ accessControlAdmin.authorizeUser(RegistryConstants.ADMIN_USER, RegistryConstants.ROOT_PATH, ActionConstants.PUT);
+ accessControlAdmin.authorizeUser(RegistryConstants.ADMIN_USER, RegistryConstants.ROOT_PATH, ActionConstants.DELETE);
+ accessControlAdmin.authorizeUser(RegistryConstants.ADMIN_USER, RegistryConstants.ROOT_PATH, ActionConstants.AUTHORIZE);
// authorizations for registry level actions are set in the root path
- realm.authorizeUser(RegistryConstants.ADMIN_USER, RegistryConstants.ROOT_PATH, ActionConstants.ADD_USER);
- realm.authorizeUser(RegistryConstants.ADMIN_USER, RegistryConstants.ROOT_PATH, ActionConstants.REMOVE_USER);
- realm.authorizeUser(RegistryConstants.ADMIN_ROLE, RegistryConstants.ROOT_PATH, ActionConstants.ADD_ROLE);
- realm.authorizeUser(RegistryConstants.ADMIN_ROLE, RegistryConstants.ROOT_PATH, ActionConstants.REMOVE_ROLE);
+ accessControlAdmin.authorizeUser(RegistryConstants.ADMIN_USER, RegistryConstants.ROOT_PATH, ActionConstants.ADD_USER);
+ accessControlAdmin.authorizeUser(RegistryConstants.ADMIN_USER, RegistryConstants.ROOT_PATH, ActionConstants.REMOVE_USER);
+ accessControlAdmin.authorizeUser(RegistryConstants.ADMIN_ROLE, RegistryConstants.ROOT_PATH, ActionConstants.ADD_ROLE);
+ accessControlAdmin.authorizeUser(RegistryConstants.ADMIN_ROLE, RegistryConstants.ROOT_PATH, ActionConstants.REMOVE_ROLE);
}
if (!containsString(RegistryConstants.ANONYMOUS_USER, users)) {
- realm.addUser(RegistryConstants.ANONYMOUS_USER, "guest");
+ userStoreAdmin.addUser(RegistryConstants.ANONYMOUS_USER, "guest");
}
}
Modified: trunk/registry/modules/core/src/main/java/org/wso2/registry/secure/RegistryUserManager.java
==============================================================================
--- trunk/registry/modules/core/src/main/java/org/wso2/registry/secure/RegistryUserManager.java (original)
+++ trunk/registry/modules/core/src/main/java/org/wso2/registry/secure/RegistryUserManager.java Tue Nov 6 17:40:01 2007
@@ -22,8 +22,7 @@
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.registry.*;
-import org.wso2.usermanager.Realm;
-import org.wso2.usermanager.UserManagerException;
+import org.wso2.usermanager.*;
import java.util.Map;
@@ -36,11 +35,30 @@
private static final Log log = LogFactory.getLog(RegistryUserManager.class);
private Realm realm;
+ private AccessControlAdmin accessControlAdmin;
+ private Authorizer authorizer;
+ private UserStoreAdmin userStoreAdmin;
+ private UserStoreReader userStoreReader;
+
private String actor;
- public RegistryUserManager(Realm realm, String userName ) {
+ public RegistryUserManager(Realm realm, String userName ) throws RegistryException {
this.realm = realm;
+
+ try {
+ accessControlAdmin = realm.getAccessControlAdmin();
+ authorizer= realm.getAuthorizer();
+ userStoreAdmin = realm.getUserStoreAdmin();
+ userStoreReader = realm.getUserStoreReader();
+
+ } catch (UserManagerException e) {
+
+ String msg = "Could not get sub interfaces from the realm. Caused by: " + e.getMessage();
+ log.error(msg, e);
+ throw new RegistryException(msg);
+ }
+
this.actor = userName;
}
@@ -52,7 +70,7 @@
String password) throws RegistryException {
try {
- if (!realm.isUserAuthorized(
+ if (!authorizer.isUserAuthorized(
actor, RegistryConstants.ROOT_PATH, ActionConstants.ADD_USER)) {
String msg = "Attempted to perform unauthorized operation.";
log.info(msg);
@@ -65,7 +83,7 @@
}
try {
- realm.addUser(userName, password);
+ userStoreAdmin.addUser(userName, password);
//In this time we need to create a directory for users and added that to the registry.
} catch (UserManagerException e) {
String msg = "Could not add the user. \nCaused by " + e.getMessage();
@@ -77,7 +95,7 @@
public void addRole(String roleName) throws RegistryException {
try {
- if (!realm.isUserAuthorized(
+ if (!authorizer.isUserAuthorized(
actor, RegistryConstants.ROOT_PATH, ActionConstants.ADD_ROLE)) {
String msg = "Attempted to perform unauthorized operation.";
log.info(msg);
@@ -90,7 +108,7 @@
}
try {
- realm.addRole(roleName);
+ userStoreAdmin.addRole(roleName);
} catch (UserManagerException e) {
String msg = "Could not add the role. \nCaused by " + e.getMessage();
log.error(msg, e);
@@ -107,7 +125,7 @@
}
try {
- if (!realm.isUserAuthorized(
+ if (!authorizer.isUserAuthorized(
actor, RegistryConstants.ROOT_PATH, ActionConstants.REMOVE_USER)) {
String msg = "Attempted to perform unauthorized operation.";
log.info(msg);
@@ -120,7 +138,7 @@
}
try {
- realm.deleteUser(userName);
+ userStoreAdmin.deleteUser(userName);
} catch (UserManagerException e) {
String msg = "Could not delete the user. \nCaused by " + e.getMessage();
log.error(msg, e);
@@ -137,7 +155,7 @@
}
try {
- if (!realm.isUserAuthorized(
+ if (!authorizer.isUserAuthorized(
actor, RegistryConstants.ROOT_PATH, ActionConstants.REMOVE_ROLE)) {
String msg = "Attempted to perform unauthorized operation.";
log.info(msg);
@@ -150,7 +168,7 @@
}
try {
- realm.deleteRole(roleName);
+ userStoreAdmin.deleteRole(roleName);
} catch (UserManagerException e) {
String msg = "Could not delete the role. \nCaused by " + e.getMessage();
log.error(msg, e);
@@ -161,7 +179,7 @@
public String[] getAllUsers() throws RegistryException {
try {
- return realm.getAllUserNames();
+ return userStoreReader.getAllUserNames();
} catch (UserManagerException e) {
String msg = "Could not get all users of the Registry. Caused by: " + e.getMessage();
log.error(msg, e);
@@ -172,7 +190,7 @@
public String[] getAllRoles() throws RegistryException {
try {
- return realm.getAllRoleNames();
+ return userStoreReader.getAllRoleNames();
} catch (UserManagerException e) {
String msg = "Could not get all roles of the Registry. Caused by: " + e.getMessage();
log.error(msg, e);
@@ -196,7 +214,7 @@
public Map getUserProperties(String userName) throws RegistryException {
Map properties ;
try {
- properties = realm.getUserProperties(userName);
+ properties = userStoreReader.getUserProperties(userName);
} catch (UserManagerException e) {
throw new RegistryException(e.getMessage());
}
@@ -206,7 +224,7 @@
public void setUserProperties(String userName, Map properties) throws RegistryException {
try {
- realm.setUserProperties(userName, properties);
+ userStoreAdmin.setUserProperties(userName, properties);
} catch (UserManagerException e) {
throw new RegistryException(e.getMessage());
}
@@ -215,7 +233,7 @@
public String getUserProperty(String userName, String propName) throws RegistryException {
try {
- Map properties = realm.getUserProperties(userName);
+ Map properties = userStoreReader.getUserProperties(userName);
return (String) properties.get(propName);
} catch (UserManagerException e) {
throw new RegistryException(e.getMessage());
@@ -225,9 +243,9 @@
public void setUserProperty(String userName, String name, String value) throws RegistryException {
try {
- Map properties = realm.getUserProperties(userName);
+ Map properties = userStoreReader.getUserProperties(userName);
properties.put(name, value);
- realm.setUserProperties(userName, properties);
+ userStoreAdmin.setUserProperties(userName, properties);
} catch (UserManagerException e) {
throw new RegistryException(e.getMessage());
@@ -238,7 +256,7 @@
throws RegistryException {
try {
- if (!realm.isUserAuthorized(actor, resourceID, ActionConstants.AUTHORIZE)) {
+ if (!authorizer.isUserAuthorized(actor, resourceID, ActionConstants.AUTHORIZE)) {
String msg = "Attempted to perform unauthorized operation.";
log.info(msg);
throw new RegistryException(msg);
@@ -250,7 +268,7 @@
}
try {
- realm.authorizeUser(userName, resourceID, action);
+ accessControlAdmin.authorizeUser(userName, resourceID, action);
} catch (UserManagerException e) {
String msg = "Could not authorize. \nCaused by " + e.getMessage();
log.error(msg, e);
@@ -262,7 +280,7 @@
throws RegistryException {
try {
- if (!realm.isUserAuthorized(actor, resourceID, ActionConstants.AUTHORIZE)) {
+ if (!authorizer.isUserAuthorized(actor, resourceID, ActionConstants.AUTHORIZE)) {
String msg = "Attempted to perform unauthorized operation.";
log.info(msg);
throw new RegistryException(msg);
@@ -274,7 +292,7 @@
}
try {
- realm.authorizeRole(roleName, resourceID, action);
+ accessControlAdmin.authorizeRole(roleName, resourceID, action);
} catch (UserManagerException e) {
String msg = "Could not authorize. \nCaused by " + e.getMessage();
log.error(msg, e);
@@ -292,7 +310,7 @@
}
try {
- if (!realm.isUserAuthorized(actor, resourceID, ActionConstants.AUTHORIZE)) {
+ if (!authorizer.isUserAuthorized(actor, resourceID, ActionConstants.AUTHORIZE)) {
String msg = "Attempted to perform unauthorized operation.";
log.info(msg);
throw new RegistryException(msg);
@@ -304,7 +322,7 @@
}
try {
- realm.denyUser(userName, resourceID, action);
+ accessControlAdmin.denyUser(userName, resourceID, action);
} catch (UserManagerException e) {
String msg = "Could not deny. \nCaused by " + e.getMessage();
log.error(msg, e);
@@ -322,7 +340,7 @@
}
try {
- if (!realm.isUserAuthorized(actor, resourceID, ActionConstants.AUTHORIZE)) {
+ if (!authorizer.isUserAuthorized(actor, resourceID, ActionConstants.AUTHORIZE)) {
String msg = "Attempted to perform unauthorized operation.";
log.info(msg);
throw new RegistryException(msg);
@@ -334,7 +352,7 @@
}
try {
- realm.denyRole(roleName, resourceID, action);
+ accessControlAdmin.denyRole(roleName, resourceID, action);
} catch (UserManagerException e) {
String msg = "Could not deny. \nCaused by " + e.getMessage();
log.error(msg, e);
@@ -346,7 +364,7 @@
throws RegistryException {
try {
- return realm.isUserAuthorized(userName, resourcePath, action);
+ return authorizer.isUserAuthorized(userName, resourcePath, action);
} catch (UserManagerException e) {
String msg = "Could not get the permissions for the user " +
userName + " for the resource " + resourcePath;
@@ -358,7 +376,7 @@
public void addUserToRole(String userName, String roleName) throws RegistryException {
try {
- if (!realm.isUserAuthorized(
+ if (!authorizer.isUserAuthorized(
actor, RegistryConstants.ROOT_PATH, ActionConstants.AUTHORIZE)) {
String msg = "Attempted to perform unauthorized operation.";
log.info(msg);
@@ -371,7 +389,7 @@
}
try {
- realm.addUserToRole(userName, roleName);
+ userStoreAdmin.addUserToRole(userName, roleName);
} catch (UserManagerException e) {
String msg = "Could not add user " + userName + " to role " + roleName + ".";
log.error(msg, e);
@@ -382,7 +400,7 @@
public void removeUserFromRole(String userName, String roleName) throws RegistryException {
try {
- if (!realm.isUserAuthorized(
+ if (!authorizer.isUserAuthorized(
actor, RegistryConstants.ROOT_PATH, ActionConstants.AUTHORIZE)) {
String msg = "Attempted to perform unauthorized operation.";
log.info(msg);
@@ -395,7 +413,7 @@
}
try {
- realm.removeUserFromRole(userName, roleName);
+ userStoreAdmin.removeUserFromRole(userName, roleName);
} catch (UserManagerException e) {
String msg = "Could not remove user " + userName + " from role " + roleName + ".";
log.error(msg, e);
Modified: trunk/registry/modules/core/src/main/java/org/wso2/registry/secure/SecureRegistry.java
==============================================================================
--- trunk/registry/modules/core/src/main/java/org/wso2/registry/secure/SecureRegistry.java (original)
+++ trunk/registry/modules/core/src/main/java/org/wso2/registry/secure/SecureRegistry.java Tue Nov 6 17:40:01 2007
@@ -24,6 +24,8 @@
import org.wso2.registry.*;
import org.wso2.usermanager.Realm;
import org.wso2.usermanager.UserManagerException;
+import org.wso2.usermanager.Authenticator;
+import org.wso2.usermanager.Authorizer;
import java.util.Date;
@@ -51,13 +53,18 @@
private String userID = RegistryConstants.ANONYMOUS_USER;
private Registry registry;
private Realm realm;
+ private Authenticator authenticator;
+ private Authorizer authorizer;
private RegistryUserManager userManager;
public SecureRegistry(String userID, String password, Registry registry, Realm realm)
throws RegistryException {
try {
- if (realm!= null && !realm.authenticate(userID, password)) {
+ authenticator = realm.getAuthenticator();
+ authorizer = realm.getAuthorizer();
+
+ if (realm!= null && !authenticator.authenticate(userID, password)) {
String msg = "Attempted to authenticate invalid user.";
log.info(msg);
throw new RegistryException(msg);
@@ -92,7 +99,7 @@
}
try {
- if (!realm.isUserAuthorized(userID, authorizationPath, ActionConstants.GET)) {
+ if (!authorizer.isUserAuthorized(userID, authorizationPath, ActionConstants.GET)) {
String msg = "Attempted to perform unauthorized operation (" + ActionConstants.GET + " on " + authorizationPath + " by " + userID;
log.info(msg);
throw new AuthorizationFailedException(msg);
@@ -156,7 +163,7 @@
// check if the user has put permission for that path
try {
- if (!realm.isUserAuthorized(userID, existingAscendant, ActionConstants.PUT)) {
+ if (!authorizer.isUserAuthorized(userID, existingAscendant, ActionConstants.PUT)) {
String msg = "Attempted to perform unauthorized operation.";
log.info(msg);
throw new AuthorizationFailedException(msg);
@@ -190,7 +197,7 @@
public void delete(String path) throws RegistryException {
try {
- if (!realm.isUserAuthorized(userID, path, ActionConstants.DELETE)) {
+ if (!authorizer.isUserAuthorized(userID, path, ActionConstants.DELETE)) {
String msg = "Attempted to perform unauthorized operation.";
log.info(msg);
throw new AuthorizationFailedException(msg);
More information about the Registry-dev
mailing list