View Javadoc

1   /**
2    * Copyright 2005-2011 The Kuali Foundation
3    *
4    * Licensed under the Educational Community License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.opensource.org/licenses/ecl2.php
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.rice.kim.service.impl;
17  
18  import org.apache.commons.lang.exception.ExceptionUtils;
19  import org.apache.log4j.Logger;
20  import org.kuali.rice.core.api.criteria.QueryByCriteria;
21  import org.kuali.rice.kim.api.common.assignee.Assignee;
22  import org.kuali.rice.kim.api.group.Group;
23  import org.kuali.rice.kim.api.group.GroupService;
24  import org.kuali.rice.kim.api.identity.IdentityService;
25  import org.kuali.rice.kim.api.identity.CodedAttribute;
26  import org.kuali.rice.kim.api.identity.affiliation.EntityAffiliationType;
27  import org.kuali.rice.kim.api.identity.entity.Entity;
28  import org.kuali.rice.kim.api.identity.entity.EntityDefault;
29  import org.kuali.rice.kim.api.identity.entity.EntityDefaultQueryResults;
30  import org.kuali.rice.kim.api.identity.entity.EntityQueryResults;
31  import org.kuali.rice.kim.api.identity.external.EntityExternalIdentifierType;
32  import org.kuali.rice.kim.api.identity.principal.Principal;
33  import org.kuali.rice.kim.api.permission.Permission;
34  import org.kuali.rice.kim.api.permission.PermissionService;
35  import org.kuali.rice.kim.api.responsibility.Responsibility;
36  import org.kuali.rice.kim.api.responsibility.ResponsibilityAction;
37  import org.kuali.rice.kim.api.responsibility.ResponsibilityService;
38  import org.kuali.rice.kim.api.services.IdentityManagementService;
39  import org.kuali.rice.kim.api.services.KimApiServiceLocator;
40  
41  import java.util.HashMap;
42  import java.util.List;
43  import java.util.Map;
44  
45  public class IdentityManagementServiceImpl implements IdentityManagementService {
46  	private static final Logger LOG = Logger.getLogger( IdentityManagementServiceImpl.class );
47  
48  	private PermissionService permissionService;
49  	private ResponsibilityService responsibilityService;
50  	private IdentityService identityService;
51  	private GroupService groupService;
52  
53      @Override
54  	public void flushAllCaches() {
55  	}
56  
57      @Override
58  	public void flushEntityPrincipalCaches() {
59  	}
60  
61      @Override
62  	public void flushGroupCaches() {
63  	}
64  
65      @Override
66  	public void flushPermissionCaches() {
67  	}
68  
69      @Override
70  	public void flushResponsibilityCaches() {
71  		// nothing currently being cached
72  	}
73  
74  
75      // AUTHORIZATION SERVICE
76      @Override
77      public boolean hasPermission(String principalId, String namespaceCode, String permissionName, Map<String, String> permissionDetails) {
78      	if ( LOG.isDebugEnabled() ) {
79      		logHasPermissionCheck("Permission", principalId, namespaceCode, permissionName, permissionDetails);
80      	}
81          boolean hasPerm = getPermissionService().hasPermission(principalId, namespaceCode, permissionName, permissionDetails);
82          if ( LOG.isDebugEnabled() ) {
83              LOG.debug( "Result: " + hasPerm );
84          }
85      	return hasPerm;
86      }
87  
88      @Override
89      public boolean isAuthorized(String principalId, String namespaceCode, String permissionName, Map<String, String> permissionDetails, Map<String, String> qualification ) {
90      	if ( qualification == null || qualification.isEmpty() ) {
91      		return hasPermission( principalId, namespaceCode, permissionName, permissionDetails );
92      	}
93      	if ( LOG.isDebugEnabled() ) {
94      		logAuthorizationCheck("Permission", principalId, namespaceCode, permissionName, permissionDetails, qualification);
95      	}
96          boolean isAuthorized = getPermissionService().isAuthorized(principalId, namespaceCode, permissionName, permissionDetails, qualification);
97      	if ( LOG.isDebugEnabled() ) {
98      		LOG.debug( "Result: " + isAuthorized );
99      	}
100     	return isAuthorized;
101     }
102 
103     @Override
104     public boolean hasPermissionByTemplateName(String principalId, String namespaceCode, String permissionTemplateName, Map<String, String> permissionDetails) {
105     	if ( LOG.isDebugEnabled() ) {
106     		logHasPermissionCheck("Perm Templ", principalId, namespaceCode, permissionTemplateName, permissionDetails);
107     	}
108 
109 		boolean hasPerm = getPermissionService().hasPermissionByTemplateName(principalId, namespaceCode, permissionTemplateName, permissionDetails);
110 
111    		if ( LOG.isDebugEnabled() ) {
112    			LOG.debug( "Result: " + hasPerm );
113    		}
114     	return hasPerm;
115     }
116 
117     @Override
118     public boolean isAuthorizedByTemplateName(String principalId, String namespaceCode, String permissionTemplateName, Map<String, String> permissionDetails, Map<String, String> qualification ) {
119     	if ( qualification == null || qualification.isEmpty() ) {
120     		return hasPermissionByTemplateName( principalId, namespaceCode, permissionTemplateName, new HashMap<String, String>(permissionDetails) );
121     	}
122     	if ( LOG.isDebugEnabled() ) {
123     		logAuthorizationCheck("Perm Templ", principalId, namespaceCode, permissionTemplateName, new HashMap<String, String>(permissionDetails), new HashMap<String, String>(qualification));
124     	}
125     	boolean isAuthorized = getPermissionService().isAuthorizedByTemplateName( principalId, namespaceCode, permissionTemplateName, new HashMap<String, String>(permissionDetails), new HashMap<String, String>(qualification) );
126    		if ( LOG.isDebugEnabled() ) {
127    			LOG.debug( "Result: " + isAuthorized );
128    		}
129     	return isAuthorized;
130     }
131 
132     @Override
133     public List<Permission> getAuthorizedPermissions(String principalId,
134                                                      String namespaceCode, String permissionName, Map<String, String> permissionDetails, Map<String, String> qualification) {
135     	return getPermissionService().getAuthorizedPermissions(principalId, namespaceCode, permissionName, permissionDetails, qualification);
136     }
137 
138     @Override
139     public List<Permission> getAuthorizedPermissionsByTemplateName(String principalId,
140                                                                    String namespaceCode, String permissionTemplateName, Map<String, String> permissionDetails, Map<String, String> qualification) {
141     	return getPermissionService().getAuthorizedPermissionsByTemplateName(principalId, namespaceCode, permissionTemplateName, permissionDetails, qualification);
142     }
143 
144     @Override
145     public boolean isPermissionDefinedForTemplateName(String namespaceCode, String permissionTemplateName, Map<String, String> permissionDetails) {
146         return getPermissionService().isPermissionDefinedByTemplateName(namespaceCode, permissionTemplateName,
147                 permissionDetails);
148     }
149 
150     @Override
151 	public List<Assignee> getPermissionAssignees(String namespaceCode,
152 			String permissionName, Map<String, String> permissionDetails, Map<String, String> qualification) {
153 		return this.permissionService.getPermissionAssignees(namespaceCode, permissionName,
154                 permissionDetails, qualification);
155 	}
156 
157     @Override
158 	public List<Assignee> getPermissionAssigneesForTemplateName(String namespaceCode,
159 			String permissionTemplateName, Map<String, String> permissionDetails,
160 			Map<String, String> qualification) {
161 		return this.permissionService.getPermissionAssigneesByTemplateName(namespaceCode, permissionTemplateName,
162                 new HashMap<String, String>(permissionDetails), new HashMap<String, String>(qualification));
163 	}
164 
165     // GROUP SERVICE
166     @Override
167 	public boolean isMemberOfGroup(String principalId, String groupId) {
168 		return getGroupService().isMemberOfGroup(principalId, groupId);
169 	}
170     @Override
171 	public boolean isMemberOfGroup(String principalId, String namespaceCode, String groupName) {
172 		Group group = getGroupByName(namespaceCode, groupName);
173 		return group == null ? false : isMemberOfGroup(principalId, group.getId());
174     }
175     @Override
176 	public boolean isGroupMemberOfGroup(String potentialMemberId, String potentialParentId)
177 	{
178 	       return getGroupService()
179 	                .isGroupMemberOfGroup(potentialMemberId, potentialParentId);
180 	}
181     @Override
182 	public List<String> getGroupMemberPrincipalIds(String groupId) {
183 		return getGroupService().getMemberPrincipalIds(groupId);
184 	}
185     @Override
186 	public List<String> getDirectGroupMemberPrincipalIds(String groupId) {
187 		return getGroupService().getDirectMemberPrincipalIds(groupId);
188 	}
189     @Override
190     public List<String> getGroupIdsForPrincipal(String principalId) {
191 		return getGroupService().getGroupIdsByPrincipalId(principalId);
192 	}
193     @Override
194     public List<String> getGroupIdsForPrincipal(String principalId, String namespaceCode ) {
195 		return getGroupService().getGroupIdsByPrincipalIdAndNamespaceCode(principalId, namespaceCode);
196 	}
197     @Override
198     public List<Group> getGroupsForPrincipal(String principalId) {
199 		return getGroupService().getGroupsByPrincipalId(principalId);
200 	}
201     @Override
202     public List<Group> getGroupsForPrincipal(String principalId, String namespaceCode ) {
203 		return getGroupService().getGroupsByPrincipalIdAndNamespaceCode(principalId, namespaceCode);
204 	}
205     @Override
206     public List<String> getMemberGroupIds(String groupId) {
207 		return getGroupService().getMemberGroupIds(groupId);
208 	}
209     @Override
210     public List<String> getDirectMemberGroupIds(String groupId) {
211 		return getGroupService().getDirectMemberGroupIds(groupId);
212 	}
213     @Override
214     public Group getGroup(String groupId) {
215 		return getGroupService().getGroup(groupId);
216 	}
217     @Override
218     public Group getGroupByName(String namespaceCode, String groupName) {
219 		return getGroupService().getGroupByNameAndNamespaceCode(namespaceCode, groupName);
220     }
221     @Override
222     public List<String> getParentGroupIds(String groupId) {
223 		return getGroupService().getParentGroupIds(groupId);
224 	}
225     @Override
226     public List<String> getDirectParentGroupIds(String groupId) {
227 		return getGroupService().getDirectParentGroupIds( groupId );
228 	}
229 
230     @Override
231     public boolean addGroupToGroup(String childId, String parentId) {
232         return getGroupService().addGroupToGroup(childId, parentId);
233     }
234 
235     @Override
236     public boolean addPrincipalToGroup(String principalId, String groupId) {
237         return getGroupService().addPrincipalToGroup(principalId, groupId);
238     }
239 
240     @Override
241     public boolean removeGroupFromGroup(String childId, String parentId) {
242         return getGroupService().removeGroupFromGroup(childId, parentId);
243     }
244 
245     @Override
246     public boolean removePrincipalFromGroup(String principalId, String groupId) {
247         return getGroupService().removePrincipalFromGroup(principalId, groupId);
248     }
249 
250     @Override
251 	public Group createGroup(Group group) {
252 		return getGroupService().createGroup(group);
253 	}
254 
255     @Override
256 	public void removeAllMembers(String groupId) {
257 		getGroupService().removeAllMembers(groupId);
258 	}
259 
260     @Override
261 	public Group updateGroup(String groupId, Group group) {
262 		return getGroupService().updateGroup(groupId, group);
263 	}
264 
265 
266     // IDENTITY SERVICE
267     @Override
268 	public Principal getPrincipal(String principalId) {
269 		return getIdentityService().getPrincipal(principalId);
270 	}
271 
272     @Override
273     public Principal getPrincipalByPrincipalName(String principalName) {
274 		return getIdentityService().getPrincipalByPrincipalName(principalName);
275     }
276 
277     @Override
278     public Principal getPrincipalByPrincipalNameAndPassword(String principalName, String password) {
279     	return getIdentityService().getPrincipalByPrincipalNameAndPassword(principalName, password);
280     }
281 
282     @Override
283     public EntityDefault getEntityDefaultInfo(String entityId) {
284     		return getIdentityService().getEntityDefault(entityId);
285     }
286 
287     @Override
288     public EntityDefault getEntityDefaultInfoByPrincipalId(
289     		String principalId) {
290 	    	return getIdentityService().getEntityDefaultByPrincipalId(principalId);
291     }
292 
293     @Override
294     public EntityDefault getEntityDefaultInfoByPrincipalName(
295     		String principalName) {
296 	    	return getIdentityService().getEntityDefaultByPrincipalName(principalName);
297     }
298 
299     @Override
300     public EntityDefaultQueryResults findEntityDefaults(QueryByCriteria queryByCriteria) {
301         return getIdentityService().findEntityDefaults(queryByCriteria);
302     }
303 
304     @Override
305 	public Entity getEntity(String entityId) {
306     		return getIdentityService().getEntity(entityId);
307 	}
308 
309     @Override
310     public Entity getEntityByPrincipalId(String principalId) {
311         return getIdentityService().getEntityByPrincipalId(principalId);
312     }
313 
314     @Override
315     public Entity getEntityByPrincipalName(String principalName) {
316         return getIdentityService().getEntityByPrincipalName(principalName);
317     }
318 
319     @Override
320     public EntityQueryResults findEntities(QueryByCriteria queryByCriteria) {
321         return getIdentityService().findEntities(queryByCriteria);
322     }
323 
324     @Override
325 	public CodedAttribute getAddressType( String code ) {
326 		return getIdentityService().getAddressType(code);
327 	}
328 
329     @Override
330     public CodedAttribute getEmailType( String code ) {
331 		return getIdentityService().getEmailType(code);
332 	}
333 
334     @Override
335 	public EntityAffiliationType getAffiliationType( String code ) {
336 			return getIdentityService().getAffiliationType(code);
337 	}
338 
339     @Override
340 	public CodedAttribute getCitizenshipStatus( String code ) {
341 			return CodedAttribute.Builder.create(getIdentityService().getCitizenshipStatus(code)).build();
342 	}
343     @Override
344 	public CodedAttribute getEmploymentStatus( String code ) {
345 			return getIdentityService().getEmploymentStatus(code);
346 	}
347     @Override
348 	public CodedAttribute getEmploymentType( String code ) {
349 			return getIdentityService().getEmploymentType(code);
350 	}
351     @Override
352 	public CodedAttribute getEntityNameType( String code ) {
353 			return getIdentityService().getNameType(code);
354 	}
355     @Override
356 	public CodedAttribute getEntityType( String code ) {
357 		return getIdentityService().getEntityType(code);
358 	}
359     @Override
360 	public EntityExternalIdentifierType getExternalIdentifierType( String code ) {
361 			return getIdentityService().getExternalIdentifierType(code);
362 	}
363     @Override
364 	public CodedAttribute getPhoneType( String code ) {
365 			return getIdentityService().getPhoneType(code);
366 	}
367 
368     // ----------------------
369     // Responsibility Methods
370     // ----------------------
371 
372     @Override
373 	public Responsibility getResponsibility(String responsibilityId) {
374 		return getResponsibilityService().getResponsibility( responsibilityId );
375 	}
376 
377     @Override
378 	public boolean hasResponsibility(String principalId, String namespaceCode,
379 			String responsibilityName, Map<String, String> qualification,
380 			Map<String, String> responsibilityDetails) {
381 		return getResponsibilityService().hasResponsibility( principalId, namespaceCode, responsibilityName,
382                 qualification, responsibilityDetails );
383 	}
384 
385     @Override
386 	public Responsibility getResponsibilityByName( String namespaceCode, String responsibilityName) {
387 		return getResponsibilityService().findRespByNamespaceCodeAndName(namespaceCode, responsibilityName);
388 	}
389 
390     @Override
391 	public List<ResponsibilityAction> getResponsibilityActions( String namespaceCode, String responsibilityName,
392     		Map<String, String> qualification, Map<String, String> responsibilityDetails) {
393 		return getResponsibilityService().getResponsibilityActions( namespaceCode, responsibilityName, qualification,
394                 responsibilityDetails );
395 	}
396 
397     @Override
398 	public List<ResponsibilityAction> getResponsibilityActionsByTemplateName(
399 			String namespaceCode, String responsibilityTemplateName,
400 			Map<String, String> qualification, Map<String, String> responsibilityDetails) {
401 		return getResponsibilityService().getResponsibilityActionsByTemplateName(namespaceCode, responsibilityTemplateName,
402                 qualification, responsibilityDetails);
403 	}
404 
405     @Override
406 	public boolean hasResponsibilityByTemplateName(String principalId,
407 			String namespaceCode, String responsibilityTemplateName,
408 			Map<String, String> qualification, Map<String, String> responsibilityDetails) {
409 		return getResponsibilityService().hasResponsibilityByTemplateName(principalId, namespaceCode, responsibilityTemplateName,
410                 qualification, responsibilityDetails);
411 	}
412 
413     protected void logAuthorizationCheck(String checkType, String principalId, String namespaceCode, String permissionName, Map<String, String> permissionDetails, Map<String, String> qualification ) {
414 		StringBuilder sb = new StringBuilder();
415 		sb.append(  '\n' );
416 		sb.append( "Is AuthZ for " ).append( checkType ).append( ": " ).append( namespaceCode ).append( "/" ).append( permissionName ).append( '\n' );
417 		sb.append( "             Principal:  " ).append( principalId );
418 		if ( principalId != null ) {
419 			Principal principal = getPrincipal( principalId );
420 			if ( principal != null ) {
421 				sb.append( " (" ).append( principal.getPrincipalName() ).append( ')' );
422 			}
423 		}
424 		sb.append( '\n' );
425 		sb.append( "             Details:\n" );
426 		if ( permissionDetails != null ) {
427 			sb.append( permissionDetails);
428 		} else {
429 			sb.append( "                         [null]\n" );
430 		}
431 		sb.append( "             Qualifiers:\n" );
432 		if ( qualification != null && !qualification.isEmpty() ) {
433 			sb.append( qualification);
434 		} else {
435 			sb.append( "                         [null]\n" );
436 		}
437 		if (LOG.isTraceEnabled()) {
438 			LOG.trace( sb.append(ExceptionUtils.getStackTrace(new Throwable())));
439 		} else {
440 			LOG.debug(sb.toString());
441 		}
442     }
443 
444     protected void logHasPermissionCheck(String checkType, String principalId, String namespaceCode, String permissionName, Map<String, String> permissionDetails ) {
445 		StringBuilder sb = new StringBuilder();
446 		sb.append(  '\n' );
447 		sb.append( "Has Perm for " ).append( checkType ).append( ": " ).append( namespaceCode ).append( "/" ).append( permissionName ).append( '\n' );
448 		sb.append( "             Principal:  " ).append( principalId );
449 		if ( principalId != null ) {
450 			Principal principal = getPrincipal( principalId );
451 			if ( principal != null ) {
452 				sb.append( " (" ).append( principal.getPrincipalName() ).append( ')' );
453 			}
454 		}
455 		sb.append(  '\n' );
456 		sb.append( "             Details:\n" );
457 		if ( permissionDetails != null ) {
458 			sb.append( permissionDetails);
459 		} else {
460 			sb.append( "                         [null]\n" );
461 		}
462 		if (LOG.isTraceEnabled()) {
463 			LOG.trace( sb.append( ExceptionUtils.getStackTrace(new Throwable())) );
464 		} else {
465 			LOG.debug(sb.toString());
466 		}
467     }
468 
469     	// OTHER METHODS
470 
471 	public IdentityService getIdentityService() {
472 		if ( identityService == null ) {
473 			identityService = KimApiServiceLocator.getIdentityService();
474 		}
475 		return identityService;
476 	}
477 
478 	public GroupService getGroupService() {
479 		if ( groupService == null ) {
480 			groupService = KimApiServiceLocator.getGroupService();
481 		}
482 		return groupService;
483 	}
484 
485 	public PermissionService getPermissionService() {
486 		if ( permissionService == null ) {
487 			permissionService = KimApiServiceLocator.getPermissionService();
488 		}
489 		return permissionService;
490 	}
491 
492 	public ResponsibilityService getResponsibilityService() {
493 		if ( responsibilityService == null ) {
494 			responsibilityService = KimApiServiceLocator.getResponsibilityService();
495 		}
496 		return responsibilityService;
497 	}
498 }