001/** 002 * Copyright 2005-2016 The Kuali Foundation 003 * 004 * Licensed under the Educational Community License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.opensource.org/licenses/ecl2.php 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 */ 016package org.kuali.rice.kim.service.impl; 017 018import org.apache.commons.lang.exception.ExceptionUtils; 019import org.apache.log4j.Logger; 020import org.kuali.rice.core.api.criteria.QueryByCriteria; 021import org.kuali.rice.kim.api.common.assignee.Assignee; 022import org.kuali.rice.kim.api.group.Group; 023import org.kuali.rice.kim.api.group.GroupService; 024import org.kuali.rice.kim.api.identity.IdentityService; 025import org.kuali.rice.kim.api.identity.CodedAttribute; 026import org.kuali.rice.kim.api.identity.affiliation.EntityAffiliationType; 027import org.kuali.rice.kim.api.identity.entity.Entity; 028import org.kuali.rice.kim.api.identity.entity.EntityDefault; 029import org.kuali.rice.kim.api.identity.entity.EntityDefaultQueryResults; 030import org.kuali.rice.kim.api.identity.entity.EntityQueryResults; 031import org.kuali.rice.kim.api.identity.external.EntityExternalIdentifierType; 032import org.kuali.rice.kim.api.identity.principal.Principal; 033import org.kuali.rice.kim.api.permission.Permission; 034import org.kuali.rice.kim.api.permission.PermissionService; 035import org.kuali.rice.kim.api.responsibility.Responsibility; 036import org.kuali.rice.kim.api.responsibility.ResponsibilityAction; 037import org.kuali.rice.kim.api.responsibility.ResponsibilityService; 038import org.kuali.rice.kim.api.services.IdentityManagementService; 039import org.kuali.rice.kim.api.services.KimApiServiceLocator; 040 041import java.util.HashMap; 042import java.util.List; 043import java.util.Map; 044 045public class IdentityManagementServiceImpl implements IdentityManagementService { 046 private static final Logger LOG = Logger.getLogger( IdentityManagementServiceImpl.class ); 047 048 private PermissionService permissionService; 049 private ResponsibilityService responsibilityService; 050 private IdentityService identityService; 051 private GroupService groupService; 052 053 @Override 054 public void flushAllCaches() { 055 } 056 057 @Override 058 public void flushEntityPrincipalCaches() { 059 } 060 061 @Override 062 public void flushGroupCaches() { 063 } 064 065 @Override 066 public void flushPermissionCaches() { 067 } 068 069 @Override 070 public void flushResponsibilityCaches() { 071 // nothing currently being cached 072 } 073 074 075 // AUTHORIZATION SERVICE 076 @Override 077 public boolean hasPermission(String principalId, String namespaceCode, String permissionName, Map<String, String> permissionDetails) { 078 if ( LOG.isDebugEnabled() ) { 079 logHasPermissionCheck("Permission", principalId, namespaceCode, permissionName, permissionDetails); 080 } 081 boolean hasPerm = getPermissionService().hasPermission(principalId, namespaceCode, permissionName); 082 if ( LOG.isDebugEnabled() ) { 083 LOG.debug( "Result: " + hasPerm ); 084 } 085 return hasPerm; 086 } 087 088 @Override 089 public boolean isAuthorized(String principalId, String namespaceCode, String permissionName, Map<String, String> permissionDetails, Map<String, String> qualification ) { 090 if ( qualification == null || qualification.isEmpty() ) { 091 return hasPermission( principalId, namespaceCode, permissionName, permissionDetails ); 092 } 093 if ( LOG.isDebugEnabled() ) { 094 logAuthorizationCheck("Permission", principalId, namespaceCode, permissionName, permissionDetails, qualification); 095 } 096 boolean isAuthorized = getPermissionService().isAuthorized(principalId, namespaceCode, permissionName, qualification); 097 if ( LOG.isDebugEnabled() ) { 098 LOG.debug( "Result: " + isAuthorized ); 099 } 100 return isAuthorized; 101 } 102 103 @Override 104 public boolean hasPermissionByTemplate(String principalId, String namespaceCode, String permissionTemplateName, 105 Map<String, String> permissionDetails) { 106 if ( LOG.isDebugEnabled() ) { 107 logHasPermissionCheck("Perm Templ", principalId, namespaceCode, permissionTemplateName, permissionDetails); 108 } 109 110 boolean hasPerm = getPermissionService().hasPermissionByTemplate(principalId, namespaceCode, 111 permissionTemplateName, permissionDetails); 112 113 if ( LOG.isDebugEnabled() ) { 114 LOG.debug( "Result: " + hasPerm ); 115 } 116 return hasPerm; 117 } 118 119 @Override 120 public boolean isAuthorizedByTemplate(String principalId, String namespaceCode, String permissionTemplateName, 121 Map<String, String> permissionDetails, Map<String, String> qualification) { 122 if ( qualification == null || qualification.isEmpty() ) { 123 return hasPermissionByTemplate(principalId, namespaceCode, permissionTemplateName, 124 new HashMap<String, String>(permissionDetails)); 125 } 126 if ( LOG.isDebugEnabled() ) { 127 logAuthorizationCheck("Perm Templ", principalId, namespaceCode, permissionTemplateName, new HashMap<String, String>(permissionDetails), new HashMap<String, String>(qualification)); 128 } 129 boolean isAuthorized = getPermissionService().isAuthorizedByTemplate(principalId, namespaceCode, 130 permissionTemplateName, new HashMap<String, String>(permissionDetails), new HashMap<String, String>( 131 qualification)); 132 if ( LOG.isDebugEnabled() ) { 133 LOG.debug( "Result: " + isAuthorized ); 134 } 135 return isAuthorized; 136 } 137 138 @Override 139 public List<Permission> getAuthorizedPermissions(String principalId, 140 String namespaceCode, String permissionName, Map<String, String> permissionDetails, Map<String, String> qualification) { 141 return getPermissionService().getAuthorizedPermissions(principalId, namespaceCode, permissionName, qualification); 142 } 143 144 @Override 145 public List<Permission> getAuthorizedPermissionsByTemplate(String principalId, String namespaceCode, 146 String permissionTemplateName, Map<String, String> permissionDetails, Map<String, String> qualification) { 147 return getPermissionService().getAuthorizedPermissionsByTemplate(principalId, namespaceCode, 148 permissionTemplateName, permissionDetails, qualification); 149 } 150 151 @Override 152 public boolean isPermissionDefinedForTemplate(String namespaceCode, String permissionTemplateName, 153 Map<String, String> permissionDetails) { 154 return getPermissionService().isPermissionDefinedByTemplate(namespaceCode, permissionTemplateName, 155 permissionDetails); 156 } 157 158 @Override 159 public List<Assignee> getPermissionAssignees(String namespaceCode, 160 String permissionName, Map<String, String> permissionDetails, Map<String, String> qualification) { 161 return this.permissionService.getPermissionAssignees(namespaceCode, permissionName, qualification); 162 } 163 164 @Override 165 public List<Assignee> getPermissionAssigneesForTemplate(String namespaceCode, String permissionTemplateName, 166 Map<String, String> permissionDetails, Map<String, String> qualification) { 167 return this.permissionService.getPermissionAssigneesByTemplate(namespaceCode, permissionTemplateName, 168 new HashMap<String, String>(permissionDetails), new HashMap<String, String>(qualification)); 169 } 170 171 // GROUP SERVICE 172 @Override 173 public boolean isMemberOfGroup(String principalId, String groupId) { 174 return getGroupService().isMemberOfGroup(principalId, groupId); 175 } 176 @Override 177 public boolean isMemberOfGroup(String principalId, String namespaceCode, String groupName) { 178 Group group = getGroupByName(namespaceCode, groupName); 179 return group == null ? false : isMemberOfGroup(principalId, group.getId()); 180 } 181 @Override 182 public boolean isGroupMemberOfGroup(String potentialMemberId, String potentialParentId) 183 { 184 return getGroupService() 185 .isGroupMemberOfGroup(potentialMemberId, potentialParentId); 186 } 187 @Override 188 public List<String> getGroupMemberPrincipalIds(String groupId) { 189 return getGroupService().getMemberPrincipalIds(groupId); 190 } 191 @Override 192 public List<String> getDirectGroupMemberPrincipalIds(String groupId) { 193 return getGroupService().getDirectMemberPrincipalIds(groupId); 194 } 195 @Override 196 public List<String> getGroupIdsForPrincipal(String principalId) { 197 return getGroupService().getGroupIdsByPrincipalId(principalId); 198 } 199 @Override 200 public List<String> getGroupIdsForPrincipal(String principalId, String namespaceCode ) { 201 return getGroupService().getGroupIdsByPrincipalIdAndNamespaceCode(principalId, namespaceCode); 202 } 203 @Override 204 public List<Group> getGroupsForPrincipal(String principalId) { 205 return getGroupService().getGroupsByPrincipalId(principalId); 206 } 207 @Override 208 public List<Group> getGroupsForPrincipal(String principalId, String namespaceCode ) { 209 return getGroupService().getGroupsByPrincipalIdAndNamespaceCode(principalId, namespaceCode); 210 } 211 @Override 212 public List<String> getMemberGroupIds(String groupId) { 213 return getGroupService().getMemberGroupIds(groupId); 214 } 215 @Override 216 public List<String> getDirectMemberGroupIds(String groupId) { 217 return getGroupService().getDirectMemberGroupIds(groupId); 218 } 219 @Override 220 public Group getGroup(String groupId) { 221 return getGroupService().getGroup(groupId); 222 } 223 @Override 224 public Group getGroupByName(String namespaceCode, String groupName) { 225 return getGroupService().getGroupByNamespaceCodeAndName(namespaceCode, groupName); 226 } 227 @Override 228 public List<String> getParentGroupIds(String groupId) { 229 return getGroupService().getParentGroupIds(groupId); 230 } 231 @Override 232 public List<String> getDirectParentGroupIds(String groupId) { 233 return getGroupService().getDirectParentGroupIds( groupId ); 234 } 235 236 @Override 237 public boolean addGroupToGroup(String childId, String parentId) { 238 return getGroupService().addGroupToGroup(childId, parentId); 239 } 240 241 @Override 242 public boolean addPrincipalToGroup(String principalId, String groupId) { 243 return getGroupService().addPrincipalToGroup(principalId, groupId); 244 } 245 246 @Override 247 public boolean removeGroupFromGroup(String childId, String parentId) { 248 return getGroupService().removeGroupFromGroup(childId, parentId); 249 } 250 251 @Override 252 public boolean removePrincipalFromGroup(String principalId, String groupId) { 253 return getGroupService().removePrincipalFromGroup(principalId, groupId); 254 } 255 256 @Override 257 public Group createGroup(Group group) { 258 return getGroupService().createGroup(group); 259 } 260 261 @Override 262 public void removeAllMembers(String groupId) { 263 getGroupService().removeAllMembers(groupId); 264 } 265 266 @Override 267 public Group updateGroup(String groupId, Group group) { 268 return getGroupService().updateGroup(groupId, group); 269 } 270 271 272 // IDENTITY SERVICE 273 @Override 274 public Principal getPrincipal(String principalId) { 275 return getIdentityService().getPrincipal(principalId); 276 } 277 278 @Override 279 public Principal getPrincipalByPrincipalName(String principalName) { 280 return getIdentityService().getPrincipalByPrincipalName(principalName); 281 } 282 283 @Override 284 public Principal getPrincipalByPrincipalNameAndPassword(String principalName, String password) { 285 return getIdentityService().getPrincipalByPrincipalNameAndPassword(principalName, password); 286 } 287 288 @Override 289 public EntityDefault getEntityDefaultInfo(String entityId) { 290 return getIdentityService().getEntityDefault(entityId); 291 } 292 293 @Override 294 public EntityDefault getEntityDefaultInfoByPrincipalId( 295 String principalId) { 296 return getIdentityService().getEntityDefaultByPrincipalId(principalId); 297 } 298 299 @Override 300 public EntityDefault getEntityDefaultInfoByPrincipalName( 301 String principalName) { 302 return getIdentityService().getEntityDefaultByPrincipalName(principalName); 303 } 304 305 @Override 306 public EntityDefaultQueryResults findEntityDefaults(QueryByCriteria queryByCriteria) { 307 return getIdentityService().findEntityDefaults(queryByCriteria); 308 } 309 310 @Override 311 public Entity getEntity(String entityId) { 312 return getIdentityService().getEntity(entityId); 313 } 314 315 @Override 316 public Entity getEntityByPrincipalId(String principalId) { 317 return getIdentityService().getEntityByPrincipalId(principalId); 318 } 319 320 @Override 321 public Entity getEntityByPrincipalName(String principalName) { 322 return getIdentityService().getEntityByPrincipalName(principalName); 323 } 324 325 @Override 326 public EntityQueryResults findEntities(QueryByCriteria queryByCriteria) { 327 return getIdentityService().findEntities(queryByCriteria); 328 } 329 330 @Override 331 public CodedAttribute getAddressType( String code ) { 332 return getIdentityService().getAddressType(code); 333 } 334 335 @Override 336 public CodedAttribute getEmailType( String code ) { 337 return getIdentityService().getEmailType(code); 338 } 339 340 @Override 341 public EntityAffiliationType getAffiliationType( String code ) { 342 return getIdentityService().getAffiliationType(code); 343 } 344 345 @Override 346 public CodedAttribute getCitizenshipStatus( String code ) { 347 return CodedAttribute.Builder.create(getIdentityService().getCitizenshipStatus(code)).build(); 348 } 349 @Override 350 public CodedAttribute getEmploymentStatus( String code ) { 351 return getIdentityService().getEmploymentStatus(code); 352 } 353 @Override 354 public CodedAttribute getEmploymentType( String code ) { 355 return getIdentityService().getEmploymentType(code); 356 } 357 @Override 358 public CodedAttribute getEntityNameType( String code ) { 359 return getIdentityService().getNameType(code); 360 } 361 @Override 362 public CodedAttribute getEntityType( String code ) { 363 return getIdentityService().getEntityType(code); 364 } 365 @Override 366 public EntityExternalIdentifierType getExternalIdentifierType( String code ) { 367 return getIdentityService().getExternalIdentifierType(code); 368 } 369 @Override 370 public CodedAttribute getPhoneType( String code ) { 371 return getIdentityService().getPhoneType(code); 372 } 373 374 // ---------------------- 375 // Responsibility Methods 376 // ---------------------- 377 378 @Override 379 public Responsibility getResponsibility(String responsibilityId) { 380 return getResponsibilityService().getResponsibility( responsibilityId ); 381 } 382 383 @Override 384 public boolean hasResponsibility(String principalId, String namespaceCode, 385 String responsibilityName, Map<String, String> qualification) { 386 return getResponsibilityService().hasResponsibility( principalId, namespaceCode, responsibilityName, 387 qualification ); 388 } 389 390 @Override 391 public Responsibility getResponsibilityByName( String namespaceCode, String responsibilityName) { 392 return getResponsibilityService().findRespByNamespaceCodeAndName(namespaceCode, responsibilityName); 393 } 394 395 @Override 396 public List<ResponsibilityAction> getResponsibilityActions( String namespaceCode, String responsibilityName, 397 Map<String, String> qualification, Map<String, String> responsibilityDetails) { 398 return getResponsibilityService().getResponsibilityActions( namespaceCode, responsibilityName, qualification ); 399 } 400 401 @Override 402 public List<ResponsibilityAction> getResponsibilityActionsByTemplate(String namespaceCode, 403 String responsibilityTemplateName, Map<String, String> qualification, 404 Map<String, String> responsibilityDetails) { 405 return getResponsibilityService().getResponsibilityActionsByTemplate(namespaceCode, responsibilityTemplateName, 406 qualification, responsibilityDetails); 407 } 408 409 @Override 410 public boolean hasResponsibilityByTemplate(String principalId, String namespaceCode, 411 String responsibilityTemplateName, Map<String, String> qualification, 412 Map<String, String> responsibilityDetails) { 413 return getResponsibilityService().hasResponsibilityByTemplate(principalId, namespaceCode, 414 responsibilityTemplateName, qualification, responsibilityDetails); 415 } 416 417 protected void logAuthorizationCheck(String checkType, String principalId, String namespaceCode, String permissionName, Map<String, String> permissionDetails, Map<String, String> qualification ) { 418 StringBuilder sb = new StringBuilder(); 419 sb.append( '\n' ); 420 sb.append( "Is AuthZ for " ).append( checkType ).append( ": " ).append( namespaceCode ).append( "/" ).append( permissionName ).append( '\n' ); 421 sb.append( " Principal: " ).append( principalId ); 422 if ( principalId != null ) { 423 Principal principal = getPrincipal( principalId ); 424 if ( principal != null ) { 425 sb.append( " (" ).append( principal.getPrincipalName() ).append( ')' ); 426 } 427 } 428 sb.append( '\n' ); 429 sb.append( " Details:\n" ); 430 if ( permissionDetails != null ) { 431 sb.append( permissionDetails); 432 } else { 433 sb.append( " [null]\n" ); 434 } 435 sb.append( " Qualifiers:\n" ); 436 if ( qualification != null && !qualification.isEmpty() ) { 437 sb.append( qualification); 438 } else { 439 sb.append( " [null]\n" ); 440 } 441 if (LOG.isTraceEnabled()) { 442 LOG.trace( sb.append(ExceptionUtils.getStackTrace(new Throwable()))); 443 } else { 444 LOG.debug(sb.toString()); 445 } 446 } 447 448 protected void logHasPermissionCheck(String checkType, String principalId, String namespaceCode, String permissionName, Map<String, String> permissionDetails ) { 449 StringBuilder sb = new StringBuilder(); 450 sb.append( '\n' ); 451 sb.append( "Has Perm for " ).append( checkType ).append( ": " ).append( namespaceCode ).append( "/" ).append( permissionName ).append( '\n' ); 452 sb.append( " Principal: " ).append( principalId ); 453 if ( principalId != null ) { 454 Principal principal = getPrincipal( principalId ); 455 if ( principal != null ) { 456 sb.append( " (" ).append( principal.getPrincipalName() ).append( ')' ); 457 } 458 } 459 sb.append( '\n' ); 460 sb.append( " Details:\n" ); 461 if ( permissionDetails != null ) { 462 sb.append( permissionDetails); 463 } else { 464 sb.append( " [null]\n" ); 465 } 466 if (LOG.isTraceEnabled()) { 467 LOG.trace( sb.append( ExceptionUtils.getStackTrace(new Throwable())) ); 468 } else { 469 LOG.debug(sb.toString()); 470 } 471 } 472 473 // OTHER METHODS 474 475 public IdentityService getIdentityService() { 476 if ( identityService == null ) { 477 identityService = KimApiServiceLocator.getIdentityService(); 478 } 479 return identityService; 480 } 481 482 public GroupService getGroupService() { 483 if ( groupService == null ) { 484 groupService = KimApiServiceLocator.getGroupService(); 485 } 486 return groupService; 487 } 488 489 public PermissionService getPermissionService() { 490 if ( permissionService == null ) { 491 permissionService = KimApiServiceLocator.getPermissionService(); 492 } 493 return permissionService; 494 } 495 496 public ResponsibilityService getResponsibilityService() { 497 if ( responsibilityService == null ) { 498 responsibilityService = KimApiServiceLocator.getResponsibilityService(); 499 } 500 return responsibilityService; 501 } 502}