001 /**
002 * Copyright 2005-2013 The Kuali Foundation
003 *
004 * Licensed under the Educational Community License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 * http://www.opensource.org/licenses/ecl2.php
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 */
016 package org.kuali.rice.kim.service.impl;
017
018 import org.apache.commons.lang.exception.ExceptionUtils;
019 import org.apache.log4j.Logger;
020 import org.kuali.rice.core.api.criteria.QueryByCriteria;
021 import org.kuali.rice.kim.api.common.assignee.Assignee;
022 import org.kuali.rice.kim.api.group.Group;
023 import org.kuali.rice.kim.api.group.GroupService;
024 import org.kuali.rice.kim.api.identity.IdentityService;
025 import org.kuali.rice.kim.api.identity.CodedAttribute;
026 import org.kuali.rice.kim.api.identity.affiliation.EntityAffiliationType;
027 import org.kuali.rice.kim.api.identity.entity.Entity;
028 import org.kuali.rice.kim.api.identity.entity.EntityDefault;
029 import org.kuali.rice.kim.api.identity.entity.EntityDefaultQueryResults;
030 import org.kuali.rice.kim.api.identity.entity.EntityQueryResults;
031 import org.kuali.rice.kim.api.identity.external.EntityExternalIdentifierType;
032 import org.kuali.rice.kim.api.identity.principal.Principal;
033 import org.kuali.rice.kim.api.permission.Permission;
034 import org.kuali.rice.kim.api.permission.PermissionService;
035 import org.kuali.rice.kim.api.responsibility.Responsibility;
036 import org.kuali.rice.kim.api.responsibility.ResponsibilityAction;
037 import org.kuali.rice.kim.api.responsibility.ResponsibilityService;
038 import org.kuali.rice.kim.api.services.IdentityManagementService;
039 import org.kuali.rice.kim.api.services.KimApiServiceLocator;
040
041 import java.util.HashMap;
042 import java.util.List;
043 import java.util.Map;
044
045 public class IdentityManagementServiceImpl implements IdentityManagementService {
046 private static final Logger LOG = Logger.getLogger( IdentityManagementServiceImpl.class );
047
048 private PermissionService permissionService;
049 private ResponsibilityService responsibilityService;
050 private IdentityService identityService;
051 private GroupService groupService;
052
053 @Override
054 public void flushAllCaches() {
055 }
056
057 @Override
058 public void flushEntityPrincipalCaches() {
059 }
060
061 @Override
062 public void flushGroupCaches() {
063 }
064
065 @Override
066 public void flushPermissionCaches() {
067 }
068
069 @Override
070 public void flushResponsibilityCaches() {
071 // nothing currently being cached
072 }
073
074
075 // AUTHORIZATION SERVICE
076 @Override
077 public boolean hasPermission(String principalId, String namespaceCode, String permissionName, Map<String, String> permissionDetails) {
078 if ( LOG.isDebugEnabled() ) {
079 logHasPermissionCheck("Permission", principalId, namespaceCode, permissionName, permissionDetails);
080 }
081 boolean hasPerm = getPermissionService().hasPermission(principalId, namespaceCode, permissionName);
082 if ( LOG.isDebugEnabled() ) {
083 LOG.debug( "Result: " + hasPerm );
084 }
085 return hasPerm;
086 }
087
088 @Override
089 public boolean isAuthorized(String principalId, String namespaceCode, String permissionName, Map<String, String> permissionDetails, Map<String, String> qualification ) {
090 if ( qualification == null || qualification.isEmpty() ) {
091 return hasPermission( principalId, namespaceCode, permissionName, permissionDetails );
092 }
093 if ( LOG.isDebugEnabled() ) {
094 logAuthorizationCheck("Permission", principalId, namespaceCode, permissionName, permissionDetails, qualification);
095 }
096 boolean isAuthorized = getPermissionService().isAuthorized(principalId, namespaceCode, permissionName, qualification);
097 if ( LOG.isDebugEnabled() ) {
098 LOG.debug( "Result: " + isAuthorized );
099 }
100 return isAuthorized;
101 }
102
103 @Override
104 public boolean hasPermissionByTemplate(String principalId, String namespaceCode, String permissionTemplateName,
105 Map<String, String> permissionDetails) {
106 if ( LOG.isDebugEnabled() ) {
107 logHasPermissionCheck("Perm Templ", principalId, namespaceCode, permissionTemplateName, permissionDetails);
108 }
109
110 boolean hasPerm = getPermissionService().hasPermissionByTemplate(principalId, namespaceCode,
111 permissionTemplateName, permissionDetails);
112
113 if ( LOG.isDebugEnabled() ) {
114 LOG.debug( "Result: " + hasPerm );
115 }
116 return hasPerm;
117 }
118
119 @Override
120 public boolean isAuthorizedByTemplate(String principalId, String namespaceCode, String permissionTemplateName,
121 Map<String, String> permissionDetails, Map<String, String> qualification) {
122 if ( qualification == null || qualification.isEmpty() ) {
123 return hasPermissionByTemplate(principalId, namespaceCode, permissionTemplateName,
124 new HashMap<String, String>(permissionDetails));
125 }
126 if ( LOG.isDebugEnabled() ) {
127 logAuthorizationCheck("Perm Templ", principalId, namespaceCode, permissionTemplateName, new HashMap<String, String>(permissionDetails), new HashMap<String, String>(qualification));
128 }
129 boolean isAuthorized = getPermissionService().isAuthorizedByTemplate(principalId, namespaceCode,
130 permissionTemplateName, new HashMap<String, String>(permissionDetails), new HashMap<String, String>(
131 qualification));
132 if ( LOG.isDebugEnabled() ) {
133 LOG.debug( "Result: " + isAuthorized );
134 }
135 return isAuthorized;
136 }
137
138 @Override
139 public List<Permission> getAuthorizedPermissions(String principalId,
140 String namespaceCode, String permissionName, Map<String, String> permissionDetails, Map<String, String> qualification) {
141 return getPermissionService().getAuthorizedPermissions(principalId, namespaceCode, permissionName, qualification);
142 }
143
144 @Override
145 public List<Permission> getAuthorizedPermissionsByTemplate(String principalId, String namespaceCode,
146 String permissionTemplateName, Map<String, String> permissionDetails, Map<String, String> qualification) {
147 return getPermissionService().getAuthorizedPermissionsByTemplate(principalId, namespaceCode,
148 permissionTemplateName, permissionDetails, qualification);
149 }
150
151 @Override
152 public boolean isPermissionDefinedForTemplate(String namespaceCode, String permissionTemplateName,
153 Map<String, String> permissionDetails) {
154 return getPermissionService().isPermissionDefinedByTemplate(namespaceCode, permissionTemplateName,
155 permissionDetails);
156 }
157
158 @Override
159 public List<Assignee> getPermissionAssignees(String namespaceCode,
160 String permissionName, Map<String, String> permissionDetails, Map<String, String> qualification) {
161 return this.permissionService.getPermissionAssignees(namespaceCode, permissionName, qualification);
162 }
163
164 @Override
165 public List<Assignee> getPermissionAssigneesForTemplate(String namespaceCode, String permissionTemplateName,
166 Map<String, String> permissionDetails, Map<String, String> qualification) {
167 return this.permissionService.getPermissionAssigneesByTemplate(namespaceCode, permissionTemplateName,
168 new HashMap<String, String>(permissionDetails), new HashMap<String, String>(qualification));
169 }
170
171 // GROUP SERVICE
172 @Override
173 public boolean isMemberOfGroup(String principalId, String groupId) {
174 return getGroupService().isMemberOfGroup(principalId, groupId);
175 }
176 @Override
177 public boolean isMemberOfGroup(String principalId, String namespaceCode, String groupName) {
178 Group group = getGroupByName(namespaceCode, groupName);
179 return group == null ? false : isMemberOfGroup(principalId, group.getId());
180 }
181 @Override
182 public boolean isGroupMemberOfGroup(String potentialMemberId, String potentialParentId)
183 {
184 return getGroupService()
185 .isGroupMemberOfGroup(potentialMemberId, potentialParentId);
186 }
187 @Override
188 public List<String> getGroupMemberPrincipalIds(String groupId) {
189 return getGroupService().getMemberPrincipalIds(groupId);
190 }
191 @Override
192 public List<String> getDirectGroupMemberPrincipalIds(String groupId) {
193 return getGroupService().getDirectMemberPrincipalIds(groupId);
194 }
195 @Override
196 public List<String> getGroupIdsForPrincipal(String principalId) {
197 return getGroupService().getGroupIdsByPrincipalId(principalId);
198 }
199 @Override
200 public List<String> getGroupIdsForPrincipal(String principalId, String namespaceCode ) {
201 return getGroupService().getGroupIdsByPrincipalIdAndNamespaceCode(principalId, namespaceCode);
202 }
203 @Override
204 public List<Group> getGroupsForPrincipal(String principalId) {
205 return getGroupService().getGroupsByPrincipalId(principalId);
206 }
207 @Override
208 public List<Group> getGroupsForPrincipal(String principalId, String namespaceCode ) {
209 return getGroupService().getGroupsByPrincipalIdAndNamespaceCode(principalId, namespaceCode);
210 }
211 @Override
212 public List<String> getMemberGroupIds(String groupId) {
213 return getGroupService().getMemberGroupIds(groupId);
214 }
215 @Override
216 public List<String> getDirectMemberGroupIds(String groupId) {
217 return getGroupService().getDirectMemberGroupIds(groupId);
218 }
219 @Override
220 public Group getGroup(String groupId) {
221 return getGroupService().getGroup(groupId);
222 }
223 @Override
224 public Group getGroupByName(String namespaceCode, String groupName) {
225 return getGroupService().getGroupByNamespaceCodeAndName(namespaceCode, groupName);
226 }
227 @Override
228 public List<String> getParentGroupIds(String groupId) {
229 return getGroupService().getParentGroupIds(groupId);
230 }
231 @Override
232 public List<String> getDirectParentGroupIds(String groupId) {
233 return getGroupService().getDirectParentGroupIds( groupId );
234 }
235
236 @Override
237 public boolean addGroupToGroup(String childId, String parentId) {
238 return getGroupService().addGroupToGroup(childId, parentId);
239 }
240
241 @Override
242 public boolean addPrincipalToGroup(String principalId, String groupId) {
243 return getGroupService().addPrincipalToGroup(principalId, groupId);
244 }
245
246 @Override
247 public boolean removeGroupFromGroup(String childId, String parentId) {
248 return getGroupService().removeGroupFromGroup(childId, parentId);
249 }
250
251 @Override
252 public boolean removePrincipalFromGroup(String principalId, String groupId) {
253 return getGroupService().removePrincipalFromGroup(principalId, groupId);
254 }
255
256 @Override
257 public Group createGroup(Group group) {
258 return getGroupService().createGroup(group);
259 }
260
261 @Override
262 public void removeAllMembers(String groupId) {
263 getGroupService().removeAllMembers(groupId);
264 }
265
266 @Override
267 public Group updateGroup(String groupId, Group group) {
268 return getGroupService().updateGroup(groupId, group);
269 }
270
271
272 // IDENTITY SERVICE
273 @Override
274 public Principal getPrincipal(String principalId) {
275 return getIdentityService().getPrincipal(principalId);
276 }
277
278 @Override
279 public Principal getPrincipalByPrincipalName(String principalName) {
280 return getIdentityService().getPrincipalByPrincipalName(principalName);
281 }
282
283 @Override
284 public Principal getPrincipalByPrincipalNameAndPassword(String principalName, String password) {
285 return getIdentityService().getPrincipalByPrincipalNameAndPassword(principalName, password);
286 }
287
288 @Override
289 public EntityDefault getEntityDefaultInfo(String entityId) {
290 return getIdentityService().getEntityDefault(entityId);
291 }
292
293 @Override
294 public EntityDefault getEntityDefaultInfoByPrincipalId(
295 String principalId) {
296 return getIdentityService().getEntityDefaultByPrincipalId(principalId);
297 }
298
299 @Override
300 public EntityDefault getEntityDefaultInfoByPrincipalName(
301 String principalName) {
302 return getIdentityService().getEntityDefaultByPrincipalName(principalName);
303 }
304
305 @Override
306 public EntityDefaultQueryResults findEntityDefaults(QueryByCriteria queryByCriteria) {
307 return getIdentityService().findEntityDefaults(queryByCriteria);
308 }
309
310 @Override
311 public Entity getEntity(String entityId) {
312 return getIdentityService().getEntity(entityId);
313 }
314
315 @Override
316 public Entity getEntityByPrincipalId(String principalId) {
317 return getIdentityService().getEntityByPrincipalId(principalId);
318 }
319
320 @Override
321 public Entity getEntityByPrincipalName(String principalName) {
322 return getIdentityService().getEntityByPrincipalName(principalName);
323 }
324
325 @Override
326 public EntityQueryResults findEntities(QueryByCriteria queryByCriteria) {
327 return getIdentityService().findEntities(queryByCriteria);
328 }
329
330 @Override
331 public CodedAttribute getAddressType( String code ) {
332 return getIdentityService().getAddressType(code);
333 }
334
335 @Override
336 public CodedAttribute getEmailType( String code ) {
337 return getIdentityService().getEmailType(code);
338 }
339
340 @Override
341 public EntityAffiliationType getAffiliationType( String code ) {
342 return getIdentityService().getAffiliationType(code);
343 }
344
345 @Override
346 public CodedAttribute getCitizenshipStatus( String code ) {
347 return CodedAttribute.Builder.create(getIdentityService().getCitizenshipStatus(code)).build();
348 }
349 @Override
350 public CodedAttribute getEmploymentStatus( String code ) {
351 return getIdentityService().getEmploymentStatus(code);
352 }
353 @Override
354 public CodedAttribute getEmploymentType( String code ) {
355 return getIdentityService().getEmploymentType(code);
356 }
357 @Override
358 public CodedAttribute getEntityNameType( String code ) {
359 return getIdentityService().getNameType(code);
360 }
361 @Override
362 public CodedAttribute getEntityType( String code ) {
363 return getIdentityService().getEntityType(code);
364 }
365 @Override
366 public EntityExternalIdentifierType getExternalIdentifierType( String code ) {
367 return getIdentityService().getExternalIdentifierType(code);
368 }
369 @Override
370 public CodedAttribute getPhoneType( String code ) {
371 return getIdentityService().getPhoneType(code);
372 }
373
374 // ----------------------
375 // Responsibility Methods
376 // ----------------------
377
378 @Override
379 public Responsibility getResponsibility(String responsibilityId) {
380 return getResponsibilityService().getResponsibility( responsibilityId );
381 }
382
383 @Override
384 public boolean hasResponsibility(String principalId, String namespaceCode,
385 String responsibilityName, Map<String, String> qualification) {
386 return getResponsibilityService().hasResponsibility( principalId, namespaceCode, responsibilityName,
387 qualification );
388 }
389
390 @Override
391 public Responsibility getResponsibilityByName( String namespaceCode, String responsibilityName) {
392 return getResponsibilityService().findRespByNamespaceCodeAndName(namespaceCode, responsibilityName);
393 }
394
395 @Override
396 public List<ResponsibilityAction> getResponsibilityActions( String namespaceCode, String responsibilityName,
397 Map<String, String> qualification, Map<String, String> responsibilityDetails) {
398 return getResponsibilityService().getResponsibilityActions( namespaceCode, responsibilityName, qualification );
399 }
400
401 @Override
402 public List<ResponsibilityAction> getResponsibilityActionsByTemplate(String namespaceCode,
403 String responsibilityTemplateName, Map<String, String> qualification,
404 Map<String, String> responsibilityDetails) {
405 return getResponsibilityService().getResponsibilityActionsByTemplate(namespaceCode, responsibilityTemplateName,
406 qualification, responsibilityDetails);
407 }
408
409 @Override
410 public boolean hasResponsibilityByTemplate(String principalId, String namespaceCode,
411 String responsibilityTemplateName, Map<String, String> qualification,
412 Map<String, String> responsibilityDetails) {
413 return getResponsibilityService().hasResponsibilityByTemplate(principalId, namespaceCode,
414 responsibilityTemplateName, qualification, responsibilityDetails);
415 }
416
417 protected void logAuthorizationCheck(String checkType, String principalId, String namespaceCode, String permissionName, Map<String, String> permissionDetails, Map<String, String> qualification ) {
418 StringBuilder sb = new StringBuilder();
419 sb.append( '\n' );
420 sb.append( "Is AuthZ for " ).append( checkType ).append( ": " ).append( namespaceCode ).append( "/" ).append( permissionName ).append( '\n' );
421 sb.append( " Principal: " ).append( principalId );
422 if ( principalId != null ) {
423 Principal principal = getPrincipal( principalId );
424 if ( principal != null ) {
425 sb.append( " (" ).append( principal.getPrincipalName() ).append( ')' );
426 }
427 }
428 sb.append( '\n' );
429 sb.append( " Details:\n" );
430 if ( permissionDetails != null ) {
431 sb.append( permissionDetails);
432 } else {
433 sb.append( " [null]\n" );
434 }
435 sb.append( " Qualifiers:\n" );
436 if ( qualification != null && !qualification.isEmpty() ) {
437 sb.append( qualification);
438 } else {
439 sb.append( " [null]\n" );
440 }
441 if (LOG.isTraceEnabled()) {
442 LOG.trace( sb.append(ExceptionUtils.getStackTrace(new Throwable())));
443 } else {
444 LOG.debug(sb.toString());
445 }
446 }
447
448 protected void logHasPermissionCheck(String checkType, String principalId, String namespaceCode, String permissionName, Map<String, String> permissionDetails ) {
449 StringBuilder sb = new StringBuilder();
450 sb.append( '\n' );
451 sb.append( "Has Perm for " ).append( checkType ).append( ": " ).append( namespaceCode ).append( "/" ).append( permissionName ).append( '\n' );
452 sb.append( " Principal: " ).append( principalId );
453 if ( principalId != null ) {
454 Principal principal = getPrincipal( principalId );
455 if ( principal != null ) {
456 sb.append( " (" ).append( principal.getPrincipalName() ).append( ')' );
457 }
458 }
459 sb.append( '\n' );
460 sb.append( " Details:\n" );
461 if ( permissionDetails != null ) {
462 sb.append( permissionDetails);
463 } else {
464 sb.append( " [null]\n" );
465 }
466 if (LOG.isTraceEnabled()) {
467 LOG.trace( sb.append( ExceptionUtils.getStackTrace(new Throwable())) );
468 } else {
469 LOG.debug(sb.toString());
470 }
471 }
472
473 // OTHER METHODS
474
475 public IdentityService getIdentityService() {
476 if ( identityService == null ) {
477 identityService = KimApiServiceLocator.getIdentityService();
478 }
479 return identityService;
480 }
481
482 public GroupService getGroupService() {
483 if ( groupService == null ) {
484 groupService = KimApiServiceLocator.getGroupService();
485 }
486 return groupService;
487 }
488
489 public PermissionService getPermissionService() {
490 if ( permissionService == null ) {
491 permissionService = KimApiServiceLocator.getPermissionService();
492 }
493 return permissionService;
494 }
495
496 public ResponsibilityService getResponsibilityService() {
497 if ( responsibilityService == null ) {
498 responsibilityService = KimApiServiceLocator.getResponsibilityService();
499 }
500 return responsibilityService;
501 }
502 }