View Javadoc
1   /**
2    * Copyright 2005-2015 The Kuali Foundation
3    *
4    * Licensed under the Educational Community License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    * http://www.opensource.org/licenses/ecl2.php
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.kuali.rice.kim.service.impl;
17  
18  import org.apache.commons.lang.exception.ExceptionUtils;
19  import org.apache.log4j.Logger;
20  import org.kuali.rice.core.api.criteria.QueryByCriteria;
21  import org.kuali.rice.kim.api.common.assignee.Assignee;
22  import org.kuali.rice.kim.api.group.Group;
23  import org.kuali.rice.kim.api.group.GroupService;
24  import org.kuali.rice.kim.api.identity.IdentityService;
25  import org.kuali.rice.kim.api.identity.CodedAttribute;
26  import org.kuali.rice.kim.api.identity.affiliation.EntityAffiliationType;
27  import org.kuali.rice.kim.api.identity.entity.Entity;
28  import org.kuali.rice.kim.api.identity.entity.EntityDefault;
29  import org.kuali.rice.kim.api.identity.entity.EntityDefaultQueryResults;
30  import org.kuali.rice.kim.api.identity.entity.EntityQueryResults;
31  import org.kuali.rice.kim.api.identity.external.EntityExternalIdentifierType;
32  import org.kuali.rice.kim.api.identity.principal.Principal;
33  import org.kuali.rice.kim.api.permission.Permission;
34  import org.kuali.rice.kim.api.permission.PermissionService;
35  import org.kuali.rice.kim.api.responsibility.Responsibility;
36  import org.kuali.rice.kim.api.responsibility.ResponsibilityAction;
37  import org.kuali.rice.kim.api.responsibility.ResponsibilityService;
38  import org.kuali.rice.kim.api.services.IdentityManagementService;
39  import org.kuali.rice.kim.api.services.KimApiServiceLocator;
40  
41  import java.util.HashMap;
42  import java.util.List;
43  import java.util.Map;
44  
45  public class IdentityManagementServiceImpl implements IdentityManagementService {
46  	private static final Logger LOG = Logger.getLogger( IdentityManagementServiceImpl.class );
47  
48  	private PermissionService permissionService;
49  	private ResponsibilityService responsibilityService;
50  	private IdentityService identityService;
51  	private GroupService groupService;
52  
53      @Override
54  	public void flushAllCaches() {
55  	}
56  
57      @Override
58  	public void flushEntityPrincipalCaches() {
59  	}
60  
61      @Override
62  	public void flushGroupCaches() {
63  	}
64  
65      @Override
66  	public void flushPermissionCaches() {
67  	}
68  
69      @Override
70  	public void flushResponsibilityCaches() {
71  		// nothing currently being cached
72  	}
73  
74  
75      // AUTHORIZATION SERVICE
76      @Override
77      public boolean hasPermission(String principalId, String namespaceCode, String permissionName, Map<String, String> permissionDetails) {
78      	if ( LOG.isDebugEnabled() ) {
79      		logHasPermissionCheck("Permission", principalId, namespaceCode, permissionName, permissionDetails);
80      	}
81          boolean hasPerm = getPermissionService().hasPermission(principalId, namespaceCode, permissionName);
82          if ( LOG.isDebugEnabled() ) {
83              LOG.debug( "Result: " + hasPerm );
84          }
85      	return hasPerm;
86      }
87  
88      @Override
89      public boolean isAuthorized(String principalId, String namespaceCode, String permissionName, Map<String, String> permissionDetails, Map<String, String> qualification ) {
90      	if ( qualification == null || qualification.isEmpty() ) {
91      		return hasPermission( principalId, namespaceCode, permissionName, permissionDetails );
92      	}
93      	if ( LOG.isDebugEnabled() ) {
94      		logAuthorizationCheck("Permission", principalId, namespaceCode, permissionName, permissionDetails, qualification);
95      	}
96          boolean isAuthorized = getPermissionService().isAuthorized(principalId, namespaceCode, permissionName, qualification);
97      	if ( LOG.isDebugEnabled() ) {
98      		LOG.debug( "Result: " + isAuthorized );
99      	}
100     	return isAuthorized;
101     }
102 
103     @Override
104     public boolean hasPermissionByTemplate(String principalId, String namespaceCode, String permissionTemplateName,
105             Map<String, String> permissionDetails) {
106     	if ( LOG.isDebugEnabled() ) {
107     		logHasPermissionCheck("Perm Templ", principalId, namespaceCode, permissionTemplateName, permissionDetails);
108     	}
109 
110 		boolean hasPerm = getPermissionService().hasPermissionByTemplate(principalId, namespaceCode,
111                 permissionTemplateName, permissionDetails);
112 
113    		if ( LOG.isDebugEnabled() ) {
114    			LOG.debug( "Result: " + hasPerm );
115    		}
116     	return hasPerm;
117     }
118 
119     @Override
120     public boolean isAuthorizedByTemplate(String principalId, String namespaceCode, String permissionTemplateName,
121             Map<String, String> permissionDetails, Map<String, String> qualification) {
122     	if ( qualification == null || qualification.isEmpty() ) {
123     		return hasPermissionByTemplate(principalId, namespaceCode, permissionTemplateName,
124                     new HashMap<String, String>(permissionDetails));
125     	}
126     	if ( LOG.isDebugEnabled() ) {
127     		logAuthorizationCheck("Perm Templ", principalId, namespaceCode, permissionTemplateName, new HashMap<String, String>(permissionDetails), new HashMap<String, String>(qualification));
128     	}
129     	boolean isAuthorized = getPermissionService().isAuthorizedByTemplate(principalId, namespaceCode,
130                 permissionTemplateName, new HashMap<String, String>(permissionDetails), new HashMap<String, String>(
131                 qualification));
132    		if ( LOG.isDebugEnabled() ) {
133    			LOG.debug( "Result: " + isAuthorized );
134    		}
135     	return isAuthorized;
136     }
137 
138     @Override
139     public List<Permission> getAuthorizedPermissions(String principalId,
140                                                      String namespaceCode, String permissionName, Map<String, String> permissionDetails, Map<String, String> qualification) {
141     	return getPermissionService().getAuthorizedPermissions(principalId, namespaceCode, permissionName, qualification);
142     }
143 
144     @Override
145     public List<Permission> getAuthorizedPermissionsByTemplate(String principalId, String namespaceCode,
146             String permissionTemplateName, Map<String, String> permissionDetails, Map<String, String> qualification) {
147     	return getPermissionService().getAuthorizedPermissionsByTemplate(principalId, namespaceCode,
148                 permissionTemplateName, permissionDetails, qualification);
149     }
150 
151     @Override
152     public boolean isPermissionDefinedForTemplate(String namespaceCode, String permissionTemplateName,
153             Map<String, String> permissionDetails) {
154         return getPermissionService().isPermissionDefinedByTemplate(namespaceCode, permissionTemplateName,
155                 permissionDetails);
156     }
157 
158     @Override
159 	public List<Assignee> getPermissionAssignees(String namespaceCode,
160 			String permissionName, Map<String, String> permissionDetails, Map<String, String> qualification) {
161 		return this.permissionService.getPermissionAssignees(namespaceCode, permissionName, qualification);
162 	}
163 
164     @Override
165 	public List<Assignee> getPermissionAssigneesForTemplate(String namespaceCode, String permissionTemplateName,
166             Map<String, String> permissionDetails, Map<String, String> qualification) {
167 		return this.permissionService.getPermissionAssigneesByTemplate(namespaceCode, permissionTemplateName,
168                 new HashMap<String, String>(permissionDetails), new HashMap<String, String>(qualification));
169 	}
170 
171     // GROUP SERVICE
172     @Override
173 	public boolean isMemberOfGroup(String principalId, String groupId) {
174 		return getGroupService().isMemberOfGroup(principalId, groupId);
175 	}
176     @Override
177 	public boolean isMemberOfGroup(String principalId, String namespaceCode, String groupName) {
178 		Group group = getGroupByName(namespaceCode, groupName);
179 		return group == null ? false : isMemberOfGroup(principalId, group.getId());
180     }
181     @Override
182 	public boolean isGroupMemberOfGroup(String potentialMemberId, String potentialParentId)
183 	{
184 	       return getGroupService()
185 	                .isGroupMemberOfGroup(potentialMemberId, potentialParentId);
186 	}
187     @Override
188 	public List<String> getGroupMemberPrincipalIds(String groupId) {
189 		return getGroupService().getMemberPrincipalIds(groupId);
190 	}
191     @Override
192 	public List<String> getDirectGroupMemberPrincipalIds(String groupId) {
193 		return getGroupService().getDirectMemberPrincipalIds(groupId);
194 	}
195     @Override
196     public List<String> getGroupIdsForPrincipal(String principalId) {
197 		return getGroupService().getGroupIdsByPrincipalId(principalId);
198 	}
199     @Override
200     public List<String> getGroupIdsForPrincipal(String principalId, String namespaceCode ) {
201 		return getGroupService().getGroupIdsByPrincipalIdAndNamespaceCode(principalId, namespaceCode);
202 	}
203     @Override
204     public List<Group> getGroupsForPrincipal(String principalId) {
205 		return getGroupService().getGroupsByPrincipalId(principalId);
206 	}
207     @Override
208     public List<Group> getGroupsForPrincipal(String principalId, String namespaceCode ) {
209 		return getGroupService().getGroupsByPrincipalIdAndNamespaceCode(principalId, namespaceCode);
210 	}
211     @Override
212     public List<String> getMemberGroupIds(String groupId) {
213 		return getGroupService().getMemberGroupIds(groupId);
214 	}
215     @Override
216     public List<String> getDirectMemberGroupIds(String groupId) {
217 		return getGroupService().getDirectMemberGroupIds(groupId);
218 	}
219     @Override
220     public Group getGroup(String groupId) {
221 		return getGroupService().getGroup(groupId);
222 	}
223     @Override
224     public Group getGroupByName(String namespaceCode, String groupName) {
225 		return getGroupService().getGroupByNamespaceCodeAndName(namespaceCode, groupName);
226     }
227     @Override
228     public List<String> getParentGroupIds(String groupId) {
229 		return getGroupService().getParentGroupIds(groupId);
230 	}
231     @Override
232     public List<String> getDirectParentGroupIds(String groupId) {
233 		return getGroupService().getDirectParentGroupIds( groupId );
234 	}
235 
236     @Override
237     public boolean addGroupToGroup(String childId, String parentId) {
238         return getGroupService().addGroupToGroup(childId, parentId);
239     }
240 
241     @Override
242     public boolean addPrincipalToGroup(String principalId, String groupId) {
243         return getGroupService().addPrincipalToGroup(principalId, groupId);
244     }
245 
246     @Override
247     public boolean removeGroupFromGroup(String childId, String parentId) {
248         return getGroupService().removeGroupFromGroup(childId, parentId);
249     }
250 
251     @Override
252     public boolean removePrincipalFromGroup(String principalId, String groupId) {
253         return getGroupService().removePrincipalFromGroup(principalId, groupId);
254     }
255 
256     @Override
257 	public Group createGroup(Group group) {
258 		return getGroupService().createGroup(group);
259 	}
260 
261     @Override
262 	public void removeAllMembers(String groupId) {
263 		getGroupService().removeAllMembers(groupId);
264 	}
265 
266     @Override
267 	public Group updateGroup(String groupId, Group group) {
268 		return getGroupService().updateGroup(groupId, group);
269 	}
270 
271 
272     // IDENTITY SERVICE
273     @Override
274 	public Principal getPrincipal(String principalId) {
275 		return getIdentityService().getPrincipal(principalId);
276 	}
277 
278     @Override
279     public Principal getPrincipalByPrincipalName(String principalName) {
280 		return getIdentityService().getPrincipalByPrincipalName(principalName);
281     }
282 
283     @Override
284     public Principal getPrincipalByPrincipalNameAndPassword(String principalName, String password) {
285     	return getIdentityService().getPrincipalByPrincipalNameAndPassword(principalName, password);
286     }
287 
288     @Override
289     public EntityDefault getEntityDefaultInfo(String entityId) {
290     		return getIdentityService().getEntityDefault(entityId);
291     }
292 
293     @Override
294     public EntityDefault getEntityDefaultInfoByPrincipalId(
295     		String principalId) {
296 	    	return getIdentityService().getEntityDefaultByPrincipalId(principalId);
297     }
298 
299     @Override
300     public EntityDefault getEntityDefaultInfoByPrincipalName(
301     		String principalName) {
302 	    	return getIdentityService().getEntityDefaultByPrincipalName(principalName);
303     }
304 
305     @Override
306     public EntityDefaultQueryResults findEntityDefaults(QueryByCriteria queryByCriteria) {
307         return getIdentityService().findEntityDefaults(queryByCriteria);
308     }
309 
310     @Override
311 	public Entity getEntity(String entityId) {
312     		return getIdentityService().getEntity(entityId);
313 	}
314 
315     @Override
316     public Entity getEntityByPrincipalId(String principalId) {
317         return getIdentityService().getEntityByPrincipalId(principalId);
318     }
319 
320     @Override
321     public Entity getEntityByPrincipalName(String principalName) {
322         return getIdentityService().getEntityByPrincipalName(principalName);
323     }
324 
325     @Override
326     public EntityQueryResults findEntities(QueryByCriteria queryByCriteria) {
327         return getIdentityService().findEntities(queryByCriteria);
328     }
329 
330     @Override
331 	public CodedAttribute getAddressType( String code ) {
332 		return getIdentityService().getAddressType(code);
333 	}
334 
335     @Override
336     public CodedAttribute getEmailType( String code ) {
337 		return getIdentityService().getEmailType(code);
338 	}
339 
340     @Override
341 	public EntityAffiliationType getAffiliationType( String code ) {
342 			return getIdentityService().getAffiliationType(code);
343 	}
344 
345     @Override
346 	public CodedAttribute getCitizenshipStatus( String code ) {
347 			return CodedAttribute.Builder.create(getIdentityService().getCitizenshipStatus(code)).build();
348 	}
349     @Override
350 	public CodedAttribute getEmploymentStatus( String code ) {
351 			return getIdentityService().getEmploymentStatus(code);
352 	}
353     @Override
354 	public CodedAttribute getEmploymentType( String code ) {
355 			return getIdentityService().getEmploymentType(code);
356 	}
357     @Override
358 	public CodedAttribute getEntityNameType( String code ) {
359 			return getIdentityService().getNameType(code);
360 	}
361     @Override
362 	public CodedAttribute getEntityType( String code ) {
363 		return getIdentityService().getEntityType(code);
364 	}
365     @Override
366 	public EntityExternalIdentifierType getExternalIdentifierType( String code ) {
367 			return getIdentityService().getExternalIdentifierType(code);
368 	}
369     @Override
370 	public CodedAttribute getPhoneType( String code ) {
371 			return getIdentityService().getPhoneType(code);
372 	}
373 
374     // ----------------------
375     // Responsibility Methods
376     // ----------------------
377 
378     @Override
379 	public Responsibility getResponsibility(String responsibilityId) {
380 		return getResponsibilityService().getResponsibility( responsibilityId );
381 	}
382 
383     @Override
384 	public boolean hasResponsibility(String principalId, String namespaceCode,
385 			String responsibilityName, Map<String, String> qualification) {
386 		return getResponsibilityService().hasResponsibility( principalId, namespaceCode, responsibilityName,
387                 qualification );
388 	}
389 
390     @Override
391 	public Responsibility getResponsibilityByName( String namespaceCode, String responsibilityName) {
392 		return getResponsibilityService().findRespByNamespaceCodeAndName(namespaceCode, responsibilityName);
393 	}
394 
395     @Override
396 	public List<ResponsibilityAction> getResponsibilityActions( String namespaceCode, String responsibilityName,
397     		Map<String, String> qualification, Map<String, String> responsibilityDetails) {
398 		return getResponsibilityService().getResponsibilityActions( namespaceCode, responsibilityName, qualification );
399 	}
400 
401     @Override
402 	public List<ResponsibilityAction> getResponsibilityActionsByTemplate(String namespaceCode,
403             String responsibilityTemplateName, Map<String, String> qualification,
404             Map<String, String> responsibilityDetails) {
405 		return getResponsibilityService().getResponsibilityActionsByTemplate(namespaceCode, responsibilityTemplateName,
406                 qualification, responsibilityDetails);
407 	}
408 
409     @Override
410 	public boolean hasResponsibilityByTemplate(String principalId, String namespaceCode,
411             String responsibilityTemplateName, Map<String, String> qualification,
412             Map<String, String> responsibilityDetails) {
413 		return getResponsibilityService().hasResponsibilityByTemplate(principalId, namespaceCode,
414                 responsibilityTemplateName, qualification, responsibilityDetails);
415 	}
416 
417     protected void logAuthorizationCheck(String checkType, String principalId, String namespaceCode, String permissionName, Map<String, String> permissionDetails, Map<String, String> qualification ) {
418 		StringBuilder sb = new StringBuilder();
419 		sb.append(  '\n' );
420 		sb.append( "Is AuthZ for " ).append( checkType ).append( ": " ).append( namespaceCode ).append( "/" ).append( permissionName ).append( '\n' );
421 		sb.append( "             Principal:  " ).append( principalId );
422 		if ( principalId != null ) {
423 			Principal principal = getPrincipal( principalId );
424 			if ( principal != null ) {
425 				sb.append( " (" ).append( principal.getPrincipalName() ).append( ')' );
426 			}
427 		}
428 		sb.append( '\n' );
429 		sb.append( "             Details:\n" );
430 		if ( permissionDetails != null ) {
431 			sb.append( permissionDetails);
432 		} else {
433 			sb.append( "                         [null]\n" );
434 		}
435 		sb.append( "             Qualifiers:\n" );
436 		if ( qualification != null && !qualification.isEmpty() ) {
437 			sb.append( qualification);
438 		} else {
439 			sb.append( "                         [null]\n" );
440 		}
441 		if (LOG.isTraceEnabled()) {
442 			LOG.trace( sb.append(ExceptionUtils.getStackTrace(new Throwable())));
443 		} else {
444 			LOG.debug(sb.toString());
445 		}
446     }
447 
448     protected void logHasPermissionCheck(String checkType, String principalId, String namespaceCode, String permissionName, Map<String, String> permissionDetails ) {
449 		StringBuilder sb = new StringBuilder();
450 		sb.append(  '\n' );
451 		sb.append( "Has Perm for " ).append( checkType ).append( ": " ).append( namespaceCode ).append( "/" ).append( permissionName ).append( '\n' );
452 		sb.append( "             Principal:  " ).append( principalId );
453 		if ( principalId != null ) {
454 			Principal principal = getPrincipal( principalId );
455 			if ( principal != null ) {
456 				sb.append( " (" ).append( principal.getPrincipalName() ).append( ')' );
457 			}
458 		}
459 		sb.append(  '\n' );
460 		sb.append( "             Details:\n" );
461 		if ( permissionDetails != null ) {
462 			sb.append( permissionDetails);
463 		} else {
464 			sb.append( "                         [null]\n" );
465 		}
466 		if (LOG.isTraceEnabled()) {
467 			LOG.trace( sb.append( ExceptionUtils.getStackTrace(new Throwable())) );
468 		} else {
469 			LOG.debug(sb.toString());
470 		}
471     }
472 
473     	// OTHER METHODS
474 
475 	public IdentityService getIdentityService() {
476 		if ( identityService == null ) {
477 			identityService = KimApiServiceLocator.getIdentityService();
478 		}
479 		return identityService;
480 	}
481 
482 	public GroupService getGroupService() {
483 		if ( groupService == null ) {
484 			groupService = KimApiServiceLocator.getGroupService();
485 		}
486 		return groupService;
487 	}
488 
489 	public PermissionService getPermissionService() {
490 		if ( permissionService == null ) {
491 			permissionService = KimApiServiceLocator.getPermissionService();
492 		}
493 		return permissionService;
494 	}
495 
496 	public ResponsibilityService getResponsibilityService() {
497 		if ( responsibilityService == null ) {
498 			responsibilityService = KimApiServiceLocator.getResponsibilityService();
499 		}
500 		return responsibilityService;
501 	}
502 }