Example 16 with User
use of org.apache.catalina.User in project tomcat by apache.
the class DataSourceUserDatabaseTests method testUserDatabase.
@Test
public void testUserDatabase() throws Exception {
db = new DerbyUserDatabase("full");
db.setReadonly(false);
db.setUserTable("users");
db.setUserNameCol("user_name");
db.setUserCredCol("user_pass");
db.setUserRoleTable("user_roles");
db.setUserGroupTable("user_groups");
db.setRoleTable("roles");
db.setRoleNameCol("role_name");
db.setGroupTable("groups");
db.setGroupNameCol("group_name");
db.setGroupRoleTable("group_roles");
// Not setting the description or full name since it allows checking persistence,
// as any modification is kept in memory until save()
db.open();
// First create the DB tables
Connection connection = db.getConnection();
for (String sql : FULL_SCHEMA.split(";")) {
try (Statement statement = connection.createStatement()) {
statement.execute(sql);
}
}
Iterator<User> users = db.getUsers();
Assert.assertFalse("Some users found", users.hasNext());
User tomcatUser = db.createUser("tomcat", "password", "A new user");
User randomUser = db.createUser("random", "password", "Another new user");
Role adminRole = db.createRole("admin", "Admin role");
Role managerRole = db.createRole("manager", "Manager role");
Role userRole = db.createRole("user", "User role");
Group userGroup = db.createGroup("users", "All users");
userGroup.addRole(userRole);
tomcatUser.addRole(adminRole);
tomcatUser.addGroup(userGroup);
randomUser.addGroup(userGroup);
db.save();
users = db.getUsers();
Assert.assertTrue("No users found", users.hasNext());
tomcatUser = users.next();
if (!tomcatUser.getUsername().equals("tomcat")) {
tomcatUser = users.next();
}
Assert.assertTrue("Wrong user", tomcatUser.getUsername().equals("tomcat"));
Assert.assertTrue("Wrong password", tomcatUser.getPassword().equals("password"));
// Cannot save the user full name
Assert.assertNull("Wrong user fullname", tomcatUser.getFullName());
adminRole = db.findRole("admin");
Assert.assertNotNull("No admin role", adminRole);
Assert.assertNull("Wrong admin role", adminRole.getDescription());
Assert.assertTrue("No role for user", tomcatUser.isInRole(adminRole));
managerRole = db.findRole("manager");
Assert.assertFalse("Unexpected role for user", tomcatUser.isInRole(managerRole));
userRole = db.findRole("user");
userGroup = db.findGroup("users");
Assert.assertNull("Wrong users group", userGroup.getDescription());
Assert.assertTrue("No role for group", userGroup.isInRole(userRole));
randomUser = db.findUser("random");
Assert.assertTrue("No group for user", randomUser.isInGroup(userGroup));
db.close();
}
Also used :
Role(org.apache.catalina.Role)
Group(org.apache.catalina.Group)
User(org.apache.catalina.User)
Statement(java.sql.Statement)
Connection(java.sql.Connection)
Test(org.junit.Test)
LoggingBaseTest(org.apache.catalina.startup.LoggingBaseTest)
Example 17 with User
use of org.apache.catalina.User in project tomcat by apache.
the class DataSourceUserDatabase method createUser.
@Override
public User createUser(String username, String password, String fullName) {
dbReadLock.lock();
try {
usersWriteLock.lock();
try {
User user = new GenericUser<>(this, username, password, fullName, null, null);
createdUsers.put(username, user);
modifiedUsers.remove(username);
return user;
} finally {
usersWriteLock.unlock();
}
} finally {
dbReadLock.unlock();
}
}
Also used :
User(org.apache.catalina.User)
Example 18 with User
use of org.apache.catalina.User in project tomcat by apache.
the class DataSourceUserDatabase method getUsers.
@Override
public Iterator<User> getUsers() {
dbReadLock.lock();
try {
usersReadLock.lock();
try {
HashMap<String, User> users = new HashMap<>();
users.putAll(createdUsers);
users.putAll(modifiedUsers);
Connection dbConnection = openConnection();
if (dbConnection != null) {
try (PreparedStatement stmt = dbConnection.prepareStatement(preparedAllUsers)) {
try (ResultSet rs = stmt.executeQuery()) {
while (rs.next()) {
String userName = rs.getString(1);
if (userName != null) {
if (!users.containsKey(userName) && !removedUsers.containsKey(userName)) {
User user = findUserInternal(dbConnection, userName);
if (user != null) {
users.put(userName, user);
}
}
}
}
}
} catch (SQLException e) {
log.error(sm.getString("dataSourceUserDatabase.exception"), e);
} finally {
closeConnection(dbConnection);
}
}
return users.values().iterator();
} finally {
usersReadLock.unlock();
}
} finally {
dbReadLock.unlock();
}
}
Also used :
User(org.apache.catalina.User)
ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)
HashMap(java.util.HashMap)
SQLException(java.sql.SQLException)
Connection(java.sql.Connection)
ResultSet(java.sql.ResultSet)
PreparedStatement(java.sql.PreparedStatement)
Example 19 with User
use of org.apache.catalina.User in project tomcat by apache.
the class DataSourceUserDatabase method saveInternal.
protected void saveInternal(Connection dbConnection) {
StringBuilder temp = null;
StringBuilder tempRelation = null;
StringBuilder tempRelationDelete = null;
if (isRoleStoreDefined()) {
// Removed roles
if (!removedRoles.isEmpty()) {
temp = new StringBuilder("DELETE FROM ");
temp.append(roleTable);
temp.append(" WHERE ").append(roleNameCol);
temp.append(" = ?");
if (groupRoleTable != null) {
tempRelationDelete = new StringBuilder("DELETE FROM ");
tempRelationDelete.append(groupRoleTable);
tempRelationDelete.append(" WHERE ");
tempRelationDelete.append(roleNameCol);
tempRelationDelete.append(" = ?");
}
StringBuilder tempRelationDelete2 = new StringBuilder("DELETE FROM ");
tempRelationDelete2.append(userRoleTable);
tempRelationDelete2.append(" WHERE ");
tempRelationDelete2.append(roleNameCol);
tempRelationDelete2.append(" = ?");
for (Role role : removedRoles.values()) {
if (tempRelationDelete != null) {
try (PreparedStatement stmt = dbConnection.prepareStatement(tempRelationDelete.toString())) {
stmt.setString(1, role.getRolename());
stmt.executeUpdate();
} catch (SQLException e) {
log.error(sm.getString("dataSourceUserDatabase.exception"), e);
}
}
try (PreparedStatement stmt = dbConnection.prepareStatement(tempRelationDelete2.toString())) {
stmt.setString(1, role.getRolename());
stmt.executeUpdate();
} catch (SQLException e) {
log.error(sm.getString("dataSourceUserDatabase.exception"), e);
}
try (PreparedStatement stmt = dbConnection.prepareStatement(temp.toString())) {
stmt.setString(1, role.getRolename());
stmt.executeUpdate();
} catch (SQLException e) {
log.error(sm.getString("dataSourceUserDatabase.exception"), e);
}
}
removedRoles.clear();
}
// Created roles
if (!createdRoles.isEmpty()) {
temp = new StringBuilder("INSERT INTO ");
temp.append(roleTable);
temp.append('(').append(roleNameCol);
if (roleAndGroupDescriptionCol != null) {
temp.append(',').append(roleAndGroupDescriptionCol);
}
temp.append(") VALUES (?");
if (roleAndGroupDescriptionCol != null) {
temp.append(", ?");
}
temp.append(')');
for (Role role : createdRoles.values()) {
try (PreparedStatement stmt = dbConnection.prepareStatement(temp.toString())) {
stmt.setString(1, role.getRolename());
if (roleAndGroupDescriptionCol != null) {
stmt.setString(2, role.getDescription());
}
stmt.executeUpdate();
} catch (SQLException e) {
log.error(sm.getString("dataSourceUserDatabase.exception"), e);
}
}
createdRoles.clear();
}
// Modified roles
if (!modifiedRoles.isEmpty() && roleAndGroupDescriptionCol != null) {
temp = new StringBuilder("UPDATE ");
temp.append(roleTable);
temp.append(" SET ").append(roleAndGroupDescriptionCol);
temp.append(" = ? WHERE ").append(roleNameCol);
temp.append(" = ?");
for (Role role : modifiedRoles.values()) {
try (PreparedStatement stmt = dbConnection.prepareStatement(temp.toString())) {
stmt.setString(1, role.getDescription());
stmt.setString(2, role.getRolename());
stmt.executeUpdate();
} catch (SQLException e) {
log.error(sm.getString("dataSourceUserDatabase.exception"), e);
}
}
modifiedRoles.clear();
}
} else if (userRoleTable != null && roleNameCol != null) {
// Only remove role from users
tempRelationDelete = new StringBuilder("DELETE FROM ");
tempRelationDelete.append(userRoleTable);
tempRelationDelete.append(" WHERE ");
tempRelationDelete.append(roleNameCol);
tempRelationDelete.append(" = ?");
for (Role role : removedRoles.values()) {
try (PreparedStatement stmt = dbConnection.prepareStatement(tempRelationDelete.toString())) {
stmt.setString(1, role.getRolename());
stmt.executeUpdate();
} catch (SQLException e) {
log.error(sm.getString("dataSourceUserDatabase.exception"), e);
}
}
removedRoles.clear();
}
if (isGroupStoreDefined()) {
tempRelation = new StringBuilder("INSERT INTO ");
tempRelation.append(groupRoleTable);
tempRelation.append('(').append(groupNameCol).append(", ");
tempRelation.append(roleNameCol);
tempRelation.append(") VALUES (?, ?)");
String groupRoleRelation = tempRelation.toString();
// Always drop and recreate all group <-> role relations
tempRelationDelete = new StringBuilder("DELETE FROM ");
tempRelationDelete.append(groupRoleTable);
tempRelationDelete.append(" WHERE ");
tempRelationDelete.append(groupNameCol);
tempRelationDelete.append(" = ?");
String groupRoleRelationDelete = tempRelationDelete.toString();
// Removed groups
if (!removedGroups.isEmpty()) {
temp = new StringBuilder("DELETE FROM ");
temp.append(groupTable);
temp.append(" WHERE ").append(groupNameCol);
temp.append(" = ?");
StringBuilder tempRelationDelete2 = new StringBuilder("DELETE FROM ");
tempRelationDelete2.append(userGroupTable);
tempRelationDelete2.append(" WHERE ");
tempRelationDelete2.append(groupNameCol);
tempRelationDelete2.append(" = ?");
for (Group group : removedGroups.values()) {
try (PreparedStatement stmt = dbConnection.prepareStatement(groupRoleRelationDelete)) {
stmt.setString(1, group.getGroupname());
stmt.executeUpdate();
} catch (SQLException e) {
log.error(sm.getString("dataSourceUserDatabase.exception"), e);
}
try (PreparedStatement stmt = dbConnection.prepareStatement(tempRelationDelete2.toString())) {
stmt.setString(1, group.getGroupname());
stmt.executeUpdate();
} catch (SQLException e) {
log.error(sm.getString("dataSourceUserDatabase.exception"), e);
}
try (PreparedStatement stmt = dbConnection.prepareStatement(temp.toString())) {
stmt.setString(1, group.getGroupname());
stmt.executeUpdate();
} catch (SQLException e) {
log.error(sm.getString("dataSourceUserDatabase.exception"), e);
}
}
removedGroups.clear();
}
// Created groups
if (!createdGroups.isEmpty()) {
temp = new StringBuilder("INSERT INTO ");
temp.append(groupTable);
temp.append('(').append(groupNameCol);
if (roleAndGroupDescriptionCol != null) {
temp.append(',').append(roleAndGroupDescriptionCol);
}
temp.append(") VALUES (?");
if (roleAndGroupDescriptionCol != null) {
temp.append(", ?");
}
temp.append(')');
for (Group group : createdGroups.values()) {
try (PreparedStatement stmt = dbConnection.prepareStatement(temp.toString())) {
stmt.setString(1, group.getGroupname());
if (roleAndGroupDescriptionCol != null) {
stmt.setString(2, group.getDescription());
}
stmt.executeUpdate();
} catch (SQLException e) {
log.error(sm.getString("dataSourceUserDatabase.exception"), e);
}
Iterator<Role> roles = group.getRoles();
while (roles.hasNext()) {
Role role = roles.next();
try (PreparedStatement stmt = dbConnection.prepareStatement(groupRoleRelation)) {
stmt.setString(1, group.getGroupname());
stmt.setString(2, role.getRolename());
stmt.executeUpdate();
} catch (SQLException e) {
log.error(sm.getString("dataSourceUserDatabase.exception"), e);
}
}
}
createdGroups.clear();
}
// Modified groups
if (!modifiedGroups.isEmpty()) {
if (roleAndGroupDescriptionCol != null) {
temp = new StringBuilder("UPDATE ");
temp.append(groupTable);
temp.append(" SET ").append(roleAndGroupDescriptionCol);
temp.append(" = ? WHERE ").append(groupNameCol);
temp.append(" = ?");
}
for (Group group : modifiedGroups.values()) {
if (temp != null) {
try (PreparedStatement stmt = dbConnection.prepareStatement(temp.toString())) {
stmt.setString(1, group.getDescription());
stmt.setString(2, group.getGroupname());
stmt.executeUpdate();
} catch (SQLException e) {
log.error(sm.getString("dataSourceUserDatabase.exception"), e);
}
}
try (PreparedStatement stmt = dbConnection.prepareStatement(groupRoleRelationDelete)) {
stmt.setString(1, group.getGroupname());
stmt.executeUpdate();
} catch (SQLException e) {
log.error(sm.getString("dataSourceUserDatabase.exception"), e);
}
Iterator<Role> roles = group.getRoles();
while (roles.hasNext()) {
Role role = roles.next();
try (PreparedStatement stmt = dbConnection.prepareStatement(groupRoleRelation)) {
stmt.setString(1, group.getGroupname());
stmt.setString(2, role.getRolename());
stmt.executeUpdate();
} catch (SQLException e) {
log.error(sm.getString("dataSourceUserDatabase.exception"), e);
}
}
}
modifiedGroups.clear();
}
}
String userRoleRelation = null;
String userRoleRelationDelete = null;
if (userRoleTable != null && roleNameCol != null) {
tempRelation = new StringBuilder("INSERT INTO ");
tempRelation.append(userRoleTable);
tempRelation.append('(').append(userNameCol).append(", ");
tempRelation.append(roleNameCol);
tempRelation.append(") VALUES (?, ?)");
userRoleRelation = tempRelation.toString();
// Always drop and recreate all user <-> role relations
tempRelationDelete = new StringBuilder("DELETE FROM ");
tempRelationDelete.append(userRoleTable);
tempRelationDelete.append(" WHERE ");
tempRelationDelete.append(userNameCol);
tempRelationDelete.append(" = ?");
userRoleRelationDelete = tempRelationDelete.toString();
}
String userGroupRelation = null;
String userGroupRelationDelete = null;
if (isGroupStoreDefined()) {
tempRelation = new StringBuilder("INSERT INTO ");
tempRelation.append(userGroupTable);
tempRelation.append('(').append(userNameCol).append(", ");
tempRelation.append(groupNameCol);
tempRelation.append(") VALUES (?, ?)");
userGroupRelation = tempRelation.toString();
// Always drop and recreate all user <-> group relations
tempRelationDelete = new StringBuilder("DELETE FROM ");
tempRelationDelete.append(userGroupTable);
tempRelationDelete.append(" WHERE ");
tempRelationDelete.append(userNameCol);
tempRelationDelete.append(" = ?");
userGroupRelationDelete = tempRelationDelete.toString();
}
// Removed users
if (!removedUsers.isEmpty()) {
temp = new StringBuilder("DELETE FROM ");
temp.append(userTable);
temp.append(" WHERE ").append(userNameCol);
temp.append(" = ?");
for (User user : removedUsers.values()) {
if (userRoleRelationDelete != null) {
try (PreparedStatement stmt = dbConnection.prepareStatement(userRoleRelationDelete)) {
stmt.setString(1, user.getUsername());
stmt.executeUpdate();
} catch (SQLException e) {
log.error(sm.getString("dataSourceUserDatabase.exception"), e);
}
}
if (userGroupRelationDelete != null) {
try (PreparedStatement stmt = dbConnection.prepareStatement(userGroupRelationDelete)) {
stmt.setString(1, user.getUsername());
stmt.executeUpdate();
} catch (SQLException e) {
log.error(sm.getString("dataSourceUserDatabase.exception"), e);
}
}
try (PreparedStatement stmt = dbConnection.prepareStatement(temp.toString())) {
stmt.setString(1, user.getUsername());
stmt.executeUpdate();
} catch (SQLException e) {
log.error(sm.getString("dataSourceUserDatabase.exception"), e);
}
}
removedUsers.clear();
}
// Created users
if (!createdUsers.isEmpty()) {
temp = new StringBuilder("INSERT INTO ");
temp.append(userTable);
temp.append('(').append(userNameCol);
temp.append(", ").append(userCredCol);
if (userFullNameCol != null) {
temp.append(',').append(userFullNameCol);
}
temp.append(") VALUES (?, ?");
if (userFullNameCol != null) {
temp.append(", ?");
}
temp.append(')');
for (User user : createdUsers.values()) {
try (PreparedStatement stmt = dbConnection.prepareStatement(temp.toString())) {
stmt.setString(1, user.getUsername());
stmt.setString(2, user.getPassword());
if (userFullNameCol != null) {
stmt.setString(3, user.getFullName());
}
stmt.executeUpdate();
} catch (SQLException e) {
log.error(sm.getString("dataSourceUserDatabase.exception"), e);
}
if (userRoleRelation != null) {
Iterator<Role> roles = user.getRoles();
while (roles.hasNext()) {
Role role = roles.next();
try (PreparedStatement stmt = dbConnection.prepareStatement(userRoleRelation)) {
stmt.setString(1, user.getUsername());
stmt.setString(2, role.getRolename());
stmt.executeUpdate();
} catch (SQLException e) {
log.error(sm.getString("dataSourceUserDatabase.exception"), e);
}
}
}
if (userGroupRelation != null) {
Iterator<Group> groups = user.getGroups();
while (groups.hasNext()) {
Group group = groups.next();
try (PreparedStatement stmt = dbConnection.prepareStatement(userGroupRelation)) {
stmt.setString(1, user.getUsername());
stmt.setString(2, group.getGroupname());
stmt.executeUpdate();
} catch (SQLException e) {
log.error(sm.getString("dataSourceUserDatabase.exception"), e);
}
}
}
}
createdUsers.clear();
}
// Modified users
if (!modifiedUsers.isEmpty()) {
temp = new StringBuilder("UPDATE ");
temp.append(userTable);
temp.append(" SET ").append(userCredCol);
temp.append(" = ?");
if (userFullNameCol != null) {
temp.append(", ").append(userFullNameCol).append(" = ?");
}
temp.append(" WHERE ").append(userNameCol);
temp.append(" = ?");
for (User user : modifiedUsers.values()) {
try (PreparedStatement stmt = dbConnection.prepareStatement(temp.toString())) {
stmt.setString(1, user.getPassword());
if (userFullNameCol != null) {
stmt.setString(2, user.getFullName());
stmt.setString(3, user.getUsername());
} else {
stmt.setString(2, user.getUsername());
}
stmt.executeUpdate();
} catch (SQLException e) {
log.error(sm.getString("dataSourceUserDatabase.exception"), e);
}
if (userRoleRelationDelete != null) {
try (PreparedStatement stmt = dbConnection.prepareStatement(userRoleRelationDelete)) {
stmt.setString(1, user.getUsername());
stmt.executeUpdate();
} catch (SQLException e) {
log.error(sm.getString("dataSourceUserDatabase.exception"), e);
}
}
if (userGroupRelationDelete != null) {
try (PreparedStatement stmt = dbConnection.prepareStatement(userGroupRelationDelete)) {
stmt.setString(1, user.getUsername());
stmt.executeUpdate();
} catch (SQLException e) {
log.error(sm.getString("dataSourceUserDatabase.exception"), e);
}
}
if (userRoleRelation != null) {
Iterator<Role> roles = user.getRoles();
while (roles.hasNext()) {
Role role = roles.next();
try (PreparedStatement stmt = dbConnection.prepareStatement(userRoleRelation)) {
stmt.setString(1, user.getUsername());
stmt.setString(2, role.getRolename());
stmt.executeUpdate();
} catch (SQLException e) {
log.error(sm.getString("dataSourceUserDatabase.exception"), e);
}
}
}
if (userGroupRelation != null) {
Iterator<Group> groups = user.getGroups();
while (groups.hasNext()) {
Group group = groups.next();
try (PreparedStatement stmt = dbConnection.prepareStatement(userGroupRelation)) {
stmt.setString(1, user.getUsername());
stmt.setString(2, group.getGroupname());
stmt.executeUpdate();
} catch (SQLException e) {
log.error(sm.getString("dataSourceUserDatabase.exception"), e);
}
}
}
}
modifiedGroups.clear();
}
}
Also used :
Role(org.apache.catalina.Role)
Group(org.apache.catalina.Group)
User(org.apache.catalina.User)
SQLException(java.sql.SQLException)
PreparedStatement(java.sql.PreparedStatement)
Example 20 with User
use of org.apache.catalina.User in project tomcat by apache.
the class DataSourceUserDatabase method findUser.
@Override
public User findUser(String username) {
dbReadLock.lock();
try {
usersReadLock.lock();
try {
// Check local changes first
User user = createdUsers.get(username);
if (user != null) {
return user;
}
user = modifiedUsers.get(username);
if (user != null) {
return user;
}
user = removedUsers.get(username);
if (user != null) {
return null;
}
Connection dbConnection = openConnection();
if (dbConnection == null) {
return null;
}
try {
return findUserInternal(dbConnection, username);
} finally {
closeConnection(dbConnection);
}
} finally {
usersReadLock.unlock();
}
} finally {
dbReadLock.unlock();
}
}
Also used :
User(org.apache.catalina.User)
Connection(java.sql.Connection)
Aggregations
User (org.apache.catalina.User)63
UserDatabase (org.apache.catalina.UserDatabase)24
Group (org.apache.catalina.Group)21
Role (org.apache.catalina.Role)18
ArrayList (java.util.ArrayList)17
MalformedObjectNameException (javax.management.MalformedObjectNameException)12
ObjectName (javax.management.ObjectName)9
Test (org.junit.Test)5
Connection (java.sql.Connection)4
MBeanException (javax.management.MBeanException)4
RuntimeOperationsException (javax.management.RuntimeOperationsException)4
PreparedStatement (java.sql.PreparedStatement)3
SQLException (java.sql.SQLException)3
ResultSet (java.sql.ResultSet)2
Statement (java.sql.Statement)2
NamingException (javax.naming.NamingException)2
OperationNotSupportedException (javax.naming.OperationNotSupportedException)2
LoggingBaseTest (org.apache.catalina.startup.LoggingBaseTest)2
BufferedWriter (java.io.BufferedWriter)1
ByteArrayInputStream (java.io.ByteArrayInputStream)1
