Examples with WikiSecurityException org.apache.wiki.auth.WikiSecurityException used on opensource projects

Example 11 with WikiSecurityException

use of org.apache.wiki.auth.WikiSecurityException in project jspwiki by apache.

the class JDBCGroupDatabase method save.

/**
 * Saves a Group to the group database. Note that this method <em>must</em>
 * fail, and throw an <code>IllegalArgumentException</code>, if the
 * proposed group is the same name as one of the built-in Roles: e.g.,
 * Admin, Authenticated, etc. The database is responsible for setting
 * create/modify timestamps, upon a successful save, to the Group. The
 * method commits the results of the delete to persistent storage.
 *
 * @param group the Group to save
 * @param modifier the user who saved the Group
 * @throws WikiSecurityException if the Group could not be saved
 *             successfully
 */
public void save(Group group, Principal modifier) throws WikiSecurityException {
    if (group == null || modifier == null) {
        throw new IllegalArgumentException("Group or modifier cannot be null.");
    }
    boolean exists = exists(group);
    Connection conn = null;
    PreparedStatement ps = null;
    try {
        // Open the database connection
        conn = m_ds.getConnection();
        if (m_supportsCommits) {
            conn.setAutoCommit(false);
        }
        Timestamp ts = new Timestamp(System.currentTimeMillis());
        Date modDate = new Date(ts.getTime());
        if (!exists) {
            // Group is new: insert new group record
            ps = conn.prepareStatement(m_insertGroup);
            ps.setString(1, group.getName());
            ps.setTimestamp(2, ts);
            ps.setString(3, modifier.getName());
            ps.setTimestamp(4, ts);
            ps.setString(5, modifier.getName());
            ps.execute();
            // Set the group creation time
            group.setCreated(modDate);
            group.setCreator(modifier.getName());
            ps.close();
        } else {
            // Modify existing group record
            ps = conn.prepareStatement(m_updateGroup);
            ps.setTimestamp(1, ts);
            ps.setString(2, modifier.getName());
            ps.setString(3, group.getName());
            ps.execute();
            ps.close();
        }
        // Set the group modified time
        group.setLastModified(modDate);
        group.setModifier(modifier.getName());
        // Now, update the group member list
        // First, delete all existing member records
        ps = conn.prepareStatement(m_deleteGroupMembers);
        ps.setString(1, group.getName());
        ps.execute();
        ps.close();
        // Insert group member records
        ps = conn.prepareStatement(m_insertGroupMembers);
        Principal[] members = group.members();
        for (int i = 0; i < members.length; i++) {
            Principal member = members[i];
            ps.setString(1, group.getName());
            ps.setString(2, member.getName());
            ps.execute();
        }
        // Commit and close connection
        if (m_supportsCommits) {
            conn.commit();
        }
    } catch (SQLException e) {
        closeQuietly(conn, ps, null);
        throw new WikiSecurityException(e.getMessage(), e);
    } finally {
        closeQuietly(conn, ps, null);
    }
}

Example 12 with WikiSecurityException

use of org.apache.wiki.auth.WikiSecurityException in project jspwiki by apache.

the class JDBCGroupDatabase method initialize.

/**
 * Initializes the group database based on values from a Properties object.
 *
 * @param engine the wiki engine
 * @param props the properties used to initialize the group database
 * @throws WikiSecurityException if the database could not be initialized
 *             successfully
 * @throws NoRequiredPropertyException if a required property is not present
 */
public void initialize(WikiEngine engine, Properties props) throws NoRequiredPropertyException, WikiSecurityException {
    String table;
    String memberTable;
    m_engine = engine;
    String jndiName = props.getProperty(PROP_GROUPDB_DATASOURCE, DEFAULT_GROUPDB_DATASOURCE);
    try {
        Context initCtx = new InitialContext();
        Context ctx = (Context) initCtx.lookup("java:comp/env");
        m_ds = (DataSource) ctx.lookup(jndiName);
        // Prepare the SQL selectors
        table = props.getProperty(PROP_GROUPDB_TABLE, DEFAULT_GROUPDB_TABLE);
        memberTable = props.getProperty(PROP_GROUPDB_MEMBER_TABLE, DEFAULT_GROUPDB_MEMBER_TABLE);
        m_name = props.getProperty(PROP_GROUPDB_NAME, DEFAULT_GROUPDB_NAME);
        m_created = props.getProperty(PROP_GROUPDB_CREATED, DEFAULT_GROUPDB_CREATED);
        m_creator = props.getProperty(PROP_GROUPDB_CREATOR, DEFAULT_GROUPDB_CREATOR);
        m_modifier = props.getProperty(PROP_GROUPDB_MODIFIER, DEFAULT_GROUPDB_MODIFIER);
        m_modified = props.getProperty(PROP_GROUPDB_MODIFIED, DEFAULT_GROUPDB_MODIFIED);
        m_member = props.getProperty(PROP_GROUPDB_MEMBER, DEFAULT_GROUPDB_MEMBER);
        m_findAll = "SELECT DISTINCT * FROM " + table;
        m_findGroup = "SELECT DISTINCT * FROM " + table + " WHERE " + m_name + "=?";
        m_findMembers = "SELECT * FROM " + memberTable + " WHERE " + m_name + "=?";
        // Prepare the group insert/update SQL
        m_insertGroup = "INSERT INTO " + table + " (" + m_name + "," + m_modified + "," + m_modifier + "," + m_created + "," + m_creator + ") VALUES (?,?,?,?,?)";
        m_updateGroup = "UPDATE " + table + " SET " + m_modified + "=?," + m_modifier + "=? WHERE " + m_name + "=?";
        // Prepare the group member insert SQL
        m_insertGroupMembers = "INSERT INTO " + memberTable + " (" + m_name + "," + m_member + ") VALUES (?,?)";
        // Prepare the group delete SQL
        m_deleteGroup = "DELETE FROM " + table + " WHERE " + m_name + "=?";
        m_deleteGroupMembers = "DELETE FROM " + memberTable + " WHERE " + m_name + "=?";
    } catch (NamingException e) {
        log.error("JDBCGroupDatabase initialization error: " + e);
        throw new NoRequiredPropertyException(PROP_GROUPDB_DATASOURCE, "JDBCGroupDatabase initialization error: " + e);
    }
    // Test connection by doing a quickie select
    Connection conn = null;
    PreparedStatement ps = null;
    try {
        conn = m_ds.getConnection();
        ps = conn.prepareStatement(m_findAll);
        ps.executeQuery();
        ps.close();
    } catch (SQLException e) {
        closeQuietly(conn, ps, null);
        log.error("DB connectivity error: " + e.getMessage());
        throw new WikiSecurityException("DB connectivity error: " + e.getMessage(), e);
    } finally {
        closeQuietly(conn, ps, null);
    }
    log.info("JDBCGroupDatabase initialized from JNDI DataSource: " + jndiName);
    // Determine if the datasource supports commits
    try {
        conn = m_ds.getConnection();
        DatabaseMetaData dmd = conn.getMetaData();
        if (dmd.supportsTransactions()) {
            m_supportsCommits = true;
            conn.setAutoCommit(false);
            log.info("JDBCGroupDatabase supports transactions. Good; we will use them.");
        }
    } catch (SQLException e) {
        closeQuietly(conn, null, null);
        log.warn("JDBCGroupDatabase warning: user database doesn't seem to support transactions. Reason: " + e);
    } finally {
        closeQuietly(conn, null, null);
    }
}

Example 13 with WikiSecurityException

use of org.apache.wiki.auth.WikiSecurityException in project jspwiki by apache.

the class JDBCUserDatabase method deleteByLoginName.

/**
 * Looks up and deletes the first {@link UserProfile} in the user database
 * that matches a profile having a given login name. If the user database
 * does not contain a user with a matching attribute, throws a
 * {@link NoSuchPrincipalException}. This method is intended to be atomic;
 * results cannot be partially committed. If the commit fails, it should
 * roll back its state appropriately. Implementing classes that persist to
 * the file system may wish to make this method <code>synchronized</code>.
 *
 * @param loginName the login name of the user profile that shall be deleted
 */
public void deleteByLoginName(String loginName) throws NoSuchPrincipalException, WikiSecurityException {
    // Get the existing user; if not found, throws NoSuchPrincipalException
    findByLoginName(loginName);
    Connection conn = null;
    try {
        // Open the database connection
        conn = m_ds.getConnection();
        if (m_supportsCommits) {
            conn.setAutoCommit(false);
        }
        PreparedStatement ps;
        // Delete user record
        ps = conn.prepareStatement(m_deleteUserByLoginName);
        ps.setString(1, loginName);
        ps.execute();
        ps.close();
        // Delete role record
        ps = conn.prepareStatement(m_deleteRoleByLoginName);
        ps.setString(1, loginName);
        ps.execute();
        ps.close();
        // Commit and close connection
        if (m_supportsCommits) {
            conn.commit();
        }
    } catch (SQLException e) {
        throw new WikiSecurityException(e.getMessage(), e);
    } finally {
        try {
            if (conn != null)
                conn.close();
        } catch (Exception e) {
        }
    }
}

Example 14 with WikiSecurityException

use of org.apache.wiki.auth.WikiSecurityException in project jspwiki by apache.

the class JDBCUserDatabase method initialize.

/**
 * @see org.apache.wiki.auth.user.UserDatabase#initialize(org.apache.wiki.WikiEngine,
 *      java.util.Properties)
 */
public void initialize(WikiEngine engine, Properties props) throws NoRequiredPropertyException, WikiSecurityException {
    String userTable;
    String role;
    String roleTable;
    String jndiName = props.getProperty(PROP_DB_DATASOURCE, DEFAULT_DB_JNDI_NAME);
    try {
        Context initCtx = new InitialContext();
        Context ctx = (Context) initCtx.lookup("java:comp/env");
        m_ds = (DataSource) ctx.lookup(jndiName);
        // Prepare the SQL selectors
        userTable = props.getProperty(PROP_DB_TABLE, DEFAULT_DB_TABLE);
        m_email = props.getProperty(PROP_DB_EMAIL, DEFAULT_DB_EMAIL);
        m_fullName = props.getProperty(PROP_DB_FULL_NAME, DEFAULT_DB_FULL_NAME);
        m_lockExpiry = props.getProperty(PROP_DB_LOCK_EXPIRY, DEFAULT_DB_LOCK_EXPIRY);
        m_loginName = props.getProperty(PROP_DB_LOGIN_NAME, DEFAULT_DB_LOGIN_NAME);
        m_password = props.getProperty(PROP_DB_PASSWORD, DEFAULT_DB_PASSWORD);
        m_uid = props.getProperty(PROP_DB_UID, DEFAULT_DB_UID);
        m_wikiName = props.getProperty(PROP_DB_WIKI_NAME, DEFAULT_DB_WIKI_NAME);
        m_created = props.getProperty(PROP_DB_CREATED, DEFAULT_DB_CREATED);
        m_modified = props.getProperty(PROP_DB_MODIFIED, DEFAULT_DB_MODIFIED);
        m_attributes = props.getProperty(PROP_DB_ATTRIBUTES, DEFAULT_DB_ATTRIBUTES);
        m_findAll = "SELECT * FROM " + userTable;
        m_findByEmail = "SELECT * FROM " + userTable + " WHERE " + m_email + "=?";
        m_findByFullName = "SELECT * FROM " + userTable + " WHERE " + m_fullName + "=?";
        m_findByLoginName = "SELECT * FROM " + userTable + " WHERE " + m_loginName + "=?";
        m_findByUid = "SELECT * FROM " + userTable + " WHERE " + m_uid + "=?";
        m_findByWikiName = "SELECT * FROM " + userTable + " WHERE " + m_wikiName + "=?";
        // The user insert SQL prepared statement
        m_insertProfile = "INSERT INTO " + userTable + " (" + m_uid + "," + m_email + "," + m_fullName + "," + m_password + "," + m_wikiName + "," + m_modified + "," + m_loginName + "," + m_attributes + "," + m_created + ") VALUES (?,?,?,?,?,?,?,?,?)";
        // The user update SQL prepared statement
        m_updateProfile = "UPDATE " + userTable + " SET " + m_uid + "=?," + m_email + "=?," + m_fullName + "=?," + m_password + "=?," + m_wikiName + "=?," + m_modified + "=?," + m_loginName + "=?," + m_attributes + "=?," + m_lockExpiry + "=? " + "WHERE " + m_loginName + "=?";
        // Prepare the role insert SQL
        roleTable = props.getProperty(PROP_DB_ROLE_TABLE, DEFAULT_DB_ROLE_TABLE);
        role = props.getProperty(PROP_DB_ROLE, DEFAULT_DB_ROLE);
        m_insertRole = "INSERT INTO " + roleTable + " (" + m_loginName + "," + role + ") VALUES (?,?)";
        m_findRoles = "SELECT * FROM " + roleTable + " WHERE " + m_loginName + "=?";
        // Prepare the user delete SQL
        m_deleteUserByLoginName = "DELETE FROM " + userTable + " WHERE " + m_loginName + "=?";
        // Prepare the role delete SQL
        m_deleteRoleByLoginName = "DELETE FROM " + roleTable + " WHERE " + m_loginName + "=?";
        // Prepare the rename user/roles SQL
        m_renameProfile = "UPDATE " + userTable + " SET " + m_loginName + "=?," + m_modified + "=? WHERE " + m_loginName + "=?";
        m_renameRoles = "UPDATE " + roleTable + " SET " + m_loginName + "=? WHERE " + m_loginName + "=?";
    } catch (NamingException e) {
        log.error("JDBCUserDatabase initialization error: " + e.getMessage());
        throw new NoRequiredPropertyException(PROP_DB_DATASOURCE, "JDBCUserDatabase initialization error: " + e.getMessage());
    }
    // Test connection by doing a quickie select
    Connection conn = null;
    try {
        conn = m_ds.getConnection();
        PreparedStatement ps = conn.prepareStatement(m_findAll);
        ps.close();
    } catch (SQLException e) {
        log.error("DB connectivity error: " + e.getMessage());
        throw new WikiSecurityException("DB connectivity error: " + e.getMessage(), e);
    } finally {
        try {
            if (conn != null)
                conn.close();
        } catch (Exception e) {
        }
    }
    log.info("JDBCUserDatabase initialized from JNDI DataSource: " + jndiName);
    // Determine if the datasource supports commits
    try {
        conn = m_ds.getConnection();
        DatabaseMetaData dmd = conn.getMetaData();
        if (dmd.supportsTransactions()) {
            m_supportsCommits = true;
            conn.setAutoCommit(false);
            log.info("JDBCUserDatabase supports transactions. Good; we will use them.");
        }
    } catch (SQLException e) {
        log.warn("JDBCUserDatabase warning: user database doesn't seem to support transactions. Reason: " + e.getMessage());
    } finally {
        try {
            if (conn != null)
                conn.close();
        } catch (Exception e) {
        }
    }
}

Example 15 with WikiSecurityException

use of org.apache.wiki.auth.WikiSecurityException in project jspwiki by apache.

the class XMLUserDatabase method deleteByLoginName.

/**
 * Looks up and deletes the first {@link UserProfile} in the user database
 * that matches a profile having a given login name. If the user database
 * does not contain a user with a matching attribute, throws a
 * {@link NoSuchPrincipalException}.
 * @param loginName the login name of the user profile that shall be deleted
 */
public synchronized void deleteByLoginName(String loginName) throws NoSuchPrincipalException, WikiSecurityException {
    if (c_dom == null) {
        throw new WikiSecurityException("FATAL: database does not exist");
    }
    NodeList users = c_dom.getDocumentElement().getElementsByTagName(USER_TAG);
    for (int i = 0; i < users.getLength(); i++) {
        Element user = (Element) users.item(i);
        if (user.getAttribute(LOGIN_NAME).equals(loginName)) {
            c_dom.getDocumentElement().removeChild(user);
            // Commit to disk
            saveDOM();
            return;
        }
    }
    throw new NoSuchPrincipalException("Not in database: " + loginName);
}