/* * Nutzerverwaltung - User and role management in your browser * Copyright (C) 2011-2016 Ulrich Hilger, http://uhilger.de * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see http://www.gnu.org/licenses/ */ package de.uhilger.um.api; import de.uhilger.baselink.GenericRecord; import de.uhilger.baselink.PersistenceManager; import de.uhilger.baselink.Record; import de.uhilger.transit.web.WebKontext; import de.uhilger.um.Digester; import de.uhilger.um.daten.User; import de.uhilger.um.daten.UserRole; import java.sql.Connection; import java.util.List; import java.util.Properties; import javax.servlet.ServletContext; /** *
Die Methoden der Klasse UserMgr sind * die 'Fassade', die über Transit als Programmschnittstelle * (Application Programming Interface, API) * nach außen bereitgestellt wird. UserMgr dient weitgehend * als 'Durchreiche' für die Funktionalität anderer Klassen.
* ** Der UserMgr erhält die benötigten Methoden aus dem ServletContext. * Auf diese Weise sind keine statischen Abhängigkeiten in den Code * gewandert. Die folgenden Elemente werden vom UserMgr im ServletContext * erwartet: * * [noch auspraegen] * * PersistenceManager * SQL-Properties * Digester *
* * @author Copyright (c) Ulrich Hilger, http://uhilger.de * @author Published under the terms and conditions of the * GNU Affero * General Public License * * @version 2, December 27, 2016 */ public class UserMgr implements WebKontext { private ServletContext ctx; private static final Record UserMapper = new GenericRecord(User.class); private static final Record UserRoleMapper = new GenericRecord(UserRole.class); /** Name, unter dem das Properties-Objekt mit den SQL-Befehlen im ServletContext hinterlegt ist */ public static final String UM_SQL_PROPERTIES = "umSqlProperties"; public static final String P_DIGESTER = "digester"; /** Name, unter dem das Zugriffsobjekt zur Datenbank im ServletContext hinterlegt ist */ public static final String UM_DB = "umDb"; /** Boolean-Konstante zur Kennzeichnung von Datenbankergebnissen ohne Blobs */ public static final boolean WITHOUT_BLOBS = false; public static final String SQL_GET_USER_LIST = "getUserList"; public static final String SQL_GET_USER_NAME_LIST = "getUserNameList"; public static final String SQL_GET_ROLE_LIST = "getRoleList"; public static final String SQL_GET_USER_ROLES = "getUserRoles"; public static final String SQL_DELETE_USER = "deleteUser"; public static final String SQL_DELETE_USER_ROLES = "deleteUserRoles"; /* ----------- Benutzer -------------- */ public User createUser(User user) throws ClassNotFoundException, InstantiationException, IllegalAccessException { String kw = user.getPw(); String digesterClassName = ctx.getInitParameter(P_DIGESTER); Digester digester = (Digester) Class.forName(digesterClassName).newInstance(); String digestedPw = digester.digest(kw, Digester.MD5, null); user.setPw(digestedPw); getDb().insert(user, UserMapper); return user; } public List getUserNameList() { return getDb().select(getSql(SQL_GET_USER_NAME_LIST), WITHOUT_BLOBS); } public User deleteUser(User user) { PersistenceManager pm = getDb(); Connection c = pm.getConnection(); pm.startTransaction(c); pm.execute(c, getSql(SQL_DELETE_USER_ROLES), user.getId()); User deletedUser = (User) pm.delete(c, user, UserMapper); pm.commit(c); return deletedUser; } /* ------------ Rollen ------------------ */ public UserRole grantRole(String userId, String roleName) { UserRole ur = new UserRole(); ur.setRole(roleName); ur.setUser(userId); getDb().insert(ur, UserRoleMapper); return ur; } public UserRole revokeRole(String userId, String roleName) { UserRole ur = new UserRole(); ur.setRole(roleName); ur.setUser(userId); getDb().delete(ur, UserRoleMapper); return ur; } public List getRoleNamesGranted() { return getDb().select(getSql(SQL_GET_ROLE_LIST), WITHOUT_BLOBS); } public List getUserRoleNames(String userId) { return getDb().select(getSql(SQL_GET_USER_ROLES), WITHOUT_BLOBS, userId); } /* ----------- Helfer ---- */ /** * Ein benanntes SQL-Kommando ermitteln * @param id Name des gewuenschten SQL-Kommandos * @return das SQL-Kommando mit der in id angegebenen Bezeichnung */ private String getSql(String id) { Properties sql = (Properties) ctx.getAttribute(UserMgr.UM_SQL_PROPERTIES); return sql.getProperty(id); } private PersistenceManager getDb() { return (PersistenceManager) ctx.getAttribute(UM_DB); } /* ------------- Implementierung WebKontext ------------- */ @Override public ServletContext getServletContext() { return ctx; } @Override public void setServletContext(ServletContext servletContext) { this.ctx = servletContext; } }