org.olat.basesecurity
Class PersistingManager

java.lang.Object
  org.olat.basesecurity.PersistingManager

All Implemented Interfaces:

Manager

public class PersistingManager
extends java.lang.Object
implements Manager

Description:

The PersistingManager implements the security manager and provide methods to manage identities and user objects based on a database persistence mechanism using hibernate.

Author:

Felix Jost, Florian Gnaegi

Field Summary

static OLATResourceable

IDENTITY_EVENT_CHANNEL

Method Summary

void	addIdentityToSecurityGroup(Identity identity, SecurityGroup secGroup)
int	countIdentitiesOfSecurityGroup(SecurityGroup secGroup)
java.lang.Long	countUniqueUserLoginsSince(java.util.Date lastLoginLimit) get number of users with last login greater than lastLoginLimit
Authentication	createAndPersistAuthentication(Identity ident, java.lang.String provider, java.lang.String authUserName, java.lang.String credential)
Identity	createAndPersistIdentity(java.lang.String username, User user, java.lang.String provider, java.lang.String authusername, java.lang.String credential)
Identity	createAndPersistIdentityAndUser(java.lang.String username, User user, java.lang.String provider, java.lang.String authusername, java.lang.String credential)
SecurityGroup	createAndPersistNamedSecurityGroup(java.lang.String groupName) create only makes no sense, since there are no attibutes to set
Policy	createAndPersistPolicy(SecurityGroup secGroup, java.lang.String permission, OLATResourceable olatResourceable) the olatResourceable is not required to have some persisted implementation, but the manager will use the OLATResource to persist it.
Policy	createAndPersistPolicyWithResource(SecurityGroup secGroup, java.lang.String permission, OLATResource olatResource) Creates a policy and persists on the database
SecurityGroup	createAndPersistSecurityGroup() create only makes no sense, since there are no attibutes to set
void	deleteAuthentication(Authentication auth)
void	deletePolicy(SecurityGroup secGroup, java.lang.String permission, OLATResourceable olatResourceable)
void	deleteSecurityGroup(SecurityGroup secGroup) removes the group with all the idendities contained in it, the idenities itself are of course not deleted.
Authentication	findAuthentication(Identity identity, java.lang.String provider)
Authentication	findAuthenticationByAuthusername(java.lang.String authusername, java.lang.String provider)
Identity	findIdentityByName(java.lang.String identityName) Find an identity by its name.
SecurityGroup	findSecurityGroupByName(java.lang.String securityGroupName)
Identity	getAndUpdateAnonymousUserForLanguage(java.util.Locale locale) Returns the anonymous identity for a given locale, normally used to log in as guest user
java.util.List<Authentication>	getAuthentications(Identity identity) Return the List of associated Authentications.
java.util.List	getGroupsWithPermissionOnOlatResourceable(java.lang.String permission, OLATResourceable olatResourceable) use for testing ONLY.
java.util.List	getIdentitiesAndDateOfSecurityGroup(SecurityGroup secGroup)
java.util.List	getIdentitiesAndDateOfSecurityGroup(SecurityGroup secGroup, boolean sortedByAddDate)
java.util.List	getIdentitiesByPowerSearch(java.lang.String login, java.util.Map<java.lang.String,java.lang.String> userproperties, boolean userPropertiesAsIntersectionSearch, SecurityGroup[] groups, PermissionOnResourceable[] permissionOnResources, java.lang.String[] authProviders, java.util.Date createdAfter, java.util.Date createdBefore, java.lang.Integer status) Get a list of identities that match the following conditions.
java.util.List	getIdentitiesOfSecurityGroup(SecurityGroup secGroup) search
java.util.List	getIdentitiesWithPermissionOnOlatResourceable(java.lang.String permission, OLATResourceable olatResourceable) use for testing ONLY.
java.util.List	getPoliciesOfIdentity(Identity identity) scalar query : select sgi, poi, ori
java.util.List	getPoliciesOfSecurityGroup(SecurityGroup secGroup)
Roles	getRoles(Identity identity) Get the identity's roles
java.util.Date	getSecurityGroupJoinDateForIdentity(SecurityGroup secGroup, Identity identity) Get date where identity joined a security group
java.util.List<SecurityGroup>	getSecurityGroupsForIdentity(Identity identity) Get all SecurtityGroups an Identity is in
java.util.List	getVisibleIdentitiesByPowerSearch(java.lang.String login, java.util.Map<java.lang.String,java.lang.String> userproperties, boolean userPropertiesAsIntersectionSearch, SecurityGroup[] groups, PermissionOnResourceable[] permissionOnResources, java.lang.String[] authProviders, java.util.Date createdAfter, java.util.Date createdBefore) Get a list of identities that match the following conditions.
void	init()
boolean	isIdentityInSecurityGroup(Identity identity, SecurityGroup secGroup) use only if really needed.
boolean	isIdentityPermittedOnResourceable(Identity identity, java.lang.String permission, OLATResourceable olatResourceable) is allowed to....
boolean	isIdentityPermittedOnResourceable(Identity identity, java.lang.String permission, OLATResourceable olatResourceable, boolean checkTypeRight)
boolean	isIdentityVisible(java.lang.String identityName) Check if identity is visible.
Identity	loadIdentityByKey(java.lang.Long identityKey) find an identity by the key instead of the username.
Identity	loadIdentityByKey(java.lang.Long identityKey, boolean strict) find an identity by the key.
void	removeIdentityFromSecurityGroup(Identity identity, SecurityGroup secGroup) Removes the identity from this security group or does nothing if the identity is not in the group at all.
void	saveIdentityStatus(Identity identity, java.lang.Integer status) Save an identity

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

IDENTITY_EVENT_CHANNEL

public static final OLATResourceable IDENTITY_EVENT_CHANNEL

Method Detail

init

public void init()

Specified by:

init in interface Manager

See Also:

Manager.init()

getGroupsWithPermissionOnOlatResourceable

public java.util.List getGroupsWithPermissionOnOlatResourceable(java.lang.String permission,
                                                                OLATResourceable olatResourceable)

Description copied from interface: Manager

use for testing ONLY.

Specified by:

getGroupsWithPermissionOnOlatResourceable in interface Manager

Returns:

a list of SecurityGroup objects

See Also:

org.olat.basesecurity.Manager#getGroupsWithPermissionOnOlatResourceable(java.lang.String, org.olat.core.id.OLATResourceable

getIdentitiesWithPermissionOnOlatResourceable

public java.util.List getIdentitiesWithPermissionOnOlatResourceable(java.lang.String permission,
                                                                    OLATResourceable olatResourceable)

Description copied from interface: Manager

use for testing ONLY.

Specified by:

getIdentitiesWithPermissionOnOlatResourceable in interface Manager

Returns:

a list of Identity objects

See Also:

org.olat.basesecurity.Manager#getIdentitiesWithPermissionOnOlatResourceable(java.lang.String, org.olat.core.id.OLATResourceable

getPoliciesOfSecurityGroup

public java.util.List getPoliciesOfSecurityGroup(SecurityGroup secGroup)

Specified by:

getPoliciesOfSecurityGroup in interface Manager

Returns:

a list of Policy objects

See Also:

Manager.getPoliciesOfSecurityGroup(org.olat.basesecurity.SecurityGroup)

isIdentityPermittedOnResourceable

public boolean isIdentityPermittedOnResourceable(Identity identity,
                                                 java.lang.String permission,
                                                 OLATResourceable olatResourceable)

Description copied from interface: Manager

is allowed to....

Specified by:

isIdentityPermittedOnResourceable in interface Manager

Returns:

true if permitted

See Also:

org.olat.basesecurity.Manager#isIdentityPermittedOnResourceable(org.olat.core.id.Identity, java.lang.String, org.olat.core.id.OLATResourceable

isIdentityPermittedOnResourceable

public boolean isIdentityPermittedOnResourceable(Identity identity,
                                                 java.lang.String permission,
                                                 OLATResourceable olatResourceable,
                                                 boolean checkTypeRight)

Specified by:

isIdentityPermittedOnResourceable in interface Manager

Returns:

true if permitted

See Also:

Manager.isIdentityPermittedOnResourceable(org.olat.core.id.Identity, java.lang.String, org.olat.core.id.OLATResourceable boolean)

getRoles

public Roles getRoles(Identity identity)

Description copied from interface: Manager

Get the identity's roles

Specified by:

getRoles in interface Manager

Returns:

The roles of the identity

See Also:

Manager.getRoles(org.olat.core.id.Identity)

getPoliciesOfIdentity

public java.util.List getPoliciesOfIdentity(Identity identity)

scalar query : select sgi, poi, ori

Specified by:

getPoliciesOfIdentity in interface Manager

Parameters:

identity -

Returns:

List of policies

isIdentityInSecurityGroup

public boolean isIdentityInSecurityGroup(Identity identity,
                                         SecurityGroup secGroup)

Description copied from interface: Manager

use only if really needed. Normally better use isIdentityPermittedOnResourceable!

Specified by:

isIdentityInSecurityGroup in interface Manager

Returns:

true if the identity is in the group

See Also:

Manager.isIdentityInSecurityGroup(org.olat.core.id.Identity, org.olat.basesecurity.SecurityGroup)

createAndPersistSecurityGroup

public SecurityGroup createAndPersistSecurityGroup()

Description copied from interface: Manager

create only makes no sense, since there are no attibutes to set

Specified by:

createAndPersistSecurityGroup in interface Manager

Returns:

a new persisted SecurityGroup or throws an Exception

See Also:

Manager.createAndPersistSecurityGroup()

deleteSecurityGroup

public void deleteSecurityGroup(SecurityGroup secGroup)

Description copied from interface: Manager

removes the group with all the idendities contained in it, the idenities itself are of course not deleted.

Specified by:

deleteSecurityGroup in interface Manager

See Also:

Manager.deleteSecurityGroup(org.olat.basesecurity.SecurityGroup)

addIdentityToSecurityGroup

public void addIdentityToSecurityGroup(Identity identity,
                                       SecurityGroup secGroup)

Specified by:

addIdentityToSecurityGroup in interface Manager

See Also:

Manager.addIdentityToSecurityGroup(org.olat.core.id.Identity, org.olat.basesecurity.SecurityGroup)

removeIdentityFromSecurityGroup

public void removeIdentityFromSecurityGroup(Identity identity,
                                            SecurityGroup secGroup)

Description copied from interface: Manager

Removes the identity from this security group or does nothing if the identity is not in the group at all.

Specified by:

removeIdentityFromSecurityGroup in interface Manager

See Also:

Manager.removeIdentityFromSecurityGroup(org.olat.core.id.Identity, org.olat.basesecurity.SecurityGroup)

createAndPersistPolicy

public Policy createAndPersistPolicy(SecurityGroup secGroup,
                                     java.lang.String permission,
                                     OLATResourceable olatResourceable)

Description copied from interface: Manager

the olatResourceable is not required to have some persisted implementation, but the manager will use the OLATResource to persist it. If the olatResourceable used OLATResource as its persister, then the same OLATResource (same row in table) will be used by the manager use as internal reference in the Policy table

Specified by:

createAndPersistPolicy in interface Manager

Returns:

the newly created policy

See Also:

org.olat.basesecurity.Manager#createAndPersistPolicy(org.olat.basesecurity.SecurityGroup, java.lang.String, org.olat.core.id.OLATResourceable

createAndPersistPolicyWithResource

public Policy createAndPersistPolicyWithResource(SecurityGroup secGroup,
                                                 java.lang.String permission,
                                                 OLATResource olatResource)

Creates a policy and persists on the database

Specified by:

createAndPersistPolicyWithResource in interface Manager

Parameters:

secGroup -

permission -

olatResource -

Returns:

Policy

deletePolicy

public void deletePolicy(SecurityGroup secGroup,
                         java.lang.String permission,
                         OLATResourceable olatResourceable)

Specified by:

deletePolicy in interface Manager

See Also:

org.olat.basesecurity.Manager#deletePolicy(org.olat.basesecurity.SecurityGroup, java.lang.String, org.olat.core.id.OLATResourceable

createAndPersistIdentity

public Identity createAndPersistIdentity(java.lang.String username,
                                         User user,
                                         java.lang.String provider,
                                         java.lang.String authusername,
                                         java.lang.String credential)

Specified by:

createAndPersistIdentity in interface Manager

Parameters:

username - the username

user - the presisted User

authusername - the username used as authentication credential (=username for provider "OLAT")

provider - the provider of the authentication ("OLAT" or "AAI"). If null, no authentication token is generated.

credential - the credentials or null if not used

Returns:

Identity

createAndPersistIdentityAndUser

public Identity createAndPersistIdentityAndUser(java.lang.String username,
                                                User user,
                                                java.lang.String provider,
                                                java.lang.String authusername,
                                                java.lang.String credential)

Specified by:

createAndPersistIdentityAndUser in interface Manager

Parameters:

username - the username

user - the unpresisted User

authusername - the username used as authentication credential (=username for provider "OLAT")

provider - the provider of the authentication ("OLAT" or "AAI"). If null, no authentication token is generated.

credential - the credentials or null if not used

Returns:

Identity

getIdentitiesOfSecurityGroup

public java.util.List getIdentitiesOfSecurityGroup(SecurityGroup secGroup)

Description copied from interface: Manager

search

Specified by:

getIdentitiesOfSecurityGroup in interface Manager

Returns:

list of Identities

See Also:

Manager.getIdentitiesOfSecurityGroup(org.olat.basesecurity.SecurityGroup)

getIdentitiesAndDateOfSecurityGroup

public java.util.List getIdentitiesAndDateOfSecurityGroup(SecurityGroup secGroup)

Specified by:

getIdentitiesAndDateOfSecurityGroup in interface Manager

Returns:

a List of Object[] with the array[0] = Identity, array[1] = addedToGroupTimestamp

See Also:

Manager.getIdentitiesAndDateOfSecurityGroup(org.olat.basesecurity.SecurityGroup)

getIdentitiesAndDateOfSecurityGroup

public java.util.List getIdentitiesAndDateOfSecurityGroup(SecurityGroup secGroup,
                                                          boolean sortedByAddDate)

Specified by:

getIdentitiesAndDateOfSecurityGroup in interface Manager

Parameters:

sortedByAddDate - true= return list of idenities sorted by added date

See Also:

Manager.getIdentitiesAndDateOfSecurityGroup(org.olat.basesecurity.SecurityGroup)

getSecurityGroupJoinDateForIdentity

public java.util.Date getSecurityGroupJoinDateForIdentity(SecurityGroup secGroup,
                                                          Identity identity)

Description copied from interface: Manager

Get date where identity joined a security group

Specified by:

getSecurityGroupJoinDateForIdentity in interface Manager

Returns:

joindate of given securityGroup. May return null if group doesn't exist or user isn't in this group

See Also:

Manager.getSecurityGroupJoinDateForIdentity(org.olat.basesecurity.SecurityGroup, org.olat.core.id.Identity)

countIdentitiesOfSecurityGroup

public int countIdentitiesOfSecurityGroup(SecurityGroup secGroup)

Specified by:

countIdentitiesOfSecurityGroup in interface Manager

Returns:

nr of members in the securitygroup

See Also:

Manager.countIdentitiesOfSecurityGroup(org.olat.basesecurity.SecurityGroup)

createAndPersistNamedSecurityGroup

public SecurityGroup createAndPersistNamedSecurityGroup(java.lang.String groupName)

Description copied from interface: Manager

create only makes no sense, since there are no attibutes to set

Specified by:

createAndPersistNamedSecurityGroup in interface Manager

Returns:

the newly created securitygroup

See Also:

Manager.createAndPersistNamedSecurityGroup(java.lang.String)

findSecurityGroupByName

public SecurityGroup findSecurityGroupByName(java.lang.String securityGroupName)

Specified by:

findSecurityGroupByName in interface Manager

Returns:

the securitygroup

See Also:

Manager.findSecurityGroupByName(java.lang.String)

findIdentityByName

public Identity findIdentityByName(java.lang.String identityName)

Description copied from interface: Manager

Find an identity by its name. This is an exact match. Use the getIdentititesByPowerSearch() method if you also want to find substrings.

Be aware that this method does not check the identities status! This method returns identities with any state, also deleted identities!

Specified by:

findIdentityByName in interface Manager

Returns:

the identity or null if not found

See Also:

Manager.findIdentityByName(java.lang.String)

loadIdentityByKey

public Identity loadIdentityByKey(java.lang.Long identityKey)

Description copied from interface: Manager

find an identity by the key instead of the username. Prefer this method as findByName will become deprecated soon.

Specified by:

loadIdentityByKey in interface Manager

Parameters:

identityKey - the key of the identity to load; may not be null or zero

Returns:

the identity or null

See Also:

Manager.loadIdentityByKey(java.lang.Long)

loadIdentityByKey

public Identity loadIdentityByKey(java.lang.Long identityKey,
                                  boolean strict)

Description copied from interface: Manager

find an identity by the key.

Specified by:

loadIdentityByKey in interface Manager

Parameters:

identityKey - the key of the identity to load; may not be null or zero

strict - if true equivalent to @see org.olat.basesecurity.Manager#loadIdentityByKey(java.lang.Long), if false return null if not found

Returns:

the identity or null

See Also:

Manager.loadIdentityByKey(java.lang.Long)

countUniqueUserLoginsSince

public java.lang.Long countUniqueUserLoginsSince(java.util.Date lastLoginLimit)

Description copied from interface: Manager

get number of users with last login greater than lastLoginLimit

Specified by:

countUniqueUserLoginsSince in interface Manager

Returns:

See Also:

Manager.countUniqueUserLoginsSince(java.util.Date)

getAuthentications

public java.util.List<Authentication> getAuthentications(Identity identity)

Description copied from interface: Manager

Return the List of associated Authentications.

Specified by:

getAuthentications in interface Manager

Returns:

a list of Authentication

See Also:

Manager.getAuthentications(org.olat.core.id.Identity)

createAndPersistAuthentication

public Authentication createAndPersistAuthentication(Identity ident,
                                                     java.lang.String provider,
                                                     java.lang.String authUserName,
                                                     java.lang.String credential)

Specified by:

createAndPersistAuthentication in interface Manager

Returns:

an Authentication

See Also:

Manager.createAndPersistAuthentication(org.olat.core.id.Identity, java.lang.String, java.lang.String, java.lang.String)

findAuthentication

public Authentication findAuthentication(Identity identity,
                                         java.lang.String provider)

Specified by:

findAuthentication in interface Manager

Returns:

Authentication for this identitity and provider or NULL if not found

See Also:

Manager.findAuthentication(org.olat.core.id.Identity, java.lang.String)

deleteAuthentication

public void deleteAuthentication(Authentication auth)

Specified by:

deleteAuthentication in interface Manager

See Also:

Manager.deleteAuthentication(org.olat.basesecurity.Authentication)

findAuthenticationByAuthusername

public Authentication findAuthenticationByAuthusername(java.lang.String authusername,
                                                       java.lang.String provider)

Specified by:

findAuthenticationByAuthusername in interface Manager

Returns:

Authentication for this authusername and provider or NULL if not found

See Also:

Manager.findAuthenticationByAuthusername(java.lang.String, java.lang.String)

getVisibleIdentitiesByPowerSearch

public java.util.List getVisibleIdentitiesByPowerSearch(java.lang.String login,
                                                        java.util.Map<java.lang.String,java.lang.String> userproperties,
                                                        boolean userPropertiesAsIntersectionSearch,
                                                        SecurityGroup[] groups,
                                                        PermissionOnResourceable[] permissionOnResources,
                                                        java.lang.String[] authProviders,
                                                        java.util.Date createdAfter,
                                                        java.util.Date createdBefore)

Description copied from interface: Manager

Get a list of identities that match the following conditions. All parameters are additive. NULL values mean "no constraints" (e.g. all parameters NULL would result in a list with all identities of the entire system)

Specified by:

getVisibleIdentitiesByPowerSearch in interface Manager

userPropertiesAsIntersectionSearch - true: user properties and login name are combined with an AND query; false: user properties and login name are combined with an OR query

groups - Array of SecurityGroups the user participates in. Search machtches if user is in any of the groups (OR query)

permissionOnResources - Array of resource permissions the user has. Search machtches if user has any of the permissions (OR query)

authProviders - Array of authenticaton providers the user has. Search machtches if user has any of the authProviders (OR query)

createdAfter - date after which the user has been created

createdBefore - date before which the user has been created

Returns:

List of identities

See Also:

Manager.getVisibleIdentitiesByPowerSearch(java.lang.String, java.util.Map, boolean, org.olat.basesecurity.SecurityGroup[], org.olat.basesecurity.PermissionOnResourceable[], java.lang.String[], java.util.Date, java.util.Date)

getIdentitiesByPowerSearch

public java.util.List getIdentitiesByPowerSearch(java.lang.String login,
                                                 java.util.Map<java.lang.String,java.lang.String> userproperties,
                                                 boolean userPropertiesAsIntersectionSearch,
                                                 SecurityGroup[] groups,
                                                 PermissionOnResourceable[] permissionOnResources,
                                                 java.lang.String[] authProviders,
                                                 java.util.Date createdAfter,
                                                 java.util.Date createdBefore,
                                                 java.lang.Integer status)

Description copied from interface: Manager

Get a list of identities that match the following conditions. All parameters are additive. NULL values mean "no constraints" (e.g. all parameters NULL would result in a list with all identities of the entire system)

Specified by:

getIdentitiesByPowerSearch in interface Manager

userPropertiesAsIntersectionSearch - true: user properties and login name are combined with an AND query; false: user properties and login name are combined with an OR query

groups - Array of SecurityGroups the user participates in. Search machtches if user is in any of the groups (OR query)

permissionOnResources - Array of resource permissions the user has. Search machtches if user has any of the permissions (OR query)

authProviders - Array of authenticaton providers the user has. Search machtches if user has any of the authProviders (OR query)

createdAfter - date after which the user has been created

createdBefore - date before which the user has been created

status - identity status, define in interface Identity e.g. ACTIV, LOGIN_DENIED, DELETED

Returns:

List of identities

See Also:

Manager.getIdentitiesByPowerSearch(java.lang.String, java.util.Map, boolean, org.olat.basesecurity.SecurityGroup[], org.olat.basesecurity.PermissionOnResourceable[], java.lang.String[], java.util.Date, java.util.Date, java.lang.Integer)

isIdentityVisible

public boolean isIdentityVisible(java.lang.String identityName)

Description copied from interface: Manager

Check if identity is visible. Deleted or login-denied users are not visible.

Specified by:

isIdentityVisible in interface Manager

Returns:

See Also:

Manager.isIdentityVisible(java.lang.String)

saveIdentityStatus

public void saveIdentityStatus(Identity identity,
                               java.lang.Integer status)

Description copied from interface: Manager

Save an identity

Specified by:

saveIdentityStatus in interface Manager

Parameters:

identity - Save this identity

See Also:

org.olat.basesecurity.Manager#saveIdentityStatus(org.olat.core.id.Identity)

getSecurityGroupsForIdentity

public java.util.List<SecurityGroup> getSecurityGroupsForIdentity(Identity identity)

Description copied from interface: Manager

Get all SecurtityGroups an Identity is in

Specified by:

getSecurityGroupsForIdentity in interface Manager

Returns:

List with SecurityGroups

getAndUpdateAnonymousUserForLanguage

public Identity getAndUpdateAnonymousUserForLanguage(java.util.Locale locale)

Description copied from interface: Manager

Returns the anonymous identity for a given locale, normally used to log in as guest user

Specified by:

getAndUpdateAnonymousUserForLanguage in interface Manager

Returns:

The identity

See Also:

Manager.getAndUpdateAnonymousUserForLanguage(java.util.Locale)