| 1 | /* |
| 2 | |
| 3 | Derby - Class org.apache.derby.database.UserUtility |
| 4 | |
| 5 | Copyright 1999, 2004 The Apache Software Foundation or its licensors, as applicable. |
| 6 | |
| 7 | Licensed under the Apache License, Version 2.0 (the "License"); |
| 8 | you may not use this file except in compliance with the License. |
| 9 | You may obtain a copy of the License at |
| 10 | |
| 11 | http://www.apache.org/licenses/LICENSE-2.0 |
| 12 | |
| 13 | Unless required by applicable law or agreed to in writing, software |
| 14 | distributed under the License is distributed on an "AS IS" BASIS, |
| 15 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 16 | See the License for the specific language governing permissions and |
| 17 | limitations under the License. |
| 18 | |
| 19 | */ |
| 20 | |
| 21 | package org.apache.derby.database; |
| 22 | import org.apache.derby.iapi.db.PropertyInfo; |
| 23 | import org.apache.derby.iapi.store.access.TransactionController; |
| 24 | import org.apache.derby.iapi.util.IdUtil; |
| 25 | import org.apache.derby.iapi.error.StandardException; |
| 26 | import org.apache.derby.iapi.sql.conn.LanguageConnectionContext; |
| 27 | import org.apache.derby.iapi.sql.conn.ConnectionUtil; |
| 28 | import org.apache.derby.iapi.reference.SQLState; |
| 29 | import org.apache.derby.iapi.reference.Property; |
| 30 | |
| 31 | import java.sql.SQLException; |
| 32 | import org.apache.derby.iapi.error.PublicAPI; |
| 33 | |
| 34 | /** |
| 35 | This utility class provides static methods for managing user authorization in a Cloudscape database. |
| 36 | |
| 37 | <p>This class can only be used within an SQL-J statement, a Java procedure or a server side Java method. |
| 38 | <p>This class can be accessed using the class alias <code> USERUTILITY </code> in SQL-J statements. |
| 39 | */ |
| 40 | public abstract class UserUtility |
| 41 | { |
| 42 | /** Enumeration value for read access permission ("READ_ACCESS_PERMISSION"). */ |
| 43 | public final static String READ_ACCESS_PERMISSION = "READ_ACCESS_PERMISSION"; |
| 44 | /** Enumeration value for full access permission ("FULL_ACCESS_PERMISSION"). */ |
| 45 | public final static String FULL_ACCESS_PERMISSION = "FULL_ACCESS_PERMISSION"; |
| 46 | |
| 47 | /** Prevent users from creating UserUtility Objects. */ |
| 48 | private UserUtility() {} |
| 49 | |
| 50 | /** |
| 51 | Add a user's authorization permission to the database. |
| 52 | |
| 53 | <P> |
| 54 | Only users with FULL_ACCESS_PERMISSION may use this. |
| 55 | |
| 56 | @param userName the user's name. A valid possibly delimited |
| 57 | SQL identifier. |
| 58 | @param permission READ_ACCESS_PERMISSION or FULL_ACCESS_PERMISSION. |
| 59 | @exception SQLException thrown if this fails. |
| 60 | */ |
| 61 | public static final void add(String userName, String permission) |
| 62 | throws SQLException |
| 63 | { |
| 64 | String pv; |
| 65 | TransactionController tc = ConnectionUtil.getCurrentLCC().getTransactionExecute(); |
| 66 | try { |
| 67 | normalizeIdParam("userName",userName); //Validate |
| 68 | if (permission==null) |
| 69 | throw StandardException.newException(SQLState.UU_INVALID_PARAMETER, "permission","null"); |
| 70 | if (permission.equals(READ_ACCESS_PERMISSION)) |
| 71 | { |
| 72 | pv = (String)tc.getProperty(Property.READ_ONLY_ACCESS_USERS_PROPERTY); |
| 73 | pv = IdUtil.appendId(userName,pv); |
| 74 | PropertyInfo.setDatabaseProperty(Property.READ_ONLY_ACCESS_USERS_PROPERTY,pv); |
| 75 | } |
| 76 | else if (permission.equals(FULL_ACCESS_PERMISSION)) |
| 77 | { |
| 78 | pv = (String)tc.getProperty(Property.FULL_ACCESS_USERS_PROPERTY); |
| 79 | pv = IdUtil.appendId(userName,pv); |
| 80 | PropertyInfo.setDatabaseProperty(Property.FULL_ACCESS_USERS_PROPERTY,pv); |
| 81 | } |
| 82 | else |
| 83 | throw StandardException.newException(SQLState.UU_UNKNOWN_PERMISSION, permission); |
| 84 | } catch (StandardException se) { |
| 85 | throw PublicAPI.wrapStandardException(se); |
| 86 | } |
| 87 | } |
| 88 | |
| 89 | /** |
| 90 | Set the authorization permission for a user in the database. |
| 91 | |
| 92 | <P> |
| 93 | Only users with FULL_ACCESS_PERMISSION may use this. |
| 94 | |
| 95 | @param userName the user's name. A valid possibly delimited |
| 96 | SQL identifier. |
| 97 | @param permission READ_ACCESS_PERMISSION or FULL_ACCESS_PERMISSION. |
| 98 | @exception SQLException thrown if this fails. |
| 99 | */ |
| 100 | public static final void set(String userName, String permission) |
| 101 | throws SQLException |
| 102 | { |
| 103 | drop(userName); |
| 104 | add(userName,permission); |
| 105 | } |
| 106 | |
| 107 | /** |
| 108 | Drop a user's authorization permission from the database. |
| 109 | |
| 110 | <P> |
| 111 | Only users with FULL_ACCESS_PERMISSION may use this. |
| 112 | |
| 113 | @param userName the user's name. A valid possibly delimited |
| 114 | SQL identifier. |
| 115 | |
| 116 | @exception SQLException thrown if this fails or the user |
| 117 | being dropped does not exist. |
| 118 | */ |
| 119 | public static final void drop(String userName) throws |
| 120 | SQLException |
| 121 | { |
| 122 | TransactionController tc = ConnectionUtil.getCurrentLCC().getTransactionExecute(); |
| 123 | |
| 124 | try { |
| 125 | String userId = normalizeIdParam("userName",userName); |
| 126 | |
| 127 | String access = getPermission(userName); |
| 128 | if (access != null && access.equals(READ_ACCESS_PERMISSION)) |
| 129 | { |
| 130 | String pv = (String)tc.getProperty(Property.READ_ONLY_ACCESS_USERS_PROPERTY); |
| 131 | String newList = IdUtil.deleteId(userId,pv); |
| 132 | PropertyInfo.setDatabaseProperty(Property.READ_ONLY_ACCESS_USERS_PROPERTY,newList); |
| 133 | } |
| 134 | else if (access != null && access.equals(FULL_ACCESS_PERMISSION)) |
| 135 | { |
| 136 | String pv = (String)tc.getProperty(Property.FULL_ACCESS_USERS_PROPERTY); |
| 137 | String newList = IdUtil.deleteId(userId,pv); |
| 138 | PropertyInfo.setDatabaseProperty(Property.FULL_ACCESS_USERS_PROPERTY,newList); |
| 139 | } |
| 140 | else |
| 141 | { |
| 142 | throw StandardException.newException(SQLState.UU_UNKNOWN_USER, userName); |
| 143 | } |
| 144 | } catch (StandardException se) { |
| 145 | throw PublicAPI.wrapStandardException(se); |
| 146 | } |
| 147 | } |
| 148 | |
| 149 | /** |
| 150 | Return a user's authorization permission in a database. |
| 151 | |
| 152 | <P> |
| 153 | Users with FULL_ACCESS_PERMISSION or READ_ACCESS_PERMISSION |
| 154 | may use this. |
| 155 | |
| 156 | @param userName the user's name. A valid possibly delimited |
| 157 | SQL identifier. |
| 158 | @return FULL_ACCESS_PERMISSION if the user is in "derby.database.fullAccessUsers", |
| 159 | READ_ACCESS_PERMISSION if the user is in "derby.database.readOnlyAccessUsers", |
| 160 | or null if the user is not in either list. |
| 161 | @exception SQLException thrown if this fails. |
| 162 | */ |
| 163 | public static final String getPermission(String userName) |
| 164 | throws SQLException |
| 165 | { |
| 166 | TransactionController tc = ConnectionUtil.getCurrentLCC().getTransactionExecute(); |
| 167 | |
| 168 | try { |
| 169 | |
| 170 | String pv = (String) |
| 171 | tc.getProperty(Property.READ_ONLY_ACCESS_USERS_PROPERTY); |
| 172 | String userId = normalizeIdParam("userName",userName); |
| 173 | if (IdUtil.idOnList(userId,pv)) return READ_ACCESS_PERMISSION; |
| 174 | pv = (String)tc.getProperty(Property.FULL_ACCESS_USERS_PROPERTY); |
| 175 | if (IdUtil.idOnList(userId,pv)) return FULL_ACCESS_PERMISSION; |
| 176 | return null; |
| 177 | } catch (StandardException se) { |
| 178 | throw PublicAPI.wrapStandardException(se); |
| 179 | } |
| 180 | } |
| 181 | |
| 182 | private static String normalizeIdParam(String pName, String pValue) |
| 183 | throws StandardException |
| 184 | { |
| 185 | if (pValue==null) |
| 186 | throw StandardException.newException(SQLState.UU_INVALID_PARAMETER, pName,"null"); |
| 187 | |
| 188 | try { |
| 189 | return IdUtil.parseId(pValue); |
| 190 | } |
| 191 | catch (StandardException se) { |
| 192 | throw StandardException.newException(SQLState.UU_INVALID_PARAMETER, se, pName,pValue); |
| 193 | } |
| 194 | } |
| 195 | } |