Newer
Older
{
log.error("Unexpected exception", bug);
throw new RuntimeException(bug);
}
/**
* Check group membership of the current Subject.
*
* @param groupName
* @return
* @throws UserNotFoundException
* @throws AccessControlException
* @throws IOException
*/
public boolean isMember(String groupName)
throws UserNotFoundException, AccessControlException, IOException
{
return isMember(getCurrentUserID(), groupName, Role.MEMBER);
}
/**
* Check if userID is a member of groupName.
*
* This is equivalent to isMember(userID, groupName, Role.MEMBER)
*
* @param userID Identifies the user.
* @param groupName Identifies the group.
* @return True if the user is a member of the group
* @throws UserNotFoundException If the user does not exist.
* @throws AccessControlException If not allowed to peform the search.
* @throws IllegalArgumentException If a parameter is null.
* @throws IOException If an unknown error occured.
*/
public boolean isMember(Principal userID, String groupName)
throws UserNotFoundException, AccessControlException, IOException
{
return isMember(userID, groupName, Role.MEMBER);
}
/**
* Check if userID is a member (of type role) of groupName.
*
* @param userID Identifies the user.
* @param groupName Identifies the group.
* @param role The type of membership.
* @return True if the user is a member of the group
* @throws UserNotFoundException If the user does not exist.
* @throws AccessControlException If not allowed to peform the search.
* @throws IllegalArgumentException If a parameter is null.
* @throws IOException If an unknown error occured.
*/
public boolean isMember(Principal userID, String groupName, Role role)
throws UserNotFoundException, AccessControlException, IOException
{
Group group = getMembership(userID, groupName, role);
return group != null;
}
/**
* @param sslSocketFactory the sslSocketFactory to set
*/
public void setSSLSocketFactory(SSLSocketFactory sslSocketFactory)
{
Patrick Dowler
committed
if (mySocketFactory != null)
throw new IllegalStateException("Illegal use of GMSClient: "
+ "cannot set SSLSocketFactory after using one created from Subject");
Patrick Dowler
committed
private int subjectHashCode = 0;
private SSLSocketFactory getSSLSocketFactory()
{
Patrick Dowler
committed
AccessControlContext ac = AccessController.getContext();
Subject s = Subject.getSubject(ac);
// no real Subject: can only use the one from setSSLSocketFactory
if (s == null || s.getPrincipals().isEmpty())
{
return sslSocketFactory;
}
// lazy init
if (this.mySocketFactory == null)
{
log.debug("getSSLSocketFactory: " + s);
this.mySocketFactory = SSLUtil.getSocketFactory(s);
this.subjectHashCode = s.hashCode();
}
else
Patrick Dowler
committed
int c = s.hashCode();
if (c != subjectHashCode)
throw new IllegalStateException("Illegal use of "
+ this.getClass().getSimpleName()
+ ": subject change not supported for internal SSLSocketFactory");
Patrick Dowler
committed
return this.mySocketFactory;
protected void clearCache()
{
AccessControlContext acContext = AccessController.getContext();
Subject subject = Subject.getSubject(acContext);
if (subject != null)
{
Patrick Dowler
committed
subject.getPrivateCredentials().remove(new GroupMemberships());
Patrick Dowler
committed
protected GroupMemberships getGroupCache(Principal userID)
{
AccessControlContext acContext = AccessController.getContext();
Subject subject = Subject.getSubject(acContext);
// only consult cache if the userID is of the calling subject
if (userIsSubject(userID, subject))
Patrick Dowler
committed
Set<GroupMemberships> gset = subject.getPrivateCredentials(GroupMemberships.class);
if (gset == null || gset.isEmpty())
Patrick Dowler
committed
GroupMemberships mems = new GroupMemberships();
subject.getPrivateCredentials().add(mems);
return mems;
Patrick Dowler
committed
GroupMemberships mems = gset.iterator().next();
return mems;
Patrick Dowler
committed
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
return null; // no cache
}
protected Group getCachedGroup(Principal userID, String groupID, Role role)
{
List<Group> groups = getCachedGroups(userID, role, false);
if (groups == null)
return null; // no cache
for (Group g : groups)
{
if (g.getID().equals(groupID))
return g;
}
return null;
}
protected List<Group> getCachedGroups(Principal userID, Role role, boolean complete)
{
GroupMemberships mems = getGroupCache(userID);
if (mems == null)
return null; // no cache
Boolean cacheState = mems.complete.get(role);
if (!complete || Boolean.TRUE.equals(cacheState))
return mems.memberships.get(role);
// caller wanted complete and we don't have that
Patrick Dowler
committed
protected void addCachedGroup(Principal userID, Group group, Role role)
{
GroupMemberships mems = getGroupCache(userID);
if (mems == null)
return; // no cache
List<Group> groups = mems.memberships.get(role);
if (groups == null)
{
groups = new ArrayList<Group>();
mems.complete.put(role, Boolean.FALSE);
mems.memberships.put(role, groups);
}
if (!groups.contains(group))
groups.add(group);
}
protected void setCachedGroups(Principal userID, List<Group> groups, Role role)
Patrick Dowler
committed
GroupMemberships mems = getGroupCache(userID);
if (mems == null)
return; // no cache
Patrick Dowler
committed
log.debug("Caching groups for " + userID + ", role " + role);
List<Group> cur = mems.memberships.get(role);
if (cur == null)
Patrick Dowler
committed
cur = new ArrayList<Group>();
mems.complete.put(role, Boolean.FALSE);
mems.memberships.put(role, cur);
}
for (Group group : groups)
{
if (!cur.contains(group))
cur.add(group);
mems.complete.put(role, Boolean.TRUE);
}
}
protected boolean userIsSubject(Principal userID, Subject subject)
{
if (userID == null || subject == null)
{
return false;
}
for (Principal subjectPrincipal : subject.getPrincipals())
Patrick Dowler
committed
if (AuthenticationUtil.equals(subjectPrincipal, userID))
Patrick Dowler
committed
* Class used to hold list of groups in which a user is known to be a member.
Patrick Dowler
committed
protected class GroupMemberships implements Comparable
Map<Role, List<Group>> memberships = new HashMap<Role, List<Group>>();
Patrick Dowler
committed
Map<Role, Boolean> complete = new HashMap<Role, Boolean>();
Patrick Dowler
committed
// only allow one in a set - makes clearCache simple too
public boolean equals(Object rhs)
{
if (rhs != null && rhs instanceof GroupMemberships)
return true;
return false;
}
public int compareTo(Object t)
{
if (this.equals(t))
return 0;
return -1; // wonder if this is sketchy
}