View Javadoc
1 /* 2 * $Header: /cvsroot/ebxmlrr/ebxmlrr/src/share/com/sun/ebxml/registry/security/authentication/UserRegistrar.java,v 1.7 2003/06/17 14:14:10 farrukh_najmi Exp $ 3 * 4 * ==================================================================== 5 * 6 * This code is subject to the freebxml License, Version 1.1 7 * 8 * Copyright (c) 2003 freebxml.org. All rights reserved. 9 * 10 * ==================================================================== 11 */ 12 13 package com.sun.ebxml.registry.security.authentication; 14 15 import org.oasis.ebxml.registry.bindings.rim.User; 16 17 18 /*** 19 * Registers new users with the registry. Registration involves saving the public 20 * key certificate for the user in server KeyStore and storing their User object 21 * In registry. 22 * 23 * @author <a href="mailto:Farrukh.Najmi@Sun.COM">Farrukh S. Najmi</a> 24 */ 25 public class UserRegistrar { 26 27 public static final String ASSOC_TYPE_HAS_CERTIFICATE = "ebxmlrr_HasCertificate"; 28 private org.apache.commons.logging.Log log = org.apache.commons.logging.LogFactory.getLog(this.getClass()); 29 30 protected UserRegistrar() { 31 } 32 33 /*** 34 * It will try to register the user if the certificate in a signed SubmitObjectsRequest 35 * is not yet in the keystore. The SubmitObjectsRequest must contain a single 36 * User object and its id must be a valid UUID and equal to the alias parameter, 37 * which should be extracted from the KeyInfo of XML signature element. 38 * @return the User object of the newly registered user 39 * @throws UserRegistrationException if SubmitObjectsRequest has more than 40 * one User object, or its alias is not equal to the id of the unique User object, 41 * or the id is not a valid UUID. 42 */ 43 public User registerUser(org.apache.xml.security.signature.XMLSignature headerSignature, org.oasis.ebxml.registry.bindings.rs.SubmitObjectsRequest req) throws com.sun.ebxml.registry.RegistryException { 44 45 User user = null; 46 47 AuthenticationServiceImpl ac = AuthenticationServiceImpl.getInstance(); 48 49 //Get all User objects 50 org.oasis.ebxml.registry.bindings.rim.LeafRegistryObjectList objs = req.getLeafRegistryObjectList(); 51 java.util.ArrayList al = com.sun.ebxml.registry.util.BindingUtility.getInstance().getRegistryObjectList(objs); 52 53 java.util.ArrayList users = new java.util.ArrayList(); 54 java.util.Iterator objIter = al.iterator(); 55 while (objIter.hasNext()) { 56 org.oasis.ebxml.registry.bindings.rim.RegistryObjectType obj = (org.oasis.ebxml.registry.bindings.rim.RegistryObjectType)objIter.next(); 57 58 if (obj instanceof User) { 59 User _user = (User)obj; 60 // check to see if a user ACL file exists, and 61 // if it does, check to see if the user is in 62 // the list 63 boolean isInACLFile = isUserInACLFile(_user); 64 StringBuffer sb = new StringBuffer("User "); 65 sb.append(_user.getPersonName().getFirstName()); 66 sb.append(" "); 67 sb.append(_user.getPersonName().getLastName()); 68 if (isInACLFile) { 69 log.info(sb.toString() +" is authorized "+ 70 " to self-register"); 71 } else { 72 sb.append(" is not authorized to "); 73 sb.append("self-register. Please contact "); 74 sb.append("registry support."); 75 log.warn(sb.toString()); 76 throw new com.sun.ebxml.registry.security.UserRegistrationException( 77 sb.toString()); 78 } 79 String userId = _user.getId(); 80 users.add(_user); 81 } 82 } 83 84 if (users.size() == 0) { 85 throw new com.sun.ebxml.registry.security.UnregisteredUserException(headerSignature); 86 } 87 88 if (!((users.size() == 1) && ((users.get(0)) instanceof User))) { 89 // throw new UnregisteredUserException(headerSignature); 90 throw new com.sun.ebxml.registry.security.UserRegistrationException("User registration fails. The SubmitObjectsRequest must have exactly one User object"); 91 } 92 93 user = (User)users.get(0); 94 String userId = user.getId(); 95 96 //System.err.println("UserId: " + userId); 97 98 if (!(com.sun.ebxml.registry.lcm.LifeCycleManagerImpl.getInstance().isValidRegistryId(userId))) { 99 throw new com.sun.ebxml.registry.security.UserRegistrationException("User registration fails. The User must have a valid UUID"); 100 } 101 102 System.err.println("Registering new user with id: " + userId); 103 104 ac.registerUserCertificate(userId, headerSignature); 105 106 System.err.println("User " + userId + " registered" ); 107 108 return user; 109 } 110 111 /* 112 * This method is used to determine if a user is allowed to 113 * self-register. If the ebxmlrr.security.selfRegistration.acl 114 * property does not exist or the value is an empty string, anyone 115 * can self-register. In this case, the method returns 'true'. 116 * If this property exists, it contains a comma-delimited list of users 117 * that are authorized to self-register. For example: 118 * ebxmlrr.security.selfRegistration.acl=Jane Doe, Srinivas Patel 119 * The list is parsed into tokens (e.g., "Jane Doe") 120 * This method will check to see if both firstName and lastName from the 121 * User object appear in one of the tokens. The firstName must also 122 * appear in the token before the lastName. 123 * If it does appear, this method returns 'true'. Otherwise 'false'. 124 */ 125 private boolean isUserInACLFile(User user) 126 throws IllegalArgumentException { 127 boolean isInACLFile = false; 128 if (user == null) { 129 throw new IllegalArgumentException("The user reference passed "+ 130 "to this method is null"); 131 } 132 com.sun.ebxml.registry.util.RegistryProperties rp = com.sun.ebxml.registry.util.RegistryProperties.getInstance(); 133 // The reason we reload the properties is that Registry Admins 134 // will be updating the ACL list more often than the ebxmlrr is 135 // recycled. Reloading the properties makes the latest edits 136 // available to this class. 137 rp.reloadProperties(); 138 String aclList = 139 rp.getProperty("ebxmlrr.security.selfRegistration.acl"); 140 // If property does not exist, or the property value is "", allow 141 // all self-registrations. This is the default setting 142 if (aclList == null || aclList.length() == 0) { 143 return true; 144 } 145 org.oasis.ebxml.registry.bindings.rim.PersonName pName = user.getPersonName(); 146 String firstName = pName.getFirstName(); 147 String lastName = pName.getLastName(); 148 java.util.StringTokenizer st = new java.util.StringTokenizer(aclList, ","); 149 while (st.hasMoreTokens()) { 150 String token = st.nextToken(); 151 int firstNameIndex = token.indexOf(firstName); 152 int lastNameIndex = token.indexOf(lastName); 153 if (firstNameIndex != -1 && lastNameIndex != -1 && 154 firstNameIndex < lastNameIndex) { 155 isInACLFile = true; 156 break; 157 } 158 } 159 return isInACLFile; 160 } 161 162 public static void main(String[] args) throws Exception { 163 UserRegistrar service = UserRegistrar.getInstance(); 164 } 165 166 167 public static UserRegistrar getInstance() { 168 if (instance == null) { 169 synchronized(com.sun.ebxml.registry.security.authentication.UserRegistrar.class) { 170 if (instance == null) { 171 instance = new com.sun.ebxml.registry.security.authentication.UserRegistrar(); 172 } 173 } 174 } 175 return instance; 176 } 177 178 /*** 179 * @link 180 * @shapeType PatternLink 181 * @pattern Singleton 182 * @supplierRole Singleton factory 183 */ 184 /*# private UserRegistrar _authenticationServiceImpl; */ 185 private static UserRegistrar instance = null; 186 }

This page was automatically generated by Maven