Exemplo n.º 1
0
 /**
  * Returns TRUE if the passed principal is a member of the group.
  * This method does a recursive search, so if a principal belongs
  * to a group which is a member of this group, true is returned.
  *
  * A special check is made to see if the member is an instance of
  * AnybodyPrincipal or NobodyPrincipal since these classes do not
  * hash to meaningful values.
  *
  * @param \AppserverIo\Psr\Security\PrincipalInterface $principal The principal to query membership for
  *
  * @return boolean TRUE if the principal is a member of this group, FALSE otherwise
  */
 public function isMember(PrincipalInterface $principal)
 {
     // first see if there is a key with the member name
     $isMember = $this->members->exists($principal->getName());
     if ($isMember === false) {
         // check the AnybodyPrincipal & NobodyPrincipal special cases
         $isMember = $principal instanceof AnybodyPrincipal;
         if ($isMember === false) {
             if ($principal instanceof NobodyPrincipal) {
                 return false;
             }
         }
     }
     if ($isMember === false) {
         // check any groups for membership
         foreach ($this->members as $group) {
             if ($group instanceof GroupInterface) {
                 $isMember = $group->isMember($principal);
             }
         }
     }
     return $isMember;
 }
Exemplo n.º 2
0
 /**
  * Execute the rolesQuery against the dsJndiName to obtain the roles for the authenticated user.
  *
  * @param \AppserverIo\Lang\String                  $username   The username to load the roles for
  * @param \AppserverIo\Lang\String                  $lookupName The lookup name for the datasource
  * @param \AppserverIo\Lang\String                  $rolesQuery The query to load the roles
  * @param \AppserverIo\Psr\Spi\LoginModuleInterface $aslm       The login module to add the roles to
  *
  * @return array An array of groups containing the sets of roles
  * @throws \AppserverIo\Appserver\ServletEngine\Security\Logi\LoginException Is thrown if an error during login occured
  */
 public static function getRoleSets(string $username, string $lookupName, string $rolesQuery, LoginModuleInterface $aslm)
 {
     try {
         // initialize the map for the groups
         $setsMap = new HashMap();
         // load the application context
         $application = RequestHandler::getApplicationContext();
         /** @var \AppserverIo\Appserver\Core\Api\Node\DatabaseNode $databaseNode */
         $databaseNode = $application->getNamingDirectory()->search($lookupName)->getDatabase();
         // prepare the connection parameters and create the DBAL connection
         $connection = DriverManager::getConnection(ConnectionUtil::get($application)->fromDatabaseNode($databaseNode));
         // try to load the principal's roles from the database
         $statement = $connection->prepare($rolesQuery);
         $statement->bindParam(1, $username);
         $statement->execute();
         // query whether or not we've a password found or not
         $row = $statement->fetch(\PDO::FETCH_NUM);
         // query whether or not we've found at least one role
         if ($row == false) {
             // try load the unauthenticated identity
             if ($aslm->getUnauthenticatedIdentity() == null) {
                 throw new FailedLoginException('No matching username found in Roles');
             }
             // we're running with an unauthenticatedIdentity so create an empty roles set and return
             return array(new SimpleGroup(Util::DEFAULT_GROUP_NAME));
         }
         do {
             // load the found name and initialize the group name with a default value
             $name = $row[0];
             $groupName = Util::DEFAULT_GROUP_NAME;
             // query whether or not we've to initialize a default group
             if (isset($row[1])) {
                 $groupName = $row[1];
             }
             // query whether or not the group already exists in the set
             if ($setsMap->exists($groupName) === false) {
                 $group = new SimpleGroup(new String($groupName));
                 $setsMap->add($groupName, $group);
             } else {
                 $group = $setsMap->get($groupName);
             }
             try {
                 // add the user to the group
                 $group->addMember($aslm->createIdentity(new String($name)));
                 // log a message
                 $application->getNamingDirectory()->search(NamingDirectoryKeys::SYSTEM_LOGGER)->debug(sprintf('Assign user to role: %s', $name));
             } catch (\Exception $e) {
                 $application->getNamingDirectory()->search(NamingDirectoryKeys::SYSTEM_LOGGER)->error(sprintf('Failed to create principal: %s', $name));
             }
             // load one group after another
         } while ($row = $statement->fetch(\PDO::FETCH_OBJ));
     } catch (NamingException $ne) {
         throw new LoginException($ne->__toString());
     } catch (\PDOException $pdoe) {
         throw new LoginException($pdoe->__toString());
     }
     // close the prepared statement
     if ($statement != null) {
         try {
             $statement->closeCursor();
         } catch (\Exception $e) {
             $application->getNamingDirectory()->search(NamingDirectoryKeys::SYSTEM_LOGGER)->error($e->__toString());
         }
     }
     // close the DBAL connection
     if ($connection != null) {
         try {
             $connection->close();
         } catch (\Exception $e) {
             $application->getNamingDirectory()->search(NamingDirectoryKeys::SYSTEM_LOGGER)->error($e->__toString());
         }
     }
     // return the prepared groups
     return $setsMap->toArray();
 }
Exemplo n.º 3
0
 /**
  * Searches for the property with the specified key in this property list.
  *
  * @param string $key     Holds the key of the value to return
  * @param string $section Holds a string with the section name to return the key for (only matters if sections is set to TRUE)
  *
  * @return string Holds the value of the passed key
  * @throws \AppserverIo\Lang\NullPointerException Is thrown if the passed key, or, if sections are TRUE, the passed section is NULL
  */
 public function getProperty($key, $section = null)
 {
     // initialize the property value
     $property = null;
     // check if the sections are included
     if ($this->sections) {
         // if the passed section OR the passed key is NULL throw an exception
         if ($section == null) {
             throw new NullPointerException('Passed section is null');
         }
         if ($key == null) {
             throw new NullPointerException('Passed key is null');
         }
         // if the section exists ...
         if ($this->exists($section)) {
             // get all entries of the section
             $entries = new HashMap($this->get($section));
             if ($entries->exists($key)) {
                 // if yes set it
                 $property = $entries->get($key);
             }
         }
     } else {
         // if the passed key is NULL throw an exception
         if ($key == null) {
             throw new NullPointerException('Passed key is null');
         }
         // check if the property exists in the internal list
         if ($this->exists($key)) {
             // if yes set it
             $property = $this->get($key);
         }
     }
     // return the property or null
     return $property;
 }