/**
* Returns TRUE if the passed principal is a member of the group.
* This method does a recursive search, so if a principal belongs
* to a group which is a member of this group, true is returned.
*
* A special check is made to see if the member is an instance of
* AnybodyPrincipal or NobodyPrincipal since these classes do not
* hash to meaningful values.
*
* @param \AppserverIo\Psr\Security\PrincipalInterface $principal The principal to query membership for
*
* @return boolean TRUE if the principal is a member of this group, FALSE otherwise
*/
public function isMember(PrincipalInterface $principal)
{
// first see if there is a key with the member name
$isMember = $this->members->exists($principal->getName());
if ($isMember === false) {
// check the AnybodyPrincipal & NobodyPrincipal special cases
$isMember = $principal instanceof AnybodyPrincipal;
if ($isMember === false) {
if ($principal instanceof NobodyPrincipal) {
return false;
}
}
}
if ($isMember === false) {
// check any groups for membership
foreach ($this->members as $group) {
if ($group instanceof GroupInterface) {
$isMember = $group->isMember($principal);
}
}
}
return $isMember;
}
/**
* Execute the rolesQuery against the dsJndiName to obtain the roles for the authenticated user.
*
* @param \AppserverIo\Lang\String $username The username to load the roles for
* @param \AppserverIo\Lang\String $lookupName The lookup name for the datasource
* @param \AppserverIo\Lang\String $rolesQuery The query to load the roles
* @param \AppserverIo\Psr\Spi\LoginModuleInterface $aslm The login module to add the roles to
*
* @return array An array of groups containing the sets of roles
* @throws \AppserverIo\Appserver\ServletEngine\Security\Logi\LoginException Is thrown if an error during login occured
*/
public static function getRoleSets(string $username, string $lookupName, string $rolesQuery, LoginModuleInterface $aslm)
{
try {
// initialize the map for the groups
$setsMap = new HashMap();
// load the application context
$application = RequestHandler::getApplicationContext();
/** @var \AppserverIo\Appserver\Core\Api\Node\DatabaseNode $databaseNode */
$databaseNode = $application->getNamingDirectory()->search($lookupName)->getDatabase();
// prepare the connection parameters and create the DBAL connection
$connection = DriverManager::getConnection(ConnectionUtil::get($application)->fromDatabaseNode($databaseNode));
// try to load the principal's roles from the database
$statement = $connection->prepare($rolesQuery);
$statement->bindParam(1, $username);
$statement->execute();
// query whether or not we've a password found or not
$row = $statement->fetch(\PDO::FETCH_NUM);
// query whether or not we've found at least one role
if ($row == false) {
// try load the unauthenticated identity
if ($aslm->getUnauthenticatedIdentity() == null) {
throw new FailedLoginException('No matching username found in Roles');
}
// we're running with an unauthenticatedIdentity so create an empty roles set and return
return array(new SimpleGroup(Util::DEFAULT_GROUP_NAME));
}
do {
// load the found name and initialize the group name with a default value
$name = $row[0];
$groupName = Util::DEFAULT_GROUP_NAME;
// query whether or not we've to initialize a default group
if (isset($row[1])) {
$groupName = $row[1];
}
// query whether or not the group already exists in the set
if ($setsMap->exists($groupName) === false) {
$group = new SimpleGroup(new String($groupName));
$setsMap->add($groupName, $group);
} else {
$group = $setsMap->get($groupName);
}
try {
// add the user to the group
$group->addMember($aslm->createIdentity(new String($name)));
// log a message
$application->getNamingDirectory()->search(NamingDirectoryKeys::SYSTEM_LOGGER)->debug(sprintf('Assign user to role: %s', $name));
} catch (\Exception $e) {
$application->getNamingDirectory()->search(NamingDirectoryKeys::SYSTEM_LOGGER)->error(sprintf('Failed to create principal: %s', $name));
}
// load one group after another
} while ($row = $statement->fetch(\PDO::FETCH_OBJ));
} catch (NamingException $ne) {
throw new LoginException($ne->__toString());
} catch (\PDOException $pdoe) {
throw new LoginException($pdoe->__toString());
}
// close the prepared statement
if ($statement != null) {
try {
$statement->closeCursor();
} catch (\Exception $e) {
$application->getNamingDirectory()->search(NamingDirectoryKeys::SYSTEM_LOGGER)->error($e->__toString());
}
}
// close the DBAL connection
if ($connection != null) {
try {
$connection->close();
} catch (\Exception $e) {
$application->getNamingDirectory()->search(NamingDirectoryKeys::SYSTEM_LOGGER)->error($e->__toString());
}
}
// return the prepared groups
return $setsMap->toArray();
}
/**
* Searches for the property with the specified key in this property list.
*
* @param string $key Holds the key of the value to return
* @param string $section Holds a string with the section name to return the key for (only matters if sections is set to TRUE)
*
* @return string Holds the value of the passed key
* @throws \AppserverIo\Lang\NullPointerException Is thrown if the passed key, or, if sections are TRUE, the passed section is NULL
*/
public function getProperty($key, $section = null)
{
// initialize the property value
$property = null;
// check if the sections are included
if ($this->sections) {
// if the passed section OR the passed key is NULL throw an exception
if ($section == null) {
throw new NullPointerException('Passed section is null');
}
if ($key == null) {
throw new NullPointerException('Passed key is null');
}
// if the section exists ...
if ($this->exists($section)) {
// get all entries of the section
$entries = new HashMap($this->get($section));
if ($entries->exists($key)) {
// if yes set it
$property = $entries->get($key);
}
}
} else {
// if the passed key is NULL throw an exception
if ($key == null) {
throw new NullPointerException('Passed key is null');
}
// check if the property exists in the internal list
if ($this->exists($key)) {
// if yes set it
$property = $this->get($key);
}
}
// return the property or null
return $property;
}