/*
* Copyright (C) 2005-2007 Alfresco Software Limited.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* As a special exception to the terms and conditions of version 2.0 of
* the GPL, you may redistribute this Program in connection with Free/Libre
* and Open Source Software ("FLOSS") applications as described in Alfresco's
* FLOSS exception. You should have recieved a copy of the text describing
* the FLOSS exception, and it is also available here:
* http://www.alfresco.com/legal/licensing"
*/
package org.alfresco.repo.security.authentication;
import java.util.Date;
import net.sf.acegisecurity.UserDetails;
import net.sf.acegisecurity.providers.dao.UsernameNotFoundException;
import org.alfresco.error.AlfrescoRuntimeException;
import org.springframework.dao.DataAccessException;
/**
* An authority DAO that has no implementation.
*
* By default it will throw an exception if any method is called.
*
* Any of the getter/setter methods can be enabled with a no action implementation.
*
* This can support deleting users via the UI for LDAP and NTLM. The Alfresco person object is deleted from the UI.
* The call to delete the user will return with no action.
*
* The following methods will always fail.
*
* getMD4HashedPassword(String userName)
* loadUserByUsername(String arg0)
* getSalt(UserDetails user)
*
* @author Andy Hind
*/
public class DefaultMutableAuthenticationDao implements MutableAuthenticationDao
{
private boolean allowCreateUser = false;
private boolean allowUpdateUser = false;
private boolean allowDeleteUser = false;
private boolean allowSetEnabled = false;
private boolean allowGetEnabled = false;
private boolean allowSetAccountExpires = false;
private boolean allowGetAccountHasExpired = false;
private boolean allowSetCredentialsExpire = false;
private boolean allowGetCredentialsExpire = false;
private boolean allowGetCredentialsHaveExpired = false;
private boolean allowSetAccountLocked = false;
private boolean allowGetAccountLocked = false;
private boolean allowSetAccountExpiryDate = false;
private boolean allowGetAccountExpiryDate = false;
private boolean allowSetCredentialsExpiryDate = false;
private boolean allowGetCredentialsExpiryDate = false;
/**
* Create a user with the given userName and password
*
* If enabled does nothing.
*
* @param userName
* @param rawPassword
* @throws AuthenticationException
*/
public void createUser(String userName, char[] rawPassword) throws AuthenticationException
{
if (!allowCreateUser)
{
throw new AlfrescoRuntimeException("Create User is not supported");
}
}
/**
* Update a user's password.
*
* If enabled does nothing.
*
* @param userName
* @param rawPassword
* @throws AuthenticationException
*/
public void updateUser(String userName, char[] rawPassword) throws AuthenticationException
{
if (!allowUpdateUser)
{
throw new AlfrescoRuntimeException("Update user is not supported");
}
}
/**
* Delete a user.
*
* If enabled does nothing.
*
* @param userName
* @throws AuthenticationException
*/
public void deleteUser(String userName) throws AuthenticationException
{
if (!allowDeleteUser)
{
throw new AlfrescoRuntimeException("Delete user is not supported");
}
}
/**
* Check is a user exists.
*
* If enabled returns true.
*
* @param userName
* @return
*/
public boolean userExists(String userName)
{
// All users may exist
return true;
}
/**
* Enable/disable a user.
*
* If enabled does nothing.
*
* @param userName
* @param enabled
*/
public void setEnabled(String userName, boolean enabled)
{
if (!allowSetEnabled)
{
throw new AlfrescoRuntimeException("Set enabled is not supported");
}
}
/**
* Getter for user enabled
*
* If enabled returns true.
*
* @param userName
* @return
*/
public boolean getEnabled(String userName)
{
if (!allowGetEnabled)
{
throw new AlfrescoRuntimeException("Get enabled is not supported");
}
return true;
}
/**
* Set if the account should expire
*
* If enabled does nothing.
*
* @param userName
* @param expires
*/
public void setAccountExpires(String userName, boolean expires)
{
if (!allowSetAccountExpires)
{
throw new AlfrescoRuntimeException("Set account expires is not supported");
}
}
/**
* Does the account expire?
*
* If enabled returns false.
*
* @param userName
* @return
*/
public boolean getAccountExpires(String userName)
{
if (!allowSetAccountExpires)
{
throw new AlfrescoRuntimeException("Get account expires is not supported");
}
return false;
}
/**
* Has the account expired?
*
* If enabled returns false.
*
* @param userName
* @return
*/
public boolean getAccountHasExpired(String userName)
{
if (!allowGetAccountHasExpired)
{
throw new AlfrescoRuntimeException("Get account has expired is not supported");
}
return false;
}
/**
* Set if the password expires.
*
* If enabled does nothing.
*
* @param userName
* @param expires
*/
public void setCredentialsExpire(String userName, boolean expires)
{
if (!allowSetCredentialsExpire)
{
throw new AlfrescoRuntimeException("Set credentials expire is not supported");
}
}
/**
* Do the credentials for the user expire?
*
* If enabled returns false.
*
* @param userName
* @return
*/
public boolean getCredentialsExpire(String userName)
{
if (!allowGetCredentialsExpire)
{
throw new AlfrescoRuntimeException("Get credentials expire is not supported");
}
return false;
}
/**
* Have the credentials for the user expired?
*
* If enabled returns false.
*
* @param userName
* @return
*/
public boolean getCredentialsHaveExpired(String userName)
{
if (!allowGetCredentialsHaveExpired)
{
throw new AlfrescoRuntimeException("Get credentials have expired is not supported");
}
return false;
}
/**
* Set if the account is locked.
*
* If enabled does nothing.
*
* @param userName
* @param locked
*/
public void setLocked(String userName, boolean locked)
{
if (!allowSetAccountLocked)
{
throw new AlfrescoRuntimeException("Set account locked is not supported");
}
}
/**
* Is the account locked?
*
* If enabled returns false.
*
* @param userName
* @return
*/
public boolean getAccountlocked(String userName)
{
if (!allowGetAccountLocked)
{
throw new AlfrescoRuntimeException("Get account locked is not supported");
}
return false;
}
/**
* Set the date on which the account expires
*
* If enabled does nothing.
*
* @param userName
* @param exipryDate
*/
public void setAccountExpiryDate(String userName, Date exipryDate)
{
if (!allowSetAccountExpiryDate)
{
throw new AlfrescoRuntimeException("Set account expiry date is not supported");
}
}
/**
* Get the date when this account expires.
*
* If enabled returns null.
*
* @param userName
* @return
*/
public Date getAccountExpiryDate(String userName)
{
if (!allowGetAccountExpiryDate)
{
throw new AlfrescoRuntimeException("Get account expiry date is not supported");
}
return null;
}
/**
* Set the date when credentials expire.
*
* If enabled does nothing.
*
* @param userName
* @param exipryDate
*/
public void setCredentialsExpiryDate(String userName, Date exipryDate)
{
if (!allowSetCredentialsExpiryDate)
{
throw new AlfrescoRuntimeException("Set credentials expiry date is not supported");
}
}
/**
* Get the date when the credentials/password expire.
*
* If enabled returns null.
*
* @param userName
* @return
*/
public Date getCredentialsExpiryDate(String userName)
{
if (!allowGetCredentialsExpiryDate)
{
throw new AlfrescoRuntimeException("Get credentials expiry date is not supported");
}
return null;
}
/**
* Get the MD4 password hash
*
* Always throws an exception.
*
* @param userName
* @return
*/
public String getMD4HashedPassword(String userName)
{
throw new AlfrescoRuntimeException("Not implemented");
}
/**
* Return the user details for the specified user
*
* Always throws an exception.
*
* @param user
* String
* @return UserDetails
* @exception UsernameNotFoundException
* @exception DataAccessException
*/
public UserDetails loadUserByUsername(String arg0) throws UsernameNotFoundException, DataAccessException
{
throw new AlfrescoRuntimeException("Not implemented");
}
/**
* Return salt for user
*
* Always throws an exception.
*
* @param user
* UserDetails
* @return Object
*/
public Object getSalt(UserDetails user)
{
throw new AlfrescoRuntimeException("Not implemented");
}
// -------- //
// Bean IOC //
// -------- //
public void setAllowCreateUser(boolean allowCreateUser)
{
this.allowCreateUser = allowCreateUser;
}
public void setAllowDeleteUser(boolean allowDeleteUser)
{
this.allowDeleteUser = allowDeleteUser;
}
public void setAllowGetAccountExpiryDate(boolean allowGetAccountExpiryDate)
{
this.allowGetAccountExpiryDate = allowGetAccountExpiryDate;
}
public void setAllowGetAccountHasExpired(boolean allowGetAccountHasExpired)
{
this.allowGetAccountHasExpired = allowGetAccountHasExpired;
}
public void setAllowGetAccountLocked(boolean allowGetAccountLocked)
{
this.allowGetAccountLocked = allowGetAccountLocked;
}
public void setAllowGetCredentialsExpire(boolean allowGetCredentialsExpire)
{
this.allowGetCredentialsExpire = allowGetCredentialsExpire;
}
public void setAllowGetCredentialsExpiryDate(boolean allowGetCredentialsExpiryDate)
{
this.allowGetCredentialsExpiryDate = allowGetCredentialsExpiryDate;
}
public void setAllowGetCredentialsHaveExpired(boolean allowGetCredentialsHaveExpired)
{
this.allowGetCredentialsHaveExpired = allowGetCredentialsHaveExpired;
}
public void setAllowGetEnabled(boolean allowGetEnabled)
{
this.allowGetEnabled = allowGetEnabled;
}
public void setAllowSetAccountExpires(boolean allowSetAccountExpires)
{
this.allowSetAccountExpires = allowSetAccountExpires;
}
public void setAllowSetAccountExpiryDate(boolean allowSetAccountExpiryDate)
{
this.allowSetAccountExpiryDate = allowSetAccountExpiryDate;
}
public void setAllowSetAccountLocked(boolean allowSetAccountLocked)
{
this.allowSetAccountLocked = allowSetAccountLocked;
}
public void setAllowSetCredentialsExpire(boolean allowSetCredentialsExpire)
{
this.allowSetCredentialsExpire = allowSetCredentialsExpire;
}
public void setAllowSetCredentialsExpiryDate(boolean allowSetCredentialsExpiryDate)
{
this.allowSetCredentialsExpiryDate = allowSetCredentialsExpiryDate;
}
public void setAllowSetEnabled(boolean allowSetEnabled)
{
this.allowSetEnabled = allowSetEnabled;
}
public void setAllowUpdateUser(boolean allowUpdateUser)
{
this.allowUpdateUser = allowUpdateUser;
}
}