1
2
3
4
5
6
7 package gov.bnl.gums.admin;
8
9 import gov.bnl.gums.*;
10 import gov.bnl.gums.account.AccountMapper;
11 import gov.bnl.gums.account.AccountPoolMapper;
12 import gov.bnl.gums.account.ManualAccountMapper;
13 import gov.bnl.gums.configuration.Configuration;
14 import gov.bnl.gums.configuration.ConfigurationToolkit;
15 import gov.bnl.gums.userGroup.ManualUserGroup;
16 import gov.bnl.gums.userGroup.UserGroup;
17 import gov.bnl.gums.hostToGroup.HostToGroupMapping;
18
19 import java.io.FileNotFoundException;
20 import java.io.IOException;
21 import java.lang.reflect.InvocationTargetException;
22 import java.util.Collection;
23 import java.util.Iterator;
24
25 import org.apache.log4j.Logger;
26
27
28
29
30
31
32 public class GUMSAPIImpl implements GUMSAPI {
33 static private GUMS gums;
34
35 private Logger gumsAdminLog = Logger.getLogger(GUMS.gumsAdminLogName);
36 private Logger siteAdminLog = Logger.getLogger(GUMS.siteAdminLogName);
37 private boolean isInWeb = false;
38
39 {
40 try {
41 Class.forName("javax.servlet.Filter");
42 isInWeb = true;
43 } catch (ClassNotFoundException e) {
44 isInWeb = false;
45 }
46 }
47
48 public void addAccountRange2(String accountPoolMapperName, String range) {
49 try {
50 beginTransaction();
51 if (hasWriteAccess(currentUser())) {
52 gums().getCoreLogic().addAccountRange(accountPoolMapperName, range);
53 gumsAdminLog.info(logUserAccess() + "Added account range '" + range + "' to account mapper '" + accountPoolMapperName + "'");
54 siteAdminLog.info(logUserAccess() + "Added account range '" + range + "' to account mapper '" + accountPoolMapperName + "'");
55 }
56 else {
57 String message = logUserAccess() + "Unauthorized access to addAccountRange2 for '"+accountPoolMapperName+" "+range+"'";
58 gumsAdminLog.warn(message);
59 siteAdminLog.warn(message);
60 throw new AuthorizationDeniedException();
61 }
62
63 commit();
64 } catch (Exception e) {
65 rollback();
66 throw new RuntimeException(e.getMessage());
67 }
68 }
69
70 public void backupConfiguration(String name) {
71 try {
72 beginTransaction();
73 if (hasWriteAccess(currentUser())) {
74 Configuration conf = (Configuration)gums().getConfiguration().clone();
75 conf.setName(name);
76 gums().setConfiguration(conf);
77 gumsAdminLog.info(logUserAccess() + "Backed up configuration '" + name + "'");
78 siteAdminLog.info(logUserAccess() + "Backed up configuration '" + name + "'");
79 }
80 else {
81 String message = logUserAccess() + "Unauthorized access to backupConfiguration";
82 gumsAdminLog.warn(message);
83 siteAdminLog.warn(message);
84 throw new AuthorizationDeniedException();
85 }
86
87 commit();
88 } catch (Exception e) {
89 rollback();
90 throw new RuntimeException(e.getMessage());
91 }
92 }
93
94 public void beginTransaction() throws Exception {
95 gums().beginTransaction();
96 }
97
98 public void commit() throws IOException, IllegalArgumentException, SecurityException, InstantiationException, IllegalAccessException, InvocationTargetException, NoSuchMethodException, ClassNotFoundException {
99 gums().commit();
100 }
101
102 public void rollback() {
103 try {
104 gums().rollback();
105 } catch (Exception e) {
106 }
107 }
108
109 public void deleteBackupConfiguration(String name) {
110 try {
111 beginTransaction();
112 if (hasWriteAccess(currentUser())) {
113 gums().removeBackupConfiguration(name);
114 }
115 else {
116 String message = logUserAccess() + "Unauthorized access to deleteBackupConfiguration for '"+name+"'";
117 gumsAdminLog.warn(message);
118 siteAdminLog.warn(message);
119 throw new AuthorizationDeniedException();
120 }
121
122 commit();
123 } catch (Exception e) {
124 rollback();
125 throw new RuntimeException(e.getMessage());
126 }
127 }
128
129 public String generateEmailMapfile(String hostname) {
130 try {
131 String map;
132 beginTransaction();
133 if (hasReadAllAccess(currentUser(), hostname)) {
134 map = gums().getCoreLogic().generateGridMapfile(hostname, false, true, true);
135 if (gumsAdminLog.isDebugEnabled())
136 gumsAdminLog.debug(logUserAccess() + "Generated email mapfile for host '" + hostname + "': " + map);
137 else
138 gumsAdminLog.info(logUserAccess() + "Generated email mapfile for host '" + hostname + "'");
139 }
140 else {
141 String message = logUserAccess() + "Unauthorized access to generateEmailMapfile for host '"+hostname+"'";
142 gumsAdminLog.warn(message);
143 siteAdminLog.warn(message);
144 throw new AuthorizationDeniedException();
145 }
146 commit();
147 return map;
148 } catch (Exception e) {
149 rollback();
150 throw new RuntimeException(e.getMessage());
151 }
152 }
153
154 public String generateFqanMapfile(String hostname) {
155 try {
156 String map;
157 beginTransaction();
158 if (hasReadAllAccess(currentUser(), hostname)) {
159 map = gums().getCoreLogic().generateFqanMapfile(hostname, true);
160 if (gumsAdminLog.isDebugEnabled())
161 gumsAdminLog.debug(logUserAccess() + "Generated fqan mapfile for host '" + hostname + "': " + map);
162 else
163 gumsAdminLog.info(logUserAccess() + "Generated fqan mapfile for host '" + hostname + "'");
164 } else {
165 String message = logUserAccess() + "Unauthorized access to generateFqanMapfile for host '"+hostname+"'";
166 gumsAdminLog.warn(message);
167 siteAdminLog.warn(message);
168 throw new AuthorizationDeniedException();
169 }
170 commit();
171 return map;
172 } catch (Exception e) {
173 rollback();
174 throw new RuntimeException(e.getMessage());
175 }
176 }
177
178 public String generateGridMapfile(String hostname) {
179 try {
180 String map;
181 beginTransaction();
182 if (!gums().getConfiguration().isAllowGridmapFiles())
183 throw new RuntimeException("Grid Mapfile generation has been disabled (probably to conserve pool accounts)");
184
185 if (hasReadAllAccess(currentUser(), hostname)) {
186 map = gums().getCoreLogic().generateGridMapfile(hostname, true, false, false);
187 if (gumsAdminLog.isDebugEnabled())
188 gumsAdminLog.debug(logUserAccess() + "Generated grid mapfile for host '" + hostname + "': " + map);
189 else
190 gumsAdminLog.info(logUserAccess() + "Generated grid mapfile for host '" + hostname + "'");
191 } else {
192 String message = logUserAccess() + "Unauthorized access to generateGridMapfile for host '"+hostname+"'";
193 gumsAdminLog.warn(message);
194 siteAdminLog.warn(message);
195 throw new AuthorizationDeniedException();
196 }
197
198 commit();
199 return map;
200 } catch (Exception e) {
201 rollback();
202 throw new RuntimeException(e.getMessage());
203 }
204 }
205
206 public String generateOsgUserVoMap(String hostname) {
207 try {
208 String map;
209 beginTransaction();
210 if (hasReadAllAccess(currentUser(), hostname)) {
211 map = gums().getCoreLogic().generateOsgUserVoMap(hostname);
212 commit();
213 if (gumsAdminLog.isDebugEnabled())
214 gumsAdminLog.debug(logUserAccess() + "Generated osg vo-user map for host '" + hostname + "': " + map);
215 else
216 gumsAdminLog.info(logUserAccess() + "Generated osg vo-user map for host '" + hostname + "'");
217 } else {
218 String message = logUserAccess() + "Unauthorized access to generateOsgUserVoMap for host '"+hostname+"'";
219 gumsAdminLog.warn(message);
220 siteAdminLog.warn(message);
221 throw new AuthorizationDeniedException();
222 }
223 commit();
224 return map;
225 } catch (Exception e) {
226 rollback();
227 throw new RuntimeException(e.getMessage());
228 }
229 }
230
231 public String generateVoGridMapfile(String hostname) {
232 try {
233 String map;
234 beginTransaction();
235
236 if (!gums().getConfiguration().isAllowGridmapFiles())
237 throw new RuntimeException("Grid Mapfile generation has been disabled (probably to conserve pool accounts)");
238
239 if (hasReadAllAccess(currentUser(), hostname)) {
240 beginTransaction();
241 map = gums().getCoreLogic().generateGridMapfile(hostname, true, true, false);
242 commit();
243 if (gumsAdminLog.isDebugEnabled())
244 gumsAdminLog.debug(logUserAccess() + "Generated vo grid mapfile for host '" + hostname + "':" + map);
245 else
246 gumsAdminLog.info(logUserAccess() + "Generated vo grid mapfile for host '" + hostname + "'");
247 } else {
248 String message = logUserAccess() + "Unauthorized access to generateVoGridMapfile for host '"+hostname+"'";
249 gumsAdminLog.warn(message);
250 siteAdminLog.warn(message);
251 throw new AuthorizationDeniedException();
252 }
253
254
255 commit();
256
257 return map;
258 } catch (Exception e) {
259 rollback();
260 throw new RuntimeException(e.getMessage());
261 }
262 }
263
264 public Collection<String> getBackupNames() {
265 try {
266 beginTransaction();
267 Collection<String> backupConfigDates = null;
268 if (hasReadAllAccess(currentUser(), null)) {
269 backupConfigDates = gums().getBackupConfigurationNames();
270 }
271 else {
272 String message = logUserAccess() + "Unauthorized access to getBackupConfigDates";
273 gumsAdminLog.warn(message);
274 siteAdminLog.warn(message);
275 throw new AuthorizationDeniedException();
276 }
277 commit();
278 return backupConfigDates;
279 } catch (Exception e) {
280 rollback();
281 throw new RuntimeException(e.getMessage());
282 }
283 }
284
285 public Configuration getConfiguration() {
286 try {
287 if (hasReadAllAccess(currentUser(), null) && isInWeb) {
288 return gums().getConfiguration();
289 }
290 else {
291 String message = logUserAccess() + "Unauthorized access to getConfiguration";
292 gumsAdminLog.warn(message);
293 siteAdminLog.warn(message);
294 throw new AuthorizationDeniedException();
295 }
296 } catch (Exception e) {
297 throw new RuntimeException(e.getMessage());
298 }
299 }
300
301 public String getOutOfDateFqans(int hoursSinceLastUpdate) {
302 try {
303 if (hasReadAllAccess(currentUser(), null)) {
304 return gums().getCoreLogic().getOutOfDateFqans(hoursSinceLastUpdate);
305 }
306 else {
307 String message = logUserAccess() + "Unauthorized access to getOutOfDateFqans";
308 gumsAdminLog.warn(message);
309 siteAdminLog.warn(message);
310 throw new AuthorizationDeniedException();
311 }
312 } catch (Exception e) {
313 throw new RuntimeException(e.getMessage());
314 }
315 }
316
317 public String getPoolAccountAssignments(String accountPoolMapperName) {
318 try {
319 String retVal;
320 beginTransaction();
321 if (hasReadAllAccess(currentUser(), null)) {
322 if (gums().getConfiguration().getAccountMapper(accountPoolMapperName) instanceof AccountPoolMapper)
323 retVal = ((AccountPoolMapper)gums().getConfiguration().getAccountMapper(accountPoolMapperName)).getAssignments();
324 else
325 retVal = "";
326 }
327 else {
328 String message = logUserAccess() + "Unauthorized access to getPoolAccountAssignments for '"+accountPoolMapperName+"'";
329 gumsAdminLog.warn(message);
330 siteAdminLog.warn(message);
331 throw new AuthorizationDeniedException();
332 }
333 commit();
334 return retVal;
335 } catch (Exception e) {
336 rollback();
337 throw new RuntimeException(e.getMessage());
338 }
339 }
340
341 public String getVersion() {
342 return GUMS.getVersion();
343 }
344
345 public void manualGroupAdd2(String manualUserGroupName, String userDN) {
346 try {
347 beginTransaction();
348 if (hasWriteAccess(currentUser())) {
349 ((ManualUserGroup)gums().getConfiguration().getUserGroup(manualUserGroupName)).addMember(new GridUser(userDN));
350 gumsAdminLog.info(logUserAccess() + "Added to user group '" + manualUserGroupName + "' user '" + userDN + "'");
351 siteAdminLog.info(logUserAccess() + "Added to user group '" + manualUserGroupName + "' user '" + userDN + "'");
352 } else {
353 String message = logUserAccess() + "Unauthorized access to manualGroupAdd2 for user group '" + manualUserGroupName + "' user '" + userDN + "'";
354 gumsAdminLog.warn(message);
355 siteAdminLog.warn(message);
356 throw new AuthorizationDeniedException();
357 }
358
359 commit();
360 } catch (Exception e) {
361 rollback();
362 throw new RuntimeException(e.getMessage());
363 }
364 }
365
366 public void manualGroupAdd3(String manualUserGroupName, String userDN, String fqan, String email) {
367 try {
368 beginTransaction();
369 if (hasWriteAccess(currentUser())) {
370 ((ManualUserGroup)gums().getConfiguration().getUserGroup(manualUserGroupName)).addMember(new GridUser(userDN, fqan, email, false));
371 gumsAdminLog.info(logUserAccess() + "Added to user group '" + manualUserGroupName + "' user '" + userDN + "' fqan '" + fqan + "' email '" + email + "'");
372 siteAdminLog.info(logUserAccess() + "Added to user group '" + manualUserGroupName + "' user '" + userDN + "' fqan '" + fqan + "' email '" + email + "'");
373 } else {
374 String message = logUserAccess() + "Unauthorized access to manualGroupAdd3 for user group '" + manualUserGroupName + "' user '" + userDN + "' fqan '" + fqan + "' email '" + email + "'";
375 gumsAdminLog.warn(message);
376 siteAdminLog.warn(message);
377 throw new AuthorizationDeniedException();
378 }
379
380 commit();
381 } catch (Exception e) {
382 rollback();
383 throw new RuntimeException(e.getMessage());
384 }
385 }
386
387 public void manualGroupRemove2(String manualUserGroupName, String userDN) {
388 try {
389 beginTransaction();
390 if (hasWriteAccess(currentUser())) {
391 ((ManualUserGroup)gums().getConfiguration().getUserGroup(manualUserGroupName)).removeMember(new GridUser(userDN));
392 gumsAdminLog.info(logUserAccess() + "Removed from user group '" + manualUserGroupName + "' user '" + userDN + "'");
393 siteAdminLog.info(logUserAccess() + "Removed from user group '" + manualUserGroupName + "' user '" + userDN + "'");
394 } else {
395 String message = logUserAccess() + "Unauthorized access to manualGroupRemove2 for user group '" + manualUserGroupName + "' user '" + userDN + "'";
396 gumsAdminLog.warn(message);
397 siteAdminLog.warn(message);
398 throw new AuthorizationDeniedException();
399 }
400
401 commit();
402 } catch (Exception e) {
403 rollback();
404 throw new RuntimeException(e.getMessage());
405 }
406 }
407
408 public void manualGroupRemove3(String manualUserGroupName, String userDN, String fqan) {
409 try {
410 beginTransaction();
411 if (hasWriteAccess(currentUser())) {
412 ((ManualUserGroup)gums().getConfiguration().getUserGroup(manualUserGroupName)).removeMember(new GridUser(userDN, fqan, false));
413 gumsAdminLog.info(logUserAccess() + "Removed from user group '" + manualUserGroupName + "' user '" + userDN + "' fqan '" + fqan + "'");
414 siteAdminLog.info(logUserAccess() + "Removed from user group '" + manualUserGroupName + "' user '" + userDN + "' fqan '" + fqan + "'");
415 } else {
416 String message = logUserAccess() + "Unauthorized access to manualGroupRemove2 for user group '" + manualUserGroupName + "' user '" + userDN + "' fqan '"+fqan+"'";
417 gumsAdminLog.warn(message);
418 siteAdminLog.warn(message);
419 throw new AuthorizationDeniedException();
420 }
421
422 commit();
423 } catch (Exception e) {
424 rollback();
425 throw new RuntimeException(e.getMessage());
426 }
427 }
428
429 public void manualMappingAdd2(String manualAccountMapperName, String userDN, String account) {
430 try {
431 beginTransaction();
432 if (hasWriteAccess(currentUser())) {
433 AccountMapper accountMapper = gums().getConfiguration().getAccountMapper(manualAccountMapperName);
434 if (accountMapper==null)
435 throw new RuntimeException("Account Mapper '" + manualAccountMapperName + "' does not exist");
436 if (!(accountMapper instanceof ManualAccountMapper))
437 throw new RuntimeException("Account Mapper '" + manualAccountMapperName + "' is not an account pool mapper");
438 ManualAccountMapper manualAccountMapper = new ManualAccountMapper();
439
440 manualAccountMapper.createMapping(userDN, new SiteUser(account));
441
442 gumsAdminLog.info(logUserAccess() + "Added mapping to account mapper '" + manualAccountMapperName + "' for user '" + userDN + "' to account '" + account + "'");
443 siteAdminLog.info(logUserAccess() + "Added mapping to account mapper '" + manualAccountMapperName + "' for user '" + userDN + "' to account '" + account + "'");
444 } else {
445 String message = logUserAccess() + "Unauthorized access to manualMappingAdd2 for account mapper '" + manualAccountMapperName + "' user '" + userDN + "' account '"+account+"'";
446 gumsAdminLog.warn(message);
447 siteAdminLog.warn(message);
448 throw new AuthorizationDeniedException();
449 }
450
451 commit();
452 } catch (Exception e) {
453 rollback();
454 throw new RuntimeException(e.getMessage());
455 }
456 }
457
458 public void manualMappingRemove2(String manualAccountMapperName, String userDN) {
459 try {
460 beginTransaction();
461 if (hasWriteAccess(currentUser())) {
462 AccountMapper accountMapper = gums().getConfiguration().getAccountMapper(manualAccountMapperName);
463 if (accountMapper==null)
464 throw new RuntimeException("Account Mapper '" + manualAccountMapperName + "' does not exist");
465 if (!(accountMapper instanceof ManualAccountMapper))
466 throw new RuntimeException("Account Mapper '" + manualAccountMapperName + "' is not a manaul pool mapper");
467 ManualAccountMapper manualAccountMapper = new ManualAccountMapper();
468
469 manualAccountMapper.removeMapping(userDN);
470
471 gumsAdminLog.info(logUserAccess() + "Removed mapping from account mapper '" + manualAccountMapperName + "' for user '" + userDN + "'");
472 siteAdminLog.info(logUserAccess() + "Removed mapping from account mapper '" + manualAccountMapperName + "' for user '" + userDN + "'");
473 } else {
474 String message = logUserAccess() + "Unauthorized access to manualMappingRemove2 for user group '" + manualAccountMapperName + "' user '" + userDN + "'";
475 gumsAdminLog.warn(message);
476 siteAdminLog.warn(message);
477 throw new AuthorizationDeniedException();
478 }
479
480 commit();
481 } catch (Exception e) {
482 rollback();
483 throw new RuntimeException(e.getMessage());
484 }
485 }
486
487 public String mapAccount(String accountName) {
488 try {
489 String DNs;
490 beginTransaction();
491 if (hasReadAllAccess(currentUser(), null)) {
492 DNs = gums().getCoreLogic().mapAccount(accountName);
493 gumsAdminLog.info(logUserAccess() + "Mapped the account '" + accountName + "' to '" + DNs + "'");
494 } else {
495 String message = logUserAccess() + "Unauthorized access to mapAccount for account '" + accountName + "'";
496 gumsAdminLog.warn(message);
497 siteAdminLog.warn(message);
498 throw new AuthorizationDeniedException();
499 }
500 commit();
501 return DNs;
502 } catch (Exception e) {
503 rollback();
504 throw new RuntimeException(e.getMessage());
505 }
506 }
507
508 public String mapUser(String hostname, String userDN, String fqan) {
509 try {
510 String account = null;
511 beginTransaction();
512 if ( (hasReadSelfAccess(currentUser()) && currentUser().compareDn(userDN)==0) || hasReadAllAccess(currentUser(), hostname)) {
513 GridUser user = new GridUser(userDN, fqan);
514 boolean isUserBanned = gums().getCoreLogic().isUserBanned(user);
515 if (!isUserBanned) {
516 SiteUser siteUser = gums().getCoreLogic().map(hostname, user, false);
517 account = siteUser.getAccount();
518 }
519 if (account==null && isUserBanned) {
520 String message = logUserAccess() + "Mapped on host '" + hostname + "' the banned user '" + userDN + "' / '" + fqan + "' to '" + account + "'";
521 gumsAdminLog.warn(message);
522 siteAdminLog.warn(message);
523 }
524 else
525 gumsAdminLog.info(logUserAccess() + "Mapped on host '" + hostname + "' the user '" + userDN + "' / '" + fqan + "' to '" + account + "'");
526 } else {
527 String message = logUserAccess() + "Unauthorized access to mapUser for '" + hostname + "' from user '" + userDN + "' / '" + fqan + "'";
528 gumsAdminLog.warn(message);
529 siteAdminLog.warn(message);
530 throw new AuthorizationDeniedException();
531 }
532 commit();
533 return account;
534 } catch (Exception e) {
535 rollback();
536 throw new RuntimeException(e.getMessage());
537 }
538 }
539
540 public void removeAccountRange(String accountPoolMapperName, String range) {
541 try {
542 beginTransaction();
543 if (hasWriteAccess(currentUser())) {
544 gums().getCoreLogic().removeAccountRange(accountPoolMapperName, range);
545 gumsAdminLog.info(logUserAccess() + "Removed account range '" + range + "' from account mapper '" + accountPoolMapperName + "'");
546 siteAdminLog.info(logUserAccess() + "Removed accounts range '" + range + "' from account mapper '" + accountPoolMapperName + "'");
547 }
548 else {
549 String message = logUserAccess() + "Unauthorized access to removeAccountRange for '"+accountPoolMapperName+" "+range+"'";
550 gumsAdminLog.warn(message);
551 siteAdminLog.warn(message);
552 throw new AuthorizationDeniedException();
553 }
554
555 commit();
556 } catch (Exception e) {
557 rollback();
558 throw new RuntimeException(e.getMessage());
559 }
560 }
561
562 public void restoreConfiguration(String name) throws Exception {
563 try {
564 beginTransaction();
565 if (hasWriteAccess(currentUser())) {
566 Configuration configuration = gums().restoreConfiguration(name);
567 gumsAdminLog.debug("Configuration was set: " + configuration.toXml());
568 siteAdminLog.debug("Configuration was set: " + configuration.toXml());
569 }
570 else {
571 String message = logUserAccess() + "Unauthorized access to restoreConfiguration for '"+name+"'";
572 gumsAdminLog.warn(message);
573 siteAdminLog.warn(message);
574 throw new AuthorizationDeniedException();
575 }
576
577 commit();
578 } catch (Exception e) {
579 rollback();
580 throw new RuntimeException(e.getMessage());
581 }
582 }
583
584 public void setConfiguration(Configuration configuration) throws Exception {
585 try {
586 beginTransaction();
587 if (hasWriteAccess(currentUser())) {
588 gums().setConfiguration(configuration);
589 gumsAdminLog.debug("Configuration was set: " + configuration.toXml());
590 siteAdminLog.debug("Configuration was set: " + configuration.toXml());
591 }
592 else {
593 String message = logUserAccess() + "Unauthorized access to setConfiguration";
594 gumsAdminLog.warn(message);
595 siteAdminLog.warn(message);
596 throw new AuthorizationDeniedException();
597 }
598 } catch (Exception e) {
599 rollback();
600 throw new RuntimeException(e.getMessage());
601 }
602 }
603
604 public void unassignAccountRange(String accountPoolMapperName, String range) {
605 try {
606 beginTransaction();
607 if (hasWriteAccess(currentUser())) {
608 gums().getCoreLogic().unassignAccountRange(accountPoolMapperName, range);
609 gumsAdminLog.info(logUserAccess() + "Unassigned account range '" + range + "' from account mapper '" + accountPoolMapperName + "'");
610 siteAdminLog.info(logUserAccess() + "Unassigned account range '" + range + "' from account mapper '" + accountPoolMapperName + "'");
611 }
612 else {
613 String message = logUserAccess() + "Unauthorized access to unassignAccountRange for '"+accountPoolMapperName+" "+range+"'";
614 gumsAdminLog.warn(message);
615 siteAdminLog.warn(message);
616 throw new AuthorizationDeniedException();
617 }
618
619 commit();
620 } catch (Exception e) {
621 rollback();
622 throw new RuntimeException(e.getMessage());
623 }
624 }
625
626 public void updateGroups() {
627 try {
628 beginTransaction();
629 if (hasWriteAccess(currentUser())) {
630 gums().getConfiguration().updateUserGroupMembers();
631 gumsAdminLog.info(logUserAccess() + "Groups updated");
632 siteAdminLog.info(logUserAccess() + "Groups updated");
633 } else {
634 String message = logUserAccess() + "Unauthorized access to updateGroups";
635 gumsAdminLog.warn(message);
636 siteAdminLog.warn(message);
637 throw new AuthorizationDeniedException();
638 }
639
640 commit();
641 } catch (Exception e) {
642 rollback();
643 throw new RuntimeException(e.getMessage());
644 }
645 }
646
647 public String getCurrentDn() {
648 return currentUser().getDn();
649 }
650
651
652 public String generateGrid3UserVoMap(String hostname) {
653 return generateOsgUserVoMap(hostname);
654 }
655
656 public void manualGroupAdd(String persistanceFactory, String group, String userDN) {
657 manualGroupAdd2(group, userDN);
658 }
659
660 public void manualGroupRemove(String persistanceFactory, String group, String userDN) {
661 manualGroupRemove2(group, userDN);
662 }
663
664 public void manualMappingAdd(String persistanceFactory, String group, String userDN, String account) {
665 manualMappingAdd2(group, userDN, account);
666 }
667
668 public void manualMappingRemove(String persistanceFactory, String group, String userDN) {
669 manualMappingRemove2(group, userDN);
670 }
671
672 public void poolAddAccount(String persistanceFactory, String group, String accountName) {
673 addAccountRange2(group, accountName + accountName.substring(accountName.indexOf('-')));
674 }
675
676
677
678 private GridUser currentUser() {
679 if (!isInWeb) return null;
680 String DN = CertCache.getUserDN();
681 if (DN != null) {
682 return new GridUser(DN);
683 } else {
684 return null;
685 }
686 }
687
688 private GUMS gums() throws FileNotFoundException, IOException, IllegalArgumentException, SecurityException, InstantiationException, IllegalAccessException, InvocationTargetException, NoSuchMethodException, ClassNotFoundException {
689 if (gums == null)
690 gums = new GUMS();
691 return gums;
692 }
693
694 private boolean hasReadAllAccess(GridUser user, String hostname) throws Exception {
695 if (user == null)
696 return false;
697 if (hostname!=null && ConfigurationToolkit.testHostDNPattern.matcher(hostname).matches())
698 return true;
699 Collection<UserGroup> readAllUserGroups;
700 if ((readAllUserGroups = gums().getConfiguration().getReadAllUserGroups()) != null) {
701 Iterator<UserGroup> it = readAllUserGroups.iterator();
702 while (it.hasNext()) {
703 UserGroup userGroup = it.next();
704 if (userGroup.isMember(user))
705 return true;
706 }
707 }
708
709 if (hostname!=null && user.getDn().indexOf(hostname) != -1)
710 return true;
711
712 if (hostToGroupMapping(user.getDn()) != null)
713 return true;
714 return false;
715 }
716
717 private boolean hasReadSelfAccess(GridUser currentUser) throws Exception {
718 if (currentUser == null)
719 return false;
720 if (gums().getConfiguration().getReadSelfUserGroups() == null)
721 return false;
722 Collection<UserGroup> readSelfUserGroups = gums().getConfiguration().getReadSelfUserGroups();
723 Iterator<UserGroup> it = readSelfUserGroups.iterator();
724 while (it.hasNext()) {
725 UserGroup userGroup = it.next();
726 if (userGroup.isMember(currentUser))
727 return true;
728 }
729 return false;
730 }
731
732 private boolean hasWriteAccess(GridUser user) throws Exception {
733 if (user == null)
734 return false;
735 if (gums().getConfiguration().getWriteUserGroups() == null)
736 return false;
737 Collection<UserGroup> writeUserGroups = gums().getConfiguration().getWriteUserGroups();
738 Iterator<UserGroup> it = writeUserGroups.iterator();
739 while (it.hasNext()) {
740 UserGroup userGroup = it.next();
741 if (userGroup.isMember(user))
742 return true;
743 }
744 return false;
745 }
746
747 private HostToGroupMapping hostToGroupMapping(String hostname) {
748 try {
749 Collection<HostToGroupMapping> hostToGroupMappers = gums().getConfiguration().getHostToGroupMappings();
750 Iterator<HostToGroupMapping> it = hostToGroupMappers.iterator();
751 while (it.hasNext()) {
752 HostToGroupMapping hostToGroupMapper = it.next();
753 if (hostToGroupMapper.isInGroup(hostname)) {
754 return hostToGroupMapper;
755 }
756 }
757 } catch (Exception e) {
758 throw new RuntimeException(e.getMessage());
759 }
760 return null;
761 }
762
763 private String logUserAccess() {
764 if (currentUser() == null) {
765 return "No AuthN - ";
766 } else {
767 return currentUser() + " - ";
768 }
769 }
770
771 }