|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.ObjectARoad0.gBase.BasicImpl
ARoad0.gBase.EligiblePartyImpl
ARoad0.gBase.GroupIDMemberImpl
ARoad0.gBase.GroupIDImpl
ARoad0.AcsAddon.Accbee.MySQL.gBase.GroupIDMySQLImpl
public class GroupIDMySQLImpl
This class is responsible for modeling a MySQL GroupID to manage the constraints on the account membership and group names. The allowed basic types are 'host', 'accounts-for-hosts group', 'hosts group' or one of the three standard groups. The standard pattern-name accounts-for-hosts group has all the accounts-for-hosts groups as members. The standard pattern-name hosts group has all the hosts groups as members. The standard for simple hosts group has all the hosts as members.
A host in MySQL is simulated by a GroupID having a 'host' type, including the group 'localhost' for the MySQL server host, which has the type 'host byAcsCreator' to forbid its deleting by the Access Road user. A new host, if it is not 'localhost', has to be an open ACS name as last component. In this case, the name last component of a new host must have the form 'xxx:yy:zzz:tttt', and it is converted to the ACS name ' xxx:: yy:: zzz:: tttt:: ' to checkup it is an open ACS. After the group creation, if the open ACS is closed, the MySQL host group remains unchanged. There is a constraint to enforce exactly one simple host per account, at the creation of the account, and this first host cannot be changed.
A pattern-name group may be created by the user to contains all the accounts or groups having a given pattern in their names. The convention for these special groups is to use in their names the two '%' and '_' wildcard characters:
- '%' matches any number of characters, even zero characters,
- '_' matches exactly one character.
While MySQL Server allows to have two wildcards, or more, in the same name of a pattern-name group, Access Road does not permit it, because the algorithm of sorting for these names is not specified and very confusing. An IP wildcard value can match only IP addresses, not host names. '1.2.example.com' never match '1.2.%'. This class ensures that accounts or groups are members of the pattern-name groups that match to them, while the proxy accounts are not implied there.
There are two types of pattern-name groups, for hosts and for accounts-for-hosts, listed hereinafter:
(1) A pattern-name hosts group may be created by the Access Road user to contain all the hosts having a given pattern in their names.
(2) A pattern-name accounts-for-hosts group may be created by the Access Road user to contain all the accounts having a given pattern, like 'tom' and 'tom(2)'. The pattern-name accounts-for-hosts group name has then the form 'name§@YYYY', where YYYY contain a wildcard character.
To deliver some rights to a given source 'tom' whatever its current host, a pattern-name accounts-for-hosts group 'tom§@%' is required. This form is proper to Access Road, since MySQL would rather uses 'tom@%'.
The host to use, if it is not 'localhost', has to be an open ACS having an account with the new userID name as name (modulo '(N)' at the end), and the user 'anonymous' is the single exception to this rule. To summerize, a host in MySQL has only accounts or proxy accounts, which are UserIDMySQLs, as members. An accounts-for-hosts group has only accounts as members. A hosts group has only hosts as members.
The rights of 'tom@host_one' and 'tom@host_two' can be defined in two conditional ACLs but not as two accounts. In the database rights, MySQL handles the concept of user independantly of the concept of host, so it is necessary to modelize accounts as UserIDs. The account 'tom' may be set as member of only one host, and it may be necessary to define the account 'tom(2)' on another host.
This class implements the following rules, and informs the Access Road user with the same sentence as error message when they are not fulfilled with:
- The MySQL group names can be up to 60 characters long, but no more.
- A group must not have the characters '%', '_', '§', '@' in its name if it is not a pattern-name group.
- This is the name of the MySQL ACS parent, and it is already modelled by the group 'localhost'.
- The host name is not a valid name with the form 'xxx:yy:zzz:tttt'.
- The host name is not the name of an open ACS.
- This is a wrong name, since an accounts-for-hosts group name must have the format 'xxxx§@yyyyy' with a wildcard '%' or '_' in the sequence yyyy.
- This is a wrong name , since a hosts group name must have exactly one wildcard '%' or '_'.
- A pattern-name group cannot be immutable at its creation.
- It is not possible to change by hand the members of a pattern-name group.
- An account cannot have a second simple host.
- A proxy account cannot have a second simple host.
- It is not possible to add a member to a non-standard host if it is not an account nor a proxy.
- The name 'ddd' is not associated to an open ACS.
- The MySQL account is already associated to the same UserID, in the ACS of this group.
- 'bbb' is not the name of an account in the open ACS 'ddd' this group represents.
- It is not possible to change directly the members of a pattern-name group.
- This account cannot be directly removed from this host, because this group is its first host.
This class adds a group for which this GroupIDMember is a member, and it sorts the groups in an ordered array that follows the sorting order for the MySQL AclEntries. The sorting of the source types is defined by BaseUtilityMySQLImpl.isAfterInTheGroupIDMemberOrder().
This class has one subclass in this package, RoleMySQLImpl. It is a javabean with the following bound properties: 'AssociatedGroups', for the overridden method addGroupToGM().
Field Summary | |
---|---|
static GroupIDMySQLImpl |
EMPTY_INSTANCE
A reusable empty instance for initialization, to avoid the use of 'new' for temporary values. |
static java.io.ObjectStreamField[] |
serialPersistentFields
empty variable for the JDK 2 serialization |
private static long |
serialVersionUID__
|
Fields inherited from class ARoad0.gBase.GroupIDImpl |
---|
l_currentActors_, l_Members_, l_ownResources_, l_secGroupActors_, order_ |
Fields inherited from class ARoad0.gBase.GroupIDMemberImpl |
---|
isAdmin_, l_Groups_ |
Fields inherited from class ARoad0.gBase.EligiblePartyImpl |
---|
m_AclEntriesResources_ |
Fields inherited from class ARoad0.gBase.BasicImpl |
---|
aCS_, aCS_Name_, aliasHandler_, changeSupport_, comment_, folderMember_, INCREMENT_CAPACITY, INITIAL_CAPACITY, INITIAL_CAPACITY_2, iS_Name_, m_ConstrainedChildACS_, name_, PRIME, privHandler_, type_ |
Constructor Summary | |
---|---|
GroupIDMySQLImpl()
The basic constructor |
|
GroupIDMySQLImpl(ImmutableName _name,
ACS _acs,
java.lang.String _epType,
java.lang.Boolean _isAdmin)
Constructor used in the beamer by the editor for the ACS EP list, from 'New'. |
|
GroupIDMySQLImpl(ImmutableName _name,
ACS _acs,
java.lang.String _epType,
boolean _isAdmin,
boolean _toRegisterInManager)
Used for the creation of a GroupIDMySQL. |
Method Summary | |
---|---|
void |
addEorMember(GroupIDMember _gm)
Adds an UserIDMySQL as a member of this GroupIDMySQL, which may have the type 'host' or one of the three standard groups. |
protected void |
addEorMemberToPatternNameGroup(GroupIDMember _gm)
Adds a GroupIDMember as a member of a non-standard pattern-name GroupID. |
void |
addGroupToGM(GroupID _grp)
Adds a group for which this GroupIDMember is a member, and sorts the groups in an ordered array that follows the sorting order for the MySQL AclEntries, from BaseUtilityMySQLImpl.isAfterInTheGroupIDMemberOrder(). |
java.lang.Object |
copy(ImmutableName _name,
ACS _acs,
Directory _parent,
java.lang.Boolean _toRegisterInManager)
This method provides a copy of the instance with another name. |
protected GroupIDMySQLImpl |
copyOwnVariables(GroupIDMySQLImpl _result,
boolean _withoutInternalAcl)
This method provides a copy of the instance variables. |
java.lang.Object |
copyWithoutInternalAcl(ImmutableName _name,
ACS _acs,
Directory _parent,
java.lang.Boolean _toRegisterInManager)
This method provides a copy of the instance as copy(), but without copying the EligibleParty internal aclEntries. |
void |
finalizeForBase()
This method, if this instance is a host, finalizes the accounts that are members having this group as first host. |
java.util.Map<java.lang.String,java.lang.String> |
getAddonInnerPropertiesToListen()
Gets the specific events to listen from an ACSObject, because these events should change the rights of an ACSObject in an ACS Addon.Returns always null, because these events are listened only to update the views containing these ACSObjects. |
protected static ImmutableName |
getNameFromHostComponent(java.lang.String _host_name)
Gets the ACS name. |
long |
getSerialVersionUID()
For the java serialization. |
protected static boolean |
isMemberOfMySQLPatternNameGroup(ImmutableGroupIDMember _memb,
ImmutableGroupID _patternNameGroup)
This static method detects if an account or a group is a member of a pattern-name group that match to it, on the basis of the comparison of their name last components. |
boolean |
isSimpleHost()
Returns true if the type is one of the 4 simple host types, and false otherwise, like for a pattern-name_hosts group. |
void |
removeEorMember(GroupIDMember _gm)
Called by the GUI, and throws an exception if the group is not standard. |
void |
removeEorMemberWithoutControl(GroupIDMember _gm)
Removes the groupID member of a host, without any control like in removeEorMember(). |
Methods inherited from class ARoad0.gBase.GroupIDMemberImpl |
---|
addPropertyChangeListener, copy, copyOwnVariables, copyWithoutAcl, getEorL_GroupID, isAdmin, removeGroupToGM, removePropertyChangeListener |
Methods inherited from class java.lang.Object |
---|
getClass, notify, notifyAll, wait, wait, wait |
Methods inherited from interface ARoad0.gBaseInterface.GroupID |
---|
setEorL_Members, setOrder |
Methods inherited from interface ARoad0.gBaseInterface.ImmutableGroupID |
---|
containsAsIndirectMember, containsAsIndirectMemberWithoutAliasing, containsAsMember, containsAsMemberWithoutAliasing, getEorL_GroupIDCurrentActors, getEorL_GroupIDCurrentActorsAsSecondaryGroup, getEorL_GroupIDOwnResources, getEorL_Members, getFirstIntermediateForIndirectMember, getOrder, ownsResource |
Methods inherited from interface ARoad0.gBaseInterface.GroupIDMember |
---|
removeGroupToGM |
Methods inherited from interface ARoad0.gBaseInterface.EligibleParty |
---|
setEPType |
Methods inherited from interface ARoad0.gBaseInterface.Basic |
---|
finalizeForUser, setComment |
Methods inherited from interface ARoad0.gBaseInterface.PrivilegeSource |
---|
addEorPrivilegeForTypeToSource, removeEorPrivilegeToSource |
Methods inherited from interface ARoad0.gBaseInterface.ImmutableGroupIDMember |
---|
getEorL_GroupID, isAdmin |
Methods inherited from interface ARoad0.gBaseInterface.ImmutableEligibleParty |
---|
getEorL_AclConnectedResources, getEPType, getM_ConstrainedChildACS |
Methods inherited from interface ARoad0.gBaseInterface.ImmutableBasic |
---|
getComment, getEorAliasAsInternalHardReference, getEorReferenceAsInternalHardAlias, getHasSoftAlias, getImpliedViews, getIS_Name, getL_AcsOfSoftReferences, getL_SoftAlias, getPropertyChangeListeners, getVirtualFolders |
Methods inherited from interface ARoad0.gBaseInterface.BoundBean |
---|
addPropertyChangeListener, addPropertyChangeListener, removePropertyChangeListener, removePropertyChangeListener |
Methods inherited from interface ARoad0.gBaseInterface.ImmutablePrivilegeSource |
---|
getEorL_SourcePrivilegeForLinks, getEorL_SourcePrivilegeForTypes, getEorL_SourcePrivileges |
Methods inherited from interface ARoad0.gBaseInterface.ImmutableSource |
---|
getEorAliasAsInternalHardReference, getEorReferenceAsInternalHardAlias, getHasSoftAlias, getL_AcsOfSoftReferences, getL_SoftAlias, getType |
Methods inherited from interface ARoad0.gBaseInterface.ACSObject |
---|
getAcsName, getEorACS |
Methods inherited from interface ARoad0.gBaseInterface.BaseObject |
---|
equals, getFullName, getName, getNickName, hashCode |
Methods inherited from interface ARoad0.gBaseInterface.BaseBeanManager |
---|
addPropertyChangeListener, addPropertyChangeListener, removePropertyChangeListener, removePropertyChangeListener |
Methods inherited from interface ARoad0.gBaseInterface.ImmutableTarget |
---|
getEorAliasAsInternalHardReference, getEorReferenceAsInternalHardAlias, getHasSoftAlias, getL_AcsOfSoftReferences, getL_SoftAlias, getType |
Field Detail |
---|
private static final long serialVersionUID__
public static final GroupIDMySQLImpl EMPTY_INSTANCE
public static final java.io.ObjectStreamField[] serialPersistentFields
Constructor Detail |
---|
public GroupIDMySQLImpl()
public GroupIDMySQLImpl(ImmutableName _name, ACS _acs, java.lang.String _epType, java.lang.Boolean _isAdmin) throws CreateError
_name
- ImmutableName of the groupID_acs
- ACS of the groupID_epType
- is the eligible party type, and may be null if the ACS allows it._isAdmin
- true only if the instance has an administrative role in the ACS,
for the technical administration or the users.
CreateError
- if _name ends with '_tree>', or if
ACSImpl.newEorEligibleParty() throws it - the instance must then be deleted !public GroupIDMySQLImpl(ImmutableName _name, ACS _acs, java.lang.String _epType, boolean _isAdmin, boolean _toRegisterInManager) throws CreateError
_name
- ImmutableName of the eligible party to create_acs
- Main ACS of the eligible party to create_epType
- is the eligible party type, and may be null if the ACS allows it._isAdmin
- true only if the instance has an administrative role in the ACS,
for the technical administration or the users._toRegisterInManager
- false if this method must not register
the instance in its ACS.
CreateError
- if ACSImpl.newEorEligibleParty() throws it, or if
the pattern-name policy is not fulfilled
- the instance must then be deleteMethod Detail |
---|
public long getSerialVersionUID()
BasicImpl
getSerialVersionUID
in interface ImmutableBasic
getSerialVersionUID
in class GroupIDImpl
public java.util.Map<java.lang.String,java.lang.String> getAddonInnerPropertiesToListen()
- 'THIS' to say that the single object to listen is the ACSObject,
- 'ACS.method_name' to say that the list of objects to listen is returned by the method 'method_name' in the Addon ACS class.
For each map key, the values have the following format:
'AAA.method_name IF BBB'
where:
- AAA: THIS (mandatory),
- method_name: 'get' method name of the ACSObject that is associated, in the relevant BeanInfo class, to the event to listen (mandatory)
- IF BBB: where BBB is TRUE, or FALSE, or NULL, or NOT-NULL, to say that the event must be listened if and only if the returned value of the method_name is respectively a boolean TRUE, or FALSE, or an object NULL, or NOT-NULL (option).
When the map value starts with 'ACS', the ACS method to call has the ACSObject has one argument. Otherwise, the ACS or the ACSObject method has no argument. Called by ARoad0.UtilityImpl.removeAddonParentPropertyChangeListener().
getAddonInnerPropertiesToListen
in interface ACSObjectAddon
AcsAddon.getAddonParentPropertiesToListen()
public void addEorMember(GroupIDMember _gm) throws CreateError
An account or proxy account may be member of a host only if the account exists in the ACS the host represents. The account 'anonymous' is the single exception for which no match to a true ACS account is required. Nonetheless, it is possible to have two 'jerry' account in two hosts by putting, as member of one host, a MySQL account like 'jerry(2)' or 'jerry(Z)' to represent the account 'jerry'.
The super method resets only the conditional ACLs. For the non-conditional ones, there are several cases:
- a host has only accounts as members, and the call to this method at the creation of the host is always before the creation of any account ACL, so there is no issue on the current non-conditional ACL of the account or of the host.
- a standard pattern-name group has no ACL, then there is no issue there.
UserIDMySQLImpl.setValueOf() and ProxyMySQLImpl.setValueOf() call this method at the creation of an account. Overrides and calls the super method.
addEorMember
in interface GroupID
addEorMember
in class GroupIDImpl
_gm
- new member of the GroupID. No action if null, empty.
CreateError
- if _gm is a GroupID which has this instance has
direct or indirect member, if _gm is already a member, or if the _gm type
is not authorized by the ACS, or if the type does not allow the operation,
if this group is immutable, or if it is mutable and not the new member.public void removeEorMember(GroupIDMember _gm) throws CreateError
removeEorMember
in interface GroupID
removeEorMember
in class GroupIDImpl
_gm
- member of the GroupID.
CreateError
- to explain that this operation is forbidden and whypublic void addGroupToGM(GroupID _grp)
addGroupToGM
in interface GroupIDMember
addGroupToGM
in class GroupIDMemberImpl
_grp
- is the groupID to add. No action if it is null, or with null name.public void removeEorMemberWithoutControl(GroupIDMember _gm) throws CreateError
_gm
- member of the GroupID. No action if unknown, null, empty.
CreateError
- if the type does not allow the operationpublic void finalizeForBase() throws UpDateError
finalizeForBase
in interface FinalizedObject
finalizeForBase
in class GroupIDImpl
UpDateError
- if GroupIDMySQLImpl.removeEorMemberWithoutControl() throws itpublic java.lang.Object copy(ImmutableName _name, ACS _acs, Directory _parent, java.lang.Boolean _toRegisterInManager) throws CreateError
copy
in interface Copyable
copy
in class GroupIDImpl
_name
- copy name. Usually creates as an extension of _parent name._acs
- main ACS of the copy to create. May not be the ACS of this instance._parent
- is not used, wathever the value._toRegisterInManager
- false if this method must not register
the instance in the ACS.
CreateError
- of the constructor with the same parameters,
or if _parent ACS is not _acs, or addAclEntry() exceptions.public java.lang.Object copyWithoutInternalAcl(ImmutableName _name, ACS _acs, Directory _parent, java.lang.Boolean _toRegisterInManager) throws CreateError
copyWithoutInternalAcl
in interface EligibleParty
copyWithoutInternalAcl
in class GroupIDImpl
_name
- copy name. Usually creates as an extension of _parent name._acs
- main ACS of the copy to create. May not be the ACS of this instance._parent
- is not used, wathever the value._toRegisterInManager
- false if this method must not register
the instance in the ACS.
CreateError
- of the constructor with the same parameters,
or if _parent ACS is not _acs.public boolean isSimpleHost()
isSimpleHost
in interface GroupIDMySQL
protected void addEorMemberToPatternNameGroup(GroupIDMember _gm) throws CreateError
- an accounts-for-hosts group has only accounts as members, and the call to this method at the creation of the account or the group is always before the creation of any ACL, so there is no issue on the current non-conditional ACL of the account or of the group,
- a hosts group has only hosts as members, and the call to this method at the creation of the host or the hosts group is always before the creation of any ACL, so there is no issue on the current non-conditional ACL of the host or of the hosts group.
Called by the constructor. Overrides and calls the super method at the end.
_gm
- new member of the GroupID. No action if null, empty.
CreateError
- if _gm is a GroupID which has this instance has
direct or indirect member, if _gm is already a member, or if the _gm type
is not authorized by the ACS, or if the type does not allow the operation,
if this group is immutable, or if it is mutable and not the new member.protected static boolean isMemberOfMySQLPatternNameGroup(ImmutableGroupIDMember _memb, ImmutableGroupID _patternNameGroup) throws BaseError
- '%' matches any number of characters, even zero characters,
- '_' matches exactly one character.
For instance, the host 'localhost' matches the pattern-name hosts group 'local%'. A pattern-name group has not 'standard' in its type. There is no operation if one argument is a standard group.
There are two types of pattern-name groups, for hosts and for accounts-for-hosts, listed hereinafter:
(1) A pattern-name hosts group may be created by the Access Road user to contain all the hosts having a given pattern in their names.
(2) A pattern-name accounts-for-hosts group may be created by the Access Road user to contain all the accounts having a given pattern, like 'tom' and 'tom(2)'. The pattern-name accounts-for-hosts group name has then the form 'name§@YYYY', where YYYY contain a wildcard character.
An IP value can match only pure IPv4 addresses, not host names. '1.2.example.com' never match '1.2.%'. This is why the group '1.2.example.com' is not a member of the pattern-name_hosts group '1.2.%'. This method detects an IP v4 address has containing the character '.' and no 'a-z', 'A-Z' characters, after a removing of the IS name. Called by the constructor.
_memb
- MySQL account or group name_patternNameGroup
- pattern-name group
BaseError
- if _patternNameGroup is not a MySQL pattern-name groupprotected static ImmutableName getNameFromHostComponent(java.lang.String _host_name) throws BaseError
_host_name
- host name last component, where the name components are
separated by ':'
BaseError
- if the argument has a wrong formatprotected GroupIDMySQLImpl copyOwnVariables(GroupIDMySQLImpl _result, boolean _withoutInternalAcl) throws CreateError
_result
- to update with this instance variables copies_withoutInternalAcl
- true if the internal aclEntries
- that is with a resource having the same ACS - must not be copied
CreateError
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |