Coverage Summary for Class: SQLAccessControlSystemInitializer (com.acciente.oacc.sql.internal)

Class	Class, %	Method, %	Line, %
SQLAccessControlSystemInitializer	100% (1/ 1)	75% (3/ 4)	98.1% (51/ 52)
1 /*
2  * Copyright 2009-2018, Acciente LLC
3  *
4  * Acciente LLC licenses this file to you under the
5  * Apache License, Version 2.0 (the "License"); you
6  * may not use this file except in compliance with the
7  * License. You may obtain a copy of the License at
8  *
9  *     http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in
12  * writing, software distributed under the License is
13  * distributed on an "AS IS" BASIS, WITHOUT WARRANTIES
14  * OR CONDITIONS OF ANY KIND, either express or implied.
15  * See the License for the specific language governing
16  * permissions and limitations under the License.
17  */
18 package com.acciente.oacc.sql.internal;
19 
20 import com.acciente.oacc.AccessControlContext;
21 import com.acciente.oacc.AuthenticationProvider;
22 import com.acciente.oacc.Credentials;
23 import com.acciente.oacc.DomainCreatePermissions;
24 import com.acciente.oacc.DomainPermissions;
25 import com.acciente.oacc.PasswordCredentials;
26 import com.acciente.oacc.Resources;
27 import com.acciente.oacc.encryptor.PasswordEncryptor;
28 
29 import java.sql.Connection;
30 import java.sql.PreparedStatement;
31 import java.sql.ResultSet;
32 import java.sql.SQLException;
33 
34 public class SQLAccessControlSystemInitializer {
35    public static void initializeOACC(Connection connection,
36                                      String dbSchema,
37                                      char[] oaccRootPwd,
38                                      PasswordEncryptor passwordEncryptor) throws SQLException {
39       initializeOACC(connection, dbSchema, oaccRootPwd, passwordEncryptor, false);
40    }
41 
42    public static void initializeOACC(Connection connection,
43                                      String dbSchema,
44                                      char[] oaccRootPwd,
45                                      PasswordEncryptor passwordEncryptor,
46                                      boolean isSilent) throws SQLException {
47       final AuthenticationProvider authProvider
48             = new SQLPasswordAuthenticationProvider(connection,
49                                                     dbSchema,
50                                                     passwordEncryptor);
51       final Credentials oaccRootCredentials = PasswordCredentials.newInstance(oaccRootPwd);
52       
53       initializeOACC(connection, dbSchema, oaccRootCredentials, authProvider, isSilent);
54    }
55 
56    public static void initializeOACC(Connection connection,
57                                      String dbSchema,
58                                      Credentials oaccRootCredentials,
59                                      AuthenticationProvider authProvider,
60                                      boolean isSilent) throws SQLException {
61       SchemaNameValidator.assertValid(dbSchema);
62 
63       final String schemaNameAndTablePrefix = dbSchema != null ? dbSchema + ".OAC_" : "OAC_";
64 
65       if (!isSilent) {
66          System.out.println("Checking database...needs empty tables");
67       }
68 
69       PreparedStatement statement = null;
70       ResultSet resultSet;
71       try {
72          // create an initial domain to hold the system user
73          statement = connection.prepareStatement("SELECT  DomainId FROM " + schemaNameAndTablePrefix + "Domain WHERE DomainId = 0");
74          resultSet = statement.executeQuery();
75 
76          if (resultSet.next()) {
77             if (!isSilent) {
78                System.out.println("Cannot initialize, likely that this OACC is already initialized! (check: found a system domain)");
79             }
80             resultSet.close();
81             return;
82          }
83          statement.close();
84 
85          if (!isSilent) {
86             System.out.println("Initializing database...assuming empty tables (will fail safely if tables have data)");
87          }
88 
89          // create an initial domain to hold the system user
90          statement = connection.prepareStatement("INSERT INTO " + schemaNameAndTablePrefix + "Domain( DomainId, DomainName ) VALUES ( 0, ? )");
91          statement.setString(1, AccessControlContext.SYSTEM_DOMAIN);
92          statement.executeUpdate();
93          statement.close();
94 
95          // create a resource type for the system user
96          statement = connection.prepareStatement("INSERT INTO " + schemaNameAndTablePrefix + "ResourceClass( ResourceClassId, ResourceClassName, IsAuthenticatable, IsUnauthenticatedCreateAllowed ) VALUES ( 0, ?, 1, 0 )");
97          statement.setString(1, AccessControlContext.SYSTEM_RESOURCE_CLASS);
98          statement.executeUpdate();
99          statement.close();
100 
101          // create the system user
102          statement = connection.prepareStatement("INSERT INTO " + schemaNameAndTablePrefix + "Resource( ResourceId, ResourceClassId, DomainId ) VALUES ( 0, 0, 0 )");
103          statement.executeUpdate();
104          statement.close();
105 
106          // set the system user's password
107          authProvider.setCredentials(Resources.getInstance(0), oaccRootCredentials);
108 
109          // grant the system user [super user w/ grant] to the system domain
110          statement = connection.prepareStatement("INSERT INTO " + schemaNameAndTablePrefix + "Grant_DomPerm_Sys( AccessorResourceId, GrantorResourceId, AccessedDomainId, SysPermissionId, IsWithGrant )"
111                                                        + " VALUES ( 0, 0, 0, ?, 1 )");
112          statement.setLong(1, DomainPermissions.getInstance(DomainPermissions.SUPER_USER).getSystemPermissionId());
113          statement.executeUpdate();
114          statement.close();
115 
116          // grant the system user [create w/ grant], and [super user w/ grant] to any domains it creates
117          statement = connection.prepareStatement("INSERT INTO " + schemaNameAndTablePrefix + "Grant_DomCrPerm_Sys( AccessorResourceId, GrantorResourceId, SysPermissionId, IsWithGrant )"
118                                                        + " VALUES ( 0, 0, ?, 1 )");
119          statement.setLong(1, DomainCreatePermissions.getInstance(DomainCreatePermissions.CREATE).getSystemPermissionId());
120          statement.executeUpdate();
121          statement.close();
122          statement = connection.prepareStatement("INSERT INTO " + schemaNameAndTablePrefix + "Grant_DomCrPerm_PostCr_Sys( AccessorResourceId, GrantorResourceId, PostCreateSysPermissionId, PostCreateIsWithGrant, IsWithGrant )"
123                                                        + " VALUES ( 0, 0, ?, 1, 1 )");
124          statement.setLong(1, DomainPermissions.getInstance(DomainPermissions.SUPER_USER).getSystemPermissionId());
125          statement.executeUpdate();
126          statement.setLong(1, DomainPermissions.getInstance(DomainPermissions.CREATE_CHILD_DOMAIN).getSystemPermissionId());
127          statement.executeUpdate();
128          statement.setLong(1, DomainPermissions.getInstance(DomainPermissions.DELETE).getSystemPermissionId());
129          statement.executeUpdate();
130          statement.close();
131       }
132       finally {
133          if (statement != null) {
134             statement.close();
135          }
136       }
137    }
138 }