JG 1.0.3 Export JDBCAuthorizationManagr Data

2009-04-03
2013-05-08
  • christian kanele

    Hi Charles,
    I followed the hints of the documentation to export authorization data via AuthorizationManager (http://jguard.sourceforge.net/mvnsite/docbook/en_jGuard_reference.html#d108e4497)
    I tried to do export the data on a RDBMS via a JDBCAuthorizationManager. But I run into problem that the necessary initialization of a necessary XmlAuthorizationManager (which is done behind the screens) is not properly initialized.
    My question is:
    - am I a wrong in using a JDBCAuthorizationManager to export data from a database?
    - is it a bug because you considered it to work that way, too?

    In case my 1st question is answered no and the 2nd question is answered by you with yes, I can post my small program as well as the lines from which I believe that they are wrong.
    In the opposite case, do you have working sourcecode which you could deliver?

    Regards, canelli

     
    • Vinicius Pitta Lima de Araujo

      Hi Canelli,
      Is not clear to me what you tried and what you get as error! Looking for the documentation, I think you are not wrong when try to export data from database using a JDBCAuthorizationManager because the AuthorizationUtils (that get the job done) get a AuthorizationManager (the interface) as parameter. So there is no reason to don't work.

      Can you post the code you tried to run and what you get as error?

      []'s
      Vinícius Pitta Lima de Araújo
      http://www.viniciusaraujo.net

       
      • christian kanele

        Hi,
        I integrated the AuthorizationManager fix Charles had posted.
        But, it only exports the already existing authorization xml-file instead of the authorization data from the database.
        Therefore, once again. What is the exact semantics of the method exportAsStringA?
        How to use is in a database context?
        Regards, canelli

         
        • Charles Lescot

          Charles Lescot - 2009-04-28

          Hi,
          this method export the database as an Xml file, and read the file and convert it into a string.
          the  problem seems that the Xml temporary file used to contain data from the database is the same used for the original XmlAuthenticationManager.

          hope it helps,

          Charles.

           
          • Charles Lescot

            Charles Lescot - 2009-04-28

            the problem should be that the same options are used for the already existing XmlauthorizationManager, and the temporary XmlauthorizationManager.
            the file used (present in options), must be different.

            hope it helps,

            Charles.

             
    • christian kanele

      Hi,
      I instantiate an JDBCAuthorizationManager and create the options afterwards put to the Manager:

      this is the main of my ExportData.class

          String myXmlData = "";
         
          Map<String, String> options = new HashMap<String, String>();
          options.put("authorizationXmlFileLocation", "/WEB-INF/conf/jGuard/jGuardPrincipalsPermissions.xml");
          options.put(CoreConstants.APPLICATION_NAME,"blabla");
          options.put(SecurityConstants.AUTHORIZATION_DATABASE_FILE_LOCATION,"/home/chk/development/workspace/projects/mitgliederSeiten/build/web/WEB-INF/conf/jGuard/authorization.mysql.properties");

          options.put(SecurityConstants.SECURED,"blabla");
          options.put(SecurityConstants.DATABASE_DRIVER,"com.mysql.jdbc.Driver");
          options.put(SecurityConstants.DATABASE_DRIVER_URL,"jdbc:mysql://localhost/blabla");
          options.put(SecurityConstants.DATABASE_DRIVER_LOGIN,"bla");
          options.put(SecurityConstants.DATABASE_DRIVER_PASSWORD,"bla");

          AuthorizationManager myAuthZManager = new JdbcAuthorizationManager();
              try {
                  myAuthZManager.init(options);
                  myXmlData = AuthorizationUtils.exportAsXMLString(myAuthZManager);
              } catch (AuthorizationException ex) {
                  ex.printStackTrace();
              }
         
          System.out.println("This is the xport of the AuthorizationManager: \n"+myXmlData);

      This is the logfile with the stacktrace it produces:

      02.04.2009 18:21:03 net.sf.jguard.ext.database.DatabaseUtils createEntities
      INFO: JG_APP_PRINCIPAL_SEQ entry is not present in the properties file
      02.04.2009 18:21:03 net.sf.jguard.ext.database.DatabaseUtils createEntities
      INFO: JG_PERMISSION_SEQ entry is not present in the properties file
      02.04.2009 18:21:03 net.sf.jguard.ext.database.DatabaseUtils createEntities
      INFO: JG_DOMAIN_SEQ entry is not present in the properties file
      02.04.2009 18:21:03 net.sf.jguard.ext.database.DatabaseUtils isEmpty
      INFO:  there are some principals in database

      Exception in thread "main" java.lang.NullPointerException
              at net.sf.jguard.ext.authorization.manager.XmlAuthorizationManager.createPrincipal(XmlAuthorizationManager.java:367)
              at net.sf.jguard.ext.authorization.manager.AbstractAuthorizationManager.importAuthorizationManager(AbstractAuthorizationManager.java:786)
              at net.sf.jguard.ext.authorization.manager.AuthorizationUtils.exportAsXmlAuthorizationManager(AuthorizationUtils.java:50)
              at net.sf.jguard.ext.authorization.manager.AuthorizationUtils.exportAsXMLString(AuthorizationUtils.java:57)
              at org.igl.util.ExportData.main(ExportData.java:55)
      Java Result: 1

      What is the problem? It is that the used XmlAuthorizationManager runs into a NullpointerXception while trying to create the Principal:

      public void createPrincipal(Principal principal) throws AuthorizationException {
              Element principalsElement = root.element("principals");

      root is not instantiated. And why it is not instantiated? Because the following init() routine is not run in the constructor of the new XmlAuthorizationManager():

      private void init()  {
              //remove white spaces on both ends
              fileLocation = fileLocation.trim();
              //replace the white space remaining in the internal string structure
              // by the '%20' pattern
              fileLocation = fileLocation.replaceAll(" ","%20");

              if(logger.isLoggable(Level.FINEST)){
                  logger.finest("fileLocation="+fileLocation);
              }
              document =  XMLUtils.read(fileLocation);
              root = document.getRootElement();

              initPermissions();
              initPrincipals();
          }
      init is only called in
      /**
           * initialize this XML AuthorizationManager.
           * @param options
           * @see net.sf.jguard.ext.authorization.manager.AuthorizationManager#init(java.util.Properties)
           */
          public void init(Map options) {
              super.init(options);
              String applicationName= (String)options.get(CoreConstants.APPLICATION_NAME);
              this.setApplicationName(applicationName);
              super.options = options;
              fileLocation = (String)options.get(SecurityConstants.AUTHORIZATION_XML_FILE_LOCATION);
              if(fileLocation ==null ||"".equals(fileLocation)){
                  throw new IllegalArgumentException(SecurityConstants.AUTHORIZATION_XML_FILE_LOCATION+" argument for XMLAuthorizationManager is null or empty "+fileLocation);
              }
              init();

          }

      I believe this is bug:
      public class AuthorizationUtils {

          public static XmlAuthorizationManager exportAsXmlAuthorizationManager(AuthorizationManager authorizationManager) throws AuthorizationException{
              XmlAuthorizationManager xmlAuthorizationManager = null;
              if(authorizationManager instanceof XmlAuthenticationManager){
                  xmlAuthorizationManager= (XmlAuthorizationManager)authorizationManager;
                 
              }else{
                  xmlAuthorizationManager = new XmlAuthorizationManager();
                  xmlAuthorizationManager.importAuthorizationManager(authorizationManager);
              }
              return xmlAuthorizationManager;
          }
      }

      The instantiation of xmlAuthorizationManager = new XmlAuthorizationManager(); which was not properly initiated.
      To correct this, the constructor has to do some initialization (like the private init() or even some more)

      /**
           * constructor.
           */
          public XmlAuthorizationManager(){
             super();
      //do something here like this.init()
          }

      What do you think?

      Regards, canelli

       
      • Charles Lescot

        Charles Lescot - 2009-04-04

        Hi,
        ithink you've found a bug in the 1.0.x branch :that's true that init(Map options) method in the XmlAuthorizationManager is never called in one case (the preferred solution as my opinion):
        whe authorizationUtils instantiate the class.
        i've fixed it in the svn (only for the branch because the trunk seems safe about this problem):
        i've exposed the Map options needed to initialize the XmlauthorizationManager which will be used.
        i think a better solution can be done in the trunk, when you need to export the authorizationManager as a String: it's weird to specify a location in a map to receive the temprary file which will host the XmlauthorizationManager used to be converted finally in a string .....

        hope it helps,

        Charles.
        ps: i will try to release a 1.0.5 version soon which will include this fix

         
    • Charles Lescot

      Charles Lescot - 2009-04-06

      Hi,
      for your information,
      here are the modified AuthorizationUtils class for the fix:
      /*
      jGuard is a security framework based on top of jaas (java authentication and authorization security).
      it is written for web applications, to resolve simply, access control problems.
      version $Name$
      http://sourceforge.net/projects/jguard/

      Copyright (C) 2004  Charles GAY

      This library is free software; you can redistribute it and/or
      modify it under the terms of the GNU Lesser General Public
      License as published by the Free Software Foundation; either
      version 2.1 of the License, or (at your option) any later version.

      This library is distributed in the hope that it will be useful,
      but WITHOUT ANY WARRANTY; without even the implied warranty of
      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
      Lesser General Public License for more details.

      You should have received a copy of the GNU Lesser General Public
      License along with this library; if not, write to the Free Software
      Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

      jGuard project home page:
      http://sourceforge.net/projects/jguard/

      */
      package net.sf.jguard.ext.authorization.manager;

      import net.sf.jguard.ext.authentication.manager.XmlAuthenticationManager;
      import net.sf.jguard.ext.authorization.AuthorizationException;

      import java.io.IOException;
      import java.io.OutputStream;
      import java.util.Map;

      /**
      * Utility class dedicated to AuthorizationManager.
      *
      * @author <a href="mailto:diabolo512@users.sourceforge.net">Charles Gay</a>
      * @see AuthorizationManager
      */
      public class AuthorizationUtils {

          public static XmlAuthorizationManager exportAsXmlAuthorizationManager(AuthorizationManager authorizationManager, Map xmlAuthorizationManagerOptions) throws AuthorizationException {
              XmlAuthorizationManager xmlAuthorizationManager = null;
              if (authorizationManager instanceof XmlAuthenticationManager) {
                  xmlAuthorizationManager = (XmlAuthorizationManager) authorizationManager;

              } else {
                  xmlAuthorizationManager = new XmlAuthorizationManager();
                  xmlAuthorizationManager.init(xmlAuthorizationManagerOptions);
                  xmlAuthorizationManager.importAuthorizationManager(authorizationManager);
              }
              return xmlAuthorizationManager;
          }

          public static String exportAsXMLString(AuthorizationManager authorizationManager, Map xmlauthorizationManagerOptions) throws AuthorizationException {
              XmlAuthorizationManager xmlAuthorizationManager = exportAsXmlAuthorizationManager(authorizationManager, xmlauthorizationManagerOptions);
              return xmlAuthorizationManager.exportAsXMLString();
          }

          public static void writeAsHTML(AuthorizationManager authorizationManager, OutputStream outputStream, Map xmlauthorizationManagerOptions) throws IOException, AuthorizationException {
              XmlAuthorizationManager xmlAuthorizationManager = exportAsXmlAuthorizationManager(authorizationManager, xmlauthorizationManagerOptions);
              xmlAuthorizationManager.writeAsHTML(outputStream);
          }

          public static void writeAsXML(AuthorizationManager authorizationManager, OutputStream outputStream, String encodingScheme, Map xmlauthorizationManagerOptions) throws IOException, AuthorizationException {
              XmlAuthorizationManager xmlAuthorizationManager = exportAsXmlAuthorizationManager(authorizationManager, xmlauthorizationManagerOptions);
              xmlAuthorizationManager.writeAsXML(outputStream, encodingScheme);
          }

          public static void exportAsXMLFile(AuthorizationManager authorizationManager, String fileName, Map xmlauthorizationManagerOptions) throws IOException, AuthorizationException {
              XmlAuthorizationManager xmlAuthorizationManager = exportAsXmlAuthorizationManager(authorizationManager, xmlauthorizationManagerOptions);
              xmlAuthorizationManager.exportAsXMLFile(fileName);
          }
      }

      hope it helps,

      Charles.

       

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks