/*
* Copyright 2002-2007 the original author or authors.
*
* Licensed under the Apache license, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.internna.iwebmvc.core.dao;
import java.util.List;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import javax.persistence.Query;
import org.internna.iwebmvc.model.security.RoleImpl;
import org.internna.iwebmvc.model.security.UserImpl;
import org.internna.iwebmvc.utils.Assert;
import org.internna.iwebmvc.utils.StringUtils;
import org.springframework.stereotype.Repository;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;
/**
* Suitable ACEGI DAO. Avoids default DAO to facilitate security.
*
* @author Jose Noheda
*/
@Repository
public class SecurityDAOImpl implements SecurityDAO {
@PersistenceContext(name = "IWebMvcPersistenceContext") private EntityManager entityManager;
@Transactional(propagation = Propagation.REQUIRED, readOnly = true)
public RoleImpl findAuthority(String authority) {
return entityManager.find(RoleImpl.class, authority);
}
public boolean isAuthority(String authority) {
return findAuthority(authority) != null;
}
@Transactional(propagation = Propagation.REQUIRED)
public void createAuthority(String authority) {
Assert.hasText(authority);
if (!isAuthority(authority)) {
entityManager.persist(new RoleImpl(authority));
entityManager.flush();
}
}
@SuppressWarnings("unchecked")
@Transactional(propagation = Propagation.REQUIRED, readOnly = true)
public List<RoleImpl> findAuthorities() {
Query query = entityManager.createNamedQuery(RoleImpl.FIND_ALL_ROLES);
return query.getResultList();
}
@Transactional(propagation = Propagation.REQUIRED)
public void createUser(UserImpl user) {
Assert.notNull(user);
entityManager.merge(user);
entityManager.flush();
}
@SuppressWarnings("unchecked")
@Transactional(propagation = Propagation.REQUIRED, readOnly = true)
public UserImpl findUser(String userName) {
Query query = entityManager.createNamedQuery(UserImpl.FIND_BY_USERNAME);
query.setParameter("username", userName);
return (UserImpl) query.getSingleResult();
}
@SuppressWarnings("unchecked")
@Transactional(propagation = Propagation.REQUIRED, readOnly = true)
public List<UserImpl> findUsers(String username, String name, String role, int offset, int number) {
String queryString = "SELECT u from UserImpl u";
if (StringUtils.hasText(username)) queryString += " WHERE LOWER(username) LIKE :username";
if (StringUtils.hasText(name)) {
queryString += queryString.indexOf("WHERE") < 0 ? " WHERE " : " AND ";
queryString += " LOWER(name) LIKE :name";
}
if (StringUtils.hasText(role)) {
queryString += queryString.indexOf("WHERE") < 0 ? " WHERE " : " AND ";
queryString += " :role IN ELEMENTS(u.roles)";
}
Query query = entityManager.createQuery(queryString);
query.setFirstResult(offset > 0 ? offset : 0);
query.setMaxResults(number > 0 ? number : 0);
if (StringUtils.hasText(name)) query.setParameter("name", name + "%");
if (StringUtils.hasText(username)) query.setParameter("username", username + "%");
if (StringUtils.hasText(role)) query.setParameter("role", role);
return query.getResultList();
}
}