/* Copyright (c) 1995-2000, The Hypersonic SQL Group. * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this * list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. * * Neither the name of the Hypersonic SQL Group nor the names of its * contributors may be used to endorse or promote products derived from this * software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE HYPERSONIC SQL GROUP, * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * * This software consists of voluntary contributions made by many individuals * on behalf of the Hypersonic SQL Group. * * * For work added by the HSQL Development Group: * * Copyright (c) 2001-2008, The HSQL Development Group * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: * * Redistributions of source code must retain the above copyright notice, this * list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright notice, * this list of conditions and the following disclaimer in the documentation * and/or other materials provided with the distribution. * * Neither the name of the HSQL Development Group nor the names of its * contributors may be used to endorse or promote products derived from this * software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL HSQL DEVELOPMENT GROUP, HSQLDB.ORG, * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ package org.hsqldb; import org.hsqldb.HsqlNameManager.HsqlName; import org.hsqldb.lib.HashSet; import org.hsqldb.lib.IntValueHashMap; // fredt@users 20021103 - patch 1.7.2 - fix bug in revokeAll() // fredt@users 20021103 - patch 1.7.2 - allow for drop table, etc. // when tables are dropped or renamed, changes are reflected in the // permissions held in User objects. // boucherb@users 200208-200212 - doc 1.7.2 - update // boucherb@users 200208-200212 - patch 1.7.2 - metadata // unsaved@users - patch 1.8.0 moved right managament to new classes /** * A User Object holds the name, password for a * particular database user.

* * Enhanced in successive versions of HSQLDB. * * @author Thomas Mueller (Hypersonic SQL Group) * @version 1.8.0 * @since Hypersonic SQL */ public class User { /** true if this user is the sys user. */ private boolean isSys; /** true if this user is the public user. */ private boolean isPublic; /** user name. */ private String sName; /** password. */ private String sPassword; /** default schema when new Sessions started (defaults to PUBLIC schema) */ private HsqlName initialSchema = null; /** grantee object. */ private Grantee grantee; /** * Constructor */ User(String name, String password, Grantee inGrantee) throws HsqlException { sName = name; grantee = inGrantee; boolean granteeOk = grantee != null || GranteeManager.isReserved(name); if (!granteeOk) { Trace.doAssert(false, Trace.getMessage(Trace.MISSING_GRANTEE) + ": " + name); } setPassword(password); isSys = name.equals(GranteeManager.SYSTEM_AUTHORIZATION_NAME); isPublic = name.equals(GranteeManager.PUBLIC_ROLE_NAME); } String getName() { return sName; } void setPassword(String password) throws HsqlException { // TODO: // checkComplexity(password); // requires: UserManager.createSAUser(), UserManager.createPublicUser() sPassword = password; } /** * Checks if this object's password attibute equals * specified argument, else throws. */ void checkPassword(String test) throws HsqlException { Trace.check(test.equals(sPassword), Trace.ACCESS_IS_DENIED); } /** * Returns true if this User object is for a user with the * database administrator role. */ boolean isSys() { return isSys; } /** * Returns the initial schema for the user */ HsqlName getInitialSchema() { return initialSchema; } /** * This class does not have access to the SchemaManager, therefore * caller should verify that the given schemaName exists. * * @param schemaName Name of an existing schema. Null value allowed, * which means use the DB default session schema. */ void setInitialSchema(HsqlName schema) { initialSchema = schema; } /** * Returns true if this User object represents the PUBLIC user */ boolean isPublic() { return isPublic; } /** * Returns the ALTER USER DDL character sequence that preserves the * this user's current password value and mode.

* * @return the DDL */ String getAlterUserDDL() { StringBuffer sb = new StringBuffer(); sb.append(Token.T_ALTER).append(' '); sb.append(Token.T_USER).append(' '); sb.append(sName).append(' '); sb.append(Token.T_SET).append(' '); sb.append(Token.T_PASSWORD).append(' '); sb.append('"').append(sPassword).append('"'); return sb.toString(); } /** * returns the DDL string * sequence that creates this user. * */ String getCreateUserDDL() { StringBuffer sb = new StringBuffer(64); sb.append(Token.T_CREATE).append(' '); sb.append(Token.T_USER).append(' '); sb.append(sName).append(' '); sb.append(Token.T_PASSWORD).append(' '); sb.append('"').append(sPassword).append('"'); return sb.toString(); } /** * Retrieves the redo log character sequence for connecting * this user * * @return the redo log character sequence for connecting * this user */ public String getConnectStatement() { StringBuffer sb = new StringBuffer(); sb.append(Token.T_CONNECT).append(' '); sb.append(Token.T_USER).append(' '); sb.append(sName); return sb.toString(); } /** * Retrieves the Grantee object for this User. */ Grantee getGrantee() { return grantee; } /** * Sets the Grantee object for this User. * This is done in the constructor for all users except the special * users SYSTEM and PUBLIC, which have to be set up before the * Managers are initialized. */ void setGrantee(Grantee inGrantee) throws HsqlException { if (grantee != null) { Trace.doAssert(false, Trace.getMessage(Trace.CHANGE_GRANTEE) + ": " + sName); } grantee = inGrantee; } // Legacy wrappers /** * Returns true if this User object is for a user with the * database administrator role. */ boolean isAdmin() { return grantee.isAdmin(); } /** * Retrieves a string[] whose elements are the names, of the rights * explicitly granted with the GRANT command to this User * object on the Table object identified by the * name argument. * * @return array of Strings naming the rights granted to this * User object on the Table object * identified by the name argument. * @param name a Table object identifier * */ String[] listGrantedTablePrivileges(HsqlName name) { return grantee.listGrantedTablePrivileges(name); } /** * Retrieves the distinct set of Java Class FQNs * for which this User object has been * granted ALL (the Class execution privilege).

* @param andToPublic if true, then the set includes the * names of classes accessible to this User object * through grants to its PUBLIC User * object attribute, else only direct grants are inlcuded. * @return the distinct set of Java Class FQNs for which this * this User object has been granted * ALL. * */ HashSet getGrantedClassNames(boolean andToPublic) throws HsqlException { return grantee.getGrantedClassNames(andToPublic); } /** * Retrieves the map object that represents the rights that have been * granted on database objects.

* * The map has keys and values with the following interpretation:

* *

*/ IntValueHashMap getRights() { return grantee.getRights(); } /** * Checks that this User object is for a user with the * database administrator role. Otherwise it throws. */ void checkAdmin() throws HsqlException { grantee.checkAdmin(); } /** * Checks if any of the rights represented by the rights * argument have been granted on the specified database object.

* * This is done by checking that a mapping exists in the rights map * from the dbobject argument for at least one of the rights * contained in the rights argument. Otherwise, it throws. */ void check(HsqlName dbobject, int rights) throws HsqlException { grantee.check(dbobject, rights); } void check(String dbobject) throws HsqlException { grantee.check(dbobject); } /** * Returns true if any of the rights represented by the * rights argument has been granted on the database object identified * by the dbobject argument.

* * This is done by checking that a mapping exists in the rights map * from the dbobject argument for at least one of the rights * contained in the rights argument. */ boolean isAccessible(HsqlName dbobject, int rights) throws HsqlException { return grantee.isAccessible(dbobject, rights); } /** * Returns true if any right at all has been granted to this User object * on the database object identified by the dbobject argument. */ boolean isAccessible(String dbobject) throws HsqlException { return grantee.isAccessible(dbobject); } boolean isAccessible(HsqlName dbobject) throws HsqlException { return grantee.isAccessible(dbobject); } }