1 package org.collectionspace.services.common.authorization_mgt;
\r
3 import java.sql.Connection;
\r
4 import java.sql.PreparedStatement;
\r
5 import java.sql.ResultSet;
\r
6 import java.sql.SQLException;
\r
7 import java.sql.Statement;
\r
8 import java.util.ArrayList;
\r
9 import java.util.Hashtable;
\r
10 import java.util.List;
\r
11 import java.util.UUID;
\r
13 import javax.naming.NamingException;
\r
15 import org.collectionspace.services.authorization.AuthZ;
\r
16 import org.collectionspace.services.authorization.CSpaceAction;
\r
17 import org.collectionspace.services.authorization.PermissionException;
\r
18 import org.collectionspace.services.authorization.PermissionRole;
\r
19 import org.collectionspace.services.authorization.RoleValue;
\r
20 import org.collectionspace.services.authorization.URIResourceImpl;
\r
21 import org.collectionspace.services.authorization.perms.EffectType;
\r
22 import org.collectionspace.services.authorization.perms.Permission;
\r
23 import org.collectionspace.services.authorization.perms.PermissionAction;
\r
24 import org.collectionspace.services.common.config.ServiceConfigUtils;
\r
25 import org.collectionspace.services.common.config.TenantBindingConfigReaderImpl;
\r
26 import org.collectionspace.services.common.document.DocumentHandler;
\r
27 import org.collectionspace.services.common.security.SecurityUtils;
\r
28 import org.collectionspace.services.common.service.ServiceBindingType;
\r
29 import org.collectionspace.services.common.storage.DatabaseProductType;
\r
30 import org.collectionspace.services.common.storage.JDBCTools;
\r
31 import org.collectionspace.services.common.tenant.TenantBindingType;
\r
32 import org.collectionspace.services.lifecycle.Lifecycle;
\r
33 import org.mortbay.log.Log;
\r
34 import org.slf4j.Logger;
\r
35 import org.slf4j.LoggerFactory;
\r
36 import org.springframework.security.acls.model.AlreadyExistsException;
\r
39 public class AuthorizationCommon {
\r
40 final static Logger logger = LoggerFactory.getLogger(AuthorizationCommon.class);
\r
42 public static final String TENANT_ADMIN_ACCT_PREFIX = "admin@";
\r
43 public static final String TENANT_READER_ACCT_PREFIX = "reader@";
\r
44 public static final String ROLE_PREFIX = "ROLE_";
\r
45 public static final String SPRING_ADMIN_ROLE = "ROLE_SPRING_ADMIN";
\r
46 public static final String TENANT_ADMIN_ROLE_SUFFIX = "_TENANT_ADMINISTRATOR";
\r
47 public static final String TENANT_READER_ROLE_SUFFIX = "_TENANT_READER";
\r
48 public static final String DEFAULT_ADMIN_PASSWORD = "Administrator";
\r
49 public static final String DEFAULT_READER_PASSWORD = "reader";
\r
51 public static String ROLE_SPRING_ADMIN_ID = "-1";
\r
52 public static String ROLE_SPRING_ADMIN_NAME = "ROLE_SPRING_ADMIN";
\r
55 * addPermissionsForUri add permissions from given permission configuration
\r
56 * with assumption that resource is of type URI
\r
57 * @param permission configuration
\r
59 public static void addPermissionsForUri(Permission perm,
\r
60 PermissionRole permRole) throws PermissionException {
\r
61 List<String> principals = new ArrayList<String>();
\r
62 if (!perm.getCsid().equals(permRole.getPermission().get(0).getPermissionId())) {
\r
63 throw new IllegalArgumentException("permission ids do not"
\r
64 + " match for role=" + permRole.getRole().get(0).getRoleName()
\r
65 + " with permissionId=" + permRole.getPermission().get(0).getPermissionId()
\r
66 + " for permission with csid=" + perm.getCsid());
\r
68 for (RoleValue roleValue : permRole.getRole()) {
\r
69 principals.add(roleValue.getRoleName());
\r
71 List<PermissionAction> permActions = perm.getAction();
\r
72 for (PermissionAction permAction : permActions) {
\r
74 CSpaceAction action = URIResourceImpl.getAction(permAction.getName());
\r
75 URIResourceImpl uriRes = new URIResourceImpl(perm.getTenantId(),
\r
76 perm.getResourceName(), action);
\r
77 boolean grant = perm.getEffect().equals(EffectType.PERMIT) ? true : false;
\r
78 AuthZ.get().addPermissions(uriRes, principals.toArray(new String[0]), grant);//CSPACE-4967
\r
79 } catch (PermissionException e) {
\r
81 // Only throw the exception if it is *not* an already-exists exception
\r
83 if (e.getCause() instanceof AlreadyExistsException == false) {
\r
90 private static Connection getConnection() throws NamingException, SQLException {
\r
91 return JDBCTools.getConnection(JDBCTools.CSPACE_REPOSITORY_NAME);
\r
94 public static void createDefaultPermissions(TenantBindingConfigReaderImpl tenantBindingConfigReader) throws Exception
\r
96 Hashtable<String, TenantBindingType> tenantBindings =
\r
97 tenantBindingConfigReader.getTenantBindings();
\r
98 for (String tenantId : tenantBindings.keySet()) {
\r
99 TenantBindingType tenantBinding = tenantBindings.get(tenantId);
\r
100 for (ServiceBindingType serviceBinding : tenantBinding.getServiceBindings()) {
\r
102 DocumentHandler docHandler = ServiceConfigUtils.createDocumentHandlerInstance(
\r
103 tenantBinding, serviceBinding);
\r
104 Lifecycle lifecycle = docHandler.getLifecycle();
\r
105 } catch (IllegalStateException e) {
\r
106 Log.debug(e.getLocalizedMessage(), e); //We end up here if there is no document handler for the service -this is ok for some of the services.
\r
110 // For each service binding in each tenancy, get the Nuxeo document type and retrieve it's life cycle type. For
\r
111 // that life cycle type, ask Nuxeo for all the configured transitions. For each of those transitions,
\r
113 // * a URI of the form - /<service>/*/workflow/<transition>
\r
114 // * a CRUDL Permission for the URI
\r
115 // * a RL Permission for the URI
\r
116 // * a PermissionRole for admin role
\r
117 // * a PermissionRole for the reader role
\r
119 // * add a new Permission/PermissionRole tuple to the Spring AuthZ tables
\r
120 // * persist the new Permission, and PermissionRole to the cspace database
\r
125 * FIXME: REM - This method is way too big -over 300 lines! We need to break it up into
\r
126 * smaller, discrete, sub-methods.
\r
128 public static void createDefaultAccounts(TenantBindingConfigReaderImpl tenantBindingConfigReader) {
\r
129 if (logger.isDebugEnabled()) {
\r
130 logger.debug("ServiceMain.createDefaultAccounts starting...");
\r
133 Hashtable<String, TenantBindingType> tenantBindings =
\r
134 tenantBindingConfigReader.getTenantBindings();
\r
135 Hashtable<String, String> tenantInfo = new Hashtable<String, String>();
\r
136 for (TenantBindingType tenantBinding : tenantBindings.values()) {
\r
137 String tId = tenantBinding.getId();
\r
138 String tName = tenantBinding.getName();
\r
139 tenantInfo.put(tId, tName);
\r
140 if (logger.isDebugEnabled()) {
\r
141 logger.debug("createDefaultAccounts found configured tenant id: "+tId+" name: "+tName);
\r
144 Connection conn = null;
\r
145 PreparedStatement pstmt = null;
\r
146 Statement stmt = null;
\r
147 // TODO - need to put in tests for existence first.
\r
148 // We could just look for the accounts per tenant up front, and assume that
\r
149 // the rest is there if the accounts are.
\r
150 // Could add a sql script to remove these if need be - Spring only does roles,
\r
151 // and we're not touching that, so we could safely toss the
\r
152 // accounts, users, account-tenants, account-roles, and start over.
\r
154 conn = getConnection();
\r
155 // First find or create the tenants
\r
156 String queryTenantSQL =
\r
157 "SELECT id,name FROM tenants";
\r
158 stmt = conn.createStatement();
\r
159 ResultSet rs = stmt.executeQuery(queryTenantSQL);
\r
160 ArrayList<String> existingTenants = new ArrayList<String>();
\r
161 while (rs.next()) {
\r
162 String tId = rs.getString("id");
\r
163 String tName = rs.getString("name");
\r
164 if(tenantInfo.containsKey(tId)) {
\r
165 existingTenants.add(tId);
\r
166 if(!tenantInfo.get(tId).equalsIgnoreCase(tName)) {
\r
167 logger.warn("Configured name for tenant: "
\r
168 +tId+" in repository: "+tName
\r
169 +" does not match config'd name: "+ tenantInfo.get(tId));
\r
175 String insertTenantSQL =
\r
176 "INSERT INTO tenants (id,name,created_at) VALUES (?,?, now())";
\r
177 pstmt = conn.prepareStatement(insertTenantSQL); // create a statement
\r
178 for(String tId : tenantInfo.keySet()) {
\r
179 if(existingTenants.contains(tId)) {
\r
180 if (logger.isDebugEnabled()) {
\r
181 logger.debug("createDefaultAccounts: tenant exists (skipping): "
\r
182 +tenantInfo.get(tId));
\r
186 pstmt.setString(1, tId); // set id param
\r
187 pstmt.setString(2, tenantInfo.get(tId)); // set name param
\r
188 if (logger.isDebugEnabled()) {
\r
189 logger.debug("createDefaultAccounts adding entry for tenant: "+tId);
\r
191 pstmt.executeUpdate();
\r
194 // Second find or create the users
\r
195 String queryUserSQL =
\r
196 "SELECT username FROM users WHERE username LIKE '"
\r
197 +TENANT_ADMIN_ACCT_PREFIX+"%' OR username LIKE '"
\r
198 +TENANT_READER_ACCT_PREFIX+"%'";
\r
199 rs = stmt.executeQuery(queryUserSQL);
\r
200 ArrayList<String> usersInRepo = new ArrayList<String>();
\r
201 while (rs.next()) {
\r
202 String uName = rs.getString("username");
\r
203 usersInRepo.add(uName);
\r
206 String insertUserSQL =
\r
207 "INSERT INTO users (username,passwd, created_at)"
\r
208 +" VALUES (?,?, now())";
\r
209 pstmt = conn.prepareStatement(insertUserSQL); // create a statement
\r
210 for(String tName : tenantInfo.values()) {
\r
211 String adminAcctName = getDefaultAdminUserID(tName);
\r
212 if(!usersInRepo.contains(adminAcctName)) {
\r
213 String secEncPasswd = SecurityUtils.createPasswordHash(
\r
214 adminAcctName, DEFAULT_ADMIN_PASSWORD);
\r
215 pstmt.setString(1, adminAcctName); // set username param
\r
216 pstmt.setString(2, secEncPasswd); // set passwd param
\r
217 if (logger.isDebugEnabled()) {
\r
218 logger.debug("createDefaultAccounts adding user: "
\r
219 +adminAcctName+" for tenant: "+tName);
\r
221 pstmt.executeUpdate();
\r
222 } else if (logger.isDebugEnabled()) {
\r
223 logger.debug("createDefaultAccounts: user: "+adminAcctName
\r
224 +" already exists - skipping.");
\r
228 String readerAcctName = getDefaultReaderUserID(tName);
\r
229 if(!usersInRepo.contains(readerAcctName)) {
\r
230 String secEncPasswd = SecurityUtils.createPasswordHash(
\r
231 readerAcctName, DEFAULT_READER_PASSWORD);
\r
232 pstmt.setString(1, readerAcctName); // set username param
\r
233 pstmt.setString(2, secEncPasswd); // set passwd param
\r
234 if (logger.isDebugEnabled()) {
\r
235 logger.debug("createDefaultAccounts adding user: "
\r
236 +readerAcctName+" for tenant: "+tName);
\r
238 pstmt.executeUpdate();
\r
239 } else if (logger.isDebugEnabled()) {
\r
240 logger.debug("createDefaultAccounts: user: "+readerAcctName
\r
241 +" already exists - skipping.");
\r
245 // Third, create the accounts. Assume that if the users were already there,
\r
246 // then the accounts were as well
\r
247 String insertAccountSQL =
\r
248 "INSERT INTO accounts_common "
\r
249 + "(csid, email, userid, status, screen_name, metadata_protection, roles_protection, created_at) "
\r
250 + "VALUES (?,?,?,'ACTIVE',?, 'immutable', 'immutable', now())";
\r
251 Hashtable<String, String> tenantAdminAcctCSIDs = new Hashtable<String, String>();
\r
252 Hashtable<String, String> tenantReaderAcctCSIDs = new Hashtable<String, String>();
\r
253 pstmt = conn.prepareStatement(insertAccountSQL); // create a statement
\r
254 for(String tId : tenantInfo.keySet()) {
\r
255 String tName = tenantInfo.get(tId);
\r
256 String adminCSID = UUID.randomUUID().toString();
\r
257 tenantAdminAcctCSIDs.put(tId, adminCSID);
\r
258 String adminAcctName = getDefaultAdminUserID(tName);
\r
259 if(!usersInRepo.contains(adminAcctName)) {
\r
260 pstmt.setString(1, adminCSID); // set csid param
\r
261 pstmt.setString(2, adminAcctName); // set email param (bogus)
\r
262 pstmt.setString(3, adminAcctName); // set userid param
\r
263 pstmt.setString(4, "Administrator");// set screen name param
\r
264 if (logger.isDebugEnabled()) {
\r
265 logger.debug("createDefaultAccounts adding account: "
\r
266 +adminAcctName+" for tenant: "+tName);
\r
268 pstmt.executeUpdate();
\r
269 } else if (logger.isDebugEnabled()) {
\r
270 logger.debug("createDefaultAccounts: user: "+adminAcctName
\r
271 +" already exists - skipping account generation.");
\r
274 String readerCSID = UUID.randomUUID().toString();
\r
275 tenantReaderAcctCSIDs.put(tId, readerCSID);
\r
276 String readerAcctName = getDefaultReaderUserID(tName);
\r
277 if(!usersInRepo.contains(readerAcctName)) {
\r
278 pstmt.setString(1, readerCSID); // set csid param
\r
279 pstmt.setString(2, readerAcctName); // set email param (bogus)
\r
280 pstmt.setString(3, readerAcctName); // set userid param
\r
281 pstmt.setString(4, "Reader"); // set screen name param
\r
282 if (logger.isDebugEnabled()) {
\r
283 logger.debug("createDefaultAccounts adding account: "
\r
284 +readerAcctName+" for tenant: "+tName);
\r
286 pstmt.executeUpdate();
\r
287 } else if (logger.isDebugEnabled()) {
\r
288 logger.debug("createDefaultAccounts: user: "+readerAcctName
\r
289 +" already exists - skipping account creation.");
\r
293 // Fourth, bind accounts to tenants. Assume that if the users were already there,
\r
294 // then the accounts were bound to tenants correctly
\r
295 String insertAccountTenantSQL;
\r
296 DatabaseProductType databaseProductType = JDBCTools.getDatabaseProductType();
\r
297 if (databaseProductType == DatabaseProductType.MYSQL) {
\r
298 insertAccountTenantSQL =
\r
299 "INSERT INTO accounts_tenants (TENANTS_ACCOUNTSCOMMON_CSID,tenant_id) "
\r
301 } else if (databaseProductType == DatabaseProductType.POSTGRESQL) {
\r
302 insertAccountTenantSQL =
\r
303 "INSERT INTO accounts_tenants (HJID, TENANTS_ACCOUNTSCOMMON_CSID,tenant_id) "
\r
304 + " VALUES(nextval('hibernate_sequence'), ?, ?)";
\r
306 throw new Exception("Unrecognized database system.");
\r
308 pstmt = conn.prepareStatement(insertAccountTenantSQL); // create a statement
\r
309 for(String tId : tenantInfo.keySet()) {
\r
310 String tName = tenantInfo.get(tId);
\r
311 if(!usersInRepo.contains(getDefaultAdminUserID(tName))) {
\r
312 String adminAcct = tenantAdminAcctCSIDs.get(tId);
\r
313 pstmt.setString(1, adminAcct); // set acct CSID param
\r
314 pstmt.setString(2, tId); // set tenant_id param
\r
315 if (logger.isDebugEnabled()) {
\r
316 logger.debug("createDefaultAccounts binding account id: "
\r
317 +adminAcct+" to tenant id: "+tId);
\r
319 pstmt.executeUpdate();
\r
321 if(!usersInRepo.contains(getDefaultReaderUserID(tName))) {
\r
322 String readerAcct = tenantReaderAcctCSIDs.get(tId);
\r
323 pstmt.setString(1, readerAcct); // set acct CSID param
\r
324 pstmt.setString(2, tId); // set tenant_id param
\r
325 if (logger.isDebugEnabled()) {
\r
326 logger.debug("createDefaultAccounts binding account id: "
\r
327 +readerAcct+" to tenant id: "+tId);
\r
329 pstmt.executeUpdate();
\r
333 // Fifth, fetch and save the default roles
\r
334 String springAdminRoleCSID = null;
\r
335 String querySpringRole =
\r
336 "SELECT csid from roles WHERE rolename='"+SPRING_ADMIN_ROLE+"'";
\r
337 rs = stmt.executeQuery(querySpringRole);
\r
339 springAdminRoleCSID = rs.getString(1);
\r
340 if (logger.isDebugEnabled()) {
\r
341 logger.debug("createDefaultAccounts found Spring Admin role: "
\r
342 +springAdminRoleCSID);
\r
345 String insertSpringAdminRoleSQL =
\r
346 "INSERT INTO roles (csid, rolename, displayName, rolegroup, created_at, tenant_id) "
\r
347 + "VALUES ('-1', 'ROLE_SPRING_ADMIN', 'SPRING_ADMIN', 'Spring Security Administrator', now(), '0')";
\r
348 stmt.executeUpdate(insertSpringAdminRoleSQL);
\r
349 springAdminRoleCSID = "-1";
\r
350 if (logger.isDebugEnabled()) {
\r
351 logger.debug("createDefaultAccounts CREATED Spring Admin role: "
\r
352 +springAdminRoleCSID);
\r
356 String getRoleCSIDSql =
\r
357 "SELECT csid from roles WHERE tenant_id=? and rolename=?";
\r
358 pstmt = conn.prepareStatement(getRoleCSIDSql); // create a statement
\r
360 Hashtable<String, String> tenantAdminRoleCSIDs = new Hashtable<String, String>();
\r
361 Hashtable<String, String> tenantReaderRoleCSIDs = new Hashtable<String, String>();
\r
362 for(String tId : tenantInfo.keySet()) {
\r
363 pstmt.setString(1, tId); // set tenant_id param
\r
364 pstmt.setString(2, getDefaultAdminRole(tId)); // set rolename param
\r
365 rs = pstmt.executeQuery();
\r
366 // extract data from the ResultSet
\r
368 throw new RuntimeException("Cannot find role: "+getDefaultAdminRole(tId)
\r
369 +" for tenant id: "+tId+" in roles!");
\r
371 String tenantAdminRoleCSID = rs.getString(1);
\r
372 if (logger.isDebugEnabled()) {
\r
373 logger.debug("createDefaultAccounts found role: "
\r
374 +getDefaultAdminRole(tId)+"("+tenantAdminRoleCSID
\r
375 +") for tenant id: "+tId);
\r
377 tenantAdminRoleCSIDs.put(tId, tenantAdminRoleCSID);
\r
378 pstmt.setString(1, tId); // set tenant_id param
\r
379 pstmt.setString(2, getDefaultReaderRole(tId)); // set rolename param
\r
381 rs = pstmt.executeQuery();
\r
382 // extract data from the ResultSet
\r
384 throw new RuntimeException("Cannot find role: "+getDefaultReaderRole(tId)
\r
385 +" for tenant id: "+tId+" in roles!");
\r
387 String tenantReaderRoleCSID = rs.getString(1);
\r
388 if (logger.isDebugEnabled()) {
\r
389 logger.debug("createDefaultAccounts found role: "
\r
390 +getDefaultReaderRole(tId)+"("+tenantReaderRoleCSID
\r
391 +") for tenant id: "+tId);
\r
393 tenantReaderRoleCSIDs.put(tId, tenantReaderRoleCSID);
\r
397 // Sixth, bind the accounts to roles. If the users already existed,
\r
398 // we'll assume they were set up correctly.
\r
399 String insertAccountRoleSQL;
\r
400 if (databaseProductType == DatabaseProductType.MYSQL) {
\r
401 insertAccountRoleSQL =
\r
402 "INSERT INTO accounts_roles(account_id, user_id, role_id, role_name, created_at)"
\r
403 +" VALUES(?, ?, ?, ?, now())";
\r
404 } else if (databaseProductType == DatabaseProductType.POSTGRESQL) {
\r
405 insertAccountRoleSQL =
\r
406 "INSERT INTO accounts_roles(HJID, account_id, user_id, role_id, role_name, created_at)"
\r
407 +" VALUES(nextval('hibernate_sequence'), ?, ?, ?, ?, now())";
\r
409 throw new Exception("Unrecognized database system.");
\r
411 if (logger.isDebugEnabled()) {
\r
412 logger.debug("createDefaultAccounts binding accounts to roles with SQL:\n"
\r
413 +insertAccountRoleSQL);
\r
415 pstmt = conn.prepareStatement(insertAccountRoleSQL); // create a statement
\r
416 for(String tId : tenantInfo.keySet()) {
\r
417 String adminUserId = getDefaultAdminUserID(tenantInfo.get(tId));
\r
418 if(!usersInRepo.contains(adminUserId)) {
\r
419 String adminAcct = tenantAdminAcctCSIDs.get(tId);
\r
420 String adminRoleId = tenantAdminRoleCSIDs.get(tId);
\r
421 pstmt.setString(1, adminAcct); // set acct CSID param
\r
422 pstmt.setString(2, adminUserId); // set user_id param
\r
423 pstmt.setString(3, adminRoleId); // set role_id param
\r
424 pstmt.setString(4, getDefaultAdminRole(tId)); // set rolename param
\r
425 if (logger.isDebugEnabled()) {
\r
426 logger.debug("createDefaultAccounts binding account: "
\r
427 +adminUserId+" to Admin role("+adminRoleId
\r
428 +") for tenant id: "+tId);
\r
430 pstmt.executeUpdate();
\r
431 // Now add the Spring Admin Role to the admin accounts
\r
432 pstmt.setString(3, springAdminRoleCSID); // set role_id param
\r
433 pstmt.setString(4, SPRING_ADMIN_ROLE); // set rolename param
\r
434 if (logger.isDebugEnabled()) {
\r
435 logger.debug("createDefaultAccounts binding account: "
\r
436 +adminUserId+" to Spring Admin role: "+springAdminRoleCSID);
\r
438 pstmt.executeUpdate();
\r
440 String readerUserId = getDefaultReaderUserID(tenantInfo.get(tId));
\r
441 if(!usersInRepo.contains(readerUserId)) {
\r
442 String readerAcct = tenantReaderAcctCSIDs.get(tId);
\r
443 String readerRoleId = tenantReaderRoleCSIDs.get(tId);
\r
444 pstmt.setString(1, readerAcct); // set acct CSID param
\r
445 pstmt.setString(2, readerUserId); // set user_id param
\r
446 pstmt.setString(3, readerRoleId); // set role_id param
\r
447 pstmt.setString(4, getDefaultReaderRole(tId)); // set rolename param
\r
448 if (logger.isDebugEnabled()) {
\r
449 logger.debug("createDefaultAccounts binding account: "
\r
450 +readerUserId+" to Reader role("+readerRoleId
\r
451 +") for tenant id: "+tId);
\r
453 pstmt.executeUpdate();
\r
458 } catch (RuntimeException rte) {
\r
459 if (logger.isDebugEnabled()) {
\r
460 logger.debug("Exception in createDefaultAccounts: "+
\r
461 rte.getLocalizedMessage());
\r
462 logger.debug(rte.getStackTrace().toString());
\r
465 } catch (SQLException sqle) {
\r
466 // SQLExceptions can be chained. We have at least one exception, so
\r
467 // set up a loop to make sure we let the user know about all of them
\r
468 // if there happens to be more than one.
\r
469 if (logger.isDebugEnabled()) {
\r
470 SQLException tempException = sqle;
\r
471 while (null != tempException) {
\r
472 logger.debug("SQL Exception: " + sqle.getLocalizedMessage());
\r
473 tempException = tempException.getNextException();
\r
475 logger.debug(sqle.getStackTrace().toString());
\r
477 throw new RuntimeException("SQL problem in createDefaultAccounts: ", sqle);
\r
478 } catch (Exception e) {
\r
479 if (logger.isDebugEnabled()) {
\r
480 logger.debug("Exception in createDefaultAccounts: "+
\r
481 e.getLocalizedMessage());
\r
491 } catch (SQLException sqle) {
\r
492 if (logger.isDebugEnabled()) {
\r
493 logger.debug("SQL Exception closing statement/connection: "
\r
494 + sqle.getLocalizedMessage());
\r
500 private static String getDefaultAdminRole(String tenantId) {
\r
501 return ROLE_PREFIX+tenantId+TENANT_ADMIN_ROLE_SUFFIX;
\r
504 private static String getDefaultReaderRole(String tenantId) {
\r
505 return ROLE_PREFIX+tenantId+TENANT_READER_ROLE_SUFFIX;
\r
508 private static String getDefaultAdminUserID(String tenantName) {
\r
509 return TENANT_ADMIN_ACCT_PREFIX+tenantName;
\r
512 private static String getDefaultReaderUserID(String tenantName) {
\r
513 return TENANT_READER_ACCT_PREFIX+tenantName;
\r
projects / tmp / jakarta-migration.git / blob