import javax.persistence.EntityManager;\r
import javax.persistence.EntityManagerFactory;\r
\r
+import org.collectionspace.authentication.AuthN;\r
import org.collectionspace.services.authorization.AuthZ;\r
import org.collectionspace.services.authorization.CSpaceAction;\r
import org.collectionspace.services.authorization.PermissionException;\r
// for READ-ONLY\r
final public static String ACTIONGROUP_RL_NAME = "RL";\r
final public static ActionType[] ACTIONSET_RL = {ActionType.READ, ActionType.SEARCH};\r
+\r
\r
/*\r
* Inner class to deal with predefined ADMIN and READER action groupds\r
//\r
// The "super" role has a predefined ID of "0" and a tenant ID of "0";\r
//\r
- final public static String ROLE_ADMINISTRATOR = "ADMINISTRATOR";\r
- final public static String ROLE_ADMINISTRATOR_ID = "0";\r
- final public static String ADMINISTRATOR_TENANT_ID = "0";\r
+ final public static String ROLE_ALL_TENANTS_MANAGER = "ALL_TENANTS_MANAGER";\r
+ final public static String ROLE_ALL_TENANTS_MANAGER_ID = "0";\r
+ final public static String ALL_TENANTS_MANAGER_TENANT_ID = "0";\r
\r
final public static String ROLE_TENANT_ADMINISTRATOR = "TENANT_ADMINISTRATOR";\r
final public static String ROLE_TENANT_READER = "TENANT_READER";\r
\r
+ public static final String TENANT_MANAGER_USER = "tenantManager"; \r
+ public static final String TENANT_MANAGER_SCREEN_NAME = TENANT_MANAGER_USER; \r
+ public static final String DEFAULT_TENANT_MANAGER_PASSWORD = "manage"; \r
+ public static final String DEFAULT_TENANT_MANAGER_EMAIL = "tenantManager@collectionspace.org"; \r
+ \r
public static final String TENANT_ADMIN_ACCT_PREFIX = "admin@"; \r
public static final String TENANT_READER_ACCT_PREFIX = "reader@"; \r
public static final String ROLE_PREFIX = "ROLE_"; \r
public static String ROLE_SPRING_ADMIN_ID = "-1";\r
public static String ROLE_SPRING_ADMIN_NAME = "ROLE_SPRING_ADMIN";\r
\r
+ // SQL for init tasks\r
+ final private static String INSERT_ACCOUNT_ROLE_SQL_MYSQL = \r
+ "INSERT INTO accounts_roles(account_id, user_id, role_id, role_name, created_at)"\r
+ +" VALUES(?, ?, ?, ?, now())";\r
+ final private static String INSERT_ACCOUNT_ROLE_SQL_POSTGRES =\r
+ "INSERT INTO accounts_roles(HJID, account_id, user_id, role_id, role_name, created_at)"\r
+ +" VALUES(nextval('hibernate_sequence'), ?, ?, ?, ?, now())";\r
+ final private static String QUERY_USERS_SQL = \r
+ "SELECT username FROM users WHERE username LIKE '"\r
+ +TENANT_ADMIN_ACCT_PREFIX+"%' OR username LIKE '"+TENANT_READER_ACCT_PREFIX+"%'";\r
+ final private static String INSERT_USER_SQL = \r
+ "INSERT INTO users (username,passwd, created_at) VALUES (?,?, now())";\r
+ final private static String INSERT_ACCOUNT_SQL = \r
+ "INSERT INTO accounts_common "\r
+ + "(csid, email, userid, status, screen_name, metadata_protection, roles_protection, created_at) "\r
+ + "VALUES (?,?,?,'ACTIVE',?, 'immutable', 'immutable', now())";\r
+ \r
+ // TENANT MANAGER specific SQL\r
+ final private static String QUERY_TENANT_MGR_USER_SQL = \r
+ "SELECT username FROM users WHERE username = '"+TENANT_MANAGER_USER+"'";\r
+ final private static String GET_TENANT_MGR_ROLE_SQL =\r
+ "SELECT csid from roles WHERE tenant_id='"+ALL_TENANTS_MANAGER_TENANT_ID+"' and rolename=?";\r
+\r
public static Role getRole(String tenantId, String displayName) {\r
Role role = null;\r
\r
return permRole;\r
}\r
\r
+ private static Hashtable<String, String> getTenantNamesFromConfig(TenantBindingConfigReaderImpl tenantBindingConfigReader) {\r
+\r
+ Hashtable<String, TenantBindingType> tenantBindings =\r
+ tenantBindingConfigReader.getTenantBindings();\r
+ Hashtable<String, String> tenantInfo = new Hashtable<String, String>();\r
+ for (TenantBindingType tenantBinding : tenantBindings.values()) {\r
+ String tId = tenantBinding.getId();\r
+ String tName = tenantBinding.getName();\r
+ tenantInfo.put(tId, tName);\r
+ if (logger.isDebugEnabled()) {\r
+ logger.debug("getTenantNamesFromConfig found configured tenant id: "+tId+" name: "+tName);\r
+ }\r
+ }\r
+ return tenantInfo;\r
+ }\r
\r
- /*\r
- * FIXME: REM - This method is way too big -over 300 lines! We need to break it up into\r
- * smaller, discrete, sub-methods.\r
- */\r
- public static void createDefaultAccounts(TenantBindingConfigReaderImpl tenantBindingConfigReader) {\r
- if (logger.isDebugEnabled()) {\r
- logger.debug("ServiceMain.createDefaultAccounts starting...");\r
+ private static ArrayList<String> compileExistingTenants(Connection conn, Hashtable<String, String> tenantInfo)\r
+ throws SQLException, Exception {\r
+ Statement stmt = null;\r
+ ArrayList<String> existingTenants = new ArrayList<String>();\r
+ // First find or create the tenants\r
+ final String queryTenantSQL = "SELECT id,name FROM tenants";\r
+ try {\r
+ stmt = conn.createStatement();\r
+ ResultSet rs = stmt.executeQuery(queryTenantSQL);\r
+ while (rs.next()) {\r
+ String tId = rs.getString("id");\r
+ String tName = rs.getString("name");\r
+ if(tenantInfo.containsKey(tId)) {\r
+ existingTenants.add(tId);\r
+ if(!tenantInfo.get(tId).equalsIgnoreCase(tName)) {\r
+ logger.warn("Configured name for tenant: "\r
+ +tId+" in repository: "+tName\r
+ +" does not match config'd name: "+ tenantInfo.get(tId));\r
+ }\r
+ }\r
+ }\r
+ rs.close();\r
+ } catch(Exception e) {\r
+ throw e;\r
+ } finally {\r
+ if(stmt!=null)\r
+ stmt.close();\r
}\r
- \r
- Hashtable<String, TenantBindingType> tenantBindings =\r
- tenantBindingConfigReader.getTenantBindings();\r
- Hashtable<String, String> tenantInfo = new Hashtable<String, String>();\r
- for (TenantBindingType tenantBinding : tenantBindings.values()) {\r
- String tId = tenantBinding.getId();\r
- String tName = tenantBinding.getName();\r
- tenantInfo.put(tId, tName);\r
- if (logger.isDebugEnabled()) {\r
- logger.debug("createDefaultAccounts found configured tenant id: "+tId+" name: "+tName);\r
- }\r
- }\r
- Connection conn = null;\r
+\r
+ return existingTenants;\r
+ }\r
+ \r
+ private static void createMissingTenants(Connection conn, Hashtable<String, String> tenantInfo,\r
+ ArrayList<String> existingTenants) throws SQLException, Exception {\r
+ // Need to define and look for a createDisabled attribute in tenant config\r
+ final String insertTenantSQL = \r
+ "INSERT INTO tenants (id,name,disabled,created_at) VALUES (?,?,FALSE,now())";\r
PreparedStatement pstmt = null;\r
+ try {\r
+ pstmt = conn.prepareStatement(insertTenantSQL); // create a statement\r
+ for(String tId : tenantInfo.keySet()) {\r
+ if(existingTenants.contains(tId)) {\r
+ if (logger.isDebugEnabled()) {\r
+ logger.debug("createMissingTenants: tenant exists (skipping): "\r
+ +tenantInfo.get(tId));\r
+ }\r
+ continue;\r
+ }\r
+ pstmt.setString(1, tId); // set id param\r
+ pstmt.setString(2, tenantInfo.get(tId)); // set name param\r
+ if (logger.isDebugEnabled()) {\r
+ logger.debug("createMissingTenants adding entry for tenant: "+tId);\r
+ }\r
+ pstmt.executeUpdate();\r
+ }\r
+ pstmt.close();\r
+ } catch(Exception e) {\r
+ throw e;\r
+ } finally {\r
+ if(pstmt!=null)\r
+ pstmt.close();\r
+ }\r
+ }\r
+ \r
+ private static ArrayList<String> findOrCreateDefaultUsers(Connection conn, Hashtable<String, String> tenantInfo) \r
+ throws SQLException, Exception {\r
+ // Second find or create the users\r
Statement stmt = null;\r
- // TODO - need to put in tests for existence first.\r
- // We could just look for the accounts per tenant up front, and assume that\r
- // the rest is there if the accounts are.\r
- // Could add a sql script to remove these if need be - Spring only does roles, \r
- // and we're not touching that, so we could safely toss the \r
- // accounts, users, account-tenants, account-roles, and start over.\r
+ PreparedStatement pstmt = null;\r
+ ArrayList<String> usersInRepo = new ArrayList<String>();\r
try {\r
- conn = getConnection();\r
- // First find or create the tenants\r
- String queryTenantSQL = \r
- "SELECT id,name FROM tenants";\r
- stmt = conn.createStatement();\r
- ResultSet rs = stmt.executeQuery(queryTenantSQL);\r
- ArrayList<String> existingTenants = new ArrayList<String>();\r
- while (rs.next()) {\r
- String tId = rs.getString("id");\r
- String tName = rs.getString("name");\r
- if(tenantInfo.containsKey(tId)) {\r
- existingTenants.add(tId);\r
- if(!tenantInfo.get(tId).equalsIgnoreCase(tName)) {\r
- logger.warn("Configured name for tenant: "\r
- +tId+" in repository: "+tName\r
- +" does not match config'd name: "+ tenantInfo.get(tId));\r
- }\r
- }\r
- }\r
- rs.close();\r
-\r
- String insertTenantSQL = \r
- "INSERT INTO tenants (id,name,disabled,created_at) VALUES (?,?,FALSE,now())";\r
- pstmt = conn.prepareStatement(insertTenantSQL); // create a statement\r
- for(String tId : tenantInfo.keySet()) {\r
- if(existingTenants.contains(tId)) {\r
- if (logger.isDebugEnabled()) {\r
- logger.debug("createDefaultAccounts: tenant exists (skipping): "\r
- +tenantInfo.get(tId));\r
- }\r
- continue;\r
- }\r
- pstmt.setString(1, tId); // set id param\r
- pstmt.setString(2, tenantInfo.get(tId)); // set name param\r
- if (logger.isDebugEnabled()) {\r
- logger.debug("createDefaultAccounts adding entry for tenant: "+tId);\r
- }\r
- pstmt.executeUpdate();\r
+ stmt = conn.createStatement();\r
+ ResultSet rs = stmt.executeQuery(QUERY_USERS_SQL);\r
+ while (rs.next()) {\r
+ String uName = rs.getString("username");\r
+ usersInRepo.add(uName);\r
}\r
- pstmt.close();\r
- // Second find or create the users\r
- String queryUserSQL = \r
- "SELECT username FROM users WHERE username LIKE '"\r
- +TENANT_ADMIN_ACCT_PREFIX+"%' OR username LIKE '"\r
- +TENANT_READER_ACCT_PREFIX+"%'";\r
- rs = stmt.executeQuery(queryUserSQL);\r
- ArrayList<String> usersInRepo = new ArrayList<String>();\r
- while (rs.next()) {\r
- String uName = rs.getString("username");\r
- usersInRepo.add(uName);\r
- }\r
- rs.close();\r
- String insertUserSQL = \r
- "INSERT INTO users (username,passwd, created_at)"\r
- +" VALUES (?,?, now())";\r
- pstmt = conn.prepareStatement(insertUserSQL); // create a statement\r
+ rs.close();\r
+ pstmt = conn.prepareStatement(INSERT_USER_SQL); // create a statement\r
for(String tName : tenantInfo.values()) {\r
String adminAcctName = getDefaultAdminUserID(tName);\r
if(!usersInRepo.contains(adminAcctName)) {\r
- String secEncPasswd = SecurityUtils.createPasswordHash(\r
- adminAcctName, DEFAULT_ADMIN_PASSWORD);\r
- pstmt.setString(1, adminAcctName); // set username param\r
- pstmt.setString(2, secEncPasswd); // set passwd param\r
- if (logger.isDebugEnabled()) {\r
- logger.debug("createDefaultAccounts adding user: "\r
- +adminAcctName+" for tenant: "+tName);\r
- }\r
- pstmt.executeUpdate();\r
- } else if (logger.isDebugEnabled()) {\r
- logger.debug("createDefaultAccounts: user: "+adminAcctName\r
- +" already exists - skipping.");\r
- }\r
-\r
-\r
- String readerAcctName = getDefaultReaderUserID(tName);\r
- if(!usersInRepo.contains(readerAcctName)) {\r
- String secEncPasswd = SecurityUtils.createPasswordHash(\r
- readerAcctName, DEFAULT_READER_PASSWORD);\r
- pstmt.setString(1, readerAcctName); // set username param\r
- pstmt.setString(2, secEncPasswd); // set passwd param\r
- if (logger.isDebugEnabled()) {\r
- logger.debug("createDefaultAccounts adding user: "\r
- +readerAcctName+" for tenant: "+tName);\r
- }\r
- pstmt.executeUpdate();\r
- } else if (logger.isDebugEnabled()) {\r
- logger.debug("createDefaultAccounts: user: "+readerAcctName\r
- +" already exists - skipping.");\r
- }\r
- }\r
- pstmt.close();\r
- // Third, create the accounts. Assume that if the users were already there,\r
- // then the accounts were as well\r
- String insertAccountSQL = \r
- "INSERT INTO accounts_common "\r
- + "(csid, email, userid, status, screen_name, metadata_protection, roles_protection, created_at) "\r
- + "VALUES (?,?,?,'ACTIVE',?, 'immutable', 'immutable', now())";\r
- Hashtable<String, String> tenantAdminAcctCSIDs = new Hashtable<String, String>();\r
- Hashtable<String, String> tenantReaderAcctCSIDs = new Hashtable<String, String>();\r
- pstmt = conn.prepareStatement(insertAccountSQL); // create a statement\r
- for(String tId : tenantInfo.keySet()) {\r
- String tName = tenantInfo.get(tId);\r
- String adminCSID = UUID.randomUUID().toString();\r
- tenantAdminAcctCSIDs.put(tId, adminCSID);\r
- String adminAcctName = getDefaultAdminUserID(tName);\r
- if(!usersInRepo.contains(adminAcctName)) {\r
- pstmt.setString(1, adminCSID); // set csid param\r
- pstmt.setString(2, adminAcctName); // set email param (bogus)\r
- pstmt.setString(3, adminAcctName); // set userid param\r
- pstmt.setString(4, "Administrator");// set screen name param\r
- if (logger.isDebugEnabled()) {\r
- logger.debug("createDefaultAccounts adding account: "\r
- +adminAcctName+" for tenant: "+tName);\r
- }\r
- pstmt.executeUpdate();\r
+ String secEncPasswd = SecurityUtils.createPasswordHash(\r
+ adminAcctName, DEFAULT_ADMIN_PASSWORD);\r
+ pstmt.setString(1, adminAcctName); // set username param\r
+ pstmt.setString(2, secEncPasswd); // set passwd param\r
+ if (logger.isDebugEnabled()) {\r
+ logger.debug("createDefaultUsersAndAccounts adding user: "\r
+ +adminAcctName+" for tenant: "+tName);\r
+ }\r
+ pstmt.executeUpdate();\r
} else if (logger.isDebugEnabled()) {\r
- logger.debug("createDefaultAccounts: user: "+adminAcctName\r
- +" already exists - skipping account generation.");\r
+ logger.debug("createDefaultUsersAndAccounts: user: "+adminAcctName\r
+ +" already exists - skipping.");\r
}\r
\r
- String readerCSID = UUID.randomUUID().toString(); \r
- tenantReaderAcctCSIDs.put(tId, readerCSID);\r
+\r
String readerAcctName = getDefaultReaderUserID(tName);\r
if(!usersInRepo.contains(readerAcctName)) {\r
- pstmt.setString(1, readerCSID); // set csid param\r
- pstmt.setString(2, readerAcctName); // set email param (bogus)\r
- pstmt.setString(3, readerAcctName); // set userid param\r
- pstmt.setString(4, "Reader"); // set screen name param\r
+ String secEncPasswd = SecurityUtils.createPasswordHash(\r
+ readerAcctName, DEFAULT_READER_PASSWORD);\r
+ pstmt.setString(1, readerAcctName); // set username param\r
+ pstmt.setString(2, secEncPasswd); // set passwd param\r
if (logger.isDebugEnabled()) {\r
- logger.debug("createDefaultAccounts adding account: "\r
+ logger.debug("createDefaultUsersAndAccounts adding user: "\r
+readerAcctName+" for tenant: "+tName);\r
}\r
pstmt.executeUpdate();\r
} else if (logger.isDebugEnabled()) {\r
- logger.debug("createDefaultAccounts: user: "+readerAcctName\r
- +" already exists - skipping account creation.");\r
+ logger.debug("createDefaultUsersAndAccounts: user: "+readerAcctName\r
+ +" already exists - skipping.");\r
}\r
}\r
pstmt.close();\r
- // Fourth, bind accounts to tenants. Assume that if the users were already there,\r
- // then the accounts were bound to tenants correctly\r
- String insertAccountTenantSQL;\r
- DatabaseProductType databaseProductType = JDBCTools.getDatabaseProductType();\r
- if (databaseProductType == DatabaseProductType.MYSQL) {\r
- insertAccountTenantSQL =\r
- "INSERT INTO accounts_tenants (TENANTS_ACCOUNTSCOMMON_CSID,tenant_id) "\r
- + " VALUES(?, ?)";\r
- } else if (databaseProductType == DatabaseProductType.POSTGRESQL) {\r
- insertAccountTenantSQL =\r
- "INSERT INTO accounts_tenants (HJID, TENANTS_ACCOUNTSCOMMON_CSID,tenant_id) "\r
- + " VALUES(nextval('hibernate_sequence'), ?, ?)";\r
- } else {\r
- throw new Exception("Unrecognized database system.");\r
+ } catch(Exception e) {\r
+ throw e;\r
+ } finally {\r
+ if(stmt!=null)\r
+ stmt.close();\r
+ if(pstmt!=null)\r
+ pstmt.close();\r
+ }\r
+ return usersInRepo;\r
+ }\r
+ \r
+ private static void findOrCreateDefaultAccounts(Connection conn, Hashtable<String, String> tenantInfo,\r
+ ArrayList<String> usersInRepo,\r
+ Hashtable<String, String> tenantAdminAcctCSIDs, Hashtable<String, String> tenantReaderAcctCSIDs) \r
+ throws SQLException, Exception {\r
+ // Third, create the accounts. Assume that if the users were already there,\r
+ // then the accounts were as well\r
+ PreparedStatement pstmt = null;\r
+ try {\r
+ pstmt = conn.prepareStatement(INSERT_ACCOUNT_SQL); // create a statement\r
+ for(String tId : tenantInfo.keySet()) {\r
+ String tName = tenantInfo.get(tId);\r
+ String adminCSID = UUID.randomUUID().toString();\r
+ tenantAdminAcctCSIDs.put(tId, adminCSID);\r
+ String adminAcctName = getDefaultAdminUserID(tName);\r
+ if(!usersInRepo.contains(adminAcctName)) {\r
+ pstmt.setString(1, adminCSID); // set csid param\r
+ pstmt.setString(2, adminAcctName); // set email param (bogus)\r
+ pstmt.setString(3, adminAcctName); // set userid param\r
+ pstmt.setString(4, "Administrator");// set screen name param\r
+ if (logger.isDebugEnabled()) {\r
+ logger.debug("createDefaultAccounts adding account: "\r
+ +adminAcctName+" for tenant: "+tName);\r
+ }\r
+ pstmt.executeUpdate();\r
+ } else if (logger.isDebugEnabled()) {\r
+ logger.debug("createDefaultAccounts: user: "+adminAcctName\r
+ +" already exists - skipping account generation.");\r
+ }\r
+\r
+ String readerCSID = UUID.randomUUID().toString(); \r
+ tenantReaderAcctCSIDs.put(tId, readerCSID);\r
+ String readerAcctName = getDefaultReaderUserID(tName);\r
+ if(!usersInRepo.contains(readerAcctName)) {\r
+ pstmt.setString(1, readerCSID); // set csid param\r
+ pstmt.setString(2, readerAcctName); // set email param (bogus)\r
+ pstmt.setString(3, readerAcctName); // set userid param\r
+ pstmt.setString(4, "Reader"); // set screen name param\r
+ if (logger.isDebugEnabled()) {\r
+ logger.debug("createDefaultAccounts adding account: "\r
+ +readerAcctName+" for tenant: "+tName);\r
+ }\r
+ pstmt.executeUpdate();\r
+ } else if (logger.isDebugEnabled()) {\r
+ logger.debug("createDefaultAccounts: user: "+readerAcctName\r
+ +" already exists - skipping account creation.");\r
+ }\r
+ }\r
+ pstmt.close();\r
+ } catch(Exception e) {\r
+ throw e;\r
+ } finally {\r
+ if(pstmt!=null)\r
+ pstmt.close();\r
+ }\r
+ }\r
+ \r
+ private static boolean findOrCreateTenantManagerUserAndAccount(Connection conn) \r
+ throws SQLException, Exception {\r
+ // Find or create the special tenant manager account.\r
+ // Later can make the user name for tenant manager be configurable, settable.\r
+ Statement stmt = null;\r
+ PreparedStatement pstmt = null;\r
+ boolean created = false;\r
+ try {\r
+ boolean foundTMgrUser = false;\r
+ stmt = conn.createStatement();\r
+ ResultSet rs = stmt.executeQuery(QUERY_TENANT_MGR_USER_SQL);\r
+ // Should only find one - only consider it\r
+ if(rs.next()) {\r
+ String uName = rs.getString("username");\r
+ foundTMgrUser = uName.equals(TENANT_MANAGER_USER);\r
}\r
- pstmt = conn.prepareStatement(insertAccountTenantSQL); // create a statement\r
- for(String tId : tenantInfo.keySet()) {\r
- String tName = tenantInfo.get(tId);\r
- if(!usersInRepo.contains(getDefaultAdminUserID(tName))) {\r
- String adminAcct = tenantAdminAcctCSIDs.get(tId);\r
- pstmt.setString(1, adminAcct); // set acct CSID param\r
- pstmt.setString(2, tId); // set tenant_id param\r
- if (logger.isDebugEnabled()) {\r
- logger.debug("createDefaultAccounts binding account id: "\r
- +adminAcct+" to tenant id: "+tId);\r
- }\r
- pstmt.executeUpdate();\r
- }\r
- if(!usersInRepo.contains(getDefaultReaderUserID(tName))) {\r
- String readerAcct = tenantReaderAcctCSIDs.get(tId);\r
- pstmt.setString(1, readerAcct); // set acct CSID param\r
- pstmt.setString(2, tId); // set tenant_id param\r
- if (logger.isDebugEnabled()) {\r
- logger.debug("createDefaultAccounts binding account id: "\r
- +readerAcct+" to tenant id: "+tId);\r
- }\r
- pstmt.executeUpdate();\r
- }\r
+ rs.close();\r
+ if(!foundTMgrUser) {\r
+ pstmt = conn.prepareStatement(INSERT_USER_SQL); // create a statement\r
+ String secEncPasswd = SecurityUtils.createPasswordHash(\r
+ TENANT_MANAGER_USER, DEFAULT_TENANT_MANAGER_PASSWORD);\r
+ pstmt.setString(1, TENANT_MANAGER_USER); // set username param\r
+ pstmt.setString(2, secEncPasswd); // set passwd param\r
+ if (logger.isDebugEnabled()) {\r
+ logger.debug("findOrCreateTenantManagerUserAndAccount adding tenant manager user: "\r
+ +TENANT_MANAGER_USER);\r
+ }\r
+ pstmt.executeUpdate();\r
+ pstmt.close();\r
+ // Now create the account to match\r
+ pstmt = conn.prepareStatement(INSERT_ACCOUNT_SQL); // create a statement\r
+ pstmt.setString(1, AuthN.TENANT_MANAGER_ACCT_ID); // set csid param\r
+ pstmt.setString(2, DEFAULT_TENANT_MANAGER_EMAIL); // set email param (bogus)\r
+ pstmt.setString(3, TENANT_MANAGER_USER); // set userid param\r
+ pstmt.setString(4, TENANT_MANAGER_SCREEN_NAME);// set screen name param\r
+ if (logger.isDebugEnabled()) {\r
+ logger.debug("findOrCreateTenantManagerUserAndAccount adding tenant manager account: "\r
+ +TENANT_MANAGER_USER);\r
+ }\r
+ pstmt.executeUpdate();\r
+ pstmt.close();\r
+ created = true;\r
+ } else if (logger.isDebugEnabled()) {\r
+ logger.debug("findOrCreateTenantManagerUserAndAccount: tenant manager: "+TENANT_MANAGER_USER\r
+ +" already exists.");\r
}\r
- pstmt.close();\r
- // Fifth, fetch and save the default roles\r
- String springAdminRoleCSID = null;\r
- String querySpringRole = \r
- "SELECT csid from roles WHERE rolename='"+SPRING_ADMIN_ROLE+"'";\r
- rs = stmt.executeQuery(querySpringRole);\r
+ } catch(Exception e) {\r
+ throw e;\r
+ } finally {\r
+ if(stmt!=null)\r
+ stmt.close();\r
+ if(pstmt!=null)\r
+ pstmt.close();\r
+ }\r
+ return created;\r
+ }\r
+ \r
+ private static void bindDefaultAccountsToTenants(Connection conn, DatabaseProductType databaseProductType,\r
+ Hashtable<String, String> tenantInfo, ArrayList<String> usersInRepo,\r
+ Hashtable<String, String> tenantAdminAcctCSIDs, Hashtable<String, String> tenantReaderAcctCSIDs) \r
+ throws SQLException, Exception {\r
+ // Fourth, bind accounts to tenants. Assume that if the users were already there,\r
+ // then the accounts were bound to tenants correctly\r
+ PreparedStatement pstmt = null;\r
+ try {\r
+ String insertAccountTenantSQL;\r
+ if (databaseProductType == DatabaseProductType.MYSQL) {\r
+ insertAccountTenantSQL =\r
+ "INSERT INTO accounts_tenants (TENANTS_ACCOUNTSCOMMON_CSID,tenant_id) "\r
+ + " VALUES(?, ?)";\r
+ } else if (databaseProductType == DatabaseProductType.POSTGRESQL) {\r
+ insertAccountTenantSQL =\r
+ "INSERT INTO accounts_tenants (HJID, TENANTS_ACCOUNTSCOMMON_CSID,tenant_id) "\r
+ + " VALUES(nextval('hibernate_sequence'), ?, ?)";\r
+ } else {\r
+ throw new Exception("Unrecognized database system.");\r
+ }\r
+ pstmt = conn.prepareStatement(insertAccountTenantSQL); // create a statement\r
+ for(String tId : tenantInfo.keySet()) {\r
+ String tName = tenantInfo.get(tId);\r
+ if(!usersInRepo.contains(getDefaultAdminUserID(tName))) {\r
+ String adminAcct = tenantAdminAcctCSIDs.get(tId);\r
+ pstmt.setString(1, adminAcct); // set acct CSID param\r
+ pstmt.setString(2, tId); // set tenant_id param\r
+ if (logger.isDebugEnabled()) {\r
+ logger.debug("createDefaultAccounts binding account id: "\r
+ +adminAcct+" to tenant id: "+tId);\r
+ }\r
+ pstmt.executeUpdate();\r
+ }\r
+ if(!usersInRepo.contains(getDefaultReaderUserID(tName))) {\r
+ String readerAcct = tenantReaderAcctCSIDs.get(tId);\r
+ pstmt.setString(1, readerAcct); // set acct CSID param\r
+ pstmt.setString(2, tId); // set tenant_id param\r
+ if (logger.isDebugEnabled()) {\r
+ logger.debug("createDefaultAccounts binding account id: "\r
+ +readerAcct+" to tenant id: "+tId);\r
+ }\r
+ pstmt.executeUpdate();\r
+ }\r
+ }\r
+ pstmt.close();\r
+ } catch(Exception e) {\r
+ throw e;\r
+ } finally {\r
+ if(pstmt!=null)\r
+ pstmt.close();\r
+ }\r
+ }\r
+ \r
+ \r
+ private static String findOrCreateDefaultRoles(Connection conn, Hashtable<String, String> tenantInfo,\r
+ Hashtable<String, String> tenantAdminRoleCSIDs, Hashtable<String, String> tenantReaderRoleCSIDs) \r
+ throws SQLException, Exception {\r
+ // Fifth, fetch and save the default roles\r
+ String springAdminRoleCSID = null;\r
+ Statement stmt = null;\r
+ PreparedStatement pstmt = null;\r
+ try {\r
+ final String querySpringRole = \r
+ "SELECT csid from roles WHERE rolename='"+SPRING_ADMIN_ROLE+"'";\r
+ stmt = conn.createStatement();\r
+ ResultSet rs = stmt.executeQuery(querySpringRole);\r
if(rs.next()) {\r
springAdminRoleCSID = rs.getString(1);\r
- if (logger.isDebugEnabled()) {\r
- logger.debug("createDefaultAccounts found Spring Admin role: "\r
- +springAdminRoleCSID);\r
- }\r
+ if (logger.isDebugEnabled()) {\r
+ logger.debug("createDefaultAccounts found Spring Admin role: "\r
+ +springAdminRoleCSID);\r
+ }\r
} else {\r
- String insertSpringAdminRoleSQL =\r
- "INSERT INTO roles (csid, rolename, displayName, rolegroup, created_at, tenant_id) "\r
- + "VALUES ('-1', 'ROLE_SPRING_ADMIN', 'SPRING_ADMIN', 'Spring Security Administrator', now(), '0')";\r
+ final String insertSpringAdminRoleSQL =\r
+ "INSERT INTO roles (csid, rolename, displayName, rolegroup, created_at, tenant_id) "\r
+ + "VALUES ('-1', 'ROLE_SPRING_ADMIN', 'SPRING_ADMIN', 'Spring Security Administrator', now(), '0')";\r
stmt.executeUpdate(insertSpringAdminRoleSQL);\r
springAdminRoleCSID = "-1";\r
- if (logger.isDebugEnabled()) {\r
- logger.debug("createDefaultAccounts CREATED Spring Admin role: "\r
- +springAdminRoleCSID);\r
- }\r
+ if (logger.isDebugEnabled()) {\r
+ logger.debug("createDefaultAccounts CREATED Spring Admin role: "\r
+ +springAdminRoleCSID);\r
+ }\r
}\r
- rs.close();\r
- String getRoleCSIDSql =\r
- "SELECT csid from roles WHERE tenant_id=? and rolename=?";\r
- pstmt = conn.prepareStatement(getRoleCSIDSql); // create a statement\r
- rs = null;\r
- Hashtable<String, String> tenantAdminRoleCSIDs = new Hashtable<String, String>();\r
- Hashtable<String, String> tenantReaderRoleCSIDs = new Hashtable<String, String>();\r
- for(String tId : tenantInfo.keySet()) {\r
- pstmt.setString(1, tId); // set tenant_id param\r
- pstmt.setString(2, getDefaultAdminRole(tId)); // set rolename param\r
- rs = pstmt.executeQuery();\r
- // extract data from the ResultSet\r
- if(!rs.next()) {\r
- throw new RuntimeException("Cannot find role: "+getDefaultAdminRole(tId)\r
- +" for tenant id: "+tId+" in roles!");\r
- }\r
+ rs.close();\r
+ final String getRoleCSIDSql =\r
+ "SELECT csid from roles WHERE tenant_id=? and rolename=?";\r
+ pstmt = conn.prepareStatement(getRoleCSIDSql); // create a statement\r
+ rs = null;\r
+ for(String tId : tenantInfo.keySet()) {\r
+ pstmt.setString(1, tId); // set tenant_id param\r
+ pstmt.setString(2, getDefaultAdminRole(tId)); // set rolename param\r
+ rs = pstmt.executeQuery();\r
+ // extract data from the ResultSet\r
+ if(!rs.next()) {\r
+ throw new RuntimeException("Cannot find role: "+getDefaultAdminRole(tId)\r
+ +" for tenant id: "+tId+" in roles!");\r
+ }\r
String tenantAdminRoleCSID = rs.getString(1);\r
- if (logger.isDebugEnabled()) {\r
- logger.debug("createDefaultAccounts found role: "\r
- +getDefaultAdminRole(tId)+"("+tenantAdminRoleCSID\r
- +") for tenant id: "+tId);\r
- }\r
+ if (logger.isDebugEnabled()) {\r
+ logger.debug("createDefaultAccounts found role: "\r
+ +getDefaultAdminRole(tId)+"("+tenantAdminRoleCSID\r
+ +") for tenant id: "+tId);\r
+ }\r
tenantAdminRoleCSIDs.put(tId, tenantAdminRoleCSID);\r
- pstmt.setString(1, tId); // set tenant_id param\r
- pstmt.setString(2, getDefaultReaderRole(tId)); // set rolename param\r
- rs.close();\r
- rs = pstmt.executeQuery();\r
- // extract data from the ResultSet\r
- if(!rs.next()) {\r
- throw new RuntimeException("Cannot find role: "+getDefaultReaderRole(tId)\r
- +" for tenant id: "+tId+" in roles!");\r
- }\r
+ pstmt.setString(1, tId); // set tenant_id param\r
+ pstmt.setString(2, getDefaultReaderRole(tId)); // set rolename param\r
+ rs.close();\r
+ rs = pstmt.executeQuery();\r
+ // extract data from the ResultSet\r
+ if(!rs.next()) {\r
+ throw new RuntimeException("Cannot find role: "+getDefaultReaderRole(tId)\r
+ +" for tenant id: "+tId+" in roles!");\r
+ }\r
String tenantReaderRoleCSID = rs.getString(1);\r
- if (logger.isDebugEnabled()) {\r
- logger.debug("createDefaultAccounts found role: "\r
- +getDefaultReaderRole(tId)+"("+tenantReaderRoleCSID\r
- +") for tenant id: "+tId);\r
- }\r
+ if (logger.isDebugEnabled()) {\r
+ logger.debug("createDefaultAccounts found role: "\r
+ +getDefaultReaderRole(tId)+"("+tenantReaderRoleCSID\r
+ +") for tenant id: "+tId);\r
+ }\r
tenantReaderRoleCSIDs.put(tId, tenantReaderRoleCSID);\r
- rs.close();\r
- }\r
- pstmt.close();\r
- // Sixth, bind the accounts to roles. If the users already existed,\r
- // we'll assume they were set up correctly.\r
- String insertAccountRoleSQL;\r
- if (databaseProductType == DatabaseProductType.MYSQL) {\r
- insertAccountRoleSQL =\r
- "INSERT INTO accounts_roles(account_id, user_id, role_id, role_name, created_at)"\r
- +" VALUES(?, ?, ?, ?, now())";\r
- } else if (databaseProductType == DatabaseProductType.POSTGRESQL) {\r
- insertAccountRoleSQL =\r
- "INSERT INTO accounts_roles(HJID, account_id, user_id, role_id, role_name, created_at)"\r
- +" VALUES(nextval('hibernate_sequence'), ?, ?, ?, ?, now())";\r
- } else {\r
- throw new Exception("Unrecognized database system.");\r
- }\r
- if (logger.isDebugEnabled()) {\r
- logger.debug("createDefaultAccounts binding accounts to roles with SQL:\n"\r
- +insertAccountRoleSQL);\r
- }\r
- pstmt = conn.prepareStatement(insertAccountRoleSQL); // create a statement\r
- for(String tId : tenantInfo.keySet()) {\r
- String adminUserId = getDefaultAdminUserID(tenantInfo.get(tId));\r
- if(!usersInRepo.contains(adminUserId)) {\r
- String adminAcct = tenantAdminAcctCSIDs.get(tId);\r
- String adminRoleId = tenantAdminRoleCSIDs.get(tId);\r
- pstmt.setString(1, adminAcct); // set acct CSID param\r
- pstmt.setString(2, adminUserId); // set user_id param\r
- pstmt.setString(3, adminRoleId); // set role_id param\r
- pstmt.setString(4, getDefaultAdminRole(tId)); // set rolename param\r
- if (logger.isDebugEnabled()) {\r
- logger.debug("createDefaultAccounts binding account: "\r
- +adminUserId+" to Admin role("+adminRoleId\r
- +") for tenant id: "+tId);\r
- }\r
- pstmt.executeUpdate();\r
- // Now add the Spring Admin Role to the admin accounts\r
- pstmt.setString(3, springAdminRoleCSID); // set role_id param\r
- pstmt.setString(4, SPRING_ADMIN_ROLE); // set rolename param\r
- if (logger.isDebugEnabled()) {\r
- logger.debug("createDefaultAccounts binding account: "\r
- +adminUserId+" to Spring Admin role: "+springAdminRoleCSID);\r
- }\r
- pstmt.executeUpdate();\r
- }\r
- String readerUserId = getDefaultReaderUserID(tenantInfo.get(tId));\r
- if(!usersInRepo.contains(readerUserId)) {\r
- String readerAcct = tenantReaderAcctCSIDs.get(tId);\r
- String readerRoleId = tenantReaderRoleCSIDs.get(tId);\r
- pstmt.setString(1, readerAcct); // set acct CSID param\r
- pstmt.setString(2, readerUserId); // set user_id param\r
- pstmt.setString(3, readerRoleId); // set role_id param\r
- pstmt.setString(4, getDefaultReaderRole(tId)); // set rolename param\r
- if (logger.isDebugEnabled()) {\r
- logger.debug("createDefaultAccounts binding account: "\r
- +readerUserId+" to Reader role("+readerRoleId\r
- +") for tenant id: "+tId);\r
- }\r
- pstmt.executeUpdate();\r
- }\r
- }\r
- pstmt.close();\r
- stmt.close();\r
+ rs.close();\r
+ }\r
+ pstmt.close();\r
+ } catch(Exception e) {\r
+ throw e;\r
+ } finally {\r
+ if(stmt!=null)\r
+ stmt.close();\r
+ if(pstmt!=null)\r
+ pstmt.close();\r
+ }\r
+ return springAdminRoleCSID;\r
+ }\r
+\r
+ private static String findTenantManagerRole(Connection conn ) \r
+ throws SQLException, RuntimeException, Exception {\r
+ String tenantMgrRoleCSID = null;\r
+ PreparedStatement pstmt = null;\r
+ try {\r
+ String rolename = getQualifiedRoleName(ALL_TENANTS_MANAGER_TENANT_ID, \r
+ ROLE_ALL_TENANTS_MANAGER); \r
+ pstmt = conn.prepareStatement(GET_TENANT_MGR_ROLE_SQL); // create a statement\r
+ ResultSet rs = null;\r
+ pstmt.setString(1, rolename); // set rolename param\r
+ rs = pstmt.executeQuery();\r
+ if(rs.next()) {\r
+ tenantMgrRoleCSID = rs.getString(1);\r
+ if (logger.isDebugEnabled()) {\r
+ logger.debug("findTenantManagerRole found Tenant Mgr role: "\r
+ +tenantMgrRoleCSID);\r
+ }\r
+ }\r
+ rs.close();\r
+ } catch(Exception e) {\r
+ throw e;\r
+ } finally {\r
+ if(pstmt!=null)\r
+ pstmt.close();\r
+ }\r
+ if(tenantMgrRoleCSID==null)\r
+ throw new RuntimeException("findTenantManagerRole: Cound not find tenant Manager Role!");\r
+ return tenantMgrRoleCSID;\r
+ }\r
+\r
+ private static void bindAccountsToRoles(Connection conn, DatabaseProductType databaseProductType,\r
+ Hashtable<String, String> tenantInfo, ArrayList<String> usersInRepo,\r
+ String springAdminRoleCSID,\r
+ Hashtable<String, String> tenantAdminRoleCSIDs, Hashtable<String, String> tenantReaderRoleCSIDs,\r
+ Hashtable<String, String> tenantAdminAcctCSIDs, Hashtable<String, String> tenantReaderAcctCSIDs) \r
+ throws SQLException, Exception {\r
+ // Sixth, bind the accounts to roles. If the users already existed,\r
+ // we'll assume they were set up correctly.\r
+ PreparedStatement pstmt = null;\r
+ try {\r
+ String insertAccountRoleSQL;\r
+ if (databaseProductType == DatabaseProductType.MYSQL) {\r
+ insertAccountRoleSQL = INSERT_ACCOUNT_ROLE_SQL_MYSQL;\r
+ } else if (databaseProductType == DatabaseProductType.POSTGRESQL) {\r
+ insertAccountRoleSQL = INSERT_ACCOUNT_ROLE_SQL_POSTGRES;\r
+ } else {\r
+ throw new Exception("Unrecognized database system.");\r
+ }\r
+ if (logger.isDebugEnabled()) {\r
+ logger.debug("createDefaultAccounts binding accounts to roles with SQL:\n"\r
+ +insertAccountRoleSQL);\r
+ }\r
+ pstmt = conn.prepareStatement(insertAccountRoleSQL); // create a statement\r
+ for(String tId : tenantInfo.keySet()) {\r
+ String adminUserId = getDefaultAdminUserID(tenantInfo.get(tId));\r
+ if(!usersInRepo.contains(adminUserId)) {\r
+ String adminAcct = tenantAdminAcctCSIDs.get(tId);\r
+ String adminRoleId = tenantAdminRoleCSIDs.get(tId);\r
+ pstmt.setString(1, adminAcct); // set acct CSID param\r
+ pstmt.setString(2, adminUserId); // set user_id param\r
+ pstmt.setString(3, adminRoleId); // set role_id param\r
+ pstmt.setString(4, getDefaultAdminRole(tId)); // set rolename param\r
+ if (logger.isDebugEnabled()) {\r
+ logger.debug("createDefaultAccounts binding account: "\r
+ +adminUserId+" to Admin role("+adminRoleId\r
+ +") for tenant id: "+tId);\r
+ }\r
+ pstmt.executeUpdate();\r
+ // Now add the Spring Admin Role to the admin accounts\r
+ pstmt.setString(3, springAdminRoleCSID); // set role_id param\r
+ pstmt.setString(4, SPRING_ADMIN_ROLE); // set rolename param\r
+ if (logger.isDebugEnabled()) {\r
+ logger.debug("createDefaultAccounts binding account: "\r
+ +adminUserId+" to Spring Admin role: "+springAdminRoleCSID);\r
+ }\r
+ pstmt.executeUpdate();\r
+ }\r
+ String readerUserId = getDefaultReaderUserID(tenantInfo.get(tId));\r
+ if(!usersInRepo.contains(readerUserId)) {\r
+ String readerAcct = tenantReaderAcctCSIDs.get(tId);\r
+ String readerRoleId = tenantReaderRoleCSIDs.get(tId);\r
+ pstmt.setString(1, readerAcct); // set acct CSID param\r
+ pstmt.setString(2, readerUserId); // set user_id param\r
+ pstmt.setString(3, readerRoleId); // set role_id param\r
+ pstmt.setString(4, getDefaultReaderRole(tId)); // set rolename param\r
+ if (logger.isDebugEnabled()) {\r
+ logger.debug("createDefaultAccounts binding account: "\r
+ +readerUserId+" to Reader role("+readerRoleId\r
+ +") for tenant id: "+tId);\r
+ }\r
+ pstmt.executeUpdate();\r
+ }\r
+ }\r
+ pstmt.close();\r
+ } catch(Exception e) {\r
+ throw e;\r
+ } finally {\r
+ if(pstmt!=null)\r
+ pstmt.close();\r
+ }\r
+ }\r
+ \r
+ private static void bindTenantManagerAccountRole(Connection conn, DatabaseProductType databaseProductType,\r
+ String tenantManagerUserID, String tenantManagerAccountID, String tenantManagerRoleID, String tenantManagerRoleName ) \r
+ throws SQLException, Exception {\r
+ PreparedStatement pstmt = null;\r
+ try {\r
+ String insertAccountRoleSQL;\r
+ if (databaseProductType == DatabaseProductType.MYSQL) {\r
+ insertAccountRoleSQL = INSERT_ACCOUNT_ROLE_SQL_MYSQL;\r
+ } else if (databaseProductType == DatabaseProductType.POSTGRESQL) {\r
+ insertAccountRoleSQL = INSERT_ACCOUNT_ROLE_SQL_POSTGRES;\r
+ } else {\r
+ throw new Exception("Unrecognized database system.");\r
+ }\r
+ if (logger.isDebugEnabled()) {\r
+ logger.debug("bindTenantManagerAccountRole binding account to role with SQL:\n"\r
+ +insertAccountRoleSQL);\r
+ }\r
+ pstmt = conn.prepareStatement(insertAccountRoleSQL); // create a statement\r
+ pstmt.setString(1, tenantManagerAccountID); // set acct CSID param\r
+ pstmt.setString(2, tenantManagerUserID); // set user_id param\r
+ pstmt.setString(3, tenantManagerRoleID); // set role_id param\r
+ pstmt.setString(4, tenantManagerRoleName); // set rolename param\r
+ if (logger.isDebugEnabled()) {\r
+ logger.debug("bindTenantManagerAccountRole binding user: "\r
+ +tenantManagerUserID+" to Admin role("+tenantManagerRoleName+")");\r
+ }\r
+ pstmt.executeUpdate();\r
+ /* At this point, tenant manager should not need the Spring Admin Role\r
+ pstmt.setString(3, springAdminRoleCSID); // set role_id param\r
+ pstmt.setString(4, SPRING_ADMIN_ROLE); // set rolename param\r
+ if (logger.isDebugEnabled()) {\r
+ logger.debug("createDefaultAccounts binding account: "\r
+ +adminUserId+" to Spring Admin role: "+springAdminRoleCSID);\r
+ }\r
+ pstmt.executeUpdate();\r
+ */\r
+ pstmt.close();\r
+ } catch(Exception e) {\r
+ throw e;\r
+ } finally {\r
+ if(pstmt!=null)\r
+ pstmt.close();\r
+ }\r
+ }\r
+ \r
+ public static void createDefaultAccounts(TenantBindingConfigReaderImpl tenantBindingConfigReader) {\r
+ if (logger.isDebugEnabled()) {\r
+ logger.debug("ServiceMain.createDefaultAccounts starting...");\r
+ }\r
+ \r
+ Hashtable<String, String> tenantInfo = getTenantNamesFromConfig(tenantBindingConfigReader);\r
+ \r
+ Connection conn = null;\r
+ // TODO - need to put in tests for existence first.\r
+ // We could just look for the accounts per tenant up front, and assume that\r
+ // the rest is there if the accounts are.\r
+ // Could add a sql script to remove these if need be - Spring only does roles, \r
+ // and we're not touching that, so we could safely toss the \r
+ // accounts, users, account-tenants, account-roles, and start over.\r
+ try {\r
+ DatabaseProductType databaseProductType = JDBCTools.getDatabaseProductType();\r
+ conn = getConnection();\r
+ ArrayList<String> existingTenants = compileExistingTenants(conn, tenantInfo);\r
+ \r
+ createMissingTenants(conn, tenantInfo, existingTenants);\r
+ \r
+ ArrayList<String> usersInRepo = findOrCreateDefaultUsers(conn, tenantInfo);\r
+ \r
+ Hashtable<String, String> tenantAdminAcctCSIDs = new Hashtable<String, String>();\r
+ Hashtable<String, String> tenantReaderAcctCSIDs = new Hashtable<String, String>();\r
+ findOrCreateDefaultAccounts(conn, tenantInfo, usersInRepo,\r
+ tenantAdminAcctCSIDs, tenantReaderAcctCSIDs);\r
+\r
+ bindDefaultAccountsToTenants(conn, databaseProductType, tenantInfo, usersInRepo,\r
+ tenantAdminAcctCSIDs, tenantReaderAcctCSIDs);\r
+ \r
+ Hashtable<String, String> tenantAdminRoleCSIDs = new Hashtable<String, String>();\r
+ Hashtable<String, String> tenantReaderRoleCSIDs = new Hashtable<String, String>();\r
+ String springAdminRoleCSID = findOrCreateDefaultRoles(conn, tenantInfo,\r
+ tenantAdminRoleCSIDs, tenantReaderRoleCSIDs);\r
+ \r
+ bindAccountsToRoles(conn, databaseProductType,\r
+ tenantInfo, usersInRepo, springAdminRoleCSID,\r
+ tenantAdminRoleCSIDs, tenantReaderRoleCSIDs,\r
+ tenantAdminAcctCSIDs, tenantReaderAcctCSIDs);\r
+ \r
+ boolean createdTenantMgrAccount = findOrCreateTenantManagerUserAndAccount(conn);\r
+ if(createdTenantMgrAccount) {\r
+ // If we created the account, we need to create the bindings. Otherwise, assume they\r
+ // are all set (from previous initialization).\r
+ String tenantManagerRoleCSID = findTenantManagerRole(conn);\r
+ bindTenantManagerAccountRole(conn, databaseProductType, \r
+ TENANT_MANAGER_USER, AuthN.TENANT_MANAGER_ACCT_ID, \r
+ tenantManagerRoleCSID, ROLE_ALL_TENANTS_MANAGER);\r
+ }\r
} catch (RuntimeException rte) {\r
if (logger.isDebugEnabled()) {\r
logger.debug("Exception in createDefaultAccounts: "+\r
try {\r
if(conn!=null)\r
conn.close();\r
- if(pstmt!=null)\r
- pstmt.close();\r
- if(stmt!=null)\r
- stmt.close();\r
} catch (SQLException sqle) {\r
if (logger.isDebugEnabled()) {\r
logger.debug("SQL Exception closing statement/connection: "\r
try {\r
em = emf.createEntityManager();\r
\r
- Role superRole = AuthorizationCommon.getRole(em, ADMINISTRATOR_TENANT_ID, ROLE_ADMINISTRATOR);\r
Hashtable<String, TenantBindingType> tenantBindings =\r
tenantBindingConfigReader.getTenantBindings();\r
for (String tenantId : tenantBindings.keySet()) {\r
+ ":" + transitionDef.getName()\r
+ ":" + ACTIONGROUP_RL\r
+ ":" + profiler.getCumulativeTime()); \r
- /*\r
- //\r
- // Create the permission for the super-admin role. Note we use the same "adminPerm" instance we used for the "adminPermRole" instance\r
- //\r
- persist(em, adminPerm, superRole, false);\r
- */\r
}\r
em.getTransaction().commit();\r
} catch (IllegalStateException e) {\r
projects / tmp / jakarta-migration.git / commitdiff