/*
   jGuard is a security framework based on top of jaas (java authentication and authorization security).
   it is written for web applications, to resolve simply, access control problems.
   version $Name$
   http://sourceforge.net/projects/jguard/
   
   Copyright (C) 2004  Charles GAY
   
   This library is free software; you can redistribute it and/or
  modify it under the terms of the GNU Lesser General Public
  License as published by the Free Software Foundation; either
  version 2.1 of the License, or (at your option) any later version.
  
  This library is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  Lesser General Public License for more details.
  
  You should have received a copy of the GNU Lesser General Public
  License along with this library; if not, write to the Free Software
  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  
  
  jGuard project home page:
  http://sourceforge.net/projects/jguard/
  
  */
  package net.sf.jguard.ext.authorization.manager;
  
  import net.sf.jguard.core.authorization.manager.AuthorizationManager;
  import java.security.Permission;
  import java.security.Principal;
  import java.sql.Connection;
  import java.sql.PreparedStatement;
  import java.sql.ResultSet;
  import java.sql.SQLException;
  import java.util.ArrayList;
  import java.util.Arrays;
  import java.util.HashMap;
  import java.util.HashSet;
  import java.util.Iterator;
  import java.util.List;
  import java.util.Map;
  import java.util.Properties;
  import java.util.Set;
  import java.util.Stack;
  
  import javax.sql.DataSource;
  
  import net.sf.jguard.core.CoreConstants;
  import net.sf.jguard.core.PolicyEnforcementPointOptions;
  import net.sf.jguard.core.authorization.permissions.Domain;
  import net.sf.jguard.core.authorization.permissions.JGPermissionCollection;
  import net.sf.jguard.core.authorization.permissions.JGPositivePermissionCollection;
  import net.sf.jguard.core.authorization.permissions.NoSuchPermissionException;
  import net.sf.jguard.core.authorization.permissions.PermissionUtils;
  import net.sf.jguard.core.principals.RolePrincipal;
  import net.sf.jguard.ext.JdbcManager;
  import net.sf.jguard.ext.JdbcManagerHelper;
  import net.sf.jguard.ext.SecurityConstants;
  import net.sf.jguard.core.authorization.AuthorizationException;
  import net.sf.jguard.ext.database.ConnectionFactory;
  import net.sf.jguard.ext.database.DatabaseUtils;
  import org.slf4j.Logger;
  import org.slf4j.LoggerFactory;
  
  /**
   * jdbc-based AuthorizationManager class used for all database backend.
   * @author <a href="mailto:diabolo512@users.sourceforge.net">Charles Gay</a>
   * @author <a href="mailto:vinipitta@users.sourceforge.net">Vinicius Pitta Lima de Araujo</a>
   * @author <a href="mailto:tandilero@users.sourceforge.net">Maximiliano Batelli</a>
   */
  public class JdbcAuthorizationManager extends AbstractAuthorizationManager implements AuthorizationManager,JdbcManager{
  
  	private static final Logger logger = LoggerFactory.getLogger(JdbcAuthorizationManager.class.getName());
  
  
      protected static final String NAME = "name";
      protected static final String DOMAIN_NAME= "domain_name";
  
      //domainIds is only dedicated to the jdbc subclasses
      protected Map domainIds;
  
      //table and index names
      protected static String jgDomainSeq ="jg_domain_seq";
      protected static String jgPermissionSeq ="jg_permission_seq";
      protected static String jgAppPrincipalSeq ="jg_app_principal_seq";
      protected static String jgUrlQuerySeq ="jg_url_query_seq";
      protected static String jgPrincipalDomain ="jg_principal_domain";
      protected static String jgDomain ="jg_domain";
      protected static String jgAppPrincipal ="jg_app_principal";
      protected static String jgPrincipalPermission ="jg_principal_permission";
      protected static String jgPermission= "jg_permission";
      protected static String jgUrlQuery = "jg_urlquery";
      protected static String jgPrincipalHierarchy = "jg_principal_principal";
  
      //SQL queries
      protected String PRINCIPALS_HIERARCHY = "PRINCIPALS_HIERARCHY";
      protected String CREATE_PRINCIPAL_INHERITANCE = "CREATE_PRINCIPAL_INHERITANCE";
     protected String DELETE_PRINCIPAL_INHERITANCE = "DELETE_PRINCIPAL_INHERITANCE";
 
 
     protected String PRINCIPALS="PRINCIPALS";
     protected  String PERMISSIONS_FROM_PRINCIPAL="PERMISSIONS_FROM_PRINCIPAL";
     protected  String PERMISSIONS_FROM_DOMAINS="PERMISSIONS_FROM_DOMAINS";
     protected  String PERMISSIONS="PERMISSIONS";
     protected  String CREATE_PERMISSION="CREATE_PERMISSION";
     protected  String CREATE_DOMAIN="CREATE_DOMAIN";
     protected  String CREATE_PRINCIPAL_PERMISSION="CREATE_PRINCIPAL_PERMISSION";
     protected  String CREATE_PRINCIPAL_DOMAIN="CREATE_PRINCIPAL_DOMAIN";
     protected  String DOMAINS="DOMAINS";
     //delete a domain
     protected  String DELETE_DOMAIN="DELETE_DOMAIN";
     //delete all the association in jg_principal_domain for a specific principal
     protected  String DELETE_PRINCIPAL_DOMAIN="DELETE_PRINCIPAL_DOMAIN";
     //delete the associations in jg_principal_domain for a specific domain
     protected  String DELETE_DOMAIN_PRINCIPAL="DELETE_DOMAIN_PRINCIPAL";
 
     protected String UPDATE_DOMAIN="UPDATE_DOMAIN";
     protected  String UPDATE_PERMISSION="UPDATE_PERMISSION";
     protected  String CHANGE_DOMAIN_PERMISSION="CHANGE_DOMAIN_PERMISSION";
     protected  String DELETE_PRINCIPAL="DELETE_PRINCIPAL";
     protected  String CREATE_PRINCIPAL="CREATE_PRINCIPAL";
     protected  String UPDATE_PRINCIPAL="UPDATE_PRINCIPAL";
     //delete a permission
     protected  String DELETE_PERMISSION="DELETE_PERMISSION";
     //delete all the association in jg_principal_domain for a specific principal
     protected  String DELETE_PRINCIPAL_PERMISSION="DELETE_PRINCIPAL_PERMISSION";
     //delete the associations in jg_principal_permission for a specific permission
     protected  String DELETE_PERMISSION_PRINCIPAL="DELETE_PERMISSION_PRINCIPAL";
     protected  String READ_PERMISSION_ID="READ_PERMISSION_ID";
     protected  String READ_DOMAIN_ID ="READ_DOMAIN_ID";
     protected  String READ_PRINCIPAL_ID ="READ_PRINCIPAL_ID";
 
     private Properties props;
 
     private ConnectionFactory connectionFactory = null;
 
     /**
      * initialize this jdbc AuthorizationManager.
      * @param options a Map which contains informations to configure the AuthorizationManager implementation.
      */
     public JdbcAuthorizationManager(Map options) {
        
     	super(options);
 
         //initialize database connection factory
     	connectionFactory = new ConnectionFactory(options);
         init(options,connectionFactory);
 
     }
     
      /**
      * initialize this jdbc AuthorizationManager.
      * this constructor can be useful if you use one Inversion of Control (IoC) container.
      * this constructor can be used with Ioc type 3 (injection by constructor).
      * @param dataSource datasource to use to grab JDBC connections.
      * @param options a Map which contains informations to configure the AuthorizationManager implementation.
      */
     public JdbcAuthorizationManager(DataSource dataSource,Map options) {
     	super(options);
         //initialize database connection factory
     	connectionFactory = new ConnectionFactory(dataSource);
         init(options,connectionFactory);
 
     }
 
     private void init(Map options, ConnectionFactory connectionFactory){
         super.options = options;
         props = new Properties();
         
         domainIds = new HashMap();
         
         String applicationName= (String)options.get(PolicyEnforcementPointOptions.APPLICATION_NAME.getLabel());
         this.setApplicationName(applicationName);
         
         Map jdbcMap = new HashMap();
         
         String dbPropertiesLocation = (String)options.get(CoreConstants.AUTHORIZATION_DATABASE_FILE_LOCATION);
         jdbcMap.put(JdbcManagerHelper.DB_PROPERTIES_LOCATION,dbPropertiesLocation);
         String createRequiredDatabaseEntities = (String)options.get(SecurityConstants.AUTHORIZATION_DATABASE_CREATE_REQUIRED_DATABASE_ENTITIES);
         jdbcMap.put(JdbcManagerHelper.CREATE_REQUIRED_DATABASE_ENTITIES, createRequiredDatabaseEntities);
         String importXmlDataKey = SecurityConstants.AUTHORIZATION_DATABASE_IMPORT_XML_DATA;
         jdbcMap.put(JdbcManagerHelper.IMPORT_XML_DATA_KEY, importXmlDataKey);
         String importXmlDataValue = (String)options.get(SecurityConstants.AUTHORIZATION_DATABASE_IMPORT_XML_DATA);
         jdbcMap.put(JdbcManagerHelper.IMP0RT_XML_DATA_VALUE, importXmlDataValue);
         jdbcMap.put(JdbcManagerHelper.XML_FILE_NAME, "jGuardPrincipalsPermissions.xml");
     	JdbcManagerHelper.jdbcInit(this,connectionFactory,props,jdbcMap);
         init();
     }
 
 	
     /**
      * initialize Principals and permissions.
      */
     private void init() {
 
         urlp = initPermissions();
         principalsSet = initPrincipals();
         Iterator itPrincipalsSet = principalsSet.iterator();
 
         //populate the corresponding Map to the Set
         while(itPrincipalsSet.hasNext()){
             RolePrincipal tempPrincipal = (RolePrincipal)itPrincipalsSet.next();
             principals.put(tempPrincipal.getLocalName(),tempPrincipal);
         }
     }
 
     /**
      * return needed initialization parameters.
      * @return initialization parameters' list
      * @see net.sf.jguard.ext.authorization.manager.AuthorizationManager#getInitParameters()
      */
     public List getInitParameters() {
 
         String[] authorizationParameters = {"authorizationUrl","authorizationLogin",
                                             "authorizationPassword","authorizationDriver"};
         return Arrays.asList(authorizationParameters);
     }
 
 
     /**
      * initialize principals.
      * regroup Principals in a Set.
      * @return principals Set
      */
     private Set initPrincipals() {
 
         Set ppals = new HashSet();
         Map principalsMap = new HashMap();
         PreparedStatement pst;
         PreparedStatement pst2;
         PreparedStatement pst3;
         ResultSet rs;
         ResultSet rs2;
         ResultSet rs3;
        
         Connection connection = null;
        try {
     	   	   connection = connectionFactory.getConnection();
                pst= connection.prepareStatement(props.getProperty(PRINCIPALS));
                rs = pst.executeQuery();
 
                while(rs.next()){
                    RolePrincipal  tempJGuardPrincipal = new RolePrincipal();
                    tempJGuardPrincipal.setName(this.applicationName+"#"+rs.getString(NAME));
                    String name = rs.getString(NAME);
 
                    //domains names owned by this principal
                    Set domainNames = new HashSet();
 
                    //add permissions from principal via domains
                    pst3 = connection.prepareStatement(props.getProperty(PERMISSIONS_FROM_DOMAINS));
                    pst3.setString(1,name);
                    rs3 = pst3.executeQuery();
 
                    //fill principal object with the permissions bound to domains owned by the current principal
                    while(rs3.next()){
                     String domainName = rs3.getString(DOMAIN_NAME);
 	                        if(!domainNames.contains(domainName)){
 		                            domainNames.add(domainName);
 	                            logger.debug(" add domain "+domainName+" to principal "+tempJGuardPrincipal.getLocalName());
 		                            JGPermissionCollection domainTemp = (JGPermissionCollection)domains.get(domainName);
 		                            tempJGuardPrincipal.addDomain(domainTemp);
 		                        }
 
 	                    }
 
                    //add permissions not bound with a domain owned by this principal
                    pst2 = connection.prepareStatement(props.getProperty(PERMISSIONS_FROM_PRINCIPAL));
                    pst2.setString(1,name);
                    rs2 = pst2.executeQuery();
 
                    //fill principal object with their permissions
                    while(rs2.next()){
                     String permissionName = rs2.getString(NAME);
                     Permission perm;
 						try {
 							perm = (Permission)urlp.getPermission(permissionName);
 	                    tempJGuardPrincipal.addPermission(perm);
 						} catch (NoSuchPermissionException e) {
 	                    	logger.warn(" permission "+permissionName+" is not present in the JGPermissionCollection ");
 	                    }
                    }
 
                    ppals.add(tempJGuardPrincipal);
                    principalsMap.put(tempJGuardPrincipal.getLocalName(), tempJGuardPrincipal);
                }
 
 
 
                rs.close();
                pst.close();
 
                pst = connection.prepareStatement(props.getProperty(PRINCIPALS_HIERARCHY));
                rs = pst.executeQuery();
 
                RolePrincipal ascendantPrincipal = null;
 
                while (rs.next()) {
                    String principalAscendantName = rs.getString(1);
                    String principalDescendantName = rs.getString(2);
 
                    if (ascendantPrincipal == null || !ascendantPrincipal.getLocalName().equals(principalAscendantName)) {
                        ascendantPrincipal = (RolePrincipal) principalsMap.get(principalAscendantName);
                    }
                    
                    RolePrincipal descendant = (RolePrincipal)principalsMap.get(principalDescendantName);
                    ascendantPrincipal.getDescendants().add(descendant);
 
                    logger.info("Principal " + principalAscendantName + " inherites from principal " + principalDescendantName);
                }
 
                rs.close();
                pst.close();
 
        } catch (SQLException e) {
 			if (logger.isDebugEnabled()) {
 				logger.debug("initPrincipals in AuthorizationManager SQL ERROR "+ e.getMessage());
 			}
        }finally{
            try {
                connection.close();
            } catch (SQLException e1) {
 				logger.error( "listPrincipals()", e1);
            }
        }
 
         return ppals;
     }
 
     /**
      * initialize permissions.
      * regroup permissions in a JGPermissionCollection.
      * @return JGPermissionCollection
      */
     private JGPermissionCollection initPermissions() {
 
         JGPermissionCollection urlPc= new JGPositivePermissionCollection();
         Permission  tempPermission = null;
         String tempPermissionName="";
         Connection connection2 = null;
         try {
                 //get the domains (although the empty domains)
         		connection2 = connectionFactory.getConnection();
                 PreparedStatement pst2 = connection2.prepareStatement(props.getProperty(DOMAINS));
                 ResultSet rs2 = pst2.executeQuery();
                 while(rs2.next()){
                     String domainName = rs2.getString(NAME);
                     Long domainId = new Long((rs2.getInt("id")));
                     JGPermissionCollection domain = new Domain(domainName);
                     domainsSet.add(domain);
                     domains.put(domainName,domain);
                     domainIds.put(domainName,domainId);
                     Connection connection = null;
                     try{
 			                    connection = connectionFactory.getConnection();
 			                    PreparedStatement pst = connection.prepareStatement(props.getProperty(PERMISSIONS));
 			                    pst.setLong(1,domainId.longValue());
 			                    ResultSet rs = pst.executeQuery();
 			
 			                   //get the corresponding permissions
 			                    while(rs.next()){
 			
 			                        //new permission
 			                        if(rs.getString(NAME).equals(tempPermissionName)==false){
 			                            if(tempPermission!=null){
 			                                urlPc.add(tempPermission);
 			                            }
 			                            String clazz = rs.getString(("class"));
 			            		        String actions = rs.getString(("actions"));
 			                            try {
 											tempPermission = PermissionUtils.getPermission(clazz,rs.getString(NAME),actions);
 										} catch (ClassNotFoundException e) {
 											logger.warn(e.getMessage());
 											continue;
 										}
 			                            permissions.put(tempPermission.getName(),tempPermission);
 			                            permissionsSet.add(tempPermission);
 			                            //add the Permission to the domain
 			                            ((JGPermissionCollection)domains.get(domainName)).add(tempPermission);
 			
 			                        }
 			                    }
 			
 			                    //add the last permission
 			                    if(tempPermission!=null){
 			                        urlPc.add(tempPermission);
 			                    }
                     }finally{
                     	connection.close();
                     }
 
                 }
 
 
        } catch (SQLException e) {
 
 			if (logger.isDebugEnabled()) {
 				logger.debug("listPermissions() - initializePermissions in AuthorizationManager SQL ERROR "+ e.getMessage());
 			}
 
        }finally{
     	   try {
 			connection2.close();
 		} catch (SQLException e) {
 			throw new RuntimeException(e);
 		}
        }
 
         return urlPc;
     }
 
     
 
 	public void createRequiredDatabaseEntities(Properties properties,ConnectionFactory connectionFactory) {
 
         //we create tables
         List tablesNames = new ArrayList();
         tablesNames.add("JG_DOMAIN");
         tablesNames.add("JG_APP_PRINCIPAL");
         tablesNames.add("JG_PERMISSION");
         tablesNames.add("JG_PRINCIPAL_PERMISSION");
         tablesNames.add("JG_PRINCIPAL_DOMAIN");
         tablesNames.add("JG_PRINCIPAL_HIERARCHY");
 
         List sequencesNames = new ArrayList();
         sequencesNames.add("JG_APP_PRINCIPAL_SEQ");
         sequencesNames.add("JG_PERMISSION_SEQ");
         sequencesNames.add("JG_DOMAIN_SEQ");
 
         List foreignkeysNames = new ArrayList();
 		foreignkeysNames.add("FK_PERMISSION_PRINCIPAL");
 		foreignkeysNames.add("FK_PRINCIPAL_PERMISSION");
 		foreignkeysNames.add("FK_DOMAIN_PRINCIPAL");
 		foreignkeysNames.add("FK_PRINCIPAL_DOMAIN");
 		foreignkeysNames.add("FK_PERMISSION_DOMAIN");
 		foreignkeysNames.add("FK_PRINCIPAL_HIERARCHY_PRINCIPAL");
 		foreignkeysNames.add("FK_PRINCIPAL_HIERARCHY_PRINCIPAL2");
 
         //initialise database
         DatabaseUtils.createRequiredDatabaseEntities(properties,connectionFactory,sequencesNames,tablesNames,foreignkeysNames);
 
 	}
 
 
 
 	/**
      * create an URLPermission int the corresponding backend.
      * @param permission URLPermission
      * @param domainName the domain the permission belongs to
      * @throws AuthorizationException
      * @see net.sf.jguard.ext.authorization.manager.AuthorizationManager#createPermission(java.security.Permission, java.lang.String)
      */
     public void createPermission(Permission permission,String domainName) throws AuthorizationException {
 
 
     	Connection conn = null;
         PreparedStatement pst = null;
         //name,uri,description,scheme,domain_id
         try {
         	conn = connectionFactory.getConnection();
             pst = conn.prepareStatement(props.getProperty(CREATE_PERMISSION));
 
             pst.setString(1,permission.getName());
             pst.setString(2,permission.getActions());
             pst.setString(3,permission.getClass().getName());
             Long domainId =(Long)domainIds.get(domainName);
             pst.setLong(4,domainId.longValue());
             pst.executeUpdate();
             
             //add the permission to the permissionCollection
             urlp.add(permission);
 				if (logger.isDebugEnabled()) {
 					logger.debug("createPermission() - " + permission
 							+ " added!");
 					logger.debug("createPermission() - permissions: " + urlp);
 				}
             //add the permission to its Domain
             JGPermissionCollection domain = (JGPermissionCollection)domains.get(domainName);
             domain.add(permission);
             permissions.put(permission.getName(),permission);
             permissionsSet.add(permission);
 
             /*
              * udpate the permission list from all principals that have relationship with this
              * domain. Is this is not done the change will not affect the users principals in this webapp
              * while the application is not reloaded.
              */
             this.updatePrincipals(permission);
 
 
         } catch (SQLException e) {
 			logger.error( "createPermission(URLPermission, String)", e);
         }finally{
             try {
             	pst.close();
                 conn.close();
             } catch (SQLException e1) {
 				logger.error( "createPermission(URLPermission, String)", e1);
             }
         }
 
 
     }
 
 
 
     /**
      * update the URLPermission.
      * @param oldPermissionName
      * @param perm
      * @param newDomainName
      * @throws AuthorizationException
      * @see net.sf.jguard.ext.authorization.manager.AuthorizationManager#updatePermission(java.lang.String, java.security.Permission, java.lang.String)
      */
     public void updatePermission(String oldPermissionName, Permission perm, String newDomainName) throws AuthorizationException {
 
         
         PreparedStatement pst;
         Connection conn = null;
 
             try {
             	conn = connectionFactory.getConnection();
             	conn.setAutoCommit(false);
 				pst = conn.prepareStatement(props.getProperty(UPDATE_PERMISSION));
 
 			// name
             pst.setString(1,perm.getName());
             //actions
             pst.setString(2,perm.getActions());
             //class
             pst.setString(3,perm.getClass().getName());
             //domainId
             pst.setLong(4,((Long)domainIds.get(newDomainName)).longValue());
             //old Permission Name
             pst.setString(5,oldPermissionName);
             pst.executeUpdate();
 
             JGPermissionCollection newDomain = (JGPermissionCollection)domains.get(newDomainName);
 
 	            // we are looking for the old domain which contains the updated permission
             Iterator itDomains = domainsSet.iterator();
             Permission oldPermission = (Permission) permissions.get(oldPermissionName);
             while(itDomains.hasNext()){
                 JGPermissionCollection domain = (JGPermissionCollection)itDomains.next();
 
                 if(domain.containsPermission(oldPermission)){
                     domain.removePermission(oldPermission);
                     //only one domain can contain a permission
                     //so, when we found the 'old' domain which contain the searched permission
                     //we break the loop
                     break;
                 }
             }
 
             //update the "in memory" permission
 			urlp.removePermission(oldPermission);
             urlp.add(perm);
             permissions.remove(oldPermissionName);
             permissions.put(perm.getName(),perm);
             Iterator itPermissionsSet = permissionsSet.iterator();
             while(itPermissionsSet.hasNext()){
             	Permission tempPerm = (Permission)itPermissionsSet.next();
             	if(tempPerm.getName().equals(oldPermissionName)){
             		permissionsSet.remove(tempPerm);
             		break;
             	}
             }
             permissionsSet.add(perm);
             //add the updated permission to the new domain
             newDomain.add(perm);
 
             //update principals
             this.updatePrincipals(perm);
 	            //we only commit SQL changes if SQL and memory changes are synchronized:
 	            //i.e no exception has been raised on the memory scope
 	            conn.commit();
             } catch (SQLException e) {
                 throw new AuthorizationException(e);
             }finally{
                 try {
                     conn.close();
                 } catch (SQLException e1) {
     				logger.error( "updatePermission(String, URLPermission, String)",	e1);
                 }
             }
     }
 
 
 
     /**
      * delete the permission.
      * @param permissionName
      * @see net.sf.jguard.ext.authorization.manager.AuthorizationManager#deletePermission(java.lang.String)
      */
     public void deletePermission(String permissionName) throws AuthorizationException {
 
        
         PreparedStatement pst;
         PreparedStatement pst2;
         Connection conn = null;
         try {
         	conn = connectionFactory.getConnection();
         	conn.setAutoCommit(false);
             //delete associations in jg_principal_permisison
             //before suppress the corresponding permission
             pst = conn.prepareStatement(props.getProperty(DELETE_PERMISSION_PRINCIPAL));
             pst.setString(1,permissionName);
             logger.debug(props.getProperty(DELETE_PERMISSION_PRINCIPAL));
             logger.debug("permissionName="+permissionName);
             pst.executeUpdate();
             pst.close();
 
             pst2 = conn.prepareStatement(props.getProperty(DELETE_PERMISSION));
             pst2.setString(1,permissionName);
             pst2.executeUpdate();
 
             this.removePermissionFromPrincipals(permissionName);
             Permission permission = null;
 			try {
 				permission = (Permission)urlp.getPermission(permissionName);
 			} catch (NoSuchPermissionException e) {
 				throw new AuthorizationException(e);
 			}
             Domain domain = getDomain(permission);
             domain.removePermission(permission);
             permissions.remove(permission.getName());
             permissionsSet.remove(permission);
             urlp.removePermission(permission);
             //update the principals that have this permission by the domain that own this permission
             this.updatePrincipals(domain);
 
             Iterator urlpIt = urlp.getPermissions().iterator();
             while(urlpIt.hasNext()){
                 Permission tempPermission = (Permission)urlpIt.next();
                 if(tempPermission.getName().equals(permissionName)){
                     //remove the permission in the Set
                     getDomain(tempPermission).removePermission(tempPermission);
                     //remove the permission in the permissionCollection
                     urlpIt.remove();
                     break;
                 }
 
             }
             conn.commit();
         } catch (SQLException e) {
 			logger.error( "deletePermission(String)", e);
         }finally{
             try {
                 conn.close();
             } catch (SQLException e1) {
 				logger.error( "deletePermission(String)", e1);
             }
         }
 
     }
 
 
     /**
      * create a new domain.
      * @param domainName
      * @see net.sf.jguard.ext.authorization.manager.AuthorizationManager#createDomain(java.lang.String)
      */
     public void createDomain(String  domainName) throws AuthorizationException {
         
         PreparedStatement pst;
         PreparedStatement pst2;
         ResultSet rs2;
         Connection conn = null;
         try {
         	conn = connectionFactory.getConnection();
             pst = conn.prepareStatement(props.getProperty(CREATE_DOMAIN));
             pst.setString(1,domainName);
             pst.executeUpdate();
             JGPermissionCollection newDomain = new Domain(domainName);
             pst2 = conn.prepareStatement(props.getProperty(READ_DOMAIN_ID));
             pst2.setString(1,domainName);
             rs2 = pst2.executeQuery();
             conn.commit();
             //there must be only one result
             rs2.next();
             domains.put(domainName,newDomain);
             domainsSet.add(newDomain);
             domainIds.put(domainName,new Long(rs2.getLong("id")));
 
         } catch (SQLException e) {
 			logger.error( "createDomain(String)", e);
         }finally{
             try {
                 conn.close();
             } catch (SQLException e1) {
 				logger.error( "createDomain(String)", e1);
             }
         }
 
     }
 
     /**
      * change the domain name.
      * @param newDomainName
      * @param oldDomainName
      * @see net.sf.jguard.ext.authorization.manager.AuthorizationManager#updateDomain(java.lang.String, java.lang.String)
      */
     public void updateDomain(String newDomainName,String oldDomainName) throws AuthorizationException {
         
         PreparedStatement pst;
         PreparedStatement pst2;
         ResultSet rs2;
         Connection conn = null;
         try {
         	conn = connectionFactory.getConnection();
             pst = conn.prepareStatement(props.getProperty(UPDATE_DOMAIN));
             pst.setString(1,newDomainName);
             pst.setString(2,oldDomainName);
             pst.executeUpdate();
             //if the database update is right, we can update the in memory reference
             Domain updatedDomain = ((Domain)domains.get(oldDomainName));
             /*
              * 2005-05-18 Vinícius: Order of methods call changed to fix the
              * bug 1205011
              *
              * before update the domain name we must remove the domain from
              * domainsSet set because this operations depends of equals method
              * from Domain that compare the domains names, otherwise the
              * remove method from the Set final type will not be able to find
              * the right instance with the equals method and will not remove
              * the Domain from domainsSet. The wrong call sequence cause the
              * domain to be duplicated in the set (in memory domain list).
              *
              * I am note sure about "why" the old domain instance on the
              * domainsSet still with the old name because the domainsSet and
              * domains map are supposed to share the same instance of Domain.
              * So the change on domain instance from the domains map must to
              * means one change on domain instance from domainsSet that share the
              * same instance!
              *
              * I conclude that in some place of the code that load domains
              * and permissions, more than one Domain instance are created
              * to represents the same domain.
              */
             domainsSet.remove(domains.get(oldDomainName));
             //now we can safe update the domain name
             updatedDomain.setName(newDomainName);
 
             domains.remove(oldDomainName);
             //I think that this call was forgotten
             domainIds.remove(oldDomainName);
 
             domains.put(newDomainName,updatedDomain);
 
             pst2 = conn.prepareStatement(props.getProperty(READ_DOMAIN_ID));
             pst2.setString(1,newDomainName);
             rs2 = pst2.executeQuery();
             //there must be only one result
             rs2.next();
             domainIds.put(newDomainName,new Long(rs2.getLong("id")));
             domainsSet.add(domains.get(updatedDomain.getName()));
 
             //update principals relationship with this domain
             this.updatePrincipals(updatedDomain, oldDomainName);
         } catch (SQLException e) {
 			logger.error( "updateDomain(String, String)", e);
         }finally{
             try {
                 conn.close();
             } catch (SQLException e1) {
 				logger.error( "updateDomain(String, String)", e1);
             }
         }
 
     }
 
 
     /**
      * delete a domain.
      * a domain can be deleted only if no permissions are bound to it.
      * @param domainName
      * @see net.sf.jguard.ext.authorization.manager.AuthorizationManager#deleteDomain(java.lang.String)
      */
     public void deleteDomain(String domainName) throws AuthorizationException {
         if(domains.get(domainName)== null){
             throw new AuthorizationException(" this domain does not exists ");
         }else if(((JGPermissionCollection)domains.get(domainName)).getPermissions().isEmpty()==false){
             throw new AuthorizationException(" there are "+
                     ((JGPermissionCollection)domains.get(domainName)).getPermissions().size()+" permissions bound to this domain ");
         }else{
 
             
             PreparedStatement pst;
             PreparedStatement pst2;
             Connection conn = null;
             try {
             	conn = connectionFactory.getConnection();
                 //delete associations between principals and this domain
                 pst2 = conn.prepareStatement(props.getProperty(DELETE_DOMAIN_PRINCIPAL));
                 pst2.setString(1,domainName);
                 pst2.executeUpdate();
 
                 pst = conn.prepareStatement(props.getProperty(DELETE_DOMAIN));
                 pst.setString(1,domainName);
                 pst.executeUpdate();
                 domainIds.remove(((Domain)domains.get(domainName)).getName());
                 domainsSet.remove(domains.get(domainName));
                 //if the database remove is right, we can remove the in memory reference
                 domains.remove(domainName);
 
                 //update principals that have relationship with this domain
                 super.removeDomainFromPrincipals(domainName);
             } catch (SQLException e) {
 				logger.error( "deleteDomain(String)", e);
             }finally{
                 try {
                     conn.close();
                 } catch (SQLException e1) {
 					logger.error( "deleteDomain(String)", e1);
                 }
             }
         }
     }
 
 
     /**
      * update the application Principal (role).
      * @param oldPrincipalName name of the principal to be replaced
      * @param principal the new principal updated
      * @see net.sf.jguard.ext.authorization.manager.AuthorizationManager#updatePrincipal(net.sf.jguard.core.principals.RolePrincipal)
      * @throws AuthorizationException
      */
     public void updatePrincipal(String oldPrincipalName, Principal principal) throws AuthorizationException {
         
         PreparedStatement pst;
         PreparedStatement pst2;
         PreparedStatement pst3;
         Connection conn = null;
 
         try {
         	conn = connectionFactory.getConnection();
             //delete old assocations between principal and permissions
             pst2 = conn.prepareStatement(props.getProperty(DELETE_PRINCIPAL_PERMISSION));
             pst2.setString(1,oldPrincipalName);
             logger.debug(props.getProperty(DELETE_PRINCIPAL_PERMISSION));
             logger.debug(oldPrincipalName);
             pst2.executeUpdate();
 
             //delete old assocations between principal and domains
             pst3 = conn.prepareStatement(props.getProperty(DELETE_PRINCIPAL_DOMAIN));
             pst3.setString(1,oldPrincipalName);
             pst3.executeUpdate();
 
             //update the principal name
             pst = conn.prepareStatement(props.getProperty(UPDATE_PRINCIPAL));
             pst.setString(1,getLocalName(principal));
             pst.setString(2,oldPrincipalName);
             pst.executeUpdate();
         } catch (SQLException e) {
 			logger.error( "updatePrincipal(String, RolePrincipal)", e);
             throw new AuthorizationException(e);
         }finally{
             try {
                 conn.close();
             } catch (SQLException e1) {
                throw new AuthorizationException(" connection cannot be closed ",e1);
             }
         }
             if(principal.getClass().equals(RolePrincipal.class)){
              
              boolean result= addDomainsAndPermissions((RolePrincipal)principal);
              if(!result){
                  //we dont update in memory principal because update fails
                  return;
              }
             }
             //if the database update is right, we can update the in memory reference
             Principal oldPal = (Principal)principals.remove(oldPrincipalName);
             principalsSet.remove(oldPal);
             principals.put(getLocalName(principal),principal);
             principalsSet.add(principal);
 
 
     }
 
     /**
      * @param principal
      * @return boolean true if update has been done and false otherwise.
      * @throws AuthorizationException
      */
     private boolean addDomainsAndPermissions(RolePrincipal principal) throws AuthorizationException {
 
         
         PreparedStatement pst4;
         PreparedStatement pst5;
         PreparedStatement pst6;
         PreparedStatement pst7;
         PreparedStatement pst8;
         ResultSet rs5;
         ResultSet rs6;
         ResultSet rs7;
         Connection conn = null;
         try {
         	conn = connectionFactory.getConnection();
             //retrieve the principal id
             pst6 = conn.prepareStatement(props.getProperty(READ_PRINCIPAL_ID));
 
         pst6.setString(1,getLocalName(principal));
         rs6 = pst6.executeQuery();
         long idPrincipal;
         if(rs6.next()){
          idPrincipal = rs6.getLong(1);
         }else{
             //throw new AuthorizationException(" the principal "+principal.getLocalName()+" is not present in the database : it hasn't got any id ");
             return false;
         }
         //add new assocations between  principal and permissions
         Set orphanedPermissions  = principal.getOrphanedPermissions();
         Iterator itOrphanedPermissions = orphanedPermissions.iterator();
         long idPermission;
 
         while(itOrphanedPermissions.hasNext()){
          Permission perm = (Permission)itOrphanedPermissions.next();
          pst5 = conn.prepareStatement(props.getProperty(READ_PERMISSION_ID));
          pst5.setString(1,perm.getName());
          rs5 = pst5.executeQuery();
          rs5.next();
          idPermission = rs5.getLong(1);
 
          pst8 = conn.prepareStatement(props.getProperty(CREATE_PRINCIPAL_PERMISSION));
          pst8.setLong(1,idPrincipal);
          pst8.setLong(2,idPermission);
          pst8.executeUpdate();
         }
 
         //add new assocations between  principal and domains
         Set  doms  = principal.getDomains();
         Iterator itDomains = doms.iterator();
         long idDomain;
         while(itDomains.hasNext()){
             Domain dom = (Domain)itDomains.next();
             pst7 = conn.prepareStatement(props.getProperty(READ_DOMAIN_ID));
             pst7.setString(1,dom.getName());
             rs7 = pst7.executeQuery();
             rs7.next();
             idDomain = rs7.getLong(1);
 
             pst4 = conn.prepareStatement(props.getProperty(CREATE_PRINCIPAL_DOMAIN));
             pst4.setLong(1,idPrincipal);
             pst4.setLong(2,idDomain);
             pst4.executeUpdate();
         }
           return true;
         } catch (SQLException e) {
             throw new AuthorizationException(" an SQLException  has been raised in the addDomainsAndPermissions method ",e);
         }finally{
             try {
                 conn.close();
             } catch (SQLException e1) {
                throw new AuthorizationException(" connection cannot be closed ",e1);
             }
         }
     }
 
     /**
      * delete principal.
      * @param principal
      * @see net.sf.jguard.ext.authorization.manager.AuthorizationManager#deletePrincipal(java.security.Principal)
      */
     public void deletePrincipal(Principal principal) throws AuthorizationException {
         
         PreparedStatement pst;
         PreparedStatement pst2;
         PreparedStatement pst3;
         Connection conn = null;
         try {
             conn = connectionFactory.getConnection();
             pst = conn.prepareStatement(props.getProperty(DELETE_PRINCIPAL_PERMISSION));
             pst.setString(1,getLocalName(principal));
             pst.executeUpdate();
 
             pst3 = conn.prepareStatement(props.getProperty(DELETE_PRINCIPAL_DOMAIN));
             pst3.setString(1,getLocalName(principal));
             pst3.executeUpdate();
 
             pst2 = conn.prepareStatement(props.getProperty(DELETE_PRINCIPAL));
             pst2.setString(1,getLocalName(principal));
             pst2.executeUpdate();
             principals.remove(getLocalName(principal));
             RolePrincipal ppal = new RolePrincipal();
             ppal.setLocalName(getLocalName(principal));
             ppal.setApplicationName(applicationName);
             principalsSet.remove(ppal);
 
         } catch (SQLException e) {
 			logger.error( "deletePrincipal(String)", e);
         }finally{
             try {
                 conn.close();
             } catch (SQLException e1) {
 				logger.error( "deletePrincipal(String)", e1);
             }
         }
 
     }
 
 
     /**
      * update the permission to bound it to another Domain.
      * @param permissionName name of the permission to update
      * @param newDomainName name of the Domain to bound this permission
      * @throws AuthorizationException
      */
     public void changeDomainPermission(String permissionName, String newDomainName) throws AuthorizationException{
        
         PreparedStatement pst;
         Connection conn = null;
         try {
         	conn = connectionFactory.getConnection();
         	conn.setAutoCommit(false);
             pst = conn.prepareStatement(props.getProperty(CHANGE_DOMAIN_PERMISSION));
             pst.setString(1,newDomainName);
             pst.setString(2,permissionName);
             pst.executeUpdate();
             Permission perm;
 			try {
 				perm = (Permission)urlp.getPermission(permissionName);
 			} catch (NoSuchPermissionException e) {
 				throw new AuthorizationException(e);
 			}
             JGPermissionCollection oldDomain =getDomain(perm);
             oldDomain.removePermission(perm);
             JGPermissionCollection newDomain =(JGPermissionCollection)domains.get(newDomainName);
             newDomain.add(perm);
             conn.commit();
         } catch (SQLException e) {
 			logger.error( "changeDomainPermission(String, String)", e);
         }finally{
             try {
                 conn.close();
             } catch (SQLException e1) {
 				logger.error( "changeDomainPermission(String, String)", e1);
             }
         }
 
     }
 
     public void createPrincipal(Principal principal) throws AuthorizationException{
         
         PreparedStatement pst;
         Connection conn = null;
         //create the principal
         try {
         	conn = connectionFactory.getConnection();
             pst = conn.prepareStatement(props.getProperty(CREATE_PRINCIPAL));
 			pst.setString(1,getLocalName(principal));
             int result = pst.executeUpdate();
             if(result==0){
             	throw new AuthorizationException("principal "+getLocalName(principal)+" has not been created");
             }
         } catch (SQLException e) {
 			logger.error( "createPrincipal(RolePrincipal)", e);
             throw new AuthorizationException(e);
         }finally{
             try {
                 conn.close();
             } catch (SQLException e1) {
 				logger.error( "createPrincipal(RolePrincipal)", e1);
                 throw new AuthorizationException(e1);
             }
         }
         if(principal.getClass().equals(RolePrincipal.class)){
             addDomainsAndPermissions((RolePrincipal)principal);
         }
 			principals.put(getLocalName(principal),principal);	
         
         principalsSet.add(principal);
 
     }
 
     /**
      * This commands establishes a new immediate inheritance relationship
      * between the existing principals principalAsc and the principalDesc.
      * The command is valid if and only if the principal principalAsc is not an immediate
      * ascendant of principalDesc, and descendant does
      * not properly inherit principalAsc principal(in order to avoid cycle creation).
      *
      * @param principalAscName  the principal that will inherite.
      * @param principalDescName the principal that will be inherited.
      * @throws AuthorizationException if the inheritance already exists or create a cycle.
      */
     public void addInheritance(String principalAscName, String principalDescName) throws AuthorizationException {
         //getting the principals
         RolePrincipal principalAsc = (RolePrincipal) principals.get(principalAscName);
         RolePrincipal principalDesc = (RolePrincipal) principals.get(principalDescName);
 
         if (principalAsc == null) {
             logger.error("Principal " + principalAscName + " not found!");
             throw new AuthorizationException("Principal " + principalAscName + " not found!");
         }
 
         if (principalDesc == null) {
             logger.error("Principal " + principalDescName + " not found!");
             throw new AuthorizationException("Principal " + principalDescName + " not found!");
         }
 
         //check if the principalAsc is immediate ascendant of principalDesc
         for (Iterator it = principalAsc.getDescendants().iterator(); it.hasNext(); ) {
             if (principalDesc.equals(it.next())) {
                 logger.warn("Principal " + principalAscName + " is immediate ascendant of Principal " + principalDescName + "!");
             }
         }
 
         //check if principalDesc inherit principalAsc
         //use a stack instead of a recursive method
         Stack principalsToCheck = new Stack();
         //used to check first all principals from one level before check the next level
         Stack principalsFromNextLevel = new Stack();
         principalsToCheck.addAll(principalDesc.getDescendants());
 
         while (!principalsToCheck.isEmpty()) {
             RolePrincipal principal = (RolePrincipal) principalsToCheck.pop();
             if (principalAsc.equals(principal)) {
                 logger.error("Principal " + principalAscName + " cannot inherit Principal "
                         + principalDescName + " because " + principalDescName + " inherit "
                         + principalAscName);
                 throw new AuthorizationException("Principal " + principalAscName + " cannot inherit Principal "
                         + principalDescName + " because " + principalDescName + " inherit "
                         + principalAscName);
             }
 
             principalsFromNextLevel.addAll(principal.getDescendants());
 
             //is time to go to next level
             if (principalsToCheck.isEmpty()) {
                 principalsToCheck.addAll(principalsFromNextLevel);
 
                 //clear the second level stack
                 principalsFromNextLevel.clear();
             }
         }
 
         
         PreparedStatement pst;
         Connection conn = null;
         try {
         	conn = connectionFactory.getConnection();
             //get principalAsc id
             pst = conn.prepareStatement(props.getProperty(READ_PRINCIPAL_ID));
             pst.setString(1, principalAscName);
             ResultSet rs = pst.executeQuery();
             rs.next();
             int principalAscId = rs.getInt(1);
             rs.close();
 
             //get principalDesc id
             pst.setString(1, principalDescName);
             rs = pst.executeQuery();
             rs.next();
             int principalDescId = rs.getInt(1);
             rs.close();
             pst.close();
 
             //update the backend
             pst = conn.prepareStatement(props.getProperty(CREATE_PRINCIPAL_INHERITANCE));
             pst.setInt(1, principalAscId);
             pst.setInt(2, principalDescId);
             pst.executeUpdate();
             pst.close();
 
             //update in-memory principal
             principalAsc.getDescendants().add(principalDesc);
 
         } catch (SQLException e) {
             logger.error( "addInheritance(principalAscName, principalDescName)", e);
         } finally {
             try {
                 conn.close();
             } catch (SQLException e1) {
                 logger.error( "addInheritance(principalAscName, principalDescName)", e1);
             }
         }
 
 
     }
 
     /**
      * Delete the inheritance beteween two existings principals.
      * @param principalAscName
      * @param principalDescName
      */
     public void deleteInheritance(String principalAscName, String principalDescName) throws AuthorizationException {
         
         PreparedStatement pst;
         Connection conn = null;
         try {
         	conn = connectionFactory.getConnection();
             //get principalAsc id
             pst = conn.prepareStatement(props.getProperty(READ_PRINCIPAL_ID));
             pst.setString(1, principalAscName);
             ResultSet rs = pst.executeQuery();
             rs.next();
             int principalAscId = rs.getInt(1);
             rs.close();
 
             //get principalDesc id
             pst.setString(1, principalDescName);
             rs = pst.executeQuery();
             rs.next();
             int principalDescId = rs.getInt(1);
             rs.close();
             pst.close();
 
             //delete the principal inheritance
             pst = conn.prepareStatement(props.getProperty(DELETE_PRINCIPAL_INHERITANCE));
             pst.setInt(1, principalAscId);
             pst.setInt(2, principalDescId);
             pst.executeUpdate();
 
             pst.close();
 
             RolePrincipal principalAsc = (RolePrincipal) principals.get(principalAscName);
             principalAsc.getDescendants().remove(principals.get(principalDescName));
 
             logger.info("Inheritance beteween principal " + principalAscName + " and " + principalDescName + " was been deleted.");
         } catch (SQLException e) {
             logger.error( "assemblyPrincipalHierarchy(RolePrincipal)", e);
         }finally{
             try {
                 conn.close();
             } catch (SQLException e1) {
                 logger.error( "assemblyPrincipalHierarchy(RolePrincipal)", e1);
             }
         }
     }
 
 
     /**
      * import required datas from XML datastore.
      */
     public void insertRequiredData(String xmlFileLocation){
     	
     	Map options = new HashMap();
         options.put(CoreConstants.AUTHORIZATION_XML_FILE_LOCATION,xmlFileLocation);
         options.put(PolicyEnforcementPointOptions.APPLICATION_NAME.getLabel(),this.applicationName);
     	
 
     	try {
                 AuthorizationManager authManager = new XmlAuthorizationManager(options);
                 importAuthorizationManager(authManager);
 	} catch (AuthorizationException e) {
 		logger.error(" error importing AuthorizationManager with options "+options);
                 logger.warn(e.getMessage());
 	}
 
     }
 
 	public boolean isEmpty() {
         List selectQueries = new ArrayList();
         selectQueries.add("PRINCIPALS");
         selectQueries.add("ALL_PERMISSIONS");
         selectQueries.add("DOMAINS");
         return DatabaseUtils.isEmpty(this.props,connectionFactory,selectQueries);
 
 	}
 
     public void refresh() {
         init();
     }
 
 
 }