private String generateDDL(
OracleUserAttributes userAttributes,
Class<? extends SPIOperation> operation,
UserRecord userRecord) {
StringBuilder builder = new StringBuilder();
BuilderStatus status = new BuilderStatus();
appendAuth(builder, userAttributes, operation, status, userRecord);
if (userAttributes.getDefaultTableSpace() != null) {
appendDefaultTableSpace(builder, userAttributes);
}
if (userAttributes.getTempTableSpace() != null) {
appendTemporaryTableSpace(builder, userAttributes);
}
if (userAttributes.getDefaultTSQuota() != null) {
appendDefaultTSQuota(builder, userAttributes, userRecord);
}
if (userAttributes.getTempTSQuota() != null) {
appendTempTSQuota(builder, userAttributes, userRecord);
}
if (Boolean.FALSE.equals(userAttributes.getExpirePassword())) {
if (status.passwordSet == null) {
// If password is already not expired, just ignore attribute
// that would not have any effect
if (userRecord == null || OracleUserReader.isPasswordExpired(userRecord)) {
throw new IllegalArgumentException(
cm.format(MSG_MUST_SPECIFY_PASSWORD_FOR_UNEXPIRE, null));
}
}
}
if (status.forceExpirePassword || Boolean.TRUE.equals(userAttributes.getExpirePassword())) {
// We can expire password only for LOCAL authentication
if (OracleAuthentication.LOCAL.equals(status.currentAuth)) {
appendExpirePassword(builder, userAttributes);
} else {
IllegalArgumentException e =
new IllegalArgumentException(
cm.format(MSG_CANNOT_EXPIRE_PASSWORD_FOR_NOT_LOCAL_AUTHENTICATION, null));
if (ExtraAttributesPolicy.FAIL.equals(
extraAttributesPolicySetup.getPolicy(PASSWORD_EXPIRE, operation))) {
throw e;
} else {
status.addIgnoredAttribute(PASSWORD_EXPIRE, e);
LOG.info("Ignoring extra password_expire attribute in operation [{0}]", operation);
}
}
}
if (userAttributes.getEnable() != null) {
appendEnabled(builder, userAttributes);
}
if (userAttributes.getProfile() != null) {
appendProfile(builder, userAttributes);
}
if (builder.length() == 0 && !status.ignoredAttributes.isEmpty()) {
// throw the fisrt exception
throw status.ignoredAttributes.get(0).getSecond();
}
return builder.toString();
}
private void appendAuth(
final StringBuilder builder,
OracleUserAttributes userAttributes,
Class<? extends SPIOperation> operation,
BuilderStatus status,
UserRecord userRecord) {
status.currentAuth = userAttributes.getAuth();
if (status.currentAuth == null) {
if (CreateOp.class.equals(operation)) {
status.currentAuth = OracleAuthentication.LOCAL;
} else {
status.currentAuth = OracleUserReader.resolveAuthentication(userRecord);
}
}
boolean appendIdentified =
CreateOp.class.equals(operation)
|| userAttributes.getAuth() != null
|| userAttributes.getPassword() != null
|| userAttributes.getGlobalName() != null;
if (!appendIdentified) {
return;
}
if (userAttributes.getPassword() != null
&& !OracleAuthentication.LOCAL.equals(status.currentAuth)) {
// Apply the extra attribute policy
IllegalArgumentException e =
new IllegalArgumentException(
cm.format(MSG_CANNOT_SET_PASSWORD_FOR_NOT_LOCAL_AUTHENTICATION, null));
if (ExtraAttributesPolicy.FAIL.equals(
extraAttributesPolicySetup.getPolicy(PASSWORD, operation))) {
throw e;
} else {
LOG.info("Ignoring extra password attribute in operation [{0}]", operation);
status.addIgnoredAttribute(PASSWORD, e);
// If only password was set, return
if (userAttributes.getAuth() == null
&& userAttributes.getGlobalName() == null
&& UpdateOp.class.equals(operation)) {
appendIdentified = false;
}
}
}
if (userAttributes.getGlobalName() != null
&& !OracleAuthentication.GLOBAL.equals(status.currentAuth)) {
throw new IllegalArgumentException(
cm.format(MSG_CANNOT_SET_GLOBALNAME_FOR_NOT_GLOBAL_AUTHENTICATION, null));
}
if (!appendIdentified) {
return;
}
builder.append(" identified");
if (OracleAuthentication.LOCAL.equals(status.currentAuth)) {
builder.append(" by ");
status.passwordSet = userAttributes.getPassword();
if (status.passwordSet == null) {
// Can we set password same as username ? , adapter did so
if (CreateOp.class.equals(operation)) {
// Set password to userName, it is already normalized
status.passwordSet = new GuardedString(userAttributes.getUserName().toCharArray());
} else {
// no password for update and local authentication
// some application can send update of authentication to
// local and will not send password at the update
// In this case we will rather set password to user name and
// set (password_expired=true)
// Other option would be to throw exception, but some
// application could not have
// possibility to send password
status.passwordSet = new GuardedString(userAttributes.getUserName().toCharArray());
status.forceExpirePassword = true;
}
}
status.passwordSet.access(
new GuardedString.Accessor() {
public void access(char[] clearChars) {
builder.append(cs.formatToken(PASSWORD, clearChars));
Arrays.fill(clearChars, (char) 0);
}
});
} else if (OracleAuthentication.EXTERNAL.equals(status.currentAuth)) {
builder.append(" externally");
} else if (OracleAuthentication.GLOBAL.equals(status.currentAuth)) {
if (StringUtil.isBlank(userAttributes.getGlobalName())) {
throw new IllegalArgumentException(
cm.format(MSG_MISSING_GLOBALNAME_FOR_GLOBAL_AUTHENTICATION, null));
}
builder.append(" globally as ");
builder.append(
cs.formatToken(OracleUserAttribute.GLOBAL_NAME, userAttributes.getGlobalName()));
}
}
