1 21 22 package com.jaspersoft.jasperserver.api.metadata.user.service.impl; 23 24 import java.util.List ; 25 import java.util.Vector ; 26 27 import org.acegisecurity.Authentication; 28 import org.acegisecurity.GrantedAuthority; 29 import org.acegisecurity.acl.AclEntry; 30 import org.acegisecurity.acl.basic.BasicAclEntry; 31 import org.acegisecurity.acl.basic.EffectiveAclsResolver; 32 import org.acegisecurity.userdetails.UserDetails; 33 import org.apache.commons.logging.Log; 34 import org.apache.commons.logging.LogFactory; 35 36 import com.jaspersoft.jasperserver.api.metadata.user.domain.Role; 37 import com.jaspersoft.jasperserver.api.metadata.user.domain.User; 38 39 43 public class ObjectPermissionEffectiveAclsResolver 44 implements EffectiveAclsResolver { 45 46 private static final Log logger = LogFactory.getLog(ObjectPermissionEffectiveAclsResolver.class); 47 48 51 public AclEntry[] resolveEffectiveAcls(AclEntry[] allAcls, 52 Authentication filteredBy) { 53 if ((allAcls == null) || (allAcls.length == 0)) { 54 return null; 55 } 56 57 List list = new Vector (); 58 59 if (logger.isDebugEnabled()) { 60 logger.debug("Locating AclEntry[]s (from set of " 61 + ((allAcls == null) ? 0 : allAcls.length) 62 + ") that apply to Authentication: " + filteredBy); 63 } 64 65 for (int i = 0; i < allAcls.length; i++) { 66 if (!(allAcls[i] instanceof BasicAclEntry)) { 67 continue; 68 } 69 70 Object recipient = ((BasicAclEntry) allAcls[i]) 71 .getRecipient(); 72 73 if (recipient instanceof Role) { 74 recipient = ((Role) recipient).getRoleName(); 75 } else if (recipient instanceof User) { 76 recipient = ((User) recipient).getUsername(); 77 } 78 if (filteredBy.getPrincipal().equals(recipient)) { 82 if (logger.isDebugEnabled()) { 83 logger.debug("Principal matches AclEntry recipient: " 84 + recipient); 85 } 86 87 list.add(allAcls[i]); 88 } else if (filteredBy.getPrincipal() instanceof UserDetails 89 && ((UserDetails) filteredBy.getPrincipal()).getUsername() 90 .equals(recipient)) { 91 if (logger.isDebugEnabled()) { 92 logger.debug( 93 "Principal (from UserDetails) matches AclEntry recipient: " 94 + recipient); 95 } 96 97 list.add(allAcls[i]); 98 } else { 99 GrantedAuthority[] authorities = filteredBy.getAuthorities(); 104 105 if ((authorities == null) || (authorities.length == 0)) { 106 if (logger.isDebugEnabled()) { 107 logger.debug( 108 "Did not match principal and there are no granted authorities, so cannot compare with recipient: " 109 + recipient); 110 } 111 112 continue; 113 } 114 115 for (int k = 0; k < authorities.length; k++) { 116 if (authorities[k].equals(recipient)) { 117 if (logger.isDebugEnabled()) { 118 logger.debug("GrantedAuthority: " + authorities[k] 119 + " matches recipient: " + recipient); 120 } 121 122 list.add(allAcls[i]); 123 } 124 } 125 } 126 } 127 128 if (list.size() > 0) { 130 if (logger.isDebugEnabled()) { 131 logger.debug("Returning effective AclEntry array with " 132 + list.size() + " elements"); 133 } 134 135 return (BasicAclEntry[]) list.toArray(new BasicAclEntry[] {}); 136 } else { 137 if (logger.isDebugEnabled()) { 138 logger.debug( 139 "Returning null AclEntry array as zero effective AclEntrys found"); 140 } 141 142 return null; 143 } 144 } 145 146 } 147 | Popular Tags |