1 5 package com.nightlabs.ipanema.security.registry; 6 7 import javax.jdo.JDOObjectNotFoundException; 8 import javax.jdo.PersistenceManager; 9 10 import com.nightlabs.ModuleException; 11 import com.nightlabs.ipanema.base.IpanemaBasePrincipal; 12 import com.nightlabs.ipanema.base.PersistenceManagerProvider; 13 import com.nightlabs.ipanema.security.Authority; 14 import com.nightlabs.ipanema.security.AuthorityNotFoundException; 15 import com.nightlabs.ipanema.security.SecurityException; 16 import com.nightlabs.ipanema.security.User; 17 import com.nightlabs.ipanema.security.UserRef; 18 import com.nightlabs.ipanema.security.id.AuthorityID; 19 20 24 public class SecurityRegistrarFactoryImpl implements SecurityRegistrarFactory 25 { 26 private PersistenceManagerProvider pmp; 27 public SecurityRegistrarFactoryImpl(PersistenceManagerProvider pmp) 28 { 29 this.pmp = pmp; 30 } 31 32 public SecurityRegistrar getSecurityRegistrar(IpanemaBasePrincipal principal) 33 { 34 return new SecurityRegistrarImpl(this, principal); 35 } 36 37 public void linkAuthority(String organisationID, String objectID, String authorityID) 38 throws ModuleException 39 { 40 PersistenceManager pm = pmp.getPersistenceManager(organisationID); 41 try 42 { 43 pm.getExtent(AuthorityLink.class, true); 44 pm.getExtent(Authority.class, true); 45 AuthorityLink al; 46 Authority auth; 47 try 48 { 49 al = (AuthorityLink)pm.getObjectById(AuthorityLinkID.create(objectID), true); 50 throw new IllegalStateException ("Remove authority link for object \""+objectID+"\" first."); 51 } 52 catch(JDOObjectNotFoundException e) 53 { 54 try 55 { 56 auth = (Authority)pm.getObjectById(AuthorityID.create(authorityID), true); 57 } 58 catch(JDOObjectNotFoundException e2) 59 { 60 throw new AuthorityNotFoundException(); 61 } 62 al = new AuthorityLink(objectID, auth); 63 pm.makePersistent(al); 64 } 65 } 66 finally 67 { 68 pm.close(); 69 } 70 } 71 72 public void unlinkAuthority(String organisationID, String objectID, String authorityID) 73 throws ModuleException 74 { 75 PersistenceManager pm = pmp.getPersistenceManager(organisationID); 76 try 77 { 78 pm.getExtent(AuthorityLink.class, true); 79 AuthorityLink al; 80 try 81 { 82 al = (AuthorityLink)pm.getObjectById(AuthorityLinkID.create(objectID), true); 83 pm.deletePersistent(al); 84 } 85 catch(JDOObjectNotFoundException e) 86 { 87 } 89 } 90 finally 91 { 92 pm.close(); 93 } 94 } 95 96 public void assertAuthorised(String organisationID, String userID, String objectID, String roleID) 97 throws ModuleException 98 { 99 checkAuthorisation(organisationID, userID, objectID, roleID, true); 100 } 101 102 public boolean isAuthorised(String organisationID, String userID, String objectID, String roleID) 103 throws ModuleException 104 { 105 return checkAuthorisation(organisationID, userID, objectID, roleID, false); 106 } 107 108 protected boolean checkAuthorisation(String organisationID, String userID, String objectID, String roleID, boolean throwSecurityException) 109 throws ModuleException 110 { 111 boolean authorised = false; 112 PersistenceManager pm = pmp.getPersistenceManager(organisationID); 113 Authority authority = null; 114 try { 115 pm.getExtent(AuthorityLink.class, true); 116 AuthorityLink authorityLink = null; 117 try { 118 authorityLink = (AuthorityLink)pm.getObjectById(AuthorityLinkID.create(objectID), true); 119 } catch(JDOObjectNotFoundException e) { 120 authorised = true; 122 } 123 if (authorityLink != null) { 124 authority = authorityLink.getAuthority(); 125 UserRef userRef = authority.getUserRef(userID); 126 if (userRef == null) 127 userRef = authority.getUserRef(User.OTHER_USERID); 128 if(userRef != null) 129 authorised = userRef.containsRoleRef(roleID); 130 } 131 } finally { 132 pm.close(); 133 } 134 135 if (throwSecurityException && !authorised) { 136 if (authority == null) 137 throw new NullPointerException ("authority should never be null here!"); 138 throw new SecurityException ("In the organisation \"" + organisationID + "\", the user \"" + userID + "\" does not have the necessary role \"" + roleID + "\" to access the object \"" + objectID + "\", which is assigned to the authority \"" + authority.getAuthorityID() + "\"!"); 139 } 140 141 return authorised; 142 } 143 } 144 | Popular Tags |