1 19 20 package com.sslexplorer.networkplaces; 21 22 import java.util.ArrayList ; 23 import java.util.Collection ; 24 import java.util.HashMap ; 25 import java.util.Iterator ; 26 import java.util.List ; 27 import java.util.Map ; 28 29 import org.apache.struts.Globals; 30 import org.apache.struts.action.ActionErrors; 31 import org.apache.struts.action.ActionMessage; 32 33 import com.sslexplorer.boot.Util; 34 import com.sslexplorer.policyframework.LaunchSession; 35 import com.sslexplorer.policyframework.NoPermissionException; 36 import com.sslexplorer.policyframework.OwnedResource; 37 import com.sslexplorer.policyframework.Policy; 38 import com.sslexplorer.policyframework.PolicyConstants; 39 import com.sslexplorer.policyframework.PolicyDatabase; 40 import com.sslexplorer.policyframework.PolicyDatabaseFactory; 41 import com.sslexplorer.policyframework.ResourceType; 42 import com.sslexplorer.policyframework.ResourceUtil; 43 import com.sslexplorer.security.LogonControllerFactory; 44 import com.sslexplorer.security.SessionInfo; 45 import com.sslexplorer.vfs.AbstractStore; 46 import com.sslexplorer.vfs.VFSMount; 47 import com.sslexplorer.vfs.VFSProvider; 48 import com.sslexplorer.vfs.VFSResource; 49 import com.sslexplorer.vfs.VFSStore; 50 import com.sslexplorer.vfs.webdav.DAVException; 51 import com.sslexplorer.vfs.webdav.DAVStatus; 52 53 63 public abstract class AbstractNetworkPlaceStore extends AbstractStore { 64 65 protected Map mounts; 67 protected VFSResource storeResource; 68 protected boolean manageableOnly; 69 70 76 public AbstractNetworkPlaceStore(String name, String charset) { 77 super(name, charset); 78 mounts = new HashMap (); 79 } 80 81 84 public boolean isFireEvents() { 85 return true; 86 } 87 88 93 public String getMountPath(String mountName) { 94 return getName() + "/" + mountName; 95 } 96 97 103 public VFSMount getMountFromString(String mountName, LaunchSession launchSession) throws DAVException { 104 try { 105 NetworkPlace resource = (NetworkPlace) NetworkPlacePlugin.NETWORK_PLACE_RESOURCE_TYPE.getResourceByName(mountName, 106 getRepository().getSession()); 107 if (resource == null) { 108 throw new Exception ("No network place resource named " + mountName); 109 } 110 ResourceType resourceType = resource.getResourceType(); 111 boolean readOnly = false; 112 113 if (!getProvider().willHandle(resource.getScheme())) { 114 throw new Exception ("Network place has scheme " + resource.getScheme() + ", this store doesn't support it."); 115 } 116 117 120 launchSession.setResource(resource); 121 122 125 if(isSuperUser(launchSession) || isLaunchSessionUsingValidPolicy(launchSession, resource)) { 126 } else { 128 Policy grantingPolicy = null; 129 130 133 134 if(launchSession.hasPolicy()) { 135 if(launchSession.isTracked()) { 136 if (!ResourceUtil.isManageableResource(resource, getRepository().getSession().getUser(), null)) { 138 throw new NoPermissionException("You do not have permission to access this network place resource under this policy.", 139 getRepository().getSession().getUser(), 140 resourceType); 141 } 142 readOnly = true; 143 } 144 else { 145 launchSession.takePolicy(); 147 } 148 } 149 150 153 if(!readOnly) { 154 try { 155 if (!(resource instanceof OwnedResource) || (resource instanceof OwnedResource && ((OwnedResource) resource).getOwnerUsername() == null)) { 156 try { 157 grantingPolicy = PolicyDatabaseFactory.getInstance().getGrantingPolicyForUser(launchSession.getSession().getUser(), resource); 158 if(grantingPolicy == null) { 159 throw new NoPermissionException("You may not access this network place resource here.", 160 getRepository().getSession().getUser(), 161 resourceType); 162 } 163 } catch (NoPermissionException npe2) { 164 throw npe2; 165 } catch (Exception e) { 166 throw new NoPermissionException("Failed to determine if network place resource is accessable.", 167 getRepository().getSession().getUser(), 168 resourceType); 169 } 170 } else { 171 if (!(getRepository().getSession().getUser().getPrincipalName().equals(((OwnedResource) resource).getOwnerUsername()))) { 172 throw new NoPermissionException("You do not have permission to access this network place resource.", 173 getRepository().getSession().getUser(), 174 resourceType); 175 } 176 } 177 } catch (NoPermissionException npe) { 178 if (!ResourceUtil.isManageableResource(resource, getRepository().getSession().getUser(), PolicyConstants.PERM_USE )) { 179 throw new NoPermissionException("You do not have permission to access this network place resource.", 180 getRepository().getSession().getUser(), 181 resourceType); 182 } 183 readOnly = true; 184 } catch (Exception e) { 185 throw new Exception ("Failed to determine if network place resource is accessable."); 186 } 187 } 188 189 190 if(grantingPolicy != null) { 191 launchSession.givePolicy(grantingPolicy); 192 } 193 } 194 195 AbstractNetworkPlaceMount mount = createMount(launchSession); 196 if (readOnly) { 197 mount.setReadOnly(true); 198 } 199 return mount; 200 } catch (NoPermissionException npe) { 201 throw new DAVException(DAVStatus.SC_FORBIDDEN, "Policy does not allow you access to this resource.", npe); 202 } catch (Exception e) { 203 throw new DAVException(DAVStatus.SC_INTERNAL_SERVER_ERROR, "Failed to create mount.", e); 204 } 205 } 206 207 private boolean isLaunchSessionUsingValidPolicy(LaunchSession launchSession, NetworkPlace resource) throws Exception { 208 PolicyDatabase policyDatabase = PolicyDatabaseFactory.getInstance(); 209 boolean hasPolicy = launchSession.hasPolicy(); 210 if(!hasPolicy) { 211 return false; 212 } 213 boolean resourceAttachedToPolicy = policyDatabase.isResourceAttachedToPolicy(resource, launchSession.getPolicy(), launchSession.getSession().getRealm()); 214 boolean policyGrantedToUser = policyDatabase.isPolicyGrantedToUser(launchSession.getPolicy(), launchSession.getSession().getUser()); 215 return resourceAttachedToPolicy && policyGrantedToUser; 216 } 217 218 private boolean isSuperUser(LaunchSession launchSession) { 219 SessionInfo sessionInfo = launchSession.getSession(); 220 return LogonControllerFactory.getInstance().isAdministrator(sessionInfo.getUser()); 221 } 222 223 231 protected abstract AbstractNetworkPlaceMount createMount(LaunchSession launchSession) throws Exception ; 232 233 238 public Collection <String > getMountNames() throws Exception { 239 List <String > l = new ArrayList <String >(); 240 List granted = NetworkPlaceDatabaseFactory.getInstance().getNetworkPlaces(); 241 for (Iterator i = granted.iterator(); i.hasNext();) { 242 NetworkPlace np = (NetworkPlace) i.next(); 243 try { 244 if (getProvider().willHandle(np.getScheme())) { 245 l.add(np.getResourceName()); 246 } 247 } catch (Exception e) { 248 } 249 } 250 return l; 251 } 252 253 267 public ActionErrors validateUserEntries(String scheme, String path, String host, int port, String username, String password, 268 ActionErrors errs) throws IllegalArgumentException { 269 try { 270 if (getProvider().getHostRequirement() == VFSProvider.ELEMENT_REQUIRED && Util.isNullOrTrimmedBlank(host)) { 271 errs.add(Globals.ERROR_KEY, new ActionMessage("createNetworkPlace.error.noHost")); 272 } 273 274 if (getProvider().getUserInfoRequirement()== VFSProvider.ELEMENT_REQUIRED && Util.isNullOrTrimmedBlank(username)) { 275 errs.add(Globals.ERROR_KEY, new ActionMessage("createNetworkPlace.error.noUserInfo")); 276 } 277 return errs; 278 } catch (Exception e) { 279 throw new IllegalArgumentException (); 280 } 281 } 282 283 } 284 | Popular Tags |