PolicyUtil


1   /*
2    *  SSL-Explorer
3    *
4    *  Copyright (C) 2003-2006 3SP LTD. All Rights Reserved
5    *
6    *  This program is free software; you can redistribute it and/or
7    *  modify it under the terms of the GNU General Public License
8    *  as published by the Free Software Foundation; either version 2 of
9    *  the License, or (at your option) any later version.
10   *  This program is distributed in the hope that it will be useful,
11   *  but WITHOUT ANY WARRANTY; without even the implied warranty of
12   *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13   *  GNU General Public License for more details.
14   *
15   *  You should have received a copy of the GNU General Public
16   *  License along with this program; if not, write to the Free Software
17   *  Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
18   */
19              
20  package com.sslexplorer.policyframework;
21  
22  import java.util.List  ;
23  
24  import javax.servlet.http.HttpServletRequest  ;
25  
26  import org.apache.commons.logging.Log;
27  import org.apache.commons.logging.LogFactory;
28  
29  import com.sslexplorer.core.CoreAttributeConstants;
30  import com.sslexplorer.core.CoreEvent;
31  import com.sslexplorer.core.CoreEventConstants;
32  import com.sslexplorer.core.CoreServlet;
33  import com.sslexplorer.properties.Property;
34  import com.sslexplorer.properties.impl.userattributes.UserAttributeKey;
35  import com.sslexplorer.security.AccountLock;
36  import com.sslexplorer.security.AccountLockedException;
37  import com.sslexplorer.security.AuthenticationScheme;
38  import com.sslexplorer.security.InvalidLoginCredentialsException;
39  import com.sslexplorer.security.LogonControllerFactory;
40  import com.sslexplorer.security.SessionInfo;
41  import com.sslexplorer.security.SystemDatabaseFactory;
42  import com.sslexplorer.security.User;
43  
44  /**
45   * A set of utilities used by the policy framework.
46   * 
47   * @author Brett Smith
48   * @since 0.2
49   */
50  
51  public class PolicyUtil {
52  
53      final static Log log = LogFactory.getLog(PolicyUtil.class);
54      
55      /**
56       * Convenience method for testing if a principal can logon.  The basic test is the presence of an enabled AuthentionScheme.  System authentication schemes are ignored.
57       * @param principal principal
58       * @return can logon
59       * @throws Exception on any error
60       */
61      public static boolean canLogin(Principal principal) throws Exception   {
62          PolicyDatabase policyDatabase = PolicyDatabaseFactory.getInstance();
63          List  <Integer  > grantedResourcesOfType = policyDatabase.getGrantedResourcesOfType(principal, PolicyConstants.AUTHENTICATION_SCHEMES_RESOURCE_TYPE);
64          for (Integer   schemeId : grantedResourcesOfType) {
65              AuthenticationScheme scheme = SystemDatabaseFactory.getInstance().getAuthenticationSchemeSequence(schemeId);
66              if(scheme!=null && !scheme.isSystemScheme() && scheme.getEnabled()) {
67                  return true;
68              }
69          }
70          return false;
71      }
72  
73      /**
74       * Convenience method for testing if a user can logon. A check will also be
75       * made to see if the user
76       * 
77       * @param user userprincipal
78       * @throws InvalidLoginCredentialsException if invalid credentials
79       * @throws AccountLockedException if locked
80       */
81      public static void checkLogin(User user) throws InvalidLoginCredentialsException, AccountLockedException {
82          try {
83              if (!canLogin(user)) {
84                  throw new InvalidLoginCredentialsException("You do not have permission to logon.");
85              }
86              if (!isEnabled(user)) {
87                  throw new AccountLockedException(user.getPrincipalName(), "Account locked. Please contact your administrator.", true, 0);
88              }
89          } catch (InvalidLoginCredentialsException lce) {
90              throw lce;
91          } catch (AccountLockedException ale) {
92              throw ale;
93          } catch (Exception   e) {
94              log.error("Failed to test if logon for " + user.getPrincipalName() + " is allowed.", e);
95              throw new InvalidLoginCredentialsException("You do not have permission to logon.");
96          }
97      }
98  
99      /**
100      * Convience method to test if a user is enabled or disabled
101      * 
102      * @param user user to test
103      * @return disabled
104      * @throws Exception
105      */
106     public static boolean isEnabled(User user) throws Exception   {
107         return Property.getPropertyBoolean(new UserAttributeKey(user, User.USER_ATTR_ENABLED));
108     }
109 
110     /**
111      * Convience method to set if a user is enabled or disabled
112      * 
113      * @param user user
114      * @param enabled enabled
115      * @param lock account lock (if any)
116      * @param session session
117      * @throws Exception on any error
118      */
119     public static void setEnabled(User user, boolean enabled, AccountLock lock, SessionInfo session) throws Exception   {
120         CoreServlet servlet = CoreServlet.getServlet();
121         try {
122             servlet.fireCoreEvent(new CoreEvent(servlet, CoreEventConstants.ACCOUNT_LOCKED, lock, session));
123             Property.setProperty(new UserAttributeKey(user, User.USER_ATTR_ENABLED), enabled, session);
124             servlet.fireCoreEvent(new CoreEvent(CoreServlet.getServlet(), enabled ? CoreEventConstants.GRANT_ACCESS : CoreEventConstants.REVOKE_ACCESS, null, session,
125                             CoreEvent.STATE_SUCCESSFUL).addAttribute(CoreAttributeConstants.EVENT_ATTR_PRINCIPAL_ID, user
126                             .getPrincipalName()));
127         } catch (Exception   e) {
128             servlet.fireCoreEvent(new CoreEvent(servlet, enabled ? CoreEventConstants.GRANT_ACCESS : CoreEventConstants.REVOKE_ACCESS, null, session,
129                             CoreEvent.STATE_UNSUCCESSFUL).addAttribute(CoreAttributeConstants.EVENT_ATTR_PRINCIPAL_ID, user
130                             .getPrincipalName()));
131             throw e;
132         }
133 
134     }
135 
136     /**
137      * Check if a user has any specified permission, throwing an exception if it
138      * doesnt
139      * 
140      * @param resourceType resource type to check
141      * @param permissions permission required
142      * @param request request to extract user object from
143      * @throws NoPermissionException if permission is denied
144      */
145     public static void checkPermissions(ResourceType resourceType, Permission[] permissions, HttpServletRequest   request)
146                     throws NoPermissionException {
147         for(int i = 0 ; i < permissions.length; i++) {
148             try  {
149                 checkPermission(resourceType, permissions[i], request);
150                 break;
151             }
152             catch(NoPermissionException npe) {
153                 if(i == ( permissions.length - 1 ) ) {
154                     throw npe;
155                 }
156             }        
157         }
158     }
159     
160     /**
161      * Check if a user has a specified permission, throwing an exception if it
162      * doesnt
163      * 
164      * @param resourceType resource type to check
165      * @param permission permission required
166      * @param request request to extract user object from
167      * @throws NoPermissionException if permission is denied
168      */
169     public static void checkPermission(ResourceType resourceType, Permission permission, HttpServletRequest   request)
170                     throws NoPermissionException {
171         try {
172             User user = LogonControllerFactory.getInstance().getUser(request);
173             checkPermission(resourceType, permission, user);
174         } catch (NoPermissionException npe) {
175             throw npe;
176         } catch (Exception   e) {
177             throw new NoPermissionException("Failed to check permission. ", e, null, resourceType);
178         }
179     }
180 
181     /**
182      * Check if a user has a specified permission, throwing an exception if it
183      * doesnt
184      * 
185      * @param resourceType resource type to check
186      * @param permission permission required
187      * @param user user
188      * @throws NoPermissionException if permission is denied
189      */
190     public static void checkPermission(ResourceType resourceType, Permission permission, User user)
191                     throws NoPermissionException {
192         try {
193             PolicyDatabase policyDatabase = PolicyDatabaseFactory.getInstance();
194             if (user == null) {
195                 throw new NoPermissionException("Failed to get user.", null, resourceType);
196             }
197             if (!policyDatabase.isPermitted(resourceType,
198                             new Permission[] {
199                                 permission
200                             }, user, false)) {
201                 throw new NoPermissionException("Permission denied.", user, resourceType);
202             }
203         } catch (NoPermissionException npe) {
204             throw npe;
205         } catch (Exception   e) {
206             throw new NoPermissionException("Failed to check permission. ", e, null, resourceType);
207         }
208     }
209 }
210
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags