KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > net > jforum > security > XMLPermissionControl


1 /*
2  * Copyright (c) Rafael Steil
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms,
6  * with or without modification, are permitted provided
7  * that the following conditions are met:
8  *
9  * 1) Redistributions of source code must retain the above
10  * copyright notice, this list of conditions and the
11  * following disclaimer.
12  * 2) Redistributions in binary form must reproduce the
13  * above copyright notice, this list of conditions and
14  * the following disclaimer in the documentation and/or
15  * other materials provided with the distribution.
16  * 3) Neither the name of "Rafael Steil" nor
17  * the names of its contributors may be used to endorse
18  * or promote products derived from this software without
19  * specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT
22  * HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
23  * EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
24  * BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
25  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR
26  * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
27  * THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE
28  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
29  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES
30  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
31  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA,
32  * OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
33  * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
34  * IN CONTRACT, STRICT LIABILITY, OR TORT
35  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
36  * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
37  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE
38  *
39  * This file creation date: 21/09/2003 / 16:36:44
40  * The JForum Project
41  * http://www.jforum.net
42  */
43 package net.jforum.security;
44
45 import java.io.File JavaDoc;
46 import java.sql.PreparedStatement JavaDoc;
47 import java.sql.ResultSet JavaDoc;
48 import java.util.ArrayList JavaDoc;
49 import java.util.HashMap JavaDoc;
50 import java.util.Iterator JavaDoc;
51 import java.util.List JavaDoc;
52 import java.util.Map JavaDoc;
53
54 import javax.xml.parsers.SAXParser JavaDoc;
55 import javax.xml.parsers.SAXParserFactory JavaDoc;
56
57 import net.jforum.JForumExecutionContext;
58 import net.jforum.exceptions.XMLException;
59 import net.jforum.util.FormSelectedData;
60 import net.jforum.util.preferences.SystemGlobals;
61
62 import org.xml.sax.Attributes JavaDoc;
63 import org.xml.sax.InputSource JavaDoc;
64 import org.xml.sax.SAXException JavaDoc;
65 import org.xml.sax.SAXParseException JavaDoc;
66 import org.xml.sax.helpers.DefaultHandler JavaDoc;
67
68  /**
69  * Manipulates XML permission control file definition
70  *
71  * @author Rafael Steil
72  * @version $Id: XMLPermissionControl.java,v 1.13 2006/02/20 16:53:36 rafaelsteil Exp $
73  */
74 public class XMLPermissionControl extends DefaultHandler JavaDoc
75 {
76     private PermissionSection section;
77
78     private PermissionControl pc;
79     
80     private List JavaDoc listSections;
81     private List JavaDoc permissionData;
82     
83     private Map JavaDoc queries;
84     
85     private String JavaDoc permissionName;
86     private String JavaDoc permissionId;
87     private String JavaDoc permissionType;
88     
89     private boolean alreadySelected;
90     
91     private static class SelectData
92     {
93         private int id;
94         private String JavaDoc name;
95         
96         public SelectData(int id, String JavaDoc name)
97         {
98             this.id = id;
99             this.name = name;
100         }
101         
102         public int getId()
103         {
104             return this.id;
105         }
106         
107         public String JavaDoc getName()
108         {
109             return this.name;
110         }
111     }
112     
113     public XMLPermissionControl(PermissionControl pc)
114     {
115         this.listSections = new ArrayList JavaDoc();
116         this.permissionData = new ArrayList JavaDoc();
117         this.queries = new HashMap JavaDoc();
118         this.pc = pc;
119     }
120
121     /**
122      * @return <code>List</code> object containing <code>Section</code> objects. Each
123      * <code>Section</code> contains many <code>PermissionItem</code> objects,
124      * which represent the permission elements of some section. For its turn, the
125      * <code>PermissionItem</code> objects have many <code>FormSelectedData</code>
126      * objects, which are the ones responsible to store field values, and which values
127      * are checked and which not.
128      */
129     public List JavaDoc loadConfigurations(String JavaDoc xmlFile)
130         throws Exception JavaDoc
131     {
132         SAXParserFactory JavaDoc factory = SAXParserFactory.newInstance();
133         factory.setValidating(false);
134         
135         SAXParser JavaDoc parser = factory.newSAXParser();
136         File JavaDoc fileInput = new File JavaDoc(xmlFile);
137         
138         if (fileInput.exists()) {
139             parser.parse(fileInput, this);
140         }
141         else {
142             InputSource JavaDoc inputSource = new InputSource JavaDoc(xmlFile);
143             parser.parse(inputSource, this);
144         }
145         
146         return this.listSections;
147     }
148
149     /**
150      * @see org.xml.sax.ContentHandler#endElement(String, String, String)
151      */
152     public void endElement(String JavaDoc namespaceURI, String JavaDoc localName, String JavaDoc tag)
153         throws SAXException JavaDoc
154     {
155         if (tag.equals("section")) {
156             this.listSections.add(this.section);
157         }
158         else if (tag.equals("permission")) {
159             this.section.addPermission(new PermissionItem(this.permissionName, this.permissionId, this.permissionType, this.permissionData));
160
161             this.permissionData = new ArrayList JavaDoc();
162         }
163     }
164
165     /**
166      * @see org.xml.sax.ErrorHandler#error(SAXParseException)
167      */
168     public void error(SAXParseException JavaDoc exception) throws SAXException JavaDoc
169     {
170         throw exception;
171     }
172
173     /**
174      * @see org.xml.sax.ContentHandler#startElement(String, String, String, Attributes)
175      */
176     public void startElement(
177         String JavaDoc namespaceURI,
178         String JavaDoc localName,
179         String JavaDoc tag,
180         Attributes JavaDoc atts)
181         throws SAXException JavaDoc
182     {
183         if (tag.equals("section")) {
184             this.section = new PermissionSection(atts.getValue("title"), atts.getValue("id"));
185         }
186         else if (tag.equals("permission")) {
187             this.permissionName = atts.getValue("title");
188             this.permissionId = atts.getValue("id");
189             this.permissionType = atts.getValue("type");
190             this.alreadySelected = false;
191         }
192         else if (tag.equals("sql")) {
193             ResultSet JavaDoc rs = null;
194             PreparedStatement JavaDoc p = null;
195             
196             String JavaDoc refName = atts.getValue("refName");
197             
198             // If refName is present, then we have a template query
199 if (refName != null) {
200                 try {
201                     p = JForumExecutionContext.getConnection().prepareStatement(SystemGlobals.getSql(atts.getValue("queryName")));
202                     rs = p.executeQuery();
203                     
204                     String JavaDoc valueField = atts.getValue("valueField");
205                     String JavaDoc captionField = atts.getValue("captionField");
206                     
207                     List JavaDoc l = new ArrayList JavaDoc();
208                     
209                     while (rs.next()) {
210                         l.add(new SelectData(rs.getInt(valueField), rs.getString(captionField)));
211                     }
212                     
213                     this.queries.put(refName, l);
214                 }
215                 catch (Exception JavaDoc e) {
216                     throw new XMLException(e);
217                 }
218                 finally {
219                     try {
220                         if (rs != null) {
221                             rs.close();
222                             p.close();
223                         }
224                     }
225                     catch (Exception JavaDoc e) {
226                         throw new XMLException(e);
227                     }
228                 }
229             }
230             else {
231                 // If it gets here, then it should be a <sql ref="xxxx"> section
232 RoleValueCollection roleValues = new RoleValueCollection();
233                 Role role = this.pc.getRole(this.permissionId);
234                 
235                 if (role != null) {
236                     roleValues = role.getValues();
237                 }
238                 
239                 List JavaDoc l = (List JavaDoc)this.queries.get(atts.getValue("ref"));
240                 
241                 for (Iterator JavaDoc iter = l.iterator(); iter.hasNext(); ) {
242                     SelectData data = (SelectData)iter.next();
243                     
244                     String JavaDoc id = Integer.toString(data.getId());
245                     RoleValue rv = roleValues.get(id);
246
247                     this.permissionData.add(
248                         new FormSelectedData(
249                             data.getName(),
250                             id,
251                             rv != null && rv.getType() == PermissionControl.ROLE_DENY
252                         )
253                     );
254                 }
255             }
256         }
257         else if (tag.equals("option")) {
258             boolean selected = false;
259             
260             if (this.permissionType.equals("single")) {
261                 if (this.pc.canAccess(this.permissionId) && atts.getValue("value").equals("allow") && !this.alreadySelected) {
262                     selected = true;
263                     this.alreadySelected = true;
264                 }
265             }
266             else {
267                 // TODO: Implement this
268 throw new UnsupportedOperationException JavaDoc("'option' tag with 'multiple' attribute support not yet implemented");
269             }
270             
271             this.permissionData.add(new FormSelectedData(atts.getValue("description"), atts.getValue("value"), selected));
272         }
273     }
274
275 }
Popular Tags