1 28 package net.sf.jguard.ext.authorization.manager; 29 30 import java.io.FileWriter ; 31 import java.io.IOException ; 32 import java.io.OutputStream ; 33 import java.security.Permission ; 34 import java.security.Principal ; 35 import java.util.ArrayList ; 36 import java.util.Arrays ; 37 import java.util.Collection ; 38 import java.util.HashSet ; 39 import java.util.Iterator ; 40 import java.util.List ; 41 import java.util.Map ; 42 import java.util.Set ; 43 import java.util.logging.Level ; 44 import java.util.logging.Logger ; 45 46 import net.sf.jguard.core.CoreConstants; 47 import net.sf.jguard.core.authorization.permissions.Domain; 48 import net.sf.jguard.core.authorization.permissions.JGPermissionCollection; 49 import net.sf.jguard.core.authorization.permissions.PermissionUtils; 50 import net.sf.jguard.core.principals.RolePrincipal; 51 import net.sf.jguard.ext.SecurityConstants; 52 import net.sf.jguard.ext.authorization.AuthorizationException; 53 import net.sf.jguard.ext.principals.PrincipalUtils; 54 import net.sf.jguard.ext.util.XMLUtils; 55 56 import org.dom4j.Attribute; 57 import org.dom4j.Document; 58 import org.dom4j.Element; 59 import org.dom4j.QName; 60 import org.dom4j.io.HTMLWriter; 61 import org.dom4j.io.OutputFormat; 62 import org.dom4j.io.XMLWriter; 63 import org.dom4j.util.UserDataAttribute; 64 65 66 71 public class XmlAuthorizationManager extends AbstractAuthorizationManager implements AuthorizationManager{ 72 73 private static final Logger logger = Logger.getLogger(XmlAuthorizationManager.class.getName()); 74 75 private Element root; 76 private Document document = null; 77 private String fileLocation; 78 79 80 81 84 public XmlAuthorizationManager(){ 85 super(); 86 } 87 88 93 public void init(Map options) { 94 super.init(options); 95 String applicationName= (String )options.get(CoreConstants.APPLICATION_NAME); 96 this.setApplicationName(applicationName); 97 super.options = options; 98 fileLocation = (String )options.get(SecurityConstants.AUTHORIZATION_XML_FILE_LOCATION); 99 if(fileLocation ==null ||"".equals(fileLocation)){ 100 throw new IllegalArgumentException (SecurityConstants.AUTHORIZATION_XML_FILE_LOCATION+" argument for XMLAuthorizationManager is null or empty "+fileLocation); 101 } 102 init(); 103 104 } 105 106 107 110 private void init() { 111 fileLocation = fileLocation.trim(); 113 fileLocation = fileLocation.replaceAll(" ","%20"); 116 117 if(logger.isLoggable(Level.FINEST)){ 118 logger.finest("fileLocation="+fileLocation); 119 } 120 document = XMLUtils.read(fileLocation); 121 root = document.getRootElement(); 122 123 initPermissions(); 124 initPrincipals(); 125 } 126 127 128 131 private void initPrincipals() { 132 133 Element principalsElement = root.element("principals"); 134 List principalsElementList = principalsElement.elements("principal"); 137 Iterator itPrincipals = principalsElementList.iterator(); 138 139 while(itPrincipals.hasNext()){ 140 Element principalElement = (Element)itPrincipals.next(); 141 String className = principalElement.element("class").getStringValue(); 142 String name = null; 143 144 if(className.equals(RolePrincipal.class.getName())){ 145 name = RolePrincipal.getName(principalElement.element("name").getStringValue(), applicationName); 146 147 }else{ 148 name = principalElement.element("name").getStringValue(); 149 } 150 Principal ppal = PrincipalUtils.getPrincipal(className,name); 151 if(className.equals(RolePrincipal.class.getName())){ 152 buildJGuardPrincipal(principalElement, ppal); 153 } 154 principalsSet.add(ppal); 156 principals.put(getLocalName(ppal),ppal); 158 } 159 160 assemblyHierarchy(); 161 } 162 163 164 167 private void initPermissions() { 168 169 Element domainsElement = root.element("permissions"); 170 List domainsElementList = domainsElement.elements("domain"); 171 Iterator itDomains = domainsElementList.iterator(); 172 173 while(itDomains.hasNext()){ 174 Element domainElement = (Element)itDomains.next(); 175 String id = domainElement.element("name").getStringValue(); 176 JGPermissionCollection domain = new Domain(id); 177 domainsSet.add(domain); 179 domains.put(id,domain); 181 Set permissionsDomain = new HashSet (); 183 List permissionsElementList = domainElement.elements("permission"); 185 Iterator itPermissions = permissionsElementList.iterator(); 186 187 while(itPermissions.hasNext()){ 189 Element permissionElement = (Element)itPermissions.next(); 190 Element actionsElement = permissionElement.element("actions"); 191 List actionsList = actionsElement.elements(); 192 Iterator itActions = actionsList.iterator(); 193 StringBuffer sbActions = new StringBuffer (); 194 int i = 0; 195 while(itActions.hasNext()){ 196 String actionTemp = ((Element)itActions.next()).getText(); 197 if(i!=0){ 198 sbActions.append(','); 199 } 200 sbActions.append(actionTemp); 201 i++; 202 } 203 String actions = sbActions.toString(); 204 String permissionName= permissionElement.element("name").getTextTrim(); 205 206 String className = ((Element)permissionElement.element("class")).getTextTrim(); 207 Permission perm = null; 208 try { 209 perm = PermissionUtils.getPermission(className,permissionName,actions); 210 } catch (ClassNotFoundException e) { 211 logger.warning(e.getMessage()); 212 continue; 213 } 214 domain.add(perm); 216 217 permissions.put(perm.getName(),perm); 219 permissionsSet.add(perm); 220 permissionsDomain.add(perm); 222 223 } 224 domainsPermissions.put(id,permissionsDomain); 226 } 227 super.urlp.addAll(permissionsSet); 228 } 229 230 234 public List getInitParameters() { 235 String [] authorizationParams = {"fileLocation"}; 236 return Arrays.asList(authorizationParams); 237 } 238 239 245 public void createPermission(Permission permission,String domainName) throws AuthorizationException { 246 String [] actions = permission.getActions().split(","); 247 248 Element domainElement = (Element)root.selectSingleNode("//domain[name='"+domainName+"']"); 249 Element permissionElement = domainElement.addElement("permission"); 251 Element nameElement = permissionElement.addElement("name"); 252 nameElement.setText(permission.getName()); 253 Element classElement = permissionElement.addElement("class"); 254 classElement.setText(permission.getClass().getName()); 255 Element actionsElement = permissionElement.addElement("actions"); 256 for(int i= 0;i<actions.length;i++){ 257 Element actionElement = actionsElement.addElement("action"); 258 actionElement.setText(actions[i]); 259 } 260 261 permissions.put(permission.getName(),permission); 265 permissionsSet.add(permission); 266 urlp.add(permission); 267 ((JGPermissionCollection)domains.get(domainName)).add(permission); 269 270 try { 271 XMLUtils.write(fileLocation,document); 272 } catch (IOException e) { 273 logger.log(Level.SEVERE, "error when create permission "+permission,e); 274 } 275 276 } 277 278 283 public void createDomain(String domainName) throws AuthorizationException { 284 285 Element domainsElement = (Element)root.selectSingleNode("//permissions"); 286 Element domainElement = domainsElement.addElement("domain"); 288 Element nameElement = domainElement.addElement("name"); 289 nameElement.setText(domainName); 290 JGPermissionCollection domain = new Domain(domainName); 291 domains.put(domainName,domain); 292 domainsSet.add(domain); 293 try { 294 XMLUtils.write(fileLocation,document); 295 } catch (IOException e) { 296 logger.log(Level.SEVERE, "createDomain(String)", e); 297 } 298 299 } 300 307 public void updatePermission(String oldPermissionName, Permission permission,String newDomainName) throws AuthorizationException { 308 deletePermission(oldPermissionName); 310 createPermission(permission,newDomainName); 311 } 312 313 314 319 public void deletePermission(String permissionName) throws AuthorizationException { 320 Element permissionElement = (Element)root.selectSingleNode("//permission[name='"+permissionName+"']"); 321 Element domainElement = (Element)root.selectSingleNode("//permission[name='"+permissionName+"']/.."); 322 domainElement.remove(permissionElement); 323 Permission oldPermission = (Permission )permissions.remove(permissionName); 324 Domain domain = getDomain(oldPermission); 325 domain.removePermission(oldPermission); 326 permissions.remove(oldPermission.getName()); 327 permissionsSet.remove(oldPermission); 328 urlp.removePermission(oldPermission); 329 removePermissionFromPrincipals(permissionName); 330 updatePrincipals(domain); 331 332 try { 333 XMLUtils.write(fileLocation,document); 334 } catch (IOException e) { 335 logger.log(Level.SEVERE, "deletePermission(String)", e); 336 } 337 } 338 339 340 345 public void deleteDomain(String domainName) throws AuthorizationException { 346 domains.remove(domainName); 347 domainsSet.remove(new Domain(domainName)); 348 Element domainsElement = (Element)root.selectSingleNode("//permissions"); 349 Element domainElement = (Element)domainsElement.selectSingleNode("//domain[name='"+domainName+"']"); 350 domainsElement.remove(domainElement); 351 super.removeDomainFromPrincipals(domainName); 352 try { 353 XMLUtils.write(fileLocation,document); 354 } catch (IOException e) { 355 logger.log(Level.SEVERE, "deleteDomain(String)", e); 356 } 357 358 } 359 360 361 366 public void createPrincipal(Principal principal) throws AuthorizationException { 367 Element principalsElement = root.element("principals"); 368 Element principalElement = principalsElement.addElement("principal"); 370 Element nameElement = principalElement.addElement("name"); 371 Element classElement = principalElement.addElement("class"); 373 classElement.setText(principal.getClass().getName()); 374 375 nameElement.setText(getLocalName(principal)); 376 principals.put(getLocalName(principal),principal); 377 principalsSet.add(principal); 378 if (principal.getClass().equals(RolePrincipal.class)){ 379 RolePrincipal ppal = (RolePrincipal)principal; 380 insertPermissionsAndInheritance(principalElement, ppal); 381 } 382 383 try { 384 XMLUtils.write(fileLocation,document); 385 } catch (IOException e) { 386 logger.log(Level.SEVERE, "createRole(RolePrincipal)", e); 387 } 388 389 } 390 391 private void insertPermissionsAndInheritance(Element principalElement, RolePrincipal ppal) { 392 Element permsRefElement = principalElement.addElement("permissionsRef"); 394 Set orphanedPerms = ppal.getOrphanedPermissions(); 395 Iterator orphanedPermsIterator = orphanedPerms.iterator(); 396 while(orphanedPermsIterator.hasNext()){ 397 Permission perm = (Permission )orphanedPermsIterator.next(); 398 Element permRef = permsRefElement.addElement("permissionRef"); 399 Attribute nameAttribute = new UserDataAttribute(new QName("name")); 401 nameAttribute.setValue(perm.getName()); 402 permRef.add(nameAttribute); 403 } 404 405 Set doms = ppal.getDomains(); 407 Iterator PermsFromDomainsIterator = doms.iterator(); 408 while(PermsFromDomainsIterator.hasNext()){ 409 Domain dom = (Domain)PermsFromDomainsIterator.next(); 410 Element permRef = permsRefElement.addElement("domainRef"); 411 Attribute nameAttribute = new UserDataAttribute(new QName("name")); 413 nameAttribute.setValue(dom.getName()); 414 permRef.add(nameAttribute); 415 } 416 417 if(ppal.getDescendants().size() > 0) { 419 Element descendants = principalElement.addElement("descendants"); 420 421 for (Iterator descendantsIterator = ppal.getDescendants().iterator(); 423 descendantsIterator.hasNext(); ) { 424 Element principalRef = descendants.addElement("principalRef"); 425 426 Attribute nameAttribute = new UserDataAttribute(new QName("name")); 427 nameAttribute.setValue(((RolePrincipal) descendantsIterator.next()).getLocalName()); 428 principalRef.add(nameAttribute); 429 } 430 } 431 } 432 433 438 public void deletePrincipal(Principal principal) throws AuthorizationException { 439 Principal ppalReference = (Principal )principals.remove(getLocalName(principal)); 440 principalsSet.remove(ppalReference); 441 Element principalsElement = root.element("principals"); 442 Element principalElement = (Element)principalsElement.selectSingleNode("//principal[name='"+getLocalName(principal)+"']"); 443 principalsElement.remove(principalElement); 444 if(ppalReference.getClass().equals(RolePrincipal.class)){ 445 deleteReferenceInHierarchy((RolePrincipal)ppalReference); 446 XMLUtils.deletePrincipalRefs(root,(RolePrincipal)ppalReference); 448 } 449 try { 450 XMLUtils.write(fileLocation,document); 451 } catch (IOException e) { 452 logger.log(Level.SEVERE, "deleteRole(String)", e); 453 } 454 } 455 456 457 458 464 public void updateDomain(String newName, String oldName) throws AuthorizationException { 465 466 Domain domain = (Domain)domains.get(oldName); 467 domains.remove(oldName); 468 domainsSet.remove(domain); 469 domain.setName(newName); 470 domains.put(domain.getName(),domain); 471 domainsSet.add(domain); 472 this.updatePrincipals(domain, oldName); 473 Element domainsElement = (Element)root.selectSingleNode("//permissions"); 474 Element domainElement = (Element)domainsElement.selectSingleNode("//domain[name='"+oldName+"']"); 475 Element name =domainElement.element("name"); 476 name.setText(newName); 477 try { 478 XMLUtils.write(fileLocation,document); 479 } catch (IOException e) { 480 logger.log(Level.SEVERE, "updateDomain(String, String)", e); 481 } 482 } 483 484 490 public void updatePrincipal(String oldPrincipalName, Principal principal) throws AuthorizationException { 491 Principal oldPal = (Principal )principals.remove(oldPrincipalName); 492 principalsSet.remove(oldPal); 493 principals.put(getLocalName(principal),principal); 494 principalsSet.add(principal); 495 496 try { 497 XMLUtils.write(fileLocation,document); 498 } catch (IOException e) { 499 logger.log(Level.SEVERE, "updateRole(String, RolePrincipal)", e); 500 } 501 } 502 503 504 505 506 507 512 private void buildJGuardPrincipal(Element principalElement, Principal ppal) { 513 RolePrincipal jp = (RolePrincipal)ppal; 514 Element pel = principalElement.element("permissionsRef"); 515 Collection domainsPrincipal = pel.elements("domainRef"); 516 Iterator itDomainsPrincipal = domainsPrincipal.iterator(); 517 Set domainNames = new HashSet (); 519 520 while(itDomainsPrincipal.hasNext()){ 522 Element domainElement = (Element)itDomainsPrincipal.next(); 523 String domainName = domainElement.attributeValue("name"); 524 JGPermissionCollection domain = (JGPermissionCollection)domains.get(domainName); 525 526 if(domain==null){ 527 if (logger.isLoggable(Level.WARNING)) { 528 logger.warning("initPrincipals() - principal " 529 + jp.getLocalName() 530 + " refers to a unknown domain name :" 531 + domainName); 532 } 533 } 534 if(!domainNames.contains(domainName)){ 535 domainNames.add(domainName); 536 permissionsSet.addAll(domain.getPermissions()); 537 urlp.addAll(domain.getPermissions()); 538 jp.addDomain(domain); 539 } 540 } 541 542 543 Collection permissionsPrincipal = pel.elements("permissionRef"); 544 Iterator itPermissionsPrincipal = permissionsPrincipal.iterator(); 545 546 while(itPermissionsPrincipal.hasNext()){ 548 Element perm = (Element)itPermissionsPrincipal.next(); 549 String permissionName=perm.attributeValue("name"); 550 permissionsSet.add(permissions.get(permissionName)); 551 Permission permission = (Permission )permissions.get(permissionName); 552 urlp.add(permission); 553 jp.addPermission(permission); 554 if(null == permission){ 555 if (logger.isLoggable(Level.WARNING)) { 556 logger.warning("initPrincipals() - principal " 557 + jp.getName() 558 + " refers to a unknown permission name :" 559 + permissionName); 560 } 561 } 562 } 563 Element descendants = principalElement.element("descendants"); 565 if (descendants != null) { 566 List descendantsElements = descendants.elements("principalRef"); 567 Iterator itDescendantsElements = descendantsElements.iterator(); 568 Collection descendantsNames = new ArrayList (); 569 while(itDescendantsElements.hasNext()){ 570 Element descentantItem = (Element)itDescendantsElements.next(); 571 descendantsNames.add(principals.get(descentantItem.attributeValue("name"))); 572 } 573 574 hierarchyMap.put(getLocalName(jp),descendantsNames); 575 } 576 } 577 578 582 public boolean isEmpty() { 583 List principalsList = root.selectNodes("//principal"); 584 List permissions = root.selectNodes("//permissions"); 585 if(!principalsList.isEmpty()&&!permissions.isEmpty()){ 586 return false; 587 } 588 return true; 589 } 590 591 public String exportAsXMLString(){ 592 return this.document.asXML(); 593 } 594 595 public void writeAsHTML(OutputStream outputStream) throws IOException { 596 HTMLWriter writer = new HTMLWriter(outputStream,OutputFormat.createPrettyPrint()); 597 writer.write(this.document); 598 writer.flush(); 599 600 } 601 602 public void writeAsXML(OutputStream outputStream, String encodingScheme) throws IOException { 603 OutputFormat outformat = OutputFormat.createPrettyPrint(); 604 outformat.setEncoding(encodingScheme); 605 XMLWriter writer = new XMLWriter(outputStream, outformat); 606 writer.write(this.document); 607 writer.flush(); 608 } 609 public void exportAsXMLFile(String fileName) throws IOException { 610 XMLWriter xmlWriter = new XMLWriter(new FileWriter (fileName), OutputFormat.createPrettyPrint()); 611 xmlWriter.write(document); 612 xmlWriter.close(); 613 } 614 615 } 616 | Popular Tags |