DefaultAccessControlManager


1   /*
2    * Copyright (C) 2005 Alfresco, Inc.
3    *
4    * Licensed under the Mozilla Public License version 1.1 
5    * with a permitted attribution clause. You may obtain a
6    * copy of the License at
7    *
8    *   http://www.alfresco.org/legal/license.txt
9    *
10   * Unless required by applicable law or agreed to in writing,
11   * software distributed under the License is distributed on an
12   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
13   * either express or implied. See the License for the specific
14   * language governing permissions and limitations under the
15   * License.
16   */
17  package org.alfresco.filesys.server.auth.acl;
18  
19  import java.util.Enumeration  ;
20  
21  import org.alfresco.config.ConfigElement;
22  import org.alfresco.filesys.server.SrvSession;
23  import org.alfresco.filesys.server.config.ServerConfiguration;
24  import org.alfresco.filesys.server.core.SharedDevice;
25  import org.alfresco.filesys.server.core.SharedDeviceList;
26  import org.apache.commons.logging.Log;
27  import org.apache.commons.logging.LogFactory;
28  
29  /**
30   * Default Access Control Manager Class
31   * <p>
32   * Default access control manager implementation.
33   * 
34   * @author Gary K. Spencer
35   */
36  public class DefaultAccessControlManager implements AccessControlManager
37  {
38  
39      // Debug logging
40  
41      private static final Log logger = LogFactory.getLog("org.alfresco.smb.protocol");
42  
43      // Access control factory
44  
45      private AccessControlFactory m_factory;
46  
47      // Debug enable flag
48  
49      private boolean m_debug;
50  
51      /**
52       * Class constructor
53       */
54      public DefaultAccessControlManager()
55      {
56  
57          // Create the access control factory
58  
59          m_factory = new AccessControlFactory();
60      }
61  
62      /**
63       * Check if the session has access to the shared device.
64       * 
65       * @param sess SrvSession
66       * @param share SharedDevice
67       * @return int
68       */
69      public int checkAccessControl(SrvSession sess, SharedDevice share)
70      {
71  
72          // Check if the shared device has any access control configured
73  
74          if (share.hasAccessControls() == false)
75          {
76  
77              // DEBUG
78  
79              if (logger.isDebugEnabled() && hasDebug())
80                  logger.debug("Check access control for " + share.getName() + ", no ACLs");
81  
82              // Allow full access to the share
83  
84              return AccessControl.ReadWrite;
85          }
86  
87          // Process the access control list
88  
89          AccessControlList acls = share.getAccessControls();
90          int access = AccessControl.Default;
91  
92          // DEBUG
93  
94          if (logger.isDebugEnabled() && hasDebug())
95              logger.debug("Check access control for " + share.getName() + ", ACLs=" + acls.numberOfControls());
96  
97          for (int i = 0; i < acls.numberOfControls(); i++)
98          {
99  
100             // Get the current access control and run
101 
102             AccessControl acl = acls.getControlAt(i);
103             int curAccess = acl.allowsAccess(sess, share, this);
104 
105             // Debug
106 
107             if (logger.isDebugEnabled() && hasDebug())
108                 logger.debug("  Check access ACL=" + acl + ", access=" + AccessControl.asAccessString(curAccess));
109 
110             // Update the allowed access
111 
112             if (curAccess != AccessControl.Default)
113                 access = curAccess;
114         }
115 
116         // Check if the default access level is still selected, if so then get the default level
117         // from the
118         // access control list
119 
120         if (access == AccessControl.Default)
121         {
122 
123             // Use the default access level
124 
125             access = acls.getDefaultAccessLevel();
126 
127             // Debug
128 
129             if (logger.isDebugEnabled() && hasDebug())
130                 logger.debug("Access defaulted=" + AccessControl.asAccessString(access) + ", share=" + share);
131         }
132         else if (logger.isDebugEnabled() && hasDebug())
133             logger.debug("Access allowed=" + AccessControl.asAccessString(access) + ", share=" + share);
134 
135         // Return the access type
136 
137         return access;
138     }
139 
140     /**
141      * Filter the list of shared devices to return a list that contains only the shares that are
142      * visible or accessible by the session.
143      * 
144      * @param sess SrvSession
145      * @param shares SharedDeviceList
146      * @return SharedDeviceList
147      */
148     public SharedDeviceList filterShareList(SrvSession sess, SharedDeviceList shares)
149     {
150 
151         // Check if the share list is valid or empty
152 
153         if (shares == null || shares.numberOfShares() == 0)
154             return shares;
155 
156         // Debug
157 
158         if (logger.isDebugEnabled() && hasDebug())
159             logger.debug("Filter share list for " + sess + ", shares=" + shares);
160 
161         // For each share in the list check the access, remove any shares that the session does not
162         // have access to.
163 
164         SharedDeviceList filterList = new SharedDeviceList();
165         Enumeration  <SharedDevice> enm = shares.enumerateShares();
166 
167         while (enm.hasMoreElements())
168         {
169 
170             // Get the current share
171 
172             SharedDevice share = enm.nextElement();
173 
174             // Check if the share has any access controls
175 
176             if (share.hasAccessControls())
177             {
178 
179                 // Check if the session has access to this share
180 
181                 int access = checkAccessControl(sess, share);
182                 if (access != AccessControl.NoAccess)
183                     filterList.addShare(share);
184             }
185             else
186             {
187 
188                 // Add the share to the filtered list
189 
190                 filterList.addShare(share);
191             }
192         }
193 
194         // Debug
195 
196         if (logger.isDebugEnabled() && hasDebug())
197             logger.debug("Filtered share list " + filterList);
198 
199         // Return the filtered share list
200 
201         return filterList;
202     }
203 
204     /**
205      * Initialize the access control manager
206      * 
207      * @param config ServerConfiguration
208      * @param params ConfigElement
209      */
210     public void initialize(ServerConfiguration config, ConfigElement params)
211     {
212 
213         // Check if debug output is enabled
214 
215         if (params != null && params.getChild("debug") != null)
216             setDebug(true);
217 
218         // Add the default access control types
219 
220         addAccessControlType(new UserAccessControlParser());
221         addAccessControlType(new ProtocolAccessControlParser());
222         addAccessControlType(new DomainAccessControlParser());
223         addAccessControlType(new IpAddressAccessControlParser());
224     }
225 
226     /**
227      * Create an access control.
228      * 
229      * @param type String
230      * @param params ConfigElement
231      * @return AccessControl
232      * @throws ACLParseException
233      * @throws InvalidACLTypeException
234      */
235     public AccessControl createAccessControl(String   type, ConfigElement params) throws ACLParseException,
236             InvalidACLTypeException
237     {
238 
239         // Use the access control factory to create the access control instance
240 
241         return m_factory.createAccessControl(type, params);
242     }
243 
244     /**
245      * Add an access control parser to the list of available access control types.
246      * 
247      * @param parser AccessControlParser
248      */
249     public void addAccessControlType(AccessControlParser parser)
250     {
251 
252         // Debug
253 
254         if (logger.isDebugEnabled() && hasDebug())
255             logger.debug("AccessControlManager Add rule type " + parser.getType());
256 
257         // Add the new access control type to the factory
258 
259         m_factory.addParser(parser);
260     }
261 
262     /**
263      * Determine if debug output is enabled
264      * 
265      * @return boolean
266      */
267     public final boolean hasDebug()
268     {
269         return m_debug;
270     }
271 
272     /**
273      * Enable/disable debug output
274      * 
275      * @param dbg boolean
276      */
277     public final void setDebug(boolean dbg)
278     {
279         m_debug = dbg;
280     }
281 }
282
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags