Java > Open Source Codes > org > apache > jetspeed > om > registry > base > BaseSecurityEntry


1 /*
2  * Copyright 2000-2004 The Apache Software Foundation.
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16
17 package org.apache.jetspeed.om.registry.base;
18
19 // Java imports
20 import java.util.HashMap ;
21 import java.util.Iterator ;
22 import java.util.List ;
23 import java.util.Map ;
24 import java.util.Vector ;
25
26 import org.apache.jetspeed.om.registry.SecurityAccess;
27 import org.apache.jetspeed.om.registry.SecurityAllow;
28 import org.apache.jetspeed.om.registry.SecurityEntry;
29 import org.apache.jetspeed.services.security.GroupManagement;
30 import org.apache.jetspeed.services.security.RoleManagement;
31
32 /**
33  * Interface for manipulatin the Security Entry on the registry entries
34  *
35  * @author <a HREF="mailto:paulsp@apache.org">Paul Spencer</a>
36  * @author <a HREF="mailto:weaver@apache.org">Scott T. Weaver</a>
37  * @author <a HREF="mailto:morciuch@apache.org">Mark Orciuch</a>
38  * @version $Id: BaseSecurityEntry.java,v 1.15 2004/03/23 21:15:24 jford Exp $
39  */
40 public class BaseSecurityEntry extends BaseRegistryEntry implements SecurityEntry, java.io.Serializable
41 {
42
43     /** Holds value of property accesses. */
44     private Vector accesses = new Vector ();
45
46     private transient Map accessMap = null;
47
48     public static final String ALL_ACTIONS = "*";
49
50     public static final String ALL_ROLES = "*";
51
52     public static final String ALL_GROUPS = "*";
53
54     public static final String ALL_GROUP_ROLES = "*";
55
56     public static final String ALL_USERS = "*";
57
58     private static final String OWNER_MAP = "owner";
59
60     private static final String ROLE_MAP = "role";
61
62     private static final String GROUP_MAP = "group";
63     
64     private static final String GROUP_ROLE_MAP = "grouprole";
65
66     private static final String USER_MAP = "user";
67
68     private static transient Object accessMapSync = new Object ();
69
70     public BaseSecurityEntry()
71     { }
72
73     /**
74      * Implements the equals operation so that 2 elements are equal if
75      * all their member values are equal.
76      */
77     public boolean equals(Object object)
78     {
79         if (object == null)
80         {
81             return false;
82         }
83
84         BaseSecurityEntry obj = (BaseSecurityEntry) object;
85
86         Iterator i = accesses.iterator();
87         Iterator i2 = obj.accesses.iterator();
88         while (i.hasNext())
89         {
90             BaseSecurityAccess c1 = (BaseSecurityAccess) i.next();
91             BaseSecurityAccess c2 = null;
92
93             if (i2.hasNext())
94             {
95                 c2 = (BaseSecurityAccess) i2.next();
96             }
97             else
98             {
99                 return false;
100             }
101
102             if (!c1.equals(c2))
103             {
104                 return false;
105             }
106         }
107
108         if (i2.hasNext())
109         {
110             return false;
111         }
112
113         return super.equals(object);
114     }
115
116     /** Getter for property accesses.
117      * @return Value of property accesses.
118      */
119     public Vector getAccesses()
120     {
121         return accesses;
122     }
123
124     /** Setter for property accesses.
125      * @param accesses New value of property accesses.
126      */
127     public void setAccesses(Vector accesses)
128     {
129         this.accesses = accesses;
130         buildAccessMap();
131     }
132
133     /**
134      * Aututhorizes action for a role.
135      *
136      * o If the requested action and the action ALL_ACTIONS
137      * do not exist, then return false.
138      *
139      * o If the requesting role and ALL_ROLES does not exist for the
140      * the action, then return false.
141      *
142      * @param role requesting action
143      * @param action being requested
144      * @return <CODE>true</CODE> if action is allowed for role
145      */
146     public boolean allowsRole(String role, String action)
147     {
148         Map allowMap = null;
149         boolean allow = false;
150
151         if (accessMap == null)
152         {
153             buildAccessMap();
154         }
155
156         // Checked action
157 allowMap = (Map ) accessMap.get(action);
158         allow = isInAllowMap(allowMap, ROLE_MAP, role, ALL_ROLES);
159         if (allow == true)
160         {
161             return allow;
162         }
163
164         // Checked all actions
165 allowMap = (Map ) accessMap.get(ALL_ACTIONS);
166         allow = isInAllowMap(allowMap, ROLE_MAP, role, ALL_ROLES);
167
168         // Not allowed
169 return allow;
170     }
171
172     /**
173      * Aututhorizes action for a group.
174      *
175      * o If the requested action and the action ALL_ACTIONS
176      * do not exist, then return false.
177      *
178      * o If the requesting role and ALL_GROUP does not exist for the
179      * the action, then return false.
180      *
181      * @param group requesting action
182      * @param action being requested
183      * @return <CODE>true</CODE> if action is allowed for group
184      */
185     public boolean allowsGroup(String group, String action)
186     {
187         Map allowMap = null;
188         boolean allow = false;
189
190         if (accessMap == null)
191         {
192             buildAccessMap();
193         }
194
195         // Checked action
196 allowMap = (Map ) accessMap.get(action);
197         allow = isInAllowMap(allowMap, GROUP_MAP, group, ALL_GROUPS);
198         if (allow == true)
199         {
200             return allow;
201         }
202
203         // Checked all actions
204 allowMap = (Map ) accessMap.get(ALL_ACTIONS);
205         allow = isInAllowMap(allowMap, GROUP_MAP, group, ALL_GROUPS);
206
207         // Not allowed
208 return allow;
209     }
210
211     /**
212      * Authorizes action for a group role.
213      *
214      * o If the requested action and the action ALL_ACTIONS
215      * do not exist, then return false.
216      *
217      * o If the requesting group role and ALL_GROUPS_ROLES does not exist for the
218      * the action, then return false.
219      *
220      * @param group requesting action
221      * @param role requesting action
222      * @param action being requested
223      * @return <CODE>true</CODE> if action is allowed for group role
224      */
225     public boolean allowsGroupRole(String group, String role, String action)
226     {
227         Map allowMap = null;
228         boolean allow = false;
229
230         if (accessMap == null)
231         {
232             buildAccessMap();
233         }
234
235         // Checked action
236 allowMap = (Map ) accessMap.get(action);
237         allow = isInAllowMap(allowMap, GROUP_ROLE_MAP, group+role, ALL_GROUP_ROLES);
238         if (allow == true)
239         {
240             return allow;
241         }
242
243         // Checked all actions
244 allowMap = (Map ) accessMap.get(ALL_ACTIONS);
245         allow = isInAllowMap(allowMap, GROUP_ROLE_MAP, group+role, ALL_GROUP_ROLES);
246
247         // Not allowed
248 return allow;
249     }
250
251     /**
252      * Aututhorizes action for a named user
253      *
254      * @param userName requesting action
255      * @param action being requested
256      * @return <CODE>true</CODE> if action is allowed for named user
257      */
258     public boolean allowsUser(String userName, String action)
259     {
260         return allowsUser(userName, action, null);
261     }
262     /**
263      * Aututhorizes action for a named user
264      *
265      * @param userName requesting action
266      * @param action being requested
267      * @param owner User
268      * @return <CODE>true</CODE> if action is allowed for named user
269      */
270     public boolean allowsUser(String userName, String action, String owner)
271     {
272         Map allowMap = null;
273         boolean allow = false;
274
275         if (accessMap == null)
276         {
277             buildAccessMap();
278         }
279         if ((owner != null) && (owner.equals(userName)))
280         {
281             // Checked action
282 allowMap = (Map ) accessMap.get(action);
283             allow = isInAllowMap(allowMap, OWNER_MAP, null, null);
284             if (allow == true)
285             {
286                 return allow;
287             }
288
289             // Checked action
290 allowMap = (Map ) accessMap.get(ALL_ACTIONS);
291             allow = isInAllowMap(allowMap, OWNER_MAP, null, null);
292             if (allow == true)
293             {
294                 return allow;
295             }
296         }
297
298         // Checked action
299 allowMap = (Map ) accessMap.get(action);
300         allow = isInAllowMap(allowMap, USER_MAP, userName, ALL_USERS);
301         if (allow == true)
302         {
303             return allow;
304         }
305
306         // Checked all actions
307 allowMap = (Map ) accessMap.get(ALL_ACTIONS);
308         allow = isInAllowMap(allowMap, USER_MAP, userName, ALL_USERS);
309
310         // Not allowed
311 return allow;
312
313     }
314     
315     /**
316      * Checks whether a role is specifically allowed to access the request action
317      * This method ignores the "*" action and is here to play a maintenance role.
318      */
319     public boolean allowsSpecificRole( String action, String role)
320     {
321         SecurityAccess access = (SecurityAccess) getAccess(action);
322         if (access.getAllAllows() != null)
323         {
324             Iterator allAllows = access.getAllows().iterator();
325             while (allAllows.hasNext())
326             {
327                 SecurityAllow allow = (SecurityAllow) allAllows.next();
328                 if (allow.getRole() != null && allow.getRole().equals(role))
329                 {
330                     return true;
331                 }
332             }
333         }
334         return false;
335     }
336
337     /**
338      * Checks whether a group is specifically allowed to access the request action
339      * This method ignores the "*" action and is here to play a maintenance role.
340      */
341     public boolean allowsSpecificGroup(String action, String group)
342     {
343         SecurityAccess access = (SecurityAccess) getAccess(action);
344         if (access.getAllAllows() != null)
345         {
346             Iterator allAllows = access.getAllows().iterator();
347             while (allAllows.hasNext())
348             {
349                 SecurityAllow allow = (SecurityAllow) allAllows.next();
350                 if (allow.getGroup() != null && allow.getGroup().equals(group))
351                 {
352                     return true;
353                 }
354             }
355         }
356         return false;
357     }
358
359     /**
360      * Checks whether a group role is specifically allowed to access the request action
361      * This method ignores the "*" action and is here to play a maintenance role.
362      */
363     public boolean allowsSpecificGroupRole(String action, String group, String role)
364     {
365         SecurityAccess access = (SecurityAccess) getAccess(action);
366         if (access.getAllAllows() != null)
367         {
368             Iterator allAllows = access.getAllows().iterator();
369             while (allAllows.hasNext())
370             {
371                 SecurityAllow allow = (SecurityAllow) allAllows.next();
372                 if (allow.getGroup() != null &&
373                     allow.getGroup().equals(group) &&
374                     allow.getRole() != null &&
375                     allow.getRole().equals(role))
376                 {
377                     return true;
378                 }
379             }
380         }
381         return false;
382     }
383     
384         /**
385         * Checks whether a role is specifically allowed to access the request action
386         * This method ignores the "*" action and is here to play a maintenance role.
387         * @param String action name of action to check
388         * @param String role name of role to verify access for
389         * @return boolean whether or not the <code>role</code> has access
390         * to this specific action.
391         */
392     public boolean allowsSpecificUser(String action, String user)
393     {
394         BaseSecurityAccess access = (BaseSecurityAccess) getAccess(action);
395         if (access.getAllAllows() != null)
396         {
397             Iterator allAllows = access.getAllows().iterator();
398             while (allAllows.hasNext())
399             {
400                 BaseSecurityAllow allow = (BaseSecurityAllow) allAllows.next();
401                 if (allow.getUser() != null && allow.getUser().equals(user))
402                 {
403                     return true;
404                 }
405             }
406         }
407         return false;
408     }
409
410     
411     
412     
413     /**
414      * Returns the SecurityAccess object for the <code>action</code>
415      * requested or null if no specific access is defined for this action.
416      * The "*" does change this, if an action is not specifically defined
417      * in the registry, null is returned
418      * @param SecurityEntry entry SecurityEntry to check against
419      * @param String action The action we want the access for.
420      * @return SecurityAccess that is defined for this action or
421      * <code>null</code> if one is not <strong>specifically defined</strong>
422      */
423     public SecurityAccess getAccess(String action)
424     {
425         Iterator itr = getAccesses().iterator();
426         while (itr.hasNext())
427         {
428             BaseSecurityAccess access = (BaseSecurityAccess) itr.next();
429             if (access.getAction().equals(action))
430             {
431                 return access;
432             }
433         }
434
435         return null;
436     }
437     
438     /**
439      * Grants access for a specific action to a specific role
440      * for this SecurityEntry. This grants specific access ignores
441      * "*" action, if it exists.
442      * @param String action The action we are granting access to.
443      * @param String role The role that will receive access to this action.
444      * @return boolean Whether or not the access was granted. Basically,
445      * a <code>false</code> means that this role already has specific access.
446      */
447     public boolean grantRoleAccess(String action, String role)
448     {
449         if (!allowsSpecificRole(action, role))
450         {
451             SecurityAccess access = getAccess(action);
452             List allows = access.getAllows();
453             if (allows == null)
454             {
455                 allows = new Vector ();
456             }
457
458             BaseSecurityAllow allow = new BaseSecurityAllow();
459             allow.setRole(role);
460             allows.add(allow);
461             
462             buildAccessMap();
463             
464             return true;
465         }
466
467         return false;
468     }
469
470     /**
471      * Grants access for a specific action to a specific group
472      * for this SecurityEntry. This grants specific access ignores
473      * "*" action, if it exists.
474      * @param String action The action we are granting access to.
475      * @param String group The group that will receive access to this action.
476      * @return boolean Whether or not the access was granted. Basically,
477      * a <code>false</code> means that this group already has specific access.
478      */
479     public boolean grantGroupAccess(String action, String group)
480     {
481         if (!allowsSpecificGroup(action, role))
482         {
483             SecurityAccess access = getAccess(action);
484             List allows = access.getAllows();
485             if (allows == null)
486             {
487                 allows = new Vector ();
488             }
489
490             BaseSecurityAllow allow = new BaseSecurityAllow();
491             allow.setGroup(group);
492             allows.add(allow);
493             
494             buildAccessMap();
495             
496             return true;
497         }
498
499         return false;
500     }
501
502     /**
503      * Grants access for a specific action to a specific group fole
504      * for this SecurityEntry. This grants specific access ignores
505      * "*" action, if it exists.
506      * @param String action The action we are granting access to.
507      * @param String group The group that will receive access to this action.
508      * @param String role The role that will receive access to this action.
509      * @return boolean Whether or not the access was granted. Basically,
510      * a <code>false</code> means that this group role already has specific access.
511      */
512     public boolean grantGroupRoleAccess(String action, String group, String role)
513     {
514         if (!allowsSpecificGroupRole(action, group, role))
515         {
516             SecurityAccess access = getAccess(action);
517             List allows = access.getAllows();
518             if (allows == null)
519             {
520                 allows = new Vector ();
521             }
522
523             BaseSecurityAllow allow = new BaseSecurityAllow();
524             allow.setGroup(group);
525             allow.setRole(role);
526             allows.add(allow);
527             
528             buildAccessMap();
529             
530             return true;
531         }
532
533         return false;
534     }
535     
536     /**
537      * Grants access for a specific action to a specific user
538      * for this SecurityEntry. This grants specific access ignores
539      * "*" action, if it exists.
540      * @param String action The action we are granting access to.
541      * @param String user The user that will receive access to this action.
542      * @return boolean Whether or not the access was granted. Basically,
543      * a <code>false</code> means that this role already has specific access.
544      */
545     public boolean grantUserAccess(String action, String user)
546     {
547         if (!allowsSpecificUser(action, user))
548         {
549             SecurityAccess access = getAccess(action);
550             List allows = access.getAllows();
551             if (allows == null)
552             {
553                 allows = new Vector ();
554             }
555
556             BaseSecurityAllow allow = new BaseSecurityAllow();
557             allow.setUser(user);
558             allows.add(allow);
559             
560             buildAccessMap();
561             
562             return true;
563         }
564
565         return false;
566     }
567
568
569     /**
570      * Removes a role's access to a specific action.
571      * @param action Action to remove access from.
572      * @param role The role whose access we are revoking.
573      * @return boolean Whehter or not the access existed and
574      * was removed.
575      */
576     public boolean revokeRoleAccess(String action, String role)
577     {
578         if (allowsSpecificRole(action, role))
579         {
580             SecurityAccess access = getAccess(action);
581             List allows = access.getAllows();
582             if (allows == null || allows.isEmpty())
583             {
584                 revokeAccess(action);
585                 return false;
586             }
587
588             for (int i = 0; i < allows.size(); i++)
589             {
590                 BaseSecurityAllow allow = (BaseSecurityAllow) allows.get(i);
591                 if (allow.getRole() != null && allow.getRole().equals(role))
592                 {
593                     allows.remove(i);
594                     if (allows.isEmpty() && access.getOwnerAllows().isEmpty())
595                     {
596                         revokeAccess(action);
597                     }
598
599                     return true;
600                 }
601             }
602         }
603         return false;
604     }
605     
606     /**
607      * Removes a group's access to a specific action.
608      * @param action Action to remove access from.
609      * @param group The group whose access we are revoking.
610      * @return boolean Whehter or not the access existed and
611      * was removed.
612      */
613     public boolean revokeGroupAccess(String action, String group)
614     {
615         if (allowsSpecificGroup(action, group))
616         {
617             SecurityAccess access = getAccess(action);
618             List allows = access.getAllows();
619             if (allows == null || allows.isEmpty())
620             {
621                 revokeAccess(action);
622                 return false;
623             }
624
625             for (int i = 0; i < allows.size(); i++)
626             {
627                 BaseSecurityAllow allow = (BaseSecurityAllow) allows.get(i);
628                 if (allow.getGroup() != null && allow.getGroup().equals(group))
629                 {
630                     allows.remove(i);
631                     if (allows.isEmpty() && access.getOwnerAllows().isEmpty())
632                     {
633                         revokeAccess(action);
634                     }
635
636                     return true;
637                 }
638             }
639         }
640         return false;
641     }
642
643     /**
644      * Removes a group role's access to a specific action.
645      * @param action Action to remove access from.
646      * @param group The group whose access we are revoking.
647      * @param role The role whose access we are revoking.
648      * @return boolean Whether or not the access existed and
649      * was removed.
650      */
651     public boolean revokeGroupRoleAccess(String action, String group, String role)
652     {
653         if (allowsSpecificGroupRole(action, group, role))
654         {
655             SecurityAccess access = getAccess(action);
656             List allows = access.getAllows();
657             if (allows == null || allows.isEmpty())
658             {
659                 revokeAccess(action);
660                 return false;
661             }
662
663             for (int i = 0; i < allows.size(); i++)
664             {
665                 BaseSecurityAllow allow = (BaseSecurityAllow) allows.get(i);
666                 if (allow.getGroup() != null &&
667                     allow.getGroup().equals(group) &&
668                     allow.getRole() != null &&
669                     allow.getRole().equals(role))
670                 {
671                     allows.remove(i);
672                     if (allows.isEmpty() && access.getOwnerAllows().isEmpty())
673                     {
674                         revokeAccess(action);
675                     }
676
677                     return true;
678                 }
679             }
680         }
681         return false;
682     }
683     
684     /**
685     * Removes a user's access to a specific action.
686     * @param action Action to remove access from.
687     * @param role The role whose access we are revoking.
688     * @return boolean Whehter or not the access existed and
689     * was removed.
690     */
691     public boolean revokeUserAccess(String action, String user)
692     {
693         if (allowsSpecificUser(action, user))
694         {
695             SecurityAccess access = getAccess(action);
696             List allows = access.getAllows();
697             if (allows == null || allows.isEmpty())
698             {
699                 revokeAccess(action);
700                 return false;
701             }
702
703             for (int i = 0; i < allows.size(); i++)
704             {
705                 BaseSecurityAllow allow = (BaseSecurityAllow) allows.get(i);
706                 if (allow.getUser() != null && allow.getUser().equals(user))
707                 {
708                     allows.remove(i);
709                     if (allows.isEmpty() && access.getOwnerAllows().isEmpty())
710                     {
711                         revokeAccess(action);
712                     }
713
714                     return true;
715                 }
716             }
717         }
718         return false;
719     }
720     
721     /**
722      * Removes a security access for the named action.
723      * This does not take into account the "*" action when
724      * the "*" is not the named action.
725      * @param String access name of access to remove in its entirety
726      */
727     public void revokeAccess(String action)
728     {
729         List list = getAccesses();
730         for (int i = 0; i < list.size(); i++)
731         {
732             BaseSecurityAccess access = (BaseSecurityAccess) list.get(i);
733             if (access.getAction().equals(action))
734             {
735                 list.remove(i);
736                 return;
737             }
738         }
739     }
740     
741     
742     
743     
744     
745
746     private void buildAccessMap()
747     {
748         Map actionMap = null;
749         SecurityAccess accessElement = null;
750
751         synchronized (accessMapSync)
752         {
753             if (accessMap == null)
754             {
755                 accessMap = new HashMap ();
756             }
757
758             accessMap.clear();
759         }
760         // Build allow map
761 for (Iterator accessIterator = getAccesses().iterator(); accessIterator.hasNext();)
762         {
763             accessElement = (SecurityAccess) accessIterator.next();
764
765             // Get action map of the action. Create one if none exists
766 String action = accessElement.getAction();
767
768             if (action == null)
769             {
770                 action = ALL_ACTIONS;
771             }
772
773             actionMap = (Map ) accessMap.get(action);
774             if (actionMap == null)
775             {
776                 actionMap = new HashMap ();
777                 accessMap.put(action, actionMap);
778             }
779             addAllows(actionMap, accessElement);
780         }
781     }
782
783     /**
784      * Add access elements to the access map. The elements will be
785      * appened to the appropiate map.
786      *
787      * @param accessMap to receive accessElements
788      * @param accessElement to copy to access map
789      */
790     private void addAllows(Map accessMap, SecurityAccess accessElement)
791     {
792         SecurityAllow allowElement = null;
793         String role = null;
794         String group = null;
795         Map ownerMap = null; // Map of owner allowed
796 Map roleMap = null; // Map of roles allowed
797 Map groupMap = null; // Map of groups allowed
798 Map groupRoleMap = null; // Map of group role allowed
799 Map userMap = null; // Map of users allowed
800 String userName = null;
801
802         if (accessElement.getAllAllows() == null)
803         {
804             return;
805         }
806
807         // Add allows to the action Map
808 for (Iterator allowIterator = accessElement.getAllAllows().iterator(); allowIterator.hasNext();)
809         {
810             allowElement = (SecurityAllow) allowIterator.next();
811             role = null;
812             userName = null;
813             group = null;
814
815             // Add Owner
816 if (allowElement.isOwner() == true)
817             {
818                 ownerMap = (Map ) accessMap.get(OWNER_MAP);
819                 if (ownerMap == null)
820                 {
821                     ownerMap = new HashMap ();
822                     accessMap.put(OWNER_MAP, ownerMap);
823                 }
824                 ownerMap.put(null, null);
825             }
826
827             // Add Role
828 role = allowElement.getRole();
829             if (role != null)
830             {
831                 // Role map
832 roleMap = (Map ) accessMap.get(ROLE_MAP);
833                 if (roleMap == null)
834                 {
835                     roleMap = new HashMap ();
836                     accessMap.put(ROLE_MAP, roleMap);
837                 }
838                 roleMap.put(role, null);
839                 
840                 // Group role map
841 groupRoleMap = (Map ) accessMap.get(GROUP_ROLE_MAP);
842                 if (groupRoleMap == null)
843                 {
844                     groupRoleMap = new HashMap ();
845                     accessMap.put(GROUP_ROLE_MAP, groupRoleMap);
846                 }
847                 if (group == null)
848                 {
849                     group = GroupManagement.DEFAULT_GROUP_NAME;
850                 }
851                 groupRoleMap.put(group+role, null);
852                 
853             }
854
855             // Add Group
856 group = allowElement.getGroup();
857             if (group != null)
858             {
859                 // Group map
860 groupMap = (Map ) accessMap.get(GROUP_MAP);
861                 if (groupMap == null)
862                 {
863                     groupMap = new HashMap ();
864                     accessMap.put(GROUP_MAP, groupMap);
865                 }
866                 groupMap.put(group, null);
867                 
868                 // Group role map
869 groupRoleMap = (Map ) accessMap.get(GROUP_ROLE_MAP);
870                 if (groupRoleMap == null)
871                 {
872                     groupRoleMap = new HashMap ();
873                     accessMap.put(GROUP_ROLE_MAP, groupRoleMap);
874                 }
875                 if (role == null)
876                 {
877                     role = RoleManagement.DEFAULT_ROLE_NAME;
878                 }
879                 groupRoleMap.put(group+role, null);
880                 
881             }
882
883             // Add User
884 userName = allowElement.getUser();
885             if (userName != null)
886             {
887                 userMap = (Map ) accessMap.get(USER_MAP);
888                 if (userMap == null)
889                 {
890                     userMap = new HashMap ();
891                     accessMap.put(USER_MAP, userMap);
892                 }
893                 userMap.put(userName, null);
894             }
895         }
896     }
897
898     /**
899      * Search allow map of user/role or "all user/role"
900      *
901      * @param allowMap Map of allow-if
902      * @param mapType ROLE_MAP or USER_MAP or GROUP_MAP or GROUP_ROLE_MAP
903      * @param mapKey role or user to test
904      * @param allKey ALL_ROLE or ALL_USER or ALL_GROUP or ALL_GROUP_ROLE
905      * @return <CODE>true</CODE> or <CODE>false</CODE>
906      */
907     private boolean isInAllowMap(Map allowMap, String mapType, String mapKey, String allKey)
908     {
909         boolean allow = false;
910         if (allowMap != null)
911         {
912             Map allowTypeMap = (Map ) allowMap.get(mapType);
913             if (allowTypeMap == null)
914             {
915                 return allowMap.isEmpty(); // If action exist and no allows, then grant permission
916 }
917             allow = allowTypeMap.containsKey(mapKey);
918             if (allow == false)
919             {
920               allow = allowTypeMap.containsKey(allKey);
921             }
922             return allow;
923         }
924
925         // Not allowed
926 return allow;
927     }
928  }
929
930

A to Z: JavaDoc & Examples

---

Daily Java News & Articles

---

Open Source Projects

---

Open Source Codes

---

Free Computer Books

---

Remove Frame

---

Popular Tags