RegistryAccessController


1   /*
2    * Copyright 2000-2004 The Apache Software Foundation.
3    * 
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    * 
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    * 
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.apache.jetspeed.services.security.registry;
18  
19  // Java imports
20  import java.util.Iterator  ;
21  
22  import javax.servlet.ServletConfig  ;
23  
24  import org.apache.jetspeed.om.SecurityReference;
25  import org.apache.jetspeed.om.profile.Entry;
26  import org.apache.jetspeed.om.registry.RegistryEntry;
27  import org.apache.jetspeed.om.registry.SecurityEntry;
28  import org.apache.jetspeed.om.security.GroupRole;
29  import org.apache.jetspeed.om.security.JetspeedUser;
30  import org.apache.jetspeed.portal.Portlet;
31  import org.apache.jetspeed.portal.PortletController;
32  import org.apache.jetspeed.portal.PortletSet;
33  import org.apache.jetspeed.services.Registry;
34  import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
35  import org.apache.jetspeed.services.logging.JetspeedLogger;
36  import org.apache.jetspeed.services.security.JetspeedRoleManagement;
37  import org.apache.jetspeed.services.security.PortalAccessController;
38  import org.apache.jetspeed.services.security.PortalResource;
39  import org.apache.turbine.services.InitializationException;
40  import org.apache.turbine.services.TurbineBaseService;
41  
42  /**
43   * TurbineAccessController
44   *
45   * @author <a HREF="paulsp@apache.org">Paul Spencer</a>
46   * @version $Id: RegistryAccessController.java,v 1.10 2004/02/23 03:54:03 jford Exp $
47   */
48  public class RegistryAccessController extends TurbineBaseService implements PortalAccessController
49  {
50      /**
51       * Static initialization of the logger for this class
52       */    
53      private static final JetspeedLogger logger = JetspeedLogFactoryService.getLogger(RegistryAccessController.class.getName());
54      
55      /**
56       * Given a <code>JetspeedUser</code>, authorize that user to perform the secured action on
57       * the given <code>Portlet</code> resource. If the user does not have
58       * sufficient privilege to perform the action on the resource, the check returns false,
59       * otherwise when sufficient privilege is present, checkPermission returns true.
60       *
61       * @param user the user to be checked.
62       * @param portlet the portlet resource.
63       * @param action the secured action to be performed on the resource by the user.
64       * @return boolean true if the user has sufficient privilege.
65       */
66      public boolean checkPermission(JetspeedUser user, Portlet portlet, String   action)
67      {
68          return checkPermission(user, portlet, action, null);
69      }
70  
71      /**
72       * Given a <code>JetspeedUser</code>, authorize that user to perform the secured action on
73       * the given <code>Portlet</code> resource. If the user does not have
74       * sufficient privilege to perform the action on the resource, the check returns false,
75       * otherwise when sufficient privilege is present, checkPermission returns true.
76       *
77       * @param user the user to be checked.
78       * @param portlet the portlet resource.
79       * @param action the secured action to be performed on the resource by the user.
80       * @param owner of the entry, i.e. the username
81       * @return boolean true if the user has sufficient privilege.
82       */
83      public boolean checkPermission(JetspeedUser user, Portlet portlet, String   action, String   owner)
84      {
85          SecurityReference securityRef = portlet.getPortletConfig().getSecurityRef();
86          if (securityRef != null)
87          {
88              return checkPermission( user, securityRef, action, owner);
89          }
90  
91          String   portletName = portlet.getName();
92          RegistryEntry registryEntry = null;
93          // Don't query registry if portlet is a set
94          if (!(portlet instanceof PortletSet))
95          {
96              registryEntry = (RegistryEntry) Registry.getEntry(Registry.PORTLET, portletName);
97          }            
98          //portlet is not a portlet - probably a controller or control
99          if (registryEntry==null) {
100             PortletSet ps  = portlet.getPortletConfig().getPortletSet();
101             if (ps != null) {
102                 PortletController pc = ps.getController();
103                 if (pc != null) {
104                     portletName = pc.getConfig().getName();
105                     registryEntry = (RegistryEntry)Registry.getEntry(Registry.PORTLET_CONTROLLER, portletName);
106                 }
107             }
108         }
109         if (registryEntry==null) {
110             return true; // Since their is no entry, their no security to test.  Per spec. all is allowed
111         }
112 
113         return checkPermission(user, registryEntry, action, owner);
114     }
115     
116     /**
117      * Given a <code>JetspeedUser</code>, authorize that user to perform the secured action on
118      * the given Portlet Instance (<code>Entry</code>) resource. If the user does not have
119      * sufficient privilege to perform the action on the resource, the check returns false,
120      * otherwise when sufficient privilege is present, checkPermission returns true.
121      *
122      * @param user the user to be checked.
123      * @param entry the portlet instance resource.
124      * @param action the secured action to be performed on the resource by the user.
125      * @return boolean true if the user has sufficient privilege.
126      */
127     public boolean checkPermission(JetspeedUser user, Entry entry, String   action)
128     {
129         return checkPermission( user, entry, action, null);
130     }
131 
132     /**
133      * Given a <code>JetspeedUser</code>, authorize that user to perform the secured action on
134      * the given Portlet Instance (<code>Entry</code>) resource. If the user does not have
135      * sufficient privilege to perform the action on the resource, the check returns false,
136      * otherwise when sufficient privilege is present, checkPermission returns true.
137      *
138      * @param user the user to be checked.
139      * @param entry the portlet instance resource.
140      * @param action the secured action to be performed on the resource by the user.
141      * @param owner of the entry, i.e. the username
142      * @return boolean true if the user has sufficient privilege.
143      */
144     public boolean checkPermission(JetspeedUser user, Entry entry, String   action, String   owner)
145     {
146         SecurityReference securityRef = entry.getSecurityRef();
147         if (securityRef == null)
148         {
149             return checkPermission( user, Registry.getEntry( Registry.PORTLET, entry.getParent()), action, owner);
150         }
151         return checkPermission( user, securityRef, action, owner);
152     }
153        
154     
155     /**
156      * Given a <code>JetspeedUser</code>, authorize that user to perform the secured action on
157      * the given resource. If the user does not have
158      * sufficient privilege to perform the action on the resource, the check returns false,
159      * otherwise when sufficient privilege is present, checkPermission returns true.
160      *
161      * @param user the user to be checked.
162      * @param resource requesting an action
163      * @param action the secured action to be performed on the resource by the user.
164      * @return boolean true if the user has sufficient privilege.
165      */
166     public boolean checkPermission(JetspeedUser user, PortalResource resource, String   action)
167     {
168         switch (resource.getResourceType())
169         {
170             case PortalResource.TYPE_ENTRY:
171                 return checkPermission(user, resource.getEntry(), action, resource.getOwner());
172             case PortalResource.TYPE_PORTLET:
173                 return checkPermission(user, resource.getPortlet(), action, resource.getOwner());
174             case PortalResource.TYPE_REGISTRY:
175                 return checkPermission(user, resource.getRegistryEntry(), action, resource.getOwner());
176             case PortalResource.TYPE_REGISTRY_PARAMETER:
177                 return checkPermission(user, resource.getRegistryParameter(), action, resource.getOwner());
178         }
179 
180         // We should never get here
181         logger.error( "In " + this.getClass().getName() + ".checkPermission(user, resource, action) - Unkown resource = " + resource.getResourceType());
182         return false;
183     }
184     
185     /**
186      * Checks if the user has access to a given registry entry for the given action
187      *
188      * @param user the requesting user.
189      * @param regEntry the registry entry from the registry.
190      * @param owner of the entry, i.e. the username
191      * @param action the jetspeed-action (view, edit, customize, delete...) for which permission is being checked.
192      */
193     private boolean checkPermission(JetspeedUser user,  RegistryEntry regEntry, String   action, String   owner)
194     {
195         SecurityReference securityRef = regEntry.getSecurityRef();
196         if (securityRef == null)
197             return true;  // No security defined on Registry entry
198         return checkPermission( user, securityRef, action, owner);
199     }
200 
201     /**
202      * Checks if the user has access for the given action using a security reference 
203      *
204      * @param user the requesting user.
205      * @param securityRef the security reference to check
206      * @param action the jetspeed-action (view, edit, customize, delete...) for which permission is being checked.
207      */
208     private boolean checkPermission(JetspeedUser user, SecurityReference securityRef, String   action, String   owner)
209     {
210         SecurityEntry securityEntry = (SecurityEntry) Registry.getEntry( Registry.SECURITY, securityRef.getParent());
211         if (securityEntry == null)
212         {
213             logger.warn("Security id " + securityRef.getParent() + " does not exist.  This was requested by the user " + user.getUserName());
214             return false;
215         }
216 
217         if (securityEntry.allowsUser(user.getUserName(), action, owner))
218         {
219             return true;
220         }
221 
222         try
223         {
224             for( Iterator   roles = JetspeedRoleManagement.getRoles(user.getUserName()); roles.hasNext();)
225             {
226                 GroupRole grouprole = (GroupRole) roles.next();
227                 String   groupname = grouprole.getGroup().getName();
228                 String   rolename = grouprole.getRole().getName();
229                 if (securityEntry.allowsGroupRole(groupname, rolename, action))
230                     return true;                    
231             }
232 
233 //            for( Iterator roles = JetspeedRoleManagement.getRoles(user.getUserName()); roles.hasNext();)
234 //            {
235 //                Role role = (Role) roles.next();
236 //                if (securityEntry.allowsRole((String) role.getName(), action))
237 //                    return true;
238 //            }
239 //            
240 //          for( Iterator groups = JetspeedGroupManagement.getGroups(user.getUserName()); groups.hasNext();)
241 //          {
242 //              Group group = (Group) groups.next();
243 //              if (securityEntry.allowsGroup((String) group.getName(), action))
244 //                  return true;
245 //          }
246             
247         }
248         catch (Exception   e)
249         {
250             logger.error("Exception", e);
251             return false;
252         }
253         return false;
254     }
255     
256     /*
257      * Turbine Services Interface
258      */
259     
260     /**
261      * This is the early initialization method called by the
262      * Turbine <code>Service</code> framework
263      * @param conf The <code>ServletConfig</code>
264      * @exception throws a <code>InitializationException</code> if the service
265      * fails to initialize
266      */
267     public synchronized void init(ServletConfig   conf)
268     throws InitializationException
269     {
270         if (getInit()) return;
271         
272         super.init(conf);
273         
274         setInit(true);
275     }
276 }
277
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags