KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > jetspeed > services > security > turbine > TurbineAccessController


1 /*
2  * Copyright 2000-2004 The Apache Software Foundation.
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16
17 package org.apache.jetspeed.services.security.turbine;
18
19 // Java imports
20 import java.util.Iterator JavaDoc;
21
22 import javax.servlet.ServletConfig JavaDoc;
23
24 import org.apache.jetspeed.om.profile.Entry;
25 import org.apache.jetspeed.om.registry.RegistryEntry;
26 import org.apache.jetspeed.om.registry.Security;
27 import org.apache.jetspeed.om.security.GroupRole;
28 import org.apache.jetspeed.om.security.JetspeedUser;
29 import org.apache.jetspeed.om.security.Role;
30 import org.apache.jetspeed.portal.Portlet;
31 import org.apache.jetspeed.portal.PortletController;
32 import org.apache.jetspeed.portal.PortletSet;
33 import org.apache.jetspeed.services.JetspeedSecurity;
34 import org.apache.jetspeed.services.Registry;
35 import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
36 import org.apache.jetspeed.services.logging.JetspeedLogger;
37 import org.apache.jetspeed.services.resources.JetspeedResources;
38 import org.apache.jetspeed.services.security.PortalAccessController;
39 import org.apache.jetspeed.services.security.PortalResource;
40 import org.apache.turbine.services.InitializationException;
41 import org.apache.turbine.services.TurbineBaseService;
42
43 /**
44  * TurbineAccessController
45  *
46  * @author <a HREF="paulsp@apache.org">Paul Spencer</a>
47  * @version $Id: TurbineAccessController.java,v 1.8 2004/02/23 03:54:49 jford Exp $
48  */
49 public class TurbineAccessController extends TurbineBaseService
50 implements PortalAccessController
51 {
52     /**
53      * Static initialization of the logger for this class
54      */
55     private static final JetspeedLogger logger = JetspeedLogFactoryService.getLogger(TurbineAccessController.class.getName());
56     
57     private final static String JavaDoc CONFIG_DEFAULT_PERMISSION_LOGGEDIN = "services.JetspeedSecurity.permission.default.loggedin";
58     private final static String JavaDoc CONFIG_DEFAULT_PERMISSION_ANONYMOUS = "services.JetspeedSecurity.permission.default.anonymous";
59     
60     /**
61      * Given a <code>JetspeedUser</code>, authorize that user to perform the secured action on
62      * the given <code>Portlet</code> resource. If the user does not have
63      * sufficient privilege to perform the action on the resource, the check returns false,
64      * otherwise when sufficient privilege is present, checkPermission returns true.
65      *
66      * @param user the user to be checked.
67      * @param portlet the portlet resource.
68      * @param action the secured action to be performed on the resource by the user.
69      * @return boolean true if the user has sufficient privilege.
70      */
71     public boolean checkPermission(JetspeedUser user, Portlet portlet, String JavaDoc action)
72     {
73         return checkPermission(user, portlet, action, null);
74     }
75     
76     /**
77      * Given a <code>JetspeedUser</code>, authorize that user to perform the secured action on
78      * the given <code>Portlet</code> resource. If the user does not have
79      * sufficient privilege to perform the action on the resource, the check returns false,
80      * otherwise when sufficient privilege is present, checkPermission returns true.
81      *
82      * @param user the user to be checked.
83      * @param portlet the portlet resource.
84      * @param action the secured action to be performed on the resource by the user.
85      * @param owner of the entry, i.e. the username
86      * @return boolean true if the user has sufficient privilege.
87      */
88     public boolean checkPermission(JetspeedUser user, Portlet portlet, String JavaDoc action, String JavaDoc owner)
89     {
90         String JavaDoc portletName = portlet.getName();
91         RegistryEntry regEntry = (RegistryEntry)Registry.getEntry(Registry.PORTLET, portletName);
92         //portlet is not a portlet - probably a controller or control
93 if (regEntry==null)
94         {
95             PortletSet ps = portlet.getPortletConfig().getPortletSet();
96             if (ps != null)
97             {
98                 PortletController pc = ps.getController();
99                 if (pc != null)
100                 {
101                     portletName = pc.getConfig().getName();
102                     regEntry = (RegistryEntry)Registry.getEntry(Registry.PORTLET_CONTROLLER, portletName);
103                 }
104             }
105         }
106         if (regEntry==null)
107         {
108             return checkDefaultPermission(user, action);
109         }
110         return checkPermission(user, regEntry, action);
111     }
112     
113     /**
114      * Given a <code>JetspeedUser</code>, authorize that user to perform the secured action on
115      * the given Portlet Instance (<code>Entry</code>) resource. If the user does not have
116      * sufficient privilege to perform the action on the resource, the check returns false,
117      * otherwise when sufficient privilege is present, checkPermission returns true.
118      *
119      * @param user the user to be checked.
120      * @param entry the portlet instance resource.
121      * @param action the secured action to be performed on the resource by the user.
122      * @return boolean true if the user has sufficient privilege.
123      */
124     public boolean checkPermission(JetspeedUser user, Entry entry, String JavaDoc action)
125     {
126         return checkPermission(user, entry, action, null);
127     }
128     
129     /**
130      * Given a <code>JetspeedUser</code>, authorize that user to perform the secured action on
131      * the given Portlet Instance (<code>Entry</code>) resource. If the user does not have
132      * sufficient privilege to perform the action on the resource, the check returns false,
133      * otherwise when sufficient privilege is present, checkPermission returns true.
134      *
135      * @param user the user to be checked.
136      * @param entry the portlet instance resource.
137      * @param action the secured action to be performed on the resource by the user.
138      * @param owner of the entry, i.e. the username
139      * @return boolean true if the user has sufficient privilege.
140      */
141     public boolean checkPermission(JetspeedUser user, Entry entry, String JavaDoc action, String JavaDoc owner)
142     {
143         String JavaDoc portletName = entry.getParent();
144         RegistryEntry regEntry = (RegistryEntry)Registry.getEntry(Registry.PORTLET, portletName);
145         if (regEntry==null)
146         {
147             return checkDefaultPermission(user, action);
148         }
149         return checkPermission(user, regEntry, action);
150     }
151     
152     
153     /**
154      * Given a <code>JetspeedUser</code>, authorize that user to perform the secured action on
155      * the given resource. If the user does not have
156      * sufficient privilege to perform the action on the resource, the check returns false,
157      * otherwise when sufficient privilege is present, checkPermission returns true.
158      *
159      * @param user the user to be checked.
160      * @param resource requesting an action
161      * @param action the secured action to be performed on the resource by the user.
162      * @return boolean true if the user has sufficient privilege.
163      */
164     public boolean checkPermission(JetspeedUser user, PortalResource resource, String JavaDoc action)
165     {
166         switch (resource.getResourceType())
167         {
168             case PortalResource.TYPE_ENTRY:
169                 return checkPermission(user, resource.getEntry(), action);
170             case PortalResource.TYPE_REGISTRY:
171                 return checkPermission(user, resource.getRegistryEntry(), action);
172             case PortalResource.TYPE_REGISTRY_PARAMETER:
173                 return checkPermission(user, resource.getRegistryParameter(), action);
174             case PortalResource.TYPE_PORTLET:
175                 return checkPermission(user, resource.getPortlet(), action);
176             case PortalResource.TYPE_ENTRY_PARAMETER:
177                 return checkPermission(user, (RegistryEntry) resource.getEntryParameter(), action);
178         }
179         return false;
180     }
181     
182     /**
183      * Checks if the user has access to a given portlet for the given action
184      *
185      * @param user the requesting user.
186      * @param regEntry the registry entry from the registry.
187      * @param action the jetspeed-action (view, edit, customize, delete...) for which permission is being checked.
188      * @exception Sends a RegistryException if the manager can't add
189      * the provided entry
190      */
191     private boolean checkPermission(JetspeedUser user, RegistryEntry regEntry, String JavaDoc action)
192     {
193         Security security = regEntry.getSecurity();
194         if (null == security)
195             return checkDefaultPermission( user, action);
196         String JavaDoc securityRole = security.getRole();
197         if (null == securityRole)
198             return checkDefaultPermission( user, action);
199
200         
201         // determine if Portlet has specified role
202 try
203         {
204
205             if (false == JetspeedSecurity.hasRole(user.getUserName(), securityRole))
206             {
207                 return false;
208             }
209
210         } catch (Exception JavaDoc e)
211         {
212             logger.error("Exception", e);
213             return false;
214         }
215         
216         return checkPermission(user, action);
217     }
218     
219     /**
220      * Checks if the currently logged on user has access for the given action
221      *
222      * @param user the requesting user.
223      * @param action the jetspeed-action (view, edit, customize, delete...) for which permission is being checked.
224      * @exception Sends a RegistryException if the manager can't add
225      * the provided entry
226      */
227     /**
228      * given the rundata, checks if the currently logged on user has access for the given action
229      *
230      * @param rundata the request rundata.
231      * @param permission the jetspeed-action (view, edit, customize, delete...) for which permission is being checked.
232      * @param entry the registry entry from the registry.
233      * @exception Sends a RegistryException if the manager can't add
234      * the provided entry
235      */
236     private boolean checkPermission(JetspeedUser user, String JavaDoc action)
237     {
238         if (action == null)
239         {
240             return true;
241         }
242
243         // determine if user has specified role
244 try
245         {
246             Iterator JavaDoc roles = JetspeedSecurity.getRoles(user.getUserName());
247             while (roles.hasNext())
248             {
249                 GroupRole gr = (GroupRole) roles.next();
250                 Role role = gr.getRole();
251                 return JetspeedSecurity.hasPermission(role.getName(), action);
252             }
253         
254         } catch (Exception JavaDoc e)
255         {
256             logger.error("Exception", e);
257             return false;
258         }
259         
260         return true;
261     }
262     
263     private boolean checkDefaultPermission(JetspeedUser user, String JavaDoc action)
264     {
265         String JavaDoc defaultPermissions[] = null;
266         try
267         {
268             if ( (user == null) || !user.hasLoggedIn() )
269             {
270                 defaultPermissions = JetspeedResources.getStringArray(CONFIG_DEFAULT_PERMISSION_ANONYMOUS);
271             } else
272             {
273                 defaultPermissions = JetspeedResources.getStringArray(CONFIG_DEFAULT_PERMISSION_LOGGEDIN);
274             }
275         }
276         catch (Exception JavaDoc e)
277         {
278             logger.error( "Error checking permissions for " + user + " on " + action, e);
279         }
280         for (int i = 0; i < defaultPermissions.length; i++)
281         {
282             if (defaultPermissions[i].equals("*"))
283                 return true;
284             if (defaultPermissions[i].equals(action))
285                 return true;
286         }
287         return false;
288     }
289     
290     /*
291      * Turbine Services Interface
292      */
293     
294     /**
295      * This is the early initialization method called by the
296      * Turbine <code>Service</code> framework
297      * @param conf The <code>ServletConfig</code>
298      * @exception throws a <code>InitializationException</code> if the service
299      * fails to initialize
300      */
301     public synchronized void init(ServletConfig JavaDoc conf)
302     throws InitializationException
303     {
304         if (getInit()) return;
305         
306         super.init(conf);
307         
308         setInit(true);
309     }
310     
311 }
312
Popular Tags