KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > lenya > cms > cocoon > transformation > AccessControlSitetreeTransformer


1 /*
2  * Copyright 1999-2004 The Apache Software Foundation
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  *
16  */
17
18 /* $Id: AccessControlSitetreeTransformer.java 158907 2005-03-24 10:19:14Z michi $ */
19
20 package org.apache.lenya.cms.cocoon.transformation;
21
22 import java.io.IOException JavaDoc;
23 import java.util.Map JavaDoc;
24
25 import org.apache.avalon.framework.activity.Disposable;
26 import org.apache.avalon.framework.parameters.Parameters;
27 import org.apache.avalon.framework.service.ServiceSelector;
28 import org.apache.cocoon.ProcessingException;
29 import org.apache.cocoon.environment.ObjectModelHelper;
30 import org.apache.cocoon.environment.Request;
31 import org.apache.cocoon.environment.SourceResolver;
32 import org.apache.cocoon.transformation.AbstractSAXTransformer;
33 import org.apache.lenya.ac.AccessControlException;
34 import org.apache.lenya.ac.AccessController;
35 import org.apache.lenya.ac.AccessControllerResolver;
36 import org.apache.lenya.ac.AccreditableManager;
37 import org.apache.lenya.ac.Authorizer;
38 import org.apache.lenya.ac.Identity;
39 import org.apache.lenya.ac.Policy;
40 import org.apache.lenya.ac.PolicyManager;
41 import org.apache.lenya.ac.Role;
42 import org.apache.lenya.ac.impl.DefaultAccessController;
43 import org.apache.lenya.ac.impl.PolicyAuthorizer;
44 import org.apache.lenya.cms.publication.SiteTree;
45 import org.apache.lenya.cms.publication.SiteTreeNodeImpl;
46 import org.apache.lenya.util.ServletHelper;
47 import org.xml.sax.Attributes JavaDoc;
48 import org.xml.sax.SAXException JavaDoc;
49 import org.xml.sax.helpers.AttributesImpl JavaDoc;
50
51 /**
52  * This transformer is applied to the sitetree.
53  * It marks the site element and all node elements the
54  * current identity is not allowed to access
55  * with a <code>protected="true"</code> attribute.
56  */
57 public class AccessControlSitetreeTransformer
58     extends AbstractSAXTransformer
59     implements Disposable {
60
61     public static final String JavaDoc ATTRIBUTE_PROTECTED = "protected";
62     public static final String JavaDoc PARAMETER_PUBLICATION_ID = "publication-id";
63     public static final String JavaDoc PARAMETER_AREA = "area";
64
65     private String JavaDoc documentId;
66     private ServiceSelector serviceSelector;
67     private PolicyManager policyManager;
68     private AccessControllerResolver acResolver;
69     private AccreditableManager accreditableManager;
70     private Identity identity;
71     private String JavaDoc urlPrefix;
72
73     /**
74      * @see org.apache.cocoon.sitemap.SitemapModelComponent#setup(org.apache.cocoon.environment.SourceResolver, java.util.Map, java.lang.String, org.apache.avalon.framework.parameters.Parameters)
75      */
76     public void setup(SourceResolver resolver, Map JavaDoc objectModel, String JavaDoc src, Parameters par)
77         throws ProcessingException, SAXException JavaDoc, IOException JavaDoc {
78         super.setup(resolver, objectModel, src, par);
79
80         serviceSelector = null;
81         acResolver = null;
82         policyManager = null;
83
84         identity = Identity.getIdentity(request.getSession(false));
85
86         try {
87             String JavaDoc publicationId = par.getParameter(PARAMETER_PUBLICATION_ID);
88             String JavaDoc area = par.getParameter(PARAMETER_AREA);
89
90             if (getLogger().isDebugEnabled()) {
91                 getLogger().debug("Setting up transformer");
92                 getLogger().debug(" Identity: [" + identity + "]");
93                 getLogger().debug(" Publication ID: [" + publicationId + "]");
94                 getLogger().debug(" Area: [" + area + "]");
95             }
96
97             urlPrefix = "/" + publicationId + "/" + area;
98
99             Request request = ObjectModelHelper.getRequest(objectModel);
100
101             serviceSelector =
102                 (ServiceSelector) manager.lookup(AccessControllerResolver.ROLE + "Selector");
103
104             acResolver =
105                 (AccessControllerResolver) serviceSelector.select(
106                     AccessControllerResolver.DEFAULT_RESOLVER);
107
108             if (getLogger().isDebugEnabled()) {
109                 getLogger().debug(" Resolved AC resolver [" + acResolver + "]");
110             }
111
112             String JavaDoc webappUrl = ServletHelper.getWebappURI(request);
113             AccessController accessController = acResolver.resolveAccessController(webappUrl);
114
115             if (accessController instanceof DefaultAccessController) {
116                 DefaultAccessController defaultAccessController =
117                     (DefaultAccessController) accessController;
118
119                 accreditableManager = defaultAccessController.getAccreditableManager();
120
121                 Authorizer[] authorizers = defaultAccessController.getAuthorizers();
122                 for (int i = 0; i < authorizers.length; i++) {
123                     if (authorizers[i] instanceof PolicyAuthorizer) {
124                         PolicyAuthorizer policyAuthorizer = (PolicyAuthorizer) authorizers[i];
125                         policyManager = policyAuthorizer.getPolicyManager();
126                     }
127                 }
128             }
129
130             if (getLogger().isDebugEnabled()) {
131                 getLogger().debug(" Using policy manager [" + policyManager + "]");
132             }
133         } catch (Exception JavaDoc e) {
134             throw new ProcessingException(e);
135         }
136
137     }
138
139     /**
140      * @see org.apache.avalon.framework.activity.Disposable#dispose()
141      */
142     public void dispose() {
143         if (getLogger().isDebugEnabled()) {
144             getLogger().debug("Disposing transformer");
145         }
146         if (serviceSelector != null) {
147             if (acResolver != null) {
148                 serviceSelector.release(acResolver);
149             }
150             manager.release(serviceSelector);
151         }
152     }
153
154     /**
155      * @see org.xml.sax.ContentHandler#startDocument()
156      */
157     public void startDocument() throws SAXException JavaDoc {
158         super.startDocument();
159         documentId = "";
160     }
161
162     /** (non-Javadoc)
163      * @see org.xml.sax.ContentHandler#startElement(java.lang.String, java.lang.String, java.lang.String, org.xml.sax.Attributes)
164      */
165     public void startElement(String JavaDoc uri, String JavaDoc localName, String JavaDoc raw, Attributes JavaDoc attr)
166         throws SAXException JavaDoc {
167
168         Attributes JavaDoc attributes = attr;
169
170         if (isFragmentNode(uri, localName)) {
171             String JavaDoc area = attr.getValue("area"); // FIXME: don't hardcode
172 String JavaDoc base = attr.getValue("base");
173             if (area!=null && base!=null) {
174                 documentId = "/"+area+base;
175             }
176         }
177         if (isNode(uri, localName)) {
178             String JavaDoc id = attr.getValue(SiteTreeNodeImpl.ID_ATTRIBUTE_NAME);
179             if (id != null) {
180                 documentId += "/" + id;
181             }
182
183             if (getLogger().isDebugEnabled()) {
184                 getLogger().debug("Checking node");
185                 getLogger().debug(" Document ID: [" + documentId + "]");
186                 getLogger().debug(" URL: [" + urlPrefix + documentId + "]");
187             }
188
189             try {
190                 String JavaDoc url = urlPrefix + documentId;
191                 Policy policy = policyManager.getPolicy(accreditableManager, url);
192                 Role[] roles = policy.getRoles(identity);
193
194                 getLogger().debug(" Roles: [" + roles.length + "]");
195
196                 if (roles.length == 0) {
197                     getLogger().debug(" Adding attribute [protected='true']");
198
199                     AttributesImpl JavaDoc attributesImpl = new AttributesImpl JavaDoc(attributes);
200                     attributesImpl.addAttribute(
201                         "",
202                         ATTRIBUTE_PROTECTED,
203                         ATTRIBUTE_PROTECTED,
204                         "",
205                         Boolean.toString(true));
206                     attributes = attributesImpl;
207                 }
208             } catch (AccessControlException e) {
209                 throw new SAXException JavaDoc(e);
210             }
211         }
212
213         super.startElement(uri, localName, raw, attributes);
214     }
215
216     /**
217      * @see org.xml.sax.ContentHandler#endElement(java.lang.String, java.lang.String, java.lang.String)
218      */
219     public void endElement(String JavaDoc uri, String JavaDoc localName, String JavaDoc raw) throws SAXException JavaDoc {
220         super.endElement(uri, localName, raw);
221         if (isNode(uri, localName) && documentId.length() > 0) {
222             documentId = documentId.substring(0, documentId.lastIndexOf("/"));
223         }
224     }
225
226     /**
227      * Returns if an element represents a sitetree node.
228      * @param uri The namespace URI.
229      * @param localName The local name.
230      * @return A boolean value.
231      */
232     protected boolean isNode(String JavaDoc uri, String JavaDoc localName) {
233         return uri.equals(SiteTree.NAMESPACE_URI)
234             && (localName.equals(SiteTreeNodeImpl.NODE_NAME) || localName.equals("site"));
235     }
236
237     /**
238      * Returns if an element represents a fragment node.
239      * @param uri The namespace URI.
240      * @param localName The local name.
241      * @return A boolean value.
242      */
243     protected boolean isFragmentNode(String JavaDoc uri, String JavaDoc localName) {
244         return uri.equals(SiteTree.NAMESPACE_URI)
245             && (localName.equals("fragment"));
246     }
247
248 }
249
Popular Tags