KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > slide > security > SecurityImplAllGrant


1 /*
2  * $Header: /home/cvs/jakarta-slide/src/share/org/apache/slide/security/SecurityImplAllGrant.java,v 1.9 2004/08/05 15:44:56 unico Exp $
3  * $Revision: 1.9 $
4  * $Date: 2004/08/05 15:44:56 $
5  *
6  * ====================================================================
7  *
8  * Copyright 1999-2002 The Apache Software Foundation
9  *
10  * Licensed under the Apache License, Version 2.0 (the "License");
11  * you may not use this file except in compliance with the License.
12  * You may obtain a copy of the License at
13  *
14  * http://www.apache.org/licenses/LICENSE-2.0
15  *
16  * Unless required by applicable law or agreed to in writing, software
17  * distributed under the License is distributed on an "AS IS" BASIS,
18  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19  * See the License for the specific language governing permissions and
20  * limitations under the License.
21  *
22  */
23
24 package org.apache.slide.security;
25
26 import java.util.Enumeration JavaDoc;
27
28 import org.apache.slide.common.Namespace;
29 import org.apache.slide.common.NamespaceConfig;
30 import org.apache.slide.common.ServiceAccessException;
31 import org.apache.slide.common.Uri;
32 import org.apache.slide.structure.ActionNode;
33 import org.apache.slide.structure.LinkNode;
34 import org.apache.slide.structure.ObjectNode;
35 import org.apache.slide.structure.ObjectNotFoundException;
36 import org.apache.slide.structure.SubjectNode;
37 import org.apache.slide.util.logger.Logger;
38
39 /**
40  * Security helper.
41  *
42  * @version $Revision: 1.9 $
43  */
44 public final class SecurityImplAllGrant extends SecurityImpl implements Security {
45     
46     
47     protected static final String JavaDoc LOG_CHANNEL = SecurityImplAllGrant.class.getName();
48
49     // ----------------------------------------------------------- Constructors
50
51     /**
52      * Constructor.
53      */
54     public SecurityImplAllGrant() {
55         super();
56     }
57     /**
58      * Constructor.
59      *
60      * @param namespace Namespace
61      * @param namespaceConfig Namespace configuration
62      */
63     public SecurityImplAllGrant(Namespace namespace, NamespaceConfig namespaceConfig) {
64         super(namespace, namespaceConfig);
65     }
66     
67     
68     /**
69      * Check whether or not an actor can perform the specified activity
70      * on a collection.
71      *
72      * @param object Object on which access is tested
73      * @param subject Subject who seeks to perform the action
74      * @param action Action which is to be performed
75      * @return true if the action can be performed
76      * @exception ServiceAccessException DataSource access error
77      * @exception ObjectNotFoundException Specified object was not found
78      * in the DataSource
79      */
80     public boolean hasPermission(ObjectNode object, SubjectNode subject,
81                                  ActionNode action)
82         throws ServiceAccessException, ObjectNotFoundException {
83         
84         // no check for default action (server intitialization)
85 if (action.equals(ActionNode.DEFAULT)) {
86             return true;
87         }
88         
89         boolean granted = false;
90         boolean denied = false;
91         boolean rootObjectReached = false;
92         
93         ObjectNode courObject = object;
94         
95         Uri subjectUri = namespace.getUri(subject.getUri());
96         Uri actionUri = namespace.getUri(action.getUri());
97         
98         // check if allready granded
99
100         while (!granted && !denied && !rootObjectReached) {
101             
102             Uri courUri = namespace.getUri(courObject.getUri());
103             Enumeration JavaDoc permissions = courUri.getStore()
104                 .enumeratePermissions(courUri);
105             
106             while (!granted && !denied && permissions.hasMoreElements()) {
107                 
108                 boolean oldGranted = granted;
109                 boolean oldDenied = denied;
110                 
111                 NodePermission permission =
112                     (NodePermission) permissions.nextElement();
113                 String JavaDoc permissionSubject = permission.getSubjectUri();
114
115                 if (permissionSubject.equals(SubjectNode.SELF_URI)) {
116                     boolean check;
117                     check = object.getUri().equals(subjectUri.toString());
118                     if (permission.isInheritable()) {
119                         String JavaDoc subjectUriString = subjectUri.toString();
120                         if(!subjectUriString.endsWith("/"))
121                             subjectUriString = subjectUriString + "/";
122                         
123                         check |= object.getUri().startsWith(subjectUriString);
124                     }
125                     
126                     // Self permission
127 granted = (!permission.isNegative())
128                         && (check)
129                         && (actionUri.toString()
130                                 .startsWith(permission.getActionUri()));
131                     denied = (permission.isNegative())
132                         && (check)
133                         && (actionUri.toString()
134                                 .startsWith(permission.getActionUri()));
135                     
136                 } else if (permission.isInheritable()
137                            || permission.getObjectUri().equals(object.getUri())) {
138                     
139                     if (permissionSubject.startsWith("/") || permissionSubject.equals(SubjectNode.ALL_URI)) {
140                         
141                         // Node permission
142 String JavaDoc permSubj = permission.getSubjectUri();
143                         String JavaDoc permActn = permission.getActionUri();
144                         boolean match = false;
145                         if (permSubj.equals(SubjectNode.ALL_URI)) {
146                             match = true;
147                         }
148                         else {
149                             if(!permSubj.endsWith("/"))
150                                 permSubj = permSubj + "/";
151                             match = subjectUri.toString().
152                                 equals(permission.getSubjectUri()) ||
153                                 subjectUri.toString().startsWith(permSubj);
154                         }
155                         if (permActn.equals(ActionNode.ALL_URI)) {
156                             match &= true;
157                         }
158                         else {
159                             match &= actionUri.toString().
160                                 startsWith(permActn);
161                         }
162                         
163                         granted = (!permission.isNegative()) && match;
164                         denied = permission.isNegative() && match;
165                         
166                     } else if (permissionSubject.startsWith("+")) {
167                         
168                         // Permission group which needs to be expanded
169 Uri permissionSubjectUri =
170                             namespace.getUri(permissionSubject.substring(1));
171                         ObjectNode group;
172                         try {
173                             group = permissionSubjectUri.getStore().retrieveObject(permissionSubjectUri);
174                         } catch (ObjectNotFoundException onfe) {
175                             namespace.getLogger().log(
176                                 "Gracefully ignoring permission of dangling subject " + permissionSubjectUri,
177                                 onfe,
178                                 LOG_CHANNEL,
179                                 Logger.WARNING);
180                             // as a fix of bug #27018, gracefully ignore permissions having dangling subjects
181 continue;
182                         }
183                         // if the node is a GroupNode, expand it out to
184 // normal permissions
185 if (group instanceof
186                             org.apache.slide.structure.GroupNode ) {
187                             if (group.hasChildren()) {
188                                 Enumeration JavaDoc groupMembers =
189                                     group.enumerateChildren();
190                                 // parse thru the children of the group and
191 // check permissions on each
192 while (groupMembers.hasMoreElements()) {
193                                     
194                                     oldGranted = granted;
195                                     oldDenied = denied;
196                                     
197                                     Uri childUri =
198                                         namespace.getUri
199                                         ((String JavaDoc) groupMembers.nextElement());
200                                     ObjectNode childNode;
201                                     try {
202                                         childNode = childUri.getStore().retrieveObject(childUri);
203                                     } catch (ObjectNotFoundException onfe) {
204                                         namespace.getLogger().log(
205                                             "Gracefully ignoring permission of dangling subject "
206                                                 + childUri,
207                                             onfe,
208                                             LOG_CHANNEL,
209                                             Logger.WARNING);
210                                         // as a fix of bug #27018, gracefully ignore permissions having dangling subjects
211 continue;
212                                     }
213                                     String JavaDoc childSubjectUri = childNode
214                                         instanceof LinkNode ?
215                                         ((LinkNode) childNode)
216                                         .getLinkedUri() :
217                                         childNode.getUri() ;
218                                     
219                                     String JavaDoc testUri;
220                                     if(!childSubjectUri.endsWith("/"))
221                                         testUri = childSubjectUri+"/";
222                                     else
223                                         testUri = childSubjectUri;
224                                     
225                                     boolean match = subjectUri.toString().
226                                         equals(childSubjectUri) ||
227                                         subjectUri.toString().
228                                         startsWith(testUri);
229                                     match &= actionUri.toString().
230                                         startsWith(permission.getActionUri());
231                                     
232                                     granted = (!permission.isNegative()) &&
233                                         match;
234                                     denied = permission.isNegative() && match;
235                                     
236                                     granted = granted | oldGranted;
237                                     denied = denied | oldDenied;
238                                     
239                                 }
240                             }
241                         }
242                         
243                     } else {
244                         
245                         // Role permission
246 granted = (!permission.isNegative())
247                             && (hasRole(subject, permissionSubject))
248                             && (actionUri.toString()
249                                     .startsWith(permission.getActionUri()));
250                         denied = (permission.isNegative())
251                             && (hasRole(subject, permissionSubject))
252                             && (actionUri.toString()
253                                     .startsWith(permission.getActionUri()));
254                         
255                     }
256                     
257                 }
258                 
259                 granted = granted | oldGranted;
260                 denied = denied | oldDenied;
261                 
262             }
263             
264             Uri parentUri = courUri.getParentUri();
265             
266             if (parentUri != null) {
267                 courObject = parentUri.getStore()
268                     .retrieveObject(parentUri);
269             } else {
270                 rootObjectReached = true;
271             }
272         }
273         
274         // Negative permissions have priority (if they're defined on the same
275 // node)
276 if (denied) {
277             return false;
278         }
279         
280         if (!granted) {
281             return false;
282         }
283         
284         return true;
285         
286     }
287 }
288
Popular Tags