1 19 package org.lucane.server.acl; 20 21 import java.sql.*; 22 import java.util.ArrayList ; 23 import java.util.Iterator ; 24 25 import org.lucane.common.acl.AclInfo; 26 import org.lucane.common.concepts.*; 27 import org.lucane.server.store.*; 28 import org.lucane.server.Server; 29 import org.lucane.server.database.DatabaseAbstractionLayer; 30 31 public class DefaultAccessController extends AccessController 32 { 33 private static final String TABLENAME = "AccessControl"; 34 private DatabaseAbstractionLayer layer; 35 36 protected DefaultAccessController() throws Exception 37 { 38 this.layer = Server.getInstance().getDBLayer(); 39 40 if(!layer.hasTable(TABLENAME)) 41 { 42 String dbDescription = "jar:file:///" 43 + Server.getInstance().getWorkingDirectory() 44 + "lib/lucane-server-" +Server.VERSION+ ".jar!/" 45 + "db-access-control.xml"; 46 47 layer.getTableCreator().createFromXml(dbDescription); 48 } 49 } 50 51 54 private void writeAcl(String appName, String item, String access, boolean allow, String groupName, String userName) 55 throws Exception 56 { 57 Connection connection = layer.getConnection(); 58 PreparedStatement insert = connection.prepareStatement( 59 "INSERT INTO " + TABLENAME + " VALUES(?, ?, ?, ?, ?, ?)"); 60 61 insert.setString(1, appName); 62 insert.setString(2, item); 63 insert.setString(3, access); 64 insert.setInt(4, allow ? 1 : 0); 65 if(groupName == null) 66 insert.setNull(5, Types.VARCHAR); 67 else 68 insert.setString(5, groupName); 69 if(userName == null) 70 insert.setNull(6, Types.VARCHAR); 71 else 72 insert.setString(6, userName); 73 74 insert.execute(); 75 insert.close(); 76 connection.close(); 77 } 78 79 80 82 85 public void allowUser(String appName, String item, String access, String userName) 86 throws Exception 87 { 88 removeAclForUser(appName, item, access, userName); 89 writeAcl(appName, item, access, true, null, userName); 90 } 91 92 95 public void allowGroup(String appName, String item, String access, String groupName) 96 throws Exception 97 { 98 removeAclForGroup(appName, item, access, groupName); 99 writeAcl(appName, item, access, true, groupName, null); 100 } 101 102 103 106 public void denyUser(String appName, String item, String access, String userName) 107 throws Exception 108 { 109 removeAclForUser(appName, item, access, userName); 110 writeAcl(appName, item, access, false, null, userName); 111 } 112 113 116 public void denyGroup(String appName, String item, String access, String groupName) 117 throws Exception 118 { 119 removeAclForGroup(appName, item, access, groupName); 120 writeAcl(appName, item, access, false, groupName, null); 121 } 122 123 124 126 129 public void removeAclForUser(String appName, String item, String access, String userName) 130 throws Exception 131 { 132 Connection connection = layer.getConnection(); 133 PreparedStatement delete = connection.prepareStatement( 134 "DELETE FROM " + TABLENAME + " WHERE appName=? AND item=? AND access=? AND userName=?"); 135 136 delete.setString(1, appName); 137 delete.setString(2, item); 138 delete.setString(3, access); 139 delete.setString(4, userName); 140 delete.execute(); 141 142 delete.close(); 143 connection.close(); 144 } 145 146 149 public void removeAclForGroup(String appName, String item, String access, String groupName) 150 throws Exception 151 { 152 Connection connection = layer.getConnection(); 153 PreparedStatement delete = connection.prepareStatement( 154 "DELETE FROM " + TABLENAME + " WHERE appName=? AND item=? AND access=? AND groupName=?"); 155 156 delete.setString(1, appName); 157 delete.setString(2, item); 158 delete.setString(3, access); 159 delete.setString(4, groupName); 160 delete.execute(); 161 162 delete.close(); 163 connection.close(); 164 } 165 166 168 171 public AclInfo[] getAcls(String appName, String item) 172 throws Exception 173 { 174 Connection connection = layer.getConnection(); 175 PreparedStatement select = connection.prepareStatement( 176 "SELECT access, allow, groupName, userName FROM " + TABLENAME + 177 " WHERE appName=? AND item=?"); 178 179 select.setString(1, appName); 180 select.setString(2, item); 181 ResultSet rs = select.executeQuery(); 182 183 ArrayList acls = new ArrayList (); 184 while(rs.next()) 185 { 186 String access = rs.getString(1); 187 int allow = rs.getInt(2); 188 String groupName = rs.getString(3); 189 String userName = rs.getString(4); 190 191 AclInfo info = new AclInfo(access, allow==1, groupName, userName); 192 acls.add(info); 193 } 194 195 rs.close(); 196 select.close(); 197 connection.close(); 198 199 AclInfo[] infos = new AclInfo[acls.size()]; 200 for(int i=0;i<acls.size();i++) 201 infos[i] = (AclInfo)acls.get(i); 202 203 return infos; 204 } 205 206 209 private boolean userNameIsInGroup(String userName, String groupName) 210 throws Exception 211 { 212 UserStore userNameStore = Server.getInstance().getStore().getUserStore(); 213 UserConcept concept = userNameStore.getUser(userName); 214 Iterator groups = userNameStore.getAllUserGroups(concept); 215 216 while(groups.hasNext()) 217 { 218 GroupConcept group = (GroupConcept)groups.next(); 219 if(group.getName().equals(groupName)) 220 return true; 221 } 222 223 return false; 224 } 225 226 227 230 public String [] getAccesses(String appName, String item, String userName) 231 throws Exception 232 { 233 AclInfo[] infos = getAcls(appName, item); 234 ArrayList allow = new ArrayList (); 235 ArrayList deny = new ArrayList (); 236 237 for(int i=0;i<infos.length;i++) 240 { 241 AclInfo info = infos[i]; 242 243 boolean userNameIsConcerned = (info.getUser() != null && info.getUser().equals(userName)); 244 if(!userNameIsConcerned) 245 userNameIsConcerned = (info.getGroup() != null && userNameIsInGroup(userName, info.getGroup())); 246 247 if(userNameIsConcerned && info.isAllow()) 248 allow.add(info.getAccess()); 249 else if(userNameIsConcerned && info.isDeny()) 250 deny.add(info.getAccess()); 251 } 252 253 allow.removeAll(deny); 255 256 String [] accesses = new String [allow.size()]; 257 for(int i=0;i<allow.size();i++) 258 accesses[i] = (String )allow.get(i); 259 260 return accesses; 261 } 262 263 264 267 public boolean hasAccess(String appName, String item, String access, String userName) 268 throws Exception 269 { 270 String [] accesses = getAccesses(appName, item, userName); 271 for(int i=0;i<accesses.length;i++) 272 { 273 if(accesses[i].equals(access)) 274 return true; 275 } 276 277 return false; 278 } 279 280 282 285 public void removeItem(String appName, String item) 286 throws Exception 287 { 288 Connection connection = layer.getConnection(); 289 PreparedStatement delete = connection.prepareStatement( 290 "DELETE FROM " + TABLENAME + " WHERE appName=? AND item=?"); 291 292 delete.setString(1, appName); 293 delete.setString(2, item); 294 delete.execute(); 295 296 delete.close(); 297 connection.close(); 298 } 299 300 303 public void removeUser(String userName) 304 throws Exception 305 { 306 Connection connection = layer.getConnection(); 307 PreparedStatement delete = connection.prepareStatement( 308 "DELETE FROM " + TABLENAME + " WHERE userName=?"); 309 310 delete.setString(1, userName); 311 delete.execute(); 312 313 delete.close(); 314 connection.close(); 315 } 316 317 318 321 public void removeApplication(String appName) 322 throws Exception 323 { 324 Connection connection = layer.getConnection(); 325 PreparedStatement delete = connection.prepareStatement( 326 "DELETE FROM " + TABLENAME + " WHERE appName=?"); 327 328 delete.setString(1, appName); 329 delete.execute(); 330 331 delete.close(); 332 connection.close(); 333 } 334 335 338 public void removeGroup(String groupName) 339 throws Exception 340 { 341 Connection connection = layer.getConnection(); 342 PreparedStatement delete = connection.prepareStatement( 343 "DELETE FROM " + TABLENAME + " WHERE groupName=?"); 344 345 delete.setString(1, groupName); 346 delete.execute(); 347 348 delete.close(); 349 connection.close(); 350 } 351 } | Popular Tags |