1 10 package org.mmbase.security.implementation.basic; 11 12 import org.mmbase.bridge.Query; 13 14 import org.mmbase.module.core.*; 15 import org.mmbase.security.*; 16 import org.mmbase.security.SecurityException; 17 18 import org.mmbase.util.logging.Logger; 19 import org.mmbase.util.logging.Logging; 20 21 import java.util.*; 22 import java.io.InputStream ; 23 import java.io.IOException ; 24 25 37 public class OwnerAuthorization extends Authorization { 38 39 private static final Logger log = Logging.getLoggerInstance(OwnerAuthorization.class); 40 41 42 private static MMObjectBuilder builder = null; 44 private Set possibleContexts; 45 46 private MMObjectNode getMMNode(int n) { 47 if(builder == null) { 48 MMBase mmb = MMBase.getMMBase(); 49 builder = mmb.getMMObject("typedef"); if(builder == null) throw new SecurityException ("Builder 'typedef'not found."); 51 } 52 MMObjectNode node = builder.getNode(n); 53 if(node == null) throw new SecurityException ("Node '" + n + "' not found"); 54 return node; 55 } 56 57 public void load() { 58 log.service("using: '" + configResource + "' as config file for authentication"); 59 InputStream in = MMBaseCopConfig.securityLoader.getResourceAsStream(configResource); 60 if ( in == null) { 61 log.warn("No '" + configResource + "', nobody will be authorized."); 62 } 63 64 Properties accounts = new Properties(); 65 66 if (in != null) { 67 try { 68 accounts.load(in); 69 } catch (IOException io) { 70 log.error("Could read accounts! " + io, io); 71 } 72 } else { 73 log.warn("Could not find accounts!"); 74 } 75 76 possibleContexts = accounts.keySet(); 77 log.debug("file for accounts loaded"); 78 } 79 80 public void create(UserContext user, int nodeNumber) { 81 if(manager.getActive()) { MMObjectNode node = getMMNode(nodeNumber); 83 node.setValue("owner", user.getIdentifier()); 84 node.commit(); 85 } 86 } 87 88 public void update(UserContext user, int nodeNumber) { 89 if(manager.getActive()) { 90 MMObjectNode node = getMMNode(nodeNumber); 91 node.setValue("owner", user.getIdentifier()); 92 node.commit(); 93 } 94 } 95 96 public void remove(UserContext user, int node) { 97 } 98 99 public boolean check(UserContext user, int nodeNumber, Operation operation) { 100 if (!manager.getActive()) { 102 log.trace("security is not active. permitting operation"); 103 return true; 104 } 105 106 if (log.isDebugEnabled()) { 107 log.trace("checking user: " + user.getIdentifier() + " operation: " + operation + " node: " + nodeNumber); 108 } 109 110 boolean permitted = false; 111 112 if(user.getRank() == Rank.ADMIN) { 114 log.trace("User with rank " + Rank.ADMIN + " always has all rights."); 115 return true; 116 } 117 118 switch(operation.getInt()) { 119 case Operation.CREATE_INT: 121 case Operation.READ_INT: 123 permitted = true; 124 break; 125 case Operation.DELETE_INT: 127 case Operation.WRITE_INT: 129 case Operation.CHANGE_CONTEXT_INT: 130 if(user.getRank() != Rank.ANONYMOUS) { 132 MMObjectNode node = getMMNode(nodeNumber); 133 String ownerName = node.getStringValue("owner"); 134 if (log.isDebugEnabled()) { 135 log.debug("Owner of checking field is:'" + ownerName + "' and user is '" + user.getIdentifier() + "'"); 136 } 137 permitted = ownerName.equals(user.getIdentifier()); 138 } 139 else { 140 permitted = false; 142 } 143 break; 144 default: 145 throw new SecurityException ("Operation '" + operation + "' on node '" + nodeNumber + "' was NOT permitted to user '" + user + "' (Operation unknown?)"); 146 } 147 148 if (log.isDebugEnabled()) { 149 if (permitted) { 150 log.trace("operation was permitted"); 151 } else { 152 log.debug(" user: " + user.getIdentifier() + " operation: " + operation + " node: " + nodeNumber + " operation was NOT permitted"); 153 } 154 } 155 return permitted; 156 } 157 158 public boolean check(UserContext user, int nodeNumber, int srcNodeNumber, int dstNodeNumber, Operation operation) { 159 if(manager.getActive()){ 160 if (user.getRank() == Rank.ANONYMOUS) { 161 if (log.isDebugEnabled()) { 162 log.debug(" user: " + user.getIdentifier() + " operation: " + operation + " node: " + nodeNumber + " operation was NOT permitted"); 163 } 164 return false; 165 } 166 } 167 return true; 168 } 169 170 public String getContext(UserContext user, int nodeNumber) throws SecurityException { 171 verify(user, nodeNumber, Operation.READ); 172 MMObjectNode node = getMMNode(nodeNumber); 174 return node.getStringValue("owner"); 175 } 176 177 180 public void setContext(UserContext user, int nodeNumber, String context) throws SecurityException { 181 Set possible = getPossibleContexts(user, nodeNumber); 183 if(!possible.contains(context)) { 184 throw new SecurityException ("could not set the context to "+context+" for node #"+nodeNumber+" by user: " +user+"not a valid context"); 185 } 186 187 verify(user, nodeNumber, Operation.CHANGE_CONTEXT); 189 190 MMObjectNode node = getMMNode(nodeNumber); 192 node.setValue("owner", user.getIdentifier()); 193 node.commit(); 194 if (log.isServiceEnabled()) { 195 log.service("changed context settings of node #" + nodeNumber + " to context: " + context + " by user: " + user); 196 } 197 } 198 199 202 public Set getPossibleContexts(UserContext user, int nodeNumber) throws org.mmbase.security.SecurityException { 203 204 if (possibleContexts == null) { 205 log.warn("Security not loaded"); 206 return new HashSet(); 207 } else { 208 return possibleContexts; 209 } 210 } 211 212 public QueryCheck check(UserContext user, Query query, Operation operation) { 213 if(user.getRank().getInt() >= Rank.ADMIN.getInt()) { 214 return COMPLETE_CHECK; 215 } 216 if(operation == Operation.READ) { 217 return COMPLETE_CHECK; 218 } else { 219 return NO_CHECK; 220 } 221 } 222 } 223 | Popular Tags |