KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > mmbase > security > implementation > basic > OwnerAuthorization


1 /*
2
3 This software is OSI Certified Open Source Software.
4 OSI Certified is a certification mark of the Open Source Initiative.
5
6 The license (Mozilla version 1.0) can be read at the MMBase site.
7 See http://www.MMBase.org/license
8
9 */
10 package org.mmbase.security.implementation.basic;
11
12 import org.mmbase.bridge.Query;
13
14 import org.mmbase.module.core.*;
15 import org.mmbase.security.*;
16 import org.mmbase.security.SecurityException;
17
18 import org.mmbase.util.logging.Logger;
19 import org.mmbase.util.logging.Logging;
20
21 import java.util.*;
22 import java.io.InputStream JavaDoc;
23 import java.io.IOException JavaDoc;
24
25 /**
26  * A very simple Authorization implementation, based an a property file. Every user will be present
27  * in this file as one property. Only the keys are of importance when authorizing, because it
28  * determines the 'possible users' and 'possible contexts'.
29  *
30  * Furthermore everybody is authorized to read, you may create if you are known, (so not anonymous),
31  * and you may edit, if you are either administrator or editing your 'own' node.
32  *
33  * @author Eduard Witteveen
34  * @author Michiel Meeuwissen
35  * @version $Id: OwnerAuthorization.java,v 1.13 2005/03/01 14:15:28 michiel Exp $
36  */
37 public class OwnerAuthorization extends Authorization {
38
39     private static final Logger log = Logging.getLoggerInstance(OwnerAuthorization.class);
40
41
42     private static MMObjectBuilder builder = null; // only to get Nodes from
43
44     private Set possibleContexts;
45
46     private MMObjectNode getMMNode(int n) {
47         if(builder == null) {
48             MMBase mmb = MMBase.getMMBase();
49             builder = mmb.getMMObject("typedef"); // only because it always exists
50 if(builder == null) throw new SecurityException JavaDoc("Builder 'typedef'not found.");
51         }
52         MMObjectNode node = builder.getNode(n);
53         if(node == null) throw new SecurityException JavaDoc("Node '" + n + "' not found");
54         return node;
55     }
56
57     public void load() {
58         log.service("using: '" + configResource + "' as config file for authentication");
59         InputStream JavaDoc in = MMBaseCopConfig.securityLoader.getResourceAsStream(configResource);
60         if ( in == null) {
61             log.warn("No '" + configResource + "', nobody will be authorized.");
62         }
63         
64         Properties accounts = new Properties();
65         
66         if (in != null) {
67             try {
68                 accounts.load(in);
69             } catch (IOException JavaDoc io) {
70                 log.error("Could read accounts! " + io, io);
71             }
72         } else {
73             log.warn("Could not find accounts!");
74         }
75
76         possibleContexts = accounts.keySet();
77         log.debug("file for accounts loaded");
78     }
79
80     public void create(UserContext user, int nodeNumber) {
81         if(manager.getActive()) { // else don't touch.
82 MMObjectNode node = getMMNode(nodeNumber);
83             node.setValue("owner", user.getIdentifier());
84             node.commit();
85         }
86     }
87
88     public void update(UserContext user, int nodeNumber) {
89         if(manager.getActive()) {
90             MMObjectNode node = getMMNode(nodeNumber);
91             node.setValue("owner", user.getIdentifier());
92             node.commit();
93         }
94     }
95
96     public void remove(UserContext user, int node) {
97     }
98
99     public boolean check(UserContext user, int nodeNumber, Operation operation) {
100         // if we don't do security, then we are allowed to do everything.
101 if (!manager.getActive()) {
102             log.trace("security is not active. permitting operation");
103             return true;
104         }
105
106         if (log.isDebugEnabled()) {
107             log.trace("checking user: " + user.getIdentifier() + " operation: " + operation + " node: " + nodeNumber);
108         }
109
110         boolean permitted = false;
111
112         // if we are admin, then everything is permitted as well....
113 if(user.getRank() == Rank.ADMIN) {
114             log.trace("User with rank " + Rank.ADMIN + " always has all rights.");
115             return true;
116         }
117
118         switch(operation.getInt()) {
119             // say we may always create, if we are authenticated.
120 case Operation.CREATE_INT:
121             // nah, we may always view other nodes.,....
122 case Operation.READ_INT:
123             permitted = true;
124             break;
125             // same rights as writing, no break
126 case Operation.DELETE_INT:
127             // dont think so when we are anonymous...
128 case Operation.WRITE_INT:
129         case Operation.CHANGE_CONTEXT_INT:
130             // we are logged in, check if we may edit this node,....
131 if(user.getRank() != Rank.ANONYMOUS) {
132                 MMObjectNode node = getMMNode(nodeNumber);
133                 String JavaDoc ownerName = node.getStringValue("owner");
134                 if (log.isDebugEnabled()) {
135                     log.debug("Owner of checking field is:'" + ownerName + "' and user is '" + user.getIdentifier() + "'");
136                 }
137                 permitted = ownerName.equals(user.getIdentifier());
138             }
139             else {
140                 // if user is anonymous.....
141 permitted = false;
142             }
143             break;
144         default:
145             throw new SecurityException JavaDoc("Operation '" + operation + "' on node '" + nodeNumber + "' was NOT permitted to user '" + user + "' (Operation unknown?)");
146         }
147         
148         if (log.isDebugEnabled()) {
149             if (permitted) {
150                 log.trace("operation was permitted");
151             } else {
152                 log.debug(" user: " + user.getIdentifier() + " operation: " + operation + " node: " + nodeNumber + " operation was NOT permitted");
153             }
154         }
155         return permitted;
156     }
157
158     public boolean check(UserContext user, int nodeNumber, int srcNodeNumber, int dstNodeNumber, Operation operation) {
159         if(manager.getActive()){
160             if (user.getRank() == Rank.ANONYMOUS) {
161                 if (log.isDebugEnabled()) {
162                     log.debug(" user: " + user.getIdentifier() + " operation: " + operation + " node: " + nodeNumber + " operation was NOT permitted");
163                 }
164                 return false;
165             }
166         }
167         return true;
168     }
169
170     public String JavaDoc getContext(UserContext user, int nodeNumber) throws SecurityException JavaDoc {
171         verify(user, nodeNumber, Operation.READ);
172         // and get the value...
173 MMObjectNode node = getMMNode(nodeNumber);
174         return node.getStringValue("owner");
175     }
176
177     /**
178      * This method does nothing, except from checking if the setContext was valid..
179      */
180     public void setContext(UserContext user, int nodeNumber, String JavaDoc context) throws SecurityException JavaDoc {
181         // check if is a valid context for us..
182 Set possible = getPossibleContexts(user, nodeNumber);
183         if(!possible.contains(context)) {
184             throw new SecurityException JavaDoc("could not set the context to "+context+" for node #"+nodeNumber+" by user: " +user+"not a valid context");
185         }
186         
187         // check if this operation is allowed? (should also be done somewhere else, but we can never be sure enough)
188 verify(user, nodeNumber, Operation.CHANGE_CONTEXT);
189         
190         // well now really set it...
191 MMObjectNode node = getMMNode(nodeNumber);
192         node.setValue("owner", user.getIdentifier());
193         node.commit();
194         if (log.isServiceEnabled()) {
195             log.service("changed context settings of node #" + nodeNumber + " to context: " + context + " by user: " + user);
196         }
197     }
198
199     /**
200      * Returns a list of all users in accounts.properties
201      */
202     public Set getPossibleContexts(UserContext user, int nodeNumber) throws org.mmbase.security.SecurityException {
203
204         if (possibleContexts == null) {
205             log.warn("Security not loaded");
206             return new HashSet();
207         } else {
208             return possibleContexts;
209         }
210     }
211
212     public QueryCheck check(UserContext user, Query query, Operation operation) {
213         if(user.getRank().getInt() >= Rank.ADMIN.getInt()) {
214             return COMPLETE_CHECK;
215         }
216         if(operation == Operation.READ) {
217             return COMPLETE_CHECK;
218         } else {
219             return NO_CHECK;
220         }
221     }
222 }
223
Popular Tags