KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > mmbase > security > implementation > cloud > Verify


1 /*
2
3 This software is OSI Certified Open Source Software.
4 OSI Certified is a certification mark of the Open Source Initiative.
5
6 The license (Mozilla version 1.0) can be read at the MMBase site.
7 See http://www.MMBase.org/license
8
9 */

10 package org.mmbase.security.implementation.cloud;
11
12 import org.mmbase.security.*;
13 import org.mmbase.bridge.Query;
14
15 import org.mmbase.module.core.MMObjectNode;
16 import org.mmbase.module.core.MMObjectBuilder;
17 import org.mmbase.module.core.MMBase;
18
19 import org.mmbase.util.logging.Logger;
20 import org.mmbase.util.logging.Logging;
21
22 import java.util.*;
23
24 /**
25  * Simple authorization implemenation for 'cloud' security implemenation based only on an mmbasusers
26  * builder. Read-rights on everything for everybody. User named 'admin' has rank administrator and
27  * may do everything. Normal users have no rights on a limited set of 'admin' builders. Normal users may do everything on their 'own' nodes, and
28  * on nodes with the owner field '[shared]'.
29  *
30  * @author Eduard Witteveen
31  * @version $Id: Verify.java,v 1.15 2006/05/16 18:07:20 michiel Exp $
32  */

33 public class Verify extends Authorization {
34     private static final Logger log = Logging.getLoggerInstance(Verify.class);
35     private static final Set adminBuilders = new HashSet();
36
37     protected void load() {
38     adminBuilders.add("typedef");
39     adminBuilders.add("syncnodes");
40     adminBuilders.add("mmservers");
41     adminBuilders.add("icaches");
42     adminBuilders.add("versions");
43     adminBuilders.add("typerel");
44     adminBuilders.add("reldef");
45     adminBuilders.add("daymarks");
46     }
47
48     public void create(UserContext user, int nodeid) {
49         // when we have a create, the user id is set to it..
50
// scary way, to do it with identifier !!
51
setContext(user, nodeid, user.getIdentifier());
52     log.info("[node #"+nodeid+"] created by ["+user.getIdentifier()+"]");
53     }
54
55     public void update(UserContext user, int nodeid) {
56         log.info("[node #"+nodeid+"] updated by ["+user.getIdentifier()+"]");
57     }
58
59     public void remove(UserContext user, int nodeid) {
60     log.info("[node #"+nodeid+"] removed by ["+user.getIdentifier()+"]");
61     }
62
63     public boolean check(UserContext user, int nodeid, Operation operation) {
64     /*
65       well the following rules apply.....
66       - everyone may read everything
67       - anonymous may do nothing further..
68       - basic user do anything to nodes which belong to him...
69       - may see/change it's own mmbase-user builder-node
70       - admin may do everything....
71     */

72     // everyone may read everything....
73
if(operation == Operation.READ) return true;
74
75     // anonoymous may do nothing further...
76
if(user.getRank() == Rank.ANONYMOUS) return false;
77
78     // link operation may always be done by basic users..
79
if(operation == Operation.CHANGE_RELATION) return true;
80
81     MMObjectNode node = getMMNode(nodeid);
82
83     String JavaDoc username = user.getIdentifier();
84     String JavaDoc builder = node.getName();
85     Rank rank = user.getRank();
86         if (log.isDebugEnabled()) {
87             log.debug("[node #" + nodeid + "] check by [" + user.getIdentifier() + "] (" + rank + ")for operation [" + operation + "]");
88         }
89
90     // which situation do we have? security or not security objects..
91
// onlything that we have to lookout for are:
92
//- we are creating a new user
93
//- we are changing behaviour of a user....
94
if(builder.equals("mmbaseusers")) {
95         // look at our node..
96
if(node.getStringValue("username").equals(username)){
97         if(operation == Operation.WRITE) return true;
98         if(operation == Operation.DELETE) return false;
99         }
100         // further nothing allowed, unless we are the admin..
101
return rank == Rank.ADMIN;
102     } else if(operation != Operation.CREATE && adminBuilders.contains(builder)) {
103         // most core builders cant be used by basic users...
104
return rank == Rank.ADMIN;
105     }
106     else {
107         // admin may do everything else..
108
if(rank == Rank.ADMIN) return true;
109
110         if(operation == Operation.CREATE) {
111         String JavaDoc buildername = node.getStringValue("name");
112         if(buildername.equals("mmbaseusers")) {
113             return false;
114         }
115         else if (adminBuilders.contains(buildername)) {
116             return false;
117         }
118         return true;
119         }
120
121         // change context and change node itselve only allowed for the owner...
122
if(operation == Operation.WRITE || operation == Operation.CHANGE_CONTEXT || operation == Operation.DELETE) {
123         // look if this is a valid context...
124
String JavaDoc context = node.getStringValue("owner");
125         if(!getPossibleContexts(user, nodeid).contains(context)) {
126             log.warn("context with name:'" + context + "' not found as user, granting the user the rights for operation:" + operation + " on node #" + nodeid);
127             return true;
128         }
129         return context.equals(username) || context.equals(SHARED_CONTEXT_ID);
130         }
131         // basic users may do everything further...
132
return true;
133     }
134     }
135
136     private static String JavaDoc SHARED_CONTEXT_ID = "[shared]";
137
138     public boolean check(UserContext user, int nodeid, int srcnodeid, int dstnodeid, Operation operation) {
139     // link is always permitted!
140
if(user.getRank() == Rank.ANONYMOUS) return false;
141     return true;
142     }
143
144     public String JavaDoc getContext(UserContext user, int nodeid) throws org.mmbase.security.SecurityException {
145     // check if this operation is allowed? (should also be done somewhere else, but we can never be sure enough)
146
verify(user, nodeid, Operation.READ);
147
148     // and get the value...
149
MMObjectNode node = getMMNode(nodeid);
150     return node.getStringValue("owner");
151     }
152
153     public void setContext(UserContext user, int nodeid, String JavaDoc context) throws org.mmbase.security.SecurityException {
154     // check if is a valid context for us..
155
if(!getPossibleContexts(user, nodeid).contains(context)) {
156         throw new org.mmbase.security.SecurityException("could not set the context to " + context + " for node #" + nodeid + " by user: " + user);
157     }
158     // check if this operation is allowed? (should also be done somewhere else, but we can never be sure enough)
159
verify(user, nodeid, Operation.CHANGE_CONTEXT);
160
161     // well now really set it...
162
MMObjectNode node = getMMNode(nodeid);
163     node.setValue("owner", context);
164     node.commit();
165     log.info("[node #"+nodeid+"] context set ["+user.getIdentifier()+"]");
166     }
167
168     public Set getPossibleContexts(UserContext user, int nodeid) throws org.mmbase.security.SecurityException {
169     // retrieve all the users....
170
MMBase mmb = MMBase.getMMBase();
171     UserBuilder builder = (UserBuilder) mmb.getBuilder("mmbaseusers");
172     Enumeration e = builder.search(null);
173     Set contexts = new HashSet();
174     while(e.hasMoreElements()) {
175         contexts.add(((MMObjectNode) e.nextElement()).getStringValue("username"));
176     }
177     contexts.add(SHARED_CONTEXT_ID);
178         contexts.add(builder.getNode(nodeid).getStringValue("owner"));
179     return contexts;
180     }
181
182     private static MMObjectBuilder builder = null;
183     private MMObjectNode getMMNode(int n) {
184     if(builder == null) {
185             MMBase mmb = MMBase.getMMBase();
186         builder = mmb.getBuilder("typedef");
187         if(builder == null) {
188         throw new org.mmbase.security.SecurityException("builder typedef not found");
189         }
190     }
191     MMObjectNode node = builder.getNode(n);
192     if(node == null) {
193         throw new org.mmbase.security.SecurityException("node not found");
194     }
195     return node;
196     }
197
198     public QueryCheck check(UserContext user, Query query, Operation operation) {
199         if(user.getRank().getInt() >= Rank.ADMIN.getInt()) {
200             return COMPLETE_CHECK;
201         }
202         if(operation == Operation.READ) {
203             return COMPLETE_CHECK;
204         } else {
205             return NO_CHECK;
206         }
207     }
208
209 }
210
Popular Tags