1 46 47 package org.mr.kernel.security.authorization; 48 49 import org.mr.kernel.security.impl.ACLStorageConnector; 50 import org.mr.kernel.security.impl.ACLStorageConnectorFactory; 51 import org.mr.kernel.security.authorization.permissions.MantaPermission; 52 import org.mr.MantaAgent; 53 import org.mr.kernel.security.*; 54 import org.apache.commons.logging.Log; 55 import org.apache.commons.logging.LogFactory; 56 57 import java.net.InetAddress ; 58 import java.util.List ; 59 60 74 public class MantaACLAuthorizationManager implements SecurityConfigurationPaths, SecurityConstants { 75 private static MantaACLAuthorizationManager _instance; 76 private MantaCache _permissionsCache; 77 private MantaCache _whiteListCache; 78 private ACLStorageConnector _storage; 79 private Log _logger; 80 81 private boolean _isWhiteList; 85 86 private boolean _usePermissionsCache; 88 private boolean _useWhiteListCache; 89 90 private MantaACLAuthorizationManager() throws MantaSecurityException { 91 _usePermissionsCache = MantaAgent.getInstance().getSingletonRepository().getConfigManager().getBooleanProperty(ACL + "." + USE_PERMISSION_CACHE, DEFAULT_USE_PERMISSION_CACHE); 92 _useWhiteListCache = MantaAgent.getInstance().getSingletonRepository().getConfigManager().getBooleanProperty(ACL + "." + USE_WHITE_LIST_CACHE, DEFAULT_USE_WHITE_LIST_CACHE); 93 _isWhiteList = MantaAgent.getInstance().getSingletonRepository().getConfigManager().getBooleanProperty(ACL + "." + WHITE_LIST, DEFAULT_WHITE_LIST); 94 95 if (_usePermissionsCache) 96 _permissionsCache = new MantaPermissionCache(); 97 98 if (_useWhiteListCache) 99 _whiteListCache = new MantaWhiteListCache(); 100 101 String currentACLConfigurationInUse = MantaAgent.getInstance().getSingletonRepository().getConfigManager().getStringProperty(ACL + "." + ACL_CONFIGURATION_IN_USE); 102 if (currentACLConfigurationInUse == null){ 103 if (getLogger().isErrorEnabled()) 104 getLogger().error("[MantaACLAuthorizationManager] Unable to find configuration parameter: " + ACL + "." + ACL_CONFIGURATION_IN_USE); 105 throw new MantaSecurityException("Unable to find configuration parameter: " + ACL + "." + ACL_CONFIGURATION_IN_USE); 106 } 107 _storage = ACLStorageConnectorFactory.getInstance().getACLStorageConnector(currentACLConfigurationInUse); 108 109 127 } 128 129 134 public static MantaACLAuthorizationManager getInstance() throws MantaSecurityException { 135 if (_instance == null){ 136 synchronized(MantaACLAuthorizationManager.class){ 137 if (_instance == null) 138 _instance = new MantaACLAuthorizationManager(); 139 } 140 } 141 return _instance; 142 } 143 144 154 public boolean isAuthorized(InetAddress inetAddress) throws MantaSecurityException { 155 if (_useWhiteListCache){ 156 AuthorizationValue value = searchInWhiteListCache(inetAddress); 157 if (value != null){ 158 if (getLogger().isDebugEnabled()) 159 getLogger().debug("[isAuthorized] White list entry [" + inetAddress + "] found in cache."); 160 return value.isAuthorized(); 161 } 162 else { 163 if (getLogger().isDebugEnabled()) 164 getLogger().debug("[isAuthorized] White list entry [" + inetAddress + "] not found in cache."); 165 } 166 } 167 return checkACL(inetAddress); 168 } 169 170 183 public boolean isAuthorized(UserPrincipal principal, int actionType, Object param) throws MantaSecurityException { 184 List searchedPermissions = ActionFactory.getInstance().getMantaAction(actionType).getPermissionSearchList(param); 185 for (int i=0 ; i<searchedPermissions.size() ; i++){ 186 AuthorizationValue value = searchInPermissionsCache(principal, (MantaPermission) searchedPermissions.get(i)); 187 if (value != null){ 188 return value.isAuthorized(); 189 } 190 191 value = checkACL(principal, (MantaPermission) searchedPermissions.get(i)); 192 if (value != null) 193 return value.isAuthorized(); 194 } 195 196 return false; 197 } 198 199 212 public String getGroupOfUser(String username) throws MantaSecurityException { 213 return _storage.getGroupOfUser(username); 214 } 215 216 private AuthorizationValue searchInWhiteListCache(InetAddress inetAddress){ 217 WhiteListKeyEntry entry = new WhiteListKeyEntry(inetAddress); 218 if (_whiteListCache.contains(entry)) 219 return _whiteListCache.isAuthorized(entry); 220 return null; 221 } 222 223 private boolean checkACL(InetAddress inetAddress) throws MantaSecurityException { 224 boolean authorized = false; 225 WhiteListKeyEntry entry = new WhiteListKeyEntry(inetAddress); 226 AuthorizationValue authorizationValue = searchACLStorage(entry); 227 if (authorizationValue != null){ 228 if (getLogger().isDebugEnabled()) 229 getLogger().debug("[checkACL] White list entry [" + inetAddress + "] found in ACL."); 230 authorized = authorizationValue.isAuthorized(); 231 if (!_isWhiteList) 233 authorizationValue.setAuthorized(!authorized); 234 if (_useWhiteListCache){ 235 if (getLogger().isDebugEnabled()) 236 getLogger().debug("[checkACL] Adding white list entry [" + inetAddress + "] to the cache."); 237 _whiteListCache.add(entry, authorizationValue); 238 } 239 } 240 if (!_isWhiteList){ 242 if (getLogger().isDebugEnabled()) 243 getLogger().debug("[checkACL] White list is actually black. Switching " + authorized + " to " + !authorized); 244 authorized = !authorized; 245 } 246 return authorized; 247 } 248 249 private AuthorizationValue checkACL(UserPrincipal user, MantaPermission permission) throws MantaSecurityException { 250 PermissionKeyEntry entry = new PermissionKeyEntry(user, permission); 252 AuthorizationValue authorizationValue = searchACLStorage(entry); 253 if (authorizationValue != null){ 254 if (getLogger().isDebugEnabled()) 255 getLogger().debug("[checkACL] Permission [" + permission + "] for user " + user + " found in ACL."); 256 if (_usePermissionsCache){ 257 if (getLogger().isDebugEnabled()) 258 getLogger().debug("[checkACL] Adding permission [" + permission + "] for user " + user + " to the cache."); 259 _permissionsCache.add(entry, authorizationValue); 260 } 261 return authorizationValue; 262 } 263 else { 264 if (getLogger().isDebugEnabled()) 265 getLogger().debug("[checkACL] Permission [" + permission + "] for user " + user + " not found in ACL."); 266 } 267 268 String groupOfUser = (String ) user.getProperty(PROPERTY_USER_GROUP); 270 if (groupOfUser == null || "".equals(groupOfUser)){ 271 if (getLogger().isWarnEnabled()) 272 getLogger().warn("[checkACL] Group of user " + user.getName() + " isn't found in user properties"); 273 throw new MantaSecurityException("Group of user " + user.getName() + " isn't found in user properties"); 274 } 275 276 GroupPrincipal group = new GroupPrincipal(groupOfUser); 277 entry = new PermissionKeyEntry(group, permission); 278 279 authorizationValue = searchACLStorage(entry); 280 if (authorizationValue != null){ 281 if (getLogger().isDebugEnabled()) 282 getLogger().debug("[checkACL] Permission [" + permission + "] for " + group + " found in ACL."); 283 if (_usePermissionsCache){ 284 if (getLogger().isDebugEnabled()) 285 getLogger().debug("[checkACL] Adding permission [" + permission + "] for " + group + " to the cache."); 286 _permissionsCache.add(entry, authorizationValue); 287 } 288 return authorizationValue; 289 } 290 else { 291 if (getLogger().isDebugEnabled()) 292 getLogger().debug("[checkACL] Permission [" + permission + "] for " + group + " not found in ACL."); 293 } 294 return null; 295 } 296 297 private AuthorizationValue searchACLStorage(ACLKeyEntry keyEntry) throws MantaSecurityException { 298 return _storage.isAuthorized(keyEntry); 299 } 300 301 private AuthorizationValue searchInPermissionsCache(UserPrincipal principal, MantaPermission permission) throws MantaSecurityException { 302 if (!_usePermissionsCache) 303 return null; 304 PermissionKeyEntry entry = new PermissionKeyEntry(principal, permission); 306 if (_permissionsCache.contains(entry)){ 307 if (getLogger().isDebugEnabled()) 308 getLogger().debug("[searchInPermissionsCache] Permission [" + permission + "] for user " + principal + " found in cache."); 309 return _permissionsCache.isAuthorized(entry); 310 } 311 else { 312 if (getLogger().isDebugEnabled()) 313 getLogger().debug("[searchInPermissionsCache] Permission [" + permission + "] for user " + principal + " not found in cache."); 314 } 315 316 String groupOfUser = (String ) principal.getProperty(PROPERTY_USER_GROUP); 319 if (groupOfUser == null || "".equals(groupOfUser)){ 320 if (getLogger().isWarnEnabled()) 321 getLogger().warn("[searchInPermissionsCache] Group of user " + principal.getName() + " isn't found in user properties"); 322 throw new MantaSecurityException("Group of user " + principal.getName() + " isn't found in user properties"); 323 } 324 325 GroupPrincipal group = new GroupPrincipal(groupOfUser); 326 entry = new PermissionKeyEntry(group, permission); 327 if (_permissionsCache.contains(entry)){ 328 if (getLogger().isDebugEnabled()) 329 getLogger().debug("[searchInPermissionsCache] Permission [" + permission + "] for group " + group + " found in cache."); 330 return _permissionsCache.isAuthorized(entry); 331 } 332 else { 333 if (getLogger().isDebugEnabled()) 334 getLogger().debug("[searchInPermissionsCache] Permission [" + permission + "] for group " + group + " not found in cache."); 335 } 336 return null; 337 } 338 339 344 public Log getLogger(){ 345 if (_logger == null){ 346 _logger = LogFactory.getLog(getClass().getName()); 347 } 348 return _logger; 349 } 350 } 351 | Popular Tags |