KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > mr > kernel > security > authorization > MantaAuthorizationImpl


1 /*
2  * Copyright 2002 by
3  * <a HREF="http://www.coridan.com">Coridan</a>
4  * <a HREF="mailto: support@coridan.com ">support@coridan.com</a>
5  *
6  * The contents of this file are subject to the Mozilla Public License Version
7  * 1.1 (the "License"); you may not use this file except in compliance with the
8  * License. You may obtain a copy of the License at
9  * http://www.mozilla.org/MPL/
10  *
11  * Software distributed under the License is distributed on an "AS IS" basis,
12  * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
13  * for the specific language governing rights and limitations under the
14  * License.
15  *
16  * The Original Code is "MantaRay" (TM).
17  *
18  * The Initial Developer of the Original Code is Shirley Sasson.
19  * Portions created by the Initial Developer are Copyright (C) 2006
20  * Coridan Inc. All Rights Reserved.
21  *
22  * Contributor(s): all the names of the contributors are added in the source
23  * code where applicable.
24  *
25  * Alternatively, the contents of this file may be used under the terms of the
26  * LGPL license (the "GNU LESSER GENERAL PUBLIC LICENSE"), in which case the
27  * provisions of LGPL are applicable instead of those above. If you wish to
28  * allow use of your version of this file only under the terms of the LGPL
29  * License and not to allow others to use your version of this file under
30  * the MPL, indicate your decision by deleting the provisions above and
31  * replace them with the notice and other provisions required by the LGPL.
32  * If you do not delete the provisions above, a recipient may use your version
33  * of this file under either the MPL or the GNU LESSER GENERAL PUBLIC LICENSE.
34
35  *
36  * This library is free software; you can redistribute it and/or modify it
37  * under the terms of the MPL as stated above or under the terms of the GNU
38  * Lesser General Public License as published by the Free Software Foundation;
39  * either version 2.1 of the License, or any later version.
40  *
41  * This library is distributed in the hope that it will be useful, but WITHOUT
42  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
43  * FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public
44  * License for more details.
45  */

46
47 package org.mr.kernel.security.authorization;
48
49 import javax.jms.JMSSecurityException JavaDoc;
50 import java.net.InetAddress JavaDoc;
51
52 import org.mr.kernel.security.*;
53 import org.mr.kernel.security.MantaAuthorization;
54 import org.apache.commons.logging.Log;
55 import org.apache.commons.logging.LogFactory;
56
57 /**
58  * This class is an implementation of {@link org.mr.kernel.security.MantaAuthorization}.
59  *
60  * @version 1.0
61  * @since May 9, 2006
62  * @author Shirley Sasson
63  *
64  */

65 public class MantaAuthorizationImpl implements MantaAuthorization, SecurityConstants, SecurityConfigurationPaths {
66     private Log _logger;
67
68     /**
69      * This method is used to check whether or not a given IP address is in the list of allowed IPs.
70      *
71      * Each domain will hold a white (or black) list that holds authorized (or non authorized) IP addresses.
72      * When Manta wishes to perform some action that involves some IP address, it will call this method in order
73      * to determine whether or not this IP address is allowed or not.
74      *
75      * If IP address is authorized, the method returns with no value.
76      *
77      * @param inetAddress
78      * IP address to be checked against white/black list
79      * @throws SecurityException if IP address is unauthorized
80      */

81     public void authorize(InetAddress JavaDoc inetAddress) throws SecurityException JavaDoc {
82         if (inetAddress == null){
83             if (getLogger().isErrorEnabled())
84                 getLogger().error("[authorize] Invalid argument: inetAddress");
85             throw new SecurityException JavaDoc("Invalid argument: inetAddress");
86         }
87
88         try {
89             // authenticate with ACL
90
boolean isPermitted = MantaACLAuthorizationManager.getInstance().isAuthorized(inetAddress);
91             if (!isPermitted){
92                 if (getLogger().isInfoEnabled())
93                     getLogger().info("[authorize] IP " + inetAddress.toString() + " is unauthorized");
94                 throw new SecurityException JavaDoc("unauthorized IP");
95             }
96             else {
97                 if (getLogger().isInfoEnabled())
98                     getLogger().info("[authorize] IP " + inetAddress.toString() + " is authorized");
99             }
100         }
101         catch (MantaSecurityException mse){
102             if (getLogger().isErrorEnabled())
103                 getLogger().error("[authorize] " + mse.getMessage());
104             throw new SecurityException JavaDoc(mse.getMessage());
105         }
106     }
107
108     /**
109      * This method is used to check whether or not a given session id represents a client that is allowed
110      * to perform a specific action.
111      *
112      * Actions that require an authorization might be creating a producer on a queue,
113      * creating a consumer on a topic, etc.
114      *
115      * Use this method when the action is to be performed on a specific queue, topic, etc.
116      * Then the name of the queue or topic will be specified as the "param" parameter.
117      *
118      * If the action is authorized, the method returns with no value.
119      *
120      * @param sessionID
121      * the session id returned from MantaAuthentication.authenticate method
122      * @param actionType
123      * an integer value indicating the action to perform.
124      * Use a member of ActionTypes
125      * @param param
126      * an object containing additional parameters relevant for the specific action
127      * @throws JMSSecurityException if action is unauthorized for the specific client
128      * @see org.mr.kernel.security.MantaAuthentication
129      * @see org.mr.kernel.security.SecurityActionTypes
130      */

131     public void authorize(SessionID sessionID, int actionType, Object JavaDoc param) throws JMSSecurityException JavaDoc{
132         if (sessionID == null){
133             if (getLogger().isErrorEnabled())
134                 getLogger().error("[authorize] Invalid argument: sessionID");
135             throw new JMSSecurityException JavaDoc("Invalid argument: sessionID");
136         }
137
138         if (!(SessionManager.getInstance().contains(sessionID))){
139             if (getLogger().isInfoEnabled())
140                 getLogger().info("[authorize] Session ID " + sessionID.toString() + " not found in session manager.");
141             throw new JMSSecurityException JavaDoc("Session ID " + sessionID.toString() + " not found in session manager.");
142         }
143         UserPrincipal principal = SessionManager.getInstance().getPrincipal(sessionID);
144
145         try {
146             if (principal.getProperty(PROPERTY_USER_GROUP) == null){
147                 // get the group of the user from the ACL
148
String JavaDoc groupOfUser = MantaACLAuthorizationManager.getInstance().getGroupOfUser(principal.getName());
149                 if (groupOfUser == null){
150                     if (getLogger().isInfoEnabled())
151                         getLogger().info("[authorize] Group of user " + principal.getName() + " not found");
152                 }
153                 else {
154                     if (getLogger().isInfoEnabled())
155                         getLogger().info("[authorize] Group of user " + principal.getName() + " is " + groupOfUser);
156                     principal.setProperty(PROPERTY_USER_GROUP, groupOfUser);
157                 }
158             }
159
160             // sessionID found - check the permission
161
boolean isPermitted = MantaACLAuthorizationManager.getInstance().isAuthorized(principal, actionType, param);
162             if (!isPermitted){
163                 if (param == null){
164                     if (getLogger().isInfoEnabled())
165                         getLogger().info("[authorize] User " + principal.getName() + " is not allowed to perform action \"" + ActionFactory.getInstance().getMantaAction(actionType).toString() + "\".");
166                     throw new JMSSecurityException JavaDoc("User " + principal.getName() + " is not allowed to perform action \"" + ActionFactory.getInstance().getMantaAction(actionType).toString() + "\".");
167                 }
168                 else {
169                     if (getLogger().isInfoEnabled())
170                         getLogger().info("[authorize] User " + principal.getName() + " is not allowed to perform action \"" + ActionFactory.getInstance().getMantaAction(actionType).toString() + "\" on " + param + ".");
171                     throw new JMSSecurityException JavaDoc("User " + principal.getName() + " is not allowed to perform action \"" + ActionFactory.getInstance().getMantaAction(actionType).toString() + "\" on " + param + ".");
172                 }
173             }
174             else {
175                 if (param == null){
176                     if (getLogger().isInfoEnabled())
177                         getLogger().info("[authorize] User " + principal.getName() + " is allowed to perform action \"" + ActionFactory.getInstance().getMantaAction(actionType).toString() + "\".");
178                 }
179                 else {
180                     if (getLogger().isInfoEnabled())
181                         getLogger().info("[authorize] User " + principal.getName() + " is allowed to perform action \"" + ActionFactory.getInstance().getMantaAction(actionType).toString() + "\" on " + param + ".");
182                 }
183             }
184         }
185         catch (MantaSecurityException mse){
186             if (getLogger().isErrorEnabled())
187                 getLogger().error("[authorize] " + mse.getMessage());
188             throw new JMSSecurityException JavaDoc(mse.getMessage());
189         }
190     }
191
192     /**
193      * This method is used to check whether or not a given session id represents a client that is allowed
194      * to perform a specific action.
195      *
196      * Actions that require an authorization might be creating a producer on a queue,
197      * creating a consumer on a topic, etc.
198      *
199      * Use this method when the action should not be performed on a specific queue, topic, etc.
200      *
201      * If the action is authorized, the method returns with no value.
202      *
203      * @param sessionID
204      * the session id returned from MantaAuthentication.authenticate method
205      * @param actionType
206      * an integer value indicating the action to perform.
207      * Use a member of ActionTypes
208      * @throws JMSSecurityException if action is unauthorized for the specific client
209      * @see org.mr.kernel.security.MantaAuthentication
210      * @see org.mr.kernel.security.SecurityActionTypes
211      */

212     public void authorize(SessionID sessionID, int actionType) throws JMSSecurityException JavaDoc{
213         authorize(sessionID, actionType, null);
214     }
215
216     /**
217      * Returns the instance of the logger for this class
218      *
219      * @return the instance of the logger
220      */

221     public Log getLogger(){
222         if (_logger == null){
223             _logger = LogFactory.getLog(getClass().getName());
224         }
225         return _logger;
226     }
227 }
228
Popular Tags