1 46 47 package org.mr.kernel.security.authorization; 48 49 import javax.jms.JMSSecurityException ; 50 import java.net.InetAddress ; 51 52 import org.mr.kernel.security.*; 53 import org.mr.kernel.security.MantaAuthorization; 54 import org.apache.commons.logging.Log; 55 import org.apache.commons.logging.LogFactory; 56 57 65 public class MantaAuthorizationImpl implements MantaAuthorization, SecurityConstants, SecurityConfigurationPaths { 66 private Log _logger; 67 68 81 public void authorize(InetAddress inetAddress) throws SecurityException { 82 if (inetAddress == null){ 83 if (getLogger().isErrorEnabled()) 84 getLogger().error("[authorize] Invalid argument: inetAddress"); 85 throw new SecurityException ("Invalid argument: inetAddress"); 86 } 87 88 try { 89 boolean isPermitted = MantaACLAuthorizationManager.getInstance().isAuthorized(inetAddress); 91 if (!isPermitted){ 92 if (getLogger().isInfoEnabled()) 93 getLogger().info("[authorize] IP " + inetAddress.toString() + " is unauthorized"); 94 throw new SecurityException ("unauthorized IP"); 95 } 96 else { 97 if (getLogger().isInfoEnabled()) 98 getLogger().info("[authorize] IP " + inetAddress.toString() + " is authorized"); 99 } 100 } 101 catch (MantaSecurityException mse){ 102 if (getLogger().isErrorEnabled()) 103 getLogger().error("[authorize] " + mse.getMessage()); 104 throw new SecurityException (mse.getMessage()); 105 } 106 } 107 108 131 public void authorize(SessionID sessionID, int actionType, Object param) throws JMSSecurityException { 132 if (sessionID == null){ 133 if (getLogger().isErrorEnabled()) 134 getLogger().error("[authorize] Invalid argument: sessionID"); 135 throw new JMSSecurityException ("Invalid argument: sessionID"); 136 } 137 138 if (!(SessionManager.getInstance().contains(sessionID))){ 139 if (getLogger().isInfoEnabled()) 140 getLogger().info("[authorize] Session ID " + sessionID.toString() + " not found in session manager."); 141 throw new JMSSecurityException ("Session ID " + sessionID.toString() + " not found in session manager."); 142 } 143 UserPrincipal principal = SessionManager.getInstance().getPrincipal(sessionID); 144 145 try { 146 if (principal.getProperty(PROPERTY_USER_GROUP) == null){ 147 String groupOfUser = MantaACLAuthorizationManager.getInstance().getGroupOfUser(principal.getName()); 149 if (groupOfUser == null){ 150 if (getLogger().isInfoEnabled()) 151 getLogger().info("[authorize] Group of user " + principal.getName() + " not found"); 152 } 153 else { 154 if (getLogger().isInfoEnabled()) 155 getLogger().info("[authorize] Group of user " + principal.getName() + " is " + groupOfUser); 156 principal.setProperty(PROPERTY_USER_GROUP, groupOfUser); 157 } 158 } 159 160 boolean isPermitted = MantaACLAuthorizationManager.getInstance().isAuthorized(principal, actionType, param); 162 if (!isPermitted){ 163 if (param == null){ 164 if (getLogger().isInfoEnabled()) 165 getLogger().info("[authorize] User " + principal.getName() + " is not allowed to perform action \"" + ActionFactory.getInstance().getMantaAction(actionType).toString() + "\"."); 166 throw new JMSSecurityException ("User " + principal.getName() + " is not allowed to perform action \"" + ActionFactory.getInstance().getMantaAction(actionType).toString() + "\"."); 167 } 168 else { 169 if (getLogger().isInfoEnabled()) 170 getLogger().info("[authorize] User " + principal.getName() + " is not allowed to perform action \"" + ActionFactory.getInstance().getMantaAction(actionType).toString() + "\" on " + param + "."); 171 throw new JMSSecurityException ("User " + principal.getName() + " is not allowed to perform action \"" + ActionFactory.getInstance().getMantaAction(actionType).toString() + "\" on " + param + "."); 172 } 173 } 174 else { 175 if (param == null){ 176 if (getLogger().isInfoEnabled()) 177 getLogger().info("[authorize] User " + principal.getName() + " is allowed to perform action \"" + ActionFactory.getInstance().getMantaAction(actionType).toString() + "\"."); 178 } 179 else { 180 if (getLogger().isInfoEnabled()) 181 getLogger().info("[authorize] User " + principal.getName() + " is allowed to perform action \"" + ActionFactory.getInstance().getMantaAction(actionType).toString() + "\" on " + param + "."); 182 } 183 } 184 } 185 catch (MantaSecurityException mse){ 186 if (getLogger().isErrorEnabled()) 187 getLogger().error("[authorize] " + mse.getMessage()); 188 throw new JMSSecurityException (mse.getMessage()); 189 } 190 } 191 192 212 public void authorize(SessionID sessionID, int actionType) throws JMSSecurityException { 213 authorize(sessionID, actionType, null); 214 } 215 216 221 public Log getLogger(){ 222 if (_logger == null){ 223 _logger = LogFactory.getLog(getClass().getName()); 224 } 225 return _logger; 226 } 227 } 228 | Popular Tags |