KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > opencrx > kernel > layer > application > SecureObject


1 /*
2  * ====================================================================
3  * Project: opencrx, http://www.opencrx.org/
4  * Name: $Id: SecureObject.java,v 1.12 2005/09/22 23:31:33 wfro Exp $
5  * Description: openCRX SecureObject
6  * Revision: $Revision: 1.12 $
7  * Owner: CRIXP AG, Switzerland, http://www.crixp.com
8  * Date: $Date: 2005/09/22 23:31:33 $
9  * ====================================================================
10  *
11  * This software is published under the BSD license
12  * as listed below.
13  *
14  * Copyright (c) 2004-2005, CRIXP Corp., Switzerland
15  * All rights reserved.
16  *
17  * Redistribution and use in source and binary forms, with or without
18  * modification, are permitted provided that the following conditions
19  * are met:
20  *
21  * * Redistributions of source code must retain the above copyright
22  * notice, this list of conditions and the following disclaimer.
23  *
24  * * Redistributions in binary form must reproduce the above copyright
25  * notice, this list of conditions and the following disclaimer in
26  * the documentation and/or other materials provided with the
27  * distribution.
28  *
29  * * Neither the name of CRIXP Corp. nor the names of the contributors
30  * to openCRX may be used to endorse or promote products derived
31  * from this software without specific prior written permission
32  *
33  *
34  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND
35  * CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
36  * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
37  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
38  * DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS
39  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
40  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
41  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
42  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
43  * ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
44  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
45  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
46  * POSSIBILITY OF SUCH DAMAGE.
47  *
48  * ------------------
49  *
50  * This product includes software developed by the Apache Software
51  * Foundation (http://www.apache.org/).
52  *
53  * This product includes software developed by contributors to
54  * openMDX (http://www.openmdx.org/)
55  */
56 package org.opencrx.kernel.layer.application;
57
58 import java.util.Iterator JavaDoc;
59 import java.util.List JavaDoc;
60 import java.util.Map JavaDoc;
61
62 import org.openmdx.application.log.AppLog;
63 import org.openmdx.base.exception.ServiceException;
64 import org.openmdx.compatibility.base.dataprovider.cci.AttributeSelectors;
65 import org.openmdx.compatibility.base.dataprovider.cci.AttributeSpecifier;
66 import org.openmdx.compatibility.base.dataprovider.cci.DataproviderObject;
67 import org.openmdx.compatibility.base.dataprovider.cci.DataproviderObject_1_0;
68 import org.openmdx.compatibility.base.dataprovider.cci.Directions;
69 import org.openmdx.compatibility.base.dataprovider.cci.RequestCollection;
70 import org.openmdx.compatibility.base.dataprovider.cci.SystemAttributes;
71 import org.openmdx.compatibility.base.marshalling.Marshaller;
72 import org.openmdx.compatibility.base.naming.Path;
73 import org.openmdx.model1.accessor.basic.cci.ModelElement_1_0;
74 import org.openmdx.model1.accessor.basic.cci.Model_1_0;
75 import org.openmdx.model1.code.AggregationKind;
76
77 public class SecureObject {
78
79     //-----------------------------------------------------------------------
80 public SecureObject(
81         OpenCrxKernel_1 plugin,
82         RequestCollection delegation,
83         Model_1_0 model,
84         Path realmIdentity,
85         DataproviderObject args
86     ) {
87         this.plugin = plugin;
88         this.delegation = delegation;
89         this.model = model;
90         this.realmIdentity = realmIdentity;
91         this.args = args;
92     }
93     
94     //-------------------------------------------------------------------------
95 DataproviderObject_1_0 getUser(
96         String JavaDoc principalName
97     ) throws ServiceException {
98         
99         // principal
100 DataproviderObject_1_0 principal = null;
101         try {
102             principal = this.delegation.addGetRequest(
103                 this.realmIdentity.getDescendant(new String JavaDoc[]{"principal", principalName}),
104                 AttributeSelectors.ALL_ATTRIBUTES,
105                 new AttributeSpecifier[]{}
106             );
107         }
108         catch(ServiceException e) {
109             AppLog.warning("principal not found", principalName);
110             e.log();
111         }
112
113         // user
114 if((principal == null) || (principal.values("subject").size() == 0)) {
115             AppLog.warning("user for principal not defined", principal);
116             return null;
117         }
118         Path userIdentity = (Path)principal.values("subject").get(0);
119         DataproviderObject_1_0 user = null;
120         try {
121             user = this.delegation.addGetRequest(
122                 userIdentity,
123                 AttributeSelectors.ALL_ATTRIBUTES,
124                 new AttributeSpecifier[]{}
125             );
126         }
127         catch(ServiceException e) {
128             AppLog.warning("user for principal not found", principal + "; user=" + userIdentity);
129             e.log();
130         }
131         return user;
132     }
133     
134     //-----------------------------------------------------------------------
135 private void applyAcls(
136         DataproviderObject_1_0 obj,
137         Marshaller marshaller,
138         Short JavaDoc mode,
139         String JavaDoc reportText,
140         List JavaDoc report
141     ) {
142         try {
143             // apply acls to obj
144 DataproviderObject modifiedObj = this.plugin.retrieveObjectForModification(obj.path());
145             modifiedObj.clearValues("owningUser").addAll(obj.values("owningUser"));
146             modifiedObj.clearValues("owningGroup").addAll(obj.values("owningGroup"));
147             marshaller.marshal(modifiedObj);
148             report.add(reportText);
149            
150             if((mode != null) && (mode.intValue() == MODE_RECURSIVE)) {
151                 // apply acls to object's content
152 Map JavaDoc references = (Map JavaDoc)this.model.getElement(
153                     obj.values(SystemAttributes.OBJECT_CLASS).get(0)
154                 ).values("reference").get(0);
155                 for(
156                     Iterator JavaDoc i = references.values().iterator();
157                     i.hasNext();
158                 ) {
159                     ModelElement_1_0 featureDef = (ModelElement_1_0)i.next();
160                     ModelElement_1_0 referencedEnd = this.model.getElement(
161                         featureDef.values("referencedEnd").get(0)
162                     );
163                     if(
164                         this.model.isReferenceType(featureDef) &&
165                         AggregationKind.COMPOSITE.equals(referencedEnd.values("aggregation").get(0)) &&
166                         ((Boolean JavaDoc)referencedEnd.values("isChangeable").get(0)).booleanValue()
167                     ) {
168                         String JavaDoc reference = (String JavaDoc)featureDef.values("name").get(0);
169                         Path referencePath = obj.path().getChild(reference);
170                         List JavaDoc content = this.delegation.addFindRequest(
171                             referencePath,
172                             null,
173                             AttributeSelectors.ALL_ATTRIBUTES,
174                             0,
175                             Integer.MAX_VALUE,
176                             Directions.ASCENDING
177                         );
178                         for(
179                             Iterator JavaDoc j = content.iterator();
180                             j.hasNext();
181                         ) {
182                             this.applyAcls(
183                                 (DataproviderObject)j.next(),
184                                 marshaller,
185                                 mode,
186                                 reportText,
187                                 report
188                             );
189                         }
190                     }
191                 }
192             }
193         }
194         catch(ServiceException e){
195             e.log();
196             report.add(e.getMessage());
197         }
198     }
199     
200     //-----------------------------------------------------------------------
201 void setOwningUser(
202         DataproviderObject_1_0 obj,
203         List JavaDoc report
204     ) throws ServiceException {
205         this.applyAcls(
206             obj,
207             new Marshaller() {
208                 public Object JavaDoc marshal(Object JavaDoc s) throws ServiceException {
209                     if(s instanceof DataproviderObject) {
210                         DataproviderObject obj = (DataproviderObject)s;
211                         Path userIdentity = (Path)SecureObject.this.args.values("user").get(0);
212                         if((userIdentity == null) && (obj.values(SystemAttributes.CREATED_BY).size() > 0)) {
213                             DataproviderObject_1_0 user = SecureObject.this.getUser((String JavaDoc)obj.values(SystemAttributes.CREATED_BY).get(0));
214                             if(user != null) {
215                                 userIdentity = user.path();
216                             }
217                         }
218                         if(userIdentity != null) {
219                             obj.clearValues("owningUser").add(userIdentity);
220                         }
221                     }
222                     return s;
223                 }
224                 public Object JavaDoc unmarshal(Object JavaDoc s) {
225                   throw new UnsupportedOperationException JavaDoc();
226                 }
227             },
228             (Short JavaDoc)this.args.values("mode").get(0),
229             "setOwningUser",
230             report
231         );
232     }
233     
234     //-----------------------------------------------------------------------
235 void addOwningGroup(
236         DataproviderObject_1_0 obj,
237         List JavaDoc report
238     ) throws ServiceException {
239         this.applyAcls(
240             obj,
241             new Marshaller() {
242                 public Object JavaDoc marshal(Object JavaDoc s) throws ServiceException {
243                     if(s instanceof DataproviderObject) {
244                         Path owningGroupIdentity = (Path)SecureObject.this.args.values("group").get(0);
245                         if(owningGroupIdentity != null) {
246                             List JavaDoc groups = ((DataproviderObject)s).values("owningGroup");
247                             if(!groups.contains(owningGroupIdentity)) {
248                                 ((DataproviderObject)s).values("owningGroup").add(
249                                     owningGroupIdentity
250                                 );
251                             }
252                         }
253                     }
254                     return s;
255                 }
256                 public Object JavaDoc unmarshal(Object JavaDoc s) {
257                   throw new UnsupportedOperationException JavaDoc();
258                 }
259             },
260             (Short JavaDoc)this.args.values("mode").get(0),
261             "addOwningGroup",
262             report
263         );
264     }
265             
266     //-----------------------------------------------------------------------
267 void removeOwningGroup(
268         DataproviderObject_1_0 obj,
269         List JavaDoc report
270     ) throws ServiceException {
271         this.applyAcls(
272             obj,
273             new Marshaller() {
274                 public Object JavaDoc marshal(Object JavaDoc s) throws ServiceException {
275                     if(s instanceof DataproviderObject) {
276                         Path owningGroupIdentity = (Path)SecureObject.this.args.values("group").get(0);
277                         if(owningGroupIdentity != null) {
278                             ((DataproviderObject)s).values("owningGroup").remove(
279                                 owningGroupIdentity
280                             );
281                         }
282                     }
283                     return s;
284                 }
285                 public Object JavaDoc unmarshal(Object JavaDoc s) {
286                   throw new UnsupportedOperationException JavaDoc();
287                 }
288             },
289             (Short JavaDoc)this.args.values("mode").get(0),
290             "removeOwningGroup",
291             report
292         );
293     }
294
295     //-----------------------------------------------------------------------
296 void removeAllOwningGroup(
297         DataproviderObject_1_0 obj,
298         List JavaDoc report
299     ) throws ServiceException {
300         this.applyAcls(
301             obj,
302             new Marshaller() {
303                 public Object JavaDoc marshal(Object JavaDoc s) throws ServiceException {
304                     if(s instanceof DataproviderObject) {
305                         ((DataproviderObject)s).clearValues("owningGroup");
306                     }
307                     return s;
308                 }
309                 public Object JavaDoc unmarshal(Object JavaDoc s) {
310                   throw new UnsupportedOperationException JavaDoc();
311                 }
312             },
313             (Short JavaDoc)this.args.values("mode").get(0),
314             "removeAllOwningGroup",
315             report
316         );
317     }
318         
319     //-----------------------------------------------------------------------
320 void setAccessLevel(
321         DataproviderObject_1_0 obj,
322         List JavaDoc report
323     ) throws ServiceException {
324         this.applyAcls(
325             obj,
326             new Marshaller() {
327                 public Object JavaDoc marshal(Object JavaDoc s) throws ServiceException {
328                     Number JavaDoc accessLevelBrowse = (Number JavaDoc)SecureObject.this.args.values("accessLevelBrowse").get(0);
329                     if((accessLevelBrowse != null) && (accessLevelBrowse.intValue() > 0)) {
330                         ((DataproviderObject)s).clearValues("accessLevelBrowse").add(
331                             accessLevelBrowse
332                         );
333                     }
334                     Number JavaDoc accessLevelUpdate = (Number JavaDoc)SecureObject.this.args.values("accessLevelUpdate").get(0);
335                     if((accessLevelUpdate != null) && (accessLevelUpdate.intValue() > 0)) {
336                         ((DataproviderObject)s).clearValues("accessLevelUpdate").add(
337                             accessLevelUpdate
338                         );
339                     }
340                     Number JavaDoc accessLevelDelete = (Number JavaDoc)SecureObject.this.args.values("accessLevelDelete").get(0);
341                     if((accessLevelDelete != null) && (accessLevelDelete.intValue() > 0)) {
342                         ((DataproviderObject)s).clearValues("accessLevelDelete").add(
343                             accessLevelDelete
344                         );
345                     }
346                     return s;
347                 }
348                 public Object JavaDoc unmarshal(Object JavaDoc s) {
349                   throw new UnsupportedOperationException JavaDoc();
350                 }
351             },
352             (Short JavaDoc)this.args.values("mode").get(0),
353             "setAccessLevel",
354             report
355         );
356     }
357             
358     //-------------------------------------------------------------------------
359 // Members
360 //-------------------------------------------------------------------------
361 public static final int MODE_LOCAL = 0;
362     public static final int MODE_RECURSIVE = 1;
363     
364     private final OpenCrxKernel_1 plugin;
365     private final Model_1_0 model;
366     private final RequestCollection delegation;
367     private final Path realmIdentity;
368     final DataproviderObject args;
369     
370 }
371
372 //--- End of File -----------------------------------------------------------
373
Popular Tags