%line | %branch | |||||||||
---|---|---|---|---|---|---|---|---|---|---|
org.apache.jetspeed.om.page.psml.SecurityConstraintsImpl |
|
|
1 | /* |
|
2 | * Licensed to the Apache Software Foundation (ASF) under one or more |
|
3 | * contributor license agreements. See the NOTICE file distributed with |
|
4 | * this work for additional information regarding copyright ownership. |
|
5 | * The ASF licenses this file to You under the Apache License, Version 2.0 |
|
6 | * (the "License"); you may not use this file except in compliance with |
|
7 | * the License. You may obtain a copy of the License at |
|
8 | * |
|
9 | * http://www.apache.org/licenses/LICENSE-2.0 |
|
10 | * |
|
11 | * Unless required by applicable law or agreed to in writing, software |
|
12 | * distributed under the License is distributed on an "AS IS" BASIS, |
|
13 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
14 | * See the License for the specific language governing permissions and |
|
15 | * limitations under the License. |
|
16 | */ |
|
17 | package org.apache.jetspeed.om.page.psml; |
|
18 | ||
19 | import java.util.ArrayList; |
|
20 | import java.util.Collections; |
|
21 | import java.util.Iterator; |
|
22 | import java.util.List; |
|
23 | ||
24 | import org.apache.commons.logging.Log; |
|
25 | import org.apache.commons.logging.LogFactory; |
|
26 | import org.apache.jetspeed.om.common.SecurityConstraints; |
|
27 | import org.apache.jetspeed.om.page.PageSecurity; |
|
28 | import org.apache.jetspeed.om.page.SecurityConstraintImpl; |
|
29 | import org.apache.jetspeed.om.page.SecurityConstraintsDef; |
|
30 | ||
31 | /** |
|
32 | * <p> |
|
33 | * SecurityConstraintsImpl |
|
34 | * </p> |
|
35 | * <p> |
|
36 | * |
|
37 | * </p> |
|
38 | * @author <a href="mailto:rwatler@finali.com">Randy Watler</a> |
|
39 | * @version $Id: SecurityConstraintsImpl.java 568811 2007-08-23 03:00:37Z woonsan $ |
|
40 | * |
|
41 | */ |
|
42 | 0 | public class SecurityConstraintsImpl implements SecurityConstraints |
43 | { |
|
44 | 0 | private final static Log log = LogFactory.getLog(SecurityConstraintsImpl.class); |
45 | ||
46 | private String owner; |
|
47 | ||
48 | private List constraints; |
|
49 | ||
50 | private List constraintsRefs; |
|
51 | ||
52 | private List allConstraints; |
|
53 | ||
54 | /** |
|
55 | * <p> |
|
56 | * getOwner |
|
57 | * </p> |
|
58 | * |
|
59 | * @see org.apache.jetspeed.om.common.SecurityConstraints#getOwner() |
|
60 | * @return |
|
61 | */ |
|
62 | public String getOwner() |
|
63 | { |
|
64 | 0 | return owner; |
65 | } |
|
66 | ||
67 | /** |
|
68 | * <p> |
|
69 | * setOwner |
|
70 | * </p> |
|
71 | * |
|
72 | * @see org.apache.jetspeed.om.common.SecurityConstraints#setOwner(java.lang.String) |
|
73 | * @param owner |
|
74 | */ |
|
75 | public void setOwner(String owner) |
|
76 | { |
|
77 | 0 | this.owner = owner; |
78 | 0 | } |
79 | ||
80 | /** |
|
81 | * <p> |
|
82 | * getSecurityConstraints |
|
83 | * </p> |
|
84 | * |
|
85 | * @see org.apache.jetspeed.om.common.SecurityConstraints#getSecurityConstraints() |
|
86 | * @return |
|
87 | */ |
|
88 | public List getSecurityConstraints() |
|
89 | { |
|
90 | 0 | if (this.constraints == null) |
91 | { |
|
92 | 0 | this.constraints = Collections.synchronizedList(new ArrayList()); |
93 | } |
|
94 | 0 | return constraints; |
95 | } |
|
96 | ||
97 | /** |
|
98 | * <p> |
|
99 | * setSecurityConstraint |
|
100 | * </p> |
|
101 | * |
|
102 | * @see org.apache.jetspeed.om.common.SecurityConstraints#setSecurityConstraints(java.util.List) |
|
103 | * @param constraints |
|
104 | */ |
|
105 | public void setSecurityConstraints(List constraints) |
|
106 | { |
|
107 | 0 | this.constraints = constraints; |
108 | 0 | } |
109 | ||
110 | /** |
|
111 | * <p> |
|
112 | * getSecurityConstraintsRefs |
|
113 | * </p> |
|
114 | * |
|
115 | * @see org.apache.jetspeed.om.common.SecurityConstraints#getSecurityConstraintsRefs() |
|
116 | * @return |
|
117 | */ |
|
118 | public List getSecurityConstraintsRefs() |
|
119 | { |
|
120 | 0 | if (this.constraintsRefs == null) |
121 | { |
|
122 | 0 | this.constraintsRefs = Collections.synchronizedList(new ArrayList()); |
123 | } |
|
124 | 0 | return constraintsRefs; |
125 | } |
|
126 | ||
127 | /** |
|
128 | * <p> |
|
129 | * setSecurityConstraintsRefs |
|
130 | * </p> |
|
131 | * |
|
132 | * @see org.apache.jetspeed.om.common.SecurityConstraints#setSecurityConstraintsRefs(java.util.List) |
|
133 | * @param constraintsRefs |
|
134 | */ |
|
135 | public void setSecurityConstraintsRefs(List constraintsRefs) |
|
136 | { |
|
137 | 0 | this.constraintsRefs = constraintsRefs; |
138 | 0 | } |
139 | ||
140 | /** |
|
141 | * <p> |
|
142 | * isEmpty |
|
143 | * </p> |
|
144 | * |
|
145 | * @see org.apache.jetspeed.om.common.SecurityConstraints#isEmpty() |
|
146 | * @return flag indicating whether there are constraints or owner set |
|
147 | */ |
|
148 | public boolean isEmpty() |
|
149 | { |
|
150 | 0 | return ((owner == null) && (constraints == class="keyword">null) && (constraintsRefs == class="keyword">null)); |
151 | } |
|
152 | ||
153 | /** |
|
154 | * <p> |
|
155 | * checkConstraints |
|
156 | * </p> |
|
157 | * |
|
158 | * @param actions |
|
159 | * @param userPrincipals |
|
160 | * @param rolePrincipals |
|
161 | * @param groupPrincipals |
|
162 | * @param pageSecurity page security definitions |
|
163 | * @throws SecurityException |
|
164 | */ |
|
165 | public void checkConstraints(List actions, List userPrincipals, List rolePrincipals, |
|
166 | List groupPrincipals, PageSecurity pageSecurity) throws SecurityException |
|
167 | { |
|
168 | // if owner defined, override all constraints and allow all access |
|
169 | 0 | if ((owner != null) && (userPrincipals != class="keyword">null) && userPrincipals.contains(owner)) |
170 | { |
|
171 | 0 | return; |
172 | } |
|
173 | ||
174 | // skip missing or empty constraints: permit all access |
|
175 | 0 | List checkConstraints = getAllSecurityConstraints(pageSecurity); |
176 | 0 | if ((checkConstraints != null) && !checkConstraints.isEmpty()) |
177 | { |
|
178 | // test each action, constraints check passes only |
|
179 | // if all actions are permitted for principals |
|
180 | 0 | Iterator actionsIter = actions.iterator(); |
181 | 0 | while (actionsIter.hasNext()) |
182 | { |
|
183 | // check each action: |
|
184 | // - if any actions explicity permitted, assume no permissions |
|
185 | // are permitted by default |
|
186 | // - if all constraints do not specify a permission, assume |
|
187 | // access is permitted by default |
|
188 | 0 | String action = (String)actionsIter.next(); |
189 | 0 | boolean actionPermitted = false; |
190 | 0 | boolean actionNotPermitted = false; |
191 | 0 | boolean anyActionsPermitted = false; |
192 | ||
193 | // check against constraints |
|
194 | 0 | Iterator checkConstraintsIter = checkConstraints.iterator(); |
195 | 0 | while (checkConstraintsIter.hasNext()) |
196 | { |
|
197 | 0 | SecurityConstraintImpl constraint = (SecurityConstraintImpl)checkConstraintsIter.next(); |
198 | ||
199 | // if permissions specified, attempt to match constraint |
|
200 | 0 | if (constraint.getPermissions() != null) |
201 | { |
|
202 | // explicit actions permitted |
|
203 | 0 | anyActionsPermitted = true; |
204 | ||
205 | // test action permission match and user/role/group principal match |
|
206 | 0 | if (constraint.actionMatch(action) && |
207 | constraint.principalsMatch(userPrincipals, rolePrincipals, groupPrincipals, true)) |
|
208 | { |
|
209 | 0 | actionPermitted = true; |
210 | 0 | break; |
211 | } |
|
212 | } |
|
213 | else |
|
214 | { |
|
215 | // permissions not specified: not permitted if any principal matched |
|
216 | 0 | if (constraint.principalsMatch(userPrincipals, rolePrincipals, groupPrincipals, false)) |
217 | { |
|
218 | 0 | actionNotPermitted = true; |
219 | 0 | break; |
220 | } |
|
221 | } |
|
222 | 0 | } |
223 | ||
224 | // fail if any action not permitted |
|
225 | 0 | if ((!actionPermitted && anyActionsPermitted) || actionNotPermitted) |
226 | { |
|
227 | 0 | throw new SecurityException("SecurityConstraintsImpl.checkConstraints(): Access for " + action + " not permitted."); |
228 | } |
|
229 | 0 | } |
230 | } |
|
231 | 0 | } |
232 | ||
233 | /** |
|
234 | * <p> |
|
235 | * getAllSecurityConstraints |
|
236 | * </p> |
|
237 | * |
|
238 | * @param pageSecurity |
|
239 | * @return all security constraints |
|
240 | */ |
|
241 | private synchronized List getAllSecurityConstraints(PageSecurity pageSecurity) |
|
242 | { |
|
243 | // return previously cached security constraints; note that |
|
244 | // cache is assumed valid until owning document is evicted |
|
245 | 0 | if (allConstraints != null) |
246 | { |
|
247 | 0 | return allConstraints; |
248 | } |
|
249 | ||
250 | // construct new ordered security constraints list |
|
251 | 0 | allConstraints = Collections.synchronizedList(new ArrayList(8)); |
252 | ||
253 | // add any defined security constraints |
|
254 | 0 | if (constraints != null) |
255 | { |
|
256 | 0 | allConstraints.addAll(constraints); |
257 | } |
|
258 | ||
259 | // add any security constraints references |
|
260 | 0 | if ((constraintsRefs != null) && !constraintsRefs.isEmpty()) |
261 | { |
|
262 | 0 | List referencedConstraints = dereferenceSecurityConstraintsRefs(constraintsRefs, pageSecurity); |
263 | 0 | if (referencedConstraints != null) |
264 | { |
|
265 | 0 | allConstraints.addAll(referencedConstraints); |
266 | } |
|
267 | } |
|
268 | ||
269 | // add any global decurity constraints references |
|
270 | 0 | if (pageSecurity != null) |
271 | { |
|
272 | 0 | List globalConstraintsRefs = pageSecurity.getGlobalSecurityConstraintsRefs(); |
273 | 0 | if ((globalConstraintsRefs != null) && !globalConstraintsRefs.isEmpty()) |
274 | { |
|
275 | 0 | List referencedConstraints = dereferenceSecurityConstraintsRefs(globalConstraintsRefs, pageSecurity); |
276 | 0 | if (referencedConstraints != null) |
277 | { |
|
278 | 0 | allConstraints.addAll(referencedConstraints); |
279 | } |
|
280 | } |
|
281 | } |
|
282 | ||
283 | 0 | return allConstraints; |
284 | } |
|
285 | ||
286 | /** |
|
287 | * <p> |
|
288 | * dereferenceSecurityConstraintsRefs |
|
289 | * </p> |
|
290 | * |
|
291 | * @param constraintsRefs |
|
292 | * @param pageSecurity |
|
293 | * @return security constraints |
|
294 | */ |
|
295 | private List dereferenceSecurityConstraintsRefs(List constraintsRefs, PageSecurity pageSecurity) |
|
296 | { |
|
297 | // access security document to dereference security |
|
298 | // constriants definitions |
|
299 | 0 | List constraints = null; |
300 | 0 | if (pageSecurity != null) |
301 | { |
|
302 | // dereference each security constraints definition |
|
303 | 0 | Iterator constraintsRefsIter = constraintsRefs.iterator(); |
304 | 0 | while (constraintsRefsIter.hasNext()) |
305 | { |
|
306 | 0 | String constraintsRef = (String)constraintsRefsIter.next(); |
307 | 0 | SecurityConstraintsDef securityConstraintsDef = pageSecurity.getSecurityConstraintsDef(constraintsRef); |
308 | 0 | if ((securityConstraintsDef != null) && (securityConstraintsDef.getSecurityConstraints() != class="keyword">null)) |
309 | { |
|
310 | 0 | if (constraints == null) |
311 | { |
|
312 | 0 | constraints = Collections.synchronizedList(new ArrayList(constraintsRefs.size())); |
313 | } |
|
314 | 0 | constraints.addAll(securityConstraintsDef.getSecurityConstraints()); |
315 | } |
|
316 | else |
|
317 | { |
|
318 | 0 | log.error("dereferenceSecurityConstraintsRefs(): Unable to dereference \"" + constraintsRef + "\" security constraints definition."); |
319 | } |
|
320 | 0 | } |
321 | 0 | } |
322 | else |
|
323 | { |
|
324 | 0 | log.error("dereferenceSecurityConstraintsRefs(): Missing page security, unable to dereference security constraints definitions."); |
325 | } |
|
326 | ||
327 | 0 | return constraints; |
328 | } |
|
329 | } |
This report is generated by jcoverage, Maven and Maven JCoverage Plugin. |