1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.apache.jetspeed.om.page.impl;
18
19 import java.util.Iterator;
20 import java.util.List;
21
22 import org.apache.jetspeed.om.common.SecurityConstraints;
23 import org.apache.jetspeed.om.page.PageSecurity;
24 import org.apache.jetspeed.om.page.SecurityConstraintImpl;
25 import org.apache.jetspeed.om.page.SecurityConstraintsDef;
26 import org.apache.jetspeed.page.impl.DatabasePageManagerUtils;
27
28 /***
29 * SecurityConstraintsImpl
30 *
31 * @author <a href="mailto:rwatler@apache.org">Randy Watler</a>
32 * @version $Id$
33 */
34 public class SecurityConstraintsImpl implements SecurityConstraints
35 {
36 private String owner;
37 private List constraints;
38 private List constraintsRefs;
39
40 private SecurityConstraintList securityConstraints;
41 private SecurityConstraintsRefList securityConstraintsRefs;
42
43 private List allConstraints;
44
45 /***
46 * accessConstraintsRefs
47 *
48 * Access mutable persistent collection member for List wrappers.
49 *
50 * @return persistent collection
51 */
52 List accessConstraintsRefs()
53 {
54
55 if (constraintsRefs == null)
56 {
57 constraintsRefs = DatabasePageManagerUtils.createList();
58 }
59 return constraintsRefs;
60 }
61
62 /***
63 * accessConstraints
64 *
65 * Access mutable persistent collection member for List wrappers.
66 *
67 * @return persistent collection
68 */
69 List accessConstraints()
70 {
71
72 if (constraints == null)
73 {
74 constraints = DatabasePageManagerUtils.createList();
75 }
76 return constraints;
77 }
78
79 /***
80 * getSecurityConstraintClass
81 *
82 * Return class of persistent constraint instance.
83 *
84 * @return constraint class
85 */
86 public Class getSecurityConstraintClass()
87 {
88
89 return null;
90 }
91
92 /***
93 * getSecurityConstraintsRefClass
94 *
95 * Return class of persistent constraints reference instance.
96 *
97 * @return constraints reference class
98 */
99 public Class getSecurityConstraintsRefClass()
100 {
101
102 return null;
103 }
104
105 /***
106 * checkConstraints
107 *
108 * @param actions actions to check
109 * @param userPrincipals principal users list
110 * @param rolePrincipals principal roles list
111 * @param groupPrincipals principal group list
112 * @param pageSecurity page security definitions
113 * @throws SecurityException
114 */
115 public void checkConstraints(List actions, List userPrincipals, List rolePrincipals, List groupPrincipals, PageSecurity pageSecurity) throws SecurityException
116 {
117
118 if ((owner != null) && (userPrincipals != null) && userPrincipals.contains(owner))
119 {
120 return;
121 }
122
123
124 List checkConstraints = getAllSecurityConstraints(pageSecurity);
125 if ((checkConstraints != null) && !checkConstraints.isEmpty())
126 {
127
128
129 Iterator actionsIter = actions.iterator();
130 while (actionsIter.hasNext())
131 {
132
133
134
135
136
137 String action = (String)actionsIter.next();
138 boolean actionPermitted = false;
139 boolean actionNotPermitted = false;
140 boolean anyActionsPermitted = (getOwner() != null);
141
142
143 Iterator checkConstraintsIter = checkConstraints.iterator();
144 while (checkConstraintsIter.hasNext())
145 {
146 SecurityConstraintImpl constraint = (SecurityConstraintImpl)checkConstraintsIter.next();
147
148
149 if (constraint.getPermissions() != null)
150 {
151
152 anyActionsPermitted = true;
153
154
155 if (constraint.actionMatch(action) &&
156 constraint.principalsMatch(userPrincipals, rolePrincipals, groupPrincipals, true))
157 {
158 actionPermitted = true;
159 break;
160 }
161 }
162 else
163 {
164
165 if (constraint.principalsMatch(userPrincipals, rolePrincipals, groupPrincipals, false))
166 {
167 actionNotPermitted = true;
168 break;
169 }
170 }
171 }
172
173
174 if ((!actionPermitted && anyActionsPermitted) || actionNotPermitted)
175 {
176 throw new SecurityException("SecurityConstraintsImpl.checkConstraints(): Access for " + action + " not permitted.");
177 }
178 }
179 }
180 else
181 {
182
183
184 if ((getOwner() != null) && !actions.isEmpty())
185 {
186 String action = (String)actions.get(0);
187 throw new SecurityException("SecurityConstraintsImpl.checkConstraints(): Access for " + action + " not permitted, (not owner).");
188 }
189 }
190 }
191
192 /***
193 * resetCachedSecurityConstraints
194 */
195 public void resetCachedSecurityConstraints()
196 {
197
198 clearAllSecurityConstraints();
199 }
200
201 /***
202 * getAllSecurityConstraints
203 *
204 * @param pageSecurity page security definitions
205 * @return all security constraints
206 */
207 private synchronized List getAllSecurityConstraints(PageSecurity pageSecurity)
208 {
209
210 if (allConstraints != null)
211 {
212 return allConstraints;
213 }
214
215
216 allConstraints = DatabasePageManagerUtils.createList();
217
218
219 if ((getSecurityConstraints() != null) && !getSecurityConstraints().isEmpty())
220 {
221 allConstraints.addAll(securityConstraints);
222 }
223
224
225 if ((getSecurityConstraintsRefs() != null) && !getSecurityConstraintsRefs().isEmpty())
226 {
227 List referencedConstraints = dereferenceSecurityConstraintsRefs(getSecurityConstraintsRefs(), pageSecurity);
228 if (referencedConstraints != null)
229 {
230 allConstraints.addAll(referencedConstraints);
231 }
232 }
233
234
235 if (pageSecurity != null)
236 {
237 List globalConstraintsRefs = pageSecurity.getGlobalSecurityConstraintsRefs();
238 if ((globalConstraintsRefs != null) && !globalConstraintsRefs.isEmpty())
239 {
240 List referencedConstraints = dereferenceSecurityConstraintsRefs(globalConstraintsRefs, pageSecurity);
241 if (referencedConstraints != null)
242 {
243 allConstraints.addAll(referencedConstraints);
244 }
245 }
246 }
247
248 return allConstraints;
249 }
250
251 /***
252 * clearAllSecurityConstraints
253 */
254 synchronized void clearAllSecurityConstraints()
255 {
256
257 allConstraints = null;
258 }
259
260 /***
261 * dereferenceSecurityConstraintsRefs
262 *
263 * @param constraintsRefs contstraints references to be dereferenced
264 * @param pageSecurity page security definitions
265 * @return security constraints
266 */
267 private List dereferenceSecurityConstraintsRefs(List constraintsRefs, PageSecurity pageSecurity)
268 {
269 List constraints = null;
270 if (pageSecurity != null)
271 {
272
273 Iterator constraintsRefsIter = constraintsRefs.iterator();
274 while (constraintsRefsIter.hasNext())
275 {
276 String constraintsRef = (String)constraintsRefsIter.next();
277 SecurityConstraintsDef securityConstraintsDef = pageSecurity.getSecurityConstraintsDef(constraintsRef);
278 if ((securityConstraintsDef != null) && (securityConstraintsDef.getSecurityConstraints() != null))
279 {
280 if (constraints == null)
281 {
282 constraints = DatabasePageManagerUtils.createList();
283 }
284 constraints.addAll(securityConstraintsDef.getSecurityConstraints());
285 }
286 }
287 }
288 return constraints;
289 }
290
291
292
293
294 public String getOwner()
295 {
296 return owner;
297 }
298
299
300
301
302 public void setOwner(String owner)
303 {
304
305 this.owner = owner;
306 clearAllSecurityConstraints();
307 }
308
309
310
311
312 public List getSecurityConstraints()
313 {
314
315
316 if (securityConstraints == null)
317 {
318 securityConstraints = new SecurityConstraintList(this);
319 }
320 return securityConstraints;
321 }
322
323
324
325
326 public void setSecurityConstraints(List constraints)
327 {
328
329
330
331 List securityConstraints = getSecurityConstraints();
332 if (constraints != securityConstraints)
333 {
334
335 securityConstraints.clear();
336 if (constraints != null)
337 {
338 securityConstraints.addAll(constraints);
339 }
340 }
341
342 clearAllSecurityConstraints();
343 }
344
345
346
347
348 public List getSecurityConstraintsRefs()
349 {
350
351
352
353 if (securityConstraintsRefs == null)
354 {
355 securityConstraintsRefs = new SecurityConstraintsRefList(this);
356 }
357 return securityConstraintsRefs;
358 }
359
360
361
362
363 public void setSecurityConstraintsRefs(List constraintsRefs)
364 {
365
366
367
368 List securityConstraintsRefs = getSecurityConstraintsRefs();
369 if (constraintsRefs != securityConstraintsRefs)
370 {
371
372 securityConstraintsRefs.clear();
373 if (constraintsRefs != null)
374 {
375 securityConstraintsRefs.addAll(constraintsRefs);
376 }
377 }
378
379 clearAllSecurityConstraints();
380 }
381
382
383
384
385 public boolean isEmpty()
386 {
387
388 return ((owner == null) &&
389 ((constraints == null) || constraints.isEmpty()) &&
390 ((constraintsRefs == null) || constraintsRefs.isEmpty()));
391 }
392 }