1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17 package org.apache.jetspeed.om.page.psml;
18
19 import java.util.ArrayList;
20 import java.util.Collections;
21 import java.util.Iterator;
22 import java.util.List;
23
24 import org.apache.commons.logging.Log;
25 import org.apache.commons.logging.LogFactory;
26 import org.apache.jetspeed.om.common.SecurityConstraints;
27 import org.apache.jetspeed.om.page.PageSecurity;
28 import org.apache.jetspeed.om.page.SecurityConstraintImpl;
29 import org.apache.jetspeed.om.page.SecurityConstraintsDef;
30
31 /***
32 * <p>
33 * SecurityConstraintsImpl
34 * </p>
35 * <p>
36 *
37 * </p>
38 * @author <a href="mailto:rwatler@finali.com">Randy Watler</a>
39 * @version $Id: SecurityConstraintsImpl.java 568811 2007-08-23 03:00:37Z woonsan $
40 *
41 */
42 public class SecurityConstraintsImpl implements SecurityConstraints
43 {
44 private final static Log log = LogFactory.getLog(SecurityConstraintsImpl.class);
45
46 private String owner;
47
48 private List constraints;
49
50 private List constraintsRefs;
51
52 private List allConstraints;
53
54 /***
55 * <p>
56 * getOwner
57 * </p>
58 *
59 * @see org.apache.jetspeed.om.common.SecurityConstraints#getOwner()
60 * @return
61 */
62 public String getOwner()
63 {
64 return owner;
65 }
66
67 /***
68 * <p>
69 * setOwner
70 * </p>
71 *
72 * @see org.apache.jetspeed.om.common.SecurityConstraints#setOwner(java.lang.String)
73 * @param owner
74 */
75 public void setOwner(String owner)
76 {
77 this.owner = owner;
78 }
79
80 /***
81 * <p>
82 * getSecurityConstraints
83 * </p>
84 *
85 * @see org.apache.jetspeed.om.common.SecurityConstraints#getSecurityConstraints()
86 * @return
87 */
88 public List getSecurityConstraints()
89 {
90 if (this.constraints == null)
91 {
92 this.constraints = Collections.synchronizedList(new ArrayList());
93 }
94 return constraints;
95 }
96
97 /***
98 * <p>
99 * setSecurityConstraint
100 * </p>
101 *
102 * @see org.apache.jetspeed.om.common.SecurityConstraints#setSecurityConstraints(java.util.List)
103 * @param constraints
104 */
105 public void setSecurityConstraints(List constraints)
106 {
107 this.constraints = constraints;
108 }
109
110 /***
111 * <p>
112 * getSecurityConstraintsRefs
113 * </p>
114 *
115 * @see org.apache.jetspeed.om.common.SecurityConstraints#getSecurityConstraintsRefs()
116 * @return
117 */
118 public List getSecurityConstraintsRefs()
119 {
120 if (this.constraintsRefs == null)
121 {
122 this.constraintsRefs = Collections.synchronizedList(new ArrayList());
123 }
124 return constraintsRefs;
125 }
126
127 /***
128 * <p>
129 * setSecurityConstraintsRefs
130 * </p>
131 *
132 * @see org.apache.jetspeed.om.common.SecurityConstraints#setSecurityConstraintsRefs(java.util.List)
133 * @param constraintsRefs
134 */
135 public void setSecurityConstraintsRefs(List constraintsRefs)
136 {
137 this.constraintsRefs = constraintsRefs;
138 }
139
140 /***
141 * <p>
142 * isEmpty
143 * </p>
144 *
145 * @see org.apache.jetspeed.om.common.SecurityConstraints#isEmpty()
146 * @return flag indicating whether there are constraints or owner set
147 */
148 public boolean isEmpty()
149 {
150 return ((owner == null) && (constraints == null) && (constraintsRefs == null));
151 }
152
153 /***
154 * <p>
155 * checkConstraints
156 * </p>
157 *
158 * @param actions
159 * @param userPrincipals
160 * @param rolePrincipals
161 * @param groupPrincipals
162 * @param pageSecurity page security definitions
163 * @throws SecurityException
164 */
165 public void checkConstraints(List actions, List userPrincipals, List rolePrincipals,
166 List groupPrincipals, PageSecurity pageSecurity) throws SecurityException
167 {
168
169 if ((owner != null) && (userPrincipals != null) && userPrincipals.contains(owner))
170 {
171 return;
172 }
173
174
175 List checkConstraints = getAllSecurityConstraints(pageSecurity);
176 if ((checkConstraints != null) && !checkConstraints.isEmpty())
177 {
178
179
180 Iterator actionsIter = actions.iterator();
181 while (actionsIter.hasNext())
182 {
183
184
185
186
187
188 String action = (String)actionsIter.next();
189 boolean actionPermitted = false;
190 boolean actionNotPermitted = false;
191 boolean anyActionsPermitted = false;
192
193
194 Iterator checkConstraintsIter = checkConstraints.iterator();
195 while (checkConstraintsIter.hasNext())
196 {
197 SecurityConstraintImpl constraint = (SecurityConstraintImpl)checkConstraintsIter.next();
198
199
200 if (constraint.getPermissions() != null)
201 {
202
203 anyActionsPermitted = true;
204
205
206 if (constraint.actionMatch(action) &&
207 constraint.principalsMatch(userPrincipals, rolePrincipals, groupPrincipals, true))
208 {
209 actionPermitted = true;
210 break;
211 }
212 }
213 else
214 {
215
216 if (constraint.principalsMatch(userPrincipals, rolePrincipals, groupPrincipals, false))
217 {
218 actionNotPermitted = true;
219 break;
220 }
221 }
222 }
223
224
225 if ((!actionPermitted && anyActionsPermitted) || actionNotPermitted)
226 {
227 throw new SecurityException("SecurityConstraintsImpl.checkConstraints(): Access for " + action + " not permitted.");
228 }
229 }
230 }
231 }
232
233 /***
234 * <p>
235 * getAllSecurityConstraints
236 * </p>
237 *
238 * @param pageSecurity
239 * @return all security constraints
240 */
241 private synchronized List getAllSecurityConstraints(PageSecurity pageSecurity)
242 {
243
244
245 if (allConstraints != null)
246 {
247 return allConstraints;
248 }
249
250
251 allConstraints = Collections.synchronizedList(new ArrayList(8));
252
253
254 if (constraints != null)
255 {
256 allConstraints.addAll(constraints);
257 }
258
259
260 if ((constraintsRefs != null) && !constraintsRefs.isEmpty())
261 {
262 List referencedConstraints = dereferenceSecurityConstraintsRefs(constraintsRefs, pageSecurity);
263 if (referencedConstraints != null)
264 {
265 allConstraints.addAll(referencedConstraints);
266 }
267 }
268
269
270 if (pageSecurity != null)
271 {
272 List globalConstraintsRefs = pageSecurity.getGlobalSecurityConstraintsRefs();
273 if ((globalConstraintsRefs != null) && !globalConstraintsRefs.isEmpty())
274 {
275 List referencedConstraints = dereferenceSecurityConstraintsRefs(globalConstraintsRefs, pageSecurity);
276 if (referencedConstraints != null)
277 {
278 allConstraints.addAll(referencedConstraints);
279 }
280 }
281 }
282
283 return allConstraints;
284 }
285
286 /***
287 * <p>
288 * dereferenceSecurityConstraintsRefs
289 * </p>
290 *
291 * @param constraintsRefs
292 * @param pageSecurity
293 * @return security constraints
294 */
295 private List dereferenceSecurityConstraintsRefs(List constraintsRefs, PageSecurity pageSecurity)
296 {
297
298
299 List constraints = null;
300 if (pageSecurity != null)
301 {
302
303 Iterator constraintsRefsIter = constraintsRefs.iterator();
304 while (constraintsRefsIter.hasNext())
305 {
306 String constraintsRef = (String)constraintsRefsIter.next();
307 SecurityConstraintsDef securityConstraintsDef = pageSecurity.getSecurityConstraintsDef(constraintsRef);
308 if ((securityConstraintsDef != null) && (securityConstraintsDef.getSecurityConstraints() != null))
309 {
310 if (constraints == null)
311 {
312 constraints = Collections.synchronizedList(new ArrayList(constraintsRefs.size()));
313 }
314 constraints.addAll(securityConstraintsDef.getSecurityConstraints());
315 }
316 else
317 {
318 log.error("dereferenceSecurityConstraintsRefs(): Unable to dereference \"" + constraintsRef + "\" security constraints definition.");
319 }
320 }
321 }
322 else
323 {
324 log.error("dereferenceSecurityConstraintsRefs(): Missing page security, unable to dereference security constraints definitions.");
325 }
326
327 return constraints;
328 }
329 }