1 |
|
|
2 |
|
|
3 |
|
|
4 |
|
|
5 |
|
|
6 |
|
|
7 |
|
|
8 |
|
|
9 |
|
|
10 |
|
|
11 |
|
|
12 |
|
|
13 |
|
|
14 |
|
|
15 |
|
|
16 |
|
|
17 |
|
package org.apache.jetspeed.security.impl; |
18 |
|
|
19 |
|
import java.lang.reflect.Constructor; |
20 |
|
import java.security.AccessController; |
21 |
|
import java.security.Permission; |
22 |
|
import java.security.Permissions; |
23 |
|
import java.security.Principal; |
24 |
|
import java.security.PrivilegedAction; |
25 |
|
import java.sql.Timestamp; |
26 |
|
import java.util.ArrayList; |
27 |
|
import java.util.Collection; |
28 |
|
import java.util.HashMap; |
29 |
|
import java.util.HashSet; |
30 |
|
import java.util.Iterator; |
31 |
|
import java.util.LinkedList; |
32 |
|
|
33 |
|
import javax.security.auth.Subject; |
34 |
|
|
35 |
|
import org.apache.commons.logging.Log; |
36 |
|
import org.apache.commons.logging.LogFactory; |
37 |
|
import org.apache.jetspeed.i18n.KeyedMessage; |
38 |
|
import org.apache.jetspeed.security.JSSubject; |
39 |
|
import org.apache.jetspeed.security.PermissionManager; |
40 |
|
import org.apache.jetspeed.security.RolePrincipal; |
41 |
|
import org.apache.jetspeed.security.SecurityException; |
42 |
|
import org.apache.jetspeed.security.SecurityHelper; |
43 |
|
import org.apache.jetspeed.security.UserPrincipal; |
44 |
|
import org.apache.jetspeed.security.om.InternalPermission; |
45 |
|
import org.apache.jetspeed.security.om.InternalPrincipal; |
46 |
|
import org.apache.jetspeed.security.om.impl.InternalPermissionImpl; |
47 |
|
import org.apache.jetspeed.security.om.impl.InternalPrincipalImpl; |
48 |
|
import org.apache.jetspeed.util.ArgUtil; |
49 |
|
import org.apache.ojb.broker.query.Criteria; |
50 |
|
import org.apache.ojb.broker.query.Query; |
51 |
|
import org.apache.ojb.broker.query.QueryByCriteria; |
52 |
|
import org.apache.ojb.broker.query.QueryFactory; |
53 |
|
import org.springframework.orm.ojb.support.PersistenceBrokerDaoSupport; |
54 |
|
|
55 |
|
|
56 |
|
|
57 |
|
|
58 |
|
|
59 |
|
|
60 |
|
|
61 |
|
|
62 |
|
|
63 |
|
|
64 |
|
|
65 |
|
|
66 |
|
|
67 |
|
|
68 |
|
|
69 |
|
|
70 |
|
|
71 |
|
|
72 |
|
|
73 |
|
|
74 |
|
|
75 |
|
|
76 |
|
|
77 |
|
|
78 |
|
|
79 |
|
|
80 |
|
|
81 |
0 |
public class PermissionManagerImpl extends PersistenceBrokerDaoSupport implements PermissionManager |
82 |
|
{ |
83 |
0 |
private static final Log log = LogFactory.getLog(PermissionManagerImpl.class); |
84 |
0 |
private static ThreadLocal permissionsCache = new ThreadLocal(); |
85 |
|
|
86 |
|
|
87 |
|
|
88 |
|
|
89 |
|
public Permissions getPermissions(Principal principal) |
90 |
|
{ |
91 |
0 |
String fullPath = SecurityHelper.getPreferencesFullPath(principal); |
92 |
0 |
ArgUtil.notNull(new Object[] { fullPath }, class="keyword">new String[] { "fullPath" }, |
93 |
|
"removePermission(java.security.Principal)"); |
94 |
|
|
95 |
0 |
HashMap permissionsMap = (HashMap)permissionsCache.get(); |
96 |
0 |
if ( permissionsMap == null ) |
97 |
|
{ |
98 |
0 |
permissionsMap = new HashMap(); |
99 |
0 |
permissionsCache.set(permissionsMap); |
100 |
|
} |
101 |
0 |
HashSet principalPermissions = (HashSet)permissionsMap.get(fullPath); |
102 |
0 |
if ( principalPermissions == null ) |
103 |
|
{ |
104 |
0 |
InternalPrincipal internalPrincipal = getInternalPrincipal(fullPath); |
105 |
0 |
if (null != internalPrincipal) |
106 |
|
{ |
107 |
0 |
principalPermissions = getSecurityPermissions(internalPrincipal.getPermissions()); |
108 |
|
} |
109 |
0 |
if ( principalPermissions == null) |
110 |
|
{ |
111 |
0 |
principalPermissions = new HashSet(); |
112 |
|
} |
113 |
0 |
permissionsMap.put(fullPath, principalPermissions); |
114 |
|
} |
115 |
|
|
116 |
0 |
Permissions permissions = new Permissions(); |
117 |
0 |
Iterator iter =principalPermissions.iterator(); |
118 |
0 |
while (iter.hasNext()) |
119 |
|
{ |
120 |
0 |
permissions.add((Permission)iter.next()); |
121 |
|
} |
122 |
|
|
123 |
0 |
return permissions; |
124 |
|
} |
125 |
|
|
126 |
|
|
127 |
|
|
128 |
|
|
129 |
|
public Permissions getPermissions(Collection principals) |
130 |
|
{ |
131 |
0 |
ArgUtil.notNull(new Object[] { principals }, class="keyword">new String[] { "principals" }, |
132 |
|
"getPermissions(java.util.Collection)"); |
133 |
|
|
134 |
0 |
Permissions permissions = new Permissions(); |
135 |
0 |
Collection principalsFullPath = getPrincipalsFullPath(principals); |
136 |
0 |
if ((null != principalsFullPath) && principalsFullPath.size() > 0) |
137 |
|
{ |
138 |
0 |
HashSet permissionsSet = new HashSet(); |
139 |
0 |
HashMap permissionsMap = (HashMap)permissionsCache.get(); |
140 |
0 |
if (permissionsMap == null) |
141 |
|
{ |
142 |
0 |
permissionsMap = new HashMap(); |
143 |
0 |
permissionsCache.set(permissionsMap); |
144 |
|
} |
145 |
|
|
146 |
0 |
Iterator iter = principalsFullPath.iterator(); |
147 |
|
HashSet principalPermissions; |
148 |
0 |
while ( iter.hasNext()) |
149 |
|
{ |
150 |
0 |
principalPermissions = (HashSet)permissionsMap.get(iter.next()); |
151 |
0 |
if ( principalPermissions != null ) |
152 |
|
{ |
153 |
0 |
iter.remove(); |
154 |
0 |
permissionsSet.addAll(principalPermissions); |
155 |
|
} |
156 |
|
} |
157 |
0 |
if ( principalsFullPath.size() > 0) |
158 |
|
{ |
159 |
0 |
Criteria filter = new Criteria(); |
160 |
0 |
filter.addIn("fullPath", principalsFullPath); |
161 |
0 |
Query query = QueryFactory.newQuery(InternalPrincipalImpl.class, filter); |
162 |
0 |
Collection internalPrincipals = getPersistenceBrokerTemplate().getCollectionByQuery(query); |
163 |
0 |
Iterator internalPrincipalsIter = internalPrincipals.iterator(); |
164 |
0 |
while (internalPrincipalsIter.hasNext()) |
165 |
|
{ |
166 |
0 |
InternalPrincipal internalPrincipal = (InternalPrincipal) internalPrincipalsIter.next(); |
167 |
0 |
Collection internalPermissions = internalPrincipal.getPermissions(); |
168 |
0 |
if (null != internalPermissions) |
169 |
|
{ |
170 |
0 |
principalPermissions = getSecurityPermissions(internalPermissions); |
171 |
0 |
permissionsSet.addAll(principalPermissions); |
172 |
|
} |
173 |
|
else |
174 |
|
{ |
175 |
0 |
principalPermissions = new HashSet(); |
176 |
|
} |
177 |
0 |
permissionsMap.put(internalPrincipal.getFullPath(),principalPermissions); |
178 |
0 |
} |
179 |
|
} |
180 |
0 |
iter = permissionsSet.iterator(); |
181 |
0 |
while (iter.hasNext()) |
182 |
|
{ |
183 |
0 |
permissions.add((Permission)iter.next()); |
184 |
|
} |
185 |
|
} |
186 |
0 |
return permissions; |
187 |
|
} |
188 |
|
|
189 |
|
|
190 |
|
|
191 |
|
|
192 |
|
|
193 |
|
|
194 |
|
|
195 |
|
|
196 |
|
|
197 |
|
private Collection getPrincipalsFullPath(Collection principals) |
198 |
|
{ |
199 |
0 |
Collection principalsFullPath = new ArrayList(); |
200 |
0 |
Iterator principalsIterator = principals.iterator(); |
201 |
0 |
while (principalsIterator.hasNext()) |
202 |
|
{ |
203 |
0 |
Principal principal = (Principal) principalsIterator.next(); |
204 |
0 |
String fullPath = SecurityHelper.getPreferencesFullPath(principal); |
205 |
0 |
if (null != fullPath) |
206 |
|
{ |
207 |
0 |
principalsFullPath.add(fullPath); |
208 |
|
} |
209 |
0 |
} |
210 |
0 |
return principalsFullPath; |
211 |
|
} |
212 |
|
|
213 |
|
|
214 |
|
|
215 |
|
|
216 |
|
|
217 |
|
|
218 |
|
|
219 |
|
|
220 |
|
|
221 |
|
private HashSet getSecurityPermissions(Collection omPermissions) |
222 |
|
{ |
223 |
0 |
HashSet permissions = new HashSet(); |
224 |
0 |
Iterator internalPermissionsIter = omPermissions.iterator(); |
225 |
0 |
while (internalPermissionsIter.hasNext()) |
226 |
|
{ |
227 |
0 |
InternalPermission internalPermission = (InternalPermission) internalPermissionsIter.next(); |
228 |
0 |
Permission permission = null; |
229 |
|
try |
230 |
|
{ |
231 |
0 |
Class permissionClass = Class.forName(internalPermission.getClassname()); |
232 |
0 |
Class[] parameterTypes = { String.class, String.class }; |
233 |
0 |
Constructor permissionConstructor = permissionClass.getConstructor(parameterTypes); |
234 |
0 |
Object[] initArgs = { internalPermission.getName(), internalPermission.getActions() }; |
235 |
0 |
permission = (Permission) permissionConstructor.newInstance(initArgs); |
236 |
0 |
if(permissions.add(permission)) |
237 |
|
{ |
238 |
0 |
if (log.isDebugEnabled()) |
239 |
|
{ |
240 |
0 |
log.debug("Added permimssion: [class, " + permission.getClass().getName() + "], " + "[name, " |
241 |
|
+ permission.getName() + "], " + "[actions, " + permission.getActions() + "]"); |
242 |
|
} |
243 |
|
} |
244 |
|
} |
245 |
0 |
catch (Exception e) |
246 |
|
{ |
247 |
0 |
log.error("Internal error", e); |
248 |
0 |
} |
249 |
0 |
} |
250 |
0 |
return permissions; |
251 |
|
} |
252 |
|
|
253 |
|
|
254 |
|
|
255 |
|
|
256 |
|
public void addPermission(Permission permission) throws SecurityException |
257 |
|
{ |
258 |
0 |
ArgUtil.notNull(new Object[] { permission }, class="keyword">new String[] { "permission" }, |
259 |
|
"addPermission(java.security.Permission)"); |
260 |
|
|
261 |
0 |
InternalPermission internalPermission = new InternalPermissionImpl(permission.getClass().getName(), permission |
262 |
|
.getName(), permission.getActions()); |
263 |
|
try |
264 |
|
{ |
265 |
0 |
getPersistenceBrokerTemplate().store(internalPermission); |
266 |
|
} |
267 |
0 |
catch (Exception e) |
268 |
|
{ |
269 |
0 |
KeyedMessage msg = SecurityException.UNEXPECTED.create("PermissionManager.addPermission", |
270 |
|
"store", e.getMessage()); |
271 |
0 |
logger.error(msg, e); |
272 |
0 |
throw new SecurityException(msg, e); |
273 |
0 |
} |
274 |
0 |
} |
275 |
|
|
276 |
|
|
277 |
|
|
278 |
|
|
279 |
|
public void removePermission(Permission permission) throws SecurityException |
280 |
|
{ |
281 |
0 |
ArgUtil.notNull(new Object[] { permission }, class="keyword">new String[] { "permission" }, |
282 |
|
"removePermission(java.security.Permission)"); |
283 |
|
|
284 |
0 |
InternalPermission internalPermission = getInternalPermission(permission); |
285 |
0 |
if (null != internalPermission) |
286 |
|
{ |
287 |
|
|
288 |
0 |
permissionsCache.set(null); |
289 |
|
try |
290 |
|
{ |
291 |
|
|
292 |
0 |
getPersistenceBrokerTemplate().delete(internalPermission); |
293 |
|
} |
294 |
0 |
catch (Exception e) |
295 |
|
{ |
296 |
0 |
KeyedMessage msg = SecurityException.UNEXPECTED.create("PermissionManager.removePermission", |
297 |
|
"delete", e.getMessage()); |
298 |
0 |
logger.error(msg, e); |
299 |
0 |
throw new SecurityException(msg, e); |
300 |
0 |
} |
301 |
|
} |
302 |
0 |
} |
303 |
|
|
304 |
|
|
305 |
|
|
306 |
|
|
307 |
|
public void removePermissions(Principal principal) throws SecurityException |
308 |
|
{ |
309 |
0 |
String fullPath = SecurityHelper.getPreferencesFullPath(principal); |
310 |
0 |
ArgUtil.notNull(new Object[] { fullPath }, class="keyword">new String[] { "fullPath" }, |
311 |
|
"removePermission(java.security.Principal)"); |
312 |
|
|
313 |
|
|
314 |
0 |
InternalPrincipal internalPrincipal = getInternalPrincipal(fullPath); |
315 |
0 |
if (null != internalPrincipal) |
316 |
|
{ |
317 |
0 |
Collection internalPermissions = internalPrincipal.getPermissions(); |
318 |
0 |
if (null != internalPermissions) |
319 |
|
{ |
320 |
0 |
internalPermissions.clear(); |
321 |
|
} |
322 |
|
|
323 |
0 |
permissionsCache.set(null); |
324 |
|
try |
325 |
|
{ |
326 |
0 |
internalPrincipal.setModifiedDate(new Timestamp(System.currentTimeMillis())); |
327 |
0 |
internalPrincipal.setPermissions(internalPermissions); |
328 |
|
|
329 |
0 |
getPersistenceBrokerTemplate().store(internalPrincipal); |
330 |
|
} |
331 |
0 |
catch (Exception e) |
332 |
|
{ |
333 |
0 |
KeyedMessage msg = SecurityException.UNEXPECTED.create("PermissionManager.removePermissions", |
334 |
|
"store", e.getMessage()); |
335 |
0 |
logger.error(msg, e); |
336 |
0 |
throw new SecurityException(msg, e); |
337 |
0 |
} |
338 |
|
} |
339 |
0 |
} |
340 |
|
|
341 |
|
|
342 |
|
|
343 |
|
|
344 |
|
|
345 |
|
public void grantPermission(Principal principal, Permission permission) throws SecurityException |
346 |
|
{ |
347 |
0 |
String fullPath = SecurityHelper.getPreferencesFullPath(principal); |
348 |
0 |
ArgUtil.notNull(new Object[] { fullPath, permission }, class="keyword">new String[] { "fullPath", "permission" }, |
349 |
|
"grantPermission(java.security.Principal, java.security.Permission)"); |
350 |
|
|
351 |
0 |
Collection internalPermissions = new ArrayList(); |
352 |
|
|
353 |
0 |
InternalPrincipal internalPrincipal = getInternalPrincipal(fullPath); |
354 |
0 |
if (null == internalPrincipal) |
355 |
|
{ |
356 |
0 |
if ( principal instanceof UserPrincipal ) |
357 |
|
{ |
358 |
0 |
throw new SecurityException(SecurityException.USER_DOES_NOT_EXIST.create(principal.getName())); |
359 |
|
} |
360 |
0 |
else if ( principal instanceof RolePrincipal ) |
361 |
|
{ |
362 |
0 |
throw new SecurityException(SecurityException.ROLE_DOES_NOT_EXIST.create(principal.getName())); |
363 |
|
} |
364 |
|
|
365 |
0 |
throw new SecurityException(SecurityException.GROUP_DOES_NOT_EXIST.create(principal.getName())); |
366 |
|
} |
367 |
0 |
InternalPermission internalPermission = getInternalPermission(permission); |
368 |
0 |
if (null == internalPermission) |
369 |
|
{ |
370 |
0 |
throw new SecurityException(SecurityException.PERMISSION_DOES_NOT_EXIST.create(permission.getName())); |
371 |
|
} |
372 |
|
|
373 |
0 |
if (null != internalPrincipal.getPermissions()) |
374 |
|
{ |
375 |
0 |
internalPermissions.addAll(internalPrincipal.getPermissions()); |
376 |
|
} |
377 |
0 |
if (!internalPermissions.contains(internalPermission)) |
378 |
|
{ |
379 |
0 |
internalPermissions.add(internalPermission); |
380 |
|
} |
381 |
|
|
382 |
0 |
permissionsCache.set(null); |
383 |
|
try |
384 |
|
{ |
385 |
0 |
internalPrincipal.setModifiedDate(new Timestamp(System.currentTimeMillis())); |
386 |
0 |
internalPrincipal.setPermissions(internalPermissions); |
387 |
|
|
388 |
0 |
getPersistenceBrokerTemplate().store(internalPrincipal); |
389 |
|
} |
390 |
0 |
catch (Exception e) |
391 |
|
{ |
392 |
0 |
KeyedMessage msg = SecurityException.UNEXPECTED.create("PermissionManager.grantPermission", |
393 |
|
"store", e.getMessage()); |
394 |
0 |
logger.error(msg, e); |
395 |
0 |
throw new SecurityException(msg, e); |
396 |
0 |
} |
397 |
0 |
} |
398 |
|
|
399 |
|
|
400 |
|
|
401 |
|
|
402 |
|
public boolean permissionExists(Permission permission) |
403 |
|
{ |
404 |
0 |
boolean permissionExists = true; |
405 |
0 |
InternalPermission internalPermission = getInternalPermission(permission); |
406 |
0 |
if (null == internalPermission) |
407 |
|
{ |
408 |
0 |
permissionExists = false; |
409 |
|
} |
410 |
0 |
return permissionExists; |
411 |
|
} |
412 |
|
|
413 |
|
|
414 |
|
|
415 |
|
|
416 |
|
|
417 |
|
public void revokePermission(Principal principal, Permission permission) throws SecurityException |
418 |
|
{ |
419 |
0 |
String fullPath = SecurityHelper.getPreferencesFullPath(principal); |
420 |
0 |
ArgUtil.notNull(new Object[] { fullPath, permission }, class="keyword">new String[] { "fullPath", "permission" }, |
421 |
|
"revokePermission(java.security.Principal, java.security.Permission)"); |
422 |
|
|
423 |
|
|
424 |
0 |
InternalPrincipal internalPrincipal = getInternalPrincipal(fullPath); |
425 |
0 |
if (null != internalPrincipal) |
426 |
|
{ |
427 |
0 |
Collection internalPermissions = internalPrincipal.getPermissions(); |
428 |
0 |
if (null != internalPermissions) |
429 |
|
{ |
430 |
0 |
boolean revokePermission = false; |
431 |
0 |
ArrayList newInternalPermissions = new ArrayList(); |
432 |
0 |
Iterator internalPermissionsIter = internalPermissions.iterator(); |
433 |
0 |
while (internalPermissionsIter.hasNext()) |
434 |
|
{ |
435 |
0 |
InternalPermission internalPermission = (InternalPermission) internalPermissionsIter.next(); |
436 |
0 |
if (!((internalPermission.getClassname().equals(permission.getClass().getName())) |
437 |
|
&& (internalPermission.getName().equals(permission.getName())) && (internalPermission.getActions() |
438 |
|
.equals(permission.getActions())))) |
439 |
|
{ |
440 |
0 |
newInternalPermissions.add(internalPermission); |
441 |
|
} |
442 |
|
else |
443 |
|
{ |
444 |
0 |
revokePermission = true; |
445 |
|
} |
446 |
0 |
} |
447 |
0 |
if (revokePermission) |
448 |
|
{ |
449 |
|
|
450 |
0 |
permissionsCache.set(null); |
451 |
|
try |
452 |
|
{ |
453 |
0 |
internalPrincipal.setModifiedDate(new Timestamp(System.currentTimeMillis())); |
454 |
0 |
internalPrincipal.setPermissions(newInternalPermissions); |
455 |
|
|
456 |
0 |
getPersistenceBrokerTemplate().store(internalPrincipal); |
457 |
|
} |
458 |
0 |
catch (Exception e) |
459 |
|
{ |
460 |
0 |
KeyedMessage msg = SecurityException.UNEXPECTED.create("PermissionManager.revokePermission", |
461 |
|
"store", e.getMessage()); |
462 |
0 |
logger.error(msg, e); |
463 |
0 |
throw new SecurityException(msg, e); |
464 |
0 |
} |
465 |
|
} |
466 |
|
} |
467 |
|
} |
468 |
0 |
} |
469 |
|
|
470 |
|
|
471 |
|
|
472 |
|
|
473 |
|
|
474 |
|
|
475 |
|
|
476 |
|
|
477 |
|
|
478 |
|
InternalPrincipal getInternalPrincipal(String fullPath) |
479 |
|
{ |
480 |
0 |
Criteria filter = new Criteria(); |
481 |
0 |
filter.addEqualTo("fullPath", fullPath); |
482 |
0 |
Query query = QueryFactory.newQuery(InternalPrincipalImpl.class, filter); |
483 |
0 |
InternalPrincipal internalPrincipal = (InternalPrincipal) getPersistenceBrokerTemplate().getObjectByQuery(query); |
484 |
0 |
return internalPrincipal; |
485 |
|
} |
486 |
|
|
487 |
|
|
488 |
|
|
489 |
|
|
490 |
|
|
491 |
|
|
492 |
|
|
493 |
|
|
494 |
|
|
495 |
|
InternalPermission getInternalPermission(Permission permission) |
496 |
|
{ |
497 |
0 |
Criteria filter = new Criteria(); |
498 |
0 |
filter.addEqualTo("classname", permission.getClass().getName()); |
499 |
0 |
filter.addEqualTo("name", permission.getName()); |
500 |
0 |
filter.addEqualTo("actions", permission.getActions()); |
501 |
0 |
Query query = QueryFactory.newQuery(InternalPermissionImpl.class, filter); |
502 |
0 |
InternalPermission internalPermission = (InternalPermission) getPersistenceBrokerTemplate().getObjectByQuery(query); |
503 |
0 |
return internalPermission; |
504 |
|
} |
505 |
|
|
506 |
|
public boolean checkPermission(Subject subject, final Permission permission) |
507 |
|
{ |
508 |
|
try |
509 |
|
{ |
510 |
|
|
511 |
0 |
JSSubject.doAsPrivileged(subject, new PrivilegedAction() |
512 |
|
{ |
513 |
|
public Object run() |
514 |
|
{ |
515 |
|
AccessController.checkPermission(permission); |
516 |
|
return null; |
517 |
|
} |
518 |
|
}, null); |
519 |
|
} |
520 |
0 |
catch (Exception e) |
521 |
|
{ |
522 |
0 |
return false; |
523 |
0 |
} |
524 |
0 |
return true; |
525 |
|
} |
526 |
|
|
527 |
|
public Collection getPermissions() |
528 |
|
{ |
529 |
0 |
QueryByCriteria query = QueryFactory.newQuery(InternalPermissionImpl.class, new Criteria()); |
530 |
0 |
query.addOrderByAscending("classname"); |
531 |
0 |
query.addOrderByAscending("name"); |
532 |
0 |
Collection internalPermissions = getPersistenceBrokerTemplate().getCollectionByQuery(query); |
533 |
0 |
return internalPermissions; |
534 |
|
} |
535 |
|
|
536 |
|
public Permissions getPermissions(String classname, String resource) |
537 |
|
{ |
538 |
0 |
Criteria filter = new Criteria(); |
539 |
0 |
filter.addEqualTo("classname", classname); |
540 |
0 |
filter.addEqualTo("name", resource); |
541 |
0 |
Query query = QueryFactory.newQuery(InternalPermissionImpl.class, filter); |
542 |
0 |
Collection internalPermissions = getPersistenceBrokerTemplate().getCollectionByQuery(query); |
543 |
0 |
Permissions permissions = new Permissions(); |
544 |
0 |
Iterator iter = internalPermissions.iterator(); |
545 |
|
try |
546 |
|
{ |
547 |
0 |
while (iter.hasNext()) |
548 |
|
{ |
549 |
0 |
InternalPermission internalPermission = (InternalPermission)iter.next(); |
550 |
0 |
Class permissionClass = Class.forName(internalPermission.getClassname()); |
551 |
0 |
Class[] parameterTypes = { String.class, String.class }; |
552 |
0 |
Constructor permissionConstructor = permissionClass.getConstructor(parameterTypes); |
553 |
0 |
Object[] initArgs = { internalPermission.getName(), internalPermission.getActions() }; |
554 |
0 |
Permission permission = (Permission) permissionConstructor.newInstance(initArgs); |
555 |
0 |
permissions.add(permission); |
556 |
0 |
} |
557 |
|
} |
558 |
0 |
catch (Exception e) |
559 |
|
{ |
560 |
0 |
logger.error("Failed to retrieve permissions", e); |
561 |
0 |
} |
562 |
0 |
return permissions; |
563 |
|
} |
564 |
|
|
565 |
|
public int updatePermission(Permission permission, Collection principals) |
566 |
|
throws SecurityException |
567 |
|
{ |
568 |
0 |
int count = 0; |
569 |
0 |
InternalPermission internal = getInternalPermission(permission); |
570 |
0 |
Iterator iter = principals.iterator(); |
571 |
0 |
Collection newPrincipals = new LinkedList(); |
572 |
0 |
while (iter.hasNext()) |
573 |
|
{ |
574 |
0 |
Principal principal = (Principal)iter.next(); |
575 |
0 |
String fullPath = SecurityHelper.getPreferencesFullPath(principal); |
576 |
0 |
InternalPrincipal internalPrincipal = getInternalPrincipal(fullPath); |
577 |
0 |
newPrincipals.add(internalPrincipal); |
578 |
0 |
} |
579 |
0 |
internal.setPrincipals(newPrincipals); |
580 |
0 |
internal.setModifiedDate(new Timestamp(System.currentTimeMillis())); |
581 |
|
try |
582 |
|
{ |
583 |
0 |
getPersistenceBrokerTemplate().store(internal); |
584 |
|
} |
585 |
0 |
catch (Exception e) |
586 |
|
{ |
587 |
0 |
KeyedMessage msg = SecurityException.UNEXPECTED.create("PermissionManager.updatePermission", |
588 |
|
"store", e.getMessage()); |
589 |
0 |
logger.error(msg, e); |
590 |
0 |
throw new SecurityException(msg, e); |
591 |
0 |
} |
592 |
|
|
593 |
0 |
return count; |
594 |
|
} |
595 |
|
|
596 |
|
public Collection getPrincipals(Permission permission) |
597 |
|
{ |
598 |
0 |
Collection result = new LinkedList(); |
599 |
0 |
InternalPermission internalPermission = this.getInternalPermission(permission); |
600 |
0 |
if (internalPermission == null) |
601 |
|
{ |
602 |
0 |
return result; |
603 |
|
} |
604 |
0 |
Iterator principals = internalPermission.getPrincipals().iterator(); |
605 |
0 |
while (principals.hasNext()) |
606 |
|
{ |
607 |
0 |
InternalPrincipal internalPrincipal = (InternalPrincipal)principals.next(); |
608 |
0 |
Principal principal = |
609 |
|
SecurityHelper.createPrincipalFromFullPath(internalPrincipal.getFullPath()); |
610 |
0 |
result.add(principal); |
611 |
0 |
} |
612 |
0 |
return result; |
613 |
|
} |
614 |
|
|
615 |
|
|
616 |
|
} |