This commit is contained in:
parent
d4f471028e
commit
00ed10014d
|
@ -0,0 +1,12 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<PrivilegeRoles>
|
||||
|
||||
<Role name="">
|
||||
<Privilege name="">
|
||||
<allAllowed></allAllowed>
|
||||
<deny></deny>
|
||||
<allow></allow>
|
||||
</Privilege>
|
||||
</Role>
|
||||
|
||||
</PrivilegeRoles>
|
|
@ -0,0 +1,10 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<PrivilegesUsers>
|
||||
|
||||
<User username="" firstname="" surname="" state="">
|
||||
<Roles>
|
||||
<Role></Role>
|
||||
</Roles>
|
||||
</User>
|
||||
|
||||
</PrivilegesUsers>
|
|
@ -0,0 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<RestrictionPolicies>
|
||||
|
||||
<Policy name="" class="" />
|
||||
|
||||
</RestrictionPolicies>
|
|
@ -1,6 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<RestrictionPolicy>
|
||||
|
||||
|
||||
|
||||
</RestrictionPolicy>
|
|
@ -19,9 +19,11 @@ public class XmlConstants {
|
|||
public static final String XML_HANDLER_SESSION = "SessionHandler";
|
||||
public static final String XML_HANDLER_POLICY = "PolicyHandler";
|
||||
|
||||
public static final String XML_POLICY = "Policy";
|
||||
public static final String XML_PARAMETERS = "Parameters";
|
||||
|
||||
public static final String XML_ATTR_CLASS = "class";
|
||||
public static final String XML_ATTR_NAME = "name";
|
||||
|
||||
public static final String XML_PARAM_HASH_ALGORITHM = "hashAlgorithm";
|
||||
public static final String XML_PARAM_POLICY_FILE = "policyXmlFile";
|
||||
|
|
|
@ -11,18 +11,21 @@
|
|||
package ch.eitchnet.privilege.handler;
|
||||
|
||||
import java.io.File;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import org.dom4j.Element;
|
||||
|
||||
import ch.eitchnet.privilege.base.PrivilegeContainer;
|
||||
import ch.eitchnet.privilege.base.XmlConstants;
|
||||
import ch.eitchnet.privilege.helper.ClassHelper;
|
||||
import ch.eitchnet.privilege.helper.ConfigurationHelper;
|
||||
import ch.eitchnet.privilege.helper.XmlHelper;
|
||||
import ch.eitchnet.privilege.i18n.PrivilegeException;
|
||||
import ch.eitchnet.privilege.model.Restrictable;
|
||||
import ch.eitchnet.privilege.model.internal.RestrictionPolicy;
|
||||
import ch.eitchnet.privilege.model.internal.Role;
|
||||
import ch.eitchnet.privilege.policy.RestrictionPolicy;
|
||||
|
||||
/**
|
||||
* @author rvonburg
|
||||
|
@ -30,7 +33,7 @@ import ch.eitchnet.privilege.model.internal.Role;
|
|||
*/
|
||||
public class DefaultPolicyHandler implements PolicyHandler {
|
||||
|
||||
private Map<String, RestrictionPolicy> policyMap;
|
||||
private Map<String, Class<RestrictionPolicy>> policyMap;
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.handler.PolicyHandler#actionAllowed(ch.eitchnet.privilege.model.internal.Role,
|
||||
|
@ -53,13 +56,16 @@ public class DefaultPolicyHandler implements PolicyHandler {
|
|||
+ restrictable.getClass().getName());
|
||||
}
|
||||
|
||||
// get restriction policy
|
||||
RestrictionPolicy policy = policyMap.get(restrictionKey);
|
||||
if (policy == null) {
|
||||
// get restriction policy class
|
||||
Class<RestrictionPolicy> policyClazz = policyMap.get(restrictionKey);
|
||||
if (policyClazz == null) {
|
||||
throw new PrivilegeException("No RestrictionPolicy exists for the RestrictionKey " + restrictionKey
|
||||
+ " for Restrictable " + restrictable.getClass().getName());
|
||||
}
|
||||
|
||||
// instantiate policy
|
||||
RestrictionPolicy policy = ClassHelper.instantiateClass(policyClazz);
|
||||
|
||||
// delegate checking to restriction policy
|
||||
return policy.actionAllowed(role, restrictable);
|
||||
}
|
||||
|
@ -67,6 +73,7 @@ public class DefaultPolicyHandler implements PolicyHandler {
|
|||
/**
|
||||
* @see ch.eitchnet.privilege.base.PrivilegeContainerObject#initialize(org.dom4j.Element)
|
||||
*/
|
||||
@SuppressWarnings("unchecked")
|
||||
public void initialize(Element element) {
|
||||
|
||||
// get parameters
|
||||
|
@ -88,7 +95,19 @@ public class DefaultPolicyHandler implements PolicyHandler {
|
|||
+ policyFile.getAbsolutePath());
|
||||
}
|
||||
|
||||
policyMap = new HashMap<String, Class<RestrictionPolicy>>();
|
||||
|
||||
// parse policy xml file to XML document
|
||||
Element containerRootElement = XmlHelper.parseDocument(policyFile).getRootElement();
|
||||
|
||||
List<Element> policyElements = containerRootElement.elements(XmlConstants.XML_POLICY);
|
||||
for (Element policyElement : policyElements) {
|
||||
String policyName = policyElement.attributeValue(XmlConstants.XML_ATTR_NAME);
|
||||
String policyClass = policyElement.attributeValue(XmlConstants.XML_ATTR_CLASS);
|
||||
|
||||
Class<RestrictionPolicy> clazz = ClassHelper.loadClass(policyClass);
|
||||
|
||||
policyMap.put(policyName, clazz);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -12,8 +12,8 @@ package ch.eitchnet.privilege.handler;
|
|||
|
||||
import java.util.List;
|
||||
|
||||
import ch.eitchnet.privilege.model.internal.RestrictionPolicy;
|
||||
import ch.eitchnet.privilege.model.internal.User;
|
||||
import ch.eitchnet.privilege.policy.RestrictionPolicy;
|
||||
|
||||
/**
|
||||
* @author rvonburg
|
||||
|
|
|
@ -30,4 +30,27 @@ public class ClassHelper {
|
|||
throw new PrivilegeException("The class " + className + " could not be instantiated: ", e);
|
||||
}
|
||||
}
|
||||
|
||||
public static <T> T instantiateClass(Class<T> clazz) {
|
||||
try {
|
||||
|
||||
return clazz.getConstructor().newInstance();
|
||||
|
||||
} catch (Exception e) {
|
||||
throw new PrivilegeException("The class " + clazz.getName() + " could not be instantiated: ", e);
|
||||
}
|
||||
}
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
public static <T> Class<T> loadClass(String className) {
|
||||
try {
|
||||
|
||||
Class<T> clazz = (Class<T>) Class.forName(className);
|
||||
|
||||
return clazz;
|
||||
|
||||
} catch (Exception e) {
|
||||
throw new PrivilegeException("The class " + className + " could not be instantiated: ", e);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -20,18 +20,18 @@ import java.util.List;
|
|||
public class Privilege {
|
||||
|
||||
private final boolean allAllowed;
|
||||
private final List<String> valuesAllowed;
|
||||
private final List<String> valuesNotAllowed;
|
||||
private final List<String> allowList;
|
||||
private final List<String> denyList;
|
||||
|
||||
/**
|
||||
* @param allAllowed
|
||||
* @param valuesAllowed
|
||||
* @param valuesNotAllowed
|
||||
* @param allowList
|
||||
* @param denyList
|
||||
*/
|
||||
public Privilege(boolean allAllowed, List<String> valuesAllowed, List<String> valuesNotAllowed) {
|
||||
public Privilege(boolean allAllowed, List<String> allowList, List<String> denyList) {
|
||||
this.allAllowed = allAllowed;
|
||||
this.valuesAllowed = Collections.unmodifiableList(valuesAllowed);
|
||||
this.valuesNotAllowed = Collections.unmodifiableList(valuesNotAllowed);
|
||||
this.allowList = Collections.unmodifiableList(allowList);
|
||||
this.denyList = Collections.unmodifiableList(denyList);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -42,16 +42,17 @@ public class Privilege {
|
|||
}
|
||||
|
||||
/**
|
||||
* @return the valuesAllowed
|
||||
* @return the allowList
|
||||
*/
|
||||
public List<String> getValuesAllowed() {
|
||||
return valuesAllowed;
|
||||
public List<String> getAllowList() {
|
||||
return allowList;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the valuesNotAllowed
|
||||
* @return the denyList
|
||||
*/
|
||||
public List<String> getValuesNotAllowed() {
|
||||
return valuesNotAllowed;
|
||||
public List<String> getDenyList() {
|
||||
return denyList;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -8,12 +8,12 @@
|
|||
*
|
||||
*/
|
||||
|
||||
package ch.eitchnet.privilege.model.internal;
|
||||
|
||||
import org.dom4j.Element;
|
||||
package ch.eitchnet.privilege.policy;
|
||||
|
||||
import ch.eitchnet.privilege.i18n.PrivilegeException;
|
||||
import ch.eitchnet.privilege.model.Restrictable;
|
||||
import ch.eitchnet.privilege.model.internal.Privilege;
|
||||
import ch.eitchnet.privilege.model.internal.Role;
|
||||
|
||||
/**
|
||||
* @author rvonburg
|
||||
|
@ -21,11 +21,9 @@ import ch.eitchnet.privilege.model.Restrictable;
|
|||
*/
|
||||
public class DefaultRestriction implements RestrictionPolicy {
|
||||
|
||||
private String restrictionKey;
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.model.internal.RestrictionPolicy#actionAllowed(ch.eitchnet.privilege.model.User,
|
||||
* ch.eitchnet.privilege.model.Restrictable)
|
||||
* @see ch.eitchnet.privilege.policy.RestrictionPolicy#actionAllowed(java.lang.String,
|
||||
* ch.eitchnet.privilege.model.internal.Role, ch.eitchnet.privilege.model.Restrictable)
|
||||
*/
|
||||
@Override
|
||||
public boolean actionAllowed(Role role, Restrictable restrictable) {
|
||||
|
@ -34,18 +32,17 @@ public class DefaultRestriction implements RestrictionPolicy {
|
|||
if (role == null)
|
||||
throw new PrivilegeException("Role may not be null!");
|
||||
|
||||
// validate Restrictable is set for this RestrictionPolicy
|
||||
if (!restrictionKey.equals(restrictable.getRestrictionKey())) {
|
||||
throw new PrivilegeException(RestrictionPolicy.class.getSimpleName() + " "
|
||||
+ DefaultRestriction.class.getSimpleName() + " with restriction key " + restrictionKey
|
||||
+ " can not validate " + Restrictable.class.getSimpleName() + " with key "
|
||||
+ restrictable.getRestrictionKey());
|
||||
// get the restriction key
|
||||
String restrictionKey = restrictable.getRestrictionKey();
|
||||
if (restrictionKey == null || restrictionKey.isEmpty()) {
|
||||
throw new PrivilegeException("The restriction key for the Restrictable is null or empty: " + restrictable);
|
||||
}
|
||||
|
||||
// get restriction object for users role
|
||||
Privilege privilege = role.getPrivilege(restrictionKey);
|
||||
|
||||
// no restriction object means no privilege
|
||||
// TODO should default deny/allow policy be configurable?
|
||||
if (privilege == null)
|
||||
return false;
|
||||
|
||||
|
@ -65,13 +62,13 @@ public class DefaultRestriction implements RestrictionPolicy {
|
|||
String restrictionValue = (String) object;
|
||||
|
||||
// first check values not allowed
|
||||
for (String notAllowed : privilege.getValuesNotAllowed()) {
|
||||
if (notAllowed.equals(restrictionValue))
|
||||
for (String denied : privilege.getDenyList()) {
|
||||
if (denied.equals(restrictionValue))
|
||||
return false;
|
||||
}
|
||||
|
||||
// now check values allowed
|
||||
for (String allowed : privilege.getValuesAllowed()) {
|
||||
for (String allowed : privilege.getAllowList()) {
|
||||
if (allowed.equals(restrictionValue))
|
||||
return true;
|
||||
}
|
||||
|
@ -79,9 +76,4 @@ public class DefaultRestriction implements RestrictionPolicy {
|
|||
// default is not allowed
|
||||
return false;
|
||||
}
|
||||
|
||||
public void initialize(Element element) {
|
||||
|
||||
// TODO implement
|
||||
}
|
||||
}
|
|
@ -8,9 +8,10 @@
|
|||
*
|
||||
*/
|
||||
|
||||
package ch.eitchnet.privilege.model.internal;
|
||||
package ch.eitchnet.privilege.policy;
|
||||
|
||||
import ch.eitchnet.privilege.model.Restrictable;
|
||||
import ch.eitchnet.privilege.model.internal.Role;
|
||||
|
||||
/**
|
||||
* @author rvonburg
|
Loading…
Reference in New Issue