diff --git a/config/PrivilegeRoles.xml b/config/PrivilegeRoles.xml
new file mode 100644
index 000000000..9a1a73074
--- /dev/null
+++ b/config/PrivilegeRoles.xml
@@ -0,0 +1,12 @@
+
+
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/config/PrivilegeUsers.xml b/config/PrivilegeUsers.xml
new file mode 100644
index 000000000..d3571ea83
--- /dev/null
+++ b/config/PrivilegeUsers.xml
@@ -0,0 +1,10 @@
+
+
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/config/RestrictionPolicies.xml b/config/RestrictionPolicies.xml
new file mode 100644
index 000000000..878d30e8a
--- /dev/null
+++ b/config/RestrictionPolicies.xml
@@ -0,0 +1,6 @@
+
+
+
+
+
+
\ No newline at end of file
diff --git a/config/RestrictionPolicy.xml b/config/RestrictionPolicy.xml
deleted file mode 100644
index c1ec64418..000000000
--- a/config/RestrictionPolicy.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-
-
-
-
-
-
\ No newline at end of file
diff --git a/src/ch/eitchnet/privilege/base/XmlConstants.java b/src/ch/eitchnet/privilege/base/XmlConstants.java
index 692188cee..d7f1e50f3 100644
--- a/src/ch/eitchnet/privilege/base/XmlConstants.java
+++ b/src/ch/eitchnet/privilege/base/XmlConstants.java
@@ -19,9 +19,11 @@ public class XmlConstants {
public static final String XML_HANDLER_SESSION = "SessionHandler";
public static final String XML_HANDLER_POLICY = "PolicyHandler";
+ public static final String XML_POLICY = "Policy";
public static final String XML_PARAMETERS = "Parameters";
public static final String XML_ATTR_CLASS = "class";
+ public static final String XML_ATTR_NAME = "name";
public static final String XML_PARAM_HASH_ALGORITHM = "hashAlgorithm";
public static final String XML_PARAM_POLICY_FILE = "policyXmlFile";
diff --git a/src/ch/eitchnet/privilege/handler/DefaultPolicyHandler.java b/src/ch/eitchnet/privilege/handler/DefaultPolicyHandler.java
index 339752bbc..a72f5c996 100644
--- a/src/ch/eitchnet/privilege/handler/DefaultPolicyHandler.java
+++ b/src/ch/eitchnet/privilege/handler/DefaultPolicyHandler.java
@@ -11,18 +11,21 @@
package ch.eitchnet.privilege.handler;
import java.io.File;
+import java.util.HashMap;
+import java.util.List;
import java.util.Map;
import org.dom4j.Element;
import ch.eitchnet.privilege.base.PrivilegeContainer;
import ch.eitchnet.privilege.base.XmlConstants;
+import ch.eitchnet.privilege.helper.ClassHelper;
import ch.eitchnet.privilege.helper.ConfigurationHelper;
import ch.eitchnet.privilege.helper.XmlHelper;
import ch.eitchnet.privilege.i18n.PrivilegeException;
import ch.eitchnet.privilege.model.Restrictable;
-import ch.eitchnet.privilege.model.internal.RestrictionPolicy;
import ch.eitchnet.privilege.model.internal.Role;
+import ch.eitchnet.privilege.policy.RestrictionPolicy;
/**
* @author rvonburg
@@ -30,7 +33,7 @@ import ch.eitchnet.privilege.model.internal.Role;
*/
public class DefaultPolicyHandler implements PolicyHandler {
- private Map policyMap;
+ private Map> policyMap;
/**
* @see ch.eitchnet.privilege.handler.PolicyHandler#actionAllowed(ch.eitchnet.privilege.model.internal.Role,
@@ -53,13 +56,16 @@ public class DefaultPolicyHandler implements PolicyHandler {
+ restrictable.getClass().getName());
}
- // get restriction policy
- RestrictionPolicy policy = policyMap.get(restrictionKey);
- if (policy == null) {
+ // get restriction policy class
+ Class policyClazz = policyMap.get(restrictionKey);
+ if (policyClazz == null) {
throw new PrivilegeException("No RestrictionPolicy exists for the RestrictionKey " + restrictionKey
+ " for Restrictable " + restrictable.getClass().getName());
}
+ // instantiate policy
+ RestrictionPolicy policy = ClassHelper.instantiateClass(policyClazz);
+
// delegate checking to restriction policy
return policy.actionAllowed(role, restrictable);
}
@@ -67,6 +73,7 @@ public class DefaultPolicyHandler implements PolicyHandler {
/**
* @see ch.eitchnet.privilege.base.PrivilegeContainerObject#initialize(org.dom4j.Element)
*/
+ @SuppressWarnings("unchecked")
public void initialize(Element element) {
// get parameters
@@ -88,7 +95,19 @@ public class DefaultPolicyHandler implements PolicyHandler {
+ policyFile.getAbsolutePath());
}
+ policyMap = new HashMap>();
+
// parse policy xml file to XML document
Element containerRootElement = XmlHelper.parseDocument(policyFile).getRootElement();
+
+ List policyElements = containerRootElement.elements(XmlConstants.XML_POLICY);
+ for (Element policyElement : policyElements) {
+ String policyName = policyElement.attributeValue(XmlConstants.XML_ATTR_NAME);
+ String policyClass = policyElement.attributeValue(XmlConstants.XML_ATTR_CLASS);
+
+ Class clazz = ClassHelper.loadClass(policyClass);
+
+ policyMap.put(policyName, clazz);
+ }
}
}
diff --git a/src/ch/eitchnet/privilege/handler/PersistenceHandler.java b/src/ch/eitchnet/privilege/handler/PersistenceHandler.java
index bd12a2b5d..617bb98c2 100644
--- a/src/ch/eitchnet/privilege/handler/PersistenceHandler.java
+++ b/src/ch/eitchnet/privilege/handler/PersistenceHandler.java
@@ -12,8 +12,8 @@ package ch.eitchnet.privilege.handler;
import java.util.List;
-import ch.eitchnet.privilege.model.internal.RestrictionPolicy;
import ch.eitchnet.privilege.model.internal.User;
+import ch.eitchnet.privilege.policy.RestrictionPolicy;
/**
* @author rvonburg
diff --git a/src/ch/eitchnet/privilege/helper/ClassHelper.java b/src/ch/eitchnet/privilege/helper/ClassHelper.java
index 521c4df4f..34c9a1139 100644
--- a/src/ch/eitchnet/privilege/helper/ClassHelper.java
+++ b/src/ch/eitchnet/privilege/helper/ClassHelper.java
@@ -30,4 +30,27 @@ public class ClassHelper {
throw new PrivilegeException("The class " + className + " could not be instantiated: ", e);
}
}
+
+ public static T instantiateClass(Class clazz) {
+ try {
+
+ return clazz.getConstructor().newInstance();
+
+ } catch (Exception e) {
+ throw new PrivilegeException("The class " + clazz.getName() + " could not be instantiated: ", e);
+ }
+ }
+
+ @SuppressWarnings("unchecked")
+ public static Class loadClass(String className) {
+ try {
+
+ Class clazz = (Class) Class.forName(className);
+
+ return clazz;
+
+ } catch (Exception e) {
+ throw new PrivilegeException("The class " + className + " could not be instantiated: ", e);
+ }
+ }
}
diff --git a/src/ch/eitchnet/privilege/model/internal/Privilege.java b/src/ch/eitchnet/privilege/model/internal/Privilege.java
index 779fdd802..4e1d7201b 100644
--- a/src/ch/eitchnet/privilege/model/internal/Privilege.java
+++ b/src/ch/eitchnet/privilege/model/internal/Privilege.java
@@ -20,18 +20,18 @@ import java.util.List;
public class Privilege {
private final boolean allAllowed;
- private final List valuesAllowed;
- private final List valuesNotAllowed;
+ private final List allowList;
+ private final List denyList;
/**
* @param allAllowed
- * @param valuesAllowed
- * @param valuesNotAllowed
+ * @param allowList
+ * @param denyList
*/
- public Privilege(boolean allAllowed, List valuesAllowed, List valuesNotAllowed) {
+ public Privilege(boolean allAllowed, List allowList, List denyList) {
this.allAllowed = allAllowed;
- this.valuesAllowed = Collections.unmodifiableList(valuesAllowed);
- this.valuesNotAllowed = Collections.unmodifiableList(valuesNotAllowed);
+ this.allowList = Collections.unmodifiableList(allowList);
+ this.denyList = Collections.unmodifiableList(denyList);
}
/**
@@ -42,16 +42,17 @@ public class Privilege {
}
/**
- * @return the valuesAllowed
+ * @return the allowList
*/
- public List getValuesAllowed() {
- return valuesAllowed;
+ public List getAllowList() {
+ return allowList;
}
/**
- * @return the valuesNotAllowed
+ * @return the denyList
*/
- public List getValuesNotAllowed() {
- return valuesNotAllowed;
+ public List getDenyList() {
+ return denyList;
}
+
}
diff --git a/src/ch/eitchnet/privilege/model/internal/DefaultRestriction.java b/src/ch/eitchnet/privilege/policy/DefaultRestriction.java
similarity index 61%
rename from src/ch/eitchnet/privilege/model/internal/DefaultRestriction.java
rename to src/ch/eitchnet/privilege/policy/DefaultRestriction.java
index 0516b4281..33ff8709d 100644
--- a/src/ch/eitchnet/privilege/model/internal/DefaultRestriction.java
+++ b/src/ch/eitchnet/privilege/policy/DefaultRestriction.java
@@ -8,12 +8,12 @@
*
*/
-package ch.eitchnet.privilege.model.internal;
-
-import org.dom4j.Element;
+package ch.eitchnet.privilege.policy;
import ch.eitchnet.privilege.i18n.PrivilegeException;
import ch.eitchnet.privilege.model.Restrictable;
+import ch.eitchnet.privilege.model.internal.Privilege;
+import ch.eitchnet.privilege.model.internal.Role;
/**
* @author rvonburg
@@ -21,11 +21,9 @@ import ch.eitchnet.privilege.model.Restrictable;
*/
public class DefaultRestriction implements RestrictionPolicy {
- private String restrictionKey;
-
/**
- * @see ch.eitchnet.privilege.model.internal.RestrictionPolicy#actionAllowed(ch.eitchnet.privilege.model.User,
- * ch.eitchnet.privilege.model.Restrictable)
+ * @see ch.eitchnet.privilege.policy.RestrictionPolicy#actionAllowed(java.lang.String,
+ * ch.eitchnet.privilege.model.internal.Role, ch.eitchnet.privilege.model.Restrictable)
*/
@Override
public boolean actionAllowed(Role role, Restrictable restrictable) {
@@ -34,18 +32,17 @@ public class DefaultRestriction implements RestrictionPolicy {
if (role == null)
throw new PrivilegeException("Role may not be null!");
- // validate Restrictable is set for this RestrictionPolicy
- if (!restrictionKey.equals(restrictable.getRestrictionKey())) {
- throw new PrivilegeException(RestrictionPolicy.class.getSimpleName() + " "
- + DefaultRestriction.class.getSimpleName() + " with restriction key " + restrictionKey
- + " can not validate " + Restrictable.class.getSimpleName() + " with key "
- + restrictable.getRestrictionKey());
+ // get the restriction key
+ String restrictionKey = restrictable.getRestrictionKey();
+ if (restrictionKey == null || restrictionKey.isEmpty()) {
+ throw new PrivilegeException("The restriction key for the Restrictable is null or empty: " + restrictable);
}
// get restriction object for users role
Privilege privilege = role.getPrivilege(restrictionKey);
// no restriction object means no privilege
+ // TODO should default deny/allow policy be configurable?
if (privilege == null)
return false;
@@ -65,13 +62,13 @@ public class DefaultRestriction implements RestrictionPolicy {
String restrictionValue = (String) object;
// first check values not allowed
- for (String notAllowed : privilege.getValuesNotAllowed()) {
- if (notAllowed.equals(restrictionValue))
+ for (String denied : privilege.getDenyList()) {
+ if (denied.equals(restrictionValue))
return false;
}
// now check values allowed
- for (String allowed : privilege.getValuesAllowed()) {
+ for (String allowed : privilege.getAllowList()) {
if (allowed.equals(restrictionValue))
return true;
}
@@ -79,9 +76,4 @@ public class DefaultRestriction implements RestrictionPolicy {
// default is not allowed
return false;
}
-
- public void initialize(Element element) {
-
- // TODO implement
- }
}
diff --git a/src/ch/eitchnet/privilege/model/internal/RestrictionPolicy.java b/src/ch/eitchnet/privilege/policy/RestrictionPolicy.java
similarity index 77%
rename from src/ch/eitchnet/privilege/model/internal/RestrictionPolicy.java
rename to src/ch/eitchnet/privilege/policy/RestrictionPolicy.java
index 35c18859a..093ca1468 100644
--- a/src/ch/eitchnet/privilege/model/internal/RestrictionPolicy.java
+++ b/src/ch/eitchnet/privilege/policy/RestrictionPolicy.java
@@ -8,9 +8,10 @@
*
*/
-package ch.eitchnet.privilege.model.internal;
+package ch.eitchnet.privilege.policy;
import ch.eitchnet.privilege.model.Restrictable;
+import ch.eitchnet.privilege.model.internal.Role;
/**
* @author rvonburg