This commit is contained in:
parent
89e4f30bcf
commit
0775f52b0c
|
@ -2,7 +2,7 @@
|
|||
<PrivilegeRoles>
|
||||
|
||||
<Role name="admin">
|
||||
<Privilege name="Service" policy="default">
|
||||
<Privilege name="Service" policy="DefaultRestriction">
|
||||
<allAllowed>true</allAllowed>
|
||||
<deny></deny>
|
||||
<allow></allow>
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<RestrictionPolicies>
|
||||
|
||||
<Policy name="default" class="ch.eitchnet.privilege.policy.DefaultRestriction" />
|
||||
<Policy name="DefaultRestriction" class="ch.eitchnet.privilege.policy.DefaultRestriction" />
|
||||
|
||||
</RestrictionPolicies>
|
|
@ -23,8 +23,6 @@ import ch.eitchnet.privilege.helper.XmlHelper;
|
|||
import ch.eitchnet.privilege.i18n.PrivilegeException;
|
||||
|
||||
/**
|
||||
*
|
||||
*
|
||||
* @author rvonburg
|
||||
*/
|
||||
public class PrivilegeContainer {
|
||||
|
|
|
@ -11,6 +11,8 @@
|
|||
package ch.eitchnet.privilege.handler;
|
||||
|
||||
import java.io.File;
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
import java.util.Locale;
|
||||
|
@ -28,6 +30,7 @@ import ch.eitchnet.privilege.i18n.PrivilegeException;
|
|||
import ch.eitchnet.privilege.model.Certificate;
|
||||
import ch.eitchnet.privilege.model.Restrictable;
|
||||
import ch.eitchnet.privilege.model.UserState;
|
||||
import ch.eitchnet.privilege.model.internal.Privilege;
|
||||
import ch.eitchnet.privilege.model.internal.Role;
|
||||
import ch.eitchnet.privilege.model.internal.Session;
|
||||
import ch.eitchnet.privilege.model.internal.User;
|
||||
|
@ -202,9 +205,9 @@ public class DefaultSessionHandler implements SessionHandler {
|
|||
|
||||
// parse roles xml file to XML document
|
||||
Element rolesRootElement = XmlHelper.parseDocument(rolesFile).getRootElement();
|
||||
readRoles(rolesRootElement);
|
||||
|
||||
// TODO read roles
|
||||
// read roles
|
||||
readRoles(rolesRootElement);
|
||||
|
||||
// get users file name
|
||||
String usersFileName = parameterMap.get(XmlConstants.XML_PARAM_USERS_FILE);
|
||||
|
@ -223,11 +226,12 @@ public class DefaultSessionHandler implements SessionHandler {
|
|||
|
||||
// parse users xml file to XML document
|
||||
Element usersRootElement = XmlHelper.parseDocument(usersFile).getRootElement();
|
||||
|
||||
// read users
|
||||
readUsers(usersRootElement);
|
||||
|
||||
// TODO read users
|
||||
|
||||
// TODO implement
|
||||
logger.info("Read " + userMap.size() + " Users");
|
||||
logger.info("Read " + roleMap.size() + " Roles");
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -274,8 +278,53 @@ public class DefaultSessionHandler implements SessionHandler {
|
|||
* @param rolesRootElement
|
||||
*/
|
||||
private void readRoles(Element rolesRootElement) {
|
||||
// TODO Auto-generated method stub
|
||||
|
||||
List<Element> roleElements = rolesRootElement.elements(XmlConstants.XML_ROLE);
|
||||
for (Element roleElement : roleElements) {
|
||||
|
||||
String roleName = roleElement.attributeValue(XmlConstants.XML_ATTR_NAME);
|
||||
|
||||
List<Element> privilegeElements = roleElement.elements(XmlConstants.XML_PRIVILEGE);
|
||||
Map<String, Privilege> privilegeMap = new HashMap<String, Privilege>();
|
||||
for (Element privilegeElement : privilegeElements) {
|
||||
|
||||
String privilegeName = privilegeElement.attributeValue(XmlConstants.XML_ATTR_NAME);
|
||||
String privilegePolicy = privilegeElement.attributeValue(XmlConstants.XML_ATTR_POLICY);
|
||||
|
||||
String allAllowedS = privilegeElement.element(XmlConstants.XML_ALL_ALLOWED).getTextTrim();
|
||||
boolean allAllowed = Boolean.valueOf(allAllowedS);
|
||||
|
||||
List<Element> denyElements = privilegeElement.elements(XmlConstants.XML_DENY);
|
||||
List<String> denyList = new ArrayList<String>(denyElements.size());
|
||||
for (Element denyElement : denyElements) {
|
||||
String denyValue = denyElement.getTextTrim();
|
||||
if (denyValue.isEmpty()) {
|
||||
logger.error("Role " + roleName + " has privilege " + privilegeName
|
||||
+ " with an empty deny value!");
|
||||
} else {
|
||||
denyList.add(denyValue);
|
||||
}
|
||||
}
|
||||
|
||||
List<Element> allowElements = privilegeElement.elements(XmlConstants.XML_ALLOW);
|
||||
List<String> allowList = new ArrayList<String>(allowElements.size());
|
||||
for (Element allowElement : allowElements) {
|
||||
String allowValue = allowElement.getTextTrim();
|
||||
if (allowValue.isEmpty()) {
|
||||
logger.error("Role " + roleName + " has privilege " + privilegeName
|
||||
+ " with an empty allow value!");
|
||||
} else {
|
||||
allowList.add(allowValue);
|
||||
}
|
||||
}
|
||||
|
||||
Privilege privilege = new Privilege(privilegeName, privilegePolicy, allAllowed, denyList, allowList);
|
||||
privilegeMap.put(privilegeName, privilege);
|
||||
}
|
||||
|
||||
Role role = new Role(roleName, privilegeMap);
|
||||
roleMap.put(roleName, role);
|
||||
}
|
||||
}
|
||||
|
||||
private class CertificateSessionPair {
|
||||
|
|
|
@ -17,11 +17,13 @@ import ch.eitchnet.privilege.policy.RestrictionPolicy;
|
|||
|
||||
/**
|
||||
* @author rvonburg
|
||||
*
|
||||
*
|
||||
*/
|
||||
public interface PersistenceHandler {
|
||||
|
||||
public List<User> getAllUsers();
|
||||
|
||||
public void saveUsers(List<User> users);
|
||||
|
||||
public List<RestrictionPolicy> getAllRestrictionPolicies();
|
||||
}
|
||||
|
|
|
@ -16,14 +16,12 @@ package ch.eitchnet.privilege.i18n;
|
|||
*/
|
||||
public class AccessDeniedException extends PrivilegeException {
|
||||
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
/**
|
||||
* @param string
|
||||
*/
|
||||
public AccessDeniedException(String string) {
|
||||
super(string);
|
||||
// TODO Auto-generated constructor stub
|
||||
}
|
||||
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
}
|
||||
|
|
|
@ -19,7 +19,7 @@ import ch.eitchnet.privilege.i18n.PrivilegeException;
|
|||
* @author rvonburg
|
||||
*
|
||||
*/
|
||||
public class Certificate implements Serializable {
|
||||
public final class Certificate implements Serializable {
|
||||
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
|
|
|
@ -17,21 +17,39 @@ import java.util.List;
|
|||
* @author rvonburg
|
||||
*
|
||||
*/
|
||||
public class Privilege {
|
||||
public final class Privilege {
|
||||
|
||||
private final String name;
|
||||
private final String policy;
|
||||
private final boolean allAllowed;
|
||||
private final List<String> allowList;
|
||||
private final List<String> denyList;
|
||||
private final List<String> allowList;
|
||||
|
||||
/**
|
||||
* @param allAllowed
|
||||
* @param allowList
|
||||
* @param denyList
|
||||
* @param allowList
|
||||
*/
|
||||
public Privilege(boolean allAllowed, List<String> allowList, List<String> denyList) {
|
||||
public Privilege(String name, String policy, boolean allAllowed, List<String> denyList, List<String> allowList) {
|
||||
this.name = name;
|
||||
this.policy = policy;
|
||||
this.allAllowed = allAllowed;
|
||||
this.allowList = Collections.unmodifiableList(allowList);
|
||||
this.denyList = Collections.unmodifiableList(denyList);
|
||||
this.allowList = Collections.unmodifiableList(allowList);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the name
|
||||
*/
|
||||
public String getName() {
|
||||
return name;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the policy
|
||||
*/
|
||||
public String getPolicy() {
|
||||
return policy;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -17,17 +17,26 @@ import java.util.Map;
|
|||
* @author rvonburg
|
||||
*
|
||||
*/
|
||||
public class Role {
|
||||
public final class Role {
|
||||
|
||||
private final String roleName;
|
||||
private final Map<String, Privilege> privilegeMap;
|
||||
|
||||
/**
|
||||
* @param privilegeMap
|
||||
*/
|
||||
public Role(Map<String, Privilege> privilegeMap) {
|
||||
public Role(String roleName, Map<String, Privilege> privilegeMap) {
|
||||
this.roleName = roleName;
|
||||
this.privilegeMap = Collections.unmodifiableMap(privilegeMap);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the roleName
|
||||
*/
|
||||
public String getRoleName() {
|
||||
return roleName;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param key
|
||||
* @return
|
||||
|
|
|
@ -14,7 +14,7 @@ package ch.eitchnet.privilege.model.internal;
|
|||
* @author rvonburg
|
||||
*
|
||||
*/
|
||||
public class Session {
|
||||
public final class Session {
|
||||
|
||||
private final String sessionId;
|
||||
private final String username;
|
||||
|
|
|
@ -14,13 +14,14 @@ import java.util.Collections;
|
|||
import java.util.List;
|
||||
import java.util.Locale;
|
||||
|
||||
import ch.eitchnet.privilege.i18n.PrivilegeException;
|
||||
import ch.eitchnet.privilege.model.UserState;
|
||||
|
||||
/**
|
||||
* @author rvonburg
|
||||
*
|
||||
*/
|
||||
public class User {
|
||||
public final class User {
|
||||
|
||||
private final String username;
|
||||
private final String password;
|
||||
|
@ -112,6 +113,18 @@ public class User {
|
|||
locale = Locale.getDefault();
|
||||
|
||||
// TODO validate who is creating this User object
|
||||
|
||||
if (username.length() < 3) {
|
||||
throw new PrivilegeException("The given username is shorter than 3 characters");
|
||||
}
|
||||
|
||||
if (firstname.isEmpty()) {
|
||||
throw new PrivilegeException("The given firstname is empty");
|
||||
}
|
||||
|
||||
if (surname.isEmpty()) {
|
||||
throw new PrivilegeException("The given firstname is empty");
|
||||
}
|
||||
|
||||
User user = new User(username, password, firstname, surname, userState, Collections.unmodifiableList(roleList),
|
||||
locale);
|
||||
|
|
Loading…
Reference in New Issue