This commit is contained in:
parent
9a6637429f
commit
55679fc62d
|
@ -16,10 +16,8 @@ import org.apache.log4j.Logger;
|
|||
import org.dom4j.Element;
|
||||
|
||||
import ch.eitchnet.privilege.handler.EncryptionHandler;
|
||||
import ch.eitchnet.privilege.handler.ModelHandler;
|
||||
import ch.eitchnet.privilege.handler.PersistenceHandler;
|
||||
import ch.eitchnet.privilege.handler.PolicyHandler;
|
||||
import ch.eitchnet.privilege.handler.SessionHandler;
|
||||
import ch.eitchnet.privilege.handler.PrivilegeHandler;
|
||||
import ch.eitchnet.privilege.helper.ClassHelper;
|
||||
import ch.eitchnet.privilege.helper.XmlHelper;
|
||||
import ch.eitchnet.privilege.i18n.PrivilegeException;
|
||||
|
@ -43,10 +41,8 @@ public class PrivilegeContainer {
|
|||
instance = new PrivilegeContainer();
|
||||
}
|
||||
|
||||
private SessionHandler sessionHandler;
|
||||
private PolicyHandler policyHandler;
|
||||
private EncryptionHandler encryptionHandler;
|
||||
private ModelHandler modelHandler;
|
||||
private PrivilegeHandler modelHandler;
|
||||
|
||||
private String basePath;
|
||||
|
||||
|
@ -61,20 +57,6 @@ public class PrivilegeContainer {
|
|||
// private constructor
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the sessionHandler
|
||||
*/
|
||||
public SessionHandler getSessionHandler() {
|
||||
return sessionHandler;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the policyHandler
|
||||
*/
|
||||
public PolicyHandler getPolicyHandler() {
|
||||
return policyHandler;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the encryptionHandler
|
||||
*/
|
||||
|
@ -85,7 +67,7 @@ public class PrivilegeContainer {
|
|||
/**
|
||||
* @return the modelHandler
|
||||
*/
|
||||
public ModelHandler getModelHandler() {
|
||||
public PrivilegeHandler getModelHandler() {
|
||||
return modelHandler;
|
||||
}
|
||||
|
||||
|
@ -115,25 +97,15 @@ public class PrivilegeContainer {
|
|||
String persistenceHandlerClassName = persistenceHandlerElement.attributeValue(XmlConstants.XML_ATTR_CLASS);
|
||||
PersistenceHandler persistenceHandler = ClassHelper.instantiateClass(persistenceHandlerClassName);
|
||||
|
||||
// instantiate session handler
|
||||
Element sessionHandlerElement = containerRootElement.element(XmlConstants.XML_HANDLER_SESSION);
|
||||
String sessionHandlerClassName = sessionHandlerElement.attributeValue(XmlConstants.XML_ATTR_CLASS);
|
||||
SessionHandler sessionHandler = ClassHelper.instantiateClass(sessionHandlerClassName);
|
||||
|
||||
// instantiate encryption handler
|
||||
Element encryptionHandlerElement = containerRootElement.element(XmlConstants.XML_HANDLER_ENCRYPTION);
|
||||
String encryptionHandlerClassName = encryptionHandlerElement.attributeValue(XmlConstants.XML_ATTR_CLASS);
|
||||
EncryptionHandler encryptionHandler = ClassHelper.instantiateClass(encryptionHandlerClassName);
|
||||
|
||||
// instantiate policy handler
|
||||
Element policyHandlerElement = containerRootElement.element(XmlConstants.XML_HANDLER_POLICY);
|
||||
String policyHandlerClassName = policyHandlerElement.attributeValue(XmlConstants.XML_ATTR_CLASS);
|
||||
PolicyHandler policyHandler = ClassHelper.instantiateClass(policyHandlerClassName);
|
||||
|
||||
// instantiate model handler
|
||||
// instantiate privilege handler
|
||||
Element modelHandlerElement = containerRootElement.element(XmlConstants.XML_HANDLER_MODEL);
|
||||
String modelHandlerClassName = modelHandlerElement.attributeValue(XmlConstants.XML_ATTR_CLASS);
|
||||
ModelHandler modelHandler = ClassHelper.instantiateClass(modelHandlerClassName);
|
||||
PrivilegeHandler modelHandler = ClassHelper.instantiateClass(modelHandlerClassName);
|
||||
|
||||
try {
|
||||
persistenceHandler.initialize(persistenceHandlerElement);
|
||||
|
@ -142,12 +114,6 @@ public class PrivilegeContainer {
|
|||
throw new PrivilegeException("PersistenceHandler " + persistenceHandlerElement
|
||||
+ " could not be initialized");
|
||||
}
|
||||
try {
|
||||
sessionHandler.initialize(sessionHandlerElement);
|
||||
} catch (Exception e) {
|
||||
logger.error(e, e);
|
||||
throw new PrivilegeException("SessionHandler " + sessionHandlerClassName + " could not be initialized");
|
||||
}
|
||||
try {
|
||||
encryptionHandler.initialize(encryptionHandlerElement);
|
||||
} catch (Exception e) {
|
||||
|
@ -155,25 +121,15 @@ public class PrivilegeContainer {
|
|||
throw new PrivilegeException("EncryptionHandler " + encryptionHandlerClassName
|
||||
+ " could not be initialized");
|
||||
}
|
||||
try {
|
||||
policyHandler.initialize(policyHandlerElement);
|
||||
} catch (Exception e) {
|
||||
logger.error(e, e);
|
||||
throw new PrivilegeException("PolicyHandler " + policyHandlerClassName + " could not be initialized");
|
||||
}
|
||||
try {
|
||||
modelHandler.initialize(modelHandlerElement);
|
||||
modelHandler.setPersistenceHandler(persistenceHandler);
|
||||
} catch (Exception e) {
|
||||
logger.error(e, e);
|
||||
throw new PrivilegeException("ModificationHandler " + modelHandlerClassName
|
||||
+ " could not be initialized");
|
||||
throw new PrivilegeException("ModificationHandler " + modelHandlerClassName + " could not be initialized");
|
||||
}
|
||||
|
||||
// keep references to the handlers
|
||||
this.modelHandler = modelHandler;
|
||||
this.sessionHandler = sessionHandler;
|
||||
this.encryptionHandler = encryptionHandler;
|
||||
this.policyHandler = policyHandler;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,22 +0,0 @@
|
|||
/*
|
||||
* Copyright (c) 2010
|
||||
*
|
||||
* Robert von Burg
|
||||
* eitch@eitchnet.ch
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
*/
|
||||
|
||||
package ch.eitchnet.privilege.base;
|
||||
|
||||
import org.dom4j.Element;
|
||||
|
||||
/**
|
||||
* @author rvonburg
|
||||
*
|
||||
*/
|
||||
public interface PrivilegeContainerObject {
|
||||
|
||||
public void initialize(Element element);
|
||||
}
|
|
@ -26,6 +26,7 @@ import org.dom4j.Element;
|
|||
|
||||
import ch.eitchnet.privilege.base.PrivilegeContainer;
|
||||
import ch.eitchnet.privilege.base.XmlConstants;
|
||||
import ch.eitchnet.privilege.helper.ClassHelper;
|
||||
import ch.eitchnet.privilege.helper.ConfigurationHelper;
|
||||
import ch.eitchnet.privilege.helper.XmlHelper;
|
||||
import ch.eitchnet.privilege.i18n.PrivilegeException;
|
||||
|
@ -34,6 +35,7 @@ import ch.eitchnet.privilege.model.UserState;
|
|||
import ch.eitchnet.privilege.model.internal.Privilege;
|
||||
import ch.eitchnet.privilege.model.internal.Role;
|
||||
import ch.eitchnet.privilege.model.internal.User;
|
||||
import ch.eitchnet.privilege.policy.PrivilegePolicy;
|
||||
|
||||
/**
|
||||
* @author rvonburg
|
||||
|
@ -46,6 +48,7 @@ public class DefaultPersistenceHandler implements PersistenceHandler {
|
|||
private Map<String, User> userMap;
|
||||
private Map<String, Role> roleMap;
|
||||
private Map<String, Privilege> privilegeMap;
|
||||
private Map<String, Class<PrivilegePolicy>> policyMap;
|
||||
|
||||
private long usersFileDate;
|
||||
private boolean userMapDirty;
|
||||
|
@ -140,6 +143,24 @@ public class DefaultPersistenceHandler implements PersistenceHandler {
|
|||
return userMap.get(username);
|
||||
}
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.handler.PersistenceHandler#getPolicy(java.lang.String)
|
||||
*/
|
||||
@Override
|
||||
public PrivilegePolicy getPolicy(String policyName) {
|
||||
|
||||
// get the policies class
|
||||
Class<PrivilegePolicy> policyClazz = policyMap.get(policyName);
|
||||
if (policyClazz == null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
// instantiate the policy
|
||||
PrivilegePolicy policy = ClassHelper.instantiateClass(policyClazz);
|
||||
|
||||
return policy;
|
||||
}
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.handler.PersistenceHandler#persist(ch.eitchnet.privilege.model.Certificate)
|
||||
*/
|
||||
|
@ -150,7 +171,7 @@ public class DefaultPersistenceHandler implements PersistenceHandler {
|
|||
// get users file name
|
||||
String usersFileName = parameterMap.get(XmlConstants.XML_PARAM_USERS_FILE);
|
||||
if (usersFileName == null || usersFileName.isEmpty()) {
|
||||
throw new PrivilegeException("[" + SessionHandler.class.getName() + "] Defined parameter "
|
||||
throw new PrivilegeException("[" + PersistenceHandler.class.getName() + "] Defined parameter "
|
||||
+ XmlConstants.XML_PARAM_USERS_FILE + " is invalid");
|
||||
}
|
||||
// get users file
|
||||
|
@ -177,7 +198,7 @@ public class DefaultPersistenceHandler implements PersistenceHandler {
|
|||
// get roles file name
|
||||
String rolesFileName = parameterMap.get(XmlConstants.XML_PARAM_ROLES_FILE);
|
||||
if (rolesFileName == null || rolesFileName.isEmpty()) {
|
||||
throw new PrivilegeException("[" + SessionHandler.class.getName() + "] Defined parameter "
|
||||
throw new PrivilegeException("[" + PersistenceHandler.class.getName() + "] Defined parameter "
|
||||
+ XmlConstants.XML_PARAM_ROLES_FILE + " is invalid");
|
||||
}
|
||||
// get roles file
|
||||
|
@ -204,7 +225,7 @@ public class DefaultPersistenceHandler implements PersistenceHandler {
|
|||
// get privileges file name
|
||||
String privilegesFileName = parameterMap.get(XmlConstants.XML_PARAM_PRIVILEGES_FILE);
|
||||
if (privilegesFileName == null || privilegesFileName.isEmpty()) {
|
||||
throw new PrivilegeException("[" + SessionHandler.class.getName() + "] Defined parameter "
|
||||
throw new PrivilegeException("[" + PersistenceHandler.class.getName() + "] Defined parameter "
|
||||
+ XmlConstants.XML_PARAM_PRIVILEGES_FILE + " is invalid");
|
||||
}
|
||||
// get privileges file
|
||||
|
@ -254,6 +275,7 @@ public class DefaultPersistenceHandler implements PersistenceHandler {
|
|||
roleMap = new HashMap<String, Role>();
|
||||
userMap = new HashMap<String, User>();
|
||||
privilegeMap = new HashMap<String, Privilege>();
|
||||
policyMap = new HashMap<String, Class<PrivilegePolicy>>();
|
||||
|
||||
// get parameters
|
||||
Element parameterElement = element.element(XmlConstants.XML_PARAMETERS);
|
||||
|
@ -262,14 +284,14 @@ public class DefaultPersistenceHandler implements PersistenceHandler {
|
|||
// get roles file name
|
||||
String rolesFileName = parameterMap.get(XmlConstants.XML_PARAM_ROLES_FILE);
|
||||
if (rolesFileName == null || rolesFileName.isEmpty()) {
|
||||
throw new PrivilegeException("[" + SessionHandler.class.getName() + "] Defined parameter "
|
||||
throw new PrivilegeException("[" + PersistenceHandler.class.getName() + "] Defined parameter "
|
||||
+ XmlConstants.XML_PARAM_ROLES_FILE + " is invalid");
|
||||
}
|
||||
|
||||
// get roles file
|
||||
File rolesFile = new File(PrivilegeContainer.getInstance().getBasePath() + "/" + rolesFileName);
|
||||
if (!rolesFile.exists()) {
|
||||
throw new PrivilegeException("[" + SessionHandler.class.getName() + "] Defined parameter "
|
||||
throw new PrivilegeException("[" + PersistenceHandler.class.getName() + "] Defined parameter "
|
||||
+ XmlConstants.XML_PARAM_ROLES_FILE + " is invalid as roles file does not exist at path "
|
||||
+ rolesFile.getAbsolutePath());
|
||||
}
|
||||
|
@ -284,14 +306,14 @@ public class DefaultPersistenceHandler implements PersistenceHandler {
|
|||
// get users file name
|
||||
String usersFileName = parameterMap.get(XmlConstants.XML_PARAM_USERS_FILE);
|
||||
if (usersFileName == null || usersFileName.isEmpty()) {
|
||||
throw new PrivilegeException("[" + SessionHandler.class.getName() + "] Defined parameter "
|
||||
throw new PrivilegeException("[" + PersistenceHandler.class.getName() + "] Defined parameter "
|
||||
+ XmlConstants.XML_PARAM_USERS_FILE + " is invalid");
|
||||
}
|
||||
|
||||
// get users file
|
||||
File usersFile = new File(PrivilegeContainer.getInstance().getBasePath() + "/" + usersFileName);
|
||||
if (!usersFile.exists()) {
|
||||
throw new PrivilegeException("[" + SessionHandler.class.getName() + "] Defined parameter "
|
||||
throw new PrivilegeException("[" + PersistenceHandler.class.getName() + "] Defined parameter "
|
||||
+ XmlConstants.XML_PARAM_USERS_FILE + " is invalid as users file does not exist at path "
|
||||
+ usersFile.getAbsolutePath());
|
||||
}
|
||||
|
@ -306,14 +328,14 @@ public class DefaultPersistenceHandler implements PersistenceHandler {
|
|||
// get privileges file name
|
||||
String privilegesFileName = parameterMap.get(XmlConstants.XML_PARAM_PRIVILEGES_FILE);
|
||||
if (privilegesFileName == null || privilegesFileName.isEmpty()) {
|
||||
throw new PrivilegeException("[" + SessionHandler.class.getName() + "] Defined parameter "
|
||||
throw new PrivilegeException("[" + PersistenceHandler.class.getName() + "] Defined parameter "
|
||||
+ XmlConstants.XML_PARAM_PRIVILEGES_FILE + " is invalid");
|
||||
}
|
||||
|
||||
// get privileges file
|
||||
File privilegesFile = new File(PrivilegeContainer.getInstance().getBasePath() + "/" + privilegesFileName);
|
||||
if (!privilegesFile.exists()) {
|
||||
throw new PrivilegeException("[" + SessionHandler.class.getName() + "] Defined parameter "
|
||||
throw new PrivilegeException("[" + PersistenceHandler.class.getName() + "] Defined parameter "
|
||||
+ XmlConstants.XML_PARAM_PRIVILEGES_FILE + " is invalid as privileges file does not exist at path "
|
||||
+ privilegesFile.getAbsolutePath());
|
||||
}
|
||||
|
@ -325,6 +347,27 @@ public class DefaultPersistenceHandler implements PersistenceHandler {
|
|||
readPrivileges(privilegesRootElement);
|
||||
privilegesFileDate = privilegesFile.lastModified();
|
||||
|
||||
// get policy file name
|
||||
String policyFileName = parameterMap.get(XmlConstants.XML_PARAM_POLICY_FILE);
|
||||
if (policyFileName == null || policyFileName.isEmpty()) {
|
||||
throw new PrivilegeException("[" + PersistenceHandler.class.getName() + "] Defined parameter "
|
||||
+ XmlConstants.XML_PARAM_POLICY_FILE + " is invalid");
|
||||
}
|
||||
|
||||
// get policy file
|
||||
File policyFile = new File(PrivilegeContainer.getInstance().getBasePath() + "/" + policyFileName);
|
||||
if (!policyFile.exists()) {
|
||||
throw new PrivilegeException("[" + PersistenceHandler.class.getName() + "] Defined parameter "
|
||||
+ XmlConstants.XML_PARAM_POLICY_FILE + " is invalid as policy file does not exist at path "
|
||||
+ policyFile.getAbsolutePath());
|
||||
}
|
||||
|
||||
// parse policy xml file to XML document
|
||||
Element policiesRootElement = XmlHelper.parseDocument(policyFile).getRootElement();
|
||||
|
||||
// read policies
|
||||
readPolicies(policiesRootElement);
|
||||
|
||||
userMapDirty = false;
|
||||
roleMapDirty = false;
|
||||
privilegeMapDirty = false;
|
||||
|
@ -452,6 +495,22 @@ public class DefaultPersistenceHandler implements PersistenceHandler {
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @param policiesRootElement
|
||||
*/
|
||||
private void readPolicies(Element policiesRootElement) {
|
||||
|
||||
List<Element> policyElements = policiesRootElement.elements(XmlConstants.XML_POLICY);
|
||||
for (Element policyElement : policyElements) {
|
||||
String policyName = policyElement.attributeValue(XmlConstants.XML_ATTR_NAME);
|
||||
String policyClass = policyElement.attributeValue(XmlConstants.XML_ATTR_CLASS);
|
||||
|
||||
Class<PrivilegePolicy> clazz = ClassHelper.loadClass(policyClass);
|
||||
|
||||
policyMap.put(policyName, clazz);
|
||||
}
|
||||
}
|
||||
|
||||
private List<Element> toDomPrivileges() {
|
||||
|
||||
List<Element> privilegesAsElements = new ArrayList<Element>(privilegeMap.size());
|
||||
|
|
|
@ -1,126 +0,0 @@
|
|||
/*
|
||||
* Copyright (c) 2010
|
||||
*
|
||||
* Robert von Burg
|
||||
* eitch@eitchnet.ch
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
*/
|
||||
|
||||
package ch.eitchnet.privilege.handler;
|
||||
|
||||
import java.io.File;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import org.dom4j.Element;
|
||||
|
||||
import ch.eitchnet.privilege.base.PrivilegeContainer;
|
||||
import ch.eitchnet.privilege.base.XmlConstants;
|
||||
import ch.eitchnet.privilege.helper.ClassHelper;
|
||||
import ch.eitchnet.privilege.helper.ConfigurationHelper;
|
||||
import ch.eitchnet.privilege.helper.XmlHelper;
|
||||
import ch.eitchnet.privilege.i18n.PrivilegeException;
|
||||
import ch.eitchnet.privilege.model.Restrictable;
|
||||
import ch.eitchnet.privilege.model.internal.Privilege;
|
||||
import ch.eitchnet.privilege.model.internal.Role;
|
||||
import ch.eitchnet.privilege.policy.PrivilegePolicy;
|
||||
|
||||
/**
|
||||
* @author rvonburg
|
||||
*
|
||||
*/
|
||||
public class DefaultPolicyHandler implements PolicyHandler {
|
||||
|
||||
private Map<String, Class<PrivilegePolicy>> policyMap;
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.handler.PolicyHandler#actionAllowed(ch.eitchnet.privilege.model.internal.Role,
|
||||
* ch.eitchnet.privilege.model.Restrictable)
|
||||
*/
|
||||
@Override
|
||||
public boolean actionAllowed(Role role, Restrictable restrictable) {
|
||||
|
||||
// user and restrictable must not be null
|
||||
if (role == null)
|
||||
throw new PrivilegeException("Role may not be null!");
|
||||
else if (restrictable == null)
|
||||
throw new PrivilegeException("Restrictable may not be null!");
|
||||
|
||||
// validate PrivilegeName for this restrictable
|
||||
String privilegeName = restrictable.getPrivilegeName();
|
||||
if (privilegeName == null || privilegeName.length() < 3) {
|
||||
throw new PrivilegeException(
|
||||
"The PrivilegeName may not be shorter than 3 characters. Invalid Restrictable "
|
||||
+ restrictable.getClass().getName());
|
||||
}
|
||||
|
||||
// If the role does not have this privilege, then stop as another role might have this privilege
|
||||
if (!role.hasPrivilege(privilegeName)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// get the privilege for this restrictable
|
||||
Privilege privilege = PrivilegeContainer.getInstance().getModelHandler().getPrivilege(privilegeName);
|
||||
if (privilege == null) {
|
||||
throw new PrivilegeException("No Privilege exists with the name " + privilegeName + " for Restrictable "
|
||||
+ restrictable.getClass().getName());
|
||||
}
|
||||
|
||||
// get the policy class configured for this privilege
|
||||
Class<PrivilegePolicy> policyClazz = policyMap.get(privilege.getPolicy());
|
||||
if (policyClazz == null) {
|
||||
throw new PrivilegeException("PrivilegePolicy " + privilege.getPolicy() + " does not exist for Privilege "
|
||||
+ privilegeName);
|
||||
}
|
||||
|
||||
// instantiate the policy
|
||||
PrivilegePolicy policy = ClassHelper.instantiateClass(policyClazz);
|
||||
|
||||
// delegate checking to privilege policy
|
||||
return policy.actionAllowed(role, privilege, restrictable);
|
||||
}
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.base.PrivilegeContainerObject#initialize(org.dom4j.Element)
|
||||
*/
|
||||
@SuppressWarnings("unchecked")
|
||||
public void initialize(Element element) {
|
||||
|
||||
// get parameters
|
||||
Element parameterElement = element.element(XmlConstants.XML_PARAMETERS);
|
||||
Map<String, String> parameterMap = ConfigurationHelper.convertToParameterMap(parameterElement);
|
||||
|
||||
// get policy file name
|
||||
String policyFileName = parameterMap.get(XmlConstants.XML_PARAM_POLICY_FILE);
|
||||
if (policyFileName == null || policyFileName.isEmpty()) {
|
||||
throw new PrivilegeException("[" + PolicyHandler.class.getName() + "] Defined parameter "
|
||||
+ XmlConstants.XML_PARAM_POLICY_FILE + " is invalid");
|
||||
}
|
||||
|
||||
// get policy file
|
||||
File policyFile = new File(PrivilegeContainer.getInstance().getBasePath() + "/" + policyFileName);
|
||||
if (!policyFile.exists()) {
|
||||
throw new PrivilegeException("[" + PolicyHandler.class.getName() + "] Defined parameter "
|
||||
+ XmlConstants.XML_PARAM_POLICY_FILE + " is invalid as policy file does not exist at path "
|
||||
+ policyFile.getAbsolutePath());
|
||||
}
|
||||
|
||||
policyMap = new HashMap<String, Class<PrivilegePolicy>>();
|
||||
|
||||
// parse policy xml file to XML document
|
||||
Element containerRootElement = XmlHelper.parseDocument(policyFile).getRootElement();
|
||||
|
||||
List<Element> policyElements = containerRootElement.elements(XmlConstants.XML_POLICY);
|
||||
for (Element policyElement : policyElements) {
|
||||
String policyName = policyElement.attributeValue(XmlConstants.XML_ATTR_NAME);
|
||||
String policyClass = policyElement.attributeValue(XmlConstants.XML_ATTR_CLASS);
|
||||
|
||||
Class<PrivilegePolicy> clazz = ClassHelper.loadClass(policyClass);
|
||||
|
||||
policyMap.put(policyName, clazz);
|
||||
}
|
||||
}
|
||||
}
|
|
@ -10,8 +10,10 @@
|
|||
|
||||
package ch.eitchnet.privilege.handler;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.Locale;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
import org.apache.log4j.Logger;
|
||||
|
@ -19,35 +21,234 @@ import org.dom4j.Element;
|
|||
|
||||
import ch.eitchnet.privilege.base.PrivilegeContainer;
|
||||
import ch.eitchnet.privilege.helper.PrivilegeHelper;
|
||||
import ch.eitchnet.privilege.i18n.AccessDeniedException;
|
||||
import ch.eitchnet.privilege.i18n.PrivilegeException;
|
||||
import ch.eitchnet.privilege.model.Certificate;
|
||||
import ch.eitchnet.privilege.model.PrivilegeRep;
|
||||
import ch.eitchnet.privilege.model.Restrictable;
|
||||
import ch.eitchnet.privilege.model.RoleRep;
|
||||
import ch.eitchnet.privilege.model.UserRep;
|
||||
import ch.eitchnet.privilege.model.UserState;
|
||||
import ch.eitchnet.privilege.model.internal.Privilege;
|
||||
import ch.eitchnet.privilege.model.internal.Role;
|
||||
import ch.eitchnet.privilege.model.internal.Session;
|
||||
import ch.eitchnet.privilege.model.internal.User;
|
||||
import ch.eitchnet.privilege.policy.PrivilegePolicy;
|
||||
|
||||
/**
|
||||
* @author rvonburg
|
||||
*
|
||||
*/
|
||||
public class DefaultModelHandler implements ModelHandler {
|
||||
public class DefaultPrivilegeHandler implements PrivilegeHandler {
|
||||
|
||||
private static final Logger logger = Logger.getLogger(DefaultModelHandler.class);
|
||||
private static final Logger logger = Logger.getLogger(DefaultPrivilegeHandler.class);
|
||||
|
||||
private static long lastSessionId;
|
||||
|
||||
private Map<String, CertificateSessionPair> sessionMap;
|
||||
|
||||
private PersistenceHandler persistenceHandler;
|
||||
private EncryptionHandler encryptionHandler;
|
||||
private PrivilegeHandler modelHandler;
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.handler.SessionHandler#setPersistenceHandler(ch.eitchnet.privilege.handler.PersistenceHandler)
|
||||
* TODO What is better, validate from {@link Restrictable} to {@link User} or the opposite direction?
|
||||
*
|
||||
* @see ch.eitchnet.privilege.handler.SessionHandler#actionAllowed(ch.eitchnet.privilege.model.Certificate,
|
||||
* ch.eitchnet.privilege.model.Restrictable)
|
||||
*
|
||||
* @throws AccessDeniedException
|
||||
* if the {@link Certificate} is not for a currently logged in {@link User} or if the user may not
|
||||
* perform the action defined by the {@link Restrictable} implementation
|
||||
*/
|
||||
public void setPersistenceHandler(PersistenceHandler persistenceHandler) {
|
||||
this.persistenceHandler = persistenceHandler;
|
||||
@Override
|
||||
public boolean actionAllowed(Certificate certificate, Restrictable restrictable) {
|
||||
|
||||
// first validate certificate
|
||||
if (!isCertificateValid(certificate)) {
|
||||
logger.info("Certificate is not valid, so action is not allowed: " + certificate + " for restrictable: "
|
||||
+ restrictable);
|
||||
return false;
|
||||
}
|
||||
|
||||
// restrictable must not be null
|
||||
if (restrictable == null)
|
||||
throw new PrivilegeException("Restrictable may not be null!");
|
||||
|
||||
// get user object
|
||||
User user = modelHandler.getUser(certificate.getUsername());
|
||||
if (user == null) {
|
||||
throw new PrivilegeException(
|
||||
"Oh boy, how did this happen: No User in user map although the certificate is valid!");
|
||||
}
|
||||
|
||||
// default is to not allow the action
|
||||
// TODO should default deny/allow policy be configurable?
|
||||
boolean actionAllowed = false;
|
||||
|
||||
// now iterate roles and validate on policies
|
||||
for (String roleName : user.getRoles()) {
|
||||
|
||||
Role role = modelHandler.getRole(roleName);
|
||||
if (role == null) {
|
||||
logger.error("No role is defined with name " + roleName + " which is configured for user " + user);
|
||||
continue;
|
||||
}
|
||||
|
||||
actionAllowed = actionAllowed(role, restrictable);
|
||||
|
||||
// if action is allowed, then break iteration as a privilege match has been made
|
||||
if (actionAllowed)
|
||||
break;
|
||||
}
|
||||
|
||||
return actionAllowed;
|
||||
}
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.handler.ModelHandler#addOrReplacePrivilege(ch.eitchnet.privilege.model.Certificate,
|
||||
* @see ch.eitchnet.privilege.handler.PolicyHandler#actionAllowed(ch.eitchnet.privilege.model.internal.Role,
|
||||
* ch.eitchnet.privilege.model.Restrictable)
|
||||
*/
|
||||
@Override
|
||||
public boolean actionAllowed(Role role, Restrictable restrictable) {
|
||||
|
||||
// user and restrictable must not be null
|
||||
if (role == null)
|
||||
throw new PrivilegeException("Role may not be null!");
|
||||
else if (restrictable == null)
|
||||
throw new PrivilegeException("Restrictable may not be null!");
|
||||
|
||||
// validate PrivilegeName for this restrictable
|
||||
String privilegeName = restrictable.getPrivilegeName();
|
||||
if (privilegeName == null || privilegeName.length() < 3) {
|
||||
throw new PrivilegeException(
|
||||
"The PrivilegeName may not be shorter than 3 characters. Invalid Restrictable "
|
||||
+ restrictable.getClass().getName());
|
||||
}
|
||||
|
||||
// If the role does not have this privilege, then stop as another role might have this privilege
|
||||
if (!role.hasPrivilege(privilegeName)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// get the privilege for this restrictable
|
||||
Privilege privilege = modelHandler.getPrivilege(privilegeName);
|
||||
if (privilege == null) {
|
||||
throw new PrivilegeException("No Privilege exists with the name " + privilegeName + " for Restrictable "
|
||||
+ restrictable.getClass().getName());
|
||||
}
|
||||
|
||||
// get the policy configured for this privilege
|
||||
PrivilegePolicy policy = modelHandler.getPolicy(privilege.getPolicy());
|
||||
if (policy == null) {
|
||||
throw new PrivilegeException("PrivilegePolicy " + privilege.getPolicy() + " does not exist for Privilege "
|
||||
+ privilegeName);
|
||||
}
|
||||
|
||||
// delegate checking to privilege policy
|
||||
return policy.actionAllowed(role, privilege, restrictable);
|
||||
}
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.handler.SessionHandler#isCertificateValid(ch.eitchnet.privilege.model.Certificate)
|
||||
*/
|
||||
@Override
|
||||
public boolean isCertificateValid(Certificate certificate) {
|
||||
|
||||
// certificate must not be null
|
||||
if (certificate == null)
|
||||
throw new PrivilegeException("Certificate may not be null!");
|
||||
|
||||
// first see if a session exists for this certificate
|
||||
CertificateSessionPair certificateSessionPair = sessionMap.get(certificate.getSessionId());
|
||||
if (certificateSessionPair == null)
|
||||
throw new AccessDeniedException("There is no session information for " + certificate.toString());
|
||||
|
||||
// validate certificate has not been tampered with
|
||||
Certificate sessionCertificate = certificateSessionPair.certificate;
|
||||
if (!sessionCertificate.equals(certificate))
|
||||
throw new PrivilegeException("Received illegal certificate for session id " + certificate.getSessionId());
|
||||
|
||||
// TODO is validating authToken overkill since the two certificates have already been checked on equality?
|
||||
// validate authToken from certificate using the sessions authPassword
|
||||
String authToken = certificate.getAuthToken(certificateSessionPair.session.getAuthPassword());
|
||||
if (authToken == null || !authToken.equals(certificateSessionPair.session.getAuthToken()))
|
||||
throw new PrivilegeException("Received illegal certificate data for session id "
|
||||
+ certificate.getSessionId());
|
||||
|
||||
// get user object
|
||||
User user = modelHandler.getUser(certificateSessionPair.session.getUsername());
|
||||
|
||||
// if user exists, then certificate is valid
|
||||
if (user == null) {
|
||||
throw new PrivilegeException(
|
||||
"Oh boy, how did this happen: No User in user map although the certificate is valid!");
|
||||
} else {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.handler.SessionHandler#authenticate(java.lang.String, java.lang.String)
|
||||
*
|
||||
* @throws AccessDeniedException
|
||||
* if the user credentials are not valid
|
||||
*/
|
||||
@Override
|
||||
public Certificate authenticate(String username, String password) {
|
||||
|
||||
// both username and password must at least have 3 characters in length
|
||||
if (username == null || username.length() < 3)
|
||||
throw new PrivilegeException("The given username is shorter than 3 characters");
|
||||
else if (password == null || password.length() < 3)
|
||||
throw new PrivilegeException("The given password is shorter than 3 characters");
|
||||
|
||||
// we only work with hashed passwords
|
||||
String passwordHash = encryptionHandler.convertToHash(password);
|
||||
|
||||
// get user object
|
||||
User user = modelHandler.getUser(username);
|
||||
// no user means no authentication
|
||||
if (user == null)
|
||||
throw new AccessDeniedException("There is no user defined with the credentials: " + username + " / ***...");
|
||||
|
||||
// validate password
|
||||
if (!user.isPassword(passwordHash))
|
||||
throw new AccessDeniedException("Password is incorrect for " + username + " / ***...");
|
||||
|
||||
// validate if user is allowed to login
|
||||
if (user.getState() != UserState.ENABLED)
|
||||
throw new AccessDeniedException("User " + username + " is not ENABLED. State is: " + user.getState());
|
||||
|
||||
// validate user has at least one role
|
||||
if (user.getRoles().isEmpty()) {
|
||||
throw new PrivilegeException("User " + username + " does not have any roles defined!");
|
||||
}
|
||||
|
||||
// get 2 auth tokens
|
||||
String authToken = encryptionHandler.nextToken();
|
||||
String authPassword = encryptionHandler.nextToken();
|
||||
|
||||
// get next session id
|
||||
String sessionId = nextSessionId();
|
||||
|
||||
// create certificate
|
||||
Certificate certificate = new Certificate(sessionId, username, authToken, authPassword, user.getLocale());
|
||||
|
||||
// create and save a new session
|
||||
Session session = new Session(sessionId, authToken, authPassword, user.getUsername(), System
|
||||
.currentTimeMillis());
|
||||
sessionMap.put(sessionId, new CertificateSessionPair(session, certificate));
|
||||
|
||||
// log
|
||||
logger.info("Authenticated: " + session);
|
||||
|
||||
// return the certificate
|
||||
return certificate;
|
||||
}
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#addOrReplacePrivilege(ch.eitchnet.privilege.model.Certificate,
|
||||
* ch.eitchnet.privilege.model.PrivilegeRep)
|
||||
*/
|
||||
@Override
|
||||
|
@ -69,7 +270,7 @@ public class DefaultModelHandler implements ModelHandler {
|
|||
}
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.handler.ModelHandler#addOrReplaceRole(ch.eitchnet.privilege.model.Certificate,
|
||||
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#addOrReplaceRole(ch.eitchnet.privilege.model.Certificate,
|
||||
* ch.eitchnet.privilege.model.RoleRep)
|
||||
*/
|
||||
@Override
|
||||
|
@ -90,7 +291,7 @@ public class DefaultModelHandler implements ModelHandler {
|
|||
}
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.handler.ModelHandler#addOrReplaceUser(ch.eitchnet.privilege.model.Certificate,
|
||||
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#addOrReplaceUser(ch.eitchnet.privilege.model.Certificate,
|
||||
* ch.eitchnet.privilege.model.UserRep, java.lang.String)
|
||||
*/
|
||||
@Override
|
||||
|
@ -108,7 +309,7 @@ public class DefaultModelHandler implements ModelHandler {
|
|||
if (password == null)
|
||||
passwordHash = null;
|
||||
else
|
||||
passwordHash = PrivilegeContainer.getInstance().getEncryptionHandler().convertToHash(password);
|
||||
passwordHash = encryptionHandler.convertToHash(password);
|
||||
|
||||
// create new user
|
||||
User user = new User(userRep.getUsername(), passwordHash, userRep.getFirstname(), userRep.getSurname(), userRep
|
||||
|
@ -119,7 +320,7 @@ public class DefaultModelHandler implements ModelHandler {
|
|||
}
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.handler.ModelHandler#addPrivilegeToRole(ch.eitchnet.privilege.model.Certificate,
|
||||
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#addPrivilegeToRole(ch.eitchnet.privilege.model.Certificate,
|
||||
* java.lang.String, java.lang.String)
|
||||
*/
|
||||
@Override
|
||||
|
@ -162,7 +363,7 @@ public class DefaultModelHandler implements ModelHandler {
|
|||
}
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.handler.ModelHandler#addRoleToUser(ch.eitchnet.privilege.model.Certificate,
|
||||
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#addRoleToUser(ch.eitchnet.privilege.model.Certificate,
|
||||
* java.lang.String, java.lang.String)
|
||||
*/
|
||||
@Override
|
||||
|
@ -205,7 +406,7 @@ public class DefaultModelHandler implements ModelHandler {
|
|||
}
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.handler.ModelHandler#persist(ch.eitchnet.privilege.model.Certificate)
|
||||
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#persist(ch.eitchnet.privilege.model.Certificate)
|
||||
*/
|
||||
@Override
|
||||
public boolean persist(Certificate certificate) {
|
||||
|
@ -221,7 +422,7 @@ public class DefaultModelHandler implements ModelHandler {
|
|||
}
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.handler.ModelHandler#removePrivilege(ch.eitchnet.privilege.model.Certificate,
|
||||
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#removePrivilege(ch.eitchnet.privilege.model.Certificate,
|
||||
* java.lang.String)
|
||||
*/
|
||||
@Override
|
||||
|
@ -245,7 +446,7 @@ public class DefaultModelHandler implements ModelHandler {
|
|||
}
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.handler.ModelHandler#removePrivilegeFromRole(ch.eitchnet.privilege.model.Certificate,
|
||||
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#removePrivilegeFromRole(ch.eitchnet.privilege.model.Certificate,
|
||||
* java.lang.String, java.lang.String)
|
||||
*/
|
||||
@Override
|
||||
|
@ -281,7 +482,7 @@ public class DefaultModelHandler implements ModelHandler {
|
|||
}
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.handler.ModelHandler#removeRole(ch.eitchnet.privilege.model.Certificate,
|
||||
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#removeRole(ch.eitchnet.privilege.model.Certificate,
|
||||
* java.lang.String)
|
||||
*/
|
||||
@Override
|
||||
|
@ -305,7 +506,7 @@ public class DefaultModelHandler implements ModelHandler {
|
|||
}
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.handler.ModelHandler#removeRoleFromUser(ch.eitchnet.privilege.model.Certificate,
|
||||
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#removeRoleFromUser(ch.eitchnet.privilege.model.Certificate,
|
||||
* java.lang.String, java.lang.String)
|
||||
*/
|
||||
@Override
|
||||
|
@ -342,7 +543,7 @@ public class DefaultModelHandler implements ModelHandler {
|
|||
}
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.handler.ModelHandler#removeUser(ch.eitchnet.privilege.model.Certificate,
|
||||
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#removeUser(ch.eitchnet.privilege.model.Certificate,
|
||||
* java.lang.String)
|
||||
*/
|
||||
@Override
|
||||
|
@ -366,7 +567,7 @@ public class DefaultModelHandler implements ModelHandler {
|
|||
}
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.handler.ModelHandler#setPrivilegeAllAllowed(ch.eitchnet.privilege.model.Certificate,
|
||||
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#setPrivilegeAllAllowed(ch.eitchnet.privilege.model.Certificate,
|
||||
* java.lang.String, boolean)
|
||||
*/
|
||||
@Override
|
||||
|
@ -401,7 +602,7 @@ public class DefaultModelHandler implements ModelHandler {
|
|||
}
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.handler.ModelHandler#setPrivilegeAllowList(ch.eitchnet.privilege.model.Certificate,
|
||||
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#setPrivilegeAllowList(ch.eitchnet.privilege.model.Certificate,
|
||||
* java.lang.String, java.util.Set)
|
||||
*/
|
||||
@Override
|
||||
|
@ -429,7 +630,7 @@ public class DefaultModelHandler implements ModelHandler {
|
|||
}
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.handler.ModelHandler#setPrivilegeDenyList(ch.eitchnet.privilege.model.Certificate,
|
||||
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#setPrivilegeDenyList(ch.eitchnet.privilege.model.Certificate,
|
||||
* java.lang.String, java.util.Set)
|
||||
*/
|
||||
@Override
|
||||
|
@ -457,7 +658,7 @@ public class DefaultModelHandler implements ModelHandler {
|
|||
}
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.handler.ModelHandler#setPrivilegePolicy(ch.eitchnet.privilege.model.Certificate,
|
||||
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#setPrivilegePolicy(ch.eitchnet.privilege.model.Certificate,
|
||||
* java.lang.String, java.lang.String)
|
||||
*/
|
||||
@Override
|
||||
|
@ -485,7 +686,7 @@ public class DefaultModelHandler implements ModelHandler {
|
|||
}
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.handler.ModelHandler#setUserLocaleState(ch.eitchnet.privilege.model.Certificate,
|
||||
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#setUserLocaleState(ch.eitchnet.privilege.model.Certificate,
|
||||
* java.lang.String, java.util.Locale)
|
||||
*/
|
||||
@Override
|
||||
|
@ -513,7 +714,7 @@ public class DefaultModelHandler implements ModelHandler {
|
|||
}
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.handler.ModelHandler#setUserName(ch.eitchnet.privilege.model.Certificate,
|
||||
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#setUserName(ch.eitchnet.privilege.model.Certificate,
|
||||
* java.lang.String, java.lang.String, java.lang.String)
|
||||
*/
|
||||
@Override
|
||||
|
@ -541,7 +742,7 @@ public class DefaultModelHandler implements ModelHandler {
|
|||
}
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.handler.ModelHandler#setUserPassword(ch.eitchnet.privilege.model.Certificate,
|
||||
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#setUserPassword(ch.eitchnet.privilege.model.Certificate,
|
||||
* java.lang.String, java.lang.String)
|
||||
*/
|
||||
@Override
|
||||
|
@ -561,7 +762,7 @@ public class DefaultModelHandler implements ModelHandler {
|
|||
}
|
||||
|
||||
// hash password
|
||||
String passwordHash = PrivilegeContainer.getInstance().getEncryptionHandler().convertToHash(password);
|
||||
String passwordHash = encryptionHandler.convertToHash(password);
|
||||
|
||||
// create new user
|
||||
User newUser = new User(user.getUsername(), passwordHash, user.getFirstname(), user.getSurname(), user
|
||||
|
@ -572,7 +773,7 @@ public class DefaultModelHandler implements ModelHandler {
|
|||
}
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.handler.ModelHandler#setUserState(ch.eitchnet.privilege.model.Certificate,
|
||||
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#setUserState(ch.eitchnet.privilege.model.Certificate,
|
||||
* java.lang.String, ch.eitchnet.privilege.model.UserState)
|
||||
*/
|
||||
@Override
|
||||
|
@ -600,15 +801,17 @@ public class DefaultModelHandler implements ModelHandler {
|
|||
}
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.base.PrivilegeContainerObject#initialize(org.dom4j.Element)
|
||||
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#initialize(org.dom4j.Element)
|
||||
*/
|
||||
@Override
|
||||
public void initialize(Element element) {
|
||||
// nothing to initialize
|
||||
|
||||
lastSessionId = 0l;
|
||||
sessionMap = new HashMap<String, CertificateSessionPair>();
|
||||
}
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.handler.ModelHandler#getPrivilege(java.lang.String)
|
||||
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#getPrivilege(java.lang.String)
|
||||
*/
|
||||
@Override
|
||||
public Privilege getPrivilege(String privilegeName) {
|
||||
|
@ -616,7 +819,7 @@ public class DefaultModelHandler implements ModelHandler {
|
|||
}
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.handler.ModelHandler#getRole(java.lang.String)
|
||||
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#getRole(java.lang.String)
|
||||
*/
|
||||
@Override
|
||||
public Role getRole(String roleName) {
|
||||
|
@ -624,10 +827,40 @@ public class DefaultModelHandler implements ModelHandler {
|
|||
}
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.handler.ModelHandler#getUser(java.lang.String)
|
||||
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#getUser(java.lang.String)
|
||||
*/
|
||||
@Override
|
||||
public User getUser(String username) {
|
||||
return persistenceHandler.getUser(username);
|
||||
}
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#getPolicy(java.lang.String)
|
||||
*/
|
||||
@Override
|
||||
public PrivilegePolicy getPolicy(String policyName) {
|
||||
return persistenceHandler.getPolicy(policyName);
|
||||
}
|
||||
|
||||
/**
|
||||
* @return a new session id
|
||||
*/
|
||||
private synchronized String nextSessionId() {
|
||||
return Long.toString(++lastSessionId % Long.MAX_VALUE);
|
||||
}
|
||||
|
||||
/**
|
||||
* An internal class used to keep a record of sessions with the certificate
|
||||
*
|
||||
* @author rvonburg
|
||||
*/
|
||||
private class CertificateSessionPair {
|
||||
private Session session;
|
||||
private Certificate certificate;
|
||||
|
||||
public CertificateSessionPair(Session session, Certificate certificate) {
|
||||
this.session = session;
|
||||
this.certificate = certificate;
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1,222 +0,0 @@
|
|||
/*
|
||||
* Copyright (c) 2010
|
||||
*
|
||||
* Robert von Burg
|
||||
* eitch@eitchnet.ch
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
*/
|
||||
|
||||
package ch.eitchnet.privilege.handler;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
import org.apache.log4j.Logger;
|
||||
import org.dom4j.Element;
|
||||
|
||||
import ch.eitchnet.privilege.base.PrivilegeContainer;
|
||||
import ch.eitchnet.privilege.i18n.AccessDeniedException;
|
||||
import ch.eitchnet.privilege.i18n.PrivilegeException;
|
||||
import ch.eitchnet.privilege.model.Certificate;
|
||||
import ch.eitchnet.privilege.model.Restrictable;
|
||||
import ch.eitchnet.privilege.model.UserState;
|
||||
import ch.eitchnet.privilege.model.internal.Role;
|
||||
import ch.eitchnet.privilege.model.internal.Session;
|
||||
import ch.eitchnet.privilege.model.internal.User;
|
||||
|
||||
/**
|
||||
* @author rvonburg
|
||||
*
|
||||
*/
|
||||
public class DefaultSessionHandler implements SessionHandler {
|
||||
|
||||
private static final Logger logger = Logger.getLogger(DefaultSessionHandler.class);
|
||||
|
||||
private static long lastSessionId;
|
||||
|
||||
private Map<String, CertificateSessionPair> sessionMap;
|
||||
|
||||
/**
|
||||
* TODO What is better, validate from {@link Restrictable} to {@link User} or the opposite direction?
|
||||
*
|
||||
* @see ch.eitchnet.privilege.handler.SessionHandler#actionAllowed(ch.eitchnet.privilege.model.Certificate,
|
||||
* ch.eitchnet.privilege.model.Restrictable)
|
||||
*
|
||||
* @throws AccessDeniedException
|
||||
* if the {@link Certificate} is not for a currently logged in {@link User} or if the user may not
|
||||
* perform the action defined by the {@link Restrictable} implementation
|
||||
*/
|
||||
@Override
|
||||
public boolean actionAllowed(Certificate certificate, Restrictable restrictable) {
|
||||
|
||||
// first validate certificate
|
||||
if (!isCertificateValid(certificate)) {
|
||||
logger.info("Certificate is not valid, so action is not allowed: " + certificate + " for restrictable: "
|
||||
+ restrictable);
|
||||
return false;
|
||||
}
|
||||
|
||||
// restrictable must not be null
|
||||
if (restrictable == null)
|
||||
throw new PrivilegeException("Restrictable may not be null!");
|
||||
|
||||
PrivilegeContainer privilegeContainer = PrivilegeContainer.getInstance();
|
||||
|
||||
// get user object
|
||||
User user = PrivilegeContainer.getInstance().getModelHandler().getUser(certificate.getUsername());
|
||||
if (user == null) {
|
||||
throw new PrivilegeException(
|
||||
"Oh boy, how did this happen: No User in user map although the certificate is valid!");
|
||||
}
|
||||
|
||||
// default is to not allow the action
|
||||
// TODO should default deny/allow policy be configurable?
|
||||
boolean actionAllowed = false;
|
||||
|
||||
// now iterate roles and validate on policy handler
|
||||
PolicyHandler policyHandler = privilegeContainer.getPolicyHandler();
|
||||
for (String roleName : user.getRoles()) {
|
||||
|
||||
Role role = PrivilegeContainer.getInstance().getModelHandler().getRole(roleName);
|
||||
if (role == null) {
|
||||
logger.error("No role is defined with name " + roleName + " which is configured for user " + user);
|
||||
continue;
|
||||
}
|
||||
|
||||
actionAllowed = policyHandler.actionAllowed(role, restrictable);
|
||||
|
||||
// if action is allowed, then break iteration as a privilege match has been made
|
||||
if (actionAllowed)
|
||||
break;
|
||||
}
|
||||
|
||||
return actionAllowed;
|
||||
}
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.handler.SessionHandler#isCertificateValid(ch.eitchnet.privilege.model.Certificate)
|
||||
*/
|
||||
@Override
|
||||
public boolean isCertificateValid(Certificate certificate) {
|
||||
|
||||
// certificate must not be null
|
||||
if (certificate == null)
|
||||
throw new PrivilegeException("Certificate may not be null!");
|
||||
|
||||
// first see if a session exists for this certificate
|
||||
CertificateSessionPair certificateSessionPair = sessionMap.get(certificate.getSessionId());
|
||||
if (certificateSessionPair == null)
|
||||
throw new AccessDeniedException("There is no session information for " + certificate.toString());
|
||||
|
||||
// validate certificate has not been tampered with
|
||||
Certificate sessionCertificate = certificateSessionPair.certificate;
|
||||
if (!sessionCertificate.equals(certificate))
|
||||
throw new PrivilegeException("Received illegal certificate for session id " + certificate.getSessionId());
|
||||
|
||||
// TODO is validating authToken overkill since the two certificates have already been checked on equality?
|
||||
// validate authToken from certificate using the sessions authPassword
|
||||
String authToken = certificate.getAuthToken(certificateSessionPair.session.getAuthPassword());
|
||||
if (authToken == null || !authToken.equals(certificateSessionPair.session.getAuthToken()))
|
||||
throw new PrivilegeException("Received illegal certificate data for session id "
|
||||
+ certificate.getSessionId());
|
||||
|
||||
// get user object
|
||||
User user = PrivilegeContainer.getInstance().getModelHandler().getUser(
|
||||
certificateSessionPair.session.getUsername());
|
||||
|
||||
// if user exists, then certificate is valid
|
||||
if (user == null) {
|
||||
throw new PrivilegeException(
|
||||
"Oh boy, how did this happen: No User in user map although the certificate is valid!");
|
||||
} else {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.handler.SessionHandler#authenticate(java.lang.String, java.lang.String)
|
||||
*
|
||||
* @throws AccessDeniedException
|
||||
* if the user credentials are not valid
|
||||
*/
|
||||
@Override
|
||||
public Certificate authenticate(String username, String password) {
|
||||
|
||||
// both username and password must at least have 3 characters in length
|
||||
if (username == null || username.length() < 3)
|
||||
throw new PrivilegeException("The given username is shorter than 3 characters");
|
||||
else if (password == null || password.length() < 3)
|
||||
throw new PrivilegeException("The given password is shorter than 3 characters");
|
||||
|
||||
EncryptionHandler encryptionHandler = PrivilegeContainer.getInstance().getEncryptionHandler();
|
||||
|
||||
// we only work with hashed passwords
|
||||
String passwordHash = encryptionHandler.convertToHash(password);
|
||||
|
||||
// get user object
|
||||
User user = PrivilegeContainer.getInstance().getModelHandler().getUser(username);
|
||||
// no user means no authentication
|
||||
if (user == null)
|
||||
throw new AccessDeniedException("There is no user defined with the credentials: " + username + " / ***...");
|
||||
|
||||
// validate password
|
||||
if (!user.isPassword(passwordHash))
|
||||
throw new AccessDeniedException("Password is incorrect for " + username + " / ***...");
|
||||
|
||||
// validate if user is allowed to login
|
||||
if (user.getState() != UserState.ENABLED)
|
||||
throw new AccessDeniedException("User " + username + " is not ENABLED. State is: " + user.getState());
|
||||
|
||||
// validate user has at least one role
|
||||
if (user.getRoles().isEmpty()) {
|
||||
throw new PrivilegeException("User " + username + " does not have any roles defined!");
|
||||
}
|
||||
|
||||
// get 2 auth tokens
|
||||
String authToken = encryptionHandler.nextToken();
|
||||
String authPassword = encryptionHandler.nextToken();
|
||||
|
||||
// get next session id
|
||||
String sessionId = nextSessionId();
|
||||
|
||||
// create certificate
|
||||
Certificate certificate = new Certificate(sessionId, username, authToken, authPassword, user.getLocale());
|
||||
|
||||
// create and save a new session
|
||||
Session session = new Session(sessionId, authToken, authPassword, user.getUsername(), System
|
||||
.currentTimeMillis());
|
||||
sessionMap.put(sessionId, new CertificateSessionPair(session, certificate));
|
||||
|
||||
// log
|
||||
logger.info("Authenticated: " + session);
|
||||
|
||||
// return the certificate
|
||||
return certificate;
|
||||
}
|
||||
|
||||
private synchronized String nextSessionId() {
|
||||
return Long.toString(++lastSessionId % Long.MAX_VALUE);
|
||||
}
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.base.PrivilegeContainerObject#initialize(org.dom4j.Element)
|
||||
*/
|
||||
public void initialize(Element element) {
|
||||
|
||||
lastSessionId = 0l;
|
||||
sessionMap = new HashMap<String, CertificateSessionPair>();
|
||||
|
||||
}
|
||||
|
||||
private class CertificateSessionPair {
|
||||
private Session session;
|
||||
private Certificate certificate;
|
||||
|
||||
public CertificateSessionPair(Session session, Certificate certificate) {
|
||||
this.session = session;
|
||||
this.certificate = certificate;
|
||||
}
|
||||
}
|
||||
}
|
|
@ -10,15 +10,17 @@
|
|||
|
||||
package ch.eitchnet.privilege.handler;
|
||||
|
||||
import ch.eitchnet.privilege.base.PrivilegeContainerObject;
|
||||
import org.dom4j.Element;
|
||||
|
||||
/**
|
||||
* @author rvonburg
|
||||
*
|
||||
*/
|
||||
public interface EncryptionHandler extends PrivilegeContainerObject{
|
||||
public interface EncryptionHandler {
|
||||
|
||||
public String nextToken();
|
||||
|
||||
public String convertToHash(String string);
|
||||
|
||||
public void initialize(Element element);
|
||||
}
|
||||
|
|
|
@ -10,17 +10,19 @@
|
|||
|
||||
package ch.eitchnet.privilege.handler;
|
||||
|
||||
import ch.eitchnet.privilege.base.PrivilegeContainerObject;
|
||||
import org.dom4j.Element;
|
||||
|
||||
import ch.eitchnet.privilege.model.Certificate;
|
||||
import ch.eitchnet.privilege.model.internal.Privilege;
|
||||
import ch.eitchnet.privilege.model.internal.Role;
|
||||
import ch.eitchnet.privilege.model.internal.User;
|
||||
import ch.eitchnet.privilege.policy.PrivilegePolicy;
|
||||
|
||||
/**
|
||||
* @author rvonburg
|
||||
*
|
||||
*/
|
||||
public interface PersistenceHandler extends PrivilegeContainerObject {
|
||||
public interface PersistenceHandler {
|
||||
|
||||
public User getUser(String username);
|
||||
|
||||
|
@ -40,5 +42,9 @@ public interface PersistenceHandler extends PrivilegeContainerObject {
|
|||
|
||||
public Privilege removePrivilege(String privilegeName);
|
||||
|
||||
public PrivilegePolicy getPolicy(String policyName);
|
||||
|
||||
public boolean persist(Certificate certificate);
|
||||
|
||||
public void initialize(Element element);
|
||||
}
|
||||
|
|
|
@ -1,24 +0,0 @@
|
|||
/*
|
||||
* Copyright (c) 2010
|
||||
*
|
||||
* Robert von Burg
|
||||
* eitch@eitchnet.ch
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
*/
|
||||
|
||||
package ch.eitchnet.privilege.handler;
|
||||
|
||||
import ch.eitchnet.privilege.base.PrivilegeContainerObject;
|
||||
import ch.eitchnet.privilege.model.Restrictable;
|
||||
import ch.eitchnet.privilege.model.internal.Role;
|
||||
|
||||
/**
|
||||
* @author rvonburg
|
||||
*
|
||||
*/
|
||||
public interface PolicyHandler extends PrivilegeContainerObject {
|
||||
|
||||
public boolean actionAllowed(Role role, Restrictable restrictable);
|
||||
}
|
|
@ -13,23 +13,75 @@ package ch.eitchnet.privilege.handler;
|
|||
import java.util.Locale;
|
||||
import java.util.Set;
|
||||
|
||||
import ch.eitchnet.privilege.base.PrivilegeContainerObject;
|
||||
import org.dom4j.Element;
|
||||
|
||||
import ch.eitchnet.privilege.i18n.AccessDeniedException;
|
||||
import ch.eitchnet.privilege.i18n.PrivilegeException;
|
||||
import ch.eitchnet.privilege.model.Certificate;
|
||||
import ch.eitchnet.privilege.model.PrivilegeRep;
|
||||
import ch.eitchnet.privilege.model.Restrictable;
|
||||
import ch.eitchnet.privilege.model.RoleRep;
|
||||
import ch.eitchnet.privilege.model.UserRep;
|
||||
import ch.eitchnet.privilege.model.UserState;
|
||||
import ch.eitchnet.privilege.model.internal.Privilege;
|
||||
import ch.eitchnet.privilege.model.internal.Role;
|
||||
import ch.eitchnet.privilege.model.internal.User;
|
||||
import ch.eitchnet.privilege.policy.PrivilegePolicy;
|
||||
|
||||
/**
|
||||
* @author rvonburg
|
||||
*
|
||||
*/
|
||||
public interface ModelHandler extends PrivilegeContainerObject {
|
||||
public interface PrivilegeHandler {
|
||||
|
||||
public void setPersistenceHandler(PersistenceHandler persistenceHandler);
|
||||
/**
|
||||
* @param certificate
|
||||
* @param restrictable
|
||||
*
|
||||
* @return
|
||||
*
|
||||
* @throws AccessDeniedException
|
||||
* if the {@link Certificate} is not for a currently logged in {@link User} or if the user may not
|
||||
* perform the action defined by the {@link Restrictable} implementation
|
||||
* @throws PrivilegeException
|
||||
* if there is anything wrong with this certificate
|
||||
*/
|
||||
public boolean actionAllowed(Certificate certificate, Restrictable restrictable);
|
||||
|
||||
/**
|
||||
* @param role
|
||||
* @param restrictable
|
||||
* @return
|
||||
*
|
||||
* @throws AccessDeniedException
|
||||
* if the {@link Certificate} is not for a currently logged in {@link User} or if the user may not
|
||||
* perform the action defined by the {@link Restrictable} implementation
|
||||
* @throws PrivilegeException
|
||||
* if there is anything wrong with this certificate
|
||||
*/
|
||||
public boolean actionAllowed(Role role, Restrictable restrictable);
|
||||
|
||||
/**
|
||||
* @param certificate
|
||||
* @return
|
||||
*
|
||||
* @throws AccessDeniedException
|
||||
* if the {@link Certificate} is not for a currently logged in {@link User}
|
||||
* @throws PrivilegeException
|
||||
* if there is anything wrong with this certificate
|
||||
*/
|
||||
public boolean isCertificateValid(Certificate certificate);
|
||||
|
||||
/**
|
||||
* @param username
|
||||
* @param password
|
||||
*
|
||||
* @return
|
||||
*
|
||||
* @throws AccessDeniedException
|
||||
* if the user credentials are not valid
|
||||
*/
|
||||
public Certificate authenticate(String username, String password);
|
||||
|
||||
public User getUser(String username);
|
||||
|
||||
|
@ -73,5 +125,9 @@ public interface ModelHandler extends PrivilegeContainerObject {
|
|||
|
||||
public void setPrivilegeAllowList(Certificate certificate, String privilegeName, Set<String> allowList);
|
||||
|
||||
public PrivilegePolicy getPolicy(String policyName);
|
||||
|
||||
public boolean persist(Certificate certificate);
|
||||
|
||||
public void initialize(Element element);
|
||||
}
|
|
@ -1,61 +0,0 @@
|
|||
/*
|
||||
* Copyright (c) 2010
|
||||
*
|
||||
* Robert von Burg
|
||||
* eitch@eitchnet.ch
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
*/
|
||||
|
||||
package ch.eitchnet.privilege.handler;
|
||||
|
||||
import ch.eitchnet.privilege.base.PrivilegeContainerObject;
|
||||
import ch.eitchnet.privilege.i18n.AccessDeniedException;
|
||||
import ch.eitchnet.privilege.i18n.PrivilegeException;
|
||||
import ch.eitchnet.privilege.model.Certificate;
|
||||
import ch.eitchnet.privilege.model.Restrictable;
|
||||
import ch.eitchnet.privilege.model.internal.User;
|
||||
|
||||
/**
|
||||
* @author rvonburg
|
||||
*
|
||||
*/
|
||||
public interface SessionHandler extends PrivilegeContainerObject {
|
||||
|
||||
/**
|
||||
* @param certificate
|
||||
* @param restrictable
|
||||
*
|
||||
* @return
|
||||
*
|
||||
* @throws AccessDeniedException
|
||||
* if the {@link Certificate} is not for a currently logged in {@link User} or if the user may not
|
||||
* perform the action defined by the {@link Restrictable} implementation
|
||||
* @throws PrivilegeException
|
||||
* if there is anything wrong with this certificate
|
||||
*/
|
||||
public boolean actionAllowed(Certificate certificate, Restrictable restrictable);
|
||||
|
||||
/**
|
||||
* @param certificate
|
||||
* @return
|
||||
*
|
||||
* @throws AccessDeniedException
|
||||
* if the {@link Certificate} is not for a currently logged in {@link User}
|
||||
* @throws PrivilegeException
|
||||
* if there is anything wrong with this certificate
|
||||
*/
|
||||
public boolean isCertificateValid(Certificate certificate);
|
||||
|
||||
/**
|
||||
* @param username
|
||||
* @param password
|
||||
*
|
||||
* @return
|
||||
*
|
||||
* @throws AccessDeniedException
|
||||
* if the user credentials are not valid
|
||||
*/
|
||||
public Certificate authenticate(String username, String password);
|
||||
}
|
|
@ -24,7 +24,7 @@ public class PrivilegeHelper {
|
|||
|
||||
public static boolean isUserPrivilegeAdmin(Certificate certificate) {
|
||||
// validate certificate
|
||||
if (!PrivilegeContainer.getInstance().getSessionHandler().isCertificateValid(certificate)) {
|
||||
if (!PrivilegeContainer.getInstance().getModelHandler().isCertificateValid(certificate)) {
|
||||
throw new PrivilegeException("Certificate " + certificate + " is not valid!");
|
||||
}
|
||||
|
||||
|
|
|
@ -22,7 +22,7 @@ import org.junit.BeforeClass;
|
|||
import org.junit.Test;
|
||||
|
||||
import ch.eitchnet.privilege.base.PrivilegeContainer;
|
||||
import ch.eitchnet.privilege.handler.ModelHandler;
|
||||
import ch.eitchnet.privilege.handler.PrivilegeHandler;
|
||||
import ch.eitchnet.privilege.i18n.AccessDeniedException;
|
||||
import ch.eitchnet.privilege.i18n.PrivilegeException;
|
||||
import ch.eitchnet.privilege.model.Certificate;
|
||||
|
@ -59,7 +59,7 @@ public class PrivilegeTest {
|
|||
@Test
|
||||
public void testAuthenticationOk() throws Exception {
|
||||
|
||||
Certificate certificate = PrivilegeContainer.getInstance().getSessionHandler().authenticate("eitch",
|
||||
Certificate certificate = PrivilegeContainer.getInstance().getModelHandler().authenticate("eitch",
|
||||
"1234567890");
|
||||
org.junit.Assert.assertTrue("Certificate is null!", certificate != null);
|
||||
}
|
||||
|
@ -67,24 +67,24 @@ public class PrivilegeTest {
|
|||
@Test(expected = AccessDeniedException.class)
|
||||
public void testFailAuthenticationNOk() throws Exception {
|
||||
|
||||
Certificate certificate = PrivilegeContainer.getInstance().getSessionHandler().authenticate("eitch", "123");
|
||||
Certificate certificate = PrivilegeContainer.getInstance().getModelHandler().authenticate("eitch", "123");
|
||||
org.junit.Assert.assertTrue("Certificate is null!", certificate != null);
|
||||
}
|
||||
|
||||
@Test(expected = PrivilegeException.class)
|
||||
public void testFailAuthenticationPWNull() throws Exception {
|
||||
|
||||
Certificate certificate = PrivilegeContainer.getInstance().getSessionHandler().authenticate("eitch", null);
|
||||
Certificate certificate = PrivilegeContainer.getInstance().getModelHandler().authenticate("eitch", null);
|
||||
org.junit.Assert.assertTrue("Certificate is null!", certificate != null);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAddUserBobWithPW() throws Exception {
|
||||
|
||||
Certificate certificate = PrivilegeContainer.getInstance().getSessionHandler().authenticate("eitch",
|
||||
Certificate certificate = PrivilegeContainer.getInstance().getModelHandler().authenticate("eitch",
|
||||
"1234567890");
|
||||
|
||||
ModelHandler modelHandler = PrivilegeContainer.getInstance().getModelHandler();
|
||||
PrivilegeHandler modelHandler = PrivilegeContainer.getInstance().getModelHandler();
|
||||
|
||||
// let's add a new user bob
|
||||
UserRep userRep = new UserRep("bob", "Bob", "Newman", UserState.NEW, new HashSet<String>(), null);
|
||||
|
@ -104,16 +104,16 @@ public class PrivilegeTest {
|
|||
@Test(expected = AccessDeniedException.class)
|
||||
public void testFailAuthAsBob() throws Exception {
|
||||
|
||||
PrivilegeContainer.getInstance().getSessionHandler().authenticate("bob", "12345678901");
|
||||
PrivilegeContainer.getInstance().getModelHandler().authenticate("bob", "12345678901");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testEnableUserBob() throws Exception {
|
||||
|
||||
Certificate certificate = PrivilegeContainer.getInstance().getSessionHandler().authenticate("eitch",
|
||||
Certificate certificate = PrivilegeContainer.getInstance().getModelHandler().authenticate("eitch",
|
||||
"1234567890");
|
||||
|
||||
ModelHandler modelHandler = PrivilegeContainer.getInstance().getModelHandler();
|
||||
PrivilegeHandler modelHandler = PrivilegeContainer.getInstance().getModelHandler();
|
||||
modelHandler.setUserState(certificate, "bob", UserState.ENABLED);
|
||||
}
|
||||
|
||||
|
@ -125,7 +125,7 @@ public class PrivilegeTest {
|
|||
@Test(expected = PrivilegeException.class)
|
||||
public void testFailAuthUserBob() throws Exception {
|
||||
|
||||
Certificate certificate = PrivilegeContainer.getInstance().getSessionHandler().authenticate("bob",
|
||||
Certificate certificate = PrivilegeContainer.getInstance().getModelHandler().authenticate("bob",
|
||||
"12345678901");
|
||||
org.junit.Assert.assertTrue("Certificate is null!", certificate != null);
|
||||
}
|
||||
|
@ -133,17 +133,17 @@ public class PrivilegeTest {
|
|||
@Test
|
||||
public void testAddUserRoleToBob() throws Exception {
|
||||
|
||||
Certificate certificate = PrivilegeContainer.getInstance().getSessionHandler().authenticate("eitch",
|
||||
Certificate certificate = PrivilegeContainer.getInstance().getModelHandler().authenticate("eitch",
|
||||
"1234567890");
|
||||
|
||||
ModelHandler modelHandler = PrivilegeContainer.getInstance().getModelHandler();
|
||||
PrivilegeHandler modelHandler = PrivilegeContainer.getInstance().getModelHandler();
|
||||
modelHandler.addRoleToUser(certificate, "bob", "user");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAuthAsBob() throws Exception {
|
||||
|
||||
PrivilegeContainer.getInstance().getSessionHandler().authenticate("bob", "12345678901");
|
||||
PrivilegeContainer.getInstance().getModelHandler().authenticate("bob", "12345678901");
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -154,7 +154,7 @@ public class PrivilegeTest {
|
|||
@Test(expected = AccessDeniedException.class)
|
||||
public void testFailAddUserTedAsBob() throws Exception {
|
||||
|
||||
Certificate certificate = PrivilegeContainer.getInstance().getSessionHandler().authenticate("bob",
|
||||
Certificate certificate = PrivilegeContainer.getInstance().getModelHandler().authenticate("bob",
|
||||
"12345678901");
|
||||
org.junit.Assert.assertTrue("Certificate is null!", certificate != null);
|
||||
|
||||
|
@ -167,17 +167,17 @@ public class PrivilegeTest {
|
|||
@Test
|
||||
public void testAddAdminRoleToBob() throws Exception {
|
||||
|
||||
Certificate certificate = PrivilegeContainer.getInstance().getSessionHandler().authenticate("eitch",
|
||||
Certificate certificate = PrivilegeContainer.getInstance().getModelHandler().authenticate("eitch",
|
||||
"1234567890");
|
||||
|
||||
ModelHandler modelHandler = PrivilegeContainer.getInstance().getModelHandler();
|
||||
PrivilegeHandler modelHandler = PrivilegeContainer.getInstance().getModelHandler();
|
||||
modelHandler.addRoleToUser(certificate, "bob", PrivilegeContainer.PRIVILEGE_ADMIN_ROLE);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAddUserTedAsBob() throws Exception {
|
||||
|
||||
Certificate certificate = PrivilegeContainer.getInstance().getSessionHandler().authenticate("bob",
|
||||
Certificate certificate = PrivilegeContainer.getInstance().getModelHandler().authenticate("bob",
|
||||
"12345678901");
|
||||
org.junit.Assert.assertTrue("Certificate is null!", certificate != null);
|
||||
|
||||
|
@ -190,13 +190,13 @@ public class PrivilegeTest {
|
|||
@Test
|
||||
public void testPerformRestrictable() throws Exception {
|
||||
|
||||
Certificate certificate = PrivilegeContainer.getInstance().getSessionHandler().authenticate("eitch",
|
||||
Certificate certificate = PrivilegeContainer.getInstance().getModelHandler().authenticate("eitch",
|
||||
"1234567890");
|
||||
org.junit.Assert.assertTrue("Certificate is null!", certificate != null);
|
||||
|
||||
// see if eitch can perform restrictable
|
||||
Restrictable restrictable = new TestRestrictable();
|
||||
boolean actionAllowed = PrivilegeContainer.getInstance().getSessionHandler().actionAllowed(certificate,
|
||||
boolean actionAllowed = PrivilegeContainer.getInstance().getModelHandler().actionAllowed(certificate,
|
||||
restrictable);
|
||||
org.junit.Assert.assertTrue("eitch may not perform restrictable!", actionAllowed);
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue