Strolch
/
strolch
mirror of https://github.com/strolch-li/strolch.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

This commit is contained in:
eitch 2010-08-08 20:13:36 +00:00
parent 9a6637429f
commit 55679fc62d
13 changed files with 429 additions and 572 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
src/ch/eitchnet/privilege/base/PrivilegeContainer.java
View File

@ -16,10 +16,8 @@ import org.apache.log4j.Logger;
import org.dom4j.Element;
import ch.eitchnet.privilege.handler.EncryptionHandler;
import ch.eitchnet.privilege.handler.ModelHandler;
import ch.eitchnet.privilege.handler.PersistenceHandler;
import ch.eitchnet.privilege.handler.PolicyHandler;
import ch.eitchnet.privilege.handler.SessionHandler;
import ch.eitchnet.privilege.handler.PrivilegeHandler;
import ch.eitchnet.privilege.helper.ClassHelper;
import ch.eitchnet.privilege.helper.XmlHelper;
import ch.eitchnet.privilege.i18n.PrivilegeException;
@ -43,10 +41,8 @@ public class PrivilegeContainer {
instance = new PrivilegeContainer();
}
private SessionHandler sessionHandler;
private PolicyHandler policyHandler;
private EncryptionHandler encryptionHandler;
private ModelHandler modelHandler;
private PrivilegeHandler modelHandler;
private String basePath;
@ -61,20 +57,6 @@ public class PrivilegeContainer {
// private constructor
}
/**
* @return the sessionHandler
*/
public SessionHandler getSessionHandler() {
return sessionHandler;
}
/**
* @return the policyHandler
*/
public PolicyHandler getPolicyHandler() {
return policyHandler;
}
/**
* @return the encryptionHandler
*/
@ -85,7 +67,7 @@ public class PrivilegeContainer {
/**
* @return the modelHandler
*/
public ModelHandler getModelHandler() {
public PrivilegeHandler getModelHandler() {
return modelHandler;
}
@ -115,25 +97,15 @@ public class PrivilegeContainer {
String persistenceHandlerClassName = persistenceHandlerElement.attributeValue(XmlConstants.XML_ATTR_CLASS);
PersistenceHandler persistenceHandler = ClassHelper.instantiateClass(persistenceHandlerClassName);
// instantiate session handler
Element sessionHandlerElement = containerRootElement.element(XmlConstants.XML_HANDLER_SESSION);
String sessionHandlerClassName = sessionHandlerElement.attributeValue(XmlConstants.XML_ATTR_CLASS);
SessionHandler sessionHandler = ClassHelper.instantiateClass(sessionHandlerClassName);
// instantiate encryption handler
Element encryptionHandlerElement = containerRootElement.element(XmlConstants.XML_HANDLER_ENCRYPTION);
String encryptionHandlerClassName = encryptionHandlerElement.attributeValue(XmlConstants.XML_ATTR_CLASS);
EncryptionHandler encryptionHandler = ClassHelper.instantiateClass(encryptionHandlerClassName);
// instantiate policy handler
Element policyHandlerElement = containerRootElement.element(XmlConstants.XML_HANDLER_POLICY);
String policyHandlerClassName = policyHandlerElement.attributeValue(XmlConstants.XML_ATTR_CLASS);
PolicyHandler policyHandler = ClassHelper.instantiateClass(policyHandlerClassName);
// instantiate model handler
// instantiate privilege handler
Element modelHandlerElement = containerRootElement.element(XmlConstants.XML_HANDLER_MODEL);
String modelHandlerClassName = modelHandlerElement.attributeValue(XmlConstants.XML_ATTR_CLASS);
ModelHandler modelHandler = ClassHelper.instantiateClass(modelHandlerClassName);
PrivilegeHandler modelHandler = ClassHelper.instantiateClass(modelHandlerClassName);
try {
persistenceHandler.initialize(persistenceHandlerElement);
@ -142,12 +114,6 @@ public class PrivilegeContainer {
throw new PrivilegeException("PersistenceHandler " + persistenceHandlerElement
+ " could not be initialized");
}
try {
sessionHandler.initialize(sessionHandlerElement);
} catch (Exception e) {
logger.error(e, e);
throw new PrivilegeException("SessionHandler " + sessionHandlerClassName + " could not be initialized");
}
try {
encryptionHandler.initialize(encryptionHandlerElement);
} catch (Exception e) {
@ -155,25 +121,15 @@ public class PrivilegeContainer {
throw new PrivilegeException("EncryptionHandler " + encryptionHandlerClassName
+ " could not be initialized");
}
try {
policyHandler.initialize(policyHandlerElement);
} catch (Exception e) {
logger.error(e, e);
throw new PrivilegeException("PolicyHandler " + policyHandlerClassName + " could not be initialized");
}
try {
modelHandler.initialize(modelHandlerElement);
modelHandler.setPersistenceHandler(persistenceHandler);
} catch (Exception e) {
logger.error(e, e);
throw new PrivilegeException("ModificationHandler " + modelHandlerClassName
+ " could not be initialized");
throw new PrivilegeException("ModificationHandler " + modelHandlerClassName + " could not be initialized");
}
// keep references to the handlers
this.modelHandler = modelHandler;
this.sessionHandler = sessionHandler;
this.encryptionHandler = encryptionHandler;
this.policyHandler = policyHandler;
}
}

22
src/ch/eitchnet/privilege/base/PrivilegeContainerObject.java
View File

@ -1,22 +0,0 @@
/*
* Copyright (c) 2010
*
* Robert von Burg
* eitch@eitchnet.ch
*
* All rights reserved.
*
*/
package ch.eitchnet.privilege.base;
import org.dom4j.Element;
/**
* @author rvonburg
*
*/
public interface PrivilegeContainerObject {
public void initialize(Element element);
}

77
src/ch/eitchnet/privilege/handler/DefaultPersistenceHandler.java
View File

@ -26,6 +26,7 @@ import org.dom4j.Element;
import ch.eitchnet.privilege.base.PrivilegeContainer;
import ch.eitchnet.privilege.base.XmlConstants;
import ch.eitchnet.privilege.helper.ClassHelper;
import ch.eitchnet.privilege.helper.ConfigurationHelper;
import ch.eitchnet.privilege.helper.XmlHelper;
import ch.eitchnet.privilege.i18n.PrivilegeException;
@ -34,6 +35,7 @@ import ch.eitchnet.privilege.model.UserState;
import ch.eitchnet.privilege.model.internal.Privilege;
import ch.eitchnet.privilege.model.internal.Role;
import ch.eitchnet.privilege.model.internal.User;
import ch.eitchnet.privilege.policy.PrivilegePolicy;
/**
* @author rvonburg
@ -46,6 +48,7 @@ public class DefaultPersistenceHandler implements PersistenceHandler {
private Map<String, User> userMap;
private Map<String, Role> roleMap;
private Map<String, Privilege> privilegeMap;
private Map<String, Class<PrivilegePolicy>> policyMap;
private long usersFileDate;
private boolean userMapDirty;
@ -140,6 +143,24 @@ public class DefaultPersistenceHandler implements PersistenceHandler {
return userMap.get(username);
}
/**
* @see ch.eitchnet.privilege.handler.PersistenceHandler#getPolicy(java.lang.String)
*/
@Override
public PrivilegePolicy getPolicy(String policyName) {
// get the policies class
Class<PrivilegePolicy> policyClazz = policyMap.get(policyName);
if (policyClazz == null) {
return null;
}
// instantiate the policy
PrivilegePolicy policy = ClassHelper.instantiateClass(policyClazz);
return policy;
}
/**
* @see ch.eitchnet.privilege.handler.PersistenceHandler#persist(ch.eitchnet.privilege.model.Certificate)
*/
@ -150,7 +171,7 @@ public class DefaultPersistenceHandler implements PersistenceHandler {
// get users file name
String usersFileName = parameterMap.get(XmlConstants.XML_PARAM_USERS_FILE);
if (usersFileName == null || usersFileName.isEmpty()) {
throw new PrivilegeException("[" + SessionHandler.class.getName() + "] Defined parameter "
throw new PrivilegeException("[" + PersistenceHandler.class.getName() + "] Defined parameter "
+ XmlConstants.XML_PARAM_USERS_FILE + " is invalid");
}
// get users file
@ -177,7 +198,7 @@ public class DefaultPersistenceHandler implements PersistenceHandler {
// get roles file name
String rolesFileName = parameterMap.get(XmlConstants.XML_PARAM_ROLES_FILE);
if (rolesFileName == null || rolesFileName.isEmpty()) {
throw new PrivilegeException("[" + SessionHandler.class.getName() + "] Defined parameter "
throw new PrivilegeException("[" + PersistenceHandler.class.getName() + "] Defined parameter "
+ XmlConstants.XML_PARAM_ROLES_FILE + " is invalid");
}
// get roles file
@ -204,7 +225,7 @@ public class DefaultPersistenceHandler implements PersistenceHandler {
// get privileges file name
String privilegesFileName = parameterMap.get(XmlConstants.XML_PARAM_PRIVILEGES_FILE);
if (privilegesFileName == null || privilegesFileName.isEmpty()) {
throw new PrivilegeException("[" + SessionHandler.class.getName() + "] Defined parameter "
throw new PrivilegeException("[" + PersistenceHandler.class.getName() + "] Defined parameter "
+ XmlConstants.XML_PARAM_PRIVILEGES_FILE + " is invalid");
}
// get privileges file
@ -254,6 +275,7 @@ public class DefaultPersistenceHandler implements PersistenceHandler {
roleMap = new HashMap<String, Role>();
userMap = new HashMap<String, User>();
privilegeMap = new HashMap<String, Privilege>();
policyMap = new HashMap<String, Class<PrivilegePolicy>>();
// get parameters
Element parameterElement = element.element(XmlConstants.XML_PARAMETERS);
@ -262,14 +284,14 @@ public class DefaultPersistenceHandler implements PersistenceHandler {
// get roles file name
String rolesFileName = parameterMap.get(XmlConstants.XML_PARAM_ROLES_FILE);
if (rolesFileName == null || rolesFileName.isEmpty()) {
throw new PrivilegeException("[" + SessionHandler.class.getName() + "] Defined parameter "
throw new PrivilegeException("[" + PersistenceHandler.class.getName() + "] Defined parameter "
+ XmlConstants.XML_PARAM_ROLES_FILE + " is invalid");
}
// get roles file
File rolesFile = new File(PrivilegeContainer.getInstance().getBasePath() + "/" + rolesFileName);
if (!rolesFile.exists()) {
throw new PrivilegeException("[" + SessionHandler.class.getName() + "] Defined parameter "
throw new PrivilegeException("[" + PersistenceHandler.class.getName() + "] Defined parameter "
+ XmlConstants.XML_PARAM_ROLES_FILE + " is invalid as roles file does not exist at path "
+ rolesFile.getAbsolutePath());
}
@ -284,14 +306,14 @@ public class DefaultPersistenceHandler implements PersistenceHandler {
// get users file name
String usersFileName = parameterMap.get(XmlConstants.XML_PARAM_USERS_FILE);
if (usersFileName == null || usersFileName.isEmpty()) {
throw new PrivilegeException("[" + SessionHandler.class.getName() + "] Defined parameter "
throw new PrivilegeException("[" + PersistenceHandler.class.getName() + "] Defined parameter "
+ XmlConstants.XML_PARAM_USERS_FILE + " is invalid");
}
// get users file
File usersFile = new File(PrivilegeContainer.getInstance().getBasePath() + "/" + usersFileName);
if (!usersFile.exists()) {
throw new PrivilegeException("[" + SessionHandler.class.getName() + "] Defined parameter "
throw new PrivilegeException("[" + PersistenceHandler.class.getName() + "] Defined parameter "
+ XmlConstants.XML_PARAM_USERS_FILE + " is invalid as users file does not exist at path "
+ usersFile.getAbsolutePath());
}
@ -306,14 +328,14 @@ public class DefaultPersistenceHandler implements PersistenceHandler {
// get privileges file name
String privilegesFileName = parameterMap.get(XmlConstants.XML_PARAM_PRIVILEGES_FILE);
if (privilegesFileName == null || privilegesFileName.isEmpty()) {
throw new PrivilegeException("[" + SessionHandler.class.getName() + "] Defined parameter "
throw new PrivilegeException("[" + PersistenceHandler.class.getName() + "] Defined parameter "
+ XmlConstants.XML_PARAM_PRIVILEGES_FILE + " is invalid");
}
// get privileges file
File privilegesFile = new File(PrivilegeContainer.getInstance().getBasePath() + "/" + privilegesFileName);
if (!privilegesFile.exists()) {
throw new PrivilegeException("[" + SessionHandler.class.getName() + "] Defined parameter "
throw new PrivilegeException("[" + PersistenceHandler.class.getName() + "] Defined parameter "
+ XmlConstants.XML_PARAM_PRIVILEGES_FILE + " is invalid as privileges file does not exist at path "
+ privilegesFile.getAbsolutePath());
}
@ -325,6 +347,27 @@ public class DefaultPersistenceHandler implements PersistenceHandler {
readPrivileges(privilegesRootElement);
privilegesFileDate = privilegesFile.lastModified();
// get policy file name
String policyFileName = parameterMap.get(XmlConstants.XML_PARAM_POLICY_FILE);
if (policyFileName == null || policyFileName.isEmpty()) {
throw new PrivilegeException("[" + PersistenceHandler.class.getName() + "] Defined parameter "
+ XmlConstants.XML_PARAM_POLICY_FILE + " is invalid");
}
// get policy file
File policyFile = new File(PrivilegeContainer.getInstance().getBasePath() + "/" + policyFileName);
if (!policyFile.exists()) {
throw new PrivilegeException("[" + PersistenceHandler.class.getName() + "] Defined parameter "
+ XmlConstants.XML_PARAM_POLICY_FILE + " is invalid as policy file does not exist at path "
+ policyFile.getAbsolutePath());
}
// parse policy xml file to XML document
Element policiesRootElement = XmlHelper.parseDocument(policyFile).getRootElement();
// read policies
readPolicies(policiesRootElement);
userMapDirty = false;
roleMapDirty = false;
privilegeMapDirty = false;
@ -452,6 +495,22 @@ public class DefaultPersistenceHandler implements PersistenceHandler {
}
}
/**
* @param policiesRootElement
*/
private void readPolicies(Element policiesRootElement) {
List<Element> policyElements = policiesRootElement.elements(XmlConstants.XML_POLICY);
for (Element policyElement : policyElements) {
String policyName = policyElement.attributeValue(XmlConstants.XML_ATTR_NAME);
String policyClass = policyElement.attributeValue(XmlConstants.XML_ATTR_CLASS);
Class<PrivilegePolicy> clazz = ClassHelper.loadClass(policyClass);
policyMap.put(policyName, clazz);
}
}
private List<Element> toDomPrivileges() {
List<Element> privilegesAsElements = new ArrayList<Element>(privilegeMap.size());

126
src/ch/eitchnet/privilege/handler/DefaultPolicyHandler.java
View File

@ -1,126 +0,0 @@
/*
* Copyright (c) 2010
*
* Robert von Burg
* eitch@eitchnet.ch
*
* All rights reserved.
*
*/
package ch.eitchnet.privilege.handler;
import java.io.File;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.dom4j.Element;
import ch.eitchnet.privilege.base.PrivilegeContainer;
import ch.eitchnet.privilege.base.XmlConstants;
import ch.eitchnet.privilege.helper.ClassHelper;
import ch.eitchnet.privilege.helper.ConfigurationHelper;
import ch.eitchnet.privilege.helper.XmlHelper;
import ch.eitchnet.privilege.i18n.PrivilegeException;
import ch.eitchnet.privilege.model.Restrictable;
import ch.eitchnet.privilege.model.internal.Privilege;
import ch.eitchnet.privilege.model.internal.Role;
import ch.eitchnet.privilege.policy.PrivilegePolicy;
/**
* @author rvonburg
*
*/
public class DefaultPolicyHandler implements PolicyHandler {
private Map<String, Class<PrivilegePolicy>> policyMap;
/**
* @see ch.eitchnet.privilege.handler.PolicyHandler#actionAllowed(ch.eitchnet.privilege.model.internal.Role,
* ch.eitchnet.privilege.model.Restrictable)
*/
@Override
public boolean actionAllowed(Role role, Restrictable restrictable) {
// user and restrictable must not be null
if (role == null)
throw new PrivilegeException("Role may not be null!");
else if (restrictable == null)
throw new PrivilegeException("Restrictable may not be null!");
// validate PrivilegeName for this restrictable
String privilegeName = restrictable.getPrivilegeName();
if (privilegeName == null || privilegeName.length() < 3) {
throw new PrivilegeException(
"The PrivilegeName may not be shorter than 3 characters. Invalid Restrictable "
+ restrictable.getClass().getName());
}
// If the role does not have this privilege, then stop as another role might have this privilege
if (!role.hasPrivilege(privilegeName)) {
return false;
}
// get the privilege for this restrictable
Privilege privilege = PrivilegeContainer.getInstance().getModelHandler().getPrivilege(privilegeName);
if (privilege == null) {
throw new PrivilegeException("No Privilege exists with the name " + privilegeName + " for Restrictable "
+ restrictable.getClass().getName());
}
// get the policy class configured for this privilege
Class<PrivilegePolicy> policyClazz = policyMap.get(privilege.getPolicy());
if (policyClazz == null) {
throw new PrivilegeException("PrivilegePolicy " + privilege.getPolicy() + " does not exist for Privilege "
+ privilegeName);
}
// instantiate the policy
PrivilegePolicy policy = ClassHelper.instantiateClass(policyClazz);
// delegate checking to privilege policy
return policy.actionAllowed(role, privilege, restrictable);
}
/**
* @see ch.eitchnet.privilege.base.PrivilegeContainerObject#initialize(org.dom4j.Element)
*/
@SuppressWarnings("unchecked")
public void initialize(Element element) {
// get parameters
Element parameterElement = element.element(XmlConstants.XML_PARAMETERS);
Map<String, String> parameterMap = ConfigurationHelper.convertToParameterMap(parameterElement);
// get policy file name
String policyFileName = parameterMap.get(XmlConstants.XML_PARAM_POLICY_FILE);
if (policyFileName == null || policyFileName.isEmpty()) {
throw new PrivilegeException("[" + PolicyHandler.class.getName() + "] Defined parameter "
+ XmlConstants.XML_PARAM_POLICY_FILE + " is invalid");
}
// get policy file
File policyFile = new File(PrivilegeContainer.getInstance().getBasePath() + "/" + policyFileName);
if (!policyFile.exists()) {
throw new PrivilegeException("[" + PolicyHandler.class.getName() + "] Defined parameter "
+ XmlConstants.XML_PARAM_POLICY_FILE + " is invalid as policy file does not exist at path "
+ policyFile.getAbsolutePath());
}
policyMap = new HashMap<String, Class<PrivilegePolicy>>();
// parse policy xml file to XML document
Element containerRootElement = XmlHelper.parseDocument(policyFile).getRootElement();
List<Element> policyElements = containerRootElement.elements(XmlConstants.XML_POLICY);
for (Element policyElement : policyElements) {
String policyName = policyElement.attributeValue(XmlConstants.XML_ATTR_NAME);
String policyClass = policyElement.attributeValue(XmlConstants.XML_ATTR_CLASS);
Class<PrivilegePolicy> clazz = ClassHelper.loadClass(policyClass);
policyMap.put(policyName, clazz);
}
}
}

295
src/ch/eitchnet/privilege/handler/DefaultModelHandler.java → src/ch/eitchnet/privilege/handler/DefaultPrivilegeHandler.java
View File

@ -10,8 +10,10 @@
package ch.eitchnet.privilege.handler;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import org.apache.log4j.Logger;
@ -19,35 +21,234 @@ import org.dom4j.Element;
import ch.eitchnet.privilege.base.PrivilegeContainer;
import ch.eitchnet.privilege.helper.PrivilegeHelper;
import ch.eitchnet.privilege.i18n.AccessDeniedException;
import ch.eitchnet.privilege.i18n.PrivilegeException;
import ch.eitchnet.privilege.model.Certificate;
import ch.eitchnet.privilege.model.PrivilegeRep;
import ch.eitchnet.privilege.model.Restrictable;
import ch.eitchnet.privilege.model.RoleRep;
import ch.eitchnet.privilege.model.UserRep;
import ch.eitchnet.privilege.model.UserState;
import ch.eitchnet.privilege.model.internal.Privilege;
import ch.eitchnet.privilege.model.internal.Role;
import ch.eitchnet.privilege.model.internal.Session;
import ch.eitchnet.privilege.model.internal.User;
import ch.eitchnet.privilege.policy.PrivilegePolicy;
/**
* @author rvonburg
*
*/
public class DefaultModelHandler implements ModelHandler {
public class DefaultPrivilegeHandler implements PrivilegeHandler {
private static final Logger logger = Logger.getLogger(DefaultModelHandler.class);
private static final Logger logger = Logger.getLogger(DefaultPrivilegeHandler.class);
private static long lastSessionId;
private Map<String, CertificateSessionPair> sessionMap;
private PersistenceHandler persistenceHandler;
private EncryptionHandler encryptionHandler;
private PrivilegeHandler modelHandler;
/**
* @see ch.eitchnet.privilege.handler.SessionHandler#setPersistenceHandler(ch.eitchnet.privilege.handler.PersistenceHandler)
* TODO What is better, validate from {@link Restrictable} to {@link User} or the opposite direction?
*
* @see ch.eitchnet.privilege.handler.SessionHandler#actionAllowed(ch.eitchnet.privilege.model.Certificate,
* ch.eitchnet.privilege.model.Restrictable)
*
* @throws AccessDeniedException
* if the {@link Certificate} is not for a currently logged in {@link User} or if the user may not
* perform the action defined by the {@link Restrictable} implementation
*/
public void setPersistenceHandler(PersistenceHandler persistenceHandler) {
this.persistenceHandler = persistenceHandler;
@Override
public boolean actionAllowed(Certificate certificate, Restrictable restrictable) {
// first validate certificate
if (!isCertificateValid(certificate)) {
logger.info("Certificate is not valid, so action is not allowed: " + certificate + " for restrictable: "
+ restrictable);
return false;
}
// restrictable must not be null
if (restrictable == null)
throw new PrivilegeException("Restrictable may not be null!");
// get user object
User user = modelHandler.getUser(certificate.getUsername());
if (user == null) {
throw new PrivilegeException(
"Oh boy, how did this happen: No User in user map although the certificate is valid!");
}
// default is to not allow the action
// TODO should default deny/allow policy be configurable?
boolean actionAllowed = false;
// now iterate roles and validate on policies
for (String roleName : user.getRoles()) {
Role role = modelHandler.getRole(roleName);
if (role == null) {
logger.error("No role is defined with name " + roleName + " which is configured for user " + user);
continue;
}
actionAllowed = actionAllowed(role, restrictable);
// if action is allowed, then break iteration as a privilege match has been made
if (actionAllowed)
break;
}
return actionAllowed;
}
/**
* @see ch.eitchnet.privilege.handler.ModelHandler#addOrReplacePrivilege(ch.eitchnet.privilege.model.Certificate,
* @see ch.eitchnet.privilege.handler.PolicyHandler#actionAllowed(ch.eitchnet.privilege.model.internal.Role,
* ch.eitchnet.privilege.model.Restrictable)
*/
@Override
public boolean actionAllowed(Role role, Restrictable restrictable) {
// user and restrictable must not be null
if (role == null)
throw new PrivilegeException("Role may not be null!");
else if (restrictable == null)
throw new PrivilegeException("Restrictable may not be null!");
// validate PrivilegeName for this restrictable
String privilegeName = restrictable.getPrivilegeName();
if (privilegeName == null || privilegeName.length() < 3) {
throw new PrivilegeException(
"The PrivilegeName may not be shorter than 3 characters. Invalid Restrictable "
+ restrictable.getClass().getName());
}
// If the role does not have this privilege, then stop as another role might have this privilege
if (!role.hasPrivilege(privilegeName)) {
return false;
}
// get the privilege for this restrictable
Privilege privilege = modelHandler.getPrivilege(privilegeName);
if (privilege == null) {
throw new PrivilegeException("No Privilege exists with the name " + privilegeName + " for Restrictable "
+ restrictable.getClass().getName());
}
// get the policy configured for this privilege
PrivilegePolicy policy = modelHandler.getPolicy(privilege.getPolicy());
if (policy == null) {
throw new PrivilegeException("PrivilegePolicy " + privilege.getPolicy() + " does not exist for Privilege "
+ privilegeName);
}
// delegate checking to privilege policy
return policy.actionAllowed(role, privilege, restrictable);
}
/**
* @see ch.eitchnet.privilege.handler.SessionHandler#isCertificateValid(ch.eitchnet.privilege.model.Certificate)
*/
@Override
public boolean isCertificateValid(Certificate certificate) {
// certificate must not be null
if (certificate == null)
throw new PrivilegeException("Certificate may not be null!");
// first see if a session exists for this certificate
CertificateSessionPair certificateSessionPair = sessionMap.get(certificate.getSessionId());
if (certificateSessionPair == null)
throw new AccessDeniedException("There is no session information for " + certificate.toString());
// validate certificate has not been tampered with
Certificate sessionCertificate = certificateSessionPair.certificate;
if (!sessionCertificate.equals(certificate))
throw new PrivilegeException("Received illegal certificate for session id " + certificate.getSessionId());
// TODO is validating authToken overkill since the two certificates have already been checked on equality?
// validate authToken from certificate using the sessions authPassword
String authToken = certificate.getAuthToken(certificateSessionPair.session.getAuthPassword());
if (authToken == null || !authToken.equals(certificateSessionPair.session.getAuthToken()))
throw new PrivilegeException("Received illegal certificate data for session id "
+ certificate.getSessionId());
// get user object
User user = modelHandler.getUser(certificateSessionPair.session.getUsername());
// if user exists, then certificate is valid
if (user == null) {
throw new PrivilegeException(
"Oh boy, how did this happen: No User in user map although the certificate is valid!");
} else {
return true;
}
}
/**
* @see ch.eitchnet.privilege.handler.SessionHandler#authenticate(java.lang.String, java.lang.String)
*
* @throws AccessDeniedException
* if the user credentials are not valid
*/
@Override
public Certificate authenticate(String username, String password) {
// both username and password must at least have 3 characters in length
if (username == null || username.length() < 3)
throw new PrivilegeException("The given username is shorter than 3 characters");
else if (password == null || password.length() < 3)
throw new PrivilegeException("The given password is shorter than 3 characters");
// we only work with hashed passwords
String passwordHash = encryptionHandler.convertToHash(password);
// get user object
User user = modelHandler.getUser(username);
// no user means no authentication
if (user == null)
throw new AccessDeniedException("There is no user defined with the credentials: " + username + " / ***...");
// validate password
if (!user.isPassword(passwordHash))
throw new AccessDeniedException("Password is incorrect for " + username + " / ***...");
// validate if user is allowed to login
if (user.getState() != UserState.ENABLED)
throw new AccessDeniedException("User " + username + " is not ENABLED. State is: " + user.getState());
// validate user has at least one role
if (user.getRoles().isEmpty()) {
throw new PrivilegeException("User " + username + " does not have any roles defined!");
}
// get 2 auth tokens
String authToken = encryptionHandler.nextToken();
String authPassword = encryptionHandler.nextToken();
// get next session id
String sessionId = nextSessionId();
// create certificate
Certificate certificate = new Certificate(sessionId, username, authToken, authPassword, user.getLocale());
// create and save a new session
Session session = new Session(sessionId, authToken, authPassword, user.getUsername(), System
.currentTimeMillis());
sessionMap.put(sessionId, new CertificateSessionPair(session, certificate));
// log
logger.info("Authenticated: " + session);
// return the certificate
return certificate;
}
/**
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#addOrReplacePrivilege(ch.eitchnet.privilege.model.Certificate,
* ch.eitchnet.privilege.model.PrivilegeRep)
*/
@Override
@ -69,7 +270,7 @@ public class DefaultModelHandler implements ModelHandler {
}
/**
* @see ch.eitchnet.privilege.handler.ModelHandler#addOrReplaceRole(ch.eitchnet.privilege.model.Certificate,
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#addOrReplaceRole(ch.eitchnet.privilege.model.Certificate,
* ch.eitchnet.privilege.model.RoleRep)
*/
@Override
@ -90,7 +291,7 @@ public class DefaultModelHandler implements ModelHandler {
}
/**
* @see ch.eitchnet.privilege.handler.ModelHandler#addOrReplaceUser(ch.eitchnet.privilege.model.Certificate,
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#addOrReplaceUser(ch.eitchnet.privilege.model.Certificate,
* ch.eitchnet.privilege.model.UserRep, java.lang.String)
*/
@Override
@ -108,7 +309,7 @@ public class DefaultModelHandler implements ModelHandler {
if (password == null)
passwordHash = null;
else
passwordHash = PrivilegeContainer.getInstance().getEncryptionHandler().convertToHash(password);
passwordHash = encryptionHandler.convertToHash(password);
// create new user
User user = new User(userRep.getUsername(), passwordHash, userRep.getFirstname(), userRep.getSurname(), userRep
@ -119,7 +320,7 @@ public class DefaultModelHandler implements ModelHandler {
}
/**
* @see ch.eitchnet.privilege.handler.ModelHandler#addPrivilegeToRole(ch.eitchnet.privilege.model.Certificate,
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#addPrivilegeToRole(ch.eitchnet.privilege.model.Certificate,
* java.lang.String, java.lang.String)
*/
@Override
@ -162,7 +363,7 @@ public class DefaultModelHandler implements ModelHandler {
}
/**
* @see ch.eitchnet.privilege.handler.ModelHandler#addRoleToUser(ch.eitchnet.privilege.model.Certificate,
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#addRoleToUser(ch.eitchnet.privilege.model.Certificate,
* java.lang.String, java.lang.String)
*/
@Override
@ -205,7 +406,7 @@ public class DefaultModelHandler implements ModelHandler {
}
/**
* @see ch.eitchnet.privilege.handler.ModelHandler#persist(ch.eitchnet.privilege.model.Certificate)
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#persist(ch.eitchnet.privilege.model.Certificate)
*/
@Override
public boolean persist(Certificate certificate) {
@ -221,7 +422,7 @@ public class DefaultModelHandler implements ModelHandler {
}
/**
* @see ch.eitchnet.privilege.handler.ModelHandler#removePrivilege(ch.eitchnet.privilege.model.Certificate,
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#removePrivilege(ch.eitchnet.privilege.model.Certificate,
* java.lang.String)
*/
@Override
@ -245,7 +446,7 @@ public class DefaultModelHandler implements ModelHandler {
}
/**
* @see ch.eitchnet.privilege.handler.ModelHandler#removePrivilegeFromRole(ch.eitchnet.privilege.model.Certificate,
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#removePrivilegeFromRole(ch.eitchnet.privilege.model.Certificate,
* java.lang.String, java.lang.String)
*/
@Override
@ -281,7 +482,7 @@ public class DefaultModelHandler implements ModelHandler {
}
/**
* @see ch.eitchnet.privilege.handler.ModelHandler#removeRole(ch.eitchnet.privilege.model.Certificate,
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#removeRole(ch.eitchnet.privilege.model.Certificate,
* java.lang.String)
*/
@Override
@ -305,7 +506,7 @@ public class DefaultModelHandler implements ModelHandler {
}
/**
* @see ch.eitchnet.privilege.handler.ModelHandler#removeRoleFromUser(ch.eitchnet.privilege.model.Certificate,
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#removeRoleFromUser(ch.eitchnet.privilege.model.Certificate,
* java.lang.String, java.lang.String)
*/
@Override
@ -342,7 +543,7 @@ public class DefaultModelHandler implements ModelHandler {
}
/**
* @see ch.eitchnet.privilege.handler.ModelHandler#removeUser(ch.eitchnet.privilege.model.Certificate,
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#removeUser(ch.eitchnet.privilege.model.Certificate,
* java.lang.String)
*/
@Override
@ -366,7 +567,7 @@ public class DefaultModelHandler implements ModelHandler {
}
/**
* @see ch.eitchnet.privilege.handler.ModelHandler#setPrivilegeAllAllowed(ch.eitchnet.privilege.model.Certificate,
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#setPrivilegeAllAllowed(ch.eitchnet.privilege.model.Certificate,
* java.lang.String, boolean)
*/
@Override
@ -401,7 +602,7 @@ public class DefaultModelHandler implements ModelHandler {
}
/**
* @see ch.eitchnet.privilege.handler.ModelHandler#setPrivilegeAllowList(ch.eitchnet.privilege.model.Certificate,
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#setPrivilegeAllowList(ch.eitchnet.privilege.model.Certificate,
* java.lang.String, java.util.Set)
*/
@Override
@ -429,7 +630,7 @@ public class DefaultModelHandler implements ModelHandler {
}
/**
* @see ch.eitchnet.privilege.handler.ModelHandler#setPrivilegeDenyList(ch.eitchnet.privilege.model.Certificate,
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#setPrivilegeDenyList(ch.eitchnet.privilege.model.Certificate,
* java.lang.String, java.util.Set)
*/
@Override
@ -457,7 +658,7 @@ public class DefaultModelHandler implements ModelHandler {
}
/**
* @see ch.eitchnet.privilege.handler.ModelHandler#setPrivilegePolicy(ch.eitchnet.privilege.model.Certificate,
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#setPrivilegePolicy(ch.eitchnet.privilege.model.Certificate,
* java.lang.String, java.lang.String)
*/
@Override
@ -485,7 +686,7 @@ public class DefaultModelHandler implements ModelHandler {
}
/**
* @see ch.eitchnet.privilege.handler.ModelHandler#setUserLocaleState(ch.eitchnet.privilege.model.Certificate,
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#setUserLocaleState(ch.eitchnet.privilege.model.Certificate,
* java.lang.String, java.util.Locale)
*/
@Override
@ -513,7 +714,7 @@ public class DefaultModelHandler implements ModelHandler {
}
/**
* @see ch.eitchnet.privilege.handler.ModelHandler#setUserName(ch.eitchnet.privilege.model.Certificate,
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#setUserName(ch.eitchnet.privilege.model.Certificate,
* java.lang.String, java.lang.String, java.lang.String)
*/
@Override
@ -541,7 +742,7 @@ public class DefaultModelHandler implements ModelHandler {
}
/**
* @see ch.eitchnet.privilege.handler.ModelHandler#setUserPassword(ch.eitchnet.privilege.model.Certificate,
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#setUserPassword(ch.eitchnet.privilege.model.Certificate,
* java.lang.String, java.lang.String)
*/
@Override
@ -561,7 +762,7 @@ public class DefaultModelHandler implements ModelHandler {
}
// hash password
String passwordHash = PrivilegeContainer.getInstance().getEncryptionHandler().convertToHash(password);
String passwordHash = encryptionHandler.convertToHash(password);
// create new user
User newUser = new User(user.getUsername(), passwordHash, user.getFirstname(), user.getSurname(), user
@ -572,7 +773,7 @@ public class DefaultModelHandler implements ModelHandler {
}
/**
* @see ch.eitchnet.privilege.handler.ModelHandler#setUserState(ch.eitchnet.privilege.model.Certificate,
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#setUserState(ch.eitchnet.privilege.model.Certificate,
* java.lang.String, ch.eitchnet.privilege.model.UserState)
*/
@Override
@ -600,15 +801,17 @@ public class DefaultModelHandler implements ModelHandler {
}
/**
* @see ch.eitchnet.privilege.base.PrivilegeContainerObject#initialize(org.dom4j.Element)
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#initialize(org.dom4j.Element)
*/
@Override
public void initialize(Element element) {
// nothing to initialize
lastSessionId = 0l;
sessionMap = new HashMap<String, CertificateSessionPair>();
}
/**
* @see ch.eitchnet.privilege.handler.ModelHandler#getPrivilege(java.lang.String)
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#getPrivilege(java.lang.String)
*/
@Override
public Privilege getPrivilege(String privilegeName) {
@ -616,7 +819,7 @@ public class DefaultModelHandler implements ModelHandler {
}
/**
* @see ch.eitchnet.privilege.handler.ModelHandler#getRole(java.lang.String)
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#getRole(java.lang.String)
*/
@Override
public Role getRole(String roleName) {
@ -624,10 +827,40 @@ public class DefaultModelHandler implements ModelHandler {
}
/**
* @see ch.eitchnet.privilege.handler.ModelHandler#getUser(java.lang.String)
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#getUser(java.lang.String)
*/
@Override
public User getUser(String username) {
return persistenceHandler.getUser(username);
}
/**
* @see ch.eitchnet.privilege.handler.PrivilegeHandler#getPolicy(java.lang.String)
*/
@Override
public PrivilegePolicy getPolicy(String policyName) {
return persistenceHandler.getPolicy(policyName);
}
/**
* @return a new session id
*/
private synchronized String nextSessionId() {
return Long.toString(++lastSessionId % Long.MAX_VALUE);
}
/**
* An internal class used to keep a record of sessions with the certificate
*
* @author rvonburg
*/
private class CertificateSessionPair {
private Session session;
private Certificate certificate;
public CertificateSessionPair(Session session, Certificate certificate) {
this.session = session;
this.certificate = certificate;
}
}
}

222
src/ch/eitchnet/privilege/handler/DefaultSessionHandler.java
View File

@ -1,222 +0,0 @@
/*
* Copyright (c) 2010
*
* Robert von Burg
* eitch@eitchnet.ch
*
* All rights reserved.
*
*/
package ch.eitchnet.privilege.handler;
import java.util.HashMap;
import java.util.Map;
import org.apache.log4j.Logger;
import org.dom4j.Element;
import ch.eitchnet.privilege.base.PrivilegeContainer;
import ch.eitchnet.privilege.i18n.AccessDeniedException;
import ch.eitchnet.privilege.i18n.PrivilegeException;
import ch.eitchnet.privilege.model.Certificate;
import ch.eitchnet.privilege.model.Restrictable;
import ch.eitchnet.privilege.model.UserState;
import ch.eitchnet.privilege.model.internal.Role;
import ch.eitchnet.privilege.model.internal.Session;
import ch.eitchnet.privilege.model.internal.User;
/**
* @author rvonburg
*
*/
public class DefaultSessionHandler implements SessionHandler {
private static final Logger logger = Logger.getLogger(DefaultSessionHandler.class);
private static long lastSessionId;
private Map<String, CertificateSessionPair> sessionMap;
/**
* TODO What is better, validate from {@link Restrictable} to {@link User} or the opposite direction?
*
* @see ch.eitchnet.privilege.handler.SessionHandler#actionAllowed(ch.eitchnet.privilege.model.Certificate,
* ch.eitchnet.privilege.model.Restrictable)
*
* @throws AccessDeniedException
* if the {@link Certificate} is not for a currently logged in {@link User} or if the user may not
* perform the action defined by the {@link Restrictable} implementation
*/
@Override
public boolean actionAllowed(Certificate certificate, Restrictable restrictable) {
// first validate certificate
if (!isCertificateValid(certificate)) {
logger.info("Certificate is not valid, so action is not allowed: " + certificate + " for restrictable: "
+ restrictable);
return false;
}
// restrictable must not be null
if (restrictable == null)
throw new PrivilegeException("Restrictable may not be null!");
PrivilegeContainer privilegeContainer = PrivilegeContainer.getInstance();
// get user object
User user = PrivilegeContainer.getInstance().getModelHandler().getUser(certificate.getUsername());
if (user == null) {
throw new PrivilegeException(
"Oh boy, how did this happen: No User in user map although the certificate is valid!");
}
// default is to not allow the action
// TODO should default deny/allow policy be configurable?
boolean actionAllowed = false;
// now iterate roles and validate on policy handler
PolicyHandler policyHandler = privilegeContainer.getPolicyHandler();
for (String roleName : user.getRoles()) {
Role role = PrivilegeContainer.getInstance().getModelHandler().getRole(roleName);
if (role == null) {
logger.error("No role is defined with name " + roleName + " which is configured for user " + user);
continue;
}
actionAllowed = policyHandler.actionAllowed(role, restrictable);
// if action is allowed, then break iteration as a privilege match has been made
if (actionAllowed)
break;
}
return actionAllowed;
}
/**
* @see ch.eitchnet.privilege.handler.SessionHandler#isCertificateValid(ch.eitchnet.privilege.model.Certificate)
*/
@Override
public boolean isCertificateValid(Certificate certificate) {
// certificate must not be null
if (certificate == null)
throw new PrivilegeException("Certificate may not be null!");
// first see if a session exists for this certificate
CertificateSessionPair certificateSessionPair = sessionMap.get(certificate.getSessionId());
if (certificateSessionPair == null)
throw new AccessDeniedException("There is no session information for " + certificate.toString());
// validate certificate has not been tampered with
Certificate sessionCertificate = certificateSessionPair.certificate;
if (!sessionCertificate.equals(certificate))
throw new PrivilegeException("Received illegal certificate for session id " + certificate.getSessionId());
// TODO is validating authToken overkill since the two certificates have already been checked on equality?
// validate authToken from certificate using the sessions authPassword
String authToken = certificate.getAuthToken(certificateSessionPair.session.getAuthPassword());
if (authToken == null || !authToken.equals(certificateSessionPair.session.getAuthToken()))
throw new PrivilegeException("Received illegal certificate data for session id "
+ certificate.getSessionId());
// get user object
User user = PrivilegeContainer.getInstance().getModelHandler().getUser(
certificateSessionPair.session.getUsername());
// if user exists, then certificate is valid
if (user == null) {
throw new PrivilegeException(
"Oh boy, how did this happen: No User in user map although the certificate is valid!");
} else {
return true;
}
}
/**
* @see ch.eitchnet.privilege.handler.SessionHandler#authenticate(java.lang.String, java.lang.String)
*
* @throws AccessDeniedException
* if the user credentials are not valid
*/
@Override
public Certificate authenticate(String username, String password) {
// both username and password must at least have 3 characters in length
if (username == null || username.length() < 3)
throw new PrivilegeException("The given username is shorter than 3 characters");
else if (password == null || password.length() < 3)
throw new PrivilegeException("The given password is shorter than 3 characters");
EncryptionHandler encryptionHandler = PrivilegeContainer.getInstance().getEncryptionHandler();
// we only work with hashed passwords
String passwordHash = encryptionHandler.convertToHash(password);
// get user object
User user = PrivilegeContainer.getInstance().getModelHandler().getUser(username);
// no user means no authentication
if (user == null)
throw new AccessDeniedException("There is no user defined with the credentials: " + username + " / ***...");
// validate password
if (!user.isPassword(passwordHash))
throw new AccessDeniedException("Password is incorrect for " + username + " / ***...");
// validate if user is allowed to login
if (user.getState() != UserState.ENABLED)
throw new AccessDeniedException("User " + username + " is not ENABLED. State is: " + user.getState());
// validate user has at least one role
if (user.getRoles().isEmpty()) {
throw new PrivilegeException("User " + username + " does not have any roles defined!");
}
// get 2 auth tokens
String authToken = encryptionHandler.nextToken();
String authPassword = encryptionHandler.nextToken();
// get next session id
String sessionId = nextSessionId();
// create certificate
Certificate certificate = new Certificate(sessionId, username, authToken, authPassword, user.getLocale());
// create and save a new session
Session session = new Session(sessionId, authToken, authPassword, user.getUsername(), System
.currentTimeMillis());
sessionMap.put(sessionId, new CertificateSessionPair(session, certificate));
// log
logger.info("Authenticated: " + session);
// return the certificate
return certificate;
}
private synchronized String nextSessionId() {
return Long.toString(++lastSessionId % Long.MAX_VALUE);
}
/**
* @see ch.eitchnet.privilege.base.PrivilegeContainerObject#initialize(org.dom4j.Element)
*/
public void initialize(Element element) {
lastSessionId = 0l;
sessionMap = new HashMap<String, CertificateSessionPair>();
}
private class CertificateSessionPair {
private Session session;
private Certificate certificate;
public CertificateSessionPair(Session session, Certificate certificate) {
this.session = session;
this.certificate = certificate;
}
}
}

6
src/ch/eitchnet/privilege/handler/EncryptionHandler.java
View File

@ -10,15 +10,17 @@
package ch.eitchnet.privilege.handler;
import ch.eitchnet.privilege.base.PrivilegeContainerObject;
import org.dom4j.Element;
/**
* @author rvonburg
*
*/
public interface EncryptionHandler extends PrivilegeContainerObject{
public interface EncryptionHandler {
public String nextToken();
public String convertToHash(String string);
public void initialize(Element element);
}

10
src/ch/eitchnet/privilege/handler/PersistenceHandler.java
View File

@ -10,17 +10,19 @@
package ch.eitchnet.privilege.handler;
import ch.eitchnet.privilege.base.PrivilegeContainerObject;
import org.dom4j.Element;
import ch.eitchnet.privilege.model.Certificate;
import ch.eitchnet.privilege.model.internal.Privilege;
import ch.eitchnet.privilege.model.internal.Role;
import ch.eitchnet.privilege.model.internal.User;
import ch.eitchnet.privilege.policy.PrivilegePolicy;
/**
* @author rvonburg
*
*/
public interface PersistenceHandler extends PrivilegeContainerObject {
public interface PersistenceHandler {
public User getUser(String username);
@ -40,5 +42,9 @@ public interface PersistenceHandler extends PrivilegeContainerObject {
public Privilege removePrivilege(String privilegeName);
public PrivilegePolicy getPolicy(String policyName);
public boolean persist(Certificate certificate);
public void initialize(Element element);
}

24
src/ch/eitchnet/privilege/handler/PolicyHandler.java
View File

@ -1,24 +0,0 @@
/*
* Copyright (c) 2010
*
* Robert von Burg
* eitch@eitchnet.ch
*
* All rights reserved.
*
*/
package ch.eitchnet.privilege.handler;
import ch.eitchnet.privilege.base.PrivilegeContainerObject;
import ch.eitchnet.privilege.model.Restrictable;
import ch.eitchnet.privilege.model.internal.Role;
/**
* @author rvonburg
*
*/
public interface PolicyHandler extends PrivilegeContainerObject {
public boolean actionAllowed(Role role, Restrictable restrictable);
}

62
src/ch/eitchnet/privilege/handler/ModelHandler.java → src/ch/eitchnet/privilege/handler/PrivilegeHandler.java
View File

@ -13,23 +13,75 @@ package ch.eitchnet.privilege.handler;
import java.util.Locale;
import java.util.Set;
import ch.eitchnet.privilege.base.PrivilegeContainerObject;
import org.dom4j.Element;
import ch.eitchnet.privilege.i18n.AccessDeniedException;
import ch.eitchnet.privilege.i18n.PrivilegeException;
import ch.eitchnet.privilege.model.Certificate;
import ch.eitchnet.privilege.model.PrivilegeRep;
import ch.eitchnet.privilege.model.Restrictable;
import ch.eitchnet.privilege.model.RoleRep;
import ch.eitchnet.privilege.model.UserRep;
import ch.eitchnet.privilege.model.UserState;
import ch.eitchnet.privilege.model.internal.Privilege;
import ch.eitchnet.privilege.model.internal.Role;
import ch.eitchnet.privilege.model.internal.User;
import ch.eitchnet.privilege.policy.PrivilegePolicy;
/**
* @author rvonburg
*
*/
public interface ModelHandler extends PrivilegeContainerObject {
public interface PrivilegeHandler {
public void setPersistenceHandler(PersistenceHandler persistenceHandler);
/**
* @param certificate
* @param restrictable
*
* @return
*
* @throws AccessDeniedException
* if the {@link Certificate} is not for a currently logged in {@link User} or if the user may not
* perform the action defined by the {@link Restrictable} implementation
* @throws PrivilegeException
* if there is anything wrong with this certificate
*/
public boolean actionAllowed(Certificate certificate, Restrictable restrictable);
/**
* @param role
* @param restrictable
* @return
*
* @throws AccessDeniedException
* if the {@link Certificate} is not for a currently logged in {@link User} or if the user may not
* perform the action defined by the {@link Restrictable} implementation
* @throws PrivilegeException
* if there is anything wrong with this certificate
*/
public boolean actionAllowed(Role role, Restrictable restrictable);
/**
* @param certificate
* @return
*
* @throws AccessDeniedException
* if the {@link Certificate} is not for a currently logged in {@link User}
* @throws PrivilegeException
* if there is anything wrong with this certificate
*/
public boolean isCertificateValid(Certificate certificate);
/**
* @param username
* @param password
*
* @return
*
* @throws AccessDeniedException
* if the user credentials are not valid
*/
public Certificate authenticate(String username, String password);
public User getUser(String username);
@ -73,5 +125,9 @@ public interface ModelHandler extends PrivilegeContainerObject {
public void setPrivilegeAllowList(Certificate certificate, String privilegeName, Set<String> allowList);
public PrivilegePolicy getPolicy(String policyName);
public boolean persist(Certificate certificate);
public void initialize(Element element);
}

61
src/ch/eitchnet/privilege/handler/SessionHandler.java
View File

@ -1,61 +0,0 @@
/*
* Copyright (c) 2010
*
* Robert von Burg
* eitch@eitchnet.ch
*
* All rights reserved.
*
*/
package ch.eitchnet.privilege.handler;
import ch.eitchnet.privilege.base.PrivilegeContainerObject;
import ch.eitchnet.privilege.i18n.AccessDeniedException;
import ch.eitchnet.privilege.i18n.PrivilegeException;
import ch.eitchnet.privilege.model.Certificate;
import ch.eitchnet.privilege.model.Restrictable;
import ch.eitchnet.privilege.model.internal.User;
/**
* @author rvonburg
*
*/
public interface SessionHandler extends PrivilegeContainerObject {
/**
* @param certificate
* @param restrictable
*
* @return
*
* @throws AccessDeniedException
* if the {@link Certificate} is not for a currently logged in {@link User} or if the user may not
* perform the action defined by the {@link Restrictable} implementation
* @throws PrivilegeException
* if there is anything wrong with this certificate
*/
public boolean actionAllowed(Certificate certificate, Restrictable restrictable);
/**
* @param certificate
* @return
*
* @throws AccessDeniedException
* if the {@link Certificate} is not for a currently logged in {@link User}
* @throws PrivilegeException
* if there is anything wrong with this certificate
*/
public boolean isCertificateValid(Certificate certificate);
/**
* @param username
* @param password
*
* @return
*
* @throws AccessDeniedException
* if the user credentials are not valid
*/
public Certificate authenticate(String username, String password);
}

2
src/ch/eitchnet/privilege/helper/PrivilegeHelper.java
View File

@ -24,7 +24,7 @@ public class PrivilegeHelper {
public static boolean isUserPrivilegeAdmin(Certificate certificate) {
// validate certificate
if (!PrivilegeContainer.getInstance().getSessionHandler().isCertificateValid(certificate)) {
if (!PrivilegeContainer.getInstance().getModelHandler().isCertificateValid(certificate)) {
throw new PrivilegeException("Certificate " + certificate + " is not valid!");
}

38
test/ch/eitchnet/privilege/test/PrivilegeTest.java
View File

@ -22,7 +22,7 @@ import org.junit.BeforeClass;
import org.junit.Test;
import ch.eitchnet.privilege.base.PrivilegeContainer;
import ch.eitchnet.privilege.handler.ModelHandler;
import ch.eitchnet.privilege.handler.PrivilegeHandler;
import ch.eitchnet.privilege.i18n.AccessDeniedException;
import ch.eitchnet.privilege.i18n.PrivilegeException;
import ch.eitchnet.privilege.model.Certificate;
@ -59,7 +59,7 @@ public class PrivilegeTest {
@Test
public void testAuthenticationOk() throws Exception {
Certificate certificate = PrivilegeContainer.getInstance().getSessionHandler().authenticate("eitch",
Certificate certificate = PrivilegeContainer.getInstance().getModelHandler().authenticate("eitch",
"1234567890");
org.junit.Assert.assertTrue("Certificate is null!", certificate != null);
}
@ -67,24 +67,24 @@ public class PrivilegeTest {
@Test(expected = AccessDeniedException.class)
public void testFailAuthenticationNOk() throws Exception {
Certificate certificate = PrivilegeContainer.getInstance().getSessionHandler().authenticate("eitch", "123");
Certificate certificate = PrivilegeContainer.getInstance().getModelHandler().authenticate("eitch", "123");
org.junit.Assert.assertTrue("Certificate is null!", certificate != null);
}
@Test(expected = PrivilegeException.class)
public void testFailAuthenticationPWNull() throws Exception {
Certificate certificate = PrivilegeContainer.getInstance().getSessionHandler().authenticate("eitch", null);
Certificate certificate = PrivilegeContainer.getInstance().getModelHandler().authenticate("eitch", null);
org.junit.Assert.assertTrue("Certificate is null!", certificate != null);
}
@Test
public void testAddUserBobWithPW() throws Exception {
Certificate certificate = PrivilegeContainer.getInstance().getSessionHandler().authenticate("eitch",
Certificate certificate = PrivilegeContainer.getInstance().getModelHandler().authenticate("eitch",
"1234567890");
ModelHandler modelHandler = PrivilegeContainer.getInstance().getModelHandler();
PrivilegeHandler modelHandler = PrivilegeContainer.getInstance().getModelHandler();
// let's add a new user bob
UserRep userRep = new UserRep("bob", "Bob", "Newman", UserState.NEW, new HashSet<String>(), null);
@ -104,16 +104,16 @@ public class PrivilegeTest {
@Test(expected = AccessDeniedException.class)
public void testFailAuthAsBob() throws Exception {
PrivilegeContainer.getInstance().getSessionHandler().authenticate("bob", "12345678901");
PrivilegeContainer.getInstance().getModelHandler().authenticate("bob", "12345678901");
}
@Test
public void testEnableUserBob() throws Exception {
Certificate certificate = PrivilegeContainer.getInstance().getSessionHandler().authenticate("eitch",
Certificate certificate = PrivilegeContainer.getInstance().getModelHandler().authenticate("eitch",
"1234567890");
ModelHandler modelHandler = PrivilegeContainer.getInstance().getModelHandler();
PrivilegeHandler modelHandler = PrivilegeContainer.getInstance().getModelHandler();
modelHandler.setUserState(certificate, "bob", UserState.ENABLED);
}
@ -125,7 +125,7 @@ public class PrivilegeTest {
@Test(expected = PrivilegeException.class)
public void testFailAuthUserBob() throws Exception {
Certificate certificate = PrivilegeContainer.getInstance().getSessionHandler().authenticate("bob",
Certificate certificate = PrivilegeContainer.getInstance().getModelHandler().authenticate("bob",
"12345678901");
org.junit.Assert.assertTrue("Certificate is null!", certificate != null);
}
@ -133,17 +133,17 @@ public class PrivilegeTest {
@Test
public void testAddUserRoleToBob() throws Exception {
Certificate certificate = PrivilegeContainer.getInstance().getSessionHandler().authenticate("eitch",
Certificate certificate = PrivilegeContainer.getInstance().getModelHandler().authenticate("eitch",
"1234567890");
ModelHandler modelHandler = PrivilegeContainer.getInstance().getModelHandler();
PrivilegeHandler modelHandler = PrivilegeContainer.getInstance().getModelHandler();
modelHandler.addRoleToUser(certificate, "bob", "user");
}
@Test
public void testAuthAsBob() throws Exception {
PrivilegeContainer.getInstance().getSessionHandler().authenticate("bob", "12345678901");
PrivilegeContainer.getInstance().getModelHandler().authenticate("bob", "12345678901");
}
/**
@ -154,7 +154,7 @@ public class PrivilegeTest {
@Test(expected = AccessDeniedException.class)
public void testFailAddUserTedAsBob() throws Exception {
Certificate certificate = PrivilegeContainer.getInstance().getSessionHandler().authenticate("bob",
Certificate certificate = PrivilegeContainer.getInstance().getModelHandler().authenticate("bob",
"12345678901");
org.junit.Assert.assertTrue("Certificate is null!", certificate != null);
@ -167,17 +167,17 @@ public class PrivilegeTest {
@Test
public void testAddAdminRoleToBob() throws Exception {
Certificate certificate = PrivilegeContainer.getInstance().getSessionHandler().authenticate("eitch",
Certificate certificate = PrivilegeContainer.getInstance().getModelHandler().authenticate("eitch",
"1234567890");
ModelHandler modelHandler = PrivilegeContainer.getInstance().getModelHandler();
PrivilegeHandler modelHandler = PrivilegeContainer.getInstance().getModelHandler();
modelHandler.addRoleToUser(certificate, "bob", PrivilegeContainer.PRIVILEGE_ADMIN_ROLE);
}
@Test
public void testAddUserTedAsBob() throws Exception {
Certificate certificate = PrivilegeContainer.getInstance().getSessionHandler().authenticate("bob",
Certificate certificate = PrivilegeContainer.getInstance().getModelHandler().authenticate("bob",
"12345678901");
org.junit.Assert.assertTrue("Certificate is null!", certificate != null);
@ -190,13 +190,13 @@ public class PrivilegeTest {
@Test
public void testPerformRestrictable() throws Exception {
Certificate certificate = PrivilegeContainer.getInstance().getSessionHandler().authenticate("eitch",
Certificate certificate = PrivilegeContainer.getInstance().getModelHandler().authenticate("eitch",
"1234567890");
org.junit.Assert.assertTrue("Certificate is null!", certificate != null);
// see if eitch can perform restrictable
Restrictable restrictable = new TestRestrictable();
boolean actionAllowed = PrivilegeContainer.getInstance().getSessionHandler().actionAllowed(certificate,
boolean actionAllowed = PrivilegeContainer.getInstance().getModelHandler().actionAllowed(certificate,
restrictable);
org.junit.Assert.assertTrue("eitch may not perform restrictable!", actionAllowed);
}