[New] Added privilege checking for StrolchQueries
This commit is contained in:
parent
ae5a0b0a14
commit
5c677aa757
|
@ -0,0 +1,49 @@
|
|||
/*
|
||||
* Copyright 2013 Robert von Burg <eitch@eitchnet.ch>
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package li.strolch.agent.api;
|
||||
|
||||
import ch.eitchnet.privilege.model.Restrictable;
|
||||
|
||||
/**
|
||||
* A simple implementation for the {@link Restrictable} interface
|
||||
*
|
||||
* @author Robert von Burg <eitch@eitchnet.ch>
|
||||
*/
|
||||
public class RestrictableElement implements Restrictable {
|
||||
|
||||
private String name;
|
||||
private Object value;
|
||||
|
||||
public RestrictableElement(String name, Object value) {
|
||||
super();
|
||||
this.name = name;
|
||||
this.value = value;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPrivilegeName() {
|
||||
return this.name;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Object getPrivilegeValue() {
|
||||
return this.value;
|
||||
}
|
||||
|
||||
public static Restrictable restrictableFor(String name, Object value) {
|
||||
return new RestrictableElement(name, value);
|
||||
}
|
||||
}
|
|
@ -78,7 +78,7 @@ public class EmptyRealm extends InternalStrolchRealm {
|
|||
@Override
|
||||
public void initialize(ComponentContainer container, ComponentConfiguration configuration) {
|
||||
super.initialize(container, configuration);
|
||||
this.persistenceHandler = new InMemoryPersistence();
|
||||
this.persistenceHandler = new InMemoryPersistence(container.getPrivilegeHandler());
|
||||
this.resourceMap = new TransactionalResourceMap();
|
||||
this.orderMap = new TransactionalOrderMap();
|
||||
|
||||
|
|
|
@ -97,7 +97,7 @@ public class TransientRealm extends InternalStrolchRealm {
|
|||
|
||||
this.modelFile = configuration.getDataFile(key, null, configuration.getRuntimeConfiguration(), true);
|
||||
|
||||
this.persistenceHandler = new InMemoryPersistence();
|
||||
this.persistenceHandler = new InMemoryPersistence(container.getPrivilegeHandler());
|
||||
this.resourceMap = new TransactionalResourceMap();
|
||||
this.orderMap = new TransactionalOrderMap();
|
||||
|
||||
|
|
|
@ -52,17 +52,20 @@ import li.strolch.model.parameter.Parameter;
|
|||
import li.strolch.model.parameter.StringParameter;
|
||||
import li.strolch.model.query.OrderQuery;
|
||||
import li.strolch.model.query.ResourceQuery;
|
||||
import li.strolch.model.query.StrolchQuery;
|
||||
import li.strolch.model.timedstate.StrolchTimedState;
|
||||
import li.strolch.model.timevalue.IValue;
|
||||
import li.strolch.model.visitor.NoStrategyOrderVisitor;
|
||||
import li.strolch.model.visitor.NoStrategyResourceVisitor;
|
||||
import li.strolch.persistence.inmemory.InMemoryTransaction;
|
||||
import li.strolch.runtime.privilege.PrivilegeHandler;
|
||||
import li.strolch.service.api.Command;
|
||||
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
import ch.eitchnet.privilege.model.Certificate;
|
||||
import ch.eitchnet.privilege.model.PrivilegeContext;
|
||||
import ch.eitchnet.utils.dbc.DBC;
|
||||
import ch.eitchnet.utils.helper.StringHelper;
|
||||
|
||||
|
@ -88,12 +91,16 @@ public abstract class AbstractTransaction implements StrolchTransaction {
|
|||
|
||||
private String action;
|
||||
private Certificate certificate;
|
||||
private PrivilegeHandler privilegeHandler;
|
||||
|
||||
public AbstractTransaction(StrolchRealm realm, Certificate certificate, String action) {
|
||||
public AbstractTransaction(PrivilegeHandler privilegeHandler, StrolchRealm realm, Certificate certificate,
|
||||
String action) {
|
||||
DBC.PRE.assertNotNull("privilegeHandler must be set!", privilegeHandler); //$NON-NLS-1$
|
||||
DBC.PRE.assertNotNull("realm must be set!", realm); //$NON-NLS-1$
|
||||
DBC.PRE.assertNotNull("certificate must be set!", certificate); //$NON-NLS-1$
|
||||
DBC.PRE.assertNotNull("action must be set!", action); //$NON-NLS-1$
|
||||
|
||||
this.privilegeHandler = privilegeHandler;
|
||||
this.realm = (InternalStrolchRealm) realm;
|
||||
this.action = action;
|
||||
this.certificate = certificate;
|
||||
|
@ -228,33 +235,44 @@ public abstract class AbstractTransaction implements StrolchTransaction {
|
|||
return this.auditTrail;
|
||||
}
|
||||
|
||||
private void assertQueryAllowed(StrolchQuery query) {
|
||||
PrivilegeContext privilegeContext = this.privilegeHandler.getPrivilegeContext(this.certificate);
|
||||
privilegeContext.validateAction(query);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<Order> doQuery(OrderQuery query) {
|
||||
assertQueryAllowed(query);
|
||||
return getPersistenceHandler().getOrderDao(this).doQuery(query, new NoStrategyOrderVisitor());
|
||||
}
|
||||
|
||||
@Override
|
||||
public <U> List<U> doQuery(OrderQuery query, OrderVisitor<U> orderVisitor) {
|
||||
assertQueryAllowed(query);
|
||||
return getPersistenceHandler().getOrderDao(this).doQuery(query, orderVisitor);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<Resource> doQuery(ResourceQuery query) {
|
||||
assertQueryAllowed(query);
|
||||
return getPersistenceHandler().getResourceDao(this).doQuery(query, new NoStrategyResourceVisitor());
|
||||
}
|
||||
|
||||
@Override
|
||||
public <U> List<U> doQuery(ResourceQuery query, ResourceVisitor<U> resourceVisitor) {
|
||||
assertQueryAllowed(query);
|
||||
return getPersistenceHandler().getResourceDao(this).doQuery(query, resourceVisitor);
|
||||
}
|
||||
|
||||
@Override
|
||||
public List<Audit> doQuery(AuditQuery query) {
|
||||
assertQueryAllowed(query);
|
||||
return getPersistenceHandler().getAuditDao(this).doQuery(query, new NoStrategyAuditVisitor());
|
||||
}
|
||||
|
||||
@Override
|
||||
public <U> List<U> doQuery(AuditQuery query, AuditVisitor<U> auditVisitor) {
|
||||
assertQueryAllowed(query);
|
||||
return getPersistenceHandler().getAuditDao(this).doQuery(query, auditVisitor);
|
||||
}
|
||||
|
||||
|
|
|
@ -9,19 +9,22 @@ import li.strolch.persistence.api.OrderDao;
|
|||
import li.strolch.persistence.api.PersistenceHandler;
|
||||
import li.strolch.persistence.api.ResourceDao;
|
||||
import li.strolch.persistence.api.StrolchTransaction;
|
||||
import li.strolch.runtime.privilege.PrivilegeHandler;
|
||||
import ch.eitchnet.privilege.model.Certificate;
|
||||
|
||||
public class InMemoryPersistence implements PersistenceHandler {
|
||||
|
||||
private Map<String, DaoCache> daoCache;
|
||||
private PrivilegeHandler privilegeHandler;
|
||||
|
||||
public InMemoryPersistence() {
|
||||
public InMemoryPersistence(PrivilegeHandler privilegeHandler) {
|
||||
this.privilegeHandler = privilegeHandler;
|
||||
this.daoCache = new HashMap<>();
|
||||
}
|
||||
|
||||
@Override
|
||||
public StrolchTransaction openTx(StrolchRealm realm, Certificate certificate, String action) {
|
||||
return new InMemoryTransaction(realm, certificate, action, this);
|
||||
return new InMemoryTransaction(this.privilegeHandler, realm, certificate, action, this);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
@ -43,7 +43,7 @@ public class InMemoryPersistenceHandler extends StrolchComponent implements Pers
|
|||
|
||||
@Override
|
||||
public void initialize(ComponentConfiguration configuration) {
|
||||
this.persistence = new InMemoryPersistence();
|
||||
this.persistence = new InMemoryPersistence(getContainer().getPrivilegeHandler());
|
||||
super.initialize(configuration);
|
||||
}
|
||||
|
||||
|
|
|
@ -5,15 +5,16 @@ import li.strolch.persistence.api.AbstractTransaction;
|
|||
import li.strolch.persistence.api.PersistenceHandler;
|
||||
import li.strolch.persistence.api.TransactionResult;
|
||||
import li.strolch.persistence.api.TransactionState;
|
||||
import li.strolch.runtime.privilege.PrivilegeHandler;
|
||||
import ch.eitchnet.privilege.model.Certificate;
|
||||
|
||||
public class InMemoryTransaction extends AbstractTransaction {
|
||||
|
||||
private InMemoryPersistence persistenceHandler;
|
||||
|
||||
public InMemoryTransaction(StrolchRealm realm, Certificate certificate, String action,
|
||||
InMemoryPersistence persistenceHandler) {
|
||||
super(realm, certificate, action);
|
||||
public InMemoryTransaction(PrivilegeHandler privilegeHandler, StrolchRealm realm, Certificate certificate,
|
||||
String action, InMemoryPersistence persistenceHandler) {
|
||||
super(privilegeHandler, realm, certificate, action);
|
||||
this.persistenceHandler = persistenceHandler;
|
||||
}
|
||||
|
||||
|
|
|
@ -31,7 +31,9 @@
|
|||
<Privilege name="li.strolch.service.api.Service" policy="DefaultPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
<Privilege name="li.strolch.model.query.StrolchQuery" policy="DefaultPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
</Role>
|
||||
|
||||
</Roles>
|
||||
</UsersAndRoles>
|
|
@ -31,6 +31,9 @@
|
|||
<Privilege name="li.strolch.service.api.Service" policy="DefaultPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
<Privilege name="li.strolch.model.query.StrolchQuery" policy="DefaultPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
</Role>
|
||||
|
||||
</Roles>
|
||||
|
|
|
@ -31,6 +31,9 @@
|
|||
<Privilege name="li.strolch.service.api.Service" policy="DefaultPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
<Privilege name="li.strolch.model.query.StrolchQuery" policy="DefaultPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
</Role>
|
||||
</Roles>
|
||||
</UsersAndRoles>
|
|
@ -31,6 +31,9 @@
|
|||
<Privilege name="li.strolch.service.api.Service" policy="DefaultPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
<Privilege name="li.strolch.model.query.StrolchQuery" policy="DefaultPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
</Role>
|
||||
|
||||
</Roles>
|
||||
|
|
|
@ -31,6 +31,9 @@
|
|||
<Privilege name="li.strolch.service.api.Service" policy="DefaultPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
<Privilege name="li.strolch.model.query.StrolchQuery" policy="DefaultPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
</Role>
|
||||
|
||||
</Roles>
|
||||
|
|
|
@ -33,6 +33,9 @@
|
|||
<Privilege name="li.strolch.service.api.Service" policy="DefaultPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
<Privilege name="li.strolch.model.query.StrolchQuery" policy="DefaultPrivilege">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
</Privilege>
|
||||
</Role>
|
||||
|
||||
</Roles>
|
||||
|
|
Loading…
Reference in New Issue