This commit is contained in:
eitch
parent
55679fc62d
commit
7c0c86fe66
|
|
@ -1,135 +0,0 @@
|
|||
/*
|
||||
* Copyright (c) 2010
|
||||
*
|
||||
* Robert von Burg
|
||||
* eitch@eitchnet.ch
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
*/
|
||||
|
||||
package ch.eitchnet.privilege.base;
|
||||
|
||||
import java.io.File;
|
||||
|
||||
import org.apache.log4j.Logger;
|
||||
import org.dom4j.Element;
|
||||
|
||||
import ch.eitchnet.privilege.handler.EncryptionHandler;
|
||||
import ch.eitchnet.privilege.handler.PersistenceHandler;
|
||||
import ch.eitchnet.privilege.handler.PrivilegeHandler;
|
||||
import ch.eitchnet.privilege.helper.ClassHelper;
|
||||
import ch.eitchnet.privilege.helper.XmlHelper;
|
||||
import ch.eitchnet.privilege.i18n.PrivilegeException;
|
||||
|
||||
/**
|
||||
* @author rvonburg
|
||||
*/
|
||||
public class PrivilegeContainer {
|
||||
|
||||
/**
|
||||
* This is the role users must have, if they can modify the {@link PrivilegeContainer} and its objects
|
||||
*/
|
||||
public static final String PRIVILEGE_ADMIN_ROLE = "PrivilegeAdmin";
|
||||
public static final String PRIVILEGE_CONTAINER_FILE = "PrivilegeContainer.xml";
|
||||
|
||||
private static final Logger logger = Logger.getLogger(PrivilegeContainer.class);
|
||||
|
||||
private static final PrivilegeContainer instance;
|
||||
|
||||
static {
|
||||
instance = new PrivilegeContainer();
|
||||
}
|
||||
|
||||
private EncryptionHandler encryptionHandler;
|
||||
private PrivilegeHandler modelHandler;
|
||||
|
||||
private String basePath;
|
||||
|
||||
public static PrivilegeContainer getInstance() {
|
||||
return instance;
|
||||
}
|
||||
|
||||
/**
|
||||
* private constructor to force singleton
|
||||
*/
|
||||
private PrivilegeContainer() {
|
||||
// private constructor
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the encryptionHandler
|
||||
*/
|
||||
public EncryptionHandler getEncryptionHandler() {
|
||||
return encryptionHandler;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the modelHandler
|
||||
*/
|
||||
public PrivilegeHandler getModelHandler() {
|
||||
return modelHandler;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the basePath
|
||||
*/
|
||||
public String getBasePath() {
|
||||
return basePath;
|
||||
}
|
||||
|
||||
public void initialize(File privilegeContainerXml) {
|
||||
|
||||
// make sure file exists
|
||||
if (!privilegeContainerXml.exists()) {
|
||||
throw new PrivilegeException("Privilige file does not exist at path "
|
||||
+ privilegeContainerXml.getAbsolutePath());
|
||||
}
|
||||
|
||||
// set base path from privilege container xml
|
||||
basePath = privilegeContainerXml.getParentFile().getAbsolutePath();
|
||||
|
||||
// parse container xml file to XML document
|
||||
Element containerRootElement = XmlHelper.parseDocument(privilegeContainerXml).getRootElement();
|
||||
|
||||
// instantiate persistence handler
|
||||
Element persistenceHandlerElement = containerRootElement.element(XmlConstants.XML_HANDLER_PERSISTENCE);
|
||||
String persistenceHandlerClassName = persistenceHandlerElement.attributeValue(XmlConstants.XML_ATTR_CLASS);
|
||||
PersistenceHandler persistenceHandler = ClassHelper.instantiateClass(persistenceHandlerClassName);
|
||||
|
||||
// instantiate encryption handler
|
||||
Element encryptionHandlerElement = containerRootElement.element(XmlConstants.XML_HANDLER_ENCRYPTION);
|
||||
String encryptionHandlerClassName = encryptionHandlerElement.attributeValue(XmlConstants.XML_ATTR_CLASS);
|
||||
EncryptionHandler encryptionHandler = ClassHelper.instantiateClass(encryptionHandlerClassName);
|
||||
|
||||
// instantiate privilege handler
|
||||
Element modelHandlerElement = containerRootElement.element(XmlConstants.XML_HANDLER_MODEL);
|
||||
String modelHandlerClassName = modelHandlerElement.attributeValue(XmlConstants.XML_ATTR_CLASS);
|
||||
PrivilegeHandler modelHandler = ClassHelper.instantiateClass(modelHandlerClassName);
|
||||
|
||||
try {
|
||||
persistenceHandler.initialize(persistenceHandlerElement);
|
||||
} catch (Exception e) {
|
||||
logger.error(e, e);
|
||||
throw new PrivilegeException("PersistenceHandler " + persistenceHandlerElement
|
||||
+ " could not be initialized");
|
||||
}
|
||||
try {
|
||||
encryptionHandler.initialize(encryptionHandlerElement);
|
||||
} catch (Exception e) {
|
||||
logger.error(e, e);
|
||||
throw new PrivilegeException("EncryptionHandler " + encryptionHandlerClassName
|
||||
+ " could not be initialized");
|
||||
}
|
||||
try {
|
||||
modelHandler.initialize(modelHandlerElement);
|
||||
} catch (Exception e) {
|
||||
logger.error(e, e);
|
||||
throw new PrivilegeException("ModificationHandler " + modelHandlerClassName + " could not be initialized");
|
||||
}
|
||||
|
||||
// keep references to the handlers
|
||||
this.modelHandler = modelHandler;
|
||||
this.encryptionHandler = encryptionHandler;
|
||||
}
|
||||
}
|
||||
|
|
@ -16,11 +16,9 @@ import java.security.SecureRandom;
|
|||
import java.util.Map;
|
||||
|
||||
import org.apache.log4j.Logger;
|
||||
import org.dom4j.Element;
|
||||
|
||||
import ch.eitchnet.privilege.base.XmlConstants;
|
||||
import ch.eitchnet.privilege.helper.ConfigurationHelper;
|
||||
import ch.eitchnet.privilege.helper.EncryptionHelper;
|
||||
import ch.eitchnet.privilege.helper.XmlConstants;
|
||||
import ch.eitchnet.privilege.i18n.PrivilegeException;
|
||||
|
||||
/**
|
||||
|
|
@ -62,16 +60,13 @@ public class DefaultEncryptionHandler implements EncryptionHandler {
|
|||
}
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.base.PrivilegeContainerObject#initialize(org.dom4j.Element)
|
||||
* @see ch.eitchnet.privilege.handler.EncryptionHandler#initialize(java.util.Map)
|
||||
*/
|
||||
public void initialize(Element element) {
|
||||
@Override
|
||||
public void initialize(Map<String, String> parameterMap) {
|
||||
|
||||
secureRandom = new SecureRandom();
|
||||
|
||||
// get parameters
|
||||
Element parameterElement = element.element(XmlConstants.XML_PARAMETERS);
|
||||
Map<String, String> parameterMap = ConfigurationHelper.convertToParameterMap(parameterElement);
|
||||
|
||||
// get hash algorithm parameters
|
||||
hashAlgorithm = parameterMap.get(XmlConstants.XML_PARAM_HASH_ALGORITHM);
|
||||
if (hashAlgorithm == null || hashAlgorithm.isEmpty()) {
|
||||
|
|
|
|||
File diff suppressed because it is too large
Load Diff
|
|
@ -10,7 +10,7 @@
|
|||
|
||||
package ch.eitchnet.privilege.handler;
|
||||
|
||||
import org.dom4j.Element;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
* @author rvonburg
|
||||
|
|
@ -18,9 +18,19 @@ import org.dom4j.Element;
|
|||
*/
|
||||
public interface EncryptionHandler {
|
||||
|
||||
/**
|
||||
* @return
|
||||
*/
|
||||
public String nextToken();
|
||||
|
||||
/**
|
||||
* @param string
|
||||
* @return
|
||||
*/
|
||||
public String convertToHash(String string);
|
||||
|
||||
public void initialize(Element element);
|
||||
/**
|
||||
* @param parameterMap
|
||||
*/
|
||||
public void initialize(Map<String, String> parameterMap);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@
|
|||
|
||||
package ch.eitchnet.privilege.handler;
|
||||
|
||||
import org.dom4j.Element;
|
||||
import java.util.Map;
|
||||
|
||||
import ch.eitchnet.privilege.model.Certificate;
|
||||
import ch.eitchnet.privilege.model.internal.Privilege;
|
||||
|
|
@ -24,27 +24,71 @@ import ch.eitchnet.privilege.policy.PrivilegePolicy;
|
|||
*/
|
||||
public interface PersistenceHandler {
|
||||
|
||||
/**
|
||||
* @param username
|
||||
* @return
|
||||
*/
|
||||
public User getUser(String username);
|
||||
|
||||
/**
|
||||
* @param user
|
||||
*/
|
||||
public void addOrReplaceUser(User user);
|
||||
|
||||
/**
|
||||
* @param username
|
||||
* @return
|
||||
*/
|
||||
public User removeUser(String username);
|
||||
|
||||
/**
|
||||
* @param roleName
|
||||
* @return
|
||||
*/
|
||||
public Role getRole(String roleName);
|
||||
|
||||
/**
|
||||
* @param role
|
||||
*/
|
||||
public void addOrReplaceRole(Role role);
|
||||
|
||||
/**
|
||||
* @param roleName
|
||||
* @return
|
||||
*/
|
||||
public Role removeRole(String roleName);
|
||||
|
||||
/**
|
||||
* @param privilegeName
|
||||
* @return
|
||||
*/
|
||||
public Privilege getPrivilege(String privilegeName);
|
||||
|
||||
/**
|
||||
* @param privilege
|
||||
*/
|
||||
public void addOrReplacePrivilege(Privilege privilege);
|
||||
|
||||
/**
|
||||
* @param privilegeName
|
||||
* @return
|
||||
*/
|
||||
public Privilege removePrivilege(String privilegeName);
|
||||
|
||||
/**
|
||||
* @param policyName
|
||||
* @return
|
||||
*/
|
||||
public PrivilegePolicy getPolicy(String policyName);
|
||||
|
||||
/**
|
||||
* @param certificate
|
||||
* @return
|
||||
*/
|
||||
public boolean persist(Certificate certificate);
|
||||
|
||||
public void initialize(Element element);
|
||||
|
||||
/**
|
||||
* @param parameterMap
|
||||
*/
|
||||
public void initialize(Map<String, String> parameterMap);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -11,11 +11,9 @@
|
|||
package ch.eitchnet.privilege.handler;
|
||||
|
||||
import java.util.Locale;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
import org.dom4j.Element;
|
||||
|
||||
import ch.eitchnet.privilege.i18n.AccessDeniedException;
|
||||
import ch.eitchnet.privilege.i18n.PrivilegeException;
|
||||
import ch.eitchnet.privilege.model.Certificate;
|
||||
import ch.eitchnet.privilege.model.PrivilegeRep;
|
||||
|
|
@ -23,9 +21,7 @@ import ch.eitchnet.privilege.model.Restrictable;
|
|||
import ch.eitchnet.privilege.model.RoleRep;
|
||||
import ch.eitchnet.privilege.model.UserRep;
|
||||
import ch.eitchnet.privilege.model.UserState;
|
||||
import ch.eitchnet.privilege.model.internal.Privilege;
|
||||
import ch.eitchnet.privilege.model.internal.Role;
|
||||
import ch.eitchnet.privilege.model.internal.User;
|
||||
import ch.eitchnet.privilege.policy.PrivilegePolicy;
|
||||
|
||||
/**
|
||||
|
|
@ -34,6 +30,178 @@ import ch.eitchnet.privilege.policy.PrivilegePolicy;
|
|||
*/
|
||||
public interface PrivilegeHandler {
|
||||
|
||||
/**
|
||||
* This is the role users must have, if they are allowed to modify objects
|
||||
*/
|
||||
public static final String PRIVILEGE_ADMIN_ROLE = "PrivilegeAdmin";
|
||||
|
||||
/**
|
||||
* @param username
|
||||
*
|
||||
* @return
|
||||
*/
|
||||
public UserRep getUser(String username);
|
||||
|
||||
/**
|
||||
* @param roleName
|
||||
*
|
||||
* @return
|
||||
*/
|
||||
public RoleRep getRole(String roleName);
|
||||
|
||||
/**
|
||||
* @param privilegeName
|
||||
*
|
||||
* @return
|
||||
*/
|
||||
public PrivilegeRep getPrivilege(String privilegeName);
|
||||
|
||||
/**
|
||||
* @param policyName
|
||||
*
|
||||
* @return
|
||||
*/
|
||||
public PrivilegePolicy getPolicy(String policyName);
|
||||
|
||||
/**
|
||||
* @param certificate
|
||||
* @param username
|
||||
*
|
||||
* @return
|
||||
*/
|
||||
public UserRep removeUser(Certificate certificate, String username);
|
||||
|
||||
/**
|
||||
* @param certificate
|
||||
* @param username
|
||||
* @param roleName
|
||||
*/
|
||||
public void removeRoleFromUser(Certificate certificate, String username, String roleName);
|
||||
|
||||
/**
|
||||
* @param certificate
|
||||
* @param roleName
|
||||
*
|
||||
* @return
|
||||
*/
|
||||
public RoleRep removeRole(Certificate certificate, String roleName);
|
||||
|
||||
/**
|
||||
* @param certificate
|
||||
* @param roleName
|
||||
* @param privilegeName
|
||||
*/
|
||||
public void removePrivilegeFromRole(Certificate certificate, String roleName, String privilegeName);
|
||||
|
||||
/**
|
||||
* @param certificate
|
||||
* @param privilegeName
|
||||
*
|
||||
* @return
|
||||
*/
|
||||
public PrivilegeRep removePrivilege(Certificate certificate, String privilegeName);
|
||||
|
||||
/**
|
||||
* @param certificate
|
||||
* @param userRep
|
||||
* @param password
|
||||
*/
|
||||
public void addOrReplaceUser(Certificate certificate, UserRep userRep, String password);
|
||||
|
||||
/**
|
||||
* @param certificate
|
||||
* @param roleRep
|
||||
*/
|
||||
public void addOrReplaceRole(Certificate certificate, RoleRep roleRep);
|
||||
|
||||
/**
|
||||
* @param certificate
|
||||
* @param privilegeRep
|
||||
*/
|
||||
public void addOrReplacePrivilege(Certificate certificate, PrivilegeRep privilegeRep);
|
||||
|
||||
/**
|
||||
* @param certificate
|
||||
* @param username
|
||||
* @param roleName
|
||||
*/
|
||||
public void addRoleToUser(Certificate certificate, String username, String roleName);
|
||||
|
||||
/**
|
||||
* @param certificate
|
||||
* @param roleName
|
||||
* @param privilegeName
|
||||
*/
|
||||
public void addPrivilegeToRole(Certificate certificate, String roleName, String privilegeName);
|
||||
|
||||
/**
|
||||
* @param certificate
|
||||
* @param username
|
||||
* @param password
|
||||
*/
|
||||
public void setUserPassword(Certificate certificate, String username, String password);
|
||||
|
||||
/**
|
||||
* @param certificate
|
||||
* @param username
|
||||
* @param firstname
|
||||
* @param surname
|
||||
*/
|
||||
public void setUserName(Certificate certificate, String username, String firstname, String surname);
|
||||
|
||||
/**
|
||||
* @param certificate
|
||||
* @param username
|
||||
* @param state
|
||||
*/
|
||||
public void setUserState(Certificate certificate, String username, UserState state);
|
||||
|
||||
/**
|
||||
* @param certificate
|
||||
* @param username
|
||||
* @param locale
|
||||
*/
|
||||
public void setUserLocaleState(Certificate certificate, String username, Locale locale);
|
||||
|
||||
/**
|
||||
* @param certificate
|
||||
* @param privilegeName
|
||||
* @param policyName
|
||||
*/
|
||||
public void setPrivilegePolicy(Certificate certificate, String privilegeName, String policyName);
|
||||
|
||||
/**
|
||||
* @param certificate
|
||||
* @param privilegeName
|
||||
* @param allAllowed
|
||||
*/
|
||||
public void setPrivilegeAllAllowed(Certificate certificate, String privilegeName, boolean allAllowed);
|
||||
|
||||
/**
|
||||
* @param certificate
|
||||
* @param privilegeName
|
||||
* @param denyList
|
||||
*/
|
||||
public void setPrivilegeDenyList(Certificate certificate, String privilegeName, Set<String> denyList);
|
||||
|
||||
/**
|
||||
* @param certificate
|
||||
* @param privilegeName
|
||||
* @param allowList
|
||||
*/
|
||||
public void setPrivilegeAllowList(Certificate certificate, String privilegeName, Set<String> allowList);
|
||||
|
||||
/**
|
||||
* @param username
|
||||
* @param password
|
||||
*
|
||||
* @return
|
||||
*
|
||||
* @throws AccessDeniedException
|
||||
* if the user credentials are not valid
|
||||
*/
|
||||
public Certificate authenticate(String username, String password);
|
||||
|
||||
/**
|
||||
* @param certificate
|
||||
* @param restrictable
|
||||
|
|
@ -73,61 +241,50 @@ public interface PrivilegeHandler {
|
|||
public boolean isCertificateValid(Certificate certificate);
|
||||
|
||||
/**
|
||||
* @param username
|
||||
* <p>
|
||||
* Validates if this {@link Certificate} is for a {@link ch.eitchnet.privilege.model.internal.User} with
|
||||
* {@link Role} with name {@link PrivilegeHandler#PRIVILEGE_ADMIN_ROLE}
|
||||
* </p>
|
||||
*
|
||||
* <p>
|
||||
* In other words, this method checks if the given certificate is for a user who has the rights to change objects
|
||||
* </p>
|
||||
*
|
||||
* <p>
|
||||
* If the user is not the administrator, then a {@link ch.eitchnet.privilege.i18n.PrivilegeException} is thrown
|
||||
* </p>
|
||||
*
|
||||
* @param certificate
|
||||
* the {@link Certificate} for which the role should be validated against
|
||||
*
|
||||
* @throws ch.eitchnet.privilege.i18n.PrivilegeException
|
||||
* if the user does not not have admin privileges
|
||||
*/
|
||||
public void validateIsPrivilegeAdmin(Certificate certificate) throws PrivilegeException;
|
||||
|
||||
/**
|
||||
* Validate that the given password meets any requirements. What these requirements are is a decision made by the
|
||||
* concrete implementation
|
||||
*
|
||||
* @param password
|
||||
*
|
||||
* @return
|
||||
*
|
||||
* @throws AccessDeniedException
|
||||
* if the user credentials are not valid
|
||||
* @throws PrivilegeException
|
||||
*/
|
||||
public Certificate authenticate(String username, String password);
|
||||
|
||||
public User getUser(String username);
|
||||
|
||||
public void addOrReplaceUser(Certificate certificate, UserRep userRep, String password);
|
||||
|
||||
public UserRep removeUser(Certificate certificate, String username);
|
||||
|
||||
public void setUserPassword(Certificate certificate, String username, String password);
|
||||
|
||||
public void setUserName(Certificate certificate, String username, String firstname, String surname);
|
||||
|
||||
public void setUserState(Certificate certificate, String username, UserState state);
|
||||
|
||||
public void setUserLocaleState(Certificate certificate, String username, Locale locale);
|
||||
|
||||
public void addRoleToUser(Certificate certificate, String username, String roleName);
|
||||
|
||||
public void removeRoleFromUser(Certificate certificate, String username, String roleName);
|
||||
|
||||
public void addOrReplaceRole(Certificate certificate, RoleRep roleRep);
|
||||
|
||||
public Role getRole(String roleName);
|
||||
|
||||
public RoleRep removeRole(Certificate certificate, String roleName);
|
||||
|
||||
public void addPrivilegeToRole(Certificate certificate, String roleName, String privilegeName);
|
||||
|
||||
public void removePrivilegeFromRole(Certificate certificate, String roleName, String privilegeName);
|
||||
|
||||
public Privilege getPrivilege(String privilegeName);
|
||||
|
||||
public void addOrReplacePrivilege(Certificate certificate, PrivilegeRep privilegeRep);
|
||||
|
||||
public PrivilegeRep removePrivilege(Certificate certificate, String privilegeName);
|
||||
|
||||
public void setPrivilegePolicy(Certificate certificate, String privilegeName, String policyName);
|
||||
|
||||
public void setPrivilegeAllAllowed(Certificate certificate, String privilegeName, boolean allAllowed);
|
||||
|
||||
public void setPrivilegeDenyList(Certificate certificate, String privilegeName, Set<String> denyList);
|
||||
|
||||
public void setPrivilegeAllowList(Certificate certificate, String privilegeName, Set<String> allowList);
|
||||
|
||||
public PrivilegePolicy getPolicy(String policyName);
|
||||
public void validatePassword(String password) throws PrivilegeException;
|
||||
|
||||
/**
|
||||
* @param certificate
|
||||
*
|
||||
* @return
|
||||
*/
|
||||
public boolean persist(Certificate certificate);
|
||||
|
||||
public void initialize(Element element);
|
||||
/**
|
||||
*
|
||||
* @param parameterMap
|
||||
* @param encryptionHandler
|
||||
* @param persistenceHandler
|
||||
*/
|
||||
public void initialize(Map<String, String> parameterMap, EncryptionHandler encryptionHandler,
|
||||
PersistenceHandler persistenceHandler);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -24,10 +24,8 @@ import org.apache.log4j.Logger;
|
|||
import org.dom4j.DocumentFactory;
|
||||
import org.dom4j.Element;
|
||||
|
||||
import ch.eitchnet.privilege.base.PrivilegeContainer;
|
||||
import ch.eitchnet.privilege.base.XmlConstants;
|
||||
import ch.eitchnet.privilege.helper.ClassHelper;
|
||||
import ch.eitchnet.privilege.helper.ConfigurationHelper;
|
||||
import ch.eitchnet.privilege.helper.XmlConstants;
|
||||
import ch.eitchnet.privilege.helper.XmlHelper;
|
||||
import ch.eitchnet.privilege.i18n.PrivilegeException;
|
||||
import ch.eitchnet.privilege.model.Certificate;
|
||||
|
|
@ -41,9 +39,9 @@ import ch.eitchnet.privilege.policy.PrivilegePolicy;
|
|||
* @author rvonburg
|
||||
*
|
||||
*/
|
||||
public class DefaultPersistenceHandler implements PersistenceHandler {
|
||||
public class XmlPersistenceHandler implements PersistenceHandler {
|
||||
|
||||
private static final Logger logger = Logger.getLogger(DefaultPersistenceHandler.class);
|
||||
private static final Logger logger = Logger.getLogger(XmlPersistenceHandler.class);
|
||||
|
||||
private Map<String, User> userMap;
|
||||
private Map<String, Role> roleMap;
|
||||
|
|
@ -59,6 +57,8 @@ public class DefaultPersistenceHandler implements PersistenceHandler {
|
|||
|
||||
private Map<String, String> parameterMap;
|
||||
|
||||
private String basePath;
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.handler.PersistenceHandler#addOrReplacePrivilege(ch.eitchnet.privilege.model.Certificate,
|
||||
* ch.eitchnet.privilege.model.internal.Privilege)
|
||||
|
|
@ -175,7 +175,7 @@ public class DefaultPersistenceHandler implements PersistenceHandler {
|
|||
+ XmlConstants.XML_PARAM_USERS_FILE + " is invalid");
|
||||
}
|
||||
// get users file
|
||||
File usersFile = new File(PrivilegeContainer.getInstance().getBasePath() + "/" + usersFileName);
|
||||
File usersFile = new File(basePath + "/" + usersFileName);
|
||||
boolean usersFileUnchanged = usersFile.exists() && usersFile.lastModified() == usersFileDate;
|
||||
if (!userMapDirty && usersFileUnchanged) {
|
||||
logger.warn("No users unpersisted and user file unchanged on file system");
|
||||
|
|
@ -202,7 +202,7 @@ public class DefaultPersistenceHandler implements PersistenceHandler {
|
|||
+ XmlConstants.XML_PARAM_ROLES_FILE + " is invalid");
|
||||
}
|
||||
// get roles file
|
||||
File rolesFile = new File(PrivilegeContainer.getInstance().getBasePath() + "/" + rolesFileName);
|
||||
File rolesFile = new File(basePath + "/" + rolesFileName);
|
||||
boolean rolesFileUnchanged = rolesFile.exists() && rolesFile.lastModified() == rolesFileDate;
|
||||
if (!roleMapDirty && rolesFileUnchanged) {
|
||||
logger.warn("No roles unpersisted and roles file unchanged on file system");
|
||||
|
|
@ -229,7 +229,7 @@ public class DefaultPersistenceHandler implements PersistenceHandler {
|
|||
+ XmlConstants.XML_PARAM_PRIVILEGES_FILE + " is invalid");
|
||||
}
|
||||
// get privileges file
|
||||
File privilegesFile = new File(PrivilegeContainer.getInstance().getBasePath() + "/" + privilegesFileName);
|
||||
File privilegesFile = new File(basePath + "/" + privilegesFileName);
|
||||
boolean privilegesFileUnchanged = privilegesFile.exists()
|
||||
&& privilegesFile.lastModified() == privilegesFileDate;
|
||||
if (!privilegeMapDirty && privilegesFileUnchanged) {
|
||||
|
|
@ -267,19 +267,23 @@ public class DefaultPersistenceHandler implements PersistenceHandler {
|
|||
}
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.base.PrivilegeContainerObject#initialize(org.dom4j.Element)
|
||||
* @see ch.eitchnet.privilege.handler.EncryptionHandler#initialize(java.util.Map)
|
||||
*/
|
||||
@Override
|
||||
public void initialize(Element element) {
|
||||
public void initialize(Map<String, String> parameterMap) {
|
||||
|
||||
roleMap = new HashMap<String, Role>();
|
||||
userMap = new HashMap<String, User>();
|
||||
privilegeMap = new HashMap<String, Privilege>();
|
||||
policyMap = new HashMap<String, Class<PrivilegePolicy>>();
|
||||
|
||||
// get parameters
|
||||
Element parameterElement = element.element(XmlConstants.XML_PARAMETERS);
|
||||
parameterMap = ConfigurationHelper.convertToParameterMap(parameterElement);
|
||||
// get and validate base bath
|
||||
basePath = parameterMap.get(XmlConstants.XML_PARAM_BASE_PATH);
|
||||
File basePathF = new File(basePath);
|
||||
if (!basePathF.exists() && !basePathF.isDirectory()) {
|
||||
throw new PrivilegeException("[" + PersistenceHandler.class.getName() + "] Defined parameter "
|
||||
+ XmlConstants.XML_PARAM_BASE_PATH + " is invalid");
|
||||
}
|
||||
|
||||
// get roles file name
|
||||
String rolesFileName = parameterMap.get(XmlConstants.XML_PARAM_ROLES_FILE);
|
||||
|
|
@ -289,7 +293,7 @@ public class DefaultPersistenceHandler implements PersistenceHandler {
|
|||
}
|
||||
|
||||
// get roles file
|
||||
File rolesFile = new File(PrivilegeContainer.getInstance().getBasePath() + "/" + rolesFileName);
|
||||
File rolesFile = new File(basePath + "/" + rolesFileName);
|
||||
if (!rolesFile.exists()) {
|
||||
throw new PrivilegeException("[" + PersistenceHandler.class.getName() + "] Defined parameter "
|
||||
+ XmlConstants.XML_PARAM_ROLES_FILE + " is invalid as roles file does not exist at path "
|
||||
|
|
@ -311,7 +315,7 @@ public class DefaultPersistenceHandler implements PersistenceHandler {
|
|||
}
|
||||
|
||||
// get users file
|
||||
File usersFile = new File(PrivilegeContainer.getInstance().getBasePath() + "/" + usersFileName);
|
||||
File usersFile = new File(basePath + "/" + usersFileName);
|
||||
if (!usersFile.exists()) {
|
||||
throw new PrivilegeException("[" + PersistenceHandler.class.getName() + "] Defined parameter "
|
||||
+ XmlConstants.XML_PARAM_USERS_FILE + " is invalid as users file does not exist at path "
|
||||
|
|
@ -333,7 +337,7 @@ public class DefaultPersistenceHandler implements PersistenceHandler {
|
|||
}
|
||||
|
||||
// get privileges file
|
||||
File privilegesFile = new File(PrivilegeContainer.getInstance().getBasePath() + "/" + privilegesFileName);
|
||||
File privilegesFile = new File(basePath + "/" + privilegesFileName);
|
||||
if (!privilegesFile.exists()) {
|
||||
throw new PrivilegeException("[" + PersistenceHandler.class.getName() + "] Defined parameter "
|
||||
+ XmlConstants.XML_PARAM_PRIVILEGES_FILE + " is invalid as privileges file does not exist at path "
|
||||
|
|
@ -355,7 +359,7 @@ public class DefaultPersistenceHandler implements PersistenceHandler {
|
|||
}
|
||||
|
||||
// get policy file
|
||||
File policyFile = new File(PrivilegeContainer.getInstance().getBasePath() + "/" + policyFileName);
|
||||
File policyFile = new File(basePath + "/" + policyFileName);
|
||||
if (!policyFile.exists()) {
|
||||
throw new PrivilegeException("[" + PersistenceHandler.class.getName() + "] Defined parameter "
|
||||
+ XmlConstants.XML_PARAM_POLICY_FILE + " is invalid as policy file does not exist at path "
|
||||
|
|
@ -380,7 +384,7 @@ public class DefaultPersistenceHandler implements PersistenceHandler {
|
|||
boolean privilegeAdminExists = false;
|
||||
for (String username : userMap.keySet()) {
|
||||
User user = userMap.get(username);
|
||||
if (user.hasRole(PrivilegeContainer.PRIVILEGE_ADMIN_ROLE)) {
|
||||
if (user.hasRole(PrivilegeHandler.PRIVILEGE_ADMIN_ROLE)) {
|
||||
privilegeAdminExists = true;
|
||||
break;
|
||||
}
|
||||
|
|
@ -395,6 +399,7 @@ public class DefaultPersistenceHandler implements PersistenceHandler {
|
|||
*/
|
||||
private void readUsers(Element usersRootElement) {
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
List<Element> userElements = usersRootElement.elements(XmlConstants.XML_USER);
|
||||
for (Element userElement : userElements) {
|
||||
|
||||
|
|
@ -406,11 +411,12 @@ public class DefaultPersistenceHandler implements PersistenceHandler {
|
|||
|
||||
UserState userState = UserState.valueOf(userElement.element(XmlConstants.XML_STATE).getTextTrim());
|
||||
|
||||
// TODO better handling needed
|
||||
// TODO better parsing needed
|
||||
String localeName = userElement.element(XmlConstants.XML_LOCALE).getTextTrim();
|
||||
Locale locale = new Locale(localeName);
|
||||
|
||||
Element rolesElement = userElement.element(XmlConstants.XML_ROLES);
|
||||
@SuppressWarnings("unchecked")
|
||||
List<Element> rolesElementList = rolesElement.elements(XmlConstants.XML_ROLE);
|
||||
Set<String> roles = new HashSet<String>();
|
||||
for (Element roleElement : rolesElementList) {
|
||||
|
|
@ -436,11 +442,13 @@ public class DefaultPersistenceHandler implements PersistenceHandler {
|
|||
*/
|
||||
private void readRoles(Element rolesRootElement) {
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
List<Element> roleElements = rolesRootElement.elements(XmlConstants.XML_ROLE);
|
||||
for (Element roleElement : roleElements) {
|
||||
|
||||
String roleName = roleElement.attributeValue(XmlConstants.XML_ATTR_NAME);
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
List<Element> privilegeElements = roleElement.elements(XmlConstants.XML_PRIVILEGE);
|
||||
Set<String> privileges = new HashSet<String>();
|
||||
for (Element privilegeElement : privilegeElements) {
|
||||
|
|
@ -459,6 +467,7 @@ public class DefaultPersistenceHandler implements PersistenceHandler {
|
|||
*/
|
||||
private void readPrivileges(Element privilegesRootElement) {
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
List<Element> privilegeElements = privilegesRootElement.elements(XmlConstants.XML_PRIVILEGE);
|
||||
for (Element privilegeElement : privilegeElements) {
|
||||
|
||||
|
|
@ -468,6 +477,7 @@ public class DefaultPersistenceHandler implements PersistenceHandler {
|
|||
String allAllowedS = privilegeElement.element(XmlConstants.XML_ALL_ALLOWED).getTextTrim();
|
||||
boolean allAllowed = Boolean.valueOf(allAllowedS);
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
List<Element> denyElements = privilegeElement.elements(XmlConstants.XML_DENY);
|
||||
Set<String> denyList = new HashSet<String>(denyElements.size());
|
||||
for (Element denyElement : denyElements) {
|
||||
|
|
@ -479,6 +489,7 @@ public class DefaultPersistenceHandler implements PersistenceHandler {
|
|||
}
|
||||
}
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
List<Element> allowElements = privilegeElement.elements(XmlConstants.XML_ALLOW);
|
||||
Set<String> allowList = new HashSet<String>(allowElements.size());
|
||||
for (Element allowElement : allowElements) {
|
||||
|
|
@ -500,6 +511,7 @@ public class DefaultPersistenceHandler implements PersistenceHandler {
|
|||
*/
|
||||
private void readPolicies(Element policiesRootElement) {
|
||||
|
||||
@SuppressWarnings("unchecked")
|
||||
List<Element> policyElements = policiesRootElement.elements(XmlConstants.XML_POLICY);
|
||||
for (Element policyElement : policyElements) {
|
||||
String policyName = policyElement.attributeValue(XmlConstants.XML_ATTR_NAME);
|
||||
|
|
@ -593,7 +605,7 @@ public class DefaultPersistenceHandler implements PersistenceHandler {
|
|||
// create the user element
|
||||
Element userElement = documentFactory.createElement(XmlConstants.XML_USER);
|
||||
userElement.addAttribute(XmlConstants.XML_ATTR_USERNAME, user.getUsername());
|
||||
userElement.addAttribute(XmlConstants.XML_ATTR_PASSWORD, user.getPassword(certificate));
|
||||
userElement.addAttribute(XmlConstants.XML_ATTR_PASSWORD, user.getPassword());
|
||||
|
||||
// add first name element
|
||||
Element firstnameElement = documentFactory.createElement(XmlConstants.XML_FIRSTNAME);
|
||||
|
|
@ -21,8 +21,6 @@ import org.dom4j.Document;
|
|||
import org.dom4j.DocumentFactory;
|
||||
import org.dom4j.Element;
|
||||
|
||||
import ch.eitchnet.privilege.base.PrivilegeContainer;
|
||||
import ch.eitchnet.privilege.base.XmlConstants;
|
||||
|
||||
/**
|
||||
* <p>
|
||||
|
|
@ -43,6 +41,8 @@ public class BootstrapConfigurationHelper {
|
|||
|
||||
private static String path;
|
||||
|
||||
private static String defaultPrivilegeContainerXmlFile = "PrivilegeContainer.xml";
|
||||
|
||||
private static String usersFileName = "PrivilegeUsers.xml";
|
||||
private static String rolesFileName = "PrivilegeRoles.xml";
|
||||
private static String privilegesFileName = "Privileges.xml";
|
||||
|
|
@ -51,10 +51,9 @@ public class BootstrapConfigurationHelper {
|
|||
|
||||
private static String policyXmlFile = "PrivilegePolicies.xml";
|
||||
|
||||
private static String defaultPrivilegeHandler = "ch.eitchnet.privilege.handler.DefaultPrivilegeHandler";
|
||||
private static String defaultPersistenceHandler = "ch.eitchnet.privilege.handler.DefaultPersistenceHandler";
|
||||
private static String defaultSessionHandler = "ch.eitchnet.privilege.handler.DefaultSessionHandler";
|
||||
private static String defaultEncryptionHandler = "ch.eitchnet.privilege.handler.DefaultEncryptionHandler";
|
||||
private static String defaultPolicyHandler = "ch.eitchnet.privilege.handler.DefaultPolicyHandler";
|
||||
|
||||
/**
|
||||
* @param args
|
||||
|
|
@ -67,7 +66,7 @@ public class BootstrapConfigurationHelper {
|
|||
// get current directory
|
||||
path = System.getProperty("user.dir") + "/newConfig";
|
||||
|
||||
// ask user where to save configuration, default is pwd/newConfig/....
|
||||
// TODO ask user where to save configuration, default is pwd/newConfig/....
|
||||
|
||||
// see if path already exists
|
||||
File pathF = new File(path);
|
||||
|
|
@ -79,7 +78,7 @@ public class BootstrapConfigurationHelper {
|
|||
}
|
||||
}
|
||||
|
||||
// ask other questions...
|
||||
// TODO ask other questions...
|
||||
|
||||
// now perform work:
|
||||
createXmlPrivilegeContainer();
|
||||
|
|
@ -139,15 +138,16 @@ public class BootstrapConfigurationHelper {
|
|||
parameterElement.addAttribute(XmlConstants.XML_ATTR_NAME, XmlConstants.XML_PARAM_PRIVILEGES_FILE);
|
||||
parameterElement.addAttribute(XmlConstants.XML_ATTR_VALUE, privilegesFileName);
|
||||
parametersElement.add(parameterElement);
|
||||
// Parameter policyXmlFile
|
||||
parameterElement = factory.createElement(XmlConstants.XML_PARAMETER);
|
||||
parameterElement.addAttribute(XmlConstants.XML_ATTR_NAME, XmlConstants.XML_PARAM_POLICY_FILE);
|
||||
parameterElement.addAttribute(XmlConstants.XML_ATTR_VALUE, policyXmlFile);
|
||||
parametersElement.add(parameterElement);
|
||||
|
||||
// create SessionHandler
|
||||
Element sessionHandlerElem = factory.createElement(XmlConstants.XML_HANDLER_SESSION);
|
||||
sessionHandlerElem.addAttribute(XmlConstants.XML_ATTR_CLASS, defaultSessionHandler);
|
||||
|
||||
// create ModelHandler
|
||||
Element modelHandlerElem = factory.createElement(XmlConstants.XML_HANDLER_MODEL);
|
||||
rootElement.add(modelHandlerElem);
|
||||
modelHandlerElem.addAttribute(XmlConstants.XML_ATTR_CLASS, "ch.eitchnet.privilege.handler.DefaultModelHandler");
|
||||
// create PrivilegeHandler
|
||||
Element privilegeHandlerElem = factory.createElement(XmlConstants.XML_HANDLER_PRIVILEGE);
|
||||
rootElement.add(privilegeHandlerElem);
|
||||
privilegeHandlerElem.addAttribute(XmlConstants.XML_ATTR_CLASS, defaultPrivilegeHandler);
|
||||
|
||||
// create EncryptionHandler
|
||||
Element encryptionHandlerElem = factory.createElement(XmlConstants.XML_HANDLER_ENCRYPTION);
|
||||
|
|
@ -161,19 +161,8 @@ public class BootstrapConfigurationHelper {
|
|||
parameterElement.addAttribute(XmlConstants.XML_ATTR_VALUE, hashAlgorithm);
|
||||
parametersElement.add(parameterElement);
|
||||
|
||||
// create PolicyHandler
|
||||
Element policyHandlerElem = factory.createElement(XmlConstants.XML_HANDLER_POLICY);
|
||||
rootElement.add(policyHandlerElem);
|
||||
policyHandlerElem.addAttribute(XmlConstants.XML_ATTR_CLASS, defaultPolicyHandler);
|
||||
parametersElement = factory.createElement(XmlConstants.XML_PARAMETERS);
|
||||
policyHandlerElem.add(parametersElement);
|
||||
// Parameter policyXmlFile
|
||||
parameterElement = factory.createElement(XmlConstants.XML_PARAMETER);
|
||||
parameterElement.addAttribute(XmlConstants.XML_ATTR_NAME, XmlConstants.XML_PARAM_POLICY_FILE);
|
||||
parameterElement.addAttribute(XmlConstants.XML_ATTR_VALUE, policyXmlFile);
|
||||
parametersElement.add(parameterElement);
|
||||
|
||||
File privilegeContainerFile = new File(path + "/" + PrivilegeContainer.PRIVILEGE_CONTAINER_FILE);
|
||||
// write the container file to disk
|
||||
File privilegeContainerFile = new File(path + "/" + defaultPrivilegeContainerXmlFile);
|
||||
XmlHelper.writeDocument(doc, privilegeContainerFile);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -10,13 +10,18 @@
|
|||
|
||||
package ch.eitchnet.privilege.helper;
|
||||
|
||||
import java.io.File;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import org.apache.log4j.Logger;
|
||||
import org.dom4j.Element;
|
||||
|
||||
import ch.eitchnet.privilege.base.XmlConstants;
|
||||
import ch.eitchnet.privilege.handler.EncryptionHandler;
|
||||
import ch.eitchnet.privilege.handler.PersistenceHandler;
|
||||
import ch.eitchnet.privilege.handler.PrivilegeHandler;
|
||||
import ch.eitchnet.privilege.i18n.PrivilegeException;
|
||||
|
||||
/**
|
||||
* @author rvonburg
|
||||
|
|
@ -24,6 +29,86 @@ import ch.eitchnet.privilege.base.XmlConstants;
|
|||
*/
|
||||
public class ConfigurationHelper {
|
||||
|
||||
private static final Logger logger = Logger.getLogger(ConfigurationHelper.class);
|
||||
|
||||
/**
|
||||
* @param privilegeContainerXmlFile
|
||||
*/
|
||||
public static void initializeFromXml(File privilegeContainerXmlFile) {
|
||||
|
||||
// make sure file exists
|
||||
if (!privilegeContainerXmlFile.exists()) {
|
||||
throw new PrivilegeException("Privilige file does not exist at path "
|
||||
+ privilegeContainerXmlFile.getAbsolutePath());
|
||||
}
|
||||
|
||||
// parse container xml file to XML document
|
||||
Element containerRootElement = XmlHelper.parseDocument(privilegeContainerXmlFile).getRootElement();
|
||||
|
||||
// instantiate encryption handler
|
||||
Element encryptionHandlerElement = containerRootElement.element(XmlConstants.XML_HANDLER_ENCRYPTION);
|
||||
String encryptionHandlerClassName = encryptionHandlerElement.attributeValue(XmlConstants.XML_ATTR_CLASS);
|
||||
EncryptionHandler encryptionHandler = ClassHelper.instantiateClass(encryptionHandlerClassName);
|
||||
|
||||
// instantiate persistence handler
|
||||
Element persistenceHandlerElement = containerRootElement.element(XmlConstants.XML_HANDLER_PERSISTENCE);
|
||||
String persistenceHandlerClassName = persistenceHandlerElement.attributeValue(XmlConstants.XML_ATTR_CLASS);
|
||||
PersistenceHandler persistenceHandler = ClassHelper.instantiateClass(persistenceHandlerClassName);
|
||||
|
||||
// instantiate privilege handler
|
||||
Element privilegeHandlerElement = containerRootElement.element(XmlConstants.XML_HANDLER_PRIVILEGE);
|
||||
String privilegeHandlerClassName = privilegeHandlerElement.attributeValue(XmlConstants.XML_ATTR_CLASS);
|
||||
PrivilegeHandler privilegeHandler = ClassHelper.instantiateClass(privilegeHandlerClassName);
|
||||
|
||||
try {
|
||||
|
||||
// get parameters
|
||||
Element parameterElement = encryptionHandlerElement.element(XmlConstants.XML_PARAMETERS);
|
||||
Map<String, String> parameterMap = convertToParameterMap(parameterElement);
|
||||
|
||||
// initialize encryption handler
|
||||
encryptionHandler.initialize(parameterMap);
|
||||
|
||||
} catch (Exception e) {
|
||||
logger.error(e, e);
|
||||
throw new PrivilegeException("EncryptionHandler " + encryptionHandlerClassName
|
||||
+ " could not be initialized");
|
||||
}
|
||||
|
||||
try {
|
||||
|
||||
// get parameters
|
||||
Element parameterElement = persistenceHandlerElement.element(XmlConstants.XML_PARAMETERS);
|
||||
Map<String, String> parameterMap = convertToParameterMap(parameterElement);
|
||||
|
||||
// initialize persistence handler
|
||||
persistenceHandler.initialize(parameterMap);
|
||||
|
||||
} catch (Exception e) {
|
||||
logger.error(e, e);
|
||||
throw new PrivilegeException("PersistenceHandler " + persistenceHandlerElement
|
||||
+ " could not be initialized");
|
||||
}
|
||||
|
||||
try {
|
||||
|
||||
// get parameters
|
||||
Element parameterElement = privilegeHandlerElement.element(XmlConstants.XML_PARAMETERS);
|
||||
Map<String, String> parameterMap = convertToParameterMap(parameterElement);
|
||||
|
||||
// initialize privilege handler
|
||||
privilegeHandler.initialize(parameterMap, encryptionHandler, persistenceHandler);
|
||||
|
||||
} catch (Exception e) {
|
||||
logger.error(e, e);
|
||||
throw new PrivilegeException("PrivilegeHandler " + privilegeHandlerClassName + " could not be initialized");
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @param element
|
||||
* @return
|
||||
*/
|
||||
@SuppressWarnings("unchecked")
|
||||
public static Map<String, String> convertToParameterMap(Element element) {
|
||||
|
||||
|
|
|
|||
|
|
@ -1,47 +0,0 @@
|
|||
/*
|
||||
* Copyright (c) 2010
|
||||
*
|
||||
* Robert von Burg
|
||||
* eitch@eitchnet.ch
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
*/
|
||||
|
||||
package ch.eitchnet.privilege.helper;
|
||||
|
||||
import ch.eitchnet.privilege.base.PrivilegeContainer;
|
||||
import ch.eitchnet.privilege.i18n.AccessDeniedException;
|
||||
import ch.eitchnet.privilege.i18n.PrivilegeException;
|
||||
import ch.eitchnet.privilege.model.Certificate;
|
||||
import ch.eitchnet.privilege.model.internal.User;
|
||||
|
||||
/**
|
||||
* @author rvonburg
|
||||
*
|
||||
*/
|
||||
public class PrivilegeHelper {
|
||||
|
||||
public static boolean isUserPrivilegeAdmin(Certificate certificate) {
|
||||
// validate certificate
|
||||
if (!PrivilegeContainer.getInstance().getModelHandler().isCertificateValid(certificate)) {
|
||||
throw new PrivilegeException("Certificate " + certificate + " is not valid!");
|
||||
}
|
||||
|
||||
// get user object
|
||||
User user = PrivilegeContainer.getInstance().getModelHandler().getUser(certificate.getUsername());
|
||||
if (user == null) {
|
||||
throw new PrivilegeException(
|
||||
"Oh boy, how did this happen: No User in user map although the certificate is valid! Certificate: "
|
||||
+ certificate);
|
||||
}
|
||||
|
||||
// validate user has PrivilegeAdmin role
|
||||
if (!user.hasRole(PrivilegeContainer.PRIVILEGE_ADMIN_ROLE)) {
|
||||
throw new AccessDeniedException("User does not have " + PrivilegeContainer.PRIVILEGE_ADMIN_ROLE
|
||||
+ " role! Certificate: " + certificate);
|
||||
} else {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -8,7 +8,7 @@
|
|||
*
|
||||
*/
|
||||
|
||||
package ch.eitchnet.privilege.base;
|
||||
package ch.eitchnet.privilege.helper;
|
||||
|
||||
/**
|
||||
* @author rvonburg
|
||||
|
|
@ -23,9 +23,7 @@ public class XmlConstants {
|
|||
|
||||
public static final String XML_HANDLER_PERSISTENCE = "PersistenceHandler";
|
||||
public static final String XML_HANDLER_ENCRYPTION = "EncryptionHandler";
|
||||
public static final String XML_HANDLER_SESSION = "SessionHandler";
|
||||
public static final String XML_HANDLER_POLICY = "PolicyHandler";
|
||||
public static final String XML_HANDLER_MODEL = "ModelHandler";
|
||||
public static final String XML_HANDLER_PRIVILEGE = "PrivilegeHandler";
|
||||
|
||||
public static final String XML_ROLES = "Roles";
|
||||
public static final String XML_ROLE = "Role";
|
||||
|
|
@ -56,4 +54,5 @@ public class XmlConstants {
|
|||
public static final String XML_PARAM_ROLES_FILE = "rolesXmlFile";
|
||||
public static final String XML_PARAM_USERS_FILE = "usersXmlFile";
|
||||
public static final String XML_PARAM_PRIVILEGES_FILE = "privilegesXmlFile";
|
||||
public static final String XML_PARAM_BASE_PATH = "basePath";
|
||||
}
|
||||
|
|
@ -11,7 +11,6 @@
|
|||
package ch.eitchnet.privilege.model;
|
||||
|
||||
import java.io.Serializable;
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
|
|
@ -39,8 +38,8 @@ public class PrivilegeRep implements Serializable {
|
|||
this.name = name;
|
||||
this.policy = policy;
|
||||
this.allAllowed = allAllowed;
|
||||
this.denyList = new HashSet<String>(denyList);
|
||||
this.allowList = new HashSet<String>(allowList);
|
||||
this.denyList = denyList;
|
||||
this.allowList = allowList;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -55,7 +55,8 @@ public class UserRep implements Serializable {
|
|||
}
|
||||
|
||||
/**
|
||||
* @param username the username to set
|
||||
* @param username
|
||||
* the username to set
|
||||
*/
|
||||
public void setUsername(String username) {
|
||||
this.username = username;
|
||||
|
|
@ -69,7 +70,8 @@ public class UserRep implements Serializable {
|
|||
}
|
||||
|
||||
/**
|
||||
* @param firstname the firstname to set
|
||||
* @param firstname
|
||||
* the firstname to set
|
||||
*/
|
||||
public void setFirstname(String firstname) {
|
||||
this.firstname = firstname;
|
||||
|
|
@ -83,7 +85,8 @@ public class UserRep implements Serializable {
|
|||
}
|
||||
|
||||
/**
|
||||
* @param surname the surname to set
|
||||
* @param surname
|
||||
* the surname to set
|
||||
*/
|
||||
public void setSurname(String surname) {
|
||||
this.surname = surname;
|
||||
|
|
@ -97,7 +100,8 @@ public class UserRep implements Serializable {
|
|||
}
|
||||
|
||||
/**
|
||||
* @param userState the userState to set
|
||||
* @param userState
|
||||
* the userState to set
|
||||
*/
|
||||
public void setUserState(UserState userState) {
|
||||
this.userState = userState;
|
||||
|
|
@ -111,7 +115,8 @@ public class UserRep implements Serializable {
|
|||
}
|
||||
|
||||
/**
|
||||
* @param roles the roles to set
|
||||
* @param roles
|
||||
* the roles to set
|
||||
*/
|
||||
public void setRoles(Set<String> roles) {
|
||||
this.roles = roles;
|
||||
|
|
@ -125,7 +130,8 @@ public class UserRep implements Serializable {
|
|||
}
|
||||
|
||||
/**
|
||||
* @param locale the locale to set
|
||||
* @param locale
|
||||
* the locale to set
|
||||
*/
|
||||
public void setLocale(Locale locale) {
|
||||
this.locale = locale;
|
||||
|
|
|
|||
|
|
@ -18,5 +18,5 @@ public enum UserState {
|
|||
NEW,
|
||||
ENABLED,
|
||||
DISABLED,
|
||||
DEACTIVATED;
|
||||
EXPIRED;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@
|
|||
package ch.eitchnet.privilege.model.internal;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
|
||||
import ch.eitchnet.privilege.model.PrivilegeRep;
|
||||
|
|
@ -79,7 +80,7 @@ public final class Privilege {
|
|||
* @return a {@link PrivilegeRep} which is a representation of this object used to serialize and view on clients
|
||||
*/
|
||||
public PrivilegeRep asPrivilegeRep() {
|
||||
return new PrivilegeRep(name, policy, allAllowed, denyList, allowList);
|
||||
return new PrivilegeRep(name, policy, allAllowed, new HashSet<String>(denyList), new HashSet<String>(allowList));
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -11,6 +11,7 @@
|
|||
package ch.eitchnet.privilege.model.internal;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.HashSet;
|
||||
import java.util.Set;
|
||||
|
||||
import ch.eitchnet.privilege.model.RoleRep;
|
||||
|
|
@ -60,7 +61,7 @@ public final class Role {
|
|||
* @return a {@link RoleRep} which is a representation of this object used to serialize and view on clients
|
||||
*/
|
||||
public RoleRep asRoleRep() {
|
||||
return new RoleRep(name, privileges);
|
||||
return new RoleRep(name, new HashSet<String>(privileges));
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -11,11 +11,10 @@
|
|||
package ch.eitchnet.privilege.model.internal;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.HashSet;
|
||||
import java.util.Locale;
|
||||
import java.util.Set;
|
||||
|
||||
import ch.eitchnet.privilege.helper.PrivilegeHelper;
|
||||
import ch.eitchnet.privilege.model.Certificate;
|
||||
import ch.eitchnet.privilege.model.UserRep;
|
||||
import ch.eitchnet.privilege.model.UserState;
|
||||
|
||||
|
|
@ -70,13 +69,19 @@ public final class User {
|
|||
}
|
||||
|
||||
/**
|
||||
* @return the password
|
||||
*
|
||||
* @param privilegeHandler
|
||||
* @param certificate
|
||||
*
|
||||
* @return
|
||||
*/
|
||||
public String getPassword(Certificate certificate) {
|
||||
if (PrivilegeHelper.isUserPrivilegeAdmin(certificate))
|
||||
return password;
|
||||
else
|
||||
return null;
|
||||
public String getPassword() {
|
||||
|
||||
// TODO is it possible that there is a hidden way of accessing this
|
||||
// field even though? The User object should be private, but maybe I
|
||||
// forgot something?
|
||||
|
||||
return password;
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -135,7 +140,7 @@ public final class User {
|
|||
* @return a {@link UserRep} which is a representation of this object used to serialize and view on clients
|
||||
*/
|
||||
public UserRep asUserRep() {
|
||||
return new UserRep(username, firstname, surname, userState, roles, locale);
|
||||
return new UserRep(username, firstname, surname, userState, new HashSet<String>(roles), locale);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
|||
Loading…
Reference in New Issue