- remodelled privilege to be its own object and put all models into the persistence handler
This commit is contained in:
parent
152d58d515
commit
ddb1aa279a
|
@ -1,12 +1,14 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<PrivilegeContainer>
|
||||
|
||||
<SessionHandler class="ch.eitchnet.privilege.handler.DefaultSessionHandler">
|
||||
<PersistenceHandler class="ch.eitchnet.privilege.handler.DefaultPersistenceHandler">
|
||||
<Parameters>
|
||||
<Parameter name="usersXmlFile" value="PrivilegeUsers.xml" />
|
||||
<Parameter name="rolesXmlFile" value="PrivilegeRoles.xml" />
|
||||
<Parameter name="privilegesXmlFile" value="Privileges.xml" />
|
||||
</Parameters>
|
||||
</SessionHandler>
|
||||
</PersistenceHandler>
|
||||
<SessionHandler class="ch.eitchnet.privilege.handler.DefaultSessionHandler" />
|
||||
<EncryptionHandler class="ch.eitchnet.privilege.handler.DefaultEncryptionHandler">
|
||||
<Parameters>
|
||||
<Parameter name="hashAlgorithm" value="SHA-256" />
|
||||
|
|
|
@ -2,11 +2,7 @@
|
|||
<PrivilegeRoles>
|
||||
|
||||
<Role name="admin">
|
||||
<Privilege name="Service" policy="DefaultRestriction">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
<Deny></Deny>
|
||||
<Allow></Allow>
|
||||
</Privilege>
|
||||
<Privilege name="Service" />
|
||||
</Role>
|
||||
|
||||
</PrivilegeRoles>
|
|
@ -0,0 +1,10 @@
|
|||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<Privileges>
|
||||
|
||||
<Privilege name="Service" policy="DefaultRestriction">
|
||||
<AllAllowed>true</AllAllowed>
|
||||
<Deny></Deny>
|
||||
<Allow></Allow>
|
||||
</Privilege>
|
||||
|
||||
</Privileges>
|
|
@ -16,6 +16,7 @@ import org.apache.log4j.Logger;
|
|||
import org.dom4j.Element;
|
||||
|
||||
import ch.eitchnet.privilege.handler.EncryptionHandler;
|
||||
import ch.eitchnet.privilege.handler.PersistenceHandler;
|
||||
import ch.eitchnet.privilege.handler.PolicyHandler;
|
||||
import ch.eitchnet.privilege.handler.SessionHandler;
|
||||
import ch.eitchnet.privilege.helper.ClassHelper;
|
||||
|
@ -37,6 +38,7 @@ public class PrivilegeContainer {
|
|||
private SessionHandler sessionHandler;
|
||||
private PolicyHandler policyHandler;
|
||||
private EncryptionHandler encryptionHandler;
|
||||
private PersistenceHandler persistenceHandler;
|
||||
|
||||
private String basePath;
|
||||
|
||||
|
@ -72,6 +74,13 @@ public class PrivilegeContainer {
|
|||
return encryptionHandler;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the persistenceHandler
|
||||
*/
|
||||
public PersistenceHandler getPersistenceHandler() {
|
||||
return persistenceHandler;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the basePath
|
||||
*/
|
||||
|
@ -93,6 +102,11 @@ public class PrivilegeContainer {
|
|||
// parse container xml file to XML document
|
||||
Element containerRootElement = XmlHelper.parseDocument(privilegeContainerXml).getRootElement();
|
||||
|
||||
// instantiate persistence handler
|
||||
Element persistenceHandlerElement = containerRootElement.element(XmlConstants.XML_HANDLER_PERSISTENCE);
|
||||
String persistenceHandlerClassName = persistenceHandlerElement.attributeValue(XmlConstants.XML_ATTR_CLASS);
|
||||
PersistenceHandler persistenceHandler = ClassHelper.instantiateClass(persistenceHandlerClassName);
|
||||
|
||||
// instantiate session handler
|
||||
Element sessionHandlerElement = containerRootElement.element(XmlConstants.XML_HANDLER_SESSION);
|
||||
String sessionHandlerClassName = sessionHandlerElement.attributeValue(XmlConstants.XML_ATTR_CLASS);
|
||||
|
@ -108,6 +122,13 @@ public class PrivilegeContainer {
|
|||
String policyHandlerClassName = policyHandlerElement.attributeValue(XmlConstants.XML_ATTR_CLASS);
|
||||
PolicyHandler policyHandler = ClassHelper.instantiateClass(policyHandlerClassName);
|
||||
|
||||
try {
|
||||
persistenceHandler.initialize(persistenceHandlerElement);
|
||||
} catch (Exception e) {
|
||||
logger.error(e, e);
|
||||
throw new PrivilegeException("PersistenceHandler " + persistenceHandlerElement
|
||||
+ " could not be initialized");
|
||||
}
|
||||
try {
|
||||
sessionHandler.initialize(sessionHandlerElement);
|
||||
} catch (Exception e) {
|
||||
|
@ -129,6 +150,7 @@ public class PrivilegeContainer {
|
|||
}
|
||||
|
||||
// keep references to the handlers
|
||||
this.persistenceHandler = persistenceHandler;
|
||||
this.sessionHandler = sessionHandler;
|
||||
this.encryptionHandler = encryptionHandler;
|
||||
this.policyHandler = policyHandler;
|
||||
|
|
|
@ -15,6 +15,7 @@ package ch.eitchnet.privilege.base;
|
|||
*
|
||||
*/
|
||||
public class XmlConstants {
|
||||
public static final String XML_HANDLER_PERSISTENCE = "PersistenceHandler";
|
||||
public static final String XML_HANDLER_ENCRYPTION = "EncryptionHandler";
|
||||
public static final String XML_HANDLER_SESSION = "SessionHandler";
|
||||
public static final String XML_HANDLER_POLICY = "PolicyHandler";
|
||||
|
@ -43,4 +44,5 @@ public class XmlConstants {
|
|||
public static final String XML_PARAM_POLICY_FILE = "policyXmlFile";
|
||||
public static final String XML_PARAM_ROLES_FILE = "rolesXmlFile";
|
||||
public static final String XML_PARAM_USERS_FILE = "usersXmlFile";
|
||||
public static final String XML_PARAM_PRIVILEGES_FILE = "privilegesXmlFile";
|
||||
}
|
||||
|
|
|
@ -0,0 +1,309 @@
|
|||
/*
|
||||
* Copyright (c) 2010
|
||||
*
|
||||
* Robert von Burg
|
||||
* eitch@eitchnet.ch
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
*/
|
||||
|
||||
package ch.eitchnet.privilege.handler;
|
||||
|
||||
import java.io.File;
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.List;
|
||||
import java.util.Locale;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
import org.apache.log4j.Logger;
|
||||
import org.dom4j.Element;
|
||||
|
||||
import ch.eitchnet.privilege.base.PrivilegeContainer;
|
||||
import ch.eitchnet.privilege.base.XmlConstants;
|
||||
import ch.eitchnet.privilege.helper.ConfigurationHelper;
|
||||
import ch.eitchnet.privilege.helper.XmlHelper;
|
||||
import ch.eitchnet.privilege.i18n.PrivilegeException;
|
||||
import ch.eitchnet.privilege.model.Certificate;
|
||||
import ch.eitchnet.privilege.model.UserState;
|
||||
import ch.eitchnet.privilege.model.internal.Privilege;
|
||||
import ch.eitchnet.privilege.model.internal.Role;
|
||||
import ch.eitchnet.privilege.model.internal.User;
|
||||
|
||||
/**
|
||||
* @author rvonburg
|
||||
*
|
||||
*/
|
||||
public class DefaultPersistenceHandler implements PersistenceHandler {
|
||||
|
||||
private static final Logger logger = Logger.getLogger(DefaultPersistenceHandler.class);
|
||||
|
||||
private Map<String, User> userMap;
|
||||
private Map<String, Role> roleMap;
|
||||
private Map<String, Privilege> privilegesMap;
|
||||
|
||||
private Map<String, User> transientUserMap;
|
||||
private Map<String, Role> transientRoleMap;
|
||||
private Map<String, Privilege> transientPrivilegesMap;
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.handler.PersistenceHandler#addPrivilege(ch.eitchnet.privilege.model.Certificate,
|
||||
* ch.eitchnet.privilege.model.internal.Privilege)
|
||||
*/
|
||||
@Override
|
||||
public void addPrivilege(Certificate certificate, Privilege privilege) {
|
||||
// TODO validate who is doing this
|
||||
|
||||
privilegesMap.put(privilege.getName(), privilege);
|
||||
transientPrivilegesMap.put(privilege.getName(), privilege);
|
||||
}
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.handler.PersistenceHandler#addRole(ch.eitchnet.privilege.model.Certificate,
|
||||
* ch.eitchnet.privilege.model.internal.Role)
|
||||
*/
|
||||
@Override
|
||||
public void addRole(Certificate certificate, Role role) {
|
||||
// TODO validate who is doing this
|
||||
|
||||
roleMap.put(role.getRoleName(), role);
|
||||
transientRoleMap.put(role.getRoleName(), role);
|
||||
}
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.handler.PersistenceHandler#addUser(ch.eitchnet.privilege.model.Certificate,
|
||||
* ch.eitchnet.privilege.model.internal.User)
|
||||
*/
|
||||
@Override
|
||||
public void addUser(Certificate certificate, User user) {
|
||||
// TODO Auto-generated method stub
|
||||
|
||||
userMap.put(user.getUsername(), user);
|
||||
transientUserMap.put(user.getUsername(), user);
|
||||
}
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.handler.PersistenceHandler#getPrivilege(java.lang.String)
|
||||
*/
|
||||
@Override
|
||||
public Privilege getPrivilege(String privilegeName) {
|
||||
return privilegesMap.get(privilegeName);
|
||||
}
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.handler.PersistenceHandler#getRole(java.lang.String)
|
||||
*/
|
||||
@Override
|
||||
public Role getRole(String roleName) {
|
||||
return roleMap.get(roleName);
|
||||
}
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.handler.PersistenceHandler#getUser(java.lang.String)
|
||||
*/
|
||||
@Override
|
||||
public User getUser(String username) {
|
||||
return userMap.get(username);
|
||||
}
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.handler.PersistenceHandler#persist()
|
||||
*/
|
||||
@Override
|
||||
public void persist(Certificate certificate) {
|
||||
|
||||
// TODO Auto-generated method stub
|
||||
|
||||
// TODO Auto-generated method stub
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* @see ch.eitchnet.privilege.base.PrivilegeContainerObject#initialize(org.dom4j.Element)
|
||||
*/
|
||||
@Override
|
||||
public void initialize(Element element) {
|
||||
|
||||
roleMap = new HashMap<String, Role>();
|
||||
userMap = new HashMap<String, User>();
|
||||
privilegesMap = new HashMap<String, Privilege>();
|
||||
|
||||
// get parameters
|
||||
Element parameterElement = element.element(XmlConstants.XML_PARAMETERS);
|
||||
Map<String, String> parameterMap = ConfigurationHelper.convertToParameterMap(parameterElement);
|
||||
|
||||
// get roles file name
|
||||
String rolesFileName = parameterMap.get(XmlConstants.XML_PARAM_ROLES_FILE);
|
||||
if (rolesFileName == null || rolesFileName.isEmpty()) {
|
||||
throw new PrivilegeException("[" + SessionHandler.class.getName() + "] Defined parameter "
|
||||
+ XmlConstants.XML_PARAM_ROLES_FILE + " is invalid");
|
||||
}
|
||||
|
||||
// get roles file
|
||||
File rolesFile = new File(PrivilegeContainer.getInstance().getBasePath() + "/" + rolesFileName);
|
||||
if (!rolesFile.exists()) {
|
||||
throw new PrivilegeException("[" + SessionHandler.class.getName() + "] Defined parameter "
|
||||
+ XmlConstants.XML_PARAM_ROLES_FILE + " is invalid as roles file does not exist at path "
|
||||
+ rolesFile.getAbsolutePath());
|
||||
}
|
||||
|
||||
// parse roles xml file to XML document
|
||||
Element rolesRootElement = XmlHelper.parseDocument(rolesFile).getRootElement();
|
||||
|
||||
// read roles
|
||||
readRoles(rolesRootElement);
|
||||
|
||||
// get users file name
|
||||
String usersFileName = parameterMap.get(XmlConstants.XML_PARAM_USERS_FILE);
|
||||
if (usersFileName == null || usersFileName.isEmpty()) {
|
||||
throw new PrivilegeException("[" + SessionHandler.class.getName() + "] Defined parameter "
|
||||
+ XmlConstants.XML_PARAM_USERS_FILE + " is invalid");
|
||||
}
|
||||
|
||||
// get users file
|
||||
File usersFile = new File(PrivilegeContainer.getInstance().getBasePath() + "/" + usersFileName);
|
||||
if (!usersFile.exists()) {
|
||||
throw new PrivilegeException("[" + SessionHandler.class.getName() + "] Defined parameter "
|
||||
+ XmlConstants.XML_PARAM_USERS_FILE + " is invalid as users file does not exist at path "
|
||||
+ usersFile.getAbsolutePath());
|
||||
}
|
||||
|
||||
// parse users xml file to XML document
|
||||
Element usersRootElement = XmlHelper.parseDocument(usersFile).getRootElement();
|
||||
|
||||
// read users
|
||||
readUsers(usersRootElement);
|
||||
|
||||
// get privileges file name
|
||||
String privilegesFileName = parameterMap.get(XmlConstants.XML_PARAM_PRIVILEGES_FILE);
|
||||
if (privilegesFileName == null || privilegesFileName.isEmpty()) {
|
||||
throw new PrivilegeException("[" + SessionHandler.class.getName() + "] Defined parameter "
|
||||
+ XmlConstants.XML_PARAM_PRIVILEGES_FILE + " is invalid");
|
||||
}
|
||||
|
||||
// get privileges file
|
||||
File privilegesFile = new File(PrivilegeContainer.getInstance().getBasePath() + "/" + privilegesFileName);
|
||||
if (!privilegesFile.exists()) {
|
||||
throw new PrivilegeException("[" + SessionHandler.class.getName() + "] Defined parameter "
|
||||
+ XmlConstants.XML_PARAM_PRIVILEGES_FILE + " is invalid as privileges file does not exist at path "
|
||||
+ privilegesFile.getAbsolutePath());
|
||||
}
|
||||
|
||||
// parse privileges xml file to XML document
|
||||
Element privilegesRootElement = XmlHelper.parseDocument(privilegesFile).getRootElement();
|
||||
|
||||
// read privileges
|
||||
readPrivileges(privilegesRootElement);
|
||||
|
||||
logger.info("Read " + userMap.size() + " Users");
|
||||
logger.info("Read " + roleMap.size() + " Roles");
|
||||
logger.info("Read " + privilegesMap.size() + " Privileges");
|
||||
}
|
||||
|
||||
/**
|
||||
* @param usersRootElement
|
||||
*/
|
||||
private void readUsers(Element usersRootElement) {
|
||||
|
||||
List<Element> userElements = usersRootElement.elements(XmlConstants.XML_USER);
|
||||
for (Element userElement : userElements) {
|
||||
|
||||
String username = userElement.attributeValue(XmlConstants.XML_ATTR_USERNAME);
|
||||
String password = userElement.attributeValue(XmlConstants.XML_ATTR_PASSWORD);
|
||||
|
||||
String firstname = userElement.element(XmlConstants.XML_FIRSTNAME).getTextTrim();
|
||||
String surname = userElement.element(XmlConstants.XML_SURNAME).getTextTrim();
|
||||
|
||||
UserState userState = UserState.valueOf(userElement.element(XmlConstants.XML_STATE).getTextTrim());
|
||||
|
||||
// TODO better handling needed
|
||||
String localeName = userElement.element(XmlConstants.XML_LOCALE).getTextTrim();
|
||||
Locale locale = new Locale(localeName);
|
||||
|
||||
Element rolesElement = userElement.element(XmlConstants.XML_ROLES);
|
||||
List<Element> rolesElementList = rolesElement.elements(XmlConstants.XML_ROLE);
|
||||
Set<String> roles = new HashSet<String>();
|
||||
for (Element roleElement : rolesElementList) {
|
||||
String roleName = roleElement.getTextTrim();
|
||||
if (roleName.isEmpty()) {
|
||||
logger.warn("User " + username + " has a role defined with no name, Skipped.");
|
||||
} else {
|
||||
roles.add(roleName);
|
||||
}
|
||||
}
|
||||
|
||||
// create user
|
||||
User user = User.buildUser(username, password, firstname, surname, userState, roles, locale);
|
||||
|
||||
// put user in map
|
||||
userMap.put(username, user);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @param rolesRootElement
|
||||
*/
|
||||
private void readRoles(Element rolesRootElement) {
|
||||
|
||||
List<Element> roleElements = rolesRootElement.elements(XmlConstants.XML_ROLE);
|
||||
for (Element roleElement : roleElements) {
|
||||
|
||||
String roleName = roleElement.attributeValue(XmlConstants.XML_ATTR_NAME);
|
||||
|
||||
List<Element> privilegeElements = roleElement.elements(XmlConstants.XML_PRIVILEGE);
|
||||
Set<String> privileges = new HashSet<String>();
|
||||
for (Element privilegeElement : privilegeElements) {
|
||||
|
||||
String privilegeName = privilegeElement.attributeValue(XmlConstants.XML_ATTR_NAME);
|
||||
privileges.add(privilegeName);
|
||||
}
|
||||
|
||||
Role role = new Role(roleName, privileges);
|
||||
roleMap.put(roleName, role);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @param rolesRootElement
|
||||
*/
|
||||
private void readPrivileges(Element privilegesRootElement) {
|
||||
|
||||
List<Element> privilegeElements = privilegesRootElement.elements(XmlConstants.XML_PRIVILEGE);
|
||||
for (Element privilegeElement : privilegeElements) {
|
||||
|
||||
String privilegeName = privilegeElement.attributeValue(XmlConstants.XML_ATTR_NAME);
|
||||
String privilegePolicy = privilegeElement.attributeValue(XmlConstants.XML_ATTR_POLICY);
|
||||
|
||||
String allAllowedS = privilegeElement.element(XmlConstants.XML_ALL_ALLOWED).getTextTrim();
|
||||
boolean allAllowed = Boolean.valueOf(allAllowedS);
|
||||
|
||||
List<Element> denyElements = privilegeElement.elements(XmlConstants.XML_DENY);
|
||||
List<String> denyList = new ArrayList<String>(denyElements.size());
|
||||
for (Element denyElement : denyElements) {
|
||||
String denyValue = denyElement.getTextTrim();
|
||||
if (denyValue.isEmpty()) {
|
||||
logger.error("Privilege " + privilegeName + " has an empty deny value!");
|
||||
} else {
|
||||
denyList.add(denyValue);
|
||||
}
|
||||
}
|
||||
|
||||
List<Element> allowElements = privilegeElement.elements(XmlConstants.XML_ALLOW);
|
||||
List<String> allowList = new ArrayList<String>(allowElements.size());
|
||||
for (Element allowElement : allowElements) {
|
||||
String allowValue = allowElement.getTextTrim();
|
||||
if (allowValue.isEmpty()) {
|
||||
logger.error("Privilege " + privilegeName + " has an empty allow value!");
|
||||
} else {
|
||||
allowList.add(allowValue);
|
||||
}
|
||||
}
|
||||
|
||||
Privilege privilege = new Privilege(privilegeName, privilegePolicy, allAllowed, denyList, allowList);
|
||||
privilegesMap.put(privilegeName, privilege);
|
||||
}
|
||||
}
|
||||
}
|
|
@ -10,27 +10,18 @@
|
|||
|
||||
package ch.eitchnet.privilege.handler;
|
||||
|
||||
import java.io.File;
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.LinkedList;
|
||||
import java.util.List;
|
||||
import java.util.Locale;
|
||||
import java.util.Map;
|
||||
|
||||
import org.apache.log4j.Logger;
|
||||
import org.dom4j.Element;
|
||||
|
||||
import ch.eitchnet.privilege.base.PrivilegeContainer;
|
||||
import ch.eitchnet.privilege.base.XmlConstants;
|
||||
import ch.eitchnet.privilege.helper.ConfigurationHelper;
|
||||
import ch.eitchnet.privilege.helper.XmlHelper;
|
||||
import ch.eitchnet.privilege.i18n.AccessDeniedException;
|
||||
import ch.eitchnet.privilege.i18n.PrivilegeException;
|
||||
import ch.eitchnet.privilege.model.Certificate;
|
||||
import ch.eitchnet.privilege.model.Restrictable;
|
||||
import ch.eitchnet.privilege.model.UserState;
|
||||
import ch.eitchnet.privilege.model.internal.Privilege;
|
||||
import ch.eitchnet.privilege.model.internal.Role;
|
||||
import ch.eitchnet.privilege.model.internal.Session;
|
||||
import ch.eitchnet.privilege.model.internal.User;
|
||||
|
@ -45,11 +36,11 @@ public class DefaultSessionHandler implements SessionHandler {
|
|||
|
||||
private static long lastSessionId;
|
||||
|
||||
private Map<String, User> userMap;
|
||||
private Map<String, Role> roleMap;
|
||||
private Map<String, CertificateSessionPair> sessionMap;
|
||||
|
||||
/**
|
||||
* TODO What is better, validate from {@link Restrictable} to {@link User} or the opposite direction?
|
||||
*
|
||||
* @see ch.eitchnet.privilege.handler.SessionHandler#actionAllowed(ch.eitchnet.privilege.model.Certificate,
|
||||
* ch.eitchnet.privilege.model.Restrictable)
|
||||
*
|
||||
|
@ -84,7 +75,8 @@ public class DefaultSessionHandler implements SessionHandler {
|
|||
+ certificate.getSessionId());
|
||||
|
||||
// get user object
|
||||
User user = userMap.get(certificateSessionPair.session.getUsername());
|
||||
User user = PrivilegeContainer.getInstance().getPersistenceHandler().getUser(
|
||||
certificateSessionPair.session.getUsername());
|
||||
if (user == null) {
|
||||
throw new PrivilegeException(
|
||||
"Oh boy, how did this happen: No User in user map although the certificate is valid!");
|
||||
|
@ -96,9 +88,9 @@ public class DefaultSessionHandler implements SessionHandler {
|
|||
|
||||
// now iterate roles and validate on policy handler
|
||||
PolicyHandler policyHandler = PrivilegeContainer.getInstance().getPolicyHandler();
|
||||
for (String roleName : user.getRoleList()) {
|
||||
for (String roleName : user.getRoles()) {
|
||||
|
||||
Role role = roleMap.get(roleName);
|
||||
Role role = PrivilegeContainer.getInstance().getPersistenceHandler().getRole(roleName);
|
||||
if (role == null) {
|
||||
logger.error("No role is defined with name " + roleName + " which is configured for user " + user);
|
||||
continue;
|
||||
|
@ -135,7 +127,7 @@ public class DefaultSessionHandler implements SessionHandler {
|
|||
String passwordHash = encryptionHandler.convertToHash(password);
|
||||
|
||||
// get user object
|
||||
User user = userMap.get(username);
|
||||
User user = PrivilegeContainer.getInstance().getPersistenceHandler().getUser(username);
|
||||
// no user means no authentication
|
||||
if (user == null)
|
||||
throw new AccessDeniedException("There is no user defined with the credentials: " + username + " / ***...");
|
||||
|
@ -149,7 +141,7 @@ public class DefaultSessionHandler implements SessionHandler {
|
|||
throw new AccessDeniedException("User " + username + " is not ENABLED. State is: " + user.getState());
|
||||
|
||||
// validate user has at least one role
|
||||
if (user.getRoleList().isEmpty()) {
|
||||
if (user.getRoles().isEmpty()) {
|
||||
throw new PrivilegeException("User " + username + " does not have any roles defined!");
|
||||
}
|
||||
|
||||
|
@ -185,151 +177,8 @@ public class DefaultSessionHandler implements SessionHandler {
|
|||
public void initialize(Element element) {
|
||||
|
||||
lastSessionId = 0l;
|
||||
roleMap = new HashMap<String, Role>();
|
||||
userMap = new HashMap<String, User>();
|
||||
sessionMap = new HashMap<String, CertificateSessionPair>();
|
||||
|
||||
// get parameters
|
||||
Element parameterElement = element.element(XmlConstants.XML_PARAMETERS);
|
||||
Map<String, String> parameterMap = ConfigurationHelper.convertToParameterMap(parameterElement);
|
||||
|
||||
// get roles file name
|
||||
String rolesFileName = parameterMap.get(XmlConstants.XML_PARAM_ROLES_FILE);
|
||||
if (rolesFileName == null || rolesFileName.isEmpty()) {
|
||||
throw new PrivilegeException("[" + SessionHandler.class.getName() + "] Defined parameter "
|
||||
+ XmlConstants.XML_PARAM_ROLES_FILE + " is invalid");
|
||||
}
|
||||
|
||||
// get roles file
|
||||
File rolesFile = new File(PrivilegeContainer.getInstance().getBasePath() + "/" + rolesFileName);
|
||||
if (!rolesFile.exists()) {
|
||||
throw new PrivilegeException("[" + SessionHandler.class.getName() + "] Defined parameter "
|
||||
+ XmlConstants.XML_PARAM_ROLES_FILE + " is invalid as roles file does not exist at path "
|
||||
+ rolesFile.getAbsolutePath());
|
||||
}
|
||||
|
||||
// parse roles xml file to XML document
|
||||
Element rolesRootElement = XmlHelper.parseDocument(rolesFile).getRootElement();
|
||||
|
||||
// read roles
|
||||
readRoles(rolesRootElement);
|
||||
|
||||
// get users file name
|
||||
String usersFileName = parameterMap.get(XmlConstants.XML_PARAM_USERS_FILE);
|
||||
if (usersFileName == null || usersFileName.isEmpty()) {
|
||||
throw new PrivilegeException("[" + SessionHandler.class.getName() + "] Defined parameter "
|
||||
+ XmlConstants.XML_PARAM_USERS_FILE + " is invalid");
|
||||
}
|
||||
|
||||
// get users file
|
||||
File usersFile = new File(PrivilegeContainer.getInstance().getBasePath() + "/" + usersFileName);
|
||||
if (!usersFile.exists()) {
|
||||
throw new PrivilegeException("[" + SessionHandler.class.getName() + "] Defined parameter "
|
||||
+ XmlConstants.XML_PARAM_USERS_FILE + " is invalid as users file does not exist at path "
|
||||
+ usersFile.getAbsolutePath());
|
||||
}
|
||||
|
||||
// parse users xml file to XML document
|
||||
Element usersRootElement = XmlHelper.parseDocument(usersFile).getRootElement();
|
||||
|
||||
// read users
|
||||
readUsers(usersRootElement);
|
||||
|
||||
logger.info("Read " + userMap.size() + " Users");
|
||||
logger.info("Read " + roleMap.size() + " Roles");
|
||||
}
|
||||
|
||||
/**
|
||||
* @param usersRootElement
|
||||
*/
|
||||
private void readUsers(Element usersRootElement) {
|
||||
|
||||
List<Element> userElements = usersRootElement.elements(XmlConstants.XML_USER);
|
||||
for (Element userElement : userElements) {
|
||||
|
||||
String username = userElement.attributeValue(XmlConstants.XML_ATTR_USERNAME);
|
||||
String password = userElement.attributeValue(XmlConstants.XML_ATTR_PASSWORD);
|
||||
|
||||
String firstname = userElement.element(XmlConstants.XML_FIRSTNAME).getTextTrim();
|
||||
String surname = userElement.element(XmlConstants.XML_SURNAME).getTextTrim();
|
||||
|
||||
UserState userState = UserState.valueOf(userElement.element(XmlConstants.XML_STATE).getTextTrim());
|
||||
|
||||
// TODO better handling needed
|
||||
String localeName = userElement.element(XmlConstants.XML_LOCALE).getTextTrim();
|
||||
Locale locale = new Locale(localeName);
|
||||
|
||||
Element rolesElement = userElement.element(XmlConstants.XML_ROLES);
|
||||
List<Element> rolesElementList = rolesElement.elements(XmlConstants.XML_ROLE);
|
||||
List<String> roleList = new LinkedList<String>();
|
||||
for (Element roleElement : rolesElementList) {
|
||||
String roleName = roleElement.getTextTrim();
|
||||
if (roleName.isEmpty()) {
|
||||
logger.warn("User " + username + " has a role defined with no name, Skipped.");
|
||||
} else {
|
||||
roleList.add(roleName);
|
||||
}
|
||||
}
|
||||
|
||||
// create user
|
||||
User user = User.buildUser(username, password, firstname, surname, userState, roleList, locale);
|
||||
|
||||
// put user in map
|
||||
userMap.put(username, user);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @param rolesRootElement
|
||||
*/
|
||||
private void readRoles(Element rolesRootElement) {
|
||||
|
||||
List<Element> roleElements = rolesRootElement.elements(XmlConstants.XML_ROLE);
|
||||
for (Element roleElement : roleElements) {
|
||||
|
||||
String roleName = roleElement.attributeValue(XmlConstants.XML_ATTR_NAME);
|
||||
|
||||
List<Element> privilegeElements = roleElement.elements(XmlConstants.XML_PRIVILEGE);
|
||||
Map<String, Privilege> privilegeMap = new HashMap<String, Privilege>();
|
||||
for (Element privilegeElement : privilegeElements) {
|
||||
|
||||
String privilegeName = privilegeElement.attributeValue(XmlConstants.XML_ATTR_NAME);
|
||||
String privilegePolicy = privilegeElement.attributeValue(XmlConstants.XML_ATTR_POLICY);
|
||||
|
||||
String allAllowedS = privilegeElement.element(XmlConstants.XML_ALL_ALLOWED).getTextTrim();
|
||||
boolean allAllowed = Boolean.valueOf(allAllowedS);
|
||||
|
||||
List<Element> denyElements = privilegeElement.elements(XmlConstants.XML_DENY);
|
||||
List<String> denyList = new ArrayList<String>(denyElements.size());
|
||||
for (Element denyElement : denyElements) {
|
||||
String denyValue = denyElement.getTextTrim();
|
||||
if (denyValue.isEmpty()) {
|
||||
logger.error("Role " + roleName + " has privilege " + privilegeName
|
||||
+ " with an empty deny value!");
|
||||
} else {
|
||||
denyList.add(denyValue);
|
||||
}
|
||||
}
|
||||
|
||||
List<Element> allowElements = privilegeElement.elements(XmlConstants.XML_ALLOW);
|
||||
List<String> allowList = new ArrayList<String>(allowElements.size());
|
||||
for (Element allowElement : allowElements) {
|
||||
String allowValue = allowElement.getTextTrim();
|
||||
if (allowValue.isEmpty()) {
|
||||
logger.error("Role " + roleName + " has privilege " + privilegeName
|
||||
+ " with an empty allow value!");
|
||||
} else {
|
||||
allowList.add(allowValue);
|
||||
}
|
||||
}
|
||||
|
||||
Privilege privilege = new Privilege(privilegeName, privilegePolicy, allAllowed, denyList, allowList);
|
||||
privilegeMap.put(privilegeName, privilege);
|
||||
}
|
||||
|
||||
Role role = new Role(roleName, privilegeMap);
|
||||
roleMap.put(roleName, role);
|
||||
}
|
||||
}
|
||||
|
||||
private class CertificateSessionPair {
|
||||
|
|
|
@ -10,20 +10,29 @@
|
|||
|
||||
package ch.eitchnet.privilege.handler;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import ch.eitchnet.privilege.base.PrivilegeContainerObject;
|
||||
import ch.eitchnet.privilege.model.Certificate;
|
||||
import ch.eitchnet.privilege.model.internal.Privilege;
|
||||
import ch.eitchnet.privilege.model.internal.Role;
|
||||
import ch.eitchnet.privilege.model.internal.User;
|
||||
import ch.eitchnet.privilege.policy.RestrictionPolicy;
|
||||
|
||||
/**
|
||||
* @author rvonburg
|
||||
*
|
||||
*/
|
||||
public interface PersistenceHandler {
|
||||
public interface PersistenceHandler extends PrivilegeContainerObject {
|
||||
|
||||
public List<User> getAllUsers();
|
||||
public User getUser(String username);
|
||||
|
||||
public void saveUsers(List<User> users);
|
||||
public void addUser(Certificate certificate, User user);
|
||||
|
||||
public List<RestrictionPolicy> getAllRestrictionPolicies();
|
||||
public Role getRole(String roleName);
|
||||
|
||||
public void addRole(Certificate certificate, Role role);
|
||||
|
||||
public Privilege getPrivilege(String privilegeName);
|
||||
|
||||
public void addPrivilege(Certificate certificate, Privilege privilege);
|
||||
|
||||
public void persist(Certificate certificate);
|
||||
}
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
package ch.eitchnet.privilege.model.internal;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
/**
|
||||
* @author rvonburg
|
||||
|
@ -20,14 +20,14 @@ import java.util.Map;
|
|||
public final class Role {
|
||||
|
||||
private final String roleName;
|
||||
private final Map<String, Privilege> privilegeMap;
|
||||
private final Set<String> privileges;
|
||||
|
||||
/**
|
||||
* @param privilegeMap
|
||||
*/
|
||||
public Role(String roleName, Map<String, Privilege> privilegeMap) {
|
||||
public Role(String roleName, Set<String> privileges) {
|
||||
this.roleName = roleName;
|
||||
this.privilegeMap = Collections.unmodifiableMap(privilegeMap);
|
||||
this.privileges = Collections.unmodifiableSet(privileges);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -37,12 +37,18 @@ public final class Role {
|
|||
return roleName;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return
|
||||
*/
|
||||
public Set<String> getPrivileges() {
|
||||
return privileges;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param key
|
||||
* @return
|
||||
* @see java.util.Map#get(java.lang.Object)
|
||||
*/
|
||||
public Privilege getPrivilege(String key) {
|
||||
return privilegeMap.get(key);
|
||||
public boolean hasPrivilege(String key) {
|
||||
return privileges.contains(key);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -11,8 +11,8 @@
|
|||
package ch.eitchnet.privilege.model.internal;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
import java.util.Locale;
|
||||
import java.util.Set;
|
||||
|
||||
import ch.eitchnet.privilege.i18n.PrivilegeException;
|
||||
import ch.eitchnet.privilege.model.UserState;
|
||||
|
@ -31,7 +31,7 @@ public final class User {
|
|||
|
||||
private final UserState userState;
|
||||
|
||||
private final List<String> roleList;
|
||||
private final Set<String> roles;
|
||||
|
||||
private final Locale locale;
|
||||
|
||||
|
@ -39,7 +39,7 @@ public final class User {
|
|||
* The {@link User} constructor is private to ensure no unauthorized creation of {@link User} objects
|
||||
*/
|
||||
private User(String username, String password, String firstname, String surname, UserState userState,
|
||||
List<String> roleList, Locale locale) {
|
||||
Set<String> roles, Locale locale) {
|
||||
|
||||
this.username = username;
|
||||
this.password = password;
|
||||
|
@ -48,7 +48,7 @@ public final class User {
|
|||
this.firstname = firstname;
|
||||
this.surname = surname;
|
||||
|
||||
this.roleList = roleList;
|
||||
this.roles = roles;
|
||||
|
||||
this.locale = locale;
|
||||
}
|
||||
|
@ -89,10 +89,10 @@ public final class User {
|
|||
}
|
||||
|
||||
/**
|
||||
* @return the roleList
|
||||
* @return the roles
|
||||
*/
|
||||
public List<String> getRoleList() {
|
||||
return roleList;
|
||||
public Set<String> getRoles() {
|
||||
return roles;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -106,14 +106,14 @@ public final class User {
|
|||
* @return a new {@link User} object which is authenticated on the current Java Virtual Machine
|
||||
*/
|
||||
public static User buildUser(String username, String password, String firstname, String surname,
|
||||
UserState userState, List<String> roleList, Locale locale) {
|
||||
UserState userState, Set<String> roles, Locale locale) {
|
||||
|
||||
// set a default locale
|
||||
if (locale == null)
|
||||
locale = Locale.getDefault();
|
||||
|
||||
// TODO validate who is creating this User object
|
||||
|
||||
|
||||
if (username.length() < 3) {
|
||||
throw new PrivilegeException("The given username is shorter than 3 characters");
|
||||
}
|
||||
|
@ -126,7 +126,7 @@ public final class User {
|
|||
throw new PrivilegeException("The given firstname is empty");
|
||||
}
|
||||
|
||||
User user = new User(username, password, firstname, surname, userState, Collections.unmodifiableList(roleList),
|
||||
User user = new User(username, password, firstname, surname, userState, Collections.unmodifiableSet(roles),
|
||||
locale);
|
||||
|
||||
return user;
|
||||
|
|
|
@ -10,6 +10,7 @@
|
|||
|
||||
package ch.eitchnet.privilege.policy;
|
||||
|
||||
import ch.eitchnet.privilege.base.PrivilegeContainer;
|
||||
import ch.eitchnet.privilege.i18n.PrivilegeException;
|
||||
import ch.eitchnet.privilege.model.Restrictable;
|
||||
import ch.eitchnet.privilege.model.internal.Privilege;
|
||||
|
@ -39,7 +40,7 @@ public class DefaultRestriction implements RestrictionPolicy {
|
|||
}
|
||||
|
||||
// get restriction object for users role
|
||||
Privilege privilege = role.getPrivilege(restrictionKey);
|
||||
Privilege privilege = PrivilegeContainer.getInstance().getPersistenceHandler().getPrivilege(restrictionKey);
|
||||
|
||||
// no restriction object means no privilege
|
||||
// TODO should default deny/allow policy be configurable?
|
||||
|
|
Loading…
Reference in New Issue