Strolch
/
strolch
mirror of https://github.com/strolch-li/strolch.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[Interface] modified privilege to have only two configuration files: Privilege.xml for the configuration for the handlers and Policies. and PrivilegeModel.xml for the configuration of the run time modifiable data (roles, users, privileges)

This commit is contained in:
eitch 2011-07-28 20:50:35 +00:00
parent e7b8de2765
commit f26013583d
18 changed files with 328 additions and 329 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
config/Privilege.xml Normal file
View File

@ -0,0 +1,29 @@
<?xml version="1.0" encoding="UTF-8"?>
<Privilege>
<Container>
<Parameters>
<!-- parameters for the container itself -->
</Parameters>
<EncryptionHandler class="ch.eitchnet.privilege.handler.DefaultEncryptionHandler">
<Parameters>
<Parameter name="hashAlgorithm" value="SHA-256" />
</Parameters>
</EncryptionHandler>
<PersistenceHandler class="ch.eitchnet.privilege.handler.XmlPersistenceHandler">
<Parameters>
<Parameter name="basePath" value="./config" />
<Parameter name="modelXmlFile" value="PrivilegeModel.xml" />
</Parameters>
</PersistenceHandler>
</Container>
<Policies>
<Policy name="DefaultPrivilege" class="ch.eitchnet.privilege.policy.DefaultPrivilege" />
</Policies>
</Privilege>

22
config/PrivilegeContainer.xml
View File

@ -1,22 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<PrivilegeContainer>
<PrivilegeHandler class="ch.eitchnet.privilege.handler.DefaultPrivilegeHandler" />
<EncryptionHandler class="ch.eitchnet.privilege.handler.DefaultEncryptionHandler">
<Parameters>
<Parameter name="hashAlgorithm" value="SHA-256" />
</Parameters>
</EncryptionHandler>
<PersistenceHandler class="ch.eitchnet.privilege.handler.XmlPersistenceHandler">
<Parameters>
<Parameter name="basePath" value="./config" />
<Parameter name="usersXmlFile" value="PrivilegeUsers.xml" />
<Parameter name="rolesXmlFile" value="PrivilegeRoles.xml" />
<Parameter name="privilegesXmlFile" value="Privileges.xml" />
<Parameter name="policyXmlFile" value="PrivilegePolicies.xml" />
</Parameters>
</PersistenceHandler>
</PrivilegeContainer>

49
config/PrivilegeModel.xml Normal file
View File

@ -0,0 +1,49 @@
<?xml version="1.0" encoding="UTF-8"?>
<UsersAndRoles>
<Privileges>
<Privilege name="NoRestriction" policy="DefaultPrivilege">
<AllAllowed>true</AllAllowed>
<Deny></Deny>
<Allow></Allow>
</Privilege>
<Privilege name="Service" policy="DefaultPrivilege">
<AllAllowed>false</AllAllowed>
<Deny></Deny>
<Allow>ch.eitchnet.privilege.test.TestRestrictable</Allow>
</Privilege>
</Privileges>
<Users>
<User userId="1" username="eitch" password="c775e7b757ede630cd0aa1113bd102661ab38829ca52a6422ab782862f268646">
<Firstname>Robert</Firstname>
<Surname>von Burg</Surname>
<State>ENABLED</State>
<Locale>en_GB</Locale>
<Roles>
<Role>PrivilegeAdmin</Role>
<Role>admin</Role>
<Role>serviceExecutor</Role>
</Roles>
</User>
</Users>
<Roles>
<Role name="PrivilegeAdmin" />
<Role name="admin">
<Privilege name="NoRestriction" />
</Role>
<Role name="user" />
<Role name="serviceExecutor">
<Privilege name="Service" />
</Role>
</Roles>
</UsersAndRoles>

6
config/PrivilegePolicies.xml
View File

@ -1,6 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<PrivilegePolicies>
<Policy name="DefaultPrivilege" class="ch.eitchnet.privilege.policy.DefaultPrivilege" />
</PrivilegePolicies>

13
config/PrivilegeRoles.xml
View File

@ -1,13 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<PrivilegeRoles>
<Role name="PrivilegeAdmin" />
<Role name="admin">
<Privilege name="NoRestriction" />
</Role>
<Role name="user" />
<Role name="serviceExecutor">
<Privilege name="Service" />
</Role>
</PrivilegeRoles>

16
config/PrivilegeUsers.xml
View File

@ -1,16 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<PrivilegesUsers>
<User username="eitch" password="c775e7b757ede630cd0aa1113bd102661ab38829ca52a6422ab782862f268646">
<Firstname>Robert</Firstname>
<Surname>von Burg</Surname>
<State>ENABLED</State>
<Locale>en_GB</Locale>
<Roles>
<Role>PrivilegeAdmin</Role>
<Role>admin</Role>
<Role>serviceExecutor</Role>
</Roles>
</User>
</PrivilegesUsers>

16
config/Privileges.xml
View File

@ -1,16 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<Privileges>
<Privilege name="NoRestriction" policy="DefaultPrivilege">
<AllAllowed>true</AllAllowed>
<Deny></Deny>
<Allow></Allow>
</Privilege>
<Privilege name="Service" policy="DefaultPrivilege">
<AllAllowed>false</AllAllowed>
<Deny></Deny>
<Allow>ch.eitchnet.privilege.test.TestRestrictable</Allow>
</Privilege>
</Privileges>

3
src/ch/eitchnet/privilege/handler/DefaultPrivilegeHandler.java
View File

@ -645,8 +645,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
Certificate certificate = new Certificate(sessionId, username, authToken, authPassword, user.getLocale());
// create and save a new session
Session session = new Session(sessionId, authToken, authPassword, user.getUsername(),
System.currentTimeMillis());
Session session = new Session(sessionId, username, authToken, authPassword, System.currentTimeMillis());
this.sessionMap.put(sessionId, new CertificateSessionPair(session, certificate));
// log

4
src/ch/eitchnet/privilege/handler/PersistenceHandler.java
View File

@ -151,6 +151,8 @@ public interface PersistenceHandler {
*
* @param parameterMap
* a map containing configuration properties
* @param policyMap
* map of policy key/policy class pairs
*/
public void initialize(Map<String, String> parameterMap);
public void initialize(Map<String, String> parameterMap, Map<String, Class<PrivilegePolicy>> policyMap);
}

250
src/ch/eitchnet/privilege/handler/XmlPersistenceHandler.java
View File

@ -36,7 +36,7 @@ import ch.eitchnet.privilege.policy.PrivilegePolicy;
/**
* {@link PersistenceHandler} implementation which reads the configuration from XML files. These configuration is passed
* in {@link #initialize(Map)}
* in {@link #initialize(Map, Map)}
*
* @author rvonburg
*/
@ -49,11 +49,9 @@ public class XmlPersistenceHandler implements PersistenceHandler {
private Map<String, Privilege> privilegeMap;
private Map<String, Class<PrivilegePolicy>> policyMap;
private long usersFileDate;
private long modelsFileDate;
private boolean userMapDirty;
private long rolesFileDate;
private boolean roleMapDirty;
private long privilegesFileDate;
private boolean privilegeMapDirty;
private Map<String, String> parameterMap;
@ -171,87 +169,51 @@ public class XmlPersistenceHandler implements PersistenceHandler {
@Override
public boolean persist() {
// USERS
// get users file name
String usersFileName = this.parameterMap.get(XmlConstants.XML_PARAM_USERS_FILE);
if (usersFileName == null || usersFileName.isEmpty()) {
// get models file name
String modelFileName = this.parameterMap.get(XmlConstants.XML_PARAM_MODEL_FILE);
if (modelFileName == null || modelFileName.isEmpty()) {
throw new PrivilegeException("[" + PersistenceHandler.class.getName() + "] Defined parameter "
+ XmlConstants.XML_PARAM_USERS_FILE + " is invalid");
+ XmlConstants.XML_PARAM_MODEL_FILE + " is invalid");
}
// get users file
File usersFile = new File(this.basePath + "/" + usersFileName);
boolean usersFileUnchanged = usersFile.exists() && usersFile.lastModified() == this.usersFileDate;
if (!this.userMapDirty && usersFileUnchanged) {
logger.warn("No users unpersisted and user file unchanged on file system");
} else {
logger.info("Persisting users...");
// build XML DOM of users
List<Element> users = toDomUsers();
Element rootElement = DocumentFactory.getInstance().createElement(XmlConstants.XML_USERS);
for (Element userElement : users) {
rootElement.add(userElement);
}
// write DOM to file
XmlHelper.writeElement(rootElement, usersFile);
this.userMapDirty = true;
// get model file
File modelFile = new File(this.basePath + "/" + modelFileName);
boolean modelFileUnchanged = modelFile.exists() && modelFile.lastModified() == this.modelsFileDate;
if (!(modelFileUnchanged && this.privilegeMapDirty && this.roleMapDirty && this.userMapDirty)) {
logger.warn("Not persisting as current file is unchanged and model data is not dirty");
return false;
}
DocumentFactory docFactory = DocumentFactory.getInstance();
// create root element
Element rootElement = docFactory.createElement(XmlConstants.XML_ROOT_PRIVILEGE_USERS_AND_ROLES);
// USERS
// build XML DOM of users
List<Element> users = toDomUsers();
Element usersElement = docFactory.createElement(XmlConstants.XML_USERS);
for (Element userElement : users) {
usersElement.add(userElement);
}
rootElement.add(usersElement);
// ROLES
// get roles file name
String rolesFileName = this.parameterMap.get(XmlConstants.XML_PARAM_ROLES_FILE);
if (rolesFileName == null || rolesFileName.isEmpty()) {
throw new PrivilegeException("[" + PersistenceHandler.class.getName() + "] Defined parameter "
+ XmlConstants.XML_PARAM_ROLES_FILE + " is invalid");
}
// get roles file
File rolesFile = new File(this.basePath + "/" + rolesFileName);
boolean rolesFileUnchanged = rolesFile.exists() && rolesFile.lastModified() == this.rolesFileDate;
if (!this.roleMapDirty && rolesFileUnchanged) {
logger.warn("No roles unpersisted and roles file unchanged on file system");
} else {
logger.info("Persisting roles...");
// build XML DOM of roles
List<Element> roles = toDomRoles();
Element rootElement = DocumentFactory.getInstance().createElement(XmlConstants.XML_ROLES);
for (Element roleElement : roles) {
rootElement.add(roleElement);
}
// write DOM to file
XmlHelper.writeElement(rootElement, rolesFile);
this.roleMapDirty = true;
// build XML DOM of roles
List<Element> roles = toDomRoles();
Element rolesElement = docFactory.createElement(XmlConstants.XML_ROLES);
for (Element roleElement : roles) {
rolesElement.add(roleElement);
}
rootElement.add(rolesElement);
// PRIVILEGES
// get privileges file name
String privilegesFileName = this.parameterMap.get(XmlConstants.XML_PARAM_PRIVILEGES_FILE);
if (privilegesFileName == null || privilegesFileName.isEmpty()) {
throw new PrivilegeException("[" + PersistenceHandler.class.getName() + "] Defined parameter "
+ XmlConstants.XML_PARAM_PRIVILEGES_FILE + " is invalid");
}
// get privileges file
File privilegesFile = new File(this.basePath + "/" + privilegesFileName);
boolean privilegesFileUnchanged = privilegesFile.exists()
&& privilegesFile.lastModified() == this.privilegesFileDate;
if (!this.privilegeMapDirty && privilegesFileUnchanged) {
logger.warn("No privileges unpersisted and privileges file unchanged on file system");
} else {
logger.info("Persisting privileges...");
// build XML DOM of privileges
List<Element> privileges = toDomPrivileges();
Element rootElement = DocumentFactory.getInstance().createElement(XmlConstants.XML_PRIVILEGES);
for (Element privilegeElement : privileges) {
rootElement.add(privilegeElement);
}
// write DOM to file
XmlHelper.writeElement(rootElement, privilegesFile);
this.privilegeMapDirty = true;
// build XML DOM of privileges
List<Element> privileges = toDomPrivileges();
Element privilegesElement = docFactory.createElement(XmlConstants.XML_PRIVILEGES);
for (Element privilegeElement : privileges) {
privilegesElement.add(privilegeElement);
}
rootElement.add(privilegesElement);
// reset dirty states and return if something was dirty, false otherwise
if (this.userMapDirty || this.roleMapDirty || this.privilegeMapDirty) {
@ -274,12 +236,12 @@ public class XmlPersistenceHandler implements PersistenceHandler {
* @see ch.eitchnet.privilege.handler.EncryptionHandler#initialize(java.util.Map)
*/
@Override
public void initialize(Map<String, String> parameterMap) {
public void initialize(Map<String, String> parameterMap, Map<String, Class<PrivilegePolicy>> policyMap) {
this.roleMap = Collections.synchronizedMap(new HashMap<String, Role>());
this.userMap = Collections.synchronizedMap(new HashMap<String, User>());
this.privilegeMap = Collections.synchronizedMap(new HashMap<String, Privilege>());
this.policyMap = Collections.synchronizedMap(new HashMap<String, Class<PrivilegePolicy>>());
this.policyMap = policyMap;
// get and validate base bath
this.basePath = parameterMap.get(XmlConstants.XML_PARAM_BASE_PATH);
@ -289,96 +251,42 @@ public class XmlPersistenceHandler implements PersistenceHandler {
+ XmlConstants.XML_PARAM_BASE_PATH + " is invalid");
}
// get model file name
String modelFileName = parameterMap.get(XmlConstants.XML_PARAM_MODEL_FILE);
if (modelFileName == null || modelFileName.isEmpty()) {
throw new PrivilegeException("[" + PersistenceHandler.class.getName() + "] Defined parameter "
+ XmlConstants.XML_PARAM_MODEL_FILE + " is invalid");
}
// validate file exists
File modelsFile = new File(this.basePath + "/" + modelFileName);
if (!modelsFile.exists()) {
throw new PrivilegeException("[" + PersistenceHandler.class.getName() + "] Defined parameter "
+ XmlConstants.XML_PARAM_MODEL_FILE + " is invalid as models file does not exist at path "
+ modelsFile.getAbsolutePath());
}
// parse models xml file to XML document
Element modelsRootElement = XmlHelper.parseDocument(modelsFile).getRootElement();
this.modelsFileDate = modelsFile.lastModified();
// ROLES
// get roles file name
String rolesFileName = parameterMap.get(XmlConstants.XML_PARAM_ROLES_FILE);
if (rolesFileName == null || rolesFileName.isEmpty()) {
throw new PrivilegeException("[" + PersistenceHandler.class.getName() + "] Defined parameter "
+ XmlConstants.XML_PARAM_ROLES_FILE + " is invalid");
}
// get roles file
File rolesFile = new File(this.basePath + "/" + rolesFileName);
if (!rolesFile.exists()) {
throw new PrivilegeException("[" + PersistenceHandler.class.getName() + "] Defined parameter "
+ XmlConstants.XML_PARAM_ROLES_FILE + " is invalid as roles file does not exist at path "
+ rolesFile.getAbsolutePath());
}
// parse roles xml file to XML document
Element rolesRootElement = XmlHelper.parseDocument(rolesFile).getRootElement();
// get roles element
Element rolesElement = modelsRootElement.element(XmlConstants.XML_ROLES);
// read roles
readRoles(rolesRootElement);
this.rolesFileDate = rolesFile.lastModified();
readRoles(rolesElement);
// USERS
// get users file name
String usersFileName = parameterMap.get(XmlConstants.XML_PARAM_USERS_FILE);
if (usersFileName == null || usersFileName.isEmpty()) {
throw new PrivilegeException("[" + PersistenceHandler.class.getName() + "] Defined parameter "
+ XmlConstants.XML_PARAM_USERS_FILE + " is invalid");
}
// get users file
File usersFile = new File(this.basePath + "/" + usersFileName);
if (!usersFile.exists()) {
throw new PrivilegeException("[" + PersistenceHandler.class.getName() + "] Defined parameter "
+ XmlConstants.XML_PARAM_USERS_FILE + " is invalid as users file does not exist at path "
+ usersFile.getAbsolutePath());
}
// parse users xml file to XML document
Element usersRootElement = XmlHelper.parseDocument(usersFile).getRootElement();
// get users element
Element usersElement = modelsRootElement.element(XmlConstants.XML_USERS);
// read users
readUsers(usersRootElement);
this.usersFileDate = usersFile.lastModified();
readUsers(usersElement);
// PRIVILEGES
// get privileges file name
String privilegesFileName = parameterMap.get(XmlConstants.XML_PARAM_PRIVILEGES_FILE);
if (privilegesFileName == null || privilegesFileName.isEmpty()) {
throw new PrivilegeException("[" + PersistenceHandler.class.getName() + "] Defined parameter "
+ XmlConstants.XML_PARAM_PRIVILEGES_FILE + " is invalid");
}
// get privileges file
File privilegesFile = new File(this.basePath + "/" + privilegesFileName);
if (!privilegesFile.exists()) {
throw new PrivilegeException("[" + PersistenceHandler.class.getName() + "] Defined parameter "
+ XmlConstants.XML_PARAM_PRIVILEGES_FILE + " is invalid as privileges file does not exist at path "
+ privilegesFile.getAbsolutePath());
}
// parse privileges xml file to XML document
Element privilegesRootElement = XmlHelper.parseDocument(privilegesFile).getRootElement();
// get privileges element
Element privilegesElement = modelsRootElement.element(XmlConstants.XML_PRIVILEGES);
// read privileges
readPrivileges(privilegesRootElement);
this.privilegesFileDate = privilegesFile.lastModified();
// POLICIES
// get policy file name
String policyFileName = parameterMap.get(XmlConstants.XML_PARAM_POLICY_FILE);
if (policyFileName == null || policyFileName.isEmpty()) {
throw new PrivilegeException("[" + PersistenceHandler.class.getName() + "] Defined parameter "
+ XmlConstants.XML_PARAM_POLICY_FILE + " is invalid");
}
// get policy file
File policyFile = new File(this.basePath + "/" + policyFileName);
if (!policyFile.exists()) {
throw new PrivilegeException("[" + PersistenceHandler.class.getName() + "] Defined parameter "
+ XmlConstants.XML_PARAM_POLICY_FILE + " is invalid as policy file does not exist at path "
+ policyFile.getAbsolutePath());
}
// parse policy xml file to XML document
Element policiesRootElement = XmlHelper.parseDocument(policyFile).getRootElement();
// read policies
readPolicies(policiesRootElement);
readPrivileges(privilegesElement);
this.userMapDirty = false;
this.roleMapDirty = false;
@ -397,8 +305,10 @@ public class XmlPersistenceHandler implements PersistenceHandler {
break;
}
}
if (!privilegeAdminExists) {
logger.warn("No User with PrivilegeAdmin role exists. Privilege modifications will not be possible!");
logger.warn("No User with role '" + PrivilegeHandler.PRIVILEGE_ADMIN_ROLE
+ "' exists. Privilege modifications will not be possible!");
}
}
@ -441,6 +351,7 @@ public class XmlPersistenceHandler implements PersistenceHandler {
// create user
User user = new User(userId, username, password, firstname, surname, userState,
Collections.unmodifiableSet(roles), locale);
logger.info("Added user " + user);
// put user in map
this.userMap.put(username, user);
@ -516,23 +427,6 @@ public class XmlPersistenceHandler implements PersistenceHandler {
}
}
/**
* @param policiesRootElement
*/
private void readPolicies(Element policiesRootElement) {
@SuppressWarnings("unchecked")
List<Element> policyElements = policiesRootElement.elements(XmlConstants.XML_POLICY);
for (Element policyElement : policyElements) {
String policyName = policyElement.attributeValue(XmlConstants.XML_ATTR_NAME);
String policyClass = policyElement.attributeValue(XmlConstants.XML_ATTR_CLASS);
Class<PrivilegePolicy> clazz = ClassHelper.loadClass(policyClass);
this.policyMap.put(policyName, clazz);
}
}
private List<Element> toDomPrivileges() {
List<Element> privilegesAsElements = new ArrayList<Element>(this.privilegeMap.size());

47
src/ch/eitchnet/privilege/helper/BootstrapConfigurationHelper.java
View File

@ -46,17 +46,13 @@ public class BootstrapConfigurationHelper {
private static String path;
private static String defaultPrivilegeContainerXmlFile = "PrivilegeContainer.xml";
private static String defaultPrivilegeContainerXmlFile = "Privilege.xml";
private static String usersFileName = "PrivilegeUsers.xml";
private static String rolesFileName = "PrivilegeRoles.xml";
private static String privilegesFileName = "Privileges.xml";
private static String basePath = "";
private static String modelFileName = "PrivilegeUsers.xml";
private static String hashAlgorithm = "SHA-256";
private static String policyXmlFile = "PrivilegePolicies.xml";
private static String defaultPrivilegeHandler = "ch.eitchnet.privilege.handler.DefaultPrivilegeHandler";
private static String defaultPersistenceHandler = "ch.eitchnet.privilege.handler.DefaultPersistenceHandler";
private static String defaultEncryptionHandler = "ch.eitchnet.privilege.handler.DefaultEncryptionHandler";
@ -116,48 +112,35 @@ public class BootstrapConfigurationHelper {
// create document root
DocumentFactory factory = DocumentFactory.getInstance();
Document doc = factory.createDocument(XmlHelper.DEFAULT_ENCODING);
doc.setName(XmlConstants.XML_ROOT_PRIVILEGE_CONTAINER);
Element rootElement = factory.createElement(XmlConstants.XML_ROOT_PRIVILEGE_CONTAINER);
doc.setName(XmlConstants.XML_ROOT_PRIVILEGE);
Element rootElement = factory.createElement(XmlConstants.XML_ROOT_PRIVILEGE);
doc.setRootElement(rootElement);
Element containerElement = factory.createElement(XmlConstants.XML_CONTAINER);
Element parameterElement;
Element parametersElement;
// create PersistenceHandler
Element persistenceHandlerElem = factory.createElement(XmlConstants.XML_HANDLER_PERSISTENCE);
rootElement.add(persistenceHandlerElem);
containerElement.add(persistenceHandlerElem);
persistenceHandlerElem.addAttribute(XmlConstants.XML_ATTR_CLASS, defaultPersistenceHandler);
parametersElement = factory.createElement(XmlConstants.XML_PARAMETERS);
persistenceHandlerElem.add(parametersElement);
// Parameter usersXmlFile
// Parameter basePath
parameterElement = factory.createElement(XmlConstants.XML_PARAMETER);
parameterElement.addAttribute(XmlConstants.XML_ATTR_NAME, XmlConstants.XML_PARAM_USERS_FILE);
parameterElement.addAttribute(XmlConstants.XML_ATTR_VALUE, usersFileName);
parameterElement.addAttribute(XmlConstants.XML_ATTR_NAME, XmlConstants.XML_PARAM_BASE_PATH);
parameterElement.addAttribute(XmlConstants.XML_ATTR_VALUE, basePath);
parametersElement.add(parameterElement);
// Parameter rolesXmlFile
// Parameter modelXmlFile
parameterElement = factory.createElement(XmlConstants.XML_PARAMETER);
parameterElement.addAttribute(XmlConstants.XML_ATTR_NAME, XmlConstants.XML_PARAM_ROLES_FILE);
parameterElement.addAttribute(XmlConstants.XML_ATTR_VALUE, rolesFileName);
parameterElement.addAttribute(XmlConstants.XML_ATTR_NAME, XmlConstants.XML_PARAM_MODEL_FILE);
parameterElement.addAttribute(XmlConstants.XML_ATTR_VALUE, modelFileName);
parametersElement.add(parameterElement);
// Parameter privilegesXmlFile
parameterElement = factory.createElement(XmlConstants.XML_PARAMETER);
parameterElement.addAttribute(XmlConstants.XML_ATTR_NAME, XmlConstants.XML_PARAM_PRIVILEGES_FILE);
parameterElement.addAttribute(XmlConstants.XML_ATTR_VALUE, privilegesFileName);
parametersElement.add(parameterElement);
// Parameter policyXmlFile
parameterElement = factory.createElement(XmlConstants.XML_PARAMETER);
parameterElement.addAttribute(XmlConstants.XML_ATTR_NAME, XmlConstants.XML_PARAM_POLICY_FILE);
parameterElement.addAttribute(XmlConstants.XML_ATTR_VALUE, policyXmlFile);
parametersElement.add(parameterElement);
// create PrivilegeHandler
Element privilegeHandlerElem = factory.createElement(XmlConstants.XML_HANDLER_PRIVILEGE);
rootElement.add(privilegeHandlerElem);
privilegeHandlerElem.addAttribute(XmlConstants.XML_ATTR_CLASS, defaultPrivilegeHandler);
// create EncryptionHandler
Element encryptionHandlerElem = factory.createElement(XmlConstants.XML_HANDLER_ENCRYPTION);
rootElement.add(encryptionHandlerElem);
containerElement.add(encryptionHandlerElem);
encryptionHandlerElem.addAttribute(XmlConstants.XML_ATTR_CLASS, defaultEncryptionHandler);
parametersElement = factory.createElement(XmlConstants.XML_PARAMETERS);
encryptionHandlerElem.add(parametersElement);

66
src/ch/eitchnet/privilege/helper/InitializationHelper.java
View File

@ -18,10 +18,12 @@ import java.util.Map;
import org.apache.log4j.Logger;
import org.dom4j.Element;
import ch.eitchnet.privilege.handler.DefaultPrivilegeHandler;
import ch.eitchnet.privilege.handler.EncryptionHandler;
import ch.eitchnet.privilege.handler.PersistenceHandler;
import ch.eitchnet.privilege.handler.PrivilegeHandler;
import ch.eitchnet.privilege.i18n.PrivilegeException;
import ch.eitchnet.privilege.policy.PrivilegePolicy;
/**
* This class implements the initializing of the {@link PrivilegeHandler} by loading an XML file containing the
@ -36,36 +38,38 @@ public class InitializationHelper {
/**
* Initializes the {@link PrivilegeHandler} from the configuration file
*
* @param privilegeContainerXmlFile
* @param privilegeXmlFile
* a {@link File} reference to the XML file containing the configuration for Privilege
*
* @return the {@link PrivilegeHandler} instance loaded from the configuration file
*/
public static PrivilegeHandler initializeFromXml(File privilegeContainerXmlFile) {
public static PrivilegeHandler initializeFromXml(File privilegeXmlFile) {
// make sure file exists
if (!privilegeContainerXmlFile.exists()) {
throw new PrivilegeException("Privilige file does not exist at path "
+ privilegeContainerXmlFile.getAbsolutePath());
if (!privilegeXmlFile.exists()) {
throw new PrivilegeException("Privilege file does not exist at path " + privilegeXmlFile.getAbsolutePath());
}
// parse container xml file to XML document
Element containerRootElement = XmlHelper.parseDocument(privilegeContainerXmlFile).getRootElement();
Element rootElement = XmlHelper.parseDocument(privilegeXmlFile).getRootElement();
Element containerElement = rootElement.element(XmlConstants.XML_CONTAINER);
// instantiate encryption handler
Element encryptionHandlerElement = containerRootElement.element(XmlConstants.XML_HANDLER_ENCRYPTION);
Element encryptionHandlerElement = containerElement.element(XmlConstants.XML_HANDLER_ENCRYPTION);
String encryptionHandlerClassName = encryptionHandlerElement.attributeValue(XmlConstants.XML_ATTR_CLASS);
EncryptionHandler encryptionHandler = ClassHelper.instantiateClass(encryptionHandlerClassName);
// instantiate persistence handler
Element persistenceHandlerElement = containerRootElement.element(XmlConstants.XML_HANDLER_PERSISTENCE);
Element persistenceHandlerElement = containerElement.element(XmlConstants.XML_HANDLER_PERSISTENCE);
String persistenceHandlerClassName = persistenceHandlerElement.attributeValue(XmlConstants.XML_ATTR_CLASS);
PersistenceHandler persistenceHandler = ClassHelper.instantiateClass(persistenceHandlerClassName);
// instantiate privilege handler
Element privilegeHandlerElement = containerRootElement.element(XmlConstants.XML_HANDLER_PRIVILEGE);
String privilegeHandlerClassName = privilegeHandlerElement.attributeValue(XmlConstants.XML_ATTR_CLASS);
PrivilegeHandler privilegeHandler = ClassHelper.instantiateClass(privilegeHandlerClassName);
PrivilegeHandler privilegeHandler = new DefaultPrivilegeHandler();
// get policies
Element policiesElement = rootElement.element(XmlConstants.XML_POLICIES);
Map<String, Class<PrivilegePolicy>> policyMap = convertToPolicyMap(policiesElement);
try {
@ -89,7 +93,7 @@ public class InitializationHelper {
Map<String, String> parameterMap = convertToParameterMap(parameterElement);
// initialize persistence handler
persistenceHandler.initialize(parameterMap);
persistenceHandler.initialize(parameterMap, policyMap);
} catch (Exception e) {
logger.error(e, e);
@ -100,7 +104,7 @@ public class InitializationHelper {
try {
// get parameters
Element parameterElement = privilegeHandlerElement.element(XmlConstants.XML_PARAMETERS);
Element parameterElement = containerElement.element(XmlConstants.XML_PARAMETERS);
Map<String, String> parameterMap = convertToParameterMap(parameterElement);
// initialize privilege handler
@ -108,7 +112,8 @@ public class InitializationHelper {
} catch (Exception e) {
logger.error(e, e);
throw new PrivilegeException("PrivilegeHandler " + privilegeHandlerClassName + " could not be initialized");
throw new PrivilegeException("PrivilegeHandler " + privilegeHandler.getClass().getName()
+ " could not be initialized");
}
return privilegeHandler;
@ -147,4 +152,37 @@ public class InitializationHelper {
return parameterMap;
}
/**
* Converts an {@link XmlConstants#XML_POLICIES} element containing {@link XmlConstants#XML_POLICY} elements to a
* {@link Map} of String/Class pairs
*
* @param element
* the XML {@link Element} with name {@link XmlConstants#XML_POLICIES} containing
* {@link XmlConstants#XML_POLICY} elements
*
* @return the {@link Map} of the policy name/class combinations from the given {@link Element}
*/
@SuppressWarnings("unchecked")
public static Map<String, Class<PrivilegePolicy>> convertToPolicyMap(Element element) {
Map<String, Class<PrivilegePolicy>> policyMap = new HashMap<String, Class<PrivilegePolicy>>();
List<Element> policyElements = element.elements(XmlConstants.XML_POLICY);
for (Element policyElement : policyElements) {
String policyName = policyElement.attributeValue(XmlConstants.XML_ATTR_NAME);
String policyClass = policyElement.attributeValue(XmlConstants.XML_ATTR_CLASS);
Class<PrivilegePolicy> clazz;
try {
clazz = ClassHelper.loadClass(policyClass);
} catch (PrivilegeException e) {
throw new PrivilegeException("The Policy with name " + policyName + " does not exist", e);
}
policyMap.put(policyName, clazz);
}
return policyMap;
}
}

66
src/ch/eitchnet/privilege/helper/XmlConstants.java
View File

@ -19,32 +19,38 @@ public class XmlConstants {
/**
* XML_ROOT_PRIVILEGE_CONTAINER = "PrivilegeContainer" :
*/
public static final String XML_ROOT_PRIVILEGE_CONTAINER = "PrivilegeContainer";
public static final String XML_ROOT_PRIVILEGE = "Privilege";
/**
* XML_ROOT_PRIVILEGE_ROLES = "PrivilegeRoles" :
* XML_CONTAINER = "Container" :
*/
public static final String XML_ROOT_PRIVILEGE_ROLES = "PrivilegeRoles";
public static final String XML_CONTAINER = "Container";
/**
* XML_ROOT_PRIVILEGES = "Privileges" :
* XML_POLICIES = "Policies" :
*/
public static final String XML_ROOT_PRIVILEGES = "Privileges";
public static final String XML_POLICIES = "Policies";
/**
* XML_ROOT_PRIVILEGE_USERS = "PrivilegesUsers" :
* XML_PRIVILEGES = "Privileges" :
*/
public static final String XML_ROOT_PRIVILEGE_USERS = "PrivilegesUsers";
public static final String XML_PRIVILEGES = "Privileges";
/**
* XML_ROOT_PRIVILEGE_POLICIES = "PrivilegePolicies" :
* XML_ROOT_PRIVILEGE_USERS_AND_ROLES = "UsersAndRoles" :
*/
public static final String XML_ROOT_PRIVILEGE_POLICIES = "PrivilegePolicies";
public static final String XML_ROOT_PRIVILEGE_USERS_AND_ROLES = "UsersAndRoles";
/**
* XML_HANDLER_PERSISTENCE = "PersistenceHandler" :
*/
public static final String XML_HANDLER_PERSISTENCE = "PersistenceHandler";
/**
* XML_HANDLER_ENCRYPTION = "EncryptionHandler" :
*/
public static final String XML_HANDLER_ENCRYPTION = "EncryptionHandler";
/**
* XML_HANDLER_PRIVILEGE = "PrivilegeHandler" :
*/
@ -54,62 +60,72 @@ public class XmlConstants {
* XML_ROLES = "Roles" :
*/
public static final String XML_ROLES = "Roles";
/**
* XML_ROLE = "Role" :
*/
public static final String XML_ROLE = "Role";
/**
* XML_USERS = "Users" :
*/
public static final String XML_USERS = "Users";
/**
* XML_USER = "User"
*/
public static final String XML_USER = "User";
/**
* XML_PRIVILEGES = "Privileges" :
*/
public static final String XML_PRIVILEGES = "Privileges";
/**
* XML_PRIVILEGE = "Privilege" :
*/
public static final String XML_PRIVILEGE = "Privilege";
/**
* XML_POLICY = "Policy" :
*/
public static final String XML_POLICY = "Policy";
/**
* XML_PARAMETERS = "Parameters" :
*/
public static final String XML_PARAMETERS = "Parameters";
/**
* XML_PARAMETER = "Parameter" :
*/
public static final String XML_PARAMETER = "Parameter";
/**
* XML_ALL_ALLOWED = "AllAllowed" :
*/
public static final String XML_ALL_ALLOWED = "AllAllowed";
/**
* XML_DENY = "Deny" :
*/
public static final String XML_DENY = "Deny";
/**
* XML_ALLOW = "Allow" :
*/
public static final String XML_ALLOW = "Allow";
/**
* XML_FIRSTNAME = "Firstname" :
*/
public static final String XML_FIRSTNAME = "Firstname";
/**
* XML_SURNAME = "Surname" :
*/
public static final String XML_SURNAME = "Surname";
/**
* XML_STATE = "State" :
*/
public static final String XML_STATE = "State";
/**
* XML_LOCALE = "Locale" :
*/
@ -119,26 +135,32 @@ public class XmlConstants {
* XML_ATTR_CLASS = "class" :
*/
public static final String XML_ATTR_CLASS = "class";
/**
* XML_ATTR_NAME = "name" :
*/
public static final String XML_ATTR_NAME = "name";
/**
* XML_ATTR_VALUE = "value" :
*/
public static final String XML_ATTR_VALUE = "value";
/**
* XML_ATTR_POLICY = "policy" :
*/
public static final String XML_ATTR_POLICY = "policy";
/**
* XML_ATTR_USER_ID = "userId" :
*/
public static final String XML_ATTR_USER_ID = "userId";
/**
* XML_ATTR_USERNAME = "username" :
*/
public static final String XML_ATTR_USERNAME = "username";
/**
* XML_ATTR_PASSWORD = "password" :
*/
@ -148,22 +170,12 @@ public class XmlConstants {
* XML_PARAM_HASH_ALGORITHM = "hashAlgorithm" :
*/
public static final String XML_PARAM_HASH_ALGORITHM = "hashAlgorithm";
/**
* XML_PARAM_POLICY_FILE = "policyXmlFile" :
* XML_PARAM_MODEL_FILE = "modelXmlFile" :
*/
public static final String XML_PARAM_POLICY_FILE = "policyXmlFile";
/**
* XML_PARAM_ROLES_FILE = "rolesXmlFile" :
*/
public static final String XML_PARAM_ROLES_FILE = "rolesXmlFile";
/**
* XML_PARAM_USERS_FILE = "usersXmlFile" :
*/
public static final String XML_PARAM_USERS_FILE = "usersXmlFile";
/**
* XML_PARAM_PRIVILEGES_FILE = "privilegesXmlFile" :
*/
public static final String XML_PARAM_PRIVILEGES_FILE = "privilegesXmlFile";
public static final String XML_PARAM_MODEL_FILE = "modelXmlFile";
/**
* XML_PARAM_BASE_PATH = "basePath" :
*/

20
src/ch/eitchnet/privilege/model/internal/Privilege.java
View File

@ -15,6 +15,7 @@ import java.util.HashSet;
import java.util.Set;
import ch.eitchnet.privilege.handler.PrivilegeHandler;
import ch.eitchnet.privilege.i18n.PrivilegeException;
import ch.eitchnet.privilege.model.PrivilegeRep;
import ch.eitchnet.privilege.model.Restrictable;
import ch.eitchnet.privilege.policy.PrivilegePolicy;
@ -30,7 +31,10 @@ import ch.eitchnet.privilege.policy.PrivilegePolicy;
* {@link Privilege}s have allow and deny rules which the configured {@link PrivilegeHandler} uses to
* </p>
*
* <p>Note: This is an internal object which is not to be serialized or passed to clients, {@link PrivilegeRep}s are used for that</p>
* <p>
* Note: This is an internal object which is not to be serialized or passed to clients, {@link PrivilegeRep}s are used
* for that
* </p>
*
* @author rvonburg
*/
@ -58,6 +62,20 @@ public final class Privilege {
* a list of allow rules for this {@link Privilege}
*/
public Privilege(String name, String policy, boolean allAllowed, Set<String> denyList, Set<String> allowList) {
if (name == null || name.isEmpty()) {
throw new PrivilegeException("No name defined!");
}
if (policy == null || policy.isEmpty()) {
throw new PrivilegeException("No policy defined!");
}
if (denyList == null) {
throw new PrivilegeException("No denyList defined!");
}
if (allowList == null) {
throw new PrivilegeException("No allowList defined!");
}
this.name = name;
this.policy = policy;
this.allAllowed = allAllowed;

9
src/ch/eitchnet/privilege/model/internal/Role.java
View File

@ -14,6 +14,7 @@ import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import ch.eitchnet.privilege.i18n.PrivilegeException;
import ch.eitchnet.privilege.model.RoleRep;
/**
@ -43,6 +44,14 @@ public final class Role {
* a set of names of privileges granted to this role
*/
public Role(String name, Set<String> privileges) {
if (name == null || name.isEmpty()) {
throw new PrivilegeException("No name defined!");
}
if (privileges == null) {
throw new PrivilegeException("No privileges defined!");
}
this.name = name;
this.privileges = Collections.unmodifiableSet(privileges);
}

15
src/ch/eitchnet/privilege/model/internal/Session.java
View File

@ -11,6 +11,7 @@
package ch.eitchnet.privilege.model.internal;
import ch.eitchnet.privilege.handler.PrivilegeHandler;
import ch.eitchnet.privilege.i18n.PrivilegeException;
import ch.eitchnet.privilege.model.Certificate;
/**
@ -59,6 +60,20 @@ public final class Session {
* the time the user logged in
*/
public Session(String sessionId, String username, String authToken, String authPassword, long loginTime) {
if (sessionId == null || sessionId.isEmpty()) {
throw new PrivilegeException("No sessionId defined!");
}
if (username == null || username.isEmpty()) {
throw new PrivilegeException("No username defined!");
}
if (authToken == null || authToken.isEmpty()) {
throw new PrivilegeException("No authToken defined!");
}
if (authPassword == null || authPassword.isEmpty()) {
throw new PrivilegeException("No authPassword defined!");
}
this.sessionId = sessionId;
this.username = username;
this.authToken = authToken;

24
src/ch/eitchnet/privilege/model/internal/User.java
View File

@ -15,6 +15,7 @@ import java.util.HashSet;
import java.util.Locale;
import java.util.Set;
import ch.eitchnet.privilege.i18n.PrivilegeException;
import ch.eitchnet.privilege.model.UserRep;
import ch.eitchnet.privilege.model.UserState;
@ -69,6 +70,29 @@ public final class User {
public User(String userId, String username, String password, String firstname, String surname, UserState userState,
Set<String> roles, Locale locale) {
if (userId == null || userId.isEmpty()) {
throw new PrivilegeException("No UserId defined!");
}
if (username == null || username.isEmpty()) {
throw new PrivilegeException("No username defined!");
}
// password may be null, meaning not able to login
if (firstname == null || firstname.isEmpty()) {
throw new PrivilegeException("No firstname defined!");
}
if (surname == null || surname.isEmpty()) {
throw new PrivilegeException("No surname defined!");
}
if (userState == null) {
throw new PrivilegeException("No userState defined!");
}
// roles may be null, meaning not able to login and must be added later
// local may be null, meaning use system default
this.userId = userId;
this.username = username;

2
test/ch/eitchnet/privilege/test/PrivilegeTest.java
View File

@ -55,7 +55,7 @@ public class PrivilegeTest {
// initialize container
String pwd = System.getProperty("user.dir");
File privilegeContainerXmlFile = new File(pwd + "/config/PrivilegeContainer.xml");
File privilegeContainerXmlFile = new File(pwd + "/config/Privilege.xml");
privilegeHandler = InitializationHelper.initializeFromXml(privilegeContainerXmlFile);
} catch (Exception e) {
logger.error(e, e);