MemoryAuthorizator xref

View Javadoc

1   /*
2    * $Id: MemoryAuthorizator.java 269 2005-08-10 17:49:22Z josem $
3    *
4    * Tarsis
5    * Copyright (C) 2002 Talika Open Source Group
6    *
7    * This program is free software; you can redistribute it and/or modify
8    * it under the terms of the GNU General Public License as published by
9    * the Free Software Foundation; either version 2 of the License, or
10   * (at your option) any later version.
11   *
12   * This program is distributed in the hope that it will be useful,
13   * but WITHOUT ANY WARRANTY; without even the implied warranty of
14   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15   * GNU General Public License for more details.
16   *
17   * You should have received a copy of the GNU General Public License
18   * along with this program; if not, write to the Free Software
19   * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
20   *
21   */
22  
23  package org.talika.tarsis.security.memory;
24  
25  import java.io.IOException;
26  import java.util.HashSet;
27  import java.util.Map;
28  import java.util.Set;
29  
30  import javax.xml.parsers.ParserConfigurationException;
31  import javax.xml.parsers.SAXParserFactory;
32  
33  import org.talika.tarsis.command.Command;
34  import org.talika.tarsis.context.Context;
35  import org.talika.tarsis.security.AuthorizatorService;
36  import org.talika.tarsis.security.ForbiddenAccessException;
37  import org.talika.tarsis.security.User;
38  import org.talika.tarsis.service.ServiceException;
39  import org.xml.sax.InputSource;
40  import org.xml.sax.SAXException;
41  import org.xml.sax.SAXParseException;
42  import org.xml.sax.XMLReader;
43  
44  /**
45   * XML/Memory implementation of <code>Authorizator</code> interface.
46   *
47   * @author  Jose M. Palomar
48   * @version $Revision: 269 $
49   */
50  public final class MemoryAuthorizator extends AuthorizatorService {
51  
52      // Constants
53      /**
54       * XML authorizations file.
55       */
56      private static final String AUTHORIZATIONS_FILE = "/WEB-INF/authorizations.xml";
57  
58      // Fields
59      /**
60       * Map of commad authorizations.
61       */
62      private Map commands;
63  
64      /**
65       * Map of package authorizations.
66       */
67      private Map packages;
68  
69      // Constructors
70      /**
71       * Creates a new <code>MemoryAuthorizator</code>.
72       */
73      public MemoryAuthorizator() {
74      }
75  
76      // Methods
77      /**
78       * Called by the framework to indicate that is being placed into service.<br>
79       * <br>
80       * Load authorizations from XML file.
81       *
82       * @param context Context context that initialized service.
83       * @throws ServiceException if an exception has occurred that interferes with the
84       * services's normal operation
85       * @see org.talika.tarsis.service.Service#init(Context)
86       */
87      public void init(Context context) throws ServiceException {
88          super.init(context);
89  
90          loadAuthorizations();
91          if (commands == null) {
92              throw new ServiceException("Unable to load authorizations file");
93          }
94  
95      }
96  
97      /**
98       * Returns name of service.
99       *
100      * @return String name of service.
101      * @see org.talika.tarsis.service.Service#getName()
102      */
103     public String getName() {
104         return "MemoryAuthorizator";
105     }
106 
107     /**
108      * Checks if <code>User</code> has authorizations to access <code>Command</code>.
109      * If not throws a <code>ForbiddenAccessException</code>.
110      *
111      * @param user User user to be checked.
112      * @param command Command command to be checked.
113      * @throws ForbiddenAccessException if <code>User</code> has not authorization.
114      * @see org.talika.tarsis.security.Authorizator#authorize(User, Command)
115      */
116     public void authorize(User user, Command command) throws ForbiddenAccessException {
117 
118         Set userRoles = user.getRoles();
119 
120         Set cmdRoles = (Set) this.commands.get(command.getFullName());
121         if (cmdRoles != null) {
122             Set roles = new HashSet(cmdRoles);
123             roles.retainAll(userRoles);
124             if (!roles.isEmpty()) {
125                 return;
126             }
127             throw new ForbiddenAccessException("Command " + command.getFullName() + " not allowed for user " +
128                                                "user \"" + user.getLogin() + "\"");
129         }
130 
131         Set pakRoles = (Set) this.packages.get(command.getPackage());
132         if (pakRoles != null) {
133             Set roles = new HashSet(pakRoles);
134             roles.retainAll(userRoles);
135             if (!roles.isEmpty()) {
136                 return;
137             }
138             throw new ForbiddenAccessException("Command " + command.getFullName() + " not allowed for user " +
139                                                "user \"" + user.getLogin() + "\"");
140         }
141 
142         throw new ForbiddenAccessException("Command " + command.getFullName() + " not allowed for user " +
143                                            "user \"" + user.getLogin() + "\"");
144 
145     }
146 
147     /**
148      * Returns <code>true</code> if <code>Command</code> has access restrited.
149      *
150      * @param command Command command to be checked.
151      * @return boolean <code>true</code> if <code>Command</code> has access restrited.
152      * @see org.talika.tarsis.security.Authorizator#isRestricted(Command)
153      */
154     public boolean isRestricted(Command command) {
155         return (this.packages.containsKey(command.getPackage()) ||
156                 this.commands.containsKey(command.getFullName()));
157     }
158 
159     /**
160      * Load XML authorizations file.
161      */
162     private void loadAuthorizations() {
163 
164         try {
165 
166             InputSource input = new InputSource(getContext().getResourceAsStream(AUTHORIZATIONS_FILE));
167             SAXParserFactory spf = SAXParserFactory.newInstance();
168             spf.setValidating(true);
169             spf.setNamespaceAware(false);
170 
171             XMLReader parser = null;
172             parser = spf.newSAXParser().getXMLReader();
173             XmlAuthorizationsHandler handler = new XmlAuthorizationsHandler();
174             parser.setContentHandler(handler);
175             parser.setErrorHandler(handler);
176             parser.setEntityResolver(handler);
177             parser.parse(input);
178 
179             this.commands = handler.getCommands();
180             this.packages = handler.getPackages();
181 
182         }
183         catch (SAXParseException spe) {
184             if (getLogger().isDebugEnabled()) {
185                 getLogger().logDebug("Error parsing authorizations (" + spe.getMessage() + ")");
186             }
187         }
188         catch (SAXException se) {
189             if (se.getException() != null) {
190                 if (getLogger().isDebugEnabled()) {
191                     getLogger().logDebug("Error parsing authorizations (" + se.getException().getMessage() + ")");
192                 }
193             }
194             else {
195                 if (getLogger().isDebugEnabled()) {
196                     getLogger().logDebug("Error parsing authorizations (" + se.getMessage() + ")");
197                 }
198             }
199         }
200         catch (ParserConfigurationException pce) {
201             if (getLogger().isDebugEnabled()) {
202                 getLogger().logDebug("Error parsing authorizations (" + pce.getMessage() + ")");
203             }
204         }
205         catch (IOException ioe) {
206             if (getLogger().isDebugEnabled()) {
207                 getLogger().logDebug("Error parsing authorizations (" + ioe.getMessage() + ")");
208             }
209         }
210 
211     }
212 
213 }