1/*2 * Copyright 2000-2004 The Apache Software Foundation.3 * 4 * Licensed under the Apache License, Version 2.0 (the "License");5 * you may not use this file except in compliance with the License.6 * You may obtain a copy of the License at7 * 8 * http://www.apache.org/licenses/LICENSE-2.09 * 10 * Unless required by applicable law or agreed to in writing, software11 * distributed under the License is distributed on an "AS IS" BASIS,12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.13 * See the License for the specific language governing permissions and14 * limitations under the License.15 */1617packageorg.apache.jetspeed.services.security.registry;
1819// Java imports20import java.util.Iterator;
2122import javax.servlet.ServletConfig;
2324import org.apache.jetspeed.om.SecurityReference;
25import org.apache.jetspeed.om.profile.Entry;
26import org.apache.jetspeed.om.registry.RegistryEntry;
27import org.apache.jetspeed.om.registry.SecurityEntry;
28import org.apache.jetspeed.om.security.GroupRole;
29import org.apache.jetspeed.om.security.JetspeedUser;
30import org.apache.jetspeed.portal.Portlet;
31import org.apache.jetspeed.portal.PortletController;
32import org.apache.jetspeed.portal.PortletSet;
33import org.apache.jetspeed.services.Registry;
34import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
35import org.apache.jetspeed.services.logging.JetspeedLogger;
36import org.apache.jetspeed.services.security.JetspeedRoleManagement;
37import org.apache.jetspeed.services.security.PortalAccessController;
38import org.apache.jetspeed.services.security.PortalResource;
39import org.apache.turbine.services.InitializationException;
40import org.apache.turbine.services.TurbineBaseService;
4142/***43 * TurbineAccessController44 *45 * @author <a href="paulsp@apache.org">Paul Spencer</a>46 * @version $Id: RegistryAccessController.java,v 1.10 2004/02/23 03:54:03 jford Exp $47 */48publicclassRegistryAccessControllerextends TurbineBaseService implements PortalAccessController49 {
50/***51 * Static initialization of the logger for this class52 */53privatestaticfinalJetspeedLogger logger = JetspeedLogFactoryService.getLogger(RegistryAccessController.class.getName());
5455/***56 * Given a <code>JetspeedUser</code>, authorize that user to perform the secured action on57 * the given <code>Portlet</code> resource. If the user does not have58 * sufficient privilege to perform the action on the resource, the check returns false,59 * otherwise when sufficient privilege is present, checkPermission returns true.60 *61 * @param user the user to be checked.62 * @param portlet the portlet resource.63 * @param action the secured action to be performed on the resource by the user.64 * @return boolean true if the user has sufficient privilege.65 */66publicboolean checkPermission(JetspeedUser user, Portlet portlet, String action)
67 {
68return checkPermission(user, portlet, action, null);
69 }
7071/***72 * Given a <code>JetspeedUser</code>, authorize that user to perform the secured action on73 * the given <code>Portlet</code> resource. If the user does not have74 * sufficient privilege to perform the action on the resource, the check returns false,75 * otherwise when sufficient privilege is present, checkPermission returns true.76 *77 * @param user the user to be checked.78 * @param portlet the portlet resource.79 * @param action the secured action to be performed on the resource by the user.80 * @param owner of the entry, i.e. the username81 * @return boolean true if the user has sufficient privilege.82 */83publicboolean checkPermission(JetspeedUser user, Portlet portlet, String action, String owner)
84 {
85SecurityReference securityRef = portlet.getPortletConfig().getSecurityRef();
86if (securityRef != null)
87 {
88return checkPermission( user, securityRef, action, owner);
89 }
9091 String portletName = portlet.getName();
92RegistryEntry registryEntry = null;
93// Don't query registry if portlet is a set94if (!(portlet instanceof PortletSet))
95 {
96 registryEntry = (RegistryEntry) Registry.getEntry(Registry.PORTLET, portletName);
97 }
98//portlet is not a portlet - probably a controller or control99if (registryEntry==null) {
100PortletSet ps = portlet.getPortletConfig().getPortletSet();
101if (ps != null) {
102PortletController pc = ps.getController();
103if (pc != null) {
104 portletName = pc.getConfig().getName();
105 registryEntry = (RegistryEntry)Registry.getEntry(Registry.PORTLET_CONTROLLER, portletName);
106 }
107 }
108 }
109if (registryEntry==null) {
110returntrue; // Since their is no entry, their no security to test. Per spec. all is allowed111 }
112113return checkPermission(user, registryEntry, action, owner);
114 }
115116/***117 * Given a <code>JetspeedUser</code>, authorize that user to perform the secured action on118 * the given Portlet Instance (<code>Entry</code>) resource. If the user does not have119 * sufficient privilege to perform the action on the resource, the check returns false,120 * otherwise when sufficient privilege is present, checkPermission returns true.121 *122 * @param user the user to be checked.123 * @param entry the portlet instance resource.124 * @param action the secured action to be performed on the resource by the user.125 * @return boolean true if the user has sufficient privilege.126 */127publicboolean checkPermission(JetspeedUser user, Entry entry, String action)
128 {
129return checkPermission( user, entry, action, null);
130 }
131132/***133 * Given a <code>JetspeedUser</code>, authorize that user to perform the secured action on134 * the given Portlet Instance (<code>Entry</code>) resource. If the user does not have135 * sufficient privilege to perform the action on the resource, the check returns false,136 * otherwise when sufficient privilege is present, checkPermission returns true.137 *138 * @param user the user to be checked.139 * @param entry the portlet instance resource.140 * @param action the secured action to be performed on the resource by the user.141 * @param owner of the entry, i.e. the username142 * @return boolean true if the user has sufficient privilege.143 */144publicboolean checkPermission(JetspeedUser user, Entry entry, String action, String owner)
145 {
146SecurityReference securityRef = entry.getSecurityRef();
147if (securityRef == null)
148 {
149return checkPermission( user, Registry.getEntry( Registry.PORTLET, entry.getParent()), action, owner);
150 }
151return checkPermission( user, securityRef, action, owner);
152 }
153154155/***156 * Given a <code>JetspeedUser</code>, authorize that user to perform the secured action on157 * the given resource. If the user does not have158 * sufficient privilege to perform the action on the resource, the check returns false,159 * otherwise when sufficient privilege is present, checkPermission returns true.160 *161 * @param user the user to be checked.162 * @param resource requesting an action163 * @param action the secured action to be performed on the resource by the user.164 * @return boolean true if the user has sufficient privilege.165 */166publicboolean checkPermission(JetspeedUser user, PortalResource resource, String action)
167 {
168switch (resource.getResourceType())
169 {
170case PortalResource.TYPE_ENTRY:
171return checkPermission(user, resource.getEntry(), action, resource.getOwner());
172case PortalResource.TYPE_PORTLET:
173return checkPermission(user, resource.getPortlet(), action, resource.getOwner());
174case PortalResource.TYPE_REGISTRY:
175return checkPermission(user, resource.getRegistryEntry(), action, resource.getOwner());
176case PortalResource.TYPE_REGISTRY_PARAMETER:
177return checkPermission(user, resource.getRegistryParameter(), action, resource.getOwner());
178 }
179180// We should never get here181 logger.error( "In " + this.getClass().getName() + ".checkPermission(user, resource, action) - Unkown resource = " + resource.getResourceType());
182return false;
183 }
184185/***186 * Checks if the user has access to a given registry entry for the given action187 *188 * @param user the requesting user.189 * @param regEntry the registry entry from the registry.190 * @param owner of the entry, i.e. the username191 * @param action the jetspeed-action (view, edit, customize, delete...) for which permission is being checked.192 */193privateboolean checkPermission(JetspeedUser user, RegistryEntry regEntry, String action, String owner)
194 {
195SecurityReference securityRef = regEntry.getSecurityRef();
196if (securityRef == null)
197returntrue; // No security defined on Registry entry198return checkPermission( user, securityRef, action, owner);
199 }
200201/***202 * Checks if the user has access for the given action using a security reference 203 *204 * @param user the requesting user.205 * @param securityRef the security reference to check206 * @param action the jetspeed-action (view, edit, customize, delete...) for which permission is being checked.207 */208privateboolean checkPermission(JetspeedUser user, SecurityReference securityRef, String action, String owner)
209 {
210SecurityEntry securityEntry = (SecurityEntry) Registry.getEntry( Registry.SECURITY, securityRef.getParent());
211if (securityEntry == null)
212 {
213 logger.warn("Security id " + securityRef.getParent() + " does not exist. This was requested by the user " + user.getUserName());
214return false;
215 }
216217if (securityEntry.allowsUser(user.getUserName(), action, owner))
218 {
219returntrue;
220 }
221222try223 {
224for( Iterator roles = JetspeedRoleManagement.getRoles(user.getUserName()); roles.hasNext();)
225 {
226 GroupRole grouprole = (GroupRole) roles.next();
227 String groupname = grouprole.getGroup().getName();
228 String rolename = grouprole.getRole().getName();
229if (securityEntry.allowsGroupRole(groupname, rolename, action))
230returntrue;
231 }
232233// for( Iterator roles = JetspeedRoleManagement.getRoles(user.getUserName()); roles.hasNext();)234// {235// Role role = (Role) roles.next();236// if (securityEntry.allowsRole((String) role.getName(), action))237// return true;238// }239// 240// for( Iterator groups = JetspeedGroupManagement.getGroups(user.getUserName()); groups.hasNext();)241// {242// Group group = (Group) groups.next();243// if (securityEntry.allowsGroup((String) group.getName(), action))244// return true;245// }246247 }
248catch (Exception e)
249 {
250 logger.error("Exception", e);
251return false;
252 }
253return false;
254 }
255256/*257 * Turbine Services Interface258 */259260/***261 * This is the early initialization method called by the262 * Turbine <code>Service</code> framework263 * @param conf The <code>ServletConfig</code>264 * @exception throws a <code>InitializationException</code> if the service265 * fails to initialize266 */267publicsynchronizedvoid init(ServletConfig conf)
268 throws InitializationException
269 {
270if (getInit()) return;
271272super.init(conf);
273274 setInit(true);
275 }
276 }