This project has retired. For details please refer to its Attic page.
TurbineAccessController xref
View Javadoc

1   /*
2    * Copyright 2000-2004 The Apache Software Foundation.
3    * 
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    * 
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    * 
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.apache.jetspeed.services.security.turbine;
18  
19  // Java imports
20  import java.util.Iterator;
21  
22  import javax.servlet.ServletConfig;
23  
24  import org.apache.jetspeed.om.profile.Entry;
25  import org.apache.jetspeed.om.registry.RegistryEntry;
26  import org.apache.jetspeed.om.registry.Security;
27  import org.apache.jetspeed.om.security.GroupRole;
28  import org.apache.jetspeed.om.security.JetspeedUser;
29  import org.apache.jetspeed.om.security.Role;
30  import org.apache.jetspeed.portal.Portlet;
31  import org.apache.jetspeed.portal.PortletController;
32  import org.apache.jetspeed.portal.PortletSet;
33  import org.apache.jetspeed.services.JetspeedSecurity;
34  import org.apache.jetspeed.services.Registry;
35  import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
36  import org.apache.jetspeed.services.logging.JetspeedLogger;
37  import org.apache.jetspeed.services.resources.JetspeedResources;
38  import org.apache.jetspeed.services.security.PortalAccessController;
39  import org.apache.jetspeed.services.security.PortalResource;
40  import org.apache.turbine.services.InitializationException;
41  import org.apache.turbine.services.TurbineBaseService;
42  
43  /***
44   * TurbineAccessController
45   *
46   * @author <a href="paulsp@apache.org">Paul Spencer</a>
47   * @version $Id: TurbineAccessController.java,v 1.8 2004/02/23 03:54:49 jford Exp $
48   */
49  public class TurbineAccessController extends TurbineBaseService
50  implements PortalAccessController
51  {
52      /***
53       * Static initialization of the logger for this class
54       */    
55      private static final JetspeedLogger logger = JetspeedLogFactoryService.getLogger(TurbineAccessController.class.getName());
56      
57      private final static String CONFIG_DEFAULT_PERMISSION_LOGGEDIN     = "services.JetspeedSecurity.permission.default.loggedin";
58      private final static String CONFIG_DEFAULT_PERMISSION_ANONYMOUS     = "services.JetspeedSecurity.permission.default.anonymous";
59      
60      /***
61       * Given a <code>JetspeedUser</code>, authorize that user to perform the secured action on
62       * the given <code>Portlet</code> resource. If the user does not have
63       * sufficient privilege to perform the action on the resource, the check returns false,
64       * otherwise when sufficient privilege is present, checkPermission returns true.
65       *
66       * @param user the user to be checked.
67       * @param portlet the portlet resource.
68       * @param action the secured action to be performed on the resource by the user.
69       * @return boolean true if the user has sufficient privilege.
70       */
71      public boolean checkPermission(JetspeedUser user, Portlet portlet, String action)
72      {
73          return checkPermission(user, portlet, action, null);
74      }
75      
76      /***
77       * Given a <code>JetspeedUser</code>, authorize that user to perform the secured action on
78       * the given <code>Portlet</code> resource. If the user does not have
79       * sufficient privilege to perform the action on the resource, the check returns false,
80       * otherwise when sufficient privilege is present, checkPermission returns true.
81       *
82       * @param user the user to be checked.
83       * @param portlet the portlet resource.
84       * @param action the secured action to be performed on the resource by the user.
85       * @param owner of the entry, i.e. the username
86       * @return boolean true if the user has sufficient privilege.
87       */
88      public boolean checkPermission(JetspeedUser user, Portlet portlet, String action, String owner)
89      {
90          String portletName = portlet.getName();
91          RegistryEntry regEntry = (RegistryEntry)Registry.getEntry(Registry.PORTLET, portletName);
92          //portlet is not a portlet - probably a controller or control
93          if (regEntry==null)
94          {
95              PortletSet ps  = portlet.getPortletConfig().getPortletSet();
96              if (ps != null)
97              {
98                  PortletController pc = ps.getController();
99                  if (pc != null)
100                 {
101                     portletName = pc.getConfig().getName();
102                     regEntry = (RegistryEntry)Registry.getEntry(Registry.PORTLET_CONTROLLER, portletName);
103                 }
104             }
105         }
106         if (regEntry==null)
107         {
108             return checkDefaultPermission(user, action);
109         }
110         return checkPermission(user, regEntry, action);
111     }
112     
113     /***
114      * Given a <code>JetspeedUser</code>, authorize that user to perform the secured action on
115      * the given Portlet Instance (<code>Entry</code>) resource. If the user does not have
116      * sufficient privilege to perform the action on the resource, the check returns false,
117      * otherwise when sufficient privilege is present, checkPermission returns true.
118      *
119      * @param user the user to be checked.
120      * @param entry the portlet instance resource.
121      * @param action the secured action to be performed on the resource by the user.
122      * @return boolean true if the user has sufficient privilege.
123      */
124     public boolean checkPermission(JetspeedUser user, Entry entry, String action)
125     {
126         return checkPermission(user, entry, action, null);
127     }
128     
129     /***
130      * Given a <code>JetspeedUser</code>, authorize that user to perform the secured action on
131      * the given Portlet Instance (<code>Entry</code>) resource. If the user does not have
132      * sufficient privilege to perform the action on the resource, the check returns false,
133      * otherwise when sufficient privilege is present, checkPermission returns true.
134      *
135      * @param user the user to be checked.
136      * @param entry the portlet instance resource.
137      * @param action the secured action to be performed on the resource by the user.
138      * @param owner of the entry, i.e. the username
139      * @return boolean true if the user has sufficient privilege.
140      */
141     public boolean checkPermission(JetspeedUser user, Entry entry, String action, String owner)
142     {
143         String portletName = entry.getParent();
144         RegistryEntry regEntry = (RegistryEntry)Registry.getEntry(Registry.PORTLET, portletName);
145         if (regEntry==null)
146         {
147             return checkDefaultPermission(user, action);
148         }
149         return checkPermission(user, regEntry, action);
150     }
151     
152     
153     /***
154      * Given a <code>JetspeedUser</code>, authorize that user to perform the secured action on
155      * the given resource. If the user does not have
156      * sufficient privilege to perform the action on the resource, the check returns false,
157      * otherwise when sufficient privilege is present, checkPermission returns true.
158      *
159      * @param user the user to be checked.
160      * @param resource requesting an action
161      * @param action the secured action to be performed on the resource by the user.
162      * @return boolean true if the user has sufficient privilege.
163      */
164     public boolean checkPermission(JetspeedUser user, PortalResource resource, String action)
165     {
166         switch (resource.getResourceType())
167         {
168             case PortalResource.TYPE_ENTRY:
169                 return checkPermission(user, resource.getEntry(), action);
170             case PortalResource.TYPE_REGISTRY:
171                 return checkPermission(user, resource.getRegistryEntry(), action);
172             case PortalResource.TYPE_REGISTRY_PARAMETER:
173                 return checkPermission(user, resource.getRegistryParameter(), action);
174             case PortalResource.TYPE_PORTLET:
175                 return checkPermission(user, resource.getPortlet(), action);
176             case PortalResource.TYPE_ENTRY_PARAMETER:
177                 return checkPermission(user, (RegistryEntry) resource.getEntryParameter(), action);
178         }
179         return false;
180     }
181     
182     /***
183      * Checks if the user has access to a given portlet for the given action
184      *
185      * @param user the requesting user.
186      * @param regEntry the registry entry from the registry.
187      * @param action the jetspeed-action (view, edit, customize, delete...) for which permission is being checked.
188      * @exception Sends a RegistryException if the manager can't add
189      *            the provided entry
190      */
191     private boolean checkPermission(JetspeedUser user,  RegistryEntry regEntry, String action)
192     {
193         Security security = regEntry.getSecurity();
194         if (null == security)
195             return checkDefaultPermission( user, action);
196         String securityRole = security.getRole();
197         if (null == securityRole)
198             return checkDefaultPermission( user, action);
199 
200         
201         // determine if Portlet has specified role
202         try
203         {
204 
205             if (false == JetspeedSecurity.hasRole(user.getUserName(), securityRole))
206             {
207                 return false;
208             }
209 
210         } catch (Exception e)
211         {
212             logger.error("Exception",  e);
213             return false;
214         }
215         
216         return checkPermission(user, action);
217     }
218     
219     /***
220      * Checks if the currently logged on user has access for the given action
221      *
222      * @param user the requesting user.
223      * @param action the jetspeed-action (view, edit, customize, delete...) for which permission is being checked.
224      * @exception Sends a RegistryException if the manager can't add
225      *            the provided entry
226      */
227     /***
228      * given the rundata, checks if the currently logged on user has access for the given action
229      *
230      * @param rundata the request rundata.
231      * @param permission the jetspeed-action (view, edit, customize, delete...) for which permission is being checked.
232      * @param entry the registry entry from the registry.
233      * @exception Sends a RegistryException if the manager can't add
234      *            the provided entry
235      */
236     private boolean checkPermission(JetspeedUser user, String action)
237     {
238         if (action == null)
239         {
240             return true; 
241         }
242 
243         // determine if user has specified role
244         try
245         {
246             Iterator roles = JetspeedSecurity.getRoles(user.getUserName());
247             while (roles.hasNext())
248             {
249                 GroupRole gr = (GroupRole) roles.next();
250                 Role role = gr.getRole();
251                 return JetspeedSecurity.hasPermission(role.getName(), action);
252             }
253         
254         } catch (Exception e)
255         {
256             logger.error("Exception",  e);
257             return false;
258         }
259         
260         return true;
261     }
262     
263     private boolean checkDefaultPermission(JetspeedUser user, String action)
264     {
265         String defaultPermissions[] = null;
266         try
267         {
268             if ( (user == null) || !user.hasLoggedIn() )
269             {
270                 defaultPermissions = JetspeedResources.getStringArray(CONFIG_DEFAULT_PERMISSION_ANONYMOUS);
271             } else
272             {
273                 defaultPermissions = JetspeedResources.getStringArray(CONFIG_DEFAULT_PERMISSION_LOGGEDIN);
274             }
275         } 
276         catch (Exception e)
277         {
278             logger.error( "Error checking permissions for " + user + " on " + action, e);
279         }
280         for (int i = 0; i < defaultPermissions.length; i++)
281         {
282             if (defaultPermissions[i].equals("*"))
283                 return true;
284             if (defaultPermissions[i].equals(action))
285                 return true;
286         }
287         return false;
288     }
289     
290     /*
291      * Turbine Services Interface
292      */
293     
294     /***
295      * This is the early initialization method called by the
296      * Turbine <code>Service</code> framework
297      * @param conf The <code>ServletConfig</code>
298      * @exception throws a <code>InitializationException</code> if the service
299      * fails to initialize
300      */
301     public synchronized void init(ServletConfig conf)
302     throws InitializationException
303     {
304         if (getInit()) return;
305         
306         super.init(conf);
307         
308         setInit(true);
309     }
310     
311 }