/*
* Copyright 2000-2004 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.jetspeed.services.security.registry;
// Java imports
import java.util.Iterator;
import javax.servlet.ServletConfig;
import org.apache.jetspeed.om.SecurityReference;
import org.apache.jetspeed.om.profile.Entry;
import org.apache.jetspeed.om.registry.RegistryEntry;
import org.apache.jetspeed.om.registry.SecurityEntry;
import org.apache.jetspeed.om.security.GroupRole;
import org.apache.jetspeed.om.security.JetspeedUser;
import org.apache.jetspeed.portal.Portlet;
import org.apache.jetspeed.portal.PortletController;
import org.apache.jetspeed.portal.PortletSet;
import org.apache.jetspeed.services.Registry;
import org.apache.jetspeed.services.logging.JetspeedLogFactoryService;
import org.apache.jetspeed.services.logging.JetspeedLogger;
import org.apache.jetspeed.services.security.JetspeedRoleManagement;
import org.apache.jetspeed.services.security.PortalAccessController;
import org.apache.jetspeed.services.security.PortalResource;
import org.apache.turbine.services.InitializationException;
import org.apache.turbine.services.TurbineBaseService;
/**
* TurbineAccessController
*
* @author <a href="paulsp@apache.org">Paul Spencer</a>
* @version $Id: RegistryAccessController.java,v 1.10 2004/02/23 03:54:03 jford Exp $
*/
public class RegistryAccessController extends TurbineBaseService implements PortalAccessController
{
/**
* Static initialization of the logger for this class
*/
private static final JetspeedLogger logger = JetspeedLogFactoryService.getLogger(RegistryAccessController.class.getName());
/**
* Given a <code>JetspeedUser</code>, authorize that user to perform the secured action on
* the given <code>Portlet</code> resource. If the user does not have
* sufficient privilege to perform the action on the resource, the check returns false,
* otherwise when sufficient privilege is present, checkPermission returns true.
*
* @param user the user to be checked.
* @param portlet the portlet resource.
* @param action the secured action to be performed on the resource by the user.
* @return boolean true if the user has sufficient privilege.
*/
public boolean checkPermission(JetspeedUser user, Portlet portlet, String action)
{
return checkPermission(user, portlet, action, null);
}
/**
* Given a <code>JetspeedUser</code>, authorize that user to perform the secured action on
* the given <code>Portlet</code> resource. If the user does not have
* sufficient privilege to perform the action on the resource, the check returns false,
* otherwise when sufficient privilege is present, checkPermission returns true.
*
* @param user the user to be checked.
* @param portlet the portlet resource.
* @param action the secured action to be performed on the resource by the user.
* @param owner of the entry, i.e. the username
* @return boolean true if the user has sufficient privilege.
*/
public boolean checkPermission(JetspeedUser user, Portlet portlet, String action, String owner)
{
SecurityReference securityRef = portlet.getPortletConfig().getSecurityRef();
if (securityRef != null)
{
return checkPermission( user, securityRef, action, owner);
}
String portletName = portlet.getName();
RegistryEntry registryEntry = null;
// Don't query registry if portlet is a set
if (!(portlet instanceof PortletSet))
{
registryEntry = (RegistryEntry) Registry.getEntry(Registry.PORTLET, portletName);
}
//portlet is not a portlet - probably a controller or control
if (registryEntry==null) {
PortletSet ps = portlet.getPortletConfig().getPortletSet();
if (ps != null) {
PortletController pc = ps.getController();
if (pc != null) {
portletName = pc.getConfig().getName();
registryEntry = (RegistryEntry)Registry.getEntry(Registry.PORTLET_CONTROLLER, portletName);
}
}
}
if (registryEntry==null) {
return true; // Since their is no entry, their no security to test. Per spec. all is allowed
}
return checkPermission(user, registryEntry, action, owner);
}
/**
* Given a <code>JetspeedUser</code>, authorize that user to perform the secured action on
* the given Portlet Instance (<code>Entry</code>) resource. If the user does not have
* sufficient privilege to perform the action on the resource, the check returns false,
* otherwise when sufficient privilege is present, checkPermission returns true.
*
* @param user the user to be checked.
* @param entry the portlet instance resource.
* @param action the secured action to be performed on the resource by the user.
* @return boolean true if the user has sufficient privilege.
*/
public boolean checkPermission(JetspeedUser user, Entry entry, String action)
{
return checkPermission( user, entry, action, null);
}
/**
* Given a <code>JetspeedUser</code>, authorize that user to perform the secured action on
* the given Portlet Instance (<code>Entry</code>) resource. If the user does not have
* sufficient privilege to perform the action on the resource, the check returns false,
* otherwise when sufficient privilege is present, checkPermission returns true.
*
* @param user the user to be checked.
* @param entry the portlet instance resource.
* @param action the secured action to be performed on the resource by the user.
* @param owner of the entry, i.e. the username
* @return boolean true if the user has sufficient privilege.
*/
public boolean checkPermission(JetspeedUser user, Entry entry, String action, String owner)
{
SecurityReference securityRef = entry.getSecurityRef();
if (securityRef == null)
{
return checkPermission( user, Registry.getEntry( Registry.PORTLET, entry.getParent()), action, owner);
}
return checkPermission( user, securityRef, action, owner);
}
/**
* Given a <code>JetspeedUser</code>, authorize that user to perform the secured action on
* the given resource. If the user does not have
* sufficient privilege to perform the action on the resource, the check returns false,
* otherwise when sufficient privilege is present, checkPermission returns true.
*
* @param user the user to be checked.
* @param resource requesting an action
* @param action the secured action to be performed on the resource by the user.
* @return boolean true if the user has sufficient privilege.
*/
public boolean checkPermission(JetspeedUser user, PortalResource resource, String action)
{
switch (resource.getResourceType())
{
case PortalResource.TYPE_ENTRY:
return checkPermission(user, resource.getEntry(), action, resource.getOwner());
case PortalResource.TYPE_PORTLET:
return checkPermission(user, resource.getPortlet(), action, resource.getOwner());
case PortalResource.TYPE_REGISTRY:
return checkPermission(user, resource.getRegistryEntry(), action, resource.getOwner());
case PortalResource.TYPE_REGISTRY_PARAMETER:
return checkPermission(user, resource.getRegistryParameter(), action, resource.getOwner());
}
// We should never get here
logger.error( "In " + this.getClass().getName() + ".checkPermission(user, resource, action) - Unkown resource = " + resource.getResourceType());
return false;
}
/**
* Checks if the user has access to a given registry entry for the given action
*
* @param user the requesting user.
* @param regEntry the registry entry from the registry.
* @param owner of the entry, i.e. the username
* @param action the jetspeed-action (view, edit, customize, delete...) for which permission is being checked.
*/
private boolean checkPermission(JetspeedUser user, RegistryEntry regEntry, String action, String owner)
{
SecurityReference securityRef = regEntry.getSecurityRef();
if (securityRef == null)
return true; // No security defined on Registry entry
return checkPermission( user, securityRef, action, owner);
}
/**
* Checks if the user has access for the given action using a security reference
*
* @param user the requesting user.
* @param securityRef the security reference to check
* @param action the jetspeed-action (view, edit, customize, delete...) for which permission is being checked.
*/
private boolean checkPermission(JetspeedUser user, SecurityReference securityRef, String action, String owner)
{
SecurityEntry securityEntry = (SecurityEntry) Registry.getEntry( Registry.SECURITY, securityRef.getParent());
if (securityEntry == null)
{
logger.warn("Security id " + securityRef.getParent() + " does not exist. This was requested by the user " + user.getUserName());
return false;
}
if (securityEntry.allowsUser(user.getUserName(), action, owner))
{
return true;
}
try
{
for( Iterator roles = JetspeedRoleManagement.getRoles(user.getUserName()); roles.hasNext();)
{
GroupRole grouprole = (GroupRole) roles.next();
String groupname = grouprole.getGroup().getName();
String rolename = grouprole.getRole().getName();
if (securityEntry.allowsGroupRole(groupname, rolename, action))
return true;
}
// for( Iterator roles = JetspeedRoleManagement.getRoles(user.getUserName()); roles.hasNext();)
// {
// Role role = (Role) roles.next();
// if (securityEntry.allowsRole((String) role.getName(), action))
// return true;
// }
//
// for( Iterator groups = JetspeedGroupManagement.getGroups(user.getUserName()); groups.hasNext();)
// {
// Group group = (Group) groups.next();
// if (securityEntry.allowsGroup((String) group.getName(), action))
// return true;
// }
}
catch (Exception e)
{
logger.error("Exception", e);
return false;
}
return false;
}
/*
* Turbine Services Interface
*/
/**
* This is the early initialization method called by the
* Turbine <code>Service</code> framework
* @param conf The <code>ServletConfig</code>
* @exception throws a <code>InitializationException</code> if the service
* fails to initialize
*/
public synchronized void init(ServletConfig conf)
throws InitializationException
{
if (getInit()) return;
super.init(conf);
setInit(true);
}
}