BaseAuthorityConnector.java

/* $Id: BaseAuthorityConnector.java 988245 2010-08-23 18:39:35Z kwright $ */

/**
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.manifoldcf.authorities.authorities;

import org.apache.manifoldcf.core.interfaces.*;
import org.apache.manifoldcf.authorities.interfaces.*;

import java.util.*;
import java.io.*;

/** An authority connector supplies an ACL of some kind for a given user.  This is necessary so that the search UI
* can find the documents that can be legally seen.
*
* An instance of this interface provides this functionality.  Authority connector instances are pooled, so that session
* setup does not need to be done repeatedly.  The pool is segregated by specific sets of configuration parameters.
*/
public abstract class BaseAuthorityConnector extends org.apache.manifoldcf.core.connector.BaseConnector implements IAuthorityConnector
{
  public static final String _rcsid = "@(#)$Id: BaseAuthorityConnector.java 988245 2010-08-23 18:39:35Z kwright $";

  // For repositories that have the ability to deny access based on a user's access tokens
  protected static final AuthorizationResponse RESPONSE_UNREACHABLE = new AuthorizationResponse(new String[]{GLOBAL_DENY_TOKEN},
    AuthorizationResponse.RESPONSE_UNREACHABLE);
  protected static final AuthorizationResponse RESPONSE_USERNOTFOUND = new AuthorizationResponse(new String[]{GLOBAL_DENY_TOKEN},
    AuthorizationResponse.RESPONSE_USERNOTFOUND);
  protected static final AuthorizationResponse RESPONSE_USERUNAUTHORIZED = new AuthorizationResponse(new String[]{GLOBAL_DENY_TOKEN},
    AuthorizationResponse.RESPONSE_USERUNAUTHORIZED);

  // For repositories that DO NOT have the ability to deny access based on a user's access tokens
  protected static final AuthorizationResponse RESPONSE_UNREACHABLE_ADDITIVE = new AuthorizationResponse(new String[0],
    AuthorizationResponse.RESPONSE_UNREACHABLE);
  protected static final AuthorizationResponse RESPONSE_USERNOTFOUND_ADDITIVE = new AuthorizationResponse(new String[0],
    AuthorizationResponse.RESPONSE_USERNOTFOUND);
  protected static final AuthorizationResponse RESPONSE_USERUNAUTHORIZED_ADDITIVE = new AuthorizationResponse(new String[0],
    AuthorizationResponse.RESPONSE_USERUNAUTHORIZED);

  /** Obtain the access tokens for a given user name.
  *@param userName is the user name or identifier.
  *@return the response tokens (according to the current authority).
  * (Should throws an exception only when a condition cannot be properly described within the authorization response object.)
  */
  @Override
  public AuthorizationResponse getAuthorizationResponse(String userName)
    throws ManifoldCFException
  {
    // Implementation for old-style behavior.  Override this method for new-style behavior.
    try
    {
      String[] accessTokens = getAccessTokens(userName);
      if (accessTokens == null)
        return new AuthorizationResponse(new String[0],AuthorizationResponse.RESPONSE_USERNOTFOUND);
      return new AuthorizationResponse(accessTokens,AuthorizationResponse.RESPONSE_OK);
    }
    catch (ManifoldCFException e)
    {
      // There's an authorization failure of some kind.
      String[] defaultAccessTokens = getDefaultAccessTokens(userName);
      if (defaultAccessTokens == null)
      {
        // Treat it as an authorization failure
        return new AuthorizationResponse(new String[0],AuthorizationResponse.RESPONSE_USERUNAUTHORIZED);
      }
      return new AuthorizationResponse(defaultAccessTokens,AuthorizationResponse.RESPONSE_UNREACHABLE);
    }
  }

  /** Obtain the default access tokens for a given user name.
  *@param userName is the user name or identifier.
  *@return the default response tokens, presuming that the connect method fails.
  */
  @Override
  public AuthorizationResponse getDefaultAuthorizationResponse(String userName)
  {
    String[] acls = getDefaultAccessTokens(userName);
    if (acls == null)
      return new AuthorizationResponse(new String[0],AuthorizationResponse.RESPONSE_USERUNAUTHORIZED);
    else
      return new AuthorizationResponse(acls,AuthorizationResponse.RESPONSE_UNREACHABLE);
  }

  /** Obtain the access tokens for a given user name.
  *@param userName is the user name or identifier.
  *@return the tokens (according to the current authority), or null if the user does not exist.
  * (Throw an exception if access is denied, usually because the authority is down).
  */
  public String[] getAccessTokens(String userName)
    throws ManifoldCFException
  {
    return null;
  }

  /** Return the default access tokens in the case where the getAccessTokens() method could not
  * connect with the server.
  *@param userName is the username that the access tokens are for.  Typically this is not used.
  *@return the default tokens, or null if there are no default takens, and the error should be
  * treated as a hard one.
  */
  public String[] getDefaultAccessTokens(String userName)
  {
    return null;
  }

}