/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.tuscany.sca.policy.authorization;
import static javax.xml.stream.XMLStreamConstants.END_ELEMENT;
import static javax.xml.stream.XMLStreamConstants.START_ELEMENT;
import java.util.StringTokenizer;
import javax.xml.namespace.QName;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamReader;
import javax.xml.stream.XMLStreamWriter;
import org.apache.tuscany.sca.contribution.processor.ContributionReadException;
import org.apache.tuscany.sca.contribution.processor.ContributionResolveException;
import org.apache.tuscany.sca.contribution.processor.ContributionWriteException;
import org.apache.tuscany.sca.contribution.processor.ProcessorContext;
import org.apache.tuscany.sca.contribution.processor.StAXArtifactProcessor;
import org.apache.tuscany.sca.contribution.resolver.ModelResolver;
import org.apache.tuscany.sca.core.FactoryExtensionPoint;
import org.apache.tuscany.sca.monitor.Monitor;
import org.apache.tuscany.sca.monitor.Problem;
import org.apache.tuscany.sca.monitor.Problem.Severity;
/**
*
* @version $Rev$ $Date$
*/
public class AuthorizationPolicyProcessor implements StAXArtifactProcessor<AuthorizationPolicy> {
private static final String ROLES = "roles";
public QName getArtifactType() {
return AuthorizationPolicy.NAME;
}
public AuthorizationPolicyProcessor(FactoryExtensionPoint modelFactories) {
}
/**
* Report a error.
*
* @param problems
* @param message
* @param model
*/
private void error(Monitor monitor, String message, Object model, Object... messageParameters) {
if (monitor != null) {
Problem problem = monitor.createProblem(this.getClass().getName(), "policy-security-validation-messages", Severity.ERROR, model, message, (Object[])messageParameters);
monitor.problem(problem);
}
}
public AuthorizationPolicy read(XMLStreamReader reader, ProcessorContext context) throws ContributionReadException, XMLStreamException {
AuthorizationPolicy policy = new AuthorizationPolicy();
int event = reader.getEventType();
QName start = reader.getName();
while (true) {
switch (event) {
case START_ELEMENT:
String ac = reader.getName().getLocalPart();
if ("allow".equals(ac)) {
policy.setAccessControl(AuthorizationPolicy.AcessControl.allow);
String roleNames = reader.getAttributeValue(null, ROLES);
if (roleNames == null) {
error(context.getMonitor(), "RequiredAttributeRolesMissing", reader);
//throw new IllegalArgumentException("Required attribute 'roles' is missing.");
} else {
StringTokenizer st = new StringTokenizer(roleNames);
while (st.hasMoreTokens()) {
policy.getRoleNames().add(st.nextToken());
}
}
} else if ("permitAll".equals(ac)) {
policy.setAccessControl(AuthorizationPolicy.AcessControl.permitAll);
} else if ("denyAll".endsWith(ac)) {
policy.setAccessControl(AuthorizationPolicy.AcessControl.denyAll);
}
break;
case END_ELEMENT:
if (start.equals(reader.getName())) {
if (reader.hasNext()) {
reader.next();
}
return policy;
}
}
if (reader.hasNext()) {
event = reader.next();
} else {
return policy;
}
}
}
public void write(AuthorizationPolicy policy, XMLStreamWriter writer, ProcessorContext context) throws ContributionWriteException,
XMLStreamException {
writer.writeStartElement(AuthorizationPolicy.NAME.getLocalPart());
writer.writeStartElement(policy.getAccessControl().name());
if (policy.getAccessControl() == AuthorizationPolicy.AcessControl.allow) {
StringBuffer sb = new StringBuffer();
for (String role : policy.getRoleNames()) {
sb.append(role);
}
if (sb.length() > 0) {
writer.writeAttribute(ROLES, sb.toString());
}
}
writer.writeEndElement();
writer.writeEndElement();
}
public Class<AuthorizationPolicy> getModelType() {
return AuthorizationPolicy.class;
}
public void resolve(AuthorizationPolicy policy, ModelResolver resolver, ProcessorContext context) throws ContributionResolveException {
if ((policy.getAccessControl() == AuthorizationPolicy.AcessControl.allow) &&
(policy.getRoleNames().isEmpty())){
// role names are required so leave policy unresolved
return;
}
//right now nothing to resolve
policy.setUnresolved(false);
}
}