GlobalAuthorisationProvider.java example

Explorer

v7files-master
- src
  - main
    - java
      - arlut
        csd
        crypto
        MD5Crypt.java
      - v7db
        auth
        AuthenticationProvider.java
        AuthenticationProviderFactory.java
        AuthenticationToken.java
        DemoAuthenticationProvider.java
        MongoAuthenticationProvider.java
        PasswordUtil.java
        files
        AclAuthorisationProvider.java
        AuthorisationProvider.java
        AuthorisationProviderFactory.java
        CatCommand.java
        Compression.java
        Configuration.java
        ContentStorageFacade.java
        CopyCommand.java
        EndpointProperties.java
        GlobalAuthorisationProvider.java
        LsCommand.java
        Main.java
        MapUtils.java
        MkdirCommand.java
        ServeCommand.java
        TrustedAuthorisationProvider.java
        UploadCommand.java
        ZipFile.java
        buckets
        BucketsServiceConfiguration.java
        BucketsServlet.java
        milton
        FileResource.java
        FolderResource.java
        GetHandler.java
        LockableFileResource.java
        LockableFolderResource.java
        MiltonServlet.java
        PathMultiTenantResourceFactory.java
        ResourceFactory.java
        ResourceFactoryFactory.java
        mongodb
        BSONUtils.java
        MongoContentStorage.java
        MongoReferenceTracking.java
        QueryUtils.java
        Tenants.java
        UpdateConflictException.java
        V7File.java
        V7GridFS.java
        Vermongo.java
        spi
        ChunkedContent.java
        Content.java
        ContentConcatenation.java
        ContentPointer.java
        ContentSHA.java
        ContentStorage.java
        GzippedContent.java
        InlineContent.java
        OffsetAndLength.java
        ReferenceTracking.java
        StorageScheme.java
        StoredContent.java
  - test
    - java
      - v7db
        auth
        PasswordUtilTest.java
        files
        AclAuthorisationProviderTest.java
        CatCommandTest.java
        CompressionTest.java
        ConfigurationTest.java
        CopyCommandTest.java
        GlobalAuthorisationProviderTest.java
        MkdirCommandTest.java
        TrustedAuthorisationProviderTest.java
        UnitTestSupport.java
        V7GridFSTest.java
        ZipFileTest.java
        buckets
        BucketsServletTest.java
        milton
        CopyWebRequest.java
        MiltonServletTest.java
        MkColWebRequest.java
        MoveWebRequest.java
        mongodb
        AuthorisationProviderTest.java
        MongoContentStorageTest.java
        MongoReferenceTrackingTest.java
        SimpleGarbageCollector.java
        V7FileTest.java
        spi
        ChunkedContentTest.java
        ContentConcatenationTest.java
        InlineContentTest.java
        OffsetAndLengthTest.java

/**
 * Copyright (c) 2011, Thilo Planz. All rights reserved.
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 */

package v7db.files;

import java.util.Properties;

import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;

import v7db.auth.AuthenticationToken;
import v7db.files.mongodb.V7File;

class GlobalAuthorisationProvider implements AuthorisationProvider {

	private final Properties props;

	GlobalAuthorisationProvider(Properties props) {
		this.props = props;
	}

	String getProperty(String name) {
		return props.getProperty(name);
	}

	private String getAnonymousUser() {
		return getProperty("auth.anonymous");
	}

	/**
	 * handles anonymous user
	 * 
	 * @return null, if no access should be allowed
	 */
	Object[] getRoles(AuthenticationToken user) {
		if (user == null || user == AuthenticationToken.ANONYMOUS) {
			String a = getAnonymousUser();
			if (StringUtils.isBlank(a))
				return null;
			return new String[] { a };
		} else {
			return user.getRoles();
		}
	}

	private boolean authorise(V7File resource, AuthenticationToken user,
			String permission) {
		Object[] roles = getRoles(user);
		if (roles == null)
			return false;

		String[] acl = StringUtils.stripAll(StringUtils.split(
				getProperty(permission), ','));
		for (Object role : roles) {
			if (ArrayUtils.contains(acl, role))
				return true;
		}
		return false;
	}

	public boolean authoriseOpen(V7File resource, AuthenticationToken user) {
		return authoriseRead(resource, user);
	}

	public boolean authoriseRead(V7File resource, AuthenticationToken user) {
		return authorise(resource, user, "acl.read");
	}

	public boolean authoriseWrite(V7File resource, AuthenticationToken user) {
		return authorise(resource, user, "acl.write");
	}

}