View Javadoc

1   package org.apache.turbine.util.security;
2   
3   /*
4    * Copyright 2001-2005 The Apache Software Foundation.
5    *
6    * Licensed under the Apache License, Version 2.0 (the "License")
7    * you may not use this file except in compliance with the License.
8    * You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  
19  import java.util.Iterator;
20  import java.util.Map;
21  
22  import org.apache.turbine.om.security.Group;
23  import org.apache.turbine.om.security.Permission;
24  import org.apache.turbine.om.security.Role;
25  import org.apache.turbine.services.security.TurbineSecurity;
26  
27  /***
28   * This is a control class that makes it easy to find out if a
29   * particular User has a given Permission.  It also determines if a
30   * User has a a particular Role.
31   *
32   * @author <a href="mailto:jmcnally@collab.net">John D. McNally</a>
33   * @author <a href="mailto:bmclaugh@algx.net">Brett McLaughlin</a>
34   * @author <a href="mailto:greg@shwoop.com">Greg Ritter</a>
35   * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a>
36   * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
37   * @author <a href="mailto:marco@intermeta.de">Marco Kn&uuml;ttel</a>
38   * @version $Id: TurbineAccessControlList.java 278822 2005-09-05 19:53:05Z henning $
39   */
40  public class TurbineAccessControlList
41          implements AccessControlList
42  {
43      /*** Serial Version UID */
44      private static final long serialVersionUID = 2678947159949477950L;
45  
46      /*** The sets of roles that the user has in different groups */
47      private Map roleSets;
48  
49      /*** The sets of permissions that the user has in different groups */
50      private Map permissionSets;
51  
52      /*** The name of this ACL. Needed for the SecurityEntity Interface */
53      private String name;
54  
55      /***
56       * Constructs a new AccessControlList.
57       *
58       * This class follows 'immutable' pattern - it's objects can't be modified
59       * once they are created. This means that the permissions the users have are
60       * in effect form the moment they log in to the moment they log out, and
61       * changes made to the security settings in that time are not reflected
62       * in the state of this object. If you need to reset an user's permissions
63       * you need to invalidate his session. <br>
64       * The objects that constructs an AccessControlList must supply hashtables
65       * of role/permission sets keyed with group objects. <br>
66       *
67       * @param roleSets a hashtable containing RoleSet objects keyed with Group objects
68       * @param permissionSets a hashtable containing PermissionSet objects keyed with Group objects
69       */
70      public TurbineAccessControlList(Map roleSets, Map permissionSets)
71      {
72          this.roleSets = roleSets;
73          this.permissionSets = permissionSets;
74      }
75  
76      /***
77       * Returns the name of this ACL.
78       *
79       * @return The ACL Name
80       *
81       */
82      public String getName()
83      {
84          return this.name;
85      }
86  
87      /***
88       * Sets the name of this ACL.
89       *
90       * @param name The new ACL name.
91       *
92       */
93      public void setName(String name)
94      {
95          this.name = name;
96      }
97  
98      /***
99       * Retrieves a set of Roles an user is assigned in a Group.
100      *
101      * @param group the Group
102      * @return the set of Roles this user has within the Group.
103      */
104     public RoleSet getRoles(Group group)
105     {
106         if (group == null)
107         {
108             return null;
109         }
110         return (RoleSet) roleSets.get(group);
111     }
112 
113     /***
114      * Retrieves a set of Roles an user is assigned in the global Group.
115      *
116      * @return the set of Roles this user has within the global Group.
117      */
118     public RoleSet getRoles()
119     {
120         return getRoles(TurbineSecurity.getGlobalGroup());
121     }
122 
123     /***
124      * Retrieves a set of Permissions an user is assigned in a Group.
125      *
126      * @param group the Group
127      * @return the set of Permissions this user has within the Group.
128      */
129     public PermissionSet getPermissions(Group group)
130     {
131         if (group == null)
132         {
133             return null;
134         }
135         return (PermissionSet) permissionSets.get(group);
136     }
137 
138     /***
139      * Retrieves a set of Permissions an user is assigned in the global Group.
140      *
141      * @return the set of Permissions this user has within the global Group.
142      */
143     public PermissionSet getPermissions()
144     {
145         return getPermissions(TurbineSecurity.getGlobalGroup());
146     }
147 
148     /***
149      * Checks if the user is assigned a specific Role in the Group.
150      *
151      * @param role the Role
152      * @param group the Group
153      * @return <code>true</code> if the user is assigned the Role in the Group.
154      */
155     public boolean hasRole(Role role, Group group)
156     {
157         RoleSet set = getRoles(group);
158         if (set == null || role == null)
159         {
160             return false;
161         }
162         return set.contains(role);
163     }
164 
165     /***
166      * Checks if the user is assigned a specific Role in any of the given
167      * Groups
168      *
169      * @param role the Role
170      * @param groupset a Groupset
171      * @return <code>true</code> if the user is assigned the Role in any of
172      *         the given Groups.
173      */
174     public boolean hasRole(Role role, GroupSet groupset)
175     {
176         if (role == null)
177         {
178             return false;
179         }
180         for (Iterator groups = groupset.iterator(); groups.hasNext();)
181         {
182             Group group = (Group) groups.next();
183             RoleSet roles = getRoles(group);
184             if (roles != null)
185             {
186                 if (roles.contains(role))
187                 {
188                     return true;
189                 }
190             }
191         }
192         return false;
193     }
194 
195     /***
196      * Checks if the user is assigned a specific Role in the Group.
197      *
198      * @param role the Role
199      * @param group the Group
200      * @return <code>true</code> if the user is assigned the Role in the Group.
201      */
202     public boolean hasRole(String role, String group)
203     {
204         try
205         {
206             return hasRole(TurbineSecurity.getRoleByName(role),
207                     TurbineSecurity.getGroupByName(group));
208         }
209         catch (Exception e)
210         {
211             return false;
212         }
213     }
214 
215     /***
216      * Checks if the user is assigned a specifie Role in any of the given
217      * Groups
218      *
219      * @param rolename the name of the Role
220      * @param groupset a Groupset
221      * @return <code>true</code> if the user is assigned the Role in any of
222      *         the given Groups.
223      */
224     public boolean hasRole(String rolename, GroupSet groupset)
225     {
226         Role role;
227         try
228         {
229             role = TurbineSecurity.getRoleByName(rolename);
230         }
231         catch (TurbineSecurityException e)
232         {
233             return false;
234         }
235         if (role == null)
236         {
237             return false;
238         }
239         for (Iterator groups = groupset.iterator(); groups.hasNext();)
240         {
241             Group group = (Group) groups.next();
242             RoleSet roles = getRoles(group);
243             if (roles != null)
244             {
245                 if (roles.contains(role))
246                 {
247                     return true;
248                 }
249             }
250         }
251         return false;
252     }
253 
254     /***
255      * Checks if the user is assigned a specific Role in the global Group.
256      *
257      * @param role the Role
258      * @return <code>true</code> if the user is assigned the Role in the global Group.
259      */
260     public boolean hasRole(Role role)
261     {
262         return hasRole(role, TurbineSecurity.getGlobalGroup());
263     }
264 
265     /***
266      * Checks if the user is assigned a specific Role in the global Group.
267      *
268      * @param role the Role
269      * @return <code>true</code> if the user is assigned the Role in the global Group.
270      */
271     public boolean hasRole(String role)
272     {
273         try
274         {
275             return hasRole(TurbineSecurity.getRoleByName(role));
276         }
277         catch (Exception e)
278         {
279             return false;
280         }
281     }
282 
283     /***
284      * Checks if the user is assigned a specific Permission in the Group.
285      *
286      * @param permission the Permission
287      * @param group the Group
288      * @return <code>true</code> if the user is assigned the Permission in the Group.
289      */
290     public boolean hasPermission(Permission permission, Group group)
291     {
292         PermissionSet set = getPermissions(group);
293         if (set == null || permission == null)
294         {
295             return false;
296         }
297         return set.contains(permission);
298     }
299 
300     /***
301      * Checks if the user is assigned a specific Permission in any of the given
302      * Groups
303      *
304      * @param permission the Permission
305      * @param groupset a Groupset
306      * @return <code>true</code> if the user is assigned the Permission in any
307      *         of the given Groups.
308      */
309     public boolean hasPermission(Permission permission, GroupSet groupset)
310     {
311         if (permission == null)
312         {
313             return false;
314         }
315         for (Iterator groups = groupset.iterator(); groups.hasNext();)
316         {
317             Group group = (Group) groups.next();
318             PermissionSet permissions = getPermissions(group);
319             if (permissions != null)
320             {
321                 if (permissions.contains(permission))
322                 {
323                     return true;
324                 }
325             }
326         }
327         return false;
328     }
329 
330     /***
331      * Checks if the user is assigned a specific Permission in the Group.
332      *
333      * @param permission the Permission
334      * @param group the Group
335      * @return <code>true</code> if the user is assigned the Permission in the Group.
336      */
337     public boolean hasPermission(String permission, String group)
338     {
339         try
340         {
341             return hasPermission(TurbineSecurity.getPermissionByName(permission),
342                     TurbineSecurity.getGroupByName(group));
343         }
344         catch (Exception e)
345         {
346             return false;
347         }
348     }
349 
350     /***
351      * Checks if the user is assigned a specific Permission in the Group.
352      *
353      * @param permission the Permission
354      * @param group the Group
355      * @return <code>true</code> if the user is assigned the Permission in the Group.
356      */
357     public boolean hasPermission(String permission, Group group)
358     {
359         try
360         {
361             return hasPermission(
362                     TurbineSecurity.getPermissionByName(permission), group);
363         }
364         catch (Exception e)
365         {
366             return false;
367         }
368     }
369 
370     /***
371      * Checks if the user is assigned a specifie Permission in any of the given
372      * Groups
373      *
374      * @param permissionName the name of the Permission
375      * @param groupset a Groupset
376      * @return <code>true</code> if the user is assigned the Permission in any
377      *         of the given Groups.
378      */
379     public boolean hasPermission(String permissionName, GroupSet groupset)
380     {
381         Permission permission;
382         try
383         {
384             permission = TurbineSecurity.getPermissionByName(permissionName);
385         }
386         catch (TurbineSecurityException e)
387         {
388             return false;
389         }
390         if (permission == null)
391         {
392             return false;
393         }
394         for (Iterator groups = groupset.iterator(); groups.hasNext();)
395         {
396             Group group = (Group) groups.next();
397             PermissionSet permissions = getPermissions(group);
398             if (permissions != null)
399             {
400                 if (permissions.contains(permission))
401                 {
402                     return true;
403                 }
404             }
405         }
406         return false;
407     }
408 
409     /***
410      * Checks if the user is assigned a specific Permission in the global Group.
411      *
412      * @param permission the Permission
413      * @return <code>true</code> if the user is assigned the Permission in the global Group.
414      */
415     public boolean hasPermission(Permission permission)
416     {
417         return hasPermission(permission, TurbineSecurity.getGlobalGroup());
418     }
419 
420     /***
421      * Checks if the user is assigned a specific Permission in the global Group.
422      *
423      * @param permission the Permission
424      * @return <code>true</code> if the user is assigned the Permission in the global Group.
425      */
426     public boolean hasPermission(String permission)
427     {
428         try
429         {
430             return hasPermission(TurbineSecurity.getPermissionByName(permission));
431         }
432         catch (Exception e)
433         {
434             return false;
435         }
436     }
437 
438     /***
439      * Returns all groups definded in the system.
440      *
441      * This is useful for debugging, when you want to display all roles
442      * and permissions an user is assingned. This method is needed
443      * because you can't call static methods of TurbineSecurity class
444      * from within WebMacro/Velocity template
445      *
446      * @return A Group [] of all groups in the system.
447      */
448     public Group[] getAllGroups()
449     {
450         try
451         {
452             return TurbineSecurity.getAllGroups().getGroupsArray();
453         }
454         catch (TurbineSecurityException e)
455         {
456             return new Group[0];
457         }
458     }
459 }