package org.apache.beehive.wsm.axis.security.model;
/*
* DropInDeploymentHandler.java
*
* Copyright 2001-2004 The Apache Software Foundation.
*
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
import java.util.Collection;
import java.util.Iterator;
import java.io.File;
import org.apache.beehive.wsm.axis.security.User;
import org.apache.beehive.wsm.axis.security.Group;
import org.apache.beehive.wsm.axis.security.UserList;
import org.apache.beehive.wsm.axis.security.Role;
import org.apache.beehive.wsm.axis.security.xmlbeans.BeehiveRoleDocument;
import org.apache.beehive.wsm.axis.security.xmlbeans.BeehiveRoleDocument.BeehiveRole;
import org.apache.beehive.wsm.axis.security.SecurityModel;
import org.apache.axis.Constants;
import org.apache.axis.MessageContext;
import org.apache.axis.components.logger.LogFactory;
import org.apache.axis.security.AuthenticatedUser;
import org.apache.axis.security.SecurityProvider;
import org.apache.axis.security.simple.SimpleSecurityProvider;
import org.apache.log4j.Logger;
public class BeehiveMemorySecurityModel implements SecurityModel {
protected static Logger logger = Logger.getLogger(BeehiveMemorySecurityModel.class);
private static final String BEEHIVE_ROLE_FILE = "beehive-role.xml";
// a user list is per web application. Thus, it's fine to be a class variable.
private static UserList userList = null;
public void init ( MessageContext msgContext )
{
if (logger.isDebugEnabled()) {
logger.debug("Enter: BeehiveMemorySecurityModel::init");
}
if ( userList != null )
{
// userList has already been instantiated.
return;
}
synchronized ( BeehiveMemorySecurityModel.class )
{
if ( userList == null )
{
String configPath = msgContext.getStrProp(Constants.MC_CONFIGPATH);
if ( configPath == null )
{
configPath = "";
}
else
{
configPath += File.separator;
}
if (logger.isDebugEnabled()) {
logger.debug("BEEHIVE_ROLE_FILE : " + configPath + BEEHIVE_ROLE_FILE );
}
BeehiveRoleDocument brd = null;
try{
brd = BeehiveRoleDocument.Factory.parse( new File ( configPath + BEEHIVE_ROLE_FILE ) );
}catch(Exception e){
logger.error("BeehiveRoleDocument couldn't parse the file ("+ configPath + BEEHIVE_ROLE_FILE +") : " + e.getMessage(), e);
return;
}
userList = createUserList ( brd );
}
} // synchronized
if (logger.isDebugEnabled()) {
logger.debug("Exit : BeehiveMemorySecurityModel::init");
}
}
private UserList createUserList ( BeehiveRoleDocument brd )
{
BeehiveRole beehiveRole = brd.getBeehiveRole();
UserList userList = new MemoryUserListImpl();
// constructs Role.
for ( org.apache.beehive.wsm.axis.security.xmlbeans.Role role : beehiveRole.getRoleArray() )
{
MemoryRoleImpl memoryRole = new MemoryRoleImpl();
memoryRole.setName ( role.getName() );
userList.addRole( memoryRole );
}
// constructs Group.
for ( org.apache.beehive.wsm.axis.security.xmlbeans.Group group : beehiveRole.getGroupArray() )
{
MemoryGroupImpl memoryGroup = new MemoryGroupImpl();
memoryGroup.setName ( group.getName() );
userList.addGroup( memoryGroup );
for ( org.apache.beehive.wsm.axis.security.xmlbeans.Role role : beehiveRole.getRoleArray() )
{
for ( String groupName : role.getGroupArray() )
{
if ( groupName.equals( group.getName() ) )
{
Role memoryRole = userList.getRole( role.getName() );
if ( memoryRole != null )
{
if (logger.isDebugEnabled()) {
logger.debug("GROUP : " + memoryGroup.getName() + " in ROLE : " + memoryRole.getName() );
}
memoryGroup.addRole ( memoryRole );
}
}
}
}
userList.addGroup ( memoryGroup );
}
// constructs User.
for( org.apache.beehive.wsm.axis.security.xmlbeans.User user : beehiveRole.getUserArray() )
{
MemoryUserImpl memoryUser = new MemoryUserImpl();
memoryUser.setName ( user.getName() );
memoryUser.setPassword ( user.getPassword() );
memoryUser.setMd5 ( user.getMd5() );
for ( org.apache.beehive.wsm.axis.security.xmlbeans.Group group : beehiveRole.getGroupArray() )
{
for ( String userName : group.getUserArray() )
{
if ( userName.equals( user.getName() ) )
{
Group memoryGroup = userList.getGroup( group.getName() );
if ( memoryGroup != null )
{
if (logger.isDebugEnabled()) {
logger.debug("USER : " + memoryUser.getName() + " in GROUP : " + memoryGroup.getName() );
}
// User and Group hold references to each other
memoryGroup.addUser( memoryUser );
memoryUser.addGroup( memoryGroup );
// user inherits this group's roles.
for ( Role memoryRole : memoryGroup.getRoles() )
{
memoryUser.addRole ( memoryRole );
}
}
}
}
}
for ( org.apache.beehive.wsm.axis.security.xmlbeans.Role role : beehiveRole.getRoleArray() )
{
for ( String userName : role.getUserArray() )
{
if ( userName.equals( user.getName() ) )
{
Role memoryRole = userList.getRole( role.getName() );
if ( memoryRole != null )
{
if (logger.isDebugEnabled()) {
logger.debug("USER : " + memoryUser.getName() + " in ROLE : " + memoryRole.getName() );
}
memoryUser.addRole( memoryRole );
}
}
}
}
userList.addUser ( memoryUser );
}
return userList;
}
public boolean isUserInRole ( MessageContext msgContext, Collection<String> rolesAllowed ){
if (logger.isDebugEnabled()) {
logger.debug("Enter: BeehiveMemorySecurityModel::isUserInRole");
}
String username = msgContext.getUsername();
if (logger.isDebugEnabled()) {
logger.debug("username from client : " + username);
}
if ( username == null ){
return false; // user didn't specify username.
}
if (logger.isDebugEnabled()) {
logger.debug("username from client : " + username);
}
User user = userList.getUser ( username );
if ( user == null ) {
if (logger.isDebugEnabled()) {
logger.debug("user returned from userList is null");
}
return false; // user doesn't exist.
}
if ( ! user.authenticate( msgContext.getPassword() ) )
{
if (logger.isDebugEnabled()) {
logger.debug("authenticate failed");
}
return false; // password doesn't match.
}
if (logger.isDebugEnabled()) {
logger.debug("authenticate passed (" + username + ")");
}
for ( Role role : user.getRoles() )
{
if (logger.isDebugEnabled()) {
logger.debug("user [" + user.getName() + "] role ["+ role.getName() +"]");
}
for ( String roleAllowed : rolesAllowed )
{
if ( role.getName().equals( roleAllowed ) )
{
if (logger.isDebugEnabled()) {
logger.debug( "auth : " + user.getName()+ " is in role [" + roleAllowed + "]");
}
msgContext.setProperty(SecurityModel.BEEHIVE_AUTHUSER, user);
return true;
}
}
}
if (logger.isDebugEnabled()) {
logger.debug("Exit: BeehiveMemorySecurityModel::isUserInRole");
}
return false;
}
}