/* ====================================================================
* The Apache Software License, Version 1.1
*
* Copyright (c) 2000-2001 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution,
* if any, must include the following acknowledgment:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowledgment may appear in the software itself,
* if and wherever such third-party acknowledgments normally appear.
*
* 4. The names "Apache" and "Apache Software Foundation" and
* "Apache Jetspeed" must not be used to endorse or promote products
* derived from this software without prior written permission. For
* written permission, please contact apache@apache.org.
*
* 5. Products derived from this software may not be called "Apache" or
* "Apache Jetspeed", nor may "Apache" appear in their name, without
* prior written permission of the Apache Software Foundation.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*/
package org.apache.jetspeed.services.security.turbine;
// Java imports
import javax.servlet.ServletConfig;
import java.util.Iterator;
// Jetspeed import
import org.apache.jetspeed.om.profile.Entry;
import org.apache.jetspeed.om.registry.RegistryEntry;
import org.apache.jetspeed.om.registry.Security;
import org.apache.jetspeed.om.security.JetspeedUser;
import org.apache.jetspeed.om.security.Role;
import org.apache.jetspeed.portal.Portlet;
import org.apache.jetspeed.portal.PortletController;
import org.apache.jetspeed.portal.PortletSet;
import org.apache.jetspeed.services.resources.JetspeedResources;
import org.apache.jetspeed.services.JetspeedSecurity;
import org.apache.jetspeed.services.Registry;
import org.apache.jetspeed.services.security.PortalAccessController;
import org.apache.jetspeed.services.security.PortalResource;
// Turbine imports
import org.apache.turbine.services.TurbineBaseService;
import org.apache.turbine.services.InitializationException;
import org.apache.turbine.util.Log;
/**
* TurbineAccessController
*
* @author <a href="paulsp@apache.org">Paul Spencer</a>
* @version $Id: TurbineAccessController.java,v 1.3 2002/08/25 19:45:07 paulsp Exp $
*/
public class TurbineAccessController extends TurbineBaseService
implements PortalAccessController
{
private final static String CONFIG_DEFAULT_PERMISSION_LOGGEDIN = "services.JetspeedSecurity.permission.default.loggedin";
private final static String CONFIG_DEFAULT_PERMISSION_ANONYMOUS = "services.JetspeedSecurity.permission.default.anonymous";
/**
* Given a <code>JetspeedUser</code>, authorize that user to perform the secured action on
* the given <code>Portlet</code> resource. If the user does not have
* sufficient privilege to perform the action on the resource, the check returns false,
* otherwise when sufficient privilege is present, checkPermission returns true.
*
* @param user the user to be checked.
* @param portlet the portlet resource.
* @param action the secured action to be performed on the resource by the user.
* @return boolean true if the user has sufficient privilege.
*/
public boolean checkPermission(JetspeedUser user, Portlet portlet, String action)
{
return checkPermission(user, portlet, action, null);
}
/**
* Given a <code>JetspeedUser</code>, authorize that user to perform the secured action on
* the given <code>Portlet</code> resource. If the user does not have
* sufficient privilege to perform the action on the resource, the check returns false,
* otherwise when sufficient privilege is present, checkPermission returns true.
*
* @param user the user to be checked.
* @param portlet the portlet resource.
* @param action the secured action to be performed on the resource by the user.
* @param owner of the entry, i.e. the username
* @return boolean true if the user has sufficient privilege.
*/
public boolean checkPermission(JetspeedUser user, Portlet portlet, String action, String owner)
{
String portletName = portlet.getName();
RegistryEntry regEntry = (RegistryEntry)Registry.getEntry(Registry.PORTLET, portletName);
//portlet is not a portlet - probably a controller or control
if (regEntry==null)
{
PortletSet ps = portlet.getPortletConfig().getPortletSet();
if (ps != null)
{
PortletController pc = ps.getController();
if (pc != null)
{
portletName = pc.getConfig().getName();
regEntry = (RegistryEntry)Registry.getEntry(Registry.PORTLET_CONTROLLER, portletName);
}
}
}
if (regEntry==null)
{
return checkDefaultPermission(user, action);
}
return checkPermission(user, regEntry, action);
}
/**
* Given a <code>JetspeedUser</code>, authorize that user to perform the secured action on
* the given Portlet Instance (<code>Entry</code>) resource. If the user does not have
* sufficient privilege to perform the action on the resource, the check returns false,
* otherwise when sufficient privilege is present, checkPermission returns true.
*
* @param user the user to be checked.
* @param entry the portlet instance resource.
* @param action the secured action to be performed on the resource by the user.
* @return boolean true if the user has sufficient privilege.
*/
public boolean checkPermission(JetspeedUser user, Entry entry, String action)
{
return checkPermission(user, entry, action, null);
}
/**
* Given a <code>JetspeedUser</code>, authorize that user to perform the secured action on
* the given Portlet Instance (<code>Entry</code>) resource. If the user does not have
* sufficient privilege to perform the action on the resource, the check returns false,
* otherwise when sufficient privilege is present, checkPermission returns true.
*
* @param user the user to be checked.
* @param entry the portlet instance resource.
* @param action the secured action to be performed on the resource by the user.
* @param owner of the entry, i.e. the username
* @return boolean true if the user has sufficient privilege.
*/
public boolean checkPermission(JetspeedUser user, Entry entry, String action, String owner)
{
String portletName = entry.getParent();
RegistryEntry regEntry = (RegistryEntry)Registry.getEntry(Registry.PORTLET, portletName);
if (regEntry==null)
{
return checkDefaultPermission(user, action);
}
return checkPermission(user, regEntry, action);
}
/**
* Given a <code>JetspeedUser</code>, authorize that user to perform the secured action on
* the given resource. If the user does not have
* sufficient privilege to perform the action on the resource, the check returns false,
* otherwise when sufficient privilege is present, checkPermission returns true.
*
* @param user the user to be checked.
* @param resource requesting an action
* @param action the secured action to be performed on the resource by the user.
* @return boolean true if the user has sufficient privilege.
*/
public boolean checkPermission(JetspeedUser user, PortalResource resource, String action)
{
switch (resource.getResourceType())
{
case PortalResource.TYPE_ENTRY:
return checkPermission(user, resource.getEntry(), action);
case PortalResource.TYPE_REGISTRY:
return checkPermission(user, resource.getRegistryEntry(), action);
case PortalResource.TYPE_REGISTRY_PARAMETER:
return checkPermission(user, resource.getRegistryParameter(), action);
}
return false;
}
/**
* Checks if the user has access to a given portlet for the given action
*
* @param user the requesting user.
* @param regEntry the registry entry from the registry.
* @param action the jetspeed-action (view, edit, customize, delete...) for which permission is being checked.
* @exception Sends a RegistryException if the manager can't add
* the provided entry
*/
private boolean checkPermission(JetspeedUser user, RegistryEntry regEntry, String action)
{
Security security = regEntry.getSecurity();
if (null == security)
return checkDefaultPermission( user, action);
String securityRole = security.getRole();
if (null == securityRole)
return checkDefaultPermission( user, action);
// determine if Portlet has specified role
try
{
if (false == JetspeedSecurity.hasRole(user.getUserName(), securityRole))
{
return false;
}
} catch (Exception e)
{
Log.error(e);
return false;
}
return checkPermission(user, action);
}
/**
* Checks if the currently logged on user has access for the given action
*
* @param user the requesting user.
* @param action the jetspeed-action (view, edit, customize, delete...) for which permission is being checked.
* @exception Sends a RegistryException if the manager can't add
* the provided entry
*/
/**
* given the rundata, checks if the currently logged on user has access for the given action
*
* @param rundata the request rundata.
* @param permission the jetspeed-action (view, edit, customize, delete...) for which permission is being checked.
* @param entry the registry entry from the registry.
* @exception Sends a RegistryException if the manager can't add
* the provided entry
*/
private boolean checkPermission(JetspeedUser user, String action)
{
if (action == null)
{
return true;
}
// determine if user has specified role
try
{
Iterator roles = JetspeedSecurity.getRoles(user.getUserName());
while (roles.hasNext())
{
Role role = (Role)roles.next();
return JetspeedSecurity.hasPermission(role.getName(), action);
}
} catch (Exception e)
{
Log.error(e);
return false;
}
return true;
}
private boolean checkDefaultPermission(JetspeedUser user, String action)
{
String defaultPermissions[] = null;
try
{
if ( (user == null) || !user.hasLoggedIn() )
{
defaultPermissions = JetspeedResources.getStringArray(CONFIG_DEFAULT_PERMISSION_ANONYMOUS);
} else
{
defaultPermissions = JetspeedResources.getStringArray(CONFIG_DEFAULT_PERMISSION_LOGGEDIN);
}
} catch (Exception e)
{
e.printStackTrace();
}
for (int i = 0; i < defaultPermissions.length; i++)
{
if (defaultPermissions[i].equals("*"))
return true;
if (defaultPermissions[i].equals(action))
return true;
}
return false;
}
/*
* Turbine Services Interface
*/
/**
* This is the early initialization method called by the
* Turbine <code>Service</code> framework
* @param conf The <code>ServletConfig</code>
* @exception throws a <code>InitializationException</code> if the service
* fails to initialize
*/
public synchronized void init(ServletConfig conf)
throws InitializationException
{
if (getInit()) return;
super.init(conf);
setInit(true);
}
}