001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: *
017: */
018:
019: /* $Id: URLPolicy.java 473861 2006-11-12 03:51:14Z gregor $ */
020:
021: package org.apache.lenya.ac.impl;
022:
023: import java.util.LinkedHashSet;
024: import java.util.Set;
025:
026: import org.apache.lenya.ac.AccessControlException;
027: import org.apache.lenya.ac.Accreditable;
028: import org.apache.lenya.ac.AccreditableManager;
029: import org.apache.lenya.ac.Credential;
030: import org.apache.lenya.ac.Identity;
031: import org.apache.lenya.ac.InheritingPolicyManager;
032: import org.apache.lenya.ac.Policy;
033: import org.apache.lenya.ac.Role;
034:
035: /**
036: * A policy at a certain URL. The final policy is computed by merging the
037: * subtree policies of all ancestor-or-self directories with the URL policy of
038: * the actual URL.
039: */
040: public class URLPolicy implements Policy {
041:
042: /**
043: * Returns the resulting policy for a certain URL.
044: *
045: * @param controller
046: * The acccess controller.
047: * @param _url
048: * The URL.
049: * @param manager
050: * The policy manager.
051: */
052: public URLPolicy(AccreditableManager controller, String _url,
053: InheritingPolicyManager manager) {
054: assert _url != null;
055: this .url = _url;
056:
057: assert manager != null;
058: this .policyManager = manager;
059:
060: assert controller != null;
061: this .accreditableManager = controller;
062: }
063:
064: private String url;
065:
066: private InheritingPolicyManager policyManager;
067:
068: private AccreditableManager accreditableManager;
069:
070: private Policy[] policies = null;
071:
072: private Credential[] credentials = null;
073:
074: /**
075: * Obtains the policies from the policy manager. This method is expensive
076: * and therefore only called when needed.
077: *
078: * @throws AccessControlException
079: * when something went wrong.
080: */
081: protected void obtainPolicies() throws AccessControlException {
082: if (this .policies == null) {
083: this .policies = getPolicyManager().getPolicies(
084: getAccreditableManager(), getUrl());
085: }
086: }
087:
088: /**
089: * Obtains the credentials from the policy manager. This method is expensive
090: * and therefore only called when needed.
091: *
092: * @throws AccessControlException
093: * when something went wrong.
094: */
095: protected void obtainCredentials() throws AccessControlException {
096: if (this .credentials == null) {
097: this .credentials = getPolicyManager().getCredentials(
098: getAccreditableManager(), getUrl());
099: }
100: }
101:
102: static final String[] VISITOR_ROLES = { "visitor", "visit" };
103:
104: static final String[] ADMINISTRATOR_ROLES = { "administrator",
105: "admin", "organize" };
106:
107: static final String[] AUTHOR_ROLES = { "author", "edit" };
108:
109: /**
110: * @see org.apache.lenya.ac.Policy#check(org.apache.lenya.ac.Identity, org.apache.lenya.ac.Role)
111: * Iterate the policy tree bottom-up.
112: */
113: public int check(Identity identity, Role role)
114: throws AccessControlException {
115: obtainPolicies();
116:
117: for (int i = 0; i < this .policies.length; i++) {
118: int result = this .policies[i].check(identity, role);
119: if (result == Policy.RESULT_GRANTED
120: || result == Policy.RESULT_DENIED) {
121: return result;
122: }
123: }
124: return Policy.RESULT_NOT_MATCHED;
125: }
126:
127: /**
128: * Returns the visitor role.
129: *
130: * @param manager
131: * The accreditable manager.
132: * @return A role.
133: * @throws AccessControlException
134: * when something went wrong.
135: */
136: public static Role getVisitorRole(AccreditableManager manager)
137: throws AccessControlException {
138: Role visitorRole = null;
139: for (int i = 0; i < VISITOR_ROLES.length; i++) {
140: Role role = manager.getRoleManager().getRole(
141: VISITOR_ROLES[i]);
142: if (role != null) {
143: visitorRole = role;
144: }
145: }
146: return visitorRole;
147: }
148:
149: /**
150: * Returns the administrator role.
151: *
152: * @param manager
153: * The accreditable manager.
154: * @return A role.
155: * @throws AccessControlException
156: * when something went wrong.
157: */
158: public static Role getAdministratorRole(AccreditableManager manager)
159: throws AccessControlException {
160: Role administratorRole = null;
161: for (int i = 0; i < ADMINISTRATOR_ROLES.length; i++) {
162: Role role = manager.getRoleManager().getRole(
163: ADMINISTRATOR_ROLES[i]);
164: if (role != null) {
165: administratorRole = role;
166: }
167: }
168: return administratorRole;
169: }
170:
171: /**
172: * Returns the author role.
173: *
174: * @param manager
175: * The accreditable manager.
176: * @return A role.
177: * @throws AccessControlException
178: * when something went wrong.
179: */
180: public static Role getAuthorRole(AccreditableManager manager)
181: throws AccessControlException {
182: Role administratorRole = null;
183: for (int i = 0; i < AUTHOR_ROLES.length; i++) {
184: Role role = manager.getRoleManager().getRole(
185: AUTHOR_ROLES[i]);
186: if (role != null) {
187: administratorRole = role;
188: }
189: }
190: return administratorRole;
191: }
192:
193: /**
194: * Returns the URL of this policy.
195: *
196: * @return The URL of this policy.
197: */
198: public String getUrl() {
199: return this .url;
200: }
201:
202: /**
203: * Returns the policy builder.
204: *
205: * @return A policy builder.
206: */
207: public InheritingPolicyManager getPolicyManager() {
208: return this .policyManager;
209: }
210:
211: /**
212: * Returns the access controller.
213: *
214: * @return An access controller.
215: */
216: public AccreditableManager getAccreditableManager() {
217: return this .accreditableManager;
218: }
219:
220: /**
221: * The URL policy requires SSL protection if one of its member policies
222: * requires SSL protection.
223: *
224: * @see org.apache.lenya.ac.Policy#isSSLProtected()
225: */
226: public boolean isSSLProtected() throws AccessControlException {
227: obtainPolicies();
228:
229: boolean ssl = false;
230:
231: int i = 0;
232: while (!ssl && i < this .policies.length) {
233: ssl = ssl || this .policies[i].isSSLProtected();
234: i++;
235: }
236:
237: return ssl;
238: }
239:
240: /**
241: * @see org.apache.lenya.ac.Policy#isEmpty()
242: */
243: public boolean isEmpty() throws AccessControlException {
244: boolean empty = true;
245:
246: int i = 0;
247: while (empty && i < this .policies.length) {
248: empty = empty && this .policies[i].isEmpty();
249: i++;
250: }
251:
252: return empty;
253: }
254:
255: public Credential[] getCredentials() throws AccessControlException {
256: obtainCredentials();
257: Set credentials = new LinkedHashSet();
258:
259: for (int accrIndex = 0; accrIndex < this .credentials.length; accrIndex++) {
260: credentials.add(this .credentials[accrIndex]);
261: }
262: return (Credential[]) credentials
263: .toArray(new Credential[credentials.size()]);
264: }
265:
266: public Credential[] getCredentials(Identity identity)
267: throws AccessControlException {
268: Accreditable[] accreditables = identity.getAccreditables();
269: Credential[] credentials = getCredentials();
270: Set returnCredential = new LinkedHashSet();
271:
272: for (int credIndex = 0; credIndex < credentials.length; credIndex++) {
273: Credential credential = credentials[credIndex];
274:
275: for (int accrIndex = 0; accrIndex < accreditables.length; accrIndex++) {
276: Accreditable accreditable = accreditables[accrIndex];
277:
278: if (credential.getAccreditable().equals(accreditable)) {
279: returnCredential.add(credential);
280: }
281: }
282: }
283:
284: return (Credential[]) returnCredential
285: .toArray(new Credential[returnCredential.size()]);
286: }
287:
288: }
|