001: /*******************************************************************************
002: * Licensed to the Apache Software Foundation (ASF) under one
003: * or more contributor license agreements. See the NOTICE file
004: * distributed with this work for additional information
005: * regarding copyright ownership. The ASF licenses this file
006: * to you under the Apache License, Version 2.0 (the
007: * "License"); you may not use this file except in compliance
008: * with the License. You may obtain a copy of the License at
009: *
010: * http://www.apache.org/licenses/LICENSE-2.0
011: *
012: * Unless required by applicable law or agreed to in writing,
013: * software distributed under the License is distributed on an
014: * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015: * KIND, either express or implied. See the License for the
016: * specific language governing permissions and limitations
017: * under the License.
018: *******************************************************************************/package org.ofbiz.security;
019:
020: import org.ofbiz.base.config.GenericConfigException;
021: import org.ofbiz.base.config.SecurityConfigUtil;
022: import org.ofbiz.base.util.Debug;
023: import org.ofbiz.base.util.UtilProperties;
024: import org.ofbiz.base.util.UtilValidate;
025: import org.ofbiz.entity.GenericDelegator;
026: import org.w3c.dom.Element;
027:
028: /**
029: * <code>SecurityFactory</code>
030: *
031: * This Factory class returns an instance of a security implementation.
032: *
033: * Setting the security implementation className is done in security.xml.
034: * If no customiz security name is given, the default implementation will be used (OFBizSecurity)
035: */
036: public class SecurityFactory {
037:
038: public static final String module = SecurityFactory.class.getName();
039: public static final String DEFAULT_SECURITY = "org.ofbiz.security.OFBizSecurity";
040:
041: private static String securityName = null;
042: private static Element rootElement = null;
043: private static SecurityConfigUtil.SecurityInfo securityInfo = null;
044:
045: /**
046: * Returns an instance of a Security implementation as defined in the security.xml by defined name
047: * in security.properties.
048: *
049: * @param delegator the generic delegator
050: * @return instance of security implementation (default: OFBizSecurity)
051: */
052: public static Security getInstance(GenericDelegator delegator)
053: throws SecurityConfigurationException {
054: Security security = null;
055:
056: // Make securityName a singleton
057: if (securityName == null) {
058: String _securityName = UtilProperties.getPropertyValue(
059: "security.properties", "security.context");
060: securityName = _securityName;
061: }
062:
063: if (Debug.verboseOn())
064: Debug
065: .logVerbose(
066: "[SecurityFactory.getInstance] Security implementation context name from security.properties: "
067: + securityName, module);
068:
069: synchronized (SecurityFactory.class) {
070: try {
071: ClassLoader loader = Thread.currentThread()
072: .getContextClassLoader();
073: Class c = loader
074: .loadClass(getSecurityClass(securityName));
075: security = (Security) c.newInstance();
076: security.setDelegator(delegator);
077: } catch (ClassNotFoundException cnf) {
078: throw new SecurityConfigurationException(
079: "Cannot load security implementation class",
080: cnf);
081: } catch (InstantiationException ie) {
082: throw new SecurityConfigurationException(
083: "Cannot get instance of the security implementation",
084: ie);
085: } catch (IllegalAccessException iae) {
086: throw new SecurityConfigurationException(iae
087: .getMessage(), iae);
088: }
089: }
090:
091: if (Debug.verboseOn())
092: Debug
093: .logVerbose(
094: "[SecurityFactory.getInstance] Security implementation successfully loaded!!!",
095: module);
096:
097: return security;
098: }
099:
100: /**
101: * Returns the class name of a custom Security implementation.
102: * The default class name (org.ofbiz.security.OFBizSecurity) may be overridden by a customized implementation
103: * class name in security.xml.
104: *
105: * @param securityName the security context name to be looked up
106: * @return className the class name of the security implementatin
107: * @throws SecurityConfigurationException
108: */
109: private static String getSecurityClass(String securityName)
110: throws SecurityConfigurationException {
111: String className = null;
112:
113: if (Debug.verboseOn())
114: Debug.logVerbose(
115: "[SecurityFactory.getSecurityClass] Security implementation context name: "
116: + securityName, module);
117:
118: // Only load rootElement again, if not yet loaded (singleton)
119: if (rootElement == null) {
120: try {
121: SecurityConfigUtil.getXmlDocument();
122: Element _rootElement = SecurityConfigUtil
123: .getXmlRootElement();
124:
125: rootElement = _rootElement;
126: } catch (GenericConfigException e) {
127: Debug
128: .logError(
129: e,
130: "Error getting Security Config XML root element",
131: module);
132: return null;
133: }
134: }
135:
136: if (securityInfo == null) {
137: SecurityConfigUtil.SecurityInfo _securityInfo = SecurityConfigUtil
138: .getSecurityInfo(securityName);
139:
140: // Make sure, that the security conetxt name is defined and present
141: if (_securityInfo == null) {
142: throw new SecurityConfigurationException(
143: "ERROR: no security definition was found with the name "
144: + securityName + " in security.xml");
145: }
146: securityInfo = _securityInfo;
147: }
148:
149: // This is the default implementation and uses org.ofbiz.security.OFBizSecurity
150: if (UtilValidate.isEmpty(securityInfo.className)) {
151: className = DEFAULT_SECURITY;
152: } else {
153: // Use a customized security
154: className = securityInfo.className;
155: }
156:
157: if (Debug.verboseOn())
158: Debug.logVerbose(
159: "[SecurityFactory.getSecurity] Security implementation "
160: + className + " for security name "
161: + securityName + " successfully loaded!!!",
162: module);
163: return className;
164: }
165: }
|