001: //$HeadURL: https://svn.wald.intevation.org/svn/deegree/base/trunk/src/org/deegree/security/drm/SecurityAccess.java $
002: /*---------------- FILE HEADER ------------------------------------------
003:
004: This file is part of deegree.
005: Copyright (C) 2001-2008 by:
006: EXSE, Department of Geography, University of Bonn
007: http://www.giub.uni-bonn.de/deegree/
008: lat/lon GmbH
009: http://www.lat-lon.de
010:
011: This library is free software; you can redistribute it and/or
012: modify it under the terms of the GNU Lesser General Public
013: License as published by the Free Software Foundation; either
014: version 2.1 of the License, or (at your option) any later version.
015:
016: This library is distributed in the hope that it will be useful,
017: but WITHOUT ANY WARRANTY; without even the implied warranty of
018: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
019: Lesser General Public License for more details.
020:
021: You should have received a copy of the GNU Lesser General Public
022: License along with this library; if not, write to the Free Software
023: Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
024:
025: Contact:
026:
027: Andreas Poth
028: lat/lon GmbH
029: Aennchenstr. 19
030: 53115 Bonn
031: Germany
032: E-Mail: poth@lat-lon.de
033:
034: Prof. Dr. Klaus Greve
035: Department of Geography
036: University of Bonn
037: Meckenheimer Allee 166
038: 53115 Bonn
039: Germany
040: E-Mail: greve@giub.uni-bonn.de
041:
042: ---------------------------------------------------------------------------*/
043: package org.deegree.security.drm;
044:
045: import java.util.HashSet;
046: import java.util.Iterator;
047: import java.util.Stack;
048:
049: import org.deegree.security.GeneralSecurityException;
050: import org.deegree.security.UnauthorizedException;
051: import org.deegree.security.drm.model.Group;
052: import org.deegree.security.drm.model.Privilege;
053: import org.deegree.security.drm.model.RightType;
054: import org.deegree.security.drm.model.Role;
055: import org.deegree.security.drm.model.SecurableObject;
056: import org.deegree.security.drm.model.SecuredObject;
057: import org.deegree.security.drm.model.User;
058:
059: /**
060: *
061: *
062: *
063: * @version $Revision: 9346 $
064: * @author <a href="mailto:poth@lat-lon.de">Andreas Poth</a>
065: * @author last edited by: $Author: apoth $
066: *
067: * @version 1.0. $Revision: 9346 $, $Date: 2007-12-27 08:39:07 -0800 (Thu, 27 Dec 2007) $
068: *
069: * @since 2.0
070: */
071: public class SecurityAccess {
072:
073: protected User user;
074:
075: protected SecurityRegistry registry;
076:
077: SecurityAccess(User user, SecurityRegistry registry) {
078: this .user = user;
079: this .registry = registry;
080: }
081:
082: public User getUser() {
083: return user;
084: }
085:
086: public User getUserByName(String name)
087: throws GeneralSecurityException {
088: return registry.getUserByName(this , name);
089: }
090:
091: public User getUserById(int id) throws GeneralSecurityException {
092: return registry.getUserById(this , id);
093: }
094:
095: public Group getGroupByName(String name)
096: throws GeneralSecurityException {
097: return registry.getGroupByName(this , name);
098: }
099:
100: public Group getGroupById(int id) throws GeneralSecurityException {
101: return registry.getGroupById(this , id);
102: }
103:
104: public Role getRoleByName(String name)
105: throws GeneralSecurityException {
106: return registry.getRoleByName(this , name);
107: }
108:
109: public Role[] getRolesByNS(String ns)
110: throws GeneralSecurityException {
111: return registry.getRolesByNS(this , ns);
112: }
113:
114: public Role getRoleById(int id) throws GeneralSecurityException {
115: return registry.getRoleById(this , id);
116: }
117:
118: public RightType getRightByName(String name)
119: throws GeneralSecurityException {
120: return registry.getRightTypeByName(this , name);
121: }
122:
123: public Privilege getPrivilegeByName(String name)
124: throws GeneralSecurityException {
125: return registry.getPrivilegeByName(this , name);
126: }
127:
128: public SecuredObject getSecuredObjectById(int id)
129: throws GeneralSecurityException {
130: return registry.getSecuredObjectById(this , id);
131: }
132:
133: public SecuredObject getSecuredObjectByName(String name, String type)
134: throws GeneralSecurityException {
135: return registry.getSecuredObjectByName(this , name, type);
136: }
137:
138: public SecuredObject[] getSecuredObjectsByNS(String ns, String type)
139: throws GeneralSecurityException {
140: return registry.getSecuredObjectsByNS(this , ns, type);
141: }
142:
143: public User[] getAllUsers() throws GeneralSecurityException {
144: return registry.getAllUsers(this );
145: }
146:
147: public Group[] getAllGroups() throws GeneralSecurityException {
148: return registry.getAllGroups(this );
149: }
150:
151: public SecuredObject[] getAllSecuredObjects(String type)
152: throws GeneralSecurityException {
153: return registry.getAllSecuredObjects(this , type);
154: }
155:
156: /**
157: * Retrieves all <code>Role</code> s from the <code>Registry</code>, except those that are
158: * only used internally (these have a namespace starting with the $ symbol);
159: *
160: * @throws GeneralSecurityException
161: */
162: public Role[] getAllRoles() throws GeneralSecurityException {
163: return registry.getAllRoles(this );
164: }
165:
166: /**
167: * Returns all <code>Role</code> s that the given <code>User</code> is associated with
168: * (directly and via group memberships).
169: *
170: * @param user
171: * @throws GeneralSecurityException
172: */
173: public Role[] getAllRolesForUser(User user)
174: throws GeneralSecurityException {
175:
176: HashSet<Group> allGroups = new HashSet<Group>();
177: Stack<Group> groupStack = new Stack<Group>();
178: Group[] groups = registry.getGroupsForUser(this , user);
179: for (int i = 0; i < groups.length; i++) {
180: groupStack.push(groups[i]);
181: }
182:
183: // collect all groups that user is member of
184: while (!groupStack.isEmpty()) {
185: Group currentGroup = groupStack.pop();
186: allGroups.add(currentGroup);
187: groups = registry.getGroupsForGroup(this , currentGroup);
188: for (int i = 0; i < groups.length; i++) {
189: if (!allGroups.contains(groups[i])) {
190: allGroups.add(groups[i]);
191: groupStack.push(groups[i]);
192: }
193: }
194: }
195:
196: HashSet<Role> allRoles = new HashSet<Role>();
197:
198: // add all directly associated roles
199: Role[] roles = registry.getRolesForUser(this , user);
200: for (int i = 0; i < roles.length; i++) {
201: allRoles.add(roles[i]);
202: }
203:
204: // add all roles that are associated via group membership
205: Iterator it = allGroups.iterator();
206: while (it.hasNext()) {
207: Group group = (Group) it.next();
208: roles = registry.getRolesForGroup(this , group);
209: for (int i = 0; i < roles.length; i++) {
210: allRoles.add(roles[i]);
211: }
212: }
213: return allRoles.toArray(new Role[allRoles.size()]);
214: }
215:
216: /**
217: * Returns all <code>Role</code> s that the given <code>Group</code> is associated with
218: * (directly and via group memberships).
219: *
220: * @param group
221: * @throws GeneralSecurityException
222: */
223: public Role[] getAllRolesForGroup(Group group)
224: throws GeneralSecurityException {
225:
226: HashSet<Group> allGroups = new HashSet<Group>();
227: Stack<Group> groupStack = new Stack<Group>();
228: groupStack.push(group);
229:
230: while (!groupStack.isEmpty()) {
231: Group currentGroup = groupStack.pop();
232: Group[] groups = registry.getGroupsForGroup(this ,
233: currentGroup);
234: for (int i = 0; i < groups.length; i++) {
235: if (!allGroups.contains(groups[i])) {
236: allGroups.add(groups[i]);
237: groupStack.push(groups[i]);
238: }
239: }
240: }
241:
242: HashSet<Role> allRoles = new HashSet<Role>();
243: Iterator it = allGroups.iterator();
244: while (it.hasNext()) {
245: Role[] roles = registry.getRolesForGroup(this , (Group) it
246: .next());
247: for (int i = 0; i < roles.length; i++) {
248: allRoles.add(roles[i]);
249: }
250: }
251: return allRoles.toArray(new Role[allRoles.size()]);
252: }
253:
254: /**
255: * Tries to find a cyle in the groups relations of the <code>Registry</code>.
256: *
257: * @return indicates the cycle's nodes (groups)
258: */
259: public Group[] findGroupCycle() throws GeneralSecurityException {
260: Group[] allGroups = getAllGroups();
261: for (int i = 0; i < allGroups.length; i++) {
262: Stack<Group> path = new Stack<Group>();
263: if (findGroupCycle(allGroups[i], path)) {
264: return path.toArray(new Group[path.size()]);
265: }
266: }
267: return null;
268: }
269:
270: /**
271: * Recursion part for the <code>findGroupCycle</code> -algorithm.
272: * <p>
273: * Modified depth first search.
274: *
275: * @param group
276: * @param path
277: * @return
278: * @throws GeneralSecurityException
279: */
280: private boolean findGroupCycle(Group group, Stack<Group> path)
281: throws GeneralSecurityException {
282: if (path.contains(group)) {
283: path.push(group);
284: return true;
285: }
286: path.push(group);
287: Group[] members = registry.getGroupsForGroup(this , group);
288: for (int i = 0; i < members.length; i++) {
289: if (findGroupCycle(members[i], path)) {
290: return true;
291: }
292: }
293: path.pop();
294: return false;
295: }
296:
297: /**
298: * Checks if the associated <code>User</code> has a certain <code>Privilege</code>.
299: *
300: * @param privilege
301: * @throws GeneralSecurityException
302: * if holder does not have the privilege
303: */
304: protected void checkForPrivilege(Privilege privilege)
305: throws GeneralSecurityException {
306: if (!user.hasPrivilege(this , privilege)) {
307: throw new GeneralSecurityException(
308: "The requested operation requires the privilege '"
309: + privilege.getName() + "'.");
310: }
311: }
312:
313: /**
314: * Checks if the associated <code>User</code> has a certain <code>Right</code> on the given
315: * <code>SecurableObject</code>.
316: *
317: * @param right
318: * @param object
319: * @throws GeneralSecurityException
320: * this is a UnauthorizedException if the holder does not have the right
321: */
322: protected void checkForRight(RightType right, SecurableObject object)
323: throws UnauthorizedException, GeneralSecurityException {
324: if (!user.hasRight(this , right, object)) {
325: throw new UnauthorizedException(
326: "The requested operation requires the right '"
327: + right.getName() + "' on the object '"
328: + object.getName() + "'.");
329: }
330: }
331: }
|