001: /* Copyright 2001, 2002 The JA-SIG Collaborative. All rights reserved.
002: * See license distributed with this file and
003: * available online at http://www.uportal.org/license.html
004: */
005:
006: package org.jasig.portal.security.provider;
007:
008: import java.util.ArrayList;
009: import java.util.Arrays;
010: import java.util.HashSet;
011: import java.util.Iterator;
012: import java.util.List;
013: import java.util.Map;
014: import java.util.Set;
015: import java.util.Vector;
016:
017: import org.jasig.portal.AuthorizationException;
018: import org.jasig.portal.EntityTypes;
019: import org.jasig.portal.concurrency.CachingException;
020: import org.jasig.portal.groups.GroupsException;
021: import org.jasig.portal.groups.IEntityGroup;
022: import org.jasig.portal.groups.IGroupMember;
023: import org.jasig.portal.properties.PropertiesManager;
024: import org.jasig.portal.security.IAuthorizationPrincipal;
025: import org.jasig.portal.security.IAuthorizationService;
026: import org.jasig.portal.security.IPermission;
027: import org.jasig.portal.security.IPermissionManager;
028: import org.jasig.portal.security.IPermissionPolicy;
029: import org.jasig.portal.security.IPermissionSet;
030: import org.jasig.portal.security.IPermissionStore;
031: import org.jasig.portal.security.IUpdatingPermissionManager;
032: import org.jasig.portal.services.EntityCachingService;
033: import org.jasig.portal.services.GroupService;
034: import org.jasig.portal.utils.cache.CacheFactory;
035: import org.jasig.portal.utils.cache.CacheFactoryLocator;
036: import org.apache.commons.logging.Log;
037: import org.apache.commons.logging.LogFactory;
038:
039: /**
040: * @author Bernie Durfee, bdurfee@interactivebusiness.com
041: * @author Dan Ellentuck
042: * @author Scott Battaglia
043: * @version $Revision: 42157 $ $Date: 2007-06-22 12:20:38 -0700 (Fri, 22 Jun 2007) $
044: */
045: public class AuthorizationImpl implements IAuthorizationService {
046:
047: /** Instance of log in order to log events. */
048: protected final Log log = LogFactory.getLog(getClass());
049:
050: /** Constant representing the separator used in the principal key. */
051: private static final String PRINCIPAL_SEPARATOR = ".";
052:
053: /** The static instance of the AuthorizationImpl for purposes of creating a AuthorizationImpl singleton. */
054: private static final IAuthorizationService singleton;
055:
056: /** Instance of the Permission Store for storing permission information. */
057: private IPermissionStore permissionStore;
058:
059: /** The default Permission Policy this Authorization implementation will use. */
060: private IPermissionPolicy defaultPermissionPolicy;
061:
062: /** The cache to hold the list of principals. */
063: private Map<String, IAuthorizationPrincipal> principalCache = CacheFactoryLocator
064: .getCacheFactory().getCache(CacheFactory.PRINCIPAL_CACHE);
065:
066: /** The class representing the permission set type. */
067: private Class PERMISSION_SET_TYPE;
068:
069: /** variable to determine if we should cache permissions or not. */
070: private boolean cachePermissions;
071:
072: static {
073: singleton = new AuthorizationImpl();
074: }
075:
076: /**
077: *
078: */
079: protected AuthorizationImpl() {
080: super ();
081: initialize();
082: }
083:
084: /**
085: * Adds <code>IPermissions</code> to the back end store.
086: * @param permissions IPermission[]
087: * @exception AuthorizationException
088: */
089: public void addPermissions(IPermission[] permissions)
090: throws AuthorizationException {
091: if (permissions.length > 0) {
092: getPermissionStore().add(permissions);
093: if (this .cachePermissions) {
094: removeFromPermissionsCache(permissions);
095: }
096: }
097: }
098:
099: /**
100: * Adds the <code>IPermissionSet</code> to the entity cache.
101: */
102: protected void cacheAdd(IPermissionSet ps)
103: throws AuthorizationException {
104: try {
105: EntityCachingService.instance().add(ps);
106: } catch (CachingException ce) {
107: throw new AuthorizationException(
108: "Problem adding permissions for " + ps
109: + " to cache", ce);
110: }
111: }
112:
113: /**
114: * Retrieves the <code>IPermissionSet</code> for the <code>IPermissionSet</code>
115: * from the entity cache.
116: */
117: protected IPermissionSet cacheGet(IAuthorizationPrincipal principal)
118: throws AuthorizationException {
119: try {
120: return (IPermissionSet) EntityCachingService.instance()
121: .get(this .PERMISSION_SET_TYPE,
122: principal.getPrincipalString());
123: } catch (CachingException ce) {
124: throw new AuthorizationException(
125: "Problem getting permissions for " + principal
126: + " from cache", ce);
127: }
128: }
129:
130: /**
131: * Removes the <code>IPermissionSet</code> for this principal from the
132: * entity cache.
133: */
134: protected void cacheRemove(IAuthorizationPrincipal ap)
135: throws AuthorizationException {
136: try {
137: EntityCachingService.instance().remove(
138: this .PERMISSION_SET_TYPE, ap.getPrincipalString());
139: } catch (CachingException ce) {
140: throw new AuthorizationException(
141: "Problem removing permissions for " + ap
142: + " from cache", ce);
143: }
144: }
145:
146: /**
147: * Updates the <code>IPermissionSet</code> in the entity cache.
148: */
149: protected void cacheUpdate(IPermissionSet ps)
150: throws AuthorizationException {
151: try {
152: EntityCachingService.instance().update(ps);
153: } catch (CachingException ce) {
154: throw new AuthorizationException(
155: "Problem updating permissions for " + ps
156: + " in cache", ce);
157: }
158: }
159:
160: /**
161: * This checks if the framework has granted principal a right to publish. DO WE WANT SOMETHING THIS COARSE (de)?
162: * @param principal IAuthorizationPrincipal
163: * @return boolean
164: */
165: public boolean canPrincipalPublish(IAuthorizationPrincipal principal)
166: throws AuthorizationException {
167: return doesPrincipalHavePermission(principal,
168: IPermission.PORTAL_FRAMEWORK,
169: IPermission.CHANNEL_PUBLISHER_ACTIVITY, null);
170: }
171:
172: /**
173: * Answers if the principal has permission to RENDER this Channel.
174: * @return boolean
175: * @param principal IAuthorizationPrincipal
176: * @param channelPublishId int
177: * @exception AuthorizationException indicates authorization information could not be retrieved.
178: */
179: public boolean canPrincipalRender(
180: IAuthorizationPrincipal principal, int channelPublishId)
181: throws AuthorizationException {
182: return canPrincipalSubscribe(principal, channelPublishId);
183: }
184:
185: /**
186: * Answers if the principal has permission to SUBSCRIBE to this Channel.
187: * @return boolean
188: * @param principal IAuthorizationPrincipal
189: * @param channelPublishId int
190: * @exception AuthorizationException indicates authorization information could not be retrieved.
191: */
192: public boolean canPrincipalSubscribe(
193: IAuthorizationPrincipal principal, int channelPublishId)
194: throws AuthorizationException {
195: String owner = IPermission.PORTAL_FRAMEWORK;
196: String target = IPermission.CHANNEL_PREFIX + channelPublishId;
197: return doesPrincipalHavePermission(principal, owner,
198: IPermission.CHANNEL_SUBSCRIBER_ACTIVITY, target);
199: }
200:
201: /**
202: * Answers if the owner has given the principal (or any of its parents) permission
203: * to perform the activity on the target. Params <code>owner</code> and
204: * <code>activity</code> must be non-null. If <code>target</code> is null, then
205: * target is not checked.
206: *
207: * @return boolean
208: * @param principal IAuthorizationPrincipal
209: * @param owner java.lang.String
210: * @param activity java.lang.String
211: * @param target java.lang.String
212: * @exception AuthorizationException indicates authorization information could not
213: * be retrieved.
214: */
215: public boolean doesPrincipalHavePermission(
216: IAuthorizationPrincipal principal, String owner,
217: String activity, String target)
218: throws AuthorizationException {
219: return doesPrincipalHavePermission(principal, owner, activity,
220: target, getDefaultPermissionPolicy());
221: }
222:
223: /**
224: * Answers if the owner has given the principal permission to perform the activity on
225: * the target, as evaluated by the policy. Params <code>policy</code>, <code>owner</code>
226: * and <code>activity</code> must be non-null.
227: *
228: * @return boolean
229: * @param principal IAuthorizationPrincipal
230: * @param owner java.lang.String
231: * @param activity java.lang.String
232: * @param target java.lang.String
233: * @exception AuthorizationException indicates authorization information could not
234: * be retrieved.
235: */
236: public boolean doesPrincipalHavePermission(
237: IAuthorizationPrincipal principal, String owner,
238: String activity, String target, IPermissionPolicy policy)
239: throws AuthorizationException {
240: return policy.doesPrincipalHavePermission(this , principal,
241: owner, activity, target);
242: }
243:
244: /**
245: * Returns the <code>IPermissions</code> owner has granted this <code>Principal</code> for
246: * the specified activity and target. Null parameters will be ignored, that is, all
247: * <code>IPermissions</code> matching the non-null parameters are retrieved. So,
248: * <code>getPermissions(principal,null, null, null)</code> should retrieve all <code>IPermissions</code>
249: * for a <code>Principal</code>. Note that this includes <code>IPermissions</code> inherited
250: * from groups the <code>Principal</code> belongs to.
251: *
252: * @return org.jasig.portal.security.IPermission[]
253: * @param principal IAuthorizationPrincipal
254: * @param owner java.lang.String
255: * @param activity java.lang.String
256: * @param target java.lang.String
257: * @exception AuthorizationException indicates authorization information could not
258: * be retrieved.
259: */
260: public IPermission[] getAllPermissionsForPrincipal(
261: IAuthorizationPrincipal principal, String owner,
262: String activity, String target)
263: throws AuthorizationException {
264: IPermission[] perms = getPermissionsForPrincipal(principal,
265: owner, activity, target);
266: ArrayList<IPermission> al = new ArrayList<IPermission>(Arrays
267: .asList(perms));
268: Iterator i = getInheritedPrincipals(principal);
269: while (i.hasNext()) {
270: IAuthorizationPrincipal p = (IAuthorizationPrincipal) i
271: .next();
272: perms = getPermissionsForPrincipal(p, owner, activity,
273: target);
274: al.addAll(Arrays.asList(perms));
275: }
276:
277: if (log.isTraceEnabled()) {
278: log.trace("query for all permissions for prcinipal=["
279: + principal + "], owner=[" + owner
280: + "], activity=[" + activity + "], target=["
281: + target + "] returned permissions [" + al + "]");
282: }
283:
284: return ((IPermission[]) al.toArray(new IPermission[al.size()]));
285: }
286:
287: /**
288: * Does this mean all channels the principal could conceivably subscribe
289: * to or all channels principal is specifically authorized to subscribe to,
290: * or what?
291: *
292: * @param principal IAuthorizationPrincipal
293: * @return Vector (of channels?)
294: * @exception AuthorizationException indicates authorization information could not
295: */
296: public Vector getAuthorizedChannels(
297: IAuthorizationPrincipal principal)
298: throws AuthorizationException {
299: return new Vector();
300: }
301:
302: /**
303: * Returns <code>IAuthorizationPrincipals</code> that have <code>IPermissions</code> for
304: * the given owner, activity and target.
305: *
306: * @return IAuthorizationPrincipal[]
307: * @param owner
308: * @param activity
309: * @param target
310: */
311: public IAuthorizationPrincipal[] getAuthorizedPrincipals(
312: String owner, String activity, String target)
313: throws AuthorizationException {
314: IPermission[] permissions = getPermissionsForOwner(owner,
315: activity, target);
316: return getPrincipalsFromPermissions(permissions);
317: }
318:
319: /**
320: * @return org.jasig.portal.security.IPermissionPolicy
321: */
322: protected IPermissionPolicy getDefaultPermissionPolicy() {
323: return this .defaultPermissionPolicy;
324: }
325:
326: /**
327: * @return org.jasig.portal.groups.IGroupMember
328: * @param principal org.jasig.portal.security.IAuthorizationPrincipal
329: */
330: public IGroupMember getGroupMember(IAuthorizationPrincipal principal)
331: throws GroupsException {
332: return getGroupMemberForPrincipal(principal);
333: }
334:
335: /**
336: * @return org.jasig.portal.groups.IGroupMember
337: * @param principal org.jasig.portal.security.IAuthorizationPrincipal
338: */
339: private IGroupMember getGroupMemberForPrincipal(
340: IAuthorizationPrincipal principal) throws GroupsException {
341:
342: IGroupMember gm = GroupService.getGroupMember(principal
343: .getKey(), principal.getType());
344:
345: if (log.isDebugEnabled()) {
346: log
347: .debug("AuthorizationImpl.getGroupMemberForPrincipal(): principal ["
348: + principal
349: + "] "
350: + "got group member ["
351: + gm + "]");
352: }
353:
354: return gm;
355: }
356:
357: /**
358: * Hook into the Groups system by converting the <code>IAuthorizationPrincipal</code> to
359: * an <code>IGroupMember</code>. Returns ALL the groups the <code>IGroupMember</code>
360: * (recursively) belongs to.
361: * @param principal - org.jasig.portal.security.IAuthorizationPrincipal
362: * @return java.util.Iterator over Collection of IEntityGroups
363: */
364: private Iterator getGroupsForPrincipal(
365: IAuthorizationPrincipal principal) throws GroupsException {
366: IGroupMember gm = getGroupMemberForPrincipal(principal);
367: return gm.getAllContainingGroups();
368: }
369:
370: /**
371: * Hook into the Groups system, find all containing groups, and convert the
372: * them to <code>IAuthorizationPrincipals</code>.
373: * @param principal - org.jasig.portal.security.IAuthorizationPrincipal
374: * @return java.util.Iterator over Collection of IEntityGroups
375: */
376: private Iterator getInheritedPrincipals(
377: IAuthorizationPrincipal principal)
378: throws AuthorizationException {
379: Iterator i = null;
380: ArrayList<IAuthorizationPrincipal> al = new ArrayList<IAuthorizationPrincipal>(
381: 5);
382:
383: try {
384: i = getGroupsForPrincipal(principal);
385: } catch (GroupsException ge) {
386: throw new AuthorizationException(
387: "Could not retrieve Groups for " + principal, ge);
388: }
389:
390: while (i.hasNext()) {
391: IEntityGroup group = (IEntityGroup) i.next();
392: IAuthorizationPrincipal p = getPrincipalForGroup(group);
393: al.add(p);
394: }
395: return al.iterator();
396: }
397:
398: /**
399: * Returns the <code>IPermissions</code> owner has granted for the specified activity
400: * and target. Null parameters will be ignored, that is, all <code>IPermissions</code>
401: * matching the non-null parameters are retrieved.
402: *
403: * @return org.jasig.portal.security.IPermission[]
404: * @param owner java.lang.String
405: * @param activity java.lang.String
406: * @param target java.lang.String
407: * @exception AuthorizationException indicates authorization information could not
408: * be retrieved.
409: */
410: public IPermission[] getPermissionsForOwner(String owner,
411: String activity, String target)
412: throws AuthorizationException {
413: return primRetrievePermissions(owner, null, activity, target);
414: }
415:
416: /**
417: * Returns the <code>IPermissions</code> owner has granted this <code>Principal</code> for
418: * the specified activity and target. Null parameters will be ignored, that is, all
419: * <code>IPermissions</code> matching the non-null parameters are retrieved. So,
420: * <code>getPermissions(principal,null, null, null)</code> should retrieve all <code>IPermissions</code>
421: * for a <code>Principal</code>.
422: *
423: * @return org.jasig.portal.security.IPermission[]
424: * @param principal IAuthorizationPrincipal
425: * @param owner java.lang.String
426: * @param activity java.lang.String
427: * @param target java.lang.String
428: * @exception AuthorizationException indicates authorization information could not
429: * be retrieved.
430: */
431: public IPermission[] getPermissionsForPrincipal(
432: IAuthorizationPrincipal principal, String owner,
433: String activity, String target)
434: throws AuthorizationException {
435: return primGetPermissionsForPrincipal(principal, owner,
436: activity, target);
437: }
438:
439: /**
440: * @return org.jasig.portal.security.IPermissionStore
441: */
442: private IPermissionStore getPermissionStore() {
443: return this .permissionStore;
444: }
445:
446: /**
447: * Returns <code>IAuthorizationPrincipal</code> associated with the <code>IPermission</code>.
448: *
449: * @return IAuthorizationPrincipal
450: * @param permission IPermission
451: */
452: public IAuthorizationPrincipal getPrincipal(IPermission permission)
453: throws AuthorizationException {
454: String principalString = permission.getPrincipal();
455: int idx = principalString.indexOf(PRINCIPAL_SEPARATOR);
456: Integer typeId = new Integer(principalString.substring(0, idx));
457: Class type = EntityTypes.getEntityType(typeId);
458: String key = principalString.substring(idx + 1);
459: return newPrincipal(key, type);
460: }
461:
462: /**
463: * @param group
464: * @return user org.jasig.portal.security.IAuthorizationPrincipal
465: */
466: private IAuthorizationPrincipal getPrincipalForGroup(
467: IEntityGroup group) {
468: String key = group.getKey();
469: Class type = EntityTypes.GROUP_ENTITY_TYPE;
470: return newPrincipal(key, type);
471: }
472:
473: /**
474: * Returns <code>IAuthorizationPrincipals</code> associated with the <code>IPermission[]</code>.
475: *
476: * @return IAuthorizationPrincipal[]
477: * @param permissions IPermission[]
478: */
479: private IAuthorizationPrincipal[] getPrincipalsFromPermissions(
480: IPermission[] permissions) throws AuthorizationException {
481: Set principals = new HashSet();
482: for (int i = 0; i < permissions.length; i++) {
483: IAuthorizationPrincipal principal = getPrincipal(permissions[i]);
484: principals.add(principal);
485: }
486: return ((IAuthorizationPrincipal[]) principals
487: .toArray(new IAuthorizationPrincipal[principals.size()]));
488: }
489:
490: /**
491: * Returns the String used by an <code>IPermission</code> to represent an
492: * <code>IAuthorizationPrincipal</code>.
493: * @param principal org.jasig.portal.security.IAuthorizationPrincipal
494: */
495: public String getPrincipalString(IAuthorizationPrincipal principal) {
496: return getPrincipalString(principal.getType(), principal
497: .getKey());
498: }
499:
500: private String getPrincipalString(Class pType, String pKey) {
501: Integer type = EntityTypes.getEntityTypeID(pType);
502: return type + PRINCIPAL_SEPARATOR + pKey;
503: }
504:
505: /**
506: * Returns the <code>IPermissions</code> owner has granted this <code>Principal</code> for
507: * the specified activity and target. Null parameters will be ignored, that is, all
508: * <code>IPermissions</code> matching the non-null parameters are retrieved. So,
509: * <code>getPermissions(principal,null, null, null)</code> should retrieve all <code>IPermissions</code>
510: * for a <code>Principal</code>. Ignore any cached <code>IPermissions</code>.
511: *
512: * @return org.jasig.portal.security.IPermission[]
513: * @param principal IAuthorizationPrincipal
514: * @param owner java.lang.String
515: * @param activity java.lang.String
516: * @param target java.lang.String
517: * @exception AuthorizationException indicates authorization information could not
518: * be retrieved.
519: */
520: public IPermission[] getUncachedPermissionsForPrincipal(
521: IAuthorizationPrincipal principal, String owner,
522: String activity, String target)
523: throws AuthorizationException {
524: String pString = getPrincipalString(principal);
525: return primRetrievePermissions(owner, pString, activity, target);
526: }
527:
528: private void initialize() throws IllegalArgumentException {
529: final boolean DEFAULT_CACHE_PERMISSIONS = false;
530:
531: String factoryName = PropertiesManager
532: .getProperty(
533: "org.jasig.portal.security.IPermissionStore.implementation",
534: null);
535: String policyName = PropertiesManager
536: .getProperty(
537: "org.jasig.portal.security.IPermissionPolicy.defaultImplementation",
538: null);
539: this .cachePermissions = PropertiesManager
540: .getPropertyAsBoolean(
541: "org.jasig.portal.security.IAuthorizationService.cachePermissions",
542: DEFAULT_CACHE_PERMISSIONS);
543:
544: if (factoryName == null) {
545: final String eMsg = "AuthorizationImpl.initialize(): No entry for org.jasig.portal.security.IPermissionStore.implementation portal.properties.";
546: log.error(eMsg);
547: throw new IllegalArgumentException(eMsg);
548: }
549:
550: if (policyName == null) {
551: final String eMsg = "AuthorizationImpl.initialize(): No entry for org.jasig.portal.security.IPermissionPolicy.defaultImplementation portal.properties.";
552: log.error(eMsg);
553: throw new IllegalArgumentException(eMsg);
554: }
555:
556: try {
557: this .permissionStore = (IPermissionStore) Class.forName(
558: factoryName).newInstance();
559: } catch (Exception e) {
560: final String eMsg = "AuthorizationImpl.initialize(): Problem creating permission store... ";
561: log.error(eMsg, e);
562: throw new IllegalArgumentException(eMsg);
563: }
564:
565: try {
566: this .defaultPermissionPolicy = (IPermissionPolicy) Class
567: .forName(policyName).newInstance();
568: } catch (Exception e) {
569: final String eMsg = "AuthorizationImpl.initialize(): Problem creating default permission policy... ";
570: log.error(eMsg, e);
571: throw new IllegalArgumentException(eMsg);
572: }
573:
574: try {
575: this .PERMISSION_SET_TYPE = Class
576: .forName("org.jasig.portal.security.IPermissionSet");
577: } catch (ClassNotFoundException cnfe) {
578: final String eMsg = "AuthorizationImpl.initialize(): Problem initializing service. ";
579: log.error(eMsg, cnfe);
580: throw new IllegalArgumentException(eMsg);
581: }
582: }
583:
584: /**
585: * Factory method for an <code>IPermission</code>.
586: * @param owner String
587: * @return org.jasig.portal.security.Permission
588: */
589: public IPermission newPermission(String owner) {
590: return newPermission(owner, null);
591: }
592:
593: /**
594: * Factory method for an <code>IPermission</code>.
595: * @param owner String
596: * @param principal IAuthorizationPrincipal
597: * @return org.jasig.portal.security.IPermission
598: */
599: public IPermission newPermission(String owner,
600: IAuthorizationPrincipal principal) {
601: IPermission p = getPermissionStore().newInstance(owner);
602: if (principal != null) {
603: String pString = getPrincipalString(principal);
604: p.setPrincipal(pString);
605: }
606: return p;
607: }
608:
609: /**
610: * Factory method for IPermissionManager.
611: * @return org.jasig.portal.security.IPermissionManager
612: * @param owner java.lang.String
613: */
614: public IPermissionManager newPermissionManager(String owner) {
615: return new PermissionManagerImpl(owner, this );
616: }
617:
618: /**
619: * Factory method for IAuthorizationPrincipal. First check the principal
620: * cache, and if not present, create the principal and cache it.
621: *
622: * @return org.jasig.portal.security.IAuthorizationPrincipal
623: * @param key java.lang.String
624: * @param type java.lang.Class
625: */
626: public IAuthorizationPrincipal newPrincipal(String key, Class type) {
627: final String principalKey = getPrincipalString(type, key);
628:
629: IAuthorizationPrincipal principal = null;
630:
631: synchronized (this .principalCache) {
632: if (this .principalCache.containsKey(principalKey)) {
633: principal = (IAuthorizationPrincipal) this .principalCache
634: .get(principalKey);
635: } else {
636: principal = primNewPrincipal(key, type);
637: this .principalCache.put(principalKey, principal);
638: }
639: }
640:
641: return principal;
642: }
643:
644: /**
645: * Converts an <code>IGroupMember</code> into an <code>IAuthorizationPrincipal</code>.
646: * @return org.jasig.portal.security.IAuthorizationPrincipal
647: * @param groupMember org.jasig.portal.groups.IGroupMember
648: */
649: public IAuthorizationPrincipal newPrincipal(IGroupMember groupMember)
650: throws GroupsException {
651: String key = groupMember.getKey();
652: Class type = groupMember.getType();
653:
654: if (log.isDebugEnabled())
655: log.debug("AuthorizationImpl.newPrincipal(): for " + type
656: + "(" + key + ")");
657:
658: return newPrincipal(key, type);
659: }
660:
661: private IAuthorizationPrincipal primNewPrincipal(String key,
662: Class type) {
663: return new AuthorizationPrincipalImpl(key, type, this );
664: }
665:
666: /**
667: * Factory method for IUpdatingPermissionManager.
668: * @return org.jasig.portal.security.IUpdatingPermissionManager
669: * @param owner java.lang.String
670: */
671: public IUpdatingPermissionManager newUpdatingPermissionManager(
672: String owner) {
673: return new UpdatingPermissionManagerImpl(owner, this );
674: }
675:
676: /**
677: * Returns permissions for a principal. First check the entity caching
678: * service, and if the permissions have not been cached, retrieve and
679: * cache them.
680: * @return IPermission[]
681: * @param principal org.jasig.portal.security.IAuthorizationPrincipal
682: */
683: private IPermission[] primGetPermissionsForPrincipal(
684: IAuthorizationPrincipal principal)
685: throws AuthorizationException {
686: if (!this .cachePermissions) {
687: return getUncachedPermissionsForPrincipal(principal, null,
688: null, null);
689: }
690:
691: IPermissionSet ps = null;
692: // Check the caching service for the Permissions first.
693: ps = cacheGet(principal);
694:
695: if (ps == null)
696: synchronized (principal) {
697: ps = cacheGet(principal);
698: if (ps == null) {
699: IPermission[] permissions = getUncachedPermissionsForPrincipal(
700: principal, null, null, null);
701: ps = new PermissionSetImpl(permissions, principal);
702: cacheAdd(ps);
703: }
704: } // end synchronized
705: return ps.getPermissions();
706: }
707:
708: /**
709: * @return IPermission[]
710: * @param principal org.jasig.portal.security.IAuthorizationPrincipal
711: * @param owner String
712: * @param activity String
713: * @param target String
714: */
715: private IPermission[] primGetPermissionsForPrincipal(
716: IAuthorizationPrincipal principal, String owner,
717: String activity, String target)
718: throws AuthorizationException {
719:
720: IPermission[] perms = primGetPermissionsForPrincipal(principal);
721: if (owner == null && activity == null && target == null) {
722: return perms;
723: }
724:
725: List<IPermission> al = new ArrayList<IPermission>(perms.length);
726:
727: for (int i = 0; i < perms.length; i++) {
728: if ((owner == null || owner.equals(perms[i].getOwner()))
729: && (activity == null || activity.equals(perms[i]
730: .getActivity()))
731: && (target == null || target.equals(perms[i]
732: .getTarget()))) {
733: al.add(perms[i]);
734: }
735: }
736:
737: if (log.isTraceEnabled()) {
738: log
739: .trace("AuthorizationImpl.primGetPermissionsForPrincipal(): "
740: + "Principal: "
741: + principal
742: + " owner: "
743: + owner
744: + " activity: "
745: + activity
746: + " target: "
747: + target
748: + " : permissions retrieved: " + al);
749: } else if (log.isDebugEnabled()) {
750: log
751: .debug("AuthorizationImpl.primGetPermissionsForPrincipal(): "
752: + "Principal: "
753: + principal
754: + " owner: "
755: + owner
756: + " activity: "
757: + activity
758: + " target: "
759: + target
760: + " : number of permissions retrieved: "
761: + al.size());
762: }
763:
764: return ((IPermission[]) al.toArray(new IPermission[al.size()]));
765:
766: }
767:
768: /**
769: * @return IPermission[]
770: * @param owner String
771: * @param principal String
772: * @param activity String
773: * @param target String
774: */
775: private IPermission[] primRetrievePermissions(String owner,
776: String principal, String activity, String target)
777: throws AuthorizationException {
778: return getPermissionStore().select(owner, principal, activity,
779: target, null);
780: }
781:
782: /**
783: * Removes <code>IPermissions</code> for the <code>IAuthorizationPrincipals</code> from
784: * the cache.
785: * @param principals IAuthorizationPrincipal[]
786: */
787: private void removeFromPermissionsCache(
788: IAuthorizationPrincipal[] principals)
789: throws AuthorizationException {
790: for (int i = 0; i < principals.length; i++) {
791: cacheRemove(principals[i]);
792: }
793: }
794:
795: /**
796: * Removes <code>IPermissions</code> from the cache.
797: * @param permissions IPermission[]
798: */
799: private void removeFromPermissionsCache(IPermission[] permissions)
800: throws AuthorizationException {
801: IAuthorizationPrincipal[] principals = getPrincipalsFromPermissions(permissions);
802: removeFromPermissionsCache(principals);
803: }
804:
805: /**
806: * Removes <code>IPermissions</code> from the back end store.
807: * @param permissions IPermission[]
808: * @exception AuthorizationException
809: */
810: public void removePermissions(IPermission[] permissions)
811: throws AuthorizationException {
812: if (permissions.length > 0) {
813: getPermissionStore().delete(permissions);
814: if (this .cachePermissions) {
815: removeFromPermissionsCache(permissions);
816: }
817: }
818: }
819:
820: /**
821: * @param newDefaultPermissionPolicy org.jasig.portal.security.IPermissionPolicy
822: */
823: protected void setDefaultPermissionPolicy(
824: IPermissionPolicy newDefaultPermissionPolicy) {
825: this .defaultPermissionPolicy = newDefaultPermissionPolicy;
826: }
827:
828: /**
829: * @return org.jasig.portal.security.provider.IAuthorizationService
830: */
831: public static IAuthorizationService singleton() {
832: return singleton;
833: }
834:
835: /**
836: * Updates <code>IPermissions</code> in the back end store.
837: * @param permissions IPermission[]
838: * @exception AuthorizationException
839: */
840: public void updatePermissions(IPermission[] permissions)
841: throws AuthorizationException {
842: if (permissions.length > 0) {
843: getPermissionStore().update(permissions);
844: if (this.cachePermissions) {
845: removeFromPermissionsCache(permissions);
846: }
847: }
848: }
849: }
|