001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: *
017: */
018:
019: package org.apache.lenya.cms.ac;
020:
021: import java.util.ArrayList;
022: import java.util.Arrays;
023: import java.util.Enumeration;
024: import java.util.List;
025:
026: import org.apache.avalon.framework.logger.Logger;
027: import org.apache.avalon.framework.service.ServiceException;
028: import org.apache.avalon.framework.service.ServiceManager;
029: import org.apache.avalon.framework.service.ServiceSelector;
030: import org.apache.cocoon.environment.Request;
031: import org.apache.lenya.ac.AccessControlException;
032: import org.apache.lenya.ac.AccessController;
033: import org.apache.lenya.ac.AccessControllerResolver;
034: import org.apache.lenya.ac.AccreditableManager;
035: import org.apache.lenya.ac.Identity;
036: import org.apache.lenya.ac.PolicyManager;
037: import org.apache.lenya.ac.Role;
038: import org.apache.lenya.ac.User;
039: import org.apache.lenya.ac.UserManager;
040:
041: /**
042: * Policy utility class.
043: */
044: public final class PolicyUtil {
045:
046: /**
047: * Fetches the stored roles from the request.
048: * @param request The request.
049: * @return A role array.
050: * @throws AccessControlException If the request does not contain the roles
051: * list.
052: */
053: public static final Role[] getRoles(Request request)
054: throws AccessControlException {
055: List roleList = (List) request.getAttribute(Role.class
056: .getName());
057:
058: if (roleList == null) {
059: StringBuffer buf = new StringBuffer();
060: buf.append(" URI: [" + request.getRequestURI() + "]\n");
061: for (Enumeration e = request.getParameterNames(); e
062: .hasMoreElements();) {
063: String key = (String) e.nextElement();
064: buf.append(" Parameter: [" + key + "] = ["
065: + request.getParameter(key) + "]\n");
066: }
067:
068: throw new AccessControlException("Request [" + request
069: + "] does not contain roles: \n" + buf.toString());
070: }
071:
072: Role[] roles = (Role[]) roleList.toArray(new Role[roleList
073: .size()]);
074: return roles;
075: }
076:
077: /**
078: * @param manager The service manager.
079: * @param webappUrl The web application URL.
080: * @param userId The user ID.
081: * @param logger The logger.
082: * @return A user.
083: * @throws AccessControlException if an error occurs.
084: */
085: public static final User getUser(ServiceManager manager,
086: String webappUrl, String userId, Logger logger)
087: throws AccessControlException {
088: ServiceSelector selector = null;
089: AccessControllerResolver resolver = null;
090: AccessController controller = null;
091: try {
092: selector = (ServiceSelector) manager
093: .lookup(AccessControllerResolver.ROLE + "Selector");
094: resolver = (AccessControllerResolver) selector
095: .select(AccessControllerResolver.DEFAULT_RESOLVER);
096: controller = resolver.resolveAccessController(webappUrl);
097:
098: AccreditableManager accreditableManager = controller
099: .getAccreditableManager();
100: UserManager userManager = accreditableManager
101: .getUserManager();
102:
103: return userManager.getUser(userId);
104: } catch (ServiceException e) {
105: throw new AccessControlException(e);
106: } finally {
107: if (selector != null) {
108: if (resolver != null) {
109: if (controller != null) {
110: resolver.release(controller);
111: }
112: selector.release(resolver);
113: }
114: manager.release(selector);
115: }
116: }
117:
118: }
119:
120: /**
121: * @param manager The service manager.
122: * @param webappUrl The web application URL.
123: * @param role The ID of the role.
124: * @param logger The logger to use.
125: * @return All users which have the role on this URL.
126: * @throws AccessControlException if an error occurs.
127: */
128: public static final User[] getUsersWithRole(ServiceManager manager,
129: String webappUrl, String role, Logger logger)
130: throws AccessControlException {
131: ServiceSelector selector = null;
132: AccessControllerResolver resolver = null;
133: AccessController controller = null;
134: try {
135: selector = (ServiceSelector) manager
136: .lookup(AccessControllerResolver.ROLE + "Selector");
137: resolver = (AccessControllerResolver) selector
138: .select(AccessControllerResolver.DEFAULT_RESOLVER);
139: controller = resolver.resolveAccessController(webappUrl);
140:
141: AccreditableManager accreditableManager = controller
142: .getAccreditableManager();
143: UserManager userManager = accreditableManager
144: .getUserManager();
145: User[] users = userManager.getUsers();
146: List usersWithRole = new ArrayList();
147: PolicyManager policyManager = controller.getPolicyManager();
148:
149: Role roleObject = accreditableManager.getRoleManager()
150: .getRole(role);
151:
152: for (int i = 0; i < users.length; i++) {
153: Identity identity = new Identity(logger);
154: identity.addIdentifiable(users[i]);
155: Role[] roles = policyManager.getGrantedRoles(
156: accreditableManager, identity, webappUrl);
157: if (Arrays.asList(roles).contains(roleObject)) {
158: usersWithRole.add(users[i]);
159: }
160: }
161:
162: return (User[]) usersWithRole
163: .toArray(new User[usersWithRole.size()]);
164: } catch (ServiceException e) {
165: throw new AccessControlException(e);
166: } finally {
167: if (selector != null) {
168: if (resolver != null) {
169: if (controller != null) {
170: resolver.release(controller);
171: }
172: selector.release(resolver);
173: }
174: manager.release(selector);
175: }
176: }
177: }
178:
179: }
|