001: /*
002: * $Id: SecurityFactory.java,v 1.3 2003/08/19 20:54:12 jonesde Exp $
003: *
004: * Copyright (c) 2001, 2002 The Open For Business Project - www.ofbiz.org
005: *
006: * Permission is hereby granted, free of charge, to any person obtaining a
007: * copy of this software and associated documentation files (the "Software"),
008: * to deal in the Software without restriction, including without limitation
009: * the rights to use, copy, modify, merge, publish, distribute, sublicense,
010: * and/or sell copies of the Software, and to permit persons to whom the
011: * Software is furnished to do so, subject to the following conditions:
012: *
013: * The above copyright notice and this permission notice shall be included
014: * in all copies or substantial portions of the Software.
015: *
016: * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
017: * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
018: * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
019: * IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
020: * CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT
021: * OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR
022: * THE USE OR OTHER DEALINGS IN THE SOFTWARE.
023: *
024: */
025: package org.ofbiz.security;
026:
027: import org.ofbiz.base.config.GenericConfigException;
028: import org.ofbiz.base.config.SecurityConfigUtil;
029: import org.ofbiz.base.util.Debug;
030: import org.ofbiz.base.util.UtilProperties;
031: import org.ofbiz.base.util.UtilValidate;
032: import org.ofbiz.entity.GenericDelegator;
033: import org.w3c.dom.Element;
034:
035: /**
036: * <code>SecurityFactory</code>
037: *
038: * This Factory class returns an instance of a security implementation.
039: *
040: * Setting the security implementation className is done in security.xml.
041: * If no customiz security name is given, the default implementation will be used (OFBizSecurity)
042: *
043: * @author <a href="mailto:hermanns@aixcept.de">Rainer Hermanns</a>
044: * @author <a href="mailto:jaz@ofbiz.org">Andy Zeneski</a>
045: * @version $Revision: 1.3 $
046: * @since 2.0
047: */
048: public class SecurityFactory {
049:
050: public static final String module = SecurityFactory.class.getName();
051: public static final String DEFAULT_SECURITY = "org.ofbiz.security.OFBizSecurity";
052:
053: private static String securityName = null;
054: private static Element rootElement = null;
055: private static SecurityConfigUtil.SecurityInfo securityInfo = null;
056:
057: /**
058: * Returns an instance of a Security implementation as defined in the security.xml by defined name
059: * in security.properties.
060: *
061: * @param delegator the generic delegator
062: * @return instance of security implementation (default: OFBizSecurity)
063: */
064: public static Security getInstance(GenericDelegator delegator)
065: throws SecurityConfigurationException {
066: Security security = null;
067:
068: // Make securityName a singleton
069: if (securityName == null) {
070: String _securityName = UtilProperties.getPropertyValue(
071: "security.properties", "security.context");
072: securityName = _securityName;
073: }
074:
075: if (Debug.verboseOn())
076: Debug
077: .logVerbose(
078: "[SecurityFactory.getInstance] Security implementation context name from security.properties: "
079: + securityName, module);
080:
081: synchronized (SecurityFactory.class) {
082: try {
083: ClassLoader loader = Thread.currentThread()
084: .getContextClassLoader();
085: Class c = loader
086: .loadClass(getSecurityClass(securityName));
087: security = (Security) c.newInstance();
088: security.setDelegator(delegator);
089: } catch (ClassNotFoundException cnf) {
090: throw new SecurityConfigurationException(
091: "Cannot load security implementation class",
092: cnf);
093: } catch (InstantiationException ie) {
094: throw new SecurityConfigurationException(
095: "Cannot get instance of the security implementation",
096: ie);
097: } catch (IllegalAccessException iae) {
098: throw new SecurityConfigurationException(iae
099: .getMessage(), iae);
100: }
101: }
102:
103: if (Debug.verboseOn())
104: Debug
105: .logVerbose(
106: "[SecurityFactory.getInstance] Security implementation successfully loaded!!!",
107: module);
108:
109: return security;
110: }
111:
112: /**
113: * Returns the class name of a custom Security implementation.
114: * The default class name (org.ofbiz.security.OFBizSecurity) may be overridden by a customized implementation
115: * class name in security.xml.
116: *
117: * @param securityName the security context name to be looked up
118: * @return className the class name of the security implementatin
119: * @throws SecurityConfigurationException
120: */
121: private static String getSecurityClass(String securityName)
122: throws SecurityConfigurationException {
123: String className = null;
124:
125: if (Debug.verboseOn())
126: Debug.logVerbose(
127: "[SecurityFactory.getSecurityClass] Security implementation context name: "
128: + securityName, module);
129:
130: // Only load rootElement again, if not yet loaded (singleton)
131: if (rootElement == null) {
132: try {
133: SecurityConfigUtil.getXmlDocument();
134: Element _rootElement = SecurityConfigUtil
135: .getXmlRootElement();
136:
137: rootElement = _rootElement;
138: } catch (GenericConfigException e) {
139: Debug
140: .logError(
141: e,
142: "Error getting Security Config XML root element",
143: module);
144: return null;
145: }
146: }
147:
148: if (securityInfo == null) {
149: SecurityConfigUtil.SecurityInfo _securityInfo = SecurityConfigUtil
150: .getSecurityInfo(securityName);
151:
152: // Make sure, that the security conetxt name is defined and present
153: if (_securityInfo == null) {
154: throw new SecurityConfigurationException(
155: "ERROR: no security definition was found with the name "
156: + securityName + " in security.xml");
157: }
158: securityInfo = _securityInfo;
159: }
160:
161: // This is the default implementation and uses org.ofbiz.security.OFBizSecurity
162: if (UtilValidate.isEmpty(securityInfo.className)) {
163: className = DEFAULT_SECURITY;
164: } else {
165: // Use a customized security
166: className = securityInfo.className;
167: }
168:
169: if (Debug.verboseOn())
170: Debug.logVerbose(
171: "[SecurityFactory.getSecurity] Security implementation "
172: + className + " for security name "
173: + securityName + " successfully loaded!!!",
174: module);
175: return className;
176: }
177: }
|