001: /*
002: * ====================================================================
003: * JAFFA - Java Application Framework For All
004: *
005: * Copyright (C) 2002 JAFFA Development Group
006: *
007: * This library is free software; you can redistribute it and/or
008: * modify it under the terms of the GNU Lesser General Public
009: * License as published by the Free Software Foundation; either
010: * version 2.1 of the License, or (at your option) any later version.
011: *
012: * This library is distributed in the hope that it will be useful,
013: * but WITHOUT ANY WARRANTY; without even the implied warranty of
014: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015: * Lesser General Public License for more details.
016: *
017: * You should have received a copy of the GNU Lesser General Public
018: * License along with this library; if not, write to the Free Software
019: * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
020: *
021: * Redistribution and use of this software and associated documentation ("Software"),
022: * with or without modification, are permitted provided that the following conditions are met:
023: * 1. Redistributions of source code must retain copyright statements and notices.
024: * Redistributions must also contain a copy of this document.
025: * 2. Redistributions in binary form must reproduce the above copyright notice,
026: * this list of conditions and the following disclaimer in the documentation
027: * and/or other materials provided with the distribution.
028: * 3. The name "JAFFA" must not be used to endorse or promote products derived from
029: * this Software without prior written permission. For written permission,
030: * please contact mail to: jaffagroup@yahoo.com.
031: * 4. Products derived from this Software may not be called "JAFFA" nor may "JAFFA"
032: * appear in their names without prior written permission.
033: * 5. Due credit should be given to the JAFFA Project (http://jaffa.sourceforge.net).
034: *
035: * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
036: * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
037: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
038: * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
039: * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
040: * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
041: * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
042: * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
043: * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
044: * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
045: * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
046: * SUCH DAMAGE.
047: * ====================================================================
048: */
049:
050: /* Generated by Together */
051:
052: package org.jaffa.security;
053:
054: import java.util.HashMap;
055: import java.util.List;
056: import java.util.Iterator;
057: import java.util.ArrayList;
058: import org.apache.log4j.Logger;
059: import org.jaffa.presentation.portlet.component.ComponentManager;
060: import java.util.Map;
061: import java.util.Set;
062: import java.io.Writer;
063: import java.io.PrintWriter;
064:
065: /** This class in the main interface to the secuity policy.
066: * Its pupose its to allow the Security Manager to request specific
067: * information about the policy. It uses the PolicyCache to delegate
068: * the reading of the ploicy file via the domain objects
069: *
070: * @author paule
071: * @version 1.0
072: */
073: class PolicyManager {
074:
075: /** Set up Logging for Log4J */
076: private static Logger log = Logger.getLogger(PolicyManager.class);
077:
078: /** Stores the function index, don't access this directly, use the
079: * getFunctionRoleIndex() method, which will build this if not initialized
080: * Each entry in the hashmap is a list of strings.
081: * @associates List
082: */
083: private static HashMap m_functionRoleIndex = null;
084:
085: /** Stores the component index, don't access this directly, use the
086: * getComponentRoleIndex() method, which will build this if not initialized
087: * Each entry in the hashmap is a list of strings.
088: * @associates ArrayList
089: */
090: private static HashMap m_componentRoleIndex = null;
091:
092: /** This stores a mapping of what roles have what functions, it is the basis of
093: * building the function and component role indexes. It is read directly from the
094: * roles.xml file
095: */
096: private static HashMap m_roleMap = null;
097:
098: /** Get the list of Role names that have access to the specified business function
099: * @param functionName The function name to get the roles for
100: * @return Returns an array of Strings, each entry is a role name. If no roles have access to the function a null will be returned
101: */
102: public static String[] getRolesForFunction(String functionName) {
103: // message #1.1 to this:org.jaffa.security.PolicyManager
104: HashMap index = getFunctionRoleIndex();
105: if (index == null)
106: return null;
107:
108: // Convert the extracted list to an array
109: List l = (List) index.get(functionName);
110: if (l == null)
111: return null;
112: else
113: return (String[]) l.toArray(new String[] {});
114: }
115:
116: /** Get the list of Role names that have access to the specified component
117: * @param componentName The component name to get the roles for
118: * @return Returns an array of Strings, each entry is a role name.
119: * If no roles have access to the component an empty array (new String[] {}) will be returned,
120: * If all roles have access to the component 'null' will be returned
121: */
122: public static String[] getRolesForComponent(String componentName) {
123: HashMap index = getComponentRoleIndex();
124: if (index == null)
125: return null;
126:
127: // Convert the extracted list to an array
128: List l = (List) index.get(componentName);
129: if (l == null)
130: return null;
131: else
132: return (String[]) l.toArray(new String[] {});
133: }
134:
135: /** Get the list of roles defined for the application */
136: public static Set getRoleSet() {
137: // Get the role mappings
138: if (m_roleMap == null)
139: m_roleMap = PolicyCache.getRoleMap();
140: if (m_roleMap == null) {
141: log.warn("The policy file loaded contains no entries!!");
142: return null;
143: } else
144: return m_roleMap.keySet();
145: }
146:
147: /** Return the function role index HashMap, if it has not been initialized
148: * yet, then initialize it!
149: * @return Return the function role index HashMap
150: *
151: */
152: private static HashMap getFunctionRoleIndex() {
153: if (m_functionRoleIndex == null) {
154: // message #1.1.1.1 to this:org.jaffa.security.PolicyManager
155: buildFunctionRoleIndex();
156: if (m_functionRoleIndex == null) {
157: log
158: .warn("No Security Funtion-to-Role index created! All Security Checks Will Fail. Check the 'Roles' Policy file!");
159: }
160: }
161: return m_functionRoleIndex;
162: }
163:
164: /** Return the component role index HashMap, if it has not been initialized
165: * yet, then initialize it!
166: * @return Return the component role index HashMap
167: *
168: */
169: private static HashMap getComponentRoleIndex() {
170: if (m_componentRoleIndex == null) {
171: // message #1.1.1.1 to this:org.jaffa.security.PolicyManager
172: buildComponentRoleIndex();
173: }
174: return m_componentRoleIndex;
175: }
176:
177: /** Clear the cached policy. Will be reloaded on the next access.
178: */
179: public static void clearCache() {
180: m_componentRoleIndex = null;
181: m_functionRoleIndex = null;
182: m_roleMap = null;
183: }
184:
185: /** Builds the FunctionRoleIndex based on information aquired from the PolicyCache object.
186: * This supplies the information as a list of roles with function access. The build process
187: * transposes this mapping.
188: */
189: private static void buildFunctionRoleIndex() {
190: // Initial create the new index
191: m_functionRoleIndex = new HashMap();
192:
193: // Get the role mappings
194: if (m_roleMap == null)
195: m_roleMap = PolicyCache.getRoleMap();
196: if (m_roleMap == null) {
197: log.warn("The policy file loaded contains no entries!!");
198: return;
199: }
200: // Loop through the role list and build the function list
201: for (Iterator it = m_roleMap.keySet().iterator(); it.hasNext();) {
202: String role = (String) it.next();
203: List funcs = (List) m_roleMap.get(role);
204: // Loop throu the functions for the role...
205: for (Iterator it2 = funcs.iterator(); it2.hasNext();) {
206: String func = (String) it2.next();
207:
208: // Get the function list for this function
209: List idxFunc = (List) m_functionRoleIndex.get(func);
210: if (idxFunc == null) {
211: // New function, create a list and entry for it...
212: idxFunc = new ArrayList();
213: m_functionRoleIndex.put(func, idxFunc);
214: }
215: // Add the role to this function list if not already there
216: // the uniquess check should be removed if uniqueness is inforced in
217: // the XML Policy file!.. For now, assume it is not
218: if (!idxFunc.contains(role))
219: idxFunc.add(role);
220: }
221: }
222: }
223:
224: /** Builds the ComponentRoleIndex based on information aquired from the PolicyCache object.
225: */
226: private static void buildComponentRoleIndex() {
227: // Get the component requirements, each entry in the list is a
228: // component and its 'required' functions. The value is of type String[]
229: // If there is no entry in here for a component, it has not security
230: // requirements and hence full access is allowed. If there is an entry
231: // its value is null or an empty array, then NO roles have access to the Component
232: Map compList = ComponentManager.getComponentRequirements();
233:
234: // For each component, loop through each role and see if it has access to the
235: // set of business function, if so store the role as having access to this component.
236: m_componentRoleIndex = new HashMap();
237:
238: // Get the role mappings
239: if (m_roleMap == null)
240: m_roleMap = PolicyCache.getRoleMap();
241: if (m_roleMap == null) {
242: log.warn("The policy file loaded contains no entries!!");
243: return;
244: }
245:
246: // Loop through all the components that have required functions for access
247: for (Iterator it = compList.keySet().iterator(); it.hasNext();) {
248: String comp = (String) it.next();
249: String[] funcs = (String[]) compList.get(comp);
250: ArrayList allowedRoles = new ArrayList();
251: // Now check each role for access
252: for (Iterator it2 = m_roleMap.keySet().iterator(); it2
253: .hasNext();) {
254: String role = (String) it2.next();
255: List roleList = (List) m_roleMap.get(role);
256: // Now make sure that all functions in funcs() are available in roleList
257: boolean failed = false;
258: for (int i = 0; (i < funcs.length) && !failed; i++)
259: failed = !roleList.contains(funcs[i]);
260: // If this role has the requirements for this component, save it!
261: if (!failed)
262: allowedRoles.add(role);
263: }
264:
265: // Now add this to the master list for this component
266: m_componentRoleIndex.put(comp, allowedRoles);
267: }
268: }
269:
270: /** Utility function that dumps out the information loaded about the current policy.
271: * This writes the output to System.out
272: */
273: static void printPolicy() {
274: printPolicy(new PrintWriter(System.out, true));
275: }
276:
277: /** Utility function that dumps out the information loaded about the current policy.
278: * This writes the output to the specified writer
279: */
280: static void printPolicy(PrintWriter out) {
281: HashMap m = getFunctionRoleIndex();
282: if (m == null || m.size() == 0) {
283: out.println("No Policy Configured");
284: return;
285: }
286:
287: for (Iterator i = m.keySet().iterator(); i.hasNext();) {
288: String func = (String) i.next();
289: out.print("Business Function '" + func
290: + "' can be accessed by ");
291: List l = (List) m.get(func);
292: if (l == null || l.size() == 0)
293: out.println("Nobody!");
294: else {
295: boolean first = true;
296: for (Iterator i2 = l.iterator(); i2.hasNext();) {
297: String role = (String) i2.next();
298: if (!first)
299: out.print(", ");
300: first = false;
301: out.print(role);
302: }
303: out.println(".");
304: }
305: }
306: }
307: }
|