You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lenya.apache.org by so...@apache.org on 2007/09/11 23:39:44 UTC
svn commit: r574702 [2/6] - in /lenya/branches/revolution/1.3.x: ./ lib/
src/java/org/apache/lenya/ac/ src/java/org/apache/lenya/ac/file/
src/java/org/apache/lenya/ac/impl/ src/java/org/apache/lenya/cms/ac/
src/java/org/apache/lenya/cms/ac/cocoon/ src/...
Modified: lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/AbstractGroup.java
URL: http://svn.apache.org/viewvc/lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/AbstractGroup.java?rev=574702&r1=574701&r2=574702&view=diff
==============================================================================
--- lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/AbstractGroup.java (original)
+++ lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/AbstractGroup.java Tue Sep 11 14:39:37 2007
@@ -14,20 +14,16 @@
* limitations under the License.
*
*/
-
/* $Id$ */
-
package org.apache.lenya.ac.impl;
import java.util.HashSet;
import java.util.Set;
-
import org.apache.lenya.ac.AccessControlException;
import org.apache.lenya.ac.Accreditable;
import org.apache.lenya.ac.Group;
import org.apache.lenya.ac.Groupable;
-
/**
* A group is a set of {@link Groupable}s.
*/
@@ -37,64 +33,65 @@
*/
public AbstractGroup() {
}
-
/**
* Creates a new group.
- * @param id The group ID.
+ *
+ * @param id
+ * The group ID.
*/
public AbstractGroup(String id) {
setId(id);
}
-
private Set members = new HashSet();
-
/**
* Returns the members of this group.
+ *
* @return An array of {@link Groupable}s.
*/
public Groupable[] getMembers() {
return (Groupable[]) members.toArray(new Groupable[members.size()]);
}
-
/**
- * Adds a member to this group.
- * @param member The member to add.
+ * Adds a member to this group.
+ *
+ * @param member
+ * The member to add.
*/
public void add(Groupable member) {
- assert (member != null) && !members.contains(member);
+ // assert (member != null) && !members.contains(member);
members.add(member);
member.addedToGroup(this);
}
-
/**
* Removes a member from this group.
- * @param member The member to remove.
+ *
+ * @param member
+ * The member to remove.
*/
public void remove(Groupable member) {
- assert (member != null) && members.contains(member);
+ // assert (member != null) && members.contains(member);
members.remove(member);
member.removedFromGroup(this);
}
-
/**
* Removes all members from this group.
*/
public void removeAllMembers() {
Groupable[] members = getMembers();
for (int i = 0; i < members.length; i++) {
- remove(members[i]);
+ remove(members[i]);
}
}
-
/**
* Returns if this group contains this member.
- * @param member The member to check.
+ *
+ * @param member
+ * The member to check.
* @return A boolean value.
*/
public boolean contains(Groupable member) {
return members.contains(member);
}
-
/**
* @see org.apache.lenya.ac.Accreditable#getAccreditables()
*/
@@ -102,11 +99,11 @@
Accreditable[] accreditables = { this };
return accreditables;
}
-
/**
* Delete a group
- *
- * @throws AccessControlException if the delete failed
+ *
+ * @throws AccessControlException
+ * if the delete failed
*/
public void delete() throws AccessControlException {
Groupable[] members = getMembers();
@@ -114,5 +111,4 @@
remove(members[i]);
}
}
-
}
Modified: lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/AbstractGroupable.java
URL: http://svn.apache.org/viewvc/lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/AbstractGroupable.java?rev=574702&r1=574701&r2=574702&view=diff
==============================================================================
--- lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/AbstractGroupable.java (original)
+++ lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/AbstractGroupable.java Tue Sep 11 14:39:37 2007
@@ -14,75 +14,64 @@
* limitations under the License.
*
*/
-
package org.apache.lenya.ac.impl;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
-
import org.apache.lenya.ac.Accreditable;
import org.apache.lenya.ac.Group;
import org.apache.lenya.ac.Groupable;
/**
* Abstract implementation for group members.
+ *
* @version $Id$
*/
public abstract class AbstractGroupable extends AbstractItem implements Groupable, Accreditable {
private Set groups = new HashSet();
-
/**
* @see org.apache.lenya.ac.Groupable#addedToGroup(org.apache.lenya.ac.Group)
*/
public void addedToGroup(Group group) {
- assert group != null;
- assert group.contains(this);
+ // assert group != null;
+ // assert group.contains(this);
groups.add(group);
}
-
/**
* @see org.apache.lenya.ac.Groupable#removedFromGroup(org.apache.lenya.ac.Group)
*/
public void removedFromGroup(Group group) {
- assert group != null;
- assert !group.contains(this);
+ // assert group != null;
+ // assert !group.contains(this);
groups.remove(group);
}
-
/**
* @see org.apache.lenya.ac.Groupable#getGroups()
*/
public Group[] getGroups() {
return (Group[]) groups.toArray(new Group[groups.size()]);
}
-
/**
* Removes this groupable from all its groups.
*/
public void removeFromAllGroups() {
Group[] groups = getGroups();
-
for (int i = 0; i < groups.length; i++) {
groups[i].remove(this);
}
}
-
/**
* @see org.apache.lenya.ac.Accreditable#getAccreditables()
*/
public Accreditable[] getAccreditables() {
Set accreditables = new HashSet();
accreditables.add(this);
-
Group[] groups = getGroups();
-
for (int i = 0; i < groups.length; i++) {
Accreditable[] groupAccreditables = groups[i].getAccreditables();
accreditables.addAll(Arrays.asList(groupAccreditables));
}
-
return (Accreditable[]) accreditables.toArray(new Accreditable[accreditables.size()]);
}
-
}
Modified: lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/AbstractItem.java
URL: http://svn.apache.org/viewvc/lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/AbstractItem.java?rev=574702&r1=574701&r2=574702&view=diff
==============================================================================
--- lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/AbstractItem.java (original)
+++ lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/AbstractItem.java Tue Sep 11 14:39:37 2007
@@ -14,7 +14,6 @@
* limitations under the License.
*
*/
-
package org.apache.lenya.ac.impl;
import org.apache.lenya.ac.Item;
@@ -22,62 +21,60 @@
/**
* Abstract superclass for all access control objects that can be managed by an
* {@link org.apache.lenya.ac.ItemManager}. It is only used for code reuse.
+ *
* @version $Id$
*/
public abstract class AbstractItem implements Item {
-
private String id;
private String description = "";
private String name = "";
-
/**
* Ctor.
*/
public AbstractItem() {
}
-
/**
* Sets the ID.
- * @param string The ID.
+ *
+ * @param string
+ * The ID.
*/
protected void setId(String string) {
- assert isValidId(string);
+ // /// isValidId(string);
id = string;
}
-
/**
* Returns the ID.
+ *
* @return The ID.
*/
public String getId() {
return id;
}
-
/**
* Returns the description of this object.
+ *
* @return A string.
*/
public String getDescription() {
return description;
}
-
/**
* Sets the description of this object.
- * @param description A string.
+ *
+ * @param description
+ * A string.
*/
public void setDescription(String description) {
- assert description != null;
+ // assert description != null;
this.description = description;
}
-
/**
* @see java.lang.Object#toString()
*/
public String toString() {
return getId();
-
}
-
/**
* Returns the name of this object.
*
@@ -86,45 +83,41 @@
public String getName() {
return name;
}
-
/**
* Set the full name
*
- * @param name the new full name
+ * @param name
+ * the new full name
*/
public void setName(String name) {
- assert name != null;
+ // assert name != null;
this.name = name;
}
-
/**
* Checks if a string is a valid ID.
- * @param id The string to test.
+ *
+ * @param id
+ * The string to test.
* @return A boolean value.
*/
public static boolean isValidId(String id) {
return id != null && id.matches("\\w+");
}
-
/**
* @see java.lang.Object#equals(Object)
*/
public boolean equals(Object otherObject) {
boolean equals = false;
-
if (getClass().isInstance(otherObject)) {
AbstractItem otherManageable = (AbstractItem) otherObject;
equals = getId().equals(otherManageable.getId());
}
-
return equals;
}
-
/**
* @see java.lang.Object#hashCode()
*/
public int hashCode() {
return getId().hashCode();
}
-
}
Modified: lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/AbstractRole.java
URL: http://svn.apache.org/viewvc/lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/AbstractRole.java?rev=574702&r1=574701&r2=574702&view=diff
==============================================================================
--- lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/AbstractRole.java (original)
+++ lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/AbstractRole.java Tue Sep 11 14:39:37 2007
@@ -14,14 +14,11 @@
* limitations under the License.
*
*/
-
/* $Id$ */
-
package org.apache.lenya.ac.impl;
import org.apache.lenya.ac.Role;
-
/**
* A Role embodies the privilege to do certain things.
*/
@@ -31,14 +28,14 @@
*/
public AbstractRole() {
}
-
/**
* Creates a new instance of Role.
- * @param name The role name.
+ *
+ * @param name
+ * The role name.
*/
public AbstractRole(String name) {
- assert name != null;
+ // assert name != null;
setName(name);
}
-
}
Modified: lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/BypassableAccessController.java
URL: http://svn.apache.org/viewvc/lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/BypassableAccessController.java?rev=574702&r1=574701&r2=574702&view=diff
==============================================================================
--- lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/BypassableAccessController.java (original)
+++ lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/BypassableAccessController.java Tue Sep 11 14:39:37 2007
@@ -14,14 +14,11 @@
* limitations under the License.
*
*/
-
/* $Id$ */
-
package org.apache.lenya.ac.impl;
import java.util.ArrayList;
import java.util.List;
-
import org.apache.avalon.framework.configuration.Configuration;
import org.apache.avalon.framework.configuration.ConfigurationException;
import org.apache.cocoon.environment.Request;
@@ -36,108 +33,92 @@
* AccessController that can be bypassed for certain URL patterns.
*/
public class BypassableAccessController extends DefaultAccessController {
-
/**
* Ctor.
*/
public BypassableAccessController() {
}
-
private List publicMatchers = new ArrayList();
-
/**
* @see org.apache.avalon.framework.configuration.Configurable#configure(org.apache.avalon.framework.configuration.Configuration)
*/
public void configure(Configuration conf) throws ConfigurationException {
super.configure(conf);
-
getLogger().debug("Configuring bypass patterns");
-
Configuration[] publics = conf.getChildren("public");
-
for (int i = 0; i < publics.length; i++) {
String publicHref = publics[i].getValue(null);
-
try {
publicMatchers.add(preparePattern(publicHref));
} catch (PatternException pe) {
throw new ConfigurationException("invalid pattern for public hrefs", pe);
}
-
if (getLogger().isDebugEnabled()) {
getLogger().debug("CONFIGURATION: public: " + publicHref);
}
}
-
}
-
/**
* Compile the pattern in a <code>org.apache.regexp.REProgram</code>.
- * @param pattern The pattern to compile.
+ *
+ * @param pattern
+ * The pattern to compile.
* @return A RE program representing the pattern.
- * @throws PatternException when something went wrong.
+ * @throws PatternException
+ * when something went wrong.
*/
- protected REProgram preparePattern(String pattern)
- throws PatternException {
+ protected REProgram preparePattern(String pattern) throws PatternException {
if (pattern == null) {
throw new PatternException("null passed as a pattern", null);
}
-
if (pattern.length() == 0) {
pattern = "^$";
-
if (getLogger().isWarnEnabled()) {
- getLogger().warn("The empty pattern string was rewritten to '^$'" +
- " to match for empty strings. If you intended" +
- " to match all strings, please change your" + " pattern to '.*'");
+ getLogger().warn("The empty pattern string was rewritten to '^$'" + " to match for empty strings. If you intended" + " to match all strings, please change your" + " pattern to '.*'");
}
}
-
try {
RECompiler compiler = new RECompiler();
REProgram program = compiler.compile(pattern);
-
return program;
} catch (RESyntaxException rse) {
getLogger().debug("Failed to compile the pattern '" + pattern + "'", rse);
throw new PatternException(rse.getMessage(), rse);
}
}
-
/**
* Matches a string using a prepared pattern program.
- * @param preparedPattern The pattern program.
- * @param match The string to match.
- * @return <code>true</code> if the string matched the pattern, <code>false</code> otherwise.
+ *
+ * @param preparedPattern
+ * The pattern program.
+ * @param match
+ * The string to match.
+ * @return <code>true</code> if the string matched the pattern,
+ * <code>false</code> otherwise.
*/
protected boolean preparedMatch(REProgram preparedPattern, String match) {
boolean result = false;
-
if (match != null) {
RE re = new RE(preparedPattern);
result = re.match(match);
}
return result;
}
-
/**
* @see org.apache.lenya.ac.AccessController#authorize(org.apache.cocoon.environment.Request)
*/
- public boolean authorize(Request request)
- throws AccessControlException {
-
- assert request != null;
-
+ public boolean authorize(Request request) throws AccessControlException {
+ // assert request != null;
boolean authorized = false;
-
String uri = request.getRequestURI();
String context = request.getContextPath();
if (context == null) {
context = "";
}
uri = uri.substring(context.length());
-
- // Check public uris from configuration above. Should only be used during development before the implementation of a concrete authorizer.
+ // Check public uris from configuration above. Should only be used
+ // during development before the implementation of a concrete
+ // authorizer.
int i = 0;
while (!authorized && i < publicMatchers.size()) {
getLogger().debug("Trying pattern: [" + publicMatchers.get(i) + "] with URL [" + uri + "]");
@@ -149,12 +130,9 @@
}
i++;
}
-
if (!authorized) {
authorized = super.authorize(request);
}
-
return authorized;
}
-
}
Modified: lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/ComposableAccessControllerResolver.java
URL: http://svn.apache.org/viewvc/lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/ComposableAccessControllerResolver.java?rev=574702&r1=574701&r2=574702&view=diff
==============================================================================
--- lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/ComposableAccessControllerResolver.java (original)
+++ lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/ComposableAccessControllerResolver.java Tue Sep 11 14:39:37 2007
@@ -14,12 +14,10 @@
* limitations under the License.
*
*/
-
package org.apache.lenya.ac.impl;
import java.util.HashMap;
import java.util.Map;
-
import org.apache.avalon.framework.activity.Disposable;
import org.apache.avalon.framework.configuration.Configurable;
import org.apache.avalon.framework.configuration.Configuration;
@@ -31,89 +29,76 @@
import org.apache.lenya.ac.AccessControllerResolver;
/**
- * Access controller resolver composed of other access controller resolvers.
- * The member resolvers are called one after the other to resolve the access controllers.
+ * Access controller resolver composed of other access controller resolvers. The
+ * member resolvers are called one after the other to resolve the access
+ * controllers.
*
- * @version $Id$
+ * @version $Id: ComposableAccessControllerResolver.java 413285 2006-06-10
+ * 11:10:23Z thorsten $
*/
-public class ComposableAccessControllerResolver
- extends AbstractAccessControllerResolver
- implements Configurable, Disposable {
-
+public class ComposableAccessControllerResolver extends AbstractAccessControllerResolver implements Configurable, Disposable {
/**
* @see org.apache.lenya.ac.impl.AbstractAccessControllerResolver#doResolveAccessController(java.lang.String)
*/
public AccessController doResolveAccessController(String url) throws AccessControlException {
-
AccessController controller = null;
-
try {
-
if (selector == null) {
- selector =
- (ServiceSelector) getManager().lookup(AccessControllerResolver.ROLE + "Selector");
+ selector = (ServiceSelector) getManager().lookup(AccessControllerResolver.ROLE + "Selector");
}
-
String[] types = getResolverTypes();
int i = 0;
while (controller == null && i < types.length) {
-
getLogger().debug("Trying to resolve AC resolver for type [" + types[i] + "]");
- AccessControllerResolver resolver =
- (AccessControllerResolver) selector.select(types[i]);
+ AccessControllerResolver resolver = (AccessControllerResolver) selector.select(types[i]);
controller = resolver.resolveAccessController(url);
setResolver(controller, resolver);
getLogger().debug("Resolved access controller [" + controller + "]");
i++;
}
-
} catch (ServiceException e) {
throw new AccessControlException(e);
}
-
return controller;
}
-
private Map controllerToResolver = new HashMap();
-
/**
* @see org.apache.lenya.ac.AccessControllerResolver#release(org.apache.lenya.ac.AccessController)
*/
public void release(AccessController controller) {
- assert controller != null;
+ // assert controller != null;
AccessControllerResolver resolver = getResolver(controller);
resolver.release(controller);
selector.release(resolver);
}
-
/**
* Returns the access controller resolver that was used to resolve a
* specific access controller.
- * @param controller The access controller.
+ *
+ * @param controller
+ * The access controller.
* @return An AC resolver.
*/
protected AccessControllerResolver getResolver(AccessController controller) {
- AccessControllerResolver resolver =
- (AccessControllerResolver) controllerToResolver.get(controller);
+ AccessControllerResolver resolver = (AccessControllerResolver) controllerToResolver.get(controller);
return resolver;
}
-
/**
- * Sets the access controller resolver that was used to resolve a
- * specific access controller.
- * @param controller The access controller.
- * @param resolver An AC resolver.
+ * Sets the access controller resolver that was used to resolve a specific
+ * access controller.
+ *
+ * @param controller
+ * The access controller.
+ * @param resolver
+ * An AC resolver.
*/
protected void setResolver(AccessController controller, AccessControllerResolver resolver) {
controllerToResolver.put(controller, resolver);
}
-
protected static final String RESOLVER_ELEMENT = "resolver";
protected static final String TYPE_ATTRIBUTE = "type";
-
private String[] resolverTypes;
private ServiceSelector selector;
-
/**
* @see org.apache.avalon.framework.configuration.Configurable#configure(org.apache.avalon.framework.configuration.Configuration)
*/
@@ -124,15 +109,14 @@
resolverTypes[i] = accessControllerConfigs[i].getAttribute(TYPE_ATTRIBUTE);
}
}
-
/**
* Returns the access controller types.
+ *
* @return A string array.
*/
protected String[] getResolverTypes() {
return resolverTypes;
}
-
/**
* @see org.apache.avalon.framework.activity.Disposable#dispose()
*/
@@ -141,5 +125,4 @@
getManager().release(selector);
}
}
-
}
Modified: lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/Credential.java
URL: http://svn.apache.org/viewvc/lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/Credential.java?rev=574702&r1=574701&r2=574702&view=diff
==============================================================================
--- lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/Credential.java (original)
+++ lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/Credential.java Tue Sep 11 14:39:37 2007
@@ -14,101 +14,99 @@
* limitations under the License.
*
*/
-
/* $Id$ */
-
package org.apache.lenya.ac.impl;
-
import java.util.HashSet;
import java.util.Set;
-
import org.apache.lenya.ac.Accreditable;
import org.apache.lenya.ac.Role;
-
/**
* A credential assigns a set of {@link Role}s to an {@link Accreditable}.
*/
public class Credential {
private Accreditable accreditable;
private Set roles = new HashSet();
-
/**
* Creates a new credential object.
- * @param accreditable The accreditable.
+ *
+ * @param accreditable
+ * The accreditable.
*/
public Credential(Accreditable accreditable) {
setAccreditable(accreditable);
}
-
/**
* Sets the accreditable for this credential.
- * @param accreditable The accreditable.
+ *
+ * @param accreditable
+ * The accreditable.
*/
protected void setAccreditable(Accreditable accreditable) {
- assert accreditable != null;
+ // assert accreditable != null;
this.accreditable = accreditable;
}
-
/**
* Returns all roles of this credential.
- *
+ *
* @return An array of roles.
*/
public Role[] getRoles() {
return (Role[]) roles.toArray(new Role[roles.size()]);
}
-
/**
* Adds a role to this credential.
- * @param role The role to add.
+ *
+ * @param role
+ * The role to add.
*/
public void addRole(Role role) {
- assert role != null;
- assert !roles.contains(role);
+ // assert role != null;
+ // assert !roles.contains(role);
roles.add(role);
}
-
/**
* Removes a role from this credential.
- * @param role The role to remove.
+ *
+ * @param role
+ * The role to remove.
*/
public void removeRole(Role role) {
- assert role != null;
- assert roles.contains(role);
+ // assert role != null;
+ // assert roles.contains(role);
roles.remove(role);
}
-
/**
* Returns the accreditable of this credential.
+ *
* @return An accreditable.
*/
public Accreditable getAccreditable() {
return accreditable;
}
-
/**
* @see java.lang.Object#toString()
*/
public String toString() {
return "[credential of: " + getAccreditable() + "]";
}
-
/**
* Returns if a role is contained.
- * @param role A role.
+ *
+ * @param role
+ * A role.
* @return A boolean value.
*/
public boolean contains(Role role) {
return roles.contains(role);
}
-
/**
* Returns if the credential is empty (contains no roles).
+ *
* @return A boolean value.
*/
public boolean isEmpty() {
- return roles.isEmpty();
+ return roles.isEmpty();
}
}
Modified: lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/DefaultAccessController.java
URL: http://svn.apache.org/viewvc/lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/DefaultAccessController.java?rev=574702&r1=574701&r2=574702&view=diff
==============================================================================
--- lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/DefaultAccessController.java (original)
+++ lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/DefaultAccessController.java Tue Sep 11 14:39:37 2007
@@ -14,15 +14,14 @@
* the License.
*
*/
-
package org.apache.lenya.ac.impl;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
-import java.util.regex.*;
-
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
import org.apache.avalon.framework.activity.Disposable;
import org.apache.avalon.framework.component.Component;
import org.apache.avalon.framework.configuration.Configurable;
@@ -53,16 +52,15 @@
/**
* Default access controller implementation.
- * @version $Id$
+ *
+ * @version $Id: DefaultAccessController.java 413285 2006-06-10 11:10:23Z
+ * thorsten $
*/
-public class DefaultAccessController extends AbstractLogEnabled implements AccessController,
- Configurable, Serviceable, Disposable, ItemManagerListener {
-
+public class DefaultAccessController extends AbstractLogEnabled implements AccessController, Configurable, Serviceable, Disposable, ItemManagerListener {
protected static final String AUTHORIZER_ELEMENT = "authorizer";
protected static final String TYPE_ATTRIBUTE = "type";
protected static final String ACCREDITABLE_MANAGER_ELEMENT = "accreditable-manager";
protected static final String POLICY_MANAGER_ELEMENT = "policy-manager";
-
private static final String REGEX = "([0-9]{1,3}\\.){3}[0-9]{1,3}";
private ServiceSelector accreditableManagerSelector;
private AccreditableManager accreditableManager;
@@ -72,73 +70,54 @@
private ServiceSelector policyManagerSelector;
private PolicyManager policyManager;
private Authenticator authenticator;
-
/**
* @see org.apache.lenya.ac.AccessController#authenticate(org.apache.cocoon.environment.Request)
*/
public boolean authenticate(Request request) throws AccessControlException {
-
- assert request != null;
+ // assert request /// null;
boolean authenticated = getAuthenticator().authenticate(getAccreditableManager(), request);
-
return authenticated;
}
-
/**
* @see org.apache.lenya.ac.AccessController#authorize(org.apache.cocoon.environment.Request)
*/
public boolean authorize(Request request) throws AccessControlException {
-
- assert request != null;
-
+ // assert request != null;
boolean authorized = false;
-
getLogger().debug("=========================================================");
getLogger().debug("Beginning authorization.");
-
if (hasAuthorizers()) {
Authorizer[] authorizers = getAuthorizers();
int i = 0;
authorized = true;
-
while ((i < authorizers.length) && authorized) {
-
if (getLogger().isDebugEnabled()) {
getLogger().debug("---------------------------------------------------------");
getLogger().debug("Invoking authorizer [" + authorizers[i] + "]");
}
-
if (authorizers[i] instanceof PolicyAuthorizer) {
PolicyAuthorizer authorizer = (PolicyAuthorizer) authorizers[i];
authorizer.setAccreditableManager(accreditableManager);
authorizer.setPolicyManager(policyManager);
}
-
authorized = authorized && authorizers[i].authorize(request);
-
if (getLogger().isDebugEnabled()) {
- getLogger().debug(
- "Authorizer [" + authorizers[i] + "] returned [" + authorized + "]");
+ getLogger().debug("Authorizer [" + authorizers[i] + "] returned [" + authorized + "]");
}
-
i++;
}
}
-
if (getLogger().isDebugEnabled()) {
getLogger().debug("=========================================================");
getLogger().debug("Authorization complete, result: [" + authorized + "]");
getLogger().debug("=========================================================");
}
-
return authorized;
}
-
/**
* @see org.apache.avalon.framework.configuration.Configurable#configure(org.apache.avalon.framework.configuration.Configuration)
*/
public void configure(Configuration conf) throws ConfigurationException {
-
try {
setupAccreditableManager(conf);
setupAuthorizers(conf);
@@ -150,17 +129,20 @@
throw new ConfigurationException("Configuration failed: ", e);
}
}
-
/**
* Configures or parameterizes a component, depending on the implementation
* as Configurable or Parameterizable.
- * @param component The component.
- * @param configuration The configuration to use.
- * @throws ConfigurationException when an error occurs during configuration.
- * @throws ParameterException when an error occurs during parameterization.
+ *
+ * @param component
+ * The component.
+ * @param configuration
+ * The configuration to use.
+ * @throws ConfigurationException
+ * when an error occurs during configuration.
+ * @throws ParameterException
+ * when an error occurs during parameterization.
*/
- public static void configureOrParameterize(Component component, Configuration configuration)
- throws ConfigurationException, ParameterException {
+ public static void configureOrParameterize(Component component, Configuration configuration) throws ConfigurationException, ParameterException {
if (component instanceof Configurable) {
((Configurable) component).configure(configuration);
}
@@ -169,56 +151,52 @@
((Parameterizable) component).parameterize(parameters);
}
}
-
/**
* Creates the accreditable manager.
*
- * @param configuration The access controller configuration.
- * @throws ConfigurationException when the configuration failed.
- * @throws ServiceException when something went wrong.
- * @throws ParameterException when something went wrong.
+ * @param configuration
+ * The access controller configuration.
+ * @throws ConfigurationException
+ * when the configuration failed.
+ * @throws ServiceException
+ * when something went wrong.
+ * @throws ParameterException
+ * when something went wrong.
*/
- protected void setupAccreditableManager(Configuration configuration)
- throws ConfigurationException, ServiceException, ParameterException {
-
- Configuration accreditableManagerConfiguration = configuration.getChild(
- ACCREDITABLE_MANAGER_ELEMENT, false);
+ protected void setupAccreditableManager(Configuration configuration) throws ConfigurationException, ServiceException, ParameterException {
+ Configuration accreditableManagerConfiguration = configuration.getChild(ACCREDITABLE_MANAGER_ELEMENT, false);
if (accreditableManagerConfiguration != null) {
- String accreditableManagerType = accreditableManagerConfiguration
- .getAttribute(TYPE_ATTRIBUTE);
+ String accreditableManagerType = accreditableManagerConfiguration.getAttribute(TYPE_ATTRIBUTE);
if (getLogger().isDebugEnabled()) {
getLogger().debug("AccreditableManager type: [" + accreditableManagerType + "]");
}
-
- accreditableManagerSelector = (ServiceSelector) manager.lookup(AccreditableManager.ROLE
- + "Selector");
- accreditableManager = (AccreditableManager) accreditableManagerSelector
- .select(accreditableManagerType);
+ accreditableManagerSelector = (ServiceSelector) manager.lookup(AccreditableManager.ROLE + "Selector");
+ accreditableManager = (AccreditableManager) accreditableManagerSelector.select(accreditableManagerType);
accreditableManager.addItemManagerListener(this);
configureOrParameterize(accreditableManager, accreditableManagerConfiguration);
}
}
-
/**
* Creates the authorizers.
*
- * @param configuration The access controller configuration.
- * @throws ConfigurationException when the configuration failed.
- * @throws ServiceException when something went wrong.
- * @throws ParameterException when something went wrong.
+ * @param configuration
+ * The access controller configuration.
+ * @throws ConfigurationException
+ * when the configuration failed.
+ * @throws ServiceException
+ * when something went wrong.
+ * @throws ParameterException
+ * when something went wrong.
*/
- protected void setupAuthorizers(Configuration configuration) throws ServiceException,
- ConfigurationException, ParameterException {
+ protected void setupAuthorizers(Configuration configuration) throws ServiceException, ConfigurationException, ParameterException {
Configuration[] authorizerConfigurations = configuration.getChildren(AUTHORIZER_ELEMENT);
if (authorizerConfigurations.length > 0) {
authorizerSelector = (ServiceSelector) manager.lookup(Authorizer.ROLE + "Selector");
-
for (int i = 0; i < authorizerConfigurations.length; i++) {
String type = authorizerConfigurations[i].getAttribute(TYPE_ATTRIBUTE);
if (getLogger().isDebugEnabled()) {
getLogger().debug("Adding authorizer [" + type + "]");
}
-
Authorizer authorizer = (Authorizer) authorizerSelector.select(type);
authorizerKeys.add(type);
authorizers.put(type, authorizer);
@@ -226,52 +204,51 @@
}
}
}
-
/**
* Creates the policy manager.
*
- * @param configuration The access controller configuration.
- * @throws ConfigurationException when the configuration failed.
- * @throws ServiceException when something went wrong.
- * @throws ParameterException when something went wrong.
- */
- protected void setupPolicyManager(Configuration configuration) throws ServiceException,
- ConfigurationException, ParameterException {
- Configuration policyManagerConfiguration = configuration.getChild(POLICY_MANAGER_ELEMENT,
- false);
+ * @param configuration
+ * The access controller configuration.
+ * @throws ConfigurationException
+ * when the configuration failed.
+ * @throws ServiceException
+ * when something went wrong.
+ * @throws ParameterException
+ * when something went wrong.
+ */
+ protected void setupPolicyManager(Configuration configuration) throws ServiceException, ConfigurationException, ParameterException {
+ Configuration policyManagerConfiguration = configuration.getChild(POLICY_MANAGER_ELEMENT, false);
if (policyManagerConfiguration != null) {
String policyManagerType = policyManagerConfiguration.getAttribute(TYPE_ATTRIBUTE);
if (getLogger().isDebugEnabled()) {
getLogger().debug("Adding policy manager type: [" + policyManagerType + "]");
}
- policyManagerSelector = (ServiceSelector) manager.lookup(PolicyManager.ROLE
- + "Selector");
+ policyManagerSelector = (ServiceSelector) manager.lookup(PolicyManager.ROLE + "Selector");
policyManager = (PolicyManager) policyManagerSelector.select(policyManagerType);
configureOrParameterize(policyManager, policyManagerConfiguration);
}
}
-
/**
* Sets up the authenticator.
*
- * @throws ServiceException when something went wrong.
+ * @throws ServiceException
+ * when something went wrong.
*/
protected void setupAuthenticator() throws ServiceException {
authenticator = (Authenticator) manager.lookup(Authenticator.ROLE);
}
-
private ServiceManager manager;
-
/**
* Set the global component manager.
*
- * @param manager The global component manager
- * @throws ServiceException when something went wrong.
+ * @param manager
+ * The global component manager
+ * @throws ServiceException
+ * when something went wrong.
*/
public void service(ServiceManager manager) throws ServiceException {
this.manager = manager;
}
-
/**
* Returns the service manager.
*
@@ -280,23 +257,19 @@
protected ServiceManager getManager() {
return manager;
}
-
/**
* Returns the authorizers of this action.
*
* @return An array of authorizers.
*/
public Authorizer[] getAuthorizers() {
-
Authorizer[] authorizerArray = new Authorizer[authorizers.size()];
for (int i = 0; i < authorizers.size(); i++) {
String key = (String) authorizerKeys.get(i);
authorizerArray[i] = (Authorizer) authorizers.get(key);
}
-
return authorizerArray;
}
-
/**
* Returns if this action has authorizers.
*
@@ -305,12 +278,10 @@
protected boolean hasAuthorizers() {
return !authorizers.isEmpty();
}
-
/**
* @see org.apache.avalon.framework.activity.Disposable#dispose()
*/
public void dispose() {
-
if (accreditableManagerSelector != null) {
if (accreditableManager != null) {
accreditableManager.removeItemManagerListener(this);
@@ -318,14 +289,12 @@
}
getManager().release(accreditableManagerSelector);
}
-
if (policyManagerSelector != null) {
if (policyManager != null) {
policyManagerSelector.release(policyManager);
}
getManager().release(policyManagerSelector);
}
-
if (authorizerSelector != null) {
Authorizer[] authorizers = getAuthorizers();
for (int i = 0; i < authorizers.length; i++) {
@@ -333,16 +302,13 @@
}
getManager().release(authorizerSelector);
}
-
if (authenticator != null) {
getManager().release(authenticator);
}
-
if (getLogger().isDebugEnabled()) {
getLogger().debug("Disposing [" + this + "]");
}
}
-
/**
* Returns the accreditable manager.
*
@@ -351,7 +317,6 @@
public AccreditableManager getAccreditableManager() {
return accreditableManager;
}
-
/**
* Returns the policy manager.
*
@@ -360,7 +325,6 @@
public PolicyManager getPolicyManager() {
return policyManager;
}
-
/**
* Returns the authenticator.
*
@@ -369,18 +333,18 @@
public Authenticator getAuthenticator() {
return authenticator;
}
-
/**
* Checks if this identity was initialized by this access controller.
*
- * @param identity An identity.
+ * @param identity
+ * An identity.
* @return A boolean value.
- * @throws AccessControlException when something went wrong.
+ * @throws AccessControlException
+ * when something went wrong.
*/
public boolean ownsIdenity(Identity identity) throws AccessControlException {
return identity.belongsTo(getAccreditableManager());
}
-
/**
* @see org.apache.lenya.ac.AccessController#setupIdentity(org.apache.cocoon.environment.Request)
*/
@@ -390,18 +354,14 @@
Identity identity = new Identity();
String remoteAddress = request.getRemoteAddr();
String clientAddress = request.getHeader("x-forwarded-for");
-
if (clientAddress != null) {
Pattern p = Pattern.compile(REGEX);
Matcher m = p.matcher(clientAddress);
-
if (m.find()) {
remoteAddress = m.group();
}
}
-
getLogger().info("Remote Address to use: [" + remoteAddress + "]");
-
Machine machine = new Machine(remoteAddress);
IPRange[] ranges = accreditableManager.getIPRangeManager().getIPRanges();
for (int i = 0; i < ranges.length; i++) {
@@ -409,19 +369,19 @@
machine.addIPRange(ranges[i]);
}
}
-
identity.addIdentifiable(machine);
session.setAttribute(Identity.class.getName(), identity);
}
}
-
/**
* Checks if the session contains an identity that is not null and belongs
* to the used access controller.
*
- * @param session The current session.
+ * @param session
+ * The current session.
* @return A boolean value.
- * @throws AccessControlException when something went wrong.
+ * @throws AccessControlException
+ * when something went wrong.
*/
protected boolean hasValidIdentity(Session session) throws AccessControlException {
boolean valid = true;
@@ -431,7 +391,6 @@
}
return valid;
}
-
/**
* @see org.apache.lenya.ac.ItemManagerListener#itemAdded(org.apache.lenya.ac.Item)
*/
@@ -444,7 +403,6 @@
getPolicyManager().accreditableAdded(getAccreditableManager(), (Accreditable) item);
}
}
-
/**
* @see org.apache.lenya.ac.ItemManagerListener#itemRemoved(org.apache.lenya.ac.Item)
*/
@@ -455,5 +413,4 @@
}
getPolicyManager().accreditableRemoved(getAccreditableManager(), (Accreditable) item);
}
-
}
Modified: lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/DefaultPolicy.java
URL: http://svn.apache.org/viewvc/lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/DefaultPolicy.java?rev=574702&r1=574701&r2=574702&view=diff
==============================================================================
--- lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/DefaultPolicy.java (original)
+++ lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/DefaultPolicy.java Tue Sep 11 14:39:37 2007
@@ -14,9 +14,7 @@
* limitations under the License.
*
*/
-
/* $Id$ */
-
package org.apache.lenya.ac.impl;
import java.util.Arrays;
@@ -25,7 +23,6 @@
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
-
import org.apache.lenya.ac.AccessControlException;
import org.apache.lenya.ac.Accreditable;
import org.apache.lenya.ac.Identity;
@@ -36,32 +33,32 @@
* A DefaultPolicy is the own policy of a certain URL (not merged).
*/
public class DefaultPolicy implements Policy {
-
private Map accreditableToCredential = new HashMap();
-
/**
- * Adds a credential to this policy.
- *
- * @param credential A credential.
- */
+ * Adds a credential to this policy.
+ *
+ * @param credential
+ * A credential.
+ */
public void addCredential(Credential credential) {
- assert credential != null;
- assert !accreditableToCredential.containsKey(credential.getAccreditable());
+ // assert credential != null;
+ // assert
+ // !accreditableToCredential.containsKey(credential.getAccreditable());
accreditableToCredential.put(credential.getAccreditable(), credential);
}
-
/**
- * Adds a role to this policy for a certain accreditable and a certain role. If a credenital
- * exists for the accreditable, the role is added to this credential. Otherwise, a new
- * credential is created.
- *
- * @param accreditable An accreditable.
- * @param role A role.
- */
+ * Adds a role to this policy for a certain accreditable and a certain role.
+ * If a credenital exists for the accreditable, the role is added to this
+ * credential. Otherwise, a new credential is created.
+ *
+ * @param accreditable
+ * An accreditable.
+ * @param role
+ * A role.
+ */
public void addRole(Accreditable accreditable, Role role) {
- assert accreditable != null;
- assert role != null;
-
+ // assert accreditable != null;
+ // assert role != null;
Credential credential = getCredential(accreditable);
if (credential == null) {
credential = new Credential(accreditable);
@@ -71,133 +68,117 @@
credential.addRole(role);
}
}
-
/**
- * Removes a role from this policy for a certain accreditable and a certain role.
- *
- * @param accreditable An accreditable.
- * @param role A role.
- * @throws AccessControlException if the accreditable-role pair is not contained.
- */
+ * Removes a role from this policy for a certain accreditable and a certain
+ * role.
+ *
+ * @param accreditable
+ * An accreditable.
+ * @param role
+ * A role.
+ * @throws AccessControlException
+ * if the accreditable-role pair is not contained.
+ */
public void removeRole(Accreditable accreditable, Role role) throws AccessControlException {
- assert accreditable != null;
- assert role != null;
+ // assert accreditable != null;
+ // assert role != null;
Credential credential = getCredential(accreditable);
if (credential == null) {
- throw new AccessControlException(
- "No credential for accreditable ["
- + accreditable
- + "] ["
- + accreditableToCredential.keySet().size()
- + "]");
+ throw new AccessControlException("No credential for accreditable [" + accreditable + "] [" + accreditableToCredential.keySet().size() + "]");
}
if (!credential.contains(role)) {
- throw new AccessControlException(
- "Credential for accreditable ["
- + accreditable
- + "] does not contain role ["
- + role
- + "]");
+ throw new AccessControlException("Credential for accreditable [" + accreditable + "] does not contain role [" + role + "]");
}
credential.removeRole(role);
-
if (credential.isEmpty()) {
removeCredential(credential);
}
}
-
/**
- * Returns the credentials of this policy.
- *
- * @return An array of credentials.
- */
+ * Returns the credentials of this policy.
+ *
+ * @return An array of credentials.
+ */
public Credential[] getCredentials() {
Collection values = accreditableToCredential.values();
return (Credential[]) values.toArray(new Credential[values.size()]);
}
-
/**
- * @see org.apache.lenya.ac.Policy#getRoles(org.apache.lenya.ac.Identity)
- */
+ * @see org.apache.lenya.ac.Policy#getRoles(org.apache.lenya.ac.Identity)
+ */
public Role[] getRoles(Identity identity) {
Accreditable[] accreditables = identity.getAccreditables();
Credential[] credentials = getCredentials();
-
Set roles = new HashSet();
-
for (int credIndex = 0; credIndex < credentials.length; credIndex++) {
for (int accrIndex = 0; accrIndex < accreditables.length; accrIndex++) {
Credential credential = credentials[credIndex];
Accreditable accreditable = accreditables[accrIndex];
-
if (credential.getAccreditable().equals(accreditable)) {
roles.addAll(Arrays.asList(credential.getRoles()));
}
}
}
-
return (Role[]) roles.toArray(new Role[roles.size()]);
}
-
/**
- * Returns the credential for a certain accreditable.
- *
- * @param accreditable An accreditable.
- * @return A credential.
- */
+ * Returns the credential for a certain accreditable.
+ *
+ * @param accreditable
+ * An accreditable.
+ * @return A credential.
+ */
public Credential getCredential(Accreditable accreditable) {
return (Credential) accreditableToCredential.get(accreditable);
}
-
private boolean isSSL;
-
/**
- * @see org.apache.lenya.ac.Policy#isSSLProtected()
- */
+ * @see org.apache.lenya.ac.Policy#isSSLProtected()
+ */
public boolean isSSLProtected() throws AccessControlException {
return isSSL;
}
-
/**
- * Sets if this policy requires SSL protection.
- *
- * @param ssl A boolean value.
- */
+ * Sets if this policy requires SSL protection.
+ *
+ * @param ssl
+ * A boolean value.
+ */
public void setSSL(boolean ssl) {
this.isSSL = ssl;
}
-
/**
- * @see org.apache.lenya.ac.Policy#isEmpty()
- */
+ * @see org.apache.lenya.ac.Policy#isEmpty()
+ */
public boolean isEmpty() throws AccessControlException {
return getCredentials().length == 0;
}
-
/**
- * Removes a credential.
- *
- * @param credential The credential to remove.
- * @throws AccessControlException If the credential does not exist.
- */
+ * Removes a credential.
+ *
+ * @param credential
+ * The credential to remove.
+ * @throws AccessControlException
+ * If the credential does not exist.
+ */
protected void removeCredential(Credential credential) throws AccessControlException {
if (!accreditableToCredential.containsValue(credential)) {
throw new AccessControlException("Credential [" + credential + "] does not exist!");
}
accreditableToCredential.remove(credential.getAccreditable());
}
-
/**
- * Removes all roles for a certain accreditable.
- *
- * @param accreditable The accreditable to remove all roles for.
- * @throws AccessControlException If no credential exists for this accreditable.
- */
+ * Removes all roles for a certain accreditable.
+ *
+ * @param accreditable
+ * The accreditable to remove all roles for.
+ * @throws AccessControlException
+ * If no credential exists for this accreditable.
+ */
public void removeRoles(Accreditable accreditable) throws AccessControlException {
if (accreditableToCredential.containsKey(accreditable)) {
Credential credential = getCredential(accreditable);
removeCredential(credential);
}
}
-
}
Modified: lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/PolicyAuthorizer.java
URL: http://svn.apache.org/viewvc/lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/PolicyAuthorizer.java?rev=574702&r1=574701&r2=574702&view=diff
==============================================================================
--- lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/PolicyAuthorizer.java (original)
+++ lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/PolicyAuthorizer.java Tue Sep 11 14:39:37 2007
@@ -14,13 +14,11 @@
* limitations under the License.
*
*/
-
package org.apache.lenya.ac.impl;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.List;
-
import org.apache.avalon.framework.logger.AbstractLogEnabled;
import org.apache.cocoon.environment.Request;
import org.apache.cocoon.environment.Session;
@@ -34,117 +32,103 @@
/**
* Policy-based authorizer.
+ *
* @version $Id$
*/
public class PolicyAuthorizer extends AbstractLogEnabled implements Authorizer {
-
/**
* Returns the accreditable manager.
+ *
* @return An accreditable manager.
*/
public AccreditableManager getAccreditableManager() {
return accreditableManager;
}
-
/**
* Returns the policy manager.
+ *
* @return A policy manager.
*/
public PolicyManager getPolicyManager() {
return policyManager;
}
-
/**
* Creates a new policy authorizer.
*/
public PolicyAuthorizer() {
}
-
private PolicyManager policyManager;
-
/**
* Sets the policy manager.
- * @param manager A policy manager.
+ *
+ * @param manager
+ * A policy manager.
*/
public void setPolicyManager(PolicyManager manager) {
- assert manager != null;
+ // assert manager != null;
policyManager = manager;
}
-
private AccreditableManager accreditableManager;
-
/**
* Sets the accreditable manager.
- * @param manager An accreditable manager.
+ *
+ * @param manager
+ * An accreditable manager.
*/
public void setAccreditableManager(AccreditableManager manager) {
- assert manager != null;
+ // assert manager != null;
accreditableManager = manager;
}
-
/**
* @see org.apache.lenya.ac.Authorizer#authorize(org.apache.cocoon.environment.Request)
*/
- public boolean authorize(Request request)
- throws AccessControlException {
-
+ public boolean authorize(Request request) throws AccessControlException {
Session session = request.getSession(true);
Identity identity = (Identity) session.getAttribute(Identity.class.getName());
-
if (getLogger().isDebugEnabled()) {
getLogger().debug("Trying to authorize identity: " + identity);
}
-
boolean authorized;
-
if (identity.belongsTo(getAccreditableManager())) {
authorized = authorizePolicy(identity, request);
} else {
- getLogger().debug(
- "Identity ["
- + identity
- + "] not authorized - belongs to wrong accreditable manager.");
+ getLogger().debug("Identity [" + identity + "] not authorized - belongs to wrong accreditable manager.");
authorized = false;
}
-
getLogger().debug("Authorized: " + authorized);
-
return authorized;
}
-
/**
* Authorizes an request for an identity depending on a policy.
- * @param identity The identity to authorize.
- * @param request The request to authorize.
+ *
+ * @param identity
+ * The identity to authorize.
+ * @param request
+ * The request to authorize.
* @return A boolean value.
- * @throws AccessControlException when something went wrong.
+ * @throws AccessControlException
+ * when something went wrong.
*/
- protected boolean authorizePolicy(
- Identity identity,
- Request request)
- throws AccessControlException {
-
+ protected boolean authorizePolicy(Identity identity, Request request) throws AccessControlException {
String requestUri = request.getRequestURI();
String context = request.getContextPath();
-
if (context == null) {
context = "";
}
-
String url = requestUri.substring(context.length());
-
Policy policy = getPolicyManager().getPolicy(getAccreditableManager(), url);
Role[] roles = policy.getRoles(identity);
saveRoles(request, roles);
-
boolean authorized = roles.length > 0;
return authorized;
}
-
/**
* Saves the roles of the current identity to the request.
- * @param request The request.
- * @param roles The roles.
+ *
+ * @param request
+ * The request.
+ * @param roles
+ * The roles.
*/
protected void saveRoles(Request request, Role[] roles) {
String rolesString = "";
@@ -154,28 +138,26 @@
getLogger().debug("Adding roles [" + rolesString + " ] to request [" + request + "]");
request.setAttribute(AbstractRole.class.getName(), Arrays.asList(roles));
}
-
/**
* Fetches the stored roles from the request.
- * @param request The request.
+ *
+ * @param request
+ * The request.
* @return A role array.
- * @throws AccessControlException If the request does not contain the roles list.
+ * @throws AccessControlException
+ * If the request does not contain the roles list.
*/
public static Role[] getRoles(Request request) throws AccessControlException {
List roleList = (List) request.getAttribute(AbstractRole.class.getName());
-
if (roleList == null) {
String message = " URI: [" + request.getRequestURI() + "]\n";
- for (Enumeration e = request.getParameterNames(); e.hasMoreElements(); ) {
+ for (Enumeration e = request.getParameterNames(); e.hasMoreElements();) {
String key = (String) e.nextElement();
message += " Parameter: [" + key + "] = [" + request.getParameter(key) + "]\n";
}
-
throw new AccessControlException("Request [" + request + "] does not contain roles: \n" + message);
}
-
Role[] roles = (Role[]) roleList.toArray(new Role[roleList.size()]);
return roles;
}
-
}
Modified: lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/PolicyBuilder.java
URL: http://svn.apache.org/viewvc/lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/PolicyBuilder.java?rev=574702&r1=574701&r2=574702&view=diff
==============================================================================
--- lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/PolicyBuilder.java (original)
+++ lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/PolicyBuilder.java Tue Sep 11 14:39:37 2007
@@ -14,13 +14,10 @@
* limitations under the License.
*
*/
-
package org.apache.lenya.ac.impl;
import java.io.InputStream;
-
import javax.xml.parsers.ParserConfigurationException;
-
import org.apache.lenya.ac.AccessControlException;
import org.apache.lenya.ac.AccessController;
import org.apache.lenya.ac.Accreditable;
@@ -37,29 +34,29 @@
/**
* Builds policies from input streams.
+ *
* @version $Id$
*/
public class PolicyBuilder implements InputStreamBuilder {
-
/**
* Ctor.
- * @param accreditableManager An accreditable manager.
+ *
+ * @param accreditableManager
+ * An accreditable manager.
*/
public PolicyBuilder(AccreditableManager accreditableManager) {
- assert accreditableManager != null;
+ // assert accreditableManager != null;
this.accreditableManager = accreditableManager;
}
-
/**
* Returns the accreditable manager.
+ *
* @return An accreditable manager.
*/
public AccreditableManager getAccreditableManager() {
return accreditableManager;
}
-
private AccreditableManager accreditableManager;
-
protected static final String POLICY_ELEMENT = "policy";
protected static final String GROUP_ELEMENT = "group";
protected static final String USER_ELEMENT = "user";
@@ -68,90 +65,73 @@
protected static final String IP_RANGE_ELEMENT = "ip-range";
protected static final String ID_ATTRIBUTE = "id";
protected static final String SSL_ATTRIBUTE = "ssl";
-
/**
* Builds a policy from an input stream.
- * @param stream The input stream to read the policy from.
+ *
+ * @param stream
+ * The input stream to read the policy from.
* @return A policy.
- * @throws AccessControlException when something went wrong.
+ * @throws AccessControlException
+ * when something went wrong.
*/
- public DefaultPolicy buildPolicy(InputStream stream)
- throws AccessControlException {
-
+ public DefaultPolicy buildPolicy(InputStream stream) throws AccessControlException {
Document document;
-
try {
document = DocumentHelper.readDocument(stream);
} catch (Exception e) {
throw new AccessControlException(e);
}
-
return buildPolicy(document);
}
-
/**
* Builds a policy from an XML document.
- * @param document The XML document.
+ *
+ * @param document
+ * The XML document.
* @return A policy.
- * @throws AccessControlException when something went wrong.
+ * @throws AccessControlException
+ * when something went wrong.
*/
- public DefaultPolicy buildPolicy(Document document)
- throws AccessControlException {
-
+ public DefaultPolicy buildPolicy(Document document) throws AccessControlException {
DefaultPolicy policy = new DefaultPolicy();
Element policyElement = document.getDocumentElement();
- assert policyElement.getLocalName().equals(POLICY_ELEMENT);
-
- NamespaceHelper helper =
- new NamespaceHelper(
- AccessController.NAMESPACE,
- AccessController.DEFAULT_PREFIX,
- document);
-
+ // assert policyElement.getLocalName().equals(POLICY_ELEMENT);
+ NamespaceHelper helper = new NamespaceHelper(AccessController.NAMESPACE, AccessController.DEFAULT_PREFIX, document);
Element[] credentialElements = helper.getChildren(policyElement);
-
for (int i = 0; i < credentialElements.length; i++) {
Accreditable accreditable = null;
-
String id = credentialElements[i].getAttribute(ID_ATTRIBUTE);
accreditable = getAccreditable(credentialElements[i].getLocalName(), id);
-
Credential credential = new Credential(accreditable);
-
Element[] roleElements = helper.getChildren(credentialElements[i], ROLE_ELEMENT);
-
for (int j = 0; j < roleElements.length; j++) {
String roleId = roleElements[j].getAttribute(ID_ATTRIBUTE);
Role role = getAccreditableManager().getRoleManager().getRole(roleId);
credential.addRole(role);
}
-
policy.addCredential(credential);
}
-
boolean ssl = false;
String sslString = policyElement.getAttribute(SSL_ATTRIBUTE);
if (sslString != null) {
ssl = Boolean.valueOf(sslString).booleanValue();
}
policy.setSSL(ssl);
-
return policy;
}
-
/**
* Creates an accredtiable for an element.
- * @param elementName The elment name.
- * @param id The ID of the accreditable.
+ *
+ * @param elementName
+ * The elment name.
+ * @param id
+ * The ID of the accreditable.
* @return An accreditable.
- * @throws AccessControlException when something went wrong.
+ * @throws AccessControlException
+ * when something went wrong.
*/
- protected Accreditable getAccreditable(
- String elementName,
- String id)
- throws AccessControlException {
+ protected Accreditable getAccreditable(String elementName, String id) throws AccessControlException {
Accreditable accreditable = null;
-
if (elementName.equals(USER_ELEMENT)) {
accreditable = getAccreditableManager().getUserManager().getUser(id);
} else if (elementName.equals(GROUP_ELEMENT)) {
@@ -161,68 +141,57 @@
} else if (elementName.equals(IP_RANGE_ELEMENT)) {
accreditable = getAccreditableManager().getIPRangeManager().getIPRange(id);
}
-
if (accreditable == null) {
- throw new AccessControlException(
- "Unknown accreditable [" + elementName + "] with ID [" + id + "]");
+ throw new AccessControlException("Unknown accreditable [" + elementName + "] with ID [" + id + "]");
}
-
return accreditable;
}
-
/**
* Saves a policy to an XML document.
- * @param policy The policy to save.
+ *
+ * @param policy
+ * The policy to save.
* @return A DOM document.
- * @throws AccessControlException when something went wrong.
+ * @throws AccessControlException
+ * when something went wrong.
*/
public static Document savePolicy(DefaultPolicy policy) throws AccessControlException {
NamespaceHelper helper;
-
try {
- helper =
- new NamespaceHelper(
- AccessController.NAMESPACE,
- AccessController.DEFAULT_PREFIX,
- POLICY_ELEMENT);
+ helper = new NamespaceHelper(AccessController.NAMESPACE, AccessController.DEFAULT_PREFIX, POLICY_ELEMENT);
} catch (ParserConfigurationException e) {
throw new AccessControlException(e);
}
-
Credential[] credentials = policy.getCredentials();
Element policyElement = helper.getDocument().getDocumentElement();
-
for (int i = 0; i < credentials.length; i++) {
Accreditable accreditable = credentials[i].getAccreditable();
Element accreditableElement = save(accreditable, helper);
-
Role[] roles = credentials[i].getRoles();
for (int j = 0; j < roles.length; j++) {
Element roleElement = helper.createElement(ROLE_ELEMENT);
roleElement.setAttribute(ID_ATTRIBUTE, roles[j].getId());
accreditableElement.appendChild(roleElement);
}
-
policyElement.appendChild(accreditableElement);
}
-
policyElement.setAttribute(SSL_ATTRIBUTE, Boolean.toString(policy.isSSLProtected()));
-
return helper.getDocument();
}
-
/**
* Saves an accreditable to an XML element.
- * @param accreditable The accreditable.
- * @param helper The namespace helper to be used.
+ *
+ * @param accreditable
+ * The accreditable.
+ * @param helper
+ * The namespace helper to be used.
* @return An XML element.
- * @throws AccessControlException when something went wrong.
+ * @throws AccessControlException
+ * when something went wrong.
*/
- protected static Element save(Accreditable accreditable, NamespaceHelper helper)
- throws AccessControlException {
+ protected static Element save(Accreditable accreditable, NamespaceHelper helper) throws AccessControlException {
String localName = null;
String id = null;
-
if (accreditable instanceof User) {
localName = USER_ELEMENT;
id = ((User) accreditable).getId();
@@ -235,20 +204,15 @@
localName = IP_RANGE_ELEMENT;
id = ((AbstractIPRange) accreditable).getId();
}
-
if (localName == null) {
throw new AccessControlException("Could not save accreditable [" + accreditable + "]");
}
-
Element element = helper.createElement(localName);
-
if (id != null) {
element.setAttribute(ID_ATTRIBUTE, id);
}
-
return element;
}
-
/**
* @see org.apache.lenya.ac.cache.InputStreamBuilder#build(java.io.InputStream)
*/
@@ -261,5 +225,4 @@
}
return value;
}
-
}
Modified: lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/URLPolicy.java
URL: http://svn.apache.org/viewvc/lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/URLPolicy.java?rev=574702&r1=574701&r2=574702&view=diff
==============================================================================
--- lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/URLPolicy.java (original)
+++ lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/ac/impl/URLPolicy.java Tue Sep 11 14:39:37 2007
@@ -14,15 +14,12 @@
* limitations under the License.
*
*/
-
/* $Id$ */
-
package org.apache.lenya.ac.impl;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Set;
-
import org.apache.lenya.ac.AccessControlException;
import org.apache.lenya.ac.AccreditableManager;
import org.apache.lenya.ac.Identity;
@@ -30,55 +27,54 @@
import org.apache.lenya.ac.Role;
/**
- * A policy at a certain URL. The final policy is computed by merging the subtree
- * policies of all ancestor-or-self directories with the URL policy of the actual URL.
+ * A policy at a certain URL. The final policy is computed by merging the
+ * subtree policies of all ancestor-or-self directories with the URL policy of
+ * the actual URL.
*/
public class URLPolicy implements Policy {
-
/**
* Returns the resulting policy for a certain URL.
- * @param controller The acccess controller.
- * @param url The URL.
- * @param manager The policy manager.
+ *
+ * @param controller
+ * The acccess controller.
+ * @param url
+ * The URL.
+ * @param manager
+ * The policy manager.
*/
public URLPolicy(AccreditableManager controller, String url, InheritingPolicyManager manager) {
- assert url != null;
+ // assert url != null;
this.url = url;
-
- assert manager != null;
+ // assert manager != null;
policyManager = manager;
-
- assert controller != null;
+ // assert controller != null;
this.accreditableManager = controller;
}
-
private String url;
private InheritingPolicyManager policyManager;
private AccreditableManager accreditableManager;
private Policy[] policies = null;
-
/**
- * Obtains the policies from the policy manager.
- * This method is expensive and therefore only called when needed.
- * @throws AccessControlException when something went wrong.
+ * Obtains the policies from the policy manager. This method is expensive
+ * and therefore only called when needed.
+ *
+ * @throws AccessControlException
+ * when something went wrong.
*/
protected void obtainPolicies() throws AccessControlException {
if (policies == null) {
policies = getPolicyManager().getPolicies(getAccreditableManager(), getUrl());
}
}
-
static final String[] VISITOR_ROLES = { "visitor", "visit" };
static final String[] ADMINISTRATOR_ROLES = { "administrator", "admin", "organize" };
static final String[] AUTHOR_ROLES = { "author", "edit" };
-
/**
* @see org.apache.lenya.ac.Policy#getRoles(org.apache.lenya.ac.Identity)
*/
public Role[] getRoles(Identity identity) throws AccessControlException {
obtainPolicies();
Set roles = new HashSet();
-
// no policies defined: return "visit" or "visitor" role
if (isEmpty()) {
Role visitorRole = getVisitorRole(getAccreditableManager());
@@ -92,12 +88,14 @@
}
return (Role[]) roles.toArray(new Role[roles.size()]);
}
-
/**
* Returns the visitor role.
- * @param manager The accreditable manager.
+ *
+ * @param manager
+ * The accreditable manager.
* @return A role.
- * @throws AccessControlException when something went wrong.
+ * @throws AccessControlException
+ * when something went wrong.
*/
public static Role getVisitorRole(AccreditableManager manager) throws AccessControlException {
Role visitorRole = null;
@@ -109,12 +107,14 @@
}
return visitorRole;
}
-
/**
* Returns the administrator role.
- * @param manager The accreditable manager.
+ *
+ * @param manager
+ * The accreditable manager.
* @return A role.
- * @throws AccessControlException when something went wrong.
+ * @throws AccessControlException
+ * when something went wrong.
*/
public static Role getAdministratorRole(AccreditableManager manager) throws AccessControlException {
Role administratorRole = null;
@@ -126,12 +126,14 @@
}
return administratorRole;
}
-
/**
* Returns the author role.
- * @param manager The accreditable manager.
+ *
+ * @param manager
+ * The accreditable manager.
* @return A role.
- * @throws AccessControlException when something went wrong.
+ * @throws AccessControlException
+ * when something went wrong.
*/
public static Role getAuthorRole(AccreditableManager manager) throws AccessControlException {
Role administratorRole = null;
@@ -143,75 +145,71 @@
}
return administratorRole;
}
-
/**
* Adds the roles of an identity of a policy to a role set.
- * @param policy The policy.
- * @param identity The identity.
- * @param roles The role set.
- * @throws AccessControlException when something went wrong.
+ *
+ * @param policy
+ * The policy.
+ * @param identity
+ * The identity.
+ * @param roles
+ * The role set.
+ * @throws AccessControlException
+ * when something went wrong.
*/
- protected void addRoles(Policy policy, Identity identity, Set roles)
- throws AccessControlException {
+ protected void addRoles(Policy policy, Identity identity, Set roles) throws AccessControlException {
roles.addAll(Arrays.asList(policy.getRoles(identity)));
}
-
/**
* Returns the URL of this policy.
+ *
* @return The URL of this policy.
*/
public String getUrl() {
return url;
}
-
/**
* Returns the policy builder.
+ *
* @return A policy builder.
*/
public InheritingPolicyManager getPolicyManager() {
return policyManager;
}
-
/**
* Returns the access controller.
+ *
* @return An access controller.
*/
public AccreditableManager getAccreditableManager() {
return accreditableManager;
}
-
/**
- * The URL policy requires SSL protection if one of its
- * member policies requires SSL protection.
+ * The URL policy requires SSL protection if one of its member policies
+ * requires SSL protection.
+ *
* @see org.apache.lenya.ac.Policy#isSSLProtected()
*/
public boolean isSSLProtected() throws AccessControlException {
obtainPolicies();
-
boolean ssl = false;
-
int i = 0;
while (!ssl && i < policies.length) {
ssl = ssl || policies[i].isSSLProtected();
i++;
}
-
return ssl;
}
-
/**
* @see org.apache.lenya.ac.Policy#isEmpty()
*/
public boolean isEmpty() throws AccessControlException {
boolean empty = true;
-
int i = 0;
while (empty && i < policies.length) {
empty = empty && policies[i].isEmpty();
i++;
}
-
return empty;
}
-
}
Modified: lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/cms/ac/PublicationAccessControllerResolver.java
URL: http://svn.apache.org/viewvc/lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/cms/ac/PublicationAccessControllerResolver.java?rev=574702&r1=574701&r2=574702&view=diff
==============================================================================
--- lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/cms/ac/PublicationAccessControllerResolver.java (original)
+++ lenya/branches/revolution/1.3.x/src/java/org/apache/lenya/cms/ac/PublicationAccessControllerResolver.java Tue Sep 11 14:39:37 2007
@@ -14,13 +14,10 @@
* limitations under the License.
*
*/
-
/* $Id$ */
-
package org.apache.lenya.cms.ac;
import java.io.File;
-
import org.apache.avalon.framework.activity.Initializable;
import org.apache.avalon.framework.configuration.Configurable;
import org.apache.avalon.framework.configuration.Configuration;
@@ -37,139 +34,112 @@
import org.apache.lenya.cms.publication.URLInformation;
/**
- * Resolves the access controller according to the <code>ac.xconf</code> file of a publication.
+ * Resolves the access controller according to the <code>ac.xconf</code> file
+ * of a publication.
*/
-public class PublicationAccessControllerResolver
- extends AbstractAccessControllerResolver
- implements Initializable {
-
- protected static final String CONFIGURATION_FILE =
- "config/ac/ac.xconf".replace('/', File.separatorChar);
+public class PublicationAccessControllerResolver extends AbstractAccessControllerResolver implements Initializable {
+ protected static final String CONFIGURATION_FILE = "config/ac/ac.xconf".replace('/', File.separatorChar);
protected static final String TYPE_ATTRIBUTE = "type";
-
/**
- * This implementation uses the publication ID in combination with the context path
- * as cache key.
- * @see org.apache.lenya.ac.impl.AbstractAccessControllerResolver#generateCacheKey(java.lang.String, org.apache.excalibur.source.SourceResolver)
- */
- protected Object generateCacheKey(String webappUrl, SourceResolver resolver)
- throws AccessControlException {
-
+ * This implementation uses the publication ID in combination with the
+ * context path as cache key.
+ *
+ * @see org.apache.lenya.ac.impl.AbstractAccessControllerResolver#generateCacheKey(java.lang.String,
+ * org.apache.excalibur.source.SourceResolver)
+ */
+ protected Object generateCacheKey(String webappUrl, SourceResolver resolver) throws AccessControlException {
URLInformation info = new URLInformation(webappUrl);
-
String publicationId = info.getPublicationId();
if (getLogger().isDebugEnabled()) {
- getLogger().debug(
- "Using first URL step (might be publication ID) as cache key: [" + publicationId + "]");
+ getLogger().debug("Using first URL step (might be publication ID) as cache key: [" + publicationId + "]");
}
-
return super.generateCacheKey(publicationId, resolver);
}
-
/**
* @see org.apache.lenya.ac.impl.AbstractAccessControllerResolver#doResolveAccessController(java.lang.String)
*/
- public AccessController doResolveAccessController(String webappUrl)
- throws AccessControlException {
+ public AccessController doResolveAccessController(String webappUrl) throws AccessControlException {
getLogger().debug("Resolving controller for URL [" + webappUrl + "]");
-
AccessController controller = null;
Publication publication = getPublication(webappUrl);
-
if (publication != null) {
String publicationUrl = webappUrl.substring(("/" + publication.getId()).length());
controller = resolveAccessController(publication, publicationUrl);
}
return controller;
}
-
/**
- * Returns the publication for the webapp URL or null if the URL is not included
- * in a publication.
- * @param webappUrl The webapp URL.
+ * Returns the publication for the webapp URL or null if the URL is not
+ * included in a publication.
+ *
+ * @param webappUrl
+ * The webapp URL.
* @return A publication.
- * @throws AccessControlException when something went wrong.
+ * @throws AccessControlException
+ * when something went wrong.
*/
protected Publication getPublication(String webappUrl) throws AccessControlException {
Publication publication = null;
-
- assert webappUrl.startsWith("/");
+ // assert webappUrl.startsWith("/");
// remove leading slash
String url = webappUrl.substring(1);
-
if (url.length() > 0) {
-
- URLInformation info = new URLInformation(webappUrl);
+ URLInformation info = new URLInformation(webappUrl);
String publicationId = info.getPublicationId();
-
File contextDir = getContext();
- if (PublicationFactory
- .existsPublication(publicationId, contextDir.getAbsolutePath())) {
-
+ if (PublicationFactory.existsPublication(publicationId, contextDir.getAbsolutePath())) {
getLogger().debug("Publication [" + publicationId + "] exists.");
try {
- publication =
- PublicationFactory.getPublication(
- publicationId,
- contextDir.getAbsolutePath());
+ publication = PublicationFactory.getPublication(publicationId, contextDir.getAbsolutePath());
} catch (PublicationException e) {
throw new AccessControlException(e);
}
-
} else {
getLogger().debug("Publication [" + publicationId + "] does not exist.");
}
}
return publication;
}
-
/**
- * Returns the servlet context.
+ * Returns the servlet context.
+ *
* @return A file.
- * @throws AccessControlException when something went wrong.
+ * @throws AccessControlException
+ * when something went wrong.
*/
protected File getContext() throws AccessControlException {
return context;
}
-
private File context;
-
/**
* Resolves an access controller for a certain URL within a publication.
- * @param publication The publication.
- * @param url The url within the publication.
+ *
+ * @param publication
+ * The publication.
+ * @param url
+ * The url within the publication.
* @return An access controller.
- * @throws AccessControlException when something went wrong.
+ * @throws AccessControlException
+ * when something went wrong.
*/
- public AccessController resolveAccessController(Publication publication, String url)
- throws AccessControlException {
-
- assert publication != null;
-
+ public AccessController resolveAccessController(Publication publication, String url) throws AccessControlException {
+ // assert publication != null;
AccessController accessController = null;
File configurationFile = new File(publication.getDirectory(), CONFIGURATION_FILE);
-
if (configurationFile.isFile()) {
try {
- Configuration configuration =
- new DefaultConfigurationBuilder().buildFromFile(configurationFile);
+ Configuration configuration = new DefaultConfigurationBuilder().buildFromFile(configurationFile);
String type = configuration.getAttribute(TYPE_ATTRIBUTE);
-
- accessController =
- (AccessController) getManager().lookup(AccessController.ROLE + "/" + type);
-
+ accessController = (AccessController) getManager().lookup(AccessController.ROLE + "/" + type);
if (accessController instanceof Configurable) {
((Configurable) accessController).configure(configuration);
}
-
} catch (Exception e) {
throw new AccessControlException(e);
}
}
-
return accessController;
}
-
/**
* @see org.apache.avalon.framework.activity.Initializable#initialize()
*/
@@ -181,11 +151,9 @@
resolver = (SourceResolver) getManager().lookup(SourceResolver.ROLE);
contextSource = resolver.resolveURI("context:///");
contextDir = SourceUtil.getFile(contextSource);
-
if (contextDir == null || !contextDir.isDirectory()) {
throw new AccessControlException("The servlet context is not a directory!");
}
-
} finally {
if (resolver != null) {
if (contextSource != null) {
@@ -196,5 +164,4 @@
}
this.context = contextDir;
}
-
}
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@lenya.apache.org
For additional commands, e-mail: commits-help@lenya.apache.org