You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@isis.apache.org by rm...@apache.org on 2011/04/28 13:06:28 UTC
svn commit: r1097413 -
/incubator/isis/trunk/security/file/src/main/java/org/apache/isis/security/file/authorization/FileAuthorizor.java
Author: rmatthews
Date: Thu Apr 28 11:06:28 2011
New Revision: 1097413
URL: http://svn.apache.org/viewvc?rev=1097413&view=rev
Log:
Improved file based authorization so that 1) controls can generalised so common attributes can be specified, and 2) the more specific match is used in preference to a less specific match.
Modified:
incubator/isis/trunk/security/file/src/main/java/org/apache/isis/security/file/authorization/FileAuthorizor.java
Modified: incubator/isis/trunk/security/file/src/main/java/org/apache/isis/security/file/authorization/FileAuthorizor.java
URL: http://svn.apache.org/viewvc/incubator/isis/trunk/security/file/src/main/java/org/apache/isis/security/file/authorization/FileAuthorizor.java?rev=1097413&r1=1097412&r2=1097413&view=diff
==============================================================================
--- incubator/isis/trunk/security/file/src/main/java/org/apache/isis/security/file/authorization/FileAuthorizor.java (original)
+++ incubator/isis/trunk/security/file/src/main/java/org/apache/isis/security/file/authorization/FileAuthorizor.java Thu Apr 28 11:06:28 2011
@@ -110,13 +110,13 @@ public class FileAuthorizor extends Auth
@Override
public void init() {
+ whiteListMap = Maps.newHashMap();
+ blackListMap = Maps.newHashMap();
// initialize
if (learn) {
- return;
- }
- whiteListMap = Maps.newHashMap();
- blackListMap = Maps.newHashMap();
+ return;
+ }
cacheAuthorizationDetails(whiteListMap, whiteListInputResource);
if (blackListInputResource != null) {
cacheAuthorizationDetails(blackListMap, blackListInputResource);
@@ -158,17 +158,32 @@ public class FileAuthorizor extends Auth
private void tokenizeLine(final Map<String,List<String>> map, final String line) {
if (line.trim().startsWith("#") || line.trim().length() == 0) {
return;
+ }
+ int pos = line.trim().indexOf(">");
+ if (pos == -1) {
+ final StringTokenizer tokens = new StringTokenizer(line.trim(), ":", false);
+ if (tokens.countTokens() != 2) {
+ throw new IsisConfigurationException("Invalid line: " + line);
+ }
+ final String token1 = tokens.nextToken();
+ final String token2 = tokens.nextToken();
+ final Identifier identifier = memberFromString(token1.trim());
+ final List<String> roles = tokenizeRoles(token2);
+ String identityString = identifier.toIdentityString(Identifier.CLASS_MEMBERNAME_PARAMETERS);
+ map.put(identityString, roles);
+ } else {
+ Map<String,List<String>> newRules = new HashMap<String,List<String>>();
+ for (String name: map.keySet()) {
+ String originalName = line.trim().substring(0, pos);
+ String redirectedName = line.trim().substring(pos + 1);
+ if (name.startsWith(redirectedName)) {
+ String id = originalName + name.substring(redirectedName.length());
+ List<String> roles = map.get(name);
+ newRules.put(id, roles);
+ }
+ }
+ map.putAll(newRules);
}
- final StringTokenizer tokens = new StringTokenizer(line.trim(), ":", false);
- if (tokens.countTokens() != 2) {
- throw new IsisConfigurationException("Invalid line: " + line);
- }
- final String token1 = tokens.nextToken();
- final String token2 = tokens.nextToken();
- final Identifier identifier = memberFromString(token1.trim());
- final List<String> roles = tokenizeRoles(token2);
- String identityString = identifier.toIdentityString(Identifier.CLASS_MEMBERNAME_PARAMETERS);
- map.put(identityString, roles);
}
private Identifier memberFromString(final String identifier) {
@@ -223,36 +238,45 @@ public class FileAuthorizor extends Auth
private boolean isBlackListed(final String role, final Identifier member, final List<String> qualifiers) {
return isListed(blackListMap, role, member, qualifiers);
}
-
+
+ /*
+ * Work through the available entries from most specific to least. When one exists then determine the result of this method
+ * by looking for a compatible role between the entry and required role.
+ */
private boolean isListed(final Map<String,List<String>> map, final String role, final Identifier identifier, final List<String> qualifiers) {
if (map.isEmpty()) {// quick fail
return false;
- }
- if (isQualifiedMatch(map, role, identifier.toIdentityString(Identifier.CLASS), qualifiers)) {
- return true;
- }
- if (isQualifiedMatch(map, role, identifier.toIdentityString(Identifier.CLASS_MEMBERNAME), qualifiers)) {
- return true;
- }
- if (isQualifiedMatch(map, role, identifier.toIdentityString(Identifier.CLASS_MEMBERNAME_PARAMETERS), qualifiers)) {
- return true;
- }
- return false;
- }
-
- private boolean isQualifiedMatch(final Map<String,List<String>> map, final String role, final String key, final List<String> qualifiers) {
- if (map.containsKey(key)) {
- final List<String> roles = map.get(key);
- for (final String qualifier: qualifiers) {
- final String qualifiedRole = role + qualifier;
- if (roles.contains(qualifiedRole)) {
- return true;
- }
- }
- }
+ }
+ List<String> roles;
+ roles = rolesFor(map, identifier.toIdentityString(Identifier.CLASS_MEMBERNAME_PARAMETERS));
+ if (roles == null) {
+ roles = rolesFor(map, identifier.toIdentityString(Identifier.CLASS_MEMBERNAME));
+ }
+ if (roles == null) {
+ roles = rolesFor(map, identifier.toIdentityString(Identifier.CLASS));
+ }
+ if (roles == null) {
+ roles = rolesFor(map, "*#" + identifier.toIdentityString(Identifier.MEMBERNAME_ONLY));
+ }
+ if (roles != null) {
+ for (final String qualifier: qualifiers) {
+ final String qualifiedRole = role + qualifier;
+ if (roles.contains(qualifiedRole)) {
+ return true;
+ }
+ }
+ }
return false;
}
+ private List<String> rolesFor(Map<String, List<String>> map, String key) {
+ if (map.containsKey(key)) {
+ return map.get(key);
+ } else {
+ return null;
+ }
+ }
+
private boolean learn(final String role, final Identifier member) {
String identityString = member.toIdentityString(Identifier.CLASS_MEMBERNAME_PARAMETERS);
if (whiteListMap.containsKey(identityString)) {