You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lenya.apache.org by an...@apache.org on 2003/08/13 15:13:08 UTC
cvs commit: cocoon-lenya/src/java/org/apache/lenya/cms/ac2/usecase UsecaseRolesBuilder.java UsecaseRoles.java UsecaseAuthorizer.java
andreas 2003/08/13 06:13:08
Modified: src/java/org/apache/lenya/cms/ac2/usecase
UsecaseAuthorizer.java
Added: src/java/org/apache/lenya/cms/ac2/usecase
UsecaseRolesBuilder.java UsecaseRoles.java
Log:
using caching for usecase role configuration
Revision Changes Path
1.7 +88 -98 cocoon-lenya/src/java/org/apache/lenya/cms/ac2/usecase/UsecaseAuthorizer.java
Index: UsecaseAuthorizer.java
===================================================================
RCS file: /home/cvs/cocoon-lenya/src/java/org/apache/lenya/cms/ac2/usecase/UsecaseAuthorizer.java,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- UsecaseAuthorizer.java 6 Aug 2003 12:38:47 -0000 1.6
+++ UsecaseAuthorizer.java 13 Aug 2003 13:13:08 -0000 1.7
@@ -56,100 +56,58 @@
package org.apache.lenya.cms.ac2.usecase;
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
+import java.util.Arrays;
+import java.util.List;
+import org.apache.avalon.framework.activity.Disposable;
import org.apache.avalon.framework.logger.AbstractLogEnabled;
import org.apache.avalon.framework.service.ServiceException;
import org.apache.avalon.framework.service.ServiceManager;
import org.apache.avalon.framework.service.Serviceable;
import org.apache.cocoon.environment.Request;
-import org.apache.excalibur.source.Source;
import org.apache.excalibur.source.SourceResolver;
import org.apache.lenya.cms.ac.AccessControlException;
import org.apache.lenya.cms.ac.Role;
-import org.apache.lenya.cms.ac2.AccessController;
import org.apache.lenya.cms.ac2.Authorizer;
import org.apache.lenya.cms.ac2.PolicyAuthorizer;
+import org.apache.lenya.cms.ac2.cache.CachingException;
+import org.apache.lenya.cms.ac2.cache.SourceCache;
import org.apache.lenya.cms.publication.Publication;
import org.apache.lenya.cms.publication.PublicationFactory;
import org.apache.lenya.util.ServletHelper;
-import org.apache.lenya.xml.DocumentHelper;
-import org.apache.lenya.xml.NamespaceHelper;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
/**
* @author <a href="mailto:andreas@apache.org">Andreas Hartmann</a>
*/
-public class UsecaseAuthorizer extends AbstractLogEnabled implements Authorizer, Serviceable {
+public class UsecaseAuthorizer
+ extends AbstractLogEnabled
+ implements Authorizer, Serviceable, Disposable {
public static final String TYPE = "usecase";
public static final String USECASE_PARAMETER = "lenya.usecase";
-
- // maps usecase IDs to Sets of role IDs
- private Map usecaseToRoles = new HashMap();
- private Role[] roles;
+
+ private SourceCache cache;
/**
- * Initializes the authorizer.
- * @param request The request.
- * @throws AccessControlException when something went wrong.
+ * Returns the configuration source cache.
+ * @return A source cache.
*/
- public void setup(Request request) throws AccessControlException {
- SourceResolver resolver = null;
- Source source = null;
-
- try {
- resolver = (SourceResolver) manager.lookup(SourceResolver.ROLE);
- Publication publication = PublicationFactory.getPublication(resolver, request);
- source =
- resolver.resolveURI(
- "context:///"
- + Publication.PUBLICATION_PREFIX_URI
- + "/"
- + publication.getId()
- + CONFIGURATION_FILE);
-
- Document document = DocumentHelper.readDocument(source.getInputStream());
- assert document.getDocumentElement().getLocalName().equals(USECASES_ELEMENT);
-
- NamespaceHelper helper =
- new NamespaceHelper(
- AccessController.NAMESPACE,
- AccessController.DEFAULT_PREFIX,
- document);
-
- Element[] usecaseElements =
- helper.getChildren(document.getDocumentElement(), USECASE_ELEMENT);
- for (int i = 0; i < usecaseElements.length; i++) {
- String usecaseId = usecaseElements[i].getAttribute(ID_ATTRIBUTE);
- getLogger().debug("Found usecase [" + usecaseId + "]");
- Element[] roleElements = helper.getChildren(usecaseElements[i], ROLE_ELEMENT);
- Set roleIds = new HashSet();
- for (int j = 0; j < roleElements.length; j++) {
- String roleId = roleElements[j].getAttribute(ID_ATTRIBUTE);
- roleIds.add(roleId);
- getLogger().debug("Adding role [" + roleId + "]");
- }
- usecaseToRoles.put(usecaseId, roleIds);
- }
-
- } catch (Exception e) {
- throw new AccessControlException("Building usecase role configuration failed: ", e);
- } finally {
- if (resolver != null) {
- if (source != null) {
- resolver.release(source);
- }
- manager.release(resolver);
- }
- }
+ public SourceCache getCache() {
+ return cache;
+ }
- roles = PolicyAuthorizer.getRoles(request);
+ /**
+ * Returns the source URI of the usecase role configuration file
+ * for a certain publication.
+ * @param publication The publication.
+ * @return A string representing a URI.
+ */
+ protected String getSourceURI(Publication publication) {
+ return "context:///"
+ + Publication.PUBLICATION_PREFIX_URI
+ + "/"
+ + publication.getId()
+ + CONFIGURATION_FILE;
}
/**
@@ -157,16 +115,27 @@
*/
public boolean authorize(Request request) throws AccessControlException {
- setup(request);
-
String usecase = request.getParameter(USECASE_PARAMETER);
boolean authorized = true;
String url = ServletHelper.getWebappURI(request);
- if (usecase != null) {
- authorized = authorizeUsecase(url, usecase);
- } else {
- getLogger().debug("No usecase to authorize. Granting access.");
+ SourceResolver resolver = null;
+ try {
+ resolver = (SourceResolver) manager.lookup(SourceResolver.ROLE);
+ if (usecase != null) {
+ Publication publication = PublicationFactory.getPublication(resolver, request);
+ Role[] roles = PolicyAuthorizer.getRoles(request);
+ authorized = authorizeUsecase(url, usecase, roles, publication);
+ } else {
+ getLogger().debug("No usecase to authorize. Granting access.");
+ }
+ }
+ catch (Exception e) {
+ throw new AccessControlException(e);
+ } finally {
+ if (resolver != null) {
+ manager.release(resolver);
+ }
}
return authorized;
@@ -174,25 +143,38 @@
/**
* Authorizes a usecase.
- * @param url The webapp URL.
- * @param usecase The usecase ID to authorize.
+ * @param url The request URL.
+ * @param usecase The usecase ID.
+ * @param roles The roles of the current identity.
+ * @param publication The publication.
* @return A boolean value.
* @throws AccessControlException when something went wrong.
*/
- public boolean authorizeUsecase(String url, String usecase) throws AccessControlException {
-
+ public boolean authorizeUsecase(
+ String url,
+ String usecase,
+ Role[] roles,
+ Publication publication) throws AccessControlException {
getLogger().debug("Authorizing usecase [" + usecase + "]");
boolean authorized = true;
- if (usecaseToRoles.containsKey(usecase)) {
+
+ UsecaseRolesBuilder builder = new UsecaseRolesBuilder();
+ UsecaseRoles usecaseRoles;
+ try {
+ usecaseRoles = (UsecaseRoles) getCache().get(getSourceURI(publication), builder);
+ } catch (CachingException e) {
+ throw new AccessControlException(e);
+ }
+ if (usecaseRoles.hasRoles(usecase)) {
getLogger().debug("Roles for usecase found.");
- Set usecaseRoles = getRoleIDs(usecase);
+ List usecaseRoleIds = Arrays.asList(usecaseRoles.getRoles(usecase));
int i = 0;
authorized = false;
while (!authorized && i < roles.length) {
- authorized = usecaseRoles.contains(roles[i].getId());
+ authorized = usecaseRoleIds.contains(roles[i].getId());
getLogger().debug(
"Authorization for role [" + roles[i].getId() + "] is [" + authorized + "]");
i++;
@@ -203,10 +185,22 @@
return authorized;
}
- protected static final String USECASES_ELEMENT = "usecases";
- protected static final String USECASE_ELEMENT = "usecase";
- protected static final String ROLE_ELEMENT = "role";
- protected static final String ID_ATTRIBUTE = "id";
+ /**
+ * Authorizes a usecase.
+ * @param url The webapp URL.
+ * @param usecase The usecase ID to authorize.
+ * @param roles The roles of the current identity.
+ * @return A boolean value.
+ * @throws AccessControlException when something went wrong.
+ public boolean authorizeUsecase(String url, String usecase, Request request)
+ throws AccessControlException {
+
+ Role[] roles = PolicyAuthorizer.getRoles(request);
+ Publication publication = PublicationFactory.getPublication(resolver, request);
+ return authorizeUsecase(url, usecase, roles, publication);
+ }
+ */
+
protected static final String CONFIGURATION_FILE = "/config/ac/usecase-policies.xml";
private ServiceManager manager;
@@ -215,22 +209,18 @@
* @see org.apache.avalon.framework.service.Serviceable#service(org.apache.avalon.framework.service.ServiceManager)
*/
public void service(ServiceManager manager) throws ServiceException {
+ getLogger().debug("Servicing [" + getClass().getName() + "]");
this.manager = manager;
+ this.cache = (SourceCache) manager.lookup(SourceCache.ROLE);
}
/**
- * Returns the role names that are allowed to execute a certain usecase.
- * @param usecaseId The usecase ID.
- * @return A set.
- */
- protected Set getRoleIDs(String usecaseId) {
- Set usecaseRoles;
- if (usecaseToRoles.containsKey(usecaseId)) {
- usecaseRoles = (Set) usecaseToRoles.get(usecaseId);
- } else {
- usecaseRoles = Collections.EMPTY_SET;
+ * @see org.apache.avalon.framework.activity.Disposable#dispose()
+ */
+ public void dispose() {
+ if (getCache() != null) {
+ manager.release(getCache());
}
- return usecaseRoles;
}
}
1.1 cocoon-lenya/src/java/org/apache/lenya/cms/ac2/usecase/UsecaseRolesBuilder.java
Index: UsecaseRolesBuilder.java
===================================================================
/*
$Id: UsecaseRolesBuilder.java,v 1.1 2003/08/13 13:13:08 andreas Exp $
<License>
============================================================================
The Apache Software License, Version 1.1
============================================================================
Copyright (C) 1999-2003 The Apache Software Foundation. All rights reserved.
Redistribution and use in source and binary forms, with or without modifica-
tion, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
3. The end-user documentation included with the redistribution, if any, must
include the following acknowledgment: "This product includes software
developed by the Apache Software Foundation (http://www.apache.org/)."
Alternately, this acknowledgment may appear in the software itself, if
and wherever such third-party acknowledgments normally appear.
4. The names "Apache Lenya" and "Apache Software Foundation" must not be
used to endorse or promote products derived from this software without
prior written permission. For written permission, please contact
apache@apache.org.
5. Products derived from this software may not be called "Apache", nor may
"Apache" appear in their name, without prior written permission of the
Apache Software Foundation.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
APACHE SOFTWARE FOUNDATION OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLU-
DING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This software consists of voluntary contributions made by many individuals
on behalf of the Apache Software Foundation and was originally created by
Michael Wechner <mi...@apache.org>. For more information on the Apache Soft-
ware Foundation, please see <http://www.apache.org/>.
Lenya includes software developed by the Apache Software Foundation, W3C,
DOM4J Project, BitfluxEditor, Xopus, and WebSHPINX.
</License>
*/
package org.apache.lenya.cms.ac2.usecase;
import java.io.InputStream;
import java.util.HashSet;
import java.util.Set;
import org.apache.lenya.cms.ac2.AccessController;
import org.apache.lenya.cms.ac2.cache.BuildException;
import org.apache.lenya.cms.ac2.cache.InputStreamBuilder;
import org.apache.lenya.xml.DocumentHelper;
import org.apache.lenya.xml.NamespaceHelper;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
/**
* @author andreas
*
* To change the template for this generated type comment go to
* Window - Preferences - Java - Code Generation - Code and Comments
*/
public class UsecaseRolesBuilder implements InputStreamBuilder {
protected static final String USECASES_ELEMENT = "usecases";
protected static final String USECASE_ELEMENT = "usecase";
protected static final String ROLE_ELEMENT = "role";
protected static final String ID_ATTRIBUTE = "id";
/**
* @see org.apache.lenya.cms.ac2.cache.InputStreamBuilder#build(java.io.InputStream)
*/
public Object build(InputStream stream) throws BuildException {
UsecaseRoles usecaseRoles = new UsecaseRoles();
Document document;
try {
document = DocumentHelper.readDocument(stream);
} catch (Exception e) {
throw new BuildException(e);
}
assert document.getDocumentElement().getLocalName().equals(USECASES_ELEMENT);
NamespaceHelper helper =
new NamespaceHelper(
AccessController.NAMESPACE,
AccessController.DEFAULT_PREFIX,
document);
Element[] usecaseElements =
helper.getChildren(document.getDocumentElement(), USECASE_ELEMENT);
for (int i = 0; i < usecaseElements.length; i++) {
String usecaseId = usecaseElements[i].getAttribute(ID_ATTRIBUTE);
Element[] roleElements = helper.getChildren(usecaseElements[i], ROLE_ELEMENT);
Set roleIds = new HashSet();
for (int j = 0; j < roleElements.length; j++) {
String roleId = roleElements[j].getAttribute(ID_ATTRIBUTE);
roleIds.add(roleId);
}
String[] roleIdArray = (String[]) roleIds.toArray(new String[roleIds.size()]);
usecaseRoles.setRoles(usecaseId, roleIdArray);
}
return usecaseRoles;
}
}
1.1 cocoon-lenya/src/java/org/apache/lenya/cms/ac2/usecase/UsecaseRoles.java
Index: UsecaseRoles.java
===================================================================
/*
$Id: UsecaseRoles.java,v 1.1 2003/08/13 13:13:08 andreas Exp $
<License>
============================================================================
The Apache Software License, Version 1.1
============================================================================
Copyright (C) 1999-2003 The Apache Software Foundation. All rights reserved.
Redistribution and use in source and binary forms, with or without modifica-
tion, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
3. The end-user documentation included with the redistribution, if any, must
include the following acknowledgment: "This product includes software
developed by the Apache Software Foundation (http://www.apache.org/)."
Alternately, this acknowledgment may appear in the software itself, if
and wherever such third-party acknowledgments normally appear.
4. The names "Apache Lenya" and "Apache Software Foundation" must not be
used to endorse or promote products derived from this software without
prior written permission. For written permission, please contact
apache@apache.org.
5. Products derived from this software may not be called "Apache", nor may
"Apache" appear in their name, without prior written permission of the
Apache Software Foundation.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
APACHE SOFTWARE FOUNDATION OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLU-
DING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This software consists of voluntary contributions made by many individuals
on behalf of the Apache Software Foundation and was originally created by
Michael Wechner <mi...@apache.org>. For more information on the Apache Soft-
ware Foundation, please see <http://www.apache.org/>.
Lenya includes software developed by the Apache Software Foundation, W3C,
DOM4J Project, BitfluxEditor, Xopus, and WebSHPINX.
</License>
*/
package org.apache.lenya.cms.ac2.usecase;
import java.util.HashMap;
import java.util.Map;
/**
* @author andreas
*
* To change the template for this generated type comment go to
* Window - Preferences - Java - Code Generation - Code and Comments
*/
public class UsecaseRoles {
private Map usecaseToRoles = new HashMap();
/**
* Ctor.
*/
public UsecaseRoles() {
}
/**
* Sets the roles for a usecase.
* @param usecaseId The usecase ID.
* @param roleIds The role IDs.
*/
public void setRoles(String usecaseId, String[] roleIds) {
usecaseToRoles.put(usecaseId, roleIds);
}
/**
* Returns the roles for a usecase.
* If no roles are defined for this usecase, an array of size 0 is returned.
* @param usecaseId The usecase ID.
* @return A role array.
*/
public String[] getRoles(String usecaseId) {
String[] usecaseRoles;
if (usecaseToRoles.containsKey(usecaseId)) {
usecaseRoles = (String[]) usecaseToRoles.get(usecaseId);
} else {
usecaseRoles = new String[0];
}
return usecaseRoles;
}
/**
* Checks if a usecase has roles.
* @param usecaseId The usecase ID.
* @return A boolean value.
*/
public boolean hasRoles(String usecaseId) {
return usecaseToRoles.containsKey(usecaseId);
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: lenya-cvs-unsubscribe@cocoon.apache.org
For additional commands, e-mail: lenya-cvs-help@cocoon.apache.org