1 package org.apache.turbine.util.security;
2
3 /* ====================================================================
4 * The Apache Software License, Version 1.1
5 *
6 * Copyright (c) 2001 The Apache Software Foundation. All rights
7 * reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. The end-user documentation included with the redistribution,
22 * if any, must include the following acknowledgment:
23 * "This product includes software developed by the
24 * Apache Software Foundation (http://www.apache.org/)."
25 * Alternately, this acknowledgment may appear in the software itself,
26 * if and wherever such third-party acknowledgments normally appear.
27 *
28 * 4. The names "Apache" and "Apache Software Foundation" and
29 * "Apache Turbine" must not be used to endorse or promote products
30 * derived from this software without prior written permission. For
31 * written permission, please contact apache@apache.org.
32 *
33 * 5. Products derived from this software may not be called "Apache",
34 * "Apache Turbine", nor may "Apache" appear in their name, without
35 * prior written permission of the Apache Software Foundation.
36 *
37 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
38 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
39 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
40 * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
43 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
44 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
45 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
46 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
47 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
48 * SUCH DAMAGE.
49 * ====================================================================
50 *
51 * This software consists of voluntary contributions made by many
52 * individuals on behalf of the Apache Software Foundation. For more
53 * information on the Apache Software Foundation, please see
54 * <http://www.apache.org/>.
55 */
56
57 import java.io.Serializable;
58 import java.util.Iterator;
59 import java.util.Map;
60 import org.apache.turbine.om.security.Group;
61 import org.apache.turbine.om.security.Permission;
62 import org.apache.turbine.om.security.Role;
63 import org.apache.turbine.services.security.TurbineSecurity;
64
65 /***
66 * This is a control class that makes it easy to find out if a
67 * particular User has a given Permission. It also determines if a
68 * User has a a particular Role.
69 *
70 * @author <a href="mailto:john.mcnally@clearink.com">John D. McNally</a>
71 * @author <a href="mailto:bmclaugh@algx.net">Brett McLaughlin</a>
72 * @author <a href="mailto:greg@shwoop.com">Greg Ritter</a>
73 * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a>
74 * @author <a href="mailto:marco@intermeta.de">Marco Knüttel</a>
75 * @version $Id: AccessControlList.java,v 1.4 2002/07/11 16:53:20 mpoeschl Exp $
76 */
77 public class AccessControlList implements Serializable
78 {
79 /*** The sets of roles that the user has in different groups */
80 private Map roleSets;
81
82 /*** The sets of permissions that the user has in different groups */
83 private Map permissionSets;
84
85 public static java.lang.String SESSION_KEY = "turbine.AccessControlList";
86
87 /***
88 * Constructs a new AccessControlList.
89 *
90 * This class follows 'immutable' pattern - it's objects can't be modified
91 * once they are created. This means that the permissions the users have are
92 * in effect form the moment they log in to the moment they log out, and
93 * changes made to the security settings in that time are not reflected
94 * in the state of this object. If you need to reset an user's permissions
95 * you need to invalidate his session. <br>
96 * The objects that constructs an AccessControlList must supply hashtables
97 * of role/permission sets keyed with group objects. <br>
98 *
99 * @param roleSets a hashtable containing RoleSet objects keyed with Group objects
100 * @param permissionSets a hashtable containing PermissionSet objects keyed with Group objects
101 */
102 public AccessControlList( Map roleSets, Map permissionSets )
103 {
104 this.roleSets = roleSets;
105 this.permissionSets = permissionSets;
106 }
107
108 /***
109 * Retrieves a set of Roles an user is assigned in a Group.
110 *
111 * @param group the Group
112 * @return the set of Roles this user has within the Group.
113 */
114 public RoleSet getRoles( Group group )
115 {
116 if (group == null)
117 {
118 return null;
119 }
120 return (RoleSet) roleSets.get(group);
121 }
122
123 /***
124 * Retrieves a set of Roles an user is assigned in the global Group.
125 *
126 * @return the set of Roles this user has within the global Group.
127 */
128 public RoleSet getRoles()
129 {
130 return getRoles(TurbineSecurity.getGlobalGroup());
131 }
132
133 /***
134 * Retrieves a set of Permissions an user is assigned in a Group.
135 *
136 * @param group the Group
137 * @return the set of Permissions this user has within the Group.
138 */
139 public PermissionSet getPermissions(Group group)
140 {
141 if (group == null)
142 {
143 return null;
144 }
145 return (PermissionSet) permissionSets.get(group);
146 }
147
148 /***
149 * Retrieves a set of Permissions an user is assigned in the global Group.
150 *
151 * @return the set of Permissions this user has within the global Group.
152 */
153 public PermissionSet getPermissions()
154 {
155 return getPermissions(TurbineSecurity.getGlobalGroup());
156 }
157
158 /***
159 * Checks if the user is assigned a specific Role in the Group.
160 *
161 * @param role the Role
162 * @param group the Group
163 * @return <code>true</code> if the user is assigned the Role in the Group.
164 */
165 public boolean hasRole(Role role, Group group)
166 {
167 RoleSet set = getRoles(group);
168 if (set == null || role == null)
169 {
170 return false;
171 }
172 return set.contains(role);
173 }
174
175 /***
176 * Checks if the user is assigned a specific Role in any of the given
177 * Groups
178 *
179 * @param role the Role
180 * @param groupset a Groupset
181 * @return <code>true</code> if the user is assigned the Role in any of
182 * the given Groups.
183 */
184 public boolean hasRole(Role role, GroupSet groupset)
185 {
186 if (role == null)
187 {
188 return false;
189 }
190 Iterator groups = groupset.elements();
191 while (groups.hasNext())
192 {
193 Group group = (Group) groups.next();
194 RoleSet roles = getRoles(group);
195 if (roles != null)
196 {
197 if (roles.contains(role))
198 {
199 return true;
200 }
201 }
202 }
203 return false;
204 }
205
206 /***
207 * Checks if the user is assigned a specific Role in the Group.
208 *
209 * @param role the Role
210 * @param group the Group
211 * @return <code>true</code> if the user is assigned the Role in the Group.
212 */
213 public boolean hasRole(String role, String group)
214 {
215 try
216 {
217 return hasRole(TurbineSecurity.getRole(role),
218 TurbineSecurity.getGroup(group));
219 }
220 catch (Exception e)
221 {
222 return false;
223 }
224 }
225
226 /***
227 * Checks if the user is assigned a specifie Role in any of the given
228 * Groups
229 *
230 * @param rolename the name of the Role
231 * @param groupset a Groupset
232 * @return <code>true</code> if the user is assigned the Role in any of
233 * the given Groups.
234 */
235 public boolean hasRole( String rolename, GroupSet groupset )
236 {
237 Role role;
238 try
239 {
240 role = TurbineSecurity.getRole(rolename);
241 }
242 catch (TurbineSecurityException e)
243 {
244 return false;
245 }
246 if (role == null)
247 {
248 return false;
249 }
250 Iterator groups = groupset.elements();
251 while (groups.hasNext())
252 {
253 Group group = (Group)groups.next();
254 RoleSet roles = getRoles(group);
255 if (roles != null)
256 {
257 if (roles.contains(role))
258 {
259 return true;
260 }
261 }
262 }
263 return false;
264 }
265
266 /***
267 * Checks if the user is assigned a specific Role in the global Group.
268 *
269 * @param role the Role
270 * @return <code>true</code> if the user is assigned the Role in the global Group.
271 */
272 public boolean hasRole(Role role)
273 {
274 return hasRole(role, TurbineSecurity.getGlobalGroup());
275 }
276
277 /***
278 * Checks if the user is assigned a specific Role in the global Group.
279 *
280 * @param role the Role
281 * @return <code>true</code> if the user is assigned the Role in the global Group.
282 */
283 public boolean hasRole(String role)
284 {
285 try
286 {
287 return hasRole(TurbineSecurity.getRole(role));
288 }
289 catch (Exception e)
290 {
291 return false;
292 }
293 }
294
295 /***
296 * Checks if the user is assigned a specific Permission in the Group.
297 *
298 * @param permission the Permission
299 * @param group the Group
300 * @return <code>true</code> if the user is assigned the Permission in the Group.
301 */
302 public boolean hasPermission( Permission permission, Group group )
303 {
304 PermissionSet set = getPermissions(group);
305 if (set == null || permission == null)
306 {
307 return false;
308 }
309 return set.contains(permission);
310 }
311
312 /***
313 * Checks if the user is assigned a specific Permission in any of the given
314 * Groups
315 *
316 * @param permission the Permission
317 * @param groupset a Groupset
318 * @return <code>true</code> if the user is assigned the Permission in any
319 * of the given Groups.
320 */
321 public boolean hasPermission( Permission permission, GroupSet groupset )
322 {
323 if (permission == null)
324 {
325 return false;
326 }
327 Iterator groups = groupset.elements();
328 while (groups.hasNext())
329 {
330 Group group = (Group)groups.next();
331 PermissionSet permissions = getPermissions(group);
332 if (permissions != null)
333 {
334 if (permissions.contains(permission))
335 {
336 return true;
337 }
338 }
339 }
340 return false;
341 }
342
343 /***
344 * Checks if the user is assigned a specific Permission in the Group.
345 *
346 * @param permission the Permission
347 * @param group the Group
348 * @return <code>true</code> if the user is assigned the Permission in the Group.
349 */
350 public boolean hasPermission( String permission, String group )
351 {
352 try
353 {
354 return hasPermission(TurbineSecurity.getPermission(permission),
355 TurbineSecurity.getGroup(group));
356 }
357 catch(Exception e)
358 {
359 return false;
360 }
361 }
362
363 /***
364 * Checks if the user is assigned a specific Permission in the Group.
365 *
366 * @param permission the Permission
367 * @param group the Group
368 * @return <code>true</code> if the user is assigned the Permission in the Group.
369 */
370 public boolean hasPermission( String permission, Group group )
371 {
372 try
373 {
374 return hasPermission(
375 TurbineSecurity.getPermission(permission), group);
376 }
377 catch(Exception e)
378 {
379 return false;
380 }
381 }
382
383 /***
384 * Checks if the user is assigned a specifie Permission in any of the given
385 * Groups
386 *
387 * @param permissionName the name of the Permission
388 * @param groupset a Groupset
389 * @return <code>true</code> if the user is assigned the Permission in any
390 * of the given Groups.
391 */
392 public boolean hasPermission( String permissionName, GroupSet groupset )
393 {
394 Permission permission;
395 try
396 {
397 permission = TurbineSecurity.getPermission(permissionName);
398 }
399 catch (TurbineSecurityException e)
400 {
401 return false;
402 }
403 if (permission == null)
404 {
405 return false;
406 }
407 Iterator groups = groupset.elements();
408 while (groups.hasNext())
409 {
410 Group group = (Group)groups.next();
411 PermissionSet permissions = getPermissions(group);
412 if (permissions != null)
413 {
414 if (permissions.contains(permission))
415 {
416 return true;
417 }
418 }
419 }
420 return false;
421 }
422
423 /***
424 * Checks if the user is assigned a specific Permission in the global Group.
425 *
426 * @param permission the Permission
427 * @return <code>true</code> if the user is assigned the Permission in the global Group.
428 */
429 public boolean hasPermission(Permission permission)
430 {
431 return hasPermission(permission, TurbineSecurity.getGlobalGroup());
432 }
433
434 /***
435 * Checks if the user is assigned a specific Permission in the global Group.
436 *
437 * @param permission the Permission
438 * @return <code>true</code> if the user is assigned the Permission in the global Group.
439 */
440 public boolean hasPermission(String permission)
441 {
442 try
443 {
444 return hasPermission(TurbineSecurity.getPermission(permission));
445 }
446 catch (Exception e)
447 {
448 return false;
449 }
450 }
451
452 /***
453 * Returns all groups definded in the system.
454 *
455 * This is useful for debugging, when you want to display all roles
456 * and permissions an user is assingned. This method is needed
457 * because you can't call static methods of TurbineSecurity class
458 * from within WebMacro/Velocity template
459 */
460 public Group[] getAllGroups()
461 {
462 try
463 {
464 return TurbineSecurity.getAllGroups().getGroupsArray();
465 }
466 catch (TurbineSecurityException e)
467 {
468 return new Group[0];
469 }
470 }
471 }
This page was automatically generated by Maven