View Javadoc
1 package org.apache.turbine.util.security; 2 3 /* ==================================================================== 4 * The Apache Software License, Version 1.1 5 * 6 * Copyright (c) 2001 The Apache Software Foundation. All rights 7 * reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in 18 * the documentation and/or other materials provided with the 19 * distribution. 20 * 21 * 3. The end-user documentation included with the redistribution, 22 * if any, must include the following acknowledgment: 23 * "This product includes software developed by the 24 * Apache Software Foundation (http://www.apache.org/)." 25 * Alternately, this acknowledgment may appear in the software itself, 26 * if and wherever such third-party acknowledgments normally appear. 27 * 28 * 4. The names "Apache" and "Apache Software Foundation" and 29 * "Apache Turbine" must not be used to endorse or promote products 30 * derived from this software without prior written permission. For 31 * written permission, please contact apache@apache.org. 32 * 33 * 5. Products derived from this software may not be called "Apache", 34 * "Apache Turbine", nor may "Apache" appear in their name, without 35 * prior written permission of the Apache Software Foundation. 36 * 37 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED 38 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 39 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 40 * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR 41 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 42 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 43 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF 44 * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 45 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 46 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 47 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 48 * SUCH DAMAGE. 49 * ==================================================================== 50 * 51 * This software consists of voluntary contributions made by many 52 * individuals on behalf of the Apache Software Foundation. For more 53 * information on the Apache Software Foundation, please see 54 * <http://www.apache.org/>;. 55 */ 56 57 import java.io.Serializable; 58 import java.util.Iterator; 59 import java.util.Map; 60 import org.apache.turbine.om.security.Group; 61 import org.apache.turbine.om.security.Permission; 62 import org.apache.turbine.om.security.Role; 63 import org.apache.turbine.services.security.TurbineSecurity; 64 65 /*** 66 * This is a control class that makes it easy to find out if a 67 * particular User has a given Permission. It also determines if a 68 * User has a a particular Role. 69 * 70 * @author <a href="mailto:john.mcnally@clearink.com">John D. McNally</a> 71 * @author <a href="mailto:bmclaugh@algx.net">Brett McLaughlin</a> 72 * @author <a href="mailto:greg@shwoop.com">Greg Ritter</a> 73 * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a> 74 * @author <a href="mailto:marco@intermeta.de">Marco Knüttel</a> 75 * @version $Id: AccessControlList.java,v 1.4 2002/07/11 16:53:20 mpoeschl Exp $ 76 */ 77 public class AccessControlList implements Serializable 78 { 79 /*** The sets of roles that the user has in different groups */ 80 private Map roleSets; 81 82 /*** The sets of permissions that the user has in different groups */ 83 private Map permissionSets; 84 85 public static java.lang.String SESSION_KEY = "turbine.AccessControlList"; 86 87 /*** 88 * Constructs a new AccessControlList. 89 * 90 * This class follows 'immutable' pattern - it's objects can't be modified 91 * once they are created. This means that the permissions the users have are 92 * in effect form the moment they log in to the moment they log out, and 93 * changes made to the security settings in that time are not reflected 94 * in the state of this object. If you need to reset an user's permissions 95 * you need to invalidate his session. <br> 96 * The objects that constructs an AccessControlList must supply hashtables 97 * of role/permission sets keyed with group objects. <br> 98 * 99 * @param roleSets a hashtable containing RoleSet objects keyed with Group objects 100 * @param permissionSets a hashtable containing PermissionSet objects keyed with Group objects 101 */ 102 public AccessControlList( Map roleSets, Map permissionSets ) 103 { 104 this.roleSets = roleSets; 105 this.permissionSets = permissionSets; 106 } 107 108 /*** 109 * Retrieves a set of Roles an user is assigned in a Group. 110 * 111 * @param group the Group 112 * @return the set of Roles this user has within the Group. 113 */ 114 public RoleSet getRoles( Group group ) 115 { 116 if (group == null) 117 { 118 return null; 119 } 120 return (RoleSet) roleSets.get(group); 121 } 122 123 /*** 124 * Retrieves a set of Roles an user is assigned in the global Group. 125 * 126 * @return the set of Roles this user has within the global Group. 127 */ 128 public RoleSet getRoles() 129 { 130 return getRoles(TurbineSecurity.getGlobalGroup()); 131 } 132 133 /*** 134 * Retrieves a set of Permissions an user is assigned in a Group. 135 * 136 * @param group the Group 137 * @return the set of Permissions this user has within the Group. 138 */ 139 public PermissionSet getPermissions(Group group) 140 { 141 if (group == null) 142 { 143 return null; 144 } 145 return (PermissionSet) permissionSets.get(group); 146 } 147 148 /*** 149 * Retrieves a set of Permissions an user is assigned in the global Group. 150 * 151 * @return the set of Permissions this user has within the global Group. 152 */ 153 public PermissionSet getPermissions() 154 { 155 return getPermissions(TurbineSecurity.getGlobalGroup()); 156 } 157 158 /*** 159 * Checks if the user is assigned a specific Role in the Group. 160 * 161 * @param role the Role 162 * @param group the Group 163 * @return <code>true</code> if the user is assigned the Role in the Group. 164 */ 165 public boolean hasRole(Role role, Group group) 166 { 167 RoleSet set = getRoles(group); 168 if (set == null || role == null) 169 { 170 return false; 171 } 172 return set.contains(role); 173 } 174 175 /*** 176 * Checks if the user is assigned a specific Role in any of the given 177 * Groups 178 * 179 * @param role the Role 180 * @param groupset a Groupset 181 * @return <code>true</code> if the user is assigned the Role in any of 182 * the given Groups. 183 */ 184 public boolean hasRole(Role role, GroupSet groupset) 185 { 186 if (role == null) 187 { 188 return false; 189 } 190 Iterator groups = groupset.elements(); 191 while (groups.hasNext()) 192 { 193 Group group = (Group) groups.next(); 194 RoleSet roles = getRoles(group); 195 if (roles != null) 196 { 197 if (roles.contains(role)) 198 { 199 return true; 200 } 201 } 202 } 203 return false; 204 } 205 206 /*** 207 * Checks if the user is assigned a specific Role in the Group. 208 * 209 * @param role the Role 210 * @param group the Group 211 * @return <code>true</code> if the user is assigned the Role in the Group. 212 */ 213 public boolean hasRole(String role, String group) 214 { 215 try 216 { 217 return hasRole(TurbineSecurity.getRole(role), 218 TurbineSecurity.getGroup(group)); 219 } 220 catch (Exception e) 221 { 222 return false; 223 } 224 } 225 226 /*** 227 * Checks if the user is assigned a specifie Role in any of the given 228 * Groups 229 * 230 * @param rolename the name of the Role 231 * @param groupset a Groupset 232 * @return <code>true</code> if the user is assigned the Role in any of 233 * the given Groups. 234 */ 235 public boolean hasRole( String rolename, GroupSet groupset ) 236 { 237 Role role; 238 try 239 { 240 role = TurbineSecurity.getRole(rolename); 241 } 242 catch (TurbineSecurityException e) 243 { 244 return false; 245 } 246 if (role == null) 247 { 248 return false; 249 } 250 Iterator groups = groupset.elements(); 251 while (groups.hasNext()) 252 { 253 Group group = (Group)groups.next(); 254 RoleSet roles = getRoles(group); 255 if (roles != null) 256 { 257 if (roles.contains(role)) 258 { 259 return true; 260 } 261 } 262 } 263 return false; 264 } 265 266 /*** 267 * Checks if the user is assigned a specific Role in the global Group. 268 * 269 * @param role the Role 270 * @return <code>true</code> if the user is assigned the Role in the global Group. 271 */ 272 public boolean hasRole(Role role) 273 { 274 return hasRole(role, TurbineSecurity.getGlobalGroup()); 275 } 276 277 /*** 278 * Checks if the user is assigned a specific Role in the global Group. 279 * 280 * @param role the Role 281 * @return <code>true</code> if the user is assigned the Role in the global Group. 282 */ 283 public boolean hasRole(String role) 284 { 285 try 286 { 287 return hasRole(TurbineSecurity.getRole(role)); 288 } 289 catch (Exception e) 290 { 291 return false; 292 } 293 } 294 295 /*** 296 * Checks if the user is assigned a specific Permission in the Group. 297 * 298 * @param permission the Permission 299 * @param group the Group 300 * @return <code>true</code> if the user is assigned the Permission in the Group. 301 */ 302 public boolean hasPermission( Permission permission, Group group ) 303 { 304 PermissionSet set = getPermissions(group); 305 if (set == null || permission == null) 306 { 307 return false; 308 } 309 return set.contains(permission); 310 } 311 312 /*** 313 * Checks if the user is assigned a specific Permission in any of the given 314 * Groups 315 * 316 * @param permission the Permission 317 * @param groupset a Groupset 318 * @return <code>true</code> if the user is assigned the Permission in any 319 * of the given Groups. 320 */ 321 public boolean hasPermission( Permission permission, GroupSet groupset ) 322 { 323 if (permission == null) 324 { 325 return false; 326 } 327 Iterator groups = groupset.elements(); 328 while (groups.hasNext()) 329 { 330 Group group = (Group)groups.next(); 331 PermissionSet permissions = getPermissions(group); 332 if (permissions != null) 333 { 334 if (permissions.contains(permission)) 335 { 336 return true; 337 } 338 } 339 } 340 return false; 341 } 342 343 /*** 344 * Checks if the user is assigned a specific Permission in the Group. 345 * 346 * @param permission the Permission 347 * @param group the Group 348 * @return <code>true</code> if the user is assigned the Permission in the Group. 349 */ 350 public boolean hasPermission( String permission, String group ) 351 { 352 try 353 { 354 return hasPermission(TurbineSecurity.getPermission(permission), 355 TurbineSecurity.getGroup(group)); 356 } 357 catch(Exception e) 358 { 359 return false; 360 } 361 } 362 363 /*** 364 * Checks if the user is assigned a specific Permission in the Group. 365 * 366 * @param permission the Permission 367 * @param group the Group 368 * @return <code>true</code> if the user is assigned the Permission in the Group. 369 */ 370 public boolean hasPermission( String permission, Group group ) 371 { 372 try 373 { 374 return hasPermission( 375 TurbineSecurity.getPermission(permission), group); 376 } 377 catch(Exception e) 378 { 379 return false; 380 } 381 } 382 383 /*** 384 * Checks if the user is assigned a specifie Permission in any of the given 385 * Groups 386 * 387 * @param permissionName the name of the Permission 388 * @param groupset a Groupset 389 * @return <code>true</code> if the user is assigned the Permission in any 390 * of the given Groups. 391 */ 392 public boolean hasPermission( String permissionName, GroupSet groupset ) 393 { 394 Permission permission; 395 try 396 { 397 permission = TurbineSecurity.getPermission(permissionName); 398 } 399 catch (TurbineSecurityException e) 400 { 401 return false; 402 } 403 if (permission == null) 404 { 405 return false; 406 } 407 Iterator groups = groupset.elements(); 408 while (groups.hasNext()) 409 { 410 Group group = (Group)groups.next(); 411 PermissionSet permissions = getPermissions(group); 412 if (permissions != null) 413 { 414 if (permissions.contains(permission)) 415 { 416 return true; 417 } 418 } 419 } 420 return false; 421 } 422 423 /*** 424 * Checks if the user is assigned a specific Permission in the global Group. 425 * 426 * @param permission the Permission 427 * @return <code>true</code> if the user is assigned the Permission in the global Group. 428 */ 429 public boolean hasPermission(Permission permission) 430 { 431 return hasPermission(permission, TurbineSecurity.getGlobalGroup()); 432 } 433 434 /*** 435 * Checks if the user is assigned a specific Permission in the global Group. 436 * 437 * @param permission the Permission 438 * @return <code>true</code> if the user is assigned the Permission in the global Group. 439 */ 440 public boolean hasPermission(String permission) 441 { 442 try 443 { 444 return hasPermission(TurbineSecurity.getPermission(permission)); 445 } 446 catch (Exception e) 447 { 448 return false; 449 } 450 } 451 452 /*** 453 * Returns all groups definded in the system. 454 * 455 * This is useful for debugging, when you want to display all roles 456 * and permissions an user is assingned. This method is needed 457 * because you can't call static methods of TurbineSecurity class 458 * from within WebMacro/Velocity template 459 */ 460 public Group[] getAllGroups() 461 { 462 try 463 { 464 return TurbineSecurity.getAllGroups().getGroupsArray(); 465 } 466 catch (TurbineSecurityException e) 467 { 468 return new Group[0]; 469 } 470 } 471 }

This page was automatically generated by Maven