View Javadoc

1   package org.apache.turbine.util.security;
2   
3   /*
4    * Copyright 2001-2004 The Apache Software Foundation.
5    *
6    * Licensed under the Apache License, Version 2.0 (the "License")
7    * you may not use this file except in compliance with the License.
8    * You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  
19  import java.util.Iterator;
20  import java.util.Map;
21  
22  import org.apache.turbine.om.security.Group;
23  import org.apache.turbine.om.security.Permission;
24  import org.apache.turbine.om.security.Role;
25  import org.apache.turbine.services.security.TurbineSecurity;
26  
27  /***
28   * This is a control class that makes it easy to find out if a
29   * particular User has a given Permission.  It also determines if a
30   * User has a a particular Role.
31   *
32   * @author <a href="mailto:jmcnally@collab.net">John D. McNally</a>
33   * @author <a href="mailto:bmclaugh@algx.net">Brett McLaughlin</a>
34   * @author <a href="mailto:greg@shwoop.com">Greg Ritter</a>
35   * @author <a href="mailto:Rafal.Krzewski@e-point.pl">Rafal Krzewski</a>
36   * @author <a href="mailto:hps@intermeta.de">Henning P. Schmiedehausen</a>
37   * @author <a href="mailto:marco@intermeta.de">Marco Kn&uuml;ttel</a>
38   * @version $Id: TurbineAccessControlList.java,v 1.8.2.2 2004/05/20 03:27:24 seade Exp $
39   */
40  public class TurbineAccessControlList
41          implements AccessControlList
42  {
43      /*** The sets of roles that the user has in different groups */
44      private Map roleSets;
45  
46      /*** The sets of permissions that the user has in different groups */
47      private Map permissionSets;
48  
49      /*** The name of this ACL. Needed for the SecurityEntity Interface */
50      private String name;
51  
52      /***
53       * Constructs a new AccessControlList.
54       *
55       * This class follows 'immutable' pattern - it's objects can't be modified
56       * once they are created. This means that the permissions the users have are
57       * in effect form the moment they log in to the moment they log out, and
58       * changes made to the security settings in that time are not reflected
59       * in the state of this object. If you need to reset an user's permissions
60       * you need to invalidate his session. <br>
61       * The objects that constructs an AccessControlList must supply hashtables
62       * of role/permission sets keyed with group objects. <br>
63       *
64       * @param roleSets a hashtable containing RoleSet objects keyed with Group objects
65       * @param permissionSets a hashtable containing PermissionSet objects keyed with Group objects
66       */
67      public TurbineAccessControlList(Map roleSets, Map permissionSets)
68      {
69          this.roleSets = roleSets;
70          this.permissionSets = permissionSets;
71      }
72  
73      /***
74       * Returns the name of this ACL.
75       *
76       * @return The ACL Name
77       *
78       */
79      public String getName()
80      {
81          return this.name;
82      }
83  
84      /***
85       * Sets the name of this ACL.
86       *
87       * @param name The new ACL name.
88       *
89       */
90      public void setName(String name)
91      {
92          this.name = name;
93      }
94  
95      /***
96       * Retrieves a set of Roles an user is assigned in a Group.
97       *
98       * @param group the Group
99       * @return the set of Roles this user has within the Group.
100      */
101     public RoleSet getRoles(Group group)
102     {
103         if (group == null)
104         {
105             return null;
106         }
107         return (RoleSet) roleSets.get(group);
108     }
109 
110     /***
111      * Retrieves a set of Roles an user is assigned in the global Group.
112      *
113      * @return the set of Roles this user has within the global Group.
114      */
115     public RoleSet getRoles()
116     {
117         return getRoles(TurbineSecurity.getGlobalGroup());
118     }
119 
120     /***
121      * Retrieves a set of Permissions an user is assigned in a Group.
122      *
123      * @param group the Group
124      * @return the set of Permissions this user has within the Group.
125      */
126     public PermissionSet getPermissions(Group group)
127     {
128         if (group == null)
129         {
130             return null;
131         }
132         return (PermissionSet) permissionSets.get(group);
133     }
134 
135     /***
136      * Retrieves a set of Permissions an user is assigned in the global Group.
137      *
138      * @return the set of Permissions this user has within the global Group.
139      */
140     public PermissionSet getPermissions()
141     {
142         return getPermissions(TurbineSecurity.getGlobalGroup());
143     }
144 
145     /***
146      * Checks if the user is assigned a specific Role in the Group.
147      *
148      * @param role the Role
149      * @param group the Group
150      * @return <code>true</code> if the user is assigned the Role in the Group.
151      */
152     public boolean hasRole(Role role, Group group)
153     {
154         RoleSet set = getRoles(group);
155         if (set == null || role == null)
156         {
157             return false;
158         }
159         return set.contains(role);
160     }
161 
162     /***
163      * Checks if the user is assigned a specific Role in any of the given
164      * Groups
165      *
166      * @param role the Role
167      * @param groupset a Groupset
168      * @return <code>true</code> if the user is assigned the Role in any of
169      *         the given Groups.
170      */
171     public boolean hasRole(Role role, GroupSet groupset)
172     {
173         if (role == null)
174         {
175             return false;
176         }
177         for (Iterator groups = groupset.iterator(); groups.hasNext();)
178         {
179             Group group = (Group) groups.next();
180             RoleSet roles = getRoles(group);
181             if (roles != null)
182             {
183                 if (roles.contains(role))
184                 {
185                     return true;
186                 }
187             }
188         }
189         return false;
190     }
191 
192     /***
193      * Checks if the user is assigned a specific Role in the Group.
194      *
195      * @param role the Role
196      * @param group the Group
197      * @return <code>true</code> if the user is assigned the Role in the Group.
198      */
199     public boolean hasRole(String role, String group)
200     {
201         try
202         {
203             return hasRole(TurbineSecurity.getRoleByName(role),
204                     TurbineSecurity.getGroupByName(group));
205         }
206         catch (Exception e)
207         {
208             return false;
209         }
210     }
211 
212     /***
213      * Checks if the user is assigned a specifie Role in any of the given
214      * Groups
215      *
216      * @param rolename the name of the Role
217      * @param groupset a Groupset
218      * @return <code>true</code> if the user is assigned the Role in any of
219      *         the given Groups.
220      */
221     public boolean hasRole(String rolename, GroupSet groupset)
222     {
223         Role role;
224         try
225         {
226             role = TurbineSecurity.getRoleByName(rolename);
227         }
228         catch (TurbineSecurityException e)
229         {
230             return false;
231         }
232         if (role == null)
233         {
234             return false;
235         }
236         for (Iterator groups = groupset.iterator(); groups.hasNext();)
237         {
238             Group group = (Group) groups.next();
239             RoleSet roles = getRoles(group);
240             if (roles != null)
241             {
242                 if (roles.contains(role))
243                 {
244                     return true;
245                 }
246             }
247         }
248         return false;
249     }
250 
251     /***
252      * Checks if the user is assigned a specific Role in the global Group.
253      *
254      * @param role the Role
255      * @return <code>true</code> if the user is assigned the Role in the global Group.
256      */
257     public boolean hasRole(Role role)
258     {
259         return hasRole(role, TurbineSecurity.getGlobalGroup());
260     }
261 
262     /***
263      * Checks if the user is assigned a specific Role in the global Group.
264      *
265      * @param role the Role
266      * @return <code>true</code> if the user is assigned the Role in the global Group.
267      */
268     public boolean hasRole(String role)
269     {
270         try
271         {
272             return hasRole(TurbineSecurity.getRoleByName(role));
273         }
274         catch (Exception e)
275         {
276             return false;
277         }
278     }
279 
280     /***
281      * Checks if the user is assigned a specific Permission in the Group.
282      *
283      * @param permission the Permission
284      * @param group the Group
285      * @return <code>true</code> if the user is assigned the Permission in the Group.
286      */
287     public boolean hasPermission(Permission permission, Group group)
288     {
289         PermissionSet set = getPermissions(group);
290         if (set == null || permission == null)
291         {
292             return false;
293         }
294         return set.contains(permission);
295     }
296 
297     /***
298      * Checks if the user is assigned a specific Permission in any of the given
299      * Groups
300      *
301      * @param permission the Permission
302      * @param groupset a Groupset
303      * @return <code>true</code> if the user is assigned the Permission in any
304      *         of the given Groups.
305      */
306     public boolean hasPermission(Permission permission, GroupSet groupset)
307     {
308         if (permission == null)
309         {
310             return false;
311         }
312         for (Iterator groups = groupset.iterator(); groups.hasNext();)
313         {
314             Group group = (Group) groups.next();
315             PermissionSet permissions = getPermissions(group);
316             if (permissions != null)
317             {
318                 if (permissions.contains(permission))
319                 {
320                     return true;
321                 }
322             }
323         }
324         return false;
325     }
326 
327     /***
328      * Checks if the user is assigned a specific Permission in the Group.
329      *
330      * @param permission the Permission
331      * @param group the Group
332      * @return <code>true</code> if the user is assigned the Permission in the Group.
333      */
334     public boolean hasPermission(String permission, String group)
335     {
336         try
337         {
338             return hasPermission(TurbineSecurity.getPermissionByName(permission),
339                     TurbineSecurity.getGroupByName(group));
340         }
341         catch (Exception e)
342         {
343             return false;
344         }
345     }
346 
347     /***
348      * Checks if the user is assigned a specific Permission in the Group.
349      *
350      * @param permission the Permission
351      * @param group the Group
352      * @return <code>true</code> if the user is assigned the Permission in the Group.
353      */
354     public boolean hasPermission(String permission, Group group)
355     {
356         try
357         {
358             return hasPermission(
359                     TurbineSecurity.getPermissionByName(permission), group);
360         }
361         catch (Exception e)
362         {
363             return false;
364         }
365     }
366 
367     /***
368      * Checks if the user is assigned a specifie Permission in any of the given
369      * Groups
370      *
371      * @param permissionName the name of the Permission
372      * @param groupset a Groupset
373      * @return <code>true</code> if the user is assigned the Permission in any
374      *         of the given Groups.
375      */
376     public boolean hasPermission(String permissionName, GroupSet groupset)
377     {
378         Permission permission;
379         try
380         {
381             permission = TurbineSecurity.getPermissionByName(permissionName);
382         }
383         catch (TurbineSecurityException e)
384         {
385             return false;
386         }
387         if (permission == null)
388         {
389             return false;
390         }
391         for (Iterator groups = groupset.iterator(); groups.hasNext();)
392         {
393             Group group = (Group) groups.next();
394             PermissionSet permissions = getPermissions(group);
395             if (permissions != null)
396             {
397                 if (permissions.contains(permission))
398                 {
399                     return true;
400                 }
401             }
402         }
403         return false;
404     }
405 
406     /***
407      * Checks if the user is assigned a specific Permission in the global Group.
408      *
409      * @param permission the Permission
410      * @return <code>true</code> if the user is assigned the Permission in the global Group.
411      */
412     public boolean hasPermission(Permission permission)
413     {
414         return hasPermission(permission, TurbineSecurity.getGlobalGroup());
415     }
416 
417     /***
418      * Checks if the user is assigned a specific Permission in the global Group.
419      *
420      * @param permission the Permission
421      * @return <code>true</code> if the user is assigned the Permission in the global Group.
422      */
423     public boolean hasPermission(String permission)
424     {
425         try
426         {
427             return hasPermission(TurbineSecurity.getPermissionByName(permission));
428         }
429         catch (Exception e)
430         {
431             return false;
432         }
433     }
434 
435     /***
436      * Returns all groups definded in the system.
437      *
438      * This is useful for debugging, when you want to display all roles
439      * and permissions an user is assingned. This method is needed
440      * because you can't call static methods of TurbineSecurity class
441      * from within WebMacro/Velocity template
442      *
443      * @return A Group [] of all groups in the system.
444      */
445     public Group[] getAllGroups()
446     {
447         try
448         {
449             return TurbineSecurity.getAllGroups().getGroupsArray();
450         }
451         catch (TurbineSecurityException e)
452         {
453             return new Group[0];
454         }
455     }
456 }