📄 basesecurityentry.java
字号:
/*
* Copyright 2000-2004 The Apache Software Foundation.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.jetspeed.om.registry.base;
// Java imports
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Vector;
import org.apache.jetspeed.om.registry.SecurityAccess;
import org.apache.jetspeed.om.registry.SecurityAllow;
import org.apache.jetspeed.om.registry.SecurityEntry;
import org.apache.jetspeed.services.security.GroupManagement;
import org.apache.jetspeed.services.security.RoleManagement;
/**
* Interface for manipulatin the Security Entry on the registry entries
*
* @author <a href="mailto:paulsp@apache.org">Paul Spencer</a>
* @author <a href="mailto:weaver@apache.org">Scott T. Weaver</a>
* @author <a href="mailto:morciuch@apache.org">Mark Orciuch</a>
* @version $Id: BaseSecurityEntry.java,v 1.15 2004/03/23 21:15:24 jford Exp $
*/
public class BaseSecurityEntry extends BaseRegistryEntry implements SecurityEntry, java.io.Serializable
{
/** Holds value of property accesses. */
private Vector accesses = new Vector();
private transient Map accessMap = null;
public static final String ALL_ACTIONS = "*";
public static final String ALL_ROLES = "*";
public static final String ALL_GROUPS = "*";
public static final String ALL_GROUP_ROLES = "*";
public static final String ALL_USERS = "*";
private static final String OWNER_MAP = "owner";
private static final String ROLE_MAP = "role";
private static final String GROUP_MAP = "group";
private static final String GROUP_ROLE_MAP = "grouprole";
private static final String USER_MAP = "user";
private static transient Object accessMapSync = new Object();
public BaseSecurityEntry()
{ }
/**
* Implements the equals operation so that 2 elements are equal if
* all their member values are equal.
*/
public boolean equals(Object object)
{
if (object == null)
{
return false;
}
BaseSecurityEntry obj = (BaseSecurityEntry) object;
Iterator i = accesses.iterator();
Iterator i2 = obj.accesses.iterator();
while (i.hasNext())
{
BaseSecurityAccess c1 = (BaseSecurityAccess) i.next();
BaseSecurityAccess c2 = null;
if (i2.hasNext())
{
c2 = (BaseSecurityAccess) i2.next();
}
else
{
return false;
}
if (!c1.equals(c2))
{
return false;
}
}
if (i2.hasNext())
{
return false;
}
return super.equals(object);
}
/** Getter for property accesses.
* @return Value of property accesses.
*/
public Vector getAccesses()
{
return accesses;
}
/** Setter for property accesses.
* @param accesses New value of property accesses.
*/
public void setAccesses(Vector accesses)
{
this.accesses = accesses;
buildAccessMap();
}
/**
* Aututhorizes action for a role.
*
* o If the requested action and the action ALL_ACTIONS
* do not exist, then return false.
*
* o If the requesting role and ALL_ROLES does not exist for the
* the action, then return false.
*
* @param role requesting action
* @param action being requested
* @return <CODE>true</CODE> if action is allowed for role
*/
public boolean allowsRole(String role, String action)
{
Map allowMap = null;
boolean allow = false;
if (accessMap == null)
{
buildAccessMap();
}
// Checked action
allowMap = (Map) accessMap.get(action);
allow = isInAllowMap(allowMap, ROLE_MAP, role, ALL_ROLES);
if (allow == true)
{
return allow;
}
// Checked all actions
allowMap = (Map) accessMap.get(ALL_ACTIONS);
allow = isInAllowMap(allowMap, ROLE_MAP, role, ALL_ROLES);
// Not allowed
return allow;
}
/**
* Aututhorizes action for a group.
*
* o If the requested action and the action ALL_ACTIONS
* do not exist, then return false.
*
* o If the requesting role and ALL_GROUP does not exist for the
* the action, then return false.
*
* @param group requesting action
* @param action being requested
* @return <CODE>true</CODE> if action is allowed for group
*/
public boolean allowsGroup(String group, String action)
{
Map allowMap = null;
boolean allow = false;
if (accessMap == null)
{
buildAccessMap();
}
// Checked action
allowMap = (Map) accessMap.get(action);
allow = isInAllowMap(allowMap, GROUP_MAP, group, ALL_GROUPS);
if (allow == true)
{
return allow;
}
// Checked all actions
allowMap = (Map) accessMap.get(ALL_ACTIONS);
allow = isInAllowMap(allowMap, GROUP_MAP, group, ALL_GROUPS);
// Not allowed
return allow;
}
/**
* Authorizes action for a group role.
*
* o If the requested action and the action ALL_ACTIONS
* do not exist, then return false.
*
* o If the requesting group role and ALL_GROUPS_ROLES does not exist for the
* the action, then return false.
*
* @param group requesting action
* @param role requesting action
* @param action being requested
* @return <CODE>true</CODE> if action is allowed for group role
*/
public boolean allowsGroupRole(String group, String role, String action)
{
Map allowMap = null;
boolean allow = false;
if (accessMap == null)
{
buildAccessMap();
}
// Checked action
allowMap = (Map) accessMap.get(action);
allow = isInAllowMap(allowMap, GROUP_ROLE_MAP, group+role, ALL_GROUP_ROLES);
if (allow == true)
{
return allow;
}
// Checked all actions
allowMap = (Map) accessMap.get(ALL_ACTIONS);
allow = isInAllowMap(allowMap, GROUP_ROLE_MAP, group+role, ALL_GROUP_ROLES);
// Not allowed
return allow;
}
/**
* Aututhorizes action for a named user
*
* @param userName requesting action
* @param action being requested
* @return <CODE>true</CODE> if action is allowed for named user
*/
public boolean allowsUser(String userName, String action)
{
return allowsUser(userName, action, null);
}
/**
* Aututhorizes action for a named user
*
* @param userName requesting action
* @param action being requested
* @param owner User
* @return <CODE>true</CODE> if action is allowed for named user
*/
public boolean allowsUser(String userName, String action, String owner)
{
Map allowMap = null;
boolean allow = false;
if (accessMap == null)
{
buildAccessMap();
}
if ((owner != null) && (owner.equals(userName)))
{
// Checked action
allowMap = (Map) accessMap.get(action);
allow = isInAllowMap(allowMap, OWNER_MAP, null, null);
if (allow == true)
{
return allow;
}
// Checked action
allowMap = (Map) accessMap.get(ALL_ACTIONS);
allow = isInAllowMap(allowMap, OWNER_MAP, null, null);
if (allow == true)
{
return allow;
}
}
// Checked action
allowMap = (Map) accessMap.get(action);
allow = isInAllowMap(allowMap, USER_MAP, userName, ALL_USERS);
if (allow == true)
{
return allow;
}
// Checked all actions
allowMap = (Map) accessMap.get(ALL_ACTIONS);
allow = isInAllowMap(allowMap, USER_MAP, userName, ALL_USERS);
// Not allowed
return allow;
}
/**
* Checks whether a role is specifically allowed to access the request action
* This method ignores the "*" action and is here to play a maintenance role.
*/
public boolean allowsSpecificRole( String action, String role)
{
SecurityAccess access = (SecurityAccess) getAccess(action);
if (access.getAllAllows() != null)
{
Iterator allAllows = access.getAllows().iterator();
while (allAllows.hasNext())
{
SecurityAllow allow = (SecurityAllow) allAllows.next();
if (allow.getRole() != null && allow.getRole().equals(role))
{
return true;
}
}
}
return false;
}
/**
* Checks whether a group is specifically allowed to access the request action
* This method ignores the "*" action and is here to play a maintenance role.
*/
public boolean allowsSpecificGroup(String action, String group)
{
SecurityAccess access = (SecurityAccess) getAccess(action);
if (access.getAllAllows() != null)
{
Iterator allAllows = access.getAllows().iterator();
while (allAllows.hasNext())
{
SecurityAllow allow = (SecurityAllow) allAllows.next();
if (allow.getGroup() != null && allow.getGroup().equals(group))
{
return true;
}
}
}
return false;
}
/**
* Checks whether a group role is specifically allowed to access the request action
* This method ignores the "*" action and is here to play a maintenance role.
*/
public boolean allowsSpecificGroupRole(String action, String group, String role)
{
SecurityAccess access = (SecurityAccess) getAccess(action);
if (access.getAllAllows() != null)
{
Iterator allAllows = access.getAllows().iterator();
while (allAllows.hasNext())
{
SecurityAllow allow = (SecurityAllow) allAllows.next();
if (allow.getGroup() != null &&
allow.getGroup().equals(group) &&
allow.getRole() != null &&
allow.getRole().equals(role))
{
return true;
}
}
}
return false;
}
/**
* Checks whether a role is specifically allowed to access the request action
* This method ignores the "*" action and is here to play a maintenance role.
* @param String action name of action to check
* @param String role name of role to verify access for
* @return boolean whether or not the <code>role</code> has access
* to this specific action.
*/
public boolean allowsSpecificUser(String action, String user)
{
BaseSecurityAccess access = (BaseSecurityAccess) getAccess(action);
if (access.getAllAllows() != null)
{
Iterator allAllows = access.getAllows().iterator();
while (allAllows.hasNext())
{
BaseSecurityAllow allow = (BaseSecurityAllow) allAllows.next();
if (allow.getUser() != null && allow.getUser().equals(user))
{
return true;
}
}
}
return false;
}
/**
* Returns the SecurityAccess object for the <code>action</code>
* requested or null if no specific access is defined for this action.
* The "*" does change this, if an action is not specifically defined
* in the registry, null is returned
* @param SecurityEntry entry SecurityEntry to check against
* @param String action The action we want the access for.
* @return SecurityAccess that is defined for this action or
* <code>null</code> if one is not <strong>specifically defined</strong>
*/
public SecurityAccess getAccess(String action)
{
Iterator itr = getAccesses().iterator();
while (itr.hasNext())
{
BaseSecurityAccess access = (BaseSecurityAccess) itr.next();
if (access.getAction().equals(action))
{
return access;
}
}
return null;
}
/**
* Grants access for a specific action to a specific role
* for this SecurityEntry. This grants specific access ignores
* "*" action, if it exists.
* @param String action The action we are granting access to.
* @param String role The role that will receive access to this action.
* @return boolean Whether or not the access was granted. Basically,
* a <code>false</code> means that this role already has specific access.
*/
public boolean grantRoleAccess(String action, String role)
{
if (!allowsSpecificRole(action, role))
{
SecurityAccess access = getAccess(action);
List allows = access.getAllows();
if (allows == null)
{
allows = new Vector();
}
BaseSecurityAllow allow = new BaseSecurityAllow();
allow.setRole(role);
allows.add(allow);
buildAccessMap();
return true;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -