📄 jdbcpolicydatabase.java
字号:
registerResourceType(PolicyConstants.KEYSTORE_RESOURCE_TYPE);
PolicyConstants.KEYSTORE_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_CHANGE);
// Authentication Schemes
registerResourceType(PolicyConstants.AUTHENTICATION_SCHEMES_RESOURCE_TYPE);
PolicyConstants.AUTHENTICATION_SCHEMES_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_CREATE_EDIT_AND_ASSIGN);
PolicyConstants.AUTHENTICATION_SCHEMES_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_EDIT_AND_ASSIGN);
PolicyConstants.AUTHENTICATION_SCHEMES_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_ASSIGN);
PolicyConstants.AUTHENTICATION_SCHEMES_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_DELETE);
// Roles
registerResourceType(PolicyConstants.ROLES_RESOURCE_TYPE);
PolicyConstants.ROLES_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_CREATE);
PolicyConstants.ROLES_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_EDIT);
PolicyConstants.ROLES_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_DELETE);
// Accounts
registerResourceType(PolicyConstants.ACCOUNTS_RESOURCE_TYPE);
PolicyConstants.ACCOUNTS_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_CREATE);
PolicyConstants.ACCOUNTS_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_EDIT);
PolicyConstants.ACCOUNTS_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_DELETE);
// IP Restrictions
registerResourceType(PolicyConstants.IP_RESTRICTIONS_RESOURCE_TYPE);
PolicyConstants.IP_RESTRICTIONS_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_CREATE);
PolicyConstants.IP_RESTRICTIONS_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_DELETE);
// Extensions
registerResourceType(PolicyConstants.EXTENSIONS_RESOURCE_TYPE);
PolicyConstants.EXTENSIONS_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_INSTALL);
PolicyConstants.EXTENSIONS_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_UPDATE);
PolicyConstants.EXTENSIONS_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_DELETE);
// Message Queue
registerResourceType(PolicyConstants.MESSAGE_QUEUE_RESOURCE_TYPE);
PolicyConstants.MESSAGE_QUEUE_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_VIEW);
PolicyConstants.MESSAGE_QUEUE_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_DELETE);
PolicyConstants.MESSAGE_QUEUE_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_CONTROL);
PolicyConstants.MESSAGE_QUEUE_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_SEND);
// Status
registerResourceType(PolicyConstants.STATUS_TYPE_RESOURCE_TYPE);
PolicyConstants.STATUS_TYPE_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_VIEW);
// Replacement
registerResourceType(PolicyConstants.REPLACEMENTS_RESOURCE_TYPE);
PolicyConstants.STATUS_TYPE_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_CHANGE);
// User Attribute Defintions
registerResourceType(PolicyConstants.USER_ATTRIBUTE_DEFINITIONS_RESOURCE_TYPE);
PolicyConstants.USER_ATTRIBUTE_DEFINITIONS_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_MAINTAIN);
// -- Personal Resource Permissions
// Profile
registerResourceType(PolicyConstants.PERSONAL_PROFILE_RESOURCE_TYPE);
PolicyConstants.PERSONAL_PROFILE_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_MAINTAIN);
// Password
registerResourceType(PolicyConstants.PASSWORD_RESOURCE_TYPE);
if (CoreServlet.getServlet().getUserDatabase().supportsPasswordChange()) {
PolicyConstants.PASSWORD_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_CHANGE);
}
// Personal details
registerResourceType(PolicyConstants.PERSONAL_DETAILS_RESOURCE_TYPE);
PolicyConstants.PERSONAL_DETAILS_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_CHANGE);
// VPN Client
registerResourceType(PolicyConstants.VPN_CLIENT_RESOURCE_TYPE);
PolicyConstants.VPN_CLIENT_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_USE);
// Favorites
registerResourceType(PolicyConstants.FAVORITES_RESOURCE_TYPE);
PolicyConstants.FAVORITES_RESOURCE_TYPE
.addPermission(PolicyConstants.PERM_USE);
// User attributes resource type (added by LDP it was missing)
registerResourceType(PolicyConstants.USER_ATTRIBUTES_RESOURCE_TYPE);
PolicyConstants.USER_ATTRIBUTES_RESOURCE_TYPE.addPermission(PolicyConstants.PERM_MAINTAIN);
}
/*
* (non-Javadoc)
*
* @see com.sslexplorer.policyframework.PolicyDatabase#getGrantedResourcesOfType(com.sslexplorer.permissions.Principal,
* com.sslexplorer.boot.policyframework.ResourceType)
*/
public List getGrantedResourcesOfType(Principal principal, ResourceType type)
throws Exception {
String cacheKey = "grantedResourcesOfType-"
+ principal.getPrincipalName() + "-" + type.getResourceTypeId();
Set resourceIds = (Set) policyCache.retrieve(cacheKey);
if (resourceIds == null) {
JDBCPreparedStatement ps = null;
resourceIds = new HashSet();
try {
ps = db.getStatement("getGrantedResourcesOfType.select");
ps.setInt(1, type.getResourceTypeId());
ps.setString(2, principal.getPrincipalName());
ps.setInt(3, principal instanceof User ? Policy.PRINCIPAL_USER
: Policy.PRINCIPAL_GROUP);
ps.setInt(4, type.getResourceTypeId());
ResultSet rs = ps.executeQuery();
while (rs.next()) {
resourceIds.add(new Integer(rs.getInt("resource_id")));
}
if (principal instanceof User) {
// Now try roles
Role[] r = ((User) principal).getRoles();
if (r != null) {
for (int i = 0; i < r.length; i++) {
if (r[i] == null) {
log.warn("NULL role in principal "
+ principal.getPrincipalName());
continue;
}
ps.reset();
ps = db
.getStatement("getGrantedResourcesOfType.select");
ps.setInt(1, type.getResourceTypeId());
ps.setString(2, r[i].getPrincipalName());
ps.setInt(3, Policy.PRINCIPAL_GROUP);
ps.setInt(4, type.getResourceTypeId());
try {
rs = ps.executeQuery();
while (rs.next()) {
resourceIds.add(new Integer(rs
.getInt("resource_id")));
}
} finally {
ps.releasePreparedStatement();
}
}
}
}
} finally {
if (ps != null) {
ps.releasePreparedStatement();
}
}
storeToCache(cacheKey, (Serializable) resourceIds);
}
return new ArrayList(resourceIds);
}
/*
* (non-Javadoc)
*
* @see com.sslexplorer.policyframework.PolicyDatabase#isPrincipalGrantedResourcesOfType(com.sslexplorer.permissions.Principal,
* com.sslexplorer.boot.policyframework.ResourceType, java.util.List)
*/
public boolean isPrincipalGrantedResourcesOfType(Principal principal,
ResourceType resourceRequired, List resourceTypesToExclude)
throws Exception {
String cacheKey = "isGrantedResourceOfType-"
+ principal.getPrincipalName()
+ "-"
+ (resourceRequired == null ? "" : String
.valueOf(resourceRequired.getResourceTypeId()));
Boolean val = (Boolean) policyCache.retrieve(cacheKey);
if (val == null) {
JDBCPreparedStatement ps = null;
if (resourceRequired == null) {
// Is the user granted ANY resources of ANY type
ps = db.getStatement("isPrincipalGranted.selectAny");
ps.setString(1, principal.getPrincipalName());
ps.setInt(2, principal instanceof User ? Policy.PRINCIPAL_USER
: Policy.PRINCIPAL_GROUP);
} else {
// Is the user granted ANY resources of a particular type
ps = db.getStatement("isPrincipalGranted.selectType");
ps.setInt(1, resourceRequired.getResourceTypeId());
ps.setString(2, principal.getPrincipalName());
ps.setInt(3, principal instanceof User ? Policy.PRINCIPAL_USER
: Policy.PRINCIPAL_GROUP);
ps.setInt(4, resourceRequired.getResourceTypeId());
}
try {
ResultSet rs = ps.executeQuery();
// First check the if provided principal has access
while (true) {
if (rs.next()) {
if (resourceTypesToExclude == null
|| resourceTypesToExclude.size() == 0) {
val = Boolean.TRUE;
break;
}
int rtn = rs.getInt("resource_type");
ResourceType rt = getResourceType(rtn);
if (rt == null) {
log
.warn("Failed to locate resource type with ID of "
+ rtn
+ ". Its possible this was created by a plugin which is no longer available.");
} else {
if (!resourceTypesToExclude.contains(rt)) {
val = Boolean.TRUE;
break;
}
}
} else {
break;
}
}
// If the principal is a user, the get their roles and check
// those as well
if (val == null && principal instanceof User) {
// Now try roles
Role[] r = ((User) principal).getRoles();
if (r != null) {
for (int i = 0; val == null && i < r.length; i++) {
if (r[i] == null) {
log.warn("NULL role in principal "
+ principal.getPrincipalName());
continue;
}
ps.reset();
if (resourceRequired == null) {
ps = db
.getStatement("isPrincipalGranted.selectAny");
ps.setString(1, r[i].getPrincipalName());
ps.setInt(2, Policy.PRINCIPAL_GROUP);
} else {
ps = db
.getStatement("isPrincipalGranted.selectType");
ps.setInt(1, resourceRequired
.getResourceTypeId());
ps.setString(2, r[i].getPrincipalName());
ps.setInt(3, Policy.PRINCIPAL_GROUP);
ps.setInt(4, resourceRequired
.getResourceTypeId());
}
try {
rs = ps.executeQuery();
while (true) {
if (rs.next()) {
if (resourceTypesToExclude == null
|| resourceTypesToExclude
.size() == 0) {
val = Boolean.TRUE;
break;
}
int rtn = rs.getInt("resource_type");
ResourceType rt = getResourceType(rtn);
if (rt == null) {
log
.warn("Failed to locate resource type with ID of "
+ rtn
+ ". Its possible this was created by a plugin which is no longer available.");
} else {
if (!resourceTypesToExclude
.contains(rt)) {
val = Boolean.TRUE;
break;
}
}
} else {
break;
}
}
} finally {
ps.releasePreparedStatement();
}
}
}
}
} finally {
ps.releasePreparedStatement();
}
if (val == null) {
val = Boolean.FALSE;
}
storeToCache(cacheKey, val);
}
return val.booleanValue();
}
/*
* (non-Javadoc)
*
* @see com.sslexplorer.policyframework.PolicyDatabase#getPoliciesOfDelegatedResourcePermissions(com.sslexplorer.boot.policyframework.ResourceType,
* java.lang.String, com.sslexplorer.security.User, boolean)
*/
public List getPoliciesOfDelegatedResourcePermissions(
ResourceType resourceType, String permissionClass, User user,
boolean onwardDelegtableOnly) throws Exception {
StringBuffer buf = new StringBuffer(
"policiesOfDelegatedResourcePermissions");
if (resourceType != null) {
buf.append("-");
buf.append(resourceType.getResourceTypeId());
}
if (permissionClass != null) {
buf.append("-");
buf.append(permissionClass);
}
buf.append("-");
buf.append(user.getPrincipalName());
buf.append("-");
buf.append(onwardDelegtableOnly);
String cacheKey = buf.toString();
List l = (List) policyCache.retrieve(cacheKey);
if (l == null) {
l = new ArrayList();
List resourcePermissions = getResourcePermissions();
ResourcePermission resourcePermission = null;
ResourceTypeResourcePermission resourceTypeResourcePermission = null;
for (Iterator i = resourcePermissions.iterator(); i.hasNext();) {
resourcePermission = (ResourcePermission) i.next();
if ((!onwardDelegtableOnly || (onwardDelegtableOnly && resourcePermission
.getOnwardDelegatable()))
&& isPrincipalAllowed(user, resourcePermission, true)) {
if (permissionClass == null
|| permissionClass.equals(resourcePermission
.getPermissionClass())) {
for (Iterator j = resourcePermission.getPermissions()
.iterator(); j.hasNext();) {
resourceTypeResourcePermission = (ResourceTypeResourcePermission) j
.next();
if (resourceType == null
|| resourceType
.equals(resourceTypeResourcePermission
.getResourceType())) {
// LDP - Add the policies attached to a resource
// as well
List del = getPoliciesAttachedToResource(resourcePermission);
for (Iterator k = del.iterator(); k.hasNext();) {
Policy p = (Policy) k.next();
if (!l.contains(p)) {
l.add(p);
}
}
del = getResourcePermissionDelegatedPolicies(resourcePermission);
for (Iterator k = del.iterator(); k.hasNext();) {
Policy p = (Policy) k.next();
if (!l.contains(p)) {
l.add(p);
}
}
break;
}
}
}
}
}
storeToCache(cacheKey, (Serializable) l);
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -