📄 jdbcpolicydatabase.java
字号:
}
return l;
}
/*
* (non-Javadoc)
*
* @see com.sslexplorer.policyframework.PolicyDatabase#getPermittingResourcePermissions(com.sslexplorer.boot.policyframework.ResourceType,
* com.sslexplorer.boot.policyframework.Permission, java.lang.String,
* com.sslexplorer.security.User, boolean, boolean, boolean)
*/
public List getPermittingResourcePermissions(ResourceType resourceType,
Permission permission, String permissionClass, User user,
boolean onwardDelegation, boolean checkDelegatedPolicies,
boolean checkGrantedPolicies) throws Exception {
String cacheKey = "permittingResourcePermissions-"
+ (resourceType == null ? "" : String.valueOf(resourceType
.getResourceTypeId()))
+ "-"
+ (permission == null ? "" : String.valueOf(permission.getId()))
+ "-" + (permissionClass == null ? "" : permissionClass) + "-"
+ user.getPrincipalName() + "-" + onwardDelegation + "-"
+ checkDelegatedPolicies + "-" + checkGrantedPolicies;
List l = (List) policyCache.retrieve(cacheKey);
if (l == null) {
l = new ArrayList();
boolean superUser = CoreServlet.getServlet().getLogonController()
.isAdministrator(user);
List resourcePermissions = getResourcePermissions();
ResourcePermission resourcePermission = null;
ResourceTypeResourcePermission resourceTypeResourcePermission = null;
/*
* First iterate through all of the resource permissions looking for
* what is visible at the top level.
*/
for (Iterator i = resourcePermissions.iterator(); i.hasNext();) {
resourcePermission = (ResourcePermission) i.next();
// Check the class matches if specified and the onward
// delegatable flags matches
if (permissionClass == null
|| permissionClass.equals(resourcePermission
.getPermissionClass())) {
// Check the user is allowed
if (!checkGrantedPolicies
|| (checkGrantedPolicies && isPrincipalAllowed(
user, resourcePermission, true))) {
// Check the user is in the delegate
boolean found = true;
if (checkDelegatedPolicies && !superUser) {
List del = getResourcePermissionDelegatedPolicies(resourcePermission);
found = false;
for (Iterator j = del.iterator(); !found
&& j.hasNext();) {
Policy p = (Policy) j.next();
if (isPolicyGrantedToPrincipal(p, user)) {
found = true;
}
}
}
if (found) {
// Iterator through all permissions in the resource
for (Iterator j = resourcePermission
.getPermissions().iterator(); j.hasNext();) {
resourceTypeResourcePermission = (ResourceTypeResourcePermission) j
.next();
// Until the resource type matches
if (resourceType == null
|| resourceType
.equals(resourceTypeResourcePermission
.getResourceType())) {
// Until at least one permission matches
if (permission == null
|| permission.getId() == resourceTypeResourcePermission
.getResourcePermission()
.getId()) {
l.add(resourcePermission);
break;
}
}
}
}
}
}
}
// Sort and cache
Collections.sort(resourcePermissions);
storeToCache(cacheKey, (Serializable) l);
}
return l;
}
/*
* (non-Javadoc)
*
* @see com.sslexplorer.policyframework.PolicyDatabase#getResourcePermissions(com.sslexplorer.boot.policyframework.ResourceType,
* com.sslexplorer.boot.policyframework.Permission, java.lang.String,
* com.sslexplorer.security.User)
*/
public List getResourcePermissions(ResourceType resourceType,
Permission permission, String permissionClass, User user)
throws Exception {
StringBuffer buf = new StringBuffer("permission");
if (resourceType != null) {
buf.append("-");
buf.append(resourceType.getResourceTypeId());
}
if (permission != null) {
buf.append("-");
buf.append(permission.getId());
}
if (permissionClass != null) {
buf.append("-");
buf.append(permissionClass);
}
buf.append("-");
buf.append(user.getPrincipalName());
String cacheKey = buf.toString();
List n = (List) policyCache.retrieve(cacheKey);
if (n == null) {
ArrayList l = new ArrayList();
boolean superUser = CoreServlet.getServlet().getLogonController()
.isAdministrator(user);
List resourcePermissions = getResourcePermissions();
ResourcePermission resourcePermission = null;
ResourceTypeResourcePermission resourceTypeResourcePermission = null;
/*
* First iterate through all of the resource permissions looking for
* what is visible at the top level.
*/
for (Iterator i = resourcePermissions.iterator(); i.hasNext();) {
resourcePermission = (ResourcePermission) i.next();
if (permissionClass == null
|| permissionClass.equals(resourcePermission
.getPermissionClass())) {
// Check the user is allowed
if (isPrincipalAllowed(user, resourcePermission, true)) {
// Iterator through all permissions in the resource
for (Iterator j = resourcePermission.getPermissions()
.iterator(); j.hasNext();) {
resourceTypeResourcePermission = (ResourceTypeResourcePermission) j
.next();
// Until the resource type matches
if (resourceType == null
|| resourceType
.equals(resourceTypeResourcePermission
.getResourceType())) {
// Until at least one permission matches
if (permission == null
|| permission.getId() == resourceTypeResourcePermission
.getResourcePermission()
.getId()) {
l.add(resourcePermission);
break;
}
}
}
}
}
}
/*
* Now iterate again, also adding resource permissions that have one
* of the top level resources permissions as parent.
*/
if (!superUser) { // Super user should already have all resource
// permissions anyway() + ")");
n = new ArrayList();
for (Iterator i = resourcePermissions.iterator(); i.hasNext();) {
resourcePermission = (ResourcePermission) i.next();
if (!l.contains(resourcePermission)
&& isInTree(l, resourcePermission)) {
n.add(resourcePermission);
}
}
} else {
n = l;
}
// Sort and cache
Collections.sort(n);
storeToCache(cacheKey, (Serializable) n);
}
return n;
}
void deleteResourcePermissionRelationships(JDBCPreparedStatement ps, int id)
throws Exception {
try {
ps = db
.getStatement("deleteResourcePermissionRelationships.delete");
ps.setInt(1, id);
ps.execute();
} finally {
ps.releasePreparedStatement();
}
}
boolean checkPolicy(Policy policy, Resource resource, Principal principal)
throws Exception {
List principals = getPrincipalsGrantedPolicy(policy);
for (Iterator i = principals.iterator(); i.hasNext();) {
Principal p = (Principal) i.next();
if (p.equals(principal)) {
return true;
}
}
int[] children = policy.getChildPolicies();
for (int i = 0; i < children.length; i++) {
Policy p = getPolicy(children[i]);
if (checkPolicy(p, resource, principal)) {
return true;
}
}
return false;
}
void updateChildPolicies(JDBCPreparedStatement ps, int[] childPolicies,
int id) throws Exception {
JDBCPreparedStatement ps2 = db.getStatement(ps,
"createPolicy.insert.deleteChildPolicies");
ps2.setInt(1, id);
try {
ps2.execute();
} finally {
ps2.releasePreparedStatement();
}
ps2 = db.getStatement(ps, "createPolicy.insert.childPolicy");
for (int i = 0; i < childPolicies.length; i++) {
try {
ps2.setInt(1, id);
ps2.setInt(2, childPolicies[i]);
ps2.execute();
} finally {
ps2.releasePreparedStatement();
}
}
}
boolean isInTree(List topLevelResources, Resource resourcePermission)
throws Exception {
int parentId = resourcePermission.getParentResourcePermission();
if (parentId == 0) {
// Root, gone too far
} else {
ResourcePermission parent = getResourcePermission(parentId);
if (topLevelResources.contains(parent)) {
return true;
} else {
if (isInTree(topLevelResources, parent)) {
return true;
}
}
}
return false;
}
void storeToCache(String key, Serializable object) {
if (log.isDebugEnabled()) {
log.debug("Caching under " + key + ", ttl=" + CACHE_TTL + ", cost="
+ CACHE_COST);
}
// NOTE Temporary code to make sure policy objects are serializable
if ("true".equals(System.getProperty("sslexplorer.useDevConfig"))) {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
try {
ObjectOutputStream oos = new ObjectOutputStream(baos);
oos.writeObject(object);
} catch (Exception e) {
System.err
.println("********** Failed to cache policy database object. There is probably a non-serializable object somewhere in the object graph. PLEASE FIX ME ****************");
e.printStackTrace();
}
}
policyCache.store(key, object, new Long(CACHE_TTL.longValue()
+ System.currentTimeMillis()), CACHE_COST);
if (log.isDebugEnabled()) {
log.debug("NUM_RETRIEVE_REQUESTED "
+ policyCache.getStat(CacheStat.NUM_RETRIEVE_REQUESTED));
log.debug("NUM_RETRIEVE_FOUND "
+ policyCache.getStat(CacheStat.NUM_RETRIEVE_FOUND));
log.debug("NUM_RETRIEVE_NOT_FOUND "
+ policyCache.getStat(CacheStat.NUM_RETRIEVE_NOT_FOUND));
log.debug("NUM_STORE_REQUESTED "
+ policyCache.getStat(CacheStat.NUM_STORE_REQUESTED));
log.debug("NUM_STORE_STORED "
+ policyCache.getStat(CacheStat.NUM_STORE_STORED));
log.debug("NUM_STORE_NOT_STORED "
+ policyCache.getStat(CacheStat.NUM_STORE_NOT_STORED));
log.debug("CUR_CAPACITY "
+ policyCache.getStat(CacheStat.CUR_CAPACITY));
}
}
Policy buildPolicy(ResultSet rs) throws Exception {
Timestamp cd = rs.getTimestamp("date_created");
Calendar c = Calendar.getInstance();
c.setTimeInMillis(cd == null ? System.currentTimeMillis() : cd
.getTime());
Timestamp ad = rs.getTimestamp("date_amended");
Calendar a = Calendar.getInstance();
a.setTimeInMillis(ad == null ? System.currentTimeMillis() : ad
.getTime());
return new DefaultPolicy(rs.getInt("id"), rs.getString("policy_name"),
rs.getString("policy_description"),
rs.getInt("policy_type_id"), getChildPolicies(rs.getInt("id")),
rs.getInt("parent_resource_permission"), c, a);
}
List buildResourcePermission(ResultSet rs) throws Exception {
List perms = null;
ResourcePermission r = null;
List l = new ArrayList();
int lastId = -1;
while (rs.next()) {
int id = rs.getInt("resource_id");
if (id != lastId) {
perms = new ArrayList();
Timestamp cd = rs.getTimestamp("date_created");
Calendar c = Calendar.getInstance();
c.setTimeInMillis(cd == null ? System.currentTimeMillis() : cd
.getTime());
Timestamp ad = rs.getTimestamp("date_amended");
Calendar a = Calendar.getInstance();
a.setTimeInMillis(ad == null ? System.currentTimeMillis() : ad
.getTime());
r = new DefaultResourcePermission(id, rs
.getString("resource_name"), rs
.getString("resource_description"), perms, rs
.getString("resource_class"), rs
.getInt("onward_delegation") == 1, rs
.getInt("parent_resource_permission"), c, a);
l.add(r);
lastId = id;
}
int resourceTypeId = rs.getInt("resource_type_id");
ResourceType t = getResourceType(resourceTypeId);
if (t == null) {
log.warn("No resource type with Id of " + resourceTypeId
+ " for resource permission " + id + ", ignoring");
} else {
int permId = rs.getInt("permission_id");
Permission drp = t.getPermission(permId);
if (drp == null) {
log.warn("No permission with Id of " + permId
+ " for resource type " + resourceTypeId
+ " and resource permission " + id + ", ignoring");
} else {
ResourceTypeResourcePermission p = new ResourceTypeResourcePermission(
t, drp);
perms.add(p);
}
}
}
return l;
}
int[] getChildPolicies(int id) throws Exception {
PropertyList l = new PropertyList();
JDBCPreparedStatement ps = db.getStatement("getChildPolicies.select");
ps.setInt(1, id);
try {
ResultSet rs = ps.executeQuery();
while (rs.next()) {
l.add(String.valueOf(rs.getInt("policy_child_id")));
}
} finally {
ps.releasePreparedStatement();
}
return l.toIntArray();
}
int[] getParentPolicies(int id) throws Exception {
PropertyList l = new PropertyList();
JDBCPreparedStatement ps = db.getStatement("getParentPolicies.select");
ps.setInt(1, id);
try {
ResultSet rs = ps.executeQuery();
while (rs.next()) {
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -