📄 resourceutil.java
字号:
/*
* SSL-Explorer
*
* Copyright (C) 2003-2006 3SP LTD. All Rights Reserved
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2 of
* the License, or (at your option) any later version.
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public
* License along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
package com.sslexplorer.policyframework;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpSession;
import org.apache.struts.util.LabelValueBean;
import com.sslexplorer.boot.Util;
import com.sslexplorer.core.CoreServlet;
import com.sslexplorer.security.Constants;
import com.sslexplorer.security.SessionInfo;
import com.sslexplorer.security.User;
/**
* A set of utilities for dealing with <i>Resources</i>
*
* @author Brett Smith <a href="mailto:brett@3sp.com"><brett@3sp.com></a>
* @version $Revision: 1.17 $
*/
public class ResourceUtil {
/*
* Private constructor to prevent instantiation
*/
private ResourceUtil() {
}
/**
* Filter a {@link List} of {@link Resource} objects, looking for either
* resources owned by the supplied username, or global resources that have
* the correct policy.
*
* @param user user
* @param resources list of owned resources
* @param includeSuperUser include super user permitted resources
* @return list of filtered owned resources
* @throws Exception on any error
*/
public static List filterResources(User user, List resources, boolean includeSuperUser) throws Exception {
List validResources = new ArrayList();
for (Iterator i = resources.iterator(); i.hasNext();) {
Resource p = (Resource) i.next();
// Include the resource if the current user created it
if (p instanceof OwnedResource && ((OwnedResource) p).getOwnerUsername() != null
&& !((OwnedResource) p).getOwnerUsername().equals("")) {
if (((OwnedResource) p).getOwnerUsername().equals(user.getPrincipalName())) {
validResources.add(p);
}
} else {
if (CoreServlet.getServlet().getPolicyDatabase().isPrincipalAllowed(user, p, includeSuperUser)) {
validResources.add(p);
}
}
}
return validResources;
}
/**
* Set the current list of available profiles for this session as a session
* attribute.
*
* @param session session
* @return the available profiles
* @throws Exception
*/
public static List setAvailableProfiles(HttpSession session) throws Exception {
User user = CoreServlet.getServlet().getLogonController().getUser(session, null);
List profiles = filterResources(user, CoreServlet.getServlet().getPropertyDatabase().getPropertyProfiles(
user.getPrincipalName(), true), false);
session.setAttribute(Constants.PROFILES, profiles);
return profiles;
}
/**
* Create a {@link List} or {@link org.apache.struts.util.LabelValueBean}
* objects from a {@link List} of {@link Resource} objects.
*
* @param resourceList resource list
* @return list of objects suitable for struts list components
*/
public static List resourceListAsLabelValueBeanList(List resourceList) {
List l = new ArrayList();
Resource r;
for (Iterator i = resourceList.iterator(); i.hasNext();) {
r = (Resource) i.next();
l.add(new LabelValueBean(r.getResourceName(), String.valueOf(r.getResourceId())));
}
return l;
}
/**
* Filter a list of {@link OwnedResource} obects
* for those that do <strong>not</strong> have an owner.
*
* @param resources resources
* @return filtered resources
*/
public static List filterOwned(List resources) {
List l = new ArrayList();
for (Iterator i = resources.iterator(); i.hasNext();) {
Resource resource = (Resource) i.next();
if(resource instanceof OwnedResource && ((OwnedResource)resource).getOwnerUsername() == null) {
l.add(resource);
}
}
return l;
}
/**
* Filter a list of resources for those that may be managed by the specified
* user. For a resource to be manageable, a user must either be the super
* user or the parent resource permission of the resource must be attached
* to a policy that the specified user. A resource will also be manageable
* if one of its parents is manageable.
*
* @param resources list of resources to filter
* @param user user
* @return list of manageable resources
* @throws Exception on any error
*/
public static List filterManageableResources(List resources, User user) throws Exception {
PolicyDatabase pdb = CoreServlet.getServlet().getPolicyDatabase();
boolean superUser = CoreServlet.getServlet().getLogonController().isAdministrator(user);
List l = new ArrayList();
for (Iterator i = resources.iterator(); i.hasNext();) {
Resource resource = (Resource) i.next();
boolean ok = false;
if (superUser && resource.getParentResourcePermission() == 0) {
ok = true;
} else {
ResourcePermission rp = pdb.getResourcePermission(resource.getParentResourcePermission());
// If the resource permission doesnt exist we assume the
// resource permission has been deleted and present it only to
// the super user
if (rp == null && superUser) {
ok = true;
} else if (rp != null) {
if (pdb.isPrincipalAllowed(user, rp, true)) {
ok = true;
}
}
}
if (ok) {
l.add(resource);
}
}
if (!superUser) {
for (Iterator i = resources.iterator(); i.hasNext();) {
Resource r = (Resource) i.next();
ResourcePermission rp = CoreServlet.getServlet().getPolicyDatabase().getResourcePermission(
r.getParentResourcePermission());
if (rp != null && !l.contains(r) && isInTree(user, rp, null)) {
l.add(r);
}
}
}
Collections.sort(l);
return l;
}
/**
* Get if a single resource may be managed by the specified user. For a
* resource to be manageable, a user must either be the super user or the
* parent resource permission of the resource must be attached to a policy
* that the specified user. A resource will also be manageable if one of its
* parents is manageable.
* <p>
* If a permission is provided, any resource permission that matches must
* contain the permission
*
* @param resource resource to test
* @param user user
* @param permission permission
* @return <code>true</code> if the resource is manageable
* @throws Exception on any error
*/
public static boolean isManageableResource(Resource resource, User user, Permission permission) throws Exception {
PolicyDatabase pdb = CoreServlet.getServlet().getPolicyDatabase();
boolean superUser = CoreServlet.getServlet().getLogonController().isAdministrator(user);
List l = new ArrayList();
boolean ok = false;
ResourceTypeResourcePermission rtrp = permission == null ? null : new ResourceTypeResourcePermission(resource
.getResourceType(), permission);
if (superUser && resource.getParentResourcePermission() == 0) {
ok = true;
} else {
ResourcePermission rp = pdb.getResourcePermission(resource.getParentResourcePermission());
// If the resource permission doesnt exist we assume the
// resource permission has been deleted and present it only to
// the super user
if (rp == null && superUser) {
return true;
} else if (rp != null) {
if ((rtrp == null || (rtrp != null && rp.containsPermission(rtrp))) && pdb.isPrincipalAllowed(user, rp, true)) {
return true;
}
}
}
if (ok) {
l.add(resource);
}
if (!superUser) {
ResourcePermission rp = CoreServlet.getServlet().getPolicyDatabase().getResourcePermission(
resource.getParentResourcePermission());
if (rp != null && (rtrp == null || (rtrp != null && rp.containsPermission(rtrp))) && isInTree(user, rp, rtrp)) {
return true;
}
} else {
// Super user can manage everything anyway
return true;
}
return false;
}
/**
* Recursive method to check if a resource permission or any of its parents
* are granted to the provided user.
*
* @param user user
* @param resourcePermission resource permission to test
* @param permission permission
* @return is in tree
* @throws Exception on any error
*/
static boolean isInTree(User user, ResourcePermission resourcePermission, ResourceTypeResourcePermission permission)
throws Exception {
int parentId = resourcePermission.getParentResourcePermission();
PolicyDatabase db = CoreServlet.getServlet().getPolicyDatabase();
if (parentId == 0) {
} else {
ResourcePermission parent = CoreServlet.getServlet().getPolicyDatabase().getResourcePermission(parentId);
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -