permissioninterceptor.java

功能完善的java开发框架

/*
 * Copyright 2003-2005 the original author or authors.
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 * 
 */
package com.jdon.framework.test.service;

import java.lang.reflect.Method;
import java.util.HashMap;
import java.util.Map;

import org.aopalliance.intercept.MethodInterceptor;
import org.aopalliance.intercept.MethodInvocation;
import org.apache.log4j.Logger;

import com.jdon.aop.reflection.ProxyMethodInvocation;
import com.jdon.bussinessproxy.TargetMetaDef;
import com.jdon.container.access.TargetMetaRequest;
import com.jdon.container.visitor.data.SessionContext;
import com.jdon.framework.test.dao.OperatorDao;
import com.jdon.security.web.UserPrincipalSetup;

/**
 * @author <a href="mailto:banqJdon<AT>jdon.com">banq</a>
 *
 */

public class PermissionInterceptor implements MethodInterceptor {
    private final static Logger logger = Logger.getLogger(PermissionInterceptor.class);

    private UserPrincipalSetup userPrincipalSetup;
    
    private OperatorDao operatorDao;
    
    /**
     * a list of all maps that key is service + method + role
     */
    private Map defs ;
    
    /**
     * key is the service + method 
     */
    private Map isAuth ;

    /**
     * @param permissionXmlParser
     */
    public PermissionInterceptor(UserPrincipalSetup userPrincipalSetup,
            PermissionXmlParser permissionXmlParser,
            OperatorDao operatorDao) {
        this.userPrincipalSetup = userPrincipalSetup;
        this.operatorDao = operatorDao;
        this.defs = new HashMap();
        this.isAuth = new HashMap();
        permissionXmlParser.parse(this);
        
    }

    /* (non-Javadoc)
     * @see org.aopalliance.intercept.MethodInterceptor#invoke(org.aopalliance.intercept.MethodInvocation)
     */
    public Object invoke(MethodInvocation invocation) throws Throwable {
        logger.debug("enter PermissionInterceptor");
        ProxyMethodInvocation proxyMethodInvocation = (ProxyMethodInvocation) invocation;
        TargetMetaDef targetMetaDef = proxyMethodInvocation.getTargetMetaDef();
        if (targetMetaDef.isEJB())
            return invocation.proceed();

        boolean hasPerm = false;
        
        Method method = invocation.getMethod();
        String methodNameNow = method.getName();
        String serviceName = targetMetaDef.getName();
        
        if (!isAuth(serviceName, methodNameNow)){
            return invocation.proceed();
        }
        try {
            TargetMetaRequest targetMetaRequest = proxyMethodInvocation.getTargetMetaRequest();
            SessionContext sessionContext = targetMetaRequest.getSessionContext();
            String principleName = userPrincipalSetup.getPrincipalName(sessionContext);
            logger.debug("principleName=" + principleName);

            String roleName = (String)sessionContext.getArrtibute("roleName");
            if (roleName == null){
                roleName = operatorDao.getOperator(principleName);
                sessionContext.setArrtibute("roleName", roleName);
            }
            
            hasPerm = isUserInRole(serviceName, methodNameNow, roleName);
        } catch (Exception e) {
            logger.error(e);
        }

        if (hasPerm)
            return invocation.proceed();
        else {
            String info = "no permission operate method: " + methodNameNow + " for " + targetMetaDef.getClassName();
            logger.error(info);
            throw new Throwable(info);
        }
    }
            
    public void putRule(String targetServiceRef, String methodName, String roleName){
        StringBuffer bf = new StringBuffer(targetServiceRef);
        bf.append(methodName);
        isAuth.put(bf.toString(), "true");
        bf.append(roleName);        
        defs.put(bf.toString(), "true");
    }
    
    private boolean isAuth(String targetServiceRef, String methodName){
        StringBuffer bf = new StringBuffer(targetServiceRef);
        bf.append(methodName);
        Object result = isAuth.get(bf.toString());
        if (result == null)
            return false;
        else
            return true;
    }
    
    private boolean isUserInRole(String targetServiceRef, String methodName, String principleName){
        StringBuffer bf = new StringBuffer(targetServiceRef);
        bf.append(methodName);
        bf.append(principleName);        
        Object result = defs.get(bf.toString());
        if (result == null)
            return false;
        else
            return true;
    }    

}