📄 profileresourceaclplugin.java
字号:
/*
* OPIAM Suite
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
package opiam.admin.faare.service.services.acl;
import opiam.admin.faare.MessageUtil;
import opiam.admin.faare.PropertiesManager;
import opiam.admin.faare.config.javabeans.JBAcl;
import opiam.admin.faare.config.javabeans.JBAcls;
import opiam.admin.faare.config.javabeans.JBClassDescriptor;
import opiam.admin.faare.config.javabeans.JBFieldDescriptor;
import opiam.admin.faare.exception.ConfigurationException;
import opiam.admin.faare.exception.PersistenceException;
import opiam.admin.faare.exception.ServiceException;
import opiam.admin.faare.persistence.PersistenceLDAP;
import opiam.admin.faare.persistence.javabeans.JBTop;
import opiam.admin.faare.service.UserContext;
import opiam.admin.faare.service.services.acl.beans.ResourcesTarget;
import org.apache.commons.beanutils.PropertyUtils;
import org.apache.commons.collections.CollectionUtils;
import org.apache.log4j.Logger;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
/**
* Standard ACL plugin.
*
* Users population defined by the profile.
* Targets defined by the resources.
*
*/
public class ProfileResourceAclPlugin implements AclPluginInterface
{
/** Instance of the logger. */
private static Logger _logger = Logger.getLogger(ProfileResourceAclPlugin.class);
/** Creation action. */
private static final int ACTION_CREATE = 1;
/** Deletion action. */
private static final int ACTION_DELETE = 2;
/** Visualisation action. */
private static final int ACTION_VISUALIZE = 3;
/** Separator. */
public static final String SEPARATOR = ",";
/** Profile name key. */
public static final String PARAM_PROFILE_NAME_KEY = "profile_name";
/** Resource name key. */
public static final String PARAM_RESOURCE_NAME_KEY = "resource_name";
/** key = profile name, value = targets list (ResourcesTarget). */
private Map profileAclMap = new HashMap();
/**
* This method is called by the PropertiesManager at the initialization.
* Throws ConfigurationException (RuntimeException) if error occurs.
*
* @param acls The JBAcls object.
*
* @see opiam.admin.faare.service.services.acl.AclPluginInterface#initialize(JBAcls).
*
*/
public void initialize(JBAcls acls)
{
_logger.debug("----------- STARTING initialize");
Iterator iter = acls.getAclsMap().values().iterator();
List targets = null;
JBAcl target = null;
String profileName = null;
String resourceNames = null;
ResourcesTarget resourcesTarget = null;
while (iter.hasNext())
{
target = (JBAcl) iter.next();
profileName = target.getParam().getProperty(PARAM_PROFILE_NAME_KEY);
if (profileName == null)
{
throw new ConfigurationException(PARAM_PROFILE_NAME_KEY +
"empty, initialize error in ProfileResourceAclPlugin");
}
resourceNames = target.getParam().getProperty(PARAM_RESOURCE_NAME_KEY);
if (resourceNames == null)
{
throw new ConfigurationException(PARAM_RESOURCE_NAME_KEY +
"empty, initialize error in ProfileResourceAclPlugin");
}
profileName = profileName.trim().toLowerCase();
targets = (List) profileAclMap.get(profileName);
resourcesTarget = new ResourcesTarget();
resourcesTarget.setTarget(target);
resourcesTarget.setResourcesList(getResourcesList(resourceNames));
if (targets == null)
{
// initialize the item in the Map
targets = new ArrayList();
targets.add(resourcesTarget);
profileAclMap.put(profileName, targets);
}
else
{
// just add the target to the list
targets.add(resourcesTarget);
}
}
}
/**
* Indicates if the given operation is allowed on the given object for the
* user which the context is given in argument.
* The given object is a LDAP Directory entry.
* The operation is one of the followings :
* - creation,
* - deletion,
* - visualisation.
*
* @param entry The object to check.
* @param userContext Context of the user.
* @param action The operation.
*
* @return True if the operation is allowed, false otherwise.
*
* @throws ServiceException if an error is occurs.
*/
private boolean isEnabled(JBTop entry, UserContext userContext, int action)
throws ServiceException
{
// Get the target definitions for the current profile
String key = userContext.getJbProfile().getName().trim().toLowerCase();
List targets = (List) profileAclMap.get(key);
if (targets == null)
{
// if profile not found, consider it disabled
_logger.info(key + " profile not found, has no rights");
return false;
}
// iterate on all targets
Iterator it = targets.iterator();
ResourcesTarget resourcesTarget = null;
while (it.hasNext())
{
resourcesTarget = (ResourcesTarget) it.next();
if (isInResources(entry, resourcesTarget, userContext))
{
_logger.debug("isEnabled ACL executed = " +
resourcesTarget.getTarget().getTargetname());
if (action == ACTION_CREATE)
{
return resourcesTarget.getTarget().canCreate();
}
if (action == ACTION_DELETE)
{
return resourcesTarget.getTarget().canDelete();
}
if (action == ACTION_VISUALIZE)
{
return resourcesTarget.getTarget().canVisualize();
}
}
}
// end while
return false;
}
/**
* Splits the resourcesName in list of resources names.
*
* @param resourcesName Name of the resources.
*
* @return The list of the resources names.
*/
private List getResourcesList(String resourcesName)
{
List result = new ArrayList();
StringTokenizer tok = new StringTokenizer(resourcesName, SEPARATOR);
while (tok.hasMoreTokens())
{
result.add(tok.nextToken().trim());
}
return result;
}
/**
* Indicates if the given object is in the resources of the user profile.
*
* @param entry The object to test.
* @param resourcesTarget Set of the resources.
* @param userContext Context of the user.
*
* @return True if the given object is in the resources, false otherwise.
*/
private boolean isInResources(JBTop entry, ResourcesTarget resourcesTarget,
UserContext userContext)
{
Iterator it = resourcesTarget.getResourcesList().iterator();
String resourceName;
while (it.hasNext())
{
resourceName = (String) it.next();
if (PersistenceLDAP.isJbTopInResource(entry, resourceName,
userContext))
{
return true;
}
}
return false;
}
/**
* Indicates if the modification is allowed on the first given object for the
* user which the context is given in argument.
* The given objects are LDAP Directory entries.
*
* @param oldentry The entry before modification.
* @param newentry The entry after modification.
* @param userContext The context of the user.
*
* @return True if the modification is allowed, false otherwise.
*
* @see opiam.admin.faare.service.services.acl.AclPluginInterface#
* isModificationEnabled(JBTop, JBTop, UserContext).
*
* @throws ServiceException if an error occurs.
*
* TO BE TESTED.
*
*/
public boolean isModificationEnabled(JBTop oldentry, JBTop newentry,
UserContext userContext) throws ServiceException
{
// Get the target definitions for the current profile
String key = userContext.getJbProfile().getName().trim().toLowerCase();
List targets = (List) profileAclMap.get(key);
if (targets == null)
{
// if profile not found, consider it disabled
_logger.info(key + " profile not found, has no rights");
return false;
}
List modifiedAttrs = new ArrayList();
/*R閏up閞ation du type d'objet m閠ier*/
JBClassDescriptor classDesc;
try
{
classDesc = PropertiesManager.getInstance()
.getPersistenceDescriptionMap()
.getClassDescriptor(newentry.getClass()
.getName());
}
catch (PersistenceException pex)
{
throw new ServiceException(MessageUtil.formatMessage("MSG_MAPPING_CLASS_NOT_FOUND",
newentry.getClass().getName()), pex);
}
/*Parcours des attributs*/
JBFieldDescriptor fieldDesc = null;
Iterator ita = classDesc.getFields().iterator();
while (ita.hasNext())
{
fieldDesc = (JBFieldDescriptor) ita.next();
_logger.debug(fieldDesc.getName());
if (fieldDesc.getSrcDesc().getName().compareToIgnoreCase("dn") == 0)
{
// ne pas traiter l'attribut "DN" (ce n'est pas un atttribut)
continue;
}
if (fieldDesc.getSrcDesc().getName().equalsIgnoreCase("objectclass"))
{
// ne pas traiter l'attribut "objectclass"
continue;
}
Object newValue;
Object oldValue;
try
{
newValue = PropertyUtils.getProperty(newentry, fieldDesc.getName());
}
catch (Exception ex) // no value
{
newValue = null;
}
try
{
oldValue = PropertyUtils.getProperty(oldentry, fieldDesc.getName());
}
catch (Exception ex) // no value
{
oldValue = null;
}
_logger.debug(fieldDesc.getName() + "=>" + newValue + "/" + oldValue);
// cas des chaines vides.
if (fieldDesc.isStringType() && !fieldDesc.isACollection())
{
String snew = (String) newValue;
String sold = (String) oldValue;
if (snew != null)
{
snew = snew.trim();
if (snew.equals(""))
{
newValue = null;
}
}
if (sold != null)
{
sold = sold.trim();
if (sold.equals(""))
{
oldValue = null;
}
}
}
if ((newValue == null) && (oldValue == null))
{
continue;
}
if (((newValue == null) && (oldValue != null)) || // added or deleted
((newValue != null) && (oldValue == null)))
{
modifiedAttrs.add(fieldDesc.getName());
_logger.debug(fieldDesc.getName() + "=> modified 1");
}
else if (!fieldDesc.isACollection())
{
if (!newValue.equals(oldValue)) // modified, simple value
{
modifiedAttrs.add(fieldDesc.getName());
_logger.debug(fieldDesc.getName() + "=> modified 2");
}
}
else // Collection
{
if (!CollectionUtils.isEqualCollection((Collection) newValue, (Collection) oldValue))
{
modifiedAttrs.add(fieldDesc.getName());
_logger.debug(fieldDesc.getName() + "=> modified 3");
}
}
}
// iterate on all targets
Iterator it = targets.iterator();
ResourcesTarget resourcesTarget = null;
String attrName = null;
while (it.hasNext())
{
resourcesTarget = (ResourcesTarget) it.next();
if (isInResources(newentry, resourcesTarget, userContext))
{
_logger.debug("isEnabled ACL execut⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -