📄 profileresourceaclplugin.java
字号:
/*
* OPIAM Suite
*
* Distributable under LGPL license.
* See terms of license at gnu.org.
*/
package opiam.admin.applis.demo.plugins;
import opiam.admin.applis.demo.beans.Person;
import opiam.admin.faare.MessageUtil;
import opiam.admin.faare.PropertiesManager;
import opiam.admin.faare.config.javabeans.JBAcl;
import opiam.admin.faare.config.javabeans.JBAcls;
import opiam.admin.faare.config.javabeans.JBClassDescriptor;
import opiam.admin.faare.config.javabeans.JBFieldDescriptor;
import opiam.admin.faare.exception.ConfigurationException;
import opiam.admin.faare.exception.PersistenceException;
import opiam.admin.faare.exception.ServiceException;
import opiam.admin.faare.persistence.PersistenceLDAP;
import opiam.admin.faare.persistence.javabeans.JBTop;
import opiam.admin.faare.service.UserContext;
import opiam.admin.faare.service.services.acl.AclPluginInterface;
import opiam.admin.faare.service.services.acl.beans.ResourcesTarget;
import org.apache.commons.beanutils.PropertyUtils;
import org.apache.commons.collections.CollectionUtils;
import org.apache.log4j.Logger;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
/**
* Profile ACL plugin.
*
* Users population defined by the profile.
* Targets defined by the resources.
*
* This class is a specification of the
* "opiam.admin.faare.service.services.acl.ProfileResourceAclPlugin" class.
*
*/
public class ProfileResourceAclPlugin implements AclPluginInterface
{
/** Instance of the logger. */
private static Logger _logger =
Logger.getLogger(ProfileResourceAclPlugin.class);
/** Creation action. */
private static final int ACTION_CREATE = 1;
/** Deletion action. */
private static final int ACTION_DELETE = 2;
/** Visualisation action. */
private static final int ACTION_VISUALIZE = 3;
/** Separator. */
public static final String SEPARATOR = ",";
/** Profile name key. */
public static final String PARAM_PROFILE_NAME_KEY = "profile_name";
/** Resource name key. */
public static final String PARAM_RESOURCE_NAME_KEY = "resource_name";
/** key = profile name, value = targets list (ResourcesTarget). */
private Map profileAclMap = new HashMap();
/**
* This method is called by the PropertiesManager at the initialization.
* Throws ConfigurationException (RuntimeException) if error occurs.
*
* @param acls The JBAcls object.
*
* @see opiam.admin.faare.service.services.acl.AclPluginInterface#initialize(JBAcls).
*
*/
public void initialize(JBAcls acls)
{
_logger.debug("----------- STARTING initialize");
Iterator iter = acls.getAclsMap().values().iterator();
List targets = null;
JBAcl target = null;
String profileName = null;
String resourceNames = null;
ResourcesTarget resourcesTarget = null;
while (iter.hasNext())
{
target = (JBAcl) iter.next();
profileName = target.getParam().getProperty(PARAM_PROFILE_NAME_KEY);
if (profileName == null)
{
throw new ConfigurationException(PARAM_PROFILE_NAME_KEY +
"empty, initialize error in ProfileResourceAclPlugin"
);
}
resourceNames =
target.getParam().getProperty(PARAM_RESOURCE_NAME_KEY);
if (resourceNames == null)
{
throw new ConfigurationException(PARAM_RESOURCE_NAME_KEY +
"empty, initialize error in ProfileResourceAclPlugin"
);
}
profileName = profileName.trim().toLowerCase();
targets = (List) profileAclMap.get(profileName);
resourcesTarget = new ResourcesTarget();
resourcesTarget.setTarget(target);
resourcesTarget.setResourcesList(getResourcesList(resourceNames));
if (targets == null)
{
// initialize the item in the Map
targets = new ArrayList();
targets.add(resourcesTarget);
profileAclMap.put(profileName, targets);
}
else
{
// just add the target to the list
targets.add(resourcesTarget);
}
}
}
/**
* Indicates if the given operation is allowed on the given object for the
* user which the context is given in argument.
* The given object is a LDAP Directory entry.
* The operation is one of the followings :
* - creation,
* - deletion,
* - visualisation.
*
* @param entry The object to check.
* @param userContext Context of the user.
* @param action The operation.
*
* @return True if the operation is allowed, false otherwise.
*
* @throws ServiceException if an error is occurs.
*/
private boolean isEnabled(JBTop entry, UserContext userContext, int action)
throws ServiceException
{
// Get the target definitions for the current profile
String key = userContext.getJbProfile().getName().trim().toLowerCase();
List targets = (List) profileAclMap.get(key);
if (targets == null)
{
// if profile not found, consider it disabled
_logger.info(key + " profile not found, has no rights");
return false;
}
// iterate on all targets
Iterator it = targets.iterator();
ResourcesTarget resourcesTarget = null;
while (it.hasNext())
{
resourcesTarget = (ResourcesTarget) it.next();
if (isInResources(entry, resourcesTarget, userContext))
{
_logger.debug("isEnabled ACL executed = " +
resourcesTarget.getTarget().getTargetname()
);
if (action == ACTION_CREATE)
{
return resourcesTarget.getTarget().canCreate();
}
if (action == ACTION_DELETE)
{
return resourcesTarget.getTarget().canDelete();
}
if (action == ACTION_VISUALIZE)
{
return resourcesTarget.getTarget().canVisualize();
}
}
}
// end while
return false;
}
/**
* Splits the resourcesName in list of resources names.
*
* @param resourcesName Name of the resources.
*
* @return The list of the resources names.
*/
private List getResourcesList(String resourcesName)
{
List result = new ArrayList();
StringTokenizer tok = new StringTokenizer(resourcesName, SEPARATOR);
while (tok.hasMoreTokens())
{
result.add(tok.nextToken().trim());
}
return result;
}
/**
* Indicates if the given object is in the resources of the user profile.
*
* @param entry The object to test.
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -