rolemanager.java

一个很好的开源项目管理系统源代码

package net.java.workeffort.webapp.security;

import java.util.HashMap;
import java.util.List;
import java.util.Map;

import net.java.workeffort.infrastructure.security.ISecurityProfile;
import net.java.workeffort.service.IRoleManagerService;
import net.java.workeffort.service.domain.PartyRole;
import net.java.workeffort.service.domain.RolePermission;
import net.java.workeffort.service.security.IAuthenticationManager;
import net.java.workeffort.service.support.InvalidPartyException;
import net.java.workeffort.service.support.InvalidPasswordException;

import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.Validate;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/**
 * Role manager for the application. Initialize() (which loads application wide
 * roles and permissions) has to be invoked before this role manager can be
 * used. In this application it is invoked from a servlet context listener
 * @author Antony Joseph
 */
public class RoleManager {
    private static final Log logger = LogFactory.getLog(RoleManager.class);
    private static final String DELIM = "|";

    private IRoleManagerService roleManagerService;
    private IAuthenticationManager authenticationManager;
    private Map rolePermissionMap;

    /**
     * Load all application roles and their permissions
     */
    public void initialize() {
        rolePermissionMap = roleManagerService.getAllRolePermissions();
    }

    /**
     * Authenticates the user first using <code>AuthenticationManager</code>
     * and then gets the users permissions.
     * @param securityProfile
     * @return List of maps {String:targetCd|operationCd, String:conditional}
     * @throws InvalidPartyException
     * @throws InvalidPasswordException
     */
    public Map getPartyPermissions(ISecurityProfile securityProfile)
            throws InvalidPartyException, InvalidPasswordException {

        authenticationManager.authenticate(securityProfile);
        // TONY TEST.
        if (rolePermissionMap == null)
            return new HashMap();
        Validate
                .notNull("rolePermissionMap",
                        "initialize() has to be invoked before this role manager can be used");

        Map partyPermissions = new HashMap();

        // query gets a list of PartyRole
        List roles = roleManagerService.getListPartyRoles(securityProfile
                .getPartyCd());

        for (int i = 0; i < roles.size(); i++) {
            if (logger.isInfoEnabled())
                logger.info("Processing role " + roles.get(i));

            String roleCd = ((PartyRole) roles.get(i)).getRoleCd();
            List permissions = (List) rolePermissionMap.get(roleCd);
            if (roleCd == null)
                throw new IllegalStateException(
                        "Could not find permissions for  role " + roleCd
                                + " in system");

            for (int j = 0; j < permissions.size(); j++) {
                RolePermission permission = (RolePermission) permissions.get(j);

                // Operations for which access is conditional will have
                // format: *:conditional. For these set the value in the map to
                // "Y". For all others set value to null. This is used to check
                // for conditional access.
                StringBuffer key = new StringBuffer(100);
                if (StringUtils.contains(permission.getOperationCd(),
                        ":conditional")) {
                    key.append(permission.getTargetCd());
                    key.append(DELIM);
                    key.append(StringUtils.substringBefore(permission
                            .getOperationCd(), ":conditional"));

                    // there could be cases where user has normal permissions
                    // as well as conditional permission. If this is the case
                    // the user should have the higher permission (ie normal
                    // permission).
                    if (!partyPermissions.containsKey(key.toString()))
                        partyPermissions.put(key.toString(), "Y");
                }
                else {
                    key.append(permission.getTargetCd());
                    key.append(DELIM);
                    key.append(permission.getOperationCd());
                    partyPermissions.put(key.toString(), null);
                }
            }
        }
        
        // Every one needs access to these.
        partyPermissions.put("/welcome.do" + DELIM + "ACCESS", null);
        return partyPermissions;
    }

    /**
     * @return Returns the roleManagerService.
     */
    public IRoleManagerService getRoleManagerService() {
        return roleManagerService;
    }

    /**
     * @param roleManagerService The roleManagerService to set. IOC
     */
    public void setRoleManagerService(IRoleManagerService roleManagerService) {
        this.roleManagerService = roleManagerService;
    }

    /**
     * @return Returns the authenticationManager.
     */
    public IAuthenticationManager getAuthenticationManager() {
        return authenticationManager;
    }

    /**
     * @param authenticationManager The authenticationManager to set.IOC
     */
    public void setAuthenticationManager(
            IAuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }
}