📄 cmssecuritymanager.java
字号:
/*
* File : $Source: /usr/local/cvs/opencms/src/org/opencms/db/CmsSecurityManager.java,v $
* Date : $Date: 2006/03/27 14:52:26 $
* Version: $Revision: 1.97 $
*
* This library is part of OpenCms -
* the Open Source Content Mananagement System
*
* Copyright (c) 2005 Alkacon Software GmbH (http://www.alkacon.com)
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* For further information about Alkacon Software GmbH, please see the
* company website: http://www.alkacon.com
*
* For further information about OpenCms, please see the
* project website: http://www.opencms.org
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
package org.opencms.db;
import org.opencms.configuration.CmsConfigurationManager;
import org.opencms.configuration.CmsSystemConfiguration;
import org.opencms.file.CmsBackupProject;
import org.opencms.file.CmsBackupResource;
import org.opencms.file.CmsFile;
import org.opencms.file.CmsFolder;
import org.opencms.file.CmsGroup;
import org.opencms.file.CmsObject;
import org.opencms.file.CmsProject;
import org.opencms.file.CmsProperty;
import org.opencms.file.CmsPropertyDefinition;
import org.opencms.file.CmsRequestContext;
import org.opencms.file.CmsResource;
import org.opencms.file.CmsResourceFilter;
import org.opencms.file.CmsUser;
import org.opencms.file.CmsVfsException;
import org.opencms.file.CmsVfsResourceNotFoundException;
import org.opencms.file.types.CmsResourceTypeJsp;
import org.opencms.i18n.CmsMessageContainer;
import org.opencms.lock.CmsLock;
import org.opencms.lock.CmsLockException;
import org.opencms.main.CmsException;
import org.opencms.main.CmsInitException;
import org.opencms.main.CmsLog;
import org.opencms.main.CmsMultiException;
import org.opencms.main.OpenCms;
import org.opencms.report.I_CmsReport;
import org.opencms.security.CmsAccessControlEntry;
import org.opencms.security.CmsAccessControlList;
import org.opencms.security.CmsPermissionSet;
import org.opencms.security.CmsPermissionSetCustom;
import org.opencms.security.CmsPermissionViolationException;
import org.opencms.security.CmsRole;
import org.opencms.security.CmsRoleViolationException;
import org.opencms.security.CmsSecurityException;
import org.opencms.security.I_CmsPrincipal;
import org.opencms.util.CmsFileUtil;
import org.opencms.util.CmsStringUtil;
import org.opencms.util.CmsUUID;
import org.opencms.workflow.CmsTask;
import org.opencms.workflow.CmsTaskLog;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;
import org.apache.commons.collections.map.LRUMap;
import org.apache.commons.logging.Log;
/**
* The OpenCms security manager.<p>
*
* The security manager checks the permissions required for a user action invoke by the Cms object. If permissions
* are granted, the security manager invokes a method on the OpenCms driver manager to access the database.<p>
*
* @author Thomas Weckert
* @author Michael Moossen
*
* @since 6.0.0
*/
public final class CmsSecurityManager {
/** Indicates allowed permissions. */
public static final int PERM_ALLOWED = 0;
/** Indicates denied permissions. */
public static final int PERM_DENIED = 1;
/** Indicates a resource was filtered during permission check. */
public static final int PERM_FILTERED = 2;
/** Indicates a resource was not locked for a write / control operation. */
public static final int PERM_NOTLOCKED = 3;
/** The log object for this class. */
private static final Log LOG = CmsLog.getLog(CmsSecurityManager.class);
/** Indicates allowed permissions. */
private static final Integer PERM_ALLOWED_INTEGER = new Integer(PERM_ALLOWED);
/** Indicates denied permissions. */
private static final Integer PERM_DENIED_INTEGER = new Integer(PERM_DENIED);
/** The factory to create runtime info objects. */
protected I_CmsDbContextFactory m_dbContextFactory;
/** The initialized OpenCms driver manager to access the database. */
protected CmsDriverManager m_driverManager;
/** The class used for cache key generation. */
private I_CmsCacheKey m_keyGenerator;
/** Cache for permission checks. */
private Map m_permissionCache;
/**
* Default constructor.<p>
*/
private CmsSecurityManager() {
// intentionally left blank
}
/**
* Creates a new instance of the OpenCms security manager.<p>
*
* @param configurationManager the configuation manager
* @param runtimeInfoFactory the initialized OpenCms runtime info factory
*
* @return a new instance of the OpenCms security manager
*
* @throws CmsInitException if the securtiy manager could not be initialized
*/
public static CmsSecurityManager newInstance(
CmsConfigurationManager configurationManager,
I_CmsDbContextFactory runtimeInfoFactory) throws CmsInitException {
if (OpenCms.getRunLevel() > OpenCms.RUNLEVEL_2_INITIALIZING) {
// OpenCms is already initialized
throw new CmsInitException(org.opencms.main.Messages.get().container(
org.opencms.main.Messages.ERR_ALREADY_INITIALIZED_0));
}
CmsSecurityManager securityManager = new CmsSecurityManager();
securityManager.init(configurationManager, runtimeInfoFactory);
return securityManager;
}
/**
* Updates the state of the given task as accepted by the current user.<p>
*
* @param context the current request context
* @param taskId the Id of the task to accept
*
* @throws CmsException if something goes wrong
*/
public void acceptTask(CmsRequestContext context, int taskId) throws CmsException {
CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
try {
m_driverManager.acceptTask(dbc, taskId);
} catch (Exception e) {
dbc.report(null, Messages.get().container(Messages.ERR_ACCEPT_TASK_1, new Integer(taskId)), e);
} finally {
dbc.clear();
}
}
/**
* Adds a user to a group.<p>
*
* @param context the current request context
* @param username the name of the user that is to be added to the group
* @param groupname the name of the group
*
* @throws CmsException if operation was not succesfull
*/
public void addUserToGroup(CmsRequestContext context, String username, String groupname) throws CmsException {
CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
try {
checkRole(dbc, CmsRole.ACCOUNT_MANAGER);
m_driverManager.addUserToGroup(dbc, username, groupname);
} catch (Exception e) {
dbc.report(null, Messages.get().container(Messages.ERR_ADD_USER_GROUP_FAILED_2, username, groupname), e);
} finally {
dbc.clear();
}
}
/**
* Creates a new web user.<p>
*
* A web user has no access to the workplace but is able to access personalized
* functions controlled by the OpenCms.<br>
*
* Moreover, a web user can be created by any user, the intention being that
* a "Guest" user can create a personalized account for himself.<p>
*
* @param context the current request context
* @param name the new name for the user
* @param password the new password for the user
* @param group the default groupname for the user
* @param description the description for the user
* @param additionalInfos a <code>{@link Map}</code> with additional infos for the user
*
* @return the new user will be returned
*
* @throws CmsException if operation was not succesfull
*/
public CmsUser addWebUser(
CmsRequestContext context,
String name,
String password,
String group,
String description,
Map additionalInfos) throws CmsException {
CmsUser result = null;
CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
try {
result = m_driverManager.addWebUser(dbc, name, password, group, description, additionalInfos);
} catch (Exception e) {
dbc.report(null, Messages.get().container(Messages.ERR_ADD_USER_WEB_1, name), e);
} finally {
dbc.clear();
}
return result;
}
/**
* Adds a web user to the Cms.<p>
*
* A web user has no access to the workplace but is able to access personalized
* functions controlled by the OpenCms.<p>
*
* @param context the current request context
* @param name the new name for the user
* @param password the new password for the user
* @param group the default groupname for the user
* @param additionalGroup an additional group for the user
* @param description the description for the user
* @param additionalInfos a Hashtable with additional infos for the user, these infos may be stored into the Usertables (depending on the implementation)
*
* @return the new user will be returned
* @throws CmsException if operation was not succesfull
*/
public CmsUser addWebUser(
CmsRequestContext context,
String name,
String password,
String group,
String additionalGroup,
String description,
Map additionalInfos) throws CmsException {
CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
CmsUser result = null;
try {
result = m_driverManager.addWebUser(
dbc,
name,
password,
group,
additionalGroup,
description,
additionalInfos);
} catch (Exception e) {
dbc.report(null, Messages.get().container(Messages.ERR_ADD_USER_WEB_1, name), e);
} finally {
dbc.clear();
}
return result;
}
/**
* Creates a backup of the current project.<p>
*
* @param context the current request context
* @param tagId the version of the backup
* @param publishDate the date of publishing
*
* @throws CmsException if operation was not succesful
*/
public void backupProject(CmsRequestContext context, int tagId, long publishDate) throws CmsException {
CmsDbContext dbc = m_dbContextFactory.getDbContext(context);
try {
m_driverManager.backupProject(dbc, tagId, publishDate);
} catch (Exception e) {
dbc.report(null, Messages.get().container(
Messages.ERR_BACKUP_PROJECT_4,
new Object[] {
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -