PolicyAuthorizer


1   /*
2    * Copyright  1999-2004 The Apache Software Foundation
3    *
4    *  Licensed under the Apache License, Version 2.0 (the "License");
5    *  you may not use this file except in compliance with the License.
6    *  You may obtain a copy of the License at
7    *
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    *
10   *  Unless required by applicable law or agreed to in writing, software
11   *  distributed under the License is distributed on an "AS IS" BASIS,
12   *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   *  See the License for the specific language governing permissions and
14   *  limitations under the License.
15   *
16   */
17  
18  package org.apache.lenya.ac.impl;
19  
20  import java.util.Arrays  ;
21  import java.util.Enumeration  ;
22  import java.util.List  ;
23  
24  import org.apache.avalon.framework.logger.AbstractLogEnabled;
25  import org.apache.cocoon.environment.Request;
26  import org.apache.cocoon.environment.Session;
27  import org.apache.lenya.ac.AccessControlException;
28  import org.apache.lenya.ac.AccreditableManager;
29  import org.apache.lenya.ac.Authorizer;
30  import org.apache.lenya.ac.Identity;
31  import org.apache.lenya.ac.Policy;
32  import org.apache.lenya.ac.PolicyManager;
33  import org.apache.lenya.ac.Role;
34  
35  /**
36   * Policy-based authorizer.
37   * @version $Id: PolicyAuthorizer.java 43241 2004-08-16 16:36:57Z andreas $
38   */
39  public class PolicyAuthorizer extends AbstractLogEnabled implements Authorizer {
40  
41      /**
42       * Returns the accreditable manager.
43       * @return An accreditable manager.
44       */
45      public AccreditableManager getAccreditableManager() {
46          return accreditableManager;
47      }
48  
49      /**
50       * Returns the policy manager.
51       * @return A policy manager.
52       */
53      public PolicyManager getPolicyManager() {
54          return policyManager;
55      }
56  
57      /**
58       * Creates a new policy authorizer.
59       */
60      public PolicyAuthorizer() {
61      }
62      
63      private PolicyManager policyManager;
64      
65      /**
66       * Sets the policy manager.
67       * @param manager A policy manager.
68       */
69      public void setPolicyManager(PolicyManager manager) {
70          assert manager != null;
71          policyManager = manager;
72      }
73      
74      private AccreditableManager accreditableManager;
75      
76      /**
77       * Sets the accreditable manager.
78       * @param manager An accreditable manager.
79       */
80      public void setAccreditableManager(AccreditableManager manager) {
81          assert manager != null;
82          accreditableManager = manager;
83      }
84  
85      /**
86       * @see org.apache.lenya.ac.Authorizer#authorize(org.apache.cocoon.environment.Request)
87       */
88      public boolean authorize(Request request)
89          throws AccessControlException {
90  
91          Session session = request.getSession(true);
92          Identity identity = (Identity) session.getAttribute(Identity.class.getName());
93  
94          if (getLogger().isDebugEnabled()) {
95              getLogger().debug("Trying to authorize identity: " + identity);
96          }
97  
98          boolean authorized;
99  
100         if (identity.belongsTo(getAccreditableManager())) {
101             authorized = authorizePolicy(identity, request);
102         } else {
103             getLogger().debug(
104                 "Identity ["
105                     + identity
106                     + "] not authorized - belongs to wrong accreditable manager.");
107             authorized = false;
108         }
109 
110         getLogger().debug("Authorized: " + authorized);
111 
112         return authorized;
113     }
114 
115     /**
116      * Authorizes an request for an identity depending on a policy.
117      * @param identity The identity to authorize.
118      * @param request The request to authorize.
119      * @return A boolean value.
120      * @throws AccessControlException when something went wrong.
121      */
122     protected boolean authorizePolicy(
123         Identity identity,
124         Request request)
125         throws AccessControlException {
126 
127         String   requestUri = request.getRequestURI();
128         String   context = request.getContextPath();
129 
130         if (context == null) {
131             context = "";
132         }
133 
134         String   url = requestUri.substring(context.length());
135 
136         Policy policy = getPolicyManager().getPolicy(getAccreditableManager(), url);
137         Role[] roles = policy.getRoles(identity);
138         saveRoles(request, roles);
139 
140         boolean authorized = roles.length > 0;
141         return authorized;
142     }
143 
144     /**
145      * Saves the roles of the current identity to the request.
146      * @param request The request.
147      * @param roles The roles.
148      */
149     protected void saveRoles(Request request, Role[] roles) {
150         String   rolesString = "";
151         for (int i = 0; i < roles.length; i++) {
152             rolesString += " " + roles[i];
153         }
154         getLogger().debug("Adding roles [" + rolesString + " ] to request [" + request + "]");
155         request.setAttribute(AbstractRole.class.getName(), Arrays.asList(roles));
156     }
157     
158     /**
159      * Fetches the stored roles from the request.
160      * @param request The request.
161      * @return A role array.
162      * @throws AccessControlException If the request does not contain the roles list.
163      */
164     public static Role[] getRoles(Request request) throws AccessControlException {
165         List   roleList = (List  ) request.getAttribute(AbstractRole.class.getName());
166 
167         if (roleList == null) {
168             String   message = "    URI: [" + request.getRequestURI() + "]\n";
169             for (Enumeration   e = request.getParameterNames(); e.hasMoreElements(); ) {
170                 String   key = (String  ) e.nextElement();
171                 message += "    Parameter: [" + key + "] = [" + request.getParameter(key) + "]\n";
172             }
173             
174             throw new AccessControlException("Request [" + request + "] does not contain roles: \n" + message);
175         }
176         
177         Role[] roles = (Role[]) roleList.toArray(new Role[roleList.size()]);
178         return roles;
179     }
180 
181 }
182
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags