]> git.aero2k.de Git - tmp/jakarta-migration.git/blob
projects / tmp / jakarta-migration.git / blob
? search:


103f7dd42210c53a961efe6aa33b3ff3c5078e5d
[tmp/jakarta-migration.git] /
1 /**
2  *  This document is a part of the source code and related artifacts
3  *  for CollectionSpace, an open source collections management system
4  *  for museums and related institutions:
5
6  *  http://www.collectionspace.org
7  *  http://wiki.collectionspace.org
8
9  *  Copyright 2009 University of California at Berkeley
10
11  *  Licensed under the Educational Community License (ECL), Version 2.0.
12  *  You may not use this file except in compliance with this License.
13
14  *  You may obtain a copy of the ECL 2.0 License at
15
16  *  https://source.collectionspace.org/collection-space/LICENSE.txt
17
18  *  Unless required by applicable law or agreed to in writing, software
19  *  distributed under the License is distributed on an "AS IS" BASIS,
20  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
21  *  See the License for the specific language governing permissions and
22  *  limitations under the License.
23  */
24 package org.collectionspace.services.authorization.importer;
25
26 import java.io.File;
27 import org.slf4j.Logger;
28 import org.slf4j.LoggerFactory;
29 import java.util.ArrayList;
30 import java.util.Date;
31 import java.util.Hashtable;
32 import java.util.List;
33 import java.util.UUID;
34 import javax.xml.bind.JAXBContext;
35 import javax.xml.bind.Marshaller;
36 import org.collectionspace.services.authorization.ActionType;
37 import org.collectionspace.services.authorization.Permission;
38 import org.collectionspace.services.authorization.EffectType;
39 import org.collectionspace.services.authorization.PermissionAction;
40 import org.collectionspace.services.authorization.PermissionRole;
41 import org.collectionspace.services.authorization.PermissionValue;
42 import org.collectionspace.services.authorization.PermissionsList;
43 import org.collectionspace.services.authorization.PermissionsRolesList;
44 import org.collectionspace.services.authorization.Role;
45 import org.collectionspace.services.authorization.RoleValue;
46 import org.collectionspace.services.authorization.RolesList;
47 import org.collectionspace.services.authorization.SubjectType;
48 import org.collectionspace.services.common.config.TenantBindingConfigReaderImpl;
49 import org.collectionspace.services.common.service.ServiceBindingType;
50 import org.collectionspace.services.common.tenant.TenantBindingType;
51 import org.collectionspace.services.common.security.SecurityUtils;
52
53 /**
54  * AuthorizationGen generates authorizations (permissions and roles)
55  * for tenant services
56  * @author 
57  */
58 public class AuthorizationGen {
59
60     final public static String ROLE_ADMINISTRATOR = "ROLE_ADMINISTRATOR";
61     final public static String ROLE_TENANT_ADMINISTRATOR = "ROLE_TENANT_ADMINISTRATOR";
62     final public static String ROLE_TENANT_READER = "ROLE_TENANT_READER";
63     final public static String ROLE_ADMINISTRATOR_ID = "0";
64     //
65     // ActionGroup labels/constants
66     //
67     final public static String ACTIONGROUP_CRUDL = "CRUDL";
68     final public static String ACTIONGROUP_RL = "RL";
69     
70     final Logger logger = LoggerFactory.getLogger(AuthorizationGen.class);
71     private List<Permission> adminPermList = new ArrayList<Permission>();
72     private List<PermissionRole> adminPermRoleList = new ArrayList<PermissionRole>();
73     private List<Permission> readerPermList = new ArrayList<Permission>();
74     private List<PermissionRole> readerPermRoleList = new ArrayList<PermissionRole>();
75     private List<Role> adminRoles = new ArrayList<Role>();
76     private List<Role> readerRoles = new ArrayList<Role>();
77     private Role cspaceAdminRole;
78     private Hashtable<String, TenantBindingType> tenantBindings =
79             new Hashtable<String, TenantBindingType>();
80
81     public void initialize(String tenantBindingFileName) throws Exception {
82         TenantBindingConfigReaderImpl tenantBindingConfigReader =
83                 new TenantBindingConfigReaderImpl(null);
84         tenantBindingConfigReader.read(tenantBindingFileName);
85         tenantBindings = tenantBindingConfigReader.getTenantBindings();
86         cspaceAdminRole = buildCSpaceAdminRole();
87
88         if (logger.isDebugEnabled()) {
89             logger.debug("initialized with tenant bindings from " + tenantBindingFileName);
90         }
91     }
92
93     /**
94      * createDefaultPermissions creates default admin and reader permissions
95      * for each tenant found in the given tenant binding file
96      * @see initialize
97      * @return
98      */
99     public void createDefaultPermissions() {
100         for (String tenantId : tenantBindings.keySet()) {
101             List<Permission> adminPerms = createDefaultAdminPermissions(tenantId);
102             adminPermList.addAll(adminPerms);
103
104             List<Permission> readerPerms = createDefaultReaderPermissions(tenantId);
105             readerPermList.addAll(readerPerms);
106         }
107     }
108
109     /**
110      * createDefaultAdminPermissions creates default admin permissions for all services
111      * used by the given tenant
112      * @param tenantId
113      * @return
114      */
115     public List<Permission> createDefaultAdminPermissions(String tenantId) {
116         ArrayList<Permission> apcList = new ArrayList<Permission>();
117         TenantBindingType tbinding = tenantBindings.get(tenantId);
118         for (ServiceBindingType sbinding : tbinding.getServiceBindings()) {
119
120             //add permissions for the main path
121                 String resourceName = sbinding.getName().toLowerCase().trim();
122                 if (SecurityUtils.isEntityProxy() == true) {
123                         resourceName = SecurityUtils.getResourceEntity(resourceName);
124                 }
125             Permission perm = buildAdminPermission(tbinding.getId(),
126                     resourceName);
127             apcList.add(perm);
128
129             //add permissions for alternate paths
130             if (SecurityUtils.isEntityProxy() == false) {
131                     List<String> uriPaths = sbinding.getUriPath();
132                     for (String uriPath : uriPaths) {
133                         perm = buildAdminPermission(tbinding.getId(),
134                                 uriPath.toLowerCase());
135                         apcList.add(perm);
136                     }
137             }
138         }
139         
140         return apcList;
141     }
142
143     private Permission buildAdminPermission(String tenantId, String resourceName) {
144         String id = UUID.randomUUID().toString();
145         Permission perm = new Permission();
146         perm.setCsid(id);
147         perm.setDescription("generated admin permission");
148         perm.setCreatedAtItem(new Date());
149         perm.setResourceName(resourceName.toLowerCase().trim());
150         perm.setEffect(EffectType.PERMIT);
151         perm.setTenantId(tenantId);
152         
153         perm.setActionGroup(ACTIONGROUP_CRUDL);
154         ArrayList<PermissionAction> pas = new ArrayList<PermissionAction>();
155         perm.setActions(pas);
156
157         PermissionAction pa = new PermissionAction();
158         pa.setName(ActionType.CREATE);
159         pas.add(pa);
160         PermissionAction pa1 = new PermissionAction();
161         pa1.setName(ActionType.READ);
162         pas.add(pa1);
163         PermissionAction pa2 = new PermissionAction();
164         pa2.setName(ActionType.UPDATE);
165         pas.add(pa2);
166         PermissionAction pa3 = new PermissionAction();
167         pa3.setName(ActionType.DELETE);
168         pas.add(pa3);
169         PermissionAction pa4 = new PermissionAction();
170         pa4.setName(ActionType.SEARCH);
171         pas.add(pa4);
172         
173         return perm;
174     }
175
176     /**
177      * createDefaultReaderPermissions creates read only permissions for all services
178      * used by the given tenant
179      * @param tenantId
180      * @return
181      */
182     public List<Permission> createDefaultReaderPermissions(String tenantId) {
183         ArrayList<Permission> apcList = new ArrayList<Permission>();
184         TenantBindingType tbinding = tenantBindings.get(tenantId);
185         for (ServiceBindingType sbinding : tbinding.getServiceBindings()) {
186             //add permissions for the main path
187                 String resourceName = sbinding.getName().toLowerCase().trim();
188                 if (SecurityUtils.isEntityProxy() == true) {
189                         resourceName = SecurityUtils.getResourceEntity(resourceName);
190                 }               
191             Permission perm = buildReaderPermission(tbinding.getId(),
192                     resourceName);
193             apcList.add(perm);
194
195             //add permissions for alternate paths
196             if (SecurityUtils.isEntityProxy() == false) {
197                     List<String> uriPaths = sbinding.getUriPath();
198                     for (String uriPath : uriPaths) {
199                         perm = buildReaderPermission(tbinding.getId(),
200                                 uriPath.toLowerCase());
201                         apcList.add(perm);
202                     }
203             }
204         }
205         return apcList;
206
207     }
208
209     private Permission buildReaderPermission(String tenantId, String resourceName) {
210         String id = UUID.randomUUID().toString();
211         Permission perm = new Permission();
212         perm.setCsid(id);
213         perm.setCreatedAtItem(new Date());
214         perm.setDescription("generated readonly permission");
215         perm.setResourceName(resourceName.toLowerCase().trim());
216         perm.setEffect(EffectType.PERMIT);
217         perm.setTenantId(tenantId);
218         
219         perm.setActionGroup(ACTIONGROUP_RL);
220         ArrayList<PermissionAction> pas = new ArrayList<PermissionAction>();
221         perm.setActions(pas);
222
223         PermissionAction pa1 = new PermissionAction();
224         pa1.setName(ActionType.READ);
225         pas.add(pa1);
226
227         PermissionAction pa4 = new PermissionAction();
228         pa4.setName(ActionType.SEARCH);
229         pas.add(pa4);
230         return perm;
231     }
232
233     public List<Permission> getDefaultPermissions() {
234         List<Permission> allPermList = new ArrayList<Permission>();
235         allPermList.addAll(adminPermList);
236         allPermList.addAll(readerPermList);
237         return allPermList;
238     }
239
240     public List<Permission> getDefaultAdminPermissions() {
241         return adminPermList;
242     }
243
244     public List<Permission> getDefaultReaderPermissions() {
245         return readerPermList;
246     }
247
248     /**
249      * createDefaultRoles creates default admin and reader roles
250      * for each tenant found in the given tenant binding file
251      */
252     public void createDefaultRoles() {
253         for (String tenantId : tenantBindings.keySet()) {
254
255             Role arole = buildTenantAdminRole(tenantId);
256             adminRoles.add(arole);
257
258             Role rrole = buildTenantReaderRole(tenantId);
259             readerRoles.add(rrole);
260
261         }
262     }
263
264     private Role buildTenantAdminRole(String tenantId) {
265         Role role = new Role();
266         role.setCreatedAtItem(new Date());
267         role.setRoleName(ROLE_TENANT_ADMINISTRATOR);
268         String id = UUID.randomUUID().toString();
269         role.setCsid(id);
270         role.setDescription("generated tenant admin role");
271         role.setTenantId(tenantId);
272         return role;
273     }
274
275     private Role buildTenantReaderRole(String tenantId) {
276         Role role = new Role();
277         role.setCreatedAtItem(new Date());
278         role.setRoleName(ROLE_TENANT_READER);
279         String id = UUID.randomUUID().toString();
280         role.setCsid(id);
281         role.setDescription("generated tenant read only role");
282         role.setTenantId(tenantId);
283         return role;
284     }
285
286     public List<Role> getDefaultRoles() {
287         List<Role> allRoleList = new ArrayList<Role>();
288         allRoleList.addAll(adminRoles);
289         allRoleList.addAll(readerRoles);
290         return allRoleList;
291     }
292
293     public void associateDefaultPermissionsRoles() {
294         List<Role> roles = new ArrayList<Role>();
295         roles.add(cspaceAdminRole);
296         for (Permission p : adminPermList) {
297             PermissionRole permAdmRole = associatePermissionRoles(p, adminRoles);
298             adminPermRoleList.add(permAdmRole);
299
300             //CSpace Administrator has all access
301             PermissionRole permCAdmRole = associatePermissionRoles(p, roles);
302             adminPermRoleList.add(permCAdmRole);
303         }
304
305         for (Permission p : readerPermList) {
306             PermissionRole permRdrRole = associatePermissionRoles(p, readerRoles);
307             readerPermRoleList.add(permRdrRole);
308         }
309     }
310
311     public List<PermissionRole> associatePermissionsRoles(List<Permission> perms, List<Role> roles) {
312         List<PermissionRole> permRoles = new ArrayList<PermissionRole>();
313         for (Permission perm : perms) {
314             PermissionRole permRole = associatePermissionRoles(perm, roles);
315             permRoles.add(permRole);
316         }
317         return permRoles;
318     }
319
320     private PermissionRole associatePermissionRoles(Permission perm,
321             List<Role> roles) {
322
323         PermissionRole pr = new PermissionRole();
324         pr.setSubject(SubjectType.ROLE);
325         List<PermissionValue> permValues = new ArrayList<PermissionValue>();
326         pr.setPermissions(permValues);
327         PermissionValue permValue = new PermissionValue();
328         permValue.setPermissionId(perm.getCsid());
329         permValue.setResourceName(perm.getResourceName().toLowerCase());
330         permValues.add(permValue);
331
332         List<RoleValue> roleValues = new ArrayList<RoleValue>();
333         for (Role role : roles) {
334             RoleValue rv = new RoleValue();
335             rv.setRoleName(role.getRoleName().toUpperCase());
336             rv.setRoleId(role.getCsid());
337             roleValues.add(rv);
338         }
339         pr.setRoles(roleValues);
340
341         return pr;
342     }
343
344     public List<PermissionRole> getDefaultPermissionRoles() {
345         List<PermissionRole> allPermRoleList = new ArrayList<PermissionRole>();
346         allPermRoleList.addAll(adminPermRoleList);
347         allPermRoleList.addAll(readerPermRoleList);
348         return allPermRoleList;
349     }
350
351     public List<PermissionRole> getDefaultAdminPermissionRoles() {
352         return adminPermRoleList;
353     }
354
355     public List<PermissionRole> getDefaultReaderPermissionRoles() {
356         return readerPermRoleList;
357     }
358
359     private Role buildCSpaceAdminRole() {
360         Role role = new Role();
361         role.setRoleName(ROLE_ADMINISTRATOR);
362         role.setCsid(ROLE_ADMINISTRATOR_ID);
363         return role;
364     }
365
366     public void exportDefaultRoles(String fileName) {
367         RolesList rList = new RolesList();
368         List<Role> allRoleList = new ArrayList<Role>();
369         allRoleList.addAll(adminRoles);
370         allRoleList.addAll(readerRoles);
371         rList.setRoles(allRoleList);
372         toFile(rList, RolesList.class,
373                 fileName);
374         if (logger.isDebugEnabled()) {
375             logger.debug("exported roles to " + fileName);
376         }
377     }
378
379     public void exportDefaultPermissions(String fileName) {
380         PermissionsList pcList = new PermissionsList();
381         List<Permission> allPermList = new ArrayList<Permission>();
382         allPermList.addAll(adminPermList);
383         allPermList.addAll(readerPermList);
384         pcList.setPermissions(allPermList);
385         toFile(pcList, PermissionsList.class,
386                 fileName);
387         if (logger.isDebugEnabled()) {
388             logger.debug("exported permissions to " + fileName);
389         }
390     }
391
392     public void exportDefaultPermissionRoles(String fileName) {
393         PermissionsRolesList psrsl = new PermissionsRolesList();
394         List<PermissionRole> allPermRoleList = new ArrayList<PermissionRole>();
395         allPermRoleList.addAll(adminPermRoleList);
396         allPermRoleList.addAll(readerPermRoleList);
397         psrsl.setPermissionRoles(allPermRoleList);
398         toFile(psrsl, PermissionsRolesList.class,
399                 fileName);
400         if (logger.isDebugEnabled()) {
401             logger.debug("exported permissions-roles to " + fileName);
402         }
403     }
404
405     private void toFile(Object o, Class jaxbClass, String fileName) {
406         File f = new File(fileName);
407         try {
408             JAXBContext jc = JAXBContext.newInstance(jaxbClass);
409             Marshaller m = jc.createMarshaller();
410             m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT,
411                     Boolean.TRUE);
412             m.marshal(o, f);
413         } catch (Exception e) {
414             e.printStackTrace();
415         }
416     }
417 }