]> git.aero2k.de Git - tmp/jakarta-migration.git/blob
projects / tmp / jakarta-migration.git / blob
? search:


450b0f3c0f53fa053ed74e2dc116f6be1ccc01e9
[tmp/jakarta-migration.git] /
1 /**
2  *  This document is a part of the source code and related artifacts
3  *  for CollectionSpace, an open source collections management system
4  *  for museums and related institutions:
5
6  *  http://www.collectionspace.org
7  *  http://wiki.collectionspace.org
8
9  *  Copyright 2009 University of California at Berkeley
10
11  *  Licensed under the Educational Community License (ECL), Version 2.0.
12  *  You may not use this file except in compliance with this License.
13
14  *  You may obtain a copy of the ECL 2.0 License at
15
16  *  https://source.collectionspace.org/collection-space/LICENSE.txt
17
18  *  Unless required by applicable law or agreed to in writing, software
19  *  distributed under the License is distributed on an "AS IS" BASIS,
20  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
21  *  See the License for the specific language governing permissions and
22  *  limitations under the License.
23  */
24 package org.collectionspace.services.authorization.importer;
25
26 import java.io.File;
27 import org.slf4j.Logger;
28 import org.slf4j.LoggerFactory;
29 import java.util.ArrayList;
30 import java.util.Date;
31 import java.util.Hashtable;
32 import java.util.List;
33 import java.util.UUID;
34 import javax.xml.bind.JAXBContext;
35 import javax.xml.bind.Marshaller;
36 import org.collectionspace.services.authorization.ActionType;
37 import org.collectionspace.services.authorization.Permission;
38 import org.collectionspace.services.authorization.EffectType;
39 import org.collectionspace.services.authorization.PermissionAction;
40 import org.collectionspace.services.authorization.PermissionActionUtil;
41 import org.collectionspace.services.authorization.PermissionRole;
42 import org.collectionspace.services.authorization.PermissionValue;
43 import org.collectionspace.services.authorization.PermissionsList;
44 import org.collectionspace.services.authorization.PermissionsRolesList;
45 import org.collectionspace.services.authorization.Role;
46 import org.collectionspace.services.authorization.RoleValue;
47 import org.collectionspace.services.authorization.RolesList;
48 import org.collectionspace.services.authorization.SubjectType;
49 import org.collectionspace.services.common.config.TenantBindingConfigReaderImpl;
50 import org.collectionspace.services.common.service.ServiceBindingType;
51 import org.collectionspace.services.common.tenant.TenantBindingType;
52 import org.collectionspace.services.common.security.SecurityUtils;
53
54 /**
55  * AuthorizationGen generates authorizations (permissions and roles)
56  * for tenant services
57  * @author 
58  */
59 public class AuthorizationGen {
60
61         final public static String ROLE_PREFIX = "ROLE_";
62     final public static String ROLE_ADMINISTRATOR = "ADMINISTRATOR";
63     final public static String ROLE_TENANT_ADMINISTRATOR = "TENANT_ADMINISTRATOR";
64     final public static String ROLE_TENANT_READER = "TENANT_READER";
65     final public static String ROLE_ADMINISTRATOR_ID = "0";
66     //
67     // ActionGroup labels/constants
68     //
69     final public static String ACTIONGROUP_CRUDL = "CRUDL";
70     final public static String ACTIONGROUP_RL = "RL";
71     
72     final Logger logger = LoggerFactory.getLogger(AuthorizationGen.class);
73     private List<Permission> adminPermList = new ArrayList<Permission>();
74     private List<PermissionRole> adminPermRoleList = new ArrayList<PermissionRole>();
75     private List<Permission> readerPermList = new ArrayList<Permission>();
76     private List<PermissionRole> readerPermRoleList = new ArrayList<PermissionRole>();
77     private List<Role> adminRoles = new ArrayList<Role>();
78     private List<Role> readerRoles = new ArrayList<Role>();
79     private Role cspaceAdminRole;
80     private Hashtable<String, TenantBindingType> tenantBindings =
81             new Hashtable<String, TenantBindingType>();
82
83     public void initialize(String tenantRootDirPath) throws Exception {
84         TenantBindingConfigReaderImpl tenantBindingConfigReader =
85                 new TenantBindingConfigReaderImpl(tenantRootDirPath);
86         tenantBindingConfigReader.read();
87         tenantBindings = tenantBindingConfigReader.getTenantBindings();
88         cspaceAdminRole = buildCSpaceAdminRole();
89
90         if (logger.isDebugEnabled()) {
91             logger.debug("initialized with tenant bindings from " + tenantRootDirPath);
92         }
93     }
94
95     /**
96      * createDefaultPermissions creates default admin and reader permissions
97      * for each tenant found in the given tenant binding file
98      * @see initialize
99      * @return
100      */
101     public void createDefaultPermissions() {
102         for (String tenantId : tenantBindings.keySet()) {
103             List<Permission> adminPerms = createDefaultAdminPermissions(tenantId);
104             adminPermList.addAll(adminPerms);
105
106             List<Permission> readerPerms = createDefaultReaderPermissions(tenantId);
107             readerPermList.addAll(readerPerms);
108         }
109     }
110
111     /**
112      * createDefaultAdminPermissions creates default admin permissions for all services
113      * used by the given tenant
114      * @param tenantId
115      * @return
116      */
117     public List<Permission> createDefaultAdminPermissions(String tenantId) {
118         ArrayList<Permission> apcList = new ArrayList<Permission>();
119         TenantBindingType tbinding = tenantBindings.get(tenantId);
120         for (ServiceBindingType sbinding : tbinding.getServiceBindings()) {
121
122             //add permissions for the main path
123                 String resourceName = sbinding.getName().toLowerCase().trim();
124                 if (SecurityUtils.isEntityProxy() == true) {
125                         resourceName = SecurityUtils.getResourceEntity(resourceName);
126                 }
127             Permission perm = buildAdminPermission(tbinding.getId(),
128                     resourceName);
129             apcList.add(perm);
130
131             //add permissions for alternate paths
132             if (SecurityUtils.isEntityProxy() == false) {
133                     List<String> uriPaths = sbinding.getUriPath();
134                     for (String uriPath : uriPaths) {
135                         perm = buildAdminPermission(tbinding.getId(),
136                                 uriPath.toLowerCase());
137                         apcList.add(perm);
138                     }
139             }
140         }
141         
142         return apcList;
143     }
144
145     private Permission buildAdminPermission(String tenantId, String resourceName) {
146         String id = UUID.randomUUID().toString();
147         Permission perm = new Permission();
148         perm.setCsid(id);
149         perm.setDescription("generated admin permission");
150         perm.setCreatedAtItem(new Date());
151         perm.setResourceName(resourceName.toLowerCase().trim());
152         perm.setEffect(EffectType.PERMIT);
153         perm.setTenantId(tenantId);
154         
155         perm.setActionGroup(ACTIONGROUP_CRUDL);
156         ArrayList<PermissionAction> pas = new ArrayList<PermissionAction>();
157         perm.setActions(pas);
158
159         PermissionAction permAction = PermissionActionUtil.create(perm, ActionType.CREATE);
160         pas.add(permAction);
161         
162         permAction = PermissionActionUtil.create(perm, ActionType.READ);
163         pas.add(permAction);
164         
165         permAction = PermissionActionUtil.create(perm, ActionType.UPDATE);
166         pas.add(permAction);
167         
168         permAction = PermissionActionUtil.create(perm, ActionType.DELETE);
169         pas.add(permAction);
170         
171         permAction = PermissionActionUtil.create(perm, ActionType.SEARCH);
172         pas.add(permAction);
173         
174         return perm;
175     }
176
177     /**
178      * createDefaultReaderPermissions creates read only permissions for all services
179      * used by the given tenant
180      * @param tenantId
181      * @return
182      */
183     public List<Permission> createDefaultReaderPermissions(String tenantId) {
184         ArrayList<Permission> apcList = new ArrayList<Permission>();
185         TenantBindingType tbinding = tenantBindings.get(tenantId);
186         for (ServiceBindingType sbinding : tbinding.getServiceBindings()) {
187             //add permissions for the main path
188                 String resourceName = sbinding.getName().toLowerCase().trim();
189                 if (SecurityUtils.isEntityProxy() == true) {
190                         resourceName = SecurityUtils.getResourceEntity(resourceName);
191                 }               
192             Permission perm = buildReaderPermission(tbinding.getId(),
193                     resourceName);
194             apcList.add(perm);
195
196             //add permissions for alternate paths
197             if (SecurityUtils.isEntityProxy() == false) {
198                     List<String> uriPaths = sbinding.getUriPath();
199                     for (String uriPath : uriPaths) {
200                         perm = buildReaderPermission(tbinding.getId(),
201                                 uriPath.toLowerCase());
202                         apcList.add(perm);
203                     }
204             }
205         }
206         return apcList;
207
208     }
209
210     private Permission buildReaderPermission(String tenantId, String resourceName) {
211         String id = UUID.randomUUID().toString();
212         Permission perm = new Permission();
213         perm.setCsid(id);
214         perm.setCreatedAtItem(new Date());
215         perm.setDescription("generated readonly permission");
216         perm.setResourceName(resourceName.toLowerCase().trim());
217         perm.setEffect(EffectType.PERMIT);
218         perm.setTenantId(tenantId);
219         
220         perm.setActionGroup(ACTIONGROUP_RL);
221         ArrayList<PermissionAction> pas = new ArrayList<PermissionAction>();
222         perm.setActions(pas);
223
224         PermissionAction permAction = PermissionActionUtil.create(perm, ActionType.READ);
225         pas.add(permAction);
226
227         permAction = PermissionActionUtil.create(perm, ActionType.SEARCH);
228         pas.add(permAction);
229
230         return perm;
231     }
232
233     public List<Permission> getDefaultPermissions() {
234         List<Permission> allPermList = new ArrayList<Permission>();
235         allPermList.addAll(adminPermList);
236         allPermList.addAll(readerPermList);
237         return allPermList;
238     }
239
240     public List<Permission> getDefaultAdminPermissions() {
241         return adminPermList;
242     }
243
244     public List<Permission> getDefaultReaderPermissions() {
245         return readerPermList;
246     }
247
248     /**
249      * createDefaultRoles creates default admin and reader roles
250      * for each tenant found in the given tenant binding file
251      */
252     public void createDefaultRoles() {
253         for (String tenantId : tenantBindings.keySet()) {
254
255             Role arole = buildTenantAdminRole(tenantId);
256             adminRoles.add(arole);
257
258             Role rrole = buildTenantReaderRole(tenantId);
259             readerRoles.add(rrole);
260         }
261     }
262
263     private Role buildTenantAdminRole(String tenantId) {
264         Role role = new Role();
265         role.setCreatedAtItem(new Date());
266         role.setDisplayName(ROLE_TENANT_ADMINISTRATOR);
267         role.setRoleName(ROLE_PREFIX +
268                         tenantId + "_" +
269                         role.getDisplayName());
270
271         String id = UUID.randomUUID().toString();
272         role.setCsid(id);
273         role.setDescription("generated tenant admin role");
274         role.setTenantId(tenantId);
275         return role;
276     }
277
278     private Role buildTenantReaderRole(String tenantId) {
279         Role role = new Role();
280         role.setCreatedAtItem(new Date());
281         role.setDisplayName(ROLE_TENANT_READER);
282         role.setRoleName(ROLE_PREFIX +
283                         tenantId + "_" +
284                         role.getDisplayName());
285         String id = UUID.randomUUID().toString();
286         role.setCsid(id);
287         role.setDescription("generated tenant read only role");
288         role.setTenantId(tenantId);
289         return role;
290     }
291
292     public List<Role> getDefaultRoles() {
293         List<Role> allRoleList = new ArrayList<Role>();
294         allRoleList.addAll(adminRoles);
295         allRoleList.addAll(readerRoles);
296         return allRoleList;
297     }
298
299     public void associateDefaultPermissionsRoles() {
300         for (Permission p : adminPermList) {
301             PermissionRole permAdmRole = associatePermissionRoles(p, adminRoles);
302             adminPermRoleList.add(permAdmRole);
303         }
304
305         for (Permission p : readerPermList) {
306             PermissionRole permRdrRole = associatePermissionRoles(p, readerRoles);
307             readerPermRoleList.add(permRdrRole);
308         }
309         
310         //CSpace Administrator has all access
311         List<Role> roles = new ArrayList<Role>();
312         roles.add(cspaceAdminRole);
313         for (Permission p : adminPermList) {
314             PermissionRole permCAdmRole = associatePermissionRoles(p, roles);
315             adminPermRoleList.add(permCAdmRole);
316         }        
317     }
318
319     public List<PermissionRole> associatePermissionsRoles(List<Permission> perms, List<Role> roles) {
320         List<PermissionRole> permRoles = new ArrayList<PermissionRole>();
321         for (Permission perm : perms) {
322             PermissionRole permRole = associatePermissionRoles(perm, roles);
323             permRoles.add(permRole);
324         }
325         return permRoles;
326     }
327
328     private PermissionRole associatePermissionRoles(Permission perm,
329             List<Role> roles) {
330
331         PermissionRole pr = new PermissionRole();
332         pr.setSubject(SubjectType.ROLE);
333         List<PermissionValue> permValues = new ArrayList<PermissionValue>();
334         pr.setPermissions(permValues);
335         PermissionValue permValue = new PermissionValue();
336         permValue.setPermissionId(perm.getCsid());
337         permValue.setResourceName(perm.getResourceName().toLowerCase());
338         permValue.setActionGroup(perm.getActionGroup());
339         permValues.add(permValue);
340
341         List<RoleValue> roleValues = new ArrayList<RoleValue>();
342         for (Role role : roles) {
343             RoleValue rv = new RoleValue();
344             // This needs to use the qualified name, not the display name
345             rv.setRoleName(role.getRoleName().toUpperCase());
346             rv.setRoleId(role.getCsid());
347             roleValues.add(rv);
348         }
349         pr.setRoles(roleValues);
350
351         return pr;
352     }
353
354     public List<PermissionRole> getDefaultPermissionRoles() {
355         List<PermissionRole> allPermRoleList = new ArrayList<PermissionRole>();
356         allPermRoleList.addAll(adminPermRoleList);
357         allPermRoleList.addAll(readerPermRoleList);
358         return allPermRoleList;
359     }
360
361     public List<PermissionRole> getDefaultAdminPermissionRoles() {
362         return adminPermRoleList;
363     }
364
365     public List<PermissionRole> getDefaultReaderPermissionRoles() {
366         return readerPermRoleList;
367     }
368
369     private Role buildCSpaceAdminRole() {
370         Role role = new Role();
371         role.setDisplayName(ROLE_ADMINISTRATOR);
372         role.setRoleName(ROLE_PREFIX + role.getDisplayName());
373         role.setCsid(ROLE_ADMINISTRATOR_ID);
374         return role;
375     }
376
377     public void exportDefaultRoles(String fileName) {
378         RolesList rList = new RolesList();
379         List<Role> allRoleList = new ArrayList<Role>();
380         allRoleList.addAll(adminRoles);
381         allRoleList.addAll(readerRoles);
382         rList.setRoles(allRoleList);
383         toFile(rList, RolesList.class,
384                 fileName);
385         if (logger.isDebugEnabled()) {
386             logger.debug("exported roles to " + fileName);
387         }
388     }
389
390     public void exportDefaultPermissions(String fileName) {
391         PermissionsList pcList = new PermissionsList();
392         List<Permission> allPermList = new ArrayList<Permission>();
393         allPermList.addAll(adminPermList);
394         allPermList.addAll(readerPermList);
395         pcList.setPermissions(allPermList);
396         toFile(pcList, PermissionsList.class,
397                 fileName);
398         if (logger.isDebugEnabled()) {
399             logger.debug("exported permissions to " + fileName);
400         }
401     }
402
403     public void exportDefaultPermissionRoles(String fileName) {
404         PermissionsRolesList psrsl = new PermissionsRolesList();
405         List<PermissionRole> allPermRoleList = new ArrayList<PermissionRole>();
406         allPermRoleList.addAll(adminPermRoleList);
407         allPermRoleList.addAll(readerPermRoleList);
408         psrsl.setPermissionRoles(allPermRoleList);
409         toFile(psrsl, PermissionsRolesList.class,
410                 fileName);
411         if (logger.isDebugEnabled()) {
412             logger.debug("exported permissions-roles to " + fileName);
413         }
414     }
415
416     private void toFile(Object o, Class jaxbClass, String fileName) {
417         File f = new File(fileName);
418         try {
419             JAXBContext jc = JAXBContext.newInstance(jaxbClass);
420             Marshaller m = jc.createMarshaller();
421             m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT,
422                     Boolean.TRUE);
423             m.marshal(o, f);
424         } catch (Exception e) {
425             e.printStackTrace();
426         }
427     }
428 }