git.aero2k.de Git - tmp/jakarta-migration.git/blob

   1 /**
   2  *  This document is a part of the source code and related artifacts
   3  *  for CollectionSpace, an open source collections management system
   4  *  for museums and related institutions:
   5
   6  *  http://www.collectionspace.org
   7  *  http://wiki.collectionspace.org
   8
   9  *  Copyright 2009 University of California at Berkeley
  10
  11  *  Licensed under the Educational Community License (ECL), Version 2.0.
  12  *  You may not use this file except in compliance with this License.
  13
  14  *  You may obtain a copy of the ECL 2.0 License at
  15
  16  *  https://source.collectionspace.org/collection-space/LICENSE.txt
  17
  18  *  Unless required by applicable law or agreed to in writing, software
  19  *  distributed under the License is distributed on an "AS IS" BASIS,
  20  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  21  *  See the License for the specific language governing permissions and
  22  *  limitations under the License.
  23  */
  24 package org.collectionspace.services.authorization.spring;
  25
  26 import java.util.List;
  27 import org.apache.commons.logging.Log;
  28 import org.apache.commons.logging.LogFactory;
  29 import org.collectionspace.services.authorization.CSpaceAction;
  30 import org.collectionspace.services.authorization.spi.CSpacePermissionManager;
  31 import org.collectionspace.services.authorization.CSpaceResource;
  32 import org.collectionspace.services.authorization.PermissionException;
  33 import org.collectionspace.services.authorization.PermissionNotFoundException;
  34 import org.springframework.security.acls.model.AccessControlEntry;
  35 import org.springframework.security.acls.model.MutableAcl;
  36 import org.springframework.security.acls.model.MutableAclService;
  37 import org.springframework.security.acls.model.NotFoundException;
  38 import org.springframework.security.acls.model.ObjectIdentity;
  39 import org.springframework.security.acls.model.Permission;
  40 import org.springframework.security.acls.model.Sid;
  41
  42 /**
  43  * Manages permissions in Spring Security
  44  * @author
  45  */
  46 public class SpringPermissionManager implements CSpacePermissionManager {
  47
  48     final Log log = LogFactory.getLog(SpringPermissionEvaluator.class);
  49     private SpringAuthorizationProvider provider;
  50
  51     SpringPermissionManager(SpringAuthorizationProvider provider) {
  52         this.provider = provider;
  53     }
  54
  55     @Override
  56     public void addPermission(CSpaceResource res, String[] principals, CSpaceAction perm)
  57             throws PermissionException {
  58         ObjectIdentity oid = SpringAuthorizationProvider.mapResource(res);
  59         Sid[] sids = SpringAuthorizationProvider.mapPrincipal(principals);
  60         Permission p = SpringAuthorizationProvider.mapPermssion(perm);
  61         for (Sid sid : sids) {
  62             addPermission(oid, sid, p);
  63             if (log.isDebugEnabled()) {
  64                 log.debug("added permission "
  65                         + " res=" + res.toString()
  66                         + " cperm=" + perm.toString()
  67                         + convertToString(principals)
  68                         + " oid=" + oid.toString()
  69                         + " perm=" + p.toString()
  70                         + " sid=" + sids.toString());
  71             }
  72         }
  73     }
  74
  75     private void addPermission(ObjectIdentity oid, Sid recipient, Permission permission) {
  76         MutableAcl acl;
  77         MutableAclService mutableAclService = provider.getProviderAclService();
  78         try {
  79             acl = (MutableAcl) mutableAclService.readAclById(oid);
  80             if (log.isDebugEnabled()) {
  81                 log.debug("addPermission: found acl for oid=" + oid.toString());
  82             }
  83         } catch (NotFoundException nfe) {
  84             acl = mutableAclService.createAcl(oid);
  85         }
  86
  87         acl.insertAce(acl.getEntries().size(), permission, recipient, true);
  88         mutableAclService.updateAcl(acl);
  89         if (log.isDebugEnabled()) {
  90             log.debug("addPermission: added acl for oid=" + oid.toString()
  91                     + " perm=" + permission.toString()
  92                     + " sid=" + recipient.toString());
  93         }
  94
  95     }
  96
  97     @Override
  98     public void deletePermission(CSpaceResource res, String[] principals, CSpaceAction perm)
  99             throws PermissionNotFoundException, PermissionException {
 100         ObjectIdentity oid = SpringAuthorizationProvider.mapResource(res);
 101         Sid[] sids = SpringAuthorizationProvider.mapPrincipal(principals);
 102         Permission p = SpringAuthorizationProvider.mapPermssion(perm);
 103         for (Sid sid : sids) {
 104             deletePermission(oid, sid, p);
 105             if (log.isDebugEnabled()) {
 106                 log.debug("deleted permission "
 107                         + " res=" + res.toString()
 108                         + " cperm=" + perm.toString()
 109                         + convertToString(principals)
 110                         + " oid=" + oid.toString()
 111                         + " perm=" + p.toString()
 112                         + " sid=" + sids.toString());
 113             }
 114         }
 115     }
 116
 117     private void deletePermission(ObjectIdentity oid, Sid recipient, Permission permission)
 118             throws PermissionException {
 119
 120         MutableAclService mutableAclService = provider.getProviderAclService();
 121         MutableAcl acl = (MutableAcl) mutableAclService.readAclById(oid);
 122         if (log.isDebugEnabled()) {
 123             log.debug("deletePermission: found acl for oid=" + oid.toString());
 124         }
 125         if (acl == null) {
 126             String msg = "Cound not find acl for oid=" + oid.toString();
 127             log.error(msg);
 128             throw new PermissionNotFoundException(msg);
 129         }
 130         // Remove all permissions associated with this particular recipient (string equality to KISS)
 131         List<AccessControlEntry> entries = acl.getEntries();
 132         if (log.isDebugEnabled()) {
 133             log.debug("deletePermission: for acl oid=" + oid.toString()
 134                     + " found " + entries.size() + " aces");
 135         }
 136         for (int i = 0; i < entries.size(); i++) {
 137             if (entries.get(i).getSid().equals(recipient)
 138                     && entries.get(i).getPermission().equals(permission)) {
 139                 acl.deleteAce(i);
 140             }
 141         }
 142         mutableAclService.updateAcl(acl);
 143         if (log.isDebugEnabled()) {
 144             log.debug("deletePermission: for acl oid=" + oid.toString()
 145                     + " deleted " + entries.size() + " aces");
 146         }
 147     }
 148
 149     private String convertToString(String[] stra) {
 150         StringBuilder builder = new StringBuilder();
 151         for (String s : stra) {
 152             builder.append(s);
 153             builder.append(" ");
 154         }
 155         return builder.toString();
 156     }
 157 }