git.aero2k.de Git - tmp/jakarta-migration.git/blob

   1 /**
   2  *  This document is a part of the source code and related artifacts
   3  *  for CollectionSpace, an open source collections management system
   4  *  for museums and related institutions:
   5
   6  *  http://www.collectionspace.org
   7  *  http://wiki.collectionspace.org
   8
   9  *  Copyright 2009 University of California at Berkeley
  10
  11  *  Licensed under the Educational Community License (ECL), Version 2.0.
  12  *  You may not use this file except in compliance with this License.
  13
  14  *  You may obtain a copy of the ECL 2.0 License at
  15
  16  *  https://source.collectionspace.org/collection-space/LICENSE.txt
  17
  18  *  Unless required by applicable law or agreed to in writing, software
  19  *  distributed under the License is distributed on an "AS IS" BASIS,
  20  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  21  *  See the License for the specific language governing permissions and
  22  *  limitations under the License.
  23  */
  24 package org.collectionspace.services.authorization.importer;
  25
  26 import java.io.FileInputStream;
  27 import java.io.InputStream;
  28 import java.util.ArrayList;
  29 import java.util.List;
  30 import javax.xml.bind.JAXBContext;
  31 import javax.xml.bind.Unmarshaller;
  32 import org.collectionspace.services.authorization.ActionType;
  33 import org.slf4j.Logger;
  34 import org.slf4j.LoggerFactory;
  35 import org.collectionspace.services.authorization.AuthZ;
  36 import org.collectionspace.services.authorization.CSpaceAction;
  37 import org.collectionspace.services.authorization.EffectType;
  38 import org.collectionspace.services.authorization.Permission;
  39 import org.collectionspace.services.authorization.PermissionAction;
  40 import org.collectionspace.services.authorization.PermissionException;
  41 import org.collectionspace.services.authorization.PermissionRole;
  42 import org.collectionspace.services.authorization.PermissionsList;
  43 import org.collectionspace.services.authorization.PermissionsRolesList;
  44 import org.collectionspace.services.authorization.RoleValue;
  45 import org.collectionspace.services.authorization.URIResourceImpl;
  46
  47 /**
  48  * AuthorizationSeed seeds authorizations (permission, role) into authz provider database
  49  * @author
  50  */
  51 public class AuthorizationSeed {
  52
  53     final Logger logger = LoggerFactory.getLogger(AuthorizationSeed.class);
  54
  55
  56     /**
  57      * seedPermissions seed permissions from given files
  58      * @param permFileName permisison file name
  59      * @param permRoleFileName permission role file name
  60      * @throws Exception
  61      */
  62     public void seedPermissions(String permFileName, String permRoleFileName) throws Exception {
  63         PermissionsList permList =
  64                 (PermissionsList) fromFile(PermissionsList.class,
  65                 permFileName);
  66         if (logger.isDebugEnabled()) {
  67             logger.debug("read permissions from " + permFileName);
  68         }
  69         PermissionsRolesList permRoleList =
  70                 (PermissionsRolesList) fromFile(PermissionsRolesList.class,
  71                 permRoleFileName);
  72         if (logger.isDebugEnabled()) {
  73             logger.debug("read permissions-roles from " + permRoleFileName);
  74         }
  75
  76         seedPermissions(permList, permRoleList);
  77     }
  78
  79     /**
  80      * seedPermissions seed permissions from given permisison and permission role lists
  81      * @param permList
  82      * @param permRoleList
  83      * @throws Exception
  84      */
  85     public void seedPermissions(PermissionsList permList, PermissionsRolesList permRoleList)
  86             throws Exception {
  87         for (Permission p : permList.getPermissions()) {
  88             if (logger.isDebugEnabled()) {
  89                 logger.debug("adding permission for res=" + p.getResourceName());
  90             }
  91             for (PermissionRole pr : permRoleList.getPermissionRoles()) {
  92                 if (pr.getPermissions().get(0).getPermissionId().equals(p.getCsid())) {
  93                     addPermissionsForUri(p, pr);
  94                 }
  95             }
  96         }
  97     }
  98
  99     /**
 100      * addPermissionsForUri add permissions from given permission configuration
 101      * with assumption that resource is of type URI
 102      * @param permission configuration
 103      */
 104     private void addPermissionsForUri(Permission perm,
 105             PermissionRole permRole) throws PermissionException {
 106         List<String> principals = new ArrayList<String>();
 107         if (!perm.getCsid().equals(permRole.getPermissions().get(0).getPermissionId())) {
 108             throw new IllegalArgumentException("permission ids do not"
 109                     + " match for role=" + permRole.getRoles().get(0).getRoleName()
 110                     + " with permissionId=" + permRole.getPermissions().get(0).getPermissionId()
 111                     + " for permission with csid=" + perm.getCsid());
 112         }
 113         for (RoleValue roleValue : permRole.getRoles()) {
 114             principals.add(roleValue.getRoleName());
 115         }
 116         List<PermissionAction> permActions = perm.getActions();
 117         for (PermissionAction permAction : permActions) {
 118             CSpaceAction action = getAction(permAction.getName());
 119             URIResourceImpl uriRes = new URIResourceImpl(perm.getTenantId(),
 120                     perm.getResourceName(), action);
 121             boolean grant = perm.getEffect().equals(EffectType.PERMIT) ? true : false;
 122             AuthZ.get().addPermissions(uriRes, principals.toArray(new String[0]), grant);
 123         }
 124     }
 125
 126     /**
 127      * getAction is a convenience method to get corresponding action for
 128      * given ActionType
 129      * @param action
 130      * @return
 131      */
 132     private CSpaceAction getAction(ActionType action) {
 133         if (ActionType.CREATE.equals(action)) {
 134             return CSpaceAction.CREATE;
 135         } else if (ActionType.READ.equals(action)) {
 136             return CSpaceAction.READ;
 137         } else if (ActionType.UPDATE.equals(action)) {
 138             return CSpaceAction.UPDATE;
 139         } else if (ActionType.DELETE.equals(action)) {
 140             return CSpaceAction.DELETE;
 141         } else if (ActionType.SEARCH.equals(action)) {
 142             return CSpaceAction.SEARCH;
 143         } else if (ActionType.ADMIN.equals(action)) {
 144             return CSpaceAction.ADMIN;
 145         } else if (ActionType.START.equals(action)) {
 146             return CSpaceAction.START;
 147         } else if (ActionType.STOP.equals(action)) {
 148             return CSpaceAction.STOP;
 149         }
 150         throw new IllegalArgumentException("action = " + action.toString());
 151     }
 152
 153     static Object fromFile(Class jaxbClass, String fileName) throws Exception {
 154         InputStream is = new FileInputStream(fileName);
 155         try {
 156             JAXBContext context = JAXBContext.newInstance(jaxbClass);
 157             Unmarshaller unmarshaller = context.createUnmarshaller();
 158             //note: setting schema to null will turn validator off
 159             unmarshaller.setSchema(null);
 160             return jaxbClass.cast(unmarshaller.unmarshal(is));
 161         } finally {
 162             if (is != null) {
 163                 try {
 164                     is.close();
 165                 } catch (Exception e) {
 166                 }
 167             }
 168         }
 169     }
 170 }