2 * This document is a part of the source code and related artifacts
3 * for CollectionSpace, an open source collections management system
4 * for museums and related institutions:
6 * http://www.collectionspace.org
7 * http://wiki.collectionspace.org
9 * Copyright 2009 University of California at Berkeley
11 * Licensed under the Educational Community License (ECL), Version 2.0.
12 * You may not use this file except in compliance with this License.
14 * You may obtain a copy of the ECL 2.0 License at
16 * https://source.collectionspace.org/collection-space/LICENSE.txt
18 * Unless required by applicable law or agreed to in writing, software
19 * distributed under the License is distributed on an "AS IS" BASIS,
20 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
21 * See the License for the specific language governing permissions and
22 * limitations under the License.
25 package org.collectionspace.services.authorization.spring;
27 import java.util.List;
28 import org.apache.commons.logging.Log;
29 import org.apache.commons.logging.LogFactory;
30 import org.collectionspace.services.authorization.CSpaceAction;
31 import org.collectionspace.services.authorization.spi.CSpacePermissionManager;
32 import org.collectionspace.services.authorization.CSpaceResource;
33 import org.springframework.security.acls.model.AccessControlEntry;
34 import org.springframework.security.acls.model.MutableAcl;
35 import org.springframework.security.acls.model.MutableAclService;
36 import org.springframework.security.acls.model.NotFoundException;
37 import org.springframework.security.acls.model.ObjectIdentity;
38 import org.springframework.security.acls.model.Permission;
39 import org.springframework.security.acls.model.Sid;
42 * Manages permissions in Spring Security
45 public class SpringPermissionManager implements CSpacePermissionManager {
47 final Log log = LogFactory.getLog(SpringPermissionEvaluator.class);
48 private SpringAuthorizationProvider provider;
50 SpringPermissionManager(SpringAuthorizationProvider provider) {
51 this.provider = provider;
55 public void addPermission(CSpaceResource res, String[] principals, CSpaceAction perm) {
56 ObjectIdentity oid = SpringAuthorizationProvider.mapResource(res);
57 Sid[] sids = SpringAuthorizationProvider.mapPrincipal(principals);
58 Permission p = SpringAuthorizationProvider.mapPermssion(perm);
59 for (Sid sid : sids) {
60 addPermission(oid, sid, p);
64 private void addPermission(ObjectIdentity oid, Sid recipient, Permission permission) {
66 MutableAclService mutableAclService = provider.getProviderAclService();
68 acl = (MutableAcl) mutableAclService.readAclById(oid);
69 } catch (NotFoundException nfe) {
70 acl = mutableAclService.createAcl(oid);
73 acl.insertAce(acl.getEntries().size(), permission, recipient, true);
74 mutableAclService.updateAcl(acl);
79 public void deletePermission(CSpaceResource res, String[] principals, CSpaceAction perm) {
80 ObjectIdentity oid = SpringAuthorizationProvider.mapResource(res);
81 Sid[] sids = SpringAuthorizationProvider.mapPrincipal(principals);
82 Permission p = SpringAuthorizationProvider.mapPermssion(perm);
83 for (Sid sid : sids) {
84 deletePermission(oid, sid, p);
88 private void deletePermission(ObjectIdentity oid, Sid recipient, Permission permission) {
90 MutableAclService mutableAclService = provider.getProviderAclService();
91 MutableAcl acl = (MutableAcl) mutableAclService.readAclById(oid);
93 // Remove all permissions associated with this particular recipient (string equality to KISS)
94 List<AccessControlEntry> entries = acl.getEntries();
96 for (int i = 0; i < entries.size(); i++) {
97 if (entries.get(i).getSid().equals(recipient)
98 && entries.get(i).getPermission().equals(permission)) {
102 mutableAclService.updateAcl(acl);
projects / tmp / jakarta-migration.git / blob