]> git.aero2k.de Git - tmp/jakarta-migration.git/blob
projects / tmp / jakarta-migration.git / blob
? search:


b7105dfaa9ca29ca30ced189d5cb94195efd80e2
[tmp/jakarta-migration.git] /
1 /**
2  *  This document is a part of the source code and related artifacts
3  *  for CollectionSpace, an open source collections management system
4  *  for museums and related institutions:
5
6  *  http://www.collectionspace.org
7  *  http://wiki.collectionspace.org
8
9  *  Copyright 2009 University of California at Berkeley
10
11  *  Licensed under the Educational Community License (ECL), Version 2.0.
12  *  You may not use this file except in compliance with this License.
13
14  *  You may obtain a copy of the ECL 2.0 License at
15
16  *  https://source.collectionspace.org/collection-space/LICENSE.txt
17
18  *  Unless required by applicable law or agreed to in writing, software
19  *  distributed under the License is distributed on an "AS IS" BASIS,
20  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
21  *  See the License for the specific language governing permissions and
22  *  limitations under the License.
23  */
24 package org.collectionspace.services.authorization.importer;
25
26 import java.io.File;
27 import org.slf4j.Logger;
28 import org.slf4j.LoggerFactory;
29 import java.util.ArrayList;
30 import java.util.Date;
31 import java.util.Hashtable;
32 import java.util.List;
33 import java.util.UUID;
34 import javax.xml.bind.JAXBContext;
35 import javax.xml.bind.Marshaller;
36 import org.collectionspace.services.authorization.ActionType;
37 import org.collectionspace.services.authorization.Permission;
38 import org.collectionspace.services.authorization.EffectType;
39 import org.collectionspace.services.authorization.PermissionAction;
40 import org.collectionspace.services.authorization.PermissionActionUtil;
41 import org.collectionspace.services.authorization.PermissionRole;
42 import org.collectionspace.services.authorization.PermissionValue;
43 import org.collectionspace.services.authorization.PermissionsList;
44 import org.collectionspace.services.authorization.PermissionsRolesList;
45 import org.collectionspace.services.authorization.Role;
46 import org.collectionspace.services.authorization.RoleValue;
47 import org.collectionspace.services.authorization.RolesList;
48 import org.collectionspace.services.authorization.SubjectType;
49 import org.collectionspace.services.common.config.TenantBindingConfigReaderImpl;
50 import org.collectionspace.services.common.service.ServiceBindingType;
51 import org.collectionspace.services.common.tenant.TenantBindingType;
52 import org.collectionspace.services.common.security.SecurityUtils;
53
54 /**
55  * AuthorizationGen generates authorizations (permissions and roles)
56  * for tenant services
57  * @author 
58  */
59 public class AuthorizationGen {
60
61         final public static String ROLE_PREFIX = "ROLE_";
62     final public static String ROLE_ADMINISTRATOR = "ADMINISTRATOR";
63     final public static String ROLE_TENANT_ADMINISTRATOR = "TENANT_ADMINISTRATOR";
64     final public static String ROLE_TENANT_READER = "TENANT_READER";
65     final public static String ROLE_ADMINISTRATOR_ID = "0";
66     //
67     // ActionGroup labels/constants
68     //
69     final public static String ACTIONGROUP_CRUDL = "CRUDL";
70     final public static String ACTIONGROUP_RL = "RL";
71     
72     final Logger logger = LoggerFactory.getLogger(AuthorizationGen.class);
73     private List<Permission> adminPermList = new ArrayList<Permission>();
74     private List<PermissionRole> adminPermRoleList = new ArrayList<PermissionRole>();
75     private List<Permission> readerPermList = new ArrayList<Permission>();
76     private List<PermissionRole> readerPermRoleList = new ArrayList<PermissionRole>();
77     private List<Role> adminRoles = new ArrayList<Role>();
78     private List<Role> readerRoles = new ArrayList<Role>();
79     private Role cspaceAdminRole;
80     private Hashtable<String, TenantBindingType> tenantBindings =
81             new Hashtable<String, TenantBindingType>();
82
83     public void initialize(String tenantBindingFileName) throws Exception {
84         TenantBindingConfigReaderImpl tenantBindingConfigReader =
85                 new TenantBindingConfigReaderImpl(null);
86         tenantBindingConfigReader.read(tenantBindingFileName);
87         tenantBindings = tenantBindingConfigReader.getTenantBindings();
88         cspaceAdminRole = buildCSpaceAdminRole();
89
90         if (logger.isDebugEnabled()) {
91             logger.debug("initialized with tenant bindings from " + tenantBindingFileName);
92         }
93     }
94
95     /**
96      * createDefaultPermissions creates default admin and reader permissions
97      * for each tenant found in the given tenant binding file
98      * @see initialize
99      * @return
100      */
101     public void createDefaultPermissions() {
102         for (String tenantId : tenantBindings.keySet()) {
103             List<Permission> adminPerms = createDefaultAdminPermissions(tenantId);
104             adminPermList.addAll(adminPerms);
105
106             List<Permission> readerPerms = createDefaultReaderPermissions(tenantId);
107             readerPermList.addAll(readerPerms);
108         }
109     }
110
111     /**
112      * createDefaultAdminPermissions creates default admin permissions for all services
113      * used by the given tenant
114      * @param tenantId
115      * @return
116      */
117     public List<Permission> createDefaultAdminPermissions(String tenantId) {
118         ArrayList<Permission> apcList = new ArrayList<Permission>();
119         TenantBindingType tbinding = tenantBindings.get(tenantId);
120         for (ServiceBindingType sbinding : tbinding.getServiceBindings()) {
121
122             //add permissions for the main path
123                 String resourceName = sbinding.getName().toLowerCase().trim();
124                 if (SecurityUtils.isEntityProxy() == true) {
125                         resourceName = SecurityUtils.getResourceEntity(resourceName);
126                 }
127             Permission perm = buildAdminPermission(tbinding.getId(),
128                     resourceName);
129             apcList.add(perm);
130
131             //add permissions for alternate paths
132             if (SecurityUtils.isEntityProxy() == false) {
133                     List<String> uriPaths = sbinding.getUriPath();
134                     for (String uriPath : uriPaths) {
135                         perm = buildAdminPermission(tbinding.getId(),
136                                 uriPath.toLowerCase());
137                         apcList.add(perm);
138                     }
139             }
140         }
141         
142         return apcList;
143     }
144
145     private Permission buildAdminPermission(String tenantId, String resourceName) {
146         String id = UUID.randomUUID().toString();
147         Permission perm = new Permission();
148         perm.setCsid(id);
149         perm.setDescription("generated admin permission");
150         perm.setCreatedAtItem(new Date());
151         perm.setResourceName(resourceName.toLowerCase().trim());
152         perm.setEffect(EffectType.PERMIT);
153         perm.setTenantId(tenantId);
154         
155         perm.setActionGroup(ACTIONGROUP_CRUDL);
156         ArrayList<PermissionAction> pas = new ArrayList<PermissionAction>();
157         perm.setActions(pas);
158
159         PermissionAction permAction = PermissionActionUtil.create(perm, ActionType.CREATE);
160         pas.add(permAction);
161         
162         permAction = PermissionActionUtil.create(perm, ActionType.READ);
163         pas.add(permAction);
164         
165         permAction = PermissionActionUtil.create(perm, ActionType.UPDATE);
166         pas.add(permAction);
167         
168         permAction = PermissionActionUtil.create(perm, ActionType.DELETE);
169         pas.add(permAction);
170         
171         permAction = PermissionActionUtil.create(perm, ActionType.SEARCH);
172         pas.add(permAction);
173         
174         return perm;
175     }
176
177     /**
178      * createDefaultReaderPermissions creates read only permissions for all services
179      * used by the given tenant
180      * @param tenantId
181      * @return
182      */
183     public List<Permission> createDefaultReaderPermissions(String tenantId) {
184         ArrayList<Permission> apcList = new ArrayList<Permission>();
185         TenantBindingType tbinding = tenantBindings.get(tenantId);
186         for (ServiceBindingType sbinding : tbinding.getServiceBindings()) {
187             //add permissions for the main path
188                 String resourceName = sbinding.getName().toLowerCase().trim();
189                 if (SecurityUtils.isEntityProxy() == true) {
190                         resourceName = SecurityUtils.getResourceEntity(resourceName);
191                 }               
192             Permission perm = buildReaderPermission(tbinding.getId(),
193                     resourceName);
194             apcList.add(perm);
195
196             //add permissions for alternate paths
197             if (SecurityUtils.isEntityProxy() == false) {
198                     List<String> uriPaths = sbinding.getUriPath();
199                     for (String uriPath : uriPaths) {
200                         perm = buildReaderPermission(tbinding.getId(),
201                                 uriPath.toLowerCase());
202                         apcList.add(perm);
203                     }
204             }
205         }
206         return apcList;
207
208     }
209
210     private Permission buildReaderPermission(String tenantId, String resourceName) {
211         String id = UUID.randomUUID().toString();
212         Permission perm = new Permission();
213         perm.setCsid(id);
214         perm.setCreatedAtItem(new Date());
215         perm.setDescription("generated readonly permission");
216         perm.setResourceName(resourceName.toLowerCase().trim());
217         perm.setEffect(EffectType.PERMIT);
218         perm.setTenantId(tenantId);
219         
220         perm.setActionGroup(ACTIONGROUP_RL);
221         ArrayList<PermissionAction> pas = new ArrayList<PermissionAction>();
222         perm.setActions(pas);
223
224         PermissionAction permAction = PermissionActionUtil.create(perm, ActionType.READ);
225         pas.add(permAction);
226
227         permAction = PermissionActionUtil.create(perm, ActionType.SEARCH);
228         pas.add(permAction);
229
230         return perm;
231     }
232
233     public List<Permission> getDefaultPermissions() {
234         List<Permission> allPermList = new ArrayList<Permission>();
235         allPermList.addAll(adminPermList);
236         allPermList.addAll(readerPermList);
237         return allPermList;
238     }
239
240     public List<Permission> getDefaultAdminPermissions() {
241         return adminPermList;
242     }
243
244     public List<Permission> getDefaultReaderPermissions() {
245         return readerPermList;
246     }
247
248     /**
249      * createDefaultRoles creates default admin and reader roles
250      * for each tenant found in the given tenant binding file
251      */
252     public void createDefaultRoles() {
253         for (String tenantId : tenantBindings.keySet()) {
254
255             Role arole = buildTenantAdminRole(tenantId);
256             adminRoles.add(arole);
257
258             Role rrole = buildTenantReaderRole(tenantId);
259             readerRoles.add(rrole);
260         }
261     }
262
263     private Role buildTenantAdminRole(String tenantId) {
264         Role role = new Role();
265         role.setCreatedAtItem(new Date());
266         role.setRoleName(ROLE_PREFIX +
267                         tenantId + "_" +
268                         ROLE_TENANT_ADMINISTRATOR);
269         String id = UUID.randomUUID().toString();
270         role.setCsid(id);
271         role.setDescription("generated tenant admin role");
272         role.setTenantId(tenantId);
273         return role;
274     }
275
276     private Role buildTenantReaderRole(String tenantId) {
277         Role role = new Role();
278         role.setCreatedAtItem(new Date());
279         role.setRoleName(ROLE_PREFIX +
280                         tenantId + "_" +
281                         ROLE_TENANT_READER);
282         String id = UUID.randomUUID().toString();
283         role.setCsid(id);
284         role.setDescription("generated tenant read only role");
285         role.setTenantId(tenantId);
286         return role;
287     }
288
289     public List<Role> getDefaultRoles() {
290         List<Role> allRoleList = new ArrayList<Role>();
291         allRoleList.addAll(adminRoles);
292         allRoleList.addAll(readerRoles);
293         return allRoleList;
294     }
295
296     public void associateDefaultPermissionsRoles() {
297         for (Permission p : adminPermList) {
298             PermissionRole permAdmRole = associatePermissionRoles(p, adminRoles);
299             adminPermRoleList.add(permAdmRole);
300         }
301
302         for (Permission p : readerPermList) {
303             PermissionRole permRdrRole = associatePermissionRoles(p, readerRoles);
304             readerPermRoleList.add(permRdrRole);
305         }
306         
307         //CSpace Administrator has all access
308         List<Role> roles = new ArrayList<Role>();
309         roles.add(cspaceAdminRole);
310         for (Permission p : adminPermList) {
311             PermissionRole permCAdmRole = associatePermissionRoles(p, roles);
312             adminPermRoleList.add(permCAdmRole);
313         }        
314     }
315
316     public List<PermissionRole> associatePermissionsRoles(List<Permission> perms, List<Role> roles) {
317         List<PermissionRole> permRoles = new ArrayList<PermissionRole>();
318         for (Permission perm : perms) {
319             PermissionRole permRole = associatePermissionRoles(perm, roles);
320             permRoles.add(permRole);
321         }
322         return permRoles;
323     }
324
325     private PermissionRole associatePermissionRoles(Permission perm,
326             List<Role> roles) {
327
328         PermissionRole pr = new PermissionRole();
329         pr.setSubject(SubjectType.ROLE);
330         List<PermissionValue> permValues = new ArrayList<PermissionValue>();
331         pr.setPermissions(permValues);
332         PermissionValue permValue = new PermissionValue();
333         permValue.setPermissionId(perm.getCsid());
334         permValue.setResourceName(perm.getResourceName().toLowerCase());
335         permValue.setActionGroup(perm.getActionGroup());
336         permValues.add(permValue);
337
338         List<RoleValue> roleValues = new ArrayList<RoleValue>();
339         for (Role role : roles) {
340             RoleValue rv = new RoleValue();
341             // This needs to use the qualified name, not the display name
342             rv.setRoleName(role.getRoleName().toUpperCase());
343             rv.setRoleId(role.getCsid());
344             roleValues.add(rv);
345         }
346         pr.setRoles(roleValues);
347
348         return pr;
349     }
350
351     public List<PermissionRole> getDefaultPermissionRoles() {
352         List<PermissionRole> allPermRoleList = new ArrayList<PermissionRole>();
353         allPermRoleList.addAll(adminPermRoleList);
354         allPermRoleList.addAll(readerPermRoleList);
355         return allPermRoleList;
356     }
357
358     public List<PermissionRole> getDefaultAdminPermissionRoles() {
359         return adminPermRoleList;
360     }
361
362     public List<PermissionRole> getDefaultReaderPermissionRoles() {
363         return readerPermRoleList;
364     }
365
366     private Role buildCSpaceAdminRole() {
367         Role role = new Role();
368         role.setRoleName(ROLE_PREFIX + ROLE_ADMINISTRATOR);
369         role.setCsid(ROLE_ADMINISTRATOR_ID);
370         return role;
371     }
372
373     public void exportDefaultRoles(String fileName) {
374         RolesList rList = new RolesList();
375         List<Role> allRoleList = new ArrayList<Role>();
376         allRoleList.addAll(adminRoles);
377         allRoleList.addAll(readerRoles);
378         rList.setRoles(allRoleList);
379         toFile(rList, RolesList.class,
380                 fileName);
381         if (logger.isDebugEnabled()) {
382             logger.debug("exported roles to " + fileName);
383         }
384     }
385
386     public void exportDefaultPermissions(String fileName) {
387         PermissionsList pcList = new PermissionsList();
388         List<Permission> allPermList = new ArrayList<Permission>();
389         allPermList.addAll(adminPermList);
390         allPermList.addAll(readerPermList);
391         pcList.setPermissions(allPermList);
392         toFile(pcList, PermissionsList.class,
393                 fileName);
394         if (logger.isDebugEnabled()) {
395             logger.debug("exported permissions to " + fileName);
396         }
397     }
398
399     public void exportDefaultPermissionRoles(String fileName) {
400         PermissionsRolesList psrsl = new PermissionsRolesList();
401         List<PermissionRole> allPermRoleList = new ArrayList<PermissionRole>();
402         allPermRoleList.addAll(adminPermRoleList);
403         allPermRoleList.addAll(readerPermRoleList);
404         psrsl.setPermissionRoles(allPermRoleList);
405         toFile(psrsl, PermissionsRolesList.class,
406                 fileName);
407         if (logger.isDebugEnabled()) {
408             logger.debug("exported permissions-roles to " + fileName);
409         }
410     }
411
412     private void toFile(Object o, Class jaxbClass, String fileName) {
413         File f = new File(fileName);
414         try {
415             JAXBContext jc = JAXBContext.newInstance(jaxbClass);
416             Marshaller m = jc.createMarshaller();
417             m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT,
418                     Boolean.TRUE);
419             m.marshal(o, f);
420         } catch (Exception e) {
421             e.printStackTrace();
422         }
423     }
424 }