View Javadoc

1   /*
2    * Copyright 2004-2006 the Seasar Foundation and the Others.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, 
13   * either express or implied. See the License for the specific language
14   * governing permissions and limitations under the License.
15   */
16  package com.isenshi.util.extlib;
17  
18  import java.security.Principal;
19  import java.util.Enumeration;
20  
21  import org.apache.slide.common.ServiceAccessException;
22  import org.apache.slide.common.SlideToken;
23  import org.apache.slide.common.Uri;
24  import org.apache.slide.security.ACLSecurityImpl;
25  import org.apache.slide.security.NodePermission;
26  import org.apache.slide.structure.ActionNode;
27  import org.apache.slide.structure.ObjectNode;
28  import org.apache.slide.structure.ObjectNotFoundException;
29  import org.apache.slide.structure.SubjectNode;
30  import org.seasar.tuigwaa.security.SecurityService;
31  import org.seasar.tuigwaa.security.auth.TgwRole;
32  
33  
34  public class LDAPSecurityImpl extends ACLSecurityImpl {
35  
36  	public boolean hasPermission(SlideToken token, ObjectNode object,
37  			ActionNode action) throws ServiceAccessException,
38  			ObjectNotFoundException {
39  		Principal principal = (Principal) token.getCredentialsToken()
40  				.getPrincipal();
41  
42  		if (principal instanceof TgwRole) {
43  			return super.hasPermission(token, object, action);
44  		}
45  
46  		if (principal == null) {
47  			return hasPermission(object, SubjectNode.UNAUTHENTICATED, action);
48  		}
49  
50  		Enumeration enm = getRoles(token);
51  		while (enm != null && enm.hasMoreElements()) {
52  			String role = (String) enm.nextElement();
53  			if (hasPermission(object, getRole(role), action)) {
54  				return true;
55  			}
56  		}
57  		return false;
58  
59  		/*
60  		 * TgwUser user = (TgwUser)principal; SubjectNode[] sroles =
61  		 * getRoles(user);
62  		 * 
63  		 * for(int i=0; i<sroles.length;i++){
64  		 * 
65  		 * if(hasPermission(object, sroles[i], action)){ return true; } } return
66  		 * false;
67  		 */
68  	}
69  
70  	public boolean hasPermission(ObjectNode object, SubjectNode role,
71  			ActionNode action) throws ServiceAccessException,
72  			ObjectNotFoundException {
73  
74  		boolean flag = true;
75  
76  		Uri courUri = namespace.getUri(object.getUri());
77  		Enumeration permissions = courUri.getStore().enumeratePermissions(
78  				courUri);
79  
80  		while (permissions.hasMoreElements()) {
81  			NodePermission permission = (NodePermission) permissions
82  					.nextElement();
83  			String actionUri = permission.getActionUri();
84  			String subjectUri = permission.getSubjectUri();
85  			boolean actionMatch = ActionNode.ALL_URI.equals(actionUri)
86  					|| actionUri.equals(action.getUri());
87  			boolean roleMatch = SubjectNode.ALL_URI.equals(subjectUri)
88  					|| subjectUri.equals(role.getUri());
89  
90  			if (actionMatch && roleMatch && permission.isNegative()) {
91  				flag = false;
92  				break;
93  			}
94  		}
95  
96  		Uri parentUri = courUri.getParentUri();
97  
98  		if (flag && parentUri != null && !parentUri.equals("/")) {
99  			ObjectNode parentObject = parentUri.getStore().retrieveObject(
100 					parentUri);
101 			return hasPermission(parentObject, role, action);
102 		} else {
103 			return flag;
104 		}
105 	}
106 
107 	private SubjectNode getRole(String roleName) {
108 		SubjectNode role = SubjectNode.getSubjectNode("/roles/" + roleName);
109 		if (SecurityService.ROLE_UNAUTHENTICATED.equals(roleName)) {
110 			role = SubjectNode.UNAUTHENTICATED;
111 		}
112 		return role;
113 	}
114 
115 }