예제 #1
0
  private void buildAccessMap() {
    Map actionMap = null;
    SecurityAccess accessElement = null;

    synchronized (accessMapSync) {
      if (accessMap == null) {
        accessMap = new HashMap();
      }

      accessMap.clear();
    }
    // Build allow map
    for (Iterator accessIterator = getAccesses().iterator(); accessIterator.hasNext(); ) {
      accessElement = (SecurityAccess) accessIterator.next();

      // Get action map of the action.  Create one if none exists
      String action = accessElement.getAction();

      if (action == null) {
        action = ALL_ACTIONS;
      }

      actionMap = (Map) accessMap.get(action);
      if (actionMap == null) {
        actionMap = new HashMap();
        accessMap.put(action, actionMap);
      }
      addAllows(actionMap, accessElement);
    }
  }
예제 #2
0
  /**
   * Removes a group role's access to a specific action.
   *
   * @param action Action to remove access from.
   * @param group The group whose access we are revoking.
   * @param role The role whose access we are revoking.
   * @return boolean Whether or not the access existed and was removed.
   */
  public boolean revokeGroupRoleAccess(String action, String group, String role) {
    if (allowsSpecificGroupRole(action, group, role)) {
      SecurityAccess access = getAccess(action);
      List allows = access.getAllows();
      if (allows == null || allows.isEmpty()) {
        revokeAccess(action);
        return false;
      }

      for (int i = 0; i < allows.size(); i++) {
        BaseSecurityAllow allow = (BaseSecurityAllow) allows.get(i);
        if (allow.getGroup() != null
            && allow.getGroup().equals(group)
            && allow.getRole() != null
            && allow.getRole().equals(role)) {
          allows.remove(i);
          if (allows.isEmpty() && access.getOwnerAllows().isEmpty()) {
            revokeAccess(action);
          }

          return true;
        }
      }
    }
    return false;
  }
예제 #3
0
 /**
  * Checks whether a group is specifically allowed to access the request action This method ignores
  * the "*" action and is here to play a maintenance role.
  */
 public boolean allowsSpecificGroup(String action, String group) {
   SecurityAccess access = (SecurityAccess) getAccess(action);
   if (access.getAllAllows() != null) {
     Iterator allAllows = access.getAllows().iterator();
     while (allAllows.hasNext()) {
       SecurityAllow allow = (SecurityAllow) allAllows.next();
       if (allow.getGroup() != null && allow.getGroup().equals(group)) {
         return true;
       }
     }
   }
   return false;
 }
예제 #4
0
  /**
   * Grants access for a specific action to a specific user for this SecurityEntry. This grants
   * specific access ignores "*" action, if it exists.
   *
   * @param String action The action we are granting access to.
   * @param String user The user that will receive access to this action.
   * @return boolean Whether or not the access was granted. Basically, a <code>false</code> means
   *     that this role already has specific access.
   */
  public boolean grantUserAccess(String action, String user) {
    if (!allowsSpecificUser(action, user)) {
      SecurityAccess access = getAccess(action);
      List allows = access.getAllows();
      if (allows == null) {
        allows = new Vector();
      }

      BaseSecurityAllow allow = new BaseSecurityAllow();
      allow.setUser(user);
      allows.add(allow);

      buildAccessMap();

      return true;
    }

    return false;
  }
예제 #5
0
  /**
   * Grants access for a specific action to a specific group for this SecurityEntry. This grants
   * specific access ignores "*" action, if it exists.
   *
   * @param String action The action we are granting access to.
   * @param String group The group that will receive access to this action.
   * @return boolean Whether or not the access was granted. Basically, a <code>false</code> means
   *     that this group already has specific access.
   */
  public boolean grantGroupAccess(String action, String group) {
    if (!allowsSpecificGroup(action, role)) {
      SecurityAccess access = getAccess(action);
      List allows = access.getAllows();
      if (allows == null) {
        allows = new Vector();
      }

      BaseSecurityAllow allow = new BaseSecurityAllow();
      allow.setGroup(group);
      allows.add(allow);

      buildAccessMap();

      return true;
    }

    return false;
  }
예제 #6
0
  /**
   * Removes a user's access to a specific action.
   *
   * @param action Action to remove access from.
   * @param role The role whose access we are revoking.
   * @return boolean Whehter or not the access existed and was removed.
   */
  public boolean revokeUserAccess(String action, String user) {
    if (allowsSpecificUser(action, user)) {
      SecurityAccess access = getAccess(action);
      List allows = access.getAllows();
      if (allows == null || allows.isEmpty()) {
        revokeAccess(action);
        return false;
      }

      for (int i = 0; i < allows.size(); i++) {
        BaseSecurityAllow allow = (BaseSecurityAllow) allows.get(i);
        if (allow.getUser() != null && allow.getUser().equals(user)) {
          allows.remove(i);
          if (allows.isEmpty() && access.getOwnerAllows().isEmpty()) {
            revokeAccess(action);
          }

          return true;
        }
      }
    }
    return false;
  }
예제 #7
0
  /**
   * Add access elements to the access map. The elements will be appened to the appropiate map.
   *
   * @param accessMap to receive accessElements
   * @param accessElement to copy to access map
   */
  private void addAllows(Map accessMap, SecurityAccess accessElement) {
    SecurityAllow allowElement = null;
    String role = null;
    String group = null;
    Map ownerMap = null; // Map of owner allowed
    Map roleMap = null; // Map of roles allowed
    Map groupMap = null; // Map of groups allowed
    Map groupRoleMap = null; // Map of group role allowed	
    Map userMap = null; // Map of users allowed
    String userName = null;

    if (accessElement.getAllAllows() == null) {
      return;
    }

    // Add allows to the action Map
    for (Iterator allowIterator = accessElement.getAllAllows().iterator();
        allowIterator.hasNext(); ) {
      allowElement = (SecurityAllow) allowIterator.next();
      role = null;
      userName = null;
      group = null;

      // Add Owner
      if (allowElement.isOwner() == true) {
        ownerMap = (Map) accessMap.get(OWNER_MAP);
        if (ownerMap == null) {
          ownerMap = new HashMap();
          accessMap.put(OWNER_MAP, ownerMap);
        }
        ownerMap.put(null, null);
      }

      // Add Role
      role = allowElement.getRole();
      if (role != null) {
        // Role map
        roleMap = (Map) accessMap.get(ROLE_MAP);
        if (roleMap == null) {
          roleMap = new HashMap();
          accessMap.put(ROLE_MAP, roleMap);
        }
        roleMap.put(role, null);

        // Group role map
        groupRoleMap = (Map) accessMap.get(GROUP_ROLE_MAP);
        if (groupRoleMap == null) {
          groupRoleMap = new HashMap();
          accessMap.put(GROUP_ROLE_MAP, groupRoleMap);
        }
        if (group == null) {
          group = GroupManagement.DEFAULT_GROUP_NAME;
        }
        groupRoleMap.put(group + role, null);
      }

      // Add Group
      group = allowElement.getGroup();
      if (group != null) {
        // Group map
        groupMap = (Map) accessMap.get(GROUP_MAP);
        if (groupMap == null) {
          groupMap = new HashMap();
          accessMap.put(GROUP_MAP, groupMap);
        }
        groupMap.put(group, null);

        // Group role map
        groupRoleMap = (Map) accessMap.get(GROUP_ROLE_MAP);
        if (groupRoleMap == null) {
          groupRoleMap = new HashMap();
          accessMap.put(GROUP_ROLE_MAP, groupRoleMap);
        }
        if (role == null) {
          role = RoleManagement.DEFAULT_ROLE_NAME;
        }
        groupRoleMap.put(group + role, null);
      }

      // Add User
      userName = allowElement.getUser();
      if (userName != null) {
        userMap = (Map) accessMap.get(USER_MAP);
        if (userMap == null) {
          userMap = new HashMap();
          accessMap.put(USER_MAP, userMap);
        }
        userMap.put(userName, null);
      }
    }
  }