isis-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rmatth...@apache.org
Subject svn commit: r1097413 - /incubator/isis/trunk/security/file/src/main/java/org/apache/isis/security/file/authorization/FileAuthorizor.java
Date Thu, 28 Apr 2011 11:06:28 GMT
Author: rmatthews
Date: Thu Apr 28 11:06:28 2011
New Revision: 1097413

URL: http://svn.apache.org/viewvc?rev=1097413&view=rev
Log:
Improved file based authorization so that  1) controls can generalised so common attributes
can be specified, and 2) the more specific match is used in preference to a less specific
match.

Modified:
    incubator/isis/trunk/security/file/src/main/java/org/apache/isis/security/file/authorization/FileAuthorizor.java

Modified: incubator/isis/trunk/security/file/src/main/java/org/apache/isis/security/file/authorization/FileAuthorizor.java
URL: http://svn.apache.org/viewvc/incubator/isis/trunk/security/file/src/main/java/org/apache/isis/security/file/authorization/FileAuthorizor.java?rev=1097413&r1=1097412&r2=1097413&view=diff
==============================================================================
--- incubator/isis/trunk/security/file/src/main/java/org/apache/isis/security/file/authorization/FileAuthorizor.java
(original)
+++ incubator/isis/trunk/security/file/src/main/java/org/apache/isis/security/file/authorization/FileAuthorizor.java
Thu Apr 28 11:06:28 2011
@@ -110,13 +110,13 @@ public class FileAuthorizor extends Auth
     
     @Override
     public void init() {
+        whiteListMap = Maps.newHashMap();
+        blackListMap = Maps.newHashMap();
         
         // initialize
         if (learn) {
-            return;
-        }
-        whiteListMap = Maps.newHashMap();
-        blackListMap = Maps.newHashMap();
+            return;
+        }
         cacheAuthorizationDetails(whiteListMap, whiteListInputResource);
         if (blackListInputResource != null) {
             cacheAuthorizationDetails(blackListMap, blackListInputResource);
@@ -158,17 +158,32 @@ public class FileAuthorizor extends Auth
     private void tokenizeLine(final Map<String,List<String>> map, final String
line) {
         if (line.trim().startsWith("#") || line.trim().length() == 0) {
             return;
+        }
+        int pos = line.trim().indexOf(">");
+        if (pos == -1) {
+            final StringTokenizer tokens = new StringTokenizer(line.trim(), ":", false);
+            if (tokens.countTokens() != 2) {
+                throw new IsisConfigurationException("Invalid line: " + line);
+            }
+            final String token1 = tokens.nextToken();
+            final String token2 = tokens.nextToken();
+            final Identifier identifier = memberFromString(token1.trim());
+            final List<String> roles = tokenizeRoles(token2);
+            String identityString = identifier.toIdentityString(Identifier.CLASS_MEMBERNAME_PARAMETERS);
+            map.put(identityString, roles);
+        } else {
+            Map<String,List<String>> newRules = new HashMap<String,List<String>>();

+            for (String name: map.keySet()) {
+                String originalName = line.trim().substring(0, pos);
+                String redirectedName = line.trim().substring(pos + 1);
+                if (name.startsWith(redirectedName)) {
+                    String id = originalName + name.substring(redirectedName.length());
+                    List<String> roles = map.get(name);
+                    newRules.put(id, roles);
+                }
+            }
+            map.putAll(newRules);
         }
-        final StringTokenizer tokens = new StringTokenizer(line.trim(), ":", false);
-        if (tokens.countTokens() != 2) {
-            throw new IsisConfigurationException("Invalid line: " + line);
-        }
-        final String token1 = tokens.nextToken();
-        final String token2 = tokens.nextToken();
-        final Identifier identifier = memberFromString(token1.trim());
-        final List<String> roles = tokenizeRoles(token2);
-        String identityString = identifier.toIdentityString(Identifier.CLASS_MEMBERNAME_PARAMETERS);
-        map.put(identityString, roles);
     }
 
     private Identifier memberFromString(final String identifier) {
@@ -223,36 +238,45 @@ public class FileAuthorizor extends Auth
     private boolean isBlackListed(final String role, final Identifier member, final List<String>
qualifiers) {
         return isListed(blackListMap, role, member, qualifiers);
     }
-
+
+    /*
+     * Work through the available entries from most specific to least.  When one exists then
determine the result of this method
+     * by looking for a compatible role between the entry and required role.
+     */
     private boolean isListed(final Map<String,List<String>> map, final String
role, final Identifier identifier, final List<String> qualifiers) {
         if (map.isEmpty()) {// quick fail
             return false;
-        }
-        if (isQualifiedMatch(map, role, identifier.toIdentityString(Identifier.CLASS), qualifiers))
{
-        	return true;
-        }
-        if (isQualifiedMatch(map, role, identifier.toIdentityString(Identifier.CLASS_MEMBERNAME),
qualifiers)) {
-        	return true;
-        }
-        if (isQualifiedMatch(map, role, identifier.toIdentityString(Identifier.CLASS_MEMBERNAME_PARAMETERS),
qualifiers)) {
-        	return true;
-        }
-        return false;
-    }
-
-    private boolean isQualifiedMatch(final Map<String,List<String>> map, final
String role, final String key, final List<String> qualifiers) {
-        if (map.containsKey(key)) {
-            final List<String> roles = map.get(key);
-            for (final String qualifier: qualifiers) {
-                final String qualifiedRole = role + qualifier;
-                if (roles.contains(qualifiedRole)) {
-                    return true;
-                }
-            }
-        }
+        }
+        List<String> roles;
+        roles = rolesFor(map, identifier.toIdentityString(Identifier.CLASS_MEMBERNAME_PARAMETERS));
+        if (roles == null) {
+            roles = rolesFor(map, identifier.toIdentityString(Identifier.CLASS_MEMBERNAME));
+        }
+        if (roles == null) {
+            roles = rolesFor(map, identifier.toIdentityString(Identifier.CLASS));
+        }
+        if (roles == null) {
+            roles = rolesFor(map, "*#" + identifier.toIdentityString(Identifier.MEMBERNAME_ONLY));
+        }
+        if (roles != null) {
+        for (final String qualifier: qualifiers) {
+            final String qualifiedRole = role + qualifier;
+            if (roles.contains(qualifiedRole)) {
+                    return true;
+                }
+            }
+        }
         return false;
     }
 
+    private List<String> rolesFor(Map<String, List<String>> map, String
key) {
+        if (map.containsKey(key)) {
+           return map.get(key);
+        } else {
+            return null;
+        }
+    }
+
     private boolean learn(final String role, final Identifier member) {
         String identityString = member.toIdentityString(Identifier.CLASS_MEMBERNAME_PARAMETERS);
         if (whiteListMap.containsKey(identityString)) {



Mime
View raw message