lenya-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From andr...@apache.org
Subject cvs commit: cocoon-lenya/src/java/org/apache/lenya/cms/ac2/workflow WorkflowAuthorizer.java
Date Tue, 05 Aug 2003 16:26:01 GMT
andreas     2003/08/05 09:26:01

  Modified:    src/java/org/apache/lenya/cms/ac2
                        DefaultAccessController.java PolicyAuthorizer.java
                        Authorizer.java
               src/java/org/apache/lenya/cms/ac2/workflow
                        WorkflowAuthorizer.java
  Log:
  simplified authorizer interface
  
  Revision  Changes    Path
  1.10      +14 -13    cocoon-lenya/src/java/org/apache/lenya/cms/ac2/DefaultAccessController.java
  
  Index: DefaultAccessController.java
  ===================================================================
  RCS file: /home/cvs/cocoon-lenya/src/java/org/apache/lenya/cms/ac2/DefaultAccessController.java,v
  retrieving revision 1.9
  retrieving revision 1.10
  diff -u -r1.9 -r1.10
  --- DefaultAccessController.java	30 Jul 2003 13:20:11 -0000	1.9
  +++ DefaultAccessController.java	5 Aug 2003 16:26:01 -0000	1.10
  @@ -122,26 +122,22 @@
           boolean authorized = false;
   
           Session session = request.getSession(true);
  -        Identity identity = (Identity) session.getAttribute(Identity.class.getName());
  -
  -        if (getLogger().isDebugEnabled()) {
  -            getLogger().debug("Trying to authorize identity: " + identity);
  -        }
  -
  -        if (identity != null && hasAuthorizers()) {
  +        if (hasAuthorizers()) {
               Authorizer[] authorizers = getAuthorizers();
               int i = 0;
               authorized = true;
   
               while ((i < authorizers.length) && authorized) {
   
  +                if (authorizers[i] instanceof PolicyAuthorizer) {
  +                    PolicyAuthorizer authorizer = (PolicyAuthorizer) authorizers[i];
  +                    authorizer.setAccreditableManager(accreditableManager);
  +                    authorizer.setPolicyManager(policyManager);
  +                }
  +
                   authorized =
                       authorized
  -                        && authorizers[i].authorize(
  -                            accreditableManager,
  -                            policyManager,
  -                            identity,
  -                            request);
  +                        && authorizers[i].authorize(request);
   
                   if (getLogger().isDebugEnabled()) {
                       getLogger().debug(
  @@ -222,6 +218,11 @@
           }
       }
       
  +    /**
  +     * Configures the authorizers.
  +     * @param configuration The main configuration.
  +     * @throws ConfigurationException when something went wrong.
  +     */
       protected void configureAuthorizers(Configuration configuration) throws ConfigurationException
{
           Configuration[] authorizerConfigurations = configuration.getChildren(AUTHORIZER_ELEMENT);
   
  
  
  
  1.14      +85 -14    cocoon-lenya/src/java/org/apache/lenya/cms/ac2/PolicyAuthorizer.java
  
  Index: PolicyAuthorizer.java
  ===================================================================
  RCS file: /home/cvs/cocoon-lenya/src/java/org/apache/lenya/cms/ac2/PolicyAuthorizer.java,v
  retrieving revision 1.13
  retrieving revision 1.14
  diff -u -r1.13 -r1.14
  --- PolicyAuthorizer.java	30 Jul 2003 15:05:36 -0000	1.13
  +++ PolicyAuthorizer.java	5 Aug 2003 16:26:01 -0000	1.14
  @@ -55,8 +55,12 @@
   */
   package org.apache.lenya.cms.ac2;
   
  +import java.util.Arrays;
  +import java.util.List;
  +
   import org.apache.avalon.framework.logger.AbstractLogEnabled;
   import org.apache.cocoon.environment.Request;
  +import org.apache.cocoon.environment.Session;
   
   import org.apache.lenya.cms.ac.AccessControlException;
   import org.apache.lenya.cms.ac.Role;
  @@ -70,27 +74,66 @@
   public class PolicyAuthorizer extends AbstractLogEnabled implements Authorizer {
   
       /**
  +     * Returns the accreditable manager.
  +     * @return An accreditable manager.
  +     */
  +    public AccreditableManager getAccreditableManager() {
  +        return accreditableManager;
  +    }
  +
  +    /**
  +     * Returns the policy manager.
  +     * @return A policy manager.
  +     */
  +    public PolicyManager getPolicyManager() {
  +        return policyManager;
  +    }
  +
  +    /**
        * Creates a new policy authorizer.
        */
       public PolicyAuthorizer() {
       }
  +    
  +    private PolicyManager policyManager;
  +    
  +    /**
  +     * Sets the policy manager.
  +     * @param manager A policy manager.
  +     */
  +    public void setPolicyManager(PolicyManager manager) {
  +        assert manager != null;
  +        policyManager = manager;
  +    }
  +    
  +    private AccreditableManager accreditableManager;
  +    
  +    /**
  +     * Sets the accreditable manager.
  +     * @param manager An accreditable manager.
  +     */
  +    public void setAccreditableManager(AccreditableManager manager) {
  +        assert manager != null;
  +        accreditableManager = manager;
  +    }
   
       /**
        * @see org.apache.lenya.cms.ac2.Authorizer#authorize(org.apache.lenya.cms.ac2.Identity,
java.lang.String, java.util.Map)
        */
  -    public boolean authorize(
  -        AccreditableManager accreditableManager,
  -        PolicyManager policyManager,
  -        Identity identity,
  -        Request request)
  +    public boolean authorize(Request request)
           throws AccessControlException {
   
  -        getLogger().debug("Authorizing identity: " + identity);
  +        Session session = request.getSession(true);
  +        Identity identity = (Identity) session.getAttribute(Identity.class.getName());
  +
  +        if (getLogger().isDebugEnabled()) {
  +            getLogger().debug("Trying to authorize identity: " + identity);
  +        }
   
           boolean authorized;
   
  -        if (identity.belongsTo(accreditableManager)) {
  -            authorized = authorizePolicy(accreditableManager, policyManager, identity,
request);
  +        if (identity.belongsTo(getAccreditableManager())) {
  +            authorized = authorizePolicy(identity, request);
           } else {
               getLogger().debug(
                   "Identity ["
  @@ -106,16 +149,12 @@
   
       /**
        * Authorizes an request for an identity depending on a policy.
  -     * @param accreditableManager The accreditable manager.
  -     * @param policyManager The policy manager.
        * @param identity The identity to authorize.
        * @param request The request to authorize.
        * @return A boolean value.
        * @throws AccessControlException when something went wrong.
        */
       protected boolean authorizePolicy(
  -        AccreditableManager accreditableManager,
  -        PolicyManager policyManager,
           Identity identity,
           Request request)
           throws AccessControlException {
  @@ -129,11 +168,43 @@
   
           String url = requestUri.substring(context.length());
   
  -        Policy policy = policyManager.getPolicy(accreditableManager, url);
  +        Policy policy = getPolicyManager().getPolicy(getAccreditableManager(), url);
           Role[] roles = policy.getRoles(identity);
  +        saveRoles(request, roles);
   
           boolean authorized = roles.length > 0;
           return authorized;
  +    }
  +
  +    /**
  +     * Saves the roles of the current identity to the request.
  +     * @param request The request.
  +     * @param roles The roles.
  +     */
  +    protected void saveRoles(Request request, Role[] roles) {
  +        String rolesString = "";
  +        for (int i = 0; i < roles.length; i++) {
  +            rolesString += " " + roles[i];
  +        }
  +        getLogger().debug("Adding roles [" + rolesString + " ] to request [" + request
+ "]");
  +        request.setAttribute(Role.class.getName(), Arrays.asList(roles));
  +    }
  +    
  +    /**
  +     * Fetches the stored roles from the request.
  +     * @param request The request.
  +     * @return A role array.
  +     * @throws AccessControlException If the request does not contain the roles list.
  +     */
  +    public static Role[] getRoles(Request request) throws AccessControlException {
  +        List roleList = (List) request.getAttribute(Role.class.getName());
  +
  +        if (roleList == null) {
  +            throw new AccessControlException("Request does not contain roles!");
  +        }
  +
  +        Role[] roles = (Role[]) roleList.toArray(new Role[roleList.size()]);
  +        return roles;
       }
   
   }
  
  
  
  1.10      +2 -6      cocoon-lenya/src/java/org/apache/lenya/cms/ac2/Authorizer.java
  
  Index: Authorizer.java
  ===================================================================
  RCS file: /home/cvs/cocoon-lenya/src/java/org/apache/lenya/cms/ac2/Authorizer.java,v
  retrieving revision 1.9
  retrieving revision 1.10
  diff -u -r1.9 -r1.10
  --- Authorizer.java	15 Jul 2003 13:50:15 -0000	1.9
  +++ Authorizer.java	5 Aug 2003 16:26:01 -0000	1.10
  @@ -76,11 +76,7 @@
        * @return <code>true</code> if the identity is authorized, <code>false</code>
otherwise.
        * @throws AccessControlException when something went wrong.
        */
  -    boolean authorize(
  -        AccreditableManager accreditableManager,
  -        PolicyManager policyManager,
  -        Identity identity,
  -        Request request)
  +    boolean authorize(Request request)
           throws AccessControlException;
   
   }
  
  
  
  1.16      +4 -30     cocoon-lenya/src/java/org/apache/lenya/cms/ac2/workflow/WorkflowAuthorizer.java
  
  Index: WorkflowAuthorizer.java
  ===================================================================
  RCS file: /home/cvs/cocoon-lenya/src/java/org/apache/lenya/cms/ac2/workflow/WorkflowAuthorizer.java,v
  retrieving revision 1.15
  retrieving revision 1.16
  diff -u -r1.15 -r1.16
  --- WorkflowAuthorizer.java	5 Aug 2003 11:56:57 -0000	1.15
  +++ WorkflowAuthorizer.java	5 Aug 2003 16:26:01 -0000	1.16
  @@ -64,11 +64,8 @@
   
   import org.apache.lenya.cms.ac.AccessControlException;
   import org.apache.lenya.cms.ac.Role;
  -import org.apache.lenya.cms.ac2.AccreditableManager;
   import org.apache.lenya.cms.ac2.Authorizer;
  -import org.apache.lenya.cms.ac2.Identity;
  -import org.apache.lenya.cms.ac2.Policy;
  -import org.apache.lenya.cms.ac2.PolicyManager;
  +import org.apache.lenya.cms.ac2.PolicyAuthorizer;
   import org.apache.lenya.cms.publication.DefaultDocumentBuilder;
   import org.apache.lenya.cms.publication.Document;
   import org.apache.lenya.cms.publication.Publication;
  @@ -78,8 +75,6 @@
   import org.apache.lenya.workflow.Situation;
   import org.apache.lenya.workflow.WorkflowInstance;
   
  -import java.util.Arrays;
  -
   /**
    * If the client requested invoking a workflow event, this authorizer checks if
    * the current document state and identity roles allow this transition.
  @@ -93,11 +88,7 @@
       /**
        * @see org.apache.lenya.cms.ac2.Authorizer#authorize(org.apache.lenya.cms.ac2.Identity,
org.apache.cocoon.environment.Request)
        */
  -    public boolean authorize(
  -        AccreditableManager accessController,
  -        PolicyManager policyManager,
  -        Identity identity,
  -        Request request)
  +    public boolean authorize(Request request)
           throws AccessControlException {
   
           getLogger().debug("Authorizing workflow");
  @@ -113,10 +104,7 @@
   
           String url = requestUri.substring(context.length());
   
  -        Policy policy = policyManager.getPolicy(accessController, url);
  -        Role[] roles = policy.getRoles(identity);
  -        saveRoles(request, roles);
  -
  +        Role[] roles = PolicyAuthorizer.getRoles(request);
           String event = request.getParameter(EVENT_PARAMETER);
           SourceResolver resolver = null;
   
  @@ -160,20 +148,6 @@
           }
   
           return authorized;
  -    }
  -
  -    /**
  -     * Saves the roles of the current identity to the request.
  -     * @param request The request.
  -     * @param roles The roles.
  -     */
  -    protected void saveRoles(Request request, Role[] roles) {
  -        String rolesString = "";
  -        for (int i = 0; i < roles.length; i++) {
  -            rolesString += " " + roles[i];
  -        }
  -        getLogger().debug("Adding roles [" + rolesString + " ] to request [" + request
+ "]");
  -        request.setAttribute(Role.class.getName(), Arrays.asList(roles));
       }
   
       private ServiceManager manager;
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: lenya-cvs-unsubscribe@cocoon.apache.org
For additional commands, e-mail: lenya-cvs-help@cocoon.apache.org


Mime
View raw message