From ed937467cd86fda713c4be4d0855986336afb18c Mon Sep 17 00:00:00 2001 From: milanperera Date: Thu, 1 Oct 2015 17:35:08 +0530 Subject: [PATCH] Refactored permission authorizer module --- .../core/config/permission/Permission.java | 43 +++--- .../permission/PermissionConfiguration.java | 21 +-- .../config/permission/PermissionManager.java | 123 ++++++------------ ...missionHolder.java => PermissionNode.java} | 22 ++-- .../config/permission/PermissionUtils.java | 2 +- ...java => PermissionAuthorizationValve.java} | 6 +- .../authorizer/PermissionAuthorizer.java | 6 +- ...uthenticatorFrameworkServiceComponent.java | 5 +- 8 files changed, 99 insertions(+), 129 deletions(-) rename components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/{PermissionHolder.java => PermissionNode.java} (74%) rename components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/{PermissionAuthorizerValve.java => PermissionAuthorizationValve.java} (96%) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/Permission.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/Permission.java index a6e7287fad..271817cfd3 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/Permission.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/Permission.java @@ -21,37 +21,40 @@ package org.wso2.carbon.device.mgt.core.config.permission; import javax.xml.bind.annotation.XmlElement; import javax.xml.bind.annotation.XmlRootElement; -@XmlRootElement(name = "Permission") -public class Permission{ +/** + * This class represents the information related to permission. + */ +@XmlRootElement (name = "Permission") +public class Permission { - private String name; // permission name - private String path; // permission string + private String name; // permission name + private String path; // permission string private String url; // url of the resource private String method; // http method - public String getName() { - return name; - } + public String getName() { + return name; + } - @XmlElement(name = "name", required = true) - public void setName(String name) { - this.name = name; - } + @XmlElement (name = "name", required = true) + public void setName(String name) { + this.name = name; + } - public String getPath() { - return path; - } + public String getPath() { + return path; + } - @XmlElement(name = "path", required = true) - public void setPath(String path) { - this.path = path; - } + @XmlElement (name = "path", required = true) + public void setPath(String path) { + this.path = path; + } public String getUrl() { return url; } - @XmlElement(name = "url", required = true) + @XmlElement (name = "url", required = true) public void setUrl(String url) { this.url = url; } @@ -60,7 +63,7 @@ public class Permission{ return method; } - @XmlElement(name = "method", required = true) + @XmlElement (name = "method", required = true) public void setMethod(String method) { this.method = method; } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionConfiguration.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionConfiguration.java index c2c9d08e3b..e5da6c5133 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionConfiguration.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionConfiguration.java @@ -22,17 +22,20 @@ import javax.xml.bind.annotation.XmlElement; import javax.xml.bind.annotation.XmlRootElement; import java.util.List; -@XmlRootElement(name = "PermissionConfiguration") +/** + * This class represents the information related to permission configuration. + */ +@XmlRootElement (name = "PermissionConfiguration") public class PermissionConfiguration { - private List permissions; + private List permissions; - public List getPermissions() { - return permissions; - } + public List getPermissions() { + return permissions; + } - @XmlElement(name = "Permission", required = true) - public void setPermissions(List permissions) { - this.permissions = permissions; - } + @XmlElement (name = "Permission", required = true) + public void setPermissions(List permissions) { + this.permissions = permissions; + } } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionManager.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionManager.java index cac4226dfc..d739256f22 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionManager.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionManager.java @@ -32,96 +32,59 @@ import java.util.StringTokenizer; */ public class PermissionManager { - private static PermissionManager permissionManager; - private static PermissionHolder rootNode; + private static PermissionManager permissionManager; + private static PermissionTree permissionTree; // holds the permissions at runtime. - private PermissionManager(){}; - - public static PermissionManager getInstance() { - if (permissionManager == null) { - synchronized (PermissionManager.class) { - if (permissionManager == null) { - permissionManager = new PermissionManager(); - rootNode = new PermissionHolder("/"); // initializing the root node. - } - } - } - return permissionManager; - } + private PermissionManager() { + } - public boolean addPermission(Permission permission) throws DeviceManagementException { - StringTokenizer st = new StringTokenizer(permission.getUrl(), "/"); - PermissionHolder tempRoot = rootNode; - PermissionHolder tempChild; - while(st.hasMoreTokens()) { - tempChild = new PermissionHolder(st.nextToken()); - tempRoot = addPermissionNode(tempRoot, tempChild); + public static PermissionManager getInstance() { + if (permissionManager == null) { + synchronized (PermissionManager.class) { + if (permissionManager == null) { + permissionManager = new PermissionManager(); + permissionTree = new PermissionTree(); + } + } } - tempRoot.addPermission(permission.getMethod(), permission); //setting permission to the vertex - try { - return PermissionUtils.putPermission(permission); - } catch (DeviceManagementException e) { - throw new DeviceManagementException("Error occurred while adding the permission : " + - permission.getName(), e); - } - } - - public boolean addPermissions(List permissions) throws DeviceManagementException{ - for(Permission permission:permissions){ - this.addPermission(permission); - } - return true; - } + return permissionManager; + } - public void initializePermissions(InputStream permissionStream) throws DeviceManagementException { - try { - if(permissionStream != null){ - /* Un-marshaling Device Management configuration */ - JAXBContext cdmContext = JAXBContext.newInstance(PermissionConfiguration.class); - Unmarshaller unmarshaller = cdmContext.createUnmarshaller(); - PermissionConfiguration permissionConfiguration = (PermissionConfiguration) - unmarshaller.unmarshal(permissionStream); - if((permissionConfiguration != null) && (permissionConfiguration.getPermissions() != null)){ - this.addPermissions(permissionConfiguration.getPermissions()); - } - } - } catch (JAXBException e) { - throw new DeviceManagementException("Error occurred while initializing Data Source config", e); - } - } + public boolean addPermission(Permission permission) throws DeviceManagementException { + permissionTree.addPermission(permission); // adding a permission to the tree + try { + return PermissionUtils.putPermission(permission); + } catch (DeviceManagementException e) { + throw new DeviceManagementException("Error occurred while adding the permission : " + + permission.getName(), e); + } + } - private PermissionHolder addPermissionNode(PermissionHolder parent, PermissionHolder child) { - PermissionHolder existChild = parent.getChild(child.getPathName()); - if (existChild == null) { - parent.addChild(child); - return child; + public boolean addPermissions(List permissions) throws DeviceManagementException { + for (Permission permission : permissions) { + this.addPermission(permission); } - return existChild; + return true; } - public Permission getPermission(String url, String httpMethod) { - StringTokenizer st = new StringTokenizer(url, "/"); - PermissionHolder tempRoot = rootNode; - PermissionHolder previousRoot; - while (st.hasMoreTokens()) { - String currentToken = st.nextToken(); - previousRoot = tempRoot; - tempRoot = tempRoot.getChild(currentToken); - if (tempRoot == null) { - tempRoot = previousRoot; - int leftTokens = st.countTokens(); - for (int i = 0; i <= leftTokens; i++) { - if (tempRoot == null) { - return null; - } - tempRoot = tempRoot.getChild("*"); + public void initializePermissions(InputStream permissionStream) throws DeviceManagementException { + try { + if (permissionStream != null) { + /* Un-marshaling Device Management configuration */ + JAXBContext cdmContext = JAXBContext.newInstance(PermissionConfiguration.class); + Unmarshaller unmarshaller = cdmContext.createUnmarshaller(); + PermissionConfiguration permissionConfiguration = (PermissionConfiguration) + unmarshaller.unmarshal(permissionStream); + if (permissionConfiguration != null && permissionConfiguration.getPermissions() != null) { + this.addPermissions(permissionConfiguration.getPermissions()); } - break; } + } catch (JAXBException e) { + throw new DeviceManagementException("Error occurred while initializing Data Source config", e); } - if (tempRoot == null) { - return null; - } - return tempRoot.getPermission(httpMethod); + } + + public Permission getPermission(String url, String httpMethod) { + return permissionTree.getPermission(url, httpMethod); } } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionHolder.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionNode.java similarity index 74% rename from components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionHolder.java rename to components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionNode.java index b83b97c0ed..0c248cfe6e 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionHolder.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionNode.java @@ -25,15 +25,15 @@ import java.util.List; import java.util.Map; /** - * This class represents the node of a permission graph. + * This class represents the node of a permission tree. */ -public class PermissionHolder { +public class PermissionNode { - String pathName; - Map permissions = new HashMap(); - List children = new ArrayList(); + private String pathName; + private Map permissions = new HashMap(); + private List children = new ArrayList(); - public PermissionHolder(String pathName) { + public PermissionNode(String pathName) { this.pathName = pathName; } @@ -45,13 +45,13 @@ public class PermissionHolder { this.pathName = pathName; } - public List getChildren() { + public List getChildren() { return children; } - public PermissionHolder getChild(String pathName) { - PermissionHolder child = null; - for (PermissionHolder node : children) { + public PermissionNode getChild(String pathName) { + PermissionNode child = null; + for (PermissionNode node : children) { if (node.getPathName().equals(pathName)) { return node; } @@ -59,7 +59,7 @@ public class PermissionHolder { return child; } - public void addChild(PermissionHolder node) { + public void addChild(PermissionNode node) { children.add(node); } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionUtils.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionUtils.java index 7e1f45a833..78911ab1b1 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionUtils.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionUtils.java @@ -84,7 +84,7 @@ public class PermissionUtils { return status; } - public static boolean checkPermissionExistance(Permission permission) + public static boolean checkPermissionExistence(Permission permission) throws DeviceManagementException, org.wso2.carbon.registry.core.exceptions.RegistryException { return PermissionUtils.getGovernanceRegistry().resourceExists(permission.getPath()); diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizerValve.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizationValve.java similarity index 96% rename from components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizerValve.java rename to components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizationValve.java index b02eac2f9b..27042131a5 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizerValve.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizationValve.java @@ -29,9 +29,9 @@ import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthen import javax.servlet.http.HttpServletResponse; -public class PermissionAuthorizerValve extends CarbonTomcatValve { +public class PermissionAuthorizationValve extends CarbonTomcatValve { - private static final Log log = LogFactory.getLog(PermissionAuthorizerValve.class); + private static final Log log = LogFactory.getLog(PermissionAuthorizationValve.class); private static final String AUTHORIZATION_ENABLED = "authorization-enabled"; @@ -44,7 +44,7 @@ public class PermissionAuthorizerValve extends CarbonTomcatValve { this.processResponse(request, response, compositeValve, WebappAuthenticator.Status.CONTINUE); return; } - // check whether the permission checking function is enabled + // check whether the permission checking function is enabled in web.xml boolean isEnabled = new Boolean(permissionStatus); if (!isEnabled) { this.processResponse(request, response, compositeValve, WebappAuthenticator.Status.CONTINUE); diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizer.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizer.java index 33baf447d3..530f5ea5ec 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizer.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizer.java @@ -39,12 +39,11 @@ public class PermissionAuthorizer { public WebappAuthenticator.Status authorize(Request request, Response response) { - // contextOperation is used to get defined operation type from the web.xml String requestUri = request.getRequestURI(); String requestMethod = request.getMethod(); if (requestUri == null || requestUri.isEmpty() || - requestMethod == null || requestMethod.isEmpty()) { + requestMethod == null || requestMethod.isEmpty()) { return WebappAuthenticator.Status.CONTINUE; } @@ -61,7 +60,10 @@ public class PermissionAuthorizer { String permissionString = requestPermission.getPath(); // This is added temporarily until authentication works. + // TODO remove below line. String username = "admin"; + // TODO uncomment this once the authentication works. + //String username = CarbonContext.getThreadLocalCarbonContext().getUsername(); boolean isUserAuthorized; try { diff --git a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkServiceComponent.java b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkServiceComponent.java index 5dc7ce49ea..a2894fab53 100644 --- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkServiceComponent.java +++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkServiceComponent.java @@ -23,7 +23,6 @@ import org.apache.commons.logging.LogFactory; import org.osgi.service.component.ComponentContext; import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService; import org.wso2.carbon.device.mgt.core.scep.SCEPManager; -import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService; import org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve; import org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer; import org.wso2.carbon.user.core.service.RealmService; @@ -31,7 +30,7 @@ import org.wso2.carbon.webapp.authenticator.framework.DataHolder; import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticationHandler; import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator; import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticatorRepository; -import org.wso2.carbon.webapp.authenticator.framework.authorizer.PermissionAuthorizerValve; +import org.wso2.carbon.webapp.authenticator.framework.authorizer.PermissionAuthorizationValve; import org.wso2.carbon.webapp.authenticator.framework.config.AuthenticatorConfig; import org.wso2.carbon.webapp.authenticator.framework.config.WebappAuthenticatorConfig; @@ -87,7 +86,7 @@ public class WebappAuthenticatorFrameworkServiceComponent { List valves = new ArrayList(); valves.add(new WebappAuthenticationHandler()); - valves.add(new PermissionAuthorizerValve()); + valves.add(new PermissionAuthorizationValve()); TomcatValveContainer.addValves(valves); if (log.isDebugEnabled()) {