Refactored permission authorizer module

revert-70aa11f8
milanperera 9 years ago
parent 68befaae01
commit ed937467cd

@ -21,6 +21,9 @@ package org.wso2.carbon.device.mgt.core.config.permission;
import javax.xml.bind.annotation.XmlElement; import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement; import javax.xml.bind.annotation.XmlRootElement;
/**
* This class represents the information related to permission.
*/
@XmlRootElement (name = "Permission") @XmlRootElement (name = "Permission")
public class Permission { public class Permission {

@ -22,6 +22,9 @@ import javax.xml.bind.annotation.XmlElement;
import javax.xml.bind.annotation.XmlRootElement; import javax.xml.bind.annotation.XmlRootElement;
import java.util.List; import java.util.List;
/**
* This class represents the information related to permission configuration.
*/
@XmlRootElement (name = "PermissionConfiguration") @XmlRootElement (name = "PermissionConfiguration")
public class PermissionConfiguration { public class PermissionConfiguration {

@ -33,16 +33,17 @@ import java.util.StringTokenizer;
public class PermissionManager { public class PermissionManager {
private static PermissionManager permissionManager; private static PermissionManager permissionManager;
private static PermissionHolder rootNode; private static PermissionTree permissionTree; // holds the permissions at runtime.
private PermissionManager(){}; private PermissionManager() {
}
public static PermissionManager getInstance() { public static PermissionManager getInstance() {
if (permissionManager == null) { if (permissionManager == null) {
synchronized (PermissionManager.class) { synchronized (PermissionManager.class) {
if (permissionManager == null) { if (permissionManager == null) {
permissionManager = new PermissionManager(); permissionManager = new PermissionManager();
rootNode = new PermissionHolder("/"); // initializing the root node. permissionTree = new PermissionTree();
} }
} }
} }
@ -50,14 +51,7 @@ public class PermissionManager {
} }
public boolean addPermission(Permission permission) throws DeviceManagementException { public boolean addPermission(Permission permission) throws DeviceManagementException {
StringTokenizer st = new StringTokenizer(permission.getUrl(), "/"); permissionTree.addPermission(permission); // adding a permission to the tree
PermissionHolder tempRoot = rootNode;
PermissionHolder tempChild;
while(st.hasMoreTokens()) {
tempChild = new PermissionHolder(st.nextToken());
tempRoot = addPermissionNode(tempRoot, tempChild);
}
tempRoot.addPermission(permission.getMethod(), permission); //setting permission to the vertex
try { try {
return PermissionUtils.putPermission(permission); return PermissionUtils.putPermission(permission);
} catch (DeviceManagementException e) { } catch (DeviceManagementException e) {
@ -81,7 +75,7 @@ public class PermissionManager {
Unmarshaller unmarshaller = cdmContext.createUnmarshaller(); Unmarshaller unmarshaller = cdmContext.createUnmarshaller();
PermissionConfiguration permissionConfiguration = (PermissionConfiguration) PermissionConfiguration permissionConfiguration = (PermissionConfiguration)
unmarshaller.unmarshal(permissionStream); unmarshaller.unmarshal(permissionStream);
if((permissionConfiguration != null) && (permissionConfiguration.getPermissions() != null)){ if (permissionConfiguration != null && permissionConfiguration.getPermissions() != null) {
this.addPermissions(permissionConfiguration.getPermissions()); this.addPermissions(permissionConfiguration.getPermissions());
} }
} }
@ -90,38 +84,7 @@ public class PermissionManager {
} }
} }
private PermissionHolder addPermissionNode(PermissionHolder parent, PermissionHolder child) {
PermissionHolder existChild = parent.getChild(child.getPathName());
if (existChild == null) {
parent.addChild(child);
return child;
}
return existChild;
}
public Permission getPermission(String url, String httpMethod) { public Permission getPermission(String url, String httpMethod) {
StringTokenizer st = new StringTokenizer(url, "/"); return permissionTree.getPermission(url, httpMethod);
PermissionHolder tempRoot = rootNode;
PermissionHolder previousRoot;
while (st.hasMoreTokens()) {
String currentToken = st.nextToken();
previousRoot = tempRoot;
tempRoot = tempRoot.getChild(currentToken);
if (tempRoot == null) {
tempRoot = previousRoot;
int leftTokens = st.countTokens();
for (int i = 0; i <= leftTokens; i++) {
if (tempRoot == null) {
return null;
}
tempRoot = tempRoot.getChild("*");
}
break;
}
}
if (tempRoot == null) {
return null;
}
return tempRoot.getPermission(httpMethod);
} }
} }

@ -25,15 +25,15 @@ import java.util.List;
import java.util.Map; import java.util.Map;
/** /**
* This class represents the node of a permission graph. * This class represents the node of a permission tree.
*/ */
public class PermissionHolder { public class PermissionNode {
String pathName; private String pathName;
Map<String, Permission> permissions = new HashMap<String, Permission>(); private Map<String, Permission> permissions = new HashMap<String, Permission>();
List<PermissionHolder> children = new ArrayList<PermissionHolder>(); private List<PermissionNode> children = new ArrayList<PermissionNode>();
public PermissionHolder(String pathName) { public PermissionNode(String pathName) {
this.pathName = pathName; this.pathName = pathName;
} }
@ -45,13 +45,13 @@ public class PermissionHolder {
this.pathName = pathName; this.pathName = pathName;
} }
public List<PermissionHolder> getChildren() { public List<PermissionNode> getChildren() {
return children; return children;
} }
public PermissionHolder getChild(String pathName) { public PermissionNode getChild(String pathName) {
PermissionHolder child = null; PermissionNode child = null;
for (PermissionHolder node : children) { for (PermissionNode node : children) {
if (node.getPathName().equals(pathName)) { if (node.getPathName().equals(pathName)) {
return node; return node;
} }
@ -59,7 +59,7 @@ public class PermissionHolder {
return child; return child;
} }
public void addChild(PermissionHolder node) { public void addChild(PermissionNode node) {
children.add(node); children.add(node);
} }

@ -84,7 +84,7 @@ public class PermissionUtils {
return status; return status;
} }
public static boolean checkPermissionExistance(Permission permission) public static boolean checkPermissionExistence(Permission permission)
throws DeviceManagementException, throws DeviceManagementException,
org.wso2.carbon.registry.core.exceptions.RegistryException { org.wso2.carbon.registry.core.exceptions.RegistryException {
return PermissionUtils.getGovernanceRegistry().resourceExists(permission.getPath()); return PermissionUtils.getGovernanceRegistry().resourceExists(permission.getPath());

@ -29,9 +29,9 @@ import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthen
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
public class PermissionAuthorizerValve extends CarbonTomcatValve { public class PermissionAuthorizationValve extends CarbonTomcatValve {
private static final Log log = LogFactory.getLog(PermissionAuthorizerValve.class); private static final Log log = LogFactory.getLog(PermissionAuthorizationValve.class);
private static final String AUTHORIZATION_ENABLED = "authorization-enabled"; private static final String AUTHORIZATION_ENABLED = "authorization-enabled";
@ -44,7 +44,7 @@ public class PermissionAuthorizerValve extends CarbonTomcatValve {
this.processResponse(request, response, compositeValve, WebappAuthenticator.Status.CONTINUE); this.processResponse(request, response, compositeValve, WebappAuthenticator.Status.CONTINUE);
return; return;
} }
// check whether the permission checking function is enabled // check whether the permission checking function is enabled in web.xml
boolean isEnabled = new Boolean(permissionStatus); boolean isEnabled = new Boolean(permissionStatus);
if (!isEnabled) { if (!isEnabled) {
this.processResponse(request, response, compositeValve, WebappAuthenticator.Status.CONTINUE); this.processResponse(request, response, compositeValve, WebappAuthenticator.Status.CONTINUE);

@ -39,7 +39,6 @@ public class PermissionAuthorizer {
public WebappAuthenticator.Status authorize(Request request, Response response) { public WebappAuthenticator.Status authorize(Request request, Response response) {
// contextOperation is used to get defined operation type from the web.xml
String requestUri = request.getRequestURI(); String requestUri = request.getRequestURI();
String requestMethod = request.getMethod(); String requestMethod = request.getMethod();
@ -61,7 +60,10 @@ public class PermissionAuthorizer {
String permissionString = requestPermission.getPath(); String permissionString = requestPermission.getPath();
// This is added temporarily until authentication works. // This is added temporarily until authentication works.
// TODO remove below line.
String username = "admin"; String username = "admin";
// TODO uncomment this once the authentication works.
//String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
boolean isUserAuthorized; boolean isUserAuthorized;
try { try {

@ -23,7 +23,6 @@ import org.apache.commons.logging.LogFactory;
import org.osgi.service.component.ComponentContext; import org.osgi.service.component.ComponentContext;
import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService; import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService;
import org.wso2.carbon.device.mgt.core.scep.SCEPManager; import org.wso2.carbon.device.mgt.core.scep.SCEPManager;
import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
import org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve; import org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve;
import org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer; import org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer;
import org.wso2.carbon.user.core.service.RealmService; import org.wso2.carbon.user.core.service.RealmService;
@ -31,7 +30,7 @@ import org.wso2.carbon.webapp.authenticator.framework.DataHolder;
import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticationHandler; import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticationHandler;
import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator; import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticatorRepository; import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticatorRepository;
import org.wso2.carbon.webapp.authenticator.framework.authorizer.PermissionAuthorizerValve; import org.wso2.carbon.webapp.authenticator.framework.authorizer.PermissionAuthorizationValve;
import org.wso2.carbon.webapp.authenticator.framework.config.AuthenticatorConfig; import org.wso2.carbon.webapp.authenticator.framework.config.AuthenticatorConfig;
import org.wso2.carbon.webapp.authenticator.framework.config.WebappAuthenticatorConfig; import org.wso2.carbon.webapp.authenticator.framework.config.WebappAuthenticatorConfig;
@ -87,7 +86,7 @@ public class WebappAuthenticatorFrameworkServiceComponent {
List<CarbonTomcatValve> valves = new ArrayList<CarbonTomcatValve>(); List<CarbonTomcatValve> valves = new ArrayList<CarbonTomcatValve>();
valves.add(new WebappAuthenticationHandler()); valves.add(new WebappAuthenticationHandler());
valves.add(new PermissionAuthorizerValve()); valves.add(new PermissionAuthorizationValve());
TomcatValveContainer.addValves(valves); TomcatValveContainer.addValves(valves);
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {

Loading…
Cancel
Save