forked from community/device-mgt-core
commit
648d8ec209
@ -0,0 +1,80 @@
|
||||
/*
|
||||
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||
*
|
||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* you may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package org.wso2.carbon.device.mgt.common.permission.mgt;
|
||||
|
||||
import javax.xml.bind.annotation.XmlElement;
|
||||
import javax.xml.bind.annotation.XmlRootElement;
|
||||
|
||||
/**
|
||||
* This class represents the information related to permission.
|
||||
*/
|
||||
@XmlRootElement (name = "Permission")
|
||||
public class Permission {
|
||||
|
||||
private String name; // permission name
|
||||
private String path; // permission string
|
||||
private String url; // url of the resource
|
||||
private String method; // http method
|
||||
private String scope; //scope of the resource
|
||||
|
||||
public String getName() {
|
||||
return name;
|
||||
}
|
||||
|
||||
@XmlElement (name = "name", required = true)
|
||||
public void setName(String name) {
|
||||
this.name = name;
|
||||
}
|
||||
|
||||
public String getPath() {
|
||||
return path;
|
||||
}
|
||||
|
||||
@XmlElement (name = "path", required = true)
|
||||
public void setPath(String path) {
|
||||
this.path = path;
|
||||
}
|
||||
|
||||
public String getScope() {
|
||||
return scope;
|
||||
}
|
||||
|
||||
@XmlElement(name = "scope", required = true)
|
||||
public void setScope(String scope) {
|
||||
this.scope = scope;
|
||||
}
|
||||
|
||||
public String getUrl() {
|
||||
return url;
|
||||
}
|
||||
|
||||
@XmlElement (name = "url", required = true)
|
||||
public void setUrl(String url) {
|
||||
this.url = url;
|
||||
}
|
||||
|
||||
public String getMethod() {
|
||||
return method;
|
||||
}
|
||||
|
||||
@XmlElement (name = "method", required = true)
|
||||
public void setMethod(String method) {
|
||||
this.method = method;
|
||||
}
|
||||
}
|
@ -0,0 +1,57 @@
|
||||
/*
|
||||
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||
*
|
||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* you may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
package org.wso2.carbon.device.mgt.common.permission.mgt;
|
||||
|
||||
public class PermissionManagementException extends Exception {
|
||||
|
||||
private static final long serialVersionUID = -3151279311929070298L;
|
||||
|
||||
private String errorMessage;
|
||||
|
||||
public String getErrorMessage() {
|
||||
return errorMessage;
|
||||
}
|
||||
|
||||
public void setErrorMessage(String errorMessage) {
|
||||
this.errorMessage = errorMessage;
|
||||
}
|
||||
|
||||
public PermissionManagementException(String msg, Exception nestedEx) {
|
||||
super(msg, nestedEx);
|
||||
setErrorMessage(msg);
|
||||
}
|
||||
|
||||
public PermissionManagementException(String message, Throwable cause) {
|
||||
super(message, cause);
|
||||
setErrorMessage(message);
|
||||
}
|
||||
|
||||
public PermissionManagementException(String msg) {
|
||||
super(msg);
|
||||
setErrorMessage(msg);
|
||||
}
|
||||
|
||||
public PermissionManagementException() {
|
||||
super();
|
||||
}
|
||||
|
||||
public PermissionManagementException(Throwable cause) {
|
||||
super(cause);
|
||||
}
|
||||
|
||||
}
|
@ -0,0 +1,47 @@
|
||||
/*
|
||||
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||
*
|
||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* you may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package org.wso2.carbon.device.mgt.common.permission.mgt;
|
||||
|
||||
import java.util.Properties;
|
||||
|
||||
/**
|
||||
* This represents the Permission management functionality which should be implemented by
|
||||
* required PermissionManagers.
|
||||
*/
|
||||
public interface PermissionManagerService {
|
||||
|
||||
/**
|
||||
*
|
||||
* @param permission - Permission to be added
|
||||
* @return The status of the operation.
|
||||
* @throws PermissionManagementException If some unusual behaviour is observed while adding the
|
||||
* permission.
|
||||
*/
|
||||
public boolean addPermission(Permission permission) throws PermissionManagementException;
|
||||
|
||||
/**
|
||||
*
|
||||
* @param properties - Properties of the permission to be fetched.
|
||||
* @return The matched Permission object.
|
||||
* @throws PermissionManagementException If some unusual behaviour is observed while fetching the
|
||||
* permission.
|
||||
*/
|
||||
public Permission getPermission(Properties properties) throws PermissionManagementException;
|
||||
|
||||
}
|
@ -1,57 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||
*
|
||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* you may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package org.wso2.carbon.device.mgt.core.config.permission;
|
||||
|
||||
import javax.xml.bind.annotation.XmlElement;
|
||||
import javax.xml.bind.annotation.XmlRootElement;
|
||||
|
||||
@XmlRootElement(name = "Permission")
|
||||
public class Permission{
|
||||
|
||||
private String name;
|
||||
private String path;
|
||||
private String scope;
|
||||
|
||||
public String getScope() {
|
||||
return scope;
|
||||
}
|
||||
|
||||
@XmlElement(name = "scope", required = true)
|
||||
public void setScope(String scope) {
|
||||
this.scope = scope;
|
||||
}
|
||||
|
||||
public String getName() {
|
||||
return name;
|
||||
}
|
||||
|
||||
@XmlElement(name = "name", required = true)
|
||||
public void setName(String name) {
|
||||
this.name = name;
|
||||
}
|
||||
|
||||
public String getPath() {
|
||||
return path;
|
||||
}
|
||||
|
||||
@XmlElement(name = "path", required = true)
|
||||
public void setPath(String path) {
|
||||
this.path = path;
|
||||
}
|
||||
}
|
@ -1,81 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||
*
|
||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* you may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package org.wso2.carbon.device.mgt.core.config.permission;
|
||||
|
||||
import org.wso2.carbon.device.mgt.common.DeviceManagementException;
|
||||
|
||||
import javax.xml.bind.JAXBContext;
|
||||
import javax.xml.bind.JAXBException;
|
||||
import javax.xml.bind.Unmarshaller;
|
||||
import java.io.InputStream;
|
||||
import java.util.List;
|
||||
|
||||
/**
|
||||
* This class will add, update custom permissions defined in permission.xml in webapps.
|
||||
*/
|
||||
public class PermissionManager {
|
||||
|
||||
private static PermissionManager permissionManager;
|
||||
|
||||
private PermissionManager(){};
|
||||
|
||||
public static PermissionManager getInstance() {
|
||||
if (permissionManager == null) {
|
||||
synchronized (PermissionManager.class) {
|
||||
if (permissionManager == null) {
|
||||
permissionManager = new PermissionManager();
|
||||
}
|
||||
}
|
||||
}
|
||||
return permissionManager;
|
||||
}
|
||||
|
||||
public boolean addPermission(Permission permission) throws DeviceManagementException {
|
||||
try {
|
||||
return PermissionUtils.putPermission(permission);
|
||||
} catch (DeviceManagementException e) {
|
||||
throw new DeviceManagementException("Error occurred while adding the permission : " +
|
||||
permission.getName(), e);
|
||||
}
|
||||
}
|
||||
|
||||
public boolean addPermissions(List<Permission> permissions) throws DeviceManagementException{
|
||||
for(Permission permission:permissions){
|
||||
this.addPermission(permission);
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
public void initializePermissions(InputStream permissionStream) throws DeviceManagementException {
|
||||
try {
|
||||
if(permissionStream != null){
|
||||
/* Un-marshaling Device Management configuration */
|
||||
JAXBContext cdmContext = JAXBContext.newInstance(PermissionConfiguration.class);
|
||||
Unmarshaller unmarshaller = cdmContext.createUnmarshaller();
|
||||
PermissionConfiguration permissionConfiguration = (PermissionConfiguration)
|
||||
unmarshaller.unmarshal(permissionStream);
|
||||
if((permissionConfiguration != null) && (permissionConfiguration.getPermissions() != null)){
|
||||
this.addPermissions(permissionConfiguration.getPermissions());
|
||||
}
|
||||
}
|
||||
} catch (JAXBException e) {
|
||||
throw new DeviceManagementException("Error occurred while initializing Data Source config", e);
|
||||
}
|
||||
}
|
||||
}
|
@ -0,0 +1,81 @@
|
||||
/*
|
||||
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||
*
|
||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* you may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package org.wso2.carbon.device.mgt.core.permission.mgt;
|
||||
|
||||
import org.wso2.carbon.device.mgt.common.permission.mgt.Permission;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
import java.util.HashMap;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
* This class represents the node of a permission tree.
|
||||
* It holds the current path name, list of permissions associated with URL
|
||||
* and the set of children.
|
||||
*/
|
||||
public class PermissionNode {
|
||||
|
||||
private String pathName;
|
||||
private Map<String, Permission> permissions = new HashMap<String, Permission>();
|
||||
private List<PermissionNode> children = new ArrayList<PermissionNode>();
|
||||
|
||||
public PermissionNode(String pathName) {
|
||||
this.pathName = pathName;
|
||||
}
|
||||
|
||||
public String getPathName() {
|
||||
return pathName;
|
||||
}
|
||||
|
||||
public void setPathName(String pathName) {
|
||||
this.pathName = pathName;
|
||||
}
|
||||
|
||||
public List<PermissionNode> getChildren() {
|
||||
return children;
|
||||
}
|
||||
|
||||
public PermissionNode getChild(String pathName) {
|
||||
PermissionNode child = null;
|
||||
for (PermissionNode node : children) {
|
||||
if (node.getPathName().equals(pathName)) {
|
||||
return node;
|
||||
}
|
||||
}
|
||||
return child;
|
||||
}
|
||||
|
||||
public void addChild(PermissionNode node) {
|
||||
children.add(node);
|
||||
}
|
||||
|
||||
public void addPermission(String httpMethod, Permission permission) {
|
||||
permissions.put(httpMethod, permission);
|
||||
}
|
||||
|
||||
public Permission getPermission(String httpMethod) {
|
||||
return permissions.get(httpMethod);
|
||||
}
|
||||
|
||||
public Collection<Permission> getPermissions() {
|
||||
return permissions.values();
|
||||
}
|
||||
}
|
@ -0,0 +1,114 @@
|
||||
/*
|
||||
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||
*
|
||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* you may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package org.wso2.carbon.device.mgt.core.permission.mgt;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.wso2.carbon.device.mgt.common.permission.mgt.Permission;
|
||||
|
||||
import java.util.StringTokenizer;
|
||||
|
||||
/**
|
||||
* This class represents a tree data structure which will be used for adding and retrieving permissions.
|
||||
*/
|
||||
public class PermissionTree {
|
||||
|
||||
private PermissionNode rootNode;
|
||||
private static final String DYNAMIC_PATH_NOTATION = "*";
|
||||
private static final String ROOT = "/";
|
||||
private static final Log log = LogFactory.getLog(PermissionTree.class);
|
||||
|
||||
public PermissionTree() {
|
||||
rootNode = new PermissionNode(ROOT); // initializing the root node.
|
||||
}
|
||||
|
||||
/**
|
||||
* This method is used to add permissions to the tree. Once it receives the permission
|
||||
* it will traverse through the given request path with respect to the permission and place
|
||||
* the permission in the appropriate place in the tree.
|
||||
*
|
||||
* @param permission Permission object.
|
||||
*/
|
||||
public void addPermission(Permission permission) {
|
||||
StringTokenizer st = new StringTokenizer(permission.getUrl(), ROOT);
|
||||
PermissionNode tempRoot = rootNode;
|
||||
PermissionNode tempChild;
|
||||
while (st.hasMoreTokens()) {
|
||||
tempChild = new PermissionNode(st.nextToken());
|
||||
tempRoot = addPermissionNode(tempRoot, tempChild);
|
||||
}
|
||||
tempRoot.addPermission(permission.getMethod(), permission); //setting permission to the vertex
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Added permission '" + permission.getName() + "'");
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* This method is used to add vertex to the graph. The method will check for the given child
|
||||
* whether exists within the list of children of the given parent.
|
||||
*
|
||||
* @param parent Parent PermissionNode.
|
||||
* @param child Child PermissionNode.
|
||||
* @return returns the newly created child or the existing child.
|
||||
*/
|
||||
private PermissionNode addPermissionNode(PermissionNode parent, PermissionNode child) {
|
||||
PermissionNode existChild = parent.getChild(child.getPathName());
|
||||
if (existChild == null) {
|
||||
parent.addChild(child);
|
||||
return child;
|
||||
}
|
||||
return existChild;
|
||||
}
|
||||
|
||||
/**
|
||||
* This method is used to retrieve the permission for a given url and http method.
|
||||
* Breath First Search (BFS) is used to traverse the tree.
|
||||
*
|
||||
* @param url Request URL.
|
||||
* @param httpMethod HTTP method of the request.
|
||||
* @return returns the permission with related to the request path or null if there is
|
||||
* no any permission that is stored with respected to the given request path.
|
||||
*/
|
||||
public Permission getPermission(String url, String httpMethod) {
|
||||
StringTokenizer st = new StringTokenizer(url, ROOT);
|
||||
PermissionNode tempRoot = rootNode;
|
||||
while (st.hasMoreTokens()) {
|
||||
String currentToken = st.nextToken();
|
||||
|
||||
// returns the child node which matches with the 'currentToken' path.
|
||||
tempRoot = tempRoot.getChild(currentToken);
|
||||
|
||||
// if tempRoot is null, that means 'currentToken' is not matched with the child's path.
|
||||
// It means that it is at a point where the request must have dynamic path variables.
|
||||
// Therefor it looks for '*' in the request path. ('*' denotes dynamic path variable).
|
||||
if (tempRoot == null) {
|
||||
tempRoot = tempRoot.getChild(DYNAMIC_PATH_NOTATION);
|
||||
// if tempRoot is null, that means there is no any permission which matches with the
|
||||
// given path
|
||||
if (tempRoot == null) {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Permission for request path '" + url + "' does not exist");
|
||||
}
|
||||
return null;
|
||||
}
|
||||
}
|
||||
}
|
||||
return tempRoot.getPermission(httpMethod);
|
||||
}
|
||||
}
|
@ -0,0 +1,73 @@
|
||||
/*
|
||||
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||
*
|
||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* you may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package org.wso2.carbon.device.mgt.core.permission.mgt;
|
||||
|
||||
import org.wso2.carbon.device.mgt.common.permission.mgt.Permission;
|
||||
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException;
|
||||
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagerService;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Properties;
|
||||
|
||||
/**
|
||||
* This class will add, update custom permissions defined in permission.xml in webapps and it will
|
||||
* use Registry as the persistence storage.
|
||||
*/
|
||||
public class RegistryBasedPermissionManagerServiceImpl implements PermissionManagerService {
|
||||
|
||||
public static final String URL_PROPERTY = "URL";
|
||||
public static final String HTTP_METHOD_PROPERTY = "HTTP_METHOD";
|
||||
private static RegistryBasedPermissionManagerServiceImpl registryBasedPermissionManager;
|
||||
private static PermissionTree permissionTree; // holds the permissions at runtime.
|
||||
|
||||
private RegistryBasedPermissionManagerServiceImpl() {
|
||||
}
|
||||
|
||||
public static RegistryBasedPermissionManagerServiceImpl getInstance() {
|
||||
if (registryBasedPermissionManager == null) {
|
||||
synchronized (RegistryBasedPermissionManagerServiceImpl.class) {
|
||||
if (registryBasedPermissionManager == null) {
|
||||
registryBasedPermissionManager = new RegistryBasedPermissionManagerServiceImpl();
|
||||
permissionTree = new PermissionTree();
|
||||
}
|
||||
}
|
||||
}
|
||||
return registryBasedPermissionManager;
|
||||
}
|
||||
|
||||
public boolean addPermissions(List<Permission> permissions) throws PermissionManagementException {
|
||||
for (Permission permission : permissions) {
|
||||
this.addPermission(permission);
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean addPermission(Permission permission) throws PermissionManagementException {
|
||||
permissionTree.addPermission(permission); // adding a permission to the tree
|
||||
return PermissionUtils.putPermission(permission);
|
||||
}
|
||||
|
||||
@Override
|
||||
public Permission getPermission(Properties properties) throws PermissionManagementException {
|
||||
String url = (String) properties.get(URL_PROPERTY);
|
||||
String httpMethod = (String) properties.get(HTTP_METHOD_PROPERTY);
|
||||
return permissionTree.getPermission(url, httpMethod);
|
||||
}
|
||||
}
|
@ -0,0 +1,76 @@
|
||||
/*
|
||||
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||
*
|
||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package org.wso2.carbon.webapp.authenticator.framework.authorizer;
|
||||
|
||||
import org.apache.catalina.connector.Request;
|
||||
import org.apache.catalina.connector.Response;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve;
|
||||
import org.wso2.carbon.tomcat.ext.valves.CompositeValve;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.AuthenticationFrameworkUtil;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
|
||||
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
public class PermissionAuthorizationValve extends CarbonTomcatValve {
|
||||
|
||||
private static final Log log = LogFactory.getLog(PermissionAuthorizationValve.class);
|
||||
private static final String AUTHORIZATION_ENABLED = "authorization-enabled";
|
||||
|
||||
|
||||
@Override
|
||||
public void invoke(Request request, Response response, CompositeValve compositeValve) {
|
||||
|
||||
String permissionStatus =
|
||||
request.getContext().findParameter(AUTHORIZATION_ENABLED);
|
||||
if (permissionStatus == null || permissionStatus.isEmpty()) {
|
||||
this.processResponse(request, response, compositeValve, WebappAuthenticator.Status.CONTINUE);
|
||||
return;
|
||||
}
|
||||
// check whether the permission checking function is enabled in web.xml
|
||||
boolean isEnabled = new Boolean(permissionStatus);
|
||||
if (!isEnabled) {
|
||||
this.processResponse(request, response, compositeValve, WebappAuthenticator.Status.CONTINUE);
|
||||
return;
|
||||
}
|
||||
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Checking permission of request: " + request.getRequestURI());
|
||||
}
|
||||
PermissionAuthorizer permissionAuthorizer = new PermissionAuthorizer();
|
||||
WebappAuthenticator.Status status = permissionAuthorizer.authorize(request, response);
|
||||
this.processResponse(request, response, compositeValve, status);
|
||||
}
|
||||
|
||||
private void processResponse(Request request, Response response, CompositeValve compositeValve,
|
||||
WebappAuthenticator.Status status) {
|
||||
switch (status) {
|
||||
case SUCCESS:
|
||||
case CONTINUE:
|
||||
this.getNext().invoke(request, response, compositeValve);
|
||||
break;
|
||||
case FAILURE:
|
||||
String msg = "Failed to authorize incoming request";
|
||||
log.error(msg);
|
||||
AuthenticationFrameworkUtil.handleResponse(request, response, HttpServletResponse.SC_UNAUTHORIZED, msg);
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
@ -0,0 +1,101 @@
|
||||
/*
|
||||
* Copyright (c) 2015, WSO2 Inc. (http://www.wso2.org) All Rights Reserved.
|
||||
*
|
||||
* WSO2 Inc. licenses this file to you under the Apache License,
|
||||
* Version 2.0 (the "License"); you may not use this file except
|
||||
* in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
package org.wso2.carbon.webapp.authenticator.framework.authorizer;
|
||||
|
||||
import org.apache.catalina.connector.Request;
|
||||
import org.apache.catalina.connector.Response;
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.wso2.carbon.context.CarbonContext;
|
||||
import org.wso2.carbon.device.mgt.common.permission.mgt.Permission;
|
||||
import org.wso2.carbon.device.mgt.common.permission.mgt.PermissionManagementException;
|
||||
import org.wso2.carbon.device.mgt.core.permission.mgt.RegistryBasedPermissionManagerServiceImpl;
|
||||
import org.wso2.carbon.user.api.UserStoreException;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.Constants;
|
||||
import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
|
||||
|
||||
import java.util.Properties;
|
||||
|
||||
/**
|
||||
* This class represents the methods that are used to authorize requests.
|
||||
*/
|
||||
public class PermissionAuthorizer {
|
||||
|
||||
private static final Log log = LogFactory.getLog(PermissionAuthorizer.class);
|
||||
|
||||
public WebappAuthenticator.Status authorize(Request request, Response response) {
|
||||
|
||||
String requestUri = request.getRequestURI();
|
||||
String requestMethod = request.getMethod();
|
||||
|
||||
if (requestUri == null || requestUri.isEmpty() ||
|
||||
requestMethod == null || requestMethod.isEmpty()) {
|
||||
return WebappAuthenticator.Status.CONTINUE;
|
||||
}
|
||||
|
||||
RegistryBasedPermissionManagerServiceImpl registryBasedPermissionManager = RegistryBasedPermissionManagerServiceImpl.getInstance();
|
||||
Properties properties = new Properties();
|
||||
properties.put("",requestUri);
|
||||
properties.put("",requestMethod);
|
||||
Permission requestPermission = null;
|
||||
try {
|
||||
requestPermission = registryBasedPermissionManager.getPermission(properties);
|
||||
} catch (PermissionManagementException e) {
|
||||
log.error(
|
||||
"Error occurred while fetching the permission for URI : " + requestUri + " ," +
|
||||
" METHOD : " + requestMethod + ", msg = " + e.getMessage());
|
||||
}
|
||||
|
||||
if (requestPermission == null) {
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Permission to request '" + requestUri + "' is not defined in the configuration");
|
||||
}
|
||||
return WebappAuthenticator.Status.FAILURE;
|
||||
}
|
||||
|
||||
String permissionString = requestPermission.getPath();
|
||||
|
||||
// This is added temporarily until authentication works.
|
||||
// TODO remove below line.
|
||||
String username = "admin";
|
||||
// TODO uncomment this once the authentication works.
|
||||
//String username = CarbonContext.getThreadLocalCarbonContext().getUsername();
|
||||
|
||||
boolean isUserAuthorized;
|
||||
try {
|
||||
isUserAuthorized = CarbonContext.getThreadLocalCarbonContext().getUserRealm().
|
||||
getAuthorizationManager().isUserAuthorized(username, permissionString,
|
||||
Constants.PermissionMethod.READ);
|
||||
} catch (UserStoreException e) {
|
||||
log.error("Error occurred while retrieving user store. " + e.getMessage());
|
||||
return WebappAuthenticator.Status.FAILURE;
|
||||
}
|
||||
|
||||
if (log.isDebugEnabled()) {
|
||||
log.debug("Is user authorized: " + isUserAuthorized);
|
||||
}
|
||||
|
||||
if (isUserAuthorized) {
|
||||
return WebappAuthenticator.Status.SUCCESS;
|
||||
} else {
|
||||
return WebappAuthenticator.Status.FAILURE;
|
||||
}
|
||||
}
|
||||
|
||||
}
|
Loading…
Reference in new issue