View Javadoc
1   package org.apache.fulcrum.security.model.dynamic;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   *   http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  import java.util.HashMap;
22  import java.util.HashSet;
23  import java.util.Map;
24  import java.util.Set;
25  
26  import org.apache.fulcrum.security.acl.AccessControlList;
27  import org.apache.fulcrum.security.entity.Group;
28  import org.apache.fulcrum.security.entity.Role;
29  import org.apache.fulcrum.security.entity.User;
30  import org.apache.fulcrum.security.model.ACLFactory;
31  import org.apache.fulcrum.security.model.dynamic.entity.DynamicGroup;
32  import org.apache.fulcrum.security.model.dynamic.entity.DynamicRole;
33  import org.apache.fulcrum.security.model.dynamic.entity.DynamicUser;
34  import org.apache.fulcrum.security.spi.AbstractManager;
35  import org.apache.fulcrum.security.util.PermissionSet;
36  import org.apache.fulcrum.security.util.RoleSet;
37  import org.apache.fulcrum.security.util.UnknownEntityException;
38  
39  /**
40   *
41   * This factory creates instance of the DynamicAccessControlList
42   *
43   * @author <a href="mailto:epugh@upstate.com">Eric Pugh </a>
44   * @author <a href="mailto:ben@gidley.co.uk">Ben Gidley </a>
45   * @version $Id$
46   */
47  public class DynamicACLFactory extends AbstractManager implements ACLFactory
48  {
49      /**
50       * @see org.apache.fulcrum.security.model.ACLFactory#getAccessControlList(org.apache.fulcrum.security.entity.User)
51       */
52      public <T extends AccessControlList> T getAccessControlList(User user)
53      {
54          Map<Group, RoleSet> roleSets = new HashMap<Group, RoleSet>();
55          Map<Role, PermissionSet> permissionSets = new HashMap<Role, PermissionSet>();
56  
57          Set<DynamicUser> users = new HashSet<DynamicUser>();
58  
59          // add the root user
60          users.add((DynamicUser) user);
61          addDelegators((DynamicUser) user, users);
62  
63          for (DynamicUser aUser : users)
64          {
65              addRolesAndPermissions(aUser, roleSets, permissionSets);
66          }
67  
68          try
69          {
70              @SuppressWarnings("unchecked")
71  			T aclInstance = (T) getAclInstance(roleSets, permissionSets);
72  			return aclInstance;
73          }
74          catch (UnknownEntityException uue)
75          {
76              throw new RuntimeException(uue.getMessage(), uue);
77          }
78      }
79  
80      /**
81       * Construct a new ACL object.
82       *
83       * This constructs a new ACL object from the configured class and
84       * initializes it with the supplied roles and permissions.
85       *
86       * @param roles
87       *            The roles that this ACL should contain
88       * @param permissions
89       *            The permissions for this ACL
90       *
91       * @return an object implementing ACL interface.
92       * @throws UnknownEntityException
93       *             if the object could not be instantiated.
94       */
95      private DynamicAccessControlList getAclInstance(Map<? extends Group, ? extends RoleSet> roles,
96              Map<? extends Role, ? extends PermissionSet> permissions) throws UnknownEntityException
97      {
98      	DynamicAccessControlList accessControlList;
99          try
100         {
101             accessControlList = new DynamicAccessControlListImpl(roles, permissions);
102         }
103         catch (Exception e)
104         {
105             throw new UnknownEntityException("Failed to instantiate an ACL implementation object", e);
106         }
107         return accessControlList;
108     }
109 
110     /**
111      * Add delegators to the user list
112      *
113      * @param user
114      *            the user to add to
115      * @param users
116      *            the set of delegators
117      */
118     public <T extends DynamicUser> void addDelegators(DynamicUser user, Set<T> users)
119     {
120         for (User u : user.getDelegators())
121         {
122             @SuppressWarnings("unchecked")
123             T delegatorUser = (T) u;
124 
125             if (users.add(delegatorUser))
126             {
127                 // Only come here if user NOT in users
128                 addDelegators(delegatorUser, users);
129             }
130         }
131     }
132 
133     /**
134      * Adds the passed users roles and permissions to the sets As maps overwrite
135      * duplicates we just put it in an let it overwrite it is probably quicker
136      * than checking for duplicates
137      *
138      * @param user
139      * @param roleSets
140      * @param permissionSets
141      */
142     private void addRolesAndPermissions(User user, Map<Group, RoleSet> roleSets, Map<Role, PermissionSet> permissionSets)
143     {
144         for (Group group : ((DynamicUser) user).getGroups())
145         {
146             RoleSet roleSet = ((DynamicGroup) group).getRoles();
147             roleSets.put(group, roleSet);
148             for (Role r : roleSet)
149             {
150                 DynamicRole../../../../../org/apache/fulcrum/security/model/dynamic/entity/DynamicRole.html#DynamicRole">DynamicRole role = (DynamicRole) r;
151                 permissionSets.put(role, role.getPermissions());
152             }
153         }
154     }
155 }