geode-dunit/src/main/java/org/apache/geode/security/templates/SimpleAccessController.java - geode - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more contributor license
  * agreements. See the NOTICE file distributed with this work for additional information regarding
  * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance with the License. You may obtain a
  * copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software distributed under the License
  * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
  * or implied. See the License for the specific language governing permissions and limitations under
  * the License.
  */

 package org.apache.geode.security.templates;

 import java.security.Principal;

 import org.apache.geode.cache.Cache;
 import org.apache.geode.cache.operations.OperationContext;
 import org.apache.geode.distributed.DistributedMember;
 import org.apache.geode.security.AccessControl;
 import org.apache.geode.security.NotAuthorizedException;

 /**
  * A test implementation of the legacy {@link org.apache.geode.security.AccessControl}.
  * An authenticated user's permissions are defined by the username itself, e.g. user "dataRead"
  * has permissions DATA:READ and user "data,cluster" has permissions DATA and CLUSTER.
  */
 @SuppressWarnings("deprecation")
 public class SimpleAccessController implements AccessControl {
   private static Principal principal;

   @Override
   public void init(Principal principal, DistributedMember remoteMember, Cache cache)
       throws NotAuthorizedException {
     SimpleAccessController.principal = principal;
   }

   public static AccessControl create() {
     return new SimpleAccessController();
   }

   @Override
   public boolean authorizeOperation(String regionName, OperationContext context) {
     switch (context.getOperationCode()) {
       case GET:
       case REGISTER_INTEREST:
       case UNREGISTER_INTEREST:
       case CONTAINS_KEY:
       case KEY_SET:
       case QUERY:
       case EXECUTE_CQ:
       case STOP_CQ:
       case CLOSE_CQ:
         return authorize(principal, "DATA:READ");
       case PUT:
       case PUTALL:
       case REMOVEALL:
       case DESTROY:
       case INVALIDATE:
         return authorize(principal, "DATA:WRITE");
       case REGION_CLEAR:
       case REGION_CREATE:
       case REGION_DESTROY:
       case EXECUTE_FUNCTION:
       case GET_DURABLE_CQS:
         return false;
       default:
         return false;
     }
   }

   private boolean authorize(Principal principal, String permission) {
     String[] principals = principal.toString().toLowerCase().split(",");
     for (String role : principals) {
       String permissionString = permission.replace(":", "").toLowerCase();
       if (permissionString.startsWith(role))
         return true;
     }
     return false;
   }

   @Override
   public void close() {
     principal = null;
   }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more contributor license
	* agreements. See the NOTICE file distributed with this work for additional information regarding
	* copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance with the License. You may obtain a
	* copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software distributed under the License
	* is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
	* or implied. See the License for the specific language governing permissions and limitations under
	* the License.
	*/

	package org.apache.geode.security.templates;

	import java.security.Principal;

	import org.apache.geode.cache.Cache;
	import org.apache.geode.cache.operations.OperationContext;
	import org.apache.geode.distributed.DistributedMember;
	import org.apache.geode.security.AccessControl;
	import org.apache.geode.security.NotAuthorizedException;

	/**
	* A test implementation of the legacy {@link org.apache.geode.security.AccessControl}.
	* An authenticated user's permissions are defined by the username itself, e.g. user "dataRead"
	* has permissions DATA:READ and user "data,cluster" has permissions DATA and CLUSTER.
	*/
	@SuppressWarnings("deprecation")
	public class SimpleAccessController implements AccessControl {
	private static Principal principal;

	@Override
	public void init(Principal principal, DistributedMember remoteMember, Cache cache)
	throws NotAuthorizedException {
	SimpleAccessController.principal = principal;
	}

	public static AccessControl create() {
	return new SimpleAccessController();
	}

	@Override
	public boolean authorizeOperation(String regionName, OperationContext context) {
	switch (context.getOperationCode()) {
	case GET:
	case REGISTER_INTEREST:
	case UNREGISTER_INTEREST:
	case CONTAINS_KEY:
	case KEY_SET:
	case QUERY:
	case EXECUTE_CQ:
	case STOP_CQ:
	case CLOSE_CQ:
	return authorize(principal, "DATA:READ");
	case PUT:
	case PUTALL:
	case REMOVEALL:
	case DESTROY:
	case INVALIDATE:
	return authorize(principal, "DATA:WRITE");
	case REGION_CLEAR:
	case REGION_CREATE:
	case REGION_DESTROY:
	case EXECUTE_FUNCTION:
	case GET_DURABLE_CQS:
	return false;
	default:
	return false;
	}
	}

	private boolean authorize(Principal principal, String permission) {
	String[] principals = principal.toString().toLowerCase().split(",");
	for (String role : principals) {
	String permissionString = permission.replace(":", "").toLowerCase();
	if (permissionString.startsWith(role))
	return true;
	}
	return false;
	}

	@Override
	public void close() {
	principal = null;
	}
	}