| /* |
| * Licensed to the Apache Software Foundation (ASF) under one or more contributor license |
| * agreements. See the NOTICE file distributed with this work for additional information regarding |
| * copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance with the License. You may obtain a |
| * copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software distributed under the License |
| * is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express |
| * or implied. See the License for the specific language governing permissions and limitations under |
| * the License. |
| */ |
| package org.apache.geode.security.generator; |
| |
| import java.security.Principal; |
| import java.util.HashSet; |
| import java.util.Properties; |
| import java.util.Set; |
| |
| import org.apache.geode.cache.operations.OperationContext.OperationCode; |
| import org.apache.geode.security.templates.DummyAuthorization; |
| import org.apache.geode.security.templates.UsernamePrincipal; |
| |
| public class DummyAuthzCredentialGenerator extends AuthzCredentialGenerator { |
| |
| public static final byte READER_ROLE = 1; |
| public static final byte WRITER_ROLE = 2; |
| public static final byte ADMIN_ROLE = 3; |
| |
| private static Set readerOpsSet; |
| private static Set writerOpsSet; |
| |
| static { |
| readerOpsSet = new HashSet(); |
| for (int index = 0; index < DummyAuthorization.READER_OPS.length; index++) { |
| readerOpsSet.add(DummyAuthorization.READER_OPS[index]); |
| } |
| |
| writerOpsSet = new HashSet(); |
| for (int index = 0; index < DummyAuthorization.WRITER_OPS.length; index++) { |
| writerOpsSet.add(DummyAuthorization.WRITER_OPS[index]); |
| } |
| } |
| |
| public static byte getRequiredRole(final OperationCode[] opCodes) { |
| byte roleType = ADMIN_ROLE; |
| boolean requiresReader = true; |
| boolean requiresWriter = true; |
| |
| for (int opNum = 0; opNum < opCodes.length; opNum++) { |
| if (requiresReader && !readerOpsSet.contains(opCodes[opNum])) { |
| requiresReader = false; |
| } |
| if (requiresWriter && !writerOpsSet.contains(opCodes[opNum])) { |
| requiresWriter = false; |
| } |
| } |
| if (requiresReader) { |
| roleType = READER_ROLE; |
| } else if (requiresWriter) { |
| roleType = WRITER_ROLE; |
| } |
| return roleType; |
| } |
| |
| @Override |
| protected Properties init() throws IllegalArgumentException { |
| if (!this.generator.classCode().isDummy()) { |
| throw new IllegalArgumentException( |
| "DummyAuthorization module only works with DummyAuthenticator"); |
| } |
| return null; |
| } |
| |
| @Override |
| public ClassCode classCode() { |
| return ClassCode.DUMMY; |
| } |
| |
| @Override |
| public String getAuthorizationCallback() { |
| return DummyAuthorization.class.getName() + ".create"; |
| } |
| |
| @Override |
| protected Principal getAllowedPrincipal(final OperationCode[] opCodes, final String[] regionNames, |
| final int index) { |
| final byte roleType = getRequiredRole(opCodes); |
| return getPrincipal(roleType, index); |
| } |
| |
| @Override |
| protected Principal getDisallowedPrincipal(final OperationCode[] opCodes, |
| final String[] regionNames, final int index) { |
| byte roleType = getRequiredRole(opCodes); |
| byte disallowedRoleType; |
| switch (roleType) { |
| case READER_ROLE: |
| disallowedRoleType = WRITER_ROLE; |
| break; |
| case WRITER_ROLE: |
| disallowedRoleType = READER_ROLE; |
| break; |
| default: |
| disallowedRoleType = READER_ROLE; |
| break; |
| } |
| return getPrincipal(disallowedRoleType, index); |
| } |
| |
| @Override |
| protected int getNumPrincipalTries(final OperationCode[] opCodes, final String[] regionNames) { |
| return 5; |
| } |
| |
| private Principal getPrincipal(final byte roleType, final int index) { |
| String[] admins = new String[] {"root", "admin", "administrator"}; |
| switch (roleType) { |
| case READER_ROLE: |
| return new UsernamePrincipal("reader" + index); |
| case WRITER_ROLE: |
| return new UsernamePrincipal("writer" + index); |
| default: |
| return new UsernamePrincipal(admins[index % admins.length]); |
| } |
| } |
| } |