| /* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| */ |
| package org.jsecurity.authz; |
| |
| import org.jsecurity.authz.permission.PermissionResolver; |
| import org.jsecurity.authz.permission.PermissionResolverAware; |
| import org.jsecurity.realm.Realm; |
| import org.jsecurity.subject.PrincipalCollection; |
| |
| import java.util.Collection; |
| import java.util.List; |
| |
| /** |
| * A <tt>ModularRealmAuthorizer</tt> is an <tt>Authorizer</tt> implementation that consults one or more configured |
| * {@link Realm Realm}s during an authorization operation. |
| * |
| * @author Les Hazlewood |
| * @since 0.2 |
| */ |
| public class ModularRealmAuthorizer implements Authorizer, PermissionResolverAware { |
| |
| protected Collection<Realm> realms; |
| |
| public ModularRealmAuthorizer() { |
| } |
| |
| public ModularRealmAuthorizer(Collection<Realm> realms) { |
| setRealms(realms); |
| } |
| |
| public Collection<Realm> getRealms() { |
| return this.realms; |
| } |
| |
| public void setRealms(Collection<Realm> realms) { |
| this.realms = realms; |
| } |
| |
| /** |
| * Used by the {@link Authorizer Authorizer} implementation methods to ensure that the {@link #setRealms realms} |
| * has been set. The default implementation ensures the property is not null and not empty. |
| * |
| * @throws IllegalStateException if the <tt>realms</tt> property is configured incorrectly. |
| */ |
| protected void assertRealmsConfigured() throws IllegalStateException { |
| Collection<Realm> realms = getRealms(); |
| if (realms == null || realms.isEmpty()) { |
| String msg = "Configuration error: No realms have been configured! One or more realms must be " + |
| "present to execute an authorization operation."; |
| throw new IllegalStateException(msg); |
| } |
| } |
| |
| public void setPermissionResolver(PermissionResolver permissionResolver) { |
| Collection<Realm> realms = getRealms(); |
| if (realms != null && !realms.isEmpty()) { |
| for (Realm realm : realms) { |
| if (realm instanceof PermissionResolverAware) { |
| ((PermissionResolverAware) realm).setPermissionResolver(permissionResolver); |
| } |
| } |
| } |
| } |
| |
| public boolean isPermitted(PrincipalCollection principals, String permission) { |
| assertRealmsConfigured(); |
| for (Realm realm : getRealms()) { |
| if (realm.isPermitted(principals, permission)) { |
| return true; |
| } |
| } |
| return false; |
| } |
| |
| public boolean isPermitted(PrincipalCollection principals, Permission permission) { |
| assertRealmsConfigured(); |
| for (Realm realm : getRealms()) { |
| if (realm.isPermitted(principals, permission)) { |
| return true; |
| } |
| } |
| return false; |
| } |
| |
| public boolean[] isPermitted(PrincipalCollection principals, String... permissions) { |
| if (permissions != null && permissions.length > 0) { |
| boolean[] isPermitted = new boolean[permissions.length]; |
| for (int i = 0; i < permissions.length; i++) { |
| isPermitted[i] = isPermitted(principals, permissions[i]); |
| } |
| return isPermitted; |
| } |
| return new boolean[0]; |
| } |
| |
| public boolean[] isPermitted(PrincipalCollection principals, List<Permission> permissions) { |
| if (permissions != null && !permissions.isEmpty()) { |
| boolean[] isPermitted = new boolean[permissions.size()]; |
| int i = 0; |
| for (Permission p : permissions) { |
| isPermitted[i++] = isPermitted(principals, p); |
| } |
| return isPermitted; |
| } |
| |
| return new boolean[0]; |
| } |
| |
| public boolean isPermittedAll(PrincipalCollection principals, String... permissions) { |
| if (permissions != null && permissions.length > 0) { |
| for (String perm : permissions) { |
| if (!isPermitted(principals, perm)) { |
| return false; |
| } |
| } |
| } |
| return true; |
| } |
| |
| public boolean isPermittedAll(PrincipalCollection principals, Collection<Permission> permissions) { |
| if (permissions != null && !permissions.isEmpty()) { |
| for (Permission permission : permissions) { |
| if (!isPermitted(principals, permission)) { |
| return false; |
| } |
| } |
| } |
| return true; |
| } |
| |
| public void checkPermission(PrincipalCollection principals, String permission) throws AuthorizationException { |
| if (!isPermitted(principals, permission)) { |
| throw new UnauthorizedException("Subject does not have permission [" + permission + "]"); |
| } |
| } |
| |
| public void checkPermission(PrincipalCollection principals, Permission permission) throws AuthorizationException { |
| if (!isPermitted(principals, permission)) { |
| throw new UnauthorizedException("Subject does not have permission [" + permission + "]"); |
| } |
| } |
| |
| public void checkPermissions(PrincipalCollection principals, String... permissions) throws AuthorizationException { |
| if (permissions != null && permissions.length > 0) { |
| for (String perm : permissions) { |
| checkPermission(principals, perm); |
| } |
| } |
| } |
| |
| public void checkPermissions(PrincipalCollection principals, Collection<Permission> permissions) throws AuthorizationException { |
| if (permissions != null) { |
| for (Permission permission : permissions) { |
| checkPermission(principals, permission); |
| } |
| } |
| } |
| |
| public boolean hasRole(PrincipalCollection principals, String roleIdentifier) { |
| assertRealmsConfigured(); |
| for (Realm realm : getRealms()) { |
| if (realm.hasRole(principals, roleIdentifier)) { |
| return true; |
| } |
| } |
| return false; |
| } |
| |
| public boolean[] hasRoles(PrincipalCollection principals, List<String> roleIdentifiers) { |
| if (roleIdentifiers != null && !roleIdentifiers.isEmpty()) { |
| boolean[] isPermitted = new boolean[roleIdentifiers.size()]; |
| int i = 0; |
| for (String roleId : roleIdentifiers) { |
| isPermitted[i++] = hasRole(principals, roleId); |
| } |
| return isPermitted; |
| } |
| |
| return new boolean[0]; |
| } |
| |
| |
| public boolean hasAllRoles(PrincipalCollection principals, Collection<String> roleIdentifiers) { |
| for (String roleIdentifier : roleIdentifiers) { |
| if (!hasRole(principals, roleIdentifier)) { |
| return false; |
| } |
| } |
| return true; |
| } |
| |
| public void checkRole(PrincipalCollection principals, String role) throws AuthorizationException { |
| if (!hasRole(principals, role)) { |
| throw new UnauthorizedException("Subject does not have role [" + role + "]"); |
| } |
| } |
| |
| public void checkRoles(PrincipalCollection principals, Collection<String> roles) throws AuthorizationException { |
| if (roles != null) { |
| for (String role : roles) { |
| checkRole(principals, role); |
| } |
| } |
| } |
| |
| } |