trunk/src/java/org/apache/lenya/cms/ac/PolicyUtil.java - lenya - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  *  contributor license agreements.  See the NOTICE file distributed with
  *  this work for additional information regarding copyright ownership.
  *  The ASF licenses this file to You under the Apache License, Version 2.0
  *  (the "License"); you may not use this file except in compliance with
  *  the License.  You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  *  Unless required by applicable law or agreed to in writing, software
  *  distributed under the License is distributed on an "AS IS" BASIS,
  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  *  See the License for the specific language governing permissions and
  *  limitations under the License.
  *
  */

 package org.apache.lenya.cms.ac;

 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Enumeration;
 import java.util.List;

 import org.apache.avalon.framework.logger.Logger;
 import org.apache.avalon.framework.service.ServiceException;
 import org.apache.avalon.framework.service.ServiceManager;
 import org.apache.avalon.framework.service.ServiceSelector;
 import org.apache.cocoon.environment.Request;
 import org.apache.lenya.ac.AccessControlException;
 import org.apache.lenya.ac.AccessController;
 import org.apache.lenya.ac.AccessControllerResolver;
 import org.apache.lenya.ac.AccreditableManager;
 import org.apache.lenya.ac.Identity;
 import org.apache.lenya.ac.PolicyManager;
 import org.apache.lenya.ac.Role;
 import org.apache.lenya.ac.User;
 import org.apache.lenya.ac.UserManager;

 /**
  * Policy utility class.
  */
 public final class PolicyUtil {

     /**
      * Fetches the stored roles from the request.
      * @param request The request.
      * @return A role array.
      * @throws AccessControlException If the request does not contain the roles
      *         list.
      */
     public static final Role[] getRoles(Request request) throws AccessControlException {
         List roleList = (List) request.getAttribute(Role.class.getName());

         if (roleList == null) {
             StringBuffer buf = new StringBuffer();
             buf.append("    URI: [" + request.getRequestURI() + "]\n");
             for (Enumeration e = request.getParameterNames(); e.hasMoreElements();) {
                 String key = (String) e.nextElement();
                 buf.append("    Parameter: [" + key + "] = [" + request.getParameter(key) + "]\n");
             }

             throw new AccessControlException("Request [" + request + "] does not contain roles: \n"
                     + buf.toString());
         }

         Role[] roles = (Role[]) roleList.toArray(new Role[roleList.size()]);
         return roles;
     }

     /**
      * @param manager The service manager.
      * @param webappUrl The web application URL.
      * @param userId The user ID.
      * @param logger The logger.
      * @return A user.
      * @throws AccessControlException if an error occurs.
      */
     public static final User getUser(ServiceManager manager, String webappUrl,
             String userId, Logger logger) throws AccessControlException {
         ServiceSelector selector = null;
         AccessControllerResolver resolver = null;
         AccessController controller = null;
         try {
             selector = (ServiceSelector) manager.lookup(AccessControllerResolver.ROLE + "Selector");
             resolver = (AccessControllerResolver) selector
                     .select(AccessControllerResolver.DEFAULT_RESOLVER);
             controller = resolver.resolveAccessController(webappUrl);

             AccreditableManager accreditableManager = controller.getAccreditableManager();
             UserManager userManager = accreditableManager.getUserManager();

             return userManager.getUser(userId);
         } catch (ServiceException e) {
             throw new AccessControlException(e);
         } finally {
             if (selector != null) {
                 if (resolver != null) {
                     if (controller != null) {
                         resolver.release(controller);
                     }
                     selector.release(resolver);
                 }
                 manager.release(selector);
             }
         }

     }

     /**
      * @param manager The service manager.
      * @param webappUrl The web application URL.
      * @param role The ID of the role.
      * @param logger The logger to use.
      * @return All users which have the role on this URL.
      * @throws AccessControlException if an error occurs.
      */
     public static final User[] getUsersWithRole(ServiceManager manager, String webappUrl,
             String role, Logger logger) throws AccessControlException {
         ServiceSelector selector = null;
         AccessControllerResolver resolver = null;
         AccessController controller = null;
         try {
             selector = (ServiceSelector) manager.lookup(AccessControllerResolver.ROLE + "Selector");
             resolver = (AccessControllerResolver) selector
                     .select(AccessControllerResolver.DEFAULT_RESOLVER);
             controller = resolver.resolveAccessController(webappUrl);

             AccreditableManager accreditableManager = controller.getAccreditableManager();
             UserManager userManager = accreditableManager.getUserManager();
             User[] users = userManager.getUsers();
             List usersWithRole = new ArrayList();
             PolicyManager policyManager = controller.getPolicyManager();

             Role roleObject = accreditableManager.getRoleManager().getRole(role);

             for (int i = 0; i < users.length; i++) {
                 Identity identity = new Identity(logger);
                 identity.addIdentifiable(users[i]);
                 Role[] roles = policyManager.getGrantedRoles(accreditableManager, identity,
                         webappUrl);
                 if (Arrays.asList(roles).contains(roleObject)) {
                     usersWithRole.add(users[i]);
                 }
             }

             return (User[]) usersWithRole.toArray(new User[usersWithRole.size()]);
         } catch (ServiceException e) {
             throw new AccessControlException(e);
         } finally {
             if (selector != null) {
                 if (resolver != null) {
                     if (controller != null) {
                         resolver.release(controller);
                     }
                     selector.release(resolver);
                 }
                 manager.release(selector);
             }
         }
     }

 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*
	*/

	package org.apache.lenya.cms.ac;

	import java.util.ArrayList;
	import java.util.Arrays;
	import java.util.Enumeration;
	import java.util.List;

	import org.apache.avalon.framework.logger.Logger;
	import org.apache.avalon.framework.service.ServiceException;
	import org.apache.avalon.framework.service.ServiceManager;
	import org.apache.avalon.framework.service.ServiceSelector;
	import org.apache.cocoon.environment.Request;
	import org.apache.lenya.ac.AccessControlException;
	import org.apache.lenya.ac.AccessController;
	import org.apache.lenya.ac.AccessControllerResolver;
	import org.apache.lenya.ac.AccreditableManager;
	import org.apache.lenya.ac.Identity;
	import org.apache.lenya.ac.PolicyManager;
	import org.apache.lenya.ac.Role;
	import org.apache.lenya.ac.User;
	import org.apache.lenya.ac.UserManager;

	/**
	* Policy utility class.
	*/
	public final class PolicyUtil {

	/**
	* Fetches the stored roles from the request.
	* @param request The request.
	* @return A role array.
	* @throws AccessControlException If the request does not contain the roles
	* list.
	*/
	public static final Role[] getRoles(Request request) throws AccessControlException {
	List roleList = (List) request.getAttribute(Role.class.getName());

	if (roleList == null) {
	StringBuffer buf = new StringBuffer();
	buf.append(" URI: [" + request.getRequestURI() + "]\n");
	for (Enumeration e = request.getParameterNames(); e.hasMoreElements();) {
	String key = (String) e.nextElement();
	buf.append(" Parameter: [" + key + "] = [" + request.getParameter(key) + "]\n");
	}

	throw new AccessControlException("Request [" + request + "] does not contain roles: \n"
	+ buf.toString());
	}

	Role[] roles = (Role[]) roleList.toArray(new Role[roleList.size()]);
	return roles;
	}

	/**
	* @param manager The service manager.
	* @param webappUrl The web application URL.
	* @param userId The user ID.
	* @param logger The logger.
	* @return A user.
	* @throws AccessControlException if an error occurs.
	*/
	public static final User getUser(ServiceManager manager, String webappUrl,
	String userId, Logger logger) throws AccessControlException {
	ServiceSelector selector = null;
	AccessControllerResolver resolver = null;
	AccessController controller = null;
	try {
	selector = (ServiceSelector) manager.lookup(AccessControllerResolver.ROLE + "Selector");
	resolver = (AccessControllerResolver) selector
	.select(AccessControllerResolver.DEFAULT_RESOLVER);
	controller = resolver.resolveAccessController(webappUrl);

	AccreditableManager accreditableManager = controller.getAccreditableManager();
	UserManager userManager = accreditableManager.getUserManager();

	return userManager.getUser(userId);
	} catch (ServiceException e) {
	throw new AccessControlException(e);
	} finally {
	if (selector != null) {
	if (resolver != null) {
	if (controller != null) {
	resolver.release(controller);
	}
	selector.release(resolver);
	}
	manager.release(selector);
	}
	}

	}

	/**
	* @param manager The service manager.
	* @param webappUrl The web application URL.
	* @param role The ID of the role.
	* @param logger The logger to use.
	* @return All users which have the role on this URL.
	* @throws AccessControlException if an error occurs.
	*/
	public static final User[] getUsersWithRole(ServiceManager manager, String webappUrl,
	String role, Logger logger) throws AccessControlException {
	ServiceSelector selector = null;
	AccessControllerResolver resolver = null;
	AccessController controller = null;
	try {
	selector = (ServiceSelector) manager.lookup(AccessControllerResolver.ROLE + "Selector");
	resolver = (AccessControllerResolver) selector
	.select(AccessControllerResolver.DEFAULT_RESOLVER);
	controller = resolver.resolveAccessController(webappUrl);

	AccreditableManager accreditableManager = controller.getAccreditableManager();
	UserManager userManager = accreditableManager.getUserManager();
	User[] users = userManager.getUsers();
	List usersWithRole = new ArrayList();
	PolicyManager policyManager = controller.getPolicyManager();

	Role roleObject = accreditableManager.getRoleManager().getRole(role);

	for (int i = 0; i < users.length; i++) {
	Identity identity = new Identity(logger);
	identity.addIdentifiable(users[i]);
	Role[] roles = policyManager.getGrantedRoles(accreditableManager, identity,
	webappUrl);
	if (Arrays.asList(roles).contains(roleObject)) {
	usersWithRole.add(users[i]);
	}
	}

	return (User[]) usersWithRole.toArray(new User[usersWithRole.size()]);
	} catch (ServiceException e) {
	throw new AccessControlException(e);
	} finally {
	if (selector != null) {
	if (resolver != null) {
	if (controller != null) {
	resolver.release(controller);
	}
	selector.release(resolver);
	}
	manager.release(selector);
	}
	}
	}

	}