framework/security/src/main/java/org/apache/ofbiz/security/SecurityFactory.java - ofbiz - Git at Google

 /*******************************************************************************
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  * http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  *******************************************************************************/
 package org.apache.ofbiz.security;

 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.ServiceLoader;

 import javax.servlet.http.HttpSession;

 import org.apache.ofbiz.base.util.Assert;
 import org.apache.ofbiz.base.util.Debug;
 import org.apache.ofbiz.base.util.UtilMisc;
 import org.apache.ofbiz.base.util.cache.UtilCache;
 import org.apache.ofbiz.entity.Delegator;
 import org.apache.ofbiz.entity.GenericEntityException;
 import org.apache.ofbiz.entity.GenericValue;
 import org.apache.ofbiz.entity.condition.EntityCondition;
 import org.apache.ofbiz.entity.condition.EntityConditionList;
 import org.apache.ofbiz.entity.condition.EntityExpr;
 import org.apache.ofbiz.entity.condition.EntityOperator;
 import org.apache.ofbiz.entity.util.EntityQuery;
 import org.apache.ofbiz.entity.util.EntityUtil;

 /**
  * A <code>Security</code> factory.
  */
 public final class SecurityFactory {

     public static final String module = SecurityFactory.class.getName();
     // The default implementation stores a Delegator reference, so we will cache by delegator name.
     // The goal is to remove Delegator references in the Security interface, then we can use a singleton
     // and eliminate the cache.
     private static final UtilCache<String, Security> authorizationCache = UtilCache.createUtilCache("security.AuthorizationCache");

     /**
      * Returns a <code>Security</code> instance. The method uses Java's
      * <a href="http://docs.oracle.com/javase/6/docs/api/java/util/ServiceLoader.html"><code>ServiceLoader</code></a>
      * to get a <code>Security</code> instance. If no instance is found, a default implementation is used.
      * The default implementation is based on/backed by the OFBiz entity engine.
      *
      * @param delegator The delegator
      * @return A <code>Security</code> instance
      */
     @SuppressWarnings("deprecation")
     public static Security getInstance(Delegator delegator) throws SecurityConfigurationException {
         Assert.notNull("delegator", delegator);
         Security security = authorizationCache.get(delegator.getDelegatorName());
         if (security == null) {
             Iterator<Security> iterator = ServiceLoader.load(Security.class).iterator();
             if (iterator.hasNext()) {
                 security = iterator.next();
             } else {
                 security = new OFBizSecurity();
             }
             security.setDelegator(delegator);
             security = authorizationCache.putIfAbsentAndGet(delegator.getDelegatorName(), security);
             if (Debug.verboseOn()) {
                 Debug.logVerbose("Security implementation " + security.getClass().getName() + " created for delegator " + delegator.getDelegatorName(), module);
             }
         }
         return security;
     }

     private SecurityFactory() {}

     private static final class OFBizSecurity implements Security {

         private Delegator delegator = null;

         protected static final Map<String, Map<String, String>> simpleRoleEntity = UtilMisc.toMap(
             "ORDERMGR", UtilMisc.<String, String>toMap("name", "OrderRole", "pkey", "orderId"),
             "FACILITY", UtilMisc.<String, String>toMap("name", "FacilityParty", "pkey", "facilityId"),
             "MARKETING", UtilMisc.<String, String>toMap("name", "MarketingCampaignRole", "pkey", "marketingCampaignId"));

         private OFBizSecurity() {}

         @Override
         public void clearUserData(GenericValue userLogin) {
             if (userLogin != null) {
                 delegator.getCache().remove("UserLoginSecurityGroup", EntityCondition.makeCondition("userLoginId", EntityOperator.EQUALS, userLogin.getString("userLoginId")));
             }
         }

         @Deprecated
         public Iterator<GenericValue> findUserLoginSecurityGroupByUserLoginId(String userLoginId) {
             try {
                 List<GenericValue> collection = EntityUtil.filterByDate(EntityQuery.use(delegator).from("UserLoginSecurityGroup").where("userLoginId", userLoginId).cache(true).queryList());
                 return collection.iterator();
             } catch (GenericEntityException e) {
                 Debug.logWarning(e, module);
                 return Collections.<GenericValue>emptyList().iterator();
             }
         }

         @Deprecated
         public Delegator getDelegator() {
             return this.delegator;
         }

         @Override
         public boolean hasEntityPermission(String entity, String action, GenericValue userLogin) {
             if (userLogin == null || entity == null || action == null) return false;
             String permission = entity.concat(action);
             String adminPermission = entity.concat("_ADMIN");
             Iterator<GenericValue> iterator = findUserLoginSecurityGroupByUserLoginId(userLogin.getString("userLoginId"));
             while (iterator.hasNext()) {
                 GenericValue userLoginSecurityGroup = iterator.next();
                 if (securityGroupPermissionExists(userLoginSecurityGroup.getString("groupId"), permission))
                     return true;
                 if (securityGroupPermissionExists(userLoginSecurityGroup.getString("groupId"), adminPermission))
                     return true;
             }

             return false;
         }

         @Override
         public boolean hasEntityPermission(String entity, String action, HttpSession session) {
             if (session == null) {
                 return false;
             }
             GenericValue userLogin = (GenericValue) session.getAttribute("userLogin");
             if (userLogin == null) {
                 return false;
             }
             return hasEntityPermission(entity, action, userLogin);
         }

         @Override
         public boolean hasPermission(String permission, GenericValue userLogin) {
             if (userLogin == null) {
                 return false;
             }
             Iterator<GenericValue> iterator = findUserLoginSecurityGroupByUserLoginId(userLogin.getString("userLoginId"));
             GenericValue userLoginSecurityGroup = null;
             while (iterator.hasNext()) {
                 userLoginSecurityGroup = iterator.next();
                 if (securityGroupPermissionExists(userLoginSecurityGroup.getString("groupId"), permission)) return true;
             }
             return false;
         }

         @Override
         public boolean hasPermission(String permission, HttpSession session) {
             GenericValue userLogin = (GenericValue) session.getAttribute("userLogin");
             if (userLogin == null) {
                 return false;
             }
             return hasPermission(permission, userLogin);
         }

         /**
          * Like hasEntityPermission above, this checks the specified action, as well as for "_ADMIN" to allow for simplified
          * general administration permission, but also checks action_ROLE and validates the user is a member for the
          * application.
          *
          * @param application The name of the application corresponding to the desired permission.
          * @param action The action on the application corresponding to the desired permission.
          * @param entityName The name of the role entity to use for validation.
          * @param condition EntityCondition used to query the entityName.
          * @param userLogin The userLogin object for user to check against.
          * @return Returns true if the currently logged in userLogin has the specified permission, otherwise returns false.
          */
         private boolean hasRolePermission(String application, String action, String entityName, EntityCondition condition, GenericValue userLogin) {
             if (userLogin == null) {
                 return false;
             }
             // first check the standard permission
             if (hasEntityPermission(application, action, userLogin)) {
                 return true;
             }
             // make sure we have what's needed for role security
             if (entityName == null || condition == null) {
                 return false;
             }
             // now check the user for the role permission
             if (hasEntityPermission(application + "_ROLE", action, userLogin)) {
                 // we have the permission now, we check to make sure we are allowed access
                 try {
                     List<GenericValue> roleTest = EntityQuery.use(delegator).from(entityName).where(condition).queryList();
                     if (!roleTest.isEmpty()) {
                         return true;
                     }
                 } catch (GenericEntityException e) {
                     Debug.logError(e, "Problems doing role security lookup on entity [" + entityName + "] using [" + condition + "]", module);
                     return false;
                 }
             }
             return false;
         }

         @Override
         public boolean hasRolePermission(String application, String action, String primaryKey, List<String> roles, GenericValue userLogin) {
             if (userLogin == null) {
                 return false;
             }
             if (primaryKey.equals("") && roles == null) {
                 if (hasEntityPermission(application, action, userLogin)) return true;
                 if (hasEntityPermission(application + "_ROLE", action, userLogin)) return true;
             }
             String entityName = null;
             EntityCondition condition = null;
             Map<String, String> simpleRoleMap = OFBizSecurity.simpleRoleEntity.get(application);
             if (simpleRoleMap != null && roles != null) {
                 entityName = simpleRoleMap.get("name");
                 String pkey = simpleRoleMap.get("pkey");
                 if (pkey != null) {
                     List<EntityExpr> expressions = new ArrayList<EntityExpr>();
                     for (String role: roles) {
                         expressions.add(EntityCondition.makeCondition("roleTypeId", EntityOperator.EQUALS, role));
                     }
                     EntityConditionList<EntityExpr> exprList = EntityCondition.makeCondition(expressions, EntityOperator.OR);
                     EntityExpr keyExpr = EntityCondition.makeCondition(pkey, primaryKey);
                     EntityExpr partyExpr = EntityCondition.makeCondition("partyId", userLogin.getString("partyId"));
                     condition = EntityCondition.makeCondition(exprList, keyExpr, partyExpr);
                 }

             }
             return hasRolePermission(application, action, entityName, condition, userLogin);
         }

         @Override
         public boolean hasRolePermission(String application, String action, String primaryKey, List<String> roles, HttpSession session) {
             GenericValue userLogin = (GenericValue) session.getAttribute("userLogin");
             return hasRolePermission(application, action, primaryKey, roles, userLogin);
         }

         @Override
         public boolean hasRolePermission(String application, String action, String primaryKey, String role, GenericValue userLogin) {
             List<String> roles = null;
             if (role != null && !role.equals("")) {
                 roles = UtilMisc.toList(role);
             }
             return hasRolePermission(application, action, primaryKey, roles, userLogin);
         }

         @Override
         public boolean hasRolePermission(String application, String action, String primaryKey, String role, HttpSession session) {
             GenericValue userLogin = (GenericValue) session.getAttribute("userLogin");
             return hasRolePermission(application, action, primaryKey, role, userLogin);
         }

         @Deprecated
         public boolean securityGroupPermissionExists(String groupId, String permission) {
             try {
                 return EntityQuery.use(delegator).from("SecurityGroupPermission").where("groupId", groupId, "permissionId", permission).cache(true).queryOne() != null;
             } catch (GenericEntityException e) {
                 Debug.logWarning(e, module);
                 return false;
             }
         }

         @Deprecated
         public void setDelegator(Delegator delegator) {
             if (this.delegator != null) {
                 throw new IllegalStateException("This object has been initialized already.");
             }
             Assert.notNull("delegator", delegator);
             this.delegator = delegator;
         }
     }
 }
	/*******************************************************************************
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*******************************************************************************/
	package org.apache.ofbiz.security;

	import java.util.ArrayList;
	import java.util.Collections;
	import java.util.Iterator;
	import java.util.List;
	import java.util.Map;
	import java.util.ServiceLoader;

	import javax.servlet.http.HttpSession;

	import org.apache.ofbiz.base.util.Assert;
	import org.apache.ofbiz.base.util.Debug;
	import org.apache.ofbiz.base.util.UtilMisc;
	import org.apache.ofbiz.base.util.cache.UtilCache;
	import org.apache.ofbiz.entity.Delegator;
	import org.apache.ofbiz.entity.GenericEntityException;
	import org.apache.ofbiz.entity.GenericValue;
	import org.apache.ofbiz.entity.condition.EntityCondition;
	import org.apache.ofbiz.entity.condition.EntityConditionList;
	import org.apache.ofbiz.entity.condition.EntityExpr;
	import org.apache.ofbiz.entity.condition.EntityOperator;
	import org.apache.ofbiz.entity.util.EntityQuery;
	import org.apache.ofbiz.entity.util.EntityUtil;

	/**
	* A <code>Security</code> factory.
	*/
	public final class SecurityFactory {

	public static final String module = SecurityFactory.class.getName();
	// The default implementation stores a Delegator reference, so we will cache by delegator name.
	// The goal is to remove Delegator references in the Security interface, then we can use a singleton
	// and eliminate the cache.
	private static final UtilCache<String, Security> authorizationCache = UtilCache.createUtilCache("security.AuthorizationCache");

	/**
	* Returns a <code>Security</code> instance. The method uses Java's
	* <a href="http://docs.oracle.com/javase/6/docs/api/java/util/ServiceLoader.html"><code>ServiceLoader</code></a>
	* to get a <code>Security</code> instance. If no instance is found, a default implementation is used.
	* The default implementation is based on/backed by the OFBiz entity engine.
	*
	* @param delegator The delegator
	* @return A <code>Security</code> instance
	*/
	@SuppressWarnings("deprecation")
	public static Security getInstance(Delegator delegator) throws SecurityConfigurationException {
	Assert.notNull("delegator", delegator);
	Security security = authorizationCache.get(delegator.getDelegatorName());
	if (security == null) {
	Iterator<Security> iterator = ServiceLoader.load(Security.class).iterator();
	if (iterator.hasNext()) {
	security = iterator.next();
	} else {
	security = new OFBizSecurity();
	}
	security.setDelegator(delegator);
	security = authorizationCache.putIfAbsentAndGet(delegator.getDelegatorName(), security);
	if (Debug.verboseOn()) {
	Debug.logVerbose("Security implementation " + security.getClass().getName() + " created for delegator " + delegator.getDelegatorName(), module);
	}
	}
	return security;
	}

	private SecurityFactory() {}

	private static final class OFBizSecurity implements Security {

	private Delegator delegator = null;

	protected static final Map<String, Map<String, String>> simpleRoleEntity = UtilMisc.toMap(
	"ORDERMGR", UtilMisc.<String, String>toMap("name", "OrderRole", "pkey", "orderId"),
	"FACILITY", UtilMisc.<String, String>toMap("name", "FacilityParty", "pkey", "facilityId"),
	"MARKETING", UtilMisc.<String, String>toMap("name", "MarketingCampaignRole", "pkey", "marketingCampaignId"));

	private OFBizSecurity() {}

	@Override
	public void clearUserData(GenericValue userLogin) {
	if (userLogin != null) {
	delegator.getCache().remove("UserLoginSecurityGroup", EntityCondition.makeCondition("userLoginId", EntityOperator.EQUALS, userLogin.getString("userLoginId")));
	}
	}

	@Deprecated
	public Iterator<GenericValue> findUserLoginSecurityGroupByUserLoginId(String userLoginId) {
	try {
	List<GenericValue> collection = EntityUtil.filterByDate(EntityQuery.use(delegator).from("UserLoginSecurityGroup").where("userLoginId", userLoginId).cache(true).queryList());
	return collection.iterator();
	} catch (GenericEntityException e) {
	Debug.logWarning(e, module);
	return Collections.<GenericValue>emptyList().iterator();
	}
	}

	@Deprecated
	public Delegator getDelegator() {
	return this.delegator;
	}

	@Override
	public boolean hasEntityPermission(String entity, String action, GenericValue userLogin) {
	if (userLogin == null \|\| entity == null \|\| action == null) return false;
	String permission = entity.concat(action);
	String adminPermission = entity.concat("_ADMIN");
	Iterator<GenericValue> iterator = findUserLoginSecurityGroupByUserLoginId(userLogin.getString("userLoginId"));
	while (iterator.hasNext()) {
	GenericValue userLoginSecurityGroup = iterator.next();
	if (securityGroupPermissionExists(userLoginSecurityGroup.getString("groupId"), permission))
	return true;
	if (securityGroupPermissionExists(userLoginSecurityGroup.getString("groupId"), adminPermission))
	return true;
	}

	return false;
	}

	@Override
	public boolean hasEntityPermission(String entity, String action, HttpSession session) {
	if (session == null) {
	return false;
	}
	GenericValue userLogin = (GenericValue) session.getAttribute("userLogin");
	if (userLogin == null) {
	return false;
	}
	return hasEntityPermission(entity, action, userLogin);
	}

	@Override
	public boolean hasPermission(String permission, GenericValue userLogin) {
	if (userLogin == null) {
	return false;
	}
	Iterator<GenericValue> iterator = findUserLoginSecurityGroupByUserLoginId(userLogin.getString("userLoginId"));
	GenericValue userLoginSecurityGroup = null;
	while (iterator.hasNext()) {
	userLoginSecurityGroup = iterator.next();
	if (securityGroupPermissionExists(userLoginSecurityGroup.getString("groupId"), permission)) return true;
	}
	return false;
	}

	@Override
	public boolean hasPermission(String permission, HttpSession session) {
	GenericValue userLogin = (GenericValue) session.getAttribute("userLogin");
	if (userLogin == null) {
	return false;
	}
	return hasPermission(permission, userLogin);
	}

	/**
	* Like hasEntityPermission above, this checks the specified action, as well as for "_ADMIN" to allow for simplified
	* general administration permission, but also checks action_ROLE and validates the user is a member for the
	* application.
	*
	* @param application The name of the application corresponding to the desired permission.
	* @param action The action on the application corresponding to the desired permission.
	* @param entityName The name of the role entity to use for validation.
	* @param condition EntityCondition used to query the entityName.
	* @param userLogin The userLogin object for user to check against.
	* @return Returns true if the currently logged in userLogin has the specified permission, otherwise returns false.
	*/
	private boolean hasRolePermission(String application, String action, String entityName, EntityCondition condition, GenericValue userLogin) {
	if (userLogin == null) {
	return false;
	}
	// first check the standard permission
	if (hasEntityPermission(application, action, userLogin)) {
	return true;
	}
	// make sure we have what's needed for role security
	if (entityName == null \|\| condition == null) {
	return false;
	}
	// now check the user for the role permission
	if (hasEntityPermission(application + "_ROLE", action, userLogin)) {
	// we have the permission now, we check to make sure we are allowed access
	try {
	List<GenericValue> roleTest = EntityQuery.use(delegator).from(entityName).where(condition).queryList();
	if (!roleTest.isEmpty()) {
	return true;
	}
	} catch (GenericEntityException e) {
	Debug.logError(e, "Problems doing role security lookup on entity [" + entityName + "] using [" + condition + "]", module);
	return false;
	}
	}
	return false;
	}

	@Override
	public boolean hasRolePermission(String application, String action, String primaryKey, List<String> roles, GenericValue userLogin) {
	if (userLogin == null) {
	return false;
	}
	if (primaryKey.equals("") && roles == null) {
	if (hasEntityPermission(application, action, userLogin)) return true;
	if (hasEntityPermission(application + "_ROLE", action, userLogin)) return true;
	}
	String entityName = null;
	EntityCondition condition = null;
	Map<String, String> simpleRoleMap = OFBizSecurity.simpleRoleEntity.get(application);
	if (simpleRoleMap != null && roles != null) {
	entityName = simpleRoleMap.get("name");
	String pkey = simpleRoleMap.get("pkey");
	if (pkey != null) {
	List<EntityExpr> expressions = new ArrayList<EntityExpr>();
	for (String role: roles) {
	expressions.add(EntityCondition.makeCondition("roleTypeId", EntityOperator.EQUALS, role));
	}
	EntityConditionList<EntityExpr> exprList = EntityCondition.makeCondition(expressions, EntityOperator.OR);
	EntityExpr keyExpr = EntityCondition.makeCondition(pkey, primaryKey);
	EntityExpr partyExpr = EntityCondition.makeCondition("partyId", userLogin.getString("partyId"));
	condition = EntityCondition.makeCondition(exprList, keyExpr, partyExpr);
	}

	}
	return hasRolePermission(application, action, entityName, condition, userLogin);
	}

	@Override
	public boolean hasRolePermission(String application, String action, String primaryKey, List<String> roles, HttpSession session) {
	GenericValue userLogin = (GenericValue) session.getAttribute("userLogin");
	return hasRolePermission(application, action, primaryKey, roles, userLogin);
	}

	@Override
	public boolean hasRolePermission(String application, String action, String primaryKey, String role, GenericValue userLogin) {
	List<String> roles = null;
	if (role != null && !role.equals("")) {
	roles = UtilMisc.toList(role);
	}
	return hasRolePermission(application, action, primaryKey, roles, userLogin);
	}

	@Override
	public boolean hasRolePermission(String application, String action, String primaryKey, String role, HttpSession session) {
	GenericValue userLogin = (GenericValue) session.getAttribute("userLogin");
	return hasRolePermission(application, action, primaryKey, role, userLogin);
	}

	@Deprecated
	public boolean securityGroupPermissionExists(String groupId, String permission) {
	try {
	return EntityQuery.use(delegator).from("SecurityGroupPermission").where("groupId", groupId, "permissionId", permission).cache(true).queryOne() != null;
	} catch (GenericEntityException e) {
	Debug.logWarning(e, module);
	return false;
	}
	}

	@Deprecated
	public void setDelegator(Delegator delegator) {
	if (this.delegator != null) {
	throw new IllegalStateException("This object has been initialized already.");
	}
	Assert.notNull("delegator", delegator);
	this.delegator = delegator;
	}
	}
	}