import java.security.Principal;
import java.util.ArrayList;
import java.util.List;
+import java.util.logging.Logger;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.context.SessionScoped;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
-import org.apache.log4j.Logger;
import org.wamblee.cache.Cache;
import org.wamblee.cache.EhCache;
import org.wamblee.io.ClassPathResource;
import org.wamblee.photos.concurrent.ConcurrentAlbum;
import org.wamblee.photos.model.Album;
import org.wamblee.photos.model.PhotoEntry;
+import org.wamblee.photos.model.authorization.AuthorizedAlbum;
import org.wamblee.photos.model.filesystem.FileSystemAlbum;
+import org.wamblee.photos.security.PageAuthorizationRule;
+import org.wamblee.photos.security.PhotoAuthorizationRule;
+import org.wamblee.photos.wicket.HomePage;
import org.wamblee.security.authentication.GroupSet;
import org.wamblee.security.authentication.Md5HexMessageDigester;
import org.wamblee.security.authentication.MessageDigester;
import org.wamblee.security.authentication.NameValidator;
import org.wamblee.security.authentication.RegexpNameValidator;
import org.wamblee.security.authentication.User;
+import org.wamblee.security.authentication.UserAccessor;
import org.wamblee.security.authentication.UserAdminInitializer;
import org.wamblee.security.authentication.UserAdministration;
import org.wamblee.security.authentication.UserAdministrationImpl;
import org.wamblee.security.authentication.UserSet;
import org.wamblee.security.authentication.jpa.JpaGroupSet;
import org.wamblee.security.authentication.jpa.JpaUserSet;
+import org.wamblee.security.authorization.AbstractAuthorizationRule;
+import org.wamblee.security.authorization.AllOperation;
+import org.wamblee.security.authorization.AnyUserCondition;
+import org.wamblee.security.authorization.AuthorizationInitializer;
+import org.wamblee.security.authorization.AuthorizationResult;
+import org.wamblee.security.authorization.AuthorizationService;
+import org.wamblee.security.authorization.CreateOperation;
+import org.wamblee.security.authorization.DefaultOperationRegistry;
+import org.wamblee.security.authorization.DeleteOperation;
+import org.wamblee.security.authorization.GroupUserCondition;
+import org.wamblee.security.authorization.Operation;
+import org.wamblee.security.authorization.OperationRegistry;
+import org.wamblee.security.authorization.ReadOperation;
+import org.wamblee.security.authorization.WriteOperation;
+import org.wamblee.security.authorization.jpa.JpaAuthorizationService;
/**
* @author Erik Brakkee
@Inject
private HttpServletRequest request;
+ @Inject
+ private HttpSession session;
+
@PersistenceContext
private EntityManager entityManager;
+ // Created by this producer.
+
+ @Inject
+ private UserAdministration userAdmin;
+
+ @Inject
+ private AuthorizationService authorizationService;
+
+ @Inject
+ @AllPhotos
+ private Album allPhotos;
+
private Configuration getCOnfiguration() {
LOGGER.info("Initializing configuration");
Configuration config;
}
}
+ @Produces
+ @ApplicationScoped
+ public AuthorizationService getAuthorizationService() {
+ OperationRegistry registry = new DefaultOperationRegistry(
+ new Operation[] { new AllOperation(), new CreateOperation(),
+ new DeleteOperation(), new ReadOperation(),
+ new WriteOperation() });
+ UserAccessor userAccessor = new UserAccessor() {
+
+ @Override
+ public String getCurrentUser() {
+ Principal principal = request.getUserPrincipal();
+ if (principal == null) {
+ return null;
+ }
+ return principal.getName();
+ }
+ };
+ AuthorizationService service = new JpaAuthorizationService("DEFAULT",
+ entityManager, userAccessor, userAdmin, 10000);
+
+ AnyUserCondition anyUserCondition = new AnyUserCondition();
+ GroupUserCondition adminUserCondition = new GroupUserCondition(
+ "administrators");
+
+ PhotoAuthorizationRule photoEntryRule = new PhotoAuthorizationRule();
+
+ // Pages that allow access by any authenticated user
+ PageAuthorizationRule anyUserPageRule = new PageAuthorizationRule(
+ AuthorizationResult.GRANTED, anyUserCondition, HomePage.class);
+
+ PageAuthorizationRule adminPageRule = new PageAuthorizationRule(
+ AuthorizationResult.GRANTED, adminUserCondition);
+
+ AuthorizationInitializer initializer = new AuthorizationInitializer(
+ service, new AbstractAuthorizationRule[] { photoEntryRule,
+ anyUserPageRule, adminPageRule });
+
+ return service;
+ }
+
@Produces
@ApplicationScoped
@AllPhotos
@Produces
@SessionScoped
@AuthorizedPhotos
- public Album getAuthorizedPhotos() {
+ public Album getAuthorizedAlbum() {
LOGGER.info("Initializing authorized photos for current session");
+ try {
+ InputResource cacheConfig = new ClassPathResource(
+ "META-INF/ehcache.xml");
+ Cache<String, User> userCache = new EhCache(cacheConfig, "users");
+ Cache authorizedPhotoCache = new EhCache(cacheConfig, "photos");
- return null;
+ AuthorizedAlbum album = new AuthorizedAlbum(allPhotos,
+ authorizationService, authorizedPhotoCache, session.getId());
+ return album;
+ } catch (IOException e) {
+ throw new RuntimeException("Problem initializing authorized album",
+ e);
+ }
}
@Produces