import java.security.Principal;
import java.util.ArrayList;
import java.util.List;
+import java.util.logging.Logger;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.context.SessionScoped;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
-import org.apache.log4j.Logger;
import org.wamblee.cache.Cache;
import org.wamblee.cache.EhCache;
import org.wamblee.io.ClassPathResource;
import org.wamblee.photos.model.Album;
import org.wamblee.photos.model.PhotoEntry;
import org.wamblee.photos.model.filesystem.FileSystemAlbum;
+import org.wamblee.photos.security.PageAuthorizationRule;
+import org.wamblee.photos.security.PhotoAuthorizationRule;
+import org.wamblee.photos.wicket.HomePage;
import org.wamblee.security.authentication.GroupSet;
import org.wamblee.security.authentication.Md5HexMessageDigester;
import org.wamblee.security.authentication.MessageDigester;
import org.wamblee.security.authentication.NameValidator;
import org.wamblee.security.authentication.RegexpNameValidator;
import org.wamblee.security.authentication.User;
+import org.wamblee.security.authentication.UserAccessor;
import org.wamblee.security.authentication.UserAdminInitializer;
import org.wamblee.security.authentication.UserAdministration;
import org.wamblee.security.authentication.UserAdministrationImpl;
import org.wamblee.security.authentication.UserSet;
import org.wamblee.security.authentication.jpa.JpaGroupSet;
import org.wamblee.security.authentication.jpa.JpaUserSet;
+import org.wamblee.security.authorization.AbstractAuthorizationRule;
+import org.wamblee.security.authorization.AllOperation;
+import org.wamblee.security.authorization.AnyUserCondition;
+import org.wamblee.security.authorization.AuthorizationInitializer;
+import org.wamblee.security.authorization.AuthorizationResult;
+import org.wamblee.security.authorization.AuthorizationService;
+import org.wamblee.security.authorization.CreateOperation;
+import org.wamblee.security.authorization.DefaultOperationRegistry;
+import org.wamblee.security.authorization.DeleteOperation;
+import org.wamblee.security.authorization.GroupUserCondition;
+import org.wamblee.security.authorization.Operation;
+import org.wamblee.security.authorization.OperationRegistry;
+import org.wamblee.security.authorization.ReadOperation;
+import org.wamblee.security.authorization.WriteOperation;
+import org.wamblee.security.authorization.jpa.JpaAuthorizationService;
/**
* @author Erik Brakkee
- *
*/
public class Producer {
- private static final Logger LOGGER = Logger.getLogger(Producer.class
- .getName());
+ private static final Logger LOGGER = Logger.getLogger(Producer.class.getName());
private static final String APP_CONFIG_RESOURCE = "META-INF/org.wamblee.photos.properties";
@Inject
private HttpServletRequest request;
+ @Inject
+ private HttpSession session;
+
@PersistenceContext
private EntityManager entityManager;
- private Configuration getCOnfiguration() {
+ // Created by this producer.
+
+ @Inject
+ private UserAdministration userAdmin;
+
+ @Inject
+ private AuthorizationService authorizationService;
+
+ @Inject
+ @AllPhotos
+ private Album allPhotos;
+
+ @Inject
+ @UserCache
+ private Cache<String, User> userCache;
+
+ @Inject
+ @PhotoCache
+ private Cache<String, ArrayList<PhotoEntry>> photoCache;
+
+ private Configuration getConfiguration() {
LOGGER.info("Initializing configuration");
Configuration config;
try {
- config = new Configuration(new ClassPathResource(
- APP_CONFIG_RESOURCE).getInputStream());
- } catch (IOException e) {
+ config = new Configuration(new ClassPathResource(APP_CONFIG_RESOURCE).getInputStream());
+ }
+ catch (IOException e) {
throw new RuntimeException(
- "Could not read application configuration property classpath resource " +
- APP_CONFIG_RESOURCE, e);
+ "Could not read application configuration property classpath resource " + APP_CONFIG_RESOURCE, e);
}
return config;
}
@ApplicationScoped
public UserAdministration getUserAdmin() {
LOGGER.info("Initializing user administration");
- try {
- NameValidator passwordvalidator = new RegexpNameValidator(".{5,}",
- "INVALID_PASSWORD", "Password must have at least 5 characters");
- InputResource cacheConfig = new ClassPathResource(
- "META-INF/ehcache.xml");
- Cache<String, User> userCache = new EhCache(cacheConfig, "users");
- MessageDigester passwordEncoder = new Md5HexMessageDigester();
- UserSet userset = new JpaUserSet(userCache, passwordvalidator,
- passwordEncoder, entityManager);
- GroupSet groupset = new JpaGroupSet(entityManager);
- NameValidator uservalidator = new RegexpNameValidator(
- "[a-zA-Z]+[a-zA-Z0-9]*", "INVALID_USERNAME",
+ NameValidator passwordvalidator =
+ new RegexpNameValidator(".{5,}", "INVALID_PASSWORD", "Password must have at least 5 characters");
+ MessageDigester passwordEncoder = new Md5HexMessageDigester();
+ UserSet userset = new JpaUserSet(userCache, passwordvalidator, passwordEncoder, entityManager);
+ GroupSet groupset = new JpaGroupSet(entityManager);
+ NameValidator uservalidator = new RegexpNameValidator("[a-zA-Z]+[a-zA-Z0-9]*", "INVALID_USERNAME",
"User name must consist of alphanumeric characters only");
- NameValidator groupvalidator = new RegexpNameValidator(
- "[a-zA-Z]+[a-zA-Z0-9]*", "INVALID_GROUPNAME",
+ NameValidator groupvalidator = new RegexpNameValidator("[a-zA-Z]+[a-zA-Z0-9]*", "INVALID_GROUPNAME",
"Group name must consist of alphanumeric characters only");
- UserAdministration admin = new UserAdministrationImpl(userset,
- groupset, uservalidator, groupvalidator);
- UserAdminInitializer initializer = new UserAdminInitializer(admin,
- new String[] { "erik", "admin" }, new String[] { "users",
- "administrators" }, new String[] { "abc123", "abc123" });
- return admin;
- } catch (IOException e) {
- throw new RuntimeException(
- "Could not initialize user administration", e);
+ UserAdministration admin = new UserAdministrationImpl(userset, groupset, uservalidator, groupvalidator);
+ UserAdminInitializer initializer =
+ new UserAdminInitializer(admin, new String[]{"erik", "admin"}, new String[]{"users", "administrators"},
+ new String[]{"abc123", "abc123"});
+ return admin;
+ }
+
+ @Produces
+ @ApplicationScoped
+ @UserCache
+ public Cache<String, User> getUserCache() {
+ try {
+ InputResource cacheConfig = new ClassPathResource("META-INF/ehcache.xml");
+ return new EhCache(cacheConfig, "users");
+ }
+ catch (IOException e) {
+ throw new RuntimeException("Could not create user cache", e);
}
}
+ @Produces
+ @ApplicationScoped
+ @PhotoCache
+ public Cache<String, ArrayList<PhotoEntry>> getPhotoCache() {
+ try {
+ InputResource cacheConfig = new ClassPathResource("META-INF/ehcache.xml");
+ return new EhCache<String, ArrayList<PhotoEntry>>(cacheConfig, "photos");
+ }
+ catch (IOException e) {
+ throw new RuntimeException("Could not create photo cache", e);
+ }
+ }
+
+ @Produces
+ @ApplicationScoped
+ public AuthorizationService getAuthorizationService() {
+ LOGGER.info("Initializing authorization service");
+ OperationRegistry registry = new DefaultOperationRegistry(
+ new Operation[]{new AllOperation(), new CreateOperation(), new DeleteOperation(), new ReadOperation(),
+ new WriteOperation()});
+ UserAccessor userAccessor = new UserAccessor() {
+
+ @Override
+ public String getCurrentUser() {
+ Principal principal = request.getUserPrincipal();
+ if (principal == null) {
+ return null;
+ }
+ return principal.getName();
+ }
+ };
+ AuthorizationService service =
+ new JpaAuthorizationService("DEFAULT", entityManager, userAccessor, userAdmin, 10000);
+
+ AnyUserCondition anyUserCondition = new AnyUserCondition();
+ GroupUserCondition adminUserCondition = new GroupUserCondition("administrators");
+
+ PhotoAuthorizationRule photoEntryRule = new PhotoAuthorizationRule(anyUserCondition);
+
+ // Pages that allow access by any authenticated user
+ PageAuthorizationRule anyUserPageRule =
+ new PageAuthorizationRule(AuthorizationResult.GRANTED, anyUserCondition, HomePage.class);
+
+ PageAuthorizationRule adminPageRule =
+ new PageAuthorizationRule(AuthorizationResult.GRANTED, adminUserCondition);
+
+ AuthorizationInitializer initializer = new AuthorizationInitializer(service,
+ new AbstractAuthorizationRule[]{photoEntryRule, anyUserPageRule, adminPageRule});
+
+ return service;
+ }
+
@Produces
@ApplicationScoped
@AllPhotos
LOGGER.info("Initializing photo album");
try {
- File dir = new File(getCOnfiguration().getPath());
- InputResource cacheConfig = new ClassPathResource(
- "META-INF/ehcache.xml");
- Cache<String, ArrayList<PhotoEntry>> photoCache = new EhCache<String, ArrayList<PhotoEntry>>(
- cacheConfig, "photos");
+ File dir = new File(getConfiguration().getPath());
Album fileSystemAlbum = new FileSystemAlbum(dir, "/", photoCache);
Album concurrentAlbum = new ConcurrentAlbum(fileSystemAlbum);
return concurrentAlbum;
- } catch (IOException e) {
+ }
+ catch (IOException e) {
throw new RuntimeException("Could not initialize photo album", e);
}
}
- @Produces
- @SessionScoped
- @AuthorizedPhotos
- public Album getAuthorizedPhotos() {
- LOGGER.info("Initializing authorized photos for current session");
-
- return null;
- }
-
@Produces
@SessionScoped
public User getUser() {
throw new RuntimeException("No authenticated user");
}
String username = userPrincipal.getName();
- List<User> users = entityManager
- .createNamedQuery(User.QUERY_FIND_BY_NAME)
- .setParameter(User.NAME_PARAM, username).getResultList();
+ List<User> users =
+ entityManager.createNamedQuery(User.QUERY_FIND_BY_NAME).setParameter(User.NAME_PARAM, username)
+ .getResultList();
if (users.size() > 1) {
- throw new RuntimeException("More than one user found for '" +
- username + "'");
+ throw new RuntimeException("More than one user found for '" + username + "'");
}
if (users.isEmpty()) {
throw new RuntimeException("No authenticated user");
}
return users.get(0);
}
-
}