X-Git-Url: http://wamblee.org/gitweb/?a=blobdiff_plain;f=src%2Fmain%2Fjava%2Forg%2Fwamblee%2Fphotos%2Fmodel%2Fplumbing%2FProducer.java;h=4e5b1da7b6a2a1540c3fb9c11bab938993f0dd09;hb=06bf9182a5cd8b626d8e66c1fde4e8e6c722a0b5;hp=9ad3c143fe58d33f58d0cad993271e9e55958e95;hpb=0a8bb936be1c6e6bdb85e4998c57d259ca8872a1;p=photos diff --git a/src/main/java/org/wamblee/photos/model/plumbing/Producer.java b/src/main/java/org/wamblee/photos/model/plumbing/Producer.java index 9ad3c14..4e5b1da 100644 --- a/src/main/java/org/wamblee/photos/model/plumbing/Producer.java +++ b/src/main/java/org/wamblee/photos/model/plumbing/Producer.java @@ -20,6 +20,7 @@ import java.io.IOException; import java.security.Principal; import java.util.ArrayList; import java.util.List; +import java.util.logging.Logger; import javax.enterprise.context.ApplicationScoped; import javax.enterprise.context.SessionScoped; @@ -28,8 +29,8 @@ import javax.inject.Inject; import javax.persistence.EntityManager; import javax.persistence.PersistenceContext; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpSession; -import org.apache.log4j.Logger; import org.wamblee.cache.Cache; import org.wamblee.cache.EhCache; import org.wamblee.io.ClassPathResource; @@ -37,19 +38,39 @@ import org.wamblee.io.InputResource; import org.wamblee.photos.concurrent.ConcurrentAlbum; import org.wamblee.photos.model.Album; import org.wamblee.photos.model.PhotoEntry; +import org.wamblee.photos.model.authorization.AuthorizedAlbum; import org.wamblee.photos.model.filesystem.FileSystemAlbum; +import org.wamblee.photos.security.PageAuthorizationRule; +import org.wamblee.photos.security.PhotoAuthorizationRule; +import org.wamblee.photos.wicket.HomePage; import org.wamblee.security.authentication.GroupSet; import org.wamblee.security.authentication.Md5HexMessageDigester; import org.wamblee.security.authentication.MessageDigester; import org.wamblee.security.authentication.NameValidator; import org.wamblee.security.authentication.RegexpNameValidator; import org.wamblee.security.authentication.User; +import org.wamblee.security.authentication.UserAccessor; import org.wamblee.security.authentication.UserAdminInitializer; import org.wamblee.security.authentication.UserAdministration; import org.wamblee.security.authentication.UserAdministrationImpl; import org.wamblee.security.authentication.UserSet; import org.wamblee.security.authentication.jpa.JpaGroupSet; import org.wamblee.security.authentication.jpa.JpaUserSet; +import org.wamblee.security.authorization.AbstractAuthorizationRule; +import org.wamblee.security.authorization.AllOperation; +import org.wamblee.security.authorization.AnyUserCondition; +import org.wamblee.security.authorization.AuthorizationInitializer; +import org.wamblee.security.authorization.AuthorizationResult; +import org.wamblee.security.authorization.AuthorizationService; +import org.wamblee.security.authorization.CreateOperation; +import org.wamblee.security.authorization.DefaultOperationRegistry; +import org.wamblee.security.authorization.DeleteOperation; +import org.wamblee.security.authorization.GroupUserCondition; +import org.wamblee.security.authorization.Operation; +import org.wamblee.security.authorization.OperationRegistry; +import org.wamblee.security.authorization.ReadOperation; +import org.wamblee.security.authorization.WriteOperation; +import org.wamblee.security.authorization.jpa.JpaAuthorizationService; /** * @author Erik Brakkee @@ -65,9 +86,24 @@ public class Producer { @Inject private HttpServletRequest request; + @Inject + private HttpSession session; + @PersistenceContext private EntityManager entityManager; + // Created by this producer. + + @Inject + private UserAdministration userAdmin; + + @Inject + private AuthorizationService authorizationService; + + @Inject + @AllPhotos + private Album allPhotos; + private Configuration getCOnfiguration() { LOGGER.info("Initializing configuration"); Configuration config; @@ -115,6 +151,47 @@ public class Producer { } } + @Produces + @ApplicationScoped + public AuthorizationService getAuthorizationService() { + OperationRegistry registry = new DefaultOperationRegistry( + new Operation[] { new AllOperation(), new CreateOperation(), + new DeleteOperation(), new ReadOperation(), + new WriteOperation() }); + UserAccessor userAccessor = new UserAccessor() { + + @Override + public String getCurrentUser() { + Principal principal = request.getUserPrincipal(); + if (principal == null) { + return null; + } + return principal.getName(); + } + }; + AuthorizationService service = new JpaAuthorizationService("DEFAULT", + entityManager, userAccessor, userAdmin, 10000); + + AnyUserCondition anyUserCondition = new AnyUserCondition(); + GroupUserCondition adminUserCondition = new GroupUserCondition( + "administrators"); + + PhotoAuthorizationRule photoEntryRule = new PhotoAuthorizationRule(); + + // Pages that allow access by any authenticated user + PageAuthorizationRule anyUserPageRule = new PageAuthorizationRule( + AuthorizationResult.GRANTED, anyUserCondition, HomePage.class); + + PageAuthorizationRule adminPageRule = new PageAuthorizationRule( + AuthorizationResult.GRANTED, adminUserCondition); + + AuthorizationInitializer initializer = new AuthorizationInitializer( + service, new AbstractAuthorizationRule[] { photoEntryRule, + anyUserPageRule, adminPageRule }); + + return service; + } + @Produces @ApplicationScoped @AllPhotos @@ -139,10 +216,21 @@ public class Producer { @Produces @SessionScoped @AuthorizedPhotos - public Album getAuthorizedPhotos() { + public Album getAuthorizedAlbum() { LOGGER.info("Initializing authorized photos for current session"); + try { + InputResource cacheConfig = new ClassPathResource( + "META-INF/ehcache.xml"); + Cache userCache = new EhCache(cacheConfig, "users"); + Cache authorizedPhotoCache = new EhCache(cacheConfig, "photos"); - return null; + AuthorizedAlbum album = new AuthorizedAlbum(allPhotos, + authorizationService, authorizedPhotoCache, session.getId()); + return album; + } catch (IOException e) { + throw new RuntimeException("Problem initializing authorized album", + e); + } } @Produces