X-Git-Url: http://wamblee.org/gitweb/?a=blobdiff_plain;f=src%2Fmain%2Fjava%2Forg%2Fwamblee%2Fphotos%2Fmodel%2Fplumbing%2FProducer.java;h=a3d9c2a74f75525050cfc36887f674e36e4287b1;hb=be2dfde47261118e3f67f1c100bb935bc0a1b581;hp=9ad3c143fe58d33f58d0cad993271e9e55958e95;hpb=8845e7fe6141ccc98fd070ee4e653941f6e60508;p=photos diff --git a/src/main/java/org/wamblee/photos/model/plumbing/Producer.java b/src/main/java/org/wamblee/photos/model/plumbing/Producer.java index 9ad3c14..a3d9c2a 100644 --- a/src/main/java/org/wamblee/photos/model/plumbing/Producer.java +++ b/src/main/java/org/wamblee/photos/model/plumbing/Producer.java @@ -20,6 +20,7 @@ import java.io.IOException; import java.security.Principal; import java.util.ArrayList; import java.util.List; +import java.util.logging.Logger; import javax.enterprise.context.ApplicationScoped; import javax.enterprise.context.SessionScoped; @@ -28,8 +29,8 @@ import javax.inject.Inject; import javax.persistence.EntityManager; import javax.persistence.PersistenceContext; import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpSession; -import org.apache.log4j.Logger; import org.wamblee.cache.Cache; import org.wamblee.cache.EhCache; import org.wamblee.io.ClassPathResource; @@ -38,18 +39,37 @@ import org.wamblee.photos.concurrent.ConcurrentAlbum; import org.wamblee.photos.model.Album; import org.wamblee.photos.model.PhotoEntry; import org.wamblee.photos.model.filesystem.FileSystemAlbum; +import org.wamblee.photos.security.PageAuthorizationRule; +import org.wamblee.photos.security.PhotoAuthorizationRule; +import org.wamblee.photos.wicket.HomePage; import org.wamblee.security.authentication.GroupSet; import org.wamblee.security.authentication.Md5HexMessageDigester; import org.wamblee.security.authentication.MessageDigester; import org.wamblee.security.authentication.NameValidator; import org.wamblee.security.authentication.RegexpNameValidator; import org.wamblee.security.authentication.User; +import org.wamblee.security.authentication.UserAccessor; import org.wamblee.security.authentication.UserAdminInitializer; import org.wamblee.security.authentication.UserAdministration; import org.wamblee.security.authentication.UserAdministrationImpl; import org.wamblee.security.authentication.UserSet; import org.wamblee.security.authentication.jpa.JpaGroupSet; import org.wamblee.security.authentication.jpa.JpaUserSet; +import org.wamblee.security.authorization.AbstractAuthorizationRule; +import org.wamblee.security.authorization.AllOperation; +import org.wamblee.security.authorization.AnyUserCondition; +import org.wamblee.security.authorization.AuthorizationInitializer; +import org.wamblee.security.authorization.AuthorizationResult; +import org.wamblee.security.authorization.AuthorizationService; +import org.wamblee.security.authorization.CreateOperation; +import org.wamblee.security.authorization.DefaultOperationRegistry; +import org.wamblee.security.authorization.DeleteOperation; +import org.wamblee.security.authorization.GroupUserCondition; +import org.wamblee.security.authorization.Operation; +import org.wamblee.security.authorization.OperationRegistry; +import org.wamblee.security.authorization.ReadOperation; +import org.wamblee.security.authorization.WriteOperation; +import org.wamblee.security.authorization.jpa.JpaAuthorizationService; /** * @author Erik Brakkee @@ -65,9 +85,32 @@ public class Producer { @Inject private HttpServletRequest request; + @Inject + private HttpSession session; + @PersistenceContext private EntityManager entityManager; + // Created by this producer. + + @Inject + private UserAdministration userAdmin; + + @Inject + private AuthorizationService authorizationService; + + @Inject + @AllPhotos + private Album allPhotos; + + @Inject + @UserCache + private Cache userCache; + + @Inject + @PhotoCache + private Cache> photoCache; + private Configuration getCOnfiguration() { LOGGER.info("Initializing configuration"); Configuration config; @@ -86,35 +129,95 @@ public class Producer { @ApplicationScoped public UserAdministration getUserAdmin() { LOGGER.info("Initializing user administration"); + NameValidator passwordvalidator = new RegexpNameValidator(".{5,}", + "INVALID_PASSWORD", "Password must have at least 5 characters"); + MessageDigester passwordEncoder = new Md5HexMessageDigester(); + UserSet userset = new JpaUserSet(userCache, passwordvalidator, + passwordEncoder, entityManager); + GroupSet groupset = new JpaGroupSet(entityManager); + NameValidator uservalidator = new RegexpNameValidator( + "[a-zA-Z]+[a-zA-Z0-9]*", "INVALID_USERNAME", + "User name must consist of alphanumeric characters only"); + NameValidator groupvalidator = new RegexpNameValidator( + "[a-zA-Z]+[a-zA-Z0-9]*", "INVALID_GROUPNAME", + "Group name must consist of alphanumeric characters only"); + + UserAdministration admin = new UserAdministrationImpl(userset, + groupset, uservalidator, groupvalidator); + UserAdminInitializer initializer = new UserAdminInitializer(admin, + new String[] { "erik", "admin" }, new String[] { "users", + "administrators" }, new String[] { "abc123", "abc123" }); + return admin; + } + + @Produces + @ApplicationScoped + @UserCache + public Cache getUserCache() { try { - NameValidator passwordvalidator = new RegexpNameValidator(".{5,}", - "INVALID_PASSWORD", "Password must have at least 5 characters"); InputResource cacheConfig = new ClassPathResource( "META-INF/ehcache.xml"); - Cache userCache = new EhCache(cacheConfig, "users"); - MessageDigester passwordEncoder = new Md5HexMessageDigester(); - UserSet userset = new JpaUserSet(userCache, passwordvalidator, - passwordEncoder, entityManager); - GroupSet groupset = new JpaGroupSet(entityManager); - NameValidator uservalidator = new RegexpNameValidator( - "[a-zA-Z]+[a-zA-Z0-9]*", "INVALID_USERNAME", - "User name must consist of alphanumeric characters only"); - NameValidator groupvalidator = new RegexpNameValidator( - "[a-zA-Z]+[a-zA-Z0-9]*", "INVALID_GROUPNAME", - "Group name must consist of alphanumeric characters only"); - - UserAdministration admin = new UserAdministrationImpl(userset, - groupset, uservalidator, groupvalidator); - UserAdminInitializer initializer = new UserAdminInitializer(admin, - new String[] { "erik", "admin" }, new String[] { "users", - "administrators" }, new String[] { "abc123", "abc123" }); - return admin; + return new EhCache(cacheConfig, "users"); } catch (IOException e) { - throw new RuntimeException( - "Could not initialize user administration", e); + throw new RuntimeException("Could not create user cache", e); } } + @Produces + @ApplicationScoped + @PhotoCache + public Cache> getPhotoCache() { + try { + InputResource cacheConfig = new ClassPathResource( + "META-INF/ehcache.xml"); + return new EhCache>(cacheConfig, + "photos"); + } catch (IOException e) { + throw new RuntimeException("Could not create photo cache", e); + } + } + + @Produces + @ApplicationScoped + public AuthorizationService getAuthorizationService() { + OperationRegistry registry = new DefaultOperationRegistry( + new Operation[] { new AllOperation(), new CreateOperation(), + new DeleteOperation(), new ReadOperation(), + new WriteOperation() }); + UserAccessor userAccessor = new UserAccessor() { + + @Override + public String getCurrentUser() { + Principal principal = request.getUserPrincipal(); + if (principal == null) { + return null; + } + return principal.getName(); + } + }; + AuthorizationService service = new JpaAuthorizationService("DEFAULT", + entityManager, userAccessor, userAdmin, 10000); + + AnyUserCondition anyUserCondition = new AnyUserCondition(); + GroupUserCondition adminUserCondition = new GroupUserCondition( + "administrators"); + + PhotoAuthorizationRule photoEntryRule = new PhotoAuthorizationRule(); + + // Pages that allow access by any authenticated user + PageAuthorizationRule anyUserPageRule = new PageAuthorizationRule( + AuthorizationResult.GRANTED, anyUserCondition, HomePage.class); + + PageAuthorizationRule adminPageRule = new PageAuthorizationRule( + AuthorizationResult.GRANTED, adminUserCondition); + + AuthorizationInitializer initializer = new AuthorizationInitializer( + service, new AbstractAuthorizationRule[] { photoEntryRule, + anyUserPageRule, adminPageRule }); + + return service; + } + @Produces @ApplicationScoped @AllPhotos @@ -123,10 +226,6 @@ public class Producer { try { File dir = new File(getCOnfiguration().getPath()); - InputResource cacheConfig = new ClassPathResource( - "META-INF/ehcache.xml"); - Cache> photoCache = new EhCache>( - cacheConfig, "photos"); Album fileSystemAlbum = new FileSystemAlbum(dir, "/", photoCache); Album concurrentAlbum = new ConcurrentAlbum(fileSystemAlbum); @@ -136,15 +235,6 @@ public class Producer { } } - @Produces - @SessionScoped - @AuthorizedPhotos - public Album getAuthorizedPhotos() { - LOGGER.info("Initializing authorized photos for current session"); - - return null; - } - @Produces @SessionScoped public User getUser() {