X-Git-Url: http://wamblee.org/gitweb/?a=blobdiff_plain;f=src%2Fmain%2Fjava%2Forg%2Fwamblee%2Fphotos%2Fmodel%2Fplumbing%2FProducer.java;h=f14c748f4d79e980aaf96de925ff63ad0f3ff92e;hb=8c73cdd2b64e2bb86183a21e175fd0a14717529c;hp=9ad3c143fe58d33f58d0cad993271e9e55958e95;hpb=8845e7fe6141ccc98fd070ee4e653941f6e60508;p=photos

diff --git a/src/main/java/org/wamblee/photos/model/plumbing/Producer.java b/src/main/java/org/wamblee/photos/model/plumbing/Producer.java
index 9ad3c14..f14c748 100644
--- a/src/main/java/org/wamblee/photos/model/plumbing/Producer.java
+++ b/src/main/java/org/wamblee/photos/model/plumbing/Producer.java
@@ -20,6 +20,7 @@ import java.io.IOException;
 import java.security.Principal;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.logging.Logger;
 
 import javax.enterprise.context.ApplicationScoped;
 import javax.enterprise.context.SessionScoped;
@@ -28,8 +29,8 @@ import javax.inject.Inject;
 import javax.persistence.EntityManager;
 import javax.persistence.PersistenceContext;
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
 
-import org.apache.log4j.Logger;
 import org.wamblee.cache.Cache;
 import org.wamblee.cache.EhCache;
 import org.wamblee.io.ClassPathResource;
@@ -38,46 +39,85 @@ import org.wamblee.photos.concurrent.ConcurrentAlbum;
 import org.wamblee.photos.model.Album;
 import org.wamblee.photos.model.PhotoEntry;
 import org.wamblee.photos.model.filesystem.FileSystemAlbum;
+import org.wamblee.photos.security.PageAuthorizationRule;
+import org.wamblee.photos.security.PhotoAuthorizationRule;
+import org.wamblee.photos.wicket.HomePage;
 import org.wamblee.security.authentication.GroupSet;
 import org.wamblee.security.authentication.Md5HexMessageDigester;
 import org.wamblee.security.authentication.MessageDigester;
 import org.wamblee.security.authentication.NameValidator;
 import org.wamblee.security.authentication.RegexpNameValidator;
 import org.wamblee.security.authentication.User;
+import org.wamblee.security.authentication.UserAccessor;
 import org.wamblee.security.authentication.UserAdminInitializer;
 import org.wamblee.security.authentication.UserAdministration;
 import org.wamblee.security.authentication.UserAdministrationImpl;
 import org.wamblee.security.authentication.UserSet;
 import org.wamblee.security.authentication.jpa.JpaGroupSet;
 import org.wamblee.security.authentication.jpa.JpaUserSet;
+import org.wamblee.security.authorization.AbstractAuthorizationRule;
+import org.wamblee.security.authorization.AllOperation;
+import org.wamblee.security.authorization.AnyUserCondition;
+import org.wamblee.security.authorization.AuthorizationInitializer;
+import org.wamblee.security.authorization.AuthorizationResult;
+import org.wamblee.security.authorization.AuthorizationService;
+import org.wamblee.security.authorization.CreateOperation;
+import org.wamblee.security.authorization.DefaultOperationRegistry;
+import org.wamblee.security.authorization.DeleteOperation;
+import org.wamblee.security.authorization.GroupUserCondition;
+import org.wamblee.security.authorization.Operation;
+import org.wamblee.security.authorization.OperationRegistry;
+import org.wamblee.security.authorization.ReadOperation;
+import org.wamblee.security.authorization.WriteOperation;
+import org.wamblee.security.authorization.jpa.JpaAuthorizationService;
 
 /**
  * @author Erik Brakkee
- * 
  */
 public class Producer {
 
-    private static final Logger LOGGER = Logger.getLogger(Producer.class
-        .getName());
+    private static final Logger LOGGER = Logger.getLogger(Producer.class.getName());
 
     private static final String APP_CONFIG_RESOURCE = "META-INF/org.wamblee.photos.properties";
 
     @Inject
     private HttpServletRequest request;
 
+    @Inject
+    private HttpSession session;
+
     @PersistenceContext
     private EntityManager entityManager;
 
-    private Configuration getCOnfiguration() {
+    // Created by this producer.
+
+    @Inject
+    private UserAdministration userAdmin;
+
+    @Inject
+    private AuthorizationService authorizationService;
+
+    @Inject
+    @AllPhotos
+    private Album allPhotos;
+
+    @Inject
+    @UserCache
+    private Cache<String, User> userCache;
+
+    @Inject
+    @PhotoCache
+    private Cache<String, ArrayList<PhotoEntry>> photoCache;
+
+    private Configuration getConfiguration() {
         LOGGER.info("Initializing configuration");
         Configuration config;
         try {
-            config = new Configuration(new ClassPathResource(
-                APP_CONFIG_RESOURCE).getInputStream());
-        } catch (IOException e) {
+            config = new Configuration(new ClassPathResource(APP_CONFIG_RESOURCE).getInputStream());
+        }
+        catch (IOException e) {
             throw new RuntimeException(
-                "Could not read application configuration property classpath resource " +
-                    APP_CONFIG_RESOURCE, e);
+                    "Could not read application configuration property classpath resource " + APP_CONFIG_RESOURCE, e);
         }
         return config;
     }
@@ -86,35 +126,88 @@ public class Producer {
     @ApplicationScoped
     public UserAdministration getUserAdmin() {
         LOGGER.info("Initializing user administration");
-        try {
-            NameValidator passwordvalidator = new RegexpNameValidator(".{5,}",
-                "INVALID_PASSWORD", "Password must have at least 5 characters");
-            InputResource cacheConfig = new ClassPathResource(
-                "META-INF/ehcache.xml");
-            Cache<String, User> userCache = new EhCache(cacheConfig, "users");
-            MessageDigester passwordEncoder = new Md5HexMessageDigester();
-            UserSet userset = new JpaUserSet(userCache, passwordvalidator,
-                passwordEncoder, entityManager);
-            GroupSet groupset = new JpaGroupSet(entityManager);
-            NameValidator uservalidator = new RegexpNameValidator(
-                "[a-zA-Z]+[a-zA-Z0-9]*", "INVALID_USERNAME",
+        NameValidator passwordvalidator =
+                new RegexpNameValidator(".{5,}", "INVALID_PASSWORD", "Password must have at least 5 characters");
+        MessageDigester passwordEncoder = new Md5HexMessageDigester();
+        UserSet userset = new JpaUserSet(userCache, passwordvalidator, passwordEncoder, entityManager);
+        GroupSet groupset = new JpaGroupSet(entityManager);
+        NameValidator uservalidator = new RegexpNameValidator("[a-zA-Z]+[a-zA-Z0-9]*", "INVALID_USERNAME",
                 "User name must consist of alphanumeric characters only");
-            NameValidator groupvalidator = new RegexpNameValidator(
-                "[a-zA-Z]+[a-zA-Z0-9]*", "INVALID_GROUPNAME",
+        NameValidator groupvalidator = new RegexpNameValidator("[a-zA-Z]+[a-zA-Z0-9]*", "INVALID_GROUPNAME",
                 "Group name must consist of alphanumeric characters only");
 
-            UserAdministration admin = new UserAdministrationImpl(userset,
-                groupset, uservalidator, groupvalidator);
-            UserAdminInitializer initializer = new UserAdminInitializer(admin,
-                new String[] { "erik", "admin" }, new String[] { "users",
-                    "administrators" }, new String[] { "abc123", "abc123" });
-            return admin;
-        } catch (IOException e) {
-            throw new RuntimeException(
-                "Could not initialize user administration", e);
+        UserAdministration admin = new UserAdministrationImpl(userset, groupset, uservalidator, groupvalidator);
+        UserAdminInitializer initializer =
+                new UserAdminInitializer(admin, new String[]{"erik", "admin"}, new String[]{"users", "administrators"},
+                        new String[]{"abc123", "abc123"});
+        return admin;
+    }
+
+    @Produces
+    @ApplicationScoped
+    @UserCache
+    public Cache<String, User> getUserCache() {
+        try {
+            InputResource cacheConfig = new ClassPathResource("META-INF/ehcache.xml");
+            return new EhCache(cacheConfig, "users");
+        }
+        catch (IOException e) {
+            throw new RuntimeException("Could not create user cache", e);
         }
     }
 
+    @Produces
+    @ApplicationScoped
+    @PhotoCache
+    public Cache<String, ArrayList<PhotoEntry>> getPhotoCache() {
+        try {
+            InputResource cacheConfig = new ClassPathResource("META-INF/ehcache.xml");
+            return new EhCache<String, ArrayList<PhotoEntry>>(cacheConfig, "photos");
+        }
+        catch (IOException e) {
+            throw new RuntimeException("Could not create photo cache", e);
+        }
+    }
+
+    @Produces
+    @ApplicationScoped
+    public AuthorizationService getAuthorizationService() {
+        LOGGER.info("Initializing authorization service");
+        OperationRegistry registry = new DefaultOperationRegistry(
+                new Operation[]{new AllOperation(), new CreateOperation(), new DeleteOperation(), new ReadOperation(),
+                        new WriteOperation()});
+        UserAccessor userAccessor = new UserAccessor() {
+
+            @Override
+            public String getCurrentUser() {
+                Principal principal = request.getUserPrincipal();
+                if (principal == null) {
+                    return null;
+                }
+                return principal.getName();
+            }
+        };
+        AuthorizationService service =
+                new JpaAuthorizationService("DEFAULT", entityManager, userAccessor, userAdmin, 10000);
+
+        AnyUserCondition anyUserCondition = new AnyUserCondition();
+        GroupUserCondition adminUserCondition = new GroupUserCondition("administrators");
+
+        PhotoAuthorizationRule photoEntryRule = new PhotoAuthorizationRule(anyUserCondition);
+
+        // Pages that allow access by any authenticated user
+        PageAuthorizationRule anyUserPageRule =
+                new PageAuthorizationRule(AuthorizationResult.GRANTED, anyUserCondition, HomePage.class);
+
+        PageAuthorizationRule adminPageRule =
+                new PageAuthorizationRule(AuthorizationResult.GRANTED, adminUserCondition);
+
+        AuthorizationInitializer initializer = new AuthorizationInitializer(service,
+                new AbstractAuthorizationRule[]{photoEntryRule, anyUserPageRule, adminPageRule});
+
+        return service;
+    }
+
     @Produces
     @ApplicationScoped
     @AllPhotos
@@ -122,29 +215,17 @@ public class Producer {
         LOGGER.info("Initializing photo album");
 
         try {
-            File dir = new File(getCOnfiguration().getPath());
-            InputResource cacheConfig = new ClassPathResource(
-                "META-INF/ehcache.xml");
-            Cache<String, ArrayList<PhotoEntry>> photoCache = new EhCache<String, ArrayList<PhotoEntry>>(
-                cacheConfig, "photos");
+            File dir = new File(getConfiguration().getPath());
             Album fileSystemAlbum = new FileSystemAlbum(dir, "/", photoCache);
             Album concurrentAlbum = new ConcurrentAlbum(fileSystemAlbum);
 
             return concurrentAlbum;
-        } catch (IOException e) {
+        }
+        catch (IOException e) {
             throw new RuntimeException("Could not initialize photo album", e);
         }
     }
 
-    @Produces
-    @SessionScoped
-    @AuthorizedPhotos
-    public Album getAuthorizedPhotos() {
-        LOGGER.info("Initializing authorized photos for current session");
-
-        return null;
-    }
-
     @Produces
     @SessionScoped
     public User getUser() {
@@ -156,17 +237,15 @@ public class Producer {
             throw new RuntimeException("No authenticated user");
         }
         String username = userPrincipal.getName();
-        List<User> users = entityManager
-            .createNamedQuery(User.QUERY_FIND_BY_NAME)
-            .setParameter(User.NAME_PARAM, username).getResultList();
+        List<User> users =
+                entityManager.createNamedQuery(User.QUERY_FIND_BY_NAME).setParameter(User.NAME_PARAM, username)
+                        .getResultList();
         if (users.size() > 1) {
-            throw new RuntimeException("More than one user found for '" +
-                username + "'");
+            throw new RuntimeException("More than one user found for '" + username + "'");
         }
         if (users.isEmpty()) {
             throw new RuntimeException("No authenticated user");
         }
         return users.get(0);
     }
-
 }