Not working yet because authorized album is not serializable.
<class>org.wamblee.security.authorization.AbstractAuthorizationRule</class>
<class>org.wamblee.security.authorization.UrlAuthorizationRule</class>
<class>org.wamblee.photos.security.PhotoAuthorizationRule</class>
+ <class>org.wamblee.photos.security.PageAuthorizationRule</class>
<class>org.wamblee.security.authorization.AbstractAuthorizationService</class>
import java.io.InputStream;
import java.util.ArrayList;
import java.util.List;
+import java.util.logging.Logger;
-import org.apache.log4j.Logger;
import org.wamblee.cache.Cache;
import org.wamblee.cache.CachedObject;
import org.wamblee.photos.model.Album;
*/
public class AuthorizedAlbum extends AuthorizedPhotoEntry implements Album {
- private static final Logger LOGGER = Logger
- .getLogger(AuthorizedAlbum.class);
+ private static final Logger LOGGER = Logger.getLogger(AuthorizedAlbum.class
+ .getName());
private AuthorizationService _authorizer;
* Album to decorate.
*/
public AuthorizedAlbum(Album aAlbum, AuthorizationService aService,
- Cache aCache, String aSessionId) {
+ Cache aCache, String aSessionId) {
super(aAlbum);
_authorizer = aService;
_authorizedEntries = new CachedObject<String, ArrayList<PhotoEntry>>(
- aCache, aSessionId + "/" + aAlbum.getPath(),
-
new CachedObject.Computation<String, ArrayList<PhotoEntry>>() {
-
public ArrayList<PhotoEntry> getObject(String aObjectKey) {
- return AuthorizedAlbum.this.compute();
- }
- });
+ aCache, aSessionId + "/" + aAlbum.getPath(),
+ new CachedObject.Computation<String, ArrayList<PhotoEntry>>() {
+ public ArrayList<PhotoEntry> getObject(String aObjectKey) {
+ return AuthorizedAlbum.this.compute();
+ }
+ });
_sessionId = aSessionId;
}
return (T) new AuthorizedPhoto((Photo) aEntry);
} else if (aEntry instanceof Album) {
return (T) new AuthorizedAlbum((Album) aEntry, _authorizer,
- _authorizedEntries.getCache(), _sessionId);
+ _authorizedEntries.getCache(), _sessionId);
} else {
throw new IllegalArgumentException(
- "Entry is neither a photo nor an album: " + aEntry);
+ "Entry is neither a photo nor an album: " + aEntry);
}
}
return entry;
} else {
if (!(entry instanceof Album)) {
- throw new IllegalArgumentException(getPath() + " "
- + aPath);
+ throw new IllegalArgumentException(getPath() + " " +
+ aPath);
}
return ((Album) entry).getEntry(remainder);
}
public void removeEntry(String aId) throws IOException {
// Check whether deletion is allowed.
PhotoEntry entry = _authorizer.check(decorated().getEntry("/" + aId),
- new DeleteOperation());
+ new DeleteOperation());
_authorizedEntries.invalidate();
decorated().removeEntry(aId);
}
public Photo findPhotoBefore(String aId) {
Photo entry = decorated().findPhotoBefore(aId);
- while (entry != null
- && !_authorizer.isAllowed(entry, new AllOperation())) {
+ while (entry != null &&
+ !_authorizer.isAllowed(entry, new AllOperation())) {
entry = decorated().findPhotoBefore(entry.getId());
}
return decorate(entry);
public Photo findPhotoAfter(String aId) {
Photo entry = decorated().findPhotoAfter(aId);
- while (entry != null
- && !_authorizer.isAllowed(entry, new AllOperation())) {
+ while (entry != null &&
+ !_authorizer.isAllowed(entry, new AllOperation())) {
entry = decorated().findPhotoAfter(entry.getId());
}
return decorate(entry);
import java.security.Principal;
import java.util.ArrayList;
import java.util.List;
+import java.util.logging.Logger;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.context.SessionScoped;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
-import org.apache.log4j.Logger;
import org.wamblee.cache.Cache;
import org.wamblee.cache.EhCache;
import org.wamblee.io.ClassPathResource;
import org.wamblee.photos.concurrent.ConcurrentAlbum;
import org.wamblee.photos.model.Album;
import org.wamblee.photos.model.PhotoEntry;
+import org.wamblee.photos.model.authorization.AuthorizedAlbum;
import org.wamblee.photos.model.filesystem.FileSystemAlbum;
+import org.wamblee.photos.security.PageAuthorizationRule;
+import org.wamblee.photos.security.PhotoAuthorizationRule;
+import org.wamblee.photos.wicket.HomePage;
import org.wamblee.security.authentication.GroupSet;
import org.wamblee.security.authentication.Md5HexMessageDigester;
import org.wamblee.security.authentication.MessageDigester;
import org.wamblee.security.authentication.NameValidator;
import org.wamblee.security.authentication.RegexpNameValidator;
import org.wamblee.security.authentication.User;
+import org.wamblee.security.authentication.UserAccessor;
import org.wamblee.security.authentication.UserAdminInitializer;
import org.wamblee.security.authentication.UserAdministration;
import org.wamblee.security.authentication.UserAdministrationImpl;
import org.wamblee.security.authentication.UserSet;
import org.wamblee.security.authentication.jpa.JpaGroupSet;
import org.wamblee.security.authentication.jpa.JpaUserSet;
+import org.wamblee.security.authorization.AbstractAuthorizationRule;
+import org.wamblee.security.authorization.AllOperation;
+import org.wamblee.security.authorization.AnyUserCondition;
+import org.wamblee.security.authorization.AuthorizationInitializer;
+import org.wamblee.security.authorization.AuthorizationResult;
+import org.wamblee.security.authorization.AuthorizationService;
+import org.wamblee.security.authorization.CreateOperation;
+import org.wamblee.security.authorization.DefaultOperationRegistry;
+import org.wamblee.security.authorization.DeleteOperation;
+import org.wamblee.security.authorization.GroupUserCondition;
+import org.wamblee.security.authorization.Operation;
+import org.wamblee.security.authorization.OperationRegistry;
+import org.wamblee.security.authorization.ReadOperation;
+import org.wamblee.security.authorization.WriteOperation;
+import org.wamblee.security.authorization.jpa.JpaAuthorizationService;
/**
* @author Erik Brakkee
@Inject
private HttpServletRequest request;
+ @Inject
+ private HttpSession session;
+
@PersistenceContext
private EntityManager entityManager;
+ // Created by this producer.
+
+ @Inject
+ private UserAdministration userAdmin;
+
+ @Inject
+ private AuthorizationService authorizationService;
+
+ @Inject
+ @AllPhotos
+ private Album allPhotos;
+
private Configuration getCOnfiguration() {
LOGGER.info("Initializing configuration");
Configuration config;
}
}
+ @Produces
+ @ApplicationScoped
+ public AuthorizationService getAuthorizationService() {
+ OperationRegistry registry = new DefaultOperationRegistry(
+ new Operation[] { new AllOperation(), new CreateOperation(),
+ new DeleteOperation(), new ReadOperation(),
+ new WriteOperation() });
+ UserAccessor userAccessor = new UserAccessor() {
+
+ @Override
+ public String getCurrentUser() {
+ Principal principal = request.getUserPrincipal();
+ if (principal == null) {
+ return null;
+ }
+ return principal.getName();
+ }
+ };
+ AuthorizationService service = new JpaAuthorizationService("DEFAULT",
+ entityManager, userAccessor, userAdmin, 10000);
+
+ AnyUserCondition anyUserCondition = new AnyUserCondition();
+ GroupUserCondition adminUserCondition = new GroupUserCondition(
+ "administrators");
+
+ PhotoAuthorizationRule photoEntryRule = new PhotoAuthorizationRule();
+
+ // Pages that allow access by any authenticated user
+ PageAuthorizationRule anyUserPageRule = new PageAuthorizationRule(
+ AuthorizationResult.GRANTED, anyUserCondition, HomePage.class);
+
+ PageAuthorizationRule adminPageRule = new PageAuthorizationRule(
+ AuthorizationResult.GRANTED, adminUserCondition);
+
+ AuthorizationInitializer initializer = new AuthorizationInitializer(
+ service, new AbstractAuthorizationRule[] { photoEntryRule,
+ anyUserPageRule, adminPageRule });
+
+ return service;
+ }
+
@Produces
@ApplicationScoped
@AllPhotos
@Produces
@SessionScoped
@AuthorizedPhotos
- public Album getAuthorizedPhotos() {
+ public Album getAuthorizedAlbum() {
LOGGER.info("Initializing authorized photos for current session");
+ try {
+ InputResource cacheConfig = new ClassPathResource(
+ "META-INF/ehcache.xml");
+ Cache<String, User> userCache = new EhCache(cacheConfig, "users");
+ Cache authorizedPhotoCache = new EhCache(cacheConfig, "photos");
- return null;
+ AuthorizedAlbum album = new AuthorizedAlbum(allPhotos,
+ authorizationService, authorizedPhotoCache, session.getId());
+ return album;
+ } catch (IOException e) {
+ throw new RuntimeException("Problem initializing authorized album",
+ e);
+ }
}
@Produces
--- /dev/null
+/*
+ * Copyright 2005 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.wamblee.photos.security;
+
+import javax.persistence.DiscriminatorValue;
+import javax.persistence.Entity;
+
+import org.wamblee.photos.wicket.BasePage;
+import org.wamblee.security.authorization.AllOperation;
+import org.wamblee.security.authorization.AuthorizationResult;
+import org.wamblee.security.authorization.IsaOperationCondition;
+import org.wamblee.security.authorization.RegexpPathCondition;
+import org.wamblee.security.authorization.UrlAuthorizationRule;
+import org.wamblee.security.authorization.UserCondition;
+
+/**
+ * AUthorization rule for pages.
+ */
+@Entity
+@DiscriminatorValue("PAGE")
+public class PageAuthorizationRule extends UrlAuthorizationRule {
+
+ /**
+ * Type-safe construction of page authorization rule.
+ *
+ * @param aResult
+ * Result.
+ * @param aUserCondition
+ * User condition.
+ * @param aPageList
+ * A list of page names.
+ */
+ public PageAuthorizationRule(AuthorizationResult aResult,
+ UserCondition aUserCondition, Class<? extends BasePage>... aPageList) {
+ super(aResult, aUserCondition, new RegexpPathCondition(
+ getPageRegex(aPageList)), BasePage.class,
+ new IsaOperationCondition(AllOperation.class));
+ }
+
+ /**
+ * Converts a list of page names into a regular expression for the pages.
+ *
+ * @param aPageList
+ * List of pages.
+ * @return Regexp matching any of the given pagenames.
+ */
+ private static String getPageRegex(Class<? extends BasePage>[] aPageList) {
+ String result = "";
+ for (int i = 0; i < aPageList.length; i++) {
+ if (result.length() == 0) {
+ result = "/" + aPageList[i].getSimpleName();
+ } else {
+ result = result + "|/" + aPageList[i].getSimpleName();
+ }
+ }
+ return result;
+ }
+
+ /**
+ * Constructor for OR mapping.
+ */
+ protected PageAuthorizationRule() {
+ super();
+ }
+
+ /* (non-Javadoc)
+ * @see org.wamblee.security.authorization.UrlAuthorizationRule#getResourcePath(java.lang.Object)
+ */
+ @Override
+ protected String getResourcePath(Object aResource) {
+ BasePage page = (BasePage) aResource;
+ return "/" + page.getClass().getSimpleName();
+ }
+}
@AllPhotos
private Album album;
+ // @Inject
+ // @AuthorizedPhotos
+ // private Album authorized;
+
/**
* Constructor that is invoked when page is invoked without a session.
*
System.out.println("Entry " + i + " " + entry.getId() + " " +
entry.getPath());
}
+
+ /*
+ System.out.println("Authorized Entries: " + authorized.size());
+ for (int i = 0; i < authorized.size(); i++) {
+ PhotoEntry entry = authorized.getEntry(i);
+ System.out.println("Entry " + i + " " + entry.getId() + " " +
+ entry.getPath());
+ }
+ */
}
}
git://wamblee.org / photos / commitdiff