This project has retired. For details please refer to its Attic page.
DefaultPermissionEvaluator xref
View Javadoc

1   package org.apache.archiva.redback.authorization.rbac.evaluator;
2   
3   /*
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   * http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  
22  import org.apache.archiva.redback.rbac.Resource;
23  import org.apache.archiva.redback.users.UserManager;
24  import org.apache.archiva.redback.users.UserManagerException;
25  import org.apache.archiva.redback.users.UserNotFoundException;
26  import org.apache.archiva.redback.rbac.Permission;
27  import org.springframework.stereotype.Service;
28  
29  import javax.inject.Inject;
30  import javax.inject.Named;
31  
32  /**
33   * DefaultPermissionEvaluator:
34   * <p/>
35   * Currently only one expression is available for evaluation, ${username} will be replaced with the username
36   * of the person making the authorization check
37   *
38   * @author Jesse McConnell <jesse@codehaus.org>
39   */
40  @Service("permissionEvaluator")
41  public class DefaultPermissionEvaluator
42      implements PermissionEvaluator
43  {
44      @Inject
45      @Named(value = "userManager#default")
46      private UserManager userManager;
47  
48      public boolean evaluate( Permission permission, String operation, String resource, String principal )
49          throws PermissionEvaluationException
50      {
51          String permissionResource = permission.getResource().getIdentifier();
52  
53          // expression evaluation checking
54          if ( permissionResource.startsWith( "${" ) )
55          {
56              String tempStr = permissionResource.substring( 2, permissionResource.indexOf( '}' ) );
57  
58              if ( "username".equals( tempStr ) )
59              {
60                  try
61                  {
62                      permissionResource = userManager.findUser( principal ).getUsername();
63                  }
64                  catch ( UserNotFoundException e )
65                  {
66                      throw new PermissionEvaluationException( "unable to locate user to retrieve username", e );
67                  }
68                  catch ( UserManagerException e )
69                  {
70                      throw new PermissionEvaluationException( "trouble finding user: " + e.getMessage(), e );
71                  }
72              }
73          }
74  
75          // check if this permission applies to the operation at all
76          if ( permission.getOperation().getName().equals( operation ) )
77          {
78              // check if it is a global resource, if it is then since the operations match we return true
79              if ( Resource.GLOBAL.equals( permission.getResource().getIdentifier() ) )
80              {
81                  return true;
82              }
83  
84              // if we are not checking a specific resource, the operation is enough
85              if ( resource == null )
86              {
87                  return true;
88              }
89  
90              // check if the resource identifier of the permission matches the resource we are checking against
91              // if it does then return true
92              if ( permissionResource.equals( resource ) )
93              {
94                  return true;
95              }
96          }
97  
98          return false;
99      }
100 
101     public UserManager getUserManager()
102     {
103         return userManager;
104     }
105 
106     public void setUserManager( UserManager userManager )
107     {
108         this.userManager = userManager;
109     }
110 }