Index: topia-service/src/java/org/codelutin/topia/taas/jaas/TaasPermission.java diff -u topia-service/src/java/org/codelutin/topia/taas/jaas/TaasPermission.java:1.2 topia-service/src/java/org/codelutin/topia/taas/jaas/TaasPermission.java:1.3 --- topia-service/src/java/org/codelutin/topia/taas/jaas/TaasPermission.java:1.2 Thu Nov 29 16:16:06 2007 +++ topia-service/src/java/org/codelutin/topia/taas/jaas/TaasPermission.java Thu Dec 13 16:48:16 2007 @@ -24,17 +24,21 @@ * Created: 16 févr. 2006 * * @author Arnaud Thimel -* @version $Revision: 1.2 $ +* @version $Revision: 1.3 $ * -* Mise a jour: $Date: 2007-11-29 16:16:06 $ +* Mise a jour: $Date: 2007-12-13 16:48:16 $ * par : $Author: ruchaud $ */ package org.codelutin.topia.taas.jaas; +import static org.codelutin.topia.taas.TaasUtil.CREATE; +import static org.codelutin.topia.taas.TaasUtil.DELETE; +import static org.codelutin.topia.taas.TaasUtil.LOAD; +import static org.codelutin.topia.taas.TaasUtil.UPDATE; + import java.security.Permission; -import org.codelutin.topia.taas.TaasUtil; import org.codelutin.topia.taas.entities.TaasAuthorization; /** @@ -46,11 +50,27 @@ private static final long serialVersionUID = 1L; - private TaasAuthorization authorization; + public String authorizationExpression; + + public int authorizationActions; + + /** + * Contructeur à partir des valeurs + * @param expression expression + * @param actions actions + */ + public TaasPermission(String expression, int actions) { + super(expression); + this.authorizationExpression = expression; + this.authorizationActions = actions; + } + /** + * Constructeur à partir d'une autorisation + * @param authorization autorisation + */ public TaasPermission(TaasAuthorization authorization) { - super(authorization.getExpression()); - this.authorization = authorization; + this(authorization.getExpression(), authorization.getActions()); } /* @@ -64,7 +84,8 @@ if (!(permission instanceof TaasPermission)) return false; TaasPermission other = (TaasPermission)permission; - return authorization.implies(other.getAuthorization()); + return impliesExpression(authorizationExpression, other.getAuthorizationExpression()) && + impliesActions(authorizationActions, other.getAuthorizationActions()); } /* @@ -89,7 +110,7 @@ */ @Override public int hashCode() { - return authorization.hashCode(); + return authorizationExpression.hashCode() * 100 + authorizationActions; } /* @@ -98,10 +119,60 @@ */ @Override public String getActions() { - return TaasUtil.actionsInt2String(authorization.getActions()); + return String.valueOf(authorizationActions); + } + + /** + * Retourne les actions de l'authorization + * @return actions + */ + public int getAuthorizationActions() { + return authorizationActions; + } + + /** + * Retourne l'expression de l'authorization + * @return expression + */ + public String getAuthorizationExpression() { + return authorizationExpression; + } + + /** + * Comparare deux identifiants entres eux. + * thisId => thatId = ? + * @param thisExpression un identifiant + * @param thatExpression un autre identifiant + * @return vrai si thisId implique thatId + */ + public boolean impliesExpression(String thisExpression, String thatExpression) { + return (thisExpression.equals(thatExpression) || + "*".equals(thisExpression) || + (thatExpression.startsWith(thisExpression.substring(0, thisExpression.length()-1)) + && thisExpression.endsWith("*"))); } - public TaasAuthorization getAuthorization() { - return authorization; + /** + * Compare deux actions entre elles. + * thisActions => thatActions = ? + * @param thisActions une action + * @param thatActions une autre action + * @return vrai si thisActions implique thatActions + */ + public boolean impliesActions(int thisActions, int thatActions) { + boolean result = true; + if ((thatActions & LOAD) == LOAD) { + result &= ((thisActions & LOAD) == LOAD); + } + if ((thatActions & CREATE) == CREATE) { + result &= ((thisActions & CREATE) == CREATE); + } + if ((thatActions & UPDATE) == UPDATE) { + result &= ((thisActions & UPDATE) == UPDATE); + } + if ((thatActions & DELETE) == DELETE) { + result &= ((thisActions & DELETE) == DELETE); + } + return result; } } Index: topia-service/src/java/org/codelutin/topia/taas/jaas/TaasPrincipalWrapper.java diff -u topia-service/src/java/org/codelutin/topia/taas/jaas/TaasPrincipalWrapper.java:1.1 topia-service/src/java/org/codelutin/topia/taas/jaas/TaasPrincipalWrapper.java:1.2 --- topia-service/src/java/org/codelutin/topia/taas/jaas/TaasPrincipalWrapper.java:1.1 Thu Nov 29 16:08:29 2007 +++ topia-service/src/java/org/codelutin/topia/taas/jaas/TaasPrincipalWrapper.java Thu Dec 13 16:48:16 2007 @@ -24,30 +24,46 @@ * Created: 15 févr. 2006 * * @author Arnaud Thimel -* @version $Revision: 1.1 $ +* @version $Revision: 1.2 $ * -* Mise a jour: $Date: 2007-11-29 16:08:29 $ +* Mise a jour: $Date: 2007-12-13 16:48:16 $ * par : $Author: ruchaud $ */ package org.codelutin.topia.taas.jaas; +import java.security.PermissionCollection; +import java.security.Permissions; import java.security.Principal; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.codelutin.topia.taas.entities.TaasAuthorization; +import org.codelutin.topia.taas.entities.TaasPrincipal; + /** * Implantation des principals de JAAS. * @author ruchaud */ public class TaasPrincipalWrapper implements Principal { + private Log log = LogFactory.getLog(TaasPrincipalWrapper.class); + protected String name; + protected PermissionCollection permissions; + /** * Contructeur avec comme paramètre le nom du principal. * @param name topiaId d'un group ou d'utilisateur */ - public TaasPrincipalWrapper(String name) { - this.name = name; + public TaasPrincipalWrapper(TaasPrincipal principal) { + this.name = principal.getName(); + this.permissions = new Permissions(); + for (TaasAuthorization authorization : principal.getAuthorizations()) { + TaasPermission permission = new TaasPermission(authorization); + permissions.add(permission); + } } /* (non-Javadoc) @@ -57,6 +73,14 @@ return name; } + /** + * Récupération des permissions + * @return permissions + */ + public PermissionCollection getPermissions() { + return permissions; + } + /* (non-Javadoc) * @see java.lang.Object#toString() */ Index: topia-service/src/java/org/codelutin/topia/taas/jaas/TaasPolicy.java diff -u topia-service/src/java/org/codelutin/topia/taas/jaas/TaasPolicy.java:1.2 topia-service/src/java/org/codelutin/topia/taas/jaas/TaasPolicy.java:1.3 --- topia-service/src/java/org/codelutin/topia/taas/jaas/TaasPolicy.java:1.2 Thu Nov 29 16:16:06 2007 +++ topia-service/src/java/org/codelutin/topia/taas/jaas/TaasPolicy.java Thu Dec 13 16:48:16 2007 @@ -24,9 +24,9 @@ * Created: 17 févr. 2006 * * @author Arnaud Thimel - * @version $Revision: 1.2 $ + * @version $Revision: 1.3 $ * - * Mise a jour: $Date: 2007-11-29 16:16:06 $ + * Mise a jour: $Date: 2007-12-13 16:48:16 $ * par : $Author: ruchaud $ */ @@ -39,18 +39,13 @@ import java.security.Policy; import java.security.Principal; import java.security.ProtectionDomain; +import java.util.Enumeration; import javax.security.auth.Subject; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.codelutin.topia.TopiaContext; -import org.codelutin.topia.TopiaException; -import org.codelutin.topia.TopiaServiceDAOHelper; import org.codelutin.topia.taas.TaasService; -import org.codelutin.topia.taas.entities.TaasAuthorization; -import org.codelutin.topia.taas.entities.TaasPrincipal; -import org.codelutin.topia.taas.entities.TaasPrincipalDAO; /** * Implantation d'un policy avec une prise en compte des permissions à la volée. @@ -64,6 +59,9 @@ protected TaasService taasService; + /** + * Constructeur par défaut + */ public TaasPolicy(TaasService taasService) { this.taasService = taasService; } @@ -104,29 +102,18 @@ Subject subject = Subject.getSubject(AccessController.getContext()); if (subject != null) { for (Principal principal : subject.getPrincipals()) { - try { - String principalName = principal.getName(); - - TopiaContext rootContext = taasService.getRootContext(); - TopiaContext transaction = rootContext.beginTransaction(); - - TaasPrincipalDAO principalDAO = TopiaServiceDAOHelper.getTaasPrincipalDAO(transaction); - TaasPrincipal taasPrincipal = principalDAO.findByName(principalName); - - for (TaasAuthorization authorization : taasPrincipal.getAuthorizations()) { - TaasPermission permission = new TaasPermission(authorization); - pc.add(permission); - } - - transaction.closeContext(); - } catch (TopiaException e) { - log.error("Récupération des TopiaPermission impossible", e); + TaasPrincipalWrapper principalWrapper = (TaasPrincipalWrapper) principal; + PermissionCollection permissions = principalWrapper.getPermissions(); + + Enumeration enumeration = permissions.elements(); + while(enumeration.hasMoreElements()){ + Permission permission = (Permission)enumeration.nextElement(); + pc.add(permission); } } } else { - log.error("Récupération des TopiaPermission impossible"); + log.error("Récupération des Permissions impossible"); } - return pc; } Index: topia-service/src/java/org/codelutin/topia/taas/jaas/TaasLoginModule.java diff -u topia-service/src/java/org/codelutin/topia/taas/jaas/TaasLoginModule.java:1.3 topia-service/src/java/org/codelutin/topia/taas/jaas/TaasLoginModule.java:1.4 --- topia-service/src/java/org/codelutin/topia/taas/jaas/TaasLoginModule.java:1.3 Wed Dec 5 16:21:09 2007 +++ topia-service/src/java/org/codelutin/topia/taas/jaas/TaasLoginModule.java Thu Dec 13 16:48:16 2007 @@ -24,16 +24,15 @@ * Created: 15 févr. 2006 * * @author Arnaud Thimel -* @version $Revision: 1.3 $ +* @version $Revision: 1.4 $ * -* Mise a jour: $Date: 2007-12-05 16:21:09 $ +* Mise a jour: $Date: 2007-12-13 16:48:16 $ * par : $Author: ruchaud $ */ package org.codelutin.topia.taas.jaas; -import java.security.Principal; import java.util.Collection; import java.util.HashSet; import java.util.Map; @@ -68,7 +67,7 @@ private Subject subject; private CallbackHandler callbackHandler; - private Set principals; + private Set principals; private TaasService taasService; /* (non-Javadoc) @@ -135,11 +134,11 @@ if(user != null && user.getPassword().equals(hashed)) { // Récupération des principals - principals = new HashSet(); + principals = new HashSet(); Collection taasPrincipals = user.getPrincipals(); for (TaasPrincipal taasPrincipal : taasPrincipals) { - principals.add(new TaasPrincipalWrapper(taasPrincipal.getName())); + principals.add(new TaasPrincipalWrapper(taasPrincipal)); } } else {