Index: topia-security/src/java/org/codelutin/topia/security/TopiaSecurityManagerImpl.java diff -u topia-security/src/java/org/codelutin/topia/security/TopiaSecurityManagerImpl.java:1.2 topia-security/src/java/org/codelutin/topia/security/TopiaSecurityManagerImpl.java:1.3 --- topia-security/src/java/org/codelutin/topia/security/TopiaSecurityManagerImpl.java:1.2 Wed Sep 13 14:26:18 2006 +++ topia-security/src/java/org/codelutin/topia/security/TopiaSecurityManagerImpl.java Thu Sep 14 13:41:59 2006 @@ -26,7 +26,10 @@ import org.apache.commons.logging.LogFactory; import org.codelutin.topia.TopiaContext; import org.codelutin.topia.TopiaException; +import org.codelutin.topia.security.entities.authorization.TopiaAssociationAuthorizationDAO; import org.codelutin.topia.security.entities.authorization.TopiaAuthorizationDAO; +import org.codelutin.topia.security.entities.authorization.TopiaEntityAuthorizationDAO; +import org.codelutin.topia.security.entities.authorization.TopiaLinkAuthorizationDAO; import org.codelutin.topia.security.entities.user.TopiaGroupDAO; import org.codelutin.topia.security.entities.user.TopiaUserDAO; @@ -36,29 +39,43 @@ /** to use log facility, just put in your code: log.info(\"...\"); */ static private Log log = LogFactory.getLog(TopiaSecurityManagerImpl.class); - private TopiaContext context; + private TopiaContext rootContext; + private TopiaContext securityContext; - public TopiaSecurityManagerImpl(TopiaContext context) { - this.context = context; + public TopiaSecurityManagerImpl(TopiaContext context) throws TopiaException { + this.rootContext = context; + securityContext = context.beginTransaction(); } + /* + * (non-Javadoc) + * @see org.codelutin.topia.security.TopiaSecurityManager#init() + */ public void init() { TopiaSecurityVetoableListener securityListener = new TopiaSecurityVetoableListener(); - context.addVetoableListener(securityListener); - context.addVetoableLoadListener(securityListener); - TopiaPolicy policy = new TopiaPolicy(context); + rootContext.addVetoableListener(securityListener); + rootContext.addVetoableLoadListener(securityListener); + org.codelutin.topia.security.jaas.TopiaPolicy policy = new org.codelutin.topia.security.jaas.TopiaPolicy(this); policy.installPolicy(); Configuration.setConfiguration(new org.codelutin.topia.security.jaas.TopiaConfiguration("topia", this)); } + /* + * (non-Javadoc) + * @see org.codelutin.topia.security.TopiaSecurityManager#getTopiaSecurityContext() + */ + public TopiaContext getTopiaSecurityContext() { + return securityContext; + } + /* (non-Javadoc) * @see org.codelutin.topia.security.TopiaSecurityManagerInterface#getTopiaUserDAO() */ public TopiaUserDAO getTopiaUserDAO() { try { - return TopiaSecurityDAOHelper.getTopiaUserDAO(context); + return TopiaSecurityDAOHelper.getTopiaUserDAO(securityContext); } catch (TopiaException te) { - log.error("Recuperation du userManager impossible", te); + log.error("Recuperation du TopiaUserDAO impossible", te); } return null; } @@ -68,9 +85,9 @@ */ public TopiaGroupDAO getTopiaGroupDAO() { try { - return TopiaSecurityDAOHelper.getTopiaGroupDAO(context); + return TopiaSecurityDAOHelper.getTopiaGroupDAO(securityContext); } catch (TopiaException te) { - log.error("Recuperation du userManager impossible", te); + log.error("Recuperation du TopiaGroupDAO impossible", te); } return null; } @@ -80,11 +97,51 @@ */ public TopiaAuthorizationDAO getTopiaAuthorizationDAO() { try { - return TopiaSecurityDAOHelper.getTopiaAuthorizationDAO(context); + return TopiaSecurityDAOHelper.getTopiaAuthorizationDAO(securityContext); + } catch (TopiaException te) { + log.error("Recuperation du TopiaAuthorizationDAO impossible", te); + } + return null; + } + + /* + * (non-Javadoc) + * @see org.codelutin.topia.security.TopiaSecurityManager#getTopiaEntityAuthorizationDAO() + */ + public TopiaEntityAuthorizationDAO getTopiaEntityAuthorizationDAO() { + try { + return TopiaSecurityDAOHelper.getTopiaEntityAuthorizationDAO(securityContext); + } catch (TopiaException te) { + log.error("Recuperation du TopiaEntityAuthorizationDAO impossible", te); + } + return null; + } + + /* + * (non-Javadoc) + * @see org.codelutin.topia.security.TopiaSecurityManager#getTopiaLinkAuthorizationDAO() + */ + public TopiaLinkAuthorizationDAO getTopiaLinkAuthorizationDAO() { + try { + return TopiaSecurityDAOHelper.getTopiaLinkAuthorizationDAO(securityContext); } catch (TopiaException te) { - log.error("Recuperation du userManager impossible", te); + log.error("Recuperation du TopiaLinkAuthorizationDAO impossible", te); + } + return null; + } + + /* + * (non-Javadoc) + * @see org.codelutin.topia.security.TopiaSecurityManager#getTopiaAssociationAuthorizationDAO() + */ + public TopiaAssociationAuthorizationDAO getTopiaAssociationAuthorizationDAO() { + try { + return TopiaSecurityDAOHelper.getTopiaAssociationAuthorizationDAO(securityContext); + } catch (TopiaException te) { + log.error("Recuperation du TopiaAssociationAuthorizationDAO impossible", te); } return null; } } + Index: topia-security/src/java/org/codelutin/topia/security/TopiaSecurityUtil.java diff -u topia-security/src/java/org/codelutin/topia/security/TopiaSecurityUtil.java:1.2 topia-security/src/java/org/codelutin/topia/security/TopiaSecurityUtil.java:1.3 --- topia-security/src/java/org/codelutin/topia/security/TopiaSecurityUtil.java:1.2 Wed Sep 13 14:26:18 2006 +++ topia-security/src/java/org/codelutin/topia/security/TopiaSecurityUtil.java Thu Sep 14 13:41:59 2006 @@ -24,17 +24,17 @@ * Created: 15 févr. 2006 * * @author Arnaud Thimel -* @version $Revision: 1.2 $ +* @version $Revision: 1.3 $ * -* Mise a jour: $Date: 2006/09/13 14:26:18 $ +* Mise a jour: $Date: 2006/09/14 13:41:59 $ * par : $Author: ruchaud $ */ - package org.codelutin.topia.security; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; +import java.util.StringTokenizer; import org.codelutin.topia.security.jaas.TopiaLoginModule; @@ -77,4 +77,65 @@ } } + /** + * Transforme actions en un entier. + * + * @param actions - + * combinaison de mots cles "load" "update" "create" et "delete" + * separes par des virgules. Ex : "load,update" + * @return 0 si aucune permission. Une combinaison des permissions + */ + public static int actionsString2Int(String actions) { + int result = 0x0; + StringTokenizer tokens = new StringTokenizer(actions, ","); + while (tokens.hasMoreTokens()) { + String action = tokens.nextToken().trim(); + if (LOAD_TEXT.equalsIgnoreCase(action)) { + result |= LOAD; + } else if (CREATE_TEXT.equalsIgnoreCase(action)) { + result |= CREATE; + } else if (UPDATE_TEXT.equalsIgnoreCase(action)) { + result |= UPDATE; + } else if (DELETE_TEXT.equalsIgnoreCase(action)) { + result |= DELETE; + } else { + throw new IllegalArgumentException("action not supported: " + + action); + } + } + return result; + } + + /** + * Transforme actions en une chaîne de caractères + * + * @param actions + * @return + */ + public String actionsInt2String(int actions) { + StringBuffer result = new StringBuffer(); + if ((actions & LOAD) == LOAD) { + result.append(LOAD_TEXT); + result.append(","); + } + if ((actions & CREATE) == CREATE) { + result.append(CREATE_TEXT); + result.append(","); + } + if ((actions & UPDATE) == UPDATE) { + result.append(UPDATE_TEXT); + result.append(","); + } + if ((actions & DELETE) == DELETE) { + result.append(DELETE_TEXT); + result.append(","); + } + + if (result.length() > 0) { + return result.substring(0, result.length() - 1); + } else { + return ""; + } + } + } //TopiaSecurityUtil Index: topia-security/src/java/org/codelutin/topia/security/TopiaSecurityManager.java diff -u topia-security/src/java/org/codelutin/topia/security/TopiaSecurityManager.java:1.2 topia-security/src/java/org/codelutin/topia/security/TopiaSecurityManager.java:1.3 --- topia-security/src/java/org/codelutin/topia/security/TopiaSecurityManager.java:1.2 Wed Sep 13 14:26:18 2006 +++ topia-security/src/java/org/codelutin/topia/security/TopiaSecurityManager.java Thu Sep 14 13:41:59 2006 @@ -1,6 +1,30 @@ +/* *##% +* Copyright (C) 2002, 2003, 2004, 2005 Code Lutin, +* Cédric Pineau, Benjamin Poussin, +* +* +* This program is free software; you can redistribute it and/or +* modify it under the terms of the GNU General Public License +* as published by the Free Software Foundation; either version 2 +* of the License, or (at your option) any later version. +* +* This program is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +* GNU General Public License for more details. +* +* You should have received a copy of the GNU General Public License +* along with this program; if not, write to the Free Software +* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +*##%*/ + package org.codelutin.topia.security; +import org.codelutin.topia.TopiaContext; +import org.codelutin.topia.security.entities.authorization.TopiaAssociationAuthorizationDAO; import org.codelutin.topia.security.entities.authorization.TopiaAuthorizationDAO; +import org.codelutin.topia.security.entities.authorization.TopiaEntityAuthorizationDAO; +import org.codelutin.topia.security.entities.authorization.TopiaLinkAuthorizationDAO; import org.codelutin.topia.security.entities.user.TopiaGroupDAO; import org.codelutin.topia.security.entities.user.TopiaUserDAO; @@ -8,10 +32,17 @@ public abstract void init(); + public abstract TopiaContext getTopiaSecurityContext(); + public abstract TopiaUserDAO getTopiaUserDAO(); public abstract TopiaGroupDAO getTopiaGroupDAO(); public abstract TopiaAuthorizationDAO getTopiaAuthorizationDAO(); -} \ No newline at end of file + public abstract TopiaEntityAuthorizationDAO getTopiaEntityAuthorizationDAO(); + + public abstract TopiaLinkAuthorizationDAO getTopiaLinkAuthorizationDAO(); + + public abstract TopiaAssociationAuthorizationDAO getTopiaAssociationAuthorizationDAO(); +} Index: topia-security/src/java/org/codelutin/topia/security/TopiaSecurityVetoableListener.java diff -u topia-security/src/java/org/codelutin/topia/security/TopiaSecurityVetoableListener.java:1.1 topia-security/src/java/org/codelutin/topia/security/TopiaSecurityVetoableListener.java:1.2 --- topia-security/src/java/org/codelutin/topia/security/TopiaSecurityVetoableListener.java:1.1 Wed Sep 13 08:45:10 2006 +++ topia-security/src/java/org/codelutin/topia/security/TopiaSecurityVetoableListener.java Thu Sep 14 13:41:59 2006 @@ -24,9 +24,9 @@ * Created: 10 févr. 2006 * * @author Arnaud Thimel -* @version $Revision: 1.1 $ +* @version $Revision: 1.2 $ * -* Mise a jour: $Date: 2006/09/13 08:45:10 $ +* Mise a jour: $Date: 2006/09/14 13:41:59 $ * par : $Author: ruchaud $ */ @@ -169,7 +169,7 @@ } try { TopiaEntityAuthorization authorization = new TopiaEntityAuthorizationImpl( - topiaId, subj.getPrincipals(), actions); + topiaId, actions, subj.getPrincipals()); AccessController.checkPermission(new TopiaPermission(authorization)); } catch (AccessControlException e) { throw new TopiaException("access denied to object \"" + topiaId + "\" for \"" + subj + "\"", e);