001: package de.webman.acl.resolver;
002:
003: import java.util.Hashtable;
004: import com.teamkonzept.lib.TKException;
005: import com.teamkonzept.lib.TKVector;
006: import de.webman.acl.EventFactory;
007: import de.webman.acl.Login;
008: import de.webman.acl.Policy;
009: import de.webman.acl.PolicyFactory;
010: import com.teamkonzept.webman.mainint.WebmanExceptionHandler;
011:
012: /**
013: * Resolves access rights for a given login object in a strictly
014: * sequential manner.
015: *
016: * @version 1.0
017: * @since 1.0
018: * @author © 2001 Webman AG
019: */
020: public class SequentialResolver extends ResolverBase implements Checker {
021:
022: // $Header: /cvsroot/webman-cms/source/webman/de/webman/acl/resolver/SequentialResolver.java,v 1.1 2001/08/20 08:25:09 mischa Exp $
023:
024: // Constructors
025:
026: /**
027: * Provide instantion only to package classes or subclasses.
028: *
029: * @param login the initial login object.
030: */
031: protected SequentialResolver(Login login) {
032: super (login);
033: }
034:
035: // Implementation of 'com.teamkonzept.webman.accesscontrol.resolver.Resolver'.
036:
037: /**
038: * Implements a strictly sequential resolution algorithm.
039: * <OL TYPE="1">
040: * <LI> The access rights of the parents are resolved.
041: * <LI> The access rights defined context-wide are resolved.
042: * <LI> If <CODE>type</CODE> and <CODE>reference</CODE> are
043: * specified, the access rights defined object-specific are
044: * resolved.
045: * </OL>
046: *
047: * @param collection the distinct collection of permitted events.
048: * @param context the ID if the current context (<I>required</I>).
049: * @param type the current object type (<I>optional</I>).
050: * @param reference the current object reference (<I>optional</I>).
051: * @exception com.teamkonzept.lib.TKException if an error occured during
052: * access right resolution.
053: */
054: public final void resolve(Hashtable collection, Integer context,
055: Integer type, Integer reference) throws TKException {
056: try {
057: // 1. Resolve access rights of parents.
058: resolveParents(collection, context, type, reference);
059:
060: // 2. Resolve access rights defined context-wide.
061: // 2.1 Add context-wide allowed events.
062: processEvents(collection, resolveEvents(context, null,
063: null, Boolean.TRUE), true);
064:
065: // 2.2 Remove context-wide denied events.
066: processEvents(collection, resolveEvents(context, null,
067: null, Boolean.FALSE), false);
068:
069: if (type != null && reference != null) {
070: // 3. Resolve access rights defined object-specific.
071: if (Policy.isGeneric(type)) {
072: // 3.1a Resolve events from defined policies.
073: ResolverFactory.getInstance().getResolver(this )
074: .resolve(collection, context, type,
075: reference);
076: } else {
077: // 3.1b Add object-specific allowed events.
078: processEvents(collection, resolveEvents(context,
079: type, reference, Boolean.TRUE), true);
080:
081: // 3.2b Remove object-specific denied events.
082: processEvents(collection, resolveEvents(context,
083: type, reference, Boolean.FALSE), false);
084: }
085: }
086: } catch (Exception x) {
087: throw WebmanExceptionHandler.getException(x);
088: }
089: }
090:
091: // Implementation of 'com.teamkonzept.webman.accesscontrol.resolver.Checker'.
092:
093: /**
094: * Implements a strictly sequential checking algorithm.
095: * <OL TYPE="1">
096: * <LI> The access rights of the login are checked.
097: * <LI> If no applicable access rights were found, the access rights
098: * of the parents are checked.
099: * </OL>
100: *
101: * @param event the ID if the event to be checked (<I>required</I>).
102: * @param context the ID if the current context (<I>required</I>).
103: * @param type the current object type (<I>optional</I>).
104: * @param reference the current object reference (<I>optional</I>).
105: * @return <CODE>true</CODE> if the event is permitted explicitely,
106: * otherwise <CODE>false</CODE>.
107: * @exception com.teamkonzept.lib.TKException if an error occured during
108: * access right checking.
109: */
110: public final boolean check(Integer event, Integer context,
111: Integer type, Integer reference) throws TKException {
112: boolean check = false;
113:
114: try {
115: // Cache lookup.
116: Boolean value = checkingCacheRead(event, context, type,
117: reference);
118:
119: if (value != null) {
120: // Cache hit: set check value.
121: check = value.booleanValue();
122: } else {
123: // Cache miss: database lookup.
124: TKVector proxies = PolicyFactory.getInstance()
125: .getPolicyProxies(event, getLogin().getID(),
126: context, type, reference, true);
127:
128: if (proxies != null && proxies.size() > 0) {
129: // Database hit: set check value.
130: check = PolicyFactory.getInstance().getPolicy(
131: (Integer) proxies.lastElement())
132: .isAllowed();
133: } else {
134: // Database miss: check parents.
135: check = checkParents(event, context, type,
136: reference);
137: }
138:
139: // Cache write.
140: checkingCacheWrite(event, context, type, reference,
141: check ? Boolean.TRUE : Boolean.FALSE);
142: }
143: } catch (Exception x) {
144: throw WebmanExceptionHandler.getException(x);
145: }
146:
147: return check;
148: }
149:
150: // Convenience methods
151:
152: /**
153: * Performs cache - and in case of failure - database lookup.
154: *
155: * @param context the ID if the current context (<I>required</I>).
156: * @param type the current object type (<I>optional</I>).
157: * @param reference the current object reference (<I>optional</I>).
158: * @param access the current access mode (<I>required</I>).
159: * @return the IDs of the resolved events.
160: * @exception com.teamkonzept.lib.TKException if an error occured during
161: * event retrieval.
162: */
163: private final TKVector resolveEvents(Integer context, Integer type,
164: Integer reference, Boolean access) throws TKException {
165: TKVector proxies = null;
166:
167: try {
168: proxies = resolutionCacheRead(context, type, reference,
169: access);
170:
171: if (proxies == null) {
172: proxies = EventFactory.getInstance().getEventProxies(
173: getLogin().getID(), context, type, reference,
174: access.booleanValue());
175:
176: resolutionCacheWrite(context, type, reference, access,
177: proxies);
178: }
179: } catch (Exception x) {
180: throw WebmanExceptionHandler.getException(x);
181: }
182:
183: return proxies;
184: }
185:
186: }
|