01: /**
02: * Copyright 2004-2005 jManage.org
03: *
04: * Licensed under the Apache License, Version 2.0 (the "License");
05: * you may not use this file except in compliance with the License.
06: * You may obtain a copy of the License at
07: *
08: * http://www.apache.org/licenses/LICENSE-2.0
09: *
10: * Unless required by applicable law or agreed to in writing, software
11: * distributed under the License is distributed on an "AS IS" BASIS,
12: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13: * See the License for the specific language governing permissions and
14: * limitations under the License.
15: */package org.jmanage.core.services;
16:
17: import org.jmanage.core.services.ServiceContext;
18: import org.jmanage.core.auth.ACL;
19: import org.jmanage.core.auth.ACLStore;
20: import org.jmanage.core.auth.ACLContext;
21: import org.jmanage.core.auth.UnAuthorizedAccessException;
22:
23: /**
24: * TODO: it may make sense to move this to services package - rk
25: *
26: * Date: Mar 14, 2005 12:16:11 AM
27: * @author Shashank Bellary
28: * @author Rakesh Kalra
29: */
30: public class AccessController {
31:
32: /**
33: * This method is normaly ued to conditionalize content.
34: *
35: * @param context the service context for this call
36: * @param aclName
37: * @return true if the curren tuser can access give acl
38: */
39: public static boolean canAccess(ServiceContext context,
40: String aclName, String targetName) {
41:
42: ACL acl = ACLStore.getInstance().getACL(aclName);
43: if (acl == null) {
44: /* if acl is not specified, user has access by default */
45: return true;
46: }
47:
48: /* construct ACLContext from ServiceContext */
49: ACLContext aclContext = getACLContext(context, targetName);
50: if (acl.isAuthorized(aclContext, context.getUser())) {
51: return true;
52: }
53: return false;
54: }
55:
56: public static boolean canAccess(ServiceContext context,
57: String aclName) {
58: return canAccess(context, aclName, null);
59: }
60:
61: public static void checkAccess(ServiceContext context,
62: String aclName, String targetName)
63: throws UnAuthorizedAccessException {
64:
65: if (!canAccess(context, aclName, targetName)) {
66: throw new UnAuthorizedAccessException(
67: "Insufficient Privileges");
68: }
69: }
70:
71: public static void checkAccess(ServiceContext context,
72: String aclName) throws UnAuthorizedAccessException {
73:
74: checkAccess(context, aclName, null);
75: }
76:
77: private static ACLContext getACLContext(ServiceContext context,
78: String targetName) {
79: String appName = null;
80: String mbeanName = null;
81: if (context.getApplicationConfig() != null) {
82: appName = context.getApplicationConfig().getName();
83: }
84: if (context.getObjectName() != null) {
85: mbeanName = context.getObjectName().getCanonicalName();
86: }
87: return new ACLContext(appName, mbeanName, targetName);
88: }
89: }
|