/*
$Id: PolicyBuilder.java,v 1.1 2003/11/13 16:07:07 andreas Exp $
<License>
============================================================================
The Apache Software License, Version 1.1
============================================================================
Copyright (C) 1999-2003 The Apache Software Foundation. All rights reserved.
Redistribution and use in source and binary forms, with or without modifica-
tion, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
3. The end-user documentation included with the redistribution, if any, must
include the following acknowledgment: "This product includes software
developed by the Apache Software Foundation (http://www.apache.org/)."
Alternately, this acknowledgment may appear in the software itself, if
and wherever such third-party acknowledgments normally appear.
4. The names "Apache Lenya" and "Apache Software Foundation" must not be
used to endorse or promote products derived from this software without
prior written permission. For written permission, please contact
apache@apache.org.
5. Products derived from this software may not be called "Apache", nor may
"Apache" appear in their name, without prior written permission of the
Apache Software Foundation.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND
FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
APACHE SOFTWARE FOUNDATION OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLU-
DING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This software consists of voluntary contributions made by many individuals
on behalf of the Apache Software Foundation and was originally created by
Michael Wechner <michi@apache.org>. For more information on the Apache Soft-
ware Foundation, please see <http://www.apache.org/>.
Lenya includes software developed by the Apache Software Foundation, W3C,
DOM4J Project, BitfluxEditor, Xopus, and WebSHPINX.
</License>
*/
package org.apache.lenya.ac.impl;
import java.io.InputStream;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.lenya.ac.AccessControlException;
import org.apache.lenya.ac.AccessController;
import org.apache.lenya.ac.Accreditable;
import org.apache.lenya.ac.AccreditableManager;
import org.apache.lenya.ac.Role;
import org.apache.lenya.ac.User;
import org.apache.lenya.ac.World;
import org.apache.lenya.ac.cache.BuildException;
import org.apache.lenya.ac.cache.InputStreamBuilder;
import org.apache.lenya.xml.DocumentHelper;
import org.apache.lenya.xml.NamespaceHelper;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
/**
* @author <a href="mailto:andreas@apache.org">Andreas Hartmann</a>
*/
public class PolicyBuilder implements InputStreamBuilder {
/**
* Ctor.
* @param accreditableManager An accreditable manager.
*/
public PolicyBuilder(AccreditableManager accreditableManager) {
assert accreditableManager != null;
this.accreditableManager = accreditableManager;
}
/**
* Returns the accreditable manager.
* @return An accreditable manager.
*/
public AccreditableManager getAccreditableManager() {
return accreditableManager;
}
private AccreditableManager accreditableManager;
protected static final String POLICY_ELEMENT = "policy";
protected static final String GROUP_ELEMENT = "group";
protected static final String USER_ELEMENT = "user";
protected static final String ROLE_ELEMENT = "role";
protected static final String WORLD_ELEMENT = "world";
protected static final String IP_RANGE_ELEMENT = "ip-range";
protected static final String ID_ATTRIBUTE = "id";
protected static final String SSL_ATTRIBUTE = "ssl";
/**
* Builds a policy from an input stream.
* @param stream The input stream to read the policy from.
* @return A policy.
* @throws AccessControlException when something went wrong.
*/
public DefaultPolicy buildPolicy(InputStream stream)
throws AccessControlException {
Document document;
try {
document = DocumentHelper.readDocument(stream);
} catch (Exception e) {
throw new AccessControlException(e);
}
return buildPolicy(document);
}
/**
* Builds a policy from an XML document.
* @param document The XML document.
* @return A policy.
* @throws AccessControlException when something went wrong.
*/
public DefaultPolicy buildPolicy(Document document)
throws AccessControlException {
DefaultPolicy policy = new DefaultPolicy();
Element policyElement = document.getDocumentElement();
assert policyElement.getLocalName().equals(POLICY_ELEMENT);
NamespaceHelper helper =
new NamespaceHelper(
AccessController.NAMESPACE,
AccessController.DEFAULT_PREFIX,
document);
Element[] credentialElements = helper.getChildren(policyElement);
for (int i = 0; i < credentialElements.length; i++) {
Accreditable accreditable = null;
String id = credentialElements[i].getAttribute(ID_ATTRIBUTE);
accreditable = getAccreditable(credentialElements[i].getLocalName(), id);
Credential credential = new Credential(accreditable);
Element[] roleElements = helper.getChildren(credentialElements[i], ROLE_ELEMENT);
for (int j = 0; j < roleElements.length; j++) {
String roleId = roleElements[j].getAttribute(ID_ATTRIBUTE);
Role role = getAccreditableManager().getRoleManager().getRole(roleId);
credential.addRole(role);
}
policy.addCredential(credential);
}
boolean ssl = false;
String sslString = policyElement.getAttribute(SSL_ATTRIBUTE);
if (sslString != null) {
ssl = Boolean.valueOf(sslString).booleanValue();
}
policy.setSSL(ssl);
return policy;
}
/**
* Creates an accredtiable for an element.
* @param elementName The elment name.
* @param id The ID of the accreditable.
* @return An accreditable.
* @throws AccessControlException when something went wrong.
*/
protected Accreditable getAccreditable(
String elementName,
String id)
throws AccessControlException {
Accreditable accreditable = null;
if (elementName.equals(USER_ELEMENT)) {
accreditable = getAccreditableManager().getUserManager().getUser(id);
} else if (elementName.equals(GROUP_ELEMENT)) {
accreditable = getAccreditableManager().getGroupManager().getGroup(id);
} else if (elementName.equals(WORLD_ELEMENT)) {
accreditable = World.getInstance();
} else if (elementName.equals(IP_RANGE_ELEMENT)) {
accreditable = getAccreditableManager().getIPRangeManager().getIPRange(id);
}
if (accreditable == null) {
throw new AccessControlException(
"Unknown accreditable [" + elementName + "] with ID [" + id + "]");
}
return accreditable;
}
/**
* Saves a policy to an XML document.
* @param policy The policy to save.
* @return A DOM document.
* @throws AccessControlException when something went wrong.
*/
public static Document savePolicy(DefaultPolicy policy) throws AccessControlException {
NamespaceHelper helper;
try {
helper =
new NamespaceHelper(
AccessController.NAMESPACE,
AccessController.DEFAULT_PREFIX,
POLICY_ELEMENT);
} catch (ParserConfigurationException e) {
throw new AccessControlException(e);
}
Credential[] credentials = policy.getCredentials();
Element policyElement = helper.getDocument().getDocumentElement();
for (int i = 0; i < credentials.length; i++) {
Accreditable accreditable = credentials[i].getAccreditable();
Element accreditableElement = save(accreditable, helper);
Role[] roles = credentials[i].getRoles();
for (int j = 0; j < roles.length; j++) {
Element roleElement = helper.createElement(ROLE_ELEMENT);
roleElement.setAttribute(ID_ATTRIBUTE, roles[j].getId());
accreditableElement.appendChild(roleElement);
}
policyElement.appendChild(accreditableElement);
}
policyElement.setAttribute(SSL_ATTRIBUTE, Boolean.toString(policy.isSSLProtected()));
return helper.getDocument();
}
/**
* Saves an accreditable to an XML element.
* @param accreditable The accreditable.
* @param helper The namespace helper to be used.
* @return An XML element.
* @throws AccessControlException when something went wrong.
*/
protected static Element save(Accreditable accreditable, NamespaceHelper helper)
throws AccessControlException {
String localName = null;
String id = null;
if (accreditable instanceof User) {
localName = USER_ELEMENT;
id = ((User) accreditable).getId();
} else if (accreditable instanceof AbstractGroup) {
localName = GROUP_ELEMENT;
id = ((AbstractGroup) accreditable).getId();
} else if (accreditable instanceof World) {
localName = WORLD_ELEMENT;
} else if (accreditable instanceof AbstractIPRange) {
localName = IP_RANGE_ELEMENT;
id = ((AbstractIPRange) accreditable).getId();
}
if (localName == null) {
throw new AccessControlException("Could not save accreditable [" + accreditable + "]");
}
Element element = helper.createElement(localName);
if (id != null) {
element.setAttribute(ID_ATTRIBUTE, id);
}
return element;
}
/**
* @see org.apache.lenya.cms.ac2.cache.InputStreamBuilder#build(org.apache.excalibur.source.Source)
*/
public Object build(InputStream stream) throws BuildException {
Object value = null;
try {
value = buildPolicy(stream);
} catch (AccessControlException e) {
throw new BuildException(e);
}
return value;
}
}