/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package org.apache.lenya.cms.ac;
import java.io.IOException;
import java.net.MalformedURLException;
import java.util.HashSet;
import java.util.Set;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.avalon.framework.logger.AbstractLogEnabled;
import org.apache.avalon.framework.service.ServiceException;
import org.apache.avalon.framework.service.ServiceManager;
import org.apache.avalon.framework.service.Serviceable;
import org.apache.excalibur.source.Source;
import org.apache.excalibur.source.SourceNotFoundException;
import org.apache.excalibur.source.SourceResolver;
import org.apache.lenya.ac.AccessControlException;
import org.apache.lenya.ac.Accreditable;
import org.apache.lenya.ac.AccreditableManager;
import org.apache.lenya.ac.Credential;
import org.apache.lenya.ac.Identity;
import org.apache.lenya.ac.Policy;
import org.apache.lenya.ac.PolicyManager;
import org.apache.lenya.ac.Role;
import org.apache.lenya.ac.impl.PolicyBuilder;
import org.apache.lenya.xml.DocumentHelper;
import org.w3c.dom.Document;
import org.xml.sax.SAXException;
/**
* Policy manager based on Cocoon sitemaps.
* @version $Id: SitemapPolicyManager.java 473861 2006-11-12 03:51:14Z gregor $
*/
public class SitemapPolicyManager extends AbstractLogEnabled implements PolicyManager, Serviceable {
private Credential[] credentials;
/**
* @see org.apache.lenya.ac.PolicyManager#getPolicy(org.apache.lenya.ac.AccreditableManager,
* java.lang.String)
*/
public Policy getPolicy(AccreditableManager accreditableManager, String url)
throws AccessControlException {
url = url.substring(1);
int slashIndex = url.indexOf("/");
if (slashIndex == -1) {
slashIndex = url.length();
}
String publicationId = url.substring(0, slashIndex);
url = url.substring(publicationId.length());
SourceResolver resolver = null;
Policy policy = null;
Source source = null;
try {
resolver = (SourceResolver) getManager().lookup(SourceResolver.ROLE);
String policyUrl = publicationId + "/policies" + url + ".acml";
getLogger().debug("Policy URL: " + policyUrl);
source = resolver.resolveURI("cocoon://" + policyUrl);
Document document = DocumentHelper.readDocument(source.getInputStream());
policy = new PolicyBuilder(accreditableManager).buildPolicy(document);
this.credentials=policy.getCredentials();
} catch (SourceNotFoundException e) {
throw new AccessControlException(e);
} catch (ServiceException e) {
throw new AccessControlException(e);
} catch (MalformedURLException e) {
throw new AccessControlException(e);
} catch (IOException e) {
throw new AccessControlException(e);
} catch (ParserConfigurationException e) {
throw new AccessControlException(e);
} catch (SAXException e) {
throw new AccessControlException(e);
} catch (AccessControlException e) {
throw new AccessControlException(e);
} finally {
if (resolver != null) {
if (source != null) {
resolver.release(source);
}
getManager().release(resolver);
}
}
return policy;
}
private ServiceManager manager;
/**
* @see org.apache.avalon.framework.service.Serviceable#service(org.apache.avalon.framework.service.ServiceManager)
*/
public void service(ServiceManager _manager) throws ServiceException {
this.manager = _manager;
}
/**
* Returns the service manager.
* @return A service manager.
*/
public ServiceManager getManager() {
return this.manager;
}
/**
* @see org.apache.lenya.ac.PolicyManager#accreditableRemoved(org.apache.lenya.ac.AccreditableManager,
* org.apache.lenya.ac.Accreditable)
*/
public void accreditableRemoved(AccreditableManager _manager, Accreditable accreditable)
throws AccessControlException {
// do nothing
}
/**
* @see org.apache.lenya.ac.PolicyManager#accreditableAdded(org.apache.lenya.ac.AccreditableManager,
* org.apache.lenya.ac.Accreditable)
*/
public void accreditableAdded(AccreditableManager _manager, Accreditable accreditable)
throws AccessControlException {
// do nothing
}
public Credential[] getCredentials(AccreditableManager controller, String url) throws AccessControlException {
Credential[] copy = new Credential[credentials.length];
for (int i = 0; i < credentials.length; i++) {
copy[i]=credentials[i];
}
return copy;
}
public Role[] getGrantedRoles(AccreditableManager accreditableManager, Identity identity,
String url) throws AccessControlException {
Role[] roles = accreditableManager.getRoleManager().getRoles();
Set grantedRoles = new HashSet();
Policy policy = getPolicy(accreditableManager, url);
for (int i = 0; i < roles.length; i++) {
if (policy.check(identity, roles[i]) == Policy.RESULT_GRANTED) {
grantedRoles.add(roles[i]);
}
}
return (Role[]) grantedRoles.toArray(new Role[grantedRoles.size()]);
}
}