Source Code of com.trendmicro.tme.grapheditor.ZKIdentityService

package com.trendmicro.tme.grapheditor;

import java.security.Principal;

import javax.security.auth.Subject;

import org.eclipse.jetty.security.DefaultUserIdentity;
import org.eclipse.jetty.security.IdentityService;
import org.eclipse.jetty.security.RunAsToken;
import org.eclipse.jetty.server.UserIdentity;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import com.trendmicro.codi.CODIException;
import com.trendmicro.codi.ZKSessionManager;
import com.trendmicro.codi.ZNode;

public class ZKIdentityService implements IdentityService {
    private final static Logger logger = LoggerFactory.getLogger(ZKIdentityService.class);
    private ZNode authNode = null;
    private static final String[] guestRole = new String[] {
        "guest"
    };

    /**
     * The constructor of ZkIdentityService The Authorization node stored on
     * Zookeeper should be the format<br>
     *
     * <pre>
     * [user1] [role1],[role2]
     * [user2] [role1]
     * ...
     * </pre>
     *
     * @param authNodePath
     *            The authorization node's path on Zookeeper
     * @param zksm
     *            A initialized Zookeeper session, which has the privilege to
     *            read the authorization node
     * @throws InterruptedException
     * @throws CODIException
     *             If the node does not exist, then the CODIException is
     *             instance of CODIException.NoNode
     */
    public ZKIdentityService(String authNodePath, ZKSessionManager zksm) throws InterruptedException, CODIException {
        if(authNodePath == null)
            throw new IllegalArgumentException("The authorization node path should not be null");
        if(zksm == null)
            throw new IllegalStateException("The ZKSessionManager should be initialized");
        authNode = new ZNode(authNodePath, zksm);
        authNode.getContent();
    }

    @Override
    public Object associate(UserIdentity arg0) {
        return new Object();
    }

    @Override
    public void disassociate(Object arg0) {
    }

    @Override
    public UserIdentity getSystemUserIdentity() {
        return null;
    }

    @Override
    public RunAsToken newRunAsToken(String arg0) {
        return null;
    }

    @Override
    public UserIdentity newUserIdentity(Subject subject, Principal principal, String[] roles) {
        /**
         * Parse the auth node's content, and assign user's roles when the id
         * matches
         */
        String nodeRaw = null;
        try {
            nodeRaw = new String(authNode.getContent());
        }
        catch(Exception e) {
            logger.warn(e.getMessage(), e);
        }

        if(nodeRaw == null)
            return null;

        for(String line : nodeRaw.split("\n")) {
            String[] userRolePair = line.split(" ");
            if(userRolePair.length != 2) {
                continue;
            }
            String user = userRolePair[0];

            String[] userRoles = userRolePair[1].split(",");
            if(principal.getName().equals(user)) {
                return new DefaultUserIdentity(subject, principal, userRoles);
            }
        }
        return new DefaultUserIdentity(subject, principal, guestRole);
    }

    @Override
    public Object setRunAs(UserIdentity arg0, RunAsToken arg1) {
        return null;
    }

    @Override
    public void unsetRunAs(Object arg0) {
    }
}