Package com.google.enterprise.connector.filenet4

Source Code of com.google.enterprise.connector.filenet4.FileAuthorizationHandler

// Copyright 2007-2008 Google Inc. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package com.google.enterprise.connector.filenet4;

import com.google.enterprise.connector.filenet4.filewrap.IConnection;
import com.google.enterprise.connector.filenet4.filewrap.IDocument;
import com.google.enterprise.connector.filenet4.filewrap.IObjectStore;
import com.google.enterprise.connector.filenet4.filewrap.IUser;
import com.google.enterprise.connector.filenet4.filewrap.IUserContext;
import com.google.enterprise.connector.filenet4.filewrap.IVersionSeries;
import com.google.enterprise.connector.spi.AuthenticationIdentity;
import com.google.enterprise.connector.spi.AuthorizationResponse;
import com.google.enterprise.connector.spi.RepositoryException;

import com.filenet.api.admin.PropertyDefinition;
import com.filenet.api.admin.PropertyDefinitionString;
import com.filenet.api.constants.ClassNames;
import com.filenet.api.constants.GuidConstants;
import com.filenet.api.security.MarkingSet;
import com.filenet.api.util.UserContext;

import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.util.Iterator;
import java.util.logging.Level;
import java.util.logging.Logger;

public class FileAuthorizationHandler implements AuthorizationHandler {
  private static final Logger logger =
      Logger.getLogger(FileAuthorizationHandler.class.getName());

  private final IConnection conn;
  private final IObjectStore objectStore;
  private boolean checkMarkings;

  public FileAuthorizationHandler(IConnection conn, IObjectStore objectStore,
          boolean checkMarkings) {
    this.conn = conn;
    this.objectStore = objectStore;
    this.checkMarkings = checkMarkings;
  }

  @Override
  public void pushSubject() {
    UserContext.get().pushSubject(conn.getSubject());
  }

  @Override
  public void popSubject() {
    UserContext.get().popSubject();
  }

  @Override
  public IUser getUser(AuthenticationIdentity id) {
    // Lookup FileNet user and user's groups
    IUserContext uc = conn.getUserContext();
    String username = FileUtil.getUserName(id);
    try {
      return uc.lookupUser(username);
    } catch (RepositoryException e) {
      logger.log(Level.WARNING, "Failed to lookup user [" + username
          + "] in FileNet", e);
      return null;
    }
  }

  @Override
  public boolean hasMarkings() {
    // check for the marking sets applied over the document class
    try {
      Iterator<PropertyDefinition> propertyDefinitionIterator =
          objectStore.getPropertyDefinitions(GuidConstants.Class_Document,
              null);
      boolean hasMarkings = false;

      while (propertyDefinitionIterator.hasNext()) {
        PropertyDefinition propertyDefinition = propertyDefinitionIterator.next();

        if (propertyDefinition instanceof PropertyDefinitionString) {
          MarkingSet markingSet = ((PropertyDefinitionString) propertyDefinition).get_MarkingSet();
          if (markingSet != null) {
            logger.log(Level.INFO, "Document class has property associated with Markings set");
            hasMarkings = true;
            break;
          }
        }
      }
      if (hasMarkings == true) {
        if (this.checkMarkings == true) {
          logger.log(Level.INFO, "Connector is configured to perform marking set's check for authorization");
        } else {
          logger.log(Level.INFO, "Connector is not configured to perform marking set's check for authorization");
        }
      } else {
        logger.log(Level.INFO, "Document class does not have properties associated with Markings set hence; Marking set's check is  not required for authorization");
        this.checkMarkings = false;
      }
    } catch (Exception ecp) {
      logger.log(Level.SEVERE, ecp.getStackTrace().toString());
    }
    return this.checkMarkings;
  }

  @Override
  public AuthorizationResponse authorizeDocid(String docId, IUser user,
      boolean checkMarkings) throws RepositoryException {
    AuthorizationResponse authorizationResponse = null;
    IVersionSeries versionSeries = null;
    try {
      logger.config("Getting version series for document DocID: "
          + docId);
      versionSeries = (IVersionSeries) objectStore.getObject(ClassNames.VERSION_SERIES, URLDecoder.decode(docId, "UTF-8"));
    } catch (UnsupportedEncodingException e) {
      logger.log(Level.WARNING, "Unable to Decode: Encoding is not supported for the document with DocID: "
          + docId);
      versionSeries = null;
    } catch (RepositoryException e) {
      logger.log(Level.WARNING, "Error : document Version Series Id "
          + docId + " may no longer exist. Message: "
          + e.getLocalizedMessage());
      versionSeries = null;
    }

    if (versionSeries != null) {
      logger.config("Authorizing DocID: " + docId + " for user: "
          + user.get_Name());
      // Check whether the search user is authorized to view document
      // contents or
      // not.
      IDocument releasedVersion = versionSeries.get_ReleasedVersion();
      Permissions permissions = new Permissions(
          releasedVersion.get_Permissions(), releasedVersion.get_Owner());
      if (permissions.authorize(user)) {
        logger.log(Level.INFO, "As per the ACLS User "
            + user.get_Name()
            + " is authorized for document DocID " + docId);
        authorizationResponse = new AuthorizationResponse(true,
            docId);

        if (checkMarkings) {
          logger.log(Level.INFO, "Authorizing DocID: " + docId
              + " for user: " + user.get_Name()
              + " for Marking sets ");

          // check whether current document has property values
          // set for properties associated with marking sets or
          // not //
          if (releasedVersion.get_ActiveMarkings() != null) {
            logger.log(Level.INFO, "Document has property associated with Markings set");

            // check whether USER is authorized to view the
            // document as per the Marking set security applied
            // over it.
            MarkingPermissions markingPermissions =
                new MarkingPermissions(releasedVersion.get_ActiveMarkings());
            if (markingPermissions.authorize(user)) {
              logger.log(Level.INFO, "As per the Marking Sets User "
                  + user.get_Name()
                  + " is authorized for document DocID "
                  + docId);
              authorizationResponse = new AuthorizationResponse(
                  true, docId);
            } else {
              logger.log(Level.INFO, "As per the Marking Sets User "
                  + user.get_Name()
                  + " is NOT authorized for document DocID "
                  + docId);
              authorizationResponse = new AuthorizationResponse(
                  false, docId);
            }

          } else {
            logger.log(Level.INFO, "Document does not have property associated with Marking Sets "
                + docId);
            logger.log(Level.INFO, "User "
                + user.get_Name()
                + " is authorized for document DocID "
                + docId);
            authorizationResponse = new AuthorizationResponse(
                true, docId);
          }
        } else {
          logger.log(Level.INFO, "Either Document class does not have property associated with Marking Sets or Connector is not configured to check Marking Sets ");
          logger.log(Level.INFO, "User " + user.get_Name()
              + " is authorized for document DocID " + docId);
          authorizationResponse = new AuthorizationResponse(true,
              docId);
        }
      } else {
        authorizationResponse = new AuthorizationResponse(false,
            docId);
        logger.log(Level.INFO, "As per the ACLS User "
            + user.get_Name()
            + " is NOT authorized for document DocID " + docId);
      }
    } else {
      authorizationResponse = new AuthorizationResponse(false, docId);
      logger.log(Level.INFO, "User " + user.get_Name()
          + " is NOT authorized for document DocID " + docId
          + "version series null");
    }
    return authorizationResponse;
  }
}
TOP

Related Classes of com.google.enterprise.connector.filenet4.FileAuthorizationHandler

TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.