Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

de.deepamehta.plugins.accesscontrol
Class AccessControlPlugin

Show UML class diagram 
java.lang.Object
  extended by de.deepamehta.core.osgi.PluginActivator
      extended by de.deepamehta.plugins.accesscontrol.AccessControlPlugin
All Implemented Interfaces:
PluginContext, AllPluginsActiveListener, IntroduceAssociationTypeListener, IntroduceTopicTypeListener, PostCreateAssociationListener, PostCreateTopicListener, PostUpdateTopicListener, PreSendAssociationTypeListener, PreSendTopicTypeListener, ResourceRequestFilterListener, ServiceRequestFilterListener, EventListener, PluginService, AccessControlService, BundleActivator
public class AccessControlPlugin
extends PluginActivator
implements AccessControlService, AllPluginsActiveListener, PostCreateTopicListener, PostCreateAssociationListener, PostUpdateTopicListener, IntroduceTopicTypeListener, IntroduceAssociationTypeListener, ServiceRequestFilterListener, ResourceRequestFilterListener, PreSendTopicTypeListener, PreSendAssociationTypeListener

Field Summary
private static String AUTHENTICATION_REALM
           
private static AccessControlList DEFAULT_INSTANCE_ACL
           
private static String DEFAULT_PASSWORD
           
private static AccessControlList DEFAULT_TYPE_ACL
           
private static AccessControlList DEFAULT_USER_ACCOUNT_ACL
           
private static String DEFAULT_USERNAME
           
private  Logger logger
           
private static DeepaMehtaEvent POST_LOGIN_USER
           
private static DeepaMehtaEvent POST_LOGOUT_USER
           
private static boolean READ_REQUIRES_LOGIN
           
private  javax.servlet.http.HttpServletRequest request
           
private static String SUBNET_FILTER
           
private static String URI_ACL
           
private static String URI_CREATOR
           
private static String URI_OWNER
           
private static boolean WRITE_REQUIRES_LOGIN
           
private  WorkspacesService wsService
           
 
Fields inherited from class de.deepamehta.core.osgi.PluginActivator
bundle, dms
 
Constructor Summary
AccessControlPlugin()
           
 
Method Summary
private  void _login(String username, javax.servlet.http.HttpServletRequest request)
           
private  void _logout(javax.servlet.http.HttpServletRequest request)
           
 void allPluginsActive()
          Setup access control for the default user and the default topicmap.
private  void assignToDefaultWorkspace(Topic topic, String info)
           
private  void checkAuthorization(javax.servlet.http.HttpServletRequest request)
           
private  boolean checkCredentials(Credentials cred)
           
private  void checkRequestOrigin(javax.servlet.http.HttpServletRequest request)
           
private  Permissions createPermissions(boolean write)
           
private  Permissions createPermissions(boolean write, boolean create)
           
private  Topic createUserAccount(Credentials cred)
           
private  void enrichWithPermissions(Type type, Permissions permissions)
           
private  Topic fetchDefaultTopicmap()
           
private  Topic fetchDefaultUser()
          Fetches the default user ("admin").
private  Topic fetchUserAccount(Topic username)
          Prerequisite: username is not null.
 AccessControlList getACL(DeepaMehtaObject object)
          Returns the Access Control List of a topic or an association.
 Permissions getAssociationPermissions(long assocId)
           
 Collection<Association> getAssociationsByCreator(String username)
           
 Collection<Association> getAssociationsByOwner(String username)
           
 String getCreator(DeepaMehtaObject object)
          Returns the creator of a topic or an association.
 String getOwner(DeepaMehtaObject object)
          Returns the owner of a topic or an association.
private  Permissions getPermissions(DeepaMehtaObject object)
           
private  Permissions getPermissions(Type type)
           
 Permissions getTopicPermissions(long topicId)
           
 Collection<Topic> getTopicsByCreator(String username)
           
 Collection<Topic> getTopicsByOwner(String username)
           
 String getUsername()
          Returns the username of the logged in user.
 Topic getUsername(String username)
          Returns the "Username" topic for the specified username.
private  Topic getUsernameOrThrow(String username)
           
private  boolean hasPermission(String username, Operation operation, DeepaMehtaObject object)
          Checks if a user is allowed to perform an operation on an object (topic or association).
private  String info(DeepaMehtaObject object)
           
private  String info(javax.servlet.http.HttpServletRequest request)
           
private  String info(javax.servlet.http.HttpSession session)
           
 void init()
           
 void introduceAssociationType(AssociationType assocType)
           
 void introduceTopicType(TopicType topicType)
           
private  boolean isLoginRequired(javax.servlet.http.HttpServletRequest request)
           
private  boolean isUserAccount(Topic topic)
           
private  void joinIfWorkspace(Topic topic)
           
 void joinWorkspace(String username, long workspaceId)
           
 void joinWorkspace(Topic username, long workspaceId)
           
 void login()
          Checks weather the credentials in the authorization string match an existing User Account, and if so, creates an HTTP session.
 void logout()
          Logs the user out.
private  boolean matches(Topic username, String password)
          Prerequisite: username is not null.
private  String password(Topic userAccount)
           
private  ChildTopicsModel permissions(DeepaMehtaObject object)
           
 void postCreateAssociation(Association assoc)
           
 void postCreateTopic(Topic topic)
           
 void postInstall()
           
 void postUpdateTopic(Topic topic, TopicModel newModel, TopicModel oldModel)
           
 void preSendAssociationType(AssociationType assocType)
           
 void preSendTopicType(TopicType topicType)
           
private  void requestFilter(javax.servlet.http.HttpServletRequest request)
           
 void resourceRequestFilter(javax.servlet.http.HttpServletRequest servletRequest)
           
 void serviceRequestFilter(com.sun.jersey.spi.container.ContainerRequest containerRequest)
           
 void setACL(DeepaMehtaObject object, AccessControlList acl)
          Sets the Access Control List for a topic or an association.
 void setCreator(DeepaMehtaObject object, String username)
          Sets the creator of a topic or an association.
 void setOwner(DeepaMehtaObject object, String username)
          Sets the owner of a topic or an association.
private  void setupAccessControl(DeepaMehtaObject object, AccessControlList acl)
           
private  void setupAccessControl(DeepaMehtaObject object, AccessControlList acl, String username)
           
private  void setupAccessControlForDefaultTopicmap(Topic defaultTopicmap)
           
private  void setupDefaultAccessControl(DeepaMehtaObject object)
          Sets the logged in user as the creator and the owner of the specified object and creates a default access control entry for it.
private  void setupDefaultAccessControl(Type type)
           
private  void setupUserAccountAccessControl(Topic topic)
           
private  void setupViewConfigAccessControl(ViewConfiguration viewConfig)
           
private  void throw401Unauthorized()
           
private  void throw403Forbidden()
           
private  boolean tryLogin(Credentials cred, javax.servlet.http.HttpServletRequest request)
          Checks weather the credentials are valid and if so logs the user in.
private  String userInfo(String username)
           
private  boolean userIsCreator(String username, DeepaMehtaObject object)
          Checks if a user is the creator of the object.
private  boolean userIsMember(String username, DeepaMehtaObject object)
          Checks if a user is a member of any workspace the object is assigned to.
private  boolean userIsOwner(String username, DeepaMehtaObject object)
          Checks if a user is the owner of the object.
private  String username(javax.servlet.http.HttpSession session)
           
private  boolean userOccupiesRole(String username, UserRole userRole, DeepaMehtaObject object)
          Checks if a user occupies a role with regard to the specified object.
 
Methods inherited from class de.deepamehta.core.osgi.PluginActivator
getBundleContext, getPluginName, getStaticResource, getUri, publishDirectory, serviceArrived, serviceGone, setCoreService, shutdown, start, stop, toString
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

READ_REQUIRES_LOGIN

private static final boolean READ_REQUIRES_LOGIN

WRITE_REQUIRES_LOGIN

private static final boolean WRITE_REQUIRES_LOGIN

SUBNET_FILTER

private static final String SUBNET_FILTER

AUTHENTICATION_REALM

private static final String AUTHENTICATION_REALM
See Also:
Constant Field Values

DEFAULT_USERNAME

private static final String DEFAULT_USERNAME
See Also:
Constant Field Values

DEFAULT_PASSWORD

private static final String DEFAULT_PASSWORD
See Also:
Constant Field Values

DEFAULT_INSTANCE_ACL

private static final AccessControlList DEFAULT_INSTANCE_ACL

DEFAULT_TYPE_ACL

private static final AccessControlList DEFAULT_TYPE_ACL

DEFAULT_USER_ACCOUNT_ACL

private static final AccessControlList DEFAULT_USER_ACCOUNT_ACL

URI_CREATOR

private static String URI_CREATOR

URI_OWNER

private static String URI_OWNER

URI_ACL

private static String URI_ACL

POST_LOGIN_USER

private static DeepaMehtaEvent POST_LOGIN_USER

POST_LOGOUT_USER

private static DeepaMehtaEvent POST_LOGOUT_USER

wsService

private WorkspacesService wsService

request

@Context
private javax.servlet.http.HttpServletRequest request

logger

private Logger logger
Constructor Detail

AccessControlPlugin

public AccessControlPlugin()
Method Detail

login

public void login()
Description copied from interface: AccessControlService
Checks weather the credentials in the authorization string match an existing User Account, and if so, creates an HTTP session. ### FIXDOC

Specified by:
login in interface AccessControlService

logout

public void logout()
Description copied from interface: AccessControlService
Logs the user out. That is invalidating the session associated with the JSESSION ID cookie. For a "non-private" DM installation the response is 204 No Content. For a "private" DM installation the response is 401 Authorization Required. In this case the webclient is supposed to shutdown the DM GUI then. The webclient of a "private" DM installation must only be visible/usable when logged in.

Specified by:
logout in interface AccessControlService

getUsername

public String getUsername()
Description copied from interface: AccessControlService
Returns the username of the logged in user.

Specified by:
getUsername in interface AccessControlService
Returns:
The username, or null if no user is logged in.

getUsername

public Topic getUsername(String username)
Description copied from interface: AccessControlService
Returns the "Username" topic for the specified username.

Specified by:
getUsername in interface AccessControlService
Returns:
The "Username" topic (type dm4.accesscontrol.username), or null if no such username exists.

getTopicPermissions

public Permissions getTopicPermissions(long topicId)
Specified by:
getTopicPermissions in interface AccessControlService

getAssociationPermissions

public Permissions getAssociationPermissions(long assocId)
Specified by:
getAssociationPermissions in interface AccessControlService

getCreator

public String getCreator(DeepaMehtaObject object)
Description copied from interface: AccessControlService
Returns the creator of a topic or an association.

Specified by:
getCreator in interface AccessControlService
Returns:
The username of the creator, or null if no creator is set.

setCreator

public void setCreator(DeepaMehtaObject object,
                       String username)
Description copied from interface: AccessControlService
Sets the creator of a topic or an association.

Specified by:
setCreator in interface AccessControlService

getOwner

public String getOwner(DeepaMehtaObject object)
Description copied from interface: AccessControlService
Returns the owner of a topic or an association.

Specified by:
getOwner in interface AccessControlService
Returns:
The username of the owner, or null if no owner is set.

setOwner

public void setOwner(DeepaMehtaObject object,
                     String username)
Description copied from interface: AccessControlService
Sets the owner of a topic or an association.

Specified by:
setOwner in interface AccessControlService

getACL

public AccessControlList getACL(DeepaMehtaObject object)
Description copied from interface: AccessControlService
Returns the Access Control List of a topic or an association.

Specified by:
getACL in interface AccessControlService
Returns:
The Access Control List. If no one was set an empty Access Control List is returned.

setACL

public void setACL(DeepaMehtaObject object,
                   AccessControlList acl)
Description copied from interface: AccessControlService
Sets the Access Control List for a topic or an association.

Specified by:
setACL in interface AccessControlService

joinWorkspace

public void joinWorkspace(String username,
                          long workspaceId)
Specified by:
joinWorkspace in interface AccessControlService

joinWorkspace

public void joinWorkspace(Topic username,
                          long workspaceId)
Specified by:
joinWorkspace in interface AccessControlService

getTopicsByCreator

public Collection<Topic> getTopicsByCreator(String username)
Specified by:
getTopicsByCreator in interface AccessControlService

getTopicsByOwner

public Collection<Topic> getTopicsByOwner(String username)
Specified by:
getTopicsByOwner in interface AccessControlService

getAssociationsByCreator

public Collection<Association> getAssociationsByCreator(String username)
Specified by:
getAssociationsByCreator in interface AccessControlService

getAssociationsByOwner

public Collection<Association> getAssociationsByOwner(String username)
Specified by:
getAssociationsByOwner in interface AccessControlService

postInstall

public void postInstall()
Specified by:
postInstall in interface PluginContext
Overrides:
postInstall in class PluginActivator

init

public void init()
Specified by:
init in interface PluginContext
Overrides:
init in class PluginActivator

allPluginsActive

public void allPluginsActive()
Setup access control for the default user and the default topicmap. 1) assign default user to default workspace 2) assign default topicmap to default workspace 3) setup access control for default topicmap

Specified by:
allPluginsActive in interface AllPluginsActiveListener

postCreateTopic

public void postCreateTopic(Topic topic)
Specified by:
postCreateTopic in interface PostCreateTopicListener

postCreateAssociation

public void postCreateAssociation(Association assoc)
Specified by:
postCreateAssociation in interface PostCreateAssociationListener

postUpdateTopic

public void postUpdateTopic(Topic topic,
                            TopicModel newModel,
                            TopicModel oldModel)
Specified by:
postUpdateTopic in interface PostUpdateTopicListener

introduceTopicType

public void introduceTopicType(TopicType topicType)
Specified by:
introduceTopicType in interface IntroduceTopicTypeListener

introduceAssociationType

public void introduceAssociationType(AssociationType assocType)
Specified by:
introduceAssociationType in interface IntroduceAssociationTypeListener

serviceRequestFilter

public void serviceRequestFilter(com.sun.jersey.spi.container.ContainerRequest containerRequest)
Specified by:
serviceRequestFilter in interface ServiceRequestFilterListener

resourceRequestFilter

public void resourceRequestFilter(javax.servlet.http.HttpServletRequest servletRequest)
Specified by:
resourceRequestFilter in interface ResourceRequestFilterListener

preSendTopicType

public void preSendTopicType(TopicType topicType)
Specified by:
preSendTopicType in interface PreSendTopicTypeListener

preSendAssociationType

public void preSendAssociationType(AssociationType assocType)
Specified by:
preSendAssociationType in interface PreSendAssociationTypeListener

createUserAccount

private Topic createUserAccount(Credentials cred)

isUserAccount

private boolean isUserAccount(Topic topic)

fetchDefaultUser

private Topic fetchDefaultUser()
Fetches the default user ("admin").

Returns:
The default user (a Topic of type "Username" / dm4.accesscontrol.username).
Throws:
RuntimeException - If the default user doesn't exist.

getUsernameOrThrow

private Topic getUsernameOrThrow(String username)

joinIfWorkspace

private void joinIfWorkspace(Topic topic)

assignToDefaultWorkspace

private void assignToDefaultWorkspace(Topic topic,
                                      String info)

setupAccessControlForDefaultTopicmap

private void setupAccessControlForDefaultTopicmap(Topic defaultTopicmap)

fetchDefaultTopicmap

private Topic fetchDefaultTopicmap()

requestFilter

private void requestFilter(javax.servlet.http.HttpServletRequest request)

checkRequestOrigin

private void checkRequestOrigin(javax.servlet.http.HttpServletRequest request)

checkAuthorization

private void checkAuthorization(javax.servlet.http.HttpServletRequest request)

isLoginRequired

private boolean isLoginRequired(javax.servlet.http.HttpServletRequest request)

tryLogin

private boolean tryLogin(Credentials cred,
                         javax.servlet.http.HttpServletRequest request)
Checks weather the credentials are valid and if so logs the user in.

Returns:
true if the credentials are valid.

checkCredentials

private boolean checkCredentials(Credentials cred)

_login

private void _login(String username,
                    javax.servlet.http.HttpServletRequest request)

_logout

private void _logout(javax.servlet.http.HttpServletRequest request)

matches

private boolean matches(Topic username,
                        String password)
Prerequisite: username is not null.

Parameters:
password - The encrypted password.

fetchUserAccount

private Topic fetchUserAccount(Topic username)
Prerequisite: username is not null.

username

private String username(javax.servlet.http.HttpSession session)

password

private String password(Topic userAccount)
Returns:
The encryted password of the specified User Account.

throw401Unauthorized

private void throw401Unauthorized()

throw403Forbidden

private void throw403Forbidden()

setupDefaultAccessControl

private void setupDefaultAccessControl(DeepaMehtaObject object)
Sets the logged in user as the creator and the owner of the specified object and creates a default access control entry for it. If no user is logged in, nothing is performed.

setupDefaultAccessControl

private void setupDefaultAccessControl(Type type)

setupUserAccountAccessControl

private void setupUserAccountAccessControl(Topic topic)

setupViewConfigAccessControl

private void setupViewConfigAccessControl(ViewConfiguration viewConfig)

setupAccessControl

private void setupAccessControl(DeepaMehtaObject object,
                                AccessControlList acl)

setupAccessControl

private void setupAccessControl(DeepaMehtaObject object,
                                AccessControlList acl,
                                String username)
Parameters:
username - must not be null.

getPermissions

private Permissions getPermissions(DeepaMehtaObject object)

getPermissions

private Permissions getPermissions(Type type)

hasPermission

private boolean hasPermission(String username,
                              Operation operation,
                              DeepaMehtaObject object)
Checks if a user is allowed to perform an operation on an object (topic or association). If so, true is returned.

Parameters:
username - the logged in user (a Topic of type "Username" / dm4.accesscontrol.username), or null if no user is logged in.

userOccupiesRole

private boolean userOccupiesRole(String username,
                                 UserRole userRole,
                                 DeepaMehtaObject object)
Checks if a user occupies a role with regard to the specified object. If so, true is returned.

Parameters:
username - the logged in user (a Topic of type "Username" / dm4.accesscontrol.username), or null if no user is logged in.

userIsMember

private boolean userIsMember(String username,
                             DeepaMehtaObject object)
Checks if a user is a member of any workspace the object is assigned to. If so, true is returned. Prerequisite: a user is logged in (username is not null).

Parameters:
username - a Topic of type "Username" (dm4.accesscontrol.username). ### FIXDOC
object - the object in question.

userIsOwner

private boolean userIsOwner(String username,
                            DeepaMehtaObject object)
Checks if a user is the owner of the object. If so, true is returned. Prerequisite: a user is logged in (username is not null).

Parameters:
username - a Topic of type "Username" (dm4.accesscontrol.username). ### FIXDOC

userIsCreator

private boolean userIsCreator(String username,
                              DeepaMehtaObject object)
Checks if a user is the creator of the object. If so, true is returned. Prerequisite: a user is logged in (username is not null).

Parameters:
username - a Topic of type "Username" (dm4.accesscontrol.username). ### FIXDOC

enrichWithPermissions

private void enrichWithPermissions(Type type,
                                   Permissions permissions)

permissions

private ChildTopicsModel permissions(DeepaMehtaObject object)

createPermissions

private Permissions createPermissions(boolean write)

createPermissions

private Permissions createPermissions(boolean write,
                                      boolean create)

info

private String info(DeepaMehtaObject object)

userInfo

private String userInfo(String username)

info

private String info(javax.servlet.http.HttpSession session)

info

private String info(javax.servlet.http.HttpServletRequest request)
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2014. All Rights Reserved.