de.deepamehta.plugins.accesscontrol
Class AccessControlPlugin

Show UML class diagram
java.lang.Object
  extended by de.deepamehta.core.osgi.PluginActivator
      extended by de.deepamehta.plugins.accesscontrol.AccessControlPlugin
All Implemented Interfaces:
PluginContext, PostCreateAssociationListener, PostCreateTopicListener, PostUpdateAssociationListener, PostUpdateTopicListener, PreGetAssociationListener, PreGetTopicListener, ResourceRequestFilterListener, ServiceRequestFilterListener, EventListener, PluginService, AccessControlService, org.osgi.framework.BundleActivator

public class AccessControlPlugin
extends PluginActivator
implements AccessControlService, PreGetTopicListener, PreGetAssociationListener, PostCreateTopicListener, PostCreateAssociationListener, PostUpdateTopicListener, PostUpdateAssociationListener, ServiceRequestFilterListener, ResourceRequestFilterListener


Field Summary
private static String AUTHENTICATION_REALM
           
private  Logger logger
           
private static String MEMBERSHIP_TYPE
           
private static DeepaMehtaEvent POST_LOGIN_USER
           
private static DeepaMehtaEvent POST_LOGOUT_USER
           
private static String PROP_CREATOR
           
private static String PROP_MODIFIER
           
private static String PROP_OWNER
           
private static boolean READ_REQUIRES_LOGIN
           
private  javax.servlet.http.HttpServletRequest request
           
private static String SUBNET_FILTER
           
private static boolean WRITE_REQUIRES_LOGIN
           
private  WorkspacesService wsService
           
 
Fields inherited from class de.deepamehta.core.osgi.PluginActivator
bundle, dms
 
Fields inherited from interface de.deepamehta.plugins.accesscontrol.service.AccessControlService
ADMIN_DEFAULT_PASSWORD, ADMIN_USERNAME, DEFAULT_PRIVATE_WORKSPACE_NAME, SYSTEM_WORKSPACE_NAME, SYSTEM_WORKSPACE_SHARING_MODE, SYSTEM_WORKSPACE_URI
 
Constructor Summary
AccessControlPlugin()
           
 
Method Summary
private  void _login(String username, javax.servlet.http.HttpServletRequest request)
           
private  void _logout(javax.servlet.http.HttpServletRequest request)
           
private  void assignSearchTopic(Topic searchTopic)
           
private  void checkAuthorization(javax.servlet.http.HttpServletRequest request)
           
private  boolean checkCredentials(Credentials cred)
           
private  void checkReadPermission(long objectId)
           
private  void checkRequestOrigin(javax.servlet.http.HttpServletRequest request)
           
 void createMembership(String username, long workspaceId)
           
 Topic createUserAccount(Credentials cred)
           
 Permissions getAssociationPermissions(long assocId)
           
 Collection<Association> getAssociationsByCreator(String username)
           
 Collection<Association> getAssociationsByOwner(String username)
           
 String getCreator(long objectId)
          Returns the creator of a topic or an association.
 String getModifier(long objectId)
          Returns the modifier of a topic or an association.
private  Topic getPasswordTopic(Topic userAccount)
           
private  Permissions getPermissions(long objectId)
           
 Topic getPrivateWorkspace()
          Returns the private workspace of the logged in user.
 Permissions getTopicPermissions(long topicId)
           
 Collection<Topic> getTopicsByCreator(String username)
           
 Collection<Topic> getTopicsByOwner(String username)
           
private  Topic getUserAccount(Topic usernameTopic)
           
 String getUsername()
          Returns the username of the logged in user.
 Topic getUsernameTopic(String username)
          Returns the "Username" topic for the specified username.
private  Topic getUsernameTopicOrThrow(String username)
           
 String getWorkspaceOwner(long workspaceId)
          Returns the owner of a workspace.
private  boolean hasPermission(String username, Operation operation, long objectId)
          Checks if a user is permitted to perform an operation on an object (topic or association).
private  String info(DeepaMehtaObject object)
           
private  String info(javax.servlet.http.HttpServletRequest request)
           
private  String info(javax.servlet.http.HttpSession session)
           
 void init()
           
private  boolean inRequestScope()
           
private  boolean isLoginRequired(javax.servlet.http.HttpServletRequest request)
           
 boolean isMember(String username, long workspaceId)
          Checks if a user is a member of the given workspace.
private  boolean isMembership(AssociationModel assoc)
           
 void login()
          Checks weather the credentials in the authorization string match an existing User Account, and if so, creates an HTTP session.
 void logout()
          Logs the user out.
 void postCreateAssociation(Association assoc)
           
 void postCreateTopic(Topic topic)
           
 void postUpdateAssociation(Association assoc, AssociationModel oldModel)
           
 void postUpdateTopic(Topic topic, TopicModel newModel, TopicModel oldModel)
           
 void preGetAssociation(long assocId)
           
 void preGetTopic(long topicId)
           
private  void requestFilter(javax.servlet.http.HttpServletRequest request)
           
 void resourceRequestFilter(javax.servlet.http.HttpServletRequest servletRequest)
           
 void serviceRequestFilter(com.sun.jersey.spi.container.ContainerRequest containerRequest)
           
private  void setCreator(DeepaMehtaObject object, String username)
          Sets the creator of a topic or an association.
private  void setCreatorAndModifier(DeepaMehtaObject object)
          Sets the logged in user as the creator/modifier of the given object.
private  void setCreatorAndModifier(DeepaMehtaObject object, String username)
           
private  void setModifier(DeepaMehtaObject object)
           
private  void setModifier(DeepaMehtaObject object, String username)
           
private  void setWorkspaceOwner(Topic workspace)
           
 void setWorkspaceOwner(Topic workspace, String username)
          Sets the owner of a workspace.
private  void throw401Unauthorized()
           
private  void throw403Forbidden()
           
private  boolean tryLogin(Credentials cred, javax.servlet.http.HttpServletRequest request)
          Checks weather the credentials are valid and if so logs the user in.
private  String userInfo(String username)
           
private  String username(javax.servlet.http.HttpSession session)
           
 
Methods inherited from class de.deepamehta.core.osgi.PluginActivator
getBundleContext, getPluginName, getStaticResource, getUri, publishDirectory, serviceArrived, serviceGone, setCoreService, shutdown, start, stop, toString
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

READ_REQUIRES_LOGIN

private static final boolean READ_REQUIRES_LOGIN

WRITE_REQUIRES_LOGIN

private static final boolean WRITE_REQUIRES_LOGIN

SUBNET_FILTER

private static final String SUBNET_FILTER

AUTHENTICATION_REALM

private static final String AUTHENTICATION_REALM
See Also:
Constant Field Values

MEMBERSHIP_TYPE

private static final String MEMBERSHIP_TYPE
See Also:
Constant Field Values

PROP_CREATOR

private static String PROP_CREATOR

PROP_OWNER

private static String PROP_OWNER

PROP_MODIFIER

private static String PROP_MODIFIER

POST_LOGIN_USER

private static DeepaMehtaEvent POST_LOGIN_USER

POST_LOGOUT_USER

private static DeepaMehtaEvent POST_LOGOUT_USER

wsService

private WorkspacesService wsService

request

@Context
private javax.servlet.http.HttpServletRequest request

logger

private Logger logger
Constructor Detail

AccessControlPlugin

public AccessControlPlugin()
Method Detail

login

public void login()
Description copied from interface: AccessControlService
Checks weather the credentials in the authorization string match an existing User Account, and if so, creates an HTTP session. ### FIXDOC

Specified by:
login in interface AccessControlService

logout

public void logout()
Description copied from interface: AccessControlService
Logs the user out. That is invalidating the session associated with the JSESSION ID cookie. For a "non-private" DM installation the response is 204 No Content. For a "private" DM installation the response is 401 Authorization Required. In this case the webclient is supposed to shutdown the DM GUI then. The webclient of a "private" DM installation must only be visible/usable when logged in.

Specified by:
logout in interface AccessControlService

getUsername

public String getUsername()
Description copied from interface: AccessControlService
Returns the username of the logged in user.

Specified by:
getUsername in interface AccessControlService
Returns:
The username, or null if no user is logged in.

createUserAccount

public Topic createUserAccount(Credentials cred)
Specified by:
createUserAccount in interface AccessControlService
Returns:
The "Username" topic of the created user account.

getPrivateWorkspace

public Topic getPrivateWorkspace()
Description copied from interface: AccessControlService
Returns the private workspace of the logged in user. If no user is logged in an exception is thrown.

Note: a user can have more than one private workspace. The workspace returned by this method is the one that holds the user's password topic.

Specified by:
getPrivateWorkspace in interface AccessControlService

getUsernameTopic

public Topic getUsernameTopic(String username)
Description copied from interface: AccessControlService
Returns the "Username" topic for the specified username.

Specified by:
getUsernameTopic in interface AccessControlService
Returns:
The "Username" topic (type dm4.accesscontrol.username), or null if no such username exists.

getWorkspaceOwner

public String getWorkspaceOwner(long workspaceId)
Description copied from interface: AccessControlService
Returns the owner of a workspace.

Specified by:
getWorkspaceOwner in interface AccessControlService
Returns:
The username of the owner, or null if no owner is set. ### TODO: should throw an exception instead of returning null

setWorkspaceOwner

public void setWorkspaceOwner(Topic workspace,
                              String username)
Description copied from interface: AccessControlService
Sets the owner of a workspace. ### TODO: should take an ID instead a topic. ### Core service must be extended with a property setter.

Specified by:
setWorkspaceOwner in interface AccessControlService

createMembership

public void createMembership(String username,
                             long workspaceId)
Specified by:
createMembership in interface AccessControlService

isMember

public boolean isMember(String username,
                        long workspaceId)
Description copied from interface: AccessControlService
Checks if a user is a member of the given workspace.

Specified by:
isMember in interface AccessControlService
Parameters:
username - the user. If null is passed, false is returned. If an unknown username is passed an exception is thrown.
workspaceId - the workspace.
Returns:
true if the user is a member, false otherwise.

getTopicPermissions

public Permissions getTopicPermissions(long topicId)
Specified by:
getTopicPermissions in interface AccessControlService
Returns:
A Permissions object with one entry: dm4.accesscontrol.operation.write.

getAssociationPermissions

public Permissions getAssociationPermissions(long assocId)
Specified by:
getAssociationPermissions in interface AccessControlService
Returns:
A Permissions object with one entry: dm4.accesscontrol.operation.write.

getCreator

public String getCreator(long objectId)
Description copied from interface: AccessControlService
Returns the creator of a topic or an association.

Specified by:
getCreator in interface AccessControlService
Returns:
The username of the creator, or null if no creator is set.

getModifier

public String getModifier(long objectId)
Description copied from interface: AccessControlService
Returns the modifier of a topic or an association.

Specified by:
getModifier in interface AccessControlService
Returns:
The username of the modifier, or null if no modifier is set.

getTopicsByCreator

public Collection<Topic> getTopicsByCreator(String username)
Specified by:
getTopicsByCreator in interface AccessControlService

getTopicsByOwner

public Collection<Topic> getTopicsByOwner(String username)
Specified by:
getTopicsByOwner in interface AccessControlService

getAssociationsByCreator

public Collection<Association> getAssociationsByCreator(String username)
Specified by:
getAssociationsByCreator in interface AccessControlService

getAssociationsByOwner

public Collection<Association> getAssociationsByOwner(String username)
Specified by:
getAssociationsByOwner in interface AccessControlService

init

public void init()
Specified by:
init in interface PluginContext
Overrides:
init in class PluginActivator

preGetTopic

public void preGetTopic(long topicId)
Specified by:
preGetTopic in interface PreGetTopicListener

preGetAssociation

public void preGetAssociation(long assocId)
Specified by:
preGetAssociation in interface PreGetAssociationListener

postCreateTopic

public void postCreateTopic(Topic topic)
Specified by:
postCreateTopic in interface PostCreateTopicListener

postCreateAssociation

public void postCreateAssociation(Association assoc)
Specified by:
postCreateAssociation in interface PostCreateAssociationListener

postUpdateTopic

public void postUpdateTopic(Topic topic,
                            TopicModel newModel,
                            TopicModel oldModel)
Specified by:
postUpdateTopic in interface PostUpdateTopicListener

postUpdateAssociation

public void postUpdateAssociation(Association assoc,
                                  AssociationModel oldModel)
Specified by:
postUpdateAssociation in interface PostUpdateAssociationListener

serviceRequestFilter

public void serviceRequestFilter(com.sun.jersey.spi.container.ContainerRequest containerRequest)
Specified by:
serviceRequestFilter in interface ServiceRequestFilterListener

resourceRequestFilter

public void resourceRequestFilter(javax.servlet.http.HttpServletRequest servletRequest)
Specified by:
resourceRequestFilter in interface ResourceRequestFilterListener

getUserAccount

private Topic getUserAccount(Topic usernameTopic)

getPasswordTopic

private Topic getPasswordTopic(Topic userAccount)

getUsernameTopicOrThrow

private Topic getUsernameTopicOrThrow(String username)

isMembership

private boolean isMembership(AssociationModel assoc)

assignSearchTopic

private void assignSearchTopic(Topic searchTopic)

requestFilter

private void requestFilter(javax.servlet.http.HttpServletRequest request)

checkRequestOrigin

private void checkRequestOrigin(javax.servlet.http.HttpServletRequest request)

checkAuthorization

private void checkAuthorization(javax.servlet.http.HttpServletRequest request)

isLoginRequired

private boolean isLoginRequired(javax.servlet.http.HttpServletRequest request)

tryLogin

private boolean tryLogin(Credentials cred,
                         javax.servlet.http.HttpServletRequest request)
Checks weather the credentials are valid and if so logs the user in.

Returns:
true if the credentials are valid.

checkCredentials

private boolean checkCredentials(Credentials cred)

_login

private void _login(String username,
                    javax.servlet.http.HttpServletRequest request)

_logout

private void _logout(javax.servlet.http.HttpServletRequest request)

username

private String username(javax.servlet.http.HttpSession session)

throw401Unauthorized

private void throw401Unauthorized()

throw403Forbidden

private void throw403Forbidden()

setCreatorAndModifier

private void setCreatorAndModifier(DeepaMehtaObject object)
Sets the logged in user as the creator/modifier of the given object.

If no user is logged in, nothing is performed.


setCreatorAndModifier

private void setCreatorAndModifier(DeepaMehtaObject object,
                                   String username)
Parameters:
username - must not be null.

setCreator

private void setCreator(DeepaMehtaObject object,
                        String username)
Sets the creator of a topic or an association.


setModifier

private void setModifier(DeepaMehtaObject object)

setModifier

private void setModifier(DeepaMehtaObject object,
                         String username)

setWorkspaceOwner

private void setWorkspaceOwner(Topic workspace)

checkReadPermission

private void checkReadPermission(long objectId)
Parameters:
objectId - a topic ID, or an association ID

getPermissions

private Permissions getPermissions(long objectId)
Parameters:
objectId - a topic ID, or an association ID.

hasPermission

private boolean hasPermission(String username,
                              Operation operation,
                              long objectId)
Checks if a user is permitted to perform an operation on an object (topic or association).

Parameters:
username - the logged in user, or null if no user is logged in.
objectId - a topic ID, or an association ID.
Returns:
true if permission is granted, false otherwise.

inRequestScope

private boolean inRequestScope()

info

private String info(DeepaMehtaObject object)

userInfo

private String userInfo(String username)

info

private String info(javax.servlet.http.HttpSession session)

info

private String info(javax.servlet.http.HttpServletRequest request)


Copyright © 2015. All Rights Reserved.