|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object de.deepamehta.core.osgi.PluginActivator de.deepamehta.plugins.accesscontrol.AccessControlPlugin
public class AccessControlPlugin
Field Summary | |
---|---|
private static String |
AUTHENTICATION_REALM
|
private Logger |
logger
|
private static String |
MEMBERSHIP_TYPE
|
private static DeepaMehtaEvent |
POST_LOGIN_USER
|
private static DeepaMehtaEvent |
POST_LOGOUT_USER
|
private static String |
PROP_CREATOR
|
private static String |
PROP_MODIFIER
|
private static String |
PROP_OWNER
|
private static boolean |
READ_REQUIRES_LOGIN
|
private javax.servlet.http.HttpServletRequest |
request
|
private static String |
SUBNET_FILTER
|
private static boolean |
WRITE_REQUIRES_LOGIN
|
private WorkspacesService |
wsService
|
Fields inherited from class de.deepamehta.core.osgi.PluginActivator |
---|
bundle, dms |
Fields inherited from interface de.deepamehta.plugins.accesscontrol.service.AccessControlService |
---|
ADMIN_DEFAULT_PASSWORD, ADMIN_USERNAME, DEFAULT_PRIVATE_WORKSPACE_NAME, SYSTEM_WORKSPACE_NAME, SYSTEM_WORKSPACE_SHARING_MODE, SYSTEM_WORKSPACE_URI |
Constructor Summary | |
---|---|
AccessControlPlugin()
|
Method Summary | |
---|---|
private void |
_login(String username,
javax.servlet.http.HttpServletRequest request)
|
private void |
_logout(javax.servlet.http.HttpServletRequest request)
|
private void |
assignSearchTopic(Topic searchTopic)
|
private void |
checkAuthorization(javax.servlet.http.HttpServletRequest request)
|
private boolean |
checkCredentials(Credentials cred)
|
private void |
checkReadPermission(long objectId)
|
private void |
checkRequestOrigin(javax.servlet.http.HttpServletRequest request)
|
void |
createMembership(String username,
long workspaceId)
|
Topic |
createUserAccount(Credentials cred)
|
Permissions |
getAssociationPermissions(long assocId)
|
Collection<Association> |
getAssociationsByCreator(String username)
|
Collection<Association> |
getAssociationsByOwner(String username)
|
String |
getCreator(long objectId)
Returns the creator of a topic or an association. |
String |
getModifier(long objectId)
Returns the modifier of a topic or an association. |
private Topic |
getPasswordTopic(Topic userAccount)
|
private Permissions |
getPermissions(long objectId)
|
Topic |
getPrivateWorkspace()
Returns the private workspace of the logged in user. |
Permissions |
getTopicPermissions(long topicId)
|
Collection<Topic> |
getTopicsByCreator(String username)
|
Collection<Topic> |
getTopicsByOwner(String username)
|
private Topic |
getUserAccount(Topic usernameTopic)
|
String |
getUsername()
Returns the username of the logged in user. |
Topic |
getUsernameTopic(String username)
Returns the "Username" topic for the specified username. |
private Topic |
getUsernameTopicOrThrow(String username)
|
String |
getWorkspaceOwner(long workspaceId)
Returns the owner of a workspace. |
private boolean |
hasPermission(String username,
Operation operation,
long objectId)
Checks if a user is permitted to perform an operation on an object (topic or association). |
private String |
info(DeepaMehtaObject object)
|
private String |
info(javax.servlet.http.HttpServletRequest request)
|
private String |
info(javax.servlet.http.HttpSession session)
|
void |
init()
|
private boolean |
inRequestScope()
|
private boolean |
isLoginRequired(javax.servlet.http.HttpServletRequest request)
|
boolean |
isMember(String username,
long workspaceId)
Checks if a user is a member of the given workspace. |
private boolean |
isMembership(AssociationModel assoc)
|
void |
login()
Checks weather the credentials in the authorization string match an existing User Account, and if so, creates an HTTP session. |
void |
logout()
Logs the user out. |
void |
postCreateAssociation(Association assoc)
|
void |
postCreateTopic(Topic topic)
|
void |
postUpdateAssociation(Association assoc,
AssociationModel oldModel)
|
void |
postUpdateTopic(Topic topic,
TopicModel newModel,
TopicModel oldModel)
|
void |
preGetAssociation(long assocId)
|
void |
preGetTopic(long topicId)
|
private void |
requestFilter(javax.servlet.http.HttpServletRequest request)
|
void |
resourceRequestFilter(javax.servlet.http.HttpServletRequest servletRequest)
|
void |
serviceRequestFilter(com.sun.jersey.spi.container.ContainerRequest containerRequest)
|
private void |
setCreator(DeepaMehtaObject object,
String username)
Sets the creator of a topic or an association. |
private void |
setCreatorAndModifier(DeepaMehtaObject object)
Sets the logged in user as the creator/modifier of the given object. |
private void |
setCreatorAndModifier(DeepaMehtaObject object,
String username)
|
private void |
setModifier(DeepaMehtaObject object)
|
private void |
setModifier(DeepaMehtaObject object,
String username)
|
private void |
setWorkspaceOwner(Topic workspace)
|
void |
setWorkspaceOwner(Topic workspace,
String username)
Sets the owner of a workspace. |
private void |
throw401Unauthorized()
|
private void |
throw403Forbidden()
|
private boolean |
tryLogin(Credentials cred,
javax.servlet.http.HttpServletRequest request)
Checks weather the credentials are valid and if so logs the user in. |
private String |
userInfo(String username)
|
private String |
username(javax.servlet.http.HttpSession session)
|
Methods inherited from class de.deepamehta.core.osgi.PluginActivator |
---|
getBundleContext, getPluginName, getStaticResource, getUri, publishDirectory, serviceArrived, serviceGone, setCoreService, shutdown, start, stop, toString |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
Field Detail |
---|
private static final boolean READ_REQUIRES_LOGIN
private static final boolean WRITE_REQUIRES_LOGIN
private static final String SUBNET_FILTER
private static final String AUTHENTICATION_REALM
private static final String MEMBERSHIP_TYPE
private static String PROP_CREATOR
private static String PROP_OWNER
private static String PROP_MODIFIER
private static DeepaMehtaEvent POST_LOGIN_USER
private static DeepaMehtaEvent POST_LOGOUT_USER
private WorkspacesService wsService
@Context private javax.servlet.http.HttpServletRequest request
private Logger logger
Constructor Detail |
---|
public AccessControlPlugin()
Method Detail |
---|
public void login()
AccessControlService
login
in interface AccessControlService
public void logout()
AccessControlService
logout
in interface AccessControlService
public String getUsername()
AccessControlService
getUsername
in interface AccessControlService
null
if no user is logged in.public Topic createUserAccount(Credentials cred)
createUserAccount
in interface AccessControlService
public Topic getPrivateWorkspace()
AccessControlService
Note: a user can have more than one private workspace. The workspace returned by this method is the one that holds the user's password topic.
getPrivateWorkspace
in interface AccessControlService
public Topic getUsernameTopic(String username)
AccessControlService
getUsernameTopic
in interface AccessControlService
dm4.accesscontrol.username
),
or null
if no such username exists.public String getWorkspaceOwner(long workspaceId)
AccessControlService
getWorkspaceOwner
in interface AccessControlService
null
if no owner is set.
### TODO: should throw an exception instead of returning nullpublic void setWorkspaceOwner(Topic workspace, String username)
AccessControlService
setWorkspaceOwner
in interface AccessControlService
public void createMembership(String username, long workspaceId)
createMembership
in interface AccessControlService
public boolean isMember(String username, long workspaceId)
AccessControlService
isMember
in interface AccessControlService
username
- the user.
If null
is passed, false
is returned.
If an unknown username is passed an exception is thrown.workspaceId
- the workspace.
true
if the user is a member, false
otherwise.public Permissions getTopicPermissions(long topicId)
getTopicPermissions
in interface AccessControlService
dm4.accesscontrol.operation.write
.public Permissions getAssociationPermissions(long assocId)
getAssociationPermissions
in interface AccessControlService
dm4.accesscontrol.operation.write
.public String getCreator(long objectId)
AccessControlService
getCreator
in interface AccessControlService
null
if no creator is set.public String getModifier(long objectId)
AccessControlService
getModifier
in interface AccessControlService
null
if no modifier is set.public Collection<Topic> getTopicsByCreator(String username)
getTopicsByCreator
in interface AccessControlService
public Collection<Topic> getTopicsByOwner(String username)
getTopicsByOwner
in interface AccessControlService
public Collection<Association> getAssociationsByCreator(String username)
getAssociationsByCreator
in interface AccessControlService
public Collection<Association> getAssociationsByOwner(String username)
getAssociationsByOwner
in interface AccessControlService
public void init()
init
in interface PluginContext
init
in class PluginActivator
public void preGetTopic(long topicId)
preGetTopic
in interface PreGetTopicListener
public void preGetAssociation(long assocId)
preGetAssociation
in interface PreGetAssociationListener
public void postCreateTopic(Topic topic)
postCreateTopic
in interface PostCreateTopicListener
public void postCreateAssociation(Association assoc)
postCreateAssociation
in interface PostCreateAssociationListener
public void postUpdateTopic(Topic topic, TopicModel newModel, TopicModel oldModel)
postUpdateTopic
in interface PostUpdateTopicListener
public void postUpdateAssociation(Association assoc, AssociationModel oldModel)
postUpdateAssociation
in interface PostUpdateAssociationListener
public void serviceRequestFilter(com.sun.jersey.spi.container.ContainerRequest containerRequest)
serviceRequestFilter
in interface ServiceRequestFilterListener
public void resourceRequestFilter(javax.servlet.http.HttpServletRequest servletRequest)
resourceRequestFilter
in interface ResourceRequestFilterListener
private Topic getUserAccount(Topic usernameTopic)
private Topic getPasswordTopic(Topic userAccount)
private Topic getUsernameTopicOrThrow(String username)
private boolean isMembership(AssociationModel assoc)
private void assignSearchTopic(Topic searchTopic)
private void requestFilter(javax.servlet.http.HttpServletRequest request)
private void checkRequestOrigin(javax.servlet.http.HttpServletRequest request)
private void checkAuthorization(javax.servlet.http.HttpServletRequest request)
private boolean isLoginRequired(javax.servlet.http.HttpServletRequest request)
private boolean tryLogin(Credentials cred, javax.servlet.http.HttpServletRequest request)
private boolean checkCredentials(Credentials cred)
private void _login(String username, javax.servlet.http.HttpServletRequest request)
private void _logout(javax.servlet.http.HttpServletRequest request)
private String username(javax.servlet.http.HttpSession session)
private void throw401Unauthorized()
private void throw403Forbidden()
private void setCreatorAndModifier(DeepaMehtaObject object)
If no user is logged in, nothing is performed.
private void setCreatorAndModifier(DeepaMehtaObject object, String username)
username
- must not be null.private void setCreator(DeepaMehtaObject object, String username)
private void setModifier(DeepaMehtaObject object)
private void setModifier(DeepaMehtaObject object, String username)
private void setWorkspaceOwner(Topic workspace)
private void checkReadPermission(long objectId)
objectId
- a topic ID, or an association IDprivate Permissions getPermissions(long objectId)
objectId
- a topic ID, or an association ID.private boolean hasPermission(String username, Operation operation, long objectId)
username
- the logged in user, or null
if no user is logged in.objectId
- a topic ID, or an association ID.
true
if permission is granted, false
otherwise.private boolean inRequestScope()
private String info(DeepaMehtaObject object)
private String userInfo(String username)
private String info(javax.servlet.http.HttpSession session)
private String info(javax.servlet.http.HttpServletRequest request)
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |