public class AccessControlPlugin extends PluginActivator implements AccessControlService, ConfigCustomizer, PreCreateTopicListener, PreUpdateTopicListener, PreGetTopicListener, PreGetAssociationListener, PostCreateTopicListener, PostCreateAssociationListener, PostUpdateTopicListener, PostUpdateAssociationListener, ServiceRequestFilterListener, ResourceRequestFilterListener, CheckDiskQuotaListener
Modifier and Type | Field and Description |
---|---|
private static String |
ANONYMOUS_READ_ALLOWED |
private static String |
ANONYMOUS_WRITE_ALLOWED |
private static String |
AUTHENTICATION_REALM |
private ConfigService |
configService |
private FilesService |
filesService |
private static boolean |
IS_PUBLIC_INSTALLATION |
private static Logger |
logger |
private static String |
LOGIN_ENABLED_TYPE |
private static String |
MEMBERSHIP_TYPE |
private static boolean |
NEW_ACCOUNTS_ARE_ENABLED |
private static DeepaMehtaEvent |
POST_LOGIN_USER |
private static DeepaMehtaEvent |
POST_LOGOUT_USER |
private static String |
PROP_CREATOR |
private static String |
PROP_MODIFIER |
private static String |
PROP_OWNER |
private javax.servlet.http.HttpServletRequest |
request |
private static GlobalRequestFilter |
requestFilter |
private static String |
SUBNET_FILTER |
private WorkspacesService |
wsService |
bundle, dm4, mf
ADMIN_INITIAL_PASSWORD, ADMIN_USERNAME, ADMINISTRATION_WORKSPACE_NAME, ADMINISTRATION_WORKSPACE_SHARING_MODE, ADMINISTRATION_WORKSPACE_URI, DEFAULT_PRIVATE_WORKSPACE_NAME, SYSTEM_WORKSPACE_NAME, SYSTEM_WORKSPACE_SHARING_MODE, SYSTEM_WORKSPACE_URI
Constructor and Description |
---|
AccessControlPlugin() |
Modifier and Type | Method and Description |
---|---|
private void |
_login(String username,
javax.servlet.http.HttpServletRequest request) |
private void |
_logout(javax.servlet.http.HttpServletRequest request) |
private void |
assignSearchTopic(Topic searchTopic) |
private void |
checkAuthorization(javax.servlet.http.HttpServletRequest request) |
private Topic |
checkCredentials(Credentials cred) |
void |
checkDiskQuota(String username,
long fileSize,
long diskQuota) |
private void |
checkReadPermission(long objectId) |
private void |
checkRequestOrigin(javax.servlet.http.HttpServletRequest request) |
void |
createMembership(String username,
long workspaceId) |
Topic |
createUserAccount(Credentials cred) |
Permissions |
getAssociationPermissions(long assocId) |
Collection<Association> |
getAssociationsByCreator(String username) |
Collection<Association> |
getAssociationsByOwner(String username) |
TopicModel |
getConfigValue(Topic topic) |
String |
getCreator(long objectId)
Returns the creator of a topic or an association.
|
private boolean |
getLoginEnabled(Topic usernameTopic) |
String |
getModifier(long objectId)
Returns the modifier of a topic or an association.
|
private long |
getOccupiedSpace(String username) |
private Permissions |
getPermissions(long objectId) |
Topic |
getPrivateWorkspace()
Returns the private workspace of the logged in user.
|
Permissions |
getTopicPermissions(long topicId) |
Collection<Topic> |
getTopicsByCreator(String username) |
Collection<Topic> |
getTopicsByOwner(String username) |
String |
getUsername()
Returns the username of the logged in user.
|
Topic |
getUsernameTopic()
Returns the "Username" topic of the logged in user.
|
Topic |
getUsernameTopic(String username)
Returns the "Username" topic for the specified username.
|
private Topic |
getUsernameTopicOrThrow(String username) |
String |
getWorkspaceOwner(long workspaceId)
Returns the owner of a workspace.
|
private boolean |
hasPermission(String username,
Operation operation,
long objectId)
Checks if a user is permitted to perform an operation on an object (topic or association).
|
private String |
info(DeepaMehtaObject object) |
private String |
info(javax.servlet.http.HttpServletRequest request) |
private String |
info(javax.servlet.http.HttpSession session) |
private boolean |
inRequestScope() |
boolean |
isMember(String username,
long workspaceId)
Checks if a user is a member of the given workspace.
|
private boolean |
isMembership(AssociationModel assoc) |
void |
login()
Checks weather the credentials in the authorization string match an existing User Account,
and if so, creates an HTTP session.
|
void |
logout()
Logs the user out.
|
void |
postCreateAssociation(Association assoc) |
void |
postCreateTopic(Topic topic) |
void |
postUpdateAssociation(Association assoc,
AssociationModel newModel,
AssociationModel oldModel) |
void |
postUpdateTopic(Topic topic,
TopicModel newModel,
TopicModel oldModel) |
void |
preCreateTopic(TopicModel model) |
void |
preGetAssociation(long assocId) |
void |
preGetTopic(long topicId) |
void |
preInstall() |
void |
preUpdateTopic(Topic topic,
TopicModel newModel) |
private void |
requestFilter(javax.servlet.http.HttpServletRequest request) |
void |
resourceRequestFilter(javax.servlet.http.HttpServletRequest servletRequest) |
void |
serviceRequestFilter(com.sun.jersey.spi.container.ContainerRequest containerRequest) |
private void |
setCreator(DeepaMehtaObject object,
String username)
Sets the creator of a topic or an association.
|
private void |
setCreatorAndModifier(DeepaMehtaObject object)
Sets the logged in user as the creator/modifier of the given object.
|
private void |
setCreatorAndModifier(DeepaMehtaObject object,
String username) |
private void |
setModifier(DeepaMehtaObject object) |
private void |
setModifier(DeepaMehtaObject object,
String username) |
private void |
setWorkspaceOwner(Topic workspace) |
void |
setWorkspaceOwner(Topic workspace,
String username)
Sets the owner of a workspace.
|
void |
shutdown() |
private void |
throw401Unauthorized(boolean showBrowserLoginDialog) |
private void |
throw403Forbidden() |
private boolean |
tryLogin(Credentials cred,
javax.servlet.http.HttpServletRequest request)
Checks weather the credentials are valid and if the user account is enabled, and if both checks are positive
logs the user in.
|
private String |
userInfo(String username) |
private String |
username(javax.servlet.http.HttpSession session) |
getBundleContext, getPluginName, getStaticResource, getUri, init, publishFileSystem, serviceArrived, serviceGone, setCoreService, start, stop, toString
private static final String ANONYMOUS_READ_ALLOWED
private static final String ANONYMOUS_WRITE_ALLOWED
private static final GlobalRequestFilter requestFilter
private static final String SUBNET_FILTER
private static final boolean NEW_ACCOUNTS_ARE_ENABLED
private static final boolean IS_PUBLIC_INSTALLATION
private static final String AUTHENTICATION_REALM
private static final String LOGIN_ENABLED_TYPE
private static final String MEMBERSHIP_TYPE
private static final String PROP_CREATOR
private static final String PROP_OWNER
private static final String PROP_MODIFIER
private static DeepaMehtaEvent POST_LOGIN_USER
private static DeepaMehtaEvent POST_LOGOUT_USER
private WorkspacesService wsService
private FilesService filesService
private ConfigService configService
@Context private javax.servlet.http.HttpServletRequest request
public AccessControlPlugin()
public void login()
AccessControlService
login
in interface AccessControlService
public void logout()
AccessControlService
logout
in interface AccessControlService
public String getUsername()
AccessControlService
getUsername
in interface AccessControlService
null
if no user is logged in.public Topic getUsernameTopic()
AccessControlService
getUsernameTopic
in interface AccessControlService
dm4.accesscontrol.username
),
or null
if no user is logged in.public Topic getPrivateWorkspace()
AccessControlService
Note: a user can have more than one private workspace. The workspace returned by this method is the one that holds the user's password topic.
getPrivateWorkspace
in interface AccessControlService
public Topic createUserAccount(Credentials cred)
createUserAccount
in interface AccessControlService
public Topic getUsernameTopic(String username)
AccessControlService
getUsernameTopic
in interface AccessControlService
username
- a username. Must not be null.dm4.accesscontrol.username
),
or null
if no such username exists.public String getWorkspaceOwner(long workspaceId)
AccessControlService
getWorkspaceOwner
in interface AccessControlService
null
if no owner is set.
### TODO: should throw an exception instead of returning nullpublic void setWorkspaceOwner(Topic workspace, String username)
AccessControlService
setWorkspaceOwner
in interface AccessControlService
public void createMembership(String username, long workspaceId)
createMembership
in interface AccessControlService
public boolean isMember(String username, long workspaceId)
AccessControlService
isMember
in interface AccessControlService
username
- the user.
If null
is passed, false
is returned.
If an unknown username is passed an exception is thrown.workspaceId
- the workspace.true
if the user is a member, false
otherwise.public Permissions getTopicPermissions(long topicId)
getTopicPermissions
in interface AccessControlService
dm4.accesscontrol.operation.write
.public Permissions getAssociationPermissions(long assocId)
getAssociationPermissions
in interface AccessControlService
dm4.accesscontrol.operation.write
.public String getCreator(long objectId)
AccessControlService
getCreator
in interface AccessControlService
null
if no creator is set.public String getModifier(long objectId)
AccessControlService
getModifier
in interface AccessControlService
null
if no modifier is set.public Collection<Topic> getTopicsByCreator(String username)
getTopicsByCreator
in interface AccessControlService
public Collection<Topic> getTopicsByOwner(String username)
getTopicsByOwner
in interface AccessControlService
public Collection<Association> getAssociationsByCreator(String username)
getAssociationsByCreator
in interface AccessControlService
public Collection<Association> getAssociationsByOwner(String username)
getAssociationsByOwner
in interface AccessControlService
public void preInstall()
preInstall
in interface PluginContext
preInstall
in class PluginActivator
public void shutdown()
shutdown
in interface PluginContext
shutdown
in class PluginActivator
public TopicModel getConfigValue(Topic topic)
getConfigValue
in interface ConfigCustomizer
public void preGetTopic(long topicId)
preGetTopic
in interface PreGetTopicListener
public void preGetAssociation(long assocId)
preGetAssociation
in interface PreGetAssociationListener
public void preCreateTopic(TopicModel model)
preCreateTopic
in interface PreCreateTopicListener
public void postCreateTopic(Topic topic)
postCreateTopic
in interface PostCreateTopicListener
public void postCreateAssociation(Association assoc)
postCreateAssociation
in interface PostCreateAssociationListener
public void preUpdateTopic(Topic topic, TopicModel newModel)
preUpdateTopic
in interface PreUpdateTopicListener
public void postUpdateTopic(Topic topic, TopicModel newModel, TopicModel oldModel)
postUpdateTopic
in interface PostUpdateTopicListener
public void postUpdateAssociation(Association assoc, AssociationModel newModel, AssociationModel oldModel)
postUpdateAssociation
in interface PostUpdateAssociationListener
public void serviceRequestFilter(com.sun.jersey.spi.container.ContainerRequest containerRequest)
serviceRequestFilter
in interface ServiceRequestFilterListener
public void resourceRequestFilter(javax.servlet.http.HttpServletRequest servletRequest)
resourceRequestFilter
in interface ResourceRequestFilterListener
public void checkDiskQuota(String username, long fileSize, long diskQuota)
checkDiskQuota
in interface CheckDiskQuotaListener
private Topic getUsernameTopicOrThrow(String username)
private boolean isMembership(AssociationModel assoc)
private void assignSearchTopic(Topic searchTopic)
private long getOccupiedSpace(String username)
private void requestFilter(javax.servlet.http.HttpServletRequest request)
private void checkRequestOrigin(javax.servlet.http.HttpServletRequest request)
private void checkAuthorization(javax.servlet.http.HttpServletRequest request)
private boolean tryLogin(Credentials cred, javax.servlet.http.HttpServletRequest request)
private Topic checkCredentials(Credentials cred)
private boolean getLoginEnabled(Topic usernameTopic)
private void _logout(javax.servlet.http.HttpServletRequest request)
private void throw401Unauthorized(boolean showBrowserLoginDialog)
private void throw403Forbidden()
private void setCreatorAndModifier(DeepaMehtaObject object)
If no user is logged in, nothing is performed.
private void setCreatorAndModifier(DeepaMehtaObject object, String username)
username
- must not be null.private void setCreator(DeepaMehtaObject object, String username)
private void setModifier(DeepaMehtaObject object)
private void setModifier(DeepaMehtaObject object, String username)
private void setWorkspaceOwner(Topic workspace)
private void checkReadPermission(long objectId)
objectId
- a topic ID, or an association IDprivate Permissions getPermissions(long objectId)
objectId
- a topic ID, or an association ID.private boolean hasPermission(String username, Operation operation, long objectId)
username
- the logged in user, or null
if no user is logged in.objectId
- a topic ID, or an association ID.true
if permission is granted, false
otherwise.private boolean inRequestScope()
private String info(DeepaMehtaObject object)
Copyright © 2016. All Rights Reserved.