public class AccessControlPlugin extends PluginActivator implements AccessControlService, ConfigCustomizer, CheckTopicReadAccessListener, CheckTopicWriteAccessListener, CheckAssociationReadAccessListener, CheckAssociationWriteAccessListener, PreCreateTopicListener, PreUpdateTopicListener, PostCreateTopicListener, PostCreateAssociationListener, PostUpdateTopicListener, PostUpdateAssociationListener, ServiceRequestFilterListener, StaticResourceFilterListener, CheckDiskQuotaListener
| Modifier and Type | Field and Description |
|---|---|
private static String |
ANONYMOUS_READ_ALLOWED |
private static String |
ANONYMOUS_WRITE_ALLOWED |
private static String |
AUTHENTICATION_REALM |
private ConfigService |
configService |
private FilesService |
filesService |
private static boolean |
IS_PUBLIC_INSTALLATION |
private static Logger |
logger |
private static String |
LOGIN_ENABLED_TYPE |
private static String |
MEMBERSHIP_TYPE |
private static boolean |
NEW_ACCOUNTS_ARE_ENABLED |
private static DeepaMehtaEvent |
POST_LOGIN_USER |
private static DeepaMehtaEvent |
POST_LOGOUT_USER |
private static String |
PROP_CREATOR |
private static String |
PROP_MODIFIER |
private static String |
PROP_OWNER |
private javax.servlet.http.HttpServletRequest |
request |
private static GlobalRequestFilter |
requestFilter |
private static String |
SUBNET_FILTER |
private WorkspacesService |
wsService |
bundle, dm4, mfADMIN_INITIAL_PASSWORD, ADMIN_USERNAME, ADMINISTRATION_WORKSPACE_NAME, ADMINISTRATION_WORKSPACE_SHARING_MODE, ADMINISTRATION_WORKSPACE_URI, DEFAULT_PRIVATE_WORKSPACE_NAME, SYSTEM_WORKSPACE_NAME, SYSTEM_WORKSPACE_SHARING_MODE, SYSTEM_WORKSPACE_URI| Constructor and Description |
|---|
AccessControlPlugin() |
| Modifier and Type | Method and Description |
|---|---|
private void |
_login(String username,
javax.servlet.http.HttpServletRequest request) |
private void |
_logout(javax.servlet.http.HttpServletRequest request) |
private void |
assignMembership(Association assoc) |
private void |
assignSearchTopic(Topic searchTopic) |
private void |
checkAccess(Operation operation,
long objectId) |
void |
checkAssociationReadAccess(long assocId) |
void |
checkAssociationWriteAccess(long assocId) |
private void |
checkAuthorization(javax.servlet.http.HttpServletRequest request) |
private Topic |
checkCredentials(Credentials cred) |
void |
checkDiskQuota(String username,
long fileSize,
long diskQuota) |
private void |
checkReadAccess(long objectId) |
private void |
checkRequestOrigin(javax.servlet.http.HttpServletRequest request) |
void |
checkTopicReadAccess(long topicId) |
void |
checkTopicWriteAccess(long topicId) |
private void |
checkWriteAccess(long objectId) |
void |
createMembership(String username,
long workspaceId) |
Topic |
createUserAccount(Credentials cred) |
Permissions |
getAssociationPermissions(long assocId) |
Collection<Association> |
getAssociationsByCreator(String username) |
Collection<Association> |
getAssociationsByOwner(String username) |
TopicModel |
getConfigValue(Topic topic) |
String |
getCreator(long objectId)
Returns the creator of a topic or an association.
|
private boolean |
getLoginEnabled(Topic usernameTopic) |
String |
getModifier(long objectId)
Returns the modifier of a topic or an association.
|
private long |
getOccupiedSpace(String username) |
private Permissions |
getPermissions(long objectId) |
Topic |
getPrivateWorkspace()
Returns the private workspace of the logged in user.
|
Permissions |
getTopicPermissions(long topicId) |
Collection<Topic> |
getTopicsByCreator(String username) |
Collection<Topic> |
getTopicsByOwner(String username) |
String |
getUsername()
Returns the username of the logged in user.
|
Topic |
getUsernameTopic()
Returns the "Username" topic of the logged in user.
|
Topic |
getUsernameTopic(String username)
Returns the "Username" topic for the specified username.
|
private Topic |
getUsernameTopicOrThrow(String username) |
String |
getWorkspaceOwner(long workspaceId)
Returns the owner of a workspace.
|
private boolean |
hasPermission(String username,
Operation operation,
long objectId)
Checks if a user is permitted to perform an operation on an object (topic or association).
|
private String |
info(DeepaMehtaObject object) |
private String |
info(javax.servlet.http.HttpServletRequest request) |
private String |
info(javax.servlet.http.HttpSession session) |
private boolean |
inRequestScope() |
boolean |
isMember(String username,
long workspaceId)
Checks if a user is a member of the given workspace.
|
private boolean |
isMembership(AssociationModel assoc) |
void |
login()
Checks weather the credentials in the authorization string match an existing User Account,
and if so, creates an HTTP session.
|
void |
logout()
Logs the user out.
|
void |
postCreateAssociation(Association assoc) |
void |
postCreateTopic(Topic topic) |
void |
postUpdateAssociation(Association assoc,
AssociationModel newModel,
AssociationModel oldModel) |
void |
postUpdateTopic(Topic topic,
TopicModel newModel,
TopicModel oldModel) |
void |
preCreateTopic(TopicModel model) |
void |
preInstall() |
void |
preUpdateTopic(Topic topic,
TopicModel newModel) |
private void |
requestFilter(javax.servlet.http.HttpServletRequest request) |
void |
serviceRequestFilter(com.sun.jersey.spi.container.ContainerRequest containerRequest) |
private void |
setCreator(DeepaMehtaObject object,
String username)
Sets the creator of a topic or an association.
|
private void |
setCreatorAndModifier(DeepaMehtaObject object)
Sets the logged in user as the creator/modifier of the given object.
|
private void |
setCreatorAndModifier(DeepaMehtaObject object,
String username) |
private void |
setModifier(DeepaMehtaObject object) |
private void |
setModifier(DeepaMehtaObject object,
String username) |
private void |
setWorkspaceOwner(Topic workspace) |
void |
setWorkspaceOwner(Topic workspace,
String username)
Sets the owner of a workspace.
|
void |
shutdown() |
void |
staticResourceFilter(javax.servlet.http.HttpServletRequest servletRequest,
javax.servlet.http.HttpServletResponse servletResponse) |
private void |
throw401Unauthorized(boolean showBrowserLoginDialog) |
private void |
throw403Forbidden() |
private boolean |
tryLogin(Credentials cred,
javax.servlet.http.HttpServletRequest request)
Checks weather the credentials are valid and if the user account is enabled, and if both checks are positive
logs the user in.
|
private String |
userInfo(String username) |
private String |
username(javax.servlet.http.HttpSession session) |
getBundleContext, getPluginName, getStaticResource, getUri, init, publishFileSystem, serviceArrived, serviceGone, setCoreService, start, stop, toStringprivate static final String ANONYMOUS_READ_ALLOWED
private static final String ANONYMOUS_WRITE_ALLOWED
private static final GlobalRequestFilter requestFilter
private static final String SUBNET_FILTER
private static final boolean NEW_ACCOUNTS_ARE_ENABLED
private static final boolean IS_PUBLIC_INSTALLATION
private static final String AUTHENTICATION_REALM
private static final String LOGIN_ENABLED_TYPE
private static final String MEMBERSHIP_TYPE
private static final String PROP_CREATOR
private static final String PROP_OWNER
private static final String PROP_MODIFIER
private static DeepaMehtaEvent POST_LOGIN_USER
private static DeepaMehtaEvent POST_LOGOUT_USER
private WorkspacesService wsService
private FilesService filesService
private ConfigService configService
@Context private javax.servlet.http.HttpServletRequest request
public AccessControlPlugin()
public void login()
AccessControlServicelogin in interface AccessControlServicepublic void logout()
AccessControlServicelogout in interface AccessControlServicepublic String getUsername()
AccessControlServicegetUsername in interface AccessControlServicenull if no user is logged in.public Topic getUsernameTopic()
AccessControlServicegetUsernameTopic in interface AccessControlServicedm4.accesscontrol.username),
or null if no user is logged in.public Topic getPrivateWorkspace()
AccessControlServiceNote: a user can have more than one private workspace. The workspace returned by this method is the one that holds the user's password topic.
getPrivateWorkspace in interface AccessControlServicepublic Topic createUserAccount(Credentials cred)
createUserAccount in interface AccessControlServicepublic Topic getUsernameTopic(String username)
AccessControlServicegetUsernameTopic in interface AccessControlServiceusername - a username. Must not be null.dm4.accesscontrol.username),
or null if no such username exists.public String getWorkspaceOwner(long workspaceId)
AccessControlServicegetWorkspaceOwner in interface AccessControlServicenull if no owner is set.
### TODO: should throw an exception instead of returning nullpublic void setWorkspaceOwner(Topic workspace, String username)
AccessControlServicesetWorkspaceOwner in interface AccessControlServicepublic void createMembership(String username, long workspaceId)
createMembership in interface AccessControlServicepublic boolean isMember(String username, long workspaceId)
AccessControlServiceisMember in interface AccessControlServiceusername - the user.
If null is passed, false is returned.
If an unknown username is passed an exception is thrown.workspaceId - the workspace.true if the user is a member, false otherwise.public Permissions getTopicPermissions(long topicId)
getTopicPermissions in interface AccessControlServicedm4.accesscontrol.operation.write.public Permissions getAssociationPermissions(long assocId)
getAssociationPermissions in interface AccessControlServicedm4.accesscontrol.operation.write.public String getCreator(long objectId)
AccessControlServicegetCreator in interface AccessControlServicenull if no creator is set.public String getModifier(long objectId)
AccessControlServicegetModifier in interface AccessControlServicenull if no modifier is set.public Collection<Topic> getTopicsByCreator(String username)
getTopicsByCreator in interface AccessControlServicepublic Collection<Topic> getTopicsByOwner(String username)
getTopicsByOwner in interface AccessControlServicepublic Collection<Association> getAssociationsByCreator(String username)
getAssociationsByCreator in interface AccessControlServicepublic Collection<Association> getAssociationsByOwner(String username)
getAssociationsByOwner in interface AccessControlServicepublic void preInstall()
preInstall in interface PluginContextpreInstall in class PluginActivatorpublic void shutdown()
shutdown in interface PluginContextshutdown in class PluginActivatorpublic TopicModel getConfigValue(Topic topic)
getConfigValue in interface ConfigCustomizerpublic void checkTopicReadAccess(long topicId)
checkTopicReadAccess in interface CheckTopicReadAccessListenerpublic void checkTopicWriteAccess(long topicId)
checkTopicWriteAccess in interface CheckTopicWriteAccessListenerpublic void checkAssociationReadAccess(long assocId)
checkAssociationReadAccess in interface CheckAssociationReadAccessListenerpublic void checkAssociationWriteAccess(long assocId)
checkAssociationWriteAccess in interface CheckAssociationWriteAccessListenerpublic void preCreateTopic(TopicModel model)
preCreateTopic in interface PreCreateTopicListenerpublic void postCreateTopic(Topic topic)
postCreateTopic in interface PostCreateTopicListenerpublic void postCreateAssociation(Association assoc)
postCreateAssociation in interface PostCreateAssociationListenerpublic void preUpdateTopic(Topic topic, TopicModel newModel)
preUpdateTopic in interface PreUpdateTopicListenerpublic void postUpdateTopic(Topic topic, TopicModel newModel, TopicModel oldModel)
postUpdateTopic in interface PostUpdateTopicListenerpublic void postUpdateAssociation(Association assoc, AssociationModel newModel, AssociationModel oldModel)
postUpdateAssociation in interface PostUpdateAssociationListenerpublic void serviceRequestFilter(com.sun.jersey.spi.container.ContainerRequest containerRequest)
serviceRequestFilter in interface ServiceRequestFilterListenerpublic void staticResourceFilter(javax.servlet.http.HttpServletRequest servletRequest, javax.servlet.http.HttpServletResponse servletResponse)
staticResourceFilter in interface StaticResourceFilterListenerpublic void checkDiskQuota(String username, long fileSize, long diskQuota)
checkDiskQuota in interface CheckDiskQuotaListenerprivate Topic getUsernameTopicOrThrow(String username)
private boolean isMembership(AssociationModel assoc)
private void assignMembership(Association assoc)
private void assignSearchTopic(Topic searchTopic)
private long getOccupiedSpace(String username)
private void requestFilter(javax.servlet.http.HttpServletRequest request)
private void checkRequestOrigin(javax.servlet.http.HttpServletRequest request)
private void checkAuthorization(javax.servlet.http.HttpServletRequest request)
private boolean tryLogin(Credentials cred, javax.servlet.http.HttpServletRequest request)
private Topic checkCredentials(Credentials cred)
private boolean getLoginEnabled(Topic usernameTopic)
private void _logout(javax.servlet.http.HttpServletRequest request)
private void throw401Unauthorized(boolean showBrowserLoginDialog)
private void throw403Forbidden()
private void setCreatorAndModifier(DeepaMehtaObject object)
If no user is logged in, nothing is performed.
private void setCreatorAndModifier(DeepaMehtaObject object, String username)
username - must not be null.private void setCreator(DeepaMehtaObject object, String username)
private void setModifier(DeepaMehtaObject object)
private void setModifier(DeepaMehtaObject object, String username)
private void setWorkspaceOwner(Topic workspace)
private void checkReadAccess(long objectId)
objectId - a topic ID, or an association IDprivate void checkWriteAccess(long objectId)
objectId - a topic ID, or an association IDprivate void checkAccess(Operation operation, long objectId)
objectId - a topic ID, or an association IDprivate Permissions getPermissions(long objectId)
objectId - a topic ID, or an association ID.private boolean hasPermission(String username, Operation operation, long objectId)
username - the logged in user, or null if no user is logged in.objectId - a topic ID, or an association ID.true if permission is granted, false otherwise.private boolean inRequestScope()
private String info(DeepaMehtaObject object)
Copyright © 2016. All Rights Reserved.