systems.dmx.accesscontrol

Class AccessControlPlugin

Show UML class diagram

java.lang.Object

systems.dmx.core.osgi.PluginActivator

systems.dmx.accesscontrol.AccessControlPlugin

All Implemented Interfaces:

org.osgi.framework.BundleActivator, AccessControlService, ConfigCustomizer, PluginContext, CheckAssociationReadAccessListener, CheckAssociationWriteAccessListener, CheckTopicReadAccessListener, CheckTopicWriteAccessListener, PostCreateAssociationListener, PostCreateTopicListener, PostUpdateAssociationListener, PostUpdateTopicListener, PreCreateTopicListener, PreUpdateTopicListener, ServiceRequestFilterListener, StaticResourceFilterListener, EventListener, CheckDiskQuotaListener

public class AccessControlPlugin
extends PluginActivator
implements AccessControlService, ConfigCustomizer, CheckTopicReadAccessListener, CheckTopicWriteAccessListener, CheckAssociationReadAccessListener, CheckAssociationWriteAccessListener, PreCreateTopicListener, PreUpdateTopicListener, PostCreateTopicListener, PostCreateAssociationListener, PostUpdateTopicListener, PostUpdateAssociationListener, ServiceRequestFilterListener, StaticResourceFilterListener, CheckDiskQuotaListener

Field Summary

Fields

Modifier and Type	Field and Description
private static AnonymousAccessFilter	accessFilter
private static String	ANONYMOUS_READ_ALLOWED
private static String	ANONYMOUS_WRITE_ALLOWED
private static String	AUTHENTICATION_REALM
private Map<String,AuthorizationMethod>	authorizationMethods
private ConfigService	configService
private FilesService	filesService
private static boolean	IS_PUBLIC_INSTALLATION
private static Logger	logger
private static String	LOGIN_ENABLED_TYPE
private static String	MEMBERSHIP_TYPE
private static boolean	NEW_ACCOUNTS_ARE_ENABLED
private static DMXEvent	POST_LOGIN_USER
private static DMXEvent	POST_LOGOUT_USER
private static String	PROP_CREATOR
private static String	PROP_MODIFIER
private static String	PROP_OWNER
private javax.servlet.http.HttpServletRequest	request
private static String	SUBNET_FILTER
private WorkspacesService	wsService

Fields inherited from class systems.dmx.core.osgi.PluginActivator

bundle, dmx, mf

Fields inherited from interface systems.dmx.accesscontrol.AccessControlService

ADMIN_INITIAL_PASSWORD, ADMIN_USERNAME, ADMINISTRATION_WORKSPACE_NAME, ADMINISTRATION_WORKSPACE_SHARING_MODE, ADMINISTRATION_WORKSPACE_URI, DEFAULT_PRIVATE_WORKSPACE_NAME, SYSTEM_WORKSPACE_NAME, SYSTEM_WORKSPACE_SHARING_MODE, SYSTEM_WORKSPACE_URI

Constructor Summary

Constructors

Constructor and Description
AccessControlPlugin()

Method Summary

Modifier and Type	Method and Description
private void	_login(String username, javax.servlet.http.HttpServletRequest request)
private void	_logout(javax.servlet.http.HttpServletRequest request)
private void	assignMembership(Association assoc)
private void	assignSearchTopic(Topic searchTopic)
private void	checkAccess(Operation operation, long objectId)
void	checkAssociationReadAccess(long assocId)
void	checkAssociationWriteAccess(long assocId)
private void	checkAuthorization(javax.servlet.http.HttpServletRequest request)
private Topic	checkCredentials(Credentials cred, AuthorizationMethod am)
void	checkDiskQuota(String username, long fileSize, long diskQuota)
private void	checkReadAccess(long objectId)
private void	checkRequestOrigin(javax.servlet.http.HttpServletRequest request)
void	checkTopicReadAccess(long topicId)
void	checkTopicWriteAccess(long topicId)
private void	checkWriteAccess(long objectId)
void	createMembership(String username, long workspaceId)
Topic	createUserAccount(Credentials cred)
Topic	createUsername(String username) Creates a Username topic and a private workspace.
Permissions	getAssociationPermissions(long assocId)
Collection<Association>	getAssociationsByCreator(String username)
Collection<Association>	getAssociationsByOwner(String username)
private AuthorizationMethod	getAuthorizationMethod(Credentials cred)
private AuthorizationMethod	getAuthorizationMethod(String name)
Set<String>	getAuthorizationMethods()
TopicModel	getConfigValue(Topic topic)
String	getCreator(long objectId) Returns the creator of a topic or an association.
private boolean	getLoginEnabled(Topic usernameTopic)
String	getModifier(long objectId) Returns the modifier of a topic or an association.
private long	getOccupiedSpace(String username)
private Permissions	getPermissions(long objectId)
Topic	getPrivateWorkspace() Returns the private workspace of the logged in user.
Permissions	getTopicPermissions(long topicId)
Collection<Topic>	getTopicsByCreator(String username)
Collection<Topic>	getTopicsByOwner(String username)
String	getUsername() Returns the username of the logged in user.
Topic	getUsernameTopic() Returns the "Username" topic of the logged in user.
Topic	getUsernameTopic(String username) Returns the "Username" topic for the specified username.
private Topic	getUsernameTopicOrThrow(String username)
String	getWorkspaceOwner(long workspaceId) Returns the owner of a workspace.
private boolean	hasPermission(String username, Operation operation, long objectId) Checks if a user is permitted to perform an operation on an object (topic or association).
private String	info(DMXObject object)
private String	info(javax.servlet.http.HttpServletRequest request)
private String	info(javax.servlet.http.HttpSession session)
private boolean	inRequestScope()
boolean	isMember(String username, long workspaceId) Checks if a user is a member of the given workspace.
private boolean	isMembership(AssociationModel assoc)
void	login() Checks weather the credentials in the authorization string match an existing User Account, and if so, creates an HTTP session.
void	logout() Logs the user out.
void	postCreateAssociation(Association assoc)
void	postCreateTopic(Topic topic)
void	postUpdateAssociation(Association assoc, AssociationModel updateModel, AssociationModel oldAssoc)
void	postUpdateTopic(Topic topic, TopicModel updateModel, TopicModel oldTopic)
void	preCreateTopic(TopicModel model)
void	preInstall()
void	preUpdateTopic(Topic topic, TopicModel updateModel)
void	registerAuthorizationMethod(String name, AuthorizationMethod am)
private void	requestFilter(javax.servlet.http.HttpServletRequest request)
void	serviceRequestFilter(com.sun.jersey.spi.container.ContainerRequest containerRequest)
private void	setCreator(DMXObject object, String username) Sets the creator of a topic or an association.
private void	setCreatorAndModifier(DMXObject object) Sets the logged in user as the creator/modifier of the given object.
private void	setCreatorAndModifier(DMXObject object, String username)
private void	setModifier(DMXObject object)
private void	setModifier(DMXObject object, String username)
private void	setWorkspaceOwner(Topic workspace)
void	setWorkspaceOwner(Topic workspace, String username) Sets the owner of a workspace.
void	shutdown()
void	staticResourceFilter(javax.servlet.http.HttpServletRequest servletRequest, javax.servlet.http.HttpServletResponse servletResponse)
private void	throw401Unauthorized(boolean showBrowserLoginDialog)
private void	throw403Forbidden()
private boolean	tryLogin(Credentials cred, AuthorizationMethod am, javax.servlet.http.HttpServletRequest request) Checks weather the credentials are valid and if the user account is enabled, and if both checks are positive logs the user in.
void	unregisterAuthorizationMethod(String name)
private String	userInfo(String username)
private String	username(javax.servlet.http.HttpSession session)

Methods inherited from class systems.dmx.core.osgi.PluginActivator

getBundleContext, getPluginName, getStaticResource, getUri, init, publishFileSystem, serviceArrived, serviceGone, setCoreService, start, stop, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

ANONYMOUS_READ_ALLOWED

private static final String ANONYMOUS_READ_ALLOWED

ANONYMOUS_WRITE_ALLOWED

private static final String ANONYMOUS_WRITE_ALLOWED

accessFilter

private static final AnonymousAccessFilter accessFilter

SUBNET_FILTER

private static final String SUBNET_FILTER

NEW_ACCOUNTS_ARE_ENABLED

private static final boolean NEW_ACCOUNTS_ARE_ENABLED

IS_PUBLIC_INSTALLATION

private static final boolean IS_PUBLIC_INSTALLATION

AUTHENTICATION_REALM

private static final String AUTHENTICATION_REALM

See Also:

Constant Field Values

LOGIN_ENABLED_TYPE

private static final String LOGIN_ENABLED_TYPE

See Also:

Constant Field Values

MEMBERSHIP_TYPE

private static final String MEMBERSHIP_TYPE

See Also:

Constant Field Values

PROP_CREATOR

private static final String PROP_CREATOR

See Also:

Constant Field Values

PROP_OWNER

private static final String PROP_OWNER

See Also:

Constant Field Values

PROP_MODIFIER

private static final String PROP_MODIFIER

See Also:

Constant Field Values

POST_LOGIN_USER

private static DMXEvent POST_LOGIN_USER

POST_LOGOUT_USER

private static DMXEvent POST_LOGOUT_USER

wsService

private WorkspacesService wsService

filesService

private FilesService filesService

configService

private ConfigService configService

request

@Context
private javax.servlet.http.HttpServletRequest request

authorizationMethods

private Map<String,AuthorizationMethod> authorizationMethods

logger

private static Logger logger

Constructor Detail

AccessControlPlugin

public AccessControlPlugin()

Method Detail

login

public void login()

Description copied from interface: AccessControlService

Checks weather the credentials in the authorization string match an existing User Account, and if so, creates an HTTP session. ### FIXDOC

Specified by:

login in interface AccessControlService

logout

public void logout()

Description copied from interface: AccessControlService

Logs the user out. That is invalidating the session associated with the JSESSION ID cookie. For a "non-private" DM installation the response is 204 No Content. For a "private" DM installation the response is 401 Authorization Required. In this case the webclient is supposed to shutdown the DM GUI then. The webclient of a "private" DM installation must only be visible/usable when logged in.

Specified by:

logout in interface AccessControlService

getUsername

public String getUsername()

Description copied from interface: AccessControlService

Returns the username of the logged in user.

Specified by:

getUsername in interface AccessControlService

Returns:

The username, or null if no user is logged in.

getUsernameTopic

public Topic getUsernameTopic()

Description copied from interface: AccessControlService

Returns the "Username" topic of the logged in user.

Specified by:

getUsernameTopic in interface AccessControlService

Returns:

The "Username" topic (type dmx.accesscontrol.username), or null if no user is logged in.

getPrivateWorkspace

public Topic getPrivateWorkspace()

Description copied from interface: AccessControlService

Returns the private workspace of the logged in user.

Note: a user can have more than one private workspace. This method returns only the first one.

Specified by:

getPrivateWorkspace in interface AccessControlService

Returns:

IllegalStateException if no user is logged in.

createUserAccount

public Topic createUserAccount(Credentials cred)

Specified by:

createUserAccount in interface AccessControlService

Returns:

The "Username" topic of the created user account.

createUsername

public Topic createUsername(String username)

Description copied from interface: AccessControlService

Creates a Username topic and a private workspace.

Specified by:

createUsername in interface AccessControlService

Returns:

created "Username" topic.

getUsernameTopic

public Topic getUsernameTopic(String username)

Description copied from interface: AccessControlService

Returns the "Username" topic for the specified username.

Specified by:

getUsernameTopic in interface AccessControlService

Parameters:

username - a username. Must not be null.

Returns:

The "Username" topic (type dmx.accesscontrol.username), or null if no such username exists.

getWorkspaceOwner

public String getWorkspaceOwner(long workspaceId)

Description copied from interface: AccessControlService

Returns the owner of a workspace.

Specified by:

getWorkspaceOwner in interface AccessControlService

Returns:

The username of the owner, or null if no owner is set. ### TODO: should throw an exception instead of returning null

setWorkspaceOwner

public void setWorkspaceOwner(Topic workspace,
                              String username)

Description copied from interface: AccessControlService

Sets the owner of a workspace. ### TODO: should take an ID instead a topic. ### Core service must be extended with a property setter.

Specified by:

setWorkspaceOwner in interface AccessControlService

createMembership

public void createMembership(String username,
                             long workspaceId)

Specified by:

createMembership in interface AccessControlService

isMember

public boolean isMember(String username,
                        long workspaceId)

Description copied from interface: AccessControlService

Checks if a user is a member of the given workspace.

Specified by:

isMember in interface AccessControlService

Parameters:

username - the user. If null is passed, false is returned. If an unknown username is passed an exception is thrown.

workspaceId - the workspace.

Returns:

true if the user is a member, false otherwise.

getTopicPermissions

public Permissions getTopicPermissions(long topicId)

Specified by:

getTopicPermissions in interface AccessControlService

Returns:

A Permissions object with one entry: dmx.accesscontrol.operation.write.

getAssociationPermissions

public Permissions getAssociationPermissions(long assocId)

Specified by:

getAssociationPermissions in interface AccessControlService

Returns:

A Permissions object with one entry: dmx.accesscontrol.operation.write.

getCreator

public String getCreator(long objectId)

Description copied from interface: AccessControlService

Returns the creator of a topic or an association.

Specified by:

getCreator in interface AccessControlService

Returns:

The username of the creator, or null if no creator is set.

getModifier

public String getModifier(long objectId)

Description copied from interface: AccessControlService

Returns the modifier of a topic or an association.

Specified by:

getModifier in interface AccessControlService

Returns:

The username of the modifier, or null if no modifier is set.

getTopicsByCreator

public Collection<Topic> getTopicsByCreator(String username)

Specified by:

getTopicsByCreator in interface AccessControlService

getTopicsByOwner

public Collection<Topic> getTopicsByOwner(String username)

Specified by:

getTopicsByOwner in interface AccessControlService

getAssociationsByCreator

public Collection<Association> getAssociationsByCreator(String username)

Specified by:

getAssociationsByCreator in interface AccessControlService

getAssociationsByOwner

public Collection<Association> getAssociationsByOwner(String username)

Specified by:

getAssociationsByOwner in interface AccessControlService

registerAuthorizationMethod

public void registerAuthorizationMethod(String name,
                                        AuthorizationMethod am)

Specified by:

registerAuthorizationMethod in interface AccessControlService

unregisterAuthorizationMethod

public void unregisterAuthorizationMethod(String name)

Specified by:

unregisterAuthorizationMethod in interface AccessControlService

getAuthorizationMethods

public Set<String> getAuthorizationMethods()

Specified by:

getAuthorizationMethods in interface AccessControlService

preInstall

public void preInstall()

Specified by:

preInstall in interface PluginContext

Overrides:

preInstall in class PluginActivator

shutdown

public void shutdown()

Specified by:

shutdown in interface PluginContext

Overrides:

shutdown in class PluginActivator

getConfigValue

public TopicModel getConfigValue(Topic topic)

Specified by:

getConfigValue in interface ConfigCustomizer

checkTopicReadAccess

public void checkTopicReadAccess(long topicId)

Specified by:

checkTopicReadAccess in interface CheckTopicReadAccessListener

checkTopicWriteAccess

public void checkTopicWriteAccess(long topicId)

Specified by:

checkTopicWriteAccess in interface CheckTopicWriteAccessListener

checkAssociationReadAccess

public void checkAssociationReadAccess(long assocId)

Specified by:

checkAssociationReadAccess in interface CheckAssociationReadAccessListener

checkAssociationWriteAccess

public void checkAssociationWriteAccess(long assocId)

Specified by:

checkAssociationWriteAccess in interface CheckAssociationWriteAccessListener

preCreateTopic

public void preCreateTopic(TopicModel model)

Specified by:

preCreateTopic in interface PreCreateTopicListener

postCreateTopic

public void postCreateTopic(Topic topic)

Specified by:

postCreateTopic in interface PostCreateTopicListener

postCreateAssociation

public void postCreateAssociation(Association assoc)

Specified by:

postCreateAssociation in interface PostCreateAssociationListener

preUpdateTopic

public void preUpdateTopic(Topic topic,
                           TopicModel updateModel)

Specified by:

preUpdateTopic in interface PreUpdateTopicListener

postUpdateTopic

public void postUpdateTopic(Topic topic,
                            TopicModel updateModel,
                            TopicModel oldTopic)

Specified by:

postUpdateTopic in interface PostUpdateTopicListener

postUpdateAssociation

public void postUpdateAssociation(Association assoc,
                                  AssociationModel updateModel,
                                  AssociationModel oldAssoc)

Specified by:

postUpdateAssociation in interface PostUpdateAssociationListener

serviceRequestFilter

public void serviceRequestFilter(com.sun.jersey.spi.container.ContainerRequest containerRequest)

Specified by:

serviceRequestFilter in interface ServiceRequestFilterListener

staticResourceFilter

public void staticResourceFilter(javax.servlet.http.HttpServletRequest servletRequest,
                                 javax.servlet.http.HttpServletResponse servletResponse)

Specified by:

staticResourceFilter in interface StaticResourceFilterListener

checkDiskQuota

public void checkDiskQuota(String username,
                           long fileSize,
                           long diskQuota)

Specified by:

checkDiskQuota in interface CheckDiskQuotaListener

getUsernameTopicOrThrow

private Topic getUsernameTopicOrThrow(String username)

isMembership

private boolean isMembership(AssociationModel assoc)

assignMembership

private void assignMembership(Association assoc)

assignSearchTopic

private void assignSearchTopic(Topic searchTopic)

getOccupiedSpace

private long getOccupiedSpace(String username)

requestFilter

private void requestFilter(javax.servlet.http.HttpServletRequest request)

checkRequestOrigin

private void checkRequestOrigin(javax.servlet.http.HttpServletRequest request)

checkAuthorization

private void checkAuthorization(javax.servlet.http.HttpServletRequest request)

getAuthorizationMethod

private AuthorizationMethod getAuthorizationMethod(Credentials cred)

getAuthorizationMethod

private AuthorizationMethod getAuthorizationMethod(String name)

tryLogin

private boolean tryLogin(Credentials cred,
                         AuthorizationMethod am,
                         javax.servlet.http.HttpServletRequest request)

Checks weather the credentials are valid and if the user account is enabled, and if both checks are positive logs the user in.

Returns:

true if the user has logged in.

checkCredentials

private Topic checkCredentials(Credentials cred,
                               AuthorizationMethod am)

getLoginEnabled

private boolean getLoginEnabled(Topic usernameTopic)

_login

private void _login(String username,
                    javax.servlet.http.HttpServletRequest request)

_logout

private void _logout(javax.servlet.http.HttpServletRequest request)

username

private String username(javax.servlet.http.HttpSession session)

throw401Unauthorized

private void throw401Unauthorized(boolean showBrowserLoginDialog)

throw403Forbidden

private void throw403Forbidden()

setCreatorAndModifier

private void setCreatorAndModifier(DMXObject object)

Sets the logged in user as the creator/modifier of the given object.

If no user is logged in, nothing is performed.

setCreatorAndModifier

private void setCreatorAndModifier(DMXObject object,
                                   String username)

Parameters:

username - must not be null.

setCreator

private void setCreator(DMXObject object,
                        String username)

Sets the creator of a topic or an association.

setModifier

private void setModifier(DMXObject object)

setModifier

private void setModifier(DMXObject object,
                         String username)

setWorkspaceOwner

private void setWorkspaceOwner(Topic workspace)

checkReadAccess

private void checkReadAccess(long objectId)

Parameters:

objectId - a topic ID, or an association ID

checkWriteAccess

private void checkWriteAccess(long objectId)

Parameters:

objectId - a topic ID, or an association ID

checkAccess

private void checkAccess(Operation operation,
                         long objectId)

Parameters:

objectId - a topic ID, or an association ID

getPermissions

private Permissions getPermissions(long objectId)

Parameters:

objectId - a topic ID, or an association ID.

hasPermission

private boolean hasPermission(String username,
                              Operation operation,
                              long objectId)

Checks if a user is permitted to perform an operation on an object (topic or association).

Parameters:

username - the logged in user, or null if no user is logged in.

objectId - a topic ID, or an association ID.

Returns:

true if permission is granted, false otherwise.

inRequestScope

private boolean inRequestScope()

info

private String info(DMXObject object)

userInfo

private String userInfo(String username)

info

private String info(javax.servlet.http.HttpSession session)

info

private String info(javax.servlet.http.HttpServletRequest request)