gvsig-tools / org.gvsig.tools / library / trunk / org.gvsig.tools / org.gvsig.tools.lib / src / main / java / org / gvsig / tools / identitymanagement / spi / GenericRule.java @ 2590
History | View | Annotate | Download (6.89 KB)
| 1 |
package org.gvsig.tools.identitymanagement.spi; |
|---|---|
| 2 |
|
| 3 |
import java.util.ArrayList; |
| 4 |
import java.util.List; |
| 5 |
import java.util.Objects; |
| 6 |
import org.apache.commons.io.FilenameUtils; |
| 7 |
import org.apache.commons.io.IOCase; |
| 8 |
import org.apache.commons.lang3.StringUtils; |
| 9 |
import org.gvsig.tools.ToolsLocator; |
| 10 |
import org.gvsig.tools.dataTypes.DataTypeUtils; |
| 11 |
import org.gvsig.tools.evaluator.Evaluator; |
| 12 |
import org.gvsig.tools.evaluator.EvaluatorException; |
| 13 |
import org.gvsig.tools.evaluator.SimpleEvaluatorData; |
| 14 |
import org.gvsig.tools.identitymanagement.Rule; |
| 15 |
import org.gvsig.tools.identitymanagement.SimpleIdentity; |
| 16 |
import org.gvsig.tools.util.GetItemByKey; |
| 17 |
import org.slf4j.LoggerFactory; |
| 18 |
|
| 19 |
/**
|
| 20 |
*
|
| 21 |
* @author gvSIG Team
|
| 22 |
*/
|
| 23 |
public class GenericRule implements Rule { |
| 24 |
|
| 25 |
private static final org.slf4j.Logger LOGGER = LoggerFactory.getLogger(GenericRule.class); |
| 26 |
|
| 27 |
protected String name; |
| 28 |
protected String description; |
| 29 |
|
| 30 |
protected String actionFilter; |
| 31 |
protected String resourceFilter; |
| 32 |
protected Evaluator filter;
|
| 33 |
protected SimpleEvaluatorData filterSymbolTable;
|
| 34 |
|
| 35 |
protected List<String> requires; |
| 36 |
|
| 37 |
public GenericRule(String name, String description, String actionFilter, String resourceFilter, Evaluator filter, String requires) { |
| 38 |
this(name, description, actionFilter, resourceFilter, filter, toList(requires));
|
| 39 |
} |
| 40 |
|
| 41 |
public GenericRule(String name, String description, String actionFilter, String resourceFilter, Evaluator filter, List<String> requires) { |
| 42 |
this.name = name;
|
| 43 |
this.description = description;
|
| 44 |
this.actionFilter = actionFilter;
|
| 45 |
if (StringUtils.isBlank(resourceFilter)) {
|
| 46 |
this.resourceFilter = null; |
| 47 |
} else {
|
| 48 |
this.resourceFilter = resourceFilter;
|
| 49 |
} |
| 50 |
this.filter = filter;
|
| 51 |
if (this.filter == null) { |
| 52 |
this.filterSymbolTable = null; |
| 53 |
} else {
|
| 54 |
this.filterSymbolTable = new SimpleEvaluatorData(); |
| 55 |
} |
| 56 |
this.requires = requires;
|
| 57 |
} |
| 58 |
|
| 59 |
public GenericRule(GetItemByKey values) {
|
| 60 |
String theName;
|
| 61 |
String theDescription;
|
| 62 |
|
| 63 |
String theActionFilter;
|
| 64 |
String theResourceFilter;
|
| 65 |
Object theFilter;
|
| 66 |
|
| 67 |
String theRequires;
|
| 68 |
|
| 69 |
theName = StringUtils.trimToNull(Objects.toString(values.get("Name")));
|
| 70 |
theDescription = StringUtils.trimToNull(Objects.toString(values.get("Description")));
|
| 71 |
|
| 72 |
theActionFilter = StringUtils.trimToNull(Objects.toString(values.get("Action")));
|
| 73 |
theResourceFilter = StringUtils.trimToNull(Objects.toString(values.get("Resource")));
|
| 74 |
theFilter= Objects.toString(values.get("filter"));
|
| 75 |
|
| 76 |
theRequires = StringUtils.trimToNull(Objects.toString(values.get("Requires")));
|
| 77 |
|
| 78 |
if (theName == null) { |
| 79 |
throw new IllegalArgumentException("'name' null not allowed in rule"); |
| 80 |
} |
| 81 |
if (theActionFilter == null) { |
| 82 |
throw new IllegalArgumentException("'actionName' null not allowed in rule"); |
| 83 |
} |
| 84 |
this.name = theName;
|
| 85 |
this.description = theDescription;
|
| 86 |
this.actionFilter = theActionFilter;
|
| 87 |
if ( theResourceFilter==null ) { |
| 88 |
this.resourceFilter = null; |
| 89 |
} else {
|
| 90 |
this.resourceFilter = theResourceFilter;
|
| 91 |
} |
| 92 |
if( theFilter instanceof Evaluator ) { |
| 93 |
this.filter = (Evaluator) theFilter;
|
| 94 |
} else if( theFilter instanceof CharSequence ) { |
| 95 |
this.filter = ToolsLocator.getScriptManager().createEvaluator(theFilter.toString());
|
| 96 |
} |
| 97 |
if (this.filter == null) { |
| 98 |
this.filterSymbolTable = null; |
| 99 |
} else {
|
| 100 |
this.filterSymbolTable = new SimpleEvaluatorData(); |
| 101 |
} |
| 102 |
this.requires = toList(theRequires);
|
| 103 |
} |
| 104 |
|
| 105 |
private static List<String> toList(String s) { |
| 106 |
if( StringUtils.isBlank(s) ) {
|
| 107 |
return null; |
| 108 |
} |
| 109 |
try{
|
| 110 |
List<String> l = new ArrayList<>(); |
| 111 |
String[] ss = StringUtils.split(s, ","); |
| 112 |
for (String s1 : ss) { |
| 113 |
if (StringUtils.isBlank(s1)) {
|
| 114 |
continue;
|
| 115 |
} |
| 116 |
l.add(s1.trim().toLowerCase()); |
| 117 |
} |
| 118 |
return l;
|
| 119 |
} catch (Exception ex) { |
| 120 |
return null; |
| 121 |
} |
| 122 |
} |
| 123 |
|
| 124 |
@Override
|
| 125 |
public String getName() { |
| 126 |
return this.name; |
| 127 |
} |
| 128 |
|
| 129 |
@Override
|
| 130 |
public String getDescription() { |
| 131 |
return this.description; |
| 132 |
} |
| 133 |
|
| 134 |
@Override
|
| 135 |
public boolean isAuthorized(SimpleIdentity identity, String actionName, Object resource, String resourceName) { |
| 136 |
if( !FilenameUtils.wildcardMatch(actionName, this.actionFilter, IOCase.INSENSITIVE) ) { |
| 137 |
// The rule don't apply to the action
|
| 138 |
return true; |
| 139 |
} |
| 140 |
if (this.resourceFilter != null && |
| 141 |
!FilenameUtils.wildcardMatch(resourceName, this.resourceFilter, IOCase.INSENSITIVE) ) {
|
| 142 |
// The rule don't apply to the action+resourceName
|
| 143 |
return true; |
| 144 |
} |
| 145 |
if (this.filter != null) { |
| 146 |
this.filterSymbolTable.set("rule", this); |
| 147 |
this.filterSymbolTable.set("identity", identity); |
| 148 |
this.filterSymbolTable.set("actionName", actionName); |
| 149 |
this.filterSymbolTable.set("resourceName", resourceName); |
| 150 |
this.filterSymbolTable.set("resource", resource); |
| 151 |
Object x = false; |
| 152 |
try {
|
| 153 |
x = this.filter.evaluate(filterSymbolTable);
|
| 154 |
} catch (EvaluatorException ex) {
|
| 155 |
LOGGER.debug("Can't evaluate filter",ex);
|
| 156 |
} |
| 157 |
if (!DataTypeUtils.toBoolean(x, false)) { |
| 158 |
// The rule don't apply to the action+resourceName+filter
|
| 159 |
return true; |
| 160 |
} |
| 161 |
} |
| 162 |
// La regla aplica a action+resourceName+filter. asi que comprobamos
|
| 163 |
// si el usuario tiene el rol necesario para acceder a ella.
|
| 164 |
String identityId = identity.getID();
|
| 165 |
for (String required : this.requires) { |
| 166 |
if( StringUtils.equals(required,"*") ) { |
| 167 |
return true; |
| 168 |
} |
| 169 |
if( required.startsWith("@") ) { |
| 170 |
int len = required.length();
|
| 171 |
if( len>1 ) { |
| 172 |
required = required.substring(1);
|
| 173 |
List<String> identityRoles = identity.getRoles(); |
| 174 |
if( identityRoles!=null ) { |
| 175 |
for (String identityRole : identityRoles) { |
| 176 |
if( FilenameUtils.wildcardMatch(identityRole, required, IOCase.INSENSITIVE) ) {
|
| 177 |
return true; |
| 178 |
} |
| 179 |
} |
| 180 |
} |
| 181 |
} |
| 182 |
} else if( FilenameUtils.wildcardMatch(identityId, required, IOCase.INSENSITIVE) ) { |
| 183 |
return true; |
| 184 |
} |
| 185 |
} |
| 186 |
return false; |
| 187 |
} |
| 188 |
|
| 189 |
@Override
|
| 190 |
public boolean accept(String actionName) { |
| 191 |
return FilenameUtils.wildcardMatch(actionName, this.actionFilter, IOCase.INSENSITIVE); |
| 192 |
} |
| 193 |
|
| 194 |
} |