gvsig-tools / org.gvsig.tools / library / trunk / org.gvsig.tools / org.gvsig.tools.lib / src / main / java / org / gvsig / tools / identitymanagement / spi / GenericRule.java @ 2590
History | View | Annotate | Download (6.89 KB)
1 |
package org.gvsig.tools.identitymanagement.spi; |
---|---|
2 |
|
3 |
import java.util.ArrayList; |
4 |
import java.util.List; |
5 |
import java.util.Objects; |
6 |
import org.apache.commons.io.FilenameUtils; |
7 |
import org.apache.commons.io.IOCase; |
8 |
import org.apache.commons.lang3.StringUtils; |
9 |
import org.gvsig.tools.ToolsLocator; |
10 |
import org.gvsig.tools.dataTypes.DataTypeUtils; |
11 |
import org.gvsig.tools.evaluator.Evaluator; |
12 |
import org.gvsig.tools.evaluator.EvaluatorException; |
13 |
import org.gvsig.tools.evaluator.SimpleEvaluatorData; |
14 |
import org.gvsig.tools.identitymanagement.Rule; |
15 |
import org.gvsig.tools.identitymanagement.SimpleIdentity; |
16 |
import org.gvsig.tools.util.GetItemByKey; |
17 |
import org.slf4j.LoggerFactory; |
18 |
|
19 |
/**
|
20 |
*
|
21 |
* @author gvSIG Team
|
22 |
*/
|
23 |
public class GenericRule implements Rule { |
24 |
|
25 |
private static final org.slf4j.Logger LOGGER = LoggerFactory.getLogger(GenericRule.class); |
26 |
|
27 |
protected String name; |
28 |
protected String description; |
29 |
|
30 |
protected String actionFilter; |
31 |
protected String resourceFilter; |
32 |
protected Evaluator filter;
|
33 |
protected SimpleEvaluatorData filterSymbolTable;
|
34 |
|
35 |
protected List<String> requires; |
36 |
|
37 |
public GenericRule(String name, String description, String actionFilter, String resourceFilter, Evaluator filter, String requires) { |
38 |
this(name, description, actionFilter, resourceFilter, filter, toList(requires));
|
39 |
} |
40 |
|
41 |
public GenericRule(String name, String description, String actionFilter, String resourceFilter, Evaluator filter, List<String> requires) { |
42 |
this.name = name;
|
43 |
this.description = description;
|
44 |
this.actionFilter = actionFilter;
|
45 |
if (StringUtils.isBlank(resourceFilter)) {
|
46 |
this.resourceFilter = null; |
47 |
} else {
|
48 |
this.resourceFilter = resourceFilter;
|
49 |
} |
50 |
this.filter = filter;
|
51 |
if (this.filter == null) { |
52 |
this.filterSymbolTable = null; |
53 |
} else {
|
54 |
this.filterSymbolTable = new SimpleEvaluatorData(); |
55 |
} |
56 |
this.requires = requires;
|
57 |
} |
58 |
|
59 |
public GenericRule(GetItemByKey values) {
|
60 |
String theName;
|
61 |
String theDescription;
|
62 |
|
63 |
String theActionFilter;
|
64 |
String theResourceFilter;
|
65 |
Object theFilter;
|
66 |
|
67 |
String theRequires;
|
68 |
|
69 |
theName = StringUtils.trimToNull(Objects.toString(values.get("Name")));
|
70 |
theDescription = StringUtils.trimToNull(Objects.toString(values.get("Description")));
|
71 |
|
72 |
theActionFilter = StringUtils.trimToNull(Objects.toString(values.get("Action")));
|
73 |
theResourceFilter = StringUtils.trimToNull(Objects.toString(values.get("Resource")));
|
74 |
theFilter= Objects.toString(values.get("filter"));
|
75 |
|
76 |
theRequires = StringUtils.trimToNull(Objects.toString(values.get("Requires")));
|
77 |
|
78 |
if (theName == null) { |
79 |
throw new IllegalArgumentException("'name' null not allowed in rule"); |
80 |
} |
81 |
if (theActionFilter == null) { |
82 |
throw new IllegalArgumentException("'actionName' null not allowed in rule"); |
83 |
} |
84 |
this.name = theName;
|
85 |
this.description = theDescription;
|
86 |
this.actionFilter = theActionFilter;
|
87 |
if ( theResourceFilter==null ) { |
88 |
this.resourceFilter = null; |
89 |
} else {
|
90 |
this.resourceFilter = theResourceFilter;
|
91 |
} |
92 |
if( theFilter instanceof Evaluator ) { |
93 |
this.filter = (Evaluator) theFilter;
|
94 |
} else if( theFilter instanceof CharSequence ) { |
95 |
this.filter = ToolsLocator.getScriptManager().createEvaluator(theFilter.toString());
|
96 |
} |
97 |
if (this.filter == null) { |
98 |
this.filterSymbolTable = null; |
99 |
} else {
|
100 |
this.filterSymbolTable = new SimpleEvaluatorData(); |
101 |
} |
102 |
this.requires = toList(theRequires);
|
103 |
} |
104 |
|
105 |
private static List<String> toList(String s) { |
106 |
if( StringUtils.isBlank(s) ) {
|
107 |
return null; |
108 |
} |
109 |
try{
|
110 |
List<String> l = new ArrayList<>(); |
111 |
String[] ss = StringUtils.split(s, ","); |
112 |
for (String s1 : ss) { |
113 |
if (StringUtils.isBlank(s1)) {
|
114 |
continue;
|
115 |
} |
116 |
l.add(s1.trim().toLowerCase()); |
117 |
} |
118 |
return l;
|
119 |
} catch (Exception ex) { |
120 |
return null; |
121 |
} |
122 |
} |
123 |
|
124 |
@Override
|
125 |
public String getName() { |
126 |
return this.name; |
127 |
} |
128 |
|
129 |
@Override
|
130 |
public String getDescription() { |
131 |
return this.description; |
132 |
} |
133 |
|
134 |
@Override
|
135 |
public boolean isAuthorized(SimpleIdentity identity, String actionName, Object resource, String resourceName) { |
136 |
if( !FilenameUtils.wildcardMatch(actionName, this.actionFilter, IOCase.INSENSITIVE) ) { |
137 |
// The rule don't apply to the action
|
138 |
return true; |
139 |
} |
140 |
if (this.resourceFilter != null && |
141 |
!FilenameUtils.wildcardMatch(resourceName, this.resourceFilter, IOCase.INSENSITIVE) ) {
|
142 |
// The rule don't apply to the action+resourceName
|
143 |
return true; |
144 |
} |
145 |
if (this.filter != null) { |
146 |
this.filterSymbolTable.set("rule", this); |
147 |
this.filterSymbolTable.set("identity", identity); |
148 |
this.filterSymbolTable.set("actionName", actionName); |
149 |
this.filterSymbolTable.set("resourceName", resourceName); |
150 |
this.filterSymbolTable.set("resource", resource); |
151 |
Object x = false; |
152 |
try {
|
153 |
x = this.filter.evaluate(filterSymbolTable);
|
154 |
} catch (EvaluatorException ex) {
|
155 |
LOGGER.debug("Can't evaluate filter",ex);
|
156 |
} |
157 |
if (!DataTypeUtils.toBoolean(x, false)) { |
158 |
// The rule don't apply to the action+resourceName+filter
|
159 |
return true; |
160 |
} |
161 |
} |
162 |
// La regla aplica a action+resourceName+filter. asi que comprobamos
|
163 |
// si el usuario tiene el rol necesario para acceder a ella.
|
164 |
String identityId = identity.getID();
|
165 |
for (String required : this.requires) { |
166 |
if( StringUtils.equals(required,"*") ) { |
167 |
return true; |
168 |
} |
169 |
if( required.startsWith("@") ) { |
170 |
int len = required.length();
|
171 |
if( len>1 ) { |
172 |
required = required.substring(1);
|
173 |
List<String> identityRoles = identity.getRoles(); |
174 |
if( identityRoles!=null ) { |
175 |
for (String identityRole : identityRoles) { |
176 |
if( FilenameUtils.wildcardMatch(identityRole, required, IOCase.INSENSITIVE) ) {
|
177 |
return true; |
178 |
} |
179 |
} |
180 |
} |
181 |
} |
182 |
} else if( FilenameUtils.wildcardMatch(identityId, required, IOCase.INSENSITIVE) ) { |
183 |
return true; |
184 |
} |
185 |
} |
186 |
return false; |
187 |
} |
188 |
|
189 |
@Override
|
190 |
public boolean accept(String actionName) { |
191 |
return FilenameUtils.wildcardMatch(actionName, this.actionFilter, IOCase.INSENSITIVE); |
192 |
} |
193 |
|
194 |
} |