Refactored permission authorizer module

2025-10-06 02:01:45 +00:00 · 2015-10-01 17:35:08 +05:30 · 2015-10-01 17:35:08 +05:30 · ed937467cd
commit ed937467cd
parent 68befaae01
8 changed files with 102 additions and 132 deletions
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/Permission.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/Permission.java
@ -21,37 +21,40 @@ package org.wso2.carbon.device.mgt.core.config.permission;
 import javax.xml.bind.annotation.XmlElement;
 import javax.xml.bind.annotation.XmlRootElement;

-@XmlRootElement(name = "Permission")
-public class Permission{
+/**
+ * This class represents the information related to permission.
+ */
+@XmlRootElement (name = "Permission")
+public class Permission {

-	private String name; // permission name
-	private String path; // permission string
+    private String name; // permission name
+    private String path; // permission string
    private String url; // url of the resource
    private String method; // http method

-	public String getName() {
-		return name;
-	}
+    public String getName() {
+        return name;
+    }

-	@XmlElement(name = "name", required = true)
-	public void setName(String name) {
-		this.name = name;
-	}
+    @XmlElement (name = "name", required = true)
+    public void setName(String name) {
+        this.name = name;
+    }

-	public String getPath() {
-		return path;
-	}
+    public String getPath() {
+        return path;
+    }

-	@XmlElement(name = "path", required = true)
-	public void setPath(String path) {
-		this.path = path;
-	}
+    @XmlElement (name = "path", required = true)
+    public void setPath(String path) {
+        this.path = path;
+    }

    public String getUrl() {
        return url;
    }

-    @XmlElement(name = "url", required = true)
+    @XmlElement (name = "url", required = true)
    public void setUrl(String url) {
        this.url = url;
    }
@ -60,7 +63,7 @@ public class Permission{
        return method;
    }

-    @XmlElement(name = "method", required = true)
+    @XmlElement (name = "method", required = true)
    public void setMethod(String method) {
        this.method = method;
    }
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionConfiguration.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionConfiguration.java
@ -22,17 +22,20 @@ import javax.xml.bind.annotation.XmlElement;
 import javax.xml.bind.annotation.XmlRootElement;
 import java.util.List;

-@XmlRootElement(name = "PermissionConfiguration")
+/**
+ * This class represents the information related to permission configuration.
+ */
+@XmlRootElement (name = "PermissionConfiguration")
 public class PermissionConfiguration {

-	private List<Permission> permissions;
+    private List<Permission> permissions;

-	public List<Permission> getPermissions() {
-		return permissions;
-	}
+    public List<Permission> getPermissions() {
+        return permissions;
+    }

-	@XmlElement(name = "Permission", required = true)
-	public void setPermissions(List<Permission> permissions) {
-		this.permissions = permissions;
-	}
+    @XmlElement (name = "Permission", required = true)
+    public void setPermissions(List<Permission> permissions) {
+        this.permissions = permissions;
+    }
 }
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionManager.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionManager.java
@ -32,96 +32,59 @@ import java.util.StringTokenizer;
 */
 public class PermissionManager {

-	private static PermissionManager permissionManager;
-    private static PermissionHolder rootNode;
+    private static PermissionManager permissionManager;
+    private static PermissionTree permissionTree; // holds the permissions at runtime.

-	private PermissionManager(){};
+    private PermissionManager() {
+    }

-	public static PermissionManager getInstance() {
-		if (permissionManager == null) {
-			synchronized (PermissionManager.class) {
-				if (permissionManager == null) {
-					permissionManager = new PermissionManager();
-                    rootNode = new PermissionHolder("/"); // initializing the root node.
-				}
-			}
-		}
-		return permissionManager;
-	}
-
-	public boolean addPermission(Permission permission) throws DeviceManagementException {
-        StringTokenizer st = new StringTokenizer(permission.getUrl(), "/");
-        PermissionHolder tempRoot = rootNode;
-        PermissionHolder tempChild;
-        while(st.hasMoreTokens()) {
-            tempChild = new PermissionHolder(st.nextToken());
-            tempRoot = addPermissionNode(tempRoot, tempChild);
+    public static PermissionManager getInstance() {
+        if (permissionManager == null) {
+            synchronized (PermissionManager.class) {
+                if (permissionManager == null) {
+                    permissionManager = new PermissionManager();
+                    permissionTree = new PermissionTree();
+                }
+            }
        }
-        tempRoot.addPermission(permission.getMethod(), permission); //setting permission to the vertex
-		try {
-			return PermissionUtils.putPermission(permission);
-		} catch (DeviceManagementException e) {
-			throw new DeviceManagementException("Error occurred while adding the permission : " +
-			                                    permission.getName(), e);
-		}
-	}
+        return permissionManager;
+    }

-	public boolean addPermissions(List<Permission> permissions) throws DeviceManagementException{
-		for(Permission permission:permissions){
-			this.addPermission(permission);
-		}
-		return true;
-	}
-
-	public void initializePermissions(InputStream permissionStream) throws DeviceManagementException {
-		try {
-			if(permissionStream != null){
-				/* Un-marshaling Device Management configuration */
-				JAXBContext cdmContext = JAXBContext.newInstance(PermissionConfiguration.class);
-				Unmarshaller unmarshaller = cdmContext.createUnmarshaller();
-				PermissionConfiguration permissionConfiguration = (PermissionConfiguration)
-						unmarshaller.unmarshal(permissionStream);
-				if((permissionConfiguration != null) && (permissionConfiguration.getPermissions() != null)){
-					this.addPermissions(permissionConfiguration.getPermissions());
-				}
-			}
-		} catch (JAXBException e) {
-			throw new DeviceManagementException("Error occurred while initializing Data Source config", e);
-		}
-	}
-
-    private PermissionHolder addPermissionNode(PermissionHolder parent, PermissionHolder child) {
-        PermissionHolder existChild = parent.getChild(child.getPathName());
-        if (existChild == null) {
-            parent.addChild(child);
-            return child;
+    public boolean addPermission(Permission permission) throws DeviceManagementException {
+        permissionTree.addPermission(permission); // adding a permission to the tree
+        try {
+            return PermissionUtils.putPermission(permission);
+        } catch (DeviceManagementException e) {
+            throw new DeviceManagementException("Error occurred while adding the permission : " +
+                    permission.getName(), e);
+        }
+    }
+
+    public boolean addPermissions(List<Permission> permissions) throws DeviceManagementException {
+        for (Permission permission : permissions) {
+            this.addPermission(permission);
+        }
+        return true;
+    }
+
+    public void initializePermissions(InputStream permissionStream) throws DeviceManagementException {
+        try {
+            if (permissionStream != null) {
+                /* Un-marshaling Device Management configuration */
+                JAXBContext cdmContext = JAXBContext.newInstance(PermissionConfiguration.class);
+                Unmarshaller unmarshaller = cdmContext.createUnmarshaller();
+                PermissionConfiguration permissionConfiguration = (PermissionConfiguration)
+                        unmarshaller.unmarshal(permissionStream);
+                if (permissionConfiguration != null && permissionConfiguration.getPermissions() != null) {
+                    this.addPermissions(permissionConfiguration.getPermissions());
+                }
+            }
+        } catch (JAXBException e) {
+            throw new DeviceManagementException("Error occurred while initializing Data Source config", e);
        }
-        return existChild;
    }

    public Permission getPermission(String url, String httpMethod) {
-        StringTokenizer st = new StringTokenizer(url, "/");
-        PermissionHolder tempRoot = rootNode;
-        PermissionHolder previousRoot;
-        while (st.hasMoreTokens()) {
-            String currentToken = st.nextToken();
-            previousRoot = tempRoot;
-            tempRoot = tempRoot.getChild(currentToken);
-            if (tempRoot == null) {
-                tempRoot = previousRoot;
-                int leftTokens = st.countTokens();
-                for (int i = 0; i <= leftTokens; i++) {
-                    if (tempRoot == null) {
-                        return null;
-                    }
-                    tempRoot = tempRoot.getChild("*");
-                }
-                break;
-            }
-        }
-        if (tempRoot == null) {
-            return null;
-        }
-        return tempRoot.getPermission(httpMethod);
+        return permissionTree.getPermission(url, httpMethod);
    }
 }
--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionHolder.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionHolder.java
@ -25,15 +25,15 @@ import java.util.List;
 import java.util.Map;

 /**
- * This class represents the node of a permission graph.
+ * This class represents the node of a permission tree.
 */
-public class PermissionHolder {
+public class PermissionNode {

-    String pathName;
-    Map<String, Permission> permissions = new HashMap<String, Permission>();
-    List<PermissionHolder> children = new ArrayList<PermissionHolder>();
+    private String pathName;
+    private Map<String, Permission> permissions = new HashMap<String, Permission>();
+    private List<PermissionNode> children = new ArrayList<PermissionNode>();

-    public PermissionHolder(String pathName) {
+    public PermissionNode(String pathName) {
        this.pathName = pathName;
    }

@ -45,13 +45,13 @@ public class PermissionHolder {
        this.pathName = pathName;
    }

-    public List<PermissionHolder> getChildren() {
+    public List<PermissionNode> getChildren() {
        return children;
    }

-    public PermissionHolder getChild(String pathName) {
-        PermissionHolder child = null;
-        for (PermissionHolder node : children) {
+    public PermissionNode getChild(String pathName) {
+        PermissionNode child = null;
+        for (PermissionNode node : children) {
            if (node.getPathName().equals(pathName)) {
                return node;
            }
@ -59,7 +59,7 @@ public class PermissionHolder {
        return child;
    }

-    public void addChild(PermissionHolder node) {
+    public void addChild(PermissionNode node) {
        children.add(node);
    }

--- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionUtils.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/config/permission/PermissionUtils.java
@ -84,7 +84,7 @@ public class PermissionUtils {
 		return status;
 	}

-	public static boolean checkPermissionExistance(Permission permission)
+	public static boolean checkPermissionExistence(Permission permission)
 			throws DeviceManagementException,
 			       org.wso2.carbon.registry.core.exceptions.RegistryException {
 		return PermissionUtils.getGovernanceRegistry().resourceExists(permission.getPath());
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizationValve.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizationValve.java
@ -29,9 +29,9 @@ import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthen

 import javax.servlet.http.HttpServletResponse;

-public class PermissionAuthorizerValve extends CarbonTomcatValve {
+public class PermissionAuthorizationValve extends CarbonTomcatValve {

-    private static final Log log = LogFactory.getLog(PermissionAuthorizerValve.class);
+    private static final Log log = LogFactory.getLog(PermissionAuthorizationValve.class);
    private static final String AUTHORIZATION_ENABLED = "authorization-enabled";


@ -44,7 +44,7 @@ public class PermissionAuthorizerValve extends CarbonTomcatValve {
            this.processResponse(request, response, compositeValve, WebappAuthenticator.Status.CONTINUE);
            return;
        }
-        // check whether the permission checking function is enabled
+        // check whether the permission checking function is enabled in web.xml
        boolean isEnabled = new Boolean(permissionStatus);
        if (!isEnabled) {
            this.processResponse(request, response, compositeValve, WebappAuthenticator.Status.CONTINUE);
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizer.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/authorizer/PermissionAuthorizer.java
@ -39,12 +39,11 @@ public class PermissionAuthorizer {

    public WebappAuthenticator.Status authorize(Request request, Response response) {

-        // contextOperation is used to get defined operation type from the web.xml
        String requestUri = request.getRequestURI();
        String requestMethod = request.getMethod();

        if (requestUri == null || requestUri.isEmpty() ||
-            requestMethod == null || requestMethod.isEmpty()) {
+                requestMethod == null || requestMethod.isEmpty()) {
            return WebappAuthenticator.Status.CONTINUE;
        }

@ -61,7 +60,10 @@ public class PermissionAuthorizer {
        String permissionString = requestPermission.getPath();

        // This is added temporarily until authentication works.
+        // TODO remove below line.
        String username = "admin";
+        // TODO uncomment this once the authentication works.
+        //String username = CarbonContext.getThreadLocalCarbonContext().getUsername();

        boolean isUserAuthorized;
        try {
--- a/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkServiceComponent.java
+++ b/components/webapp-authenticator-framework/org.wso2.carbon.webapp.authenticator.framework/src/main/java/org/wso2/carbon/webapp/authenticator/framework/internal/WebappAuthenticatorFrameworkServiceComponent.java
@ -23,7 +23,6 @@ import org.apache.commons.logging.LogFactory;
 import org.osgi.service.component.ComponentContext;
 import org.wso2.carbon.certificate.mgt.core.service.CertificateManagementService;
 import org.wso2.carbon.device.mgt.core.scep.SCEPManager;
-import org.wso2.carbon.device.mgt.core.service.DeviceManagementProviderService;
 import org.wso2.carbon.tomcat.ext.valves.CarbonTomcatValve;
 import org.wso2.carbon.tomcat.ext.valves.TomcatValveContainer;
 import org.wso2.carbon.user.core.service.RealmService;
@ -31,7 +30,7 @@ import org.wso2.carbon.webapp.authenticator.framework.DataHolder;
 import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticationHandler;
 import org.wso2.carbon.webapp.authenticator.framework.authenticator.WebappAuthenticator;
 import org.wso2.carbon.webapp.authenticator.framework.WebappAuthenticatorRepository;
-import org.wso2.carbon.webapp.authenticator.framework.authorizer.PermissionAuthorizerValve;
+import org.wso2.carbon.webapp.authenticator.framework.authorizer.PermissionAuthorizationValve;
 import org.wso2.carbon.webapp.authenticator.framework.config.AuthenticatorConfig;
 import org.wso2.carbon.webapp.authenticator.framework.config.WebappAuthenticatorConfig;

@ -87,7 +86,7 @@ public class WebappAuthenticatorFrameworkServiceComponent {

            List<CarbonTomcatValve> valves = new ArrayList<CarbonTomcatValve>();
            valves.add(new WebappAuthenticationHandler());
-            valves.add(new PermissionAuthorizerValve());
+            valves.add(new PermissionAuthorizationValve());
            TomcatValveContainer.addValves(valves);

            if (log.isDebugEnabled()) {