org.jasig.portal.security.provider
Class AuthorizationImpl

java.lang.Object
  extended by org.jasig.portal.security.provider.AuthorizationImpl
All Implemented Interfaces:
IAuthorizationService

public class AuthorizationImpl
extends java.lang.Object
implements IAuthorizationService

Version:
$Revision: 1.42 $ $Date: 2005/04/18 17:02:59 $
Author:
Bernie Durfee, bdurfee@interactivebusiness.com, Dan Ellentuck, Scott Battaglia

Field Summary
private  boolean cachePermissions
          variable to determine if we should cache permissions or not.
private  IPermissionPolicy defaultPermissionPolicy
          The default Permission Policy this Authorization implementation will use.
private static org.apache.commons.logging.Log log
          Instance of log in order to log events.
private  java.lang.Class PERMISSION_SET_TYPE
          The class representing the permission set type.
private  IPermissionStore permissionStore
          Instance of the Permission Store for storing permission information.
private static java.lang.String PRINCIPAL_SEPARATOR
          Constant representing the separator used in the principal key.
private  java.util.Map principalCache
          The cache to hold the list of principals.
private static IAuthorizationService singleton
          The static instance of the AuthorizationImpl for purposes of creating a AuthorizationImpl singleton.
 
Constructor Summary
protected AuthorizationImpl()
           
 
Method Summary
 void addPermissions(IPermission[] permissions)
          Adds IPermissions to the back end store.
protected  void cacheAdd(IPermissionSet ps)
          Adds the IPermissionSet to the entity cache.
protected  IPermissionSet cacheGet(IAuthorizationPrincipal principal)
          Retrieves the IPermissionSet for the IPermissionSet from the entity cache.
protected  void cacheRemove(IAuthorizationPrincipal ap)
          Removes the IPermissionSet for this principal from the entity cache.
protected  void cacheUpdate(IPermissionSet ps)
          Updates the IPermissionSet in the entity cache.
 boolean canPrincipalPublish(IAuthorizationPrincipal principal)
          This checks if the framework has granted principal a right to publish.
 boolean canPrincipalRender(IAuthorizationPrincipal principal, int channelPublishId)
          Answers if the principal has permission to RENDER this Channel.
 boolean canPrincipalSubscribe(IAuthorizationPrincipal principal, int channelPublishId)
          Answers if the principal has permission to SUBSCRIBE to this Channel.
 boolean doesPrincipalHavePermission(IAuthorizationPrincipal principal, java.lang.String owner, java.lang.String activity, java.lang.String target)
          Answers if the owner has given the principal (or any of its parents) permission to perform the activity on the target.
 boolean doesPrincipalHavePermission(IAuthorizationPrincipal principal, java.lang.String owner, java.lang.String activity, java.lang.String target, IPermissionPolicy policy)
          Answers if the owner has given the principal permission to perform the activity on the target, as evaluated by the policy.
 IPermission[] getAllPermissionsForPrincipal(IAuthorizationPrincipal principal, java.lang.String owner, java.lang.String activity, java.lang.String target)
          Returns the IPermissions owner has granted this Principal for the specified activity and target.
 java.util.Vector getAuthorizedChannels(IAuthorizationPrincipal principal)
          Does this mean all channels the principal could conceivably subscribe to or all channels principal is specifically authorized to subscribe to, or what?
 IAuthorizationPrincipal[] getAuthorizedPrincipals(java.lang.String owner, java.lang.String activity, java.lang.String target)
          Returns IAuthorizationPrincipals that have IPermissions for the given owner, activity and target.
protected  IPermissionPolicy getDefaultPermissionPolicy()
           
 IGroupMember getGroupMember(IAuthorizationPrincipal principal)
           
private  IGroupMember getGroupMemberForPrincipal(IAuthorizationPrincipal principal)
           
private  java.util.Iterator getGroupsForPrincipal(IAuthorizationPrincipal principal)
          Hook into the Groups system by converting the IAuthorizationPrincipal to an IGroupMember.
private  java.util.Iterator getInheritedPrincipals(IAuthorizationPrincipal principal)
          Hook into the Groups system, find all containing groups, and convert the them to IAuthorizationPrincipals.
 IPermission[] getPermissionsForOwner(java.lang.String owner, java.lang.String activity, java.lang.String target)
          Returns the IPermissions owner has granted for the specified activity and target.
 IPermission[] getPermissionsForPrincipal(IAuthorizationPrincipal principal, java.lang.String owner, java.lang.String activity, java.lang.String target)
          Returns the IPermissions owner has granted this Principal for the specified activity and target.
private  IPermissionStore getPermissionStore()
           
 IAuthorizationPrincipal getPrincipal(IPermission permission)
          Returns IAuthorizationPrincipal associated with the IPermission.
private  IAuthorizationPrincipal getPrincipalForGroup(IEntityGroup group)
           
private  IAuthorizationPrincipal[] getPrincipalsFromPermissions(IPermission[] permissions)
          Returns IAuthorizationPrincipals associated with the IPermission[].
private  java.lang.String getPrincipalString(java.lang.Class pType, java.lang.String pKey)
           
 java.lang.String getPrincipalString(IAuthorizationPrincipal principal)
          Returns the String used by an IPermission to represent an IAuthorizationPrincipal.
 IPermission[] getUncachedPermissionsForPrincipal(IAuthorizationPrincipal principal, java.lang.String owner, java.lang.String activity, java.lang.String target)
          Returns the IPermissions owner has granted this Principal for the specified activity and target.
private  void initialize()
           
 IPermission newPermission(java.lang.String owner)
          Factory method for an IPermission.
 IPermission newPermission(java.lang.String owner, IAuthorizationPrincipal principal)
          Factory method for an IPermission.
 IPermissionManager newPermissionManager(java.lang.String owner)
          Factory method for IPermissionManager.
 IAuthorizationPrincipal newPrincipal(IGroupMember groupMember)
          Converts an IGroupMember into an IAuthorizationPrincipal.
 IAuthorizationPrincipal newPrincipal(java.lang.String key, java.lang.Class type)
          Factory method for IAuthorizationPrincipal.
 IUpdatingPermissionManager newUpdatingPermissionManager(java.lang.String owner)
          Factory method for IUpdatingPermissionManager.
private  IPermission[] primGetPermissionsForPrincipal(IAuthorizationPrincipal principal)
          Returns permissions for a principal.
private  IPermission[] primGetPermissionsForPrincipal(IAuthorizationPrincipal principal, java.lang.String owner, java.lang.String activity, java.lang.String target)
           
private  IAuthorizationPrincipal primNewPrincipal(java.lang.String key, java.lang.Class type)
           
private  IPermission[] primRetrievePermissions(java.lang.String owner, java.lang.String principal, java.lang.String activity, java.lang.String target)
           
private  void removeFromPermissionsCache(IAuthorizationPrincipal[] principals)
          Removes IPermissions for the IAuthorizationPrincipals from the cache.
private  void removeFromPermissionsCache(IPermission[] permissions)
          Removes IPermissions from the cache.
 void removePermissions(IPermission[] permissions)
          Removes IPermissions from the back end store.
protected  void setDefaultPermissionPolicy(IPermissionPolicy newDefaultPermissionPolicy)
           
static IAuthorizationService singleton()
           
 void updatePermissions(IPermission[] permissions)
          Updates IPermissions in the back end store.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

log

private static final org.apache.commons.logging.Log log
Instance of log in order to log events.


PRINCIPAL_SEPARATOR

private static final java.lang.String PRINCIPAL_SEPARATOR
Constant representing the separator used in the principal key.

See Also:
Constant Field Values

singleton

private static final IAuthorizationService singleton
The static instance of the AuthorizationImpl for purposes of creating a AuthorizationImpl singleton.


permissionStore

private IPermissionStore permissionStore
Instance of the Permission Store for storing permission information.


defaultPermissionPolicy

private IPermissionPolicy defaultPermissionPolicy
The default Permission Policy this Authorization implementation will use.


principalCache

private java.util.Map principalCache
The cache to hold the list of principals.


PERMISSION_SET_TYPE

private java.lang.Class PERMISSION_SET_TYPE
The class representing the permission set type.


cachePermissions

private boolean cachePermissions
variable to determine if we should cache permissions or not.

Constructor Detail

AuthorizationImpl

protected AuthorizationImpl()
Method Detail

addPermissions

public void addPermissions(IPermission[] permissions)
                    throws AuthorizationException
Adds IPermissions to the back end store.

Specified by:
addPermissions in interface IAuthorizationService
Parameters:
permissions - IPermission[]
Throws:
AuthorizationException

cacheAdd

protected void cacheAdd(IPermissionSet ps)
                 throws AuthorizationException
Adds the IPermissionSet to the entity cache.

Throws:
AuthorizationException

cacheGet

protected IPermissionSet cacheGet(IAuthorizationPrincipal principal)
                           throws AuthorizationException
Retrieves the IPermissionSet for the IPermissionSet from the entity cache.

Throws:
AuthorizationException

cacheRemove

protected void cacheRemove(IAuthorizationPrincipal ap)
                    throws AuthorizationException
Removes the IPermissionSet for this principal from the entity cache.

Throws:
AuthorizationException

cacheUpdate

protected void cacheUpdate(IPermissionSet ps)
                    throws AuthorizationException
Updates the IPermissionSet in the entity cache.

Throws:
AuthorizationException

canPrincipalPublish

public boolean canPrincipalPublish(IAuthorizationPrincipal principal)
                            throws AuthorizationException
This checks if the framework has granted principal a right to publish. DO WE WANT SOMETHING THIS COARSE (de)?

Specified by:
canPrincipalPublish in interface IAuthorizationService
Parameters:
principal - IAuthorizationPrincipal
Returns:
boolean
Throws:
AuthorizationException

canPrincipalRender

public boolean canPrincipalRender(IAuthorizationPrincipal principal,
                                  int channelPublishId)
                           throws AuthorizationException
Answers if the principal has permission to RENDER this Channel.

Specified by:
canPrincipalRender in interface IAuthorizationService
Parameters:
principal - IAuthorizationPrincipal
channelPublishId - int
Returns:
boolean
Throws:
AuthorizationException - indicates authorization information could not be retrieved.

canPrincipalSubscribe

public boolean canPrincipalSubscribe(IAuthorizationPrincipal principal,
                                     int channelPublishId)
                              throws AuthorizationException
Answers if the principal has permission to SUBSCRIBE to this Channel.

Specified by:
canPrincipalSubscribe in interface IAuthorizationService
Parameters:
principal - IAuthorizationPrincipal
channelPublishId - int
Returns:
boolean
Throws:
AuthorizationException - indicates authorization information could not be retrieved.

doesPrincipalHavePermission

public boolean doesPrincipalHavePermission(IAuthorizationPrincipal principal,
                                           java.lang.String owner,
                                           java.lang.String activity,
                                           java.lang.String target)
                                    throws AuthorizationException
Answers if the owner has given the principal (or any of its parents) permission to perform the activity on the target. Params owner and activity must be non-null. If target is null, then target is not checked.

Specified by:
doesPrincipalHavePermission in interface IAuthorizationService
Parameters:
principal - IAuthorizationPrincipal
owner - java.lang.String
activity - java.lang.String
target - java.lang.String
Returns:
boolean
Throws:
AuthorizationException - indicates authorization information could not be retrieved.

doesPrincipalHavePermission

public boolean doesPrincipalHavePermission(IAuthorizationPrincipal principal,
                                           java.lang.String owner,
                                           java.lang.String activity,
                                           java.lang.String target,
                                           IPermissionPolicy policy)
                                    throws AuthorizationException
Answers if the owner has given the principal permission to perform the activity on the target, as evaluated by the policy. Params policy, owner and activity must be non-null.

Specified by:
doesPrincipalHavePermission in interface IAuthorizationService
Parameters:
principal - IAuthorizationPrincipal
owner - java.lang.String
activity - java.lang.String
target - java.lang.String
Returns:
boolean
Throws:
AuthorizationException - indicates authorization information could not be retrieved.

getAllPermissionsForPrincipal

public IPermission[] getAllPermissionsForPrincipal(IAuthorizationPrincipal principal,
                                                   java.lang.String owner,
                                                   java.lang.String activity,
                                                   java.lang.String target)
                                            throws AuthorizationException
Returns the IPermissions owner has granted this Principal for the specified activity and target. Null parameters will be ignored, that is, all IPermissions matching the non-null parameters are retrieved. So, getPermissions(principal,null, null, null) should retrieve all IPermissions for a Principal. Note that this includes IPermissions inherited from groups the Principal belongs to.

Specified by:
getAllPermissionsForPrincipal in interface IAuthorizationService
Parameters:
principal - IAuthorizationPrincipal
owner - java.lang.String
activity - java.lang.String
target - java.lang.String
Returns:
org.jasig.portal.security.IPermission[]
Throws:
AuthorizationException - indicates authorization information could not be retrieved.

getAuthorizedChannels

public java.util.Vector getAuthorizedChannels(IAuthorizationPrincipal principal)
                                       throws AuthorizationException
Does this mean all channels the principal could conceivably subscribe to or all channels principal is specifically authorized to subscribe to, or what?

Specified by:
getAuthorizedChannels in interface IAuthorizationService
Parameters:
principal - IAuthorizationPrincipal
Returns:
Vector (of channels?)
Throws:
AuthorizationException - indicates authorization information could not

getAuthorizedPrincipals

public IAuthorizationPrincipal[] getAuthorizedPrincipals(java.lang.String owner,
                                                         java.lang.String activity,
                                                         java.lang.String target)
                                                  throws AuthorizationException
Returns IAuthorizationPrincipals that have IPermissions for the given owner, activity and target.

Parameters:
owner -
activity -
target -
Returns:
IAuthorizationPrincipal[]
Throws:
AuthorizationException

getDefaultPermissionPolicy

protected IPermissionPolicy getDefaultPermissionPolicy()
Returns:
org.jasig.portal.security.IPermissionPolicy

getGroupMember

public IGroupMember getGroupMember(IAuthorizationPrincipal principal)
                            throws GroupsException
Specified by:
getGroupMember in interface IAuthorizationService
Parameters:
principal - org.jasig.portal.security.IAuthorizationPrincipal
Returns:
org.jasig.portal.groups.IGroupMember
Throws:
GroupsException

getGroupMemberForPrincipal

private IGroupMember getGroupMemberForPrincipal(IAuthorizationPrincipal principal)
                                         throws GroupsException
Parameters:
principal - org.jasig.portal.security.IAuthorizationPrincipal
Returns:
org.jasig.portal.groups.IGroupMember
Throws:
GroupsException

getGroupsForPrincipal

private java.util.Iterator getGroupsForPrincipal(IAuthorizationPrincipal principal)
                                          throws GroupsException
Hook into the Groups system by converting the IAuthorizationPrincipal to an IGroupMember. Returns ALL the groups the IGroupMember (recursively) belongs to.

Parameters:
principal - - org.jasig.portal.security.IAuthorizationPrincipal
Returns:
java.util.Iterator over Collection of IEntityGroups
Throws:
GroupsException

getInheritedPrincipals

private java.util.Iterator getInheritedPrincipals(IAuthorizationPrincipal principal)
                                           throws AuthorizationException
Hook into the Groups system, find all containing groups, and convert the them to IAuthorizationPrincipals.

Parameters:
principal - - org.jasig.portal.security.IAuthorizationPrincipal
Returns:
java.util.Iterator over Collection of IEntityGroups
Throws:
AuthorizationException

getPermissionsForOwner

public IPermission[] getPermissionsForOwner(java.lang.String owner,
                                            java.lang.String activity,
                                            java.lang.String target)
                                     throws AuthorizationException
Returns the IPermissions owner has granted for the specified activity and target. Null parameters will be ignored, that is, all IPermissions matching the non-null parameters are retrieved.

Specified by:
getPermissionsForOwner in interface IAuthorizationService
Parameters:
owner - java.lang.String
activity - java.lang.String
target - java.lang.String
Returns:
org.jasig.portal.security.IPermission[]
Throws:
AuthorizationException - indicates authorization information could not be retrieved.

getPermissionsForPrincipal

public IPermission[] getPermissionsForPrincipal(IAuthorizationPrincipal principal,
                                                java.lang.String owner,
                                                java.lang.String activity,
                                                java.lang.String target)
                                         throws AuthorizationException
Returns the IPermissions owner has granted this Principal for the specified activity and target. Null parameters will be ignored, that is, all IPermissions matching the non-null parameters are retrieved. So, getPermissions(principal,null, null, null) should retrieve all IPermissions for a Principal.

Specified by:
getPermissionsForPrincipal in interface IAuthorizationService
Parameters:
principal - IAuthorizationPrincipal
owner - java.lang.String
activity - java.lang.String
target - java.lang.String
Returns:
org.jasig.portal.security.IPermission[]
Throws:
AuthorizationException - indicates authorization information could not be retrieved.

getPermissionStore

private IPermissionStore getPermissionStore()
Returns:
org.jasig.portal.security.IPermissionStore

getPrincipal

public IAuthorizationPrincipal getPrincipal(IPermission permission)
                                     throws AuthorizationException
Returns IAuthorizationPrincipal associated with the IPermission.

Specified by:
getPrincipal in interface IAuthorizationService
Parameters:
permission - IPermission
Returns:
IAuthorizationPrincipal
Throws:
AuthorizationException

getPrincipalForGroup

private IAuthorizationPrincipal getPrincipalForGroup(IEntityGroup group)
Parameters:
group -
Returns:
user org.jasig.portal.security.IAuthorizationPrincipal

getPrincipalsFromPermissions

private IAuthorizationPrincipal[] getPrincipalsFromPermissions(IPermission[] permissions)
                                                        throws AuthorizationException
Returns IAuthorizationPrincipals associated with the IPermission[].

Parameters:
permissions - IPermission[]
Returns:
IAuthorizationPrincipal[]
Throws:
AuthorizationException

getPrincipalString

public java.lang.String getPrincipalString(IAuthorizationPrincipal principal)
Returns the String used by an IPermission to represent an IAuthorizationPrincipal.

Specified by:
getPrincipalString in interface IAuthorizationService
Parameters:
principal - org.jasig.portal.security.IAuthorizationPrincipal

getPrincipalString

private java.lang.String getPrincipalString(java.lang.Class pType,
                                            java.lang.String pKey)

getUncachedPermissionsForPrincipal

public IPermission[] getUncachedPermissionsForPrincipal(IAuthorizationPrincipal principal,
                                                        java.lang.String owner,
                                                        java.lang.String activity,
                                                        java.lang.String target)
                                                 throws AuthorizationException
Returns the IPermissions owner has granted this Principal for the specified activity and target. Null parameters will be ignored, that is, all IPermissions matching the non-null parameters are retrieved. So, getPermissions(principal,null, null, null) should retrieve all IPermissions for a Principal. Ignore any cached IPermissions.

Parameters:
principal - IAuthorizationPrincipal
owner - java.lang.String
activity - java.lang.String
target - java.lang.String
Returns:
org.jasig.portal.security.IPermission[]
Throws:
AuthorizationException - indicates authorization information could not be retrieved.

initialize

private void initialize()
                 throws java.lang.IllegalArgumentException
Throws:
java.lang.IllegalArgumentException

newPermission

public IPermission newPermission(java.lang.String owner)
Factory method for an IPermission.

Parameters:
owner - String
Returns:
org.jasig.portal.security.Permission

newPermission

public IPermission newPermission(java.lang.String owner,
                                 IAuthorizationPrincipal principal)
Factory method for an IPermission.

Specified by:
newPermission in interface IAuthorizationService
Parameters:
owner - String
principal - IAuthorizationPrincipal
Returns:
org.jasig.portal.security.IPermission

newPermissionManager

public IPermissionManager newPermissionManager(java.lang.String owner)
Factory method for IPermissionManager.

Specified by:
newPermissionManager in interface IAuthorizationService
Parameters:
owner - java.lang.String
Returns:
org.jasig.portal.security.IPermissionManager

newPrincipal

public IAuthorizationPrincipal newPrincipal(java.lang.String key,
                                            java.lang.Class type)
Factory method for IAuthorizationPrincipal. First check the principal cache, and if not present, create the principal and cache it.

Specified by:
newPrincipal in interface IAuthorizationService
Parameters:
key - java.lang.String
type - java.lang.Class
Returns:
org.jasig.portal.security.IAuthorizationPrincipal

newPrincipal

public IAuthorizationPrincipal newPrincipal(IGroupMember groupMember)
                                     throws GroupsException
Converts an IGroupMember into an IAuthorizationPrincipal.

Specified by:
newPrincipal in interface IAuthorizationService
Parameters:
groupMember - org.jasig.portal.groups.IGroupMember
Returns:
org.jasig.portal.security.IAuthorizationPrincipal
Throws:
GroupsException

primNewPrincipal

private IAuthorizationPrincipal primNewPrincipal(java.lang.String key,
                                                 java.lang.Class type)

newUpdatingPermissionManager

public IUpdatingPermissionManager newUpdatingPermissionManager(java.lang.String owner)
Factory method for IUpdatingPermissionManager.

Specified by:
newUpdatingPermissionManager in interface IAuthorizationService
Parameters:
owner - java.lang.String
Returns:
org.jasig.portal.security.IUpdatingPermissionManager

primGetPermissionsForPrincipal

private IPermission[] primGetPermissionsForPrincipal(IAuthorizationPrincipal principal)
                                              throws AuthorizationException
Returns permissions for a principal. First check the entity caching service, and if the permissions have not been cached, retrieve and cache them.

Parameters:
principal - org.jasig.portal.security.IAuthorizationPrincipal
Returns:
IPermission[]
Throws:
AuthorizationException

primGetPermissionsForPrincipal

private IPermission[] primGetPermissionsForPrincipal(IAuthorizationPrincipal principal,
                                                     java.lang.String owner,
                                                     java.lang.String activity,
                                                     java.lang.String target)
                                              throws AuthorizationException
Parameters:
principal - org.jasig.portal.security.IAuthorizationPrincipal
owner - String
activity - String
target - String
Returns:
IPermission[]
Throws:
AuthorizationException

primRetrievePermissions

private IPermission[] primRetrievePermissions(java.lang.String owner,
                                              java.lang.String principal,
                                              java.lang.String activity,
                                              java.lang.String target)
                                       throws AuthorizationException
Parameters:
owner - String
principal - String
activity - String
target - String
Returns:
IPermission[]
Throws:
AuthorizationException

removeFromPermissionsCache

private void removeFromPermissionsCache(IAuthorizationPrincipal[] principals)
                                 throws AuthorizationException
Removes IPermissions for the IAuthorizationPrincipals from the cache.

Parameters:
principals - IAuthorizationPrincipal[]
Throws:
AuthorizationException

removeFromPermissionsCache

private void removeFromPermissionsCache(IPermission[] permissions)
                                 throws AuthorizationException
Removes IPermissions from the cache.

Parameters:
permissions - IPermission[]
Throws:
AuthorizationException

removePermissions

public void removePermissions(IPermission[] permissions)
                       throws AuthorizationException
Removes IPermissions from the back end store.

Specified by:
removePermissions in interface IAuthorizationService
Parameters:
permissions - IPermission[]
Throws:
AuthorizationException

setDefaultPermissionPolicy

protected void setDefaultPermissionPolicy(IPermissionPolicy newDefaultPermissionPolicy)
Parameters:
newDefaultPermissionPolicy - org.jasig.portal.security.IPermissionPolicy

singleton

public static IAuthorizationService singleton()
Returns:
org.jasig.portal.security.provider.IAuthorizationService

updatePermissions

public void updatePermissions(IPermission[] permissions)
                       throws AuthorizationException
Updates IPermissions in the back end store.

Specified by:
updatePermissions in interface IAuthorizationService
Parameters:
permissions - IPermission[]
Throws:
AuthorizationException