Index: topia-security/src/java/org/codelutin/topia/security/TopiaSecurityManagerImpl.java diff -u topia-security/src/java/org/codelutin/topia/security/TopiaSecurityManagerImpl.java:1.10 topia-security/src/java/org/codelutin/topia/security/TopiaSecurityManagerImpl.java:1.11 --- topia-security/src/java/org/codelutin/topia/security/TopiaSecurityManagerImpl.java:1.10 Mon Oct 9 14:20:47 2006 +++ topia-security/src/java/org/codelutin/topia/security/TopiaSecurityManagerImpl.java Mon Oct 16 14:15:46 2006 @@ -22,12 +22,15 @@ import static org.codelutin.topia.security.util.TopiaSecurityUtil.TOPIA_SECURITY_PERSISTENCE_CLASSES; +import java.security.AccessControlException; +import java.security.AccessController; import java.security.Permission; import java.util.Collection; import java.util.HashSet; import java.util.Map; import java.util.Set; +import javax.security.auth.Subject; import javax.security.auth.login.Configuration; import org.apache.commons.collections.map.ReferenceMap; @@ -35,11 +38,15 @@ import org.apache.commons.logging.LogFactory; import org.codelutin.topia.TopiaContext; import org.codelutin.topia.TopiaException; +import org.codelutin.topia.framework.TopiaContextImplementor; import org.codelutin.topia.security.entities.authorization.TopiaAssociationAuthorizationDAO; import org.codelutin.topia.security.entities.authorization.TopiaAuthorization; import org.codelutin.topia.security.entities.authorization.TopiaAuthorizationDAO; +import org.codelutin.topia.security.entities.authorization.TopiaEntityAuthorization; import org.codelutin.topia.security.entities.authorization.TopiaEntityAuthorizationDAO; -import org.codelutin.topia.security.entities.authorization.TopiaLinkAuthorizationDAO; +import org.codelutin.topia.security.entities.authorization.TopiaEntityAuthorizationImpl; +import org.codelutin.topia.security.entities.authorization.TopiaIdLink; +import org.codelutin.topia.security.entities.authorization.TopiaIdLinkDAO; import org.codelutin.topia.security.entities.user.TopiaGroupDAO; import org.codelutin.topia.security.entities.user.TopiaUserDAO; import org.codelutin.topia.security.jaas.TopiaConfiguration; @@ -69,7 +76,7 @@ /* Listeners */ private VetoableEntityListener entityListener = new VetoableEntityListener(this); private PropertyReadListener readListener = new PropertyReadListener(this); - private PropertyWriteListener writeListener = new PropertyWriteListener(); + private PropertyWriteListener writeListener = new PropertyWriteListener(this); private VetoablePropertyListener propertyListener = new VetoablePropertyListener(readListener, writeListener); /* Policy */ @@ -90,7 +97,7 @@ * (non-Javadoc) * @see org.codelutin.topia.security.TopiaSecurityManager#init() */ - public void init(TopiaContext context) { + public void init(TopiaContextImplementor context) { this.rootContext = context; this.securityContext = null; @@ -176,11 +183,11 @@ /** * Permet de récupérer le DAO dans le contexte de sécurité. - * @return DAO du TopiaLinkAuthorization + * @return DAO du TopiaIdLinkDAO */ - public TopiaLinkAuthorizationDAO getTopiaLinkAuthorizationDAO() { + public TopiaIdLinkDAO getTopiaIdLinkDAO() { try { - return TopiaSecurityDAOHelper.getTopiaLinkAuthorizationDAO(getSecurityContext()); + return TopiaSecurityDAOHelper.getTopiaIdLinkDAO(getSecurityContext()); } catch (TopiaException te) { log.error("Recuperation du TopiaLinkAuthorizationDAO impossible", te); } @@ -281,4 +288,60 @@ return false; } } + + protected String replaceByTopiaIdLink(String topiaId) throws TopiaException { + TopiaIdLinkDAO linkDAO = getTopiaIdLinkDAO(); + TopiaIdLink link = linkDAO.findByReplace(topiaId); + if(link == null) { + return topiaId; + } else { + return link.getBy(); + } + } + + /** + * Vérifie si l'utilisateur actuellement loggué a le droit d'accéder à + * l'entité passée en paramètre pour les actions spécifiées. + * @param entientityClassty l'entité pour laquelle on vérifie les droits + * @param actions les actions [load, read, write, admin] + * @throws TopiaSecurityException + */ + public void checkPermission(Class entityClass, int actions) throws TopiaException { + if (log.isTraceEnabled()) { + log.trace("Checking permissions to entity class : " + entityClass); + } + if (entityClass == null) { + throw new TopiaException("Class cannot be null"); + } + String topiaId = entityClass.getName() + "#*"; + checkPermission(topiaId, actions); + } + + /** + * Vérifie si l'utilisateur actuellement loggué a le droit d'accéder à + * l'entité passée en paramètre pour les actions spécifiées. + * @param topiaId le topiaId de l'entité pour laquelle on vérifie les droits + * @param actions les actions [load, read, write, admin] + * @throws TopiaSecurityException + */ + public void checkPermission(String topiaId, int actions) throws TopiaException { + Subject subj = Subject.getSubject(AccessController.getContext()); + if (subj != null) { + try { + TopiaEntityAuthorization authorization = new TopiaEntityAuthorizationImpl( + replaceByTopiaIdLink(topiaId), actions, subj.getPrincipals()); + AccessController.checkPermission(new TopiaPermission(authorization)); + } catch (AccessControlException e) { + throw new TopiaException("access denied to object \"" + topiaId + "\" for \"" + subj + "\"", e); + } + if (log.isTraceEnabled()) { + log.trace("Permission granted for entity : " + topiaId); + } + } else { + if(log.isWarnEnabled()) { + log.warn("Use doAs() and login first"); + } + } + } + }