All Downloads are FREE. Search and download functionalities are using the official Maven repository.

de.uni.freiburg.iig.telematik.sewol.accesscontrol.acl.ACLModel Maven / Gradle / Ivy

Go to download

SEWOL provides support for the handling of workflow traces. Specifically it allows to specify the shape and content of process traces in terms of entries representing the execution of a specific workflow activity. SEWOL also allows to write these traces on disk as a log file with the help of a special file writer for process logs. Currently it supports plain text, Petrify, MXML and XES log file types. In order to specify security-related context information, SEWOL provides access control models such as access control lists (ACL) and role-based access control models (RBAC). All types of models can be conveniently edited with the help of appropriate dialogs.

There is a newer version: 1.0.2
Show newest version
package de.uni.freiburg.iig.telematik.sewol.accesscontrol.acl;

import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;

import de.invation.code.toval.misc.soabase.SOABase;
import de.invation.code.toval.properties.PropertyException;
import de.invation.code.toval.types.DataUsage;
import de.invation.code.toval.types.HashList;
import de.invation.code.toval.validate.CompatibilityException;
import de.invation.code.toval.validate.ParameterException;
import de.invation.code.toval.validate.ParameterException.ErrorCode;
import de.uni.freiburg.iig.telematik.sewol.accesscontrol.AbstractACModel;
import de.uni.freiburg.iig.telematik.sewol.accesscontrol.properties.ACLModelProperties;
import de.uni.freiburg.iig.telematik.sewol.accesscontrol.properties.ACModelType;

public class ACLModel extends AbstractACModel {

    protected Map> activityPermissionsUT;
    protected Map> activityPermissionsTU;
    protected Map>> objectPermissionsUO;
    protected Map>> objectPermissionsOU;

    public ACLModel(String name) {
        super(ACModelType.ACL, name);
    }

    public ACLModel(String name, SOABase context) {
        super(ACModelType.ACL, name, context);
    }

    public ACLModel(ACLModelProperties properties, SOABase context) throws PropertyException {
        super(properties, context);
    }

    @Override
    protected void initialize(ACLModelProperties properties) throws PropertyException {
        super.initialize(properties);
        for (String subject : getContext().getSubjects()) {
            setActivityPermission(subject, properties.getActivityPermission(subject));
            setObjectPermission(subject, properties.getObjectPermission(subject));
        }
    }

    @Override
    protected void initialize() {
        super.initialize();
        activityPermissionsUT = new HashMap>();
        activityPermissionsTU = new HashMap>();
        objectPermissionsUO = new HashMap>>();
        objectPermissionsOU = new HashMap>>();
    }

    @Override
    public void setValidUsageModes(Collection validUsageModes) {
        validateUsageModes(validUsageModes);
        Set oldModes = new HashSet(getValidUsageModes());
        if (hasObjectPermissions()) {
            for (String subject : context.getSubjects()) {
                for (String object : context.getObjects()) {
                    if (!validUsageModes.containsAll(objectPermissionsUO.get(subject).get(object))) {
                        throw new ParameterException(ErrorCode.INCONSISTENCY, "Existing object permissions are in conflict with new set of valid usage modes.");
                    }
                }
            }
        }
        this.validUsageModes.clear();
        this.validUsageModes.addAll(validUsageModes);
        acModelListenerSupport.notifyValidUsageModesChanged(oldModes, new HashSet(validUsageModes));
    }

    public boolean addActivityPermission(String subject, String activity) throws CompatibilityException {
        context.validateSubject(subject);
        context.validateActivity(activity);
        if (!activityPermissionsUT.containsKey(subject)) {
            activityPermissionsUT.put(subject, new HashList());
        }
        if (activityPermissionsUT.get(subject).add(activity)) {
            addActivityPermissionTU(activity, subject);
            acModelListenerSupport.notifyExecutionPermissionAdded(subject, activity);
            return true;
        }
        return false;
    }

    private void addActivityPermissionTU(String activity, String subject) {
        if (!activityPermissionsTU.containsKey(activity)) {
            activityPermissionsTU.put(activity, new HashList());
        }
        activityPermissionsTU.get(activity).add(subject);
    }

    public void setActivityPermission(String subject, Collection activities) throws CompatibilityException {
        context.validateSubject(subject);
        context.validateActivities(activities);
        if (activities.isEmpty()) {
            return;
        }

        if (activityPermissionsUT.containsKey(subject)) {
            Set activitiesToRemove = new HashSet();
            for (String storedActivity : activityPermissionsUT.get(subject)) {
                if (!activities.contains(storedActivity)) {
                    activitiesToRemove.add(storedActivity);
                }
            }
            for (String activity : activitiesToRemove) {
                removeActivityPermission(subject, activity);
            }
        }

        for (String activity : activities) {
            addActivityPermission(subject, activity);
        }
    }

    public void removeActivityPermissions(String subject) {
        if (!activityPermissionsUT.containsKey(subject)) {
            return;
        }
        for (String activity : activityPermissionsUT.get(subject)) {
            if (activityPermissionsTU.containsKey(activity)) {
                activityPermissionsTU.get(activity).remove(subject);
                if (activityPermissionsTU.get(activity).isEmpty()) {
                    activityPermissionsTU.remove(activity);
                }
            }
            acModelListenerSupport.notifyExecutionPermissionRemoved(subject, activity);
        }
        activityPermissionsUT.remove(subject);
    }

    public void removeActivityPermission(String subject, String activity) {
        if (!activityPermissionsUT.containsKey(subject)) {
            return;
        }
        if (activityPermissionsUT.get(subject).remove(activity)) {
            if (activityPermissionsUT.get(subject).isEmpty()) {
                activityPermissionsUT.remove(subject);
            }
            if (activityPermissionsTU.containsKey(activity)) {
                activityPermissionsTU.get(activity).remove(subject);
                if (activityPermissionsTU.get(activity).isEmpty()) {
                    activityPermissionsTU.remove(activity);
                }
            }
            acModelListenerSupport.notifyExecutionPermissionRemoved(subject, activity);
        }
    }

    public boolean addObjectPermission(String subject, String object, DataUsage... dataUsageModes) throws CompatibilityException {
        return addObjectPermission(subject, object, Arrays.asList(dataUsageModes));
    }

    public boolean addObjectPermission(String subject, String object, Collection dataUsageModes) throws CompatibilityException {
        context.validateSubject(subject);
        context.validateObject(object);
        if (!objectPermissionsUO.containsKey(subject)) {
            objectPermissionsUO.put(subject, new HashMap>());
        }
        if (!objectPermissionsUO.get(subject).containsKey(object)) {
            objectPermissionsUO.get(subject).put(object, new HashSet());
        }
        Set addedUsageModes = new HashSet();
        for (DataUsage dataUsage : dataUsageModes) {
            if (objectPermissionsUO.get(subject).get(object).add(dataUsage)) {
                addedUsageModes.add(dataUsage);
            }
        }
        if (addedUsageModes.size() > 0) {
            addObjectPermissionsOU(object, subject, addedUsageModes);
            acModelListenerSupport.notifyAccessPermissionAdded(subject, object, addedUsageModes);
            return true;
        } else {
            return false;
        }
    }

    private void addObjectPermissionsOU(String object, String subject, Collection dataUsageModes) {
        if (!objectPermissionsOU.containsKey(object)) {
            objectPermissionsOU.put(object, new HashMap>());
        }
        if (!objectPermissionsOU.get(object).containsKey(subject)) {
            objectPermissionsOU.get(object).put(subject, new HashSet());
        }
        objectPermissionsOU.get(object).get(subject).addAll(dataUsageModes);
    }

//	private void setObjectPermissionsOU(String object, String subject, Collection dataUsageModes){
//		if(!objectPermissionsOU.containsKey(object)){
//			objectPermissionsOU.put(object, new HashMap>());
//		}
//		objectPermissionsOU.get(object).put(subject, new HashSet(dataUsageModes));
//	}
    private void removeObjectPermissionsOU(String object, String subject, Collection dataUsageModes) {
        if (!objectPermissionsOU.containsKey(object)) {
            return;
        }
        if (!objectPermissionsOU.get(object).containsKey(subject)) {
            return;
        }
        Map> objectPermissions = objectPermissionsOU.get(object);
        if (objectPermissions == null) {
            return;
        }
        if (!objectPermissions.containsKey(subject)) {
            return;
        }
        Set subjectPermissions = objectPermissions.get(subject);
        if (subjectPermissions == null) {
            return;
        }
        subjectPermissions.removeAll(dataUsageModes);
        if (subjectPermissions.isEmpty()) {
            objectPermissions.remove(subject);
        }
        if (objectPermissions.isEmpty()) {
            objectPermissionsOU.remove(object);
        }
    }

    private void removeObjectPermissionsOU(String object, String subject) {
        if (!objectPermissionsOU.containsKey(object)) {
            return;
        }
        if (!objectPermissionsOU.get(object).containsKey(subject)) {
            return;
        }
        Map> objectPermissions = objectPermissionsOU.get(object);
        if (objectPermissions == null) {
            return;
        }
        objectPermissions.remove(subject);
        if (objectPermissions.isEmpty()) {
            objectPermissionsOU.remove(object);
        }
    }

    private void removeObjectPermissionsOU(String subject) {
        Set objectsToRemove = new HashSet();
        for (String object : objectPermissionsOU.keySet()) {
            objectPermissionsOU.get(object).remove(subject);
            if (objectPermissionsOU.get(object).isEmpty()) {
                objectsToRemove.add(object);
            }
        }
        for (String object : objectsToRemove) {
            objectPermissionsOU.remove(object);
        }
    }

    public void setObjectPermission(String subject, String object, DataUsage... dataUsageModes) throws CompatibilityException {
        setObjectPermission(subject, object, Arrays.asList(dataUsageModes));
    }

    public void setObjectPermission(String subject, Collection objects) throws CompatibilityException {
        for (String object : objects) {
            setObjectPermission(subject, object);
        }
    }

    public void setObjectPermission(String subject, String object) throws CompatibilityException {
        setObjectPermission(subject, object, getValidUsageModes());
    }

    public void setObjectPermission(String subject, String object, Collection dataUsageModes) throws CompatibilityException {
        context.validateSubject(subject);
        context.validateObject(object);
        validateUsageModes(dataUsageModes);
        if (!objectPermissionsUO.containsKey(subject)) {
            objectPermissionsUO.put(subject, new HashMap>());
        }

        if (!objectPermissionsUO.get(subject).containsKey(object)) {
            objectPermissionsUO.get(subject).put(object, new HashSet());
        } else {
            Set modesToRemove = new HashSet();
            for (DataUsage storedUsage : objectPermissionsUO.get(subject).get(object)) {
                if (!dataUsageModes.contains(storedUsage)) {
                    modesToRemove.add(storedUsage);
                }
            }
            removeObjectPermissions(subject, object, modesToRemove);
        }

        
        Set modesToAdd = new HashSet(dataUsageModes);
        modesToAdd.removeAll(objectPermissionsUO.get(subject).get(object));

        addObjectPermission(subject, object, modesToAdd);
//		setObjectPermissionsOU(object, subject, dataUsageModes);
    }

    public void setObjectPermission(String subject, Map> permissions) throws CompatibilityException {
        context.validateSubject(subject);
        validateObjectPermissions(permissions);
        if(permissions.isEmpty())
            return;
        if (permissions.isEmpty()) {
            return;
        }

        for (String object : permissions.keySet()) {
            setObjectPermission(subject, object, permissions.get(object));
        }
//		Set old_authorized_objects = new HashSet(getAuthorizedObjectsForSubject(subject));
//		old_authorized_objects.removeAll(permissions.keySet());
//		for(String obj: old_authorized_objects){
//			removeObjectPermissionsOU(obj, subject);
//		}
//		objectPermissionsUO.put(subject, permissions);
//		for(String object: permissions.keySet()){
//			setObjectPermissionsOU(object, subject, permissions.get(object));
//		}
    }

    public void removeObjectPermissions(String subject) {
        if (!objectPermissionsUO.containsKey(subject)) {
            return;
        }

        for (String object : objectPermissionsUO.get(subject).keySet()) {
            acModelListenerSupport.notifyAccessPermissionRemoved(subject, object, objectPermissionsUO.get(subject).get(object));
        }
        objectPermissionsUO.remove(subject);
        removeObjectPermissionsOU(subject);
    }

    public void removeObjectPermissions(String subject, String object) {
        if (!objectPermissionsUO.containsKey(subject)) {
            return;
        }
        if (objectPermissionsUO.get(subject) == null) {
            return;
        }
        if (!objectPermissionsUO.get(subject).containsKey(object)) {
            return;
        }
        Set permissions = objectPermissionsUO.get(subject).get(object);
        if (permissions == null) {
            return;
        }
        if (permissions.isEmpty()) {
            objectPermissionsUO.get(subject).remove(object);
            return;
        }
        if (objectPermissionsUO.get(subject).remove(object) != null) {
            acModelListenerSupport.notifyAccessPermissionRemoved(subject, object, permissions);
        }
        if (objectPermissionsUO.get(subject).isEmpty()) {
            objectPermissionsUO.remove(subject);
        }
        removeObjectPermissionsOU(object, subject);
    }

    public void removeObjectPermissions(String subject, String object, DataUsage... dataUsages) {
        removeObjectPermissions(subject, object, Arrays.asList(dataUsages));
    }

    public void removeObjectPermissions(String subject, String object, Collection dataUsageModes) {
        if (!objectPermissionsUO.containsKey(subject)) {
            return;
        }
        if (!objectPermissionsUO.get(subject).containsKey(object)) {
            return;
        }
        Set permissions = objectPermissionsUO.get(subject).get(object);
        permissions.removeAll(dataUsageModes);
        Set removedPermissions = new HashSet(objectPermissionsUO.get(subject).get(object));
        removedPermissions.retainAll(dataUsageModes);
        acModelListenerSupport.notifyAccessPermissionRemoved(subject, object, removedPermissions);
        if (permissions.isEmpty()) {
            objectPermissionsUO.get(subject).remove(object);
        }
        if (objectPermissionsUO.get(subject).isEmpty()) {
            objectPermissionsUO.remove(subject);
        }
        removeObjectPermissionsOU(object, subject, dataUsageModes);
    }

	//------- Inherited methods ----------------------------------------------------------
    @Override
    public boolean isAuthorizedForTransaction(String subject, String activity) throws CompatibilityException {
        context.validateSubject(subject);
        context.validateActivity(activity);
        if (!activityPermissionsUT.containsKey(subject)) {
            return false;
        }
        return activityPermissionsUT.get(subject).contains(activity);
    }

    @Override
    public boolean isAuthorizedForObject(String subject, String object) throws CompatibilityException {
        context.validateSubject(subject);
        context.validateObject(object);
        if (!objectPermissionsUO.containsKey(subject)) {
            return false;
        }
        return objectPermissionsUO.get(subject).containsKey(object);
    }

    @Override
    public boolean isAuthorizedForObject(String subject, String object, DataUsage dataUsageMode) throws CompatibilityException {
        if (!isAuthorizedForObject(subject, object)) {
            return false;
        }
        return objectPermissionsUO.get(subject).get(object).contains(dataUsageMode);
    }

    @Override
    public List getAuthorizedSubjectsForTransaction(String activity) throws CompatibilityException {
        context.validateActivity(activity);
        List authorizedSubjects = new HashList();
        if (activityPermissionsTU.containsKey(activity)) {
            authorizedSubjects.addAll(activityPermissionsTU.get(activity));
        }
        return authorizedSubjects;
    }

    @Override
    public List getAuthorizedSubjectsForObject(String object) throws CompatibilityException {
        context.validateObject(object);
        List authorizedSubjects = new HashList();
        if (objectPermissionsOU.containsKey(object)) {
            authorizedSubjects.addAll(objectPermissionsOU.get(object).keySet());
        }
        return authorizedSubjects;
    }

    @Override
    public Map> getAuthorizedSubjectsAndPermissionsForObject(String object) throws CompatibilityException {
        context.validateObject(object);
        if (objectPermissionsOU.containsKey(object)) {
            return objectPermissionsOU.get(object);
        }
        return new HashMap>();
    }

    @Override
    public Set getObjectPermissionsForSubject(String subject, String object) throws CompatibilityException {
        Set result = new HashSet();
        if (!isAuthorizedForObject(subject, object)) {
            return result;
        }
        return objectPermissionsUO.get(subject).get(object);
    }

    @Override
    public Map> getObjectPermissionsForSubject(String subject) throws CompatibilityException {
        Map> result = objectPermissionsUO.get(subject);
        if (result != null) {
            return result;
        }

        return new HashMap>();
    }

    @Override
    public Set getTransactionPermissionsForSubject(String subject) throws CompatibilityException {
        Set result = activityPermissionsUT.get(subject);
        if (result != null) {
            return result;
        }

        return new HashSet();
    }

    @Override
    public List getAuthorizedTransactionsForSubject(String subject) throws CompatibilityException {
        context.validateSubject(subject);
        List authorizedTransactions = new HashList();
        if (activityPermissionsUT.containsKey(subject)) {
            authorizedTransactions.addAll(activityPermissionsUT.get(subject));
        }
        return authorizedTransactions;
    }

    @Override
    public List getAuthorizedObjectsForSubject(String subject) throws CompatibilityException {
        context.validateSubject(subject);
        List authorizedObjects = new HashList();
        if (objectPermissionsUO.containsKey(subject)) {
            authorizedObjects.addAll(objectPermissionsUO.get(subject).keySet());
        }
        return authorizedObjects;
    }

    @Override
    public boolean hasTransactionPermissions() {
        return !activityPermissionsTU.isEmpty();
    }

    @Override
    public boolean hasObjectPermissions() {
        return !objectPermissionsOU.isEmpty();
    }

    @Override
    public ACLModelProperties getProperties() throws PropertyException {
        ACLModelProperties result = super.getProperties();
        for (String subject : context.getSubjects()) {
            result.setObjectPermission(subject, getObjectPermissionsForSubject(subject));
            result.setActivityPermission(subject, getTransactionPermissionsForSubject(subject));
        }
        return result;
    }

    @Override
    protected ACLModelProperties createNewProperties() {
        return new ACLModelProperties();
    }

    @Override
    public void subjectRemoved(String subject) {
        removeObjectPermissions(subject);
        removeActivityPermissions(subject);
    }

    @Override
    public void objectRemoved(String object) {
        Map> removedSubjectPermissions = objectPermissionsOU.remove(object);
        if (removedSubjectPermissions != null) {
            for (String subject : removedSubjectPermissions.keySet()) {
                removeObjectPermissions(subject, object);
            }
        }
    }

    @Override
    public void activityRemoved(String transaction) {
        Set removedSubjects = activityPermissionsTU.remove(transaction);
        if (removedSubjects != null) {
            for (String subject : removedSubjects) {
                removeActivityPermission(subject, transaction);
            }
        }
    }

    @Override
    public void validUsageModesChanged(AbstractACModel sender, Set oldModes, Set newModes) {
        Set removedModes = new HashSet(oldModes);
        removedModes.removeAll(newModes);
        for (String subject : context.getSubjects()) {
            for (String object : context.getObjects()) {
                removeObjectPermissions(subject, object, removedModes);
            }
        }
    }

    @Override
    public void checkContextChange(SOABase context) {
        for (String subject : activityPermissionsUT.keySet()) {
            if (!context.getSubjects().contains(subject)) {
                throw new ParameterException("ACModel contains " + context.getActivityDescriptorSingular() + " permissions for " + context.getSubjectDescriptorSingular() + " " + subject);
            }
        }
        for (String subject : objectPermissionsUO.keySet()) {
            if (!context.getSubjects().contains(subject)) {
                throw new ParameterException("ACModel contains " + context.getObjectDescriptorSingular() + " permissions for " + context.getSubjectDescriptorSingular() + " " + subject);
            }
        }
        for (String object : objectPermissionsOU.keySet()) {
            if (!context.containsObject(object)) {
                throw new ParameterException("ACModel contains permissions for " + context.getObjectDescriptorSingular() + " " + object);
            }
        }
        for (String activity : activityPermissionsTU.keySet()) {
            if (!context.containsActivity(activity)) {
                throw new ParameterException("ACModel contains permissions for " + context.getActivityDescriptorSingular() + " " + activity);
            }
        }
    }

    @Override
    protected void contextChangeProcedure() {
    }

    @Override
    public void nameChanged(String oldName, String newName) {
    }

    @Override
    public ACLModel clone() {
        try {
            return new ACLModel(getProperties(), getContext());
        } catch (PropertyException e) {
            return null;
        }
    }

    @Override
    public void takeoverValues(AbstractACModel other) throws Exception {
        resetPermissions();
        initialize(other.getProperties());
    }

    @Override
    public void resetPermissions() {
        activityPermissionsTU.clear();
        activityPermissionsUT.clear();
        objectPermissionsOU.clear();
        objectPermissionsUO.clear();
    }

//	public static void main(String[] args) throws Exception {
//		ProcessContext c = new ProcessContext("Context");
//		c.setSubjects(Arrays.asList("U1","U2","U3","U4"));
//		c.setObjects(Arrays.asList("O1","O2","O3","O4"));
//		c.setActivities(Arrays.asList("T1","T2","T3","T4"));
//                
//		
//		ACLModel acl = new ACLModel("acl1", c);
//		acl.setActivityPermission("U1", Arrays.asList("T1","T2"));
//		acl.setActivityPermission("U2", Arrays.asList("T3","T2"));
//		acl.addObjectPermission("U1", "O2", DataUsage.CREATE, DataUsage.READ);
//		acl.addObjectPermission("U2", "O3", DataUsage.WRITE, DataUsage.READ);
//		acl.addObjectPermission("U2", "O4", DataUsage.CREATE, DataUsage.DELETE);
//		System.out.println(acl);
//                
//                c.setACModel(acl);
//                c.getProperties().store("/Users/stocker/Desktop/Context");
//		
//		ACLModelProperties props = acl.getProperties();
//		props.store("/Users/stocker/Desktop/acl1");
//		
//		ACLModelProperties props2 = new ACLModelProperties();
//		props2.load("/Users/stocker/Desktop/acl1");
////		System.out.println(new ACLModel(props));
////		acl.removeObject("O2");
////		System.out.println(acl);
//		
//	}
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy