at.spardat.xma.session.XMASession Maven / Gradle / Ivy
/*******************************************************************************
* Copyright (c) 2003, 2007 s IT Solutions AT Spardat GmbH .
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
* http://www.eclipse.org/legal/epl-v10.html
*
* Contributors:
* s IT Solutions AT Spardat GmbH - initial API and implementation
*******************************************************************************/
// @(#) $Id: XMASession.java 3240 2009-03-03 16:10:56Z gub $
package at.spardat.xma.session;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.StringTokenizer;
import java.util.TreeMap;
import java.util.zip.CRC32;
import javax.security.auth.Subject;
import at.spardat.enterprise.exc.SysException;
import at.spardat.xma.mdl.NewModelEventFactory;
import at.spardat.xma.plugins.PluginManager;
import at.spardat.xma.security.Authorisation;
import at.spardat.xma.security.XMAContext;
/**
* A XMASession is an execution context for Components.
*
* @author YSD, 13.05.2003 11:22:07
*/
public abstract class XMASession {
private static Map permissions;
private NewModelEventFactory newModelEventFactory;
/**
* Constructor.
*/
public XMASession () {
loadPermissions();
}
/**
* Returns the execution context of this session.
* This contains to the authenticated user,
* the mandant and the environment.
*
* @return context never null.
*/
abstract public XMAContext getContext ();
/**
* Returns the subject as supplied by the JAAS conforming login module.
* @return the subject provided by the login module.
*/
abstract public Subject getSubject();
/**
* Returns the PluginManager that must be used to retrieve client
* side plugin implementations.
*
* @return a PluginManagerClient that is never null.
*/
abstract public PluginManager getPluginManager();
/**
* private class used to implement the tree structure of the permissions
*/
static private class Perm {
List perm;
Map subPerm;
}
/**
* Loads the authorisation properties into the internal Map permissions.
*
*/
private static synchronized void loadPermissions() {
if (permissions == null) {
permissions = new HashMap();
Properties props = new Properties();
Properties mapping = new Properties();
try {
InputStream in = XMASession.class.getClassLoader().getResourceAsStream("at/spardat/xma/security/Authorisation.properties");
if(in==null) throw new SysException("property file at/spardat/xma/security/Authorisation.properties not found");
props.load(in);
} catch (IOException e) {
throw new SysException(e,"error reading at/spardat/xma/security/Authorisation.properties");
}
try {
InputStream in = XMASession.class.getClassLoader().getResourceAsStream("at/spardat/xma/security/AuthorisationMapping.properties");
if(in==null) throw new SysException("property file at/spardat/xma/security/AuthorisationMapping.properties not found");
mapping.load(in);
} catch (IOException e) {
throw new SysException(e,"error reading at/spardat/xma/security/AuthorisationMapping.properties");
}
for(Iterator it=props.keySet().iterator();it.hasNext();) {
String key = (String)it.next();
Map map = permissions;
for(StringTokenizer tok = new StringTokenizer(key,"/");tok.hasMoreTokens();) {
String part = tok.nextToken();
Perm perm = (Perm)map.get(part);
if (perm==null) {
perm = new Perm();
map.put(part,perm);
}
if(tok.hasMoreTokens()) {
if(perm.subPerm==null) {
perm.subPerm = new TreeMap();
}
map=perm.subPerm;
} else {
perm.perm=new ArrayList();
for(StringTokenizer optok = new StringTokenizer(props.getProperty(key),", \t");optok.hasMoreTokens();) {
String appspec=optok.nextToken();
String pluginspec=mapping.getProperty(appspec);
if(pluginspec==null) {
throw new SysException("mapping of permission code '"+appspec+"' missing in at/spardat/xma/security/AuthorisationMapping.properties");
}
perm.perm.add(pluginspec.trim());
}
}
}
}
}
}
/**
* Checks if the logged in user is allowed to perform the given operation.
* The operation can be hierachicaly structured;
* e.g.: <component>/<page>/<event>
* and permissions can be defined at each level. If nothing is defined for
* an event, the permissions for the page are used. If nothing is defined for
* the page the permissions of the component are used. If nothing is defined for
* the component the permissions of the application are used.
* The permissions are defined in the property-file
* at/spardat/xma/security/Authorisation.properties
* which must be in the classpath. The special property <default>
* is used for the application permission.
* The mapping of this permissions to the securitycodes used by the authorisation plugin
* and the underlaying authorisation system of the installation are defined ing the property-file
* at/spardat/xma/security/Authorisation.properties
* which must be in the classpath, too.
*
* @param operation the operation to check
* @return true if the logged in user is allowed to perform the given operation, false otherwise.
*/
public boolean checkPermission(String operation) {
Map map = permissions;
List mappedOperation = null;
for(StringTokenizer tok = new StringTokenizer(operation,"/");tok.hasMoreTokens();) {
String part = tok.nextToken();
Perm perm = (Perm)map.get(part);
if(perm==null) break;
else {
if(perm.perm!=null) mappedOperation = perm.perm;
if(perm.subPerm==null) break;
else map = perm.subPerm;
}
}
if(mappedOperation==null) {
Perm defperm = (Perm)permissions.get("");
if(defperm!=null) mappedOperation=defperm.perm;
else return false;
}
Authorisation autho = (Authorisation)getPluginManager().getPlugin(Authorisation.class);
for(Iterator it = mappedOperation.iterator();it.hasNext();) {
if(autho.isAuthorized(getSubject(),(String)it.next())) return true;
}
return false;
}
/**
* Application Hash-Code built from application descriptors.
*
* @return Application Version Hash-Code
*/
public abstract byte[] getApplicationVersion();
/**
* Returns a 32-bit hash of the application version.
*/
public int getApplicationVersionShort () {
CRC32 c32 = new CRC32();
c32.update(getApplicationVersion());
return (int)c32.getValue();
}
/**
* Returns true if this session is in the server JVM.
*/
public abstract boolean isAtServer ();
/**
* Returns the used NewModelEventFactory. The NewModelEventFactory can be
* configured by an optional plugin implementing at.spardat.xma.mdl.NewModelEventFactory.
* If no such plugin is declared in xma-app.xml, an instance of NewModelEventFactory is
* used directly.
* @since 2.1.0
*/
public NewModelEventFactory getNewModelEventFactory() {
if(newModelEventFactory==null) {
if(getPluginManager().isPluginDeclared(NewModelEventFactory.class)) {
newModelEventFactory=(NewModelEventFactory) getPluginManager().getPlugin(NewModelEventFactory.class);
} else {
newModelEventFactory=new NewModelEventFactory();
}
}
return newModelEventFactory;
}
}