Hi,
I have to add some operations in authorization TreeNode.java class to set
SQS permissions.
Following is the svn diff.
Index: src/main/java/org/wso2/carbon/user/core/authorization/TreeNode.java
===================================================================
--- src/main/java/org/wso2/carbon/user/core/authorization/TreeNode.java
(revision 87092)
+++ src/main/java/org/wso2/carbon/user/core/authorization/TreeNode.java
(working copy)
@@ -28,28 +28,43 @@
* A node in the Tree structure used to maintain hierarchical security
permissions. The growth
* of the tree is on the order of explicit permission statements, and not
on the number of
* resources whose permissions are maintained.
- *
*/
public class TreeNode {
- public static enum Permission { GET, ADD, DELETE, EDIT, LOGIN,
MAN_CONFIG, MAN_LC_CONFIG, MAN_SEC, UP_SERV,
- MAN_SERV, MAN_MEDIA, MON_SYS, DEL_ID, AUTHORIZE, INV_SER,
UI_EXECUTE, SUBSCRIBE, PUBLISH, CONSUME, BROWSE}
+ public static enum Permission {
+ GET, ADD, DELETE, EDIT, LOGIN, MAN_CONFIG, MAN_LC_CONFIG, MAN_SEC,
UP_SERV,
+ MAN_SERV, MAN_MEDIA, MON_SYS, DEL_ID, AUTHORIZE, INV_SER,
UI_EXECUTE, SUBSCRIBE, PUBLISH, CONSUME, BROWSE,
+ SQS_SEND_MESSAGE, SQS_RECEIVE_MESSAGE, SQS_DELETE_MESSAGE,
SQS_CHANGE_MESSAGE_VISIBILITY, SQS_GET_QUEUE_ATTRIBUTES
+ }
- /** The name of the node - For the Registry, this would be the name of
a Collection/Rsource */
+ /**
+ * The name of the node - For the Registry, this would be the name of a
Collection/Rsource
+ */
private String name;
- /** The children of this node - maintained on a Map by the names */
+ /**
+ * The children of this node - maintained on a Map by the names
+ */
private Map<String, TreeNode> children = new HashMap<String,
TreeNode>();
- /** Explicit allow permission for specific users */
+ /**
+ * Explicit allow permission for specific users
+ */
private Map<String, BitSet> userAllowPermissions = new HashMap<String,
BitSet>();
- /** Explicit deny permission for specific users */
- private Map<String, BitSet> userDenyPermissions = new HashMap<String,
BitSet>();
- /** Explicit allow permission for specific roles */
+ /**
+ * Explicit deny permission for specific users
+ */
+ private Map<String, BitSet> userDenyPermissions = new HashMap<String,
BitSet>();
+ /**
+ * Explicit allow permission for specific roles
+ */
private Map<String, BitSet> roleAllowPermissions = new HashMap<String,
BitSet>();
- /** Explicit deny permission for specific roles */
- private Map<String, BitSet> roleDenyPermissions = new HashMap<String,
BitSet>();
+ /**
+ * Explicit deny permission for specific roles
+ */
+ private Map<String, BitSet> roleDenyPermissions = new HashMap<String,
BitSet>();
/**
* Constructor
+ *
* @param name the name of the TreeNode
*/
TreeNode(String name) {
@@ -58,6 +73,7 @@
/**
* Get the child by the given name
+ *
* @param name name of the child node
* @return the child with the given name, or null
*/
@@ -67,8 +83,9 @@
/**
* Is the 'user' authorized for the given permission p on this node?
+ *
* @param user the name of the user
- * @param p the permission
+ * @param p the permission
* @return Boolean.TRUE if authorized, Boolean.FALSE if not
*/
public Boolean isUserAuthorized(String user, Permission p) {
@@ -81,14 +98,15 @@
} else if (bsAlow != null && bsAlow.get(p.ordinal())) {
return Boolean.TRUE;
}
-
+
return null;
}
/**
* Is the 'role' authorized for the given permission p on this node?
+ *
* @param role the name of the role
- * @param p the permission
+ * @param p the permission
* @return Boolean.TRUE if authorized, Boolean.FALSE if not
*/
public Boolean isRoleAuthorized(String role, Permission p) {
@@ -107,8 +125,9 @@
/**
* Grant explicit authorization to the 'user' on this node for
permission p
+ *
* @param user the user who is granted authorization
- * @param p the permission granted
+ * @param p the permission granted
*/
public void authorizeUser(String user, Permission p) {
BitSet bsAllow = userAllowPermissions.get(user);
@@ -128,8 +147,9 @@
/**
* Grant explicit authorization to the 'role' on this node for
permission p
+ *
* @param role the role that is granted authorization
- * @param p the permission granted
+ * @param p the permission granted
*/
public void authorizeRole(String role, Permission p) {
BitSet bsAllow = roleAllowPermissions.get(role);
@@ -149,8 +169,9 @@
/**
* Deny explicit authorization to the 'user' on this node for
permission p
+ *
* @param user the user that is denied authorization
- * @param p the permission denied
+ * @param p the permission denied
*/
public void denyUser(String user, Permission p) {
BitSet bsDeny = userDenyPermissions.get(user);
@@ -170,8 +191,9 @@
/**
* Deny explicit authorization to the 'role' on this node for
permission p
+ *
* @param role the role that is denied authorization
- * @param p the permission denied
+ * @param p the permission denied
*/
public void denyRole(String role, Permission p) {
BitSet bsDeny = roleDenyPermissions.get(role);
@@ -191,6 +213,7 @@
/**
* Create the tree structure for the given paths array of nodes
+ *
* @param paths an array of hierarchical nodes to be created, in-order
* @return the reference to the lowest decendent created
*/
@@ -212,6 +235,7 @@
/**
* The name of the node
+ *
* @return node name
*/
public String getName() {
@@ -220,6 +244,7 @@
/**
* The children of the node as a Map keyed by the name
+ *
* @return the children as a Map
*/
public Map<String, TreeNode> getChildren() {
@@ -227,6 +252,7 @@
}
//-------- getters --------
+
public Map<String, BitSet> getUserAllowPermissions() {
return userAllowPermissions;
}
@@ -255,7 +281,7 @@
Map<String, TreeNode> children = this.getChildren();
if (null != children) {
- for (Map.Entry<String, TreeNode> entry : children.entrySet()){
+ for (Map.Entry<String, TreeNode> entry : children.entrySet()) {
TreeNode node = entry.getValue();
if (null != node) {
node.clearNodes();
@@ -266,7 +292,7 @@
}
}
- public int hashCode () {
+ public int hashCode() {
int hash = 7;
hash = 31 * hash + (null == this.name ? 0 : this.name.hashCode());
hash = 31 * hash + (null == this.children ? 0 :
this.children.hashCode());
@@ -276,6 +302,6 @@
hash = 31 * hash + (null == this.roleDenyPermissions ? 0 :
this.roleDenyPermissions.hashCode());
hash = 31 * hash + (null == this.roleDenyPermissions ? 0 :
this.roleDenyPermissions.hashCode());
return hash;
- }
+ }
}
Index:
src/main/java/org/wso2/carbon/user/core/authorization/PermissionTreeUtil.java
===================================================================
---
src/main/java/org/wso2/carbon/user/core/authorization/PermissionTreeUtil.java
(revision 87092)
+++
src/main/java/org/wso2/carbon/user/core/authorization/PermissionTreeUtil.java
(working copy)
@@ -99,6 +99,16 @@
return TreeNode.Permission.BROWSE;
} else if ("consume".equals(action)) {
return TreeNode.Permission.CONSUME;
+ }else if ("SendMessage".equals(action)) {
+ return TreeNode.Permission.SQS_SEND_MESSAGE;
+ }else if ("ReceiveMessage".equals(action)) {
+ return TreeNode.Permission.SQS_RECEIVE_MESSAGE;
+ }else if ("DeleteMessage".equals(action)) {
+ return TreeNode.Permission.SQS_DELETE_MESSAGE;
+ }else if ("ChangeMessageVisibility".equals(action)) {
+ return TreeNode.Permission.SQS_CHANGE_MESSAGE_VISIBILITY;
+ }else if ("GetQueueAttributes".equals(action)) {
+ return TreeNode.Permission.SQS_GET_QUEUE_ATTRIBUTES;
}
throw new IllegalArgumentException("Invalid action : " + action);
May I commit these changes to carbon user core module?
Thank you.
--
Manjula Rathnayaka
Software Engineer
WSO2, Inc.
Mobile:+94 77 743 1987
_______________________________________________
Carbon-dev mailing list
[email protected]
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
