Author: dimuthul
Date: Wed Jan 16 21:21:31 2008
New Revision: 12368
Log:
Adding mashup requirements.
Modified:
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/ACLAccessControlAdmin.java
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/ACLAuthorizer.java
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/ACLUserStoreAdmin.java
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/ACLUserStoreReader.java
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/AuthorizingRealm.java
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/AuthorizingRealmConfig.java
Modified:
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/ACLAccessControlAdmin.java
==============================================================================
---
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/ACLAccessControlAdmin.java
(original)
+++
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/ACLAccessControlAdmin.java
Wed Jan 16 21:21:31 2008
@@ -7,6 +7,7 @@
/**
* Maniputes access control data in the user store
+ * Cannot change admin privileges through this interface
*/
public class ACLAccessControlAdmin extends ACLAuthorizer implements
AccessControlAdmin {
@@ -14,7 +15,7 @@
private AccessControlAdmin admin = null;
-
+
public ACLAccessControlAdmin(Authorizer athzr, AccessControlAdmin admin,
AuthorizingRealmConfig authConfig) {
super(athzr, authConfig);
@@ -24,12 +25,7 @@
public void authorizeUser(String userName, String resourceId, String
action)
throws UserManagerException {
- if (!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
resourceId,
- UserManagerConstants.AUTHORIZE)) {
-
- throw new UnauthorizedException("unAuthorized", new String[] {
- UserManagerConstants.AUTHORIZE, UserManagerConstants.ADD
});
- }
+ doAuthorizationToAuthorize();
admin.authorizeUser(userName, resourceId, action);
}
@@ -39,12 +35,7 @@
*/
public void denyUser(String userName, String resourceId, String action)
throws UserManagerException {
- if (!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
resourceId,
- UserManagerConstants.AUTHORIZE)) {
-
- throw new UnauthorizedException("unAuthorized", new String[] {
- UserManagerConstants.AUTHORIZE, UserManagerConstants.ADD
});
- }
+ doAuthorizationToAuthorize();
admin.denyUser(userName, resourceId, action);
}
@@ -53,12 +44,7 @@
*/
public void authorizeRole(String roleName, String resourceId, String
action)
throws UserManagerException {
- if (!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
resourceId,
- UserManagerConstants.AUTHORIZE)) {
-
- throw new UnauthorizedException("unAuthorized", new String[] {
- UserManagerConstants.AUTHORIZE, UserManagerConstants.ADD
});
- }
+ doAuthorizationToAuthorize();
admin.authorizeRole(roleName, resourceId, action);
}
@@ -67,12 +53,7 @@
*/
public void denyRole(String roleName, String resourceId, String action)
throws UserManagerException {
- if (!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
resourceId,
- UserManagerConstants.AUTHORIZE)) {
-
- throw new UnauthorizedException("unAuthorized", new String[] {
- UserManagerConstants.AUTHORIZE, UserManagerConstants.ADD
});
- }
+ doAuthorizationToAuthorize();
admin.denyRole(roleName, resourceId, action);
}
@@ -81,12 +62,7 @@
*/
public void clearUserAuthorization(String userName, String resourceId,
String action) throws UserManagerException {
- if (!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
resourceId,
- UserManagerConstants.AUTHORIZE)) {
-
- throw new UnauthorizedException("unAuthorized", new String[] {
- UserManagerConstants.AUTHORIZE,
UserManagerConstants.DELETE });
- }
+ doAuthorizationToAuthorize();
admin.clearUserAuthorization(userName, resourceId, action);
}
@@ -95,12 +71,7 @@
*/
public void clearRoleAuthorization(String roleName, String resourceId,
String action) throws UserManagerException {
- if (!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
resourceId,
- UserManagerConstants.AUTHORIZE)) {
-
- throw new UnauthorizedException("unAuthorized", new String[] {
- UserManagerConstants.AUTHORIZE,
UserManagerConstants.DELETE });
- }
+ doAuthorizationToAuthorize();
admin.clearRoleAuthorization(roleName, resourceId, action);
}
@@ -109,12 +80,7 @@
*/
public void clearResourceAuthorizations(String resourceId)
throws UserManagerException {
- if (!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
resourceId,
- UserManagerConstants.DELETE)) {
-
- throw new UnauthorizedException("unAuthorized", new String[] {
- UserManagerConstants.AUTHORIZE,
UserManagerConstants.DELETE });
- }
+ doAuthorizationToAuthorize();
admin.clearResourceAuthorizations(resourceId);
}
@@ -123,12 +89,19 @@
*/
public void copyAuthorizations(String fromResourceId, String toResourceId)
throws UserManagerException {
- if (!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
toResourceId,
- UserManagerConstants.AUTHORIZE)) {
-
+ doAuthorizationToAuthorize();
+ admin.copyAuthorizations(fromResourceId, toResourceId);
+ }
+
+ protected void doAuthorizationToAuthorize() throws UserManagerException {
+
+ if(config.isEnableAdminBehavior() && isAdmin){
+ //do nothing user is authenticated
+ }else if
(!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
+ UserManagerConstants.USER_RESOURCE,
UserManagerConstants.READ)) {
throw new UnauthorizedException("unAuthorized", new String[] {
- UserManagerConstants.AUTHORIZE, UserManagerConstants.ADD
});
+ UserManagerConstants.USER_RESOURCE,
+ UserManagerConstants.READ });
}
- admin.copyAuthorizations(fromResourceId, toResourceId);
}
}
Modified:
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/ACLAuthorizer.java
==============================================================================
---
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/ACLAuthorizer.java
(original)
+++
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/ACLAuthorizer.java
Wed Jan 16 21:21:31 2008
@@ -8,10 +8,16 @@
private Authorizer authorizer = null;
protected AuthorizingRealmConfig config = null;
+
+ protected boolean isAdmin = false;
public ACLAuthorizer(Authorizer athzr, AuthorizingRealmConfig authConfig) {
this.authorizer = athzr;
config = authConfig;
+ if(config.isEnableAdminBehavior() &&
+
ACLAdminChecker.isAdminUser(config.getAuthenticatedUserName())){
+ isAdmin =true;
+ }
}
public String[] getAllowedRolesForResource(String resourceId,
Modified:
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/ACLUserStoreAdmin.java
==============================================================================
---
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/ACLUserStoreAdmin.java
(original)
+++
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/ACLUserStoreAdmin.java
Wed Jan 16 21:21:31 2008
@@ -29,7 +29,9 @@
*/
public void addUser(String userName, Object credential)
throws UserManagerException {
- if (!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
+ if(config.isEnableAdminBehavior() && isAdmin){
+ //authorized
+ } else if
(!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
UserManagerConstants.USER_RESOURCE, UserManagerConstants.ADD))
{
throw new UnauthorizedException("unAuthorized", new String[] {
@@ -45,7 +47,9 @@
public void updateUser(String userName, Object newCredential,
Object oldCredential) throws UserManagerException {
- if (!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
+ if(config.isEnableAdminBehavior() && isAdmin){
+ //authorized
+ } else if
(!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
UserManagerConstants.USER_RESOURCE,
UserManagerConstants.EDIT)) {
throw new UnauthorizedException("unAuthorized", new String[] {
@@ -57,7 +61,9 @@
public void updateUser(String userName, Object newCredential)
throws UserManagerException {
- if (!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
+ if(config.isEnableAdminBehavior() && isAdmin){
+ //authorized
+ } else if
(!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
UserManagerConstants.USER_RESOURCE,
UserManagerConstants.EDIT)) {
throw new UnauthorizedException("unAuthorized", new String[] {
@@ -71,7 +77,17 @@
* Delete user from user store
*/
public void deleteUser(String userName) throws UserManagerException {
- if (!authorizer
+ if(config.getAuthenticatedUserName().equals(userName)){
+ return;
+ }else if(ACLAdminChecker.isAdminUser(userName)){
+ /*
+ TODO : is there a requirement to delete the user
+ if the caller is a Admin
+ */
+ return;
+ }else if(config.isEnableAdminBehavior() && isAdmin){
+ //authorized
+ } else if (!authorizer
.isUserAuthorized(config.getAuthenticatedUserName(),
UserManagerConstants.USER_RESOURCE,
UserManagerConstants.DELETE)) {
@@ -87,7 +103,9 @@
*/
public void setUserProperties(String userName, Map properties)
throws UserManagerException {
- if(config.getAuthenticatedUserName().equals(userName) &&
+ if(config.isEnableAdminBehavior() && isAdmin){
+ //authorized
+ } else if(config.getAuthenticatedUserName().equals(userName) &&
config.isCurrentUserEditable()){
//do nothing - authorized
}else if
(!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
@@ -104,7 +122,9 @@
* Add role to user store
*/
public void addRole(String roleName) throws UserManagerException {
- if (!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
+ if(config.isEnableAdminBehavior() && isAdmin){
+ //authorized
+ } else if
(!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
UserManagerConstants.ROLE_RESOURCE, UserManagerConstants.ADD))
{
throw new UnauthorizedException("unAuthorized", new String[] {
@@ -118,7 +138,11 @@
* Delete role from user store
*/
public void deleteRole(String roleName) throws UserManagerException {
- if (!authorizer
+ if(config.getAdminRoleName().equals(roleName)){
+ return;
+ }else if(config.isEnableAdminBehavior() && isAdmin){
+ //authorized
+ } else if (!authorizer
.isUserAuthorized(config.getAuthenticatedUserName(),
UserManagerConstants.ROLE_RESOURCE,
UserManagerConstants.DELETE)) {
@@ -135,7 +159,11 @@
*/
public void setRoleProperties(String roleName, Map properties)
throws UserManagerException {
- if (!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
+ if(config.getAdminRoleName().equals(roleName)){
+ return;
+ }else if(config.isEnableAdminBehavior() && isAdmin){
+ //authorized
+ } else if
(!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
UserManagerConstants.ROLE_RESOURCE,
UserManagerConstants.EDIT)) {
throw new UnauthorizedException("unAuthorized", new String[] {
@@ -150,7 +178,15 @@
*/
public void addUserToRole(String userName, String roleName)
throws UserManagerException {
- if (!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
+ if(config.getAdminRoleName().equals(roleName)){
+ /*
+ TODO : is there a requirement to perform this action
+ if the caller is a Admin
+ */
+ return;
+ }else if(config.isEnableAdminBehavior() && isAdmin){
+ //authorized
+ } else if
(!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
UserManagerConstants.ROLE_RESOURCE, UserManagerConstants.ADD))
{
throw new UnauthorizedException("unAuthorized", new String[] {
@@ -165,7 +201,15 @@
*/
public void removeUserFromRole(String userName, String roleName)
throws UserManagerException {
- if (!authorizer
+ if(config.getAdminRoleName().equals(roleName)){
+ /*
+ TODO : is there a requirement to perform this action
+ if the caller is a Admin
+ */
+ return;
+ }else if(config.isEnableAdminBehavior() && isAdmin){
+ //authorized
+ } else if (!authorizer
.isUserAuthorized(config.getAuthenticatedUserName(),
UserManagerConstants.ROLE_RESOURCE,
UserManagerConstants.DELETE)) {
Modified:
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/ACLUserStoreReader.java
==============================================================================
---
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/ACLUserStoreReader.java
(original)
+++
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/ACLUserStoreReader.java
Wed Jan 16 21:21:31 2008
@@ -15,11 +15,19 @@
protected AuthorizingRealmConfig config = null;
+ protected boolean isAdmin = false;
+
public ACLUserStoreReader(Authorizer athzr, UserStoreReader reader,
AuthorizingRealmConfig authConfig) {
this.authorizer = athzr;
this.config = authConfig;
this.usReader = reader;
+
+ if(config.isEnableAdminBehavior() &&
+
ACLAdminChecker.isAdminUser(config.getAuthenticatedUserName())){
+ isAdmin =true;
+ }
+
}
public String[] getAllUserNames() throws UserManagerException {
@@ -75,7 +83,10 @@
}
protected void doAuthorizationToReadRole() throws UserManagerException {
- if (!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
+
+ if(config.isEnableAdminBehavior() && isAdmin){
+ //do nothing user is authenticated
+ }else if
(!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
UserManagerConstants.ROLE_RESOURCE,
UserManagerConstants.READ)) {
throw new UnauthorizedException("unAuthorized", new String[] {
UserManagerConstants.ROLE_RESOURCE,
@@ -84,7 +95,10 @@
}
protected void doAuthorizationToReadUser() throws UserManagerException {
- if (!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
+
+ if(config.isEnableAdminBehavior() && isAdmin){
+ //do nothing user is authenticated
+ }else if
(!authorizer.isUserAuthorized(config.getAuthenticatedUserName(),
UserManagerConstants.USER_RESOURCE,
UserManagerConstants.READ)) {
throw new UnauthorizedException("unAuthorized", new String[] {
UserManagerConstants.USER_RESOURCE,
Modified:
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/AuthorizingRealm.java
==============================================================================
---
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/AuthorizingRealm.java
(original)
+++
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/AuthorizingRealm.java
Wed Jan 16 21:21:31 2008
@@ -95,7 +95,7 @@
this.authenticator = realm.getAuthenticator();
this.authorizer = new ACLAuthorizer(authorizer, config);
-
+
if (realm.getAccessControlAdmin() != null) {
this.aclAdmin = new ACLAccessControlAdmin(authorizer, realm
.getAccessControlAdmin(), config);
@@ -109,6 +109,11 @@
if (realm.getUserStoreReader() != null) {
this.usReader = new ACLUserStoreReader(authorizer, realm
.getUserStoreReader(), config);
+ if(config.isEnableAdminBehavior()){
+ ACLAdminChecker.loadAdminUsers(config.getAdminRoleName(),
realm);
+ }
+
+
}
}
Modified:
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/AuthorizingRealmConfig.java
==============================================================================
---
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/AuthorizingRealmConfig.java
(original)
+++
trunk/commons/usermanager/modules/core/src/main/java/org/wso2/usermanager/acl/realm/AuthorizingRealmConfig.java
Wed Jan 16 21:21:31 2008
@@ -2,6 +2,10 @@
import org.wso2.usermanager.Realm;
+/**
+ * @author muthulee
+ *
+ */
public class AuthorizingRealmConfig {
private Realm realm = null;
@@ -10,11 +14,12 @@
private String adminRoleName = null;
-
private boolean isCurrentUserReadable = false;
private boolean isCurrentUserEditable = false;
+ private boolean enableAdminBehavior = false;
+
public AuthorizingRealmConfig() {
}
@@ -45,33 +50,29 @@
* i.e. isUserAuthorized() method will return true to every
resource/action.
* Admin role users can be edited/deleted and read by other admin role
users only.
* @param adminRoleName
- * @param isRemovable
*/
public void setAdminRoleName(String adminRoleName) {
this.adminRoleName = adminRoleName;
}
- /**
- * Current user permission on himself when editing/reading data
- * @param readable - Let current user read his properties
- * @param editable - Let current user edit his properties/password
- */
-
-
public String getAdminRoleName() {
return adminRoleName;
}
+ /**
+ * Current user permission on himself when reading data
+ */
public boolean isCurrentUserReadable() {
return isCurrentUserReadable;
}
-
+
+ /**
+ * Current user permission on himself when editing data
+ */
public boolean isCurrentUserEditable() {
return isCurrentUserEditable;
}
-
-
public void setCurrentUserReadable(boolean isCurrentUserReadable) {
this.isCurrentUserReadable = isCurrentUserReadable;
}
@@ -80,8 +81,11 @@
this.isCurrentUserEditable = isCurrentUserEditable;
}
-
-
-
+ public boolean isEnableAdminBehavior() {
+ return enableAdminBehavior;
+ }
+ public void setEnableAdminBehavior(boolean enableAdminBehavior) {
+ this.enableAdminBehavior = enableAdminBehavior;
+ }
}
_______________________________________________
Commons-dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/commons-dev
