Hi, ftpserver-dev,
By this patch I want to introduce FileSystemSecurityManager component. It should check all file permissions, and it should be the single place to check all rights.
The reason to introduce so many methods (instead of original hasRead, hasWrite, hasDelete) is some application that requires different rights to, for example, creating files and creating directories.
--
Sergey Vladimirov
Index: C:/Vladimirov/workspace/ftpserver/src/java/org/apache/ftpserver/interfaces/FileSystemSecurityManager.java =================================================================== --- C:/Vladimirov/workspace/ftpserver/src/java/org/apache/ftpserver/interfaces/FileSystemSecurityManager.java (revision 0) +++ C:/Vladimirov/workspace/ftpserver/src/java/org/apache/ftpserver/interfaces/FileSystemSecurityManager.java (revision 0) @@ -0,0 +1,82 @@ +/* + * Copyright 2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.ftpserver.interfaces; + +import org.apache.ftpserver.ftplet.FileObject; +import org.apache.ftpserver.ftplet.FtpException; +import org.apache.ftpserver.ftplet.User; + +/** + * This security manager interface checks all ftp-related operations. + * + * @author <a href="mailto:[EMAIL PROTECTED]">Sergey Vladimirov</a> + */ +public interface FileSystemSecurityManager { + + /** + * Has user rights to append file permission? + */ + boolean hasAppendFilePermission(User user, FileObject fileObject) + throws FtpException; + + /** + * Has user rights to delete permission? + */ + boolean hasDeleteFilePermission(User user, FileObject fileObject) + throws FtpException; + + /** + * Has user rights to listing directory permission? + */ + boolean hasListingDirPermission(User user, FileObject fileObject) + throws FtpException; + + /** + * Has user rights to listing file permission? + */ + boolean hasListingFilePermission(User user, FileObject fileObject) + throws FtpException; + + /** + * Has user rights to create directory permission? + */ + boolean hasMakeDirPermission(User user, FileObject dirObject) + throws FtpException; + + /** + * Has user rights to read file permission? + */ + boolean hasReadFilePermission(User user, FileObject fileObject) + throws FtpException; + + /** + * Has user rights to delete directory permission? + */ + boolean hasRemoveDirPermission(User user, FileObject dirObject) + throws FtpException; + + /** + * Has user rights to rename directory permission? + */ + boolean hasRenamePermission(User user, FileObject sourceFileObject, + FileObject targetFileObject) throws FtpException; + + /** + * Has user rights to write file permission? + */ + boolean hasWriteFilePermission(User user, FileObject fileObject) + throws FtpException; +} Index: C:/Vladimirov/workspace/ftpserver/src/java/org/apache/ftpserver/filesystem/OSVirualFileSystemManager.java =================================================================== --- C:/Vladimirov/workspace/ftpserver/src/java/org/apache/ftpserver/filesystem/OSVirualFileSystemManager.java (revision 405674) +++ C:/Vladimirov/workspace/ftpserver/src/java/org/apache/ftpserver/filesystem/OSVirualFileSystemManager.java (working copy) @@ -25,6 +25,7 @@ import org.apache.ftpserver.ftplet.FileSystemView; import org.apache.ftpserver.ftplet.FtpException; import org.apache.ftpserver.ftplet.User; +import org.apache.ftpserver.interfaces.FileSystemSecurityManager; /** * This is a operating system based virtual root file system manager. @@ -81,5 +82,9 @@ OSVirualFileSystemView fsView = new OSVirualFileSystemView(user, logFactory); return fsView; - } + } + + public FileSystemSecurityManager getFileSystemSecurityManager() { + return TempFileSystemSecurityManager.INSTANCE; + } } Index: C:/Vladimirov/workspace/ftpserver/src/java/org/apache/ftpserver/filesystem/NativeFileSystemManager.java =================================================================== --- C:/Vladimirov/workspace/ftpserver/src/java/org/apache/ftpserver/filesystem/NativeFileSystemManager.java (revision 405674) +++ C:/Vladimirov/workspace/ftpserver/src/java/org/apache/ftpserver/filesystem/NativeFileSystemManager.java (working copy) @@ -25,6 +25,7 @@ import org.apache.ftpserver.ftplet.FileSystemView; import org.apache.ftpserver.ftplet.FtpException; import org.apache.ftpserver.ftplet.User; +import org.apache.ftpserver.interfaces.FileSystemSecurityManager; /** * Native file system manager. It uses the OS file system. @@ -81,4 +82,8 @@ return fsView; } + public FileSystemSecurityManager getFileSystemSecurityManager() { + return TempFileSystemSecurityManager.INSTANCE; + } + } Index: C:/Vladimirov/workspace/ftpserver/src/java/org/apache/ftpserver/filesystem/AbstractFileSystemSecurityManager.java =================================================================== --- C:/Vladimirov/workspace/ftpserver/src/java/org/apache/ftpserver/filesystem/AbstractFileSystemSecurityManager.java (revision 0) +++ C:/Vladimirov/workspace/ftpserver/src/java/org/apache/ftpserver/filesystem/AbstractFileSystemSecurityManager.java (revision 0) @@ -0,0 +1,97 @@ +/* + * Copyright 2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.ftpserver.filesystem; + +import org.apache.ftpserver.ftplet.FileObject; +import org.apache.ftpserver.ftplet.FtpException; +import org.apache.ftpserver.ftplet.User; +import org.apache.ftpserver.interfaces.FileSystemSecurityManager; + +/** + * This security manager replaces detailed check with simple UNIX-like + * read-write-execute checks which child classes need to implement + * + * @author <a href="mailto:[EMAIL PROTECTED]">Sergey Vladimirov</a> + */ +public abstract class AbstractFileSystemSecurityManager implements + FileSystemSecurityManager { + + public boolean hasAppendFilePermission(User user, FileObject fileObject) + throws FtpException { + return hasReadPermission(user, fileObject); + } + + public boolean hasDeleteFilePermission(User user, FileObject fileObject) + throws FtpException { + return hasWritePermission(user, fileObject); + } + + /** + * Has current user delete permission? + */ + protected abstract boolean hasDeletePermission(User user, + FileObject fileObject) throws FtpException; + + public boolean hasListingDirPermission(User user, FileObject fileObject) + throws FtpException { + return hasReadPermission(user, fileObject); + } + + public boolean hasListingFilePermission(User user, FileObject fileObject) + throws FtpException { + /* by default only parent directory listing permission required */ + return true; + } + + public boolean hasMakeDirPermission(User user, FileObject dirObject) + throws FtpException { + return hasWritePermission(user, dirObject); + } + + public boolean hasReadFilePermission(User user, FileObject fileObject) + throws FtpException { + return hasReadPermission(user, fileObject); + } + + /** + * Has current user read permission? + */ + protected abstract boolean hasReadPermission(User user, + FileObject fileObject) throws FtpException; + + public boolean hasRemoveDirPermission(User user, FileObject dirObject) + throws FtpException { + return hasWritePermission(user, dirObject); + } + + public boolean hasRenamePermission(User user, FileObject sourceFileObject, + FileObject targetFileObject) throws FtpException { + return hasReadPermission(user, sourceFileObject) + && hasWritePermission(user, targetFileObject); + } + + public boolean hasWriteFilePermission(User user, FileObject fileObject) + throws FtpException { + return hasWritePermission(user, fileObject); + } + + /** + * Has current user write permission? + */ + protected abstract boolean hasWritePermission(User user, + FileObject fileObject) throws FtpException; + +} Index: C:/Vladimirov/workspace/ftpserver/src/java/org/apache/ftpserver/filesystem/TempFileSystemSecurityManager.java =================================================================== --- C:/Vladimirov/workspace/ftpserver/src/java/org/apache/ftpserver/filesystem/TempFileSystemSecurityManager.java (revision 0) +++ C:/Vladimirov/workspace/ftpserver/src/java/org/apache/ftpserver/filesystem/TempFileSystemSecurityManager.java (revision 0) @@ -0,0 +1,67 @@ +/* + * Copyright 2004 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.ftpserver.filesystem; + +import org.apache.ftpserver.ftplet.FileObject; +import org.apache.ftpserver.ftplet.FtpException; +import org.apache.ftpserver.ftplet.User; +import org.apache.ftpserver.interfaces.FileSystemSecurityManager; + +/** + * This temporary security manager to store all functions until they will be + * moved from FileObject to SecirtyManagers + * + * @author <a href="mailto:[EMAIL PROTECTED]">Sergey Vladimirov</a> + * @deprecated + */ +class TempFileSystemSecurityManager extends + AbstractFileSystemSecurityManager { + + public static final TempFileSystemSecurityManager INSTANCE = new TempFileSystemSecurityManager(); + + private TempFileSystemSecurityManager() { + //for internal use only + super(); + } + + /** + * Need to move functionality from [EMAIL PROTECTED] FileObject} to + * [EMAIL PROTECTED] FileSystemSecurityManager} + */ + protected boolean hasDeletePermission(User user, FileObject fileObject) + throws FtpException { + return fileObject.hasDeletePermission(); + } + + /** + * Need to move functionality from [EMAIL PROTECTED] FileObject} to + * [EMAIL PROTECTED] FileSystemSecurityManager} + */ + protected boolean hasReadPermission(User user, FileObject fileObject) + throws FtpException { + return fileObject.hasReadPermission(); + } + + /** + * Need to move functionality from [EMAIL PROTECTED] FileObject} to + * [EMAIL PROTECTED] FileSystemSecurityManager} + */ + protected boolean hasWritePermission(User user, FileObject fileObject) + throws FtpException { + return fileObject.hasWritePermission(); + } + +} Index: C:/Vladimirov/workspace/ftpserver/src/java/org/apache/ftpserver/ftplet/FileObject.java =================================================================== --- C:/Vladimirov/workspace/ftpserver/src/java/org/apache/ftpserver/ftplet/FileObject.java (revision 405674) +++ C:/Vladimirov/workspace/ftpserver/src/java/org/apache/ftpserver/ftplet/FileObject.java (working copy) @@ -20,6 +20,8 @@ import java.io.InputStream; import java.io.OutputStream; +import org.apache.ftpserver.interfaces.FileSystemSecurityManager; + /** * This is an abstraction over the file. * @@ -60,16 +62,41 @@ /** * Has read permission? - */ + * + * @deprecated Use + * [EMAIL PROTECTED] FileSystemSecurityManager#hasListingDirPermission(User, FileObject)} + * or + * [EMAIL PROTECTED] FileSystemSecurityManager#hasListingFilePermission(User, FileObject)} + * or + * [EMAIL PROTECTED] FileSystemSecurityManager#hasListingDirPermission(User, FileObject)} + * or + * [EMAIL PROTECTED] FileSystemSecurityManager#hasReadFilePermission(User, FileObject)} + */ boolean hasReadPermission(); /** * Has write permission? - */ + * + * @deprecated Use + * [EMAIL PROTECTED] FileSystemSecurityManager#hasAppendFilePermission(User, FileObject)} + * or + * [EMAIL PROTECTED] FileSystemSecurityManager#hasMakeDirPermission(User, FileObject)} + * or + * [EMAIL PROTECTED] FileSystemSecurityManager#hasRenamePermission(User, FileObject, FileObject)} + * or + * [EMAIL PROTECTED] FileSystemSecurityManager#hasWriteFilePermission(User, FileObject)} + */ boolean hasWritePermission(); /** * Has delete permission? + * + * @deprecated Use + * [EMAIL PROTECTED] FileSystemSecurityManager#hasDeleteFilePermission(User, FileObject)} + * or + * [EMAIL PROTECTED] FileSystemSecurityManager#hasRemoveDirPermission(User, FileObject)} + * or + * [EMAIL PROTECTED] FileSystemSecurityManager#hasRenamePermission(User, FileObject, FileObject)} */ boolean hasDeletePermission(); Index: C:/Vladimirov/workspace/ftpserver/src/java/org/apache/ftpserver/ftplet/FileSystemManager.java =================================================================== --- C:/Vladimirov/workspace/ftpserver/src/java/org/apache/ftpserver/ftplet/FileSystemManager.java (revision 405674) +++ C:/Vladimirov/workspace/ftpserver/src/java/org/apache/ftpserver/ftplet/FileSystemManager.java (working copy) @@ -16,6 +16,8 @@ */ package org.apache.ftpserver.ftplet; +import org.apache.ftpserver.interfaces.FileSystemSecurityManager; + /** * This is the file system manager - it returns the file system * view for user. @@ -30,4 +32,10 @@ */ FileSystemView createFileSystemView(User user) throws FtpException; + /** + * Get security manager + * + * TODO: is this good idea to obtain it through FileSystemManager? + */ + FileSystemSecurityManager getFileSystemSecurityManager(); }
