summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristian Campo2008-01-17 09:56:11 (EST)
committerChristian Campo2008-01-17 09:56:11 (EST)
commit6a2ff902497415affcc690cb6ee3ea7e17247324 (patch)
tree6f666a1de8df9063755c00758e32d87dc32bdcc0
parent00dadf4f2ef039fb549eaf8bd68f5f91c41d8f66 (diff)
downloadorg.eclipse.riena-6a2ff902497415affcc690cb6ee3ea7e17247324.zip
org.eclipse.riena-6a2ff902497415affcc690cb6ee3ea7e17247324.tar.gz
org.eclipse.riena-6a2ff902497415affcc690cb6ee3ea7e17247324.tar.bz2
added Sentinel to do permissionchecks without SecurityManager
-rw-r--r--org.eclipse.riena.security.common/src/org/eclipse/riena/security/common/authorization/Sentinel.java94
1 files changed, 94 insertions, 0 deletions
diff --git a/org.eclipse.riena.security.common/src/org/eclipse/riena/security/common/authorization/Sentinel.java b/org.eclipse.riena.security.common/src/org/eclipse/riena/security/common/authorization/Sentinel.java
new file mode 100644
index 0000000..578edcd
--- /dev/null
+++ b/org.eclipse.riena.security.common/src/org/eclipse/riena/security/common/authorization/Sentinel.java
@@ -0,0 +1,94 @@
+/*******************************************************************************
+ * Copyright (c) 2007 compeople AG and others.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ * compeople AG - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.riena.security.common.authorization;
+
+import java.security.Permission;
+import java.security.Permissions;
+
+import javax.security.auth.Subject;
+
+import org.eclipse.riena.core.service.ServiceInjector;
+import org.eclipse.riena.internal.security.common.Activator;
+import org.eclipse.riena.security.common.ISubjectHolder;
+import org.eclipse.riena.security.common.ISubjectHolderService;
+
+/**
+ * This class can be used as an alternative to the Java SecurityManager if you
+ * don't like to switch java security on but still like to check on business
+ * permissions in the code. The Sentinel also says true or false which is easier
+ * to handle than an AccessControlException.
+ */
+public class Sentinel {
+
+ private static Sentinel singletonSentinel = new Sentinel();
+ private IPermissionCache permCache;
+ private ISubjectHolderService subjectHolderService;
+
+ private Sentinel() {
+ super();
+ new ServiceInjector(Activator.getContext(), IPermissionCache.ID, this, "bindPermCache", "unbindPermCache").start();
+ new ServiceInjector(Activator.getContext(), ISubjectHolderService.ID, this, "bindSubjectHolderService", "unbindSubjectHolderService").start();
+ }
+
+ public void bindPermCache(IPermissionCache permCache) {
+ this.permCache = permCache;
+ }
+
+ public void unbindPermCache(IPermissionCache permCache) {
+ if (permCache == this.permCache) {
+ this.permCache = null;
+ }
+ }
+
+ public void bindSubjectHolderService(ISubjectHolderService subjectHolderService) {
+ this.subjectHolderService = subjectHolderService;
+ }
+
+ public void unbindSubjectHolderService(ISubjectHolderService subjectHolderService) {
+ if (subjectHolderService == this.subjectHolderService) {
+ this.subjectHolderService = null;
+ }
+ }
+
+ protected static Sentinel getInstance() {
+ return singletonSentinel;
+ }
+
+ protected IPermissionCache getPermissionCache() {
+ return permCache;
+ }
+
+ protected ISubjectHolderService getSubjectHolderService() {
+ return subjectHolderService;
+ }
+
+ /**
+ * checkAccess reads the current Subject from the SubjectHolderService,
+ * reads all its permissions from the cache and checks if this permission is
+ * allowed for this subject
+ *
+ * @param permission
+ * permission to be checked
+ * @return
+ */
+ public static boolean checkAccess(Permission permission) {
+ Sentinel sentinel = Sentinel.getInstance();
+ ISubjectHolder subjectHolder = sentinel.getSubjectHolderService().fetchSubjectHolder();
+ Subject subject = subjectHolder.getSubject();
+ if (subject != null) {
+ Permissions permissions = Sentinel.getInstance().getPermissionCache().getPermissions(subject);
+ boolean result = permissions.implies(permission);
+ return result;
+ } else {
+ return false;
+ }
+ }
+}