Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEike Stepper2012-05-28 10:37:43 +0000
committerEike Stepper2012-05-28 10:37:43 +0000
commit193c117d042f886a45a4724cc3f16fffef638382 (patch)
treee9ff166544ccb058ce5057016b19828d4822f1e7 /plugins
parent690a740cbfd0e120bbb886cef2495724b768559e (diff)
downloadcdo-193c117d042f886a45a4724cc3f16fffef638382.tar.gz
cdo-193c117d042f886a45a4724cc3f16fffef638382.tar.xz
cdo-193c117d042f886a45a4724cc3f16fffef638382.zip
[380629] Design a default Security model
https://bugs.eclipse.org/bugs/show_bug.cgi?id=380629
Diffstat (limited to 'plugins')
-rw-r--r--plugins/org.eclipse.emf.cdo.server.security/META-INF/MANIFEST.MF3
-rw-r--r--plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/AnnotationRoleProvider.java93
-rw-r--r--plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java29
-rw-r--r--plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/bundle/OM.java45
4 files changed, 126 insertions, 44 deletions
diff --git a/plugins/org.eclipse.emf.cdo.server.security/META-INF/MANIFEST.MF b/plugins/org.eclipse.emf.cdo.server.security/META-INF/MANIFEST.MF
index 135e6bea12..59faa5a9b9 100644
--- a/plugins/org.eclipse.emf.cdo.server.security/META-INF/MANIFEST.MF
+++ b/plugins/org.eclipse.emf.cdo.server.security/META-INF/MANIFEST.MF
@@ -19,5 +19,8 @@ Export-Package: org.eclipse.emf.cdo.server.internal.security;version="4.1.0";
org.eclipse.emf.cdo.tests.hibernate,
org.eclipse.emf.cdo.tests.mongodb,
org.eclipse.emf.cdo.tests.objectivity",
+ org.eclipse.emf.cdo.server.internal.security.bundle;version="4.1.0";x-internal:=true,
org.eclipse.emf.cdo.server.security;version="4.1.0",
org.eclipse.emf.cdo.server.spi.security;version="4.1.0"
+Bundle-ActivationPolicy: lazy
+Bundle-Activator: org.eclipse.emf.cdo.server.internal.security.bundle.OM$Activator
diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/AnnotationRoleProvider.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/AnnotationRoleProvider.java
index 95e8def2a0..5cce7c700a 100644
--- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/AnnotationRoleProvider.java
+++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/AnnotationRoleProvider.java
@@ -11,6 +11,9 @@
package org.eclipse.emf.cdo.server.internal.security;
import org.eclipse.emf.cdo.common.branch.CDOBranchPoint;
+import org.eclipse.emf.cdo.common.model.CDOPackageInfo;
+import org.eclipse.emf.cdo.common.model.CDOPackageRegistry;
+import org.eclipse.emf.cdo.common.model.CDOPackageUnit;
import org.eclipse.emf.cdo.common.revision.CDORevision;
import org.eclipse.emf.cdo.common.revision.CDORevisionProvider;
import org.eclipse.emf.cdo.common.security.CDOPermission;
@@ -20,8 +23,6 @@ import org.eclipse.emf.cdo.security.SecurityItem;
import org.eclipse.emf.cdo.server.IStoreAccessor.CommitContext;
import org.eclipse.emf.cdo.server.security.ISecurityManager;
import org.eclipse.emf.cdo.server.spi.security.IRoleProvider;
-import org.eclipse.emf.cdo.spi.common.model.InternalCDOPackageInfo;
-import org.eclipse.emf.cdo.spi.common.model.InternalCDOPackageUnit;
import org.eclipse.net4j.util.factory.ProductCreationException;
@@ -51,20 +52,30 @@ public class AnnotationRoleProvider implements IRoleProvider
public static final String DELIMITERS = " ,;|";
+ private final Set<ISecurityManager> initialized = new HashSet<ISecurityManager>();
+
private final Map<EClass, EClassRoles> cache = new WeakHashMap<EClass, EClassRoles>();
public AnnotationRoleProvider()
{
}
- public void handleCommit(ISecurityManager securityManager, CommitContext commitContext)
+ private void initialize(ISecurityManager securityManager)
{
- InternalCDOPackageUnit[] newPackageUnits = commitContext.getNewPackageUnits();
- if (newPackageUnits != null && newPackageUnits.length != 0)
+ if (initialized.add(securityManager))
{
- for (InternalCDOPackageUnit packageUnit : newPackageUnits)
+ CDOPackageRegistry packageRegistry = securityManager.getRepository().getPackageRegistry();
+ initialize(securityManager, packageRegistry.getPackageUnits());
+ }
+ }
+
+ private void initialize(ISecurityManager securityManager, CDOPackageUnit[] packageUnits)
+ {
+ if (packageUnits != null && packageUnits.length != 0)
+ {
+ for (CDOPackageUnit packageUnit : packageUnits)
{
- for (InternalCDOPackageInfo packageInfo : packageUnit.getPackageInfos())
+ for (CDOPackageInfo packageInfo : packageUnit.getPackageInfos())
{
EPackage ePackage = packageInfo.getEPackage();
for (EClassifier eClassifier : ePackage.getEClassifiers())
@@ -72,8 +83,8 @@ public class AnnotationRoleProvider implements IRoleProvider
if (eClassifier instanceof EClass)
{
EClass eClass = (EClass)eClassifier;
- addMissingRoles(securityManager, eClass, READ_KEY);
- addMissingRoles(securityManager, eClass, WRITE_KEY);
+ initialize(securityManager, eClass, READ_KEY);
+ initialize(securityManager, eClass, WRITE_KEY);
}
}
}
@@ -81,9 +92,45 @@ public class AnnotationRoleProvider implements IRoleProvider
}
}
+ private void initialize(ISecurityManager securityManager, EClass eClass, String key)
+ {
+ String annotation = EcoreUtil.getAnnotation(eClass, SOURCE_URI, key);
+ if (annotation == null || annotation.length() == 0)
+ {
+ return;
+ }
+
+ EList<SecurityItem> items = securityManager.getRealm().getItems();
+
+ StringTokenizer tokenizer = new StringTokenizer(annotation, DELIMITERS);
+ while (tokenizer.hasMoreTokens())
+ {
+ String token = tokenizer.nextToken();
+ if (token != null && token.length() != 0)
+ {
+ Role role = securityManager.getRole(token);
+ if (role == null)
+ {
+ role = SecurityFactory.eINSTANCE.createRole();
+ role.setId(token);
+
+ items.add(role);
+ }
+ }
+ }
+ }
+
+ public void handleCommit(ISecurityManager securityManager, CommitContext commitContext)
+ {
+ initialize(securityManager);
+ initialize(securityManager, commitContext.getNewPackageUnits());
+ }
+
public Set<Role> getRoles(ISecurityManager securityManager, CDOBranchPoint securityContext,
CDORevisionProvider revisionProvider, CDORevision revision, CDOPermission permission)
{
+ initialize(securityManager);
+
EClass eClass = revision.getEClass();
return getRoles(securityManager, eClass, permission);
}
@@ -147,34 +194,6 @@ public class AnnotationRoleProvider implements IRoleProvider
return result;
}
- private void addMissingRoles(ISecurityManager securityManager, EClass eClass, String key)
- {
- String annotation = EcoreUtil.getAnnotation(eClass, SOURCE_URI, key);
- if (annotation == null || annotation.length() == 0)
- {
- return;
- }
-
- EList<SecurityItem> items = securityManager.getRealm().getItems();
-
- StringTokenizer tokenizer = new StringTokenizer(annotation, DELIMITERS);
- while (tokenizer.hasMoreTokens())
- {
- String token = tokenizer.nextToken();
- if (token != null && token.length() != 0)
- {
- Role role = securityManager.getRole(token);
- if (role == null)
- {
- role = SecurityFactory.eINSTANCE.createRole();
- role.setId(token);
-
- items.add(role);
- }
- }
- }
- }
-
/**
* @author Eike Stepper
*/
diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
index 265d1c7bdf..3448a862cd 100644
--- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
+++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
@@ -30,6 +30,7 @@ import org.eclipse.emf.cdo.server.IPermissionManager;
import org.eclipse.emf.cdo.server.IRepository;
import org.eclipse.emf.cdo.server.IStoreAccessor.CommitContext;
import org.eclipse.emf.cdo.server.ITransaction;
+import org.eclipse.emf.cdo.server.internal.security.bundle.OM;
import org.eclipse.emf.cdo.server.security.ISecurityManager;
import org.eclipse.emf.cdo.server.spi.security.IRoleProvider;
import org.eclipse.emf.cdo.spi.common.revision.InternalCDORevision;
@@ -287,15 +288,22 @@ public class SecurityManager implements ISecurityManager
Set<Role> result = null;
for (IRoleProvider roleProvider : getRoleProviders())
{
- Set<Role> roles = roleProvider.getRoles(this, securityContext, revisionProvider, revision, permission);
- if (roles != null && !roles.isEmpty())
+ try
{
- if (result == null)
+ Set<Role> roles = roleProvider.getRoles(this, securityContext, revisionProvider, revision, permission);
+ if (roles != null && !roles.isEmpty())
{
- result = new HashSet<Role>();
- }
+ if (result == null)
+ {
+ result = new HashSet<Role>();
+ }
- result.addAll(roles);
+ result.addAll(roles);
+ }
+ }
+ catch (Exception ex)
+ {
+ OM.LOG.error(ex);
}
}
@@ -416,7 +424,14 @@ public class SecurityManager implements ISecurityManager
{
for (IRoleProvider roleProvider : getRoleProviders())
{
- roleProvider.handleCommit(SecurityManager.this, commitContext);
+ try
+ {
+ roleProvider.handleCommit(SecurityManager.this, commitContext);
+ }
+ catch (Exception ex)
+ {
+ OM.LOG.error(ex);
+ }
}
CDOBranchPoint securityContext = commitContext.getBranchPoint();
diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/bundle/OM.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/bundle/OM.java
new file mode 100644
index 0000000000..a3fa4a70d4
--- /dev/null
+++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/bundle/OM.java
@@ -0,0 +1,45 @@
+/*
+ * Copyright (c) 2004 - 2012 Eike Stepper (Berlin, Germany) and others.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ * Eike Stepper - initial API and implementation
+ * Stefan Winkler - Bug 285426: [DB] Implement user-defined typeMapping support
+ */
+package org.eclipse.emf.cdo.server.internal.security.bundle;
+
+import org.eclipse.net4j.util.om.OMBundle;
+import org.eclipse.net4j.util.om.OMPlatform;
+import org.eclipse.net4j.util.om.OSGiActivator;
+import org.eclipse.net4j.util.om.log.OMLogger;
+import org.eclipse.net4j.util.om.trace.OMTracer;
+
+/**
+ * The <em>Operations & Maintenance</em> class of this bundle.
+ *
+ * @author Eike Stepper
+ */
+public abstract class OM
+{
+ public static final String BUNDLE_ID = "org.eclipse.emf.cdo.server.security"; //$NON-NLS-1$
+
+ public static final OMBundle BUNDLE = OMPlatform.INSTANCE.bundle(BUNDLE_ID, OM.class);
+
+ public static final OMTracer DEBUG = BUNDLE.tracer("debug"); //$NON-NLS-1$
+
+ public static final OMLogger LOG = BUNDLE.logger();
+
+ /**
+ * @author Eike Stepper
+ */
+ public static final class Activator extends OSGiActivator
+ {
+ public Activator()
+ {
+ super(BUNDLE);
+ }
+ }
+}

Back to the top