Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEike Stepper2012-05-28 09:46:57 +0000
committerEike Stepper2012-05-28 09:46:57 +0000
commit20ac53a4c8f61c8acae82c259e972e9e81ff699a (patch)
tree0a6c2262ca502c4b1146bc2bb40dc29ae0381ef5 /plugins
parent5dbd1ca0872a12308d9891c94c76db16d65d07aa (diff)
downloadcdo-20ac53a4c8f61c8acae82c259e972e9e81ff699a.tar.gz
cdo-20ac53a4c8f61c8acae82c259e972e9e81ff699a.tar.xz
cdo-20ac53a4c8f61c8acae82c259e972e9e81ff699a.zip
[380629] Design a default Security model
https://bugs.eclipse.org/bugs/show_bug.cgi?id=380629
Diffstat (limited to 'plugins')
-rw-r--r--plugins/org.eclipse.emf.cdo.server.security/META-INF/MANIFEST.MF3
-rw-r--r--plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/AnnotationRoleProvider.java147
-rw-r--r--plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/security/ISecurityManager.java8
-rw-r--r--plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/security/SecurityManagerUtil.java5
-rw-r--r--plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/spi/security/IRoleProvider.java46
5 files changed, 208 insertions, 1 deletions
diff --git a/plugins/org.eclipse.emf.cdo.server.security/META-INF/MANIFEST.MF b/plugins/org.eclipse.emf.cdo.server.security/META-INF/MANIFEST.MF
index a78db5ee2d..135e6bea12 100644
--- a/plugins/org.eclipse.emf.cdo.server.security/META-INF/MANIFEST.MF
+++ b/plugins/org.eclipse.emf.cdo.server.security/META-INF/MANIFEST.MF
@@ -19,4 +19,5 @@ Export-Package: org.eclipse.emf.cdo.server.internal.security;version="4.1.0";
org.eclipse.emf.cdo.tests.hibernate,
org.eclipse.emf.cdo.tests.mongodb,
org.eclipse.emf.cdo.tests.objectivity",
- org.eclipse.emf.cdo.server.security;version="4.1.0"
+ org.eclipse.emf.cdo.server.security;version="4.1.0",
+ org.eclipse.emf.cdo.server.spi.security;version="4.1.0"
diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/AnnotationRoleProvider.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/AnnotationRoleProvider.java
new file mode 100644
index 0000000000..235a04875b
--- /dev/null
+++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/AnnotationRoleProvider.java
@@ -0,0 +1,147 @@
+/*
+ * Copyright (c) 2004 - 2012 Eike Stepper (Berlin, Germany) and others.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ * Eike Stepper - initial API and implementation
+ */
+package org.eclipse.emf.cdo.server.internal.security;
+
+import org.eclipse.emf.cdo.common.branch.CDOBranchPoint;
+import org.eclipse.emf.cdo.common.revision.CDORevision;
+import org.eclipse.emf.cdo.common.revision.CDORevisionProvider;
+import org.eclipse.emf.cdo.common.security.CDOPermission;
+import org.eclipse.emf.cdo.security.Role;
+import org.eclipse.emf.cdo.server.security.ISecurityManager;
+import org.eclipse.emf.cdo.server.spi.security.IRoleProvider;
+
+import org.eclipse.emf.ecore.EClass;
+import org.eclipse.emf.ecore.util.EcoreUtil;
+
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+import java.util.StringTokenizer;
+import java.util.WeakHashMap;
+
+/**
+ * @author Eike Stepper
+ */
+public class AnnotationRoleProvider implements IRoleProvider
+{
+ public static final String SOURCE_URI = "http://www.eclipse.org/CDO/Security";
+
+ public static final String READ_KEY = "read";
+
+ public static final String WRITE_KEY = "write";
+
+ private final Map<EClass, EClassRoles> cache = new WeakHashMap<EClass, EClassRoles>();
+
+ public AnnotationRoleProvider()
+ {
+ }
+
+ public Set<Role> getRoles(ISecurityManager securityManager, CDOBranchPoint securityContext,
+ CDORevisionProvider revisionProvider, CDORevision revision, CDOPermission permission)
+ {
+ EClass eClass = revision.getEClass();
+ return getRoles(securityManager, eClass, permission);
+ }
+
+ private Set<Role> getRoles(ISecurityManager securityManager, EClass eClass, CDOPermission permission)
+ {
+ EClassRoles eClassRoles = cache.get(eClass);
+ if (eClassRoles == null)
+ {
+ eClassRoles = new EClassRoles();
+ cache.put(eClass, eClassRoles);
+ }
+
+ switch (permission)
+ {
+ case READ:
+ Set<Role> readRoles = eClassRoles.getReadRoles();
+ if (readRoles == null)
+ {
+ readRoles = getRoles(securityManager, eClass, READ_KEY);
+ eClassRoles.setReadRoles(readRoles);
+ }
+
+ return readRoles;
+
+ case WRITE:
+ Set<Role> writeRoles = eClassRoles.getWriteRoles();
+ if (writeRoles == null)
+ {
+ writeRoles = getRoles(securityManager, eClass, WRITE_KEY);
+ eClassRoles.setWriteRoles(writeRoles);
+ }
+
+ return writeRoles;
+
+ default:
+ throw new IllegalStateException("Illegal permission: " + permission);
+ }
+ }
+
+ private Set<Role> getRoles(ISecurityManager securityManager, EClass eClass, String key)
+ {
+ String annotation = EcoreUtil.getAnnotation(eClass, SOURCE_URI, key);
+ if (annotation == null || annotation.length() == 0)
+ {
+ return Collections.emptySet();
+ }
+
+ Set<Role> result = new HashSet<Role>();
+ StringTokenizer tokenizer = new StringTokenizer(annotation, " ,;|");
+ while (tokenizer.hasMoreTokens())
+ {
+ String token = tokenizer.nextToken();
+ if (token != null && token.length() != 0)
+ {
+ Role role = securityManager.getRole(token);
+ result.add(role);
+ }
+ }
+
+ return result;
+ }
+
+ /**
+ * @author Eike Stepper
+ */
+ private static class EClassRoles
+ {
+ private Set<Role> readRoles;
+
+ private Set<Role> writeRoles;
+
+ public EClassRoles()
+ {
+ }
+
+ public Set<Role> getReadRoles()
+ {
+ return readRoles;
+ }
+
+ public void setReadRoles(Set<Role> readRoles)
+ {
+ this.readRoles = readRoles;
+ }
+
+ public Set<Role> getWriteRoles()
+ {
+ return writeRoles;
+ }
+
+ public void setWriteRoles(Set<Role> writeRoles)
+ {
+ this.writeRoles = writeRoles;
+ }
+ }
+}
diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/security/ISecurityManager.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/security/ISecurityManager.java
index afba2a5686..4af1526bdb 100644
--- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/security/ISecurityManager.java
+++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/security/ISecurityManager.java
@@ -16,6 +16,8 @@ import org.eclipse.emf.cdo.security.Role;
import org.eclipse.emf.cdo.security.User;
import org.eclipse.emf.cdo.server.IRepository;
+import org.eclipse.net4j.util.container.IManagedContainer;
+
/**
* Protects a given {@link IRepository repository}.
*
@@ -24,6 +26,12 @@ import org.eclipse.emf.cdo.server.IRepository;
*/
public interface ISecurityManager
{
+ public IRepository getRepository();
+
+ public String getRealmPath();
+
+ public IManagedContainer getContainer();
+
public Realm getRealm();
public User getUser(String userID) throws SecurityException;
diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/security/SecurityManagerUtil.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/security/SecurityManagerUtil.java
index 595c3b0511..82b639deea 100644
--- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/security/SecurityManagerUtil.java
+++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/security/SecurityManagerUtil.java
@@ -36,4 +36,9 @@ public final class SecurityManagerUtil
{
return new org.eclipse.emf.cdo.server.internal.security.SecurityManager(repository, realmPath, container);
}
+
+ public static void prepareContainer(IManagedContainer container)
+ {
+
+ }
}
diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/spi/security/IRoleProvider.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/spi/security/IRoleProvider.java
new file mode 100644
index 0000000000..4d385be6e7
--- /dev/null
+++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/spi/security/IRoleProvider.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright (c) 2004 - 2012 Eike Stepper (Berlin, Germany) and others.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ * Eike Stepper - initial API and implementation
+ */
+package org.eclipse.emf.cdo.server.spi.security;
+
+import org.eclipse.emf.cdo.common.branch.CDOBranchPoint;
+import org.eclipse.emf.cdo.common.revision.CDORevision;
+import org.eclipse.emf.cdo.common.revision.CDORevisionProvider;
+import org.eclipse.emf.cdo.common.security.CDOPermission;
+import org.eclipse.emf.cdo.security.Role;
+import org.eclipse.emf.cdo.server.security.ISecurityManager;
+
+import org.eclipse.net4j.util.factory.ProductCreationException;
+
+import java.util.Set;
+
+/**
+ * @author Eike Stepper
+ */
+public interface IRoleProvider
+{
+ public Set<Role> getRoles(ISecurityManager securityManager, CDOBranchPoint securityContext,
+ CDORevisionProvider revisionProvider, CDORevision revision, CDOPermission permission);
+
+ /**
+ * @author Eike Stepper
+ */
+ public static abstract class Factory extends org.eclipse.net4j.util.factory.Factory
+ {
+ public static final String PRODUCT_GROUP = "org.eclipse.emf.cdo.server.security.roleProviders";
+
+ public Factory(String type)
+ {
+ super(PRODUCT_GROUP, type);
+ }
+
+ public abstract IRoleProvider create(String description) throws ProductCreationException;
+ }
+}

Back to the top