Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEike Stepper2012-05-28 10:23:42 +0000
committerEike Stepper2012-05-28 10:23:42 +0000
commit690a740cbfd0e120bbb886cef2495724b768559e (patch)
tree1d0618cd8baa12ae2013753ecfafb3e4069721b9 /plugins
parenteabf57c634fc111d7ea3c3d0fe6a7e9fca237d8c (diff)
downloadcdo-690a740cbfd0e120bbb886cef2495724b768559e.tar.gz
cdo-690a740cbfd0e120bbb886cef2495724b768559e.tar.xz
cdo-690a740cbfd0e120bbb886cef2495724b768559e.zip
[380629] Design a default Security model
https://bugs.eclipse.org/bugs/show_bug.cgi?id=380629
Diffstat (limited to 'plugins')
-rw-r--r--plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/AnnotationRoleProvider.java64
-rw-r--r--plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java5
-rw-r--r--plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/spi/security/IRoleProvider.java3
3 files changed, 71 insertions, 1 deletions
diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/AnnotationRoleProvider.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/AnnotationRoleProvider.java
index d229efc6cf..95e8def2a0 100644
--- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/AnnotationRoleProvider.java
+++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/AnnotationRoleProvider.java
@@ -15,12 +15,20 @@ import org.eclipse.emf.cdo.common.revision.CDORevision;
import org.eclipse.emf.cdo.common.revision.CDORevisionProvider;
import org.eclipse.emf.cdo.common.security.CDOPermission;
import org.eclipse.emf.cdo.security.Role;
+import org.eclipse.emf.cdo.security.SecurityFactory;
+import org.eclipse.emf.cdo.security.SecurityItem;
+import org.eclipse.emf.cdo.server.IStoreAccessor.CommitContext;
import org.eclipse.emf.cdo.server.security.ISecurityManager;
import org.eclipse.emf.cdo.server.spi.security.IRoleProvider;
+import org.eclipse.emf.cdo.spi.common.model.InternalCDOPackageInfo;
+import org.eclipse.emf.cdo.spi.common.model.InternalCDOPackageUnit;
import org.eclipse.net4j.util.factory.ProductCreationException;
+import org.eclipse.emf.common.util.EList;
import org.eclipse.emf.ecore.EClass;
+import org.eclipse.emf.ecore.EClassifier;
+import org.eclipse.emf.ecore.EPackage;
import org.eclipse.emf.ecore.util.EcoreUtil;
import java.util.Collections;
@@ -41,12 +49,38 @@ public class AnnotationRoleProvider implements IRoleProvider
public static final String WRITE_KEY = "write";
+ public static final String DELIMITERS = " ,;|";
+
private final Map<EClass, EClassRoles> cache = new WeakHashMap<EClass, EClassRoles>();
public AnnotationRoleProvider()
{
}
+ public void handleCommit(ISecurityManager securityManager, CommitContext commitContext)
+ {
+ InternalCDOPackageUnit[] newPackageUnits = commitContext.getNewPackageUnits();
+ if (newPackageUnits != null && newPackageUnits.length != 0)
+ {
+ for (InternalCDOPackageUnit packageUnit : newPackageUnits)
+ {
+ for (InternalCDOPackageInfo packageInfo : packageUnit.getPackageInfos())
+ {
+ EPackage ePackage = packageInfo.getEPackage();
+ for (EClassifier eClassifier : ePackage.getEClassifiers())
+ {
+ if (eClassifier instanceof EClass)
+ {
+ EClass eClass = (EClass)eClassifier;
+ addMissingRoles(securityManager, eClass, READ_KEY);
+ addMissingRoles(securityManager, eClass, WRITE_KEY);
+ }
+ }
+ }
+ }
+ }
+ }
+
public Set<Role> getRoles(ISecurityManager securityManager, CDOBranchPoint securityContext,
CDORevisionProvider revisionProvider, CDORevision revision, CDOPermission permission)
{
@@ -99,7 +133,7 @@ public class AnnotationRoleProvider implements IRoleProvider
}
Set<Role> result = new HashSet<Role>();
- StringTokenizer tokenizer = new StringTokenizer(annotation, " ,;|");
+ StringTokenizer tokenizer = new StringTokenizer(annotation, DELIMITERS);
while (tokenizer.hasMoreTokens())
{
String token = tokenizer.nextToken();
@@ -113,6 +147,34 @@ public class AnnotationRoleProvider implements IRoleProvider
return result;
}
+ private void addMissingRoles(ISecurityManager securityManager, EClass eClass, String key)
+ {
+ String annotation = EcoreUtil.getAnnotation(eClass, SOURCE_URI, key);
+ if (annotation == null || annotation.length() == 0)
+ {
+ return;
+ }
+
+ EList<SecurityItem> items = securityManager.getRealm().getItems();
+
+ StringTokenizer tokenizer = new StringTokenizer(annotation, DELIMITERS);
+ while (tokenizer.hasMoreTokens())
+ {
+ String token = tokenizer.nextToken();
+ if (token != null && token.length() != 0)
+ {
+ Role role = securityManager.getRole(token);
+ if (role == null)
+ {
+ role = SecurityFactory.eINSTANCE.createRole();
+ role.setId(token);
+
+ items.add(role);
+ }
+ }
+ }
+ }
+
/**
* @author Eike Stepper
*/
diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
index 82f72a539d..265d1c7bdf 100644
--- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
+++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
@@ -414,6 +414,11 @@ public class SecurityManager implements ISecurityManager
public void handleTransactionBeforeCommitting(ITransaction transaction, CommitContext commitContext,
OMMonitor monitor) throws RuntimeException
{
+ for (IRoleProvider roleProvider : getRoleProviders())
+ {
+ roleProvider.handleCommit(SecurityManager.this, commitContext);
+ }
+
CDOBranchPoint securityContext = commitContext.getBranchPoint();
String userID = commitContext.getUserID();
User user = getUser(userID);
diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/spi/security/IRoleProvider.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/spi/security/IRoleProvider.java
index 4d385be6e7..269cb56382 100644
--- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/spi/security/IRoleProvider.java
+++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/spi/security/IRoleProvider.java
@@ -15,6 +15,7 @@ import org.eclipse.emf.cdo.common.revision.CDORevision;
import org.eclipse.emf.cdo.common.revision.CDORevisionProvider;
import org.eclipse.emf.cdo.common.security.CDOPermission;
import org.eclipse.emf.cdo.security.Role;
+import org.eclipse.emf.cdo.server.IStoreAccessor.CommitContext;
import org.eclipse.emf.cdo.server.security.ISecurityManager;
import org.eclipse.net4j.util.factory.ProductCreationException;
@@ -26,6 +27,8 @@ import java.util.Set;
*/
public interface IRoleProvider
{
+ public void handleCommit(ISecurityManager securityManager, CommitContext commitContext);
+
public Set<Role> getRoles(ISecurityManager securityManager, CDOBranchPoint securityContext,
CDORevisionProvider revisionProvider, CDORevision revision, CDOPermission permission);

Back to the top