Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEike Stepper2012-05-28 08:40:27 +0000
committerEike Stepper2012-05-28 08:40:27 +0000
commit9e38da621aa5b3af8aacd14e5dbc780808710c70 (patch)
tree7bc223393ec5df3c39fe1f68bb12da077ce91bdc /plugins
parentddc6120a7f9db25f5991e5f0bf2db600482b4cad (diff)
downloadcdo-9e38da621aa5b3af8aacd14e5dbc780808710c70.tar.gz
cdo-9e38da621aa5b3af8aacd14e5dbc780808710c70.tar.xz
cdo-9e38da621aa5b3af8aacd14e5dbc780808710c70.zip
[380629] Design a default Security model
https://bugs.eclipse.org/bugs/show_bug.cgi?id=380629
Diffstat (limited to 'plugins')
-rw-r--r--plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java207
1 files changed, 117 insertions, 90 deletions
diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
index 9794a28f9c..ba72153c62 100644
--- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
+++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
@@ -57,9 +57,14 @@ import java.util.Map;
/**
* @author Eike Stepper
*/
-public class SecurityManager implements ISecurityManager, IUserManager, IPermissionManager,
- IRepository.WriteAccessHandler
+public class SecurityManager implements ISecurityManager
{
+ private final IUserManager userManager = new UserManager();
+
+ private final IPermissionManager permissionManager = new PermissionManager();
+
+ private final IRepository.WriteAccessHandler writeAccessHandler = new WriteAccessHandler();
+
private final InternalRepository repository;
private final String realmPath;
@@ -105,9 +110,9 @@ public class SecurityManager implements ISecurityManager, IUserManager, IPermiss
// Wire up with repository
InternalSessionManager sessionManager = repository.getSessionManager();
- sessionManager.setUserManager(this);
- sessionManager.setPermissionManager(this);
- repository.addHandler(this);
+ sessionManager.setUserManager(userManager);
+ sessionManager.setPermissionManager(permissionManager);
+ repository.addHandler(writeAccessHandler);
repository.addListener(new LifecycleEventAdapter()
{
@Override
@@ -153,30 +158,6 @@ public class SecurityManager implements ISecurityManager, IUserManager, IPermiss
return realm;
}
- public Group getGroup(String groupID)
- {
- EList<SecurityItem> items = realm.getItems();
- Group group = RealmUtil.findGroup(items, groupID);
- if (group == null)
- {
- throw new SecurityException("Group " + groupID + " not found");
- }
-
- return group;
- }
-
- public Role getRole(String roleID)
- {
- EList<SecurityItem> items = realm.getItems();
- Role role = RealmUtil.findRole(items, roleID);
- if (role == null)
- {
- throw new SecurityException("Role " + roleID + " not found");
- }
-
- return role;
- }
-
public User getUser(String userID)
{
synchronized (users)
@@ -190,57 +171,36 @@ public class SecurityManager implements ISecurityManager, IUserManager, IPermiss
{
throw new SecurityException("User " + userID + " not found");
}
-
+
users.put(userID, user);
}
-
+
return user;
}
}
- public void addUser(final String userID, final char[] password)
+ public Group getGroup(String groupID)
{
- modify(new RealmOperation()
+ EList<SecurityItem> items = realm.getItems();
+ Group group = RealmUtil.findGroup(items, groupID);
+ if (group == null)
{
- public void execute(Realm realm)
- {
- UserPassword userPassword = SecurityFactory.eINSTANCE.createUserPassword();
- userPassword.setEncrypted(new String(password));
-
- User user = SecurityFactory.eINSTANCE.createUser();
- user.setId(userID);
- user.setPassword(userPassword);
-
- realm.getItems().add(user);
- }
- });
- }
+ throw new SecurityException("Group " + groupID + " not found");
+ }
- public void removeUser(final String userID)
- {
- modify(new RealmOperation()
- {
- public void execute(Realm realm)
- {
- User user = getUser(userID);
- EcoreUtil.remove(user);
- }
- });
+ return group;
}
- public byte[] encrypt(String userID, byte[] data, String algorithmName, byte[] salt, int count)
- throws SecurityException
+ public Role getRole(String roleID)
{
- User user = getUser(userID);
- UserPassword userPassword = user.getPassword();
- String password = userPassword == null ? null : userPassword.getEncrypted();
- if (password != null)
+ EList<SecurityItem> items = realm.getItems();
+ Role role = RealmUtil.findRole(items, roleID);
+ if (role == null)
{
- // TODO
+ throw new SecurityException("Role " + roleID + " not found");
}
- // TODO: implement SecurityManager.encrypt(userID, data, algorithmName, salt, count)
- throw new UnsupportedOperationException();
+ return role;
}
public void modify(RealmOperation operation)
@@ -260,46 +220,113 @@ public class SecurityManager implements ISecurityManager, IUserManager, IPermiss
}
}
- public CDOPermission getPermission(CDORevision revision, CDOBranchPoint securityContext, String userID)
+ protected CDOPermission getPermission(CDORevision revision, CDORevisionProvider revisionProvider,
+ CDOBranchPoint securityContext, User user)
{
- User user = getUser(userID);
- CDORevisionProvider revisionProvider = new ManagedRevisionProvider(repository.getRevisionManager(), securityContext);
- return getPermission(revision, revisionProvider, securityContext, user);
+ // TODO: implement SecurityManager.getPermission(revision, revisionProvider, securityContext, user)
+ throw new UnsupportedOperationException();
}
- public void handleTransactionBeforeCommitting(ITransaction transaction, CommitContext commitContext, OMMonitor monitor)
- throws RuntimeException
+ /**
+ * @author Eike Stepper
+ */
+ private final class UserManager implements IUserManager
{
- CDOBranchPoint securityContext = commitContext.getBranchPoint();
- String userID = commitContext.getUserID();
- User user = getUser(userID);
- handleRevisionsBeforeCommitting(commitContext, securityContext, user, commitContext.getNewObjects());
- handleRevisionsBeforeCommitting(commitContext, securityContext, user, commitContext.getDirtyObjects());
- }
+ public void addUser(final String userID, final char[] password)
+ {
+ modify(new RealmOperation()
+ {
+ public void execute(Realm realm)
+ {
+ UserPassword userPassword = SecurityFactory.eINSTANCE.createUserPassword();
+ userPassword.setEncrypted(new String(password));
- private void handleRevisionsBeforeCommitting(CommitContext commitContext, CDOBranchPoint securityContext, User user,
- InternalCDORevision[] revisions)
- {
- for (InternalCDORevision revision : revisions)
+ User user = SecurityFactory.eINSTANCE.createUser();
+ user.setId(userID);
+ user.setPassword(userPassword);
+
+ realm.getItems().add(user);
+ }
+ });
+ }
+
+ public void removeUser(final String userID)
{
- CDOPermission permission = getPermission(revision, commitContext, securityContext, user);
- if (permission != CDOPermission.WRITE)
+ modify(new RealmOperation()
{
- throw new SecurityException("User " + user + " is not allowed to write to " + revision);
+ public void execute(Realm realm)
+ {
+ User user = getUser(userID);
+ EcoreUtil.remove(user);
+ }
+ });
+ }
+
+ public byte[] encrypt(String userID, byte[] data, String algorithmName, byte[] salt, int count)
+ throws SecurityException
+ {
+ User user = getUser(userID);
+ UserPassword userPassword = user.getPassword();
+ String password = userPassword == null ? null : userPassword.getEncrypted();
+ if (password != null)
+ {
+ // TODO
}
+
+ // TODO: implement SecurityManager.encrypt(userID, data, algorithmName, salt, count)
+ throw new UnsupportedOperationException();
}
}
- public void handleTransactionAfterCommitted(ITransaction transaction, CommitContext commitContext, OMMonitor monitor)
+ /**
+ * @author Eike Stepper
+ */
+ private final class PermissionManager implements IPermissionManager
{
- // Do nothing
+
+ public CDOPermission getPermission(CDORevision revision, CDOBranchPoint securityContext, String userID)
+ {
+ User user = getUser(userID);
+ CDORevisionProvider revisionProvider = new ManagedRevisionProvider(repository.getRevisionManager(),
+ securityContext);
+ return SecurityManager.this.getPermission(revision, revisionProvider, securityContext, user);
+ }
}
- protected CDOPermission getPermission(CDORevision revision, CDORevisionProvider revisionProvider,
- CDOBranchPoint securityContext, User user)
+ /**
+ * @author Eike Stepper
+ */
+ private final class WriteAccessHandler implements IRepository.WriteAccessHandler
{
- // TODO: implement SecurityManager.getPermission(revision, revisionProvider, securityContext, user)
- throw new UnsupportedOperationException();
+
+ public void handleTransactionBeforeCommitting(ITransaction transaction, CommitContext commitContext,
+ OMMonitor monitor) throws RuntimeException
+ {
+ CDOBranchPoint securityContext = commitContext.getBranchPoint();
+ String userID = commitContext.getUserID();
+ User user = getUser(userID);
+
+ handleRevisionsBeforeCommitting(commitContext, securityContext, user, commitContext.getNewObjects());
+ handleRevisionsBeforeCommitting(commitContext, securityContext, user, commitContext.getDirtyObjects());
+ }
+
+ private void handleRevisionsBeforeCommitting(CommitContext commitContext, CDOBranchPoint securityContext,
+ User user, InternalCDORevision[] revisions)
+ {
+ for (InternalCDORevision revision : revisions)
+ {
+ CDOPermission permission = getPermission(revision, commitContext, securityContext, user);
+ if (permission != CDOPermission.WRITE)
+ {
+ throw new SecurityException("User " + user + " is not allowed to write to " + revision);
+ }
+ }
+ }
+
+ public void handleTransactionAfterCommitted(ITransaction transaction, CommitContext commitContext, OMMonitor monitor)
+ {
+ // Do nothing
+ }
}
}

Back to the top