Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat (limited to 'plugins')
-rw-r--r--plugins/org.eclipse.emf.cdo.security.edit/build.properties4
-rw-r--r--plugins/org.eclipse.emf.cdo.security.editor/build.properties4
-rw-r--r--plugins/org.eclipse.emf.cdo.security/build.properties4
-rw-r--r--plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/AnnotationRoleProvider.java242
-rw-r--r--plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java125
-rw-r--r--plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/spi/security/AnnotationHandler.java156
-rw-r--r--plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/spi/security/InternalSecurityManager.java2
7 files changed, 256 insertions, 281 deletions
diff --git a/plugins/org.eclipse.emf.cdo.security.edit/build.properties b/plugins/org.eclipse.emf.cdo.security.edit/build.properties
index 29cb0969dd..6e45219817 100644
--- a/plugins/org.eclipse.emf.cdo.security.edit/build.properties
+++ b/plugins/org.eclipse.emf.cdo.security.edit/build.properties
@@ -12,3 +12,7 @@ source.. = src/
output.. = bin/
src.includes = about.html,\
copyright.txt
+
+doc.project = org.eclipse.emf.cdo.doc
+
+generateSourceReferences = true
diff --git a/plugins/org.eclipse.emf.cdo.security.editor/build.properties b/plugins/org.eclipse.emf.cdo.security.editor/build.properties
index bc81aa2cb0..712c8c269f 100644
--- a/plugins/org.eclipse.emf.cdo.security.editor/build.properties
+++ b/plugins/org.eclipse.emf.cdo.security.editor/build.properties
@@ -12,3 +12,7 @@ source.. = src/
output.. = bin
src.includes = about.html,\
copyright.txt
+
+doc.project = org.eclipse.emf.cdo.doc
+
+generateSourceReferences = true
diff --git a/plugins/org.eclipse.emf.cdo.security/build.properties b/plugins/org.eclipse.emf.cdo.security/build.properties
index e99fa8da5c..389188df0b 100644
--- a/plugins/org.eclipse.emf.cdo.security/build.properties
+++ b/plugins/org.eclipse.emf.cdo.security/build.properties
@@ -13,3 +13,7 @@ source.. = src/
output.. = bin/
src.includes = about.html,\
copyright.txt
+
+doc.project = org.eclipse.emf.cdo.doc
+
+generateSourceReferences = true
diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/AnnotationRoleProvider.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/AnnotationRoleProvider.java
deleted file mode 100644
index 5170c0134e..0000000000
--- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/AnnotationRoleProvider.java
+++ /dev/null
@@ -1,242 +0,0 @@
-/*
- * Copyright (c) 2004 - 2012 Eike Stepper (Berlin, Germany) and others.
- * All rights reserved. This program and the accompanying materials
- * are made available under the terms of the Eclipse Public License v1.0
- * which accompanies this distribution, and is available at
- * http://www.eclipse.org/legal/epl-v10.html
- *
- * Contributors:
- * Eike Stepper - initial API and implementation
- */
-package org.eclipse.emf.cdo.server.internal.security;
-
-import org.eclipse.emf.cdo.common.branch.CDOBranchPoint;
-import org.eclipse.emf.cdo.common.model.CDOPackageInfo;
-import org.eclipse.emf.cdo.common.model.CDOPackageRegistry;
-import org.eclipse.emf.cdo.common.model.CDOPackageUnit;
-import org.eclipse.emf.cdo.common.revision.CDORevision;
-import org.eclipse.emf.cdo.common.revision.CDORevisionProvider;
-import org.eclipse.emf.cdo.common.security.CDOPermission;
-import org.eclipse.emf.cdo.security.Realm;
-import org.eclipse.emf.cdo.security.RealmUtil;
-import org.eclipse.emf.cdo.security.Role;
-import org.eclipse.emf.cdo.security.SecurityFactory;
-import org.eclipse.emf.cdo.security.SecurityItem;
-import org.eclipse.emf.cdo.security.User;
-import org.eclipse.emf.cdo.server.IStoreAccessor.CommitContext;
-import org.eclipse.emf.cdo.server.spi.security.InternalSecurityManager;
-
-import org.eclipse.emf.common.util.EList;
-import org.eclipse.emf.ecore.EClass;
-import org.eclipse.emf.ecore.EClassifier;
-import org.eclipse.emf.ecore.EPackage;
-import org.eclipse.emf.ecore.util.EcoreUtil;
-
-import java.util.Collections;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
-import java.util.StringTokenizer;
-import java.util.WeakHashMap;
-
-/**
- * @author Eike Stepper
- */
-public class AnnotationRoleProvider implements InternalSecurityManager.CommitHandler
-{
- public static final String SOURCE_URI = "http://www.eclipse.org/CDO/Security";
-
- public static final String READ_KEY = "read";
-
- public static final String WRITE_KEY = "write";
-
- public static final String DELIMITERS = " ,;|";
-
- private final Set<InternalSecurityManager> initialized = new HashSet<InternalSecurityManager>();
-
- private final Map<EClass, EClassRoles> cache = new WeakHashMap<EClass, EClassRoles>();
-
- public AnnotationRoleProvider()
- {
- }
-
- private void initialize(InternalSecurityManager securityManager)
- {
- if (initialized.add(securityManager))
- {
- CDOPackageRegistry packageRegistry = securityManager.getRepository().getPackageRegistry();
- initialize(securityManager, packageRegistry.getPackageUnits());
- }
- }
-
- private void initialize(InternalSecurityManager securityManager, CDOPackageUnit[] packageUnits)
- {
- if (packageUnits != null && packageUnits.length != 0)
- {
- for (CDOPackageUnit packageUnit : packageUnits)
- {
- for (CDOPackageInfo packageInfo : packageUnit.getPackageInfos())
- {
- EPackage ePackage = packageInfo.getEPackage();
- for (EClassifier eClassifier : ePackage.getEClassifiers())
- {
- if (eClassifier instanceof EClass)
- {
- EClass eClass = (EClass)eClassifier;
- initialize(securityManager, eClass, READ_KEY);
- initialize(securityManager, eClass, WRITE_KEY);
- }
- }
- }
- }
- }
- }
-
- private void initialize(InternalSecurityManager securityManager, EClass eClass, String key)
- {
- String annotation = EcoreUtil.getAnnotation(eClass, SOURCE_URI, key);
- if (annotation == null || annotation.length() == 0)
- {
- return;
- }
-
- EList<SecurityItem> items = securityManager.getRealm().getItems();
-
- StringTokenizer tokenizer = new StringTokenizer(annotation, DELIMITERS);
- while (tokenizer.hasMoreTokens())
- {
- String token = tokenizer.nextToken();
- if (token != null && token.length() != 0)
- {
- Role role = getRole(securityManager.getRealm(), token);
- if (role == null)
- {
- role = SecurityFactory.eINSTANCE.createRole();
- role.setId(token);
-
- items.add(role);
- }
- }
- }
- }
-
- public void handleCommit(InternalSecurityManager securityManager, CommitContext commitContext, User user)
- {
- initialize(securityManager);
- initialize(securityManager, commitContext.getNewPackageUnits());
- }
-
- private Set<Role> getRoles(InternalSecurityManager securityManager, CDOBranchPoint securityContext,
- CDORevisionProvider revisionProvider, CDORevision revision, CDOPermission permission)
- {
- initialize(securityManager);
-
- EClass eClass = revision.getEClass();
- return getRoles(securityManager, eClass, permission);
- }
-
- private Set<Role> getRoles(InternalSecurityManager securityManager, EClass eClass, CDOPermission permission)
- {
- EClassRoles eClassRoles = cache.get(eClass);
- if (eClassRoles == null)
- {
- eClassRoles = new EClassRoles();
- cache.put(eClass, eClassRoles);
- }
-
- switch (permission)
- {
- case READ:
- Set<Role> readRoles = eClassRoles.getReadRoles();
- if (readRoles == null)
- {
- readRoles = getRoles(securityManager, eClass, READ_KEY);
- eClassRoles.setReadRoles(readRoles);
- }
-
- return readRoles;
-
- case WRITE:
- Set<Role> writeRoles = eClassRoles.getWriteRoles();
- if (writeRoles == null)
- {
- writeRoles = getRoles(securityManager, eClass, WRITE_KEY);
- eClassRoles.setWriteRoles(writeRoles);
- }
-
- return writeRoles;
-
- default:
- throw new IllegalStateException("Illegal permission: " + permission);
- }
- }
-
- private Set<Role> getRoles(InternalSecurityManager securityManager, EClass eClass, String key)
- {
- String annotation = EcoreUtil.getAnnotation(eClass, SOURCE_URI, key);
- if (annotation == null || annotation.length() == 0)
- {
- return Collections.emptySet();
- }
-
- Set<Role> result = new HashSet<Role>();
- StringTokenizer tokenizer = new StringTokenizer(annotation, DELIMITERS);
- while (tokenizer.hasMoreTokens())
- {
- String token = tokenizer.nextToken();
- if (token != null && token.length() != 0)
- {
- Role role = getRole(securityManager.getRealm(), token);
- result.add(role);
- }
- }
-
- return result;
- }
-
- private Role getRole(Realm realm, String roleID)
- {
- EList<SecurityItem> items = realm.getItems();
- Role role = RealmUtil.findRole(items, roleID);
- if (role == null)
- {
- throw new SecurityException("Role " + roleID + " not found");
- }
-
- return role;
- }
-
- /**
- * @author Eike Stepper
- */
- private static class EClassRoles
- {
- private Set<Role> readRoles;
-
- private Set<Role> writeRoles;
-
- public EClassRoles()
- {
- }
-
- public Set<Role> getReadRoles()
- {
- return readRoles;
- }
-
- public void setReadRoles(Set<Role> readRoles)
- {
- this.readRoles = readRoles;
- }
-
- public Set<Role> getWriteRoles()
- {
- return writeRoles;
- }
-
- public void setWriteRoles(Set<Role> writeRoles)
- {
- this.writeRoles = writeRoles;
- }
- }
-}
diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
index 11427c9135..3b9c012cdf 100644
--- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
+++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/internal/security/SecurityManager.java
@@ -46,7 +46,9 @@ import org.eclipse.net4j.connector.IConnector;
import org.eclipse.net4j.util.WrappedException;
import org.eclipse.net4j.util.container.IManagedContainer;
import org.eclipse.net4j.util.lifecycle.ILifecycle;
+import org.eclipse.net4j.util.lifecycle.Lifecycle;
import org.eclipse.net4j.util.lifecycle.LifecycleEventAdapter;
+import org.eclipse.net4j.util.lifecycle.LifecycleUtil;
import org.eclipse.net4j.util.om.monitor.OMMonitor;
import org.eclipse.net4j.util.security.IUserManager;
import org.eclipse.net4j.util.security.SecurityUtil;
@@ -62,7 +64,7 @@ import java.util.Map;
/**
* @author Eike Stepper
*/
-public class SecurityManager implements InternalSecurityManager
+public class SecurityManager extends Lifecycle implements InternalSecurityManager
{
private final Map<String, User> users = new HashMap<String, User>();
@@ -90,61 +92,33 @@ public class SecurityManager implements InternalSecurityManager
public SecurityManager(IRepository repository, String realmPath, IManagedContainer container)
{
+ LifecycleUtil.checkInactive(repository);
+
this.repository = (InternalRepository)repository;
this.realmPath = realmPath;
this.container = container;
- init();
- }
-
- protected void init()
- {
- String repositoryName = repository.getName();
- String acceptorName = repositoryName + "_security";
-
- acceptor = Net4jUtil.getAcceptor(container, "jvm", acceptorName);
- connector = Net4jUtil.getConnector(container, "jvm", acceptorName);
-
- CDONet4jSessionConfiguration config = CDONet4jUtil.createNet4jSessionConfiguration();
- config.setConnector(connector);
- config.setRepositoryName(repositoryName);
-
- CDONet4jSession session = config.openNet4jSession();
- transaction = session.openTransaction();
-
- CDOResource resource = transaction.getResource(realmPath);
- realm = (Realm)resource.getContents().get(0);
-
// Wire up with repository
- InternalSessionManager sessionManager = repository.getSessionManager();
+ InternalSessionManager sessionManager = this.repository.getSessionManager();
sessionManager.setUserManager(userManager);
sessionManager.setPermissionManager(permissionManager);
repository.addHandler(writeAccessHandler);
repository.addListener(new LifecycleEventAdapter()
{
@Override
+ protected void onActivated(ILifecycle lifecycle)
+ {
+ activate();
+ }
+
+ @Override
protected void onDeactivated(ILifecycle lifecycle)
{
- dispose();
+ deactivate();
}
});
}
- protected void dispose()
- {
- users.clear();
- realm = null;
-
- transaction.getSession().close();
- transaction = null;
-
- connector.close();
- connector = null;
-
- acceptor.close();
- acceptor = null;
- }
-
public final IManagedContainer getContainer()
{
return container;
@@ -230,6 +204,21 @@ public class SecurityManager implements InternalSecurityManager
}
}
+ protected void initCommitHandlers(boolean firstTime)
+ {
+ for (CommitHandler handler : getCommitHandlers())
+ {
+ try
+ {
+ handler.init(this, firstTime);
+ }
+ catch (Exception ex)
+ {
+ OM.LOG.error(ex);
+ }
+ }
+ }
+
protected void handleCommit(CommitContext commitContext, User user)
{
for (CommitHandler handler : getCommitHandlers())
@@ -245,6 +234,11 @@ public class SecurityManager implements InternalSecurityManager
}
}
+ protected Realm createRealm()
+ {
+ return SecurityFactory.eINSTANCE.createRealm();
+ }
+
protected CDOPermission getPermission(Permission permission)
{
switch (permission)
@@ -291,6 +285,59 @@ public class SecurityManager implements InternalSecurityManager
return result;
}
+ @Override
+ protected void doActivate() throws Exception
+ {
+ super.doActivate();
+
+ String repositoryName = repository.getName();
+ String acceptorName = repositoryName + "_security";
+
+ acceptor = Net4jUtil.getAcceptor(container, "jvm", acceptorName);
+ connector = Net4jUtil.getConnector(container, "jvm", acceptorName);
+
+ CDONet4jSessionConfiguration config = CDONet4jUtil.createNet4jSessionConfiguration();
+ config.setConnector(connector);
+ config.setRepositoryName(repositoryName);
+
+ CDONet4jSession session = config.openNet4jSession();
+ transaction = session.openTransaction();
+
+ boolean firstTime = !transaction.hasResource(realmPath);
+ if (firstTime)
+ {
+ CDOResource resource = transaction.createResource(realmPath);
+ realm = createRealm();
+ resource.getContents().add(realm);
+ }
+ else
+ {
+ CDOResource resource = transaction.getResource(realmPath);
+ realm = (Realm)resource.getContents().get(0);
+ }
+
+ initCommitHandlers(firstTime);
+ transaction.commit();
+ }
+
+ @Override
+ protected void doDeactivate() throws Exception
+ {
+ users.clear();
+ realm = null;
+
+ transaction.getSession().close();
+ transaction = null;
+
+ connector.close();
+ connector = null;
+
+ acceptor.close();
+ acceptor = null;
+
+ super.doDeactivate();
+ }
+
/**
* @author Eike Stepper
*/
diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/spi/security/AnnotationHandler.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/spi/security/AnnotationHandler.java
new file mode 100644
index 0000000000..c55284f2d9
--- /dev/null
+++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/spi/security/AnnotationHandler.java
@@ -0,0 +1,156 @@
+/*
+ * Copyright (c) 2004 - 2012 Eike Stepper (Berlin, Germany) and others.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ * Eike Stepper - initial API and implementation
+ */
+package org.eclipse.emf.cdo.server.spi.security;
+
+import org.eclipse.emf.cdo.common.model.CDOPackageInfo;
+import org.eclipse.emf.cdo.common.model.CDOPackageRegistry;
+import org.eclipse.emf.cdo.common.model.CDOPackageUnit;
+import org.eclipse.emf.cdo.security.Check;
+import org.eclipse.emf.cdo.security.Permission;
+import org.eclipse.emf.cdo.security.Realm;
+import org.eclipse.emf.cdo.security.RealmUtil;
+import org.eclipse.emf.cdo.security.Role;
+import org.eclipse.emf.cdo.security.SecurityFactory;
+import org.eclipse.emf.cdo.security.SecurityItem;
+import org.eclipse.emf.cdo.security.SecurityPackage;
+import org.eclipse.emf.cdo.security.User;
+import org.eclipse.emf.cdo.server.IStoreAccessor.CommitContext;
+import org.eclipse.emf.cdo.server.security.ISecurityManager.RealmOperation;
+
+import org.eclipse.emf.common.util.EList;
+import org.eclipse.emf.ecore.EClass;
+import org.eclipse.emf.ecore.EClassifier;
+import org.eclipse.emf.ecore.EModelElement;
+import org.eclipse.emf.ecore.EPackage;
+import org.eclipse.emf.ecore.EReference;
+import org.eclipse.emf.ecore.util.EcoreUtil;
+
+import java.util.StringTokenizer;
+
+/**
+ * @author Eike Stepper
+ */
+public class AnnotationHandler implements InternalSecurityManager.CommitHandler
+{
+ public static final String SOURCE_URI = "http://www.eclipse.org/CDO/Security";
+
+ public static final String READ_KEY = "read";
+
+ public static final String WRITE_KEY = "write";
+
+ public static final String DELIMITERS = " ,;|";
+
+ public AnnotationHandler()
+ {
+ }
+
+ public void init(InternalSecurityManager securityManager, boolean firstTime)
+ {
+ if (firstTime)
+ {
+ CDOPackageRegistry packageRegistry = securityManager.getRepository().getPackageRegistry();
+ handlePackageUnits(securityManager, packageRegistry.getPackageUnits());
+ }
+ }
+
+ public void handleCommit(InternalSecurityManager securityManager, CommitContext commitContext, User user)
+ {
+ handlePackageUnits(securityManager, commitContext.getNewPackageUnits());
+ }
+
+ protected void handlePackageUnits(InternalSecurityManager securityManager, final CDOPackageUnit[] packageUnits)
+ {
+ securityManager.modify(new RealmOperation()
+ {
+ public void execute(Realm realm)
+ {
+ if (packageUnits != null && packageUnits.length != 0)
+ {
+ for (CDOPackageUnit packageUnit : packageUnits)
+ {
+ for (CDOPackageInfo packageInfo : packageUnit.getPackageInfos())
+ {
+ EPackage ePackage = packageInfo.getEPackage();
+ handlePackage(realm, ePackage);
+ }
+ }
+ }
+ }
+ });
+ }
+
+ protected void handlePackage(Realm realm, EPackage ePackage)
+ {
+ handlePackagePermission(realm, ePackage, READ_KEY, Permission.READ);
+ handlePackagePermission(realm, ePackage, WRITE_KEY, Permission.WRITE);
+
+ for (EClassifier eClassifier : ePackage.getEClassifiers())
+ {
+ if (eClassifier instanceof EClass)
+ {
+ EClass eClass = (EClass)eClassifier;
+ handleClassPermission(realm, eClass, READ_KEY, Permission.READ);
+ handleClassPermission(realm, eClass, WRITE_KEY, Permission.WRITE);
+ }
+ }
+ }
+
+ protected void handlePackagePermission(Realm realm, EPackage ePackage, String key, Permission permission)
+ {
+ EClass checkClass = SecurityPackage.Literals.PACKAGE_CHECK;
+ EReference checkFeature = SecurityPackage.Literals.PACKAGE_CHECK__PACKAGES;
+ handlePermission(realm, ePackage, key, permission, checkClass, checkFeature);
+ }
+
+ protected void handleClassPermission(Realm realm, EClass eClass, String key, Permission permission)
+ {
+ EClass checkClass = SecurityPackage.Literals.CLASS_CHECK;
+ EReference checkFeature = SecurityPackage.Literals.CLASS_CHECK__CLASSES;
+ handlePermission(realm, eClass, key, permission, checkClass, checkFeature);
+ }
+
+ protected void handlePermission(Realm realm, EModelElement modelElement, String key, Permission permission,
+ EClass checkClass, EReference checkFeature)
+ {
+ String annotation = EcoreUtil.getAnnotation(modelElement, SOURCE_URI, key);
+ if (annotation == null || annotation.length() == 0)
+ {
+ return;
+ }
+
+ EList<SecurityItem> items = realm.getItems();
+
+ StringTokenizer tokenizer = new StringTokenizer(annotation, DELIMITERS);
+ while (tokenizer.hasMoreTokens())
+ {
+ String token = tokenizer.nextToken();
+ if (token != null && token.length() != 0)
+ {
+ Check check = (Check)EcoreUtil.create(checkClass);
+ check.setPermission(permission);
+
+ @SuppressWarnings("unchecked")
+ EList<EModelElement> list = (EList<EModelElement>)check.eGet(checkFeature);
+ list.add(modelElement);
+
+ Role role = RealmUtil.findRole(items, token);
+ if (role == null)
+ {
+ role = SecurityFactory.eINSTANCE.createRole();
+ role.setId(token);
+ items.add(role);
+ }
+
+ role.getChecks().add(check);
+ }
+ }
+ }
+}
diff --git a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/spi/security/InternalSecurityManager.java b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/spi/security/InternalSecurityManager.java
index 40dec8a5e5..22c7019937 100644
--- a/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/spi/security/InternalSecurityManager.java
+++ b/plugins/org.eclipse.emf.cdo.server.security/src/org/eclipse/emf/cdo/server/spi/security/InternalSecurityManager.java
@@ -39,6 +39,8 @@ public interface InternalSecurityManager extends ISecurityManager
*/
public interface CommitHandler
{
+ public void init(InternalSecurityManager securityManager, boolean firstTime);
+
public void handleCommit(InternalSecurityManager securityManager, CommitContext commitContext, User user);
}
}

Back to the top