Skip to main content
summaryrefslogtreecommitdiffstats
path: root/plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/internal/AuthorizationAdminImpl.java
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/internal/AuthorizationAdminImpl.java')
-rw-r--r--plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/internal/AuthorizationAdminImpl.java187
1 files changed, 187 insertions, 0 deletions
diff --git a/plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/internal/AuthorizationAdminImpl.java b/plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/internal/AuthorizationAdminImpl.java
new file mode 100644
index 00000000000..5c01ee7b1ab
--- /dev/null
+++ b/plugins/org.eclipse.osee.authorization.admin/src/org/eclipse/osee/authorization/admin/internal/AuthorizationAdminImpl.java
@@ -0,0 +1,187 @@
+/*******************************************************************************
+ * Copyright (c) 2013 Boeing.
+ * All rights reserved. This program and the accompanying materials
+ * are made available under the terms of the Eclipse Public License v1.0
+ * which accompanies this distribution, and is available at
+ * http://www.eclipse.org/legal/epl-v10.html
+ *
+ * Contributors:
+ * Boeing - initial API and implementation
+ *******************************************************************************/
+package org.eclipse.osee.authorization.admin.internal;
+
+import static org.eclipse.osee.authorization.admin.internal.AuthorizationUtil.normalize;
+import java.security.Principal;
+import java.util.Date;
+import java.util.Map;
+import java.util.concurrent.ConcurrentHashMap;
+import org.eclipse.osee.authorization.admin.Authority;
+import org.eclipse.osee.authorization.admin.Authorization;
+import org.eclipse.osee.authorization.admin.AuthorizationAdmin;
+import org.eclipse.osee.authorization.admin.AuthorizationConfiguration;
+import org.eclipse.osee.authorization.admin.AuthorizationConfigurationBuilder;
+import org.eclipse.osee.authorization.admin.AuthorizationConstants;
+import org.eclipse.osee.authorization.admin.AuthorizationData;
+import org.eclipse.osee.authorization.admin.AuthorizationOverride;
+import org.eclipse.osee.authorization.admin.AuthorizationProvider;
+import org.eclipse.osee.authorization.admin.AuthorizationRequest;
+import org.eclipse.osee.framework.jdk.core.util.Conditions;
+import org.eclipse.osee.framework.jdk.core.util.Strings;
+import org.eclipse.osee.logger.Log;
+
+/**
+ * @author Roberto E. Escobar
+ */
+public class AuthorizationAdminImpl implements AuthorizationAdmin {
+
+ private static final Authority PERMIT_ALL_OVERRIDE = new PermitAllAuthority();
+ private static final Authority DENY_ALL_OVERRIDE = new DenyAllAuthority();
+
+ private final Map<String, AuthorizationProvider> providers = new ConcurrentHashMap<String, AuthorizationProvider>();
+
+ private Log logger;
+ private AuthorizationConfiguration config;
+
+ public void setLogger(Log logger) {
+ this.logger = logger;
+ }
+
+ public void start(Map<String, Object> properties) {
+ logger.trace("Starting AuthorizationAdminImpl...");
+ update(properties);
+ }
+
+ public void stop() {
+ logger.trace("Stopping AuthorizationAdminImpl...");
+ config = null;
+ }
+
+ public void update(Map<String, Object> properties) {
+ logger.trace("Updating AuthorizationAdminImpl...");
+
+ config = AuthorizationConfigurationBuilder.newBuilder()//
+ .properties(properties)//
+ .build();
+ }
+
+ public void addAuthorizationProvider(AuthorizationProvider provider) {
+ String providerId = provider.getScheme();
+ providerId = AuthorizationUtil.normalize(providerId);
+ providers.put(providerId, provider);
+ }
+
+ public void removeAuthorizationProvider(AuthorizationProvider provider) {
+ String providerId = provider.getScheme();
+ providerId = AuthorizationUtil.normalize(providerId);
+ providers.remove(providerId);
+ }
+
+ @Override
+ public Iterable<String> getAvailableSchemes() {
+ return AuthorizationUtil.unmodifiableSortedIterable(providers.keySet());
+ }
+
+ @Override
+ public Iterable<String> getAllowedSchemes() {
+ return config.getAllowedSchemes();
+ }
+
+ @Override
+ public boolean isSchemeAllowed(String schemeType) {
+ boolean isAllowed = false;
+ if (Strings.isValid(schemeType)) {
+ String toMatch = normalize(schemeType);
+ for (String scheme : getAllowedSchemes()) {
+ isAllowed = scheme.equals(toMatch);
+ if (isAllowed) {
+ break;
+ }
+ }
+ }
+ return isAllowed;
+ }
+
+ @Override
+ public Authorization authorize(AuthorizationRequest request) {
+ logger.debug("Authorization Requested: [%s]", request);
+
+ String scheme = getScheme(request);
+ checkSchemeAllowed(scheme);
+
+ AuthorizationProvider provider = getAuthorizationProvider(scheme);
+ checkProvider(scheme, provider);
+
+ AuthorizationData data = provider.authorize(request);
+ checkAuthorizationData(provider.getScheme(), data);
+
+ Authority authority = getAuthority(config.getOverride(), data);
+ checkAuthority(provider.getScheme(), authority);
+
+ String authScheme = authority.getScheme();
+ Date date = request.getRequestDate();
+ boolean secure = request.isSecure();
+ Principal principal = data != null ? data.getPrincipal() : null;
+ return new AuthorizationImpl(authScheme, date, secure, principal, authority);
+ }
+
+ private String getScheme(AuthorizationRequest request) {
+ String toReturn = request.getAuthorizationType();
+ if (!Strings.isValid(toReturn) || isNoneAllowed()) {
+ toReturn = AuthorizationConstants.NONE_AUTHORIZATION_PROVIDER;
+ }
+ return toReturn;
+ }
+
+ private boolean isNoneAllowed() {
+ boolean result = false;
+ String toFind = AuthorizationConstants.NONE_AUTHORIZATION_PROVIDER;
+ for (String allowed : getAllowedSchemes()) {
+ result = toFind.equalsIgnoreCase(allowed);
+ if (result) {
+ break;
+ }
+ }
+ return result;
+ }
+
+ private AuthorizationProvider getAuthorizationProvider(String scheme) {
+ String toGet = normalize(scheme);
+ return providers.get(toGet);
+ }
+
+ private Authority getAuthority(AuthorizationOverride override, AuthorizationData data) {
+ Authority toReturn = null;
+ switch (override) {
+ case DENY_ALL:
+ toReturn = DENY_ALL_OVERRIDE;
+ break;
+ case PERMIT_ALL:
+ toReturn = PERMIT_ALL_OVERRIDE;
+ break;
+ default:
+ toReturn = data.getAuthority();
+ break;
+ }
+ return toReturn;
+ }
+
+ private void checkSchemeAllowed(String schemeType) {
+ Conditions.checkExpressionFailOnTrue(!isSchemeAllowed(schemeType),
+ "Authorization Error - scheme [%s] is not allowed. Schemes available %s.", schemeType, getAllowedSchemes());
+ }
+
+ private void checkProvider(String scheme, AuthorizationProvider provider) {
+ Conditions.checkExpressionFailOnTrue(provider == null,
+ "Authentication Error - scheme [%s] returned null provider", scheme);
+ }
+
+ private void checkAuthorizationData(String scheme, AuthorizationData data) {
+ Conditions.checkExpressionFailOnTrue(data == null,
+ "Authentication Error - scheme [%s] returned null authorization", scheme);
+ }
+
+ private void checkAuthority(String scheme, Authority data) {
+ Conditions.checkExpressionFailOnTrue(data == null, "Authentication Error - scheme [%s] returned null authority",
+ scheme);
+ }
+}

Back to the top