1
|
1 /* XMLAuthOps -- Authentication class implementation using XML files
|
|
2
|
|
3 Digital Image Library servlet components
|
|
4
|
|
5 Copyright (C) 2001, 2002 Robert Casties (robcast@mail.berlios.de)
|
|
6
|
|
7 This program is free software; you can redistribute it and/or modify it
|
|
8 under the terms of the GNU General Public License as published by the
|
|
9 Free Software Foundation; either version 2 of the License, or (at your
|
|
10 option) any later version.
|
|
11
|
|
12 Please read license.txt for the full details. A copy of the GPL
|
|
13 may be found at http://www.gnu.org/copyleft/lgpl.html
|
|
14
|
|
15 You should have received a copy of the GNU General Public License
|
|
16 along with this program; if not, write to the Free Software
|
|
17 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
18
|
|
19 */
|
|
20
|
|
21 package digilib.auth;
|
|
22
|
181
|
23 import java.io.File;
|
|
24 import java.util.List;
|
269
|
25 import java.util.Map;
|
181
|
26
|
1
|
27 import javax.servlet.http.HttpServletRequest;
|
|
28
|
73
|
29 import digilib.servlet.DigilibRequest;
|
590
|
30 import digilib.util.HashTree;
|
|
31 import digilib.util.XMLListLoader;
|
1
|
32
|
73
|
33 /** Implementation of AuthOps using XML files.
|
|
34 *
|
|
35 * The configuration file is read by an XMLListLoader into HashTree objects for
|
|
36 * authentication paths and IP numbers.
|
|
37 */
|
1
|
38 public class XMLAuthOps extends AuthOpsImpl {
|
|
39
|
259
|
40 private File configFile;
|
73
|
41 private HashTree authPaths;
|
|
42 private HashTree authIPs;
|
|
43
|
259
|
44 /** Constructor taking an XML config file.
|
73
|
45 *
|
|
46 * @param u utils object
|
259
|
47 * @param confFile Configuration file.
|
73
|
48 * @throws AuthOpException Exception thrown on error.
|
|
49 */
|
259
|
50 public XMLAuthOps(File confFile) throws AuthOpException {
|
73
|
51 configFile = confFile;
|
|
52 init();
|
|
53 }
|
|
54
|
259
|
55 /** Set configuration file.
|
73
|
56 *
|
259
|
57 * @param confFile XML config file.
|
73
|
58 * @throws AuthOpException Exception thrown on error.
|
|
59 */
|
259
|
60 public void setConfig(File confFile) throws AuthOpException {
|
73
|
61 configFile = confFile;
|
|
62 init();
|
|
63 }
|
1
|
64
|
73
|
65 /** Initialize.
|
|
66 *
|
|
67 * Read configuration files and setup authentication arrays.
|
|
68 *
|
|
69 * @throws AuthOpException Exception thrown on error.
|
|
70 */
|
|
71 public void init() throws AuthOpException {
|
181
|
72 logger.debug("xmlauthops.init (" + configFile + ")");
|
531
|
73 Map<String, String> pathList = null;
|
|
74 Map<String, String> ipList = null;
|
73
|
75 try {
|
|
76 // load authPaths
|
|
77 XMLListLoader pathLoader =
|
|
78 new XMLListLoader("digilib-paths", "path", "name", "role");
|
259
|
79 pathList = pathLoader.loadURL(configFile.toURL().toString());
|
73
|
80 // load authIPs
|
|
81 XMLListLoader ipLoader =
|
|
82 new XMLListLoader("digilib-addresses", "address", "ip", "role");
|
259
|
83 ipList = ipLoader.loadURL(configFile.toURL().toString());
|
73
|
84 } catch (Exception e) {
|
|
85 throw new AuthOpException(
|
|
86 "ERROR loading authorization config file: " + e);
|
|
87 }
|
|
88 if ((pathList == null) || (ipList == null)) {
|
|
89 throw new AuthOpException("ERROR unable to load authorization config file!");
|
|
90 }
|
|
91 // setup path tree
|
|
92 authPaths = new HashTree(pathList, "/", ",");
|
|
93 // setup ip tree
|
|
94 authIPs = new HashTree(ipList, ".", ",");
|
|
95 }
|
1
|
96
|
73
|
97 /** Return authorization roles needed for request.
|
|
98 *
|
|
99 * Returns the list of authorization roles that are needed to access the
|
|
100 * specified path. No list means the path is free.
|
|
101 *
|
|
102 * The location information of the request is also considered.
|
|
103 *
|
|
104 * @param filepath filepath to be accessed.
|
|
105 * @param request ServletRequest with address information.
|
|
106 * @throws AuthOpException Exception thrown on error.
|
|
107 * @return List of Strings with role names.
|
|
108 */
|
531
|
109 public List<String> rolesForPath(String filepath, HttpServletRequest request)
|
73
|
110 throws digilib.auth.AuthOpException {
|
181
|
111 logger.debug("rolesForPath ("
|
73
|
112 + filepath
|
|
113 + ") by ["
|
|
114 + request.getRemoteAddr()
|
|
115 + "]");
|
1
|
116
|
73
|
117 // check if the requests address provides a role
|
531
|
118 List<String> provided = authIPs.match(request.getRemoteAddr());
|
73
|
119 if ((provided != null) && (provided.contains("ALL"))) {
|
|
120 // ALL switches off checking;
|
|
121 return null;
|
|
122 }
|
|
123 // which roles are required?
|
531
|
124 List<String> required = authPaths.match(filepath);
|
73
|
125 // do any provided roles match?
|
|
126 if ((provided != null) && (required != null)) {
|
|
127 for (int i = 0; i < provided.size(); i++) {
|
|
128 if (required.contains(provided.get(i))) {
|
|
129 // satisfied
|
|
130 return null;
|
|
131 }
|
|
132 }
|
|
133 }
|
|
134 return required;
|
|
135 }
|
1
|
136
|
73
|
137 /**
|
|
138 * @see digilib.auth.AuthOps#rolesForPath(digilib.servlet.DigilibRequest)
|
|
139 */
|
531
|
140 public List<String> rolesForPath(DigilibRequest request) throws AuthOpException {
|
181
|
141 logger.debug("rolesForPath ("
|
73
|
142 + request.getFilePath()
|
|
143 + ") by ["
|
|
144 + request.getServletRequest().getRemoteAddr()
|
|
145 + "]");
|
|
146
|
|
147 // check if the requests address provides a role
|
531
|
148 List<String> provided =
|
73
|
149 authIPs.match(request.getServletRequest().getRemoteAddr());
|
|
150 if ((provided != null) && (provided.contains("ALL"))) {
|
|
151 // ALL switches off checking;
|
|
152 return null;
|
|
153 }
|
|
154 // which roles are required?
|
531
|
155 List<String> required = authPaths.match(request.getFilePath());
|
73
|
156 // do any provided roles match?
|
|
157 if ((provided != null) && (required != null)) {
|
|
158 for (int i = 0; i < provided.size(); i++) {
|
|
159 if (required.contains(provided.get(i))) {
|
|
160 // satisfied
|
|
161 return null;
|
|
162 }
|
|
163 }
|
|
164 }
|
|
165 return required;
|
|
166 }
|
1
|
167
|
|
168 }
|