Mercurial > hg > digilib-old

comparison common/src/main/java/digilib/auth/XMLAuthOps.java @ 903:7779b37d1d05

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
refactored into maven modules per servlet type. can build servlet-api 2.3 and 3.0 via profile now!
author robcast
date Tue, 26 Apr 2011 20:24:31 +0200
parents servlet/src/main/java/digilib/auth/XMLAuthOps.java@ba1eb2d821a2
children
comparison
equal deleted inserted replaced
902:89ba3ffcf552 903:7779b37d1d05
1 /* XMLAuthOps -- Authentication class implementation using XML files
2
3 Digital Image Library servlet components
4
5 Copyright (C) 2001, 2002 Robert Casties (robcast@mail.berlios.de)
6
7 This program is free software; you can redistribute it and/or modify it
8 under the terms of the GNU General Public License as published by the
9 Free Software Foundation; either version 2 of the License, or (at your
10 option) any later version.
11
12 Please read license.txt for the full details. A copy of the GPL
13 may be found at http://www.gnu.org/copyleft/lgpl.html
14
15 You should have received a copy of the GNU General Public License
16 along with this program; if not, write to the Free Software
17 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18
19 */
20
21 package digilib.auth;
22
23 import java.io.File;
24 import java.util.List;
25 import java.util.Map;
26
27 import javax.servlet.http.HttpServletRequest;
28
29 import digilib.servlet.DigilibRequest;
30 import digilib.util.HashTree;
31 import digilib.util.XMLListLoader;
32
33 /** Implementation of AuthOps using XML files.
34 *
35 * The configuration file is read by an XMLListLoader into HashTree objects for
36 * authentication paths and IP numbers.
37 */
38 public class XMLAuthOps extends AuthOpsImpl {
39
40 private File configFile;
41 private HashTree authPaths;
42 private HashTree authIPs;
43
44 /** Constructor taking an XML config file.
45 *
46 * @param u utils object
47 * @param confFile Configuration file.
48 * @throws AuthOpException Exception thrown on error.
49 */
50 public XMLAuthOps(File confFile) throws AuthOpException {
51 configFile = confFile;
52 init();
53 }
54
55 /** Set configuration file.
56 *
57 * @param confFile XML config file.
58 * @throws AuthOpException Exception thrown on error.
59 */
60 public void setConfig(File confFile) throws AuthOpException {
61 configFile = confFile;
62 init();
63 }
64
65 /** Initialize.
66 *
67 * Read configuration files and setup authentication arrays.
68 *
69 * @throws AuthOpException Exception thrown on error.
70 */
71 public void init() throws AuthOpException {
72 logger.debug("xmlauthops.init (" + configFile + ")");
73 Map<String, String> pathList = null;
74 Map<String, String> ipList = null;
75 try {
76 // load authPaths
77 XMLListLoader pathLoader =
78 new XMLListLoader("digilib-paths", "path", "name", "role");
79 pathList = pathLoader.loadURL(configFile.toURL().toString());
80 // load authIPs
81 XMLListLoader ipLoader =
82 new XMLListLoader("digilib-addresses", "address", "ip", "role");
83 ipList = ipLoader.loadURL(configFile.toURL().toString());
84 } catch (Exception e) {
85 throw new AuthOpException(
86 "ERROR loading authorization config file: " + e);
87 }
88 if ((pathList == null) || (ipList == null)) {
89 throw new AuthOpException("ERROR unable to load authorization config file!");
90 }
91 // setup path tree
92 authPaths = new HashTree(pathList, "/", ",");
93 // setup ip tree
94 authIPs = new HashTree(ipList, ".", ",");
95 }
96
97 /** Return authorization roles needed for request.
98 *
99 * Returns the list of authorization roles that are needed to access the
100 * specified path. No list means the path is free.
101 *
102 * The location information of the request is also considered.
103 *
104 * @param filepath filepath to be accessed.
105 * @param request ServletRequest with address information.
106 * @throws AuthOpException Exception thrown on error.
107 * @return List of Strings with role names.
108 */
109 public List<String> rolesForPath(String filepath, HttpServletRequest request)
110 throws digilib.auth.AuthOpException {
111 logger.debug("rolesForPath ("
112 + filepath
113 + ") by ["
114 + request.getRemoteAddr()
115 + "]");
116
117 // check if the requests address provides a role
118 List<String> provided = authIPs.match(request.getRemoteAddr());
119 if ((provided != null) && (provided.contains("ALL"))) {
120 // ALL switches off checking;
121 return null;
122 }
123 // which roles are required?
124 List<String> required = authPaths.match(filepath);
125 // do any provided roles match?
126 if ((provided != null) && (required != null)) {
127 for (int i = 0; i < provided.size(); i++) {
128 if (required.contains(provided.get(i))) {
129 // satisfied
130 return null;
131 }
132 }
133 }
134 return required;
135 }
136
137 /**
138 * @see digilib.auth.AuthOps#rolesForPath(digilib.servlet.DigilibRequest)
139 */
140 public List<String> rolesForPath(DigilibRequest request) throws AuthOpException {
141 logger.debug("rolesForPath ("
142 + request.getFilePath()
143 + ") by ["
144 + request.getServletRequest().getRemoteAddr()
145 + "]");
146
147 // check if the requests address provides a role
148 List<String> provided =
149 authIPs.match(request.getServletRequest().getRemoteAddr());
150 if ((provided != null) && (provided.contains("ALL"))) {
151 // ALL switches off checking;
152 return null;
153 }
154 // which roles are required?
155 List<String> required = authPaths.match(request.getFilePath());
156 // do any provided roles match?
157 if ((provided != null) && (required != null)) {
158 for (int i = 0; i < provided.size(); i++) {
159 if (required.contains(provided.get(i))) {
160 // satisfied
161 return null;
162 }
163 }
164 }
165 return required;
166 }
167
168 }