view servlet/src/main/java/digilib/auth/PathServletAuthOps.java @ 1177:9c956718f1da

better authorisation classes. new AuthOpsFactory. renamed XMLAuthOps to PathServletAuthOps. new MetaAccessServletAuthOps using "access" metadata.
author robcast
date Thu, 04 Apr 2013 11:21:16 +0200
parents servlet/src/main/java/digilib/auth/XMLAuthOps.java@888cdaf022fe
children f5e16d31cccb
line wrap: on
line source

package digilib.auth;

/*
 * #%L
 * XMLAuthOps -- Authentication class implementation using XML files
 * 
 * Digital Image Library servlet components
 * 
 * %%
 * Copyright (C) 2001 - 2013 MPIWG Berlin
 * %%
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Lesser General Public License as 
 * published by the Free Software Foundation, either version 3 of the 
 * License, or (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Lesser Public License for more details.
 * 
 * You should have received a copy of the GNU General Lesser Public 
 * License along with this program.  If not, see
 * <http://www.gnu.org/licenses/lgpl-3.0.html>.
 * #L%
 * Author: Robert Casties (robcast@berlios.de)
 */

import java.io.File;
import java.util.List;
import java.util.Map;

import javax.servlet.http.HttpServletRequest;

import digilib.conf.DigilibServletRequest;
import digilib.util.HashTree;
import digilib.util.XMLListLoader;

/**
 * Implementation of AuthOps using paths defined in an XML config file.
 * 
 * The configuration file is read by an XMLListLoader into HashTree objects for
 * authentication paths and IP numbers.
 */
public class PathServletAuthOps extends ServletAuthOpsImpl {

    private File configFile;
    private HashTree authPaths;
    private HashTree authIPs;

    /**
     * Constructor taking an XML config file.
     * 
     * @param u
     *            utils object
     * @param confFile
     *            Configuration file.
     * @throws AuthOpException
     *             Exception thrown on error.
     */
    public PathServletAuthOps(File confFile) throws AuthOpException {
        configFile = confFile;
        init();
    }

    /**
     * Set configuration file.
     * 
     * @param confFile
     *            XML config file.
     * @throws AuthOpException
     *             Exception thrown on error.
     */
    public void setConfig(File confFile) throws AuthOpException {
        configFile = confFile;
        init();
    }

    /**
     * Initialize.
     * 
     * Read configuration files and setup authentication arrays.
     * 
     * @throws AuthOpException
     *             Exception thrown on error.
     */
    public void init() throws AuthOpException {
        logger.debug("xmlauthops.init (" + configFile + ")");
        Map<String, String> pathList = null;
        Map<String, String> ipList = null;
        try {
            // load authPaths
            XMLListLoader pathLoader = new XMLListLoader("digilib-paths", "path", "name", "role");
            pathList = pathLoader.loadUri(configFile.toURI());
            // load authIPs
            XMLListLoader ipLoader = new XMLListLoader("digilib-addresses", "address", "ip", "role");
            ipList = ipLoader.loadUri(configFile.toURI());
        } catch (Exception e) {
            throw new AuthOpException("ERROR loading authorization config file: " + e);
        }
        if ((pathList == null) || (ipList == null)) {
            throw new AuthOpException("ERROR unable to load authorization config file!");
        }
        // setup path tree
        authPaths = new HashTree(pathList, "/", ",");
        // setup ip tree
        authIPs = new HashTree(ipList, ".", ",");
    }

    /**
     * Return authorization roles needed for request.
     * 
     * Returns the list of authorization roles that are needed to access the
     * specified path. No list means the path is free.
     * 
     * The location information of the request is also considered.
     * 
     * @param filepath
     *            filepath to be accessed.
     * @param request
     *            ServletRequest with address information.
     * @throws AuthOpException
     *             Exception thrown on error.
     * @return List of Strings with role names.
     */
    public List<String> rolesForPath(DigilibServletRequest dlRequest) throws digilib.auth.AuthOpException {
        String filepath = dlRequest.getFilePath();
        HttpServletRequest request = dlRequest.getServletRequest();
        logger.debug("rolesForPath (" + filepath + ") by [" + request.getRemoteAddr() + "]");

        // check if the requests address provides a role
        List<String> provided = authIPs.match(request.getRemoteAddr());
        if ((provided != null) && (provided.contains("ALL"))) {
            // ALL switches off checking;
            return null;
        }
        // which roles are required?
        List<String> required = authPaths.match(filepath);
        // do any provided roles match?
        if ((provided != null) && (required != null)) {
            for (int i = 0; i < provided.size(); i++) {
                if (required.contains(provided.get(i))) {
                    // satisfied
                    return null;
                }
            }
        }
        return required;
    }

}