PropertiesAuthorizationProvider.java [plain text]
package org.blojsom.authorization;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.blojsom.BlojsomException;
import org.blojsom.blog.BlogUser;
import org.blojsom.blog.BlojsomConfiguration;
import org.blojsom.blog.BlojsomConfigurationException;
import org.blojsom.util.BlojsomConstants;
import org.blojsom.util.BlojsomProperties;
import org.blojsom.util.BlojsomUtils;
import javax.servlet.ServletConfig;
import java.io.IOException;
import java.io.InputStream;
import java.util.Map;
import java.util.Properties;
import java.util.List;
public class PropertiesAuthorizationProvider implements AuthorizationProvider, BlojsomConstants {
private Log _logger = LogFactory.getLog(PropertiesAuthorizationProvider.class);
protected ServletConfig _servletConfig;
protected String _baseConfigurationDirectory;
public PropertiesAuthorizationProvider() {
}
public void init(ServletConfig servletConfig, BlojsomConfiguration blojsomConfiguration) throws BlojsomConfigurationException {
_servletConfig = servletConfig;
_baseConfigurationDirectory = blojsomConfiguration.getBaseConfigurationDirectory();
_logger.debug("Initialized properties authorization provider");
}
public void loadAuthenticationCredentials(BlogUser blogUser) throws BlojsomException {
String authorizationConfiguration = _servletConfig.getInitParameter(BLOG_AUTHORIZATION_IP);
if (BlojsomUtils.checkNullOrBlank(authorizationConfiguration)) {
_logger.error("No authorization configuration file specified");
throw new BlojsomException("No authorization configuration file specified");
}
Properties authorizationProperties;
InputStream is = _servletConfig.getServletContext().getResourceAsStream(_baseConfigurationDirectory + blogUser.getId() + '/' + authorizationConfiguration);
authorizationProperties = new BlojsomProperties();
try {
authorizationProperties.load(is);
is.close();
Map authorizationMap = BlojsomUtils.propertiesToMap(authorizationProperties);
blogUser.getBlog().setAuthorization(authorizationMap);
} catch (IOException e) {
_logger.error(e);
throw new BlojsomException(e);
}
}
public void authorize(BlogUser blogUser, Map authorizationContext, String username, String password) throws BlojsomException {
Map authorizationMap = blogUser.getBlog().getAuthorization();
boolean result = false;
if (authorizationMap != null) {
if (authorizationMap.containsKey(username)) {
String parsedPassword = BlojsomUtils.parseLastComma((String) authorizationMap.get(username))[0];
if (blogUser.getBlog().getUseEncryptedPasswords().booleanValue()) {
password = BlojsomUtils.digestString(password, blogUser.getBlog().getDigestAlgorithm());
}
if (password.equals(parsedPassword)) {
result = true;
}
}
}
if (!result) {
throw new BlojsomException("Authorization failed for blog user: " + blogUser.getId() + " for username: " + username);
}
}
public void checkPermission(BlogUser blogUser, Map permissionContext, String username, String permission) throws BlojsomException {
if (username == null) {
throw new BlojsomException("No username provided to check permission");
}
if (permission == null) {
throw new BlojsomException("Cannot check null permission");
}
String permissionsConfiguration = _servletConfig.getInitParameter(BLOG_PERMISSIONS_IP);
if (BlojsomUtils.checkNullOrBlank(permissionsConfiguration)) {
_logger.warn("No permissions configuration file specified. Using default: " + DEFAULT_PERMISSIONS_CONFIGURATION_FILE);
permissionsConfiguration = DEFAULT_PERMISSIONS_CONFIGURATION_FILE;
}
Properties permissionsProperties;
InputStream is = _servletConfig.getServletContext().getResourceAsStream(_baseConfigurationDirectory + blogUser.getId() + '/' + permissionsConfiguration);
permissionsProperties = new BlojsomProperties(true);
if (is == null) {
throw new BlojsomException("No permissions configuration file found");
}
try {
permissionsProperties.load(is);
is.close();
Object permissionsForUser = permissionsProperties.get(username);
if (permissionsForUser == null) {
throw new BlojsomException("Permission: " + permission + " not found for username: " + username);
}
if (permissionsForUser instanceof List) {
Map permissions = BlojsomUtils.listToMap((List) permissionsForUser);
if (!permissions.containsKey("*")) {
if (!permissions.containsKey(permission)) {
throw new BlojsomException("Permission: " + permission + " not found for username: " + username);
}
}
} else {
if (!"*".equals(permissionsForUser)) {
if (!permissionsForUser.equals(permission)) {
throw new BlojsomException("Permission: " + permission + " not found for username: " + username);
}
}
}
} catch (IOException e) {
_logger.error(e);
throw new BlojsomException(e);
}
}
}