Java tutorial
/** * Copyright (c) 1999, 2014 Claresco Corporation, Berkeley, California. All rights reserved. * * * XapiCredentials.java May 12, 2014 * * Copyright 2014 Claresco Corporation, Berkeley, CA 94704. All Rights Reserved. * * This software is the proprietary information of Claresco Corporation. * Use is subject to license terms. * * Author : Rheza * */ package com.claresco.tinman.servlet; import java.util.ArrayList; import java.util.UUID; import org.joda.time.DateTime; import org.joda.time.format.DateTimeFormatter; import org.joda.time.format.ISODateTimeFormat; import com.claresco.tinman.lrs.XapiActor; import com.claresco.tinman.lrs.XapiAgent; import com.claresco.tinman.lrs.XapiIRI; import com.claresco.tinman.lrs.XapiInverseFunctionalIdentifier; import com.claresco.tinman.lrs.XapiPerson; /** * XapiCredentials * @author Rheza * * Description: * * * Status: * * */ public class XapiCredentials { private static ArrayList<String> myAcceptedScope; private ArrayList<String> myScope; private DateTime myExpiry; private boolean myHistorical; private XapiActor myActor; private XapiPerson myPerson; private ArrayList<XapiIRI> myActivityIDs = new ArrayList<XapiIRI>(); private UUID myRegistration; private DateTime myReceivedTimestamp; private boolean myReadStatementsClearance = false; private boolean myWriteStatementsClearance = false; private boolean myReadAnyoneStatementsClearance = false; private boolean myReadStateClearance = false; private boolean myWriteStateClearance = false; private boolean myDefineClearance = false; private boolean myReadProfileClearance = false; private boolean myWriteProfileClearance = false; /** * Constructor * * Params: * * */ public XapiCredentials(ArrayList<String> theScope, String theExpiry, boolean theHistorical, XapiPerson thePerson, ArrayList<String> theActivityIDs, String theRegistration, DateTime theReceivedTimestamp) throws XapiBadParamException { myScope = theScope; myHistorical = theHistorical; myPerson = thePerson; if (theRegistration != null) { myRegistration = UUID.fromString(theRegistration); } else { theRegistration = null; } myReceivedTimestamp = theReceivedTimestamp; DateTimeFormatter theFormatter = ISODateTimeFormat.dateTimeParser(); if (theExpiry != null) { myExpiry = theFormatter.parseDateTime(theExpiry); } else { // By default, 4 hours myExpiry = DateTime.now().plusHours(4); } for (String s : theActivityIDs) { myActivityIDs.add(new XapiIRI(s)); } populateAcceptedScope(); // Assign appropriate clearance based on its scope for (String scope : theScope) { if (!myAcceptedScope.contains(scope)) { throw new XapiBadParamException("Scope is not accepted"); } else { if (scope.equals("all")) { myReadStatementsClearance = true; myWriteStatementsClearance = true; myReadStateClearance = true; myWriteStateClearance = true; myDefineClearance = true; myReadProfileClearance = true; myWriteProfileClearance = true; myReadAnyoneStatementsClearance = true; } else if (scope.equals("all/read")) { myReadStatementsClearance = true; myReadAnyoneStatementsClearance = true; myReadStateClearance = true; myReadProfileClearance = true; } else if (scope.equals("profile")) { myReadProfileClearance = true; myWriteProfileClearance = true; } else if (scope.equals("state")) { myReadStateClearance = true; myWriteStateClearance = true; } else if (scope.equals("define")) { myDefineClearance = true; } else if (scope.equals("statements/read")) { myReadAnyoneStatementsClearance = true; myReadStatementsClearance = true; } else if (scope.equals("statements/read/mine")) { myReadStatementsClearance = true; } else if (scope.equals("statements/write")) { myWriteStatementsClearance = true; } } } } public XapiCredentials(boolean isDebugMode) throws XapiServletSecurityRiskException { if (!isDebugMode) { throw new XapiServletSecurityRiskException("Had to abort due to security risk"); } } // This is to help with LMS Credentials class protected XapiCredentials() { } public DateTime getExpiry() { return myExpiry; } public boolean getHistorical() { return myHistorical; } public XapiActor getActor() { return myPerson.getAnyAgent(); } public XapiPerson getPerson() { return myPerson; } public UUID getRegistration() { return myRegistration; } public ArrayList<String> getScope() { return myScope; } public ArrayList<XapiIRI> getActivityIDs() { return myActivityIDs; } public boolean hasRegistration() { return myRegistration != null; } public boolean hasActivityIDs() { return myActivityIDs != null && !myActivityIDs.isEmpty(); } public boolean hasScope() { return myScope != null && !myScope.isEmpty(); } public boolean isDefiningAllowed() { return myDefineClearance; } private boolean isActorAllowed(XapiActor theActor, XapiServletActionType theAction) { if (theAction.equals(XapiServletActionType.STATEMENTREADMINE)) { return myPerson.containsActor(theActor); } else if (theAction.equals(XapiServletActionType.STATEMENTREADANY)) { return true; } if (theActor == null) { return false; } return myPerson.containsActor(theActor); } private boolean isTimestampAllowed(DateTime theTimestamp) { if (theTimestamp == null) { return false; } if (!myHistorical) { return !theTimestamp.isBefore(myReceivedTimestamp) && theTimestamp.isBefore(myExpiry); } return theTimestamp.isBefore(this.myExpiry); } private boolean isActivityAllowed(ArrayList<XapiIRI> theActivityIDs) { if (myActivityIDs == null || myActivityIDs.size() == 0) { return true; } if (theActivityIDs == null || theActivityIDs.size() == 0) { return true; } for (XapiIRI activityID : theActivityIDs) { if (myActivityIDs.contains(activityID)) { return true; } } for (XapiIRI theCredActvIRI : myActivityIDs) { for (XapiIRI theActionActvIRI : theActivityIDs) { if (theActionActvIRI.toString().startsWith(theCredActvIRI.toString())) { return true; } } } return false; } private boolean isRegistrationAllowed(String theRegistration) { if (theRegistration == null) { return true; } return myRegistration.equals(UUID.fromString(theRegistration)); } private boolean isRegistrationAllowed(UUID theRegistration) { if (theRegistration == null) { return false; } return myRegistration.equals(theRegistration); } private boolean isActionAllowed(XapiServletActionType theActionType) { switch (theActionType) { case STATEMENTWRITE: return myWriteStatementsClearance; case STATEMENTREADMINE: return myReadStatementsClearance; case STATEMENTREADANY: return myReadAnyoneStatementsClearance; case STATEWRITE: return myWriteStateClearance; case STATEREAD: return myReadStateClearance; case DEFINE: return myDefineClearance; case PROFILEWRITE: return myWriteProfileClearance; case PROFILEREAD: return myReadProfileClearance; default: return false; } } public boolean isValid() { for (String scope : myScope) { if (!myAcceptedScope.contains(scope)) { return false; } } return true; } // FIX !!! public boolean isActionRequestedAllow(XapiServletActionRequested theActionRequested) { if (!isActorAllowed(theActionRequested.getActor(), theActionRequested.getServletActionType())) { return false; } if (!isActivityAllowed(theActionRequested.getActivityID())) { return false; } if (!isTimestampAllowed(theActionRequested.getTimestamp())) { return false; } if (!isActionAllowed(theActionRequested.getServletActionType())) { return false; } if (theActionRequested.hasRegistration()) { if (!isRegistrationAllowed(theActionRequested.getRegistration())) { return false; } } return true; } private void populateAcceptedScope() { myAcceptedScope = new ArrayList<String>(); myAcceptedScope.add("statements/write"); myAcceptedScope.add("statements/read/mine"); myAcceptedScope.add("statements/read"); myAcceptedScope.add("state"); myAcceptedScope.add("define"); myAcceptedScope.add("profile"); myAcceptedScope.add("all/read"); myAcceptedScope.add("all"); } /** public static void main(String[] args) { ArrayList<String> theScope = new ArrayList<String>(); theScope.add("statements/write"); theScope.add("statements/write/mine"); theScope.add("statements/read"); theScope.add("state"); theScope.add("define"); theScope.add("profile"); theScope.add("all/read"); theScope.add("all"); XapiPerson thePerson = new XapiPerson(theName, theMbox, theMboxSha1sum, theOpenID, theAccount) XapiActor theActor = new XapiAgent("Mars",new XapiInverseFunctionalIdentifier("mars@m.com", null, null, null)); XapiAgent theAgent = new XapiAgent("Mars",new XapiInverseFunctionalIdentifier("mars@m.com", null, null, null)); XapiAgent theBadAgent = new XapiAgent("Mars",new XapiInverseFunctionalIdentifier("mars@mars.com", null, null, null)); ArrayList<String> theActv = new ArrayList<String>(); theActv.add("activity1"); String theR = UUID.randomUUID().toString(); DateTime theReceived = DateTime.now().minusMinutes(10); String theExpiry = null; try { XapiCredentials theCredentials = new XapiCredentials(theScope, theExpiry, false, theActor, theActv, theR, theReceived); System.out.println(theCredentials.isActorAllowed(theBadAgent)); System.out.println("timestamp permission:" + theCredentials.isTimestampAllowed(DateTime.now().minusHours(3))); System.out.println("activity permission: " + theCredentials.isActivityAllowed(new XapiIRI("activity3"))); XapiServletActionType a = XapiServletActionType.STATEREAD; System.out.println("action permission for " + a.toString() + " is " + theCredentials.isActionAllowed(a)); } catch (Exception e) { e.printStackTrace(); } } **/ }