Java tutorial
/* * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 * (the "License"); you may not use this file except in compliance with * the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.apache.sling.cassandra.resource.provider.security; import org.apache.commons.codec.binary.Base64; import me.prettyprint.cassandra.model.CqlQuery; import me.prettyprint.cassandra.model.CqlRows; import me.prettyprint.cassandra.serializers.StringSerializer; import me.prettyprint.hector.api.Keyspace; import me.prettyprint.hector.api.beans.HColumn; import me.prettyprint.hector.api.beans.Row; import me.prettyprint.hector.api.exceptions.HInvalidRequestException; import me.prettyprint.hector.api.query.QueryResult; import org.apache.sling.cassandra.resource.provider.CassandraResourceProvider; import org.apache.sling.cassandra.resource.provider.util.CassandraResourceProviderUtil; import org.apache.sling.commons.json.JSONObject; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.io.UnsupportedEncodingException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.util.HashSet; import java.util.Iterator; import java.util.Map; import java.util.Set; public class AccessControlUtil { private static Logger LOGGER = LoggerFactory.getLogger(AccessControlUtil.class); private static final String ACL_CF = "sling_acl"; private static final String ACE_SEPARATOR = "_"; private static final int READ = 0x01; private static final int WRITE = 0x02; private static final int DELETE = 0x04; private static final String _READ = "READ"; private static final String _WRITE = "WRITE"; private static final String _DELETE = "DELETE"; private static final String DEFAULT_SYSTEM_ACE = "0_everyone_allow : 0x01"; private CassandraResourceProvider provider; public AccessControlUtil(CassandraResourceProvider provider) { this.provider = provider; } public AccessControlUtil() { } public static void main(String[] args) throws Exception { m(); } private static void m() { AccessControlUtil accessControlUtil = new AccessControlUtil(new CassandraResourceProvider()); String path = "/content/cassandra/p2/c2"; String policy = "0_dishara_allow : " + READ; Set<String> set = new HashSet<String>(); set.add("dishara"); try { accessControlUtil.addACE(path, policy); int results[] = accessControlUtil.buildAtLevel(set, path); System.out.println("GRANT" + results[0]); System.out.println("DENY" + results[1]); } catch (Exception e) { e.printStackTrace(); } } private int getPrivilegeFromACE(String ace) { return Integer.decode(ace.split(":")[1].trim()); } private String getPrincipleFromACE(String ace) { return ace.split(":")[0].trim().split(ACE_SEPARATOR)[1].trim(); } private boolean isACEGrant(String ace) { return "allow".equalsIgnoreCase(ace.split(":")[0].trim().split(ACE_SEPARATOR)[2].trim()); } private boolean isUserHasPrinciple(String principle, Set<String> principles) { return principles.contains(principle); } private int[] getCurrentLevelBitmaps(Set<String> userPrinciples, String currentPath) throws Exception { int grants = 0; int denies = 0; String[] aclArray = getACL(currentPath); if (aclArray == null) { return new int[] { grants, denies }; } for (String ace : aclArray) { if (isUserHasPrinciple(getPrincipleFromACE(ace), userPrinciples)) { int toGrant = 0; int toDeny = 0; if (isACEGrant(ace)) { toGrant = getPrivilegeFromACE(ace); } else { toDeny = getPrivilegeFromACE(ace); } toGrant = toGrant & ~denies; toDeny = toDeny & ~grants; grants = grants | toGrant; denies = denies | toDeny; } } return new int[] { grants, denies }; } private int[] buildAtLevel(Set<String> userPrinciples, String path) throws Exception { int[] parentPermission = new int[] { 0, 0 }; int[] permissions = new int[] { 0, 0 }; if (!"/".equals(path)) { parentPermission = buildAtLevel(userPrinciples, CassandraResourceProviderUtil.getParentPath(path)); } permissions = getCurrentLevelBitmaps(userPrinciples, path); int toGrant = parentPermission[0] & ~permissions[1]; int toDeny = parentPermission[1] & ~permissions[0]; permissions[0] = permissions[0] | toGrant; permissions[1] = permissions[1] | toDeny; return permissions; } private void addACE(String path, String policy) throws Exception { String rid = getrowID(path); createColumnFamily(ACL_CF, provider.getKeyspace(), new StringSerializer()); String getAllACEs = "select * from " + ACL_CF + " where KEY = '" + rid + "'"; QueryResult<CqlRows<String, String, String>> results = CassandraResourceProviderUtil .executeQuery(getAllACEs, provider.getKeyspace(), new StringSerializer()); if (CassandraResourceProviderUtil.recordExists(results, "policy")) { updateACL(rid, policy, new StringSerializer(), results); } else { addACL(rid, policy, new StringSerializer()); } } private String[] getACL(String path) throws Exception { if (getCassandraSystemNodeACL(path) != null) { return getCassandraSystemNodeACL(path); } String rid = getrowID(path); createColumnFamily(ACL_CF, provider.getKeyspace(), new StringSerializer()); String getAllACEs = "select * from " + ACL_CF + " where KEY = '" + rid + "'"; QueryResult<CqlRows<String, String, String>> results = CassandraResourceProviderUtil .executeQuery(getAllACEs, provider.getKeyspace(), new StringSerializer()); String policy = null; for (Row<String, String, String> row : ((CqlRows<String, String, String>) results.get()).getList()) { for (HColumn column : row.getColumnSlice().getColumns()) { if ("policy".equalsIgnoreCase(column.getName().toString()) && column.getValue() != null) { policy = column.getValue().toString(); } } } return policy != null ? policy.split(";") : null; } private String[] getCassandraSystemNodeACL(String path) { if ("/content".equals(path) || "/content/cassandra".equals(path) || "/".equals(path)) { return new String[] { DEFAULT_SYSTEM_ACE }; } else { return null; } } private void updateACL(String rid, String policy, StringSerializer se, QueryResult<CqlRows<String, String, String>> results) { String oldACL = ""; for (Row<String, String, String> row : ((CqlRows<String, String, String>) results.get()).getList()) { for (HColumn column : row.getColumnSlice().getColumns()) { if ("policy".equalsIgnoreCase(column.getName().toString()) && column.getValue() != null) { oldACL = column.getValue().toString(); } } } if (!oldACL.isEmpty()) { oldACL = oldACL + ";" + policy; } addACL(rid, oldACL, new StringSerializer()); } private void addACL(String rid, String policy, StringSerializer se) { CqlQuery<String, String, String> cqlQuery = new CqlQuery<String, String, String>(provider.getKeyspace(), se, se, se); String data = "'" + rid + "'" + "," + "'" + policy + "'"; String query = "insert into " + ACL_CF + " (KEY,policy) values (" + data + ");"; cqlQuery.setQuery(query); QueryResult<CqlRows<String, String, String>> result = cqlQuery.execute(); System.out.println("#####Added ACL"); } private String getrowID(String path) throws NoSuchAlgorithmException, UnsupportedEncodingException { MessageDigest md = MessageDigest.getInstance("SHA1"); String rowID = new String( Base64.encodeBase64(md.digest(CassandraResourceProviderUtil.getRemainingPath(path) != null ? CassandraResourceProviderUtil.getRemainingPath(path).getBytes("UTF-8") : "TEST".getBytes()))); return rowID; } private void createColumnFamily(String cf, Keyspace keyspace, StringSerializer se) { String createCF = "CREATE COLUMNFAMILY " + cf + " (KEY varchar PRIMARY KEY,policy varchar);"; CqlQuery<String, String, String> cqlQuery = new CqlQuery<String, String, String>(keyspace, se, se, se); cqlQuery.setQuery(createCF); try { QueryResult<CqlRows<String, String, String>> result1 = cqlQuery.execute(); LOGGER.info(result1.get().getList().size() + " Finished.!"); } catch (HInvalidRequestException ignore) { LOGGER.debug("Column Family already exists " + ignore.getMessage()); } } }