Java tutorial
/** * Copyright (c) 2009 - 2012 Red Hat, Inc. * * This software is licensed to you under the GNU General Public License, * version 2 (GPLv2). There is NO WARRANTY for this software, express or * implied, including the implied warranties of MERCHANTABILITY or FITNESS * FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2 * along with this software; if not, see * http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. * * Red Hat trademarks are not licensed under GPLv2. No permission is * granted to use or replicate Red Hat trademarks that are incorporated * in this software or its documentation. */ package org.candlepin.auth; import org.candlepin.auth.permissions.Permission; import org.candlepin.util.Util; import org.apache.commons.collections.CollectionUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import java.io.Serializable; import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; import java.util.List; /** * An entity interacting with Candlepin */ public abstract class Principal implements Serializable, java.security.Principal { private static final long serialVersionUID = 907789978604269132L; private static Logger log = LoggerFactory.getLogger(Principal.class); protected List<Permission> permissions = new ArrayList<Permission>(); public abstract String getType(); public abstract boolean hasFullAccess(); public List<Permission> getPermissions() { return permissions; } protected void addPermission(Permission permission) { this.permissions.add(permission); } public boolean canAccess(Object target, SubResource subResource, Access access) { log.debug("{} principal checking for {} access to target: {} sub-resource: {}", this.getClass().getName(), access, target, subResource); if (hasFullAccess()) { return true; } for (Permission permission : permissions) { log.debug(" checking permission: {}", permission.getClass().getName()); if (permission.canAccess(target, subResource, access)) { log.debug(" permission granted"); // if any of the principal's permissions allows access, then // we are good to go return true; } } // none of the permissions grants access, so this target is not allowed String targetType = (target == null) ? "null" : target.getClass().getName(); log.warn("Refused principal: '{}' access to: {}", getName(), targetType); return false; } public boolean canAccessAll(Collection targets, SubResource subResource, Access access) { if (CollectionUtils.isEmpty(targets)) { log.debug("{} principal checking for {} access to sub-resource: {}." + " Access to null or resource tried", this.getClass().getName(), access, subResource); return canAccess(null, subResource, access); } log.debug("{} principal checking for {} access to targets: {} sub-resource: {}", this.getClass().getName(), access, Arrays.toString(targets.toArray()), subResource); if (hasFullAccess()) { return true; } for (Object target : targets) { if (!canAccess(target, subResource, access)) { return false; } } return true; } public abstract String getName(); /** * @deprecated use getName() instead * @return Principal name */ @Deprecated public String getPrincipalName() { return getName(); } public PrincipalData getData() { return new PrincipalData(this.getType(), this.getName()); } /** * @return Username for this principal, null if there is not one. */ public String getUsername() { return null; } @Override public String toString() { return Util.toJson(this.getData()); } }