Java tutorial
/* * The Kuali Financial System, a comprehensive financial management system for higher education. * * Copyright 2005-2014 The Kuali Foundation * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as * published by the Free Software Foundation, either version 3 of the * License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. */ package org.kuali.kfs.sec.service.impl; import java.util.Map; import org.apache.commons.lang.StringUtils; import org.kuali.kfs.sec.SecConstants; import org.kuali.kfs.sec.service.AccessPermissionEvaluator; import org.kuali.rice.kim.api.identity.Person; /** * @see org.kuali.kfs.sec.service.AccessPermissionEvaluator */ public class AccessPermissionEvaluatorImpl implements AccessPermissionEvaluator { private static final org.apache.log4j.Logger LOG = org.apache.log4j.Logger .getLogger(AccessPermissionEvaluatorImpl.class); protected String constraintCode; protected String operatorCode; protected String propertyValue; protected Map<String, Object> otherKeyFieldValues; protected Person person; protected String[] matchValues; protected boolean performEqualMatch; protected boolean performLessThanMatch; protected boolean performGreaterThanMatch; protected boolean allowConstraint; protected boolean notOperator; public AccessPermissionEvaluatorImpl() { super(); performEqualMatch = false; performLessThanMatch = false; performGreaterThanMatch = false; allowConstraint = false; notOperator = false; } /** * @see org.kuali.kfs.sec.service.AccessPermissionEvaluator#valueIsAllowed(java.lang.String) */ public boolean valueIsAllowed(String value) { boolean allowed = false; initializeAfterPropsSet(); boolean match = false; for (int i = 0; i < matchValues.length; i++) { String matchValue = matchValues[i]; if (isMatch(matchValue, value)) { match = true; break; } } if ((allowConstraint && notOperator) || (!allowConstraint && !notOperator)) { allowed = !match; } else { allowed = match; } return allowed; } /** * Determines whether two values match performing an equal, greater than, or less than check and also considering wildcards * * @param matchValue String value to match, can contain the * wildcard * @param value String value to compare * @return boolean true if values match, false otherwise */ protected boolean isMatch(String matchValue, String value) { boolean match = false; boolean performWildcardMatch = false; if (StringUtils.contains(matchValue, SecConstants.SecurityValueSpecialCharacters.WILDCARD_CHARACTER)) { matchValue = StringUtils.remove(matchValue, SecConstants.SecurityValueSpecialCharacters.WILDCARD_CHARACTER); performWildcardMatch = true; } if (performEqualMatch) { if (performWildcardMatch) { match = value.startsWith(matchValue); } else { match = value.equals(matchValue); } } if (!match && performLessThanMatch) { match = value.compareTo(matchValue) < 0; } if (!match && performGreaterThanMatch) { match = value.compareTo(matchValue) > 0; } return match; } /** * Hooks for permission evaluators to do additional setup after properties have been set */ protected void initializeAfterPropsSet() { if (StringUtils.contains(constraintCode, SecConstants.SecurityConstraintCodes.ALLOWED)) { allowConstraint = true; } if (SecConstants.SecurityDefinitionOperatorCodes.EQUAL.equals(operatorCode) || SecConstants.SecurityDefinitionOperatorCodes.NOT_EQUAL.equals(operatorCode) || SecConstants.SecurityDefinitionOperatorCodes.LESS_THAN_EQUAL.equals(operatorCode) || SecConstants.SecurityDefinitionOperatorCodes.GREATER_THAN_EQUAL.equals(operatorCode)) { performEqualMatch = true; } if (SecConstants.SecurityDefinitionOperatorCodes.LESS_THAN.equals(operatorCode) || SecConstants.SecurityDefinitionOperatorCodes.LESS_THAN_EQUAL.equals(operatorCode)) { performLessThanMatch = true; } if (SecConstants.SecurityDefinitionOperatorCodes.GREATER_THAN.equals(operatorCode) || SecConstants.SecurityDefinitionOperatorCodes.GREATER_THAN_EQUAL.equals(operatorCode)) { performGreaterThanMatch = true; } if (SecConstants.SecurityDefinitionOperatorCodes.NOT_EQUAL.equals(operatorCode)) { notOperator = true; } setMatchValues(); } /** * Sets the values to match on based on given value and other properties */ protected void setMatchValues() { if (StringUtils.contains(propertyValue, SecConstants.SecurityValueSpecialCharacters.MULTI_VALUE_SEPERATION_CHARACTER)) { matchValues = StringUtils.split(propertyValue, SecConstants.SecurityValueSpecialCharacters.MULTI_VALUE_SEPERATION_CHARACTER); } else { matchValues = new String[1]; matchValues[0] = propertyValue; } } /** * @see org.kuali.kfs.sec.service.AccessPermissionEvaluator#setConstraintCode(java.lang.String) */ public void setConstraintCode(String constraintCode) { this.constraintCode = constraintCode; } /** * @see org.kuali.kfs.sec.service.AccessPermissionEvaluator#setOperatorCode(java.lang.String) */ public void setOperatorCode(String operatorCode) { this.operatorCode = operatorCode; } /** * @see org.kuali.kfs.sec.service.AccessPermissionEvaluator#setPropertyValue(java.lang.String) */ public void setPropertyValue(String propertyValue) { this.propertyValue = propertyValue; } /** * @see org.kuali.kfs.sec.service.AccessPermissionEvaluator#setOtherKeyFieldValueMap(java.util.Map) */ public void setOtherKeyFieldValueMap(Map<String, Object> otherKeyFieldValues) { this.otherKeyFieldValues = otherKeyFieldValues; } /** * @see org.kuali.kfs.sec.service.AccessPermissionEvaluator#setPerson(org.kuali.rice.kim.api.identity.Person) */ public void setPerson(Person person) { this.person = person; } }