Java tutorial
/* * Copyright 2012 AMG.lab, a Bull Group Company * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.xlcloud.console.entitlements; import java.util.Arrays; import java.util.HashSet; import java.util.Set; import org.apache.commons.collections.CollectionUtils; import org.apache.commons.collections.Predicate; import org.apache.log4j.Logger; import org.xlcloud.console.context.EntitlementEngine; import org.xlcloud.console.context.IdentityContext; import org.xlcloud.console.entitlements.scope.predicates.EntitlementDictionaryPredicate; import org.xlcloud.service.AccessToken; import org.xlcloud.service.Entitlement; import org.xlcloud.service.Group; import org.xlcloud.service.HttpAction; import org.xlcloud.service.User; /** * @author tadamcze, AMG.net * @author Konrad Krl, AMG.net */ public class ExplicitEntitlementDictionary extends AbstractEntitlementDictionary { public static String ACCOUNT_ID_PARAM_AS_REGEXP = "\\{accId\\}"; public static String ACCOUNT_ID_PARAM = "{accId}"; public static String USER_ID_PARAM_AS_REGEXP = "\\{userId\\}"; public static String USER_ID_PARAM = "{userId}"; public static String[] CATALOG_RESOURCES = { "applications/-*-", "virtual-cluster-definitions/-*-", "virtual-cluster-definitions/validate", "projects/-*-/virtual-clusters", "projects/-*-/virtual-clusters/-*-", "projects/-*-/virtual-clusters/-*-/applications/-*-", "projects/-*-/virtual-clusters/-*-/parameters", "projects/-*-/virtual-clusters/-*-/sessions/-*-", "projects/-*-/virtual-clusters/-*-/sessions", "images/-*-", "applications", "virtual-cluster-definitions", "images" }; private static final Logger LOG = Logger.getLogger(ExplicitEntitlementDictionary.class); class InstantiateEntitlementException extends RuntimeException { private static final long serialVersionUID = -4908672046826956085L; public InstantiateEntitlementException(String message) { super(message); } } private Set<HttpAction> actions; private String path; private boolean initialDefault; /** * Instantiates new explicit entitlement. * * @param id * id * @param description * description * @param parent * parent of this entitlement * @param initialDefault * initial by default * @param path * path of this entitlement * @param actions * actions required for this entitlement */ public ExplicitEntitlementDictionary(Long id, String description, CompositeEntitlementDictionary parent, boolean initialDefault, String path, HttpAction... actions) { super(id, description, parent); for (HttpAction action : actions) { this.getActions().add(action); } this.initialDefault = initialDefault; this.path = path; } /** * Instantiates new explicit entitlement. Initial default is set to false * * @param id * id * @param description * description * @param parent * parent of this entitlement * @param path * path of this entitlement * @param actions * actions required for this entitlement */ public ExplicitEntitlementDictionary(Long id, String description, CompositeEntitlementDictionary parent, String path, HttpAction... actions) { this(id, description, parent, false, path, actions); } /** * Instantiates new explicit entitlement without parent. * * @param id * id * @param description * description * @param path * path of this entitlement * @param actions * actions required for this entitlement */ public ExplicitEntitlementDictionary(Long id, String description, String path, HttpAction... actions) { super(id, description); for (HttpAction action : actions) { this.getActions().add(action); } this.path = path; } /** * Inidcates whether it is possible to instantiate entitlement object from * this dictionary. If it is possible, a new entitlement can be instantiated * by: {@link #instantiateEntitlement(Long, Long)} * * @param accountId * account id for the instantiated entitlement * @param userId * user id for the instantiated entitlement * @return {@code true} if the instantiation is possible, {@code false} * otherwise */ public boolean canInstantiate(Long accountId, Long userId) { if (isAccountScopedEntitlement() && accountId == null) { return false; } if (isUserScopedEntitlement() && userId == null) { return false; } return true; } /** * Instantiates a new entitlement from this dictionary. It replaces all * occurences of accountId, and userId in the resource path with specified * ids. If the accountId or userId is included into resource path, but the * corresponding parameter is null, then InstantiateEntitlementException * exception is thrown. * * @param accountId * account id for the instantiated entitlement * @param userId * user id for the instantiated entitlement * @throws InstantiateEntitlementException * @return instantiated entitlement */ public Entitlement instantiateEntitlement(Long accountId, Long userId) { return instantiateEntitlement(accountId, userId, true); } /** * Instantiates a new entitlement from this dictionary. It replaces all * occurences of accountId, and userId in the resource path with specified * ids. If validationEnabled is true and if the accountId or userId is * included into resource path, but the corresponding parameter is null, * then InstantiateEntitlementException exception is thrown. * * @param accountId * account id * @param userId * user id * @param validationEnabled * indicates whether the validation is enabled or not * @return instantiated entitlement */ public Entitlement instantiateEntitlement(Long accountId, Long userId, boolean validationEnabled) { Entitlement entitlement = new Entitlement(); String renderedPath = new String(path); if (accountId != null) { renderedPath = renderedPath.replaceAll(ACCOUNT_ID_PARAM_AS_REGEXP, accountId.toString()); } else if (validationEnabled && isAccountScopedEntitlement()) { throw new InstantiateEntitlementException("Entitlement: " + path + " requires accountId"); } if (userId != null) { renderedPath = renderedPath.replaceAll(USER_ID_PARAM_AS_REGEXP, userId.toString()); } else if (validationEnabled && isUserScopedEntitlement()) { throw new InstantiateEntitlementException("Entitlement: " + path + " requires userId"); } entitlement.setResource(renderedPath); entitlement.getAction().addAll(actions); return entitlement; } /** * @return entitlement path */ public String getPath() { return path; } /** * Sets the value of {@link #path} * * @param path * entitlement path */ public void setPath(String path) { this.path = path; } /** * Gets the value of {@link #actions}. * * @return value of {@link #actions} */ public Set<HttpAction> getActions() { if (actions == null) { actions = new HashSet<HttpAction>(); } return actions; } /** * Sets the value of {@link #actions}. * * @param actions * entitlement actions */ public void setActions(Set<HttpAction> actions) { this.actions = actions; } /** * @return the value of {@link #initialDefault} */ public boolean isInitialDefault() { return initialDefault; } /** {@inheritDoc} */ @Override public boolean availableFor(final EntitlementEngine entitlementEngine, final IdentityContext identityContext, final EntitlementDictionaryPredicate predicate) { return availableToPerform(entitlementEngine, identityContext) && visibleForCurrentScope(predicate); } /** * Inidicates whether entitlement path contains accountId parameter to be * replaced. * * @return {@code true} if this is account scoped entitlement, {@code false} * otherwise. */ public boolean isAccountScopedEntitlement() { return path.contains(ACCOUNT_ID_PARAM); } /** * Inidicates whether entitlement path contains userId parameter to be * replaced. * * @return {@code true} if this is user scoped entitlement, {@code false} * otherwise. */ public boolean isUserScopedEntitlement() { return path.contains(USER_ID_PARAM); } /** * Inidicates whether the entitlement path is a catalog resource, which * means it is one of: {@link #CATALOG_RESOURCES}. * * @return {@code true} if this catalog resouce entitlement, {@code false} * otherwise. */ public boolean isCatalogResourceEntitlement() { return Arrays.asList(CATALOG_RESOURCES).contains(path); } /** {@inheritDoc} */ @Override public boolean isOwnedBy(final User user, final EntitlementEngine entitlementEngine) { if (!canInstantiate(user.getAccountId(), user.getId())) { return false; } try { final String renderedPath = instantiateEntitlement(user.getAccountId(), user.getId()).getResource(); return forAllActions(new Predicate() { @Override public boolean evaluate(Object object) { return entitlementEngine.canPerform(user, ((HttpAction) object), renderedPath); } }); } catch (InstantiateEntitlementException exception) { LOG.error(exception.getMessage()); return false; } } /** {@inheritDoc} */ @Override public boolean isOwnedBy(final Group group, final EntitlementEngine entitlementEngine) { if (!canInstantiate(group.getAccountId(), null)) { return false; } try { final String renderedPath = instantiateEntitlement(group.getAccountId(), null).getResource(); return forAllActions(new Predicate() { @Override public boolean evaluate(Object object) { return entitlementEngine.canPerform(group, ((HttpAction) object), renderedPath); } }); } catch (InstantiateEntitlementException exception) { LOG.error(exception.getMessage()); return false; } } /** {@inheritDoc} */ @Override public boolean isOwnedBy(final AccessToken accessToken, final User accessTokenUser, final EntitlementEngine entitlementEngine) { if (!canInstantiate(accessTokenUser.getAccountId(), accessTokenUser.getId())) { return false; } try { final String renderedPath = instantiateEntitlement(accessTokenUser.getAccountId(), accessTokenUser.getId()).getResource(); return forAllActions(new Predicate() { @Override public boolean evaluate(Object object) { return entitlementEngine.canPerform(accessToken, ((HttpAction) object), renderedPath); } }); } catch (InstantiateEntitlementException exception) { LOG.error(exception.getMessage()); return false; } } private boolean visibleForCurrentScope(final EntitlementDictionaryPredicate predicate) { return (predicate != null ? predicate.evaluate(this) : true); } private boolean availableToPerform(final EntitlementEngine entitlementEngine, final IdentityContext identityContext) { return forAllActions(new Predicate() { @Override public boolean evaluate(Object object) { Entitlement entitlement = instantiateEntitlement(identityContext.getAccountId(), identityContext.getUserId(), false); return entitlementEngine.canPerform(((HttpAction) object), entitlement.getResource()); } }); } private boolean forAllActions(Predicate predicate) { return (CollectionUtils.countMatches(actions, predicate) == actions.size()); } }