root/trunk/components/server/src/ome/security/ACLEventListener.java
| Revision 2637, 4.9 kB (checked in by jmoore, 5 months ago) | |
|---|---|
|
|
| Line | |
|---|---|
| 1 | /* |
| 2 | * ome.security.ACLEventListener |
| 3 | * |
| 4 | * Copyright 2006 University of Dundee. All rights reserved. |
| 5 | * Use is subject to license terms supplied in LICENSE.txt |
| 6 | */ |
| 7 | |
| 8 | package ome.security; |
| 9 | |
| 10 | // Java imports |
| 11 | |
| 12 | // Third-party imports |
| 13 | import ome.annotations.RevisionDate; |
| 14 | import ome.annotations.RevisionNumber; |
| 15 | import ome.conditions.SecurityViolation; |
| 16 | import ome.model.IObject; |
| 17 | import ome.tools.hibernate.HibernateUtils; |
| 18 | |
| 19 | import org.apache.commons.logging.Log; |
| 20 | import org.apache.commons.logging.LogFactory; |
| 21 | import org.hibernate.event.PostDeleteEvent; |
| 22 | import org.hibernate.event.PostDeleteEventListener; |
| 23 | import org.hibernate.event.PostInsertEvent; |
| 24 | import org.hibernate.event.PostInsertEventListener; |
| 25 | import org.hibernate.event.PostLoadEvent; |
| 26 | import org.hibernate.event.PostLoadEventListener; |
| 27 | import org.hibernate.event.PostUpdateEvent; |
| 28 | import org.hibernate.event.PostUpdateEventListener; |
| 29 | import org.hibernate.event.PreDeleteEvent; |
| 30 | import org.hibernate.event.PreDeleteEventListener; |
| 31 | import org.hibernate.event.PreInsertEvent; |
| 32 | import org.hibernate.event.PreInsertEventListener; |
| 33 | import org.hibernate.event.PreLoadEvent; |
| 34 | import org.hibernate.event.PreLoadEventListener; |
| 35 | import org.hibernate.event.PreUpdateEvent; |
| 36 | import org.hibernate.event.PreUpdateEventListener; |
| 37 | |
| 38 | /** |
| 39 | * responsible for intercepting all pre-INSERT, pre-UPDATE, pre-DELETE, and |
| 40 | * post-LOAD events to apply access control. For each event, a call is made to |
| 41 | * the {@link SecuritySystem} to see if the event is allowed, and if not, |
| 42 | * another call is made to the {@link SecuritySystem} to throw a |
| 43 | * {@link SecurityViolation}. |
| 44 | * |
| 45 | * @author Josh Moore, josh.moore at gmx.de |
| 46 | * @version $Revision$, $Date$ |
| 47 | * @see SecuritySystem |
| 48 | * @see SecurityViolation |
| 49 | * @since 3.0-M3 |
| 50 | */ |
| 51 | @RevisionDate("$Date$") |
| 52 | @RevisionNumber("$Revision$") |
| 53 | public class ACLEventListener implements |
| 54 | /* BEFORE... */PreDeleteEventListener, PreInsertEventListener, |
| 55 | /* and...... */PreLoadEventListener, PreUpdateEventListener, |
| 56 | /* AFTER.... */PostDeleteEventListener, PostInsertEventListener, |
| 57 | /* TRIGGERS. */PostLoadEventListener, PostUpdateEventListener { |
| 58 | |
| 59 | private static final long serialVersionUID = 3603644089117965153L; |
| 60 | |
| 61 | private static Log log = LogFactory.getLog(ACLEventListener.class); |
| 62 | |
| 63 | private final ACLVoter aclVoter; |
| 64 | |
| 65 | /** |
| 66 | * main constructor. controls access to individual db rows.. |
| 67 | */ |
| 68 | public ACLEventListener(ACLVoter aclVoter) { |
| 69 | this.aclVoter = aclVoter; |
| 70 | } |
| 71 | |
| 72 | // |
| 73 | // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 74 | // Acting as all hibernate triggers |
| 75 | // ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 76 | // |
| 77 | |
| 78 | /** unused */ |
| 79 | public void onPostDelete(PostDeleteEvent event) { |
| 80 | } |
| 81 | |
| 82 | /** unused */ |
| 83 | public void onPostInsert(PostInsertEvent event) { |
| 84 | } |
| 85 | |
| 86 | /** unused */ |
| 87 | public void onPostUpdate(PostUpdateEvent event) { |
| 88 | } |
| 89 | |
| 90 | /** unused */ |
| 91 | public void onPreLoad(PreLoadEvent event) { |
| 92 | } |
| 93 | |
| 94 | /** |
| 95 | * catches all load events after the fact, and tests the current users |
| 96 | * permissions to read that object. We have to catch the load after the fact |
| 97 | * because the permissions information is stored in the db. |
| 98 | */ |
| 99 | public void onPostLoad(PostLoadEvent event) { |
| 100 | Object entity = event.getEntity(); |
| 101 | if (entity instanceof IObject) { |
| 102 | IObject o = (IObject) entity; |
| 103 | if (!aclVoter.allowLoad(o.getClass(), o.getDetails(), o.getId())) { |
| 104 | aclVoter.throwLoadViolation(o); |
| 105 | } |
| 106 | } |
| 107 | } |
| 108 | |
| 109 | public boolean onPreInsert(PreInsertEvent event) { |
| 110 | Object entity = event.getEntity(); |
| 111 | if (entity instanceof IObject) { |
| 112 | IObject obj = (IObject) entity; |
| 113 | if (!aclVoter.allowCreation(obj)) { |
| 114 | aclVoter.throwCreationViolation(obj); |
| 115 | } |
| 116 | } |
| 117 | return false; |
| 118 | } |
| 119 | |
| 120 | public boolean onPreUpdate(PreUpdateEvent event) { |
| 121 | Object entity = event.getEntity(); |
| 122 | Object[] state = event.getOldState(); |
| 123 | String[] names = event.getPersister().getPropertyNames(); |
| 124 | if (entity instanceof IObject) { |
| 125 | IObject obj = (IObject) entity; |
| 126 | |
| 127 | if (!HibernateUtils.onlyLockChanged(event.getSource(), event |
| 128 | .getPersister(), obj, state, names) |
| 129 | && !aclVoter.allowUpdate(obj, HibernateUtils.getDetails( |
| 130 | state, names))) { |
| 131 | aclVoter.throwUpdateViolation(obj); |
| 132 | } |
| 133 | } |
| 134 | return false; |
| 135 | } |
| 136 | |
| 137 | public boolean onPreDelete(PreDeleteEvent event) { |
| 138 | Object entity = event.getEntity(); |
| 139 | Object[] state = event.getDeletedState(); |
| 140 | String[] names = event.getPersister().getPropertyNames(); |
| 141 | if (entity instanceof IObject) { |
| 142 | IObject obj = (IObject) entity; |
| 143 | if (!aclVoter.allowDelete(obj, HibernateUtils.getDetails(state, |
| 144 | names))) { |
| 145 | aclVoter.throwDeleteViolation(obj); |
| 146 | } |
| 147 | } |
| 148 | return false; |
| 149 | } |
| 150 | |
| 151 | } |
Note: See TracBrowser
for help on using the browser.
