From e45a302f683f051c55defff5b50e203a7fede834 Mon Sep 17 00:00:00 2001 From: j2blake Date: Fri, 3 Jun 2011 15:26:20 +0000 Subject: [PATCH] NIHVIVO-2279 remove unused RoleBasedPolicy --- .../webapp/auth/policy/RoleBasedPolicy.java | 171 ------------------ .../authenticate/BasicAuthenticator.java | 14 +- 2 files changed, 5 insertions(+), 180 deletions(-) delete mode 100644 webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/RoleBasedPolicy.java diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/RoleBasedPolicy.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/RoleBasedPolicy.java deleted file mode 100644 index 2555a7d86..000000000 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/auth/policy/RoleBasedPolicy.java +++ /dev/null @@ -1,171 +0,0 @@ -/* $This file is distributed under the terms of the license in /doc/license.txt$ */ - -package edu.cornell.mannlib.vitro.webapp.auth.policy; - -import java.util.HashMap; -import java.util.Map; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import edu.cornell.mannlib.vedit.beans.LoginStatusBean; -import edu.cornell.mannlib.vitro.webapp.auth.identifier.Identifier; -import edu.cornell.mannlib.vitro.webapp.auth.identifier.IdentifierBundle; -import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.Authorization; -import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.DefaultInconclusivePolicy; -import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyDecision; -import edu.cornell.mannlib.vitro.webapp.auth.policy.ifaces.PolicyIface; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.AddNewUser; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.LoadOntology; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RebuildTextIndex; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.RemoveUser; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.ServerStatus; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UpdateTextIndex; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.admin.UploadFile; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ifaces.RequestedAction; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.CreateOwlClass; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineDataProperty; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.DefineObjectProperty; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.ontology.RemoveOwlClass; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddDataPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.AddObjectPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropDataPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.propstmt.DropObjectPropStmt; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.AddResource; -import edu.cornell.mannlib.vitro.webapp.auth.requestedAction.resource.DropResource; - -/** - * Policy that mimics the authorization roles of the old system. So each - * principle that is to be authorized needs to be associated with an individual - * in the model and the individual needs to have a ObjectPropertyStatement between it and - * a authorization role. - * - * ex. - * - * vivo:indvidual23323 vivo:cornellNetId "bdc34". - * vivo:indvidual22323 vitro:authRole . - * - * Notice that this policy doesn't need setup because it will look for - * an authorization role identifier in the model. - * - * @author bdc34 - * - */ -public class RoleBasedPolicy extends DefaultInconclusivePolicy implements PolicyIface { - private static final Log log = LogFactory.getLog(RoleBasedPolicy.class.getName()); - - /** - * What is the minimum AuthRole needed to perform a given action? - */ - private static Map,AuthRole> actionToMinRole = new HashMap,AuthRole>(); - static{ - //anybody actions - //view resources? - - //user actions - //allow netid authenticated people to do things? - - //edit actions - actionToMinRole.put(AddDataPropStmt.class, AuthRole.EDITOR); - actionToMinRole.put(AddObjectPropStmt.class, AuthRole.EDITOR); - actionToMinRole.put(AddResource.class, AuthRole.EDITOR); - actionToMinRole.put(DropDataPropStmt.class, AuthRole.EDITOR); - actionToMinRole.put(DropObjectPropStmt.class, AuthRole.EDITOR); - actionToMinRole.put(DropResource.class, AuthRole.EDITOR); - actionToMinRole.put(UploadFile.class, AuthRole.EDITOR); - actionToMinRole.put(ServerStatus.class, AuthRole.EDITOR); - actionToMinRole.put(UpdateTextIndex.class, AuthRole.EDITOR); - //curator actions - actionToMinRole.put(DefineDataProperty.class, AuthRole.CURATOR); - actionToMinRole.put(DefineObjectProperty.class, AuthRole.CURATOR); - actionToMinRole.put(CreateOwlClass.class, AuthRole.CURATOR); - actionToMinRole.put(RemoveOwlClass.class, AuthRole.CURATOR); - //dba actions (dba role is allowed to do anything) - actionToMinRole.put(AddNewUser.class, AuthRole.DBA); - actionToMinRole.put(LoadOntology.class, AuthRole.DBA); - actionToMinRole.put(RemoveUser.class, AuthRole.DBA); - actionToMinRole.put(RebuildTextIndex.class, AuthRole.DBA); - }; - - public PolicyDecision isAuthorized(IdentifierBundle whomToAuth, RequestedAction whatToAuth) { - if( whomToAuth == null ){ - log.error( "null was passed as whoToAuth" ); - return new BasicPolicyDecision(Authorization.INCONCLUSIVE,"null was passed as whoToAuth"); - } - if( whatToAuth == null ){ - log.error("null was passed as whatToAuth"); - return new BasicPolicyDecision(Authorization.INCONCLUSIVE,"null was passed as whatToAuth"); - } - - //dba can do anything - if( AuthRole.DBA.thisRoleOrGreater(whomToAuth)) - return new BasicPolicyDecision(Authorization.AUTHORIZED,"in DBA role"); - - //We need to find the class of the RequestedAction since that - //encodes what type of action is being requested. - Class requesetClass = whatToAuth.getClass(); - AuthRole minmumRoleForAction = actionToMinRole.get(requesetClass); - - if( minmumRoleForAction == null ){ - String msg = "no minimum role found for action " + whatToAuth.getClass().getName(); - log.error(msg); - return new BasicPolicyDecision(Authorization.UNAUTHORIZED,msg); - } - - if( minmumRoleForAction.thisRoleOrGreater(whomToAuth) ) - return new BasicPolicyDecision(Authorization.AUTHORIZED,"authorized for role"); - else - return new BasicPolicyDecision(Authorization.UNAUTHORIZED,"not authorized for role"); - } - - @Override - public String toString() { - return "RoleBasedPolicy"; - } - - - /********************** Roles *****************************************/ - public static enum AuthRole implements Identifier { - ANYBODY( "role:/0" ,LoginStatusBean.ANYBODY), - USER( "role:/1" ,LoginStatusBean.NON_EDITOR), - EDITOR( "role:/4" ,LoginStatusBean.EDITOR), - CURATOR( "role:/5" ,LoginStatusBean.CURATOR), - DBA( "role:/50",LoginStatusBean.DBA); - - private final String roleUri; - private final int level; - - AuthRole(String uri, int level) { - this.roleUri = uri; - this.level = level; - } - - public String roleUri() { return roleUri; } - public int level() {return level;} - - /** returns null if not found */ - public static AuthRole convertUriToAuthRole(String uri){ - for( AuthRole role : AuthRole.values()){ - if( role.roleUri().equals( uri )) - return role; - } - return null; - } - - public boolean thisRoleOrGreater(IdentifierBundle ibundle){ - if( ibundle == null ) - return false; - for(Object obj : ibundle){ - if( obj instanceof AuthRole && - ((AuthRole)obj).level() >= this.level()) - return true; - } - return false; - } - - @Override - public String toString() { - return "AuthRole: " + name(); - } - }/* end of enum AuthRole */ -}/* end of class RoleBasedPolicy */ diff --git a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/BasicAuthenticator.java b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/BasicAuthenticator.java index 74972eb3f..4d245a25a 100644 --- a/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/BasicAuthenticator.java +++ b/webapp/src/edu/cornell/mannlib/vitro/webapp/controller/authenticate/BasicAuthenticator.java @@ -17,7 +17,6 @@ import org.apache.commons.logging.LogFactory; import edu.cornell.mannlib.vedit.beans.LoginStatusBean; import edu.cornell.mannlib.vedit.beans.LoginStatusBean.AuthenticationSource; -import edu.cornell.mannlib.vitro.webapp.auth.policy.RoleBasedPolicy.AuthRole; import edu.cornell.mannlib.vitro.webapp.beans.SelfEditingConfiguration; import edu.cornell.mannlib.vitro.webapp.beans.User; import edu.cornell.mannlib.vitro.webapp.controller.edit.Authenticate; @@ -105,25 +104,22 @@ public class BasicAuthenticator extends Authenticator { recordLoginOnUserRecord(user); String userUri = user.getURI(); - String roleUri = user.getRoleURI(); int securityLevel = parseUserSecurityLevel(user); - recordLoginWithOrWithoutUserAccount(username, userUri, roleUri, - securityLevel, authSource); + recordLoginWithOrWithoutUserAccount(username, userUri, securityLevel, + authSource); } @Override public void recordLoginWithoutUserAccount(String username, String individualUri, AuthenticationSource authSource) { - String roleUri = AuthRole.USER.roleUri(); int securityLevel = LoginStatusBean.NON_EDITOR; - recordLoginWithOrWithoutUserAccount(username, individualUri, roleUri, - securityLevel, authSource); + recordLoginWithOrWithoutUserAccount(username, individualUri, securityLevel, + authSource); } /** This much is in common on login, whether or not you have a user account. */ private void recordLoginWithOrWithoutUserAccount(String username, - String userUri, String roleUri, int securityLevel, - AuthenticationSource authSource) { + String userUri, int securityLevel, AuthenticationSource authSource) { HttpSession session = request.getSession(); createLoginStatusBean(username, userUri, securityLevel, authSource, session);