From b1c8641a63a67e3c64d948f9e8dce5c01e11e2dd Mon Sep 17 00:00:00 2001 From: mcentner Date: Wed, 5 May 2010 15:29:01 +0000 Subject: Merged feature branch mocca-1.2.13-id@r724 back to trunk. git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@725 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4 --- .../accesscontroller/SecurityManagerFacade.java | 237 +++++++++++---------- 1 file changed, 119 insertions(+), 118 deletions(-) (limited to 'bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/SecurityManagerFacade.java') diff --git a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/SecurityManagerFacade.java b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/SecurityManagerFacade.java index 482d3ecb..0596f0d0 100644 --- a/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/SecurityManagerFacade.java +++ b/bkucommon/src/main/java/at/gv/egiz/bku/accesscontroller/SecurityManagerFacade.java @@ -1,118 +1,119 @@ -/* -* Copyright 2008 Federal Chancellery Austria and -* Graz University of Technology -* -* Licensed under the Apache License, Version 2.0 (the "License"); -* you may not use this file except in compliance with the License. -* You may obtain a copy of the License at -* -* http://www.apache.org/licenses/LICENSE-2.0 -* -* Unless required by applicable law or agreed to in writing, software -* distributed under the License is distributed on an "AS IS" BASIS, -* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -* See the License for the specific language governing permissions and -* limitations under the License. -*/ -package at.gv.egiz.bku.accesscontroller; - -import java.io.InputStream; - -import javax.xml.bind.JAXBException; - -import org.apache.commons.logging.Log; -import org.apache.commons.logging.LogFactory; - -import at.gv.egiz.bku.slcommands.SLCommand; -import at.gv.egiz.bku.slcommands.SLSourceContext; -import at.gv.egiz.bku.slcommands.SLTargetContext; - -/** - * Facade for the access controller - */ -public class SecurityManagerFacade { - - private static Log log = LogFactory.getLog(SecurityManagerFacade.class); - - private boolean allowUnmatched = false; - private ChainChecker inputFilter = null; - private ChainChecker outputFilter = null; - - public boolean mayInvokeCommand(SLCommand cmd, SLSourceContext ctx) { - if (inputFilter != null) { - AuthenticationClass ac = AuthenticationClassifier.getAuthenticationClass( - ctx.isSourceIsDataURL(), ctx.getSourceUrl(), ctx - .getSourceCertificate()); - AccessCheckerContext acc = new AccessCheckerContext(cmd, ac, ctx - .getSourceUrl().toString()); - try { - ChainResult cr = inputFilter.check(acc); - if (cr.matchFound()) { - if (cr.getAction() == Action.ALLOW) { - return true; - } else { - return false; - } - } else { - return allowUnmatched; - } - } catch (Exception e) { - log.error(e); - return false; - } - } else { - log.warn("No input chain defined"); - return allowUnmatched; - } - } - - public boolean maySendResult(SLCommand cmd, SLTargetContext ctx) { - if (outputFilter != null) { - AuthenticationClass ac = AuthenticationClassifier.getAuthenticationClass( - ctx.isTargetIsDataURL(), ctx.getTargetUrl(), ctx - .getTargetCertificate()); - AccessCheckerContext acc = new AccessCheckerContext(cmd, ac, ctx - .getTargetUrl().toString()); - try { - ChainResult cr = outputFilter.check(acc); - if (cr.matchFound()) { - if (cr.getAction() == Action.ALLOW) { - return true; - } else { - return false; - } - } else { - return allowUnmatched; - } - } catch (Exception e) { - log.error(e); - return false; - } - } else { - log.warn("No output chain defined"); - return allowUnmatched; - } - } - - /** - * Default policy if not match was found - * - * @param allow - */ - public void setAllowUnmatched(boolean allow) { - this.allowUnmatched = allow; - } - - public void init(InputStream is) { - inputFilter = null; - outputFilter = null; - AccessControllerFactory fab = AccessControllerFactory.getInstance(); - try { - fab.init(is); - } catch (JAXBException e) { - log.error(e); - } - inputFilter = fab.getChainChecker(AccessControllerFactory.INPUT_CHAIN); - outputFilter = fab.getChainChecker(AccessControllerFactory.OUTPUT_CHAIN); - } -} +/* +* Copyright 2008 Federal Chancellery Austria and +* Graz University of Technology +* +* Licensed under the Apache License, Version 2.0 (the "License"); +* you may not use this file except in compliance with the License. +* You may obtain a copy of the License at +* +* http://www.apache.org/licenses/LICENSE-2.0 +* +* Unless required by applicable law or agreed to in writing, software +* distributed under the License is distributed on an "AS IS" BASIS, +* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +* See the License for the specific language governing permissions and +* limitations under the License. +*/ +package at.gv.egiz.bku.accesscontroller; + +import java.io.InputStream; + +import javax.xml.bind.JAXBException; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + +import at.gv.egiz.bku.slcommands.SLCommand; +import at.gv.egiz.bku.slcommands.SLSourceContext; +import at.gv.egiz.bku.slcommands.SLTargetContext; +import at.gv.egiz.bku.slexceptions.SLException; + +/** + * Facade for the access controller + */ +public class SecurityManagerFacade { + + private final Logger log = LoggerFactory.getLogger(SecurityManagerFacade.class); + + private boolean allowUnmatched = false; + private ChainChecker inputFilter = null; + private ChainChecker outputFilter = null; + + public boolean mayInvokeCommand(SLCommand cmd, SLSourceContext ctx) { + if (inputFilter != null) { + AuthenticationClass ac = AuthenticationClassifier.getAuthenticationClass( + ctx.isSourceIsDataURL(), ctx.getSourceUrl(), ctx + .getSourceCertificate()); + AccessCheckerContext acc = new AccessCheckerContext(cmd, ac, ctx + .getSourceUrl().toString()); + try { + ChainResult cr = inputFilter.check(acc); + if (cr.matchFound()) { + if (cr.getAction() == Action.ALLOW) { + return true; + } else { + return false; + } + } else { + return allowUnmatched; + } + } catch (SLException e) { + log.error("Check failed.", e); + return false; + } + } else { + log.warn("No input chain defined."); + return allowUnmatched; + } + } + + public boolean maySendResult(SLCommand cmd, SLTargetContext ctx) { + if (outputFilter != null) { + AuthenticationClass ac = AuthenticationClassifier.getAuthenticationClass( + ctx.isTargetIsDataURL(), ctx.getTargetUrl(), ctx + .getTargetCertificate()); + AccessCheckerContext acc = new AccessCheckerContext(cmd, ac, ctx + .getTargetUrl().toString()); + try { + ChainResult cr = outputFilter.check(acc); + if (cr.matchFound()) { + if (cr.getAction() == Action.ALLOW) { + return true; + } else { + return false; + } + } else { + return allowUnmatched; + } + } catch (SLException e) { + log.error("Check failed.", e); + return false; + } + } else { + log.warn("No output chain defined."); + return allowUnmatched; + } + } + + /** + * Default policy if not match was found + * + * @param allow + */ + public void setAllowUnmatched(boolean allow) { + this.allowUnmatched = allow; + } + + public void init(InputStream is) { + inputFilter = null; + outputFilter = null; + AccessControllerFactory fab = AccessControllerFactory.getInstance(); + try { + fab.init(is); + } catch (JAXBException e) { + log.error("Failed to initialize AccessControllerFactory.", e); + } + inputFilter = fab.getChainChecker(AccessControllerFactory.INPUT_CHAIN); + outputFilter = fab.getChainChecker(AccessControllerFactory.OUTPUT_CHAIN); + } +} -- cgit v1.2.3