View Javadoc

1   /*
2    * <cvs:source>$Source: /devel/astrogrid/community/server/src/java/org/astrogrid/community/server/policy/service/PolicyServiceImpl.java,v $</cvs:source>
3    * <cvs:author>$Author: dave $</cvs:author>
4    * <cvs:date>$Date: 2004/09/16 23:18:08 $</cvs:date>
5    * <cvs:version>$Revision: 1.11 $</cvs:version>
6    *
7    * <cvs:log>
8    *   $Log: PolicyServiceImpl.java,v $
9    *   Revision 1.11  2004/09/16 23:18:08  dave
10   *   Replaced debug logging in Community.
11   *   Added stream close() to FileStore.
12   *
13   *   Revision 1.10.82.1  2004/09/16 09:58:48  dave
14   *   Replaced debug with commons logging ....
15   *
16   *   Revision 1.10  2004/06/18 13:45:20  dave
17   *   Merged development branch, dave-dev-200406081614, into HEAD
18   *
19   *   Revision 1.9.32.1  2004/06/17 13:38:59  dave
20   *   Tidied up old CVS log entries
21   *
22   * </cvs:log>
23   *
24   */
25  package org.astrogrid.community.server.policy.service ;
26  
27  import org.apache.commons.logging.Log ;
28  import org.apache.commons.logging.LogFactory ;
29  
30  import java.rmi.RemoteException ;
31  
32  import org.astrogrid.community.common.policy.data.GroupMemberData ;
33  import org.astrogrid.community.common.policy.data.PolicyPermission  ;
34  import org.astrogrid.community.common.policy.data.PolicyCredentials ;
35  
36  import org.astrogrid.community.common.policy.service.PolicyService ;
37  
38  import org.astrogrid.community.server.policy.manager.GroupManagerImpl ;
39  import org.astrogrid.community.server.policy.manager.CommunityManagerImpl ;
40  import org.astrogrid.community.server.policy.manager.PermissionManagerImpl ;
41  
42  import org.astrogrid.community.server.service.CommunityServiceImpl ;
43  import org.astrogrid.community.server.database.configuration.DatabaseConfiguration ;
44  
45  import org.astrogrid.community.common.exception.CommunityPolicyException     ;
46  import org.astrogrid.community.common.exception.CommunityServiceException    ;
47  import org.astrogrid.community.common.exception.CommunityIdentifierException ;
48  
49  // TODO remove these
50  import org.astrogrid.community.common.policy.data.CommunityIdent ;
51  
52  public class PolicyServiceImpl
53      extends CommunityServiceImpl
54      implements PolicyService
55      {
56      /***
57       * Our debug logger.
58       *
59       */
60      private static Log log = LogFactory.getLog(PolicyServiceImpl.class);
61  
62      /***
63       * Our GroupManager.
64       *
65       */
66      private GroupManagerImpl groupManager ;
67  
68      /***
69       * Our CommunityManager.
70       *
71       */
72      private CommunityManagerImpl communityManager ;
73  
74      /***
75       * Our PermissionManager
76       *
77       */
78      private PermissionManagerImpl permissionManager ;
79  
80      /***
81       * Public constructor, using default database configuration.
82       *
83       */
84      public PolicyServiceImpl()
85          {
86          super() ;
87          //
88          // Initialise our local managers.
89          initManagers() ;
90          }
91  
92      /***
93       * Public constructor, using specific database configuration.
94       *
95       */
96      public PolicyServiceImpl(DatabaseConfiguration config)
97          {
98          super(config) ;
99          //
100         // Initialise our local managers.
101         initManagers() ;
102         }
103 
104     /***
105      * Public constructor, using a parent service.
106      *
107      */
108     public PolicyServiceImpl(CommunityServiceImpl parent)
109         {
110         super(parent) ;
111         //
112         // Initialise our local managers.
113         initManagers() ;
114         }
115 
116     /***
117      * Initialise our local managers, passing a reference to 'this' as their parent.
118      *
119      */
120     private void initManagers()
121         {
122         groupManager = new GroupManagerImpl(this) ;
123         communityManager = new CommunityManagerImpl(this) ;
124         permissionManager = new PermissionManagerImpl(this) ;
125         }
126 
127     /***
128      * Confirm access permissions
129      * @todo Refactor to use Ivorn identifiers.
130      *
131      */
132     public PolicyPermission checkPermissions(PolicyCredentials credentials, String resource, String action)
133         throws CommunityServiceException, CommunityPolicyException, CommunityIdentifierException
134         {
135         log.debug("") ;
136         log.debug("----\"----") ;
137         log.debug("PolicyServiceImpl.checkPermissions()") ;
138         //
139         // Check for null params.
140         if (null == credentials) return null ;
141         if (null == resource) return null ;
142         if (null == action) return null ;
143         //
144         // Trim spaces.
145         resource = resource.trim() ;
146         action = action.trim() ;
147         //
148         // Check for empty params.
149         if (resource.length() == 0) return null ;
150         if (action.length() == 0) return null ;
151         //
152         // Get the credential details.
153         String group   = credentials.getGroup() ;
154         String account = credentials.getAccount() ;
155         //
156         // Check for null params.
157         if (null == group) return null ;
158         if (null == account) return null ;
159 
160         log.debug("  Credentials") ;
161         log.debug("    Group   : " + group)   ;
162         log.debug("    Account : " + account) ;
163         log.debug("  Resource") ;
164         log.debug("    Name    : " + resource) ;
165         log.debug("    Action  : " + action)   ;
166 
167         //
168         // Check to see if the group has permission for the action.
169         PolicyPermission permission = permissionManager.getPermission(resource, group, action) ;
170         //
171         // If we got a result.
172         if (null != permission)
173             {
174             log.debug("PASS : Permission found") ;
175             //
176             // If the permission is valid.
177             if (permission.isValid())
178                 {
179                 log.debug("PASS : Permission is valid") ;
180                 //
181                 // Check the credentials.
182                 PolicyCredentials checked = checkMembership(credentials) ;
183                 //
184                 // If the credentials are valid.
185                 if (checked.isValid())
186                     {
187                     log.debug("PASS : Credentials are valid") ;
188                     }
189                 //
190                 // If the credentials are not valid.
191                 else {
192                     log.debug("FAIL : Credentials not valid") ;
193                     permission.setStatus(PolicyPermission.STATUS_CREDENTIALS_INVALID) ;
194                     permission.setReason(PolicyPermission.REASON_CREDENTIALS_INVALID) ;
195                     }
196                 }
197             //
198             // If the permission is not granted.
199             else {
200                 log.debug("FAIL : Permission not valid") ;
201                 }
202             }
203         //
204         // If we didn't get a result.
205         else {
206             log.debug("FAIL : No permission found") ;
207 /*
208  * I can't remember why we return an object here.
209  * Returning an object means that this service behaves differently to the rest.
210             //
211             // Create a dummy permission.
212             permission = new PolicyPermission() ;
213             permission.setResource(resource) ;
214             permission.setGroup(group) ;
215             permission.setAction(action) ;
216             permission.setStatus(PolicyPermission.STATUS_PERMISSION_UNKNOWN) ;
217             permission.setReason("Permission not found") ;
218  *
219  */
220             }
221         log.debug("----\"----") ;
222         return permission ;
223         }
224 
225     /***
226      * Confirm group membership.
227      *
228      */
229     public PolicyCredentials checkMembership(PolicyCredentials credentials)
230         throws CommunityServiceException, CommunityPolicyException, CommunityIdentifierException
231         {
232         log.debug("") ;
233         log.debug("----\"----") ;
234         log.debug("PolicyServiceImpl.checkMembership()") ;
235 
236         //
237         // Set the status to unknown.
238         credentials.setStatus(PolicyCredentials.STATUS_NOT_KNOWN) ;
239         credentials.setReason("No reason given") ;
240 
241         //
242         // Get CommunityIdents for the account and group.
243         CommunityIdent group   = new CommunityIdent(credentials.getGroup()) ;
244         CommunityIdent account = new CommunityIdent(credentials.getAccount()) ;
245 
246         log.debug("  Credentials") ;
247         log.debug("    Group   : " + group) ;
248         log.debug("    Account : " + account) ;
249         //
250         // If the group is local.
251         if (group.isLocal())
252             {
253             log.debug("PASS : Group is local") ;
254             //
255             // See if there is a membership record.
256 // TODO refacot to use Ivorn
257             GroupMemberData membership = groupManager.getGroupMember(
258                 account.toString(),
259                 group.toString()
260                 ) ;
261             //
262             // If there is a membership record.
263             if (null != membership)
264                 {
265                 log.debug("PASS : Account is a member of Group") ;
266                 //
267                 // Update the credentials.
268                 credentials.setStatus(PolicyCredentials.STATUS_VALID) ;
269                 credentials.setReason("Account IS a member of Group") ;
270                 }
271             //
272             // If there is no membership record.
273             else {
274                 log.debug("FAIL : Account is not a member of Group") ;
275                 //
276                 // Update the credentials.
277                 credentials.setStatus(PolicyCredentials.STATUS_NOT_VALID) ;
278                 credentials.setReason("Account is NOT a member of Group") ;
279                 }
280             }
281         //
282         // If the group is not local.
283         else {
284             log.debug("PASS : Group is remote") ;
285             //
286             // Get a service for the remote community.
287             PolicyService remote = communityManager.getPolicyService(group.getCommunity()) ;
288             //
289             // If we got a remote service.
290             if (null != remote)
291                 {
292                 log.debug("PASS : Found remote service") ;
293                 //
294                 // Try asking the remote manager.
295                 PolicyCredentials result = null ;
296                 try {
297                     result = remote.checkMembership(credentials) ;
298                     }
299                 //
300                 // Catch a remote Exception from the SOAP call.
301                 catch (RemoteException ouch)
302                     {
303                     log.debug("FAIL : Remote service call failed.") ;
304                     result = null ;
305                     }
306                 //
307                 // If we got a result.
308                 if (null != result)
309                     {
310                     log.debug("PASS : Remote service responded") ;
311                     //
312                     // If the result is valid.
313                     if (result.isValid())
314                         {
315                         log.debug("PASS : Remote response is valid") ;
316                         //
317                         // Update the credentials.
318                         credentials.setStatus(result.getStatus()) ;
319                         credentials.setReason(result.getReason()) ;
320                         }
321                     //
322                     // If the result is not valid.
323                     else {
324                         log.debug("FAIL : Remote response is not valid") ;
325                         //
326                         // Update the credentials.
327                         credentials.setStatus(result.getStatus()) ;
328                         credentials.setReason(result.getReason()) ;
329                         }
330                     }
331                 //
332                 // If we didn't get a result.
333                 else {
334                     log.debug("PASS : Remote service returned null") ;
335                     //
336                     // Update the credentials.
337                     credentials.setStatus(PolicyCredentials.STATUS_NOT_VALID) ;
338                     credentials.setReason("No response from community service") ;
339                     }
340                 }
341             //
342             // If we didn't get a remote service.
343             else {
344                 log.debug("FAIL : Unknown remote service") ;
345                 //
346                 // Update the credentials.
347                 credentials.setStatus(PolicyCredentials.STATUS_NOT_VALID) ;
348                 credentials.setReason("Unknown community service") ;
349                 }
350             }
351 
352         log.debug("----\"----") ;
353         return credentials ;
354         }
355     }