Skip to content

Commit

Permalink
Bug 459781 - Customizable authentication & authorization
Browse files Browse the repository at this point in the history 
Refactorings of AC extensions
  • Loading branch information
@edgarmueller
edgarmueller committed Mar 6, 2015
1 parent c9a9d84 commit 425b8e4
Show file tree
Hide file tree
Showing 17 changed files with 314 additions and 145 deletions.
80 changes: 49 additions & 31 deletions bundles/org.eclipse.emf.emfstore.common/META-INF/MANIFEST.MF
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,37 +8,55 @@ Require-Bundle: org.eclipse.core.runtime;bundle-version="[3.5.0,4.0.0)";visibili
org.eclipse.emf.ecore;bundle-version="[2.5.0,3.0.0)";visibility:=reexport,
org.eclipse.emf.ecore.xmi;bundle-version="[2.5.0,3.0.0)";visibility:=reexport
Bundle-ActivationPolicy: lazy
Export-Package: org.apache.commons.io;version="1.5.0",org.apache.commo
ns.io.comparator;version="2.0.1",org.apache.commons.io.filefilter;ver
sion="2.0.1",org.apache.commons.io.input;version="2.0.1",org.apache.c
ommons.io.monitor;version="2.0.1",org.apache.commons.io.output;versio
n="1.5.0",org.apache.commons.lang;version="1.5.0",org.eclipse.emf.emf
store.common;version="1.5.0",org.eclipse.emf.emfstore.common.extensio
npoint;version="1.5.0",org.eclipse.emf.emfstore.internal.common;versi
on="1.5.0"; x-friends:="org.eclipse.emf.emfstore.client, org.eclipse
.emf.emfstore.client.test.ui, org.eclipse.emf.emfstore.client.ui, o
rg.eclipse.emf.emfstore.common.model, org.eclipse.emf.emfstore.examp
le.merging, org.eclipse.emf.emfstore.fuzzy.emf.test, org.eclipse.em
f.emfstore.server, org.eclipse.emf.emfstore.server.model, org.eclip
se.emf.emfstore.client.test.common, org.eclipse.emf.emfstore.test.co
mmon, org.eclipse.emf.emfstore.client.recording.test, org.eclipse.e
mf.emfstore.server.test, org.eclipse.emf.emfstore.client.test",org.e
clipse.emf.emfstore.internal.common.api;version="1.5.0"; x-friends:="
org.eclipse.emf.emfstore.client, org.eclipse.emf.emfstore.client.ui,
org.eclipse.emf.emfstore.common.model, org.eclipse.emf.emfstore.ec
ore, org.eclipse.emf.emfstore.example.merging, org.eclipse.emf.emfs
tore.fuzzy.emf.test, org.eclipse.emf.emfstore.server, org.eclipse.e
mf.emfstore.server.model, org.eclipse.emf.emfstore.server.test, org
.eclipse.emf.emfstore.test.common, org.eclipse.emf.emfstore.client.c
hangetracking.test, org.eclipse.emf.emfstore.client.recording.test,
org.eclipse.emf.ecp.emfstore.core, org.eclipse.emf.ecp.emfstore.ui,
org.eclipse.emf.ecp.emfstore.ui.e3, org.eclipse.emf.emfstore.clien
t.api.test, org.eclipse.emf.emfstore.fuzzy.emf, org.eclipse.emf.emf
store.client.test",org.eclipse.emf.emfstore.internal.common.observer;
version="1.5.0"; x-friends:="org.eclipse.emf.emfstore.client, org.ec
lipse.emf.emfstore.client.test.ui, org.eclipse.emf.emfstore.client.u
i, org.eclipse.emf.emfstore.client.recording.test, org.eclipse.emf.
emfstore.client.test"
Export-Package: com.google.common.base,
org.apache.commons.io;version="1.5.0",
org.apache.commons.io.comparator;version="2.0.1",
org.apache.commons.io.filefilter;version="2.0.1",
org.apache.commons.io.input;version="2.0.1",
org.apache.commons.io.monitor;version="2.0.1",
org.apache.commons.io.output;version="1.5.0",
org.apache.commons.lang;version="1.5.0",
org.eclipse.emf.emfstore.common;version="1.5.0",
org.eclipse.emf.emfstore.common.extensionpoint;version="1.5.0",
org.eclipse.emf.emfstore.internal.common;version="1.5.0";
x-friends:="org.eclipse.emf.emfstore.client,
org.eclipse.emf.emfstore.client.test.ui,
org.eclipse.emf.emfstore.client.ui,
org.eclipse.emf.emfstore.common.model,
org.eclipse.emf.emfstore.example.merging,
org.eclipse.emf.emfstore.fuzzy.emf.test,
org.eclipse.emf.emfstore.server,
org.eclipse.emf.emfstore.server.model,
org.eclipse.emf.emfstore.client.test.common,
org.eclipse.emf.emfstore.test.common,
org.eclipse.emf.emfstore.client.recording.test,
org.eclipse.emf.emfstore.server.test,
org.eclipse.emf.emfstore.client.test",
org.eclipse.emf.emfstore.internal.common.api;version="1.5.0";
x-friends:="org.eclipse.emf.emfstore.client,
org.eclipse.emf.emfstore.client.ui,
org.eclipse.emf.emfstore.common.model,
org.eclipse.emf.emfstore.ecore,
org.eclipse.emf.emfstore.example.merging,
org.eclipse.emf.emfstore.fuzzy.emf.test,
org.eclipse.emf.emfstore.server,
org.eclipse.emf.emfstore.server.model,
org.eclipse.emf.emfstore.server.test,
org.eclipse.emf.emfstore.test.common,
org.eclipse.emf.emfstore.client.changetracking.test,
org.eclipse.emf.emfstore.client.recording.test,
org.eclipse.emf.ecp.emfstore.core,
org.eclipse.emf.ecp.emfstore.ui,
org.eclipse.emf.ecp.emfstore.ui.e3,
org.eclipse.emf.emfstore.client.api.test,
org.eclipse.emf.emfstore.fuzzy.emf,
org.eclipse.emf.emfstore.client.test",
org.eclipse.emf.emfstore.internal.common.observer;version="1.5.0";
x-friends:="org.eclipse.emf.emfstore.client,
org.eclipse.emf.emfstore.client.test.ui,
org.eclipse.emf.emfstore.client.ui,
org.eclipse.emf.emfstore.client.recording.test,
org.eclipse.emf.emfstore.client.test"
Bundle-Vendor: Eclipse Modeling Project
Bundle-RequiredExecutionEnvironment: J2SE-1.5
Bundle-ClassPath: lib/commons-io-2.0.1.jar,
Expand Down
7 changes: 7 additions & 0 deletions ...mf.emfstore.server.model/src/org/eclipse/emf/emfstore/server/model/ESOrgUnitProvider.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,8 @@
import java.util.List;
import java.util.Set;

import org.eclipse.emf.emfstore.internal.server.model.dao.ACDAOFacade;

/**
* Provides access to known users and groups of EMFStore.
*
Expand Down Expand Up @@ -43,4 +45,9 @@ public interface ESOrgUnitProvider {
* @return a list of all known {@link ESProjectHistory ESProjectHistories}
*/
List<ESProjectHistory> getProjects();

/**
* @param serverSpace
*/
void init(ACDAOFacade daoFacade);
}
105 changes: 53 additions & 52 deletions bundles/org.eclipse.emf.emfstore.server/META-INF/MANIFEST.MF
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,58 +19,59 @@ Bundle-ClassPath: .,
lib/xmlrpc-client-3.1.3.jar,
lib/xmlrpc-common-3.1.3.jar,
lib/xmlrpc-server-3.1.3.jar
Export-Package: org.apache.xmlrpc;version="3.1.3",org.apache.xmlrpc.cl
ient;version="3.1.3",org.apache.xmlrpc.client.util;version="3.1.3",or
g.apache.xmlrpc.common;version="3.1.3",org.apache.xmlrpc.jaxb;version
="3.1.3",org.apache.xmlrpc.metadata;version="3.1.3",org.apache.xmlrpc
.parser;version="3.1.3",org.apache.xmlrpc.serializer;version="3.1.3",
org.apache.xmlrpc.server;version="3.1.3",org.apache.xmlrpc.util;versi
on="3.1.3",org.apache.xmlrpc.webserver;version="3.1.3",org.eclipse.em
f.emfstore.internal.server;version="1.5.0"; x-friends:="org.eclipse.e
mf.emfstore.client, org.eclipse.emf.emfstore.client.ui, org.eclipse
.emf.emfstore.client.test.common, org.eclipse.emf.emfstore.server.te
st, org.eclipse.emf.emfstore.test.common, org.eclipse.emf.ecp.emfst
ore.localserver, org.eclipse.emf.ecp.emfstore.ui, org.eclipse.emf.e
mfstore.client.test",org.eclipse.emf.emfstore.internal.server.accessc
ontrol;version="1.5.0";x-friends:="org.eclipse.emf.emfstore.test.comm
on,org.eclipse.emf.emfstore.server.test",org.eclipse.emf.emfstore.int
ernal.server.accesscontrol.authentication;version="1.5.0";x-friends:=
"org.eclipse.emf.emfstore.client.test,org.eclipse.emf.emfstore.test.c
ommon",org.eclipse.emf.emfstore.internal.server.accesscontrol.authent
ication.factory;version="1.5.0";x-friends:="org.eclipse.emf.emfstore.
test.common",org.eclipse.emf.emfstore.internal.server.accesscontrol.a
uthentication.verifiers;version="1.5.0";x-friends:="org.eclipse.emf.e
mfstore.client.test,org.eclipse.emf.emfstore.server.test",org.eclipse
.emf.emfstore.internal.server.conflictDetection;version="1.5.0"; x-fr
iends:="org.eclipse.emf.emfstore.client, org.eclipse.emf.emfstore.cl
ient.test, org.eclipse.emf.emfstore.client.ui, org.eclipse.emf.emfs
tore.client.conflictdetection.test, org.eclipse.emf.emfstore.test.co
mmon",org.eclipse.emf.emfstore.internal.server.connection;version="1.
5.0";x-friends:="org.eclipse.emf.emfstore.server.test",org.eclipse.em
f.emfstore.internal.server.connection.xmlrpc;version="1.5.0";x-friend
s:="org.eclipse.emf.emfstore.client,org.eclipse.emf.emfstore.test.com
mon",org.eclipse.emf.emfstore.internal.server.connection.xmlrpc.util;
version="1.5.0";x-friends:="org.eclipse.emf.emfstore.client",org.ecli
pse.emf.emfstore.internal.server.core;version="1.5.0";x-friends:="org
.eclipse.emf.emfstore.test.common",org.eclipse.emf.emfstore.internal.
server.core.helper;version="1.5.0";x-internal:=true,org.eclipse.emf.e
mfstore.internal.server.core.subinterfaces;version="1.5.0";x-internal
:=true,org.eclipse.emf.emfstore.internal.server.exceptions;version="1
.5.0"; x-friends:="org.eclipse.emf.emfstore.client, org.eclipse.emf.
emfstore.client.test.common, org.eclipse.emf.emfstore.client.test.ui
, org.eclipse.emf.emfstore.client.ui, org.eclipse.emf.emfstore.exam
ple.merging, org.eclipse.emf.emfstore.test.common, org.eclipse.emf.
emfstore.server.test, org.eclipse.emf.ecp.emfstore.ui, org.eclipse.
emf.emfstore.client.api.test",org.eclipse.emf.emfstore.internal.serve
r.filetransfer;version="1.5.0";x-friends:="org.eclipse.emf.emfstore.c
lient,org.eclipse.emf.emfstore.test.common",org.eclipse.emf.emfstore.
internal.server.impl.api;version="1.5.0";x-friends:="org.eclipse.emf.
emfstore.client,org.eclipse.emf.emfstore.client.ui",org.eclipse.emf.e
mfstore.internal.server.startup;version="1.5.0";x-friends:="org.eclip
se.emf.emfstore.client",org.eclipse.emf.emfstore.internal.server.stor
age;version="1.5.0";x-internal:=true,org.eclipse.emf.emfstore.server;
version="1.5.0",org.eclipse.emf.emfstore.server.exceptions;version="1
.5.0",org.eclipse.emf.emfstore.server.observer;version="1.5.0"
Export-Package: org.apache.xmlrpc;version="3.1.3",
org.apache.xmlrpc.client;version="3.1.3",
org.apache.xmlrpc.client.util;version="3.1.3",
org.apache.xmlrpc.common;version="3.1.3",
org.apache.xmlrpc.jaxb;version="3.1.3",
org.apache.xmlrpc.metadata;version="3.1.3",
org.apache.xmlrpc.parser;version="3.1.3",
org.apache.xmlrpc.serializer;version="3.1.3",
org.apache.xmlrpc.server;version="3.1.3",
org.apache.xmlrpc.util;version="3.1.3",
org.apache.xmlrpc.webserver;version="3.1.3",
org.eclipse.emf.emfstore.internal.server;version="1.5.0";
x-friends:="org.eclipse.emf.emfstore.client,
org.eclipse.emf.emfstore.client.ui,
org.eclipse.emf.emfstore.client.test.common,
org.eclipse.emf.emfstore.server.test,
org.eclipse.emf.emfstore.test.common,
org.eclipse.emf.ecp.emfstore.localserver,
org.eclipse.emf.ecp.emfstore.ui,
org.eclipse.emf.emfstore.client.test",
org.eclipse.emf.emfstore.internal.server.accesscontrol;version="1.5.0";x-friends:="org.eclipse.emf.emfstore.test.common,org.eclipse.emf.emfstore.server.test",
org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication;version="1.5.0";x-friends:="org.eclipse.emf.emfstore.client.test,org.eclipse.emf.emfstore.test.common",
org.eclipse.emf.emfstore.internal.server.accesscontrol.authentication.verifiers;version="1.5.0";x-friends:="org.eclipse.emf.emfstore.client.test,org.eclipse.emf.emfstore.server.test",
org.eclipse.emf.emfstore.internal.server.conflictDetection;version="1.5.0";
x-friends:="org.eclipse.emf.emfstore.client,
org.eclipse.emf.emfstore.client.test,
org.eclipse.emf.emfstore.client.ui,
org.eclipse.emf.emfstore.client.conflictdetection.test,
org.eclipse.emf.emfstore.test.common",
org.eclipse.emf.emfstore.internal.server.connection;version="1.5.0";x-friends:="org.eclipse.emf.emfstore.server.test",
org.eclipse.emf.emfstore.internal.server.connection.xmlrpc;version="1.5.0";x-friends:="org.eclipse.emf.emfstore.client,org.eclipse.emf.emfstore.test.common",
org.eclipse.emf.emfstore.internal.server.connection.xmlrpc.util;version="1.5.0";x-friends:="org.eclipse.emf.emfstore.client",
org.eclipse.emf.emfstore.internal.server.core;version="1.5.0";x-friends:="org.eclipse.emf.emfstore.test.common",
org.eclipse.emf.emfstore.internal.server.core.helper;version="1.5.0";x-internal:=true,
org.eclipse.emf.emfstore.internal.server.core.subinterfaces;version="1.5.0";x-internal:=true,
org.eclipse.emf.emfstore.internal.server.exceptions;version="1.5.0";
x-friends:="org.eclipse.emf.emfstore.client,
org.eclipse.emf.emfstore.client.test.common,
org.eclipse.emf.emfstore.client.test.ui,
org.eclipse.emf.emfstore.client.ui,
org.eclipse.emf.emfstore.example.merging,
org.eclipse.emf.emfstore.test.common,
org.eclipse.emf.emfstore.server.test,
org.eclipse.emf.ecp.emfstore.ui,
org.eclipse.emf.emfstore.client.api.test",
org.eclipse.emf.emfstore.internal.server.filetransfer;version="1.5.0";x-friends:="org.eclipse.emf.emfstore.client,org.eclipse.emf.emfstore.test.common",
org.eclipse.emf.emfstore.internal.server.impl.api;version="1.5.0";x-friends:="org.eclipse.emf.emfstore.client,org.eclipse.emf.emfstore.client.ui",
org.eclipse.emf.emfstore.internal.server.startup;version="1.5.0";x-friends:="org.eclipse.emf.emfstore.client",
org.eclipse.emf.emfstore.internal.server.storage;version="1.5.0";x-internal:=true,
org.eclipse.emf.emfstore.server;version="1.5.0",
org.eclipse.emf.emfstore.server.auth,
org.eclipse.emf.emfstore.server.exceptions;version="1.5.0",
org.eclipse.emf.emfstore.server.observer;version="1.5.0"
Bundle-ActivationPolicy: lazy
Import-Package: javax.servlet;version="[2.0.0,4.0.0)";resolution:=optional,
javax.servlet.http;version="[2.0.0,4.0.0)";resolution:=optional,
Expand Down
54 changes: 41 additions & 13 deletions ...tore.server/src/org/eclipse/emf/emfstore/internal/server/accesscontrol/AccessControl.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,51 +90,79 @@ private LoginService initLoginService() {
* @return
*/
private ESAuthorizationService initAuthorizationService() {
ESAuthorizationService authorizationService;
try {
if (new ESExtensionPoint(ACCESSCONTROL_EXTENSION_ID, true).size() > 0) {
return new ESExtensionPoint(ACCESSCONTROL_EXTENSION_ID, true).getClass(
"authorizationServiceClass", ESAuthorizationService.class); //$NON-NLS-1$
final int size = new ESExtensionPoint(ACCESSCONTROL_EXTENSION_ID, true).size();
if (size == 1) {
authorizationService = new ESExtensionPoint(ACCESSCONTROL_EXTENSION_ID, true)
.getClass("authorizationServiceClass", ESAuthorizationService.class); //$NON-NLS-1$
} else if (size > 1) {
throw new RuntimeException("Multiple extensions for "
+ "org.eclipse.emf.emfstore.server.accessControl.authorizationServiceClass discovered."
+ "Only one allowed.");
} else {
authorizationService = new DefaultESAuthorizationService();
}
} catch (final ESExtensionPointException e) {
final String message = "Custom authorization class not be initialized";
ModelUtil.logException(message, e);
return null;
authorizationService = new DefaultESAuthorizationService();
}

return new DefaultESAuthorizationService(
authorizationService.init(
sessions,
getOrgUnitResolverServive(),
orgUnitProvider);

return authorizationService;
}

private ESOrgUnitResolver initOrgUnitResolverService() {
ESOrgUnitResolver resolver;
try {
if (new ESExtensionPoint(ACCESSCONTROL_EXTENSION_ID, true).size() > 0) {
return new ESExtensionPoint(ACCESSCONTROL_EXTENSION_ID, true).getClass(
final int size = new ESExtensionPoint(ACCESSCONTROL_EXTENSION_ID, true).size();
if (size == 1) {
resolver = new ESExtensionPoint(ACCESSCONTROL_EXTENSION_ID, true).getClass(
"orgUnitResolverServiceClass", ESOrgUnitResolver.class); //$NON-NLS-1$
} else if (size > 1) {
throw new RuntimeException("Multiple extensions for "
+ "org.eclipse.emf.emfstore.server.accessControl.orgUnitResolverServiceClass discovered."
+ "Only one allowed.");
} else {
resolver = new DefaultESOrgUnitResolverService();
}
} catch (final ESExtensionPointException e) {
final String message = "Custom org unit resolver class not be initialized";
ModelUtil.logException(message, e);
return null;
resolver = new DefaultESOrgUnitResolverService();
}

return new DefaultESOrgUnitResolverService(orgUnitProvider);
resolver.init(orgUnitProvider);
return resolver;
}

private ESOrgUnitProvider initOrgUnitProviderService() {
ESOrgUnitProvider orgUnitProvider;
try {
if (new ESExtensionPoint(ACCESSCONTROL_EXTENSION_ID, true).size() > 0) {
return new ESExtensionPoint(ACCESSCONTROL_EXTENSION_ID, true).getClass(
final int size = new ESExtensionPoint(ACCESSCONTROL_EXTENSION_ID, true).size();
if (size == 1) {
orgUnitProvider = new ESExtensionPoint(ACCESSCONTROL_EXTENSION_ID, true).getClass(
"orgUnitProviderClass", ESOrgUnitProvider.class); //$NON-NLS-1$
} else if (size > 1) {
throw new RuntimeException("Multiple extensions for "
+ "org.eclipse.emf.emfstore.server.accessControl.orgUnitProviderClass discovered."
+ "Only one allowed.");
} else {
orgUnitProvider = new ESOrgUnitProviderImpl();
}
} catch (final ESExtensionPointException e) {
final String message = "Custom org unit provider class not be initialized";
ModelUtil.logException(message, e);
return null;
orgUnitProvider = new ESOrgUnitProviderImpl();
}

return new ESOrgUnitProviderImpl(serverSpace);
orgUnitProvider.init(serverSpace);
return orgUnitProvider;
}

/**
Expand Down
45 changes: 20 additions & 25 deletions ...org/eclipse/emf/emfstore/internal/server/accesscontrol/DefaultESAuthorizationService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,27 +64,9 @@ private enum AccessLevel {
}

private EnumMap<MethodId, AccessLevel> accessMap;
private final Sessions sessions;
private final ESOrgUnitResolver orgUnitResolver;
private final ESOrgUnitProvider orgUnitProvider;

/**
* Constructor.
*
* @param sessions
*
* @param orgUnitResolver
* an {@link ESOrgUnitResolver} to resolve the roles and groups of an organizational unit
* @param orgUnitProvider
*/
public DefaultESAuthorizationService(
Sessions sessions,
ESOrgUnitResolver orgUnitResolver,
ESOrgUnitProvider orgUnitProvider) {
this.sessions = sessions;
this.orgUnitResolver = orgUnitResolver;
this.orgUnitProvider = orgUnitProvider;
}
private Sessions sessions;
private ESOrgUnitResolver orgUnitResolver;
private ESOrgUnitProvider orgUnitProvider;

private void initAccessMap() {
if (accessMap != null) {
Expand Down Expand Up @@ -273,7 +255,7 @@ public boolean checkProjectAdminAccessForOrgUnit(ESSessionId sessionId, ESOrgUni
*/
public boolean checkProjectAdminAccessForOrgUnit(ESSessionId sessionId, ESOrgUnitId orgUnitId,
Set<ESGlobalProjectId> projectIds)
throws AccessControlException {
throws AccessControlException {

cleanupPARole(orgUnitId);
final ACUser user = sessions.getUser(sessionId);
Expand Down Expand Up @@ -316,7 +298,7 @@ public boolean checkProjectAdminAccessForOrgUnit(ESSessionId sessionId, ESOrgUni
// TODO: second parameter is optional
public boolean checkProjectAdminAccess(ESSessionId sessionId, ESGlobalProjectId projectId,
ESProjectAdminPrivileges privileg)
throws AccessControlException {
throws AccessControlException {
sessions.isValid(sessionId);

final ACUser user = sessions.getUser(sessionId);
Expand Down Expand Up @@ -478,14 +460,14 @@ public void checkAccess(MethodInvocation op) throws AccessControlException {
checkReadAccess(
op.getSessionId().toAPI(),
projectId == null ? null : projectId.toAPI(),
null);
null);
break;
case PROJECT_WRITE:
projectId = getProjectIdFromParameters(op);
checkWriteAccess(
op.getSessionId().toAPI(),
projectId == null ? null : projectId.toAPI(),
null);
null);
break;
case PROJECT_ADMIN:
projectId = getProjectIdFromParameters(op);
Expand Down Expand Up @@ -595,4 +577,17 @@ private ACOrgUnit<?> getOrgUnit(ACOrgUnitId orgUnitId) throws AccessControlExcep
throw new AccessControlException(Messages.AccessControlImpl_Given_OrgUnit_Does_Not_Exist);
}
}

/**
* {@inheritDoc}
*
* @see org.eclipse.emf.emfstore.server.auth.ESAuthorizationService#init(org.eclipse.emf.emfstore.internal.server.accesscontrol.Sessions,
* org.eclipse.emf.emfstore.server.auth.ESOrgUnitResolver,
* org.eclipse.emf.emfstore.server.model.ESOrgUnitProvider)
*/
public void init(Sessions sessions, ESOrgUnitResolver orgUnitResolverServive, ESOrgUnitProvider orgUnitProvider) {
this.sessions = sessions;
orgUnitResolver = orgUnitResolver;
this.orgUnitProvider = orgUnitProvider;
}
}
Loading

0 comments on commit 425b8e4

Please sign in to comment.