/
ACLEventListener.java
150 lines (129 loc) · 4.82 KB
/
ACLEventListener.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
/*
* ome.security.ACLEventListener
*
* Copyright 2006 University of Dundee. All rights reserved.
* Use is subject to license terms supplied in LICENSE.txt
*/
package ome.security;
// Java imports
// Third-party imports
import java.util.Set;
import ome.conditions.SecurityViolation;
import ome.model.IObject;
import ome.tools.hibernate.HibernateUtils;
import org.hibernate.event.PostDeleteEvent;
import org.hibernate.event.PostDeleteEventListener;
import org.hibernate.event.PostInsertEvent;
import org.hibernate.event.PostInsertEventListener;
import org.hibernate.event.PostLoadEvent;
import org.hibernate.event.PostLoadEventListener;
import org.hibernate.event.PostUpdateEvent;
import org.hibernate.event.PostUpdateEventListener;
import org.hibernate.event.PreDeleteEvent;
import org.hibernate.event.PreDeleteEventListener;
import org.hibernate.event.PreInsertEvent;
import org.hibernate.event.PreInsertEventListener;
import org.hibernate.event.PreLoadEvent;
import org.hibernate.event.PreLoadEventListener;
import org.hibernate.event.PreUpdateEvent;
import org.hibernate.event.PreUpdateEventListener;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* responsible for intercepting all pre-INSERT, pre-UPDATE, pre-DELETE, and
* post-LOAD events to apply access control. For each event, a call is made to
* the {@link SecuritySystem} to see if the event is allowed, and if not,
* another call is made to the {@link SecuritySystem} to throw a
* {@link SecurityViolation}.
*
* @author Josh Moore, josh.moore at gmx.de
* @version $Revision$, $Date$
* @see SecuritySystem
* @see SecurityViolation
* @since 3.0-M3
*/
public class ACLEventListener implements
/* BEFORE... */PreDeleteEventListener, PreInsertEventListener,
/* and...... */PreLoadEventListener, PreUpdateEventListener,
/* AFTER.... */PostDeleteEventListener, PostInsertEventListener,
/* TRIGGERS. */PostLoadEventListener, PostUpdateEventListener {
private static final long serialVersionUID = 3603644089117965153L;
private static Logger log = LoggerFactory.getLogger(ACLEventListener.class);
private final ACLVoter aclVoter;
/**
* main constructor. controls access to individual db rows..
*/
public ACLEventListener(ACLVoter aclVoter) {
this.aclVoter = aclVoter;
}
//
// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
// Acting as all hibernate triggers
// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
//
/** unused */
public void onPostDelete(PostDeleteEvent event) {
}
/** unused */
public void onPostInsert(PostInsertEvent event) {
}
/** unused */
public void onPostUpdate(PostUpdateEvent event) {
}
/** unused */
public void onPreLoad(PreLoadEvent event) {
}
/**
* catches all load events after the fact, and tests the current users
* permissions to read that object. We have to catch the load after the fact
* because the permissions information is stored in the db.
*/
public void onPostLoad(PostLoadEvent event) {
Object entity = event.getEntity();
if (entity instanceof IObject) {
IObject o = (IObject) entity;
if (!aclVoter.allowLoad(event.getSession(), o.getClass(), o.getDetails(), o.getId())) {
aclVoter.throwLoadViolation(o);
}
Set<String> restrictions = aclVoter.restrictions(o);
((IObject) entity).getDetails().getPermissions()
.addExtendedRestrictions(restrictions);
}
}
public boolean onPreInsert(PreInsertEvent event) {
Object entity = event.getEntity();
if (entity instanceof IObject) {
IObject obj = (IObject) entity;
if (!aclVoter.allowCreation(obj)) {
aclVoter.throwCreationViolation(obj);
}
}
return false;
}
public boolean onPreUpdate(PreUpdateEvent event) {
Object entity = event.getEntity();
Object[] state = event.getOldState();
String[] names = event.getPersister().getPropertyNames();
if (entity instanceof IObject) {
IObject obj = (IObject) entity;
if (!aclVoter.allowUpdate(obj,
HibernateUtils.getDetails(state, names))) {
aclVoter.throwUpdateViolation(obj);
}
}
return false;
}
public boolean onPreDelete(PreDeleteEvent event) {
Object entity = event.getEntity();
Object[] state = event.getDeletedState();
String[] names = event.getPersister().getPropertyNames();
if (entity instanceof IObject) {
IObject obj = (IObject) entity;
if (!aclVoter.allowDelete(obj, HibernateUtils.getDetails(state,
names))) {
aclVoter.throwDeleteViolation(obj);
}
}
return false;
}
}