View Javadoc
1   /*
2    * Licensed to The Apereo Foundation under one or more contributor license
3    * agreements. See the NOTICE file distributed with this work for additional
4    * information regarding copyright ownership.
5    *
6    *
7    * The Apereo Foundation licenses this file to you under the Educational
8    * Community License, Version 2.0 (the "License"); you may not use this file
9    * except in compliance with the License. You may obtain a copy of the License
10   * at:
11   *
12   *   http://opensource.org/licenses/ecl2.txt
13   *
14   * Unless required by applicable law or agreed to in writing, software
15   * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16   * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the
17   * License for the specific language governing permissions and limitations under
18   * the License.
19   *
20   */
21  package org.opencastproject.external.util;
22  
23  import static com.entwinemedia.fn.data.json.Jsons.f;
24  import static com.entwinemedia.fn.data.json.Jsons.obj;
25  import static com.entwinemedia.fn.data.json.Jsons.v;
26  
27  import org.opencastproject.security.api.AccessControlEntry;
28  import org.opencastproject.security.api.AccessControlList;
29  
30  import com.entwinemedia.fn.data.json.JValue;
31  import com.entwinemedia.fn.data.json.Jsons;
32  
33  import org.apache.commons.lang3.StringUtils;
34  import org.json.simple.JSONArray;
35  import org.json.simple.JSONObject;
36  import org.json.simple.parser.JSONParser;
37  import org.json.simple.parser.ParseException;
38  
39  import java.util.ArrayList;
40  import java.util.List;
41  import java.util.ListIterator;
42  
43  public final class AclUtils {
44    private static final String ACTION_JSON_KEY = "action";
45    private static final String ALLOW_JSON_KEY = "allow";
46    private static final String ROLE_JSON_KEY = "role";
47  
48    private AclUtils() {
49    }
50  
51    /**
52     * De-serialize an JSON into an {@link AccessControlList}.
53     *
54     * @param json
55     *          The {@link AccessControlList} to serialize.
56     * @param assumeAllow
57     *          Assume that all entries are allows.
58     * @return An {@link AccessControlList} representation of the Json
59     * @throws IllegalArgumentException
60     *           Thrown if essential parts of an access control element is missing.
61     * @throws ParseException
62     *           Thrown if unable to parse the json value of the acl.
63     */
64    public static AccessControlList deserializeJsonToAcl(String json, boolean assumeAllow)
65            throws IllegalArgumentException, ParseException {
66      JSONParser parser = new JSONParser();
67      JSONArray aclJson = (JSONArray) parser.parse(json);
68      @SuppressWarnings("unchecked")
69      ListIterator<Object> iterator = aclJson.listIterator();
70      JSONObject aceJson;
71      List<AccessControlEntry> entries = new ArrayList<AccessControlEntry>();
72      while (iterator.hasNext()) {
73        aceJson = (JSONObject) iterator.next();
74        String action = aceJson.get(ACTION_JSON_KEY) != null ? aceJson.get(ACTION_JSON_KEY).toString() : "";
75        String allow;
76        if (assumeAllow) {
77          allow = "true";
78        } else {
79          allow = aceJson.get(ALLOW_JSON_KEY) != null ? aceJson.get(ALLOW_JSON_KEY).toString() : "";
80        }
81        String role = aceJson.get(ROLE_JSON_KEY) != null ? aceJson.get(ROLE_JSON_KEY).toString() : "";
82        if (StringUtils.trimToNull(action) != null && StringUtils.trimToNull(allow) != null
83                && StringUtils.trimToNull(role) != null) {
84          AccessControlEntry ace = new AccessControlEntry(role, action, Boolean.parseBoolean(allow));
85          entries.add(ace);
86        } else {
87          throw new IllegalArgumentException(
88                  String.format(
89                          "One of the access control elements is missing a property. The action was '%s', allow was '%s' and the role was '%s'",
90                          action, allow, role));
91        }
92      }
93      return new AccessControlList(entries);
94    }
95  
96    /**
97     * Serialize an {@link AccessControlList} into json.
98     *
99     * @param acl
100    *          The {@link AccessControlList} to serialize.
101    * @return A {@link JValue} representation of the {@link AccessControlList}
102    */
103   public static List<JValue> serializeAclToJson(AccessControlList acl) {
104     List<JValue> entries = new ArrayList<JValue>();
105     for (AccessControlEntry ace : acl.getEntries()) {
106       entries.add(obj(
107           f(ALLOW_JSON_KEY, v(ace.isAllow())), f(ACTION_JSON_KEY, v(ace.getAction(), Jsons.BLANK)),
108           f(ROLE_JSON_KEY, v(ace.getRole(), Jsons.BLANK))));
109     }
110     return entries;
111   }
112 }