View Javadoc
1   /*
2    * Licensed to The Apereo Foundation under one or more contributor license
3    * agreements. See the NOTICE file distributed with this work for additional
4    * information regarding copyright ownership.
5    *
6    *
7    * The Apereo Foundation licenses this file to you under the Educational
8    * Community License, Version 2.0 (the "License"); you may not use this file
9    * except in compliance with the License. You may obtain a copy of the License
10   * at:
11   *
12   *   http://opensource.org/licenses/ecl2.txt
13   *
14   * Unless required by applicable law or agreed to in writing, software
15   * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16   * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the
17   * License for the specific language governing permissions and limitations under
18   * the License.
19   *
20   */
21  package org.opencastproject.external.util;
22  
23  import static org.opencastproject.index.service.util.JSONUtils.safeString;
24  
25  import org.opencastproject.security.api.AccessControlEntry;
26  import org.opencastproject.security.api.AccessControlList;
27  
28  import com.google.gson.JsonArray;
29  import com.google.gson.JsonObject;
30  
31  import org.apache.commons.lang3.StringUtils;
32  import org.json.simple.JSONArray;
33  import org.json.simple.JSONObject;
34  import org.json.simple.parser.JSONParser;
35  import org.json.simple.parser.ParseException;
36  
37  import java.util.ArrayList;
38  import java.util.List;
39  import java.util.ListIterator;
40  
41  public final class AclUtils {
42    private static final String ACTION_JSON_KEY = "action";
43    private static final String ALLOW_JSON_KEY = "allow";
44    private static final String ROLE_JSON_KEY = "role";
45  
46    private AclUtils() {
47    }
48  
49    /**
50     * De-serialize an JSON into an {@link AccessControlList}.
51     *
52     * @param json
53     *          The {@link AccessControlList} to serialize.
54     * @param assumeAllow
55     *          Assume that all entries are allows.
56     * @return An {@link AccessControlList} representation of the Json
57     * @throws IllegalArgumentException
58     *           Thrown if essential parts of an access control element is missing.
59     * @throws ParseException
60     *           Thrown if unable to parse the json value of the acl.
61     */
62    public static AccessControlList deserializeJsonToAcl(String json, boolean assumeAllow)
63            throws IllegalArgumentException, ParseException {
64      JSONParser parser = new JSONParser();
65      JSONArray aclJson = (JSONArray) parser.parse(json);
66      @SuppressWarnings("unchecked")
67      ListIterator<Object> iterator = aclJson.listIterator();
68      JSONObject aceJson;
69      List<AccessControlEntry> entries = new ArrayList<AccessControlEntry>();
70      while (iterator.hasNext()) {
71        aceJson = (JSONObject) iterator.next();
72        String action = aceJson.get(ACTION_JSON_KEY) != null ? aceJson.get(ACTION_JSON_KEY).toString() : "";
73        String allow;
74        if (assumeAllow) {
75          allow = "true";
76        } else {
77          allow = aceJson.get(ALLOW_JSON_KEY) != null ? aceJson.get(ALLOW_JSON_KEY).toString() : "";
78        }
79        String role = aceJson.get(ROLE_JSON_KEY) != null ? aceJson.get(ROLE_JSON_KEY).toString() : "";
80        if (StringUtils.trimToNull(action) != null && StringUtils.trimToNull(allow) != null
81                && StringUtils.trimToNull(role) != null) {
82          AccessControlEntry ace = new AccessControlEntry(role, action, Boolean.parseBoolean(allow));
83          entries.add(ace);
84        } else {
85          throw new IllegalArgumentException(
86                  String.format(
87                          "One of the access control elements is missing a property. The action was '%s', allow was '%s' and the role was '%s'",
88                          action, allow, role));
89        }
90      }
91      return new AccessControlList(entries);
92    }
93  
94    /**
95     * Serialize an {@link AccessControlList} into json.
96     *
97     * @param acl
98     *          The {@link AccessControlList} to serialize.
99     * @return A {@link JsonArray} representation of the {@link AccessControlList}
100    */
101   public static JsonArray serializeAclToJson(AccessControlList acl) {
102     JsonArray entries = new JsonArray();
103     for (AccessControlEntry ace : acl.getEntries()) {
104       JsonObject entry = new JsonObject();
105       entry.addProperty(ALLOW_JSON_KEY, ace.isAllow());
106       entry.addProperty(ACTION_JSON_KEY, safeString(ace.getAction()));
107       entry.addProperty(ROLE_JSON_KEY, safeString(ace.getRole()));
108       entries.add(entry);
109     }
110     return entries;
111   }
112 }