001    /*
002     * Copyright (c) 2011, Cloudera, Inc. All Rights Reserved.
003     *
004     * Cloudera, Inc. licenses this file to you under the Apache License,
005     * Version 2.0 (the "License"). You may not use this file except in
006     * compliance with the License. You may obtain a copy of the License at
007     *
008     *     http://www.apache.org/licenses/LICENSE-2.0
009     *
010     * This software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
011     * CONDITIONS OF ANY KIND, either express or implied. See the License for
012     * the specific language governing permissions and limitations under the
013     * License.
014     */
015    package com.cloudera.lib.service.security;
016    
017    import com.cloudera.lib.server.BaseService;
018    import com.cloudera.lib.server.ServiceException;
019    import com.cloudera.lib.service.ACL;
020    import com.cloudera.lib.service.Groups;
021    import com.cloudera.lib.util.Check;
022    
023    import java.io.IOException;
024    import java.security.AccessControlException;
025    import java.text.MessageFormat;
026    import java.util.List;
027    
028    public class ACLService extends BaseService implements ACL {
029      private static final String PREFIX = "acl";
030    
031      public ACLService() {
032        super(PREFIX);
033      }
034    
035      @Override
036      protected void init() throws ServiceException {
037      }
038    
039      @Override
040      public Class getInterface() {
041        return ACL.class;
042      }
043    
044      @Override
045      public Class[] getServiceDependencies() {
046        return new Class[]{Groups.class};
047      }
048    
049      @Override
050      public void validate(String user, String owner, String acl) throws AccessControlException {
051        Check.notEmpty(user, "user");
052        Check.notEmpty(owner, "owner");
053        if (!user.equals(owner)) {
054          if (acl != null) {
055            String values[] = acl.split(",");
056            for (String value : values) {
057              value = value.trim();
058              if (value.equals(user)) {
059                return;
060              }
061            }
062            try {
063              List<String> groups = getServer().get(Groups.class).getGroups(user);
064              for (String value : values) {
065                if (groups.contains(value)) {
066                  return;
067                }
068              }
069              throw new AccessControlException(MessageFormat.format("User [{0}] does not satisfy ACL [{1}]",
070                                                                    user, acl));
071            }
072            catch (IOException ex) {
073              throw new AccessControlException(ex.getMessage());
074            }
075          }
076          else {
077            throw new AccessControlException(MessageFormat.format("No ACL, user [{0}] not owner [{1}]",
078                                                                  user, owner));
079          }
080        }
081      }
082    
083    }