Coverage Report

Coverage Report - org.kuali.rice.kew.doctype.DocumentTypeSecurity

Classes in this File

Line Coverage

Branch Coverage

Complexity

DocumentTypeSecurity

0/159

0/108

3.905

 /*
  * Copyright 2008-2009 The Kuali Foundation
  * 
  * Licensed under the Educational Community License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  * 
  * http://www.opensource.org/licenses/ecl2.php
  * 
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.kuali.rice.kew.doctype;
 
 import org.apache.commons.lang.StringUtils;
 import org.kuali.rice.core.api.impex.xml.XmlConstants;
 import org.kuali.rice.core.api.util.ConcreteKeyValue;
 import org.kuali.rice.core.api.util.KeyValue;
 import org.kuali.rice.kew.api.WorkflowRuntimeException;
 import org.kuali.rice.kew.exception.WorkflowException;
 import org.kuali.rice.kew.rule.bo.RuleAttribute;
 import org.kuali.rice.kew.rule.xmlrouting.XPathHelper;
 import org.kuali.rice.kew.service.KEWServiceLocator;
 import org.kuali.rice.kew.util.Utilities;
 import org.kuali.rice.kim.api.group.Group;
 import org.kuali.rice.kim.api.services.KimApiServiceLocator;
 import org.w3c.dom.Element;
 import org.w3c.dom.NamedNodeMap;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 import org.xml.sax.InputSource;
 import org.xml.sax.SAXException;
 
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.xpath.XPath;
 import javax.xml.xpath.XPathConstants;
 import java.io.BufferedReader;
 import java.io.IOException;
 import java.io.Serializable;
 import java.io.StringReader;
 import java.util.ArrayList;
 import java.util.List;
 
 
 public class DocumentTypeSecurity implements Serializable {
 
   private static final long serialVersionUID = -1886779857180381404L;
 
   private static final org.apache.log4j.Logger LOG = org.apache.log4j.Logger.getLogger(DocumentTypeSecurity.class);
   
   private Boolean active;
 
   private Boolean initiatorOk;
   private Boolean routeLogAuthenticatedOk;
   private List<KeyValue> searchableAttributes = new ArrayList<KeyValue>();
   private List<Group> workgroups = new ArrayList<Group>();
   private List<SecurityPermissionInfo> permissions = new ArrayList<SecurityPermissionInfo>();
   private List<String> allowedRoles = new ArrayList<String>();
   private List<String> disallowedRoles = new ArrayList<String>();
   private List<SecurityAttribute> securityAttributes = new ArrayList<SecurityAttribute>();
 
   private static XPath xpath = XPathHelper.newXPath();
 
   public DocumentTypeSecurity() {}
 
   /** parse <security> XML to populate security object
    * @throws ParserConfigurationException
    * @throws IOException
    * @throws SAXException */
   public DocumentTypeSecurity(String standardApplicationId, String documentTypeSecurityXml)
   {
     try {
       if (org.apache.commons.lang.StringUtils.isEmpty(documentTypeSecurityXml)) {
         return;
       }
 
       InputSource inputSource = new InputSource(new BufferedReader(new StringReader(documentTypeSecurityXml)));
       Element securityElement = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(inputSource).getDocumentElement();
 
       String active = (String) xpath.evaluate("./@active", securityElement, XPathConstants.STRING);
       if (org.apache.commons.lang.StringUtils.isEmpty(active) || "true".equals(active.toLowerCase())) {
         // true is the default
         this.setActive(Boolean.valueOf(true));
       }
       else {
         this.setActive(Boolean.valueOf(false));
       }
 
       // there should only be one <initiator> tag
       NodeList initiatorNodes = (NodeList) xpath.evaluate("./initiator", securityElement, XPathConstants.NODESET);
       if (initiatorNodes != null && initiatorNodes.getLength()>0) {
         Node initiatorNode = initiatorNodes.item(0);
         String value = initiatorNode.getTextContent();
         if (org.apache.commons.lang.StringUtils.isEmpty(value) || value.toLowerCase().equals("true")) {
           this.setInitiatorOk(Boolean.valueOf(true));
         }
         else {
           this.initiatorOk = Boolean.valueOf(false);
         }
       }
 
       // there should only be one <routeLogAuthenticated> tag
       NodeList routeLogAuthNodes = (NodeList) xpath.evaluate("./routeLogAuthenticated", securityElement, XPathConstants.NODESET);
       if (routeLogAuthNodes != null && routeLogAuthNodes.getLength()>0) {
         Node routeLogAuthNode = routeLogAuthNodes.item(0);
         String value = routeLogAuthNode.getTextContent();
         if (org.apache.commons.lang.StringUtils.isEmpty(value) || value.toLowerCase().equals("true")) {
           this.routeLogAuthenticatedOk = Boolean.valueOf(true);
         }
         else {
           this.routeLogAuthenticatedOk = Boolean.valueOf(false);
         }
       }
 
       NodeList searchableAttributeNodes = (NodeList) xpath.evaluate("./searchableAttribute", securityElement, XPathConstants.NODESET);
       if (searchableAttributeNodes != null && searchableAttributeNodes.getLength()>0) {
         for (int i = 0; i < searchableAttributeNodes.getLength(); i++) {
           Node searchableAttributeNode = searchableAttributeNodes.item(i);
           String name = (String) xpath.evaluate("./@name", searchableAttributeNode, XPathConstants.STRING);
           String idType = (String) xpath.evaluate("./@idType", searchableAttributeNode, XPathConstants.STRING);
           if (!org.apache.commons.lang.StringUtils.isEmpty(name) && !org.apache.commons.lang.StringUtils.isEmpty(idType)) {
             KeyValue searchableAttribute = new ConcreteKeyValue(name, idType);
             searchableAttributes.add(searchableAttribute);
           }
         }
       }
 
       NodeList workgroupNodes = (NodeList) xpath.evaluate("./workgroup", securityElement, XPathConstants.NODESET);
       if (workgroupNodes != null && workgroupNodes.getLength()>0) {
             LOG.warn("Document Type Security XML is using deprecated element 'workgroup', please use 'groupName' instead.");
         for (int i = 0; i < workgroupNodes.getLength(); i++) {
           Node workgroupNode = workgroupNodes.item(i);
           String value = workgroupNode.getTextContent().trim();
           if (!org.apache.commons.lang.StringUtils.isEmpty(value)) {
                 value = Utilities.substituteConfigParameters(value);
             String namespaceCode = Utilities.parseGroupNamespaceCode(value);
             String groupName = Utilities.parseGroupName(value);
                 Group groupObject = KimApiServiceLocator.getGroupService().getGroupByName(namespaceCode, groupName);
                 if (groupObject == null) {
                         throw new WorkflowException("Could not find group: " + value);
                 }
             workgroups.add(groupObject);
           }
         }
       }
 
       NodeList groupNodes = (NodeList) xpath.evaluate("./groupName", securityElement, XPathConstants.NODESET);
       if (groupNodes != null && groupNodes.getLength()>0) {
         for (int i = 0; i < groupNodes.getLength(); i++) {
           Node groupNode = groupNodes.item(i);
           if (groupNode.getNodeType() == Node.ELEMENT_NODE) {
                 String groupName = groupNode.getTextContent().trim();
             if (!org.apache.commons.lang.StringUtils.isEmpty(groupName)) {
               groupName = Utilities.substituteConfigParameters(groupName).trim();
               String namespaceCode = Utilities.substituteConfigParameters(((Element) groupNode).getAttribute(XmlConstants.NAMESPACE)).trim();
               Group groupObject = KimApiServiceLocator.getGroupService().getGroupByName(namespaceCode, groupName);
               
               
               if (groupObject != null) {
                       workgroups.add(groupObject); 
               } else {
                       LOG.warn("Could not find group with name '" + groupName + "' and namespace '" + namespaceCode + "' which was defined on Document Type security");
               }
 //                if (groupObject == null) {
 //                  throw new WorkflowException("Could not find group with name '" + groupName + "' and namespace '" + namespaceCode + "'");
 //                }
          
               
             }
           }
         }
       }
 
       NodeList permissionNodes = (NodeList) xpath.evaluate("./permission", securityElement, XPathConstants.NODESET);
       if (permissionNodes != null && permissionNodes.getLength()>0) {
         for (int i = 0; i < permissionNodes.getLength(); i++) {
           Node permissionNode = permissionNodes.item(i);
           if (permissionNode.getNodeType() == Node.ELEMENT_NODE) {
                   SecurityPermissionInfo securityPermission = new SecurityPermissionInfo();
                 securityPermission.setPermissionName(Utilities.substituteConfigParameters(((Element) permissionNode).getAttribute(XmlConstants.NAME)).trim());
                 securityPermission.setPermissionNamespaceCode(Utilities.substituteConfigParameters(((Element) permissionNode).getAttribute(XmlConstants.NAMESPACE)).trim());
                 if (!StringUtils.isEmpty(securityPermission.getPermissionName()) && !StringUtils.isEmpty(securityPermission.getPermissionNamespaceCode())) {
                         //get details and qualifications
                         if (permissionNode.hasChildNodes()) {
                                 NodeList permissionChildNodes = permissionNode.getChildNodes();
                                 for (int j = 0; j <permissionChildNodes.getLength(); j++) {
                                         Node permissionChildNode = permissionChildNodes.item(j);
                                         if (permissionChildNode.getNodeType() == Node.ELEMENT_NODE) {
                                                 String childAttributeName = Utilities.substituteConfigParameters(((Element) permissionChildNode).getAttribute(XmlConstants.NAME)).trim();
                                                 String childAttributeValue = permissionChildNode.getTextContent().trim();
                                                 if (!StringUtils.isEmpty(childAttributeValue)) {
                                                         childAttributeValue = Utilities.substituteConfigParameters(childAttributeValue).trim();
                                                 }
                                                 if (!StringUtils.isEmpty(childAttributeValue)) {
                                                         childAttributeValue = Utilities.substituteConfigParameters(childAttributeValue).trim();
                                                 }
                                                 if (permissionChildNode.getNodeName().trim().equals("permissionDetail")) {
                                                         securityPermission.getPermissionDetails().put(childAttributeName, childAttributeValue);
                                                 }
                                                 if (permissionChildNode.getNodeName().trim().equals("qualification")) {
                                                         securityPermission.getQualifications().put(childAttributeName, childAttributeValue);
                                                 }
                                         }
                                 }
                         }
                         
               if ( KimApiServiceLocator.getPermissionService().isPermissionDefined(securityPermission.getPermissionNamespaceCode(), securityPermission.getPermissionName(), securityPermission.getPermissionDetails())) {
                       permissions.add(securityPermission); 
               } else {
                       LOG.warn("Could not find permission with name '" + securityPermission.getPermissionName() + "' and namespace '" + securityPermission.getPermissionNamespaceCode() + "' which was defined on Document Type security");
               }
             }
           }
         }
       }
       
       NodeList roleNodes = (NodeList) xpath.evaluate("./role", securityElement, XPathConstants.NODESET);
       if (roleNodes != null && roleNodes.getLength()>0) {
         for (int i = 0; i < roleNodes.getLength(); i++) {
           Element roleElement = (Element)roleNodes.item(i);
           String value = roleElement.getTextContent().trim();
           String allowedValue = roleElement.getAttribute("allowed");
           if (StringUtils.isBlank(allowedValue)) {
                   allowedValue = "true";
           }
           if (!org.apache.commons.lang.StringUtils.isEmpty(value)) {
                   if (Boolean.parseBoolean(allowedValue)) {
                           allowedRoles.add(value);
                   } else {
                           disallowedRoles.add(value);
                   }
           }
         }
       }
 
       NodeList attributeNodes = (NodeList) xpath.evaluate("./securityAttribute", securityElement, XPathConstants.NODESET);
       if (attributeNodes != null && attributeNodes.getLength()>0) {
           for (int i = 0; i < attributeNodes.getLength(); i++) {
             Element attributeElement = (Element)attributeNodes.item(i);
             NamedNodeMap elemAttributes = attributeElement.getAttributes();
             String className = null;
             String applicationId = standardApplicationId;
             if (elemAttributes.getNamedItem("name") != null) {
                 // found a name attribute so find the class name
                 String ruleAttributeName = elemAttributes.getNamedItem("name").getNodeValue().trim();
                 RuleAttribute ruleAttribute = KEWServiceLocator.getRuleAttributeService().findByName(ruleAttributeName);
                 if (ruleAttribute == null) {
                     throw new WorkflowException("Could not find rule attribute: " + ruleAttributeName);
                 }
                 applicationId = ruleAttribute.getApplicationId();
                 className = ruleAttribute.getClassName();
             } else if (elemAttributes.getNamedItem("class") != null) {
                 // class name defined
                 className = elemAttributes.getNamedItem("class").getNodeValue().trim();
             } else {
                 throw new WorkflowException("Cannot find attribute 'name' or attribute 'class' for securityAttribute Node");
             }
           
             this.securityAttributes.add(new LazyLoadSecurityAttribute(className, applicationId));
             
           }
         }
     } catch (Exception err) {
       throw new WorkflowRuntimeException(err);
     }
   }
 
   public List<SecurityAttribute> getSecurityAttributes() {
     return this.securityAttributes;
   }
 
   public void setSecurityAttributes(List<SecurityAttribute> securityAttributes) {
     this.securityAttributes = securityAttributes;
   }
 
   public Boolean getInitiatorOk() {
     return initiatorOk;
   }
   public void setInitiatorOk(Boolean initiatorOk) {
     this.initiatorOk = initiatorOk;
   }
 
   public Boolean getRouteLogAuthenticatedOk() {
     return routeLogAuthenticatedOk;
   }
   public void setRouteLogAuthenticatedOk(Boolean routeLogAuthenticatedOk) {
     this.routeLogAuthenticatedOk = routeLogAuthenticatedOk;
   }
 
   public List<String> getAllowedRoles() {
         return allowedRoles;
   }
 
   public void setAllowedRoles(List<String> allowedRoles) {
         this.allowedRoles = allowedRoles;
   }
 
   public List<String> getDisallowedRoles() {
         return disallowedRoles;
   }
 
   public void setDisallowedRoles(List<String> disallowedRoles) {
         this.disallowedRoles = disallowedRoles;
   }
 
   public List<KeyValue> getSearchableAttributes() {
         return searchableAttributes;
   }
 
   public void setSearchableAttributes(List<KeyValue> searchableAttributes) {
         this.searchableAttributes = searchableAttributes;
   }
 
   public List<Group> getWorkgroups() {
         return workgroups;
   }
 
   public void setWorkgroups(List<Group> workgroups) {
         this.workgroups = workgroups;
   }
   
   public List<SecurityPermissionInfo> getPermissions() {
     return this.permissions;
   }
 
   public void setPermissions(List<SecurityPermissionInfo> permissions) {
         this.permissions = permissions;
   }
 
   public Boolean getActive() {
     return active;
   }
 
   public void setActive(Boolean active) {
     this.active = active;
   }
 
   public boolean isActive() {
     if (active != null) {
       return active.booleanValue();
     }
     else {
       return false;
     }
   }
 }

1		/*
2		* Copyright 2008-2009 The Kuali Foundation
3		*
4		* Licensed under the Educational Community License, Version 2.0 (the "License");
5		* you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		*
8		* http://www.opensource.org/licenses/ecl2.php
9		*
10		* Unless required by applicable law or agreed to in writing, software
11		* distributed under the License is distributed on an "AS IS" BASIS,
12		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13		* See the License for the specific language governing permissions and
14		* limitations under the License.
15		*/
16		package org.kuali.rice.kew.doctype;
17
18		import org.apache.commons.lang.StringUtils;
19		import org.kuali.rice.core.api.impex.xml.XmlConstants;
20		import org.kuali.rice.core.api.util.ConcreteKeyValue;
21		import org.kuali.rice.core.api.util.KeyValue;
22		import org.kuali.rice.kew.api.WorkflowRuntimeException;
23		import org.kuali.rice.kew.exception.WorkflowException;
24		import org.kuali.rice.kew.rule.bo.RuleAttribute;
25		import org.kuali.rice.kew.rule.xmlrouting.XPathHelper;
26		import org.kuali.rice.kew.service.KEWServiceLocator;
27		import org.kuali.rice.kew.util.Utilities;
28		import org.kuali.rice.kim.api.group.Group;
29		import org.kuali.rice.kim.api.services.KimApiServiceLocator;
30		import org.w3c.dom.Element;
31		import org.w3c.dom.NamedNodeMap;
32		import org.w3c.dom.Node;
33		import org.w3c.dom.NodeList;
34		import org.xml.sax.InputSource;
35		import org.xml.sax.SAXException;
36
37		import javax.xml.parsers.DocumentBuilderFactory;
38		import javax.xml.parsers.ParserConfigurationException;
39		import javax.xml.xpath.XPath;
40		import javax.xml.xpath.XPathConstants;
41		import java.io.BufferedReader;
42		import java.io.IOException;
43		import java.io.Serializable;
44		import java.io.StringReader;
45		import java.util.ArrayList;
46		import java.util.List;
47
48
49		public class DocumentTypeSecurity implements Serializable {
50
51		private static final long serialVersionUID = -1886779857180381404L;
52
53	0	private static final org.apache.log4j.Logger LOG = org.apache.log4j.Logger.getLogger(DocumentTypeSecurity.class);
54
55		private Boolean active;
56
57		private Boolean initiatorOk;
58		private Boolean routeLogAuthenticatedOk;
59	0	private List<KeyValue> searchableAttributes = new ArrayList<KeyValue>();
60	0	private List<Group> workgroups = new ArrayList<Group>();
61	0	private List<SecurityPermissionInfo> permissions = new ArrayList<SecurityPermissionInfo>();
62	0	private List<String> allowedRoles = new ArrayList<String>();
63	0	private List<String> disallowedRoles = new ArrayList<String>();
64	0	private List<SecurityAttribute> securityAttributes = new ArrayList<SecurityAttribute>();
65
66	0	private static XPath xpath = XPathHelper.newXPath();
67
68	0	public DocumentTypeSecurity() {}
69
70		/** parse <security> XML to populate security object
71		* @throws ParserConfigurationException
72		* @throws IOException
73		* @throws SAXException */
74		public DocumentTypeSecurity(String standardApplicationId, String documentTypeSecurityXml)
75	0	{
76		try {
77	0	if (org.apache.commons.lang.StringUtils.isEmpty(documentTypeSecurityXml)) {
78	0	return;
79		}
80
81	0	InputSource inputSource = new InputSource(new BufferedReader(new StringReader(documentTypeSecurityXml)));
82	0	Element securityElement = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(inputSource).getDocumentElement();
83
84	0	String active = (String) xpath.evaluate("./@active", securityElement, XPathConstants.STRING);
85	0	if (org.apache.commons.lang.StringUtils.isEmpty(active) \|\| "true".equals(active.toLowerCase())) {
86		// true is the default
87	0	this.setActive(Boolean.valueOf(true));
88		}
89		else {
90	0	this.setActive(Boolean.valueOf(false));
91		}
92
93		// there should only be one <initiator> tag
94	0	NodeList initiatorNodes = (NodeList) xpath.evaluate("./initiator", securityElement, XPathConstants.NODESET);
95	0	if (initiatorNodes != null && initiatorNodes.getLength()>0) {
96	0	Node initiatorNode = initiatorNodes.item(0);
97	0	String value = initiatorNode.getTextContent();
98	0	if (org.apache.commons.lang.StringUtils.isEmpty(value) \|\| value.toLowerCase().equals("true")) {
99	0	this.setInitiatorOk(Boolean.valueOf(true));
100		}
101		else {
102	0	this.initiatorOk = Boolean.valueOf(false);
103		}
104		}
105
106		// there should only be one <routeLogAuthenticated> tag
107	0	NodeList routeLogAuthNodes = (NodeList) xpath.evaluate("./routeLogAuthenticated", securityElement, XPathConstants.NODESET);
108	0	if (routeLogAuthNodes != null && routeLogAuthNodes.getLength()>0) {
109	0	Node routeLogAuthNode = routeLogAuthNodes.item(0);
110	0	String value = routeLogAuthNode.getTextContent();
111	0	if (org.apache.commons.lang.StringUtils.isEmpty(value) \|\| value.toLowerCase().equals("true")) {
112	0	this.routeLogAuthenticatedOk = Boolean.valueOf(true);
113		}
114		else {
115	0	this.routeLogAuthenticatedOk = Boolean.valueOf(false);
116		}
117		}
118
119	0	NodeList searchableAttributeNodes = (NodeList) xpath.evaluate("./searchableAttribute", securityElement, XPathConstants.NODESET);
120	0	if (searchableAttributeNodes != null && searchableAttributeNodes.getLength()>0) {
121	0	for (int i = 0; i < searchableAttributeNodes.getLength(); i++) {
122	0	Node searchableAttributeNode = searchableAttributeNodes.item(i);
123	0	String name = (String) xpath.evaluate("./@name", searchableAttributeNode, XPathConstants.STRING);
124	0	String idType = (String) xpath.evaluate("./@idType", searchableAttributeNode, XPathConstants.STRING);
125	0	if (!org.apache.commons.lang.StringUtils.isEmpty(name) && !org.apache.commons.lang.StringUtils.isEmpty(idType)) {
126	0	KeyValue searchableAttribute = new ConcreteKeyValue(name, idType);
127	0	searchableAttributes.add(searchableAttribute);
128		}
129		}
130		}
131
132	0	NodeList workgroupNodes = (NodeList) xpath.evaluate("./workgroup", securityElement, XPathConstants.NODESET);
133	0	if (workgroupNodes != null && workgroupNodes.getLength()>0) {
134	0	LOG.warn("Document Type Security XML is using deprecated element 'workgroup', please use 'groupName' instead.");
135	0	for (int i = 0; i < workgroupNodes.getLength(); i++) {
136	0	Node workgroupNode = workgroupNodes.item(i);
137	0	String value = workgroupNode.getTextContent().trim();
138	0	if (!org.apache.commons.lang.StringUtils.isEmpty(value)) {
139	0	value = Utilities.substituteConfigParameters(value);
140	0	String namespaceCode = Utilities.parseGroupNamespaceCode(value);
141	0	String groupName = Utilities.parseGroupName(value);
142	0	Group groupObject = KimApiServiceLocator.getGroupService().getGroupByName(namespaceCode, groupName);
143	0	if (groupObject == null) {
144	0	throw new WorkflowException("Could not find group: " + value);
145		}
146	0	workgroups.add(groupObject);
147		}
148		}
149		}
150
151	0	NodeList groupNodes = (NodeList) xpath.evaluate("./groupName", securityElement, XPathConstants.NODESET);
152	0	if (groupNodes != null && groupNodes.getLength()>0) {
153	0	for (int i = 0; i < groupNodes.getLength(); i++) {
154	0	Node groupNode = groupNodes.item(i);
155	0	if (groupNode.getNodeType() == Node.ELEMENT_NODE) {
156	0	String groupName = groupNode.getTextContent().trim();
157	0	if (!org.apache.commons.lang.StringUtils.isEmpty(groupName)) {
158	0	groupName = Utilities.substituteConfigParameters(groupName).trim();
159	0	String namespaceCode = Utilities.substituteConfigParameters(((Element) groupNode).getAttribute(XmlConstants.NAMESPACE)).trim();
160	0	Group groupObject = KimApiServiceLocator.getGroupService().getGroupByName(namespaceCode, groupName);
161
162
163	0	if (groupObject != null) {
164	0	workgroups.add(groupObject);
165		} else {
166	0	LOG.warn("Could not find group with name '" + groupName + "' and namespace '" + namespaceCode + "' which was defined on Document Type security");
167		}
168		// if (groupObject == null) {
169		// throw new WorkflowException("Could not find group with name '" + groupName + "' and namespace '" + namespaceCode + "'");
170		// }
171
172
173		}
174		}
175		}
176		}
177
178	0	NodeList permissionNodes = (NodeList) xpath.evaluate("./permission", securityElement, XPathConstants.NODESET);
179	0	if (permissionNodes != null && permissionNodes.getLength()>0) {
180	0	for (int i = 0; i < permissionNodes.getLength(); i++) {
181	0	Node permissionNode = permissionNodes.item(i);
182	0	if (permissionNode.getNodeType() == Node.ELEMENT_NODE) {
183	0	SecurityPermissionInfo securityPermission = new SecurityPermissionInfo();
184	0	securityPermission.setPermissionName(Utilities.substituteConfigParameters(((Element) permissionNode).getAttribute(XmlConstants.NAME)).trim());
185	0	securityPermission.setPermissionNamespaceCode(Utilities.substituteConfigParameters(((Element) permissionNode).getAttribute(XmlConstants.NAMESPACE)).trim());
186	0	if (!StringUtils.isEmpty(securityPermission.getPermissionName()) && !StringUtils.isEmpty(securityPermission.getPermissionNamespaceCode())) {
187		//get details and qualifications
188	0	if (permissionNode.hasChildNodes()) {
189	0	NodeList permissionChildNodes = permissionNode.getChildNodes();
190	0	for (int j = 0; j <permissionChildNodes.getLength(); j++) {
191	0	Node permissionChildNode = permissionChildNodes.item(j);
192	0	if (permissionChildNode.getNodeType() == Node.ELEMENT_NODE) {
193	0	String childAttributeName = Utilities.substituteConfigParameters(((Element) permissionChildNode).getAttribute(XmlConstants.NAME)).trim();
194	0	String childAttributeValue = permissionChildNode.getTextContent().trim();
195	0	if (!StringUtils.isEmpty(childAttributeValue)) {
196	0	childAttributeValue = Utilities.substituteConfigParameters(childAttributeValue).trim();
197		}
198	0	if (!StringUtils.isEmpty(childAttributeValue)) {
199	0	childAttributeValue = Utilities.substituteConfigParameters(childAttributeValue).trim();
200		}
201	0	if (permissionChildNode.getNodeName().trim().equals("permissionDetail")) {
202	0	securityPermission.getPermissionDetails().put(childAttributeName, childAttributeValue);
203		}
204	0	if (permissionChildNode.getNodeName().trim().equals("qualification")) {
205	0	securityPermission.getQualifications().put(childAttributeName, childAttributeValue);
206		}
207		}
208		}
209		}
210
211	0	if ( KimApiServiceLocator.getPermissionService().isPermissionDefined(securityPermission.getPermissionNamespaceCode(), securityPermission.getPermissionName(), securityPermission.getPermissionDetails())) {
212	0	permissions.add(securityPermission);
213		} else {
214	0	LOG.warn("Could not find permission with name '" + securityPermission.getPermissionName() + "' and namespace '" + securityPermission.getPermissionNamespaceCode() + "' which was defined on Document Type security");
215		}
216		}
217		}
218		}
219		}
220
221	0	NodeList roleNodes = (NodeList) xpath.evaluate("./role", securityElement, XPathConstants.NODESET);
222	0	if (roleNodes != null && roleNodes.getLength()>0) {
223	0	for (int i = 0; i < roleNodes.getLength(); i++) {
224	0	Element roleElement = (Element)roleNodes.item(i);
225	0	String value = roleElement.getTextContent().trim();
226	0	String allowedValue = roleElement.getAttribute("allowed");
227	0	if (StringUtils.isBlank(allowedValue)) {
228	0	allowedValue = "true";
229		}
230	0	if (!org.apache.commons.lang.StringUtils.isEmpty(value)) {
231	0	if (Boolean.parseBoolean(allowedValue)) {
232	0	allowedRoles.add(value);
233		} else {
234	0	disallowedRoles.add(value);
235		}
236		}
237		}
238		}
239
240	0	NodeList attributeNodes = (NodeList) xpath.evaluate("./securityAttribute", securityElement, XPathConstants.NODESET);
241	0	if (attributeNodes != null && attributeNodes.getLength()>0) {
242	0	for (int i = 0; i < attributeNodes.getLength(); i++) {
243	0	Element attributeElement = (Element)attributeNodes.item(i);
244	0	NamedNodeMap elemAttributes = attributeElement.getAttributes();
245	0	String className = null;
246	0	String applicationId = standardApplicationId;
247	0	if (elemAttributes.getNamedItem("name") != null) {
248		// found a name attribute so find the class name
249	0	String ruleAttributeName = elemAttributes.getNamedItem("name").getNodeValue().trim();
250	0	RuleAttribute ruleAttribute = KEWServiceLocator.getRuleAttributeService().findByName(ruleAttributeName);
251	0	if (ruleAttribute == null) {
252	0	throw new WorkflowException("Could not find rule attribute: " + ruleAttributeName);
253		}
254	0	applicationId = ruleAttribute.getApplicationId();
255	0	className = ruleAttribute.getClassName();
256	0	} else if (elemAttributes.getNamedItem("class") != null) {
257		// class name defined
258	0	className = elemAttributes.getNamedItem("class").getNodeValue().trim();
259		} else {
260	0	throw new WorkflowException("Cannot find attribute 'name' or attribute 'class' for securityAttribute Node");
261		}
262
263	0	this.securityAttributes.add(new LazyLoadSecurityAttribute(className, applicationId));
264
265		}
266		}
267	0	} catch (Exception err) {
268	0	throw new WorkflowRuntimeException(err);
269	0	}
270	0	}
271
272		public List<SecurityAttribute> getSecurityAttributes() {
273	0	return this.securityAttributes;
274		}
275
276		public void setSecurityAttributes(List<SecurityAttribute> securityAttributes) {
277	0	this.securityAttributes = securityAttributes;
278	0	}
279
280		public Boolean getInitiatorOk() {
281	0	return initiatorOk;
282		}
283		public void setInitiatorOk(Boolean initiatorOk) {
284	0	this.initiatorOk = initiatorOk;
285	0	}
286
287		public Boolean getRouteLogAuthenticatedOk() {
288	0	return routeLogAuthenticatedOk;
289		}
290		public void setRouteLogAuthenticatedOk(Boolean routeLogAuthenticatedOk) {
291	0	this.routeLogAuthenticatedOk = routeLogAuthenticatedOk;
292	0	}
293
294		public List<String> getAllowedRoles() {
295	0	return allowedRoles;
296		}
297
298		public void setAllowedRoles(List<String> allowedRoles) {
299	0	this.allowedRoles = allowedRoles;
300	0	}
301
302		public List<String> getDisallowedRoles() {
303	0	return disallowedRoles;
304		}
305
306		public void setDisallowedRoles(List<String> disallowedRoles) {
307	0	this.disallowedRoles = disallowedRoles;
308	0	}
309
310		public List<KeyValue> getSearchableAttributes() {
311	0	return searchableAttributes;
312		}
313
314		public void setSearchableAttributes(List<KeyValue> searchableAttributes) {
315	0	this.searchableAttributes = searchableAttributes;
316	0	}
317
318		public List<Group> getWorkgroups() {
319	0	return workgroups;
320		}
321
322		public void setWorkgroups(List<Group> workgroups) {
323	0	this.workgroups = workgroups;
324	0	}
325
326		public List<SecurityPermissionInfo> getPermissions() {
327	0	return this.permissions;
328		}
329
330		public void setPermissions(List<SecurityPermissionInfo> permissions) {
331	0	this.permissions = permissions;
332	0	}
333
334		public Boolean getActive() {
335	0	return active;
336		}
337
338		public void setActive(Boolean active) {
339	0	this.active = active;
340	0	}
341
342		public boolean isActive() {
343	0	if (active != null) {
344	0	return active.booleanValue();
345		}
346		else {
347	0	return false;
348		}
349		}
350		}