001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: *
017: */
018:
019: /* $Id: DefaultPolicy.java 473861 2006-11-12 03:51:14Z gregor $ */
020:
021: package org.apache.lenya.ac.impl;
022:
023: import java.util.ArrayList;
024: import java.util.Arrays;
025: import java.util.Iterator;
026: import java.util.LinkedHashSet;
027: import java.util.List;
028: import java.util.Set;
029:
030: import org.apache.lenya.ac.AccessControlException;
031: import org.apache.lenya.ac.Accreditable;
032: import org.apache.lenya.ac.Credential;
033: import org.apache.lenya.ac.Identity;
034: import org.apache.lenya.ac.ModifiablePolicy;
035: import org.apache.lenya.ac.Policy;
036: import org.apache.lenya.ac.Role;
037:
038: /**
039: * A DefaultPolicy is the own policy of a certain URL (not merged).
040: */
041: public class DefaultPolicy implements ModifiablePolicy {
042:
043: private List credentials = new ArrayList();
044:
045: /**
046: * Adds a credential to this policy.
047: *
048: * @param credential A credential.
049: */
050: public void addCredential(Credential credential) {
051: assert credential != null;
052: if (this .credentials.contains(credential)) {
053: throw new IllegalArgumentException("The credential ["
054: + credential + "] is already contained!");
055: } else {
056: this .credentials.add(credential);
057: }
058: }
059:
060: /**
061: * Adds a role to this policy for a certain accreditable and a certain role.
062: *
063: * @param accreditable An accreditable.
064: * @param role A role.
065: */
066: public void addRole(Accreditable accreditable, Role role,
067: String method) {
068: assert accreditable != null;
069: assert role != null;
070: CredentialImpl cred = new CredentialImpl(accreditable, role);
071: cred.setMethod(method);
072: addCredential(cred);
073: }
074:
075: /**
076: * Removes a role from this policy for a certain accreditable and a certain
077: * role.
078: *
079: * @param accreditable An accreditable.
080: * @param role A role.
081: * @throws AccessControlException if the accreditable-role pair is not
082: * contained.
083: */
084: public void removeRole(Accreditable accreditable, Role role)
085: throws AccessControlException {
086: assert accreditable != null;
087: assert role != null;
088: removeCredential(getCredential(accreditable, role));
089: }
090:
091: /**
092: * Returns the credentials of this policy in top-down order.
093: *
094: * @return An array of credentials.
095: */
096: public Credential[] getCredentials() {
097: return (Credential[]) this .credentials
098: .toArray(new Credential[this .credentials.size()]);
099: }
100:
101: /**
102: * Returns the credentials for a certain accreditable.
103: *
104: * @param accreditable An accreditable.
105: * @param role
106: * @return A credential.
107: */
108: public Credential getCredential(Accreditable accreditable, Role role) {
109: Credential credential = null;
110: for (Iterator i = this .credentials.iterator(); i.hasNext();) {
111: Credential cred = (Credential) i.next();
112: if (cred.getAccreditable().equals(accreditable)
113: && cred.getRole().equals(role)) {
114: credential = cred;
115: }
116: }
117: return credential;
118: }
119:
120: private boolean isSSL;
121:
122: /**
123: * @see org.apache.lenya.ac.Policy#isSSLProtected()
124: */
125: public boolean isSSLProtected() throws AccessControlException {
126: return this .isSSL;
127: }
128:
129: /**
130: * Sets if this policy requires SSL protection.
131: *
132: * @param ssl A boolean value.
133: */
134: public void setSSL(boolean ssl) {
135: this .isSSL = ssl;
136: }
137:
138: /**
139: * @see org.apache.lenya.ac.Policy#isEmpty()
140: */
141: public boolean isEmpty() throws AccessControlException {
142: return getCredentials().length == 0;
143: }
144:
145: /**
146: * Removes a credential.
147: *
148: * @param credential The credential to remove.
149: * @throws AccessControlException If the credential does not exist.
150: */
151: protected void removeCredential(Credential credential)
152: throws AccessControlException {
153: if (this .credentials.contains(credential)) {
154: this .credentials.remove(credential);
155: }
156: }
157:
158: /**
159: * Removes all roles for a certain accreditable.
160: *
161: * @param accreditable The accreditable to remove all roles for.
162: * @throws AccessControlException If no credential exists for this
163: * accreditable.
164: */
165: public void removeRoles(Accreditable accreditable)
166: throws AccessControlException {
167: Credential[] credentials = getCredentials();
168: for (int credIndex = 0; credIndex < credentials.length; credIndex++) {
169: Credential credential = credentials[credIndex];
170: if (credential.getAccreditable().equals(accreditable)) {
171: this .credentials.remove(credential);
172: }
173: }
174: }
175:
176: public Credential[] getCredentials(Identity identity)
177: throws AccessControlException {
178: Accreditable[] accreditables = identity.getAccreditables();
179: Credential[] credentials = getCredentials();
180: Set returnCredential = new LinkedHashSet();
181: for (int credIndex = 0; credIndex < credentials.length; credIndex++) {
182: Credential credential = credentials[credIndex];
183: for (int accrIndex = 0; accrIndex < accreditables.length; accrIndex++) {
184: Accreditable accreditable = accreditables[accrIndex];
185: if (credential.getAccreditable().equals(accreditable)) {
186: returnCredential.add(credential);
187: }
188: }
189: }
190: return (Credential[]) returnCredential
191: .toArray(new Credential[returnCredential.size()]);
192: }
193:
194: public void moveRoleDown(Accreditable accreditable, Role role)
195: throws AccessControlException {
196: moveRole(accreditable, role, true);
197: }
198:
199: private void moveRole(Accreditable accreditable, Role role,
200: boolean down) {
201:
202: Credential cred = getCredential(accreditable, role);
203: int position = this .credentials.indexOf(cred);
204:
205: if (!down && position > 0) {
206: this .credentials.remove(cred);
207: this .credentials.add(position - 1, cred);
208: } else if (down && position < this .credentials.size() - 1) {
209: this .credentials.remove(cred);
210: this .credentials.add(position + 1, cred);
211: }
212: }
213:
214: public void moveRoleUp(Accreditable accreditable, Role role)
215: throws AccessControlException {
216: moveRole(accreditable, role, false);
217: }
218:
219: public int check(Identity identity, Role role)
220: throws AccessControlException {
221: Credential[] credentials = getCredentials();
222: for (int i = credentials.length - 1; i >= 0; i--) {
223: if (matches(identity, credentials[i].getAccreditable())
224: && credentials[i].getRole().equals(role)) {
225: if (credentials[i].getMethod().equals(
226: CredentialImpl.GRANT)) {
227: return Policy.RESULT_GRANTED;
228: } else {
229: return Policy.RESULT_DENIED;
230: }
231: }
232: }
233: return Policy.RESULT_NOT_MATCHED;
234: }
235:
236: protected boolean matches(Identity identity,
237: Accreditable accreditable) {
238: Accreditable[] accrs = identity.getAccreditables();
239: return Arrays.asList(accrs).contains(accreditable);
240: }
241:
242: }
|