001: /*
002: * Copyright (c) 1998-2008 Caucho Technology -- all rights reserved
003: *
004: * This file is part of Resin(R) Open Source
005: *
006: * Each copy or derived work must preserve the copyright notice and this
007: * notice unmodified.
008: *
009: * Resin Open Source is free software; you can redistribute it and/or modify
010: * it under the terms of the GNU General Public License as published by
011: * the Free Software Foundation; either version 2 of the License, or
012: * (at your option) any later version.
013: *
014: * Resin Open Source is distributed in the hope that it will be useful,
015: * but WITHOUT ANY WARRANTY; without even the implied warranty of
016: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE, or any warranty
017: * of NON-INFRINGEMENT. See the GNU General Public License for more
018: * details.
019: *
020: * You should have received a copy of the GNU General Public License
021: * along with Resin Open Source; if not, write to the
022: *
023: * Free Software Foundation, Inc.
024: * 59 Temple Place, Suite 330
025: * Boston, MA 02111-1307 USA
026: *
027: * @author Scott Ferguson
028: */
029:
030: package com.caucho.server.security;
031:
032: import com.caucho.log.Log;
033: import com.caucho.server.dispatch.UrlMap;
034: import com.caucho.server.util.CauchoSystem;
035: import com.caucho.util.L10N;
036:
037: import javax.annotation.PostConstruct;
038: import java.util.ArrayList;
039: import java.util.logging.Level;
040: import java.util.logging.Logger;
041: import java.util.regex.Pattern;
042: import java.util.regex.PatternSyntaxException;
043:
044: /**
045: * Configuration for the security-constraint.
046: */
047: public class SecurityConstraint {
048: static final Logger log = Log.open(SecurityConstraint.class);
049: static L10N L = new L10N(SecurityConstraint.class);
050:
051: private AbstractConstraint _constraint;
052:
053: private ContainerConstraint _containerConstraint;
054: private RoleConstraint _roleConstraint;
055:
056: private Pattern _regexp;
057: private IPConstraint _oldStyleIpConstraint;
058:
059: private ArrayList<WebResourceCollection> _webResourceCollectionList;
060:
061: /**
062: * Creates the security-constraint.
063: */
064: public SecurityConstraint() {
065: }
066:
067: /**
068: * Sets the description.
069: */
070: public void setDescription(String description) {
071: }
072:
073: /**
074: * Sets the display-name.
075: */
076: public void setDisplayName(String displayName) {
077: }
078:
079: /**
080: * Sets the url-pattern
081: */
082: public void setURLPattern(String pattern) {
083: String regexpPattern = UrlMap
084: .urlPatternToRegexpPattern(pattern);
085:
086: int flags = (CauchoSystem.isCaseInsensitive() ? Pattern.CASE_INSENSITIVE
087: : 0);
088: try {
089: _regexp = Pattern.compile(regexpPattern, flags);
090: } catch (PatternSyntaxException e) {
091: log.log(Level.WARNING, e.toString(), e);
092: }
093: }
094:
095: /**
096: * Adds a web-resource-collection
097: */
098: public void addWebResourceCollection(WebResourceCollection resource) {
099: if (_webResourceCollectionList == null)
100: _webResourceCollectionList = new ArrayList<WebResourceCollection>();
101:
102: _webResourceCollectionList.add(resource);
103: }
104:
105: /**
106: * Sets the role-name
107: */
108: public void addRoleName(String roleName) {
109: if (_roleConstraint == null) {
110: _roleConstraint = new RoleConstraint();
111: addConstraint(_roleConstraint);
112: }
113:
114: _roleConstraint.addRoleName(roleName);
115: }
116:
117: /**
118: * Adds the auth-constraint
119: */
120: public void addAuthConstraint(AuthConstraint auth) {
121: if (_roleConstraint == null) {
122: _roleConstraint = new RoleConstraint();
123: addConstraint(_roleConstraint);
124: }
125:
126: ArrayList<String> list = auth.getRoleList();
127:
128: for (int i = 0; i < list.size(); i++)
129: addRoleName(list.get(i));
130: }
131:
132: /**
133: * Sets the user-data-constraint
134: */
135: public void setUserDataConstraint(UserDataConstraint constraint) {
136: String transportGuarantee = constraint.getTransportGuarantee();
137:
138: if (transportGuarantee != null)
139: addConstraint(new TransportConstraint(transportGuarantee));
140: }
141:
142: /**
143: * Add an ip-constraint
144: */
145: public void addIPConstraint(IPConstraint constraint) {
146: if (!constraint.isOldStyle()) {
147: addConstraint(constraint);
148: } else {
149: /**
150: * The old style was to simply allow:
151: * <security-constraint>
152: * <ip-constraint>network</ip-constraint>
153: * <ip-constraint>network</ip-constraint>
154: * </security-constraint>
155: *
156: * which was effectively the same as using allow. The compiliction
157: * is that when the old style is used, there should be only one
158: * IPConstraint object
159: */
160: if (_oldStyleIpConstraint == null) {
161: addConstraint(constraint);
162: _oldStyleIpConstraint = constraint;
163: } else {
164: constraint.copyInto(_oldStyleIpConstraint);
165: }
166: }
167: }
168:
169: /**
170: * Sets a custom constraint
171: */
172: public void addConstraint(AbstractConstraint constraint) {
173: if (_constraint == null)
174: _constraint = constraint;
175: else if (_containerConstraint == null) {
176: _containerConstraint = new ContainerConstraint();
177: _containerConstraint.addConstraint(_constraint);
178: _constraint = _containerConstraint;
179:
180: _containerConstraint.addConstraint(constraint);
181: } else
182: _containerConstraint.addConstraint(constraint);
183: }
184:
185: /**
186: * initialize
187: */
188: @PostConstruct
189: public void init() {
190: }
191:
192: /**
193: * Returns true if the URL matches.
194: */
195: public boolean isMatch(String url) {
196: if (_regexp != null && _regexp.matcher(url).find()) {
197: return true;
198: }
199:
200: for (int i = 0; _webResourceCollectionList != null
201: && i < _webResourceCollectionList.size(); i++) {
202: WebResourceCollection resource = _webResourceCollectionList
203: .get(i);
204:
205: if (resource.isMatch(url))
206: return true;
207: }
208:
209: return false;
210: }
211:
212: /**
213: * Returns the applicable methods if the URL matches.
214: */
215: public ArrayList<String> getMethods(String url) {
216: for (int i = 0; _webResourceCollectionList != null
217: && i < _webResourceCollectionList.size(); i++) {
218: WebResourceCollection resource = _webResourceCollectionList
219: .get(i);
220:
221: if (resource.isMatch(url))
222: return resource.getMethods();
223: }
224:
225: return null;
226: }
227:
228: /**
229: * return the constraint
230: */
231: public AbstractConstraint getConstraint() {
232: return _constraint;
233: }
234: }
|