001: /**
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */package org.apache.openejb.core.security.jacc;
017:
018: import org.apache.openejb.loader.SystemInstance;
019: import org.apache.openejb.spi.SecurityService;
020:
021: import javax.security.jacc.PolicyConfiguration;
022: import javax.security.jacc.PolicyContextException;
023: import java.security.Permission;
024: import java.security.PermissionCollection;
025: import java.security.Permissions;
026: import java.security.Principal;
027: import java.security.ProtectionDomain;
028: import java.util.Enumeration;
029: import java.util.LinkedHashMap;
030: import java.util.Map;
031: import java.util.Set;
032:
033: /**
034: * @version $Rev: 602704 $ $Date: 2007-12-09 09:58:22 -0800 $
035: */
036: public class BasicPolicyConfiguration implements PolicyConfiguration {
037: final static int OPEN = 1;
038: final static int IN_SERVICE = 2;
039: final static int DELETED = 3;
040:
041: private final String contextID;
042: private int state;
043: private final Map<String, Permissions> rolePermissionsMap = new LinkedHashMap<String, Permissions>();
044: private Permissions unchecked = null;
045: private Permissions excluded = null;
046:
047: BasicPolicyConfiguration(String contextID) {
048: this .contextID = contextID;
049: this .state = OPEN;
050: }
051:
052: public String getContextID() throws PolicyContextException {
053: return contextID;
054: }
055:
056: public boolean implies(ProtectionDomain domain,
057: Permission permission) {
058:
059: if (excluded != null && excluded.implies(permission))
060: return false;
061:
062: if (unchecked != null && unchecked.implies(permission))
063: return true;
064:
065: Principal[] principals = domain.getPrincipals();
066: if (principals.length == 0)
067: return false;
068:
069: RoleResolver roleResolver = SystemInstance.get().getComponent(
070: RoleResolver.class);
071: Set<String> roles = roleResolver.getLogicalRoles(principals,
072: rolePermissionsMap.keySet());
073:
074: for (String role : roles) {
075: Permissions permissions = rolePermissionsMap.get(role);
076:
077: if (permissions != null && permissions.implies(permission))
078: return true;
079: }
080:
081: return false;
082: }
083:
084: public void addToRole(String roleName,
085: PermissionCollection permissions)
086: throws PolicyContextException {
087: if (state != OPEN)
088: throw new UnsupportedOperationException(
089: "Not in an open state");
090:
091: Enumeration e = permissions.elements();
092: while (e.hasMoreElements()) {
093: addToRole(roleName, (Permission) e.nextElement());
094: }
095: }
096:
097: public void addToRole(String roleName, Permission permission)
098: throws PolicyContextException {
099: if (state != OPEN)
100: throw new UnsupportedOperationException(
101: "Not in an open state");
102:
103: Permissions permissions = rolePermissionsMap.get(roleName);
104: if (permissions == null) {
105: permissions = new Permissions();
106: rolePermissionsMap.put(roleName, permissions);
107: }
108: permissions.add(permission);
109: }
110:
111: public void addToUncheckedPolicy(PermissionCollection permissions)
112: throws PolicyContextException {
113: if (state != OPEN)
114: throw new UnsupportedOperationException(
115: "Not in an open state");
116:
117: Enumeration e = permissions.elements();
118: while (e.hasMoreElements()) {
119: addToUncheckedPolicy((Permission) e.nextElement());
120: }
121: }
122:
123: public void addToUncheckedPolicy(Permission permission)
124: throws PolicyContextException {
125: if (state != OPEN)
126: throw new UnsupportedOperationException(
127: "Not in an open state");
128:
129: if (unchecked == null)
130: unchecked = new Permissions();
131:
132: unchecked.add(permission);
133: }
134:
135: public void addToExcludedPolicy(PermissionCollection permissions)
136: throws PolicyContextException {
137: if (state != OPEN)
138: throw new UnsupportedOperationException(
139: "Not in an open state");
140:
141: Enumeration e = permissions.elements();
142: while (e.hasMoreElements()) {
143: addToExcludedPolicy((Permission) e.nextElement());
144: }
145: }
146:
147: public void addToExcludedPolicy(Permission permission)
148: throws PolicyContextException {
149: if (state != OPEN)
150: throw new UnsupportedOperationException(
151: "Not in an open state");
152:
153: if (excluded == null)
154: excluded = new Permissions();
155:
156: excluded.add(permission);
157: }
158:
159: public void removeRole(String roleName)
160: throws PolicyContextException {
161: if (state != OPEN)
162: throw new UnsupportedOperationException(
163: "Not in an open state");
164:
165: rolePermissionsMap.remove(roleName);
166: }
167:
168: public void removeUncheckedPolicy() throws PolicyContextException {
169: if (state != OPEN)
170: throw new UnsupportedOperationException(
171: "Not in an open state");
172:
173: unchecked = null;
174: }
175:
176: public void removeExcludedPolicy() throws PolicyContextException {
177: if (state != OPEN)
178: throw new UnsupportedOperationException(
179: "Not in an open state");
180:
181: excluded = null;
182: }
183:
184: public void linkConfiguration(PolicyConfiguration link)
185: throws PolicyContextException {
186: if (state != OPEN)
187: throw new UnsupportedOperationException(
188: "Not in an open state");
189: }
190:
191: public void delete() throws PolicyContextException {
192: state = DELETED;
193: }
194:
195: public void commit() throws PolicyContextException {
196: if (state != OPEN)
197: throw new UnsupportedOperationException(
198: "Not in an open state");
199: state = IN_SERVICE;
200: }
201:
202: public boolean inService() throws PolicyContextException {
203: return (state == IN_SERVICE);
204: }
205:
206: //TODO I have no idea what side effects this might have, but it's needed in some form from PolicyConfigurationFactoryImpl.
207: //see JACC spec 1.0 section 3.1.1.1 discussion of in service and deleted.
208: //spec p. 31 3.1.7 on the effects of remove:
209: //If the getPolicyConfiguration method is used, the value true should be passed as the second
210: // argument to cause the corresponding policy statements to be deleted from the context.
211: public void open(boolean remove) {
212: if (remove) {
213: rolePermissionsMap.clear();
214: unchecked = null;
215: excluded = null;
216: }
217: state = OPEN;
218: }
219:
220: int getState() {
221: return state;
222: }
223:
224: public interface RoleResolver {
225: public Set<String> getLogicalRoles(Principal[] principals,
226: Set<String> logicalRoles);
227: }
228: }
|