001: // ========================================================================
002: // Copyright 200-2004 Mort Bay Consulting Pty. Ltd.
003: // ------------------------------------------------------------------------
004: // Licensed under the Apache License, Version 2.0 (the "License");
005: // you may not use this file except in compliance with the License.
006: // You may obtain a copy of the License at
007: // http://www.apache.org/licenses/LICENSE-2.0
008: // Unless required by applicable law or agreed to in writing, software
009: // distributed under the License is distributed on an "AS IS" BASIS,
010: // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
011: // See the License for the specific language governing permissions and
012: // limitations under the License.
013: // ========================================================================
014:
015: package org.mortbay.jetty.security;
016:
017: import java.io.Serializable;
018:
019: /* ------------------------------------------------------------ */
020: /** Describe an auth and/or data constraint.
021: *
022: * @author Greg Wilkins (gregw)
023: */
024: public class Constraint implements Cloneable, Serializable {
025: /* ------------------------------------------------------------ */
026: public final static String __BASIC_AUTH = "BASIC";
027: public final static String __FORM_AUTH = "FORM";
028: public final static String __DIGEST_AUTH = "DIGEST";
029: public final static String __CERT_AUTH = "CLIENT_CERT";
030: public final static String __CERT_AUTH2 = "CLIENT-CERT";
031:
032: /* ------------------------------------------------------------ */
033: public final static int DC_UNSET = -1, DC_NONE = 0,
034: DC_INTEGRAL = 1, DC_CONFIDENTIAL = 2;
035:
036: /* ------------------------------------------------------------ */
037: public final static String NONE = "NONE";
038: public final static String ANY_ROLE = "*";
039:
040: /* ------------------------------------------------------------ */
041: private String _name;
042: private String[] _roles;
043: private int _dataConstraint = DC_UNSET;
044: private boolean _anyRole = false;
045: private boolean _authenticate = false;
046:
047: /* ------------------------------------------------------------ */
048: /** Constructor.
049: */
050: public Constraint() {
051: }
052:
053: /* ------------------------------------------------------------ */
054: /** Conveniance Constructor.
055: * @param name
056: * @param role
057: */
058: public Constraint(String name, String role) {
059: setName(name);
060: _roles = new String[] { role };
061: }
062:
063: /* ------------------------------------------------------------ */
064: public Object clone() throws CloneNotSupportedException {
065: return super .clone();
066: }
067:
068: /* ------------------------------------------------------------ */
069: /**
070: * @param name
071: */
072: public void setName(String name) {
073: _name = name;
074: }
075:
076: /* ------------------------------------------------------------ */
077: public void setRoles(String[] roles) {
078: _roles = roles;
079: _anyRole = false;
080: if (roles != null)
081: for (int i = roles.length; !_anyRole && i-- > 0;)
082: _anyRole = ANY_ROLE.equals(roles[i]);
083: }
084:
085: /* ------------------------------------------------------------ */
086: /**
087: * @return True if any user role is permitted.
088: */
089: public boolean isAnyRole() {
090: return _anyRole;
091: }
092:
093: /* ------------------------------------------------------------ */
094: /**
095: * @return List of roles for this constraint.
096: */
097: public String[] getRoles() {
098: return _roles;
099: }
100:
101: /* ------------------------------------------------------------ */
102: /**
103: * @param role
104: * @return True if the constraint contains the role.
105: */
106: public boolean hasRole(String role) {
107: if (_anyRole)
108: return true;
109: if (_roles != null)
110: for (int i = _roles.length; i-- > 0;)
111: if (role.equals(_roles[i]))
112: return true;
113: return false;
114: }
115:
116: /* ------------------------------------------------------------ */
117: /**
118: * @param authenticate True if users must be authenticated
119: */
120: public void setAuthenticate(boolean authenticate) {
121: _authenticate = authenticate;
122: }
123:
124: /* ------------------------------------------------------------ */
125: /**
126: * @return True if the constraint requires request authentication
127: */
128: public boolean getAuthenticate() {
129: return _authenticate;
130: }
131:
132: /* ------------------------------------------------------------ */
133: /**
134: * @return True if authentication required but no roles set
135: */
136: public boolean isForbidden() {
137: return _authenticate && !_anyRole
138: && (_roles == null || _roles.length == 0);
139: }
140:
141: /* ------------------------------------------------------------ */
142: /**
143: * @param c
144: */
145: public void setDataConstraint(int c) {
146: if (c < 0 || c > DC_CONFIDENTIAL)
147: throw new IllegalArgumentException(
148: "Constraint out of range");
149: _dataConstraint = c;
150: }
151:
152: /* ------------------------------------------------------------ */
153: /**
154: * @return Data constrain indicator: 0=DC+NONE, 1=DC_INTEGRAL & 2=DC_CONFIDENTIAL
155: */
156: public int getDataConstraint() {
157: return _dataConstraint;
158: }
159:
160: /* ------------------------------------------------------------ */
161: /**
162: * @return True if a data constraint has been set.
163: */
164: public boolean hasDataConstraint() {
165: return _dataConstraint >= DC_NONE;
166: }
167:
168: /* ------------------------------------------------------------ */
169: public String toString() {
170: return "SC{"
171: + _name
172: + ","
173: + (_anyRole ? "*" : (_roles == null ? "-" : _roles
174: .toString()))
175: + ","
176: + (_dataConstraint == DC_UNSET ? "DC_UNSET}"
177: : (_dataConstraint == DC_NONE ? "NONE}"
178: : (_dataConstraint == DC_INTEGRAL ? "INTEGRAL}"
179: : "CONFIDENTIAL}")));
180: }
181:
182: }
|