001: /*
002: jGuard is a security framework based on top of jaas (java authentication and authorization security).
003: it is written for web applications, to resolve simply, access control problems.
004: version $Name$
005: http://sourceforge.net/projects/jguard/
006:
007: Copyright (C) 2004 Charles GAY
008:
009: This library is free software; you can redistribute it and/or
010: modify it under the terms of the GNU Lesser General Public
011: License as published by the Free Software Foundation; either
012: version 2.1 of the License, or (at your option) any later version.
013:
014: This library is distributed in the hope that it will be useful,
015: but WITHOUT ANY WARRANTY; without even the implied warranty of
016: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
017: Lesser General Public License for more details.
018:
019: You should have received a copy of the GNU Lesser General Public
020: License along with this library; if not, write to the Free Software
021: Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
022:
023:
024: jGuard project home page:
025: http://sourceforge.net/projects/jguard/
026:
027: */
028: package net.sf.jguard.core.principals;
029:
030: import java.security.Permission;
031: import java.util.HashSet;
032: import java.util.Iterator;
033: import java.util.Set;
034:
035: import net.sf.jguard.core.authorization.permissions.JGPermissionCollection;
036:
037: /**
038: * This Principal represents the notion of a role.
039: * @author <a href="mailto:diabolo512@users.sourceforge.net">Charles Gay</a>
040: * @author <a href="mailto:vinipitta@users.sourceforge.net">VinÃcius Pitta Lima de Araújo</a>
041: * @author <a href="mailto:tandilero@users.sourceforge.net">Maximiliano Batelli</a>
042: */
043: public class RolePrincipal implements BasePrincipal {
044:
045: /**
046: * serial version id.
047: */
048: private static final long serialVersionUID = 3761412993065431095L;
049:
050: private String localName = "";
051:
052: //indicate to which application this role apply
053: private String applicationName = DEFAULT_APPLICATION_NAME;
054: //permissions bound to a domain owned by this Principal
055: private Set permissionsFromDomains;
056: //all the permissions (bound or not bound to a domain owned by this Principal)
057: private Set permissions;
058: //permisisons not bound to a Domain owned by this Principal.
059: private Set orphanedPermissions;
060: //domains owned to this principal
061: private Set domains;
062: private boolean active = true;
063: private String definition = "true";
064:
065: /**
066: * All principals that this role inherites from. This property is use to implement the General Hierarchy
067: * proposed by the NIST.
068: */
069: private Set descendants;
070:
071: /**
072: * empty constructor.
073: */
074: public RolePrincipal() {
075: permissions = new HashSet();
076: domains = new HashSet();
077: orphanedPermissions = new HashSet();
078: permissionsFromDomains = new HashSet();
079: descendants = new HashSet();
080: }
081:
082: /**
083: * constructor.
084: * @param name
085: */
086: public RolePrincipal(String name) {
087: permissions = new HashSet();
088: this .setName(name);
089: domains = new HashSet();
090: orphanedPermissions = new HashSet();
091: permissionsFromDomains = new HashSet();
092: descendants = new HashSet();
093: }
094:
095: /**
096: * constructor.
097: * @param localName
098: * @param applicationName
099: */
100: public RolePrincipal(String localName, String applicationName) {
101: permissions = new HashSet();
102: this .localName = localName;
103: this .applicationName = applicationName;
104: domains = new HashSet();
105: orphanedPermissions = new HashSet();
106: permissionsFromDomains = new HashSet();
107: descendants = new HashSet();
108: }
109:
110: /**
111: * override the java.lang.Object 's <i>clone</i> method.
112: * @return new JGuardPricipal with the same internal references (permissions and Domains).
113: */
114: public Object clone() {
115: RolePrincipal clone = new RolePrincipal(this .localName,
116: this .applicationName);
117: clone.setDomains(new HashSet(this .domains));
118: clone.setPermissions(new HashSet(this .permissions));
119: clone.setDescendants(new HashSet(this .descendants));
120: return clone;
121:
122: }
123:
124: /**
125: * @see java.security.Principal#getName()
126: */
127: public String getName() {
128: return getName(localName, applicationName);
129: }
130:
131: /**
132: * @see java.security.Principal#getName()
133: */
134: public static String getName(String localName) {
135: return getName(localName, "*");
136: }
137:
138: /**
139: * @see java.security.Principal#getName()
140: */
141: public static String getName(String localName,
142: String applicationName) {
143: StringBuffer sb = new StringBuffer(20);
144: sb.append(applicationName);
145: sb.append("#");
146: sb.append(localName);
147: return sb.toString();
148: }
149:
150: /**
151: * compare an object to this RolePrincipal.
152: * override the Object's <i>equals</i> method.
153: * @param another object to compare
154: * @return true if another is equals to this RolePrincipal
155: */
156: public boolean equals(Object another) {
157:
158: if (another instanceof RolePrincipal) {
159: RolePrincipal principal = (RolePrincipal) another;
160: if (principal.getName().equals(this .getName())) {
161: return true;
162: }
163: }
164:
165: return false;
166: }
167:
168: /**
169: * override the Object's <i>toString</i> method.
170: * return String representation
171: */
172: public String toString() {
173: StringBuffer sb = new StringBuffer();
174: sb.append(" principal class name =");
175: sb.append(getClass().getName());
176: sb.append("\n");
177: sb.append(" principal localName =");
178: sb.append(localName);
179: sb.append("\n");
180: sb.append(" principal application name =");
181: sb.append(applicationName);
182: sb.append("\n");
183: sb.append(" principal domains =");
184: sb.append(domains);
185: sb.append("\n");
186: sb.append(" principal permissions =");
187: sb.append(permissions);
188: sb.append("\n");
189: sb.append(" principal descendants =");
190: sb.append(descendants);
191: sb.append("\n");
192: return sb.toString();
193: }
194:
195: /**
196: * override Object's <i>hashcode</i> method.
197: */
198: public int hashCode() {
199: return localName.hashCode() + applicationName.hashCode();
200: }
201:
202: /**
203: * @param string
204: */
205: public void setName(String string) {
206: String[] tokens = string.split("#");
207: if (tokens.length == 1) {
208: applicationName = "*";
209: localName = tokens[0];
210: } else if (tokens.length == 2) {
211: applicationName = tokens[0];
212: localName = tokens[1];
213:
214: } else {
215: throw new IllegalArgumentException(
216: " name is composed of applicationName#localName");
217: }
218:
219: }
220:
221: /**
222: * return all permissions owned by this Principal plus
223: * permissions inherited from descendants.
224: * @return permissions
225: */
226: public Set getAllPermissions() {
227: //all permissions owned by this principal
228: Set allPermissions = new HashSet();
229: allPermissions.addAll(permissions);
230:
231: //get inherited permissions
232: for (Iterator it = descendants.iterator(); it.hasNext();) {
233: allPermissions.addAll(((RolePrincipal) it.next())
234: .getAllPermissions());
235: }
236:
237: return allPermissions;
238: }
239:
240: /**
241: * return the permissions bounded to a domain plus orphanedPermisions.
242: * @return
243: */
244: public Set getPermissions() {
245: return permissions;
246: }
247:
248: /**
249: * return the permissions not bound to a domain owned by this RolePrincipal.
250: * @return
251: */
252: public Set getOrphanedPermissions() {
253: return orphanedPermissions;
254: }
255:
256: /**
257: * @param perms
258: */
259: public void setPermissions(Set perms) {
260: Iterator itPermissionsSet = perms.iterator();
261: while (itPermissionsSet.hasNext()) {
262: Permission perm = (Permission) itPermissionsSet.next();
263: addPermission(perm);
264: }
265: }
266:
267: /**
268: * add a permission to the RolePrincipal.
269: * @param permission
270: */
271: public void addPermission(Permission permission) {
272: permissions.add(permission);
273: Iterator itDomains = domains.iterator();
274: boolean orphan = true;
275: while (itDomains.hasNext()) {
276: JGPermissionCollection temp = (JGPermissionCollection) itDomains
277: .next();
278: if (temp.containsPermission(permission)) {
279: orphan = false;
280: break;
281: }
282: }
283: if (orphan == true) {
284: orphanedPermissions.add(permission);
285: } else {
286: permissionsFromDomains.add(permission);
287: }
288: }
289:
290: /**
291: * add an Domain to the RolePrincipal.
292: * @param domain
293: */
294: public void addDomain(JGPermissionCollection domain) {
295: domains.add(domain);
296: Set permissionsDomain = domain.getPermissions();
297: //we remove from orphanedPermissions the permissions bound to this Domain
298: orphanedPermissions.removeAll(permissionsDomain);
299: //we add the permissions owned by domain to permissionsFromDomains and permissions
300: permissionsFromDomains.addAll(permissionsDomain);
301: permissions.addAll(permissionsDomain);
302: }
303:
304: /**
305: * @return application name
306: */
307: public String getApplicationName() {
308: return applicationName;
309: }
310:
311: /**
312: * define application name.
313: * @param string
314: */
315: public void setApplicationName(String string) {
316: applicationName = string;
317: }
318:
319: /**
320: * @return Returns the domains.
321: */
322: public Set getDomains() {
323: return domains;
324: }
325:
326: /**
327: * @return Returns the permissionsFromDomains.
328: */
329: public Set getPermissionsFromDomains() {
330: return permissionsFromDomains;
331: }
332:
333: /**
334: * @param doms The domains to set.
335: */
336: public void setDomains(Set doms) {
337: Iterator it = doms.iterator();
338: while (it.hasNext()) {
339: JGPermissionCollection dom = (JGPermissionCollection) it
340: .next();
341: this .addDomain(dom);
342: }
343:
344: }
345:
346: /**
347: * method used to compare two objects.
348: * this method is used in Collection to <strong>order</strong> items, and MUST be
349: * consistent with the <i>equals</i> method (eache method should return 0/true in the same cases).
350: * @param o object to compare
351: * @see java.lang.Comparable#compareTo(java.lang.Object)
352: * @return 0 if both objects are equals,
353: * <0 if 0 is lesser than the RolePrincipal,
354: * >0 if 0 is greater than the RolePrincipal
355: * @see java.lang.Comparable#compareTo(java.lang.Object)
356: */
357: public int compareTo(Object o) {
358: RolePrincipal principal = (RolePrincipal) o;
359: if (this .equals(o)) {
360: return 0;
361: }
362:
363: return this .getName().compareTo(principal.getName());
364: }
365:
366: public void removeDomain(JGPermissionCollection domain) {
367: permissionsFromDomains.removeAll(domain.getPermissions());
368: permissions.removeAll(domain.getPermissions());
369: domains.remove(domain);
370:
371: }
372:
373: public Set getDescendants() {
374: return descendants;
375: }
376:
377: public void setDescendants(Set descendants) {
378: this .descendants = descendants;
379: }
380:
381: public boolean isActive() {
382: return active;
383: }
384:
385: public void setActive(boolean active) {
386: this .active = active;
387: }
388:
389: /**
390: * @return Returns definition.
391: */
392: public String getDefinition() {
393: return definition;
394: }
395:
396: /**
397: * @param definition The definition to set.
398: */
399: public void setDefinition(String definition) {
400: this .definition = definition;
401: }
402:
403: public String getLocalName() {
404: return localName;
405: }
406:
407: public void setLocalName(String localName) {
408: this.localName = localName;
409: }
410: }
|