001: /**
002: * JOnAS: Java(TM) Open Application Server
003: * Copyright (C) 2004 Bull S.A.
004: * Contact: jonas-team@objectweb.org
005: *
006: * This library is free software; you can redistribute it and/or
007: * modify it under the terms of the GNU Lesser General Public
008: * License as published by the Free Software Foundation; either
009: * version 2.1 of the License, or any later version.
010: *
011: * This library is distributed in the hope that it will be useful,
012: * but WITHOUT ANY WARRANTY; without even the implied warranty of
013: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
014: * Lesser General Public License for more details.
015: *
016: * You should have received a copy of the GNU Lesser General Public
017: * License along with this library; if not, write to the Free Software
018: * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
019: * USA
020: *
021: * Initial developer: Florent BENOIT
022: * --------------------------------------------------------------------------
023: * $Id: PatternEntry.java 5110 2004-07-09 11:44:06Z benoitf $
024: * --------------------------------------------------------------------------
025: */package org.objectweb.jonas_web.deployment.api;
026:
027: import java.security.Permission;
028: import java.security.PermissionCollection;
029: import java.security.Permissions;
030: import java.util.ArrayList;
031: import java.util.Enumeration;
032: import java.util.HashMap;
033: import java.util.Iterator;
034: import java.util.List;
035: import java.util.Map;
036:
037: import javax.security.jacc.WebResourcePermission;
038: import javax.security.jacc.WebUserDataPermission;
039:
040: /**
041: * Defines a PatternEntry object for JACC URLPattern handle
042: * @author Florent Benoit
043: */
044: public class PatternEntry {
045:
046: /**
047: * Pattern of this PatternEntry
048: */
049: private Pattern pattern = null;
050:
051: /**
052: * This pattern will be unchecked (default pattern added to all others)
053: */
054: private boolean uncheckedLastEntry = false;
055:
056: /**
057: * Methods for this pattern
058: */
059: private MethodsDesc methods = null;
060:
061: /**
062: * Is this pattern irrelevant while adding qualified pattern
063: */
064: private boolean irrelevant = false;
065:
066: /**
067: * Qualifying pattern
068: */
069: private StringBuffer qualified = null;
070:
071: /**
072: * Constructor
073: * @param pattern used by this PatternEntry object
074: */
075: public PatternEntry(String pattern) {
076: this .pattern = new Pattern(pattern);
077: methods = new MethodsDesc();
078: qualified = new StringBuffer(pattern);
079: }
080:
081: /**
082: * Add Http methods (Excluded or Unchecked)
083: * @param methods array of methods to add
084: * @param transportGuarantee Transport Guarantee for these methods
085: * @param isExcluded if true add methods as excluded else as unchecked
086: */
087: public void addMethods(String[] methods, String transportGuarantee,
088: boolean isExcluded) {
089: this .methods
090: .addMethods(methods, transportGuarantee, isExcluded);
091: }
092:
093: /**
094: * Add Excluded Http methods
095: * @param methods array of methods to add
096: * @param transportGuarantee Transport Guarantee for these methods
097: */
098: public void addExcludedMethods(String[] methods,
099: String transportGuarantee) {
100: addMethods(methods, transportGuarantee, true);
101: }
102:
103: /**
104: * Add Unchecked Http methods
105: * @param methods array of methods to add
106: * @param transportGuarantee Transport Guarantee for these methods
107: */
108: public void addUncheckedMethods(String[] methods,
109: String transportGuarantee) {
110: addMethods(methods, transportGuarantee, false);
111: }
112:
113: /**
114: * Add pattern information for given roles
115: * @param methods methods to add to the given role
116: * @param roles roles which have the given methods
117: * @param transportGuarantee Transport Guarantee for these methods
118: */
119: public void addMethodsOnRoles(String[] methods, String[] roles,
120: String transportGuarantee) {
121: for (int r = 0; r < roles.length; r++) {
122: addMethodsOnRole(methods, roles[r], transportGuarantee);
123: }
124: }
125:
126: /**
127: * Add pattern information for a given role
128: * @param methods methods to add to the given role
129: * @param role role which have the given methods
130: * @param transportGuarantee Transport Guarantee for these methods
131: */
132: public void addMethodsOnRole(String[] methods, String role,
133: String transportGuarantee) {
134: this .methods
135: .addMethodsOnRole(methods, role, transportGuarantee);
136: }
137:
138: /**
139: * Set the flag which indicate that this entry will be added at the end
140: * as unchecked permission
141: */
142: public void setUncheckedLastEntry() {
143: uncheckedLastEntry = true;
144: }
145:
146: /**
147: * Gets the boolean value of the flag which indicate that this entry
148: * will be added at the end as unchecked permission
149: * @return true if this is the pattern to add at the end
150: */
151: public boolean isUncheckedLastEntry() {
152: return uncheckedLastEntry;
153: }
154:
155: /**
156: * Add to this pattern a qualified pattern
157: * @see jacc 3.1.3.1 (Qualifying pattern)
158: * @param otherPattern pattern to add for the qualified pattern
159: */
160: public void addQualifiedPattern(Pattern otherPattern) {
161: /*
162: * Any pattern, qualified by a pattern that matches it, is overriden
163: * and made irrelevant (in the translation) by the qualifying pattern
164: */
165: if (otherPattern.isMatching(pattern)) {
166: irrelevant = true;
167: } else {
168: qualified.append(":");
169: qualified.append(otherPattern);
170: }
171:
172: }
173:
174: /**
175: * Gets the permissions for each role.
176: * Map between role and permissions
177: * @return the Map witth key = role, value = permissions
178: */
179: public Map getRolesPermissionsMap() {
180: Map roleMapActions = methods.getRoleMapActions();
181: String roleName = null;
182: String actions = null;
183: Map rolesPermissionsMap = new HashMap();
184:
185: // Need to build WebResource for each role Actions
186: for (Iterator it = roleMapActions.keySet().iterator(); it
187: .hasNext();) {
188: roleName = (String) it.next();
189: actions = (String) roleMapActions.get(roleName);
190: if (actions != null) {
191: PermissionCollection pc = new Permissions();
192: pc.add(new WebResourcePermission(getQualifiedPattern(),
193: actions));
194: rolesPermissionsMap.put(roleName, pc);
195: }
196: }
197: return rolesPermissionsMap;
198: }
199:
200: /**
201: * Gets the excluded permissions for this pattern
202: * @return the excluded permissions for this pattern
203: */
204: public PermissionCollection getExcludedPermissions() {
205: // Need to build WebResource and WebuserData on these actions
206: PermissionCollection pc = new Permissions();
207: String actions = methods.getExcludedActions();
208: if (!actions.equals("")) {
209: pc.add(new WebResourcePermission(getQualifiedPattern(),
210: actions));
211: pc.add(new WebUserDataPermission(getQualifiedPattern(),
212: actions));
213: }
214: return pc;
215: }
216:
217: /**
218: * Gets the unchecked permissions for this pattern
219: * @return the unchecked permissions for this pattern
220: */
221: public PermissionCollection getUncheckedPermissions() {
222: // First add unchecked permissions and then the WebUserData
223: // permissions of no excluding auth-constraint
224: String actions = null;
225: List permissions = new ArrayList();
226:
227: actions = methods.getUncheckedActions();
228: if (actions == null || (!actions.equals(""))) {
229: permissions.add(new WebResourcePermission(
230: getQualifiedPattern(), actions));
231: permissions.add(new WebUserDataPermission(
232: getQualifiedPattern(), actions));
233: }
234:
235: // WebUserData (no excluding auth-constraint)
236: List actionsList = methods
237: .getUncheckedWebUserDataActionsRoleList();
238: for (Iterator it = actionsList.iterator(); it.hasNext();) {
239: actions = (String) it.next();
240: permissions.add(new WebUserDataPermission(
241: getQualifiedPattern(), actions));
242: }
243:
244: // Try to merge UserDataPermissions with same transport guarantee
245: PermissionCollection pc = new Permissions();
246: for (Iterator it = permissions.iterator(); it.hasNext();) {
247: Permission p = (Permission) it.next();
248: if (p instanceof WebUserDataPermission) {
249: WebUserDataPermission wdp = (WebUserDataPermission) p;
250: // get actions of this permission
251: String wdpName = wdp.getName();
252: String wdpActions = wdp.getActions();
253: if (wdpActions == null) {
254: // If the permissions got all actions (null = all actions)
255: pc.add(p);
256: continue;
257: }
258: boolean wasMerged = false;
259: // Now, search all permissions with same transport guarantee
260: for (Iterator itLoop = permissions.iterator(); itLoop
261: .hasNext();) {
262: Permission loopPerm = (Permission) itLoop.next();
263: if (loopPerm instanceof WebUserDataPermission) {
264: WebUserDataPermission loopWdp = (WebUserDataPermission) loopPerm;
265: // if same permission than our, go on
266: if (loopWdp.equals(wdp)) {
267: continue;
268: }
269: String loopWdpName = loopWdp.getName();
270: String loopWdpActions = loopWdp.getActions();
271: if (loopWdpActions == null) {
272: continue;
273: }
274: boolean wNoTransport = (wdpActions.indexOf(":") == -1);
275: boolean loopNoWTransport = (loopWdpActions
276: .indexOf(":") == -1);
277:
278: // Same name and no transport guarantee
279: if (wdpName.equals(loopWdpName) && wNoTransport
280: && loopNoWTransport) {
281: // merge actions
282: String newActions = wdpActions + ","
283: + loopWdpActions;
284:
285: //Add new actions if it doesn't exists
286: Enumeration existingPermissions = pc
287: .elements();
288: boolean exist = false;
289: Permission permissionToAdd = new WebUserDataPermission(
290: wdpName, newActions);
291: while (existingPermissions
292: .hasMoreElements()) {
293: Permission perm = (Permission) existingPermissions
294: .nextElement();
295: if (perm.equals(permissionToAdd)) {
296: exist = true;
297: }
298: }
299: if (!exist) {
300: wasMerged = true;
301: pc.add(permissionToAdd);
302: }
303: }
304: }
305: }
306: // There was no merge for this permission, just add it.
307: if (!wasMerged) {
308: pc.add(p);
309: }
310:
311: } else {
312: // Do not merge as it is a WebResourcePermission
313: pc.add(p);
314: }
315: }
316:
317: return pc;
318: }
319:
320: /**
321: * Gets the state of the pattern. Irrelevant or not during the qualifying phase
322: * @return true if the pattern is irrelevant, false otherwise
323: */
324: public boolean isIrrelevant() {
325: return irrelevant;
326: }
327:
328: /**
329: * Gets the qualified form of the pattern
330: * @return qualified pattern
331: */
332: public String getQualifiedPattern() {
333: return qualified.toString();
334: }
335:
336: /**
337: * String representation
338: * @return string representation of the pattern
339: */
340: public String toString() {
341: StringBuffer sb = new StringBuffer();
342: sb.append("PatternEntry[pattern=");
343: sb.append(pattern);
344: sb.append(";qualified=");
345: sb.append(getQualifiedPattern());
346: sb.append(";irrelevant=");
347: sb.append(irrelevant);
348: sb.append("]");
349: return sb.toString();
350: }
351: }
|