001: /**
002: * EasyBeans
003: * Copyright (C) 2006 Bull S.A.S.
004: * Contact: easybeans@ow2.org
005: *
006: * This library is free software; you can redistribute it and/or
007: * modify it under the terms of the GNU Lesser General Public
008: * License as published by the Free Software Foundation; either
009: * version 2.1 of the License, or any later version.
010: *
011: * This library is distributed in the hope that it will be useful,
012: * but WITHOUT ANY WARRANTY; without even the implied warranty of
013: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
014: * Lesser General Public License for more details.
015: *
016: * You should have received a copy of the GNU Lesser General Public
017: * License along with this library; if not, write to the Free Software
018: * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
019: * USA
020: *
021: * --------------------------------------------------------------------------
022: * $Id: JPolicyConfigurationFactory.java 1970 2007-10-16 11:49:25Z benoitf $
023: * --------------------------------------------------------------------------
024: */package org.ow2.easybeans.security.jacc.provider;
025:
026: import java.security.SecurityPermission;
027: import java.util.HashMap;
028: import java.util.Map;
029:
030: import javax.security.jacc.PolicyConfiguration;
031: import javax.security.jacc.PolicyConfigurationFactory;
032: import javax.security.jacc.PolicyContextException;
033:
034: import org.ow2.util.log.Log;
035: import org.ow2.util.log.LogFactory;
036:
037: /**
038: * Defines the PolicyConfigurationFactory implementation class of JACC.
039: * @author Florent Benoit
040: */
041: public class JPolicyConfigurationFactory extends
042: PolicyConfigurationFactory {
043:
044: /**
045: * List of PolicyConfiguration objects. Manage all configurations available
046: */
047: private Map<String, PolicyConfiguration> policyConfigurations = null;
048:
049: /**
050: * Logger.
051: */
052: private static Log logger = LogFactory
053: .getLog(JPolicyConfigurationFactory.class);
054:
055: /**
056: * Constructor.
057: */
058: public JPolicyConfigurationFactory() {
059: policyConfigurations = new HashMap<String, PolicyConfiguration>();
060:
061: }
062:
063: /**
064: * This method is used to obtain an instance of the provider specific class
065: * that implements the PolicyConfiguration interface that corresponds to the
066: * identified policy context within the provider.
067: * @param contextID A String identifying the policy context whose
068: * PolicyConfiguration interface is to be returned. The value passed
069: * to this parameter must not be null.
070: * @param remove A boolean value that establishes whether or not the policy
071: * statements of an existing policy context are to be removed before
072: * its PolicyConfiguration object is returned. If the value passed to
073: * this parameter is true, the policy statements of an existing
074: * policy context will be removed. If the value is false, they will
075: * not be removed.
076: * @return an Object that implements the PolicyConfiguration Interface
077: * matched to the Policy provider and corresponding to the
078: * identified policy context.
079: * @throws SecurityException when called by an AccessControlContext that has
080: * not been granted the "setPolicy" SecurityPermission.
081: * @throws PolicyContextException if the implementation throws a checked
082: * exception that has not been accounted for by the
083: * getPolicyConfiguration method signature. The exception thrown by
084: * the implementation class will be encapsulated (during
085: * construction) in the thrown PolicyContextException.
086: */
087: @Override
088: public PolicyConfiguration getPolicyConfiguration(
089: final String contextID, final boolean remove)
090: throws PolicyContextException, SecurityException {
091:
092: // Section 3.3 - Check permissions
093: checkSetPolicy();
094:
095: // Get in cache
096: PolicyConfiguration policyConfiguration = getInternalPolicyConfiguration(contextID);
097:
098: // Is there an existing configuration ?
099: if (policyConfiguration != null) {
100: // Need to be removed ?
101: if (remove) {
102: // Delete permissions
103: policyConfiguration.delete();
104: ((JPolicyConfiguration) policyConfiguration)
105: .resetState();
106: }
107: // return cache
108: return policyConfiguration;
109: }
110:
111: // No previous PolicyConfiguration for the specific contextID
112: // need to build a new PolicyConfiguration
113: policyConfiguration = new JPolicyConfiguration(contextID);
114:
115: // Add in cache for future use and return it.
116: policyConfigurations.put(contextID, policyConfiguration);
117:
118: return policyConfiguration;
119:
120: }
121:
122: /**
123: * This method is used to check if there the PolicyConfiguration is in cache
124: * and return it if it is in the cache.
125: * @param contextID A String identifying the policy context whose
126: * PolicyConfiguration interface is to be returned. The value passed
127: * to this parameter must not be null.
128: * @return an Object that implements the PolicyConfiguration Interface
129: * matched to the Policy provider and corresponding to the
130: * identified policy context.
131: */
132: private synchronized PolicyConfiguration getInternalPolicyConfiguration(
133: final String contextID) {
134: // Get in cache
135: return policyConfigurations.get(contextID);
136: }
137:
138: /**
139: * This method determines if the identified policy context exists with state
140: * "inService" in the Policy provider associated with the factory.
141: * @param contextID A string identifying a policy context
142: * @return true if the identified policy context exists within the provider
143: * and its state is "inService", false otherwise.
144: * @throws SecurityException when called by an AccessControlContext that has
145: * not been granted the "setPolicy" SecurityPermission.
146: * @throws PolicyContextException if the implementation throws a checked
147: * exception that has not been accounted for by the inService method
148: * signature. The exception thrown by the implementation class will
149: * be encapsulated (during construction) in the thrown
150: * PolicyContextException.
151: */
152: @Override
153: public boolean inService(final String contextID)
154: throws PolicyContextException, SecurityException {
155:
156: // Section 3.3 - Check permissions
157: logger.debug("Check setpolicy...");
158: checkSetPolicy();
159:
160: // Context exists ?
161: if (policyConfigurations.containsKey(contextID)) {
162: logger
163: .debug(
164: "Existing config for contextID ''{0}'', gets internal config...",
165: contextID);
166: return getInternalPolicyConfiguration(contextID)
167: .inService();
168: }
169: // false otherwise (see javaDoc)
170: logger.debug(
171: "Config for contextID ''{0}'' not found, return false",
172: contextID);
173: return false;
174: }
175:
176: /**
177: * Method which check setPolicy access Section 3.3.<br/>
178: * getPolicyConfiguration and inService must throw a SecurityException when
179: * called by an AccessControlContext that has not been granted the
180: * "setPolicy" SecurityPermission
181: * @throws SecurityException when called by an AccessControlContext that has
182: * not been granted the "setPolicy" SecurityPermission.
183: */
184: private void checkSetPolicy() throws SecurityException {
185: SecurityManager securityManager = System.getSecurityManager();
186: if (securityManager != null) {
187: securityManager.checkPermission(new SecurityPermission(
188: "setPolicy"));
189: }
190: }
191:
192: }
|