001: /******************************************************************************
002: * JBoss, a division of Red Hat *
003: * Copyright 2006, Red Hat Middleware, LLC, and individual *
004: * contributors as indicated by the @authors tag. See the *
005: * copyright.txt in the distribution for a full listing of *
006: * individual contributors. *
007: * *
008: * This is free software; you can redistribute it and/or modify it *
009: * under the terms of the GNU Lesser General Public License as *
010: * published by the Free Software Foundation; either version 2.1 of *
011: * the License, or (at your option) any later version. *
012: * *
013: * This software is distributed in the hope that it will be useful, *
014: * but WITHOUT ANY WARRANTY; without even the implied warranty of *
015: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU *
016: * Lesser General Public License for more details. *
017: * *
018: * You should have received a copy of the GNU Lesser General Public *
019: * License along with this software; if not, write to the Free *
020: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA *
021: * 02110-1301 USA, or see the FSF site: http://www.fsf.org. *
022: ******************************************************************************/package org.jboss.portal.security;
023:
024: import org.apache.log4j.Logger;
025: import org.jboss.portal.security.spi.provider.AuthorizationDomain;
026: import org.jboss.portal.security.spi.provider.PermissionRepository;
027:
028: import javax.security.auth.Subject;
029: import java.security.Permission;
030: import java.security.PermissionCollection;
031: import java.util.Enumeration;
032:
033: /**
034: * This class is a litteral reference to a portal permission repository. Subclasses should implement the implies logic
035: * and leverage the repository to get the role.
036: *
037: * @author <a href="mailto:julien@jboss.org">Julien Viet</a>
038: * @version $Revision: 8784 $
039: */
040: public abstract class PortalPermissionCollection extends
041: PermissionCollection {
042:
043: /** . */
044: private static final Logger log = Logger
045: .getLogger(PortalPermissionCollection.class);
046:
047: /** The repository to load the permission. */
048: private AuthorizationDomain domain;
049:
050: /** The owner of this collection. */
051: PortalPermission owner;
052:
053: /**
054: * Create a new portal permission collection.
055: *
056: * @param repository the repository to load the permissions from
057: * @throws IllegalArgumentException if any argument is null
058: */
059: public PortalPermissionCollection(AuthorizationDomain repository)
060: throws IllegalArgumentException {
061: if (repository == null) {
062: throw new IllegalArgumentException("Need a repository");
063: }
064: this .domain = repository;
065: }
066:
067: /**
068: * The only time this method is called is when JACC creates an instance of this object in order to add the owner
069: * permission to the collection.
070: *
071: * @throws IllegalArgumentException if the added permission is not the owner of this collection
072: */
073: public final void add(Permission permission)
074: throws IllegalArgumentException {
075: // if (owner != permission)
076: // {
077: // throw new IllegalArgumentException("Should only call with the owner");
078: // }
079: }
080:
081: /**
082: * This implementation delegates to the container permission associated with this collection the logic of the check
083: * against the repository using the method PortalPermission#implies(AuthorizationDomain,String,PortalPermission).
084: */
085: public boolean implies(Permission permission) {
086: if (permission instanceof PortalPermission) {
087: try {
088: PortalPermission portalPermission = (PortalPermission) permission;
089: Subject caller = getCheckedSubject();
090: String roleName = getRoleName();
091: PermissionRepository repository = domain
092: .getPermissionRepository();
093: boolean implied = owner.implies(repository, caller,
094: roleName, portalPermission);
095: return implied;
096: } catch (Exception e) {
097: log
098: .error(
099: "Permission check against the repository failed",
100: e);
101: }
102: }
103: return false;
104: }
105:
106: public abstract Enumeration elements();
107:
108: /**
109: * Return the role name attached to the collection.
110: *
111: * @return the role name
112: */
113: public abstract String getRoleName();
114:
115: /**
116: * Return the subject being checked or null if there is none.
117: *
118: * @return the current subject
119: */
120: public abstract Subject getCheckedSubject();
121: }
|