001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */
017: package org.apache.jetspeed.security;
018:
019: import java.security.Permission;
020:
021: /**
022: * <p>Fragment permission.</p>
023: * <p>This code was partially inspired from articles from:</p>
024: * <ul>
025: * <li><a href="http://www-106.ibm.com/developerworks/library/j-jaas/">
026: * Extend JAAS for class instance-level authorization.</a></li>
027: * <li>The FilePermission implementation from the JDK in order to support recursive permissions & wild card</li>
028: * </ul>
029: * <p/>
030: * This class represents access to a fragment within a
031: * content document. A FragmentPermission consists
032: * of a path, fragment name, or a simple fragment name
033: * pattern and a set of actions valid for that pathname.
034: * <p/>
035: * Here are some examples of valid fragment permissions names:
036: * <li>"/folder/page.psml/app::portlet" matches fragments
037: * within a page for a specified portlet contained in a app<li>
038: * <li>"security::*" matches fragments for portlets from the security app<li>
039: * <li>"<<ALL FRAGMENTS>>" matches <b>any</b> fragment<li>
040: * <p/>
041: *
042: * @author <a href="mailto:rwatler@apache.org">Randy Watler</a>
043: */
044: public class FragmentPermission extends PortalResourcePermission {
045: /**
046: * <p>Constructor for FragmentPermission.</p>
047: *
048: * @param name The fragment name.
049: * @param actions The actions on the fragment.
050: */
051: public FragmentPermission(String name, String actions) {
052: super (name, actions);
053: }
054:
055: /**
056: * <p>Constructor for FragmentPermission.</p>
057: *
058: * @param name The fragment name.
059: * @param mask The mask of actions on the fragment.
060: */
061: public FragmentPermission(String name, int mask) {
062: super (name, mask);
063: }
064:
065: public boolean implies(Permission permission) {
066: // The permission must be an instance
067: // of the FragmentPermission.
068: if (!(permission instanceof FragmentPermission)) {
069: return false;
070: }
071: FragmentPermission fragmentPerm = (FragmentPermission) permission;
072:
073: // Test fragment permission name matches
074: String ruleName = getName();
075: if (!ruleName.equals("<<ALL FRAGMENTS>>")) {
076: String testName = fragmentPerm.getName();
077:
078: // match wildcarded portlet names
079: int testNamesSeparator = testName.lastIndexOf("::");
080: if (ruleName
081: .endsWith("::" + FolderPermission.WILD_CHAR_STR)
082: && (testNamesSeparator > 0)) {
083: ruleName = ruleName.substring(0, ruleName.length() - 3);
084: testName = testName.substring(0, testNamesSeparator);
085: }
086:
087: // trim path components from test name if rule
088: // is not prefixed with the path
089: if (!ruleName
090: .startsWith(FolderPermission.FOLDER_SEPARATOR_STR)
091: && testName
092: .startsWith(FolderPermission.FOLDER_SEPARATOR_STR)) {
093: int testPathIndex = testName
094: .lastIndexOf(FolderPermission.FOLDER_SEPARATOR);
095: testName = testName.substring(testPathIndex + 1);
096: }
097:
098: // remaining name parts must match
099: if (!ruleName.equals(testName)) {
100: return false;
101: }
102: }
103:
104: // The action bits in FragmentPerm (permission)
105: // must be set in the current mask permission.
106: return (mask & fragmentPerm.mask) == fragmentPerm.mask;
107:
108: }
109:
110: /**
111: * @see java.security.Permission#equals(Object)
112: */
113: public boolean equals(Object object) {
114: if (!(object instanceof FragmentPermission))
115: return false;
116:
117: FragmentPermission p = (FragmentPermission) object;
118: return ((p.mask == mask) && (p.getName().equals(getName())));
119: }
120:
121: }
|