001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */
017: package org.apache.jetspeed.security;
018:
019: import java.security.Permission;
020: import java.security.PermissionCollection;
021: import java.security.Principal;
022: import java.util.Enumeration;
023: import java.util.HashSet;
024: import java.util.Iterator;
025: import java.util.LinkedList;
026: import java.util.List;
027: import java.util.Set;
028:
029: import javax.security.auth.Subject;
030:
031: import org.apache.commons.logging.Log;
032: import org.apache.commons.logging.LogFactory;
033: import org.apache.jetspeed.security.impl.PrincipalsSet;
034: import org.apache.jetspeed.security.impl.GroupPrincipalImpl;
035: import org.apache.jetspeed.security.impl.RolePrincipalImpl;
036: import org.apache.jetspeed.security.impl.UserPrincipalImpl;
037:
038: /**
039: * <p>
040: * Security helper.
041: * </p>
042: *
043: * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
044: * @version $Id: SecurityHelper.java 517121 2007-03-12 07:45:49Z ate $
045: */
046: public class SecurityHelper {
047: private static final Log log = LogFactory
048: .getLog(SecurityHelper.class);
049:
050: /**
051: * <p>
052: * Given a subject, finds the first principal of the given classe for that subject. If a
053: * principal of the given classe is not found, null is returned.
054: * </p>
055: *
056: * @param subject The subject supplying the principals.
057: * @param classe A class or interface derived from java.security.InternalPrincipal.
058: * @return The first principal matching a principal classe parameter.
059: */
060: public static Principal getPrincipal(Subject subject, Class classe) {
061: Principal principal = null;
062: Set principalList = subject.getPrincipals();
063: if (principalList != null) {
064: Iterator principals = subject.getPrincipals().iterator();
065: while (principals.hasNext()) {
066: Principal p = (Principal) principals.next();
067: if (classe.isInstance(p)) {
068: principal = p;
069: break;
070: }
071: }
072: }
073: return principal;
074: }
075:
076: /**
077: * <p>
078: * Given a subject, finds the first principal of the given classe for that subject. If a
079: * principal of the given classe is not found, then the first other principal is returned. If
080: * the list is empty, null is returned.
081: * </p>
082: *
083: * @param subject The subject supplying the principals.
084: * @param classe A class or interface derived from java.security.InternalPrincipal.
085: * @return The first principal matching a principal classe parameter.
086: */
087: public static Principal getBestPrincipal(Subject subject,
088: Class classe) {
089:
090: Principal principal = null;
091: Iterator principals = subject.getPrincipals().iterator();
092: while (principals.hasNext()) {
093: Principal p = (Principal) principals.next();
094: if (classe.isInstance(p)) {
095: principal = p;
096: break;
097: } else {
098: if (principal == null) {
099: principal = p;
100: }
101: }
102: }
103: return principal;
104: }
105:
106: /**
107: * <p>
108: * Returns the first matching principal of a given type.
109: * </p>
110: *
111: * @param principals The array of pricinpals
112: * @param classe The class of Principal
113: * @return The principal.
114: */
115: public static Principal getBestPrincipal(Principal[] principals,
116: Class classe) {
117:
118: Principal principal = null;
119: for (int i = 0; i < principals.length; i++) {
120: Principal p = principals[i];
121: if (classe.isInstance(p)) {
122: principal = p;
123: break;
124: } else {
125: if (principal == null) {
126: principal = p;
127: }
128: }
129: }
130: return principal;
131: }
132:
133: /**
134: * <p>
135: * Utility method used to retrieve the Preferences API absolute/full path from a given
136: * principal.
137: * </p>
138: *
139: * @param principal The principal.
140: * @return The Preferences absolute/full path.
141: */
142: public static String getPreferencesFullPath(Principal principal) {
143:
144: if ((UserPrincipal.class).isInstance(principal)) {
145: return UserPrincipalImpl
146: .getFullPathFromPrincipalName(principal.getName());
147: } else if ((RolePrincipal.class).isInstance(principal)) {
148: return RolePrincipalImpl
149: .getFullPathFromPrincipalName(principal.getName());
150: } else if ((GroupPrincipal.class).isInstance(principal)) {
151: return GroupPrincipalImpl
152: .getFullPathFromPrincipalName(principal.getName());
153: } else {
154: return null;
155: }
156: }
157:
158: /**
159: * <p>
160: * Utility method to create a subject.
161: * </p>
162: *
163: * @param principalName The user principal name.
164: * @return The subject.
165: */
166: public static Subject createSubject(String principalName) {
167: Principal principal = new UserPrincipalImpl(principalName);
168: Set principals = new PrincipalsSet();
169: principals.add(principal);
170: return new Subject(true, principals, new HashSet(),
171: new HashSet());
172: }
173:
174: /**
175: * <p>
176: * Given a subject, finds all principals of the given classe for that subject. If no principals
177: * of the given class is not found, null is returned.
178: * </p>
179: *
180: * @param subject The subject supplying the principals.
181: * @param classe A class or interface derived from java.security.InternalPrincipal.
182: * @return A List of all principals of type Principal matching a principal classe parameter.
183: */
184: public static List getPrincipals(Subject subject, Class classe) {
185: List result = new LinkedList();
186: Iterator principals = subject.getPrincipals().iterator();
187: while (principals.hasNext()) {
188: Principal p = (Principal) principals.next();
189: if (classe.isInstance(p)) {
190: result.add(p);
191: }
192: }
193: return result;
194: }
195:
196: /**
197: * <p>
198: * Given a subject, find the (first) PasswordCredential from the private credentials
199: * </p>
200: *
201: * @param subject The subject
202: * @return the PasswordCredential or null if not found.
203: */
204: public static PasswordCredential getPasswordCredential(
205: Subject subject) {
206: Iterator iter = subject.getPrivateCredentials().iterator();
207: while (iter.hasNext()) {
208: Object o = iter.next();
209: if (o instanceof PasswordCredential) {
210: return (PasswordCredential) o;
211: }
212: }
213: return null;
214: }
215:
216: /**
217: * <p>
218: * Adds a collection of permsToAdd to a collection of existing permissions.
219: * </p>
220: *
221: * @param perms The existing permissions.
222: * @param permsToAdd The permissions to add.
223: */
224: public static void addPermissions(PermissionCollection perms,
225: PermissionCollection permsToAdd) {
226: int permsAdded = 0;
227: if (null != permsToAdd) {
228: Enumeration permsToAddEnum = permsToAdd.elements();
229: while (permsToAddEnum.hasMoreElements()) {
230: permsAdded++;
231: Permission currPerm = (Permission) permsToAddEnum
232: .nextElement();
233: perms.add(currPerm);
234: if (log.isDebugEnabled()) {
235: log.debug("Adding the permission: [class, "
236: + currPerm.getClass().getName() + "], "
237: + "[name, " + currPerm.getName() + "], "
238: + "[actions, " + currPerm.getActions()
239: + "]");
240: }
241: }
242: }
243: if ((permsAdded == 0) && log.isDebugEnabled()) {
244: log.debug("No permissions to add...");
245: }
246: }
247:
248: public static Principal createPrincipalFromFullPath(String fullPath) {
249: Principal principal = null;
250: if (fullPath.startsWith(BasePrincipal.PREFS_ROLE_ROOT)) {
251: String name = RolePrincipalImpl
252: .getPrincipalNameFromFullPath(fullPath);
253: principal = new RolePrincipalImpl(name);
254: } else if (fullPath.startsWith(BasePrincipal.PREFS_USER_ROOT)) {
255: String name = UserPrincipalImpl
256: .getPrincipalNameFromFullPath(fullPath);
257: principal = new UserPrincipalImpl(name);
258: } else if (fullPath.startsWith(BasePrincipal.PREFS_GROUP_ROOT)) {
259: String name = GroupPrincipalImpl
260: .getPrincipalNameFromFullPath(fullPath);
261: principal = new GroupPrincipalImpl(name);
262:
263: }
264: return principal;
265: }
266: }
|