001: // AclRealm.java
002: // $Id: AclRealm.java,v 1.11 2007/02/10 12:51:18 ylafon Exp $
003: // (c) COPYRIGHT MIT, INRIA and Keio, 1999.
004: // Please first read the full copyright statement in file COPYRIGHT.html
005:
006: package org.w3c.jigsaw.acl;
007:
008: import java.security.Principal;
009: import java.security.acl.AclEntry;
010: import java.security.acl.LastOwnerException;
011: import java.security.acl.NotOwnerException;
012: import java.security.acl.Permission;
013: import java.util.Enumeration;
014: import java.util.Vector;
015:
016: import org.w3c.jigsaw.auth.AuthRealm;
017: import org.w3c.jigsaw.auth.AuthUser;
018: import org.w3c.jigsaw.auth.AuthFilter;
019: import org.w3c.jigsaw.auth.IPMatcher;
020: import org.w3c.jigsaw.auth.RealmsCatalog;
021: import org.w3c.jigsaw.http.Request;
022: import org.w3c.jigsaw.http.httpd;
023:
024: import org.w3c.tools.resources.FramedResource;
025: import org.w3c.tools.resources.InvalidResourceException;
026: import org.w3c.tools.resources.ResourceReference;
027: import org.w3c.tools.resources.Attribute;
028: import org.w3c.tools.resources.AttributeRegistry;
029: import org.w3c.tools.resources.StringAttribute;
030: import org.w3c.tools.resources.StringArrayAttribute;
031:
032: /**
033: * @version $Revision: 1.11 $
034: * @author Benoît Mahé (bmahe@w3.org)
035: */
036: public class AclRealm extends JAcl {
037: /**
038: * Attribute index - The realm name for this ACL.
039: */
040: protected static int ATTR_REALM = -1;
041: /**
042: * Attribute index - The list of allowed users.
043: */
044: protected static int ATTR_ALLOWED_USERS = -1;
045: /**
046: * Attribute index - The methods protected by the filter.
047: */
048: protected static int ATTR_METHODS = -1;
049:
050: static {
051: Attribute a = null;
052: Class c = null;
053: try {
054: c = Class.forName("org.w3c.jigsaw.acl.AclRealm");
055: } catch (Exception ex) {
056: ex.printStackTrace();
057: System.exit(1);
058: }
059: // The realm name (to be resolved by the RealmFactory).
060: a = new StringAttribute("realm", null, Attribute.EDITABLE
061: | Attribute.MANDATORY);
062: ATTR_REALM = AttributeRegistry.registerAttribute(c, a);
063: // The list of allowed users
064: a = new StringArrayAttribute("users", null, Attribute.EDITABLE);
065: ATTR_ALLOWED_USERS = AttributeRegistry.registerAttribute(c, a);
066: // The protected methods
067: a = new StringArrayAttribute("methods", null,
068: Attribute.EDITABLE);
069: ATTR_METHODS = AttributeRegistry.registerAttribute(c, a);
070: }
071:
072: /**
073: * The IPMatcher to match IP templates to user records.
074: */
075: protected IPMatcher ipmatcher = null;
076: /**
077: * The catalog of realms that make our scope.
078: */
079: protected RealmsCatalog catalog = null;
080: /**
081: * Our associated realm.
082: */
083: protected ResourceReference rr_realm = null;
084: /**
085: * The nam of the realm we cache in <code>realm</code>.
086: */
087: protected String loaded_realm = null;
088:
089: protected Vector entries = null;
090:
091: /**
092: * Get the list of methods that this filter protect
093: * @return An array of String giving the name of the protected methods,
094: * or <strong>null</strong>, in wich case <em>all</em> methods are
095: * to be protected.
096: */
097: public String[] getMethods() {
098: return (String[]) getValue(ATTR_METHODS, null);
099: }
100:
101: /**
102: * Get the realm of this filter.
103: */
104: public String getRealm() {
105: return (String) getValue(ATTR_REALM, null);
106: }
107:
108: /**
109: * Get the list of allowed users.
110: */
111: public String[] getAllowedUsers() {
112: return (String[]) getValue(ATTR_ALLOWED_USERS, null);
113: }
114:
115: /**
116: * Get a pointer to our realm, and initialize our ipmatcher.
117: */
118: protected synchronized void acquireRealm() {
119: entries = new Vector(10);
120: // Get our catalog:
121: if (catalog == null) {
122: httpd server = (httpd) ((FramedResource) getTargetResource())
123: .getServer();
124: catalog = server.getRealmsCatalog();
125: }
126: // Check that our realm name is valid:
127: String name = getRealm();
128: if (name == null)
129: return;
130: if ((rr_realm != null) && name.equals(loaded_realm))
131: return;
132: // Load the realm and create the ipmtacher object
133: rr_realm = catalog.loadRealm(name);
134: if (rr_realm != null) {
135: try {
136: AuthRealm realm = (AuthRealm) rr_realm.lock();
137: Enumeration e = realm.enumerateUserNames();
138: while (e.hasMoreElements()) {
139: String uname = (String) e.nextElement();
140: ResourceReference rr_user = realm.loadUser(uname);
141: try {
142: AuthUser user = (AuthUser) rr_user.lock();
143: createEntry(user);
144: } catch (InvalidResourceException ex) {
145: System.out.println("Invalid user reference : "
146: + uname);
147: } finally {
148: rr_user.unlock();
149: }
150: }
151: } catch (InvalidResourceException ex) {
152:
153: } finally {
154: rr_realm.unlock();
155: }
156: }
157: }
158:
159: /**
160: * Is this user allowed in the realm ?
161: * @return A boolean <strong>true</strong> if access allowed.
162: */
163: protected boolean checkUser(AuthUser user) {
164: String allowed_users[] = getAllowedUsers();
165: // Check in the list of allowed users:
166: if (allowed_users != null) {
167: for (int i = 0; i < allowed_users.length; i++) {
168: if (allowed_users[i].equals(user.getName()))
169: return true;
170: }
171: } else {
172: //all users allowed
173: return true;
174: }
175: return false;
176: }
177:
178: protected void createEntry(AuthUser user) {
179: if (checkUser(user))
180: entries.addElement(new AuthUserPrincipal(user, getName()));
181: }
182:
183: protected boolean hasPrincipal(Principal p) {
184: //test with equals...
185: int idx = entries.indexOf(p);
186: return (idx != -1);
187: }
188:
189: public boolean addOwner(Principal caller, Principal owner)
190: throws NotOwnerException {
191: throw new NotOwnerException();
192: }
193:
194: public boolean deleteOwner(Principal caller, Principal owner)
195: throws NotOwnerException, LastOwnerException {
196: throw new NotOwnerException();
197: }
198:
199: public boolean isOwner(Principal owner) {
200: return false;
201: }
202:
203: public void setName(Principal caller, String name)
204: throws NotOwnerException {
205: throw new NotOwnerException();
206: }
207:
208: public String getName() {
209: return getRealm();
210: }
211:
212: public boolean addEntry(Principal caller, AclEntry entry)
213: throws NotOwnerException {
214: throw new NotOwnerException();
215: }
216:
217: public boolean removeEntry(Principal caller, AclEntry entry)
218: throws NotOwnerException {
219: throw new NotOwnerException();
220: }
221:
222: public Enumeration getPermissions(Principal user) {
223: return null;
224: }
225:
226: public Enumeration entries() {
227: return null;
228: }
229:
230: public boolean checkPermission(Principal principal,
231: Permission permission) {
232: acquireRealm();
233: String methods[] = getMethods();
234: boolean methodprotected = false;
235: if (methods != null) {
236: for (int i = 0; i < methods.length; i++) {
237: if (permission.equals(methods[i]))
238: methodprotected = true;
239: }
240: } else {
241: methodprotected = true;
242: }
243: if (!methodprotected)
244: return true;
245: boolean granted = hasPrincipal(principal);
246: if (granted) {
247: // let's add the username there
248: String username = principal.getName();
249: if (username != null) {
250: try {
251: HTTPPrincipal htp = (HTTPPrincipal) principal;
252: Request request = htp.getRequest();
253: if (username != null) {
254: request.setState(AuthFilter.STATE_AUTHUSER,
255: username);
256: }
257: } catch (Exception ex) {
258: // was not an HTTPPrincipal
259: }
260: }
261: }
262: return granted;
263: }
264:
265: public String toString() {
266: return getName();
267: }
268:
269: /**
270: * Initialize the Acl.
271: */
272: public void initialize(Object values[]) {
273: super.initialize(values);
274: }
275:
276: }
|