KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > com > caucho > server > security > ConstraintManager


1 /*
2  * Copyright (c) 1998-2006 Caucho Technology -- all rights reserved
3  *
4  * This file is part of Resin(R) Open Source
5  *
6  * Each copy or derived work must preserve the copyright notice and this
7  * notice unmodified.
8  *
9  * Resin Open Source is free software; you can redistribute it and/or modify
10  * it under the terms of the GNU General Public License as published by
11  * the Free Software Foundation; either version 2 of the License, or
12  * (at your option) any later version.
13  *
14  * Resin Open Source is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE, or any warranty
17  * of NON-INFRINGEMENT. See the GNU General Public License for more
18  * details.
19  *
20  * You should have received a copy of the GNU General Public License
21  * along with Resin Open Source; if not, write to the
22  * Free SoftwareFoundation, Inc.
23  * 59 Temple Place, Suite 330
24  * Boston, MA 02111-1307 USA
25  *
26  * @author Scott Ferguson
27  */
28
29 package com.caucho.server.security;
30
31 import com.caucho.server.dispatch.ErrorFilterChain;
32 import com.caucho.server.dispatch.FilterChainBuilder;
33 import com.caucho.server.dispatch.ForwardFilterChain;
34 import com.caucho.server.dispatch.Invocation;
35 import com.caucho.server.webapp.WebApp;
36 import com.caucho.util.L10N;
37
38 import javax.servlet.FilterChain JavaDoc;
39 import javax.servlet.RequestDispatcher JavaDoc;
40 import javax.servlet.http.HttpServletResponse JavaDoc;
41 import java.util.ArrayList JavaDoc;
42 import java.util.HashMap JavaDoc;
43
44 /**
45  * Manages security constraint.
46  */
47 public class ConstraintManager extends FilterChainBuilder {
48   private static L10N L = new L10N(ConstraintManager.class);
49
50   private ArrayList JavaDoc<SecurityConstraint> _constraints
51     = new ArrayList JavaDoc<SecurityConstraint>();
52
53   public void addConstraint(SecurityConstraint constraint)
54   {
55     _constraints.add(constraint);
56   }
57
58   public FilterChainBuilder getFilterBuilder()
59   {
60     return this;
61     /*
62     if (_constraints.size() > 0)
63       return this;
64     else
65       return null;
66     */
67   }
68   
69   /**
70    * Builds a filter chain dynamically based on the invocation.
71    *
72    * @param next the next filter in the chain.
73    * @param invocation the request's invocation.
74    */
75   public FilterChain build(FilterChain next, Invocation invocation)
76   {
77     String JavaDoc uri = invocation.getContextURI();
78
79     WebApp app = invocation.getWebApp();
80     if (app == null)
81       return next;
82
83     String JavaDoc lower = uri.toLowerCase();
84
85     if (lower.startsWith("/web-inf") ||
86         lower.startsWith("/meta-inf")) {
87       return new ErrorFilterChain(HttpServletResponse.SC_NOT_FOUND);
88     }
89
90     ArrayList JavaDoc<AbstractConstraint> constraints;
91     constraints = new ArrayList JavaDoc<AbstractConstraint>();
92     
93     HashMap JavaDoc<String JavaDoc,AbstractConstraint[]> methodMap;
94     methodMap = new HashMap JavaDoc<String JavaDoc,AbstractConstraint[]>();
95
96     if (_constraints != null) {
97       for (int i = 0; i < _constraints.size(); i++) {
98         SecurityConstraint constraint = _constraints.get(i);
99         
100         if (constraint.isMatch(uri)) {
101           AbstractConstraint absConstraint = constraint.getConstraint();
102
103           if (absConstraint != null) {
104             ArrayList JavaDoc<String JavaDoc> methods = constraint.getMethods(uri);
105
106             for (int j = 0; methods != null && j < methods.size(); j++) {
107               String JavaDoc method = methods.get(j);
108
109               AbstractConstraint []methodList = methodMap.get(method);
110
111               if (methodList == null)
112                 methodList = absConstraint.toArray();
113               else {
114                 // methodList.add(absConstraint);
115 }
116
117               methodMap.put(method, methodList);
118             }
119           
120             if (methods == null || methods.size() == 0) {
121           AbstractConstraint []constArray = absConstraint.toArray();
122           for (int k = 0; k < constArray.length; k++)
123         constraints.add(constArray[k]);
124         }
125           }
126
127           break;
128         }
129       }
130     }
131
132     if (uri.endsWith("/j_security_check") &&
133         app.getLogin() instanceof FormLogin) {
134       RequestDispatcher JavaDoc disp = app.getNamedDispatcher("j_security_check");
135       if (disp == null)
136         throw new IllegalStateException JavaDoc(L.l("j_security_check is an undefined servlet"));
137
138       next = new ForwardFilterChain(disp);
139     }
140
141     if (constraints.size() != 0 || methodMap.size() > 0) {
142       SecurityFilterChain filterChain = new SecurityFilterChain(next);
143       filterChain.setWebApp(invocation.getWebApp());
144       if (methodMap.size() > 0)
145         filterChain.setMethodMap(methodMap);
146       filterChain.setConstraints(constraints);
147
148       return filterChain;
149     }
150
151     return next;
152   }
153 }
154
Popular Tags