SecurityConstraint


1   /*
2    * Copyright (c) 1998-2006 Caucho Technology -- all rights reserved
3    *
4    * This file is part of Resin(R) Open Source
5    *
6    * Each copy or derived work must preserve the copyright notice and this
7    * notice unmodified.
8    *
9    * Resin Open Source is free software; you can redistribute it and/or modify
10   * it under the terms of the GNU General Public License as published by
11   * the Free Software Foundation; either version 2 of the License, or
12   * (at your option) any later version.
13   *
14   * Resin Open Source is distributed in the hope that it will be useful,
15   * but WITHOUT ANY WARRANTY; without even the implied warranty of
16   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE, or any warranty
17   * of NON-INFRINGEMENT.  See the GNU General Public License for more
18   * details.
19   *
20   * You should have received a copy of the GNU General Public License
21   * along with Resin Open Source; if not, write to the
22   *
23   *   Free Software Foundation, Inc.
24   *   59 Temple Place, Suite 330
25   *   Boston, MA 02111-1307  USA
26   *
27   * @author Scott Ferguson
28   */
29  
30  package com.caucho.server.security;
31  
32  import com.caucho.log.Log;
33  import com.caucho.server.dispatch.UrlMap;
34  import com.caucho.server.util.CauchoSystem;
35  import com.caucho.util.L10N;
36  
37  import javax.annotation.PostConstruct;
38  import java.util.ArrayList  ;
39  import java.util.logging.Level  ;
40  import java.util.logging.Logger  ;
41  import java.util.regex.Pattern  ;
42  import java.util.regex.PatternSyntaxException  ;
43  
44  /**
45   * Configuration for the security-constraint.
46   */
47  public class SecurityConstraint {
48    static final Logger   log = Log.open(SecurityConstraint.class);
49    static L10N L = new L10N(SecurityConstraint.class);
50  
51    private AbstractConstraint _constraint;
52    
53    private ContainerConstraint _containerConstraint;
54    private RoleConstraint _roleConstraint;
55  
56    private Pattern   _regexp;
57    private IPConstraint _oldStyleIpConstraint;
58  
59    private ArrayList  <WebResourceCollection> _webResourceCollectionList;
60  
61    /**
62     * Creates the security-constraint.
63     */
64    public SecurityConstraint()
65    {
66    }
67  
68    /**
69     * Sets the description.
70     */
71    public void setDescription(String   description)
72    {
73    }
74  
75    /**
76     * Sets the display-name.
77     */
78    public void setDisplayName(String   displayName)
79    {
80    }
81  
82    /**
83     * Sets the url-pattern
84     */
85    public void setURLPattern(String   pattern)
86    {
87      String   regexpPattern = UrlMap.urlPatternToRegexpPattern(pattern);
88  
89      int flags = (CauchoSystem.isCaseInsensitive() ?
90                   Pattern.CASE_INSENSITIVE :
91                   0);
92      try {
93        _regexp = Pattern.compile(regexpPattern, flags);
94      } catch (PatternSyntaxException   e) {
95        log.log(Level.WARNING, e.toString(), e);
96      }
97    }
98  
99    /**
100    * Adds a web-resource-collection
101    */
102   public void addWebResourceCollection(WebResourceCollection resource)
103   {
104     if (_webResourceCollectionList == null)
105       _webResourceCollectionList = new ArrayList  <WebResourceCollection>();
106 
107     _webResourceCollectionList.add(resource);
108   }
109 
110   /**
111    * Sets the role-name
112    */
113   public void addRoleName(String   roleName)
114   {
115     if (_roleConstraint == null) {
116       _roleConstraint = new RoleConstraint();
117       addConstraint(_roleConstraint);
118     }
119     
120     _roleConstraint.addRoleName(roleName);
121   }
122 
123   /**
124    * Adds the auth-constraint
125    */
126   public void addAuthConstraint(AuthConstraint auth)
127   {
128     if (_roleConstraint == null) {
129       _roleConstraint = new RoleConstraint();
130       addConstraint(_roleConstraint);
131     }
132     
133     ArrayList  <String  > list = auth.getRoleList();
134 
135     for (int i = 0; i < list.size(); i++)
136       addRoleName(list.get(i));
137   }
138 
139   /**
140    * Sets the user-data-constraint
141    */
142   public void setUserDataConstraint(UserDataConstraint constraint)
143   {
144     String   transportGuarantee = constraint.getTransportGuarantee();
145 
146     if (transportGuarantee != null)
147       addConstraint(new TransportConstraint(transportGuarantee));
148   }
149 
150   /**
151    * Add an ip-constraint
152    */
153   public void addIPConstraint(IPConstraint constraint)
154   {
155     if (!constraint.isOldStyle()) {
156       addConstraint(constraint);
157     }
158     else {
159       /**
160        * The old style was to simply allow:
161        * <security-constraint>
162        *   <ip-constraint>network</ip-constraint>
163        *   <ip-constraint>network</ip-constraint>
164        * </security-constraint>
165        *
166        * which was effectively the same as using allow.  The compiliction
167        * is that when the old style is used, there should be only one
168        * IPConstraint object 
169        */ 
170       if (_oldStyleIpConstraint == null) {
171         addConstraint(constraint);
172         _oldStyleIpConstraint = constraint;
173       }
174       else {
175         constraint.copyInto(_oldStyleIpConstraint);
176       }
177     }
178   }
179 
180   /**
181    * Sets a custom constraint
182    */
183   public void addConstraint(AbstractConstraint constraint)
184   {
185     if (_constraint == null)
186       _constraint = constraint;
187     else if (_containerConstraint == null) {
188       _containerConstraint = new ContainerConstraint();
189       _containerConstraint.addConstraint(_constraint);
190       _constraint = _containerConstraint;
191       
192       _containerConstraint.addConstraint(constraint);
193     }
194     else
195       _containerConstraint.addConstraint(constraint);
196   }
197 
198   /**
199    * initialize
200    */
201   @PostConstruct
202   public void init()
203   {
204   }
205 
206   /**
207    * Returns true if the URL matches.
208    */
209   public boolean isMatch(String   url)
210   {
211     if (_regexp != null && _regexp.matcher(url).find()) {
212       return true;
213     }
214     
215     for (int i = 0;
216          _webResourceCollectionList != null &&
217            i < _webResourceCollectionList.size();
218          i++) {
219       WebResourceCollection resource = _webResourceCollectionList.get(i);
220 
221       if (resource.isMatch(url))
222         return true;
223     }
224 
225     return false;
226   }
227 
228   /**
229    * Returns the applicable methods if the URL matches.
230    */
231   public ArrayList  <String  > getMethods(String   url)
232   {
233     for (int i = 0;
234          _webResourceCollectionList != null &&
235            i < _webResourceCollectionList.size();
236          i++) {
237       WebResourceCollection resource = _webResourceCollectionList.get(i);
238 
239       if (resource.isMatch(url))
240         return resource.getMethods();
241     }
242 
243     return null;
244   }
245 
246   /**
247    * return the constraint
248    */
249   public AbstractConstraint getConstraint()
250   {
251     return _constraint;
252   }
253 }
254
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags