Java > Open Source Codes > com > sun > security > auth > SubjectCodeSource


1 /*
2  * @(#)SubjectCodeSource.java 1.21 03/12/19
3  *
4  * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
5  * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
6  */
7
8 package com.sun.security.auth;
9
10 import java.net.URL ;
11 import java.util.*;
12 import java.security.CodeSource ;
13 import java.security.Principal ;
14 import java.security.cert.Certificate ;
15 import java.lang.reflect.Constructor ;
16
17 import javax.security.auth.Subject ;
18
19 /**
20  * <p> This <code>SubjectCodeSource</code> class contains
21  * a <code>URL</code>, signer certificates, and either a <code>Subject</code>
22  * (that represents the <code>Subject</code> in the current
23  * <code>AccessControlContext</code)>,
24  * or a linked list of Principals/PrincipalComparators
25  * (that represent a "subject" in a <code>Policy</code>).
26  *
27  * @version 1.21, 12/19/03
28  */
29 class SubjectCodeSource extends CodeSource implements java.io.Serializable {
30
31     private static final long serialVersionUID = 6039418085604715275L;
32
33     private static final java.util.ResourceBundle rb =
34           (java.util.ResourceBundle )java.security.AccessController.doPrivileged
35           (new java.security.PrivilegedAction () {
36               public Object run() {
37                   return (java.util.ResourceBundle.getBundle
38                                 ("sun.security.util.AuthResources"));
39               }
40       });
41
42     private Subject subject;
43     private LinkedList principals;
44     private static final Class [] PARAMS = { String .class };
45     private static final sun.security.util.Debug debug =
46     sun.security.util.Debug.getInstance("auth", "\t[Auth Access]");
47     private ClassLoader sysClassLoader;
48
49     /**
50      * Creates a new <code>SubjectCodeSource</code>
51      * with the given <code>Subject</code>, principals, <code>URL</code>,
52      * and signers (Certificates). The <code>Subject</code>
53      * represents the <code>Subject</code> associated with the current
54      * <code>AccessControlContext</code>.
55      * The Principals are given as a <code>LinkedList</code>
56      * of <code>PolicyParser.PrincipalEntry</code> objects.
57      * Typically either a <code>Subject</code> will be provided,
58      * or a list of <code>principals</code> will be provided
59      * (not both).
60      *
61      * <p>
62      *
63      * @param subject the <code>Subject</code> associated with this
64      * <code>SubjectCodeSource</code> <p>
65      *
66      * @param url the <code>URL</code> associated with this
67      * <code>SubjectCodeSource</code> <p>
68      *
69      * @param certs the signers associated with this
70      * <code>SubjectCodeSource</code> <p>
71      */
72     SubjectCodeSource(Subject subject, LinkedList principals,
73             URL url, Certificate [] certs) {
74     super(url, certs);
75     this.subject = subject;
76     this.principals = (principals == null ?
77         new LinkedList() :
78         new LinkedList(principals));
79     sysClassLoader =
80         (ClassLoader )java.security.AccessController.doPrivileged
81         (new java.security.PrivilegedAction () {
82         public Object run() {
83             return ClassLoader.getSystemClassLoader();
84         }
85     });
86     }
87
88     /**
89      * Get the Principals associated with this <code>SubjectCodeSource</code>.
90      * The Principals are retrieved as a <code>LinkedList</code>
91      * of <code>PolicyParser.PrincipalEntry</code> objects.
92      *
93      * <p>
94      *
95      * @return the Principals associated with this
96      * <code>SubjectCodeSource</code> as a <code>LinkedList</code>
97      * of <code>PolicyParser.PrincipalEntry</code> objects.
98      */
99     LinkedList getPrincipals() {
100     return principals;
101     }
102
103     /**
104      * Get the <code>Subject</code> associated with this
105      * <code>SubjectCodeSource</code>. The <code>Subject</code>
106      * represents the <code>Subject</code> associated with the
107      * current <code>AccessControlContext</code>.
108      *
109      * <p>
110      *
111      * @return the <code>Subject</code> associated with this
112      * <code>SubjectCodeSource</code>.
113      */
114     Subject getSubject() {
115     return subject;
116     }
117
118     /**
119      * Returns true if this <code>SubjectCodeSource</code> object "implies"
120      * the specified <code>CodeSource</code>.
121      * More specifically, this method makes the following checks.
122      * If any fail, it returns false. If they all succeed, it returns true.
123      *
124      * <p>
125      * <ol>
126      * <li> The provided codesource must not be <code>null</code>.
127      * <li> codesource must be an instance of <code>SubjectCodeSource</code>.
128      * <li> super.implies(codesource) must return true.
129      * <li> for each principal in this codesource's principal list:
130      * <ol>
131      * <li> if the principal is an instanceof
132      * <code>PrincipalComparator</code>, then the principal must
133      * imply the provided codesource's <code>Subject</code>.
134      * <li> if the principal is not an instanceof
135      * <code>PrincipalComparator</code>, then the provided
136      * codesource's <code>Subject</code> must have an
137      * associated <code>Principal</code>, <i>P</i>, where
138      * P.getClass().getName equals principal.principalClass,
139      * and P.getName() equals principal.principalName.
140      * </ol>
141      * </ol>
142      *
143      * <p>
144      *
145      * @param codesource the <code>CodeSource</code> to compare against.
146      *
147      * @return true if this <code>SubjectCodeSource</code> implies the
148      * the specified <code>CodeSource</code>.
149      */
150     public boolean implies(CodeSource codesource) {
151
152     LinkedList subjectList = null;
153
154     if (codesource == null ||
155         !(codesource instanceof SubjectCodeSource) ||
156         !(super.implies(codesource))) {
157
158         if (debug != null)
159         debug.println("\tSubjectCodeSource.implies: FAILURE 1");
160         return false;
161     }
162
163     SubjectCodeSource that = (SubjectCodeSource)codesource;
164
165     // if the principal list in the policy "implies"
166 // the Subject associated with the current AccessControlContext,
167 // then return true
168
169     if (this.principals == null) {
170         if (debug != null)
171         debug.println("\tSubjectCodeSource.implies: PASS 1");
172         return true;
173     }
174
175     if (that.getSubject() == null ||
176         that.getSubject().getPrincipals().size() == 0) {
177         if (debug != null)
178         debug.println("\tSubjectCodeSource.implies: FAILURE 2");
179         return false;
180     }
181
182     ListIterator li = this.principals.listIterator(0);
183     while (li.hasNext()) {
184         PolicyParser.PrincipalEntry pppe =
185         (PolicyParser.PrincipalEntry)li.next();
186         try {
187
188         // handle PrincipalComparators
189
190         Class principalComparator = Class.forName(pppe.principalClass,
191                             true,
192                             sysClassLoader);
193         Constructor c = principalComparator.getConstructor(PARAMS);
194         PrincipalComparator pc =
195             (PrincipalComparator)c.newInstance
196             (new Object [] { pppe.principalName });
197
198         if (!pc.implies(that.getSubject())) {
199             if (debug != null)
200             debug.println("\tSubjectCodeSource.implies: FAILURE 3");
201             return false;
202         } else {
203             if (debug != null)
204             debug.println("\tSubjectCodeSource.implies: PASS 2");
205             return true;
206         }
207         } catch (Exception e) {
208
209         // no PrincipalComparator, simply compare Principals
210
211         if (subjectList == null) {
212
213             if (that.getSubject() == null) {
214             if (debug != null)
215                 debug.println("\tSubjectCodeSource.implies: " +
216                     "FAILURE 4");
217             return false;
218             }
219             Iterator i = that.getSubject().getPrincipals().iterator();
220
221             subjectList = new LinkedList();
222             while (i.hasNext()) {
223             Principal p = (Principal )i.next();
224             PolicyParser.PrincipalEntry spppe =
225                 new PolicyParser.PrincipalEntry
226                 (p.getClass().getName(), p.getName());
227             subjectList.add(spppe);
228             }
229         }
230         
231         if (!subjectListImpliesPrincipalEntry(subjectList, pppe)) {
232             if (debug != null)
233             debug.println("\tSubjectCodeSource.implies: FAILURE 5");
234             return false;
235         }
236         }
237     }
238
239     if (debug != null)
240         debug.println("\tSubjectCodeSource.implies: PASS 3");
241     return true;
242     }
243
244     /**
245      * This method returns, true, if the provided <i>subjectList</i>
246      * "contains" the <code>Principal</code> specified
247      * in the provided <i>pppe</i> argument.
248      *
249      * Note that the provided <i>pppe</i> argument may have
250      * wildcards (*) for the <code>Principal</code> class and name,
251      * which need to be considered.
252      *
253      * <p>
254      *
255      * @param subjectList a list of PolicyParser.PrincipalEntry objects
256      * that correspond to all the Principals in the Subject currently
257      * on this thread's AccessControlContext. <p>
258      *
259      * @param pppe the Principals specified in a grant entry.
260      *
261      * @return true if the provided <i>subjectList</i> "contains"
262      * the <code>Principal</code> specified in the provided
263      * <i>pppe</i> argument.
264      */
265     private boolean subjectListImpliesPrincipalEntry(LinkedList subjectList,
266                     PolicyParser.PrincipalEntry pppe) {
267
268     ListIterator li = subjectList.listIterator(0);
269     while (li.hasNext()) {
270         PolicyParser.PrincipalEntry listPppe = (PolicyParser.PrincipalEntry)
271                         li.next();
272
273         if (pppe.principalClass.equals
274             (PolicyParser.PrincipalEntry.WILDCARD_CLASS) ||
275         pppe.principalClass.equals
276             (listPppe.principalClass)) {
277
278         if (pppe.principalName.equals
279             (PolicyParser.PrincipalEntry.WILDCARD_NAME) ||
280             pppe.principalName.equals
281             (listPppe.principalName))
282             return true;
283         }
284     }
285     return false;
286     }
287
288     /**
289      * Tests for equality between the specified object and this
290      * object. Two <code>SubjectCodeSource</code> objects are considered equal
291      * if their locations are of identical value, if the two sets of
292      * Certificates are of identical values, and if the
293      * Subjects are equal, and if the PolicyParser.PrincipalEntry values
294      * are of identical values. It is not required that
295      * the Certificates or PolicyParser.PrincipalEntry values
296      * be in the same order.
297      *
298      * <p>
299      *
300      * @param obj the object to test for equality with this object.
301      *
302      * @return true if the objects are considered equal, false otherwise.
303      */
304     public boolean equals(Object obj) {
305
306     if (obj == this)
307         return true;
308
309     if (super.equals(obj) == false)
310         return false;
311
312     if (!(obj instanceof SubjectCodeSource))
313         return false;
314
315     SubjectCodeSource that = (SubjectCodeSource)obj;
316
317     // the principal lists must match
318 try {
319         if (this.getSubject() != that.getSubject())
320         return false;
321     } catch (SecurityException se) {
322         return false;
323     }
324
325     if ((this.principals == null && that.principals != null) ||
326         (this.principals != null && that.principals == null))
327         return false;
328     
329     if (this.principals != null && that.principals != null) {
330         if (!this.principals.containsAll(that.principals) ||
331         !that.principals.containsAll(this.principals))
332
333         return false;
334     }
335
336     return true;
337     }
338
339     /**
340      * Return a hashcode for this <code>SubjectCodeSource</code>.
341      *
342      * <p>
343      *
344      * @return a hashcode for this <code>SubjectCodeSource</code>.
345      */
346     public int hashCode() {
347     return super.hashCode();
348     }
349
350     /**
351      * Return a String representation of this <code>SubjectCodeSource</code>.
352      *
353      * <p>
354      *
355      * @return a String representation of this <code>SubjectCodeSource</code>.
356      */
357     public String toString() {
358     String returnMe = super.toString();
359     if (getSubject() != null) {
360         if (debug != null) {
361         final Subject finalSubject = getSubject();
362         returnMe = returnMe + "\n" +
363             java.security.AccessController.doPrivileged
364                 (new java.security.PrivilegedAction () {
365                 public Object run() {
366                     return finalSubject.toString();
367                 }
368             });
369         } else {
370         returnMe = returnMe + "\n" + getSubject().toString();
371         }
372     }
373     if (principals != null) {
374         ListIterator li = principals.listIterator();
375         while (li.hasNext()) {
376         PolicyParser.PrincipalEntry pppe =
377             (PolicyParser.PrincipalEntry)li.next();
378         returnMe = returnMe + rb.getString("\n") +
379             pppe.principalClass + " " +
380             pppe.principalName;
381         }
382     }
383     return returnMe;
384     }
385 }
386

A to Z: JavaDoc & Examples

---

Daily Java News & Articles

---

Open Source Projects

---

Open Source Codes

---

Free Computer Books

---

Remove Frame

---

Popular Tags