KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > com > sun > web > security > WebPermissionUtil


1 /*
2  * The contents of this file are subject to the terms
3  * of the Common Development and Distribution License
4  * (the License). You may not use this file except in
5  * compliance with the License.
6  *
7  * You can obtain a copy of the license at
8  * https://glassfish.dev.java.net/public/CDDLv1.0.html or
9  * glassfish/bootstrap/legal/CDDLv1.0.txt.
10  * See the License for the specific language governing
11  * permissions and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL
14  * Header Notice in each file and include the License file
15  * at glassfish/bootstrap/legal/CDDLv1.0.txt.
16  * If applicable, add the following below the CDDL Header,
17  * with the fields enclosed by brackets [] replaced by
18  * you own identifying information:
19  * "Portions Copyrighted [year] [name of copyright owner]"
20  *
21  * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
22  */

23
24 package com.sun.web.security;
25
26 import java.io.File JavaDoc;
27 import java.util.*;
28 import javax.security.jacc.PolicyConfiguration JavaDoc;
29 import javax.security.jacc.WebResourcePermission JavaDoc;
30 import javax.security.jacc.WebRoleRefPermission JavaDoc;
31 import javax.security.jacc.WebUserDataPermission JavaDoc;
32
33 import java.util.logging.*;
34 import com.sun.logging.LogDomains;
35 import java.security.Permission JavaDoc;
36 import java.security.Permissions JavaDoc;
37
38 import com.sun.enterprise.deployment.*;
39 import com.sun.enterprise.deployment.web.*;
40 import com.sun.enterprise.security.acl.*;
41 /**
42  * This class is used for generating Web permissions based on the
43  * deployment descriptor.
44  * @author Harpreet Singh
45  * @author Jean-Francois Arcand
46  * @author Ron Monzillo
47  */

48 public class WebPermissionUtil {
49     private static Logger logger =
50     Logger.getLogger(LogDomains.SECURITY_LOGGER);
51     
52     public WebPermissionUtil() {
53     }
54     
55     /* changed to order default pattern / below extension */
56     private static final int PT_DEFAULT = 0;
57     private static final int PT_EXTENSION = 1;
58     private static final int PT_PREFIX = 2;
59     private static final int PT_EXACT = 3;
60       
61     static int patternType(Object JavaDoc urlPattern) {
62     String JavaDoc pattern = urlPattern.toString();
63     if (pattern.startsWith("*.")) return PT_EXTENSION;
64     else if (pattern.startsWith("/") && pattern.endsWith("/*"))
65         return PT_PREFIX;
66     else if (pattern.equals("/")) return PT_DEFAULT;
67     else return PT_EXACT;
68     }
69     /**
70      * Exclude list when processing resource to url mapping.
71      **/

72     private static ArrayList skippableList;
73     
74     static {
75         skippableList = new ArrayList();
76         skippableList.add("meta-inf");
77         skippableList.add("web-inf");
78         skippableList.add("tld");
79         skippableList.add(".com.sun.deployment.backend.lock");
80     }
81
82     static boolean implies(String JavaDoc pattern, String JavaDoc path) {
83
84         // Check for exact match
85
if (pattern.equals(path))
86             return (true);
87
88         // Check for path prefix matching
89
if (pattern.startsWith("/") && pattern.endsWith("/*")) {
90             pattern = pattern.substring(0, pattern.length() - 2);
91
92         int length = pattern.length();
93
94             if (length == 0) return (true); // "/*" is the same as "/"
95

96         return (path.startsWith(pattern) &&
97             (path.length() == length ||
98              path.substring(length).startsWith("/")));
99         }
100
101         // Check for suffix matching
102
if (pattern.startsWith("*.")) {
103             int slash = path.lastIndexOf('/');
104             int period = path.lastIndexOf('.');
105             if ((slash >= 0) && (period > slash) &&
106                 path.endsWith(pattern.substring(1))) {
107                 return (true);
108             }
109             return (false);
110         }
111
112         // Check for universal mapping
113
if (pattern.equals("/"))
114             return (true);
115
116         return (false);
117     }
118
119     public static HashMap parseConstraints(WebBundleDescriptor wbd)
120     {
121     
122       if(logger.isLoggable(Level.FINE)){
123       logger.entering("WebPermissionUtil", "parseConstraints");
124       }
125
126       HashMap qpMap = new HashMap();
127
128       // bootstrap the map with the default pattern;
129
qpMap.put("/", new MapValue("/"));
130
131       //Enumerate over security constraints
132
Enumeration esc = wbd.getSecurityConstraints();
133       while (esc.hasMoreElements()) {
134       
135       if(logger.isLoggable(Level.FINE)){
136           logger.log(Level.FINE,"JACC: constraint translation: begin parsing security constraint");
137       }
138
139       SecurityConstraint sc = (SecurityConstraint) esc.nextElement();
140       AuthorizationConstraint ac = sc.getAuthorizationConstraint();
141       UserDataConstraint udc = sc.getUserDataConstraint();
142
143       // Enumerate over collections of URLPatterns within constraint
144
Enumeration ewrc = sc.getWebResourceCollections();
145       while (ewrc.hasMoreElements()) {
146
147           if(logger.isLoggable(Level.FINE)){
148           logger.log(Level.FINE,"JACC: constraint translation: begin parsing web resource collection");
149           }
150
151           WebResourceCollection wrc =
152           (WebResourceCollection)ewrc.nextElement();
153
154           // Enumerate over URLPatterns within collection
155
Enumeration eurl = wrc.getUrlPatterns();
156           while (eurl.hasMoreElements()) {
157
158           String JavaDoc url = (String JavaDoc) eurl.nextElement();
159
160           if(logger.isLoggable(Level.FINE)){
161               logger.log(Level.FINE,"JACC: constraint translation: process url: "+url);
162           }
163
164           // determine if pattern is already in map
165
MapValue mValue = (MapValue) qpMap.get(url);
166
167           // apply new patterns to map
168
if (mValue == null) {
169               mValue = new MapValue(url);
170
171               //Iterate over patterns in map
172
Iterator it = qpMap.keySet().iterator();
173               while (it.hasNext()) {
174
175               String JavaDoc otherUrl = (String JavaDoc) it.next();
176
177               int otherUrlType = patternType(otherUrl);
178               switch(patternType(url)) {
179
180                   // if the new url/pattern is a path-prefix
181
// pattern, it must be qualified by every
182
// different (from it) path-prefix pattern
183
// (in the map) that is implied by the new
184
// pattern, and every exact pattern (in the map)
185
// that is implied by the new url.
186
// Also, the new pattern must be added as a
187
// qualifier of the default pattern, and every
188
// extension pattern (existing in the map), and
189
// of every different path-prefix pattern that
190
// implies the new pattern.
191
// Note that we know that the new pattern does
192
// not exist in the map, thus we know that the
193
// new pattern is different from any existing
194
// path prefix pattern.
195

196                   case PT_PREFIX:
197                   if ((otherUrlType == PT_PREFIX ||
198                       otherUrlType == PT_EXACT) &&
199                       implies(url,otherUrl))
200                       mValue.addQualifier(otherUrl);
201               
202                   else if (otherUrlType == PT_PREFIX &&
203                        implies(otherUrl,url))
204                       ((MapValue) qpMap.get(otherUrl)).
205                       addQualifier(url);
206                   
207                   else if (otherUrlType == PT_EXTENSION ||
208                        otherUrlType == PT_DEFAULT)
209                       ((MapValue) qpMap.get(otherUrl)).
210                       addQualifier(url);
211                   break;
212
213                   // if the new pattern is an extension pattern,
214
// it must be qualified by every path-prefix
215
// pattern (in the map), and every exact
216
// pattern (in the map) that is implied by
217
// the new pattern.
218
// Also, it must be added as a qualifier of
219
// the defualt pattern, if it exists in the
220
// map.
221
case PT_EXTENSION:
222                   if (otherUrlType == PT_PREFIX ||
223                        (otherUrlType == PT_EXACT &&
224                     implies(url,otherUrl)))
225                       mValue.addQualifier(otherUrl);
226
227                   else if (otherUrlType == PT_DEFAULT)
228                       ((MapValue) qpMap.get(otherUrl)).
229                       addQualifier(url);
230                   break;
231
232                   // if the new pattern is the default pattern
233
// it must be qualified by every other pattern
234
// in the map.
235
case PT_DEFAULT:
236                   if (otherUrlType != PT_DEFAULT)
237                       mValue.addQualifier(otherUrl);
238                   break;
239
240                   // if the new pattern is an exact pattern, it
241
// is not be qualified, but it must be added as
242
// as a qualifier to the default pattern, and to
243
// every path-prefix or extension pattern (in
244
// the map) that implies the new pattern.
245
case PT_EXACT:
246                   if ((otherUrlType == PT_PREFIX ||
247                        otherUrlType == PT_EXTENSION) &&
248                       implies(otherUrl,url))
249                       ((MapValue) qpMap.get(otherUrl)).
250                       addQualifier(url);
251                   else if (otherUrlType == PT_DEFAULT)
252                       ((MapValue) qpMap.get(otherUrl)).
253                       addQualifier(url);
254                   break;
255               }
256               }
257
258               // add the new pattern and its pattern spec to the map
259
qpMap.put(url, mValue);
260
261           }
262
263           BitSet methods =
264               MapValue.methodArrayToSet(wrc.getHttpMethodsAsArray());
265
266           if(logger.isLoggable(Level.FINE)){
267               logger.log(Level.FINE,"JACC: constraint translation: methods of collection: "+ MapValue.getActions(methods));
268           }
269
270           if (ac == null) {
271               if(logger.isLoggable(Level.FINE)){
272               logger.log(Level.FINE,"JACC: constraint translation: collection is unchecked for authorization at methods: "+ MapValue.getActions(methods));
273               }
274               mValue.setPredefinedOutcomeOnMethods(methods,true);
275           }
276           else {
277               Enumeration eroles = ac.getSecurityRoles();
278               if (!eroles.hasMoreElements()) {
279               if(logger.isLoggable(Level.FINE)){
280                   logger.log(Level.FINE,"JACC: constraint translation: collection is exclude at methods: "+ MapValue.getActions(methods));
281               }
282               mValue.setPredefinedOutcomeOnMethods(methods,false);
283               }
284               else while (eroles.hasMoreElements()) {
285               SecurityRoleDescriptor srd =
286                   (SecurityRoleDescriptor)eroles.nextElement();
287               mValue.setRoleOnMethods(srd.getName(),methods,wbd);
288               if(logger.isLoggable(Level.FINE)){
289                   logger.log(Level.FINE,"JACC: constraint translation: collection is athorized to: "+ srd.getName() + " at methods: "+ MapValue.getActions(methods));
290               }
291               }
292           }
293
294           if (udc == null) {
295               if(logger.isLoggable(Level.FINE)){
296               logger.log(Level.FINE,"JACC: constraint translation: collection requires no transport guarantee at methods: "+ MapValue.getActions(methods));
297               }
298               mValue.setConnectOnMethods(null,methods);
299           }
300           else {
301               if(logger.isLoggable(Level.FINE)){
302               logger.log(Level.FINE,"JACC: constraint translation: collection requires transport guarantee: "+ udc.getTransportGuarantee()+ " at methods: "+ MapValue.getActions(methods));
303               }
304               mValue.setConnectOnMethods(udc.getTransportGuarantee(),
305                          methods);
306           }
307    
308           if(logger.isLoggable(Level.FINE)){
309               logger.log(Level.FINE,"JACC: constraint translation: end processing url: "+url);
310           }
311           }
312
313           if(logger.isLoggable(Level.FINE)){
314           logger.log(Level.FINE,"JACC: constraint translation: end parsing web resource collection");
315           }
316       }
317
318       if(logger.isLoggable(Level.FINE)){
319           logger.log(Level.FINE,"JACC: constraint translation: end parsing security constraint");
320       }
321       }
322
323       if(logger.isLoggable(Level.FINE)){
324       logger.exiting("WebPermissionUtil","parseConstraints");
325       }
326
327       return qpMap;
328     }
329
330     public static void processConstraints(WebBundleDescriptor wbd,
331                       PolicyConfiguration JavaDoc pc)
332     throws javax.security.jacc.PolicyContextException JavaDoc
333     {
334     if(logger.isLoggable(Level.FINE)){
335         logger.entering("WebPermissionUtil", "processConstraints");
336         logger.log(Level.FINE,"JACC: constraint translation: CODEBASE = "+
337                pc.getContextID());
338     }
339
340     HashMap qpMap = parseConstraints(wbd);
341     HashMap roleMap = new HashMap();
342
343     Permissions JavaDoc excluded = new Permissions JavaDoc();
344     Permissions JavaDoc unchecked = new Permissions JavaDoc();
345
346     // for each urlPatternSpec in the map
347
if(logger.isLoggable(Level.FINE)){
348         logger.log(Level.FINE,"JACC: constraint capture: begin processing qualified url patterns");
349     }
350
351     Iterator it = qpMap.values().iterator();
352     while (it.hasNext()) {
353         MapValue m = (MapValue) it.next();
354         if (!m.irrelevantByQualifier) {
355
356         String JavaDoc name = m.urlPatternSpec.toString();
357
358         if(logger.isLoggable(Level.FINE)){
359             logger.log(Level.FINE,"JACC: constraint capture: urlPattern: "+ name);
360         }
361
362         // handle excluded method
363
BitSet methods = m.getExcludedMethods();
364         if (!methods.isEmpty()) {
365
366             if(logger.isLoggable(Level.FINE)){
367             logger.log(Level.FINE,"JACC: constraint capture: adding excluded methods: "+ MapValue.getActions(methods));
368
369             }
370
371             String JavaDoc[] actions = MapValue.getMethodArray(methods);
372             excluded.add(new WebResourcePermission JavaDoc(name,actions));
373             excluded.add(new WebUserDataPermission JavaDoc(name,actions,null));
374         }
375
376         // handle methods requring role
377
HashMap rMap = m.getRoleMap();
378         Iterator rit = rMap.keySet().iterator();
379         while (rit.hasNext()) {
380
381             String JavaDoc role = (String JavaDoc) rit.next();
382             methods = (BitSet) rMap.get(role);
383
384             if (!methods.isEmpty()) {
385
386             Permissions JavaDoc p = (Permissions JavaDoc) roleMap.get(role);
387             if (p == null) {
388                 p = new Permissions JavaDoc();
389                 roleMap.put(role,p);
390             }
391
392             if(logger.isLoggable(Level.FINE)){
393                 logger.log(Level.FINE,"JACC: constraint capture: adding methods that may be called by role: "+ role+" methods: "+ MapValue.getActions(methods));
394             }
395
396             String JavaDoc[] actions = MapValue.getMethodArray(methods);
397             p.add(new WebResourcePermission JavaDoc(name,actions));
398             }
399         }
400
401         // handle transport constrained methods (skip unprotected
402
// that is, connectKey index == 0)
403
for (int i=1; i<MethodValue.connectKeys.length; i++) {
404             methods = m.getConnectMap(1<<i);
405             if (!methods.isEmpty()) {
406             
407             if(logger.isLoggable(Level.FINE)){
408
409                 logger.log(Level.FINE,"JACC: constraint capture: adding methods that accept connections with protection: "+ MethodValue.connectKeys[i]+" methods: "+ MapValue.getActions(methods));
410             }
411
412             String JavaDoc[] actions = MapValue.getMethodArray(methods);
413             unchecked.add(new WebUserDataPermission JavaDoc
414                 (name, actions,
415                  (String JavaDoc) MethodValue.connectKeys[i]));
416             }
417         }
418
419         // handle methods that are not auth constrained
420
methods = m.getAuthConstrainedMethods();
421         if (!methods.get(MethodValue.AllMethodsIdx)) {
422             String JavaDoc actions;
423             if (methods.isEmpty()) {
424             actions = null;
425             } else {
426             actions = "!" + MapValue.getActions(methods);
427             }
428             if(logger.isLoggable(Level.FINE)){
429             logger.log(Level.FINE,"JACC: constraint capture: adding unchecked (for authorization) methods: "+ actions);
430             }
431             unchecked.add(new WebResourcePermission JavaDoc(name,actions));
432         }
433
434         // handle methods that are not transport constrained
435
methods = m.getTransportConstrainedMethods();
436         if (!methods.get(MethodValue.AllMethodsIdx)) {
437             String JavaDoc actions;
438             if (methods.isEmpty()) {
439             actions = null;
440             } else {
441             actions = "!" + MapValue.getActions(methods);
442             }
443             if(logger.isLoggable(Level.FINE)){
444             logger.log(Level.FINE,"JACC: constraint capture: adding methods that accept unprotected connections: "+ actions);
445             }
446             unchecked.add(new WebUserDataPermission JavaDoc(name,actions));
447         }
448         }
449     }
450
451     if(logger.isLoggable(Level.FINE)){
452         logger.log(Level.FINE,"JACC: constraint capture: end processing qualified url patterns");
453
454         Enumeration e = excluded.elements();
455         while (e.hasMoreElements()) {
456         Permission JavaDoc p = (Permission JavaDoc) e.nextElement();
457         String JavaDoc ptype = (p instanceof WebResourcePermission JavaDoc) ? "WRP " : "WUDP ";
458         logger.log(Level.FINE,"JACC: permission(excluded) type: "+ ptype + " name: "+ p.getName() + " actions: "+ p.getActions());
459         }
460
461         e = unchecked.elements();
462         while (e.hasMoreElements()) {
463         Permission JavaDoc p = (Permission JavaDoc) e.nextElement();
464         String JavaDoc ptype = (p instanceof WebResourcePermission JavaDoc) ? "WRP " : "WUDP ";
465         logger.log(Level.FINE,"JACC: permission(unchecked) type: "+ ptype + " name: "+ p.getName() + " actions: "+ p.getActions());
466         }
467     }
468     
469     pc.addToExcludedPolicy(excluded);
470
471     pc.addToUncheckedPolicy(unchecked);
472
473     it = roleMap.keySet().iterator();
474     while (it.hasNext()) {
475         String JavaDoc role = (String JavaDoc) it.next();
476         Permissions JavaDoc pCollection = (Permissions JavaDoc) roleMap.get(role);
477         pc.addToRole(role,pCollection);
478
479         if(logger.isLoggable(Level.FINE)){
480         Enumeration e = pCollection.elements();
481         while (e.hasMoreElements()) {
482             Permission JavaDoc p = (Permission JavaDoc) e.nextElement();
483             String JavaDoc ptype = (p instanceof WebResourcePermission JavaDoc) ? "WRP " : "WUDP ";
484             logger.log(Level.FINE,"JACC: permission("+ role + ") type: "+ ptype + " name: "+ p.getName() + " actions: "+ p.getActions());
485         }
486
487         }
488     }
489
490     if(logger.isLoggable(Level.FINE)){
491         logger.exiting("WebPermissionUtil", "processConstraints");
492     }
493
494     }
495       
496     public static void createWebRoleRefPermission(WebBundleDescriptor wbd,
497                           PolicyConfiguration JavaDoc pc)
498     throws javax.security.jacc.PolicyContextException JavaDoc
499     {
500     if(logger.isLoggable(Level.FINE)){
501         logger.entering("WebPermissionUtil", "createWebRoleRefPermission");
502         logger.log(Level.FINE,"JACC: role-reference translation: Processing WebRoleRefPermission : CODEBASE = "+ pc.getContextID());
503     }
504     List role = new ArrayList();
505     Set roleset = wbd.getRoles();
506     for(Enumeration e = wbd.getWebComponentDescriptors(); e.hasMoreElements();){
507         WebComponentDescriptor comp = (WebComponentDescriptor) e.nextElement();
508
509         String JavaDoc name = comp.getCanonicalName();
510         Enumeration esrr = comp.getSecurityRoleReferences();
511
512         for (; esrr.hasMoreElements();){
513         SecurityRoleReference srr = (SecurityRoleReference)esrr.nextElement();
514         if(srr != null){
515             String JavaDoc action = srr.getRolename();
516             WebRoleRefPermission JavaDoc wrrp = new WebRoleRefPermission JavaDoc(name, action);
517             role.add(new Role(action));
518             pc.addToRole(srr.getSecurityRoleLink().getName(),wrrp);
519             if(logger.isLoggable(Level.FINE)){
520             logger.log(Level.FINE,"JACC: role-reference translation: RoleRefPermission created with name(servlet-name) = "+ name +
521                    " and action(Role-name tag) = " + action + " added to role(role-link tag) = "+ srr.getSecurityRoleLink().getName());
522             }
523
524         }
525         }
526         if(logger.isLoggable(Level.FINE)){
527         logger.log(Level.FINE,"JACC: role-reference translation: Going through the list of roles not present in RoleRef elements and creating WebRoleRefPermissions ");
528         }
529         for(Iterator it = roleset.iterator(); it.hasNext();){
530         Role r = (Role)it.next();
531         if(logger.isLoggable(Level.FINE)){
532             logger.log(Level.FINE,"JACC: role-reference translation: Looking at Role = "+r.getName());
533         }
534         if(!role.contains(r)){
535             String JavaDoc action = r.getName();
536             WebRoleRefPermission JavaDoc wrrp = new WebRoleRefPermission JavaDoc(name, action);
537             pc.addToRole(action ,wrrp);
538             if(logger.isLoggable(Level.FINE)){
539             logger.log(Level.FINE,"JACC: role-reference translation: RoleRef = "+ action +
540                    " is added for servlet-resource = " + name);
541             logger.log(Level.FINE, "JACC: role-reference translation: Permission added for above role-ref ="
542                    + wrrp.getName() +" "+ wrrp.getActions());
543             }
544         }
545         }
546     }
547     if(logger.isLoggable(Level.FINE)){
548         logger.exiting("WebPermissionUtil", "createWebRoleRefPermission");
549     }
550         
551         // START S1AS8PE 4966609
552
/**
553          * For every security role in the web application add a
554          * WebRoleRefPermission to the corresponding role. The name of all such
555          * permissions shall be the empty string, and the actions of each
556          * permission shall be the corresponding role name. When checking a
557          * WebRoleRefPermission from a JSP not mapped to a servlet, use a
558          * permission with the empty string as its name
559          * and with the argument to isUserInRole as its actions
560          */

561         for(Iterator it = roleset.iterator(); it.hasNext();){
562             Role r = (Role)it.next();
563             if(logger.isLoggable(Level.FINE)){
564                 logger.log(Level.FINE,
565                     "JACC: role-reference translation: Looking at Role = "
566                         + r.getName());
567             }
568             String JavaDoc action = r.getName();
569             WebRoleRefPermission JavaDoc wrrp = new WebRoleRefPermission JavaDoc("", action);
570             pc.addToRole(action ,wrrp);
571             if(logger.isLoggable(Level.FINE)){
572                 logger.log(Level.FINE,
573                     "JACC: role-reference translation: RoleRef = "
574                     + action
575                     + " is added for jsp's that can't be mapped to servlets");
576                 logger.log(Level.FINE,
577                     "JACC: role-reference translation: Permission added for above role-ref ="
578                      + wrrp.getName() +" "+ wrrp.getActions());
579             }
580         }
581         // END S1AS8PE 4966609
582

583         
584     }
585     
586 }
587
588
589 class MethodValue {
590
591     int index;
592     boolean authConstrained;
593     boolean excluded;
594     List roleList;
595     int connectSet;
596
597     static final int AllMethodsIdx = 0;
598
599     private static ArrayList<String JavaDoc> methodNames = new ArrayList();
600     static {
601     methodNames.add(0,null);
602     methodNames.add("DELETE");
603     methodNames.add("GET");
604     methodNames.add("HEAD");
605     methodNames.add("OPTIONS");
606     methodNames.add("POST");
607     methodNames.add("PUT");
608     methodNames.add("TRACE");
609     };
610
611     static Object JavaDoc connectKeys[] =
612     { "NONE",
613       "INTEGRAL",
614       "CONFIDENTIAL"
615     };
616
617     static int connectTypeNone = 1;
618     static HashMap connectHash = new HashMap();
619     static
620     {
621     for (int i=0; i<connectKeys.length; i++)
622         connectHash.put(connectKeys[i], new Integer JavaDoc(1<<i));
623     };
624
625     MethodValue (String JavaDoc methodName)
626     {
627     index = getMethodIndex(methodName);
628     this.authConstrained = true;
629     this.excluded = false;
630     this.roleList = new ArrayList();
631     this.connectSet = 0;
632     }
633
634     static String JavaDoc getMethodName(int index)
635     {
636     synchronized(methodNames) {
637         return methodNames.get(index);
638     }
639     }
640
641     static int getMethodIndex(String JavaDoc name)
642     {
643     synchronized(methodNames) {
644         int index = methodNames.indexOf(name);
645         if (index < 0) {
646         index = methodNames.size();
647         methodNames.add(index,name);
648         }
649         return index;
650     }
651     }
652 }
653
654 class MapValue {
655
656     int patternType;
657
658     int patternLength;
659
660     boolean irrelevantByQualifier;
661
662     StringBuffer JavaDoc urlPatternSpec;
663
664     HashMap<String JavaDoc,MethodValue> methodValues =
665         new HashMap<String JavaDoc,MethodValue>();
666
667     static String JavaDoc getActions (BitSet methodSet)
668     {
669
670     // should never be null, and don't call this when no bits are set
671
if (methodSet == null || methodSet.isEmpty()) {
672         throw new IllegalArgumentException JavaDoc
673         ("internal constraint tranlation error - empty methodSet");
674     } else if (methodSet.get(MethodValue.AllMethodsIdx)) {
675         // return null if all methods bit is set
676
return null;
677     }
678         
679     StringBuffer JavaDoc actions = null;
680
681     for (int i=methodSet.nextSetBit(0); i>=0; i=methodSet.nextSetBit(i+1)){
682         if (actions == null) {
683         actions = new StringBuffer JavaDoc();
684         } else {
685         actions.append(",");
686         }
687         actions.append(MethodValue.getMethodName(i));
688     }
689
690     return (actions == null ? null : actions.toString());
691     }
692
693     static String JavaDoc[] getMethodArray (BitSet methodSet)
694     {
695     // should never be null, and don't call this when no bits are set
696
if (methodSet == null || methodSet.isEmpty()) {
697         throw new IllegalArgumentException JavaDoc
698         ("internal constraint tranlation error - empty methodSet");
699     } else if (methodSet.get(MethodValue.AllMethodsIdx)) {
700         // return null if all methods bit is set
701
return null;
702     }
703         
704     int size = 0;
705
706     ArrayList<String JavaDoc> methods = new ArrayList();
707
708     for (int i=methodSet.nextSetBit(0); i>=0; i=methodSet.nextSetBit(i+1)) {
709         methods.add(MethodValue.getMethodName(i));
710         size += 1;
711     }
712
713     return (String JavaDoc[]) methods.toArray(new String JavaDoc[size]);
714     }
715
716     static BitSet methodArrayToSet(String JavaDoc[] methods)
717     {
718     BitSet methodSet = new BitSet();
719
720     if (methods == null || methods.length == 0) {
721         methodSet.set(MethodValue.AllMethodsIdx);
722     } else for (int i=0; i<methods.length; i++) {
723         int bit = MethodValue.getMethodIndex(methods[i]);
724         methodSet.set(bit);
725     }
726
727     return methodSet;
728     };
729
730     MapValue (String JavaDoc urlPattern)
731     {
732     this.patternType = WebPermissionUtil.patternType(urlPattern);
733     this.patternLength = urlPattern.length();
734     this.irrelevantByQualifier = false;
735     this.urlPatternSpec = new StringBuffer JavaDoc(urlPattern);
736     this.methodValues = new HashMap();
737     }
738
739     void addQualifier(String JavaDoc urlPattern)
740     {
741     if (WebPermissionUtil.implies(urlPattern,
742             this.urlPatternSpec.substring(0,this.patternLength)))
743         this.irrelevantByQualifier = true;
744     this.urlPatternSpec.append(":" + urlPattern);
745     }
746
747     MethodValue getMethodValue(int methodIndex)
748     {
749     String JavaDoc methodName = MethodValue.getMethodName(methodIndex);
750
751     synchronized(methodValues) {
752         MethodValue methodValue = methodValues.get(methodName);
753         if (methodValue == null) {
754         methodValue = new MethodValue(methodName);
755         methodValues.put(methodName,methodValue);
756         }
757         return methodValue;
758     }
759     }
760
761     void setRoleOnMethods(String JavaDoc role,BitSet methodSet,WebBundleDescriptor wbd)
762     {
763     if (role.equals("*")) {
764
765         Iterator it = wbd.getRoles().iterator();
766         while(it.hasNext()) {
767         setRoleOnMethods(((Role)it.next()).getName(),methodSet,wbd);
768         }
769
770     } else for (int i = methodSet.nextSetBit(0); i >= 0;
771             i = methodSet.nextSetBit(i+1)) {
772
773         MethodValue methodValue = getMethodValue(i);
774         
775         if (methodValue.roleList.contains(role)) {
776         continue;
777         }
778         
779         methodValue.roleList.add(role);
780     }
781     }
782
783     void setPredefinedOutcomeOnMethods (BitSet methodSet, boolean outcome)
784     {
785     for (int i = methodSet.nextSetBit(0); i >= 0;
786          i = methodSet.nextSetBit(i+1)) {
787
788         MethodValue methodValue = getMethodValue(i);
789
790         if (!outcome) {
791         methodValue.excluded = true;
792         } else {
793         methodValue.authConstrained = false;
794         }
795     }
796     }
797
798     void setConnectOnMethods(String JavaDoc guarantee, BitSet methodSet)
799     {
800     int b = MethodValue.connectTypeNone;
801     if (guarantee != null) {
802         Integer JavaDoc bit = (Integer JavaDoc)
803         MethodValue.connectHash.get(guarantee);
804         if (bit == null)
805         throw new IllegalArgumentException JavaDoc
806             ("constraint translation error-illegal trx guarantee");
807         b = bit.intValue();
808     }
809
810     for (int i = methodSet.nextSetBit(0); i >= 0;
811          i = methodSet.nextSetBit(i+1)) {
812
813         MethodValue methodValue = getMethodValue(i);
814
815         methodValue.connectSet |= b;
816     }
817     }
818
819     BitSet getExcludedMethods()
820     {
821     BitSet methodSet = new BitSet();
822
823     synchronized(methodValues) {
824
825         Collection<MethodValue> values = methodValues.values();
826         Iterator it = values.iterator();
827
828         while (it.hasNext()) {
829         MethodValue v = (MethodValue) it.next();
830         if (v.excluded) {
831             methodSet.set(v.index);
832         }
833         }
834     }
835     return methodSet;
836     }
837
838     BitSet getAuthConstrainedMethods()
839     {
840     BitSet methodSet = new BitSet();
841
842     synchronized(methodValues) {
843
844         Collection<MethodValue> values = methodValues.values();
845         Iterator it = values.iterator();
846
847         while (it.hasNext()) {
848         MethodValue v = (MethodValue) it.next();
849         if (v.excluded || v.authConstrained || !v.roleList.isEmpty()) {
850             methodSet.set(v.index);
851         }
852         }
853     }
854     return methodSet;
855     }
856
857     static boolean bitIsSet(int map , int bit) {
858         return (map & bit) == bit ? true : false;
859     }
860
861     BitSet getTransportConstrainedMethods()
862     {
863     BitSet methodSet = new BitSet();
864
865     synchronized(methodValues) {
866
867         Collection<MethodValue> values = methodValues.values();
868         Iterator it = values.iterator();
869
870         while (it.hasNext()) {
871         MethodValue v = (MethodValue) it.next();
872         if (v.excluded ||
873             !bitIsSet(v.connectSet,MethodValue.connectTypeNone)) {
874             methodSet.set(v.index);
875         }
876         }
877     }
878     return methodSet;
879     }
880
881     HashMap getRoleMap()
882     {
883     HashMap roleMap = new HashMap();
884
885     synchronized(methodValues) {
886
887         Collection<MethodValue> values = methodValues.values();
888
889         Iterator it = values.iterator();
890         while (it.hasNext()) {
891
892         MethodValue v = (MethodValue) it.next();
893         
894         if (!v.excluded && v.authConstrained) {
895
896             Iterator rit = v.roleList.iterator();
897             while(rit.hasNext()) {
898
899             String JavaDoc role = (String JavaDoc) rit.next();
900             BitSet methodSet = (BitSet) roleMap.get(role);
901
902             if (methodSet == null) {
903                 methodSet = new BitSet();
904                 roleMap.put(role,methodSet);
905             }
906
907             methodSet.set(v.index);
908             }
909         }
910         }
911     }
912
913     return roleMap;
914     }
915
916     BitSet getConnectMap(int cType)
917     {
918     BitSet methodSet = new BitSet();
919
920     synchronized(methodValues) {
921
922         Collection<MethodValue> values = methodValues.values();
923         Iterator it = values.iterator();
924
925         while (it.hasNext()) {
926
927         MethodValue v = (MethodValue) it.next();
928
929         if (!v.excluded) {
930             if (v.connectSet == 0) {
931             v.connectSet = MethodValue.connectTypeNone;
932             }
933             if (bitIsSet(v.connectSet,cType)) {
934             methodSet.set(v.index);
935             }
936         }
937         }
938     }
939
940     return methodSet;
941     }
942
943 }
944
945
946
947
948
Popular Tags