1 28 package net.sf.jguard.core.authorization.permissions; 29 30 import java.io.Serializable ; 31 import java.net.URI ; 32 import java.net.URISyntaxException ; 33 import java.security.AccessController ; 34 import java.security.Guard ; 35 import java.security.Permission ; 36 import java.util.ArrayList ; 37 import java.util.Collection ; 38 import java.util.logging.Level ; 39 import java.util.logging.Logger ; 40 import java.util.regex.Matcher ; 41 import java.util.regex.Pattern ; 42 43 51 public final class URLPermission extends java.security.BasicPermission implements Serializable , Cloneable , Comparable { 52 53 54 private static final Logger logger = Logger.getLogger(URLPermission.class.getName()); 55 56 public static final String DELETE ="DELETE"; 58 public static final String GET ="GET"; 59 public static final String HEAD ="HEAD"; 60 public static final String OPTIONS ="OPTIONS"; 61 public static final String POST ="POST"; 62 public static final String PUT ="PUT"; 63 public static final String TRACE ="TRACE"; 64 public static final String ANY ="ANY"; 65 66 public static final String HTTP="http"; 68 public static final String HTTPS="https"; 69 70 71 72 75 private static final long serialVersionUID = 3257283643243574067L; 76 77 private Pattern pattern; 78 79 82 private String prettyPattern; 83 84 private URI uri; 85 86 89 private String name; 90 91 94 private String description = ""; 95 96 private URLParameterCollection parameters; 97 98 private Collection methods = new ArrayList (); 99 100 103 private String scheme= URLPermission.ANY; 104 105 108 private StringBuffer actions = new StringBuffer (); 109 110 116 public URLPermission(String n) { 117 super(n); 118 this.name = n; 119 try { 120 uri = new URI (""); 121 } catch (URISyntaxException e) { 122 throw new IllegalArgumentException (e.getMessage()); 123 } 124 parameters = new URLParameterCollection(); 125 } 126 127 139 public URLPermission(String name, String actions) { 140 super(name); 141 this.name = name; 142 String [] actionsArray = actions.split(","); 143 144 if (actionsArray.length > 4) 145 throw new IllegalArgumentException (" 'actions' argument can contain a maximum of three elements separated by ',' "); 146 147 try { 148 setURI(actionsArray[0]); 149 } catch (URISyntaxException e) { 150 throw new IllegalArgumentException (e.getMessage()); 151 } 152 153 154 for(int i =1;i<actionsArray.length;i++){ 155 156 if(URLPermission.HTTPS.equalsIgnoreCase(actionsArray[i])|| 157 URLPermission.HTTP.equalsIgnoreCase(actionsArray[i])){ 158 this.scheme = actionsArray[i]; 159 continue; 160 }else if(URLPermission.DELETE.equalsIgnoreCase(actionsArray[i]) 161 ||URLPermission.GET.equalsIgnoreCase(actionsArray[i]) 162 ||URLPermission.HEAD.equalsIgnoreCase(actionsArray[i]) 163 ||URLPermission.OPTIONS.equalsIgnoreCase(actionsArray[i]) 164 ||URLPermission.POST.equalsIgnoreCase(actionsArray[i]) 165 ||URLPermission.PUT.equalsIgnoreCase(actionsArray[i]) 166 ||URLPermission.TRACE.equalsIgnoreCase(actionsArray[i])){ 167 methods.add(actionsArray[i]); 168 continue; 169 170 }else{ 171 this.description = actionsArray[i]; 172 continue; 173 } 174 175 } 176 177 if(scheme==null){ 179 scheme = URLPermission.ANY; 180 } 181 182 if(methods.size()==0){ 184 methods.add(URLPermission.ANY); 185 } 186 187 189 this.actions.append(this.prettyPattern); 191 192 this.actions.append(','); 194 this.actions.append(this.scheme); 195 196 if (this.description.length() > 0) { 198 this.actions.append(','); 199 this.actions.append(this.description); 200 } 201 202 } 203 204 210 private void setURI(String pPattern) throws URISyntaxException { 211 212 String regexp = pPattern; 214 regexp = buildRegexpFromString(getPathFromURIString(regexp)); 215 216 pattern = Pattern.compile(regexp); 217 if (logger.isLoggable(Level.FINEST)) { 218 logger.log(Level.FINEST, "regexp=" + regexp); 219 } 220 String uriWithoutRegexp = removeRegexpFromURI(pPattern); 221 this.uri = new URI (uriWithoutRegexp); 222 223 if (logger.isLoggable(Level.FINEST)) { 224 logger.finest("uri=" + uri); 225 } 226 227 prettyPattern = pPattern; 228 229 parameters = URLParameterCollection.getURLParameters(getQueryFromURIString(pPattern)); 230 } 231 232 238 static public String removeRegexpFromURI(String uriPath) { 239 uriPath = uriPath.replaceAll("\\*(?!\\*)", ""); 243 if (logger.isLoggable(Level.FINEST)) { 244 } 246 uriPath = uriPath.replaceAll("\\*{2}", "\\*"); 249 250 uriPath = uriPath.replaceAll("\\$\\{", "%24%7B"); 253 uriPath = uriPath.replaceAll("\\}", "%7D"); 255 257 return uriPath; 258 } 259 260 public static String getPathFromURIString(String uriString) { 261 String uriPath = uriString; 262 int position = uriString.indexOf("?"); 263 if (position != -1) { 264 uriPath = uriString.substring(0, position); 265 } 266 return uriPath; 267 } 268 269 public static String getQueryFromURIString(String uriString) { 270 String uriQuery = ""; 271 int position = uriString.indexOf("?"); 272 if (position != -1) { 273 uriQuery = uriString.substring(position + 1, uriString.length()); 274 } 275 return uriQuery; 276 } 277 278 284 public static String buildRegexpFromString(String regexp) { 285 286 regexp = regexp.replaceAll("\\\\", "\\\\\\\\"); 288 regexp = regexp.replaceAll("\\*\\*", "\\\\*\\\\*"); 290 regexp = regexp.replaceAll("\\?", "\\\\\\\\?"); 292 regexp = regexp.replaceAll("\\+", "\\\\\\\\+"); 294 regexp = regexp.replaceAll("\\[", "\\\\\\\\["); 300 regexp = regexp.replaceAll("\\[", "\\\\\\\\]"); 302 regexp = regexp.replaceAll("\\^", "\\\\\\\\^"); 304 307 regexp = regexp.replaceAll("\\&", "\\\\\\\\&"); 309 310 regexp = regexp.replaceAll("\\*", "\\.\\*"); 312 return regexp; 313 } 314 315 321 public void checkGuard(Object perm) { 322 Permission p = (Permission ) perm; 323 AccessController.checkPermission(p); 324 } 325 326 331 public Object clone() throws CloneNotSupportedException { 332 333 URLPermission permission = null; 334 permission = new URLPermission(this.name, this.getActions()); 335 return permission; 336 337 } 338 339 344 public boolean equals(Object obj) { 345 if ((obj instanceof URLPermission) && ((URLPermission) obj).getName().equals(this.getName())) { 346 URLPermission tempPerm = (URLPermission) obj; 348 349 String [] tempActions = tempPerm.getActions().split(","); 350 URI tempUri = null; 351 try { 352 tempUri = new URI (removeRegexpFromURI(tempActions[0])); 353 } catch (URISyntaxException e) { 354 logger.log(Level.SEVERE, " URI syntax error: " + removeRegexpFromURI(tempActions[0])); 355 } 356 357 if(!tempPerm.getScheme().equals(this.scheme)){ 358 return false; 359 } 360 361 if(!tempPerm.getMethods().equals(this.methods)){ 362 return false; 363 } 364 365 if (uri.getPath().equals(tempUri.getPath())){ 369 if(uri.getQuery() == null && tempUri.getQuery() == null){ 370 return true; 371 }else if(uri.getQuery() == null || tempUri.getQuery() == null){ 372 return false; 373 }else if(uri.getQuery().equals(tempUri.getQuery())) { 374 return true; 375 } 376 } 377 return false; 378 } 379 return false; 380 } 381 382 387 public String getActions() { 388 return actions.toString(); 389 } 390 391 396 public int hashCode() { 397 return name.hashCode(); 398 } 399 400 406 public boolean implies(java.security.Permission permission) { 407 URLPermission urlpTemp = null; 408 if (!(permission instanceof URLPermission)) { 409 if (logger.isLoggable(Level.FINEST)) { 410 logger.log(Level.FINEST, " permission is not an URLPermission. type = " + permission.getClass().getName()); 411 } 412 return false; 413 414 } 415 416 417 urlpTemp = (URLPermission) permission; 418 419 if(this.equals(permission)){ 420 return true; 421 } 422 423 String urlpTempActions = urlpTemp.getActions(); 425 if( urlpTempActions == null ||"".equals(urlpTempActions)){ 426 if( actions == null ||"".equals(actions.toString())){ 427 return true; 428 } 429 return false; 430 } 431 432 if(!this.scheme.equals(URLPermission.ANY)&& !this.scheme.equals(urlpTemp.getScheme())){ 434 return false; 435 } 436 437 if(!this.methods.contains(URLPermission.ANY)){ 439 Collection httpMethods = new ArrayList (urlpTemp.getMethods()); 440 httpMethods.retainAll(this.methods); 441 if(httpMethods.size()==0){ 442 return false; 443 } 444 } 445 446 boolean b = impliesURI(urlpTemp.getURI()); 447 448 if (!b) { 451 return false; 452 } 453 454 b = impliesParameters(getQueryFromURIString(urlpTemp.getURI())); 455 456 if (logger.isLoggable(Level.FINEST)) { 457 logger.finest("access decision =" + b); 458 } 459 return b; 460 461 } 462 463 private boolean impliesURI(String uri) { 464 String regexp = getPathFromURIString(uri); 465 Matcher m = pattern.matcher(regexp); 466 if (logger.isLoggable(Level.FINEST)) { 467 logger.log(Level.FINEST, "pattern used to check access =" + pattern.pattern()); 468 logger.log(Level.FINEST, " path to be checked =" + regexp); 469 } 470 boolean b = m.matches(); 471 if (logger.isLoggable(Level.FINEST)) { 472 logger.log(Level.FINEST, "access decision =" + b); 473 } 474 m.reset(); 475 return b; 476 } 477 478 484 private boolean impliesParameters(String queryFromUserPermission) { 485 486 if("".equals(queryFromUserPermission)){ 487 queryFromUserPermission = null; 488 } 489 490 if (queryFromUserPermission != null && !parameters.isEmpty()) { 493 String [] params = queryFromUserPermission.split("&"); 494 495 for (int a = 0; a < params.length; a++) { 497 String [] keyAndValue = params[a].split("="); 498 URLParameter urlparam = new URLParameter(); 499 urlparam.setKey(keyAndValue[0]); 500 String [] values = new String [1]; 501 if (keyAndValue.length != 1){ 502 values[0] = keyAndValue[1]; 503 }else{ 504 values[0] = ""; 505 } 506 urlparam.setValue(values); 507 if (!parameters.implies(urlparam)) { 510 return false; 511 } 512 513 } 514 } else if (parameters.isEmpty() && queryFromUserPermission != null) { 515 return true; 516 } else if (parameters.isEmpty() && queryFromUserPermission == null) { 517 return true; 518 } else if (!parameters.isEmpty() && queryFromUserPermission == null) { 519 return false; 520 } 521 522 return true; 525 } 526 527 532 public java.security.PermissionCollection newPermissionCollection() { 533 return new JGPositivePermissionCollection(); 534 } 535 536 541 public String toString() { 542 543 StringBuffer sb = new StringBuffer (); 544 sb.append(" name: " + this.name); 545 sb.append("\n scheme: " + this.scheme); 546 sb.append("\n parameters: " + this.parameters.toString()); 547 sb.append("\n pattern: " + this.pattern); 548 sb.append("\n uri: " + this.uri); 549 sb.append("\n description: " + this.description); 550 sb.append("\n"); 551 552 return sb.toString(); 553 } 554 555 565 public int compareTo(Object o) { 566 567 URLPermission perm = (URLPermission) o; 568 if (this.equals(perm)) { 569 return 0; 570 } 571 return this.name.compareTo(perm.getName()); 572 } 573 574 public final String getURI() { 575 return prettyPattern; 576 } 577 578 public Collection getMethods() { 579 return methods; 580 } 581 582 public String getScheme() { 583 return scheme; 584 } 585 586 } | Popular Tags |