KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > net > sf > jguard > core > authorization > policy > LocalAccessController


1 /*
2 jGuard is a security framework based on top of jaas (java authentication and authorization security).
3 it is written for web applications, to resolve simply, access control problems.
4 version $Name: $
5 http://sourceforge.net/projects/jguard/
6
7 Copyright (C) 2004 Charles GAY
8
9 This library is free software; you can redistribute it and/or
10 modify it under the terms of the GNU Lesser General Public
11 License as published by the Free Software Foundation; either
12 version 2.1 of the License, or (at your option) any later version.
13
14 This library is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 Lesser General Public License for more details.
18
19 You should have received a copy of the GNU Lesser General Public
20 License along with this library; if not, write to the Free Software
21 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22
23
24 jGuard project home page:
25 http://sourceforge.net/projects/jguard/
26
27 */
28 package net.sf.jguard.core.authorization.policy;
29
30 import java.security.AccessControlContext JavaDoc;
31 import java.security.AccessControlException JavaDoc;
32 import java.security.AccessController JavaDoc;
33 import java.security.Permission JavaDoc;
34 import java.security.PermissionCollection JavaDoc;
35 import java.security.Policy JavaDoc;
36 import java.security.ProtectionDomain JavaDoc;
37 import java.util.Set JavaDoc;
38
39 import javax.security.auth.Subject JavaDoc;
40
41
42 /**
43  * {@link AccessController} clone used to check permission against an isolated Policy
44  * not tight to the system Policy.
45  * @author <a HREF="mailto:diabolo512@users.sourceforge.net">Charles Gay</a>
46  * @see java.security.AccessController
47  * @since 1.0
48  */
49 public class LocalAccessController {
50     
51     private Policy JavaDoc policy;
52     
53     public LocalAccessController(Policy JavaDoc policy){
54         this.policy = policy;
55     }
56     
57     
58     /**
59      * controls that the provided Subject has got the permission requested
60      * against the Policy.
61      * @param subject
62      * @param permission
63      */
64     public void checkPermission(Permission JavaDoc permission){
65         AccessControlContext JavaDoc acc = (AccessControlContext JavaDoc)AccessController.getContext();
66         Subject JavaDoc subject = Subject.getSubject(acc);
67         if(acc==null){
68             //system code is always allowed
69 return;
70         }
71         if(subject==null){
72             //like this class is used in 'local' mode,
73 //the security is not tight with the jvm security
74 //we don't make restrictions when this code can be
75 //avoided easily
76 // to have a more depp security, use the 'jvm' mode
77 return;
78         }
79         if(permission == null){
80             throw new NullPointerException JavaDoc(" permission provided is null ");
81         }
82         
83         Set JavaDoc principals = subject.getPrincipals();
84         ProtectionDomain JavaDoc domain = ProtectionDomainUtils.getEmptyProtectionDomain(principals);
85         PermissionCollection JavaDoc permColl = policy.getPermissions(domain);
86         if (!permColl.implies(permission)) {
87             StringBuffer JavaDoc sb = new StringBuffer JavaDoc(" permission ");
88             throw new AccessControlException JavaDoc(sb.append(permission.toString()).append(" is not granted ").toString(),permission);
89         }
90     }
91     
92 }
93
Popular Tags