KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > net > sf > jguard > ext > util > SubjectUtils


1 /*
2 jGuard is a security framework based on top of jaas (java authentication and authorization security).
3 it is written for web applications, to resolve simply, access control problems.
4 version $Name$
5 http://sourceforge.net/projects/jguard/
6
7 Copyright (C) 2004 Charles GAY
8
9 This library is free software; you can redistribute it and/or
10 modify it under the terms of the GNU Lesser General Public
11 License as published by the Free Software Foundation; either
12 version 2.1 of the License, or (at your option) any later version.
13
14 This library is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 Lesser General Public License for more details.
18
19 You should have received a copy of the GNU Lesser General Public
20 License along with this library; if not, write to the Free Software
21 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22
23
24 jGuard project home page:
25 http://sourceforge.net/projects/jguard/
26
27 */
28 package net.sf.jguard.ext.util;
29
30 import java.security.Principal JavaDoc;
31 import java.util.Collection JavaDoc;
32 import java.util.HashSet JavaDoc;
33 import java.util.Iterator JavaDoc;
34 import java.util.Set JavaDoc;
35 import java.util.logging.Logger JavaDoc;
36
37 import javax.security.auth.Subject JavaDoc;
38
39 import net.sf.jguard.core.authentication.credentials.JGuardCredential;
40 import net.sf.jguard.core.authorization.permissions.PermissionUtils;
41 import net.sf.jguard.core.principals.RolePrincipal;
42 import net.sf.jguard.core.principals.UserPrincipal;
43 import net.sf.jguard.ext.authentication.AuthenticationException;
44 import net.sf.jguard.ext.registration.SubjectTemplate;
45
46 /**
47  * utility class to query against subject credentials.
48  * @author <a HREF="mailto:diabolo512@users.sourceforge.net">Charles Gay</a>
49  * @author <a HREF="mailto:tandilero@users.sourceforge.net">Maximiliano Batelli</a>
50  */
51 public class SubjectUtils {
52
53     private static final Logger JavaDoc logger = Logger.getLogger(SubjectUtils.class.getName());
54
55     /**
56      * return credential values from private and public credential set
57      * which are mapped to the specified credentialId.
58      * @param subject
59      * @param credentialId
60      * @return Collection of Object credential values
61      */
62     public static Collection JavaDoc getCredentialValues(Subject JavaDoc subject,String JavaDoc credentialId){
63         Collection JavaDoc valuesFound = new HashSet JavaDoc();
64         valuesFound.addAll(getCredentialValues(subject,true,credentialId));
65         valuesFound.addAll(getCredentialValues(subject,false,credentialId));
66         return valuesFound;
67     }
68
69     /**
70      * return credential values from the specified credential set
71      * which are mapped to the specified credentialId.
72      * @param subject
73      * @param publicVisibility <i>true</i> for publicCredentials, <i>false</i> for
74      * private credentials.
75      * @param credentialId
76      * @return Collection of Object credential values
77      */
78     public static Collection JavaDoc getCredentialValues(Subject JavaDoc subject,boolean publicVisibility ,String JavaDoc credentialId){
79         Collection JavaDoc valuesFound = new HashSet JavaDoc();
80         Collection JavaDoc credentials = null;
81         if(publicVisibility==true){
82             credentials = subject.getPublicCredentials(JGuardCredential.class);
83         }else{
84             try{
85             credentials = subject.getPrivateCredentials(JGuardCredential.class);
86             }catch(SecurityException JavaDoc sex){
87                 logger.finest(" you don't have the permission to grab private credentials ");
88                 return valuesFound;
89             }
90         }
91         Iterator JavaDoc it = credentials.iterator();
92         while(it.hasNext()){
93             Object JavaDoc credential = (JGuardCredential)it.next();
94             //we skip non JGuardCredentials
95 if(credential instanceof JGuardCredential == false){
96                 continue;
97             }
98             JGuardCredential cred = (JGuardCredential)credential;
99             if(cred.getId().equals(credentialId)){
100                 valuesFound.add(cred.getValue());
101             }
102         }
103
104         return valuesFound;
105     }
106
107     /**
108      * return credential value from the specified credential set
109      * This function assume that credential have only one value
110      * return empty string if it is not found
111      * @param subject
112      * @param publicVisibility <i>true</i> for publicCredentials, <i>false</i> for
113      * private credentials.
114      * @param credentialId
115      * @return credential value as string
116      */
117     public static String JavaDoc getCredentialValueAsString(Subject JavaDoc subject, boolean publicVisibility, String JavaDoc credentialId){
118         String JavaDoc valueFound = "";
119         Collection JavaDoc credentials = null;
120         if(publicVisibility==true){
121             credentials = subject.getPublicCredentials(JGuardCredential.class);
122         }else{
123             try{
124                 credentials = subject.getPrivateCredentials(JGuardCredential.class);
125             }catch(SecurityException JavaDoc sex){
126                 logger.finest(" you don't have the permission to grab private credentials ");
127                 return valueFound;
128             }
129         }
130         Iterator JavaDoc it = credentials.iterator();
131         while(it.hasNext()){
132             JGuardCredential cred = (JGuardCredential)it.next();
133             if(cred.getId().equals(credentialId)){
134                 valueFound = (String JavaDoc)cred.getValue();
135             }
136         }
137
138         return valueFound;
139     }
140
141     /**
142      * Set credential's value, this method assume that credential have only one value
143      * If credentialId exists then the value is replaced, else the credential is created
144      * @param subject
145      * @param publicVisibility <i>true</i> for publicCredentials, <i>false</i> for
146      * private credentials.
147      * @param credentialId
148      * @param credentialValue
149      * @param isIdentity <i>true</i> for identity credential, <i>false</i> otherwise
150      */
151     public static void setCredentialValue(Subject JavaDoc subject, boolean publicVisibility, String JavaDoc credentialId, Object JavaDoc credentialValue, boolean isIdentity) {
152         Set JavaDoc credentials = null;
153         boolean credFound = false;
154         if(publicVisibility){
155             credentials = subject.getPublicCredentials();
156         }else{
157             try{
158                 credentials = subject.getPrivateCredentials();
159             }catch(SecurityException JavaDoc sex){
160                 logger.finest(" you don't have the permission to grab private credentials ");
161                 return;
162             }
163         }
164         Iterator JavaDoc it = credentials.iterator();
165         JGuardCredential jCred = null;
166         while(it.hasNext()){
167             Object JavaDoc credential = it.next();
168             if(!(credential instanceof JGuardCredential)){
169                 continue;
170             }else{
171                 jCred = (JGuardCredential)credential;
172             }
173
174             if(jCred.getId().equals(credentialId)){
175                 jCred.setValue(credentialValue);
176                 credFound = true;
177                 break;
178             }
179         }
180         if(!credFound) {
181             jCred = new JGuardCredential();
182             jCred.setId(credentialId);
183             jCred.setValue(credentialValue);
184             jCred.setIdentity(isIdentity);
185             credentials.add(jCred);
186         }
187     }
188
189     /**
190      * adds new credential value if it does not already exist. Added credential can not be an identity credential.
191      * @param subject
192      * @param publicVisibility
193      * @param credentialId
194      * @param credentialValue
195      */
196     public static void addCredentialValue(Subject JavaDoc subject, boolean publicVisibility, String JavaDoc credentialId, Object JavaDoc credentialValue) {
197         Set JavaDoc credentials = null;
198         boolean credAlreadyExists = false;
199         if(publicVisibility){
200             credentials = subject.getPublicCredentials();
201         }else{
202             try{
203                 credentials = subject.getPrivateCredentials();
204             }catch(SecurityException JavaDoc sex){
205                 logger.finest(" you don't have the permission to grab private credentials ");
206                 return;
207             }
208         }
209         Iterator JavaDoc it = credentials.iterator();
210         JGuardCredential jCred = null;
211         while(it.hasNext()){
212             Object JavaDoc credential = it.next();
213             if(!(credential instanceof JGuardCredential)){
214                 continue;
215             }else{
216                 jCred = (JGuardCredential)credential;
217             }
218
219             if(jCred.getId().equals(credentialId) && jCred.getValue().equals(credentialValue)){
220                 credAlreadyExists = true;
221                 break;
222             }
223         }
224         if(!credAlreadyExists) {
225             jCred = new JGuardCredential();
226             jCred.setId(credentialId);
227             jCred.setValue(credentialValue);
228             credentials.add(jCred);
229         }
230     }
231
232     /**
233      * return the {link {@link JGuardCredential} identifying uniquely the user.
234      * @param subject
235      * @param template
236      * @return
237      * @throws AuthenticationException
238      */
239     public static JGuardCredential getIdentityCredential(Subject JavaDoc subject ,SubjectTemplate template) throws AuthenticationException{
240         
241         if(subject == null){
242             throw new IllegalArgumentException JavaDoc("'subject' parameter is null");
243         }
244         
245         JGuardCredential idCredential = new JGuardCredential();
246         idCredential.setId(template.getIdentityCredential().getId());
247         idCredential.setIdentity(true);
248         Collection JavaDoc values = getCredentialValues(subject,idCredential.getId());
249         Iterator JavaDoc it = values.iterator();
250         if(it.hasNext()){
251             idCredential.setValue(it.next());
252         }
253         return idCredential;
254     }
255
256     /**
257      * remove credential value if it already exists. Removed credential can not be an identity credential.
258      * @param subject
259      * @param publicVisibility
260      * @param credentialId
261      * @param credentialValue
262      */
263     public static void removeCredentialValue(Subject JavaDoc subject, boolean publicVisibility, String JavaDoc credentialId, Object JavaDoc credentialValue) {
264         Set JavaDoc credentials = null;
265         boolean credentialExists = false;
266         if(publicVisibility){
267             credentials = subject.getPublicCredentials();
268         }else{
269             try{
270                 credentials = subject.getPrivateCredentials();
271             }catch(SecurityException JavaDoc sex){
272                 logger.finest(" you don't have the permission to grab private credentials ");
273                 return;
274             }
275         }
276         Iterator JavaDoc it = credentials.iterator();
277         JGuardCredential jCred = null;
278         while(it.hasNext()){
279             Object JavaDoc credential = it.next();
280             if(!(credential instanceof JGuardCredential)){
281                 continue;
282             }else{
283                 jCred = (JGuardCredential)credential;
284             }
285
286             if(jCred.getId().equals(credentialId) && jCred.getValue().equals(credentialValue)){
287                 credentialExists = true;
288                 break;
289             }
290         }
291         if(credentialExists) {
292             credentials.remove(jCred);
293         }
294     }
295     
296     public static Set JavaDoc getEnabledPrincipals(Set JavaDoc userPrincipals) {
297         Set JavaDoc enabledPrincipals = new HashSet JavaDoc();
298         // Find the UserPrincipal to evaluate principal definition
299 UserPrincipal userPrincipal = null;
300         Iterator JavaDoc userPrincipalsIt = userPrincipals.iterator();
301         while(userPrincipalsIt.hasNext()){
302             Principal JavaDoc ppal = (Principal JavaDoc)userPrincipalsIt.next();
303             if(ppal instanceof UserPrincipal) {
304                 userPrincipal = (UserPrincipal)ppal;
305                 break;
306             }
307         }
308         userPrincipalsIt = userPrincipals.iterator();
309         //add all enabled Principals to set
310 while(userPrincipalsIt.hasNext()) {
311             Principal JavaDoc ppal = (Principal JavaDoc)userPrincipalsIt.next();
312             if(ppal instanceof RolePrincipal) {
313                 RolePrincipal tempUserPrincipal = (RolePrincipal) ppal;
314                 if(!"userPrincipal".equals(tempUserPrincipal.getLocalName())) {
315                     if(PermissionUtils.evaluatePrincipal(tempUserPrincipal, userPrincipal)) {
316                         enabledPrincipals.add(tempUserPrincipal);
317                     }
318                 }
319             }
320         }
321         
322         return enabledPrincipals;
323     }
324
325 }
326
Popular Tags