KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > catalina > deploy > SecurityConstraint


1 /*
2  * Licensed to the Apache Software Foundation (ASF) under one or more
3  * contributor license agreements. See the NOTICE file distributed with
4  * this work for additional information regarding copyright ownership.
5  * The ASF licenses this file to You under the Apache License, Version 2.0
6  * (the "License"); you may not use this file except in compliance with
7  * the License. You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  */
17
18
19 package org.apache.catalina.deploy;
20
21 import java.io.Serializable JavaDoc;
22
23
24 /**
25  * Representation of a security constraint element for a web application,
26  * as represented in a <code>&lt;security-constraint&gt;</code> element in the
27  * deployment descriptor.
28  * <p>
29  * <b>WARNING</b>: It is assumed that instances of this class will be created
30  * and modified only within the context of a single thread, before the instance
31  * is made visible to the remainder of the application. After that, only read
32  * access is expected. Therefore, none of the read and write access within
33  * this class is synchronized.
34  *
35  * @author Craig R. McClanahan
36  * @version $Revision: 467222 $ $Date: 2006-10-24 05:17:11 +0200 (mar., 24 oct. 2006) $
37  */
38
39 public class SecurityConstraint implements Serializable JavaDoc {
40
41
42     // ----------------------------------------------------------- Constructors
43
44
45     /**
46      * Construct a new security constraint instance with default values.
47      */
48     public SecurityConstraint() {
49
50         super();
51
52     }
53
54
55     // ----------------------------------------------------- Instance Variables
56
57
58     /**
59      * Was the "all roles" wildcard included in the authorization constraints
60      * for this security constraint?
61      */
62     private boolean allRoles = false;
63
64
65     /**
66      * Was an authorization constraint included in this security constraint?
67      * This is necessary to distinguish the case where an auth-constraint with
68      * no roles (signifying no direct access at all) was requested, versus
69      * a lack of auth-constraint which implies no access control checking.
70      */
71     private boolean authConstraint = false;
72
73
74     /**
75      * The set of roles permitted to access resources protected by this
76      * security constraint.
77      */
78     private String JavaDoc authRoles[] = new String JavaDoc[0];
79
80
81     /**
82      * The set of web resource collections protected by this security
83      * constraint.
84      */
85     private SecurityCollection collections[] = new SecurityCollection[0];
86
87
88     /**
89      * The display name of this security constraint.
90      */
91     private String JavaDoc displayName = null;
92
93
94     /**
95      * The user data constraint for this security constraint. Must be NONE,
96      * INTEGRAL, or CONFIDENTIAL.
97      */
98     private String JavaDoc userConstraint = "NONE";
99
100
101     // ------------------------------------------------------------- Properties
102
103
104     /**
105      * Was the "all roles" wildcard included in this authentication
106      * constraint?
107      */
108     public boolean getAllRoles() {
109
110         return (this.allRoles);
111
112     }
113
114
115     /**
116      * Return the authorization constraint present flag for this security
117      * constraint.
118      */
119     public boolean getAuthConstraint() {
120
121         return (this.authConstraint);
122
123     }
124
125
126     /**
127      * Set the authorization constraint present flag for this security
128      * constraint.
129      */
130     public void setAuthConstraint(boolean authConstraint) {
131
132         this.authConstraint = authConstraint;
133
134     }
135
136
137     /**
138      * Return the display name of this security constraint.
139      */
140     public String JavaDoc getDisplayName() {
141
142         return (this.displayName);
143
144     }
145
146
147     /**
148      * Set the display name of this security constraint.
149      */
150     public void setDisplayName(String JavaDoc displayName) {
151
152         this.displayName = displayName;
153
154     }
155
156
157     /**
158      * Return the user data constraint for this security constraint.
159      */
160     public String JavaDoc getUserConstraint() {
161
162         return (userConstraint);
163
164     }
165
166
167     /**
168      * Set the user data constraint for this security constraint.
169      *
170      * @param userConstraint The new user data constraint
171      */
172     public void setUserConstraint(String JavaDoc userConstraint) {
173
174         if (userConstraint != null)
175             this.userConstraint = userConstraint;
176
177     }
178
179
180     // --------------------------------------------------------- Public Methods
181
182
183     /**
184      * Add an authorization role, which is a role name that will be
185      * permitted access to the resources protected by this security constraint.
186      *
187      * @param authRole Role name to be added
188      */
189     public void addAuthRole(String JavaDoc authRole) {
190
191         if (authRole == null)
192             return;
193         if ("*".equals(authRole)) {
194             allRoles = true;
195             return;
196         }
197         String JavaDoc results[] = new String JavaDoc[authRoles.length + 1];
198         for (int i = 0; i < authRoles.length; i++)
199             results[i] = authRoles[i];
200         results[authRoles.length] = authRole;
201         authRoles = results;
202         authConstraint = true;
203
204     }
205
206
207     /**
208      * Add a new web resource collection to those protected by this
209      * security constraint.
210      *
211      * @param collection The new web resource collection
212      */
213     public void addCollection(SecurityCollection collection) {
214
215         if (collection == null)
216             return;
217         SecurityCollection results[] =
218             new SecurityCollection[collections.length + 1];
219         for (int i = 0; i < collections.length; i++)
220             results[i] = collections[i];
221         results[collections.length] = collection;
222         collections = results;
223
224     }
225
226
227     /**
228      * Return <code>true</code> if the specified role is permitted access to
229      * the resources protected by this security constraint.
230      *
231      * @param role Role name to be checked
232      */
233     public boolean findAuthRole(String JavaDoc role) {
234
235         if (role == null)
236             return (false);
237         for (int i = 0; i < authRoles.length; i++) {
238             if (role.equals(authRoles[i]))
239                 return (true);
240         }
241         return (false);
242
243     }
244
245
246     /**
247      * Return the set of roles that are permitted access to the resources
248      * protected by this security constraint. If none have been defined,
249      * a zero-length array is returned (which implies that all authenticated
250      * users are permitted access).
251      */
252     public String JavaDoc[] findAuthRoles() {
253
254         return (authRoles);
255
256     }
257
258
259     /**
260      * Return the web resource collection for the specified name, if any;
261      * otherwise, return <code>null</code>.
262      *
263      * @param name Web resource collection name to return
264      */
265     public SecurityCollection findCollection(String JavaDoc name) {
266
267         if (name == null)
268             return (null);
269         for (int i = 0; i < collections.length; i++) {
270             if (name.equals(collections[i].getName()))
271                 return (collections[i]);
272         }
273         return (null);
274
275     }
276
277
278     /**
279      * Return all of the web resource collections protected by this
280      * security constraint. If there are none, a zero-length array is
281      * returned.
282      */
283     public SecurityCollection[] findCollections() {
284
285         return (collections);
286
287     }
288
289
290     /**
291      * Return <code>true</code> if the specified context-relative URI (and
292      * associated HTTP method) are protected by this security constraint.
293      *
294      * @param uri Context-relative URI to check
295      * @param method Request method being used
296      */
297     public boolean included(String JavaDoc uri, String JavaDoc method) {
298
299         // We cannot match without a valid request method
300 if (method == null)
301             return (false);
302
303         // Check all of the collections included in this constraint
304 for (int i = 0; i < collections.length; i++) {
305             if (!collections[i].findMethod(method))
306                 continue;
307             String JavaDoc patterns[] = collections[i].findPatterns();
308             for (int j = 0; j < patterns.length; j++) {
309                 if (matchPattern(uri, patterns[j]))
310                     return (true);
311             }
312         }
313
314         // No collection included in this constraint matches this request
315 return (false);
316
317     }
318
319
320     /**
321      * Remove the specified role from the set of roles permitted to access
322      * the resources protected by this security constraint.
323      *
324      * @param authRole Role name to be removed
325      */
326     public void removeAuthRole(String JavaDoc authRole) {
327
328         if (authRole == null)
329             return;
330         int n = -1;
331         for (int i = 0; i < authRoles.length; i++) {
332             if (authRoles[i].equals(authRole)) {
333                 n = i;
334                 break;
335             }
336         }
337         if (n >= 0) {
338             int j = 0;
339             String JavaDoc results[] = new String JavaDoc[authRoles.length - 1];
340             for (int i = 0; i < authRoles.length; i++) {
341                 if (i != n)
342                     results[j++] = authRoles[i];
343             }
344             authRoles = results;
345         }
346
347     }
348
349
350     /**
351      * Remove the specified web resource collection from those protected by
352      * this security constraint.
353      *
354      * @param collection Web resource collection to be removed
355      */
356     public void removeCollection(SecurityCollection collection) {
357
358         if (collection == null)
359             return;
360         int n = -1;
361         for (int i = 0; i < collections.length; i++) {
362             if (collections[i].equals(collection)) {
363                 n = i;
364                 break;
365             }
366         }
367         if (n >= 0) {
368             int j = 0;
369             SecurityCollection results[] =
370                 new SecurityCollection[collections.length - 1];
371             for (int i = 0; i < collections.length; i++) {
372                 if (i != n)
373                     results[j++] = collections[i];
374             }
375             collections = results;
376         }
377
378     }
379
380
381     /**
382      * Return a String representation of this security constraint.
383      */
384     public String JavaDoc toString() {
385
386         StringBuffer JavaDoc sb = new StringBuffer JavaDoc("SecurityConstraint[");
387         for (int i = 0; i < collections.length; i++) {
388             if (i > 0)
389                 sb.append(", ");
390             sb.append(collections[i].getName());
391         }
392         sb.append("]");
393         return (sb.toString());
394
395     }
396
397
398     // -------------------------------------------------------- Private Methods
399
400
401     /**
402      * Does the specified request path match the specified URL pattern?
403      * This method follows the same rules (in the same order) as those used
404      * for mapping requests to servlets.
405      *
406      * @param path Context-relative request path to be checked
407      * (must start with '/')
408      * @param pattern URL pattern to be compared against
409      */
410     private boolean matchPattern(String JavaDoc path, String JavaDoc pattern) {
411
412         // Normalize the argument strings
413 if ((path == null) || (path.length() == 0))
414             path = "/";
415         if ((pattern == null) || (pattern.length() == 0))
416             pattern = "/";
417
418         // Check for exact match
419 if (path.equals(pattern))
420             return (true);
421
422         // Check for path prefix matching
423 if (pattern.startsWith("/") && pattern.endsWith("/*")) {
424             pattern = pattern.substring(0, pattern.length() - 2);
425             if (pattern.length() == 0)
426                 return (true); // "/*" is the same as "/"
427 if (path.endsWith("/"))
428                 path = path.substring(0, path.length() - 1);
429             while (true) {
430                 if (pattern.equals(path))
431                     return (true);
432                 int slash = path.lastIndexOf('/');
433                 if (slash <= 0)
434                     break;
435                 path = path.substring(0, slash);
436             }
437             return (false);
438         }
439
440         // Check for suffix matching
441 if (pattern.startsWith("*.")) {
442             int slash = path.lastIndexOf('/');
443             int period = path.lastIndexOf('.');
444             if ((slash >= 0) && (period > slash) &&
445                 path.endsWith(pattern.substring(1))) {
446                 return (true);
447             }
448             return (false);
449         }
450
451         // Check for universal mapping
452 if (pattern.equals("/"))
453             return (true);
454
455         return (false);
456
457     }
458
459
460 }
461
Popular Tags