Java > Open Source Codes > org > jboss > security > jacc > ContextPolicy


1 /*
2 * JBoss, the OpenSource J2EE webOS
3 *
4 * Distributable under LGPL license.
5 * See terms of license at gnu.org.
6 */
7 package org.jboss.security.jacc;
8
9 import java.security.Permission ;
10 import java.security.PermissionCollection ;
11 import java.security.Permissions ;
12 import java.security.Principal ;
13 import java.security.ProtectionDomain ;
14 import java.security.acl.Group ;
15 import java.util.ArrayList ;
16 import java.util.Enumeration ;
17 import java.util.HashMap ;
18 import java.util.Iterator ;
19 import javax.security.jacc.PolicyContextException ;
20
21 import org.jboss.logging.Logger;
22
23 /** The permissions for a JACC context id. This implementation is based on
24  * the 3.2.x model of associating the declarative roles with the Subject of
25  * the authenticated caller. This allows the 3.2.x login modules to be used
26  * as the source of the authentication and authorization information.
27  *
28  * @author Scott.Stark@jboss.org
29  * @version $Revison:$
30  */
31 public class ContextPolicy
32 {
33    private static Logger log = Logger.getLogger(ContextPolicy.class);
34    private String contextID;
35    private Permissions excludedPermissions = new Permissions ();
36    private Permissions uncheckedPermissions = new Permissions ();
37    /** HashMap<String, Permissions> role name to permissions mapping */
38    private HashMap rolePermissions = new HashMap ();
39    /** Flag indicating if our category is at trace level for logging */
40    private boolean trace;
41
42    ContextPolicy(String contextID)
43    {
44       this.contextID = contextID;
45       this.trace = log.isTraceEnabled();
46    }
47
48    Permissions getPermissions()
49    {
50       Permissions perms = new Permissions ();
51       Enumeration eter = uncheckedPermissions.elements();
52       while( eter.hasMoreElements() )
53       {
54          Permission p = (Permission ) eter.nextElement();
55          perms.add(p);
56       }
57       Iterator iter = rolePermissions.values().iterator();
58       while( iter.hasNext() )
59       {
60          Permissions rp = (Permissions ) iter.next();
61          eter = rp.elements();
62          while( eter.hasMoreElements() )
63          {
64             Permission p = (Permission ) eter.nextElement();
65             perms.add(p);
66          }
67       }
68       return perms;
69    }
70
71    boolean implies(ProtectionDomain domain, Permission permission)
72    {
73       boolean implied = false;
74       // First check the excluded permissions
75 if( excludedPermissions.implies(permission) )
76       {
77          if( trace )
78             log.trace("Denied: Matched excluded set, permission="+permission);
79          return false;
80       }
81
82       // Next see if this matches an unchecked permission
83 if( uncheckedPermissions.implies(permission) )
84       {
85          if( trace )
86             log.trace("Allowed: Matched unchecked set, permission="+permission);
87          return true;
88       }
89
90       // Check principal to role permissions
91 Principal [] principals = domain.getPrincipals();
92       int length = principals != null ? principals.length : 0;
93       ArrayList princpalNames = new ArrayList ();
94       for(int n = 0; n < length; n ++)
95       {
96          Principal p = principals[n];
97          if( p instanceof Group )
98          {
99             Group g = (Group ) p;
100             Enumeration iter = g.members();
101             while( iter.hasMoreElements() )
102             {
103                p = (Principal ) iter.nextElement();
104                String name = p.getName();
105                princpalNames.add(name);
106             }
107          }
108          else
109          {
110             String name = p.getName();
111             princpalNames.add(name);
112          }
113       }
114       if( princpalNames.size() > 0 )
115       {
116          for(int n = 0; implied == false && n < princpalNames.size(); n ++)
117          {
118             String name = (String ) princpalNames.get(n);
119             Permissions perms = (Permissions ) rolePermissions.get(name);
120             if( trace )
121                log.trace("Checking role="+name+" perms="+perms);
122             if( perms == null )
123                continue;
124             implied = perms.implies(permission);
125             if( trace )
126                log.trace((implied ? "Allowed: " : "Denied: ")+" permission="+permission);
127          }
128       }
129       else
130       {
131          if( trace )
132             log.trace("No principals found in domain: "+domain);
133       }
134
135       return implied;
136    }
137
138    void clear()
139    {
140       excludedPermissions = new Permissions ();
141       uncheckedPermissions = new Permissions ();
142       rolePermissions.clear();
143    }
144
145    void addToExcludedPolicy(Permission permission)
146       throws PolicyContextException
147    {
148       excludedPermissions.add(permission);
149    }
150    
151    void addToExcludedPolicy(PermissionCollection permissions)
152       throws PolicyContextException
153    {
154       Enumeration iter = permissions.elements();
155       while( iter.hasMoreElements() )
156       {
157          Permission p = (Permission ) iter.nextElement();
158          excludedPermissions.add(p);
159       }
160    }
161
162    void addToRole(String roleName, Permission permission)
163       throws PolicyContextException
164    {
165       Permissions perms = (Permissions ) rolePermissions.get(roleName);
166       if( perms == null )
167       {
168          perms = new Permissions ();
169          rolePermissions.put(roleName, perms);
170       }
171       perms.add(permission);
172    }
173
174    void addToRole(String roleName, PermissionCollection permissions)
175       throws PolicyContextException
176    {
177       Permissions perms = (Permissions ) rolePermissions.get(roleName);
178       if( perms == null )
179       {
180          perms = new Permissions ();
181          rolePermissions.put(roleName, perms);
182       }
183       Enumeration iter = permissions.elements();
184       while( iter.hasMoreElements() )
185       {
186          Permission p = (Permission ) iter.nextElement();
187          perms.add(p);
188       }
189    }
190
191    void addToUncheckedPolicy(Permission permission)
192       throws PolicyContextException
193    {
194       uncheckedPermissions.add(permission);
195    }
196
197    void addToUncheckedPolicy(PermissionCollection permissions)
198       throws PolicyContextException
199    {
200       Enumeration iter = permissions.elements();
201       while( iter.hasMoreElements() )
202       {
203          Permission p = (Permission ) iter.nextElement();
204          uncheckedPermissions.add(p);
205       }
206    }
207
208    void commit()
209       throws PolicyContextException
210    {
211    }
212
213    void delete()
214       throws PolicyContextException
215    {
216       clear();
217    }
218
219    String getContextID()
220       throws PolicyContextException
221    {
222       return contextID;
223    }
224
225    void linkConfiguration(ContextPolicy link)
226       throws PolicyContextException
227    {
228    }
229
230    void removeExcludedPolicy()
231       throws PolicyContextException
232    {
233       excludedPermissions = new Permissions ();
234    }
235
236    void removeRole(String roleName)
237       throws PolicyContextException
238    {
239       rolePermissions.remove(roleName);
240    }
241
242    void removeUncheckedPolicy()
243       throws PolicyContextException
244    {
245       uncheckedPermissions = new Permissions ();
246    }
247
248    public String toString()
249    {
250       StringBuffer tmp = new StringBuffer ("<ContextPolicy contextID='");
251       tmp.append(contextID);
252       tmp.append("'>\n");
253       tmp.append("\t<ExcludedPermissions>\n");
254       Enumeration iter = excludedPermissions.elements();
255       while( iter.hasMoreElements() )
256       {
257          Permission p = (Permission ) iter.nextElement();
258          tmp.append("<Permission type='");
259          tmp.append(p.getClass());
260          tmp.append("' name='");
261          tmp.append(p.getName());
262          tmp.append("' actions='");
263          tmp.append(p.getActions());
264          tmp.append("' />\n");
265       }
266       tmp.append("\t</ExcludedPermissions>\n");
267
268       tmp.append("\t<UncheckedPermissions>\n");
269       iter = uncheckedPermissions.elements();
270       while( iter.hasMoreElements() )
271       {
272          Permission p = (Permission ) iter.nextElement();
273          tmp.append("<Permission type='");
274          tmp.append(p.getClass());
275          tmp.append(" name='");
276          tmp.append(p.getName());
277          tmp.append("' actions='");
278          tmp.append(p.getActions());
279          tmp.append("' />\n");
280       }
281       tmp.append("\t</UncheckedPermissions>\n");
282
283       tmp.append("\t<RolePermssions>\n");
284       Iterator roles = rolePermissions.keySet().iterator();
285       while( roles.hasNext() )
286       {
287          String role = (String ) roles.next();
288          Permissions perms = (Permissions ) rolePermissions.get(role);
289          iter = perms.elements();
290          tmp.append("\t\t<Role name='"+role+"'>\n");
291          while( iter.hasMoreElements() )
292          {
293             Permission p = (Permission ) iter.nextElement();
294             tmp.append("<Permission type='");
295             tmp.append(p.getClass());
296             tmp.append(" name='");
297             tmp.append(p.getName());
298             tmp.append("' actions='");
299             tmp.append(p.getActions());
300             tmp.append("' />\n");
301          }
302          tmp.append("\t\t</Role>\n");
303       }
304       tmp.append("\t</RolePermssions>");
305       tmp.append("</ContextPolicy>\n");
306       return tmp.toString();
307    }
308 }
309

A to Z: JavaDoc & Examples

---

Daily Java News & Articles

---

Open Source Projects

---

Open Source Codes

---

Free Computer Books

---

Remove Frame

---

Popular Tags