1 26 27 package org.objectweb.jonas_lib.security.jacc; 28 29 import java.security.Permission ; 30 import java.security.PermissionCollection ; 31 import java.security.Permissions ; 32 import java.security.Principal ; 33 import java.security.SecurityPermission ; 34 import java.util.Enumeration ; 35 import java.util.HashMap ; 36 import java.util.Map ; 37 38 import javax.security.jacc.PolicyConfiguration ; 39 import javax.security.jacc.PolicyContextException ; 40 41 import org.objectweb.util.monolog.api.BasicLevel; 42 import org.objectweb.util.monolog.api.Logger; 43 44 import org.objectweb.jonas_lib.I18n; 45 46 import org.objectweb.common.TraceCore; 47 48 52 public class JPolicyConfiguration implements PolicyConfiguration { 53 54 57 private static final int NB_STATES = 3; 58 59 63 private static final int OPEN = 0; 64 65 66 70 private static final int IN_SERVICE = 1; 71 72 76 private static final int DELETED = 2; 77 78 81 private static I18n i18n = I18n.getInstance(JPolicyConfiguration.class); 82 83 86 private static String [] states = null; 87 88 91 private int state; 92 93 96 private String contextID = null; 97 98 101 private static Logger logger = null; 102 103 104 107 private PermissionCollection excludedPermissions = null; 108 109 112 private PermissionCollection uncheckedPermissions = null; 113 114 117 private Map rolePermissions = null; 118 119 123 public JPolicyConfiguration(String contextID) { 124 this.contextID = contextID; 125 126 logger = TraceCore.sec; 128 129 if (states == null) { 131 states = new String [NB_STATES]; 133 states[OPEN] = i18n.getMessage("JPolicyConfiguration.openState"); 134 states[IN_SERVICE] = i18n.getMessage("JPolicyConfiguration.inServiceState"); 135 states[DELETED] = i18n.getMessage("JPolicyConfiguration.deletedState"); 136 } 137 138 resetState(); 140 141 excludedPermissions = new Permissions (); 143 uncheckedPermissions = new Permissions (); 144 rolePermissions = new HashMap (); 145 } 146 147 160 public void addToExcludedPolicy(Permission permission) 161 throws PolicyContextException , SecurityException , UnsupportedOperationException { 162 163 if (logger.isLoggable(BasicLevel.DEBUG)) { 164 logger.log(BasicLevel.DEBUG, "Adding permission '" + permission + "' as excluded policy."); 165 } 166 167 checkSetPolicy(); 169 170 checkCurrentStateIsInState(OPEN); 172 173 if (permission != null) { 175 excludedPermissions.add(permission); 176 } 177 178 } 179 180 196 public void addToExcludedPolicy(PermissionCollection permissions) 197 throws PolicyContextException , SecurityException , UnsupportedOperationException { 198 199 if (logger.isLoggable(BasicLevel.DEBUG)) { 200 logger.log(BasicLevel.DEBUG, "Adding permissions '" + permissions + "' as excluded policy."); 201 } 202 203 checkSetPolicy(); 205 206 checkCurrentStateIsInState(OPEN); 208 209 if (permissions != null) { 211 for (Enumeration e = permissions.elements(); e.hasMoreElements();) { 212 excludedPermissions.add((Permission ) e.nextElement()); 213 } 214 } 215 216 } 217 218 232 public void addToRole(String roleName, Permission permission) 233 throws PolicyContextException , SecurityException , UnsupportedOperationException { 234 235 if (logger.isLoggable(BasicLevel.DEBUG)) { 236 logger.log(BasicLevel.DEBUG, "Adding permission '" + permission + "' to role '" + roleName + "'."); 237 } 238 239 checkSetPolicy(); 241 242 checkCurrentStateIsInState(OPEN); 244 245 if (roleName == null) { 247 throw new PolicyContextException (i18n.getMessage("JPolicyConfiguration.addToRole")); 248 } 249 250 251 if (permission == null) { 253 return; 254 } 255 PermissionCollection permissionsOfRole = (PermissionCollection ) rolePermissions.get(roleName); 256 257 if (permissionsOfRole == null) { 259 permissionsOfRole = new Permissions (); 260 } 261 permissionsOfRole.add(permission); 262 263 rolePermissions.put(roleName, permissionsOfRole); 265 266 } 267 268 283 public void addToRole(String roleName, PermissionCollection permissions) 284 throws PolicyContextException , SecurityException , UnsupportedOperationException { 285 286 if (logger.isLoggable(BasicLevel.DEBUG)) { 287 logger.log(BasicLevel.DEBUG, "Adding permissions '" + permissions + "' to role '" + roleName + "'."); 288 } 289 290 checkSetPolicy(); 292 293 checkCurrentStateIsInState(OPEN); 295 296 if (roleName == null) { 298 throw new PolicyContextException (i18n.getMessage("JPolicyConfiguration.addToRole")); 299 } 300 301 302 if (permissions == null) { 304 return; 305 } 306 PermissionCollection permissionsOfRole = (PermissionCollection ) rolePermissions.get(roleName); 307 308 if (permissionsOfRole == null) { 310 permissionsOfRole = new Permissions (); 311 } 312 313 for (Enumeration e = permissions.elements(); e.hasMoreElements();) { 314 permissionsOfRole.add((Permission ) e.nextElement()); 315 } 316 317 rolePermissions.put(roleName, permissionsOfRole); 319 320 } 321 322 335 public void addToUncheckedPolicy(Permission permission) 336 throws PolicyContextException , SecurityException , UnsupportedOperationException { 337 338 if (logger.isLoggable(BasicLevel.DEBUG)) { 339 logger.log(BasicLevel.DEBUG, "Adding permission '" + permission + "' as unchecked policy."); 340 } 341 342 checkSetPolicy(); 344 345 checkCurrentStateIsInState(OPEN); 347 348 if (permission != null) { 350 uncheckedPermissions.add(permission); 351 } 352 353 } 354 355 371 public void addToUncheckedPolicy(PermissionCollection permissions) 372 throws PolicyContextException , SecurityException , UnsupportedOperationException { 373 374 if (logger.isLoggable(BasicLevel.DEBUG)) { 375 logger.log(BasicLevel.DEBUG, "Adding permissions '" + permissions + "' as unchecked policy."); 376 } 377 378 checkSetPolicy(); 380 381 checkCurrentStateIsInState(OPEN); 383 384 if (permissions != null) { 386 for (Enumeration e = permissions.elements(); e.hasMoreElements();) { 387 uncheckedPermissions.add((Permission ) e.nextElement()); 388 } 389 } 390 391 } 392 393 394 417 public void commit() throws PolicyContextException , SecurityException , UnsupportedOperationException { 418 419 checkSetPolicy(); 421 422 checkCurrentStateNotInState(DELETED); 424 425 state = IN_SERVICE; 427 428 JPolicyConfigurationKeeper.addConfiguration(this); 430 } 431 432 447 public void delete() throws PolicyContextException , SecurityException { 448 449 checkSetPolicy(); 451 452 excludedPermissions = new Permissions (); 454 uncheckedPermissions = new Permissions (); 455 rolePermissions = new HashMap (); 456 457 state = DELETED; 459 460 JPolicyConfigurationKeeper.removeConfiguration(this); 462 463 } 464 465 476 public String getContextID() throws PolicyContextException , SecurityException { 477 478 checkSetPolicy(); 480 481 return contextID; 482 } 483 484 497 public boolean inService() throws PolicyContextException , SecurityException { 498 499 checkSetPolicy(); 501 502 return (state == IN_SERVICE); 503 } 504 505 535 public void linkConfiguration(PolicyConfiguration link) 536 throws IllegalArgumentException , PolicyContextException , SecurityException , UnsupportedOperationException { 537 538 checkSetPolicy(); 540 541 checkCurrentStateIsInState(OPEN); 543 544 if (this.equals(link)) { 546 throw new IllegalArgumentException (i18n.getMessage("JPolicyConfiguration.linkConfiguration.equivalent", this, link)); 547 } 548 549 551 } 552 553 566 public void removeExcludedPolicy() 567 throws PolicyContextException , SecurityException , UnsupportedOperationException { 568 569 checkSetPolicy(); 571 572 checkCurrentStateIsInState(OPEN); 574 575 excludedPermissions = new Permissions (); 577 } 578 579 592 public void removeRole(String roleName) 593 throws PolicyContextException , SecurityException , UnsupportedOperationException { 594 595 checkSetPolicy(); 597 598 checkCurrentStateIsInState(OPEN); 600 601 rolePermissions.remove(roleName); 603 } 604 605 618 public void removeUncheckedPolicy() 619 throws PolicyContextException , SecurityException , UnsupportedOperationException { 620 621 checkSetPolicy(); 623 624 checkCurrentStateIsInState(OPEN); 626 627 uncheckedPermissions = new Permissions (); 629 } 630 631 637 private void checkCurrentStateNotInState(int s) throws UnsupportedOperationException { 638 if (this.state == s) { 639 String err = i18n.getMessage("JPolicyConfiguration.checkCurrentStateNotInState.notValidState", states[s], states[state]); 640 throw new UnsupportedOperationException (err); 641 } 642 } 643 644 650 private void checkCurrentStateIsInState(int s) throws UnsupportedOperationException { 651 if (this.state != s) { 652 String err = i18n.getMessage("JPolicyConfiguration.checkCurrentStateNotInState.notValidState", states[state], states[s]); 653 throw new UnsupportedOperationException (err); 654 } 655 } 656 657 665 private void checkSetPolicy() throws SecurityException { 666 SecurityManager securityManager = System.getSecurityManager(); 667 if (securityManager != null) { 668 securityManager.checkPermission(new SecurityPermission ("setPolicy")); 669 } 670 } 671 672 678 public boolean equals(Object obj) { 679 if (!(obj instanceof PolicyConfiguration )) { 680 if (logger.isLoggable(BasicLevel.ERROR)) { 681 logger.log(BasicLevel.ERROR, i18n.getMessage("JPolicyConfiguration.equals.notInstanceOf")); 682 } 683 return false; 684 } else { 685 try { 686 return (this.contextID == ((PolicyConfiguration ) obj).getContextID()); 687 } catch (PolicyContextException pce) { 688 if (logger.isLoggable(BasicLevel.ERROR)) { 689 logger.log(BasicLevel.ERROR, i18n.getMessage("JPolicyConfiguration.equals.canNotCheck", pce.getMessage())); 690 } 691 return false; 692 } 693 } 694 } 695 696 700 public int hashCode() { 701 return contextID.hashCode(); 702 } 703 704 705 708 protected void resetState() { 709 this.state = OPEN; 710 } 711 712 713 714 718 public PermissionCollection getExcludedPermissions() { 719 if (state != IN_SERVICE) { 721 return new Permissions (); 722 } else { 723 return excludedPermissions; 724 } 725 } 726 727 728 732 public PermissionCollection getUncheckedPermissions() { 733 if (state != IN_SERVICE) { 735 return new Permissions (); 736 } else { 737 return uncheckedPermissions; 738 } 739 } 740 741 742 747 public PermissionCollection getPermissionsForPrincipal(Principal principal) { 748 749 if (logger.isLoggable(BasicLevel.DEBUG)) { 750 logger.log(BasicLevel.DEBUG, "principal = " + principal); 751 } 752 753 if (principal == null || state != IN_SERVICE) { 755 return new Permissions (); 756 } 757 758 PermissionCollection permissionsOfRole = (PermissionCollection ) rolePermissions.get(principal.getName()); 759 760 if (logger.isLoggable(BasicLevel.DEBUG)) { 761 logger.log(BasicLevel.DEBUG, "Permissions found = " + permissionsOfRole); 762 } 763 764 if (permissionsOfRole == null) { 766 permissionsOfRole = new Permissions (); 767 } 768 769 return permissionsOfRole; 770 } 771 772 } 773 | Popular Tags |