KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > winstone > auth > SecurityConstraint


1 /*
2  * Copyright 2003-2006 Rick Knowles <winstone-devel at lists sourceforge net>
3  * Distributed under the terms of either:
4  * - the common development and distribution license (CDDL), v1.0; or
5  * - the GNU Lesser General Public License, v2.1 or later
6  */
7 package winstone.auth;
8
9 import java.util.HashSet JavaDoc;
10 import java.util.Set JavaDoc;
11
12 import javax.servlet.http.HttpServletRequest JavaDoc;
13
14 import org.w3c.dom.Node JavaDoc;
15
16 import winstone.Logger;
17 import winstone.Mapping;
18 import winstone.WebAppConfiguration;
19
20 /**
21  * Models a restriction on a particular set of resources in the webapp.
22  *
23  * @author mailto: <a HREF="rick_knowles@hotmail.com">Rick Knowles</a>
24  * @version $Id: SecurityConstraint.java,v 1.7 2006/08/10 06:38:30 rickknowles Exp $
25  */
26 public class SecurityConstraint {
27     final String JavaDoc ELEM_DISPLAY_NAME = "display-name";
28     final String JavaDoc ELEM_WEB_RESOURCES = "web-resource-collection";
29     final String JavaDoc ELEM_WEB_RESOURCE_NAME = "web-resource-name";
30     final String JavaDoc ELEM_URL_PATTERN = "url-pattern";
31     final String JavaDoc ELEM_HTTP_METHOD = "http-method";
32     final String JavaDoc ELEM_AUTH_CONSTRAINT = "auth-constraint";
33     final String JavaDoc ELEM_ROLE_NAME = "role-name";
34     final String JavaDoc ELEM_USER_DATA_CONSTRAINT = "user-data-constraint";
35     final String JavaDoc ELEM_TRANSPORT_GUARANTEE = "transport-guarantee";
36     final String JavaDoc GUARANTEE_NONE = "NONE";
37
38     private String JavaDoc displayName;
39     private String JavaDoc methodSets[];
40     private Mapping urlPatterns[];
41     private String JavaDoc rolesAllowed[];
42     private boolean needsSSL;
43
44     /**
45      * Constructor
46      */
47     public SecurityConstraint(Node JavaDoc elm, Set JavaDoc rolesAllowed, int counter) {
48         this.needsSSL = false;
49         Set JavaDoc localUrlPatternList = new HashSet JavaDoc();
50         Set JavaDoc localMethodSetList = new HashSet JavaDoc();
51         Set JavaDoc localRolesAllowed = new HashSet JavaDoc();
52
53         for (int i = 0; i < elm.getChildNodes().getLength(); i++) {
54             Node JavaDoc child = elm.getChildNodes().item(i);
55             if (child.getNodeType() != Node.ELEMENT_NODE)
56                 continue;
57             else if (child.getNodeName().equals(ELEM_DISPLAY_NAME))
58                 this.displayName = WebAppConfiguration.getTextFromNode(child);
59             else if (child.getNodeName().equals(ELEM_WEB_RESOURCES)) {
60                 String JavaDoc methodSet = null;
61
62                 // Parse the element and extract
63 for (int k = 0; k < child.getChildNodes().getLength(); k++) {
64                     Node JavaDoc resourceChild = child.getChildNodes().item(k);
65                     if (resourceChild.getNodeType() != Node.ELEMENT_NODE)
66                         continue;
67                     String JavaDoc resourceChildNodeName = resourceChild.getNodeName();
68                     if (resourceChildNodeName.equals(ELEM_URL_PATTERN)) {
69                         localUrlPatternList.add(Mapping.createFromURL(
70                                 "Security", WebAppConfiguration.getTextFromNode(resourceChild)));
71                     } else if (resourceChildNodeName.equals(ELEM_HTTP_METHOD)) {
72                         methodSet = (methodSet == null ? "." : methodSet)
73                                 + WebAppConfiguration.getTextFromNode(resourceChild) + ".";
74                     }
75                 }
76                 localMethodSetList.add(methodSet == null ? ".ALL." : methodSet);
77             } else if (child.getNodeName().equals(ELEM_AUTH_CONSTRAINT)) {
78                 // Parse the element and extract
79 for (int k = 0; k < child.getChildNodes().getLength(); k++) {
80                     Node JavaDoc roleChild = child.getChildNodes().item(k);
81                     if ((roleChild.getNodeType() != Node.ELEMENT_NODE)
82                             || !roleChild.getNodeName().equals(ELEM_ROLE_NAME))
83                         continue;
84                     String JavaDoc roleName = WebAppConfiguration.getTextFromNode(roleChild);
85                     if (roleName.equals("*"))
86                         localRolesAllowed.addAll(rolesAllowed);
87                     else
88                         localRolesAllowed.add(roleName);
89                 }
90             } else if (child.getNodeName().equals(ELEM_USER_DATA_CONSTRAINT)) {
91                 // Parse the element and extract
92 for (int k = 0; k < child.getChildNodes().getLength(); k++) {
93                     Node JavaDoc roleChild = child.getChildNodes().item(k);
94                     if ((roleChild.getNodeType() == Node.ELEMENT_NODE)
95                             && roleChild.getNodeName().equals(ELEM_TRANSPORT_GUARANTEE))
96                         this.needsSSL = !WebAppConfiguration.getTextFromNode(roleChild)
97                                 .equalsIgnoreCase(GUARANTEE_NONE);
98                 }
99             }
100         }
101         this.urlPatterns = (Mapping[]) localUrlPatternList.toArray(new Mapping[0]);
102         this.methodSets = (String JavaDoc[]) localMethodSetList.toArray(new String JavaDoc[0]);
103         this.rolesAllowed = (String JavaDoc[]) localRolesAllowed.toArray(new String JavaDoc[0]);
104
105         if (this.displayName == null)
106             this.displayName = BaseAuthenticationHandler.AUTH_RESOURCES.getString(
107                     "SecurityConstraint.DefaultName", "" + counter);
108     }
109
110     /**
111      * Call this to evaluate the security constraint - is this operation allowed ?
112      */
113     public boolean isAllowed(HttpServletRequest JavaDoc request) {
114         for (int n = 0; n < this.rolesAllowed.length; n++) {
115             if (request.isUserInRole(this.rolesAllowed[n])) {
116                 Logger.log(Logger.FULL_DEBUG, BaseAuthenticationHandler.AUTH_RESOURCES,
117                         "SecurityConstraint.Passed", new String JavaDoc[] {
118                                 this.displayName, this.rolesAllowed[n] });
119                 return true;
120             }
121         }
122         Logger.log(Logger.FULL_DEBUG, BaseAuthenticationHandler.AUTH_RESOURCES, "SecurityConstraint.Failed",
123                 this.displayName);
124         return false;
125     }
126
127     /**
128      * Call this to evaluate the security constraint - is this constraint applicable to this url ?
129      */
130     public boolean isApplicable(String JavaDoc url, String JavaDoc method) {
131         for (int n = 0; n < this.urlPatterns.length; n++)
132             if (this.urlPatterns[n].match(url, null, null)
133                     && methodCheck(method, this.methodSets[n]))
134                 return true;
135
136         return false;
137     }
138
139     private boolean methodCheck(String JavaDoc protocol, String JavaDoc methodSet) {
140         return methodSet.equals(".ALL.")
141                 || (methodSet.indexOf("." + protocol.toUpperCase() + ".") != -1);
142     }
143
144     public boolean needsSSL() {
145         return this.needsSSL;
146     }
147
148     public String JavaDoc getName() {
149         return this.displayName;
150     }
151 }
152
Popular Tags