1 7 package winstone.auth; 8 9 import java.util.HashSet ; 10 import java.util.Set ; 11 12 import javax.servlet.http.HttpServletRequest ; 13 14 import org.w3c.dom.Node ; 15 16 import winstone.Logger; 17 import winstone.Mapping; 18 import winstone.WebAppConfiguration; 19 20 26 public class SecurityConstraint { 27 final String ELEM_DISPLAY_NAME = "display-name"; 28 final String ELEM_WEB_RESOURCES = "web-resource-collection"; 29 final String ELEM_WEB_RESOURCE_NAME = "web-resource-name"; 30 final String ELEM_URL_PATTERN = "url-pattern"; 31 final String ELEM_HTTP_METHOD = "http-method"; 32 final String ELEM_AUTH_CONSTRAINT = "auth-constraint"; 33 final String ELEM_ROLE_NAME = "role-name"; 34 final String ELEM_USER_DATA_CONSTRAINT = "user-data-constraint"; 35 final String ELEM_TRANSPORT_GUARANTEE = "transport-guarantee"; 36 final String GUARANTEE_NONE = "NONE"; 37 38 private String displayName; 39 private String methodSets[]; 40 private Mapping urlPatterns[]; 41 private String rolesAllowed[]; 42 private boolean needsSSL; 43 44 47 public SecurityConstraint(Node elm, Set rolesAllowed, int counter) { 48 this.needsSSL = false; 49 Set localUrlPatternList = new HashSet (); 50 Set localMethodSetList = new HashSet (); 51 Set localRolesAllowed = new HashSet (); 52 53 for (int i = 0; i < elm.getChildNodes().getLength(); i++) { 54 Node child = elm.getChildNodes().item(i); 55 if (child.getNodeType() != Node.ELEMENT_NODE) 56 continue; 57 else if (child.getNodeName().equals(ELEM_DISPLAY_NAME)) 58 this.displayName = WebAppConfiguration.getTextFromNode(child); 59 else if (child.getNodeName().equals(ELEM_WEB_RESOURCES)) { 60 String methodSet = null; 61 62 for (int k = 0; k < child.getChildNodes().getLength(); k++) { 64 Node resourceChild = child.getChildNodes().item(k); 65 if (resourceChild.getNodeType() != Node.ELEMENT_NODE) 66 continue; 67 String resourceChildNodeName = resourceChild.getNodeName(); 68 if (resourceChildNodeName.equals(ELEM_URL_PATTERN)) { 69 localUrlPatternList.add(Mapping.createFromURL( 70 "Security", WebAppConfiguration.getTextFromNode(resourceChild))); 71 } else if (resourceChildNodeName.equals(ELEM_HTTP_METHOD)) { 72 methodSet = (methodSet == null ? "." : methodSet) 73 + WebAppConfiguration.getTextFromNode(resourceChild) + "."; 74 } 75 } 76 localMethodSetList.add(methodSet == null ? ".ALL." : methodSet); 77 } else if (child.getNodeName().equals(ELEM_AUTH_CONSTRAINT)) { 78 for (int k = 0; k < child.getChildNodes().getLength(); k++) { 80 Node roleChild = child.getChildNodes().item(k); 81 if ((roleChild.getNodeType() != Node.ELEMENT_NODE) 82 || !roleChild.getNodeName().equals(ELEM_ROLE_NAME)) 83 continue; 84 String roleName = WebAppConfiguration.getTextFromNode(roleChild); 85 if (roleName.equals("*")) 86 localRolesAllowed.addAll(rolesAllowed); 87 else 88 localRolesAllowed.add(roleName); 89 } 90 } else if (child.getNodeName().equals(ELEM_USER_DATA_CONSTRAINT)) { 91 for (int k = 0; k < child.getChildNodes().getLength(); k++) { 93 Node roleChild = child.getChildNodes().item(k); 94 if ((roleChild.getNodeType() == Node.ELEMENT_NODE) 95 && roleChild.getNodeName().equals(ELEM_TRANSPORT_GUARANTEE)) 96 this.needsSSL = !WebAppConfiguration.getTextFromNode(roleChild) 97 .equalsIgnoreCase(GUARANTEE_NONE); 98 } 99 } 100 } 101 this.urlPatterns = (Mapping[]) localUrlPatternList.toArray(new Mapping[0]); 102 this.methodSets = (String []) localMethodSetList.toArray(new String [0]); 103 this.rolesAllowed = (String []) localRolesAllowed.toArray(new String [0]); 104 105 if (this.displayName == null) 106 this.displayName = BaseAuthenticationHandler.AUTH_RESOURCES.getString( 107 "SecurityConstraint.DefaultName", "" + counter); 108 } 109 110 113 public boolean isAllowed(HttpServletRequest request) { 114 for (int n = 0; n < this.rolesAllowed.length; n++) { 115 if (request.isUserInRole(this.rolesAllowed[n])) { 116 Logger.log(Logger.FULL_DEBUG, BaseAuthenticationHandler.AUTH_RESOURCES, 117 "SecurityConstraint.Passed", new String [] { 118 this.displayName, this.rolesAllowed[n] }); 119 return true; 120 } 121 } 122 Logger.log(Logger.FULL_DEBUG, BaseAuthenticationHandler.AUTH_RESOURCES, "SecurityConstraint.Failed", 123 this.displayName); 124 return false; 125 } 126 127 130 public boolean isApplicable(String url, String method) { 131 for (int n = 0; n < this.urlPatterns.length; n++) 132 if (this.urlPatterns[n].match(url, null, null) 133 && methodCheck(method, this.methodSets[n])) 134 return true; 135 136 return false; 137 } 138 139 private boolean methodCheck(String protocol, String methodSet) { 140 return methodSet.equals(".ALL.") 141 || (methodSet.indexOf("." + protocol.toUpperCase() + ".") != -1); 142 } 143 144 public boolean needsSSL() { 145 return this.needsSSL; 146 } 147 148 public String getName() { 149 return this.displayName; 150 } 151 } 152 | Popular Tags |