geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a..@apache.org
Subject cvs commit: incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/util ConfigurationUtil.java URLPattern.java URLPatternCheck.java
Date Sat, 08 Nov 2003 05:57:07 GMT
adc         2003/11/07 21:57:07

  Added:       modules/core/src/java/org/apache/geronimo/security/util
                        ConfigurationUtil.java URLPattern.java
                        URLPatternCheck.java
  Log:
  Utility classes that help the mapping of Web and EJB modules
  into permissions.
  
  Revision  Changes    Path
  1.1                  incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/util/ConfigurationUtil.java
  
  Index: ConfigurationUtil.java
  ===================================================================
  /* ====================================================================
   * The Apache Software License, Version 1.1
   *
   * Copyright (c) 2003 The Apache Software Foundation.  All rights
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer.
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution,
   *    if any, must include the following acknowledgment:
   *       "This product includes software developed by the
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowledgment may appear in the software itself,
   *    if and wherever such third-party acknowledgments normally appear.
   *
   * 4. The names "Apache" and "Apache Software Foundation" and
   *    "Apache Geronimo" must not be used to endorse or promote products
   *    derived from this software without prior written permission. For
   *    written permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache",
   *    "Apache Geronimo", nor may "Apache" appear in their name, without
   *    prior written permission of the Apache Software Foundation.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   *
   * ====================================================================
   */
  package org.apache.geronimo.security.util;
  
  import org.apache.geronimo.deployment.model.web.WebApp;
  import org.apache.geronimo.deployment.model.web.SecurityConstraint;
  import org.apache.geronimo.deployment.model.web.WebResourceCollection;
  import org.apache.geronimo.deployment.model.j2ee.SecurityRole;
  import org.apache.geronimo.deployment.model.j2ee.SecurityRoleRef;
  import org.apache.geronimo.deployment.model.ejb.EjbJar;
  import org.apache.geronimo.deployment.model.ejb.EnterpriseBeans;
  import org.apache.geronimo.deployment.model.ejb.Entity;
  import org.apache.geronimo.deployment.model.ejb.Session;
  import org.apache.geronimo.deployment.model.ejb.AssemblyDescriptor;
  import org.apache.geronimo.deployment.model.ejb.MethodPermission;
  import org.apache.geronimo.deployment.model.ejb.ExcludeList;
  import org.apache.geronimo.deployment.model.ejb.Method;
  import org.apache.geronimo.deployment.model.ejb.RpcBean;
  import org.apache.geronimo.security.GeronimoSecurityException;
  
  import javax.security.jacc.PolicyConfiguration;
  import javax.security.jacc.WebResourcePermission;
  import javax.security.jacc.WebUserDataPermission;
  import javax.security.jacc.PolicyContextException;
  import javax.security.jacc.EJBMethodPermission;
  import javax.security.jacc.EJBRoleRefPermission;
  import javax.security.jacc.PolicyContextHandler;
  import javax.security.jacc.PolicyContext;
  import java.util.HashSet;
  import java.util.HashMap;
  import java.util.Iterator;
  
  
  /**
   * A collection of utility functions that assist with the configuration of
   * <code>PolicyConfiguration</code>s.
   *
   * @version $Revision: 1.1 $ $Date: 2003/11/08 05:57:07 $
   * @see javax.security.jacc.PolicyConfiguration
   *  @see "JSR 115" Java Authorization Contract for Containers
   */
  public class ConfigurationUtil {
  
      /**
       * A simple helper method to register PolicyContextHandlers
       * @param handler an object that implements the <code>PolicyContextHandler</code>
       * interface. The value of this parameter must not be null.
       * @param replace this boolean value defines the behavior of this method
       * if, when it is called, a <code>PolicyContextHandler</code> has already
       * been registered to handle the same key. In that case, and if the value
       * of this argument is true, the existing handler is replaced with the
       * argument handler. If the value of this parameter is false the existing
       * registration is preserved and an exception is thrown.
       */
      public static void registerPolicyContextHandler(PolicyContextHandler handler, boolean
replace) throws PolicyContextException {
          String[] keys = handler.getKeys();
          
          for (int i=0; i<keys.length; i++) {
              PolicyContext.registerHandler(keys[i], handler, replace);
          }
      }
  
      /**
       * Translate the web deployment descriptors into equivalent security
       * permissions.  These permissions are placed into the appropriate
       * <code>PolicyConfiguration</code> object as defined in the JAAC spec.
       * @param webApp the deployment descriptor from which to obtain the
       * security constraints that are to be translated.
       * @throws org.apache.geronimo.security.GeronimoSecurityException if there is any violation
of the semantics of
       * the security descriptor or the state of the module configuration.
       * @see javax.security.jacc.PolicyConfiguration
       * @see "Java Authorization Contract for Containers", section 3.1.3
       * @jmx:managed-operation
       */
      public static void configure(PolicyConfiguration configuration, WebApp webApp) throws
GeronimoSecurityException {
  
          HashSet securityRoles = new HashSet();
          SecurityRole[] securityRolesArray = webApp.getSecurityRole();
          for (int i = 0; i < securityRolesArray.length; i++) {
              securityRoles.add(securityRolesArray[i].getRoleName());
          }
  
          HashMap uncheckedPatterns = new HashMap();
          HashMap excludedPatterns = new HashMap();
          HashMap rolesPatterns = new HashMap();
          HashSet allSet = new HashSet();
          HashMap allMap = new HashMap();
  
          SecurityConstraint[] s = webApp.getSecurityConstraint();
          for (int i = 0; i < s.length; i++) {
  
              HashMap currentPatterns;
              if (s[i].getAuthConstraint() == null) {
                  currentPatterns = uncheckedPatterns;
              } else if (s[i].getAuthConstraint().getRoleName().length == 0) {
                  currentPatterns = excludedPatterns;
              } else {
                  currentPatterns = rolesPatterns;
              }
  
              String transport = "";
              if (s[i].getUserDataConstraint() != null) {
                  transport = s[i].getUserDataConstraint().getTransportGuarantee();
              }
  
              WebResourceCollection[] collection = s[i].getWebResourceCollection();
              for (int j = 0; j < collection.length; j++) {
                  String[] methods = collection[j].getHttpMethod();
                  String[] patterns = collection[j].getUrlPattern();
                  for (int k = 0; k < patterns.length; k++) {
                      URLPattern pattern = (URLPattern) currentPatterns.get(patterns[k]);
                      if (pattern == null) {
                          pattern = new URLPattern(patterns[k]);
                          currentPatterns.put(patterns[k], pattern);
                      }
  
                      URLPattern allPattern = (URLPattern) allMap.get(patterns[k]);
                      if (allPattern == null) {
                          allPattern = new URLPattern(patterns[k]);
                          allSet.add(allPattern);
                          allMap.put(patterns[k], allPattern);
                      }
  
                      for (int l = 0; l < methods.length; l++) {
                          pattern.addMethod(methods[l]);
                          allPattern.addMethod(methods[l]);
                      }
  
                      if (methods.length == 0) {
                          pattern.addMethod("");
                          allPattern.addMethod("");
                      }
  
                      if (currentPatterns == rolesPatterns) {
                          String[] roles = s[i].getAuthConstraint().getRoleName();
                          for (int l = 0; l < roles.length; l++) {
                              if (roles[l].equals("*")) {
                                  pattern.addAllRoles(securityRoles);
                              } else {
                                  pattern.addRole(roles[l]);
                              }
                          }
                      }
  
                      pattern.setTransport(transport);
                  }
              }
          }
  
          try {
              /**
               *
               */
              Iterator iter = excludedPatterns.keySet().iterator();
              while (iter.hasNext()) {
                  URLPattern pattern = (URLPattern) excludedPatterns.get(iter.next());
                  String name = pattern.getQualifiedPattern(allSet);
                  String actions = pattern.getMethods();
  
                  configuration.addToExcludedPolicy(new WebResourcePermission(name, actions));
                  configuration.addToExcludedPolicy(new WebUserDataPermission(name, actions));
              }
  
              /**
               *
               */
              iter = rolesPatterns.keySet().iterator();
              while (iter.hasNext()) {
                  URLPattern pattern = (URLPattern) rolesPatterns.get(iter.next());
                  String name = pattern.getQualifiedPattern(allSet);
                  String actions = pattern.getMethods();
                  WebResourcePermission permission = new WebResourcePermission(name, actions);
  
                  Iterator names = pattern.getRoles().iterator();
                  while (names.hasNext()) {
                      configuration.addToRole((String) names.next(), permission);
                  }
              }
  
              /**
               *
               */
              iter = uncheckedPatterns.keySet().iterator();
              while (iter.hasNext()) {
                  URLPattern pattern = (URLPattern) uncheckedPatterns.get(iter.next());
                  String name = pattern.getQualifiedPattern(allSet);
                  String actions = pattern.getMethods();
  
                  configuration.addToUncheckedPolicy(new WebResourcePermission(name, actions));
              }
  
              /**
               *
               */
              iter = rolesPatterns.keySet().iterator();
              while (iter.hasNext()) {
                  URLPattern pattern = (URLPattern) rolesPatterns.get(iter.next());
                  String name = pattern.getQualifiedPattern(allSet);
                  String actions = pattern.getMethodsWithTransport();
  
                  configuration.addToUncheckedPolicy(new WebUserDataPermission(name, actions));
              }
  
              iter = uncheckedPatterns.keySet().iterator();
              while (iter.hasNext()) {
                  URLPattern pattern = (URLPattern) uncheckedPatterns.get(iter.next());
                  String name = pattern.getQualifiedPattern(allSet);
                  String actions = pattern.getMethodsWithTransport();
  
                  configuration.addToUncheckedPolicy(new WebUserDataPermission(name, actions));
              }
  
              /**
               * A <code>WebResourcePermission</code> and a <code>WebUserDataPermission</code>
must be instantiated for
               * each <tt>url-pattern</tt> in the deployment descriptor and the
default pattern "/", that is not combined
               * by the <tt>web-resource-collection</tt> elements of the deployment
descriptor with ever HTTP method
               * value.  The permission objects must be contructed using the qualified pattern
as their name and with
               * actions defined by the subset of the HTTP methods that do not occur in combination
with the pattern.
               * The resulting permissions that must be added to the unchecked policy statements
by calling the
               * <code>addToUncheckedPolcy</code> method on the <code>PolicyConfiguration</code>
object.
               */
              iter = allSet.iterator();
              while (iter.hasNext()) {
                  URLPattern pattern = (URLPattern) iter.next();
                  String name = pattern.getQualifiedPattern(allSet);
                  String actions = pattern.getComplementedMethods();
  
                  if (actions.length() == 0) continue;
  
                  configuration.addToUncheckedPolicy(new WebResourcePermission(name, actions));
                  configuration.addToUncheckedPolicy(new WebUserDataPermission(name, actions));
              }
  
              URLPattern pattern = new URLPattern("/");
              if (!allSet.contains(pattern)) {
                  String name = pattern.getQualifiedPattern(allSet);
                  String actions = pattern.getComplementedMethods();
  
                  configuration.addToUncheckedPolicy(new WebResourcePermission(name, actions));
                  configuration.addToUncheckedPolicy(new WebUserDataPermission(name, actions));
              }
          } catch (PolicyContextException e) {
              throw new GeronimoSecurityException(e);
          }
      }
  
      public static void configure(PolicyConfiguration configuration, EjbJar ejbJar) throws
GeronimoSecurityException {
  
          EnterpriseBeans enterpriseBeans = ejbJar.getEnterpriseBeans();
          Entity[] entityBeans = enterpriseBeans.getEntity();
          Session[] sessionBeans = enterpriseBeans.getSession();
  
          AssemblyDescriptor assemblyDescriptor = ejbJar.getAssemblyDescriptor();
          MethodPermission[] methodPermissions = assemblyDescriptor.getMethodPermission();
          ExcludeList excludeList = assemblyDescriptor.getExcludeList();
  
          /**
           * Section 3.1.5.1
           */
          for (int i = 0; i < methodPermissions.length; i++) {
              MethodPermission methodPermission = methodPermissions[i];
              Method[] methods = methodPermission.getMethod();
  
              for (int j = 0; j < methods.length; j++) {
                  Method method = methods[j];
                  EJBMethodPermission permission = new EJBMethodPermission(method.getEjbName(),
                                                                           method.getMethodName(),
                                                                           method.getMethodIntf(),
                                                                           method.getMethodParam());
  
                  try {
                      if (methodPermission.isUnchecked()) {
                          configuration.addToUncheckedPolicy(permission);
                      } else {
                          String[] roleNames = methodPermission.getRoleName();
  
                          for (int k = 0; k < roleNames.length; k++) {
                              configuration.addToRole(roleNames[k], permission);
                          }
                      }
                  } catch (PolicyContextException e) {
                      throw new GeronimoSecurityException(e);
                  }
              }
          }
  
          /**
           * Section 3.1.5.2
           */
          Method[] methods = excludeList.getMethod();
          try {
              for (int i = 0; i < methods.length; i++) {
                  EJBMethodPermission permission = new EJBMethodPermission(methods[i].getEjbName(),
                                                                           methods[i].getMethodName(),
                                                                           methods[i].getMethodIntf(),
                                                                           methods[i].getMethodParam());
                  configuration.addToExcludedPolicy(permission);
              }
          } catch (PolicyContextException e) {
              throw new GeronimoSecurityException(e);
          }
  
          /**
           * Section 3.1.5.3
           */
          for (int i = 0; i < entityBeans.length; i++) {
              translateSecurityRoleRefs(configuration, entityBeans[i]);
          }
  
          for (int i = 0; i < sessionBeans.length; i++) {
              translateSecurityRoleRefs(configuration, sessionBeans[i]);
          }
      }
  
      private static void translateSecurityRoleRefs(PolicyConfiguration configuration, RpcBean
bean) throws GeronimoSecurityException {
  
          try {
              SecurityRoleRef[] roleRefs = bean.getSecurityRoleRef();
  
              for (int i = 0; i < roleRefs.length; i++) {
                  String roleName = roleRefs[i].getRoleName();
                  String roleLink = roleRefs[i].getRoleLink();
  
                  configuration.addToRole(roleLink, new EJBRoleRefPermission(bean.getEJBName(),
roleName));
              }
          } catch (PolicyContextException e) {
              throw new GeronimoSecurityException(e);
          }
      }
  }
  
  
  
  1.1                  incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/util/URLPattern.java
  
  Index: URLPattern.java
  ===================================================================
  /* ====================================================================
   * The Apache Software License, Version 1.1
   *
   * Copyright (c) 2003 The Apache Software Foundation.  All rights
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer.
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution,
   *    if any, must include the following acknowledgment:
   *       "This product includes software developed by the
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowledgment may appear in the software itself,
   *    if and wherever such third-party acknowledgments normally appear.
   *
   * 4. The names "Apache" and "Apache Software Foundation" and
   *    "Apache Geronimo" must not be used to endorse or promote products
   *    derived from this software without prior written permission. For
   *    written permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache",
   *    "Apache Geronimo", nor may "Apache" appear in their name, without
   *    prior written permission of the Apache Software Foundation.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   *
   * ====================================================================
   */
  
  package org.apache.geronimo.security.util;
  
  import java.util.HashSet;
  import java.util.Iterator;
  import java.util.Collection;
  
  
  /**
   * Utility class for <code>WebModuleConfiguration</code>.  This class is used
to generate qualified patterns, HTTP
   * method sets, complements of HTTP method sets, and HTTP method sets w/ transport restrictions
for URL patterns that
   * are found in the web deployment descriptor.
   * @version $Revision: 1.1 $ $Date: 2003/11/08 05:57:07 $
   * @see org.apache.geronimo.security.WebModuleConfiguration
   */
  class URLPattern {
      private final static String[] HTTP_METHODS = {"GET", "POST", "PUT", "DELETE", "HEAD",
"OPTIONS", "TRACE"};
      private final static int[] HTTP_MASKS = {0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40};
      private final static int NA = 0x00;
      private final static int INTEGRAL = 0x01;
      private final static int CONFIDENTIAL = 0x02;
  
      private URLPatternCheck type;
      private String pattern;
      private int mask;
      private int transport;
      private HashSet roles = new HashSet();
  
      /**
       * Construct an instance of the utility class for <code>WebModuleConfiguration</code>.
       * @param pat the URL pattern that this instance is to collect information on
       * @see org.apache.geronimo.security.WebModuleConfiguration
       * @see "JSR 115, section 3.1.3" Translating Servlet Deployment Descriptors
       */
      URLPattern(String pat) {
          if (pat == null) throw new java.lang.IllegalArgumentException("URL pattern cannot
be null");
          if (pat.length() == 0) throw new java.lang.IllegalArgumentException("URL pattern
cannot be empty");
  
          if (pat.equals("/") || pat.equals("/*")) {
              type = DEFAULT;
          } else if (pat.charAt(0) == '/' && pat.endsWith("/*")) {
              type = PATH_PREFIX;
          } else if (pat.charAt(0) == '*') {
              type = EXTENSION;
          } else {
              type = EXACT;
          }
          pattern = pat;
      }
  
      /**
       * Get a qualifed URL pattern relative to a particular set of URL patterns.  This algorithm
is described in
       * JSR 115, section 3.1.3.1 "Qualified URL Pattern Names".
       * @param patterns the set of possible URL patterns that could be used to qualify this
pattern
       * @return a qualifed URL pattern
       */
      String getQualifiedPattern(HashSet patterns) {
          if (type == EXACT) {
              return pattern;
          } else {
              HashSet bucket = new HashSet();
              StringBuffer result = new StringBuffer(pattern);
              Iterator iter = patterns.iterator();
  
              // Collect a set of qualifying patterns, depending on the type of this pattern.
              while (iter.hasNext()) {
                  URLPattern p = (URLPattern) iter.next();
                  if (type.check(this, p)) {
                      bucket.add(p.pattern);
                  }
              }
  
              // append the set of qualifying patterns
              iter = bucket.iterator();
              while (iter.hasNext()) {
                  result.append(':');
                  result.append((String) iter.next());
              }
              return result.toString();
          }
      }
  
      /**
       * Add a method to the union of HTTP methods associated with this URL pattern.  An empty
string is short hand for
       * the set of all HTTP methods.
       * @param method the HTTP method to be added to the set.
       */
      void addMethod(String method) {
          if (method.length() == 0) {
              mask = 0xFF;
              return;
          }
  
          boolean found = false;
          for (int j = 0; j < HTTP_METHODS.length; j++) {
              if (method.equals(HTTP_METHODS[j])) {
                  mask |= HTTP_MASKS[j];
                  found = true;
  
                  break;
              }
          }
          if (!found) throw new IllegalArgumentException("Invalid HTTP method");
      }
  
      /**
       * Return the set of HTTP methods that have been associated with this URL pattern.
       * @return a set of HTTP methods
       */
      String getMethods() {
          StringBuffer buffer = null;
  
          for (int i = 0; i < HTTP_MASKS.length; i++) {
              if ((mask & HTTP_MASKS[i]) > 0) {
                  if (buffer == null) {
                      buffer = new StringBuffer();
                  } else {
                      buffer.append(",");
                  }
                  buffer.append(HTTP_METHODS[i]);
              }
          }
  
          return (buffer == null ? "" : buffer.toString());
      }
  
      String getComplementedMethods() {
          StringBuffer buffer = null;
  
          for (int i = 0; i < HTTP_MASKS.length; i++) {
              if ((mask & HTTP_MASKS[i]) == 0) {
                  if (buffer == null) {
                      buffer = new StringBuffer();
                  } else {
                      buffer.append(",");
                  }
                  buffer.append(HTTP_METHODS[i]);
              }
          }
  
          return (buffer == null ? "" : buffer.toString());
      }
  
      String getMethodsWithTransport() {
          StringBuffer buffer = new StringBuffer(getMethods());
  
  
          if (transport != NA) {
              buffer.append(":");
  
              if (transport != 0x03) {
                  if (transport == INTEGRAL) {
                      buffer.append("INTEGRAL");
                  } else {
                      buffer.append("CONFIDENTIAL");
                  }
              }
          }
  
          return buffer.toString();
      }
  
      void setTransport(String trans) {
          switch (transport) {
              case NA:
                  {
                      if ("INTEGRAL".equals(trans)) {
                          transport = INTEGRAL;
                      } else if ("CONFIDENTIAL".equals(trans)) {
                          transport = CONFIDENTIAL;
                      }
                      break;
                  }
  
              case INTEGRAL:
                  {
                      if ("CONFIDENTIAL".equals(trans)) {
                          transport = CONFIDENTIAL;
                      }
                      break;
                  }
          }
      }
  
      void addRole(String role) {
          roles.add(role);
      }
  
      void addAllRoles(Collection collection) {
          roles.addAll(collection);
      }
  
      HashSet getRoles() {
          return roles;
      }
  
      public boolean equals(Object obj) {
          if (!(obj instanceof URLPattern)) return false;
  
          URLPattern test = (URLPattern) obj;
  
          return pattern.equals(test.pattern);
      }
  
      public int hashCode() {
          return pattern.hashCode();
      }
  
      boolean matches(URLPattern p) {
          String test = p.pattern;
  
          // their pattern values are String equivalent
          if (pattern.equals(test)) return true;
  
          return type.matches(pattern, test);
      }
  
      private final static URLPatternCheck EXACT = new URLPatternCheck() {
          public boolean check(URLPattern base, URLPattern test) {
              return matches(base.pattern, test.pattern);
          }
  
          public boolean matches(String base, String test) {
              return base.equals(test);
          }
      };
  
      private final static URLPatternCheck PATH_PREFIX = new URLPatternCheck() {
          public boolean check(URLPattern base, URLPattern test) {
              return ((test.type == PATH_PREFIX || test.type == EXACT)
                      && base.matches(test)
                      && !base.equals(test));
          }
  
          /**
           * This pattern is a path-prefix pattern (that is, it starts with "/" and ends with
"/*") and the argument
           * pattern starts with the substring of this pattern, minus its last 2 characters,
and the next character of
           * the argument pattern, if there is one, is "/"
           * @param base the base pattern
           * @param test the pattern to be tested
           * @return <code>true</code> if <code>test</code> is matched
by <code>base</code>
           */
          public boolean matches(String base, String test) {
              int length = base.length() - 2;
              if (length > test.length()) return false;
  
              for (int i = 0; i < length; i++) {
                  if (base.charAt(i) != test.charAt(i)) return false;
              }
  
              if (test.length() == length)
                  return true;
              else if (test.charAt(length) != '/') return false;
  
              return true;
          }
      };
  
      private final static URLPatternCheck EXTENSION = new URLPatternCheck() {
          public boolean check(URLPattern base, URLPattern test) {
              if (test.type == PATH_PREFIX) return true;
  
              if (test.type == EXACT) return matches(base.pattern, test.pattern);
  
              return false;
          }
  
          /**
           * This pattern is an extension pattern (that is, it startswith "*.") and the argument
pattern ends with
           * this pattern.
           * @param base the base pattern
           * @param test the pattern to be tested
           * @return <code>true</code> if <code>test</code> is matched
by <code>base</code>
           */
          public boolean matches(String base, String test) {
              return test.endsWith(base.substring(1));
          }
      };
  
      private final static URLPatternCheck DEFAULT = new URLPatternCheck() {
          public boolean check(URLPattern base, URLPattern test) {
              return base.matches(test) && !base.equals(test);
          }
  
          /**
           * This pattern is the path-prefix pattern "/*" or the reference pattern is the
special default pattern,
           * "/", which matches all argument patterns.
           * @param base the base pattern
           * @param test the pattern to be tested
           * @return <code>true</code> if <code>test</code> is matched
by <code>base</code>
           * @see "JSR 115"
           */
          public boolean matches(String base, String test) {
              return true;
          }
      };
  }
  
  
  
  1.1                  incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/util/URLPatternCheck.java
  
  Index: URLPatternCheck.java
  ===================================================================
  /* ====================================================================
   * The Apache Software License, Version 1.1
   *
   * Copyright (c) 2003 The Apache Software Foundation.  All rights
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer.
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution,
   *    if any, must include the following acknowledgment:
   *       "This product includes software developed by the
   *        Apache Software Foundation (http://www.apache.org/)."
   *    Alternately, this acknowledgment may appear in the software itself,
   *    if and wherever such third-party acknowledgments normally appear.
   *
   * 4. The names "Apache" and "Apache Software Foundation" and
   *    "Apache Geronimo" must not be used to endorse or promote products
   *    derived from this software without prior written permission. For
   *    written permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache",
   *    "Apache Geronimo", nor may "Apache" appear in their name, without
   *    prior written permission of the Apache Software Foundation.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http://www.apache.org/>.
   *
   * ====================================================================
   */
  package org.apache.geronimo.security.util;
  
  
  /**
   * @version $Revision: 1.1 $ $Date: 2003/11/08 05:57:07 $
   */
  public abstract class URLPatternCheck {
      public abstract boolean check(URLPattern base, URLPattern test);
  
      public abstract boolean matches(String base, String test);
  }
  
  

Mime
View raw message