geronimo-scm mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a..@apache.org
Subject cvs commit: incubator-geronimo/modules/core/src/java/org/apache/geronimo/security GeronimoPolicyConfiguration.java
Date Sat, 08 Nov 2003 06:20:19 GMT
adc         2003/11/07 22:20:19

  Added:       modules/core/src/java/org/apache/geronimo/security
                        GeronimoPolicyConfiguration.java
  Log:
  Concrete implementation of PolicyConfiguration.
  
  Revision  Changes    Path
  1.1                  incubator-geronimo/modules/core/src/java/org/apache/geronimo/security/GeronimoPolicyConfiguration.java
  
  Index: GeronimoPolicyConfiguration.java
  ===================================================================
  /* ====================================================================
   * The Apache Software License, Version 1.1
   *
   * Copyright (c) 2003 The Apache Software Foundation.  All rights
   * reserved.
   *
   * Redistribution and use in source and binary forms, with or without
   * modification, are permitted provided that the following conditions
   * are met:
   *
   * 1. Redistributions of source code must retain the above copyright
   *    notice, this list of conditions and the following disclaimer.
   *
   * 2. Redistributions in binary form must reproduce the above copyright
   *    notice, this list of conditions and the following disclaimer in
   *    the documentation and/or other materials provided with the
   *    distribution.
   *
   * 3. The end-user documentation included with the redistribution,
   *    if any, must include the following acknowledgment:
   *       "This product includes software developed by the
   *        Apache Software Foundation (http:www.apache.org/)."
   *    Alternately, this acknowledgment may appear in the software itself,
   *    if and wherever such third-party acknowledgments normally appear.
   *
   * 4. The names "Apache" and "Apache Software Foundation" and
   *    "Apache Geronimo" must not be used to endorse or promote products
   *    derived from this software without prior written permission. For
   *    written permission, please contact apache@apache.org.
   *
   * 5. Products derived from this software may not be called "Apache",
   *    "Apache Geronimo", nor may "Apache" appear in their name, without
   *    prior written permission of the Apache Software Foundation.
   *
   * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
   * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
   * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
   * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
   * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
   * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
   * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
   * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
   * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
   * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
   * SUCH DAMAGE.
   * ====================================================================
   *
   * This software consists of voluntary contributions made by many
   * individuals on behalf of the Apache Software Foundation.  For more
   * information on the Apache Software Foundation, please see
   * <http:www.apache.org/>.
   *
   * ====================================================================
   */
  package org.apache.geronimo.security;
  
  import javax.security.jacc.PolicyContextException;
  import java.util.HashMap;
  import java.util.HashSet;
  import java.util.Enumeration;
  import java.util.Collection;
  import java.util.Iterator;
  import java.util.Collections;
  import java.security.PermissionCollection;
  import java.security.Permission;
  import java.security.ProtectionDomain;
  import java.security.Principal;
  import java.security.Permissions;
  
  
  /**
   *
   * @version $Revision: 1.1 $ $Date: 2003/11/08 06:20:19 $
   */
  class GeronimoPolicyConfiguration implements RoleMappingConfiguration {
      private final static int OPEN = 1;
      private final static int IN_SERVICE = 2;
      private final static int DELETED = 3;
  
      private final String contextID;
      private int state;
      private HashMap rolePermissionsMap = new HashMap();
      private HashMap principalRoleMapping = new HashMap();
      private Permissions unchecked = new Permissions();
      private Permissions excluded = new Permissions();
  
      private HashMap principalPermissionsMap = new HashMap();
  
      GeronimoPolicyConfiguration(String contextID) {
          this.contextID = contextID;
          this.state = OPEN;
      }
  
      public String getContextID() throws PolicyContextException {
          return contextID;
      }
  
      boolean implies(ProtectionDomain domain, Permission permission) {
  
          if (excluded.implies(permission)) return false;
  
          if (unchecked.implies(permission)) return true;
  
          Principal[] principals = domain.getPrincipals();
          if (principals.length == 0) return false;
  
          for (int i = 0; i < principals.length; i++) {
              if (!(principals[i] instanceof RealmPrincipal)) continue;
  
              Permissions permissions = (Permissions) principalPermissionsMap.get(principals[i]);
  
              if (permissions != null && permissions.implies(permission)) return true;
          }
  
          return false;
      }
  
      public void addRoleMapping(String role, Collection principals) throws PolicyContextException
{
          Iterator iter = principals.iterator();
          while (iter.hasNext()) {
              Principal principal = (Principal) iter.next();
  
              if (!(principal instanceof RealmPrincipal)) throw new PolicyContextException("Principal
not instance of RealmPrincipal");
  
              HashSet roles = (HashSet) principalRoleMapping.get(principal);
              if (roles == null) {
                  roles = new HashSet();
                  principalRoleMapping.put(principal, roles);
              }
              roles.add(role);
          }
      }
  
      public void addToRole(String roleName, PermissionCollection permissions) throws PolicyContextException
{
          if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
  
          Enumeration enum = permissions.elements();
          while (enum.hasMoreElements()) {
              addToRole(roleName, (Permission) enum.nextElement());
          }
      }
  
      public void addToRole(String roleName, Permission permission) throws PolicyContextException
{
          if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
  
          Permissions permissions = (Permissions) rolePermissionsMap.get(roleName);
          if (permissions == null) {
              permissions = new Permissions();
              rolePermissionsMap.put(roleName, permissions);
          }
          permissions.add(permission);
      }
  
      public void addToUncheckedPolicy(PermissionCollection permissions) throws PolicyContextException
{
          if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
  
          Enumeration enum = permissions.elements();
          while (enum.hasMoreElements()) {
              addToUncheckedPolicy((Permission) enum.nextElement());
          }
      }
  
      public void addToUncheckedPolicy(Permission permission) throws PolicyContextException
{
          if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
  
          unchecked.add(permission);
      }
  
      public void addToExcludedPolicy(PermissionCollection permissions) throws PolicyContextException
{
          if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
  
          Enumeration enum = permissions.elements();
          while (enum.hasMoreElements()) {
              addToUncheckedPolicy((Permission) enum.nextElement());
          }
      }
  
      public void addToExcludedPolicy(Permission permission) throws PolicyContextException
{
          if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
  
          excluded.add(permission);
      }
  
      public void removeRole(String roleName) throws PolicyContextException {
          if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
  
          rolePermissionsMap.remove(roleName);
      }
  
      public void removeUncheckedPolicy() throws PolicyContextException {
          if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
  
          unchecked = new Permissions();
      }
  
      public void removeExcludedPolicy() throws PolicyContextException {
          if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
  
          excluded = new Permissions();
      }
  
      public void linkConfiguration(javax.security.jacc.PolicyConfiguration link) throws PolicyContextException
{
          if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
  
          RoleMappingConfiguration configuration = (RoleMappingConfiguration) link;
          Iterator principals = principalRoleMapping.keySet().iterator();
          while (principals.hasNext()) {
              Principal principal = (Principal) principals.next();
  
              Iterator roles = ((HashSet) principalRoleMapping.get(principal)).iterator();
              while (roles.hasNext()) {
                  configuration.addRoleMapping((String) roles.next(), Collections.singletonList(principal));
              }
  
          }
          configuration.linkConfiguration(this);
      }
  
      public void delete() throws PolicyContextException {
          state = DELETED;
      }
  
      public void commit() throws PolicyContextException {
          if (state == DELETED) throw new UnsupportedOperationException("Not in an open state");
  
          Iterator principals = principalRoleMapping.keySet().iterator();
          while (principals.hasNext()) {
              Principal principal = (Principal) principals.next();
              Permissions principalPermissions = (Permissions) principalPermissionsMap.get(principal);
  
              if (principalPermissions == null) {
                  principalPermissions = new Permissions();
                  principalPermissionsMap.put(principal, principalPermissions);
              }
  
              Iterator roles = ((HashSet) principalRoleMapping.get(principal)).iterator();
              while (roles.hasNext()) {
                  Enumeration rolePermissions = ((Permissions) rolePermissionsMap.get(roles.next())).elements();
                  while (rolePermissions.hasMoreElements()) {
                      principalPermissions.add((Permission) rolePermissions.nextElement());
                  }
              }
  
          }
          state = IN_SERVICE;
      }
  
      public boolean inService() throws PolicyContextException {
          return (state == IN_SERVICE);
      }
  }
  
  
  

Mime
View raw message