1 /**
2 *
3 * Licensed to the Apache Software Foundation (ASF) under one or more
4 * contributor license agreements. See the NOTICE file distributed with
5 * this work for additional information regarding copyright ownership.
6 * The ASF licenses this file to You under the Apache License, Version 2.0
7 * (the "License"); you may not use this file except in compliance with
8 * the License. You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License.
17 */
18
19 package org.apache.geronimo.security.jacc;
20
21 import java.security.Permission;
22 import java.security.PermissionCollection;
23 import java.security.Permissions;
24 import java.security.Principal;
25 import java.security.ProtectionDomain;
26 import java.util.Enumeration;
27 import java.util.HashMap;
28 import java.util.HashSet;
29 import java.util.Iterator;
30 import java.util.Map;
31
32 import javax.security.jacc.PolicyContextException;
33
34
35 /**
36 * @version $Rev: 470597 $ $Date: 2006-11-02 15:30:55 -0800 (Thu, 02 Nov 2006) $
37 */
38 public class PolicyConfigurationGeneric implements GeronimoPolicyConfiguration {
39 final static int OPEN = 1;
40 final static int IN_SERVICE = 2;
41 final static int DELETED = 3;
42
43 private final String contextID;
44 private int state;
45 private final HashMap rolePermissionsMap = new HashMap();
46 private final HashMap principalRoleMapping = new HashMap();
47 private Permissions unchecked = null;
48 private Permissions excluded = null;
49
50 private final HashMap principalPermissionsMap = new HashMap();
51
52 PolicyConfigurationGeneric(String contextID) {
53 this.contextID = contextID;
54 this.state = OPEN;
55 }
56
57 public String getContextID() throws PolicyContextException {
58 return contextID;
59 }
60
61 public boolean implies(ProtectionDomain domain, Permission permission) {
62
63 if (excluded != null && excluded.implies(permission)) return false;
64
65 if (unchecked != null && unchecked.implies(permission)) return true;
66
67 Principal[] principals = domain.getPrincipals();
68 if (principals.length == 0) return false;
69
70 for (int i = 0; i < principals.length; i++) {
71 Principal principal = principals[i];
72
73 Permissions permissions = (Permissions) principalPermissionsMap.get(principal);
74
75 if (permissions != null && permissions.implies(permission)) return true;
76 }
77
78 return false;
79 }
80
81 public void setPrincipalRoleMapping(Map principalRoleMap) throws PolicyContextException {
82 principalRoleMapping.clear();
83 principalRoleMapping.putAll(principalRoleMap);
84 }
85
86 public void addToRole(String roleName, PermissionCollection permissions) throws PolicyContextException {
87 if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
88
89 Enumeration e = permissions.elements();
90 while (e.hasMoreElements()) {
91 addToRole(roleName, (Permission) e.nextElement());
92 }
93 }
94
95 public void addToRole(String roleName, Permission permission) throws PolicyContextException {
96 if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
97
98 Permissions permissions = (Permissions) rolePermissionsMap.get(roleName);
99 if (permissions == null) {
100 permissions = new Permissions();
101 rolePermissionsMap.put(roleName, permissions);
102 }
103 permissions.add(permission);
104 }
105
106 public void addToUncheckedPolicy(PermissionCollection permissions) throws PolicyContextException {
107 if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
108
109 Enumeration e = permissions.elements();
110 while (e.hasMoreElements()) {
111 addToUncheckedPolicy((Permission) e.nextElement());
112 }
113 }
114
115 public void addToUncheckedPolicy(Permission permission) throws PolicyContextException {
116 if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
117
118 if (unchecked == null) unchecked = new Permissions();
119
120 unchecked.add(permission);
121 }
122
123 public void addToExcludedPolicy(PermissionCollection permissions) throws PolicyContextException {
124 if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
125
126 Enumeration e = permissions.elements();
127 while (e.hasMoreElements()) {
128 addToExcludedPolicy((Permission) e.nextElement());
129 }
130 }
131
132 public void addToExcludedPolicy(Permission permission) throws PolicyContextException {
133 if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
134
135 if (excluded == null) excluded = new Permissions();
136
137 excluded.add(permission);
138 }
139
140 public void removeRole(String roleName) throws PolicyContextException {
141 if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
142
143 rolePermissionsMap.remove(roleName);
144 }
145
146 public void removeUncheckedPolicy() throws PolicyContextException {
147 if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
148
149 unchecked = null;
150 }
151
152 public void removeExcludedPolicy() throws PolicyContextException {
153 if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
154
155 excluded = null;
156 }
157
158 public void linkConfiguration(javax.security.jacc.PolicyConfiguration link) throws PolicyContextException {
159 if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
160 }
161
162 public void delete() throws PolicyContextException {
163 state = DELETED;
164 }
165
166 public void commit() throws PolicyContextException {
167 if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
168
169 for (Iterator principalEntries = principalRoleMapping.entrySet().iterator(); principalEntries.hasNext(); ) {
170 Map.Entry principalEntry = (Map.Entry) principalEntries.next();
171 Principal principal = (Principal) principalEntry.getKey();
172 Permissions principalPermissions = (Permissions) principalPermissionsMap.get(principal);
173
174 if (principalPermissions == null) {
175 principalPermissions = new Permissions();
176 principalPermissionsMap.put(principal, principalPermissions);
177 }
178
179 HashSet roleSet = (HashSet) principalEntry.getValue();
180 for (Iterator roles = roleSet.iterator(); roles.hasNext(); ) {
181 Permissions permissions = (Permissions) rolePermissionsMap.get(roles.next());
182 if (permissions == null) continue;
183 for (Enumeration rolePermissions = permissions.elements(); rolePermissions.hasMoreElements(); ) {
184 principalPermissions.add((Permission) rolePermissions.nextElement());
185 }
186 }
187
188 }
189 state = IN_SERVICE;
190 }
191
192 public boolean inService() throws PolicyContextException {
193 return (state == IN_SERVICE);
194 }
195
196
197
198
199
200
201 public void open(boolean remove) {
202 if (remove) {
203 rolePermissionsMap.clear();
204 principalRoleMapping.clear();
205 unchecked = null;
206 excluded = null;
207 principalPermissionsMap.clear();
208 }
209 state = OPEN;
210 }
211
212 int getState() {
213 return state;
214 }
215 }