View Javadoc

1   /**
2    *
3    *  Licensed to the Apache Software Foundation (ASF) under one or more
4    *  contributor license agreements.  See the NOTICE file distributed with
5    *  this work for additional information regarding copyright ownership.
6    *  The ASF licenses this file to You under the Apache License, Version 2.0
7    *  (the "License"); you may not use this file except in compliance with
8    *  the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   *  Unless required by applicable law or agreed to in writing, software
13   *  distributed under the License is distributed on an "AS IS" BASIS,
14   *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   *  See the License for the specific language governing permissions and
16   *  limitations under the License.
17   */
18  
19  package org.apache.geronimo.security.jacc;
20  
21  import java.security.Permission;
22  import java.security.PermissionCollection;
23  import java.security.Permissions;
24  import java.security.Principal;
25  import java.security.ProtectionDomain;
26  import java.util.Enumeration;
27  import java.util.HashMap;
28  import java.util.HashSet;
29  import java.util.Iterator;
30  import java.util.Map;
31  
32  import javax.security.jacc.PolicyContextException;
33  
34  
35  /**
36   * @version $Rev: 470597 $ $Date: 2006-11-02 15:30:55 -0800 (Thu, 02 Nov 2006) $
37   */
38  public class PolicyConfigurationGeneric implements GeronimoPolicyConfiguration {
39      final static int OPEN = 1;
40      final static int IN_SERVICE = 2;
41      final static int DELETED = 3;
42  
43      private final String contextID;
44      private int state;
45      private final HashMap rolePermissionsMap = new HashMap();
46      private final HashMap principalRoleMapping = new HashMap();
47      private Permissions unchecked = null;
48      private Permissions excluded = null;
49  
50      private final HashMap principalPermissionsMap = new HashMap();
51  
52      PolicyConfigurationGeneric(String contextID) {
53          this.contextID = contextID;
54          this.state = OPEN;
55      }
56  
57      public String getContextID() throws PolicyContextException {
58          return contextID;
59      }
60  
61      public boolean implies(ProtectionDomain domain, Permission permission) {
62  
63          if (excluded != null && excluded.implies(permission)) return false;
64  
65          if (unchecked != null && unchecked.implies(permission)) return true;
66  
67          Principal[] principals = domain.getPrincipals();
68          if (principals.length == 0) return false;
69  
70          for (int i = 0; i < principals.length; i++) {
71              Principal principal = principals[i];
72  
73              Permissions permissions = (Permissions) principalPermissionsMap.get(principal);
74  
75              if (permissions != null && permissions.implies(permission)) return true;
76          }
77  
78          return false;
79      }
80  
81      public void setPrincipalRoleMapping(Map principalRoleMap) throws PolicyContextException {
82          principalRoleMapping.clear();
83          principalRoleMapping.putAll(principalRoleMap);
84      }
85  
86      public void addToRole(String roleName, PermissionCollection permissions) throws PolicyContextException {
87          if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
88  
89          Enumeration e = permissions.elements();
90          while (e.hasMoreElements()) {
91              addToRole(roleName, (Permission) e.nextElement());
92          }
93      }
94  
95      public void addToRole(String roleName, Permission permission) throws PolicyContextException {
96          if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
97  
98          Permissions permissions = (Permissions) rolePermissionsMap.get(roleName);
99          if (permissions == null) {
100             permissions = new Permissions();
101             rolePermissionsMap.put(roleName, permissions);
102         }
103         permissions.add(permission);
104     }
105 
106     public void addToUncheckedPolicy(PermissionCollection permissions) throws PolicyContextException {
107         if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
108 
109         Enumeration e = permissions.elements();
110         while (e.hasMoreElements()) {
111             addToUncheckedPolicy((Permission) e.nextElement());
112         }
113     }
114 
115     public void addToUncheckedPolicy(Permission permission) throws PolicyContextException {
116         if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
117 
118         if (unchecked == null) unchecked = new Permissions();
119 
120         unchecked.add(permission);
121     }
122 
123     public void addToExcludedPolicy(PermissionCollection permissions) throws PolicyContextException {
124         if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
125 
126         Enumeration e = permissions.elements();
127         while (e.hasMoreElements()) {
128             addToExcludedPolicy((Permission) e.nextElement());
129         }
130     }
131 
132     public void addToExcludedPolicy(Permission permission) throws PolicyContextException {
133         if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
134 
135         if (excluded == null) excluded = new Permissions();
136 
137         excluded.add(permission);
138     }
139 
140     public void removeRole(String roleName) throws PolicyContextException {
141         if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
142 
143         rolePermissionsMap.remove(roleName);
144     }
145 
146     public void removeUncheckedPolicy() throws PolicyContextException {
147         if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
148 
149         unchecked = null;
150     }
151 
152     public void removeExcludedPolicy() throws PolicyContextException {
153         if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
154 
155         excluded = null;
156     }
157 
158     public void linkConfiguration(javax.security.jacc.PolicyConfiguration link) throws PolicyContextException {
159         if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
160     }
161 
162     public void delete() throws PolicyContextException {
163         state = DELETED;
164     }
165 
166     public void commit() throws PolicyContextException {
167         if (state != OPEN) throw new UnsupportedOperationException("Not in an open state");
168 
169         for (Iterator principalEntries = principalRoleMapping.entrySet().iterator(); principalEntries.hasNext(); ) {
170             Map.Entry principalEntry = (Map.Entry) principalEntries.next();
171             Principal principal = (Principal) principalEntry.getKey();
172             Permissions principalPermissions = (Permissions) principalPermissionsMap.get(principal);
173 
174             if (principalPermissions == null) {
175                 principalPermissions = new Permissions();
176                 principalPermissionsMap.put(principal, principalPermissions);
177             }
178 
179             HashSet roleSet = (HashSet) principalEntry.getValue();
180             for (Iterator roles = roleSet.iterator(); roles.hasNext(); ) {
181                 Permissions permissions = (Permissions) rolePermissionsMap.get(roles.next());
182                 if (permissions == null) continue;
183                 for (Enumeration rolePermissions = permissions.elements(); rolePermissions.hasMoreElements(); ) {
184                     principalPermissions.add((Permission) rolePermissions.nextElement());
185                 }
186             }
187 
188         }
189         state = IN_SERVICE;
190     }
191 
192     public boolean inService() throws PolicyContextException {
193         return (state == IN_SERVICE);
194     }
195 
196     //TODO I have no idea what side effects this might have, but it's needed in some form from GeronimoPolicyConfigurationFactory.
197     //see JACC spec 1.0 section 3.1.1.1 discussion of in service and deleted.
198     //spec p. 31 3.1.7 on the effects of remove:
199     //If the getPolicyConfiguration method  is used, the value true should be passed as the second
200     //  argument to cause the  corresponding policy statements to be deleted from the context.
201     public void open(boolean remove) {
202         if (remove) {
203             rolePermissionsMap.clear();
204             principalRoleMapping.clear();
205             unchecked = null;
206             excluded = null;
207             principalPermissionsMap.clear();
208         }
209         state = OPEN;
210     }
211 
212     int getState() {
213         return state;
214     }
215 }