001 /**
002 *
003 * Copyright 2003-2004 The Apache Software Foundation
004 *
005 * Licensed under the Apache License, Version 2.0 (the "License");
006 * you may not use this file except in compliance with the License.
007 * You may obtain a copy of the License at
008 *
009 * http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017
018 //
019 // This source code implements specifications defined by the Java
020 // Community Process. In order to remain compliant with the specification
021 // DO NOT add / change / or delete method signatures!
022 //
023
024 package javax.security.jacc;
025
026 import java.io.IOException;
027 import java.io.ObjectInputStream;
028 import java.io.ObjectOutputStream;
029 import java.io.Serializable;
030 import java.security.Permission;
031 import java.security.PermissionCollection;
032 import java.util.Hashtable;
033 import java.util.Enumeration;
034 import javax.servlet.http.HttpServletRequest;
035
036 /**
037 * @version $Rev: 431818 $ $Date: 2006-08-15 21:55:26 -0700 (Tue, 15 Aug 2006) $
038 */
039 public final class WebResourcePermission extends Permission implements Serializable {
040 private transient int cachedHashCode = 0;
041 private transient URLPatternSpec urlPatternSpec;
042 private transient HTTPMethodSpec httpMethodSpec;
043
044 public WebResourcePermission(HttpServletRequest request) {
045 super(request.getServletPath());
046
047 urlPatternSpec = new URLPatternSpec(URLPatternSpec.encodeColons(request));
048 httpMethodSpec = new HTTPMethodSpec(request.getMethod(), HTTPMethodSpec.NA);
049 }
050
051 public WebResourcePermission(String name, String actions) {
052 super(name);
053
054 urlPatternSpec = new URLPatternSpec(name);
055 httpMethodSpec = new HTTPMethodSpec(actions, false);
056 }
057
058 public WebResourcePermission(String urlPattern, String[] HTTPMethods) {
059 super(urlPattern);
060
061 urlPatternSpec = new URLPatternSpec(urlPattern);
062 httpMethodSpec = new HTTPMethodSpec(HTTPMethods);
063 }
064
065 public boolean equals(Object o) {
066 if (o == null || !(o instanceof WebResourcePermission)) return false;
067
068 WebResourcePermission other = (WebResourcePermission) o;
069 return urlPatternSpec.equals(other.urlPatternSpec) && httpMethodSpec.equals(other.httpMethodSpec);
070 }
071
072 public String getActions() {
073 return httpMethodSpec.getActions();
074 }
075
076 public int hashCode() {
077 if (cachedHashCode == 0) {
078 cachedHashCode = urlPatternSpec.hashCode() ^ httpMethodSpec.hashCode();
079 }
080 return cachedHashCode;
081 }
082
083 public boolean implies(Permission permission) {
084 if (permission == null || !(permission instanceof WebResourcePermission)) return false;
085
086 WebResourcePermission other = (WebResourcePermission) permission;
087 return urlPatternSpec.implies(other.urlPatternSpec) && httpMethodSpec.implies(other.httpMethodSpec);
088 }
089
090 public PermissionCollection newPermissionCollection() {
091 return new WebResourcePermissionCollection();
092 }
093
094 private synchronized void readObject(ObjectInputStream in) throws IOException {
095 urlPatternSpec = new URLPatternSpec(in.readUTF());
096 httpMethodSpec = new HTTPMethodSpec(in.readUTF(), false);
097 }
098
099 private synchronized void writeObject(ObjectOutputStream out) throws IOException {
100 out.writeUTF(urlPatternSpec.getPatternSpec());
101 out.writeUTF(httpMethodSpec.getActions());
102 }
103
104 private static final class WebResourcePermissionCollection extends PermissionCollection {
105 private Hashtable permissions = new Hashtable();
106
107 /**
108 * Adds a permission object to the current collection of permission objects.
109 *
110 * @param permission the Permission object to add.
111 *
112 * @exception SecurityException - if this PermissionCollection object
113 * has been marked readonly
114 */
115 public void add(Permission permission) {
116 if (isReadOnly()) throw new IllegalArgumentException("Read only collection");
117
118 if (!(permission instanceof WebResourcePermission)) throw new IllegalArgumentException("Wrong permission type");
119
120 WebResourcePermission p = (WebResourcePermission)permission;
121
122 permissions.put(p, p);
123 }
124
125 /**
126 * Checks to see if the specified permission is implied by
127 * the collection of Permission objects held in this PermissionCollection.
128 *
129 * @param permission the Permission object to compare.
130 *
131 * @return true if "permission" is implied by the permissions in
132 * the collection, false if not.
133 */
134 public boolean implies(Permission permission) {
135 if (!(permission instanceof WebResourcePermission)) return false;
136
137 WebResourcePermission p = (WebResourcePermission)permission;
138 Enumeration e = permissions.elements();
139
140 while (e.hasMoreElements()) {
141 if (((WebResourcePermission)e.nextElement()).implies(p)) return true;
142 }
143
144 return false;
145 }
146
147 /**
148 * Returns an enumeration of all the Permission objects in the collection.
149 *
150 * @return an enumeration of all the Permissions.
151 */
152 public Enumeration elements() {
153 return permissions.elements();
154 }
155 }
156 }
157