001 /** 002 * 003 * Copyright 2003-2004 The Apache Software Foundation 004 * 005 * Licensed under the Apache License, Version 2.0 (the "License"); 006 * you may not use this file except in compliance with the License. 007 * You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017 018 // 019 // This source code implements specifications defined by the Java 020 // Community Process. In order to remain compliant with the specification 021 // DO NOT add / change / or delete method signatures! 022 // 023 024 package javax.security.jacc; 025 026 import java.io.IOException; 027 import java.io.ObjectInputStream; 028 import java.io.ObjectOutputStream; 029 import java.io.Serializable; 030 import java.security.Permission; 031 import java.security.PermissionCollection; 032 import java.util.Hashtable; 033 import java.util.Enumeration; 034 import javax.servlet.http.HttpServletRequest; 035 036 037 /** 038 * Class for Servlet Web user data permissions. A WebUserDataPermission is a 039 * named permission and has actions.<p> 040 * <p/> 041 * The name of a WebUserDataPermission (also referred to as the target name) 042 * identifies a Web resource by its context path relative URL pattern. 043 * 044 * @version $Rev: 431818 $ $Date: 2006-08-15 21:55:26 -0700 (Tue, 15 Aug 2006) $ 045 * @see java.security.Permission 046 */ 047 public final class WebUserDataPermission extends Permission implements Serializable { 048 049 private transient int cachedHashCode = 0; 050 private transient URLPatternSpec urlPatternSpec; 051 private transient HTTPMethodSpec httpMethodSpec; 052 053 /** 054 * Creates a new WebUserDataPermission from the HttpServletRequest object. 055 * 056 * @param request the HttpServletRequest object corresponding to the 057 * Servlet operation to which the permission pertains. The permission 058 * name is the substring of the requestURI (HttpServletRequest.getRequestURI()) 059 * that begins after the contextPath (HttpServletRequest.getContextPath()). 060 * When the substring operation yields the string �/�, the permission is 061 * constructed with the empty string as its name. The HTTP method component 062 * of the permission�s actions is as obtained from HttpServletRequest.getMethod(). 063 * The TransportType component of the permission�s actions is determined 064 * by calling HttpServletRequest.isSecure(). 065 */ 066 public WebUserDataPermission(HttpServletRequest request) { 067 super(request.getServletPath()); 068 069 urlPatternSpec = new URLPatternSpec(URLPatternSpec.encodeColons(request)); 070 httpMethodSpec = new HTTPMethodSpec(request.getMethod(), request.isSecure()? HTTPMethodSpec.CONFIDENTIAL: HTTPMethodSpec.NONE); 071 } 072 073 public WebUserDataPermission(String name, String actions) { 074 super(name); 075 076 urlPatternSpec = new URLPatternSpec(name); 077 httpMethodSpec = new HTTPMethodSpec(actions, true); 078 } 079 080 public WebUserDataPermission(String urlPattern, String[] HTTPMethods, String transportType) { 081 super(urlPattern); 082 083 urlPatternSpec = new URLPatternSpec(urlPattern); 084 httpMethodSpec = new HTTPMethodSpec(HTTPMethods, transportType == null? "NONE": transportType); 085 } 086 087 public boolean equals(Object o) { 088 if (o == null || !(o instanceof WebUserDataPermission)) return false; 089 090 WebUserDataPermission other = (WebUserDataPermission) o; 091 return urlPatternSpec.equals(other.urlPatternSpec) && httpMethodSpec.equals(other.httpMethodSpec); 092 } 093 094 public String getActions() { 095 return httpMethodSpec.getActions(); 096 } 097 098 public int hashCode() { 099 if (cachedHashCode == 0) { 100 cachedHashCode = urlPatternSpec.hashCode() ^ httpMethodSpec.hashCode(); 101 } 102 return cachedHashCode; 103 } 104 105 public boolean implies(Permission permission) { 106 if (permission == null || !(permission instanceof WebUserDataPermission)) return false; 107 108 WebUserDataPermission other = (WebUserDataPermission) permission; 109 return urlPatternSpec.implies(other.urlPatternSpec) && httpMethodSpec.implies(other.httpMethodSpec); 110 } 111 112 public PermissionCollection newPermissionCollection() { 113 return new WebUserDataPermissionCollection(); 114 } 115 116 private synchronized void readObject(ObjectInputStream in) throws IOException { 117 urlPatternSpec = new URLPatternSpec(in.readUTF()); 118 httpMethodSpec = new HTTPMethodSpec(in.readUTF(), true); 119 } 120 121 private synchronized void writeObject(ObjectOutputStream out) throws IOException { 122 out.writeUTF(urlPatternSpec.getPatternSpec()); 123 out.writeUTF(httpMethodSpec.getActions()); 124 } 125 126 private static final class WebUserDataPermissionCollection extends PermissionCollection { 127 private Hashtable permissions = new Hashtable(); 128 129 /** 130 * Adds a permission object to the current collection of permission objects. 131 * 132 * @param permission the Permission object to add. 133 * 134 * @exception SecurityException - if this PermissionCollection object 135 * has been marked readonly 136 */ 137 public void add(Permission permission) { 138 if (isReadOnly()) throw new IllegalArgumentException("Read only collection"); 139 140 if (!(permission instanceof WebUserDataPermission)) throw new IllegalArgumentException("Wrong permission type"); 141 142 WebUserDataPermission p = (WebUserDataPermission)permission; 143 144 permissions.put(p, p); 145 } 146 147 /** 148 * Checks to see if the specified permission is implied by 149 * the collection of Permission objects held in this PermissionCollection. 150 * 151 * @param permission the Permission object to compare. 152 * 153 * @return true if "permission" is implied by the permissions in 154 * the collection, false if not. 155 */ 156 public boolean implies(Permission permission) { 157 if (!(permission instanceof WebUserDataPermission)) return false; 158 159 WebUserDataPermission p = (WebUserDataPermission)permission; 160 Enumeration e = permissions.elements(); 161 162 while (e.hasMoreElements()) { 163 if (((WebUserDataPermission)e.nextElement()).implies(p)) return true; 164 } 165 166 return false; 167 168 } 169 170 /** 171 * Returns an enumeration of all the Permission objects in the collection. 172 * 173 * @return an enumeration of all the Permissions. 174 */ 175 public Enumeration elements() { 176 return permissions.elements(); 177 } 178 } 179 } 180 181 182