001 /**
002 *
003 * Copyright 2003-2004 The Apache Software Foundation
004 *
005 * Licensed under the Apache License, Version 2.0 (the "License");
006 * you may not use this file except in compliance with the License.
007 * You may obtain a copy of the License at
008 *
009 * http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017
018 //
019 // This source code implements specifications defined by the Java
020 // Community Process. In order to remain compliant with the specification
021 // DO NOT add / change / or delete method signatures!
022 //
023
024 package javax.security.jacc;
025
026 import java.io.IOException;
027 import java.io.ObjectInputStream;
028 import java.io.ObjectOutputStream;
029 import java.io.Serializable;
030 import java.security.Permission;
031 import java.security.PermissionCollection;
032 import java.util.Hashtable;
033 import java.util.Enumeration;
034 import javax.servlet.http.HttpServletRequest;
035
036
037 /**
038 * Class for Servlet Web user data permissions. A WebUserDataPermission is a
039 * named permission and has actions.<p>
040 * <p/>
041 * The name of a WebUserDataPermission (also referred to as the target name)
042 * identifies a Web resource by its context path relative URL pattern.
043 *
044 * @version $Rev: 431818 $ $Date: 2006-08-15 21:55:26 -0700 (Tue, 15 Aug 2006) $
045 * @see java.security.Permission
046 */
047 public final class WebUserDataPermission extends Permission implements Serializable {
048
049 private transient int cachedHashCode = 0;
050 private transient URLPatternSpec urlPatternSpec;
051 private transient HTTPMethodSpec httpMethodSpec;
052
053 /**
054 * Creates a new WebUserDataPermission from the HttpServletRequest object.
055 *
056 * @param request the HttpServletRequest object corresponding to the
057 * Servlet operation to which the permission pertains. The permission
058 * name is the substring of the requestURI (HttpServletRequest.getRequestURI())
059 * that begins after the contextPath (HttpServletRequest.getContextPath()).
060 * When the substring operation yields the string �/�, the permission is
061 * constructed with the empty string as its name. The HTTP method component
062 * of the permission�s actions is as obtained from HttpServletRequest.getMethod().
063 * The TransportType component of the permission�s actions is determined
064 * by calling HttpServletRequest.isSecure().
065 */
066 public WebUserDataPermission(HttpServletRequest request) {
067 super(request.getServletPath());
068
069 urlPatternSpec = new URLPatternSpec(URLPatternSpec.encodeColons(request));
070 httpMethodSpec = new HTTPMethodSpec(request.getMethod(), request.isSecure()? HTTPMethodSpec.CONFIDENTIAL: HTTPMethodSpec.NONE);
071 }
072
073 public WebUserDataPermission(String name, String actions) {
074 super(name);
075
076 urlPatternSpec = new URLPatternSpec(name);
077 httpMethodSpec = new HTTPMethodSpec(actions, true);
078 }
079
080 public WebUserDataPermission(String urlPattern, String[] HTTPMethods, String transportType) {
081 super(urlPattern);
082
083 urlPatternSpec = new URLPatternSpec(urlPattern);
084 httpMethodSpec = new HTTPMethodSpec(HTTPMethods, transportType == null? "NONE": transportType);
085 }
086
087 public boolean equals(Object o) {
088 if (o == null || !(o instanceof WebUserDataPermission)) return false;
089
090 WebUserDataPermission other = (WebUserDataPermission) o;
091 return urlPatternSpec.equals(other.urlPatternSpec) && httpMethodSpec.equals(other.httpMethodSpec);
092 }
093
094 public String getActions() {
095 return httpMethodSpec.getActions();
096 }
097
098 public int hashCode() {
099 if (cachedHashCode == 0) {
100 cachedHashCode = urlPatternSpec.hashCode() ^ httpMethodSpec.hashCode();
101 }
102 return cachedHashCode;
103 }
104
105 public boolean implies(Permission permission) {
106 if (permission == null || !(permission instanceof WebUserDataPermission)) return false;
107
108 WebUserDataPermission other = (WebUserDataPermission) permission;
109 return urlPatternSpec.implies(other.urlPatternSpec) && httpMethodSpec.implies(other.httpMethodSpec);
110 }
111
112 public PermissionCollection newPermissionCollection() {
113 return new WebUserDataPermissionCollection();
114 }
115
116 private synchronized void readObject(ObjectInputStream in) throws IOException {
117 urlPatternSpec = new URLPatternSpec(in.readUTF());
118 httpMethodSpec = new HTTPMethodSpec(in.readUTF(), true);
119 }
120
121 private synchronized void writeObject(ObjectOutputStream out) throws IOException {
122 out.writeUTF(urlPatternSpec.getPatternSpec());
123 out.writeUTF(httpMethodSpec.getActions());
124 }
125
126 private static final class WebUserDataPermissionCollection extends PermissionCollection {
127 private Hashtable permissions = new Hashtable();
128
129 /**
130 * Adds a permission object to the current collection of permission objects.
131 *
132 * @param permission the Permission object to add.
133 *
134 * @exception SecurityException - if this PermissionCollection object
135 * has been marked readonly
136 */
137 public void add(Permission permission) {
138 if (isReadOnly()) throw new IllegalArgumentException("Read only collection");
139
140 if (!(permission instanceof WebUserDataPermission)) throw new IllegalArgumentException("Wrong permission type");
141
142 WebUserDataPermission p = (WebUserDataPermission)permission;
143
144 permissions.put(p, p);
145 }
146
147 /**
148 * Checks to see if the specified permission is implied by
149 * the collection of Permission objects held in this PermissionCollection.
150 *
151 * @param permission the Permission object to compare.
152 *
153 * @return true if "permission" is implied by the permissions in
154 * the collection, false if not.
155 */
156 public boolean implies(Permission permission) {
157 if (!(permission instanceof WebUserDataPermission)) return false;
158
159 WebUserDataPermission p = (WebUserDataPermission)permission;
160 Enumeration e = permissions.elements();
161
162 while (e.hasMoreElements()) {
163 if (((WebUserDataPermission)e.nextElement()).implies(p)) return true;
164 }
165
166 return false;
167
168 }
169
170 /**
171 * Returns an enumeration of all the Permission objects in the collection.
172 *
173 * @return an enumeration of all the Permissions.
174 */
175 public Enumeration elements() {
176 return permissions.elements();
177 }
178 }
179 }
180
181
182