1 /**
2 *
3 * Copyright 2003-2004 The Apache Software Foundation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 */
17
18
19
20
21
22
23
24 package javax.security.jacc;
25
26 import java.io.IOException;
27 import java.io.ObjectInputStream;
28 import java.io.ObjectOutputStream;
29 import java.io.Serializable;
30 import java.security.Permission;
31 import java.security.PermissionCollection;
32 import java.util.Hashtable;
33 import java.util.Enumeration;
34 import javax.servlet.http.HttpServletRequest;
35
36 /**
37 * @version $Rev: 431818 $ $Date: 2006-08-15 21:55:26 -0700 (Tue, 15 Aug 2006) $
38 */
39 public final class WebResourcePermission extends Permission implements Serializable {
40 private transient int cachedHashCode = 0;
41 private transient URLPatternSpec urlPatternSpec;
42 private transient HTTPMethodSpec httpMethodSpec;
43
44 public WebResourcePermission(HttpServletRequest request) {
45 super(request.getServletPath());
46
47 urlPatternSpec = new URLPatternSpec(URLPatternSpec.encodeColons(request));
48 httpMethodSpec = new HTTPMethodSpec(request.getMethod(), HTTPMethodSpec.NA);
49 }
50
51 public WebResourcePermission(String name, String actions) {
52 super(name);
53
54 urlPatternSpec = new URLPatternSpec(name);
55 httpMethodSpec = new HTTPMethodSpec(actions, false);
56 }
57
58 public WebResourcePermission(String urlPattern, String[] HTTPMethods) {
59 super(urlPattern);
60
61 urlPatternSpec = new URLPatternSpec(urlPattern);
62 httpMethodSpec = new HTTPMethodSpec(HTTPMethods);
63 }
64
65 public boolean equals(Object o) {
66 if (o == null || !(o instanceof WebResourcePermission)) return false;
67
68 WebResourcePermission other = (WebResourcePermission) o;
69 return urlPatternSpec.equals(other.urlPatternSpec) && httpMethodSpec.equals(other.httpMethodSpec);
70 }
71
72 public String getActions() {
73 return httpMethodSpec.getActions();
74 }
75
76 public int hashCode() {
77 if (cachedHashCode == 0) {
78 cachedHashCode = urlPatternSpec.hashCode() ^ httpMethodSpec.hashCode();
79 }
80 return cachedHashCode;
81 }
82
83 public boolean implies(Permission permission) {
84 if (permission == null || !(permission instanceof WebResourcePermission)) return false;
85
86 WebResourcePermission other = (WebResourcePermission) permission;
87 return urlPatternSpec.implies(other.urlPatternSpec) && httpMethodSpec.implies(other.httpMethodSpec);
88 }
89
90 public PermissionCollection newPermissionCollection() {
91 return new WebResourcePermissionCollection();
92 }
93
94 private synchronized void readObject(ObjectInputStream in) throws IOException {
95 urlPatternSpec = new URLPatternSpec(in.readUTF());
96 httpMethodSpec = new HTTPMethodSpec(in.readUTF(), false);
97 }
98
99 private synchronized void writeObject(ObjectOutputStream out) throws IOException {
100 out.writeUTF(urlPatternSpec.getPatternSpec());
101 out.writeUTF(httpMethodSpec.getActions());
102 }
103
104 private static final class WebResourcePermissionCollection extends PermissionCollection {
105 private Hashtable permissions = new Hashtable();
106
107 /**
108 * Adds a permission object to the current collection of permission objects.
109 *
110 * @param permission the Permission object to add.
111 *
112 * @exception SecurityException - if this PermissionCollection object
113 * has been marked readonly
114 */
115 public void add(Permission permission) {
116 if (isReadOnly()) throw new IllegalArgumentException("Read only collection");
117
118 if (!(permission instanceof WebResourcePermission)) throw new IllegalArgumentException("Wrong permission type");
119
120 WebResourcePermission p = (WebResourcePermission)permission;
121
122 permissions.put(p, p);
123 }
124
125 /**
126 * Checks to see if the specified permission is implied by
127 * the collection of Permission objects held in this PermissionCollection.
128 *
129 * @param permission the Permission object to compare.
130 *
131 * @return true if "permission" is implied by the permissions in
132 * the collection, false if not.
133 */
134 public boolean implies(Permission permission) {
135 if (!(permission instanceof WebResourcePermission)) return false;
136
137 WebResourcePermission p = (WebResourcePermission)permission;
138 Enumeration e = permissions.elements();
139
140 while (e.hasMoreElements()) {
141 if (((WebResourcePermission)e.nextElement()).implies(p)) return true;
142 }
143
144 return false;
145 }
146
147 /**
148 * Returns an enumeration of all the Permission objects in the collection.
149 *
150 * @return an enumeration of all the Permissions.
151 */
152 public Enumeration elements() {
153 return permissions.elements();
154 }
155 }
156 }
157