View Javadoc

1   /**
2    *
3    * Copyright 2003-2004 The Apache Software Foundation
4    *
5    *  Licensed under the Apache License, Version 2.0 (the "License");
6    *  you may not use this file except in compliance with the License.
7    *  You may obtain a copy of the License at
8    *
9    *     http://www.apache.org/licenses/LICENSE-2.0
10   *
11   *  Unless required by applicable law or agreed to in writing, software
12   *  distributed under the License is distributed on an "AS IS" BASIS,
13   *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   *  See the License for the specific language governing permissions and
15   *  limitations under the License.
16   */
17  
18  //
19  // This source code implements specifications defined by the Java
20  // Community Process. In order to remain compliant with the specification
21  // DO NOT add / change / or delete method signatures!
22  //
23  
24  package javax.security.jacc;
25  
26  import java.io.IOException;
27  import java.io.ObjectInputStream;
28  import java.io.ObjectOutputStream;
29  import java.io.Serializable;
30  import java.security.Permission;
31  import java.security.PermissionCollection;
32  import java.util.Hashtable;
33  import java.util.Enumeration;
34  import javax.servlet.http.HttpServletRequest;
35  
36  /**
37   * @version $Rev: 431818 $ $Date: 2006-08-15 21:55:26 -0700 (Tue, 15 Aug 2006) $
38   */
39  public final class WebResourcePermission extends Permission implements Serializable {
40      private transient int cachedHashCode = 0;
41      private transient URLPatternSpec urlPatternSpec;
42      private transient HTTPMethodSpec httpMethodSpec;
43  
44      public WebResourcePermission(HttpServletRequest request) {
45          super(request.getServletPath());
46  
47          urlPatternSpec = new URLPatternSpec(URLPatternSpec.encodeColons(request));
48          httpMethodSpec = new HTTPMethodSpec(request.getMethod(), HTTPMethodSpec.NA);
49      }
50  
51      public WebResourcePermission(String name, String actions) {
52          super(name);
53  
54          urlPatternSpec = new URLPatternSpec(name);
55          httpMethodSpec = new HTTPMethodSpec(actions, false);
56      }
57  
58      public WebResourcePermission(String urlPattern, String[] HTTPMethods) {
59          super(urlPattern);
60  
61          urlPatternSpec = new URLPatternSpec(urlPattern);
62          httpMethodSpec = new HTTPMethodSpec(HTTPMethods);
63      }
64  
65      public boolean equals(Object o) {
66          if (o == null || !(o instanceof WebResourcePermission)) return false;
67  
68          WebResourcePermission other = (WebResourcePermission) o;
69          return urlPatternSpec.equals(other.urlPatternSpec) && httpMethodSpec.equals(other.httpMethodSpec);
70      }
71  
72      public String getActions() {
73          return httpMethodSpec.getActions();
74      }
75  
76      public int hashCode() {
77          if (cachedHashCode == 0) {
78              cachedHashCode = urlPatternSpec.hashCode() ^ httpMethodSpec.hashCode();
79          }
80          return cachedHashCode;
81      }
82  
83      public boolean implies(Permission permission) {
84          if (permission == null || !(permission instanceof WebResourcePermission)) return false;
85  
86          WebResourcePermission other = (WebResourcePermission) permission;
87          return urlPatternSpec.implies(other.urlPatternSpec) && httpMethodSpec.implies(other.httpMethodSpec);
88      }
89  
90      public PermissionCollection newPermissionCollection() {
91          return new WebResourcePermissionCollection();
92      }
93  
94      private synchronized void readObject(ObjectInputStream in) throws IOException {
95          urlPatternSpec = new URLPatternSpec(in.readUTF());
96          httpMethodSpec = new HTTPMethodSpec(in.readUTF(), false);
97      }
98  
99      private synchronized void writeObject(ObjectOutputStream out) throws IOException {
100         out.writeUTF(urlPatternSpec.getPatternSpec());
101         out.writeUTF(httpMethodSpec.getActions());
102     }
103 
104     private static final class WebResourcePermissionCollection extends PermissionCollection {
105         private Hashtable permissions = new Hashtable();
106 
107         /**
108          * Adds a permission object to the current collection of permission objects.
109          *
110          * @param permission the Permission object to add.
111          *
112          * @exception SecurityException -  if this PermissionCollection object
113          *                                 has been marked readonly
114          */
115         public void add(Permission permission) {
116             if (isReadOnly()) throw new IllegalArgumentException("Read only collection");
117 
118             if (!(permission instanceof WebResourcePermission)) throw new IllegalArgumentException("Wrong permission type");
119 
120             WebResourcePermission p  = (WebResourcePermission)permission;
121 
122             permissions.put(p, p);
123         }
124 
125         /**
126          * Checks to see if the specified permission is implied by
127          * the collection of Permission objects held in this PermissionCollection.
128          *
129          * @param permission the Permission object to compare.
130          *
131          * @return true if "permission" is implied by the  permissions in
132          * the collection, false if not.
133          */
134         public boolean implies(Permission permission) {
135             if (!(permission instanceof WebResourcePermission)) return false;
136 
137             WebResourcePermission p  = (WebResourcePermission)permission;
138             Enumeration e = permissions.elements();
139 
140             while (e.hasMoreElements()) {
141                 if (((WebResourcePermission)e.nextElement()).implies(p)) return true;
142             }
143 
144             return false;
145         }
146 
147         /**
148          * Returns an enumeration of all the Permission objects in the collection.
149          *
150          * @return an enumeration of all the Permissions.
151          */
152         public Enumeration elements() {
153             return permissions.elements();
154         }
155     }
156 }
157