View Javadoc

1   /**
2    *
3    * Copyright 2003-2004 The Apache Software Foundation
4    *
5    *  Licensed under the Apache License, Version 2.0 (the "License");
6    *  you may not use this file except in compliance with the License.
7    *  You may obtain a copy of the License at
8    *
9    *     http://www.apache.org/licenses/LICENSE-2.0
10   *
11   *  Unless required by applicable law or agreed to in writing, software
12   *  distributed under the License is distributed on an "AS IS" BASIS,
13   *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   *  See the License for the specific language governing permissions and
15   *  limitations under the License.
16   */
17  
18  //
19  // This source code implements specifications defined by the Java
20  // Community Process. In order to remain compliant with the specification
21  // DO NOT add / change / or delete method signatures!
22  //
23  
24  package javax.security.jacc;
25  
26  import java.io.IOException;
27  import java.io.ObjectInputStream;
28  import java.io.ObjectOutputStream;
29  import java.io.Serializable;
30  import java.security.Permission;
31  import java.security.PermissionCollection;
32  import java.util.Hashtable;
33  import java.util.Enumeration;
34  import javax.servlet.http.HttpServletRequest;
35  
36  
37  /**
38   * Class for Servlet Web user data permissions. A WebUserDataPermission is a
39   * named permission and has actions.<p>
40   * <p/>
41   * The name of a WebUserDataPermission (also referred to as the target name)
42   * identifies a Web resource by its context path relative URL pattern.
43   *
44   * @version $Rev: 431818 $ $Date: 2006-08-15 21:55:26 -0700 (Tue, 15 Aug 2006) $
45   * @see java.security.Permission
46   */
47  public final class WebUserDataPermission extends Permission implements Serializable {
48  
49      private transient int cachedHashCode = 0;
50      private transient URLPatternSpec urlPatternSpec;
51      private transient HTTPMethodSpec httpMethodSpec;
52  
53      /**
54       * Creates a new WebUserDataPermission from the HttpServletRequest object.
55       *
56       * @param request the HttpServletRequest object corresponding to the
57       *                Servlet operation to which the permission pertains. The permission
58       *                name is the substring of the requestURI (HttpServletRequest.getRequestURI())
59       *                that begins after the contextPath (HttpServletRequest.getContextPath()).
60       *                When the substring operation yields the string �/�, the permission is
61       *                constructed with the empty string as its name. The HTTP method component
62       *                of the permission�s actions is as obtained from HttpServletRequest.getMethod().
63       *                The TransportType component of the permission�s actions is determined
64       *                by calling HttpServletRequest.isSecure().
65       */
66      public WebUserDataPermission(HttpServletRequest request) {
67          super(request.getServletPath());
68  
69          urlPatternSpec = new URLPatternSpec(URLPatternSpec.encodeColons(request));
70          httpMethodSpec = new HTTPMethodSpec(request.getMethod(), request.isSecure()? HTTPMethodSpec.CONFIDENTIAL: HTTPMethodSpec.NONE);
71      }
72  
73      public WebUserDataPermission(String name, String actions) {
74          super(name);
75  
76          urlPatternSpec = new URLPatternSpec(name);
77          httpMethodSpec = new HTTPMethodSpec(actions, true);
78      }
79  
80      public WebUserDataPermission(String urlPattern, String[] HTTPMethods, String transportType) {
81          super(urlPattern);
82  
83          urlPatternSpec = new URLPatternSpec(urlPattern);
84          httpMethodSpec = new HTTPMethodSpec(HTTPMethods, transportType == null? "NONE": transportType);
85      }
86  
87      public boolean equals(Object o) {
88          if (o == null || !(o instanceof WebUserDataPermission)) return false;
89  
90          WebUserDataPermission other = (WebUserDataPermission) o;
91          return urlPatternSpec.equals(other.urlPatternSpec) && httpMethodSpec.equals(other.httpMethodSpec);
92      }
93  
94      public String getActions() {
95          return httpMethodSpec.getActions();
96      }
97  
98      public int hashCode() {
99          if (cachedHashCode == 0) {
100             cachedHashCode = urlPatternSpec.hashCode() ^ httpMethodSpec.hashCode();
101         }
102         return cachedHashCode;
103     }
104 
105     public boolean implies(Permission permission) {
106         if (permission == null || !(permission instanceof WebUserDataPermission)) return false;
107 
108         WebUserDataPermission other = (WebUserDataPermission) permission;
109         return urlPatternSpec.implies(other.urlPatternSpec) && httpMethodSpec.implies(other.httpMethodSpec);
110     }
111 
112     public PermissionCollection newPermissionCollection() {
113         return new WebUserDataPermissionCollection();
114     }
115 
116     private synchronized void readObject(ObjectInputStream in) throws IOException {
117         urlPatternSpec = new URLPatternSpec(in.readUTF());
118         httpMethodSpec = new HTTPMethodSpec(in.readUTF(), true);
119     }
120 
121     private synchronized void writeObject(ObjectOutputStream out) throws IOException {
122         out.writeUTF(urlPatternSpec.getPatternSpec());
123         out.writeUTF(httpMethodSpec.getActions());
124     }
125 
126     private static final class WebUserDataPermissionCollection extends PermissionCollection {
127         private Hashtable permissions = new Hashtable();
128 
129         /**
130          * Adds a permission object to the current collection of permission objects.
131          *
132          * @param permission the Permission object to add.
133          *
134          * @exception SecurityException -  if this PermissionCollection object
135          *                                 has been marked readonly
136          */
137         public void add(Permission permission) {
138             if (isReadOnly()) throw new IllegalArgumentException("Read only collection");
139 
140             if (!(permission instanceof WebUserDataPermission)) throw new IllegalArgumentException("Wrong permission type");
141 
142             WebUserDataPermission p  = (WebUserDataPermission)permission;
143 
144             permissions.put(p, p);
145         }
146 
147         /**
148          * Checks to see if the specified permission is implied by
149          * the collection of Permission objects held in this PermissionCollection.
150          *
151          * @param permission the Permission object to compare.
152          *
153          * @return true if "permission" is implied by the  permissions in
154          * the collection, false if not.
155          */
156         public boolean implies(Permission permission) {
157             if (!(permission instanceof WebUserDataPermission)) return false;
158 
159             WebUserDataPermission p  = (WebUserDataPermission)permission;
160             Enumeration e = permissions.elements();
161 
162             while (e.hasMoreElements()) {
163                 if (((WebUserDataPermission)e.nextElement()).implies(p)) return true;
164             }
165 
166             return false;
167 
168         }
169 
170         /**
171          * Returns an enumeration of all the Permission objects in the collection.
172          *
173          * @return an enumeration of all the Permissions.
174          */
175         public Enumeration elements() {
176             return permissions.elements();
177         }
178     }
179 }
180 
181 
182