1 /**
2 *
3 * Copyright 2003-2004 The Apache Software Foundation
4 *
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at
8 *
9 * http://www.apache.org/licenses/LICENSE-2.0
10 *
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
16 */
17
18
19
20
21
22
23
24 package javax.security.jacc;
25
26 import java.io.IOException;
27 import java.io.ObjectInputStream;
28 import java.io.ObjectOutputStream;
29 import java.io.Serializable;
30 import java.security.Permission;
31 import java.security.PermissionCollection;
32 import java.util.Hashtable;
33 import java.util.Enumeration;
34 import javax.servlet.http.HttpServletRequest;
35
36
37 /**
38 * Class for Servlet Web user data permissions. A WebUserDataPermission is a
39 * named permission and has actions.<p>
40 * <p/>
41 * The name of a WebUserDataPermission (also referred to as the target name)
42 * identifies a Web resource by its context path relative URL pattern.
43 *
44 * @version $Rev: 431818 $ $Date: 2006-08-15 21:55:26 -0700 (Tue, 15 Aug 2006) $
45 * @see java.security.Permission
46 */
47 public final class WebUserDataPermission extends Permission implements Serializable {
48
49 private transient int cachedHashCode = 0;
50 private transient URLPatternSpec urlPatternSpec;
51 private transient HTTPMethodSpec httpMethodSpec;
52
53 /**
54 * Creates a new WebUserDataPermission from the HttpServletRequest object.
55 *
56 * @param request the HttpServletRequest object corresponding to the
57 * Servlet operation to which the permission pertains. The permission
58 * name is the substring of the requestURI (HttpServletRequest.getRequestURI())
59 * that begins after the contextPath (HttpServletRequest.getContextPath()).
60 * When the substring operation yields the string �/�, the permission is
61 * constructed with the empty string as its name. The HTTP method component
62 * of the permission�s actions is as obtained from HttpServletRequest.getMethod().
63 * The TransportType component of the permission�s actions is determined
64 * by calling HttpServletRequest.isSecure().
65 */
66 public WebUserDataPermission(HttpServletRequest request) {
67 super(request.getServletPath());
68
69 urlPatternSpec = new URLPatternSpec(URLPatternSpec.encodeColons(request));
70 httpMethodSpec = new HTTPMethodSpec(request.getMethod(), request.isSecure()? HTTPMethodSpec.CONFIDENTIAL: HTTPMethodSpec.NONE);
71 }
72
73 public WebUserDataPermission(String name, String actions) {
74 super(name);
75
76 urlPatternSpec = new URLPatternSpec(name);
77 httpMethodSpec = new HTTPMethodSpec(actions, true);
78 }
79
80 public WebUserDataPermission(String urlPattern, String[] HTTPMethods, String transportType) {
81 super(urlPattern);
82
83 urlPatternSpec = new URLPatternSpec(urlPattern);
84 httpMethodSpec = new HTTPMethodSpec(HTTPMethods, transportType == null? "NONE": transportType);
85 }
86
87 public boolean equals(Object o) {
88 if (o == null || !(o instanceof WebUserDataPermission)) return false;
89
90 WebUserDataPermission other = (WebUserDataPermission) o;
91 return urlPatternSpec.equals(other.urlPatternSpec) && httpMethodSpec.equals(other.httpMethodSpec);
92 }
93
94 public String getActions() {
95 return httpMethodSpec.getActions();
96 }
97
98 public int hashCode() {
99 if (cachedHashCode == 0) {
100 cachedHashCode = urlPatternSpec.hashCode() ^ httpMethodSpec.hashCode();
101 }
102 return cachedHashCode;
103 }
104
105 public boolean implies(Permission permission) {
106 if (permission == null || !(permission instanceof WebUserDataPermission)) return false;
107
108 WebUserDataPermission other = (WebUserDataPermission) permission;
109 return urlPatternSpec.implies(other.urlPatternSpec) && httpMethodSpec.implies(other.httpMethodSpec);
110 }
111
112 public PermissionCollection newPermissionCollection() {
113 return new WebUserDataPermissionCollection();
114 }
115
116 private synchronized void readObject(ObjectInputStream in) throws IOException {
117 urlPatternSpec = new URLPatternSpec(in.readUTF());
118 httpMethodSpec = new HTTPMethodSpec(in.readUTF(), true);
119 }
120
121 private synchronized void writeObject(ObjectOutputStream out) throws IOException {
122 out.writeUTF(urlPatternSpec.getPatternSpec());
123 out.writeUTF(httpMethodSpec.getActions());
124 }
125
126 private static final class WebUserDataPermissionCollection extends PermissionCollection {
127 private Hashtable permissions = new Hashtable();
128
129 /**
130 * Adds a permission object to the current collection of permission objects.
131 *
132 * @param permission the Permission object to add.
133 *
134 * @exception SecurityException - if this PermissionCollection object
135 * has been marked readonly
136 */
137 public void add(Permission permission) {
138 if (isReadOnly()) throw new IllegalArgumentException("Read only collection");
139
140 if (!(permission instanceof WebUserDataPermission)) throw new IllegalArgumentException("Wrong permission type");
141
142 WebUserDataPermission p = (WebUserDataPermission)permission;
143
144 permissions.put(p, p);
145 }
146
147 /**
148 * Checks to see if the specified permission is implied by
149 * the collection of Permission objects held in this PermissionCollection.
150 *
151 * @param permission the Permission object to compare.
152 *
153 * @return true if "permission" is implied by the permissions in
154 * the collection, false if not.
155 */
156 public boolean implies(Permission permission) {
157 if (!(permission instanceof WebUserDataPermission)) return false;
158
159 WebUserDataPermission p = (WebUserDataPermission)permission;
160 Enumeration e = permissions.elements();
161
162 while (e.hasMoreElements()) {
163 if (((WebUserDataPermission)e.nextElement()).implies(p)) return true;
164 }
165
166 return false;
167
168 }
169
170 /**
171 * Returns an enumeration of all the Permission objects in the collection.
172 *
173 * @return an enumeration of all the Permissions.
174 */
175 public Enumeration elements() {
176 return permissions.elements();
177 }
178 }
179 }
180
181
182