001    /*
002     * Licensed to the Apache Software Foundation (ASF) under one
003     * or more contributor license agreements.  See the NOTICE file
004     * distributed with this work for additional information
005     * regarding copyright ownership.  The ASF licenses this file
006     * to you under the Apache License, Version 2.0 (the
007     * "License"); you may not use this file except in compliance
008     * with the License.  You may obtain a copy of the License at
009     *
010     *  http://www.apache.org/licenses/LICENSE-2.0
011     *
012     * Unless required by applicable law or agreed to in writing,
013     * software distributed under the License is distributed on an
014     * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015     * KIND, either express or implied.  See the License for the
016     * specific language governing permissions and limitations
017     * under the License.
018     */
019    
020    //
021    // This source code implements specifications defined by the Java
022    // Community Process. In order to remain compliant with the specification
023    // DO NOT add / change / or delete method signatures!
024    //
025    
026    package javax.security.jacc;
027    
028    import java.io.IOException;
029    import java.io.ObjectInputStream;
030    import java.io.ObjectOutputStream;
031    import java.io.Serializable;
032    import java.security.Permission;
033    import java.security.PermissionCollection;
034    import java.util.Hashtable;
035    import java.util.Enumeration;
036    import javax.servlet.http.HttpServletRequest;
037    
038    
039    /**
040     * Class for Servlet Web user data permissions. A WebUserDataPermission is a
041     * named permission and has actions.<p>
042     * <p/>
043     * The name of a WebUserDataPermission (also referred to as the target name)
044     * identifies a Web resource by its context path relative URL pattern.
045     *
046     * @version $Rev: 467553 $ $Date: 2006-10-25 06:01:51 +0200 (Mi, 25. Okt 2006) $
047     *
048     * @see java.security.Permission
049     */
050    public final class WebUserDataPermission extends Permission implements Serializable {
051    
052        private transient int cachedHashCode = 0;
053        private transient URLPatternSpec urlPatternSpec;
054        private transient HTTPMethodSpec httpMethodSpec;
055    
056        /**
057         * Creates a new WebUserDataPermission from the HttpServletRequest object.
058         *
059         * @param request the HttpServletRequest object corresponding to the
060         *                Servlet operation to which the permission pertains. The permission
061         *                name is the substring of the requestURI (HttpServletRequest.getRequestURI())
062         *                that begins after the contextPath (HttpServletRequest.getContextPath()).
063         *                When the substring operation yields the string ?/?, the permission is
064         *                constructed with the empty string as its name. The HTTP method component
065         *                of the permission?s actions is as obtained from HttpServletRequest.getMethod().
066         *                The TransportType component of the permission?s actions is determined
067         *                by calling HttpServletRequest.isSecure().
068         */
069        public WebUserDataPermission(HttpServletRequest request) {
070            super(request.getServletPath());
071    
072            urlPatternSpec = new URLPatternSpec(URLPatternSpec.encodeColons(request));
073            httpMethodSpec = new HTTPMethodSpec(request.getMethod(), request.isSecure()? HTTPMethodSpec.CONFIDENTIAL: HTTPMethodSpec.NONE);
074        }
075    
076        public WebUserDataPermission(String name, String actions) {
077            super(name);
078    
079            urlPatternSpec = new URLPatternSpec(name);
080            httpMethodSpec = new HTTPMethodSpec(actions, true);
081        }
082    
083        public WebUserDataPermission(String urlPattern, String[] HTTPMethods, String transportType) {
084            super(urlPattern);
085    
086            urlPatternSpec = new URLPatternSpec(urlPattern);
087            httpMethodSpec = new HTTPMethodSpec(HTTPMethods, transportType == null? "NONE": transportType);
088        }
089    
090        public boolean equals(Object o) {
091            if (o == null || !(o instanceof WebUserDataPermission)) return false;
092    
093            WebUserDataPermission other = (WebUserDataPermission) o;
094            return urlPatternSpec.equals(other.urlPatternSpec) && httpMethodSpec.equals(other.httpMethodSpec);
095        }
096    
097        public String getActions() {
098            return httpMethodSpec.getActions();
099        }
100    
101        public int hashCode() {
102            if (cachedHashCode == 0) {
103                cachedHashCode = urlPatternSpec.hashCode() ^ httpMethodSpec.hashCode();
104            }
105            return cachedHashCode;
106        }
107    
108        public boolean implies(Permission permission) {
109            if (permission == null || !(permission instanceof WebUserDataPermission)) return false;
110    
111            WebUserDataPermission other = (WebUserDataPermission) permission;
112            return urlPatternSpec.implies(other.urlPatternSpec) && httpMethodSpec.implies(other.httpMethodSpec);
113        }
114    
115        public PermissionCollection newPermissionCollection() {
116            return new WebUserDataPermissionCollection();
117        }
118    
119        private synchronized void readObject(ObjectInputStream in) throws IOException {
120            urlPatternSpec = new URLPatternSpec(in.readUTF());
121            httpMethodSpec = new HTTPMethodSpec(in.readUTF(), true);
122        }
123    
124        private synchronized void writeObject(ObjectOutputStream out) throws IOException {
125            out.writeUTF(urlPatternSpec.getPatternSpec());
126            out.writeUTF(httpMethodSpec.getActions());
127        }
128    
129        private static final class WebUserDataPermissionCollection extends PermissionCollection {
130            private Hashtable permissions = new Hashtable();
131    
132            /**
133             * Adds a permission object to the current collection of permission objects.
134             *
135             * @param permission the Permission object to add.
136             *
137             * @exception SecurityException -  if this PermissionCollection object
138             *                                 has been marked readonly
139             */
140            public void add(Permission permission) {
141                if (isReadOnly()) throw new IllegalArgumentException("Read only collection");
142    
143                if (!(permission instanceof WebUserDataPermission)) throw new IllegalArgumentException("Wrong permission type");
144    
145                WebUserDataPermission p  = (WebUserDataPermission)permission;
146    
147                permissions.put(p, p);
148            }
149    
150            /**
151             * Checks to see if the specified permission is implied by
152             * the collection of Permission objects held in this PermissionCollection.
153             *
154             * @param permission the Permission object to compare.
155             *
156             * @return true if "permission" is implied by the  permissions in
157             * the collection, false if not.
158             */
159            public boolean implies(Permission permission) {
160                if (!(permission instanceof WebUserDataPermission)) return false;
161    
162                WebUserDataPermission p  = (WebUserDataPermission)permission;
163                Enumeration e = permissions.elements();
164    
165                while (e.hasMoreElements()) {
166                    if (((WebUserDataPermission)e.nextElement()).implies(p)) return true;
167                }
168    
169                return false;
170    
171            }
172    
173            /**
174             * Returns an enumeration of all the Permission objects in the collection.
175             *
176             * @return an enumeration of all the Permissions.
177             */
178            public Enumeration elements() {
179                return permissions.elements();
180            }
181        }
182    }
183    
184    
185