001    /*
002     * Licensed to the Apache Software Foundation (ASF) under one
003     * or more contributor license agreements.  See the NOTICE file
004     * distributed with this work for additional information
005     * regarding copyright ownership.  The ASF licenses this file
006     * to you under the Apache License, Version 2.0 (the
007     * "License"); you may not use this file except in compliance
008     * with the License.  You may obtain a copy of the License at
009     *
010     *  http://www.apache.org/licenses/LICENSE-2.0
011     *
012     * Unless required by applicable law or agreed to in writing,
013     * software distributed under the License is distributed on an
014     * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015     * KIND, either express or implied.  See the License for the
016     * specific language governing permissions and limitations
017     * under the License.
018     */
019    
020    //
021    // This source code implements specifications defined by the Java
022    // Community Process. In order to remain compliant with the specification
023    // DO NOT add / change / or delete method signatures!
024    //
025    
026    package javax.security.jacc;
027    
028    import java.io.IOException;
029    import java.io.ObjectInputStream;
030    import java.io.ObjectOutputStream;
031    import java.io.Serializable;
032    import java.security.Permission;
033    import java.security.PermissionCollection;
034    import java.util.Hashtable;
035    import java.util.Enumeration;
036    import javax.servlet.http.HttpServletRequest;
037    
038    /**
039     * @version $Rev: 467553 $ $Date: 2006-10-25 06:01:51 +0200 (Mi, 25. Okt 2006) $
040     */
041    public final class WebResourcePermission extends Permission implements Serializable {
042        private transient int cachedHashCode = 0;
043        private transient URLPatternSpec urlPatternSpec;
044        private transient HTTPMethodSpec httpMethodSpec;
045    
046        public WebResourcePermission(HttpServletRequest request) {
047            super(request.getServletPath());
048    
049            urlPatternSpec = new URLPatternSpec(URLPatternSpec.encodeColons(request));
050            httpMethodSpec = new HTTPMethodSpec(request.getMethod(), HTTPMethodSpec.NA);
051        }
052    
053        public WebResourcePermission(String name, String actions) {
054            super(name);
055    
056            urlPatternSpec = new URLPatternSpec(name);
057            httpMethodSpec = new HTTPMethodSpec(actions, false);
058        }
059    
060        public WebResourcePermission(String urlPattern, String[] HTTPMethods) {
061            super(urlPattern);
062    
063            urlPatternSpec = new URLPatternSpec(urlPattern);
064            httpMethodSpec = new HTTPMethodSpec(HTTPMethods);
065        }
066    
067        public boolean equals(Object o) {
068            if (o == null || !(o instanceof WebResourcePermission)) return false;
069    
070            WebResourcePermission other = (WebResourcePermission) o;
071            return urlPatternSpec.equals(other.urlPatternSpec) && httpMethodSpec.equals(other.httpMethodSpec);
072        }
073    
074        public String getActions() {
075            return httpMethodSpec.getActions();
076        }
077    
078        public int hashCode() {
079            if (cachedHashCode == 0) {
080                cachedHashCode = urlPatternSpec.hashCode() ^ httpMethodSpec.hashCode();
081            }
082            return cachedHashCode;
083        }
084    
085        public boolean implies(Permission permission) {
086            if (permission == null || !(permission instanceof WebResourcePermission)) return false;
087    
088            WebResourcePermission other = (WebResourcePermission) permission;
089            return urlPatternSpec.implies(other.urlPatternSpec) && httpMethodSpec.implies(other.httpMethodSpec);
090        }
091    
092        public PermissionCollection newPermissionCollection() {
093            return new WebResourcePermissionCollection();
094        }
095    
096        private synchronized void readObject(ObjectInputStream in) throws IOException {
097            urlPatternSpec = new URLPatternSpec(in.readUTF());
098            httpMethodSpec = new HTTPMethodSpec(in.readUTF(), false);
099        }
100    
101        private synchronized void writeObject(ObjectOutputStream out) throws IOException {
102            out.writeUTF(urlPatternSpec.getPatternSpec());
103            out.writeUTF(httpMethodSpec.getActions());
104        }
105    
106        private static final class WebResourcePermissionCollection extends PermissionCollection {
107            private Hashtable permissions = new Hashtable();
108    
109            /**
110             * Adds a permission object to the current collection of permission objects.
111             *
112             * @param permission the Permission object to add.
113             *
114             * @exception SecurityException -  if this PermissionCollection object
115             *                                 has been marked readonly
116             */
117            public void add(Permission permission) {
118                if (isReadOnly()) throw new IllegalArgumentException("Read only collection");
119    
120                if (!(permission instanceof WebResourcePermission)) throw new IllegalArgumentException("Wrong permission type");
121    
122                WebResourcePermission p  = (WebResourcePermission)permission;
123    
124                permissions.put(p, p);
125            }
126    
127            /**
128             * Checks to see if the specified permission is implied by
129             * the collection of Permission objects held in this PermissionCollection.
130             *
131             * @param permission the Permission object to compare.
132             *
133             * @return true if "permission" is implied by the  permissions in
134             * the collection, false if not.
135             */
136            public boolean implies(Permission permission) {
137                if (!(permission instanceof WebResourcePermission)) return false;
138    
139                WebResourcePermission p  = (WebResourcePermission)permission;
140                Enumeration e = permissions.elements();
141    
142                while (e.hasMoreElements()) {
143                    if (((WebResourcePermission)e.nextElement()).implies(p)) return true;
144                }
145    
146                return false;
147            }
148    
149            /**
150             * Returns an enumeration of all the Permission objects in the collection.
151             *
152             * @return an enumeration of all the Permissions.
153             */
154            public Enumeration elements() {
155                return permissions.elements();
156            }
157        }
158    }
159