001 /* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 */ 019 020 // 021 // This source code implements specifications defined by the Java 022 // Community Process. In order to remain compliant with the specification 023 // DO NOT add / change / or delete method signatures! 024 // 025 026 package javax.security.jacc; 027 028 import java.io.IOException; 029 import java.io.ObjectInputStream; 030 import java.io.ObjectOutputStream; 031 import java.io.Serializable; 032 import java.security.Permission; 033 import java.security.PermissionCollection; 034 import java.util.Hashtable; 035 import java.util.Enumeration; 036 import javax.servlet.http.HttpServletRequest; 037 038 /** 039 * @version $Rev: 467553 $ $Date: 2006-10-25 06:01:51 +0200 (Mi, 25. Okt 2006) $ 040 */ 041 public final class WebResourcePermission extends Permission implements Serializable { 042 private transient int cachedHashCode = 0; 043 private transient URLPatternSpec urlPatternSpec; 044 private transient HTTPMethodSpec httpMethodSpec; 045 046 public WebResourcePermission(HttpServletRequest request) { 047 super(request.getServletPath()); 048 049 urlPatternSpec = new URLPatternSpec(URLPatternSpec.encodeColons(request)); 050 httpMethodSpec = new HTTPMethodSpec(request.getMethod(), HTTPMethodSpec.NA); 051 } 052 053 public WebResourcePermission(String name, String actions) { 054 super(name); 055 056 urlPatternSpec = new URLPatternSpec(name); 057 httpMethodSpec = new HTTPMethodSpec(actions, false); 058 } 059 060 public WebResourcePermission(String urlPattern, String[] HTTPMethods) { 061 super(urlPattern); 062 063 urlPatternSpec = new URLPatternSpec(urlPattern); 064 httpMethodSpec = new HTTPMethodSpec(HTTPMethods); 065 } 066 067 public boolean equals(Object o) { 068 if (o == null || !(o instanceof WebResourcePermission)) return false; 069 070 WebResourcePermission other = (WebResourcePermission) o; 071 return urlPatternSpec.equals(other.urlPatternSpec) && httpMethodSpec.equals(other.httpMethodSpec); 072 } 073 074 public String getActions() { 075 return httpMethodSpec.getActions(); 076 } 077 078 public int hashCode() { 079 if (cachedHashCode == 0) { 080 cachedHashCode = urlPatternSpec.hashCode() ^ httpMethodSpec.hashCode(); 081 } 082 return cachedHashCode; 083 } 084 085 public boolean implies(Permission permission) { 086 if (permission == null || !(permission instanceof WebResourcePermission)) return false; 087 088 WebResourcePermission other = (WebResourcePermission) permission; 089 return urlPatternSpec.implies(other.urlPatternSpec) && httpMethodSpec.implies(other.httpMethodSpec); 090 } 091 092 public PermissionCollection newPermissionCollection() { 093 return new WebResourcePermissionCollection(); 094 } 095 096 private synchronized void readObject(ObjectInputStream in) throws IOException { 097 urlPatternSpec = new URLPatternSpec(in.readUTF()); 098 httpMethodSpec = new HTTPMethodSpec(in.readUTF(), false); 099 } 100 101 private synchronized void writeObject(ObjectOutputStream out) throws IOException { 102 out.writeUTF(urlPatternSpec.getPatternSpec()); 103 out.writeUTF(httpMethodSpec.getActions()); 104 } 105 106 private static final class WebResourcePermissionCollection extends PermissionCollection { 107 private Hashtable permissions = new Hashtable(); 108 109 /** 110 * Adds a permission object to the current collection of permission objects. 111 * 112 * @param permission the Permission object to add. 113 * 114 * @exception SecurityException - if this PermissionCollection object 115 * has been marked readonly 116 */ 117 public void add(Permission permission) { 118 if (isReadOnly()) throw new IllegalArgumentException("Read only collection"); 119 120 if (!(permission instanceof WebResourcePermission)) throw new IllegalArgumentException("Wrong permission type"); 121 122 WebResourcePermission p = (WebResourcePermission)permission; 123 124 permissions.put(p, p); 125 } 126 127 /** 128 * Checks to see if the specified permission is implied by 129 * the collection of Permission objects held in this PermissionCollection. 130 * 131 * @param permission the Permission object to compare. 132 * 133 * @return true if "permission" is implied by the permissions in 134 * the collection, false if not. 135 */ 136 public boolean implies(Permission permission) { 137 if (!(permission instanceof WebResourcePermission)) return false; 138 139 WebResourcePermission p = (WebResourcePermission)permission; 140 Enumeration e = permissions.elements(); 141 142 while (e.hasMoreElements()) { 143 if (((WebResourcePermission)e.nextElement()).implies(p)) return true; 144 } 145 146 return false; 147 } 148 149 /** 150 * Returns an enumeration of all the Permission objects in the collection. 151 * 152 * @return an enumeration of all the Permissions. 153 */ 154 public Enumeration elements() { 155 return permissions.elements(); 156 } 157 } 158 } 159