001 /* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 */ 019 020 // 021 // This source code implements specifications defined by the Java 022 // Community Process. In order to remain compliant with the specification 023 // DO NOT add / change / or delete method signatures! 024 // 025 026 package javax.security.jacc; 027 028 import java.io.IOException; 029 import java.io.ObjectInputStream; 030 import java.io.ObjectOutputStream; 031 import java.io.Serializable; 032 import java.security.Permission; 033 import java.security.PermissionCollection; 034 import java.util.Hashtable; 035 import java.util.Enumeration; 036 import javax.servlet.http.HttpServletRequest; 037 038 039 /** 040 * Class for Servlet Web user data permissions. A WebUserDataPermission is a 041 * named permission and has actions.<p> 042 * <p/> 043 * The name of a WebUserDataPermission (also referred to as the target name) 044 * identifies a Web resource by its context path relative URL pattern. 045 * 046 * @version $Rev: 467553 $ $Date: 2006-10-25 06:01:51 +0200 (Mi, 25. Okt 2006) $ 047 * 048 * @see java.security.Permission 049 */ 050 public final class WebUserDataPermission extends Permission implements Serializable { 051 052 private transient int cachedHashCode = 0; 053 private transient URLPatternSpec urlPatternSpec; 054 private transient HTTPMethodSpec httpMethodSpec; 055 056 /** 057 * Creates a new WebUserDataPermission from the HttpServletRequest object. 058 * 059 * @param request the HttpServletRequest object corresponding to the 060 * Servlet operation to which the permission pertains. The permission 061 * name is the substring of the requestURI (HttpServletRequest.getRequestURI()) 062 * that begins after the contextPath (HttpServletRequest.getContextPath()). 063 * When the substring operation yields the string ?/?, the permission is 064 * constructed with the empty string as its name. The HTTP method component 065 * of the permission?s actions is as obtained from HttpServletRequest.getMethod(). 066 * The TransportType component of the permission?s actions is determined 067 * by calling HttpServletRequest.isSecure(). 068 */ 069 public WebUserDataPermission(HttpServletRequest request) { 070 super(request.getServletPath()); 071 072 urlPatternSpec = new URLPatternSpec(URLPatternSpec.encodeColons(request)); 073 httpMethodSpec = new HTTPMethodSpec(request.getMethod(), request.isSecure()? HTTPMethodSpec.CONFIDENTIAL: HTTPMethodSpec.NONE); 074 } 075 076 public WebUserDataPermission(String name, String actions) { 077 super(name); 078 079 urlPatternSpec = new URLPatternSpec(name); 080 httpMethodSpec = new HTTPMethodSpec(actions, true); 081 } 082 083 public WebUserDataPermission(String urlPattern, String[] HTTPMethods, String transportType) { 084 super(urlPattern); 085 086 urlPatternSpec = new URLPatternSpec(urlPattern); 087 httpMethodSpec = new HTTPMethodSpec(HTTPMethods, transportType == null? "NONE": transportType); 088 } 089 090 public boolean equals(Object o) { 091 if (o == null || !(o instanceof WebUserDataPermission)) return false; 092 093 WebUserDataPermission other = (WebUserDataPermission) o; 094 return urlPatternSpec.equals(other.urlPatternSpec) && httpMethodSpec.equals(other.httpMethodSpec); 095 } 096 097 public String getActions() { 098 return httpMethodSpec.getActions(); 099 } 100 101 public int hashCode() { 102 if (cachedHashCode == 0) { 103 cachedHashCode = urlPatternSpec.hashCode() ^ httpMethodSpec.hashCode(); 104 } 105 return cachedHashCode; 106 } 107 108 public boolean implies(Permission permission) { 109 if (permission == null || !(permission instanceof WebUserDataPermission)) return false; 110 111 WebUserDataPermission other = (WebUserDataPermission) permission; 112 return urlPatternSpec.implies(other.urlPatternSpec) && httpMethodSpec.implies(other.httpMethodSpec); 113 } 114 115 public PermissionCollection newPermissionCollection() { 116 return new WebUserDataPermissionCollection(); 117 } 118 119 private synchronized void readObject(ObjectInputStream in) throws IOException { 120 urlPatternSpec = new URLPatternSpec(in.readUTF()); 121 httpMethodSpec = new HTTPMethodSpec(in.readUTF(), true); 122 } 123 124 private synchronized void writeObject(ObjectOutputStream out) throws IOException { 125 out.writeUTF(urlPatternSpec.getPatternSpec()); 126 out.writeUTF(httpMethodSpec.getActions()); 127 } 128 129 private static final class WebUserDataPermissionCollection extends PermissionCollection { 130 private Hashtable permissions = new Hashtable(); 131 132 /** 133 * Adds a permission object to the current collection of permission objects. 134 * 135 * @param permission the Permission object to add. 136 * 137 * @exception SecurityException - if this PermissionCollection object 138 * has been marked readonly 139 */ 140 public void add(Permission permission) { 141 if (isReadOnly()) throw new IllegalArgumentException("Read only collection"); 142 143 if (!(permission instanceof WebUserDataPermission)) throw new IllegalArgumentException("Wrong permission type"); 144 145 WebUserDataPermission p = (WebUserDataPermission)permission; 146 147 permissions.put(p, p); 148 } 149 150 /** 151 * Checks to see if the specified permission is implied by 152 * the collection of Permission objects held in this PermissionCollection. 153 * 154 * @param permission the Permission object to compare. 155 * 156 * @return true if "permission" is implied by the permissions in 157 * the collection, false if not. 158 */ 159 public boolean implies(Permission permission) { 160 if (!(permission instanceof WebUserDataPermission)) return false; 161 162 WebUserDataPermission p = (WebUserDataPermission)permission; 163 Enumeration e = permissions.elements(); 164 165 while (e.hasMoreElements()) { 166 if (((WebUserDataPermission)e.nextElement()).implies(p)) return true; 167 } 168 169 return false; 170 171 } 172 173 /** 174 * Returns an enumeration of all the Permission objects in the collection. 175 * 176 * @return an enumeration of all the Permissions. 177 */ 178 public Enumeration elements() { 179 return permissions.elements(); 180 } 181 } 182 } 183 184 185