version 1.11, 2007/02/10 12:51:18
|
version 1.12, 2012/06/16 15:48:44
|
Line 30 import org.w3c.tools.resources.StringAtt
|
Line 30 import org.w3c.tools.resources.StringAtt
|
import org.w3c.tools.resources.StringArrayAttribute; |
import org.w3c.tools.resources.StringArrayAttribute; |
|
|
/** |
/** |
|
* @author Benoît Mahé (bmahe@w3.org) |
* @version $Revision$ |
* @version $Revision$ |
* @author Benoît Mahé (bmahe@w3.org) |
|
*/ |
*/ |
public class AclRealm extends JAcl { |
public class AclRealm extends JAcl { |
/** |
/** |
Line 41 public class AclRealm extends JAcl {
|
Line 41 public class AclRealm extends JAcl {
|
/** |
/** |
* Attribute index - The list of allowed users. |
* Attribute index - The list of allowed users. |
*/ |
*/ |
protected static int ATTR_ALLOWED_USERS = -1 ; |
protected static int ATTR_ALLOWED_USERS = -1; |
/** |
/** |
* Attribute index - The methods protected by the filter. |
* Attribute index - The methods protected by the filter. |
*/ |
*/ |
protected static int ATTR_METHODS = -1 ; |
protected static int ATTR_METHODS = -1; |
|
|
static { |
static { |
Attribute a = null ; |
Attribute a = null; |
Class c = null ; |
Class c = null; |
try { |
try { |
c = Class.forName("org.w3c.jigsaw.acl.AclRealm"); |
c = Class.forName("org.w3c.jigsaw.acl.AclRealm"); |
} catch (Exception ex) { |
} catch (Exception ex) { |
ex.printStackTrace() ; |
ex.printStackTrace(); |
System.exit(1) ; |
System.exit(1); |
} |
} |
// The realm name (to be resolved by the RealmFactory). |
// The realm name (to be resolved by the RealmFactory). |
a = new StringAttribute("realm" |
a = new StringAttribute("realm" |
, null |
, null |
, Attribute.EDITABLE|Attribute.MANDATORY); |
, Attribute.EDITABLE | Attribute.MANDATORY); |
ATTR_REALM = AttributeRegistry.registerAttribute(c, a) ; |
ATTR_REALM = AttributeRegistry.registerAttribute(c, a); |
// The list of allowed users |
// The list of allowed users |
a = new StringArrayAttribute("users" |
a = new StringArrayAttribute("users" |
, null |
, null |
, Attribute.EDITABLE) ; |
, Attribute.EDITABLE); |
ATTR_ALLOWED_USERS = AttributeRegistry.registerAttribute(c, a) ; |
ATTR_ALLOWED_USERS = AttributeRegistry.registerAttribute(c, a); |
// The protected methods |
// The protected methods |
a = new StringArrayAttribute("methods" |
a = new StringArrayAttribute("methods" |
, null |
, null |
, Attribute.EDITABLE) ; |
, Attribute.EDITABLE); |
ATTR_METHODS = AttributeRegistry.registerAttribute(c, a) ; |
ATTR_METHODS = AttributeRegistry.registerAttribute(c, a); |
} |
} |
|
|
/** |
/** |
* The IPMatcher to match IP templates to user records. |
* The IPMatcher to match IP templates to user records. |
*/ |
*/ |
protected IPMatcher ipmatcher = null ; |
protected IPMatcher ipmatcher = null; |
/** |
/** |
* The catalog of realms that make our scope. |
* The catalog of realms that make our scope. |
*/ |
*/ |
protected RealmsCatalog catalog = null ; |
protected RealmsCatalog catalog = null; |
/** |
/** |
* Our associated realm. |
* Our associated realm. |
*/ |
*/ |
protected ResourceReference rr_realm = null ; |
protected ResourceReference rr_realm = null; |
/** |
/** |
* The nam of the realm we cache in <code>realm</code>. |
* The nam of the realm we cache in <code>realm</code>. |
*/ |
*/ |
protected String loaded_realm = null ; |
protected String loaded_realm = null; |
|
|
protected Vector entries = null; |
protected Vector entries = null; |
|
|
/** |
/** |
* Get the list of methods that this filter protect |
* Get the list of methods that this filter protect |
|
* |
* @return An array of String giving the name of the protected methods, |
* @return An array of String giving the name of the protected methods, |
* or <strong>null</strong>, in wich case <em>all</em> methods are |
* or <strong>null</strong>, in wich case <em>all</em> methods are |
* to be protected. |
* to be protected. |
*/ |
*/ |
public String[] getMethods() { |
public String[] getMethods() { |
return (String[]) getValue(ATTR_METHODS, null) ; |
return (String[]) getValue(ATTR_METHODS, null); |
} |
} |
|
|
/** |
/** |
* Get the realm of this filter. |
* Get the realm of this filter. |
*/ |
*/ |
public String getRealm() { |
public String getRealm() { |
return (String) getValue(ATTR_REALM, null) ; |
return (String) getValue(ATTR_REALM, null); |
} |
} |
|
|
/** |
/** |
* Get the list of allowed users. |
* Get the list of allowed users. |
*/ |
*/ |
public String[] getAllowedUsers() { |
public String[] getAllowedUsers() { |
return (String[]) getValue(ATTR_ALLOWED_USERS, null) ; |
return (String[]) getValue(ATTR_ALLOWED_USERS, null); |
} |
} |
|
|
/** |
/** |
* Get a pointer to our realm, and initialize our ipmatcher. |
* Get a pointer to our realm, and initialize our ipmatcher. |
*/ |
*/ |
protected synchronized void acquireRealm() { |
protected synchronized void acquireRealm() { |
entries = new Vector(10); |
entries = new Vector(10); |
// Get our catalog: |
// Get our catalog: |
if ( catalog == null ) { |
if (catalog == null) { |
httpd server = (httpd) |
httpd server = (httpd) |
((FramedResource) getTargetResource()).getServer() ; |
((FramedResource) getTargetResource()).getServer(); |
catalog = server.getRealmsCatalog() ; |
catalog = server.getRealmsCatalog(); |
} |
} |
// Check that our realm name is valid: |
// Check that our realm name is valid: |
String name = getRealm() ; |
String name = getRealm(); |
if ( name == null ) |
if (name == null) |
return ; |
return; |
if ((rr_realm != null) && name.equals(loaded_realm)) |
if ((rr_realm != null) && name.equals(loaded_realm)) |
return ; |
return; |
// Load the realm and create the ipmtacher object |
// Load the realm and create the ipmtacher object |
rr_realm = catalog.loadRealm(name) ; |
rr_realm = catalog.loadRealm(name); |
if (rr_realm != null) { |
if (rr_realm != null) { |
try { |
try { |
AuthRealm realm = (AuthRealm) rr_realm.lock(); |
AuthRealm realm = (AuthRealm) rr_realm.lock(); |
Enumeration e = realm.enumerateUserNames() ; |
Enumeration e = realm.enumerateUserNames(); |
while (e.hasMoreElements()) { |
while (e.hasMoreElements()) { |
String uname = (String) e.nextElement() ; |
String uname = (String) e.nextElement(); |
ResourceReference rr_user = realm.loadUser(uname) ; |
ResourceReference rr_user = realm.loadUser(uname); |
try { |
try { |
AuthUser user = (AuthUser) rr_user.lock(); |
AuthUser user = (AuthUser) rr_user.lock(); |
createEntry(user); |
createEntry(user); |
} catch (InvalidResourceException ex) { |
} catch (InvalidResourceException ex) { |
System.out.println("Invalid user reference : "+uname); |
System.out.println("Invalid user reference : " + uname); |
} finally { |
} finally { |
rr_user.unlock(); |
rr_user.unlock(); |
} |
} |
} |
} |
} catch (InvalidResourceException ex) { |
} catch (InvalidResourceException ex) { |
|
|
} finally { |
} finally { |
rr_realm.unlock(); |
rr_realm.unlock(); |
} |
} |
} |
} |
} |
} |
|
|
/** |
/** |
* Is this user allowed in the realm ? |
* Is this user allowed in the realm ? |
|
* |
* @return A boolean <strong>true</strong> if access allowed. |
* @return A boolean <strong>true</strong> if access allowed. |
*/ |
*/ |
protected boolean checkUser(AuthUser user) { |
protected boolean checkUser(AuthUser user) { |
String allowed_users[] = getAllowedUsers() ; |
String allowed_users[] = getAllowedUsers(); |
// Check in the list of allowed users: |
// Check in the list of allowed users: |
if ( allowed_users != null ) { |
if (allowed_users != null) { |
for (int i = 0 ; i < allowed_users.length ; i++) { |
String uname = user.getName(); |
if (allowed_users[i].equals(user.getName())) |
for (String user_name : allowed_users) { |
return true ; |
if (user_name.equals(uname)) |
} |
return true; |
} else { |
} |
//all users allowed |
} else { |
return true; |
//all users allowed |
} |
return true; |
return false; |
} |
|
return false; |
} |
} |
|
|
protected void createEntry(AuthUser user) { |
protected void createEntry(AuthUser user) { |
if (checkUser(user)) |
if (checkUser(user)) |
entries.addElement(new AuthUserPrincipal(user, getName())); |
entries.addElement(new AuthUserPrincipal(user, getName())); |
} |
} |
|
|
protected boolean hasPrincipal(Principal p) { |
protected boolean hasPrincipal(Principal p) { |
//test with equals... |
//test with equals... |
int idx = entries.indexOf(p); |
int idx = entries.indexOf(p); |
return (idx != -1); |
return (idx != -1); |
} |
} |
|
|
public boolean addOwner(Principal caller, Principal owner) |
public boolean addOwner(Principal caller, Principal owner) |
throws NotOwnerException |
throws NotOwnerException { |
{ |
throw new NotOwnerException(); |
throw new NotOwnerException(); |
|
} |
} |
|
|
public boolean deleteOwner(Principal caller, Principal owner) |
public boolean deleteOwner(Principal caller, Principal owner) |
throws NotOwnerException, LastOwnerException |
throws NotOwnerException, LastOwnerException { |
{ |
throw new NotOwnerException(); |
throw new NotOwnerException(); |
|
} |
} |
|
|
public boolean isOwner(Principal owner) { |
public boolean isOwner(Principal owner) { |
return false; |
return false; |
} |
} |
|
|
public void setName(Principal caller, String name) |
public void setName(Principal caller, String name) |
throws NotOwnerException |
throws NotOwnerException { |
{ |
throw new NotOwnerException(); |
throw new NotOwnerException(); |
|
} |
} |
|
|
public String getName() { |
public String getName() { |
return getRealm(); |
return getRealm(); |
} |
} |
|
|
public boolean addEntry(Principal caller, AclEntry entry) |
public boolean addEntry(Principal caller, AclEntry entry) |
throws NotOwnerException |
throws NotOwnerException { |
{ |
throw new NotOwnerException(); |
throw new NotOwnerException(); |
|
} |
} |
|
|
public boolean removeEntry(Principal caller, AclEntry entry) |
public boolean removeEntry(Principal caller, AclEntry entry) |
throws NotOwnerException |
throws NotOwnerException { |
{ |
throw new NotOwnerException(); |
throw new NotOwnerException(); |
|
} |
} |
|
|
public Enumeration getPermissions(Principal user) { |
public Enumeration getPermissions(Principal user) { |
return null; |
return null; |
} |
} |
|
|
public Enumeration entries() { |
public Enumeration entries() { |
return null; |
return null; |
} |
} |
|
|
public boolean checkPermission(Principal principal, Permission permission) |
public boolean checkPermission(Principal principal, Permission permission) { |
{ |
acquireRealm(); |
acquireRealm(); |
String methods[] = getMethods(); |
String methods[] = getMethods(); |
boolean methodprotected = false; |
boolean methodprotected = false; |
if (methods != null) { |
if (methods != null) { |
if (permission instanceof HTTPPermission) { |
for (int i = 0 ; i < methods.length ; i++) { |
HTTPPermission httpPermission = (HTTPPermission) permission; |
if (permission.equals(methods[i])) |
for (String method : methods) { |
methodprotected = true; |
if (httpPermission.equalsString(method)) { |
} |
methodprotected = true; |
} else { |
break; |
methodprotected = true; |
} |
} |
} |
if (! methodprotected) |
} else { |
return true; |
for (String method : methods) { |
boolean granted = hasPrincipal(principal); |
if (permission.equals(method)) { |
if (granted) { |
methodprotected = true; |
// let's add the username there |
break; |
String username = principal.getName(); |
} |
if (username != null) { |
} |
try { |
} |
HTTPPrincipal htp = (HTTPPrincipal)principal; |
} else { |
Request request = htp.getRequest(); |
methodprotected = true; |
if (username != null) { |
} |
request.setState(AuthFilter.STATE_AUTHUSER, username); |
if (!methodprotected) { |
} |
return true; |
} catch (Exception ex) { |
} |
// was not an HTTPPrincipal |
boolean granted = hasPrincipal(principal); |
} |
if (granted) { |
} |
// let's add the username there |
} |
String username = principal.getName(); |
return granted; |
if (username != null) { |
|
try { |
|
HTTPPrincipal htp = (HTTPPrincipal) principal; |
|
Request request = htp.getRequest(); |
|
request.setState(AuthFilter.STATE_AUTHUSER, username); |
|
} catch (Exception ex) { |
|
// was not an HTTPPrincipal |
|
} |
|
} |
|
} |
|
return granted; |
} |
} |
|
|
public String toString() { |
public String toString() { |
return getName(); |
return getName(); |
} |
} |
|
|
/** |
/** |
* Initialize the Acl. |
* Initialize the Acl. |
*/ |
*/ |
public void initialize(Object values[]) { |
public void initialize(Object values[]) { |
super.initialize(values) ; |
super.initialize(values); |
} |
} |
|
|
} |
} |