Annotation of java/classes/org/w3c/jigsaw/acl/AclRealm.java, revision 1.11
1.1 bmahe 1: // AclRealm.java
1.11 ! ylafon 2: // $Id: AclRealm.java,v 1.10 2000/08/16 21:37:33 ylafon Exp $
1.1 bmahe 3: // (c) COPYRIGHT MIT, INRIA and Keio, 1999.
4: // Please first read the full copyright statement in file COPYRIGHT.html
5:
6: package org.w3c.jigsaw.acl;
7:
8: import java.security.Principal;
9: import java.security.acl.AclEntry;
10: import java.security.acl.LastOwnerException;
11: import java.security.acl.NotOwnerException;
12: import java.security.acl.Permission;
1.3 bmahe 13: import java.util.Enumeration;
14: import java.util.Vector;
1.1 bmahe 15:
1.3 bmahe 16: import org.w3c.jigsaw.auth.AuthRealm;
17: import org.w3c.jigsaw.auth.AuthUser;
1.9 ylafon 18: import org.w3c.jigsaw.auth.AuthFilter;
1.3 bmahe 19: import org.w3c.jigsaw.auth.IPMatcher;
20: import org.w3c.jigsaw.auth.RealmsCatalog;
1.9 ylafon 21: import org.w3c.jigsaw.http.Request;
1.3 bmahe 22: import org.w3c.jigsaw.http.httpd;
23:
24: import org.w3c.tools.resources.FramedResource;
25: import org.w3c.tools.resources.InvalidResourceException;
26: import org.w3c.tools.resources.ResourceReference;
27: import org.w3c.tools.resources.Attribute;
28: import org.w3c.tools.resources.AttributeRegistry;
29: import org.w3c.tools.resources.StringAttribute;
30: import org.w3c.tools.resources.StringArrayAttribute;
1.1 bmahe 31:
32: /**
1.11 ! ylafon 33: * @version $Revision: 1.10 $
1.1 bmahe 34: * @author Benoît Mahé (bmahe@w3.org)
35: */
36: public class AclRealm extends JAcl {
1.3 bmahe 37: /**
1.6 bmahe 38: * Attribute index - The realm name for this ACL.
39: */
40: protected static int ATTR_REALM = -1;
41: /**
42: * Attribute index - The list of allowed users.
43: */
44: protected static int ATTR_ALLOWED_USERS = -1 ;
45: /**
1.3 bmahe 46: * Attribute index - The methods protected by the filter.
47: */
48: protected static int ATTR_METHODS = -1 ;
1.10 ylafon 49:
1.3 bmahe 50: static {
51: Attribute a = null ;
52: Class c = null ;
53: try {
54: c = Class.forName("org.w3c.jigsaw.acl.AclRealm");
55: } catch (Exception ex) {
56: ex.printStackTrace() ;
57: System.exit(1) ;
58: }
1.6 bmahe 59: // The realm name (to be resolved by the RealmFactory).
60: a = new StringAttribute("realm"
61: , null
62: , Attribute.EDITABLE|Attribute.MANDATORY);
63: ATTR_REALM = AttributeRegistry.registerAttribute(c, a) ;
64: // The list of allowed users
65: a = new StringArrayAttribute("users"
66: , null
67: , Attribute.EDITABLE) ;
68: ATTR_ALLOWED_USERS = AttributeRegistry.registerAttribute(c, a) ;
1.3 bmahe 69: // The protected methods
70: a = new StringArrayAttribute("methods"
71: , null
72: , Attribute.EDITABLE) ;
73: ATTR_METHODS = AttributeRegistry.registerAttribute(c, a) ;
74: }
75:
76: /**
77: * The IPMatcher to match IP templates to user records.
78: */
79: protected IPMatcher ipmatcher = null ;
80: /**
81: * The catalog of realms that make our scope.
82: */
83: protected RealmsCatalog catalog = null ;
84: /**
85: * Our associated realm.
86: */
87: protected ResourceReference rr_realm = null ;
88: /**
89: * The nam of the realm we cache in <code>realm</code>.
90: */
91: protected String loaded_realm = null ;
92:
1.4 bmahe 93: protected Vector entries = null;
1.3 bmahe 94:
95: /**
96: * Get the list of methods that this filter protect
97: * @return An array of String giving the name of the protected methods,
98: * or <strong>null</strong>, in wich case <em>all</em> methods are
99: * to be protected.
100: */
101: public String[] getMethods() {
102: return (String[]) getValue(ATTR_METHODS, null) ;
103: }
1.10 ylafon 104:
1.3 bmahe 105: /**
106: * Get the realm of this filter.
107: */
108: public String getRealm() {
109: return (String) getValue(ATTR_REALM, null) ;
110: }
111:
112: /**
1.6 bmahe 113: * Get the list of allowed users.
114: */
115: public String[] getAllowedUsers() {
116: return (String[]) getValue(ATTR_ALLOWED_USERS, null) ;
117: }
118:
119: /**
1.3 bmahe 120: * Get a pointer to our realm, and initialize our ipmatcher.
121: */
1.4 bmahe 122: protected synchronized void acquireRealm() {
123: entries = new Vector(10);
1.3 bmahe 124: // Get our catalog:
125: if ( catalog == null ) {
126: httpd server = (httpd)
127: ((FramedResource) getTargetResource()).getServer() ;
128: catalog = server.getRealmsCatalog() ;
129: }
130: // Check that our realm name is valid:
131: String name = getRealm() ;
132: if ( name == null )
133: return ;
134: if ((rr_realm != null) && name.equals(loaded_realm))
135: return ;
136: // Load the realm and create the ipmtacher object
137: rr_realm = catalog.loadRealm(name) ;
138: if (rr_realm != null) {
139: try {
140: AuthRealm realm = (AuthRealm) rr_realm.lock();
1.11 ! ylafon 141: Enumeration e = realm.enumerateUserNames() ;
! 142: while (e.hasMoreElements()) {
! 143: String uname = (String) e.nextElement() ;
1.3 bmahe 144: ResourceReference rr_user = realm.loadUser(uname) ;
145: try {
146: AuthUser user = (AuthUser) rr_user.lock();
1.4 bmahe 147: createEntry(user);
1.3 bmahe 148: } catch (InvalidResourceException ex) {
149: System.out.println("Invalid user reference : "+uname);
150: } finally {
151: rr_user.unlock();
152: }
153: }
154: } catch (InvalidResourceException ex) {
155:
156: } finally {
157: rr_realm.unlock();
158: }
159: }
160: }
161:
1.6 bmahe 162: /**
163: * Is this user allowed in the realm ?
164: * @return A boolean <strong>true</strong> if access allowed.
165: */
166: protected boolean checkUser(AuthUser user) {
167: String allowed_users[] = getAllowedUsers() ;
168: // Check in the list of allowed users:
169: if ( allowed_users != null ) {
170: for (int i = 0 ; i < allowed_users.length ; i++) {
171: if (allowed_users[i].equals(user.getName()))
172: return true ;
173: }
174: } else {
175: //all users allowed
176: return true;
177: }
178: return false;
179: }
180:
1.4 bmahe 181: protected void createEntry(AuthUser user) {
1.8 bmahe 182: if (checkUser(user))
183: entries.addElement(new AuthUserPrincipal(user, getName()));
1.4 bmahe 184: }
185:
186: protected boolean hasPrincipal(Principal p) {
187: //test with equals...
188: int idx = entries.indexOf(p);
189: return (idx != -1);
1.3 bmahe 190: }
1.1 bmahe 191:
192: public boolean addOwner(Principal caller, Principal owner)
193: throws NotOwnerException
194: {
1.7 bmahe 195: throw new NotOwnerException();
1.1 bmahe 196: }
197:
198: public boolean deleteOwner(Principal caller, Principal owner)
199: throws NotOwnerException, LastOwnerException
200: {
1.7 bmahe 201: throw new NotOwnerException();
1.1 bmahe 202: }
203:
204: public boolean isOwner(Principal owner) {
205: return false;
206: }
207:
208: public void setName(Principal caller, String name)
209: throws NotOwnerException
210: {
1.3 bmahe 211: throw new NotOwnerException();
1.1 bmahe 212: }
213:
214: public String getName() {
1.3 bmahe 215: return getRealm();
1.1 bmahe 216: }
217:
218: public boolean addEntry(Principal caller, AclEntry entry)
219: throws NotOwnerException
220: {
1.7 bmahe 221: throw new NotOwnerException();
1.1 bmahe 222: }
223:
224: public boolean removeEntry(Principal caller, AclEntry entry)
225: throws NotOwnerException
226: {
1.7 bmahe 227: throw new NotOwnerException();
1.1 bmahe 228: }
229:
230: public Enumeration getPermissions(Principal user) {
231: return null;
232: }
1.10 ylafon 233:
1.1 bmahe 234: public Enumeration entries() {
235: return null;
236: }
237:
238: public boolean checkPermission(Principal principal, Permission permission)
239: {
1.4 bmahe 240: acquireRealm();
1.3 bmahe 241: String methods[] = getMethods();
242: boolean methodprotected = false;
243: if (methods != null) {
244: for (int i = 0 ; i < methods.length ; i++) {
245: if (permission.equals(methods[i]))
246: methodprotected = true;
247: }
248: } else {
249: methodprotected = true;
250: }
251: if (! methodprotected)
252: return true;
1.9 ylafon 253: boolean granted = hasPrincipal(principal);
254: if (granted) {
255: // let's add the username there
256: String username = principal.getName();
257: if (username != null) {
258: try {
259: HTTPPrincipal htp = (HTTPPrincipal)principal;
260: Request request = htp.getRequest();
261: if (username != null) {
262: request.setState(AuthFilter.STATE_AUTHUSER, username);
263: }
264: } catch (Exception ex) {
265: // was not an HTTPPrincipal
266: }
267: }
268: }
269: return granted;
1.1 bmahe 270: }
271:
272: public String toString() {
1.3 bmahe 273: return getName();
274: }
275:
276: /**
277: * Initialize the Acl.
278: */
279: public void initialize(Object values[]) {
280: super.initialize(values) ;
1.1 bmahe 281: }
282:
283: }
Webmaster