Annotation of java/classes/org/w3c/jigsaw/acl/AclRealm.java, revision 1.12
1.1 bmahe 1: // AclRealm.java
1.12 ! ylafon 2: // $Id: AclRealm.java,v 1.11 2007/02/10 12:51:18 ylafon Exp $
1.1 bmahe 3: // (c) COPYRIGHT MIT, INRIA and Keio, 1999.
4: // Please first read the full copyright statement in file COPYRIGHT.html
5:
6: package org.w3c.jigsaw.acl;
7:
8: import java.security.Principal;
9: import java.security.acl.AclEntry;
10: import java.security.acl.LastOwnerException;
11: import java.security.acl.NotOwnerException;
12: import java.security.acl.Permission;
1.3 bmahe 13: import java.util.Enumeration;
14: import java.util.Vector;
1.1 bmahe 15:
1.3 bmahe 16: import org.w3c.jigsaw.auth.AuthRealm;
17: import org.w3c.jigsaw.auth.AuthUser;
1.9 ylafon 18: import org.w3c.jigsaw.auth.AuthFilter;
1.3 bmahe 19: import org.w3c.jigsaw.auth.IPMatcher;
20: import org.w3c.jigsaw.auth.RealmsCatalog;
1.9 ylafon 21: import org.w3c.jigsaw.http.Request;
1.3 bmahe 22: import org.w3c.jigsaw.http.httpd;
23:
24: import org.w3c.tools.resources.FramedResource;
25: import org.w3c.tools.resources.InvalidResourceException;
26: import org.w3c.tools.resources.ResourceReference;
27: import org.w3c.tools.resources.Attribute;
28: import org.w3c.tools.resources.AttributeRegistry;
29: import org.w3c.tools.resources.StringAttribute;
30: import org.w3c.tools.resources.StringArrayAttribute;
1.1 bmahe 31:
32: /**
1.12 ! ylafon 33: * @author Benoît Mahé (bmahe@w3.org)
! 34: * @version $Revision: 1.11 $
1.1 bmahe 35: */
36: public class AclRealm extends JAcl {
1.3 bmahe 37: /**
1.6 bmahe 38: * Attribute index - The realm name for this ACL.
39: */
40: protected static int ATTR_REALM = -1;
41: /**
42: * Attribute index - The list of allowed users.
43: */
1.12 ! ylafon 44: protected static int ATTR_ALLOWED_USERS = -1;
1.6 bmahe 45: /**
1.3 bmahe 46: * Attribute index - The methods protected by the filter.
47: */
1.12 ! ylafon 48: protected static int ATTR_METHODS = -1;
1.10 ylafon 49:
1.3 bmahe 50: static {
1.12 ! ylafon 51: Attribute a = null;
! 52: Class c = null;
! 53: try {
! 54: c = Class.forName("org.w3c.jigsaw.acl.AclRealm");
! 55: } catch (Exception ex) {
! 56: ex.printStackTrace();
! 57: System.exit(1);
! 58: }
! 59: // The realm name (to be resolved by the RealmFactory).
! 60: a = new StringAttribute("realm"
! 61: , null
! 62: , Attribute.EDITABLE | Attribute.MANDATORY);
! 63: ATTR_REALM = AttributeRegistry.registerAttribute(c, a);
! 64: // The list of allowed users
! 65: a = new StringArrayAttribute("users"
! 66: , null
! 67: , Attribute.EDITABLE);
! 68: ATTR_ALLOWED_USERS = AttributeRegistry.registerAttribute(c, a);
! 69: // The protected methods
! 70: a = new StringArrayAttribute("methods"
! 71: , null
! 72: , Attribute.EDITABLE);
! 73: ATTR_METHODS = AttributeRegistry.registerAttribute(c, a);
1.3 bmahe 74: }
75:
76: /**
77: * The IPMatcher to match IP templates to user records.
78: */
1.12 ! ylafon 79: protected IPMatcher ipmatcher = null;
1.3 bmahe 80: /**
81: * The catalog of realms that make our scope.
82: */
1.12 ! ylafon 83: protected RealmsCatalog catalog = null;
1.3 bmahe 84: /**
85: * Our associated realm.
86: */
1.12 ! ylafon 87: protected ResourceReference rr_realm = null;
1.3 bmahe 88: /**
89: * The nam of the realm we cache in <code>realm</code>.
90: */
1.12 ! ylafon 91: protected String loaded_realm = null;
1.3 bmahe 92:
1.4 bmahe 93: protected Vector entries = null;
1.3 bmahe 94:
95: /**
96: * Get the list of methods that this filter protect
1.12 ! ylafon 97: *
1.3 bmahe 98: * @return An array of String giving the name of the protected methods,
1.12 ! ylafon 99: * or <strong>null</strong>, in wich case <em>all</em> methods are
! 100: * to be protected.
1.3 bmahe 101: */
102: public String[] getMethods() {
1.12 ! ylafon 103: return (String[]) getValue(ATTR_METHODS, null);
1.3 bmahe 104: }
1.10 ylafon 105:
1.3 bmahe 106: /**
107: * Get the realm of this filter.
108: */
109: public String getRealm() {
1.12 ! ylafon 110: return (String) getValue(ATTR_REALM, null);
1.3 bmahe 111: }
112:
113: /**
1.6 bmahe 114: * Get the list of allowed users.
115: */
116: public String[] getAllowedUsers() {
1.12 ! ylafon 117: return (String[]) getValue(ATTR_ALLOWED_USERS, null);
1.6 bmahe 118: }
119:
120: /**
1.3 bmahe 121: * Get a pointer to our realm, and initialize our ipmatcher.
122: */
1.4 bmahe 123: protected synchronized void acquireRealm() {
1.12 ! ylafon 124: entries = new Vector(10);
! 125: // Get our catalog:
! 126: if (catalog == null) {
! 127: httpd server = (httpd)
! 128: ((FramedResource) getTargetResource()).getServer();
! 129: catalog = server.getRealmsCatalog();
! 130: }
! 131: // Check that our realm name is valid:
! 132: String name = getRealm();
! 133: if (name == null)
! 134: return;
! 135: if ((rr_realm != null) && name.equals(loaded_realm))
! 136: return;
! 137: // Load the realm and create the ipmtacher object
! 138: rr_realm = catalog.loadRealm(name);
! 139: if (rr_realm != null) {
! 140: try {
! 141: AuthRealm realm = (AuthRealm) rr_realm.lock();
! 142: Enumeration e = realm.enumerateUserNames();
! 143: while (e.hasMoreElements()) {
! 144: String uname = (String) e.nextElement();
! 145: ResourceReference rr_user = realm.loadUser(uname);
! 146: try {
! 147: AuthUser user = (AuthUser) rr_user.lock();
! 148: createEntry(user);
! 149: } catch (InvalidResourceException ex) {
! 150: System.out.println("Invalid user reference : " + uname);
! 151: } finally {
! 152: rr_user.unlock();
! 153: }
! 154: }
! 155: } catch (InvalidResourceException ex) {
! 156:
! 157: } finally {
! 158: rr_realm.unlock();
! 159: }
! 160: }
1.3 bmahe 161: }
162:
1.6 bmahe 163: /**
164: * Is this user allowed in the realm ?
1.12 ! ylafon 165: *
1.6 bmahe 166: * @return A boolean <strong>true</strong> if access allowed.
167: */
168: protected boolean checkUser(AuthUser user) {
1.12 ! ylafon 169: String allowed_users[] = getAllowedUsers();
! 170: // Check in the list of allowed users:
! 171: if (allowed_users != null) {
! 172: String uname = user.getName();
! 173: for (String user_name : allowed_users) {
! 174: if (user_name.equals(uname))
! 175: return true;
! 176: }
! 177: } else {
! 178: //all users allowed
! 179: return true;
! 180: }
! 181: return false;
1.6 bmahe 182: }
183:
1.4 bmahe 184: protected void createEntry(AuthUser user) {
1.12 ! ylafon 185: if (checkUser(user))
! 186: entries.addElement(new AuthUserPrincipal(user, getName()));
1.4 bmahe 187: }
188:
189: protected boolean hasPrincipal(Principal p) {
1.12 ! ylafon 190: //test with equals...
! 191: int idx = entries.indexOf(p);
! 192: return (idx != -1);
1.3 bmahe 193: }
1.1 bmahe 194:
1.12 ! ylafon 195: public boolean addOwner(Principal caller, Principal owner)
! 196: throws NotOwnerException {
! 197: throw new NotOwnerException();
1.1 bmahe 198: }
199:
200: public boolean deleteOwner(Principal caller, Principal owner)
1.12 ! ylafon 201: throws NotOwnerException, LastOwnerException {
! 202: throw new NotOwnerException();
1.1 bmahe 203: }
204:
205: public boolean isOwner(Principal owner) {
1.12 ! ylafon 206: return false;
1.1 bmahe 207: }
208:
1.12 ! ylafon 209: public void setName(Principal caller, String name)
! 210: throws NotOwnerException {
! 211: throw new NotOwnerException();
1.1 bmahe 212: }
213:
214: public String getName() {
1.12 ! ylafon 215: return getRealm();
1.1 bmahe 216: }
217:
1.12 ! ylafon 218: public boolean addEntry(Principal caller, AclEntry entry)
! 219: throws NotOwnerException {
! 220: throw new NotOwnerException();
1.1 bmahe 221: }
222:
1.12 ! ylafon 223: public boolean removeEntry(Principal caller, AclEntry entry)
! 224: throws NotOwnerException {
! 225: throw new NotOwnerException();
1.1 bmahe 226: }
227:
228: public Enumeration getPermissions(Principal user) {
1.12 ! ylafon 229: return null;
1.1 bmahe 230: }
1.10 ylafon 231:
1.1 bmahe 232: public Enumeration entries() {
1.12 ! ylafon 233: return null;
1.1 bmahe 234: }
235:
1.12 ! ylafon 236: public boolean checkPermission(Principal principal, Permission permission) {
! 237: acquireRealm();
! 238: String methods[] = getMethods();
! 239: boolean methodprotected = false;
! 240: if (methods != null) {
! 241: if (permission instanceof HTTPPermission) {
! 242: HTTPPermission httpPermission = (HTTPPermission) permission;
! 243: for (String method : methods) {
! 244: if (httpPermission.equalsString(method)) {
! 245: methodprotected = true;
! 246: break;
! 247: }
! 248: }
! 249: } else {
! 250: for (String method : methods) {
! 251: if (permission.equals(method)) {
! 252: methodprotected = true;
! 253: break;
! 254: }
! 255: }
! 256: }
! 257: } else {
! 258: methodprotected = true;
! 259: }
! 260: if (!methodprotected) {
! 261: return true;
! 262: }
! 263: boolean granted = hasPrincipal(principal);
! 264: if (granted) {
! 265: // let's add the username there
! 266: String username = principal.getName();
! 267: if (username != null) {
! 268: try {
! 269: HTTPPrincipal htp = (HTTPPrincipal) principal;
! 270: Request request = htp.getRequest();
! 271: request.setState(AuthFilter.STATE_AUTHUSER, username);
! 272: } catch (Exception ex) {
! 273: // was not an HTTPPrincipal
! 274: }
! 275: }
! 276: }
! 277: return granted;
1.1 bmahe 278: }
279:
280: public String toString() {
1.12 ! ylafon 281: return getName();
1.3 bmahe 282: }
283:
284: /**
285: * Initialize the Acl.
286: */
287: public void initialize(Object values[]) {
1.12 ! ylafon 288: super.initialize(values);
1.1 bmahe 289: }
290:
291: }
Webmaster