Annotation of java/classes/org/w3c/jigsaw/acl/AclRealm.java, revision 1.13
1.1 bmahe 1: // AclRealm.java
1.13 ! ylafon 2: // $Id: AclRealm.java,v 1.12 2012/06/16 15:48:44 ylafon Exp $
1.1 bmahe 3: // (c) COPYRIGHT MIT, INRIA and Keio, 1999.
4: // Please first read the full copyright statement in file COPYRIGHT.html
5:
6: package org.w3c.jigsaw.acl;
7:
8: import java.security.Principal;
9: import java.security.acl.AclEntry;
10: import java.security.acl.LastOwnerException;
11: import java.security.acl.NotOwnerException;
12: import java.security.acl.Permission;
1.3 bmahe 13: import java.util.Enumeration;
14: import java.util.Vector;
1.13 ! ylafon 15: import org.w3c.jigsaw.auth.AuthFilter;
1.3 bmahe 16: import org.w3c.jigsaw.auth.AuthRealm;
17: import org.w3c.jigsaw.auth.AuthUser;
18: import org.w3c.jigsaw.auth.IPMatcher;
19: import org.w3c.jigsaw.auth.RealmsCatalog;
1.9 ylafon 20: import org.w3c.jigsaw.http.Request;
1.3 bmahe 21: import org.w3c.jigsaw.http.httpd;
1.13 ! ylafon 22: import org.w3c.tools.resources.Attribute;
! 23: import org.w3c.tools.resources.AttributeRegistry;
1.3 bmahe 24: import org.w3c.tools.resources.InvalidResourceException;
25: import org.w3c.tools.resources.ResourceReference;
1.13 ! ylafon 26: import org.w3c.tools.resources.StringArrayAttribute;
1.3 bmahe 27: import org.w3c.tools.resources.StringAttribute;
1.1 bmahe 28:
29: /**
1.12 ylafon 30: * @author Benoît Mahé (bmahe@w3.org)
1.13 ! ylafon 31: * @version $Revision: 1.12 $
1.1 bmahe 32: */
33: public class AclRealm extends JAcl {
1.3 bmahe 34: /**
1.6 bmahe 35: * Attribute index - The realm name for this ACL.
36: */
37: protected static int ATTR_REALM = -1;
38: /**
39: * Attribute index - The list of allowed users.
40: */
1.12 ylafon 41: protected static int ATTR_ALLOWED_USERS = -1;
1.6 bmahe 42: /**
1.3 bmahe 43: * Attribute index - The methods protected by the filter.
44: */
1.12 ylafon 45: protected static int ATTR_METHODS = -1;
1.10 ylafon 46:
1.3 bmahe 47: static {
1.12 ylafon 48: Attribute a = null;
49: Class c = null;
50: try {
51: c = Class.forName("org.w3c.jigsaw.acl.AclRealm");
52: } catch (Exception ex) {
53: ex.printStackTrace();
54: System.exit(1);
55: }
56: // The realm name (to be resolved by the RealmFactory).
57: a = new StringAttribute("realm"
58: , null
59: , Attribute.EDITABLE | Attribute.MANDATORY);
60: ATTR_REALM = AttributeRegistry.registerAttribute(c, a);
61: // The list of allowed users
62: a = new StringArrayAttribute("users"
63: , null
64: , Attribute.EDITABLE);
65: ATTR_ALLOWED_USERS = AttributeRegistry.registerAttribute(c, a);
66: // The protected methods
67: a = new StringArrayAttribute("methods"
68: , null
69: , Attribute.EDITABLE);
70: ATTR_METHODS = AttributeRegistry.registerAttribute(c, a);
1.3 bmahe 71: }
72:
73: /**
74: * The IPMatcher to match IP templates to user records.
75: */
1.12 ylafon 76: protected IPMatcher ipmatcher = null;
1.3 bmahe 77: /**
78: * The catalog of realms that make our scope.
79: */
1.12 ylafon 80: protected RealmsCatalog catalog = null;
1.3 bmahe 81: /**
82: * Our associated realm.
83: */
1.12 ylafon 84: protected ResourceReference rr_realm = null;
1.3 bmahe 85: /**
86: * The nam of the realm we cache in <code>realm</code>.
87: */
1.12 ylafon 88: protected String loaded_realm = null;
1.3 bmahe 89:
1.4 bmahe 90: protected Vector entries = null;
1.3 bmahe 91:
92: /**
93: * Get the list of methods that this filter protect
1.12 ylafon 94: *
1.3 bmahe 95: * @return An array of String giving the name of the protected methods,
1.12 ylafon 96: * or <strong>null</strong>, in wich case <em>all</em> methods are
97: * to be protected.
1.3 bmahe 98: */
99: public String[] getMethods() {
1.12 ylafon 100: return (String[]) getValue(ATTR_METHODS, null);
1.3 bmahe 101: }
1.10 ylafon 102:
1.3 bmahe 103: /**
104: * Get the realm of this filter.
105: */
106: public String getRealm() {
1.12 ylafon 107: return (String) getValue(ATTR_REALM, null);
1.3 bmahe 108: }
109:
110: /**
1.6 bmahe 111: * Get the list of allowed users.
112: */
113: public String[] getAllowedUsers() {
1.12 ylafon 114: return (String[]) getValue(ATTR_ALLOWED_USERS, null);
1.6 bmahe 115: }
116:
117: /**
1.3 bmahe 118: * Get a pointer to our realm, and initialize our ipmatcher.
119: */
1.4 bmahe 120: protected synchronized void acquireRealm() {
1.12 ylafon 121: entries = new Vector(10);
122: // Get our catalog:
123: if (catalog == null) {
1.13 ! ylafon 124: httpd server = (httpd) getTargetResource().getServer();
1.12 ylafon 125: catalog = server.getRealmsCatalog();
126: }
127: // Check that our realm name is valid:
128: String name = getRealm();
129: if (name == null)
130: return;
131: if ((rr_realm != null) && name.equals(loaded_realm))
132: return;
133: // Load the realm and create the ipmtacher object
134: rr_realm = catalog.loadRealm(name);
135: if (rr_realm != null) {
136: try {
137: AuthRealm realm = (AuthRealm) rr_realm.lock();
138: Enumeration e = realm.enumerateUserNames();
139: while (e.hasMoreElements()) {
140: String uname = (String) e.nextElement();
141: ResourceReference rr_user = realm.loadUser(uname);
142: try {
143: AuthUser user = (AuthUser) rr_user.lock();
144: createEntry(user);
145: } catch (InvalidResourceException ex) {
146: System.out.println("Invalid user reference : " + uname);
147: } finally {
148: rr_user.unlock();
149: }
150: }
151: } catch (InvalidResourceException ex) {
152:
153: } finally {
154: rr_realm.unlock();
155: }
156: }
1.3 bmahe 157: }
158:
1.6 bmahe 159: /**
160: * Is this user allowed in the realm ?
1.12 ylafon 161: *
1.6 bmahe 162: * @return A boolean <strong>true</strong> if access allowed.
163: */
164: protected boolean checkUser(AuthUser user) {
1.12 ylafon 165: String allowed_users[] = getAllowedUsers();
166: // Check in the list of allowed users:
167: if (allowed_users != null) {
168: String uname = user.getName();
169: for (String user_name : allowed_users) {
170: if (user_name.equals(uname))
171: return true;
172: }
173: } else {
174: //all users allowed
175: return true;
176: }
177: return false;
1.6 bmahe 178: }
179:
1.4 bmahe 180: protected void createEntry(AuthUser user) {
1.12 ylafon 181: if (checkUser(user))
182: entries.addElement(new AuthUserPrincipal(user, getName()));
1.4 bmahe 183: }
184:
185: protected boolean hasPrincipal(Principal p) {
1.12 ylafon 186: //test with equals...
187: int idx = entries.indexOf(p);
188: return (idx != -1);
1.3 bmahe 189: }
1.1 bmahe 190:
1.12 ylafon 191: public boolean addOwner(Principal caller, Principal owner)
192: throws NotOwnerException {
193: throw new NotOwnerException();
1.1 bmahe 194: }
195:
196: public boolean deleteOwner(Principal caller, Principal owner)
1.12 ylafon 197: throws NotOwnerException, LastOwnerException {
198: throw new NotOwnerException();
1.1 bmahe 199: }
200:
201: public boolean isOwner(Principal owner) {
1.12 ylafon 202: return false;
1.1 bmahe 203: }
204:
1.12 ylafon 205: public void setName(Principal caller, String name)
206: throws NotOwnerException {
207: throw new NotOwnerException();
1.1 bmahe 208: }
209:
210: public String getName() {
1.12 ylafon 211: return getRealm();
1.1 bmahe 212: }
213:
1.12 ylafon 214: public boolean addEntry(Principal caller, AclEntry entry)
215: throws NotOwnerException {
216: throw new NotOwnerException();
1.1 bmahe 217: }
218:
1.12 ylafon 219: public boolean removeEntry(Principal caller, AclEntry entry)
220: throws NotOwnerException {
221: throw new NotOwnerException();
1.1 bmahe 222: }
223:
224: public Enumeration getPermissions(Principal user) {
1.12 ylafon 225: return null;
1.1 bmahe 226: }
1.10 ylafon 227:
1.1 bmahe 228: public Enumeration entries() {
1.12 ylafon 229: return null;
1.1 bmahe 230: }
231:
1.12 ylafon 232: public boolean checkPermission(Principal principal, Permission permission) {
233: acquireRealm();
234: String methods[] = getMethods();
235: boolean methodprotected = false;
236: if (methods != null) {
237: if (permission instanceof HTTPPermission) {
238: HTTPPermission httpPermission = (HTTPPermission) permission;
239: for (String method : methods) {
240: if (httpPermission.equalsString(method)) {
241: methodprotected = true;
242: break;
243: }
244: }
245: } else {
246: for (String method : methods) {
247: if (permission.equals(method)) {
248: methodprotected = true;
249: break;
250: }
251: }
252: }
253: } else {
254: methodprotected = true;
255: }
256: if (!methodprotected) {
257: return true;
258: }
259: boolean granted = hasPrincipal(principal);
260: if (granted) {
261: // let's add the username there
262: String username = principal.getName();
263: if (username != null) {
264: try {
265: HTTPPrincipal htp = (HTTPPrincipal) principal;
266: Request request = htp.getRequest();
267: request.setState(AuthFilter.STATE_AUTHUSER, username);
268: } catch (Exception ex) {
269: // was not an HTTPPrincipal
270: }
271: }
272: }
273: return granted;
1.1 bmahe 274: }
275:
276: public String toString() {
1.12 ylafon 277: return getName();
1.3 bmahe 278: }
279:
280: /**
281: * Initialize the Acl.
282: */
283: public void initialize(Object values[]) {
1.12 ylafon 284: super.initialize(values);
1.1 bmahe 285: }
286:
287: }
Webmaster