Annotation of java/classes/org/w3c/jigsaw/acl/AclRealm.java, revision 1.14
1.1 bmahe 1: // AclRealm.java
1.14 ! ylafon 2: // $Id: AclRealm.java,v 1.13 2012/06/26 09:47:22 ylafon Exp $
1.1 bmahe 3: // (c) COPYRIGHT MIT, INRIA and Keio, 1999.
4: // Please first read the full copyright statement in file COPYRIGHT.html
5:
6: package org.w3c.jigsaw.acl;
7:
8: import java.security.Principal;
9: import java.security.acl.AclEntry;
10: import java.security.acl.LastOwnerException;
11: import java.security.acl.NotOwnerException;
12: import java.security.acl.Permission;
1.14 ! ylafon 13: import java.util.ArrayList;
1.3 bmahe 14: import java.util.Enumeration;
1.13 ylafon 15: import org.w3c.jigsaw.auth.AuthFilter;
1.3 bmahe 16: import org.w3c.jigsaw.auth.AuthRealm;
17: import org.w3c.jigsaw.auth.AuthUser;
18: import org.w3c.jigsaw.auth.IPMatcher;
19: import org.w3c.jigsaw.auth.RealmsCatalog;
1.9 ylafon 20: import org.w3c.jigsaw.http.Request;
1.3 bmahe 21: import org.w3c.jigsaw.http.httpd;
1.13 ylafon 22: import org.w3c.tools.resources.Attribute;
23: import org.w3c.tools.resources.AttributeRegistry;
1.3 bmahe 24: import org.w3c.tools.resources.InvalidResourceException;
25: import org.w3c.tools.resources.ResourceReference;
1.13 ylafon 26: import org.w3c.tools.resources.StringArrayAttribute;
1.3 bmahe 27: import org.w3c.tools.resources.StringAttribute;
1.1 bmahe 28:
29: /**
1.12 ylafon 30: * @author Benoît Mahé (bmahe@w3.org)
1.14 ! ylafon 31: * @version $Revision: 1.13 $
1.1 bmahe 32: */
33: public class AclRealm extends JAcl {
1.3 bmahe 34: /**
1.6 bmahe 35: * Attribute index - The realm name for this ACL.
36: */
37: protected static int ATTR_REALM = -1;
38: /**
39: * Attribute index - The list of allowed users.
40: */
1.12 ylafon 41: protected static int ATTR_ALLOWED_USERS = -1;
1.6 bmahe 42: /**
1.3 bmahe 43: * Attribute index - The methods protected by the filter.
44: */
1.12 ylafon 45: protected static int ATTR_METHODS = -1;
1.10 ylafon 46:
1.3 bmahe 47: static {
1.12 ylafon 48: Attribute a = null;
49: Class c = null;
50: try {
51: c = Class.forName("org.w3c.jigsaw.acl.AclRealm");
52: } catch (Exception ex) {
53: ex.printStackTrace();
54: System.exit(1);
55: }
56: // The realm name (to be resolved by the RealmFactory).
57: a = new StringAttribute("realm"
58: , null
59: , Attribute.EDITABLE | Attribute.MANDATORY);
60: ATTR_REALM = AttributeRegistry.registerAttribute(c, a);
61: // The list of allowed users
62: a = new StringArrayAttribute("users"
63: , null
64: , Attribute.EDITABLE);
65: ATTR_ALLOWED_USERS = AttributeRegistry.registerAttribute(c, a);
66: // The protected methods
67: a = new StringArrayAttribute("methods"
68: , null
69: , Attribute.EDITABLE);
70: ATTR_METHODS = AttributeRegistry.registerAttribute(c, a);
1.3 bmahe 71: }
72:
73: /**
74: * The IPMatcher to match IP templates to user records.
75: */
1.12 ylafon 76: protected IPMatcher ipmatcher = null;
1.3 bmahe 77: /**
78: * The catalog of realms that make our scope.
79: */
1.12 ylafon 80: protected RealmsCatalog catalog = null;
1.3 bmahe 81: /**
82: * Our associated realm.
83: */
1.12 ylafon 84: protected ResourceReference rr_realm = null;
1.3 bmahe 85: /**
86: * The nam of the realm we cache in <code>realm</code>.
87: */
1.12 ylafon 88: protected String loaded_realm = null;
1.3 bmahe 89:
1.14 ! ylafon 90: protected ArrayList<Principal> entries = null;
1.3 bmahe 91:
92: /**
93: * Get the list of methods that this filter protect
1.12 ylafon 94: *
1.3 bmahe 95: * @return An array of String giving the name of the protected methods,
1.12 ylafon 96: * or <strong>null</strong>, in wich case <em>all</em> methods are
97: * to be protected.
1.3 bmahe 98: */
99: public String[] getMethods() {
1.12 ylafon 100: return (String[]) getValue(ATTR_METHODS, null);
1.3 bmahe 101: }
1.10 ylafon 102:
1.3 bmahe 103: /**
104: * Get the realm of this filter.
105: */
106: public String getRealm() {
1.12 ylafon 107: return (String) getValue(ATTR_REALM, null);
1.3 bmahe 108: }
109:
110: /**
1.6 bmahe 111: * Get the list of allowed users.
112: */
113: public String[] getAllowedUsers() {
1.12 ylafon 114: return (String[]) getValue(ATTR_ALLOWED_USERS, null);
1.6 bmahe 115: }
116:
117: /**
1.3 bmahe 118: * Get a pointer to our realm, and initialize our ipmatcher.
119: */
1.4 bmahe 120: protected synchronized void acquireRealm() {
1.14 ! ylafon 121: entries = new ArrayList<Principal>(10);
1.12 ylafon 122: // Get our catalog:
123: if (catalog == null) {
1.13 ylafon 124: httpd server = (httpd) getTargetResource().getServer();
1.12 ylafon 125: catalog = server.getRealmsCatalog();
126: }
127: // Check that our realm name is valid:
128: String name = getRealm();
129: if (name == null)
130: return;
131: if ((rr_realm != null) && name.equals(loaded_realm))
132: return;
133: // Load the realm and create the ipmtacher object
134: rr_realm = catalog.loadRealm(name);
135: if (rr_realm != null) {
136: try {
137: AuthRealm realm = (AuthRealm) rr_realm.lock();
138: Enumeration e = realm.enumerateUserNames();
139: while (e.hasMoreElements()) {
140: String uname = (String) e.nextElement();
141: ResourceReference rr_user = realm.loadUser(uname);
142: try {
143: AuthUser user = (AuthUser) rr_user.lock();
144: createEntry(user);
145: } catch (InvalidResourceException ex) {
146: System.out.println("Invalid user reference : " + uname);
147: } finally {
148: rr_user.unlock();
149: }
150: }
151: } catch (InvalidResourceException ex) {
152:
153: } finally {
154: rr_realm.unlock();
155: }
156: }
1.3 bmahe 157: }
158:
1.6 bmahe 159: /**
160: * Is this user allowed in the realm ?
1.12 ylafon 161: *
1.6 bmahe 162: * @return A boolean <strong>true</strong> if access allowed.
163: */
164: protected boolean checkUser(AuthUser user) {
1.12 ylafon 165: String allowed_users[] = getAllowedUsers();
166: // Check in the list of allowed users:
167: if (allowed_users != null) {
168: String uname = user.getName();
169: for (String user_name : allowed_users) {
170: if (user_name.equals(uname))
171: return true;
172: }
173: } else {
174: //all users allowed
175: return true;
176: }
177: return false;
1.6 bmahe 178: }
179:
1.4 bmahe 180: protected void createEntry(AuthUser user) {
1.12 ylafon 181: if (checkUser(user))
1.14 ! ylafon 182: entries.add(new AuthUserPrincipal(user, getName()));
1.4 bmahe 183: }
184:
185: protected boolean hasPrincipal(Principal p) {
1.12 ylafon 186: //test with equals...
1.14 ! ylafon 187: return entries.contains(p);
1.3 bmahe 188: }
1.1 bmahe 189:
1.12 ylafon 190: public boolean addOwner(Principal caller, Principal owner)
191: throws NotOwnerException {
192: throw new NotOwnerException();
1.1 bmahe 193: }
194:
195: public boolean deleteOwner(Principal caller, Principal owner)
1.12 ylafon 196: throws NotOwnerException, LastOwnerException {
197: throw new NotOwnerException();
1.1 bmahe 198: }
199:
200: public boolean isOwner(Principal owner) {
1.12 ylafon 201: return false;
1.1 bmahe 202: }
203:
1.12 ylafon 204: public void setName(Principal caller, String name)
205: throws NotOwnerException {
206: throw new NotOwnerException();
1.1 bmahe 207: }
208:
209: public String getName() {
1.12 ylafon 210: return getRealm();
1.1 bmahe 211: }
212:
1.12 ylafon 213: public boolean addEntry(Principal caller, AclEntry entry)
214: throws NotOwnerException {
215: throw new NotOwnerException();
1.1 bmahe 216: }
217:
1.12 ylafon 218: public boolean removeEntry(Principal caller, AclEntry entry)
219: throws NotOwnerException {
220: throw new NotOwnerException();
1.1 bmahe 221: }
222:
223: public Enumeration getPermissions(Principal user) {
1.12 ylafon 224: return null;
1.1 bmahe 225: }
1.10 ylafon 226:
1.1 bmahe 227: public Enumeration entries() {
1.12 ylafon 228: return null;
1.1 bmahe 229: }
230:
1.12 ylafon 231: public boolean checkPermission(Principal principal, Permission permission) {
232: acquireRealm();
233: String methods[] = getMethods();
234: boolean methodprotected = false;
235: if (methods != null) {
236: if (permission instanceof HTTPPermission) {
237: HTTPPermission httpPermission = (HTTPPermission) permission;
238: for (String method : methods) {
239: if (httpPermission.equalsString(method)) {
240: methodprotected = true;
241: break;
242: }
243: }
244: } else {
245: for (String method : methods) {
246: if (permission.equals(method)) {
247: methodprotected = true;
248: break;
249: }
250: }
251: }
252: } else {
253: methodprotected = true;
254: }
255: if (!methodprotected) {
256: return true;
257: }
258: boolean granted = hasPrincipal(principal);
259: if (granted) {
260: // let's add the username there
261: String username = principal.getName();
262: if (username != null) {
263: try {
264: HTTPPrincipal htp = (HTTPPrincipal) principal;
265: Request request = htp.getRequest();
266: request.setState(AuthFilter.STATE_AUTHUSER, username);
267: } catch (Exception ex) {
268: // was not an HTTPPrincipal
269: }
270: }
271: }
272: return granted;
1.1 bmahe 273: }
274:
275: public String toString() {
1.12 ylafon 276: return getName();
1.3 bmahe 277: }
278:
279: /**
280: * Initialize the Acl.
281: */
282: public void initialize(Object values[]) {
1.12 ylafon 283: super.initialize(values);
1.1 bmahe 284: }
285:
286: }
Webmaster