Annotation of java/classes/org/w3c/jigsaw/acl/AclRealm.java, revision 1.6
1.1 bmahe 1: // AclRealm.java
1.6 ! bmahe 2: // $Id: AclRealm.java,v 1.5 1999/04/27 12:33:26 bmahe Exp $
1.1 bmahe 3: // (c) COPYRIGHT MIT, INRIA and Keio, 1999.
4: // Please first read the full copyright statement in file COPYRIGHT.html
5:
6: package org.w3c.jigsaw.acl;
7:
8: import java.security.Principal;
9: import java.security.acl.AclEntry;
10: import java.security.acl.LastOwnerException;
11: import java.security.acl.NotOwnerException;
12: import java.security.acl.Permission;
1.3 bmahe 13: import java.util.Enumeration;
14: import java.util.Vector;
1.1 bmahe 15:
1.3 bmahe 16: import org.w3c.jigsaw.auth.AuthRealm;
17: import org.w3c.jigsaw.auth.AuthUser;
18: import org.w3c.jigsaw.auth.IPMatcher;
19: import org.w3c.jigsaw.auth.RealmsCatalog;
20: import org.w3c.jigsaw.http.httpd;
21:
22: import org.w3c.tools.resources.FramedResource;
23: import org.w3c.tools.resources.InvalidResourceException;
24: import org.w3c.tools.resources.ResourceReference;
25: import org.w3c.tools.resources.Attribute;
26: import org.w3c.tools.resources.AttributeRegistry;
27: import org.w3c.tools.resources.StringAttribute;
28: import org.w3c.tools.resources.StringArrayAttribute;
1.1 bmahe 29:
30: /**
1.6 ! bmahe 31: * @version $Revision: 1.5 $
1.1 bmahe 32: * @author Benoît Mahé (bmahe@w3.org)
33: */
34: public class AclRealm extends JAcl {
1.3 bmahe 35: /**
1.6 ! bmahe 36: * Attribute index - The realm name for this ACL.
! 37: */
! 38: protected static int ATTR_REALM = -1;
! 39: /**
! 40: * Attribute index - The list of allowed users.
! 41: */
! 42: protected static int ATTR_ALLOWED_USERS = -1 ;
! 43: /**
1.3 bmahe 44: * Attribute index - The methods protected by the filter.
45: */
46: protected static int ATTR_METHODS = -1 ;
1.2 bmahe 47:
1.3 bmahe 48: static {
49: Attribute a = null ;
50: Class c = null ;
51: try {
52: c = Class.forName("org.w3c.jigsaw.acl.AclRealm");
53: } catch (Exception ex) {
54: ex.printStackTrace() ;
55: System.exit(1) ;
56: }
1.6 ! bmahe 57: // The realm name (to be resolved by the RealmFactory).
! 58: a = new StringAttribute("realm"
! 59: , null
! 60: , Attribute.EDITABLE|Attribute.MANDATORY);
! 61: ATTR_REALM = AttributeRegistry.registerAttribute(c, a) ;
! 62: // The list of allowed users
! 63: a = new StringArrayAttribute("users"
! 64: , null
! 65: , Attribute.EDITABLE) ;
! 66: ATTR_ALLOWED_USERS = AttributeRegistry.registerAttribute(c, a) ;
1.3 bmahe 67: // The protected methods
68: a = new StringArrayAttribute("methods"
69: , null
70: , Attribute.EDITABLE) ;
71: ATTR_METHODS = AttributeRegistry.registerAttribute(c, a) ;
72: }
73:
74: /**
75: * The IPMatcher to match IP templates to user records.
76: */
77: protected IPMatcher ipmatcher = null ;
78: /**
79: * The catalog of realms that make our scope.
80: */
81: protected RealmsCatalog catalog = null ;
82: /**
83: * Our associated realm.
84: */
85: protected ResourceReference rr_realm = null ;
86: /**
87: * The nam of the realm we cache in <code>realm</code>.
88: */
89: protected String loaded_realm = null ;
90:
1.4 bmahe 91: protected Vector entries = null;
1.3 bmahe 92:
93: /**
94: * Get the list of methods that this filter protect
95: * @return An array of String giving the name of the protected methods,
96: * or <strong>null</strong>, in wich case <em>all</em> methods are
97: * to be protected.
98: */
99: public String[] getMethods() {
100: return (String[]) getValue(ATTR_METHODS, null) ;
101: }
102:
103: /**
104: * Get the realm of this filter.
105: */
106: public String getRealm() {
107: return (String) getValue(ATTR_REALM, null) ;
108: }
109:
110: /**
1.6 ! bmahe 111: * Get the list of allowed users.
! 112: */
! 113: public String[] getAllowedUsers() {
! 114: return (String[]) getValue(ATTR_ALLOWED_USERS, null) ;
! 115: }
! 116:
! 117: /**
1.3 bmahe 118: * Get a pointer to our realm, and initialize our ipmatcher.
119: */
1.4 bmahe 120: protected synchronized void acquireRealm() {
121: entries = new Vector(10);
1.3 bmahe 122: // Get our catalog:
123: if ( catalog == null ) {
124: httpd server = (httpd)
125: ((FramedResource) getTargetResource()).getServer() ;
126: catalog = server.getRealmsCatalog() ;
127: }
128: // Check that our realm name is valid:
129: String name = getRealm() ;
130: if ( name == null )
131: return ;
132: if ((rr_realm != null) && name.equals(loaded_realm))
133: return ;
134: // Load the realm and create the ipmtacher object
135: rr_realm = catalog.loadRealm(name) ;
136: if (rr_realm != null) {
137: try {
138: AuthRealm realm = (AuthRealm) rr_realm.lock();
139: Enumeration enum = realm.enumerateUserNames() ;
140: while (enum.hasMoreElements()) {
141: String uname = (String) enum.nextElement() ;
142: ResourceReference rr_user = realm.loadUser(uname) ;
143: try {
144: AuthUser user = (AuthUser) rr_user.lock();
1.4 bmahe 145: createEntry(user);
1.3 bmahe 146: } catch (InvalidResourceException ex) {
147: System.out.println("Invalid user reference : "+uname);
148: } finally {
149: rr_user.unlock();
150: }
151: }
152: } catch (InvalidResourceException ex) {
153:
154: } finally {
155: rr_realm.unlock();
156: }
157: }
158: }
159:
1.6 ! bmahe 160: /**
! 161: * Is this user allowed in the realm ?
! 162: * @return A boolean <strong>true</strong> if access allowed.
! 163: */
! 164: protected boolean checkUser(AuthUser user) {
! 165: String allowed_users[] = getAllowedUsers() ;
! 166: // Check in the list of allowed users:
! 167: if ( allowed_users != null ) {
! 168: for (int i = 0 ; i < allowed_users.length ; i++) {
! 169: if (allowed_users[i].equals(user.getName()))
! 170: return true ;
! 171: }
! 172: } else {
! 173: //all users allowed
! 174: return true;
! 175: }
! 176: return false;
! 177: }
! 178:
1.4 bmahe 179: protected void createEntry(AuthUser user) {
1.6 ! bmahe 180: if (checkUser(user)) {
! 181: AclPrincipal aclp = new AclPrincipal(user, getName());
! 182: entries.addElement(aclp);
! 183: }
1.4 bmahe 184: }
185:
186: protected boolean hasPrincipal(Principal p) {
187: //test with equals...
188: int idx = entries.indexOf(p);
189: return (idx != -1);
1.3 bmahe 190: }
1.1 bmahe 191:
192: public boolean addOwner(Principal caller, Principal owner)
193: throws NotOwnerException
194: {
195: return false;
196: }
197:
198: public boolean deleteOwner(Principal caller, Principal owner)
199: throws NotOwnerException, LastOwnerException
200: {
201: return false;
202: }
203:
204: public boolean isOwner(Principal owner) {
205: return false;
206: }
207:
208: public void setName(Principal caller, String name)
209: throws NotOwnerException
210: {
1.3 bmahe 211: throw new NotOwnerException();
1.1 bmahe 212: }
213:
214: public String getName() {
1.3 bmahe 215: return getRealm();
1.1 bmahe 216: }
217:
218: public boolean addEntry(Principal caller, AclEntry entry)
219: throws NotOwnerException
220: {
221: return false;
222: }
223:
224: public boolean removeEntry(Principal caller, AclEntry entry)
225: throws NotOwnerException
226: {
227: return false;
228: }
229:
230: public Enumeration getPermissions(Principal user) {
231: return null;
232: }
233:
234: public Enumeration entries() {
235: return null;
236: }
237:
238: public boolean checkPermission(Principal principal, Permission permission)
239: {
1.4 bmahe 240: acquireRealm();
1.3 bmahe 241: String methods[] = getMethods();
242: boolean methodprotected = false;
243: if (methods != null) {
244: for (int i = 0 ; i < methods.length ; i++) {
245: if (permission.equals(methods[i]))
246: methodprotected = true;
247: }
248: } else {
249: methodprotected = true;
250: }
251: if (! methodprotected)
252: return true;
1.4 bmahe 253: return hasPrincipal(principal);
1.1 bmahe 254: }
255:
256: public String toString() {
1.3 bmahe 257: return getName();
258: }
259:
260: /**
261: * Initialize the Acl.
262: */
263: public void initialize(Object values[]) {
264: super.initialize(values) ;
1.1 bmahe 265: }
266:
267: }
Webmaster