Annotation of java/classes/org/w3c/jigsaw/acl/AclRealm.java, revision 1.7
1.1 bmahe 1: // AclRealm.java
1.7 ! bmahe 2: // $Id: AclRealm.java,v 1.6 1999/04/27 14:17:36 bmahe Exp $
1.1 bmahe 3: // (c) COPYRIGHT MIT, INRIA and Keio, 1999.
4: // Please first read the full copyright statement in file COPYRIGHT.html
5:
6: package org.w3c.jigsaw.acl;
7:
8: import java.security.Principal;
9: import java.security.acl.AclEntry;
10: import java.security.acl.LastOwnerException;
11: import java.security.acl.NotOwnerException;
12: import java.security.acl.Permission;
1.3 bmahe 13: import java.util.Enumeration;
14: import java.util.Vector;
1.1 bmahe 15:
1.3 bmahe 16: import org.w3c.jigsaw.auth.AuthRealm;
17: import org.w3c.jigsaw.auth.AuthUser;
18: import org.w3c.jigsaw.auth.IPMatcher;
19: import org.w3c.jigsaw.auth.RealmsCatalog;
20: import org.w3c.jigsaw.http.httpd;
21:
22: import org.w3c.tools.resources.FramedResource;
23: import org.w3c.tools.resources.InvalidResourceException;
24: import org.w3c.tools.resources.ResourceReference;
25: import org.w3c.tools.resources.Attribute;
26: import org.w3c.tools.resources.AttributeRegistry;
27: import org.w3c.tools.resources.StringAttribute;
28: import org.w3c.tools.resources.StringArrayAttribute;
1.1 bmahe 29:
30: /**
1.7 ! bmahe 31: * @version $Revision: 1.6 $
1.1 bmahe 32: * @author Benoît Mahé (bmahe@w3.org)
33: */
34: public class AclRealm extends JAcl {
1.3 bmahe 35: /**
1.6 bmahe 36: * Attribute index - The realm name for this ACL.
37: */
38: protected static int ATTR_REALM = -1;
39: /**
40: * Attribute index - The list of allowed users.
41: */
42: protected static int ATTR_ALLOWED_USERS = -1 ;
43: /**
1.3 bmahe 44: * Attribute index - The methods protected by the filter.
45: */
46: protected static int ATTR_METHODS = -1 ;
1.2 bmahe 47:
1.3 bmahe 48: static {
49: Attribute a = null ;
50: Class c = null ;
51: try {
52: c = Class.forName("org.w3c.jigsaw.acl.AclRealm");
53: } catch (Exception ex) {
54: ex.printStackTrace() ;
55: System.exit(1) ;
56: }
1.6 bmahe 57: // The realm name (to be resolved by the RealmFactory).
58: a = new StringAttribute("realm"
59: , null
60: , Attribute.EDITABLE|Attribute.MANDATORY);
61: ATTR_REALM = AttributeRegistry.registerAttribute(c, a) ;
62: // The list of allowed users
63: a = new StringArrayAttribute("users"
64: , null
65: , Attribute.EDITABLE) ;
66: ATTR_ALLOWED_USERS = AttributeRegistry.registerAttribute(c, a) ;
1.3 bmahe 67: // The protected methods
68: a = new StringArrayAttribute("methods"
69: , null
70: , Attribute.EDITABLE) ;
71: ATTR_METHODS = AttributeRegistry.registerAttribute(c, a) ;
72: }
73:
74: /**
75: * The IPMatcher to match IP templates to user records.
76: */
77: protected IPMatcher ipmatcher = null ;
78: /**
79: * The catalog of realms that make our scope.
80: */
81: protected RealmsCatalog catalog = null ;
82: /**
83: * Our associated realm.
84: */
85: protected ResourceReference rr_realm = null ;
86: /**
87: * The nam of the realm we cache in <code>realm</code>.
88: */
89: protected String loaded_realm = null ;
90:
1.4 bmahe 91: protected Vector entries = null;
1.3 bmahe 92:
93: /**
94: * Get the list of methods that this filter protect
95: * @return An array of String giving the name of the protected methods,
96: * or <strong>null</strong>, in wich case <em>all</em> methods are
97: * to be protected.
98: */
99: public String[] getMethods() {
100: return (String[]) getValue(ATTR_METHODS, null) ;
101: }
102:
103: /**
104: * Get the realm of this filter.
105: */
106: public String getRealm() {
107: return (String) getValue(ATTR_REALM, null) ;
108: }
109:
110: /**
1.6 bmahe 111: * Get the list of allowed users.
112: */
113: public String[] getAllowedUsers() {
114: return (String[]) getValue(ATTR_ALLOWED_USERS, null) ;
115: }
116:
117: /**
1.3 bmahe 118: * Get a pointer to our realm, and initialize our ipmatcher.
119: */
1.4 bmahe 120: protected synchronized void acquireRealm() {
121: entries = new Vector(10);
1.3 bmahe 122: // Get our catalog:
123: if ( catalog == null ) {
124: httpd server = (httpd)
125: ((FramedResource) getTargetResource()).getServer() ;
126: catalog = server.getRealmsCatalog() ;
127: }
128: // Check that our realm name is valid:
129: String name = getRealm() ;
130: if ( name == null )
131: return ;
132: if ((rr_realm != null) && name.equals(loaded_realm))
133: return ;
134: // Load the realm and create the ipmtacher object
135: rr_realm = catalog.loadRealm(name) ;
136: if (rr_realm != null) {
137: try {
138: AuthRealm realm = (AuthRealm) rr_realm.lock();
139: Enumeration enum = realm.enumerateUserNames() ;
140: while (enum.hasMoreElements()) {
141: String uname = (String) enum.nextElement() ;
142: ResourceReference rr_user = realm.loadUser(uname) ;
143: try {
144: AuthUser user = (AuthUser) rr_user.lock();
1.4 bmahe 145: createEntry(user);
1.3 bmahe 146: } catch (InvalidResourceException ex) {
147: System.out.println("Invalid user reference : "+uname);
148: } finally {
149: rr_user.unlock();
150: }
151: }
152: } catch (InvalidResourceException ex) {
153:
154: } finally {
155: rr_realm.unlock();
156: }
157: }
158: }
159:
1.6 bmahe 160: /**
161: * Is this user allowed in the realm ?
162: * @return A boolean <strong>true</strong> if access allowed.
163: */
164: protected boolean checkUser(AuthUser user) {
165: String allowed_users[] = getAllowedUsers() ;
166: // Check in the list of allowed users:
167: if ( allowed_users != null ) {
168: for (int i = 0 ; i < allowed_users.length ; i++) {
169: if (allowed_users[i].equals(user.getName()))
170: return true ;
171: }
172: } else {
173: //all users allowed
174: return true;
175: }
176: return false;
177: }
178:
1.4 bmahe 179: protected void createEntry(AuthUser user) {
1.6 bmahe 180: if (checkUser(user)) {
181: AclPrincipal aclp = new AclPrincipal(user, getName());
182: entries.addElement(aclp);
183: }
1.4 bmahe 184: }
185:
186: protected boolean hasPrincipal(Principal p) {
187: //test with equals...
188: int idx = entries.indexOf(p);
189: return (idx != -1);
1.3 bmahe 190: }
1.1 bmahe 191:
192: public boolean addOwner(Principal caller, Principal owner)
193: throws NotOwnerException
194: {
1.7 ! bmahe 195: throw new NotOwnerException();
1.1 bmahe 196: }
197:
198: public boolean deleteOwner(Principal caller, Principal owner)
199: throws NotOwnerException, LastOwnerException
200: {
1.7 ! bmahe 201: throw new NotOwnerException();
1.1 bmahe 202: }
203:
204: public boolean isOwner(Principal owner) {
205: return false;
206: }
207:
208: public void setName(Principal caller, String name)
209: throws NotOwnerException
210: {
1.3 bmahe 211: throw new NotOwnerException();
1.1 bmahe 212: }
213:
214: public String getName() {
1.3 bmahe 215: return getRealm();
1.1 bmahe 216: }
217:
218: public boolean addEntry(Principal caller, AclEntry entry)
219: throws NotOwnerException
220: {
1.7 ! bmahe 221: throw new NotOwnerException();
1.1 bmahe 222: }
223:
224: public boolean removeEntry(Principal caller, AclEntry entry)
225: throws NotOwnerException
226: {
1.7 ! bmahe 227: throw new NotOwnerException();
1.1 bmahe 228: }
229:
230: public Enumeration getPermissions(Principal user) {
231: return null;
232: }
233:
234: public Enumeration entries() {
235: return null;
236: }
237:
238: public boolean checkPermission(Principal principal, Permission permission)
239: {
1.4 bmahe 240: acquireRealm();
1.3 bmahe 241: String methods[] = getMethods();
242: boolean methodprotected = false;
243: if (methods != null) {
244: for (int i = 0 ; i < methods.length ; i++) {
245: if (permission.equals(methods[i]))
246: methodprotected = true;
247: }
248: } else {
249: methodprotected = true;
250: }
251: if (! methodprotected)
252: return true;
1.4 bmahe 253: return hasPrincipal(principal);
1.1 bmahe 254: }
255:
256: public String toString() {
1.3 bmahe 257: return getName();
258: }
259:
260: /**
261: * Initialize the Acl.
262: */
263: public void initialize(Object values[]) {
264: super.initialize(values) ;
1.1 bmahe 265: }
266:
267: }
Webmaster