JOnAS: src/org/objectweb/jonas_lib/security/jacc/JPolicyConfiguration.java Source File

00001 
00027 package org.objectweb.jonas_lib.security.jacc;
00028 
00029 import java.security.Permission;
00030 import java.security.PermissionCollection;
00031 import java.security.Permissions;
00032 import java.security.Principal;
00033 import java.security.SecurityPermission;
00034 import java.util.Enumeration;
00035 import java.util.HashMap;
00036 import java.util.Map;
00037 
00038 import javax.security.jacc.PolicyConfiguration;
00039 import javax.security.jacc.PolicyContextException;
00040 
00041 import org.objectweb.util.monolog.api.BasicLevel;
00042 import org.objectweb.util.monolog.api.Logger;
00043 
00044 import org.objectweb.jonas_lib.I18n;
00045 
00046 import org.objectweb.common.TraceCore;
00047 
00052 public class JPolicyConfiguration implements PolicyConfiguration {
00053 
00057     private static final int NB_STATES = 3;
00058 
00063     private static final int OPEN = 0;
00064 
00065 
00070     private static final int IN_SERVICE = 1;
00071 
00076     private static final int DELETED = 2;
00077 
00081     private static I18n i18n = I18n.getInstance(JPolicyConfiguration.class);
00082 
00086     private static String[] states = null;
00087 
00091     private int state;
00092 
00096     private String contextID = null;
00097 
00101     private static Logger logger = null;
00102 
00103 
00107     private PermissionCollection excludedPermissions = null;
00108 
00112     private PermissionCollection uncheckedPermissions = null;
00113 
00117     private Map rolePermissions = null;
00118 
00123     public JPolicyConfiguration(String contextID) {
00124         this.contextID = contextID;
00125 
00126         // init logger
00127         logger = TraceCore.sec;
00128 
00129         // init string representation
00130         if (states == null) {
00131             // 3 states
00132             states = new String[NB_STATES];
00133             states[OPEN] = i18n.getMessage("JPolicyConfiguration.openState");
00134             states[IN_SERVICE] = i18n.getMessage("JPolicyConfiguration.inServiceState");
00135             states[DELETED] = i18n.getMessage("JPolicyConfiguration.deletedState");
00136         }
00137 
00138         // initial state is open
00139         resetState();
00140 
00141         // init permissions
00142         excludedPermissions = new Permissions();
00143         uncheckedPermissions = new Permissions();
00144         rolePermissions = new HashMap();
00145     }
00146 
00160     public void addToExcludedPolicy(Permission permission)
00161         throws PolicyContextException, SecurityException, UnsupportedOperationException {
00162 
00163         if (logger.isLoggable(BasicLevel.DEBUG)) {
00164             logger.log(BasicLevel.DEBUG, "Adding permission '" + permission + "' as excluded policy.");
00165         }
00166 
00167         // Section 3.3 - Check permissions
00168         checkSetPolicy();
00169 
00170         // Open state required
00171         checkCurrentStateIsInState(OPEN);
00172 
00173         // Add permission
00174         if (permission != null) {
00175             excludedPermissions.add(permission);
00176         }
00177 
00178     }
00179 
00196     public void addToExcludedPolicy(PermissionCollection permissions)
00197         throws PolicyContextException, SecurityException, UnsupportedOperationException {
00198 
00199         if (logger.isLoggable(BasicLevel.DEBUG)) {
00200             logger.log(BasicLevel.DEBUG, "Adding permissions '" + permissions + "' as excluded policy.");
00201         }
00202 
00203         // Section 3.3 - Check permissions
00204         checkSetPolicy();
00205 
00206         // Open state required
00207         checkCurrentStateIsInState(OPEN);
00208 
00209         // Add permissions
00210         if (permissions != null) {
00211             for (Enumeration e = permissions.elements(); e.hasMoreElements();) {
00212                 excludedPermissions.add((Permission) e.nextElement());
00213             }
00214         }
00215 
00216     }
00217 
00232     public void addToRole(String roleName, Permission permission)
00233         throws PolicyContextException, SecurityException, UnsupportedOperationException {
00234 
00235         if (logger.isLoggable(BasicLevel.DEBUG)) {
00236             logger.log(BasicLevel.DEBUG, "Adding permission '" + permission + "' to role '" + roleName + "'.");
00237         }
00238 
00239         // Section 3.3 - Check permissions
00240         checkSetPolicy();
00241 
00242         // Open state required
00243         checkCurrentStateIsInState(OPEN);
00244 
00245         // Fail if roleName is null
00246         if (roleName == null) {
00247             throw new PolicyContextException(i18n.getMessage("JPolicyConfiguration.addToRole"));
00248         }
00249 
00250 
00251         // Break if permission is null
00252         if (permission == null) {
00253             return;
00254         }
00255         PermissionCollection permissionsOfRole = (PermissionCollection) rolePermissions.get(roleName);
00256 
00257         //create permission object if no previous permission for the given role
00258         if (permissionsOfRole == null) {
00259             permissionsOfRole = new Permissions();
00260         }
00261         permissionsOfRole.add(permission);
00262 
00263         // add to the list
00264         rolePermissions.put(roleName, permissionsOfRole);
00265 
00266     }
00267 
00283     public void addToRole(String roleName, PermissionCollection permissions)
00284         throws PolicyContextException, SecurityException, UnsupportedOperationException {
00285 
00286         if (logger.isLoggable(BasicLevel.DEBUG)) {
00287             logger.log(BasicLevel.DEBUG, "Adding permissions '" + permissions + "' to role '" + roleName + "'.");
00288         }
00289 
00290         // Section 3.3 - Check permissions
00291         checkSetPolicy();
00292 
00293         // Open state required
00294         checkCurrentStateIsInState(OPEN);
00295 
00296         // Fail if roleName is null
00297         if (roleName == null) {
00298             throw new PolicyContextException(i18n.getMessage("JPolicyConfiguration.addToRole"));
00299         }
00300 
00301 
00302         // Break if permission is null
00303         if (permissions == null) {
00304             return;
00305         }
00306         PermissionCollection permissionsOfRole = (PermissionCollection) rolePermissions.get(roleName);
00307 
00308         //create permission object if no previous permission for the given role
00309         if (permissionsOfRole == null) {
00310             permissionsOfRole = new Permissions();
00311         }
00312 
00313         for (Enumeration e = permissions.elements(); e.hasMoreElements();) {
00314             permissionsOfRole.add((Permission) e.nextElement());
00315         }
00316 
00317         // add to the list
00318         rolePermissions.put(roleName, permissionsOfRole);
00319 
00320     }
00321 
00335     public void addToUncheckedPolicy(Permission permission)
00336         throws PolicyContextException, SecurityException, UnsupportedOperationException {
00337 
00338         if (logger.isLoggable(BasicLevel.DEBUG)) {
00339             logger.log(BasicLevel.DEBUG, "Adding permission '" + permission + "' as unchecked policy.");
00340         }
00341 
00342         // Section 3.3 - Check permissions
00343         checkSetPolicy();
00344 
00345         // Open state required
00346         checkCurrentStateIsInState(OPEN);
00347 
00348         // Add permission
00349         if (permission != null) {
00350             uncheckedPermissions.add(permission);
00351         }
00352 
00353     }
00354 
00371     public void addToUncheckedPolicy(PermissionCollection permissions)
00372         throws PolicyContextException, SecurityException, UnsupportedOperationException {
00373 
00374         if (logger.isLoggable(BasicLevel.DEBUG)) {
00375             logger.log(BasicLevel.DEBUG, "Adding permissions '" + permissions + "' as unchecked policy.");
00376         }
00377 
00378         // Section 3.3 - Check permissions
00379         checkSetPolicy();
00380 
00381         // Open state required
00382         checkCurrentStateIsInState(OPEN);
00383 
00384         // Add permissions
00385         if (permissions != null) {
00386             for (Enumeration e = permissions.elements(); e.hasMoreElements();) {
00387                 uncheckedPermissions.add((Permission) e.nextElement());
00388             }
00389         }
00390 
00391     }
00392 
00393 
00417     public void commit() throws PolicyContextException, SecurityException, UnsupportedOperationException {
00418 
00419         // Section 3.3 - Check permissions
00420         checkSetPolicy();
00421 
00422         // Deleted state refused
00423         checkCurrentStateNotInState(DELETED);
00424 
00425         // Now state is in service
00426         state = IN_SERVICE;
00427 
00428         // add the configuration of this object
00429         JPolicyConfigurationKeeper.addConfiguration(this);
00430    }
00431 
00447     public void delete() throws PolicyContextException, SecurityException {
00448 
00449         // Section 3.3 - Check permissions
00450         checkSetPolicy();
00451 
00452         // all policy statements are deleted
00453         excludedPermissions = new Permissions();
00454         uncheckedPermissions = new Permissions();
00455         rolePermissions = new HashMap();
00456 
00457         // change state to DELETED
00458         state = DELETED;
00459 
00460         // remove the configuration of this object
00461         JPolicyConfigurationKeeper.removeConfiguration(this);
00462 
00463     }
00464 
00476     public String getContextID() throws PolicyContextException, SecurityException {
00477 
00478         // Section 3.3 - Check permissions
00479         checkSetPolicy();
00480 
00481         return contextID;
00482     }
00483 
00497     public boolean inService() throws PolicyContextException, SecurityException {
00498 
00499         // Section 3.3 - Check permissions
00500         checkSetPolicy();
00501 
00502         return (state == IN_SERVICE);
00503     }
00504 
00535     public void linkConfiguration(PolicyConfiguration link)
00536         throws IllegalArgumentException, PolicyContextException, SecurityException, UnsupportedOperationException {
00537 
00538         // Section 3.3 - Check permissions
00539         checkSetPolicy();
00540 
00541         // Open state required
00542         checkCurrentStateIsInState(OPEN);
00543 
00544         // Equivalent to this PolicyConfiguration object ?
00545         if (this.equals(link)) {
00546             throw new IllegalArgumentException(i18n.getMessage("JPolicyConfiguration.linkConfiguration.equivalent", this, link));
00547         }
00548 
00549         //TODO : link objects together.
00550 
00551     }
00552 
00566     public void removeExcludedPolicy()
00567         throws PolicyContextException, SecurityException, UnsupportedOperationException {
00568 
00569         // Section 3.3 - Check permissions
00570         checkSetPolicy();
00571 
00572         // Open state required
00573         checkCurrentStateIsInState(OPEN);
00574 
00575         // reinit
00576         excludedPermissions = new Permissions();
00577     }
00578 
00592     public void removeRole(String roleName)
00593         throws PolicyContextException, SecurityException, UnsupportedOperationException {
00594 
00595         // Section 3.3 - Check permissions
00596         checkSetPolicy();
00597 
00598         // Open state required
00599         checkCurrentStateIsInState(OPEN);
00600 
00601         // Remove role permissions
00602         rolePermissions.remove(roleName);
00603     }
00604 
00618     public void removeUncheckedPolicy()
00619         throws PolicyContextException, SecurityException, UnsupportedOperationException {
00620 
00621         // Section 3.3 - Check permissions
00622         checkSetPolicy();
00623 
00624         // Open state required
00625         checkCurrentStateIsInState(OPEN);
00626 
00627         // Remove unckecked policy
00628         uncheckedPermissions = new Permissions();
00629     }
00630 
00637     private void checkCurrentStateNotInState(int s) throws UnsupportedOperationException {
00638         if (this.state == s) {
00639             String err = i18n.getMessage("JPolicyConfiguration.checkCurrentStateNotInState.notValidState", states[s], states[state]);
00640             throw new UnsupportedOperationException(err);
00641         }
00642     }
00643 
00650     private void checkCurrentStateIsInState(int s) throws UnsupportedOperationException {
00651         if (this.state != s) {
00652             String err = i18n.getMessage("JPolicyConfiguration.checkCurrentStateNotInState.notValidState", states[state], states[s]);
00653             throw new UnsupportedOperationException(err);
00654         }
00655     }
00656 
00665     private void checkSetPolicy() throws SecurityException {
00666         SecurityManager securityManager = System.getSecurityManager();
00667         if (securityManager != null) {
00668             securityManager.checkPermission(new SecurityPermission("setPolicy"));
00669         }
00670     }
00671 
00678     public boolean equals(Object obj) {
00679         if (!(obj instanceof PolicyConfiguration)) {
00680             if (logger.isLoggable(BasicLevel.ERROR)) {
00681                 logger.log(BasicLevel.ERROR, i18n.getMessage("JPolicyConfiguration.equals.notInstanceOf"));
00682             }
00683             return false;
00684         } else {
00685             try {
00686                 return (this.contextID == ((PolicyConfiguration) obj).getContextID());
00687             } catch (PolicyContextException pce) {
00688                 if (logger.isLoggable(BasicLevel.ERROR)) {
00689                     logger.log(BasicLevel.ERROR, i18n.getMessage("JPolicyConfiguration.equals.canNotCheck", pce.getMessage()));
00690                 }
00691                 return false;
00692             }
00693         }
00694     }
00695 
00700      public int hashCode() {
00701          return contextID.hashCode();
00702      }
00703 
00704 
00708     protected void resetState() {
00709         this.state = OPEN;
00710     }
00711 
00712 
00713 
00718     public PermissionCollection getExcludedPermissions() {
00719         // Works only if state is in service
00720         if (state != IN_SERVICE) {
00721             return new Permissions();
00722         } else {
00723             return excludedPermissions;
00724         }
00725     }
00726 
00727 
00732     public PermissionCollection getUncheckedPermissions() {
00733         // Works only if state is in service
00734         if (state != IN_SERVICE) {
00735             return new Permissions();
00736         } else {
00737             return uncheckedPermissions;
00738         }
00739     }
00740 
00741 
00747     public PermissionCollection getPermissionsForPrincipal(Principal principal) {
00748 
00749         if (logger.isLoggable(BasicLevel.DEBUG)) {
00750             logger.log(BasicLevel.DEBUG, "principal = " + principal);
00751         }
00752 
00753         // Works only if state is in service and if principal is not null
00754         if (principal == null || state != IN_SERVICE) {
00755             return new Permissions();
00756         }
00757 
00758         PermissionCollection permissionsOfRole = (PermissionCollection) rolePermissions.get(principal.getName());
00759 
00760         if (logger.isLoggable(BasicLevel.DEBUG)) {
00761             logger.log(BasicLevel.DEBUG, "Permissions found = " + permissionsOfRole);
00762         }
00763 
00764         //create permission object if no previous permission for the given role
00765         if (permissionsOfRole == null) {
00766             permissionsOfRole = new Permissions();
00767         }
00768 
00769         return permissionsOfRole;
00770     }
00771 
00772 }