00001
00027 package org.objectweb.jonas_lib.security.jacc;
00028
00029 import java.security.Permission;
00030 import java.security.PermissionCollection;
00031 import java.security.Permissions;
00032 import java.security.Principal;
00033 import java.security.SecurityPermission;
00034 import java.util.Enumeration;
00035 import java.util.HashMap;
00036 import java.util.Map;
00037
00038 import javax.security.jacc.PolicyConfiguration;
00039 import javax.security.jacc.PolicyContextException;
00040
00041 import org.objectweb.util.monolog.api.BasicLevel;
00042 import org.objectweb.util.monolog.api.Logger;
00043
00044 import org.objectweb.jonas_lib.I18n;
00045
00046 import org.objectweb.common.TraceCore;
00047
00052 public class JPolicyConfiguration implements PolicyConfiguration {
00053
00057 private static final int NB_STATES = 3;
00058
00063 private static final int OPEN = 0;
00064
00065
00070 private static final int IN_SERVICE = 1;
00071
00076 private static final int DELETED = 2;
00077
00081 private static I18n i18n = I18n.getInstance(JPolicyConfiguration.class);
00082
00086 private static String[] states = null;
00087
00091 private int state;
00092
00096 private String contextID = null;
00097
00101 private static Logger logger = null;
00102
00103
00107 private PermissionCollection excludedPermissions = null;
00108
00112 private PermissionCollection uncheckedPermissions = null;
00113
00117 private Map rolePermissions = null;
00118
00123 public JPolicyConfiguration(String contextID) {
00124 this.contextID = contextID;
00125
00126
00127 logger = TraceCore.sec;
00128
00129
00130 if (states == null) {
00131
00132 states = new String[NB_STATES];
00133 states[OPEN] = i18n.getMessage("JPolicyConfiguration.openState");
00134 states[IN_SERVICE] = i18n.getMessage("JPolicyConfiguration.inServiceState");
00135 states[DELETED] = i18n.getMessage("JPolicyConfiguration.deletedState");
00136 }
00137
00138
00139 resetState();
00140
00141
00142 excludedPermissions = new Permissions();
00143 uncheckedPermissions = new Permissions();
00144 rolePermissions = new HashMap();
00145 }
00146
00160 public void addToExcludedPolicy(Permission permission)
00161 throws PolicyContextException, SecurityException, UnsupportedOperationException {
00162
00163 if (logger.isLoggable(BasicLevel.DEBUG)) {
00164 logger.log(BasicLevel.DEBUG, "Adding permission '" + permission + "' as excluded policy.");
00165 }
00166
00167
00168 checkSetPolicy();
00169
00170
00171 checkCurrentStateIsInState(OPEN);
00172
00173
00174 if (permission != null) {
00175 excludedPermissions.add(permission);
00176 }
00177
00178 }
00179
00196 public void addToExcludedPolicy(PermissionCollection permissions)
00197 throws PolicyContextException, SecurityException, UnsupportedOperationException {
00198
00199 if (logger.isLoggable(BasicLevel.DEBUG)) {
00200 logger.log(BasicLevel.DEBUG, "Adding permissions '" + permissions + "' as excluded policy.");
00201 }
00202
00203
00204 checkSetPolicy();
00205
00206
00207 checkCurrentStateIsInState(OPEN);
00208
00209
00210 if (permissions != null) {
00211 for (Enumeration e = permissions.elements(); e.hasMoreElements();) {
00212 excludedPermissions.add((Permission) e.nextElement());
00213 }
00214 }
00215
00216 }
00217
00232 public void addToRole(String roleName, Permission permission)
00233 throws PolicyContextException, SecurityException, UnsupportedOperationException {
00234
00235 if (logger.isLoggable(BasicLevel.DEBUG)) {
00236 logger.log(BasicLevel.DEBUG, "Adding permission '" + permission + "' to role '" + roleName + "'.");
00237 }
00238
00239
00240 checkSetPolicy();
00241
00242
00243 checkCurrentStateIsInState(OPEN);
00244
00245
00246 if (roleName == null) {
00247 throw new PolicyContextException(i18n.getMessage("JPolicyConfiguration.addToRole"));
00248 }
00249
00250
00251
00252 if (permission == null) {
00253 return;
00254 }
00255 PermissionCollection permissionsOfRole = (PermissionCollection) rolePermissions.get(roleName);
00256
00257
00258 if (permissionsOfRole == null) {
00259 permissionsOfRole = new Permissions();
00260 }
00261 permissionsOfRole.add(permission);
00262
00263
00264 rolePermissions.put(roleName, permissionsOfRole);
00265
00266 }
00267
00283 public void addToRole(String roleName, PermissionCollection permissions)
00284 throws PolicyContextException, SecurityException, UnsupportedOperationException {
00285
00286 if (logger.isLoggable(BasicLevel.DEBUG)) {
00287 logger.log(BasicLevel.DEBUG, "Adding permissions '" + permissions + "' to role '" + roleName + "'.");
00288 }
00289
00290
00291 checkSetPolicy();
00292
00293
00294 checkCurrentStateIsInState(OPEN);
00295
00296
00297 if (roleName == null) {
00298 throw new PolicyContextException(i18n.getMessage("JPolicyConfiguration.addToRole"));
00299 }
00300
00301
00302
00303 if (permissions == null) {
00304 return;
00305 }
00306 PermissionCollection permissionsOfRole = (PermissionCollection) rolePermissions.get(roleName);
00307
00308
00309 if (permissionsOfRole == null) {
00310 permissionsOfRole = new Permissions();
00311 }
00312
00313 for (Enumeration e = permissions.elements(); e.hasMoreElements();) {
00314 permissionsOfRole.add((Permission) e.nextElement());
00315 }
00316
00317
00318 rolePermissions.put(roleName, permissionsOfRole);
00319
00320 }
00321
00335 public void addToUncheckedPolicy(Permission permission)
00336 throws PolicyContextException, SecurityException, UnsupportedOperationException {
00337
00338 if (logger.isLoggable(BasicLevel.DEBUG)) {
00339 logger.log(BasicLevel.DEBUG, "Adding permission '" + permission + "' as unchecked policy.");
00340 }
00341
00342
00343 checkSetPolicy();
00344
00345
00346 checkCurrentStateIsInState(OPEN);
00347
00348
00349 if (permission != null) {
00350 uncheckedPermissions.add(permission);
00351 }
00352
00353 }
00354
00371 public void addToUncheckedPolicy(PermissionCollection permissions)
00372 throws PolicyContextException, SecurityException, UnsupportedOperationException {
00373
00374 if (logger.isLoggable(BasicLevel.DEBUG)) {
00375 logger.log(BasicLevel.DEBUG, "Adding permissions '" + permissions + "' as unchecked policy.");
00376 }
00377
00378
00379 checkSetPolicy();
00380
00381
00382 checkCurrentStateIsInState(OPEN);
00383
00384
00385 if (permissions != null) {
00386 for (Enumeration e = permissions.elements(); e.hasMoreElements();) {
00387 uncheckedPermissions.add((Permission) e.nextElement());
00388 }
00389 }
00390
00391 }
00392
00393
00417 public void commit() throws PolicyContextException, SecurityException, UnsupportedOperationException {
00418
00419
00420 checkSetPolicy();
00421
00422
00423 checkCurrentStateNotInState(DELETED);
00424
00425
00426 state = IN_SERVICE;
00427
00428
00429 JPolicyConfigurationKeeper.addConfiguration(this);
00430 }
00431
00447 public void delete() throws PolicyContextException, SecurityException {
00448
00449
00450 checkSetPolicy();
00451
00452
00453 excludedPermissions = new Permissions();
00454 uncheckedPermissions = new Permissions();
00455 rolePermissions = new HashMap();
00456
00457
00458 state = DELETED;
00459
00460
00461 JPolicyConfigurationKeeper.removeConfiguration(this);
00462
00463 }
00464
00476 public String getContextID() throws PolicyContextException, SecurityException {
00477
00478
00479 checkSetPolicy();
00480
00481 return contextID;
00482 }
00483
00497 public boolean inService() throws PolicyContextException, SecurityException {
00498
00499
00500 checkSetPolicy();
00501
00502 return (state == IN_SERVICE);
00503 }
00504
00535 public void linkConfiguration(PolicyConfiguration link)
00536 throws IllegalArgumentException, PolicyContextException, SecurityException, UnsupportedOperationException {
00537
00538
00539 checkSetPolicy();
00540
00541
00542 checkCurrentStateIsInState(OPEN);
00543
00544
00545 if (this.equals(link)) {
00546 throw new IllegalArgumentException(i18n.getMessage("JPolicyConfiguration.linkConfiguration.equivalent", this, link));
00547 }
00548
00549
00550
00551 }
00552
00566 public void removeExcludedPolicy()
00567 throws PolicyContextException, SecurityException, UnsupportedOperationException {
00568
00569
00570 checkSetPolicy();
00571
00572
00573 checkCurrentStateIsInState(OPEN);
00574
00575
00576 excludedPermissions = new Permissions();
00577 }
00578
00592 public void removeRole(String roleName)
00593 throws PolicyContextException, SecurityException, UnsupportedOperationException {
00594
00595
00596 checkSetPolicy();
00597
00598
00599 checkCurrentStateIsInState(OPEN);
00600
00601
00602 rolePermissions.remove(roleName);
00603 }
00604
00618 public void removeUncheckedPolicy()
00619 throws PolicyContextException, SecurityException, UnsupportedOperationException {
00620
00621
00622 checkSetPolicy();
00623
00624
00625 checkCurrentStateIsInState(OPEN);
00626
00627
00628 uncheckedPermissions = new Permissions();
00629 }
00630
00637 private void checkCurrentStateNotInState(int s) throws UnsupportedOperationException {
00638 if (this.state == s) {
00639 String err = i18n.getMessage("JPolicyConfiguration.checkCurrentStateNotInState.notValidState", states[s], states[state]);
00640 throw new UnsupportedOperationException(err);
00641 }
00642 }
00643
00650 private void checkCurrentStateIsInState(int s) throws UnsupportedOperationException {
00651 if (this.state != s) {
00652 String err = i18n.getMessage("JPolicyConfiguration.checkCurrentStateNotInState.notValidState", states[state], states[s]);
00653 throw new UnsupportedOperationException(err);
00654 }
00655 }
00656
00665 private void checkSetPolicy() throws SecurityException {
00666 SecurityManager securityManager = System.getSecurityManager();
00667 if (securityManager != null) {
00668 securityManager.checkPermission(new SecurityPermission("setPolicy"));
00669 }
00670 }
00671
00678 public boolean equals(Object obj) {
00679 if (!(obj instanceof PolicyConfiguration)) {
00680 if (logger.isLoggable(BasicLevel.ERROR)) {
00681 logger.log(BasicLevel.ERROR, i18n.getMessage("JPolicyConfiguration.equals.notInstanceOf"));
00682 }
00683 return false;
00684 } else {
00685 try {
00686 return (this.contextID == ((PolicyConfiguration) obj).getContextID());
00687 } catch (PolicyContextException pce) {
00688 if (logger.isLoggable(BasicLevel.ERROR)) {
00689 logger.log(BasicLevel.ERROR, i18n.getMessage("JPolicyConfiguration.equals.canNotCheck", pce.getMessage()));
00690 }
00691 return false;
00692 }
00693 }
00694 }
00695
00700 public int hashCode() {
00701 return contextID.hashCode();
00702 }
00703
00704
00708 protected void resetState() {
00709 this.state = OPEN;
00710 }
00711
00712
00713
00718 public PermissionCollection getExcludedPermissions() {
00719
00720 if (state != IN_SERVICE) {
00721 return new Permissions();
00722 } else {
00723 return excludedPermissions;
00724 }
00725 }
00726
00727
00732 public PermissionCollection getUncheckedPermissions() {
00733
00734 if (state != IN_SERVICE) {
00735 return new Permissions();
00736 } else {
00737 return uncheckedPermissions;
00738 }
00739 }
00740
00741
00747 public PermissionCollection getPermissionsForPrincipal(Principal principal) {
00748
00749 if (logger.isLoggable(BasicLevel.DEBUG)) {
00750 logger.log(BasicLevel.DEBUG, "principal = " + principal);
00751 }
00752
00753
00754 if (principal == null || state != IN_SERVICE) {
00755 return new Permissions();
00756 }
00757
00758 PermissionCollection permissionsOfRole = (PermissionCollection) rolePermissions.get(principal.getName());
00759
00760 if (logger.isLoggable(BasicLevel.DEBUG)) {
00761 logger.log(BasicLevel.DEBUG, "Permissions found = " + permissionsOfRole);
00762 }
00763
00764
00765 if (permissionsOfRole == null) {
00766 permissionsOfRole = new Permissions();
00767 }
00768
00769 return permissionsOfRole;
00770 }
00771
00772 }