00001
00027 package org.objectweb.jonas_web.deployment.api;
00028
00029 import java.security.Permission;
00030 import java.security.PermissionCollection;
00031 import java.security.Permissions;
00032 import java.util.ArrayList;
00033 import java.util.Collections;
00034 import java.util.Enumeration;
00035 import java.util.HashMap;
00036 import java.util.Iterator;
00037 import java.util.List;
00038 import java.util.Map;
00039
00040 import org.objectweb.util.monolog.api.BasicLevel;
00041 import org.objectweb.util.monolog.api.Logger;
00042
00043 import org.objectweb.jonas_lib.deployment.xml.SecurityRole;
00044
00045 import org.objectweb.jonas_web.deployment.xml.AuthConstraint;
00046 import org.objectweb.jonas_web.deployment.xml.SecurityConstraint;
00047 import org.objectweb.jonas_web.deployment.xml.UserDataConstraint;
00048 import org.objectweb.jonas_web.deployment.xml.WebApp;
00049 import org.objectweb.jonas_web.deployment.xml.WebResourceCollection;
00050
00051 import org.objectweb.common.TraceCore;
00052
00053
00059 public class SecurityConstraintListDesc {
00060
00064 private static final String DEFAULT_PATTERN = "/";
00065
00069 private WebApp webApp = null;
00070
00074 private Map mapPatterns = null;
00075
00079 private PermissionCollection excludedPermissions = null;
00080
00084 private PermissionCollection uncheckedPermissions = null;
00085
00086
00090 private Map permissionsByRole = null;
00091
00092
00096 private static Logger logger = null;
00097
00098
00103 public SecurityConstraintListDesc(WebApp webApp) {
00104 this.webApp = webApp;
00105
00106
00107 logger = TraceCore.jacc;
00108
00109
00110 mapPatterns = new HashMap();
00111
00112
00113 excludedPermissions = new Permissions();
00114 uncheckedPermissions = new Permissions();
00115 permissionsByRole = new HashMap();
00116 try {
00117
00118 initConstraints();
00119
00120
00121 qualifyPatterns();
00122
00123
00124 buildPermissions();
00125 } catch (Exception e) {
00126 e.printStackTrace();
00127 }
00128 }
00129
00130
00136 private void initConstraints() {
00137
00138
00139
00140 String[] securityRoles = new String[webApp.getSecurityRoleList().size()];
00141 int r = 0;
00142 for (Iterator itSecurityRoles = webApp.getSecurityRoleList().iterator(); itSecurityRoles.hasNext(); r++) {
00143 securityRoles[r] = ((SecurityRole) itSecurityRoles.next()).getRoleName();
00144 }
00145
00146 SecurityConstraint securityConstraint = null;
00147 for (Iterator it = webApp.getSecurityConstraintList().iterator(); it.hasNext();) {
00148
00149
00150 securityConstraint = (SecurityConstraint) it.next();
00151
00152
00153 List webResourceCollectionList = securityConstraint.getWebResourceCollectionList();
00154
00155
00156 AuthConstraint authConstraint = securityConstraint.getAuthConstraint();
00157
00158
00159 UserDataConstraint userDataConstraint = securityConstraint.getUserDataConstraint();
00160
00161
00162 List rolesList = null;
00163 boolean hasAuthConstraint = false;
00164 boolean isExcludingAuthConstraint = false;
00165 if (authConstraint != null) {
00166 rolesList = authConstraint.getRoleNameList();
00167
00168 hasAuthConstraint = true;
00169 isExcludingAuthConstraint = (rolesList.size() == 0);
00170 }
00171
00172
00173
00174 String transportGuarantee = null;
00175 if (userDataConstraint != null) {
00176 transportGuarantee = userDataConstraint.getTransportGuarantee();
00177 }
00178
00179
00180
00181 WebResourceCollection webRC = null;
00182
00183
00184 for (Iterator itWebRC = webResourceCollectionList.iterator(); itWebRC.hasNext();) {
00185 webRC = (WebResourceCollection) itWebRC.next();
00186
00187
00188 List methodList = webRC.getHttpMethodList();
00189
00190
00191
00192
00193
00194 String urlPatternString = null;
00195 for (Iterator itPattern = webRC.getUrlPatternList().iterator(); itPattern.hasNext();) {
00196 urlPatternString = (String) itPattern.next();
00197
00198
00199 PatternEntry patternEntry = (PatternEntry) mapPatterns.get(urlPatternString);
00200 if (patternEntry == null) {
00201 patternEntry = new PatternEntry(urlPatternString);
00202 mapPatterns.put(urlPatternString, patternEntry);
00203 }
00204
00205 String[] methods = null;
00206 if (methodList.isEmpty()) {
00207
00208 methods = MethodsDesc.METHODS;
00209 } else {
00210 methods = (String[]) methodList.toArray(new String[methodList.size()]);
00211 }
00212 if (hasAuthConstraint) {
00213
00214 if (isExcludingAuthConstraint) {
00215 patternEntry.addExcludedMethods(methods, transportGuarantee);
00216 } else {
00217
00218 for (Iterator itRole = rolesList.iterator(); itRole.hasNext();) {
00219 String roleName = (String) itRole.next();
00220
00221
00222 if (roleName.equals("*")) {
00223 patternEntry.addMethodsOnRoles(methods, securityRoles, transportGuarantee);
00224 } else {
00225 patternEntry.addMethodsOnRole(methods, roleName, transportGuarantee);
00226 }
00227 }
00228 }
00229 } else {
00230
00231 patternEntry.addUncheckedMethods(methods, transportGuarantee);
00232 }
00233 }
00234 }
00235 }
00236 }
00237
00238
00243 private synchronized void qualifyPatterns() {
00244
00245
00246 PatternEntry defaultPatternEntry = (PatternEntry) mapPatterns.get(DEFAULT_PATTERN);
00247 if (defaultPatternEntry == null) {
00248 defaultPatternEntry = new PatternEntry(DEFAULT_PATTERN);
00249
00250 defaultPatternEntry.setUncheckedLastEntry();
00251 mapPatterns.put(DEFAULT_PATTERN, defaultPatternEntry);
00252 }
00253
00254
00255 PatternEntry patternEntry = null;
00256 Pattern otherPattern = null;
00257 String patternString = null;
00258
00259
00260 List patterns = new ArrayList();
00261 for (Iterator it = mapPatterns.keySet().iterator(); it.hasNext();) {
00262 patternString = (String) it.next();
00263 patterns.add(new Pattern(patternString));
00264 }
00265
00266
00267 Collections.sort(patterns);
00268
00269 Pattern pattern = null;
00270 for (Iterator it = mapPatterns.keySet().iterator(); it.hasNext();) {
00271 patternString = (String) it.next();
00272 pattern = new Pattern(patternString);
00273 patternEntry = (PatternEntry) mapPatterns.get(patternString);
00274
00275
00276 for (Iterator itOther = patterns.iterator(); itOther.hasNext();) {
00277 otherPattern = (Pattern) itOther.next();
00278
00279 if (pattern.isPathPrefix() && pattern.isMatching(otherPattern)) {
00280
00281
00282
00283
00284
00285
00286
00287
00288
00289 if (otherPattern.isPathPrefix() && !pattern.equals(otherPattern)) {
00290 patternEntry.addQualifiedPattern(otherPattern);
00291 } else if (otherPattern.isExactPattern()) {
00292 patternEntry.addQualifiedPattern(otherPattern);
00293 }
00294 } else if (pattern.isExtensionPattern()) {
00295
00296
00297
00298
00299
00300
00301
00302
00303 if (otherPattern.isPathPrefix() || (pattern.isMatching(otherPattern) && otherPattern.isExactPattern())) {
00304 patternEntry.addQualifiedPattern(otherPattern);
00305 }
00306 } else if (pattern.isDefaultPattern()) {
00307
00308
00309
00310
00311
00312
00313 if (!otherPattern.isDefaultPattern()) {
00314 patternEntry.addQualifiedPattern(otherPattern);
00315 }
00316
00317
00318
00319
00320
00321
00322
00323
00324 }
00325 }
00326 }
00327 }
00328
00329
00334 private void buildPermissions() {
00335
00336 PatternEntry patternEntry = null;
00337
00338 for (Iterator it = mapPatterns.values().iterator(); it.hasNext();) {
00339 patternEntry = (PatternEntry) it.next();
00340
00341 if (!patternEntry.isIrrelevant()) {
00342 if (patternEntry.isUncheckedLastEntry()) {
00343 addUncheckedPermissions(patternEntry.getUncheckedPermissions());
00344 } else {
00345 addExcludedPermissions(patternEntry.getExcludedPermissions());
00346 addUncheckedPermissions(patternEntry.getUncheckedPermissions());
00347 addRolePermissions(patternEntry.getRolesPermissionsMap());
00348 }
00349 }
00350 }
00351 if (logger.isLoggable(BasicLevel.DEBUG)) {
00352 logger.log(BasicLevel.DEBUG, "Excluded permissions = " + excludedPermissions);
00353 logger.log(BasicLevel.DEBUG, "Unchecked permissions = " + uncheckedPermissions);
00354 logger.log(BasicLevel.DEBUG, "Roles Permissions = ");
00355
00356 String roleName = null;
00357 for (Iterator it = permissionsByRole.keySet().iterator(); it.hasNext();) {
00358 roleName = (String) it.next();
00359 logger.log(BasicLevel.DEBUG, "Permissions for role " + roleName + " are "
00360 + permissionsByRole.get(roleName));
00361 }
00362 }
00363
00364 }
00365
00366
00372 private void addExcludedPermissions(PermissionCollection permissions) {
00373 if (permissions == null) {
00374 return;
00375 }
00376
00377 for (Enumeration e = permissions.elements(); e.hasMoreElements();) {
00378 excludedPermissions.add((Permission) e.nextElement());
00379 }
00380 }
00381
00387 private void addUncheckedPermissions(PermissionCollection permissions) {
00388 if (permissions == null) {
00389 return;
00390 }
00391
00392 for (Enumeration e = permissions.elements(); e.hasMoreElements();) {
00393 uncheckedPermissions.add((Permission) e.nextElement());
00394 }
00395 }
00396
00401 private void addRolePermissions(Map rolePermissionsMap) {
00402 if (rolePermissionsMap == null) {
00403 return;
00404 }
00405
00406
00407 String roleName = null;
00408 PermissionCollection permissions = null;
00409 PermissionCollection existingRolePermissions = null;
00410 for (Iterator it = rolePermissionsMap.keySet().iterator(); it.hasNext();) {
00411 roleName = (String) it.next();
00412 permissions = (PermissionCollection) rolePermissionsMap.get(roleName);
00413 if (permissions != null) {
00414 existingRolePermissions = (PermissionCollection) permissionsByRole.get(roleName);
00415 if (existingRolePermissions == null) {
00416 existingRolePermissions = new Permissions();
00417 permissionsByRole.put(roleName, existingRolePermissions);
00418 }
00419 for (Enumeration e = permissions.elements(); e.hasMoreElements();) {
00420 existingRolePermissions.add((Permission) e.nextElement());
00421 }
00422 }
00423 }
00424 }
00425
00426
00431 public PermissionCollection getExcludedPermissions() {
00432 return excludedPermissions;
00433 }
00434
00435
00440 public PermissionCollection getUncheckedPermissions() {
00441 return uncheckedPermissions;
00442 }
00443
00444
00449 public Map getPermissionsByRole() {
00450 return permissionsByRole;
00451 }
00452
00453 }
00454
00455
00456
00457
00458