Main Page | Packages | Class Hierarchy | Class List | File List | Class Members | Related Pages | Search for 
src / org / objectweb / jonas_web / deployment / api

SecurityConstraintListDesc.java

00001 
00027 package org.objectweb.jonas_web.deployment.api;
00028 
00029 import java.security.Permission;
00030 import java.security.PermissionCollection;
00031 import java.security.Permissions;
00032 import java.util.ArrayList;
00033 import java.util.Collections;
00034 import java.util.Enumeration;
00035 import java.util.HashMap;
00036 import java.util.Iterator;
00037 import java.util.List;
00038 import java.util.Map;
00039 
00040 import org.objectweb.util.monolog.api.BasicLevel;
00041 import org.objectweb.util.monolog.api.Logger;
00042 
00043 import org.objectweb.jonas_lib.deployment.xml.SecurityRole;
00044 
00045 import org.objectweb.jonas_web.deployment.xml.AuthConstraint;
00046 import org.objectweb.jonas_web.deployment.xml.SecurityConstraint;
00047 import org.objectweb.jonas_web.deployment.xml.UserDataConstraint;
00048 import org.objectweb.jonas_web.deployment.xml.WebApp;
00049 import org.objectweb.jonas_web.deployment.xml.WebResourceCollection;
00050 
00051 import org.objectweb.common.TraceCore;
00052 
00053 
00059 public class SecurityConstraintListDesc {
00060 
00064     private static final String DEFAULT_PATTERN = "/";
00065 
00069     private WebApp webApp = null;
00070 
00074     private Map mapPatterns = null;
00075 
00079     private PermissionCollection excludedPermissions = null;
00080 
00084     private PermissionCollection uncheckedPermissions = null;
00085 
00086 
00090     private Map permissionsByRole = null;
00091 
00092 
00096     private static Logger logger = null;
00097 
00098 
00103     public SecurityConstraintListDesc(WebApp webApp) {
00104         this.webApp = webApp;
00105 
00106         // init logger
00107         logger = TraceCore.jacc;
00108 
00109         // Init patterns Map
00110         mapPatterns = new HashMap();
00111 
00112         // Init permissions
00113         excludedPermissions = new Permissions();
00114         uncheckedPermissions = new Permissions();
00115         permissionsByRole = new HashMap();
00116         try {
00117             // Transform DD to constraints
00118             initConstraints();
00119 
00120             // Qualify the patterns
00121             qualifyPatterns();
00122 
00123             // Build JACC permissions
00124             buildPermissions();
00125         } catch (Exception e) {
00126             e.printStackTrace();
00127         }
00128     }
00129 
00130 
00136     private void initConstraints() {
00137 
00138         // All defined security-role
00139         // Used if role-name = "*" in auth-constraint
00140         String[] securityRoles = new String[webApp.getSecurityRoleList().size()];
00141         int r = 0;
00142         for (Iterator itSecurityRoles = webApp.getSecurityRoleList().iterator(); itSecurityRoles.hasNext(); r++) {
00143             securityRoles[r] = ((SecurityRole) itSecurityRoles.next()).getRoleName();
00144         }
00145 
00146         SecurityConstraint securityConstraint = null;
00147         for (Iterator it = webApp.getSecurityConstraintList().iterator(); it.hasNext();) {
00148 
00149             // Retrieve Security Constraint object if any
00150             securityConstraint = (SecurityConstraint) it.next();
00151 
00152             // Get the resource collection list
00153             List webResourceCollectionList = securityConstraint.getWebResourceCollectionList();
00154 
00155             // Auth Constraint where role are defined
00156             AuthConstraint authConstraint = securityConstraint.getAuthConstraint();
00157 
00158             // User data constraint where role are defined
00159             UserDataConstraint userDataConstraint = securityConstraint.getUserDataConstraint();
00160 
00161             // Get roles if any
00162             List rolesList = null;
00163             boolean hasAuthConstraint = false;
00164             boolean isExcludingAuthConstraint = false;
00165             if (authConstraint != null) {
00166                 rolesList = authConstraint.getRoleNameList();
00167                 // Excluding if no roles
00168                 hasAuthConstraint = true;
00169                 isExcludingAuthConstraint = (rolesList.size() == 0);
00170             }
00171 
00172 
00173             // Transport Guarantee
00174             String transportGuarantee = null;
00175             if (userDataConstraint != null) {
00176                 transportGuarantee = userDataConstraint.getTransportGuarantee();
00177             }
00178 
00179 
00180             // Now, build the structure of patterns
00181             WebResourceCollection webRC = null;
00182 
00183             // For each web ressource collection
00184             for (Iterator itWebRC = webResourceCollectionList.iterator(); itWebRC.hasNext();) {
00185                 webRC = (WebResourceCollection) itWebRC.next();
00186 
00187                 // Get the http-method
00188                 List methodList = webRC.getHttpMethodList();
00189 
00190                 // For each pattern, add the http-method and set the transport guarantee
00191                 // If it is not an Excluding Auth constraint, add these values to each role
00192 
00193                 // Get all the patterns and build objects
00194                 String urlPatternString = null;
00195                 for (Iterator itPattern = webRC.getUrlPatternList().iterator(); itPattern.hasNext();) {
00196                     urlPatternString = (String) itPattern.next();
00197 
00198                     // Get existing if one ?
00199                     PatternEntry patternEntry = (PatternEntry) mapPatterns.get(urlPatternString);
00200                     if (patternEntry == null) {
00201                         patternEntry = new PatternEntry(urlPatternString);
00202                         mapPatterns.put(urlPatternString, patternEntry);
00203                     }
00204                     // Add for all or for all specified roles
00205                     String[] methods = null;
00206                     if (methodList.isEmpty()) {
00207                         // All the methods are applied
00208                         methods = MethodsDesc.METHODS;
00209                     } else {
00210                         methods = (String[]) methodList.toArray(new String[methodList.size()]);
00211                     }
00212                     if (hasAuthConstraint) {
00213                         // Excluded or role based
00214                         if (isExcludingAuthConstraint) {
00215                             patternEntry.addExcludedMethods(methods, transportGuarantee);
00216                         } else {
00217                             // role based
00218                             for (Iterator itRole = rolesList.iterator(); itRole.hasNext();) {
00219                                 String roleName = (String) itRole.next();
00220 
00221                                 // Add methods to a specific or all existing roles
00222                                 if (roleName.equals("*")) {
00223                                     patternEntry.addMethodsOnRoles(methods, securityRoles, transportGuarantee);
00224                                 } else {
00225                                     patternEntry.addMethodsOnRole(methods, roleName, transportGuarantee);
00226                                 }
00227                             }
00228                         }
00229                     } else {
00230                         // No auth Constraint --> unchecked
00231                         patternEntry.addUncheckedMethods(methods, transportGuarantee);
00232                     }
00233                 }
00234             }
00235         }
00236     }
00237 
00238 
00243     private synchronized void qualifyPatterns() {
00244 
00245         // Add default pattern
00246         PatternEntry defaultPatternEntry = (PatternEntry) mapPatterns.get(DEFAULT_PATTERN);
00247         if (defaultPatternEntry == null) {
00248             defaultPatternEntry = new PatternEntry(DEFAULT_PATTERN);
00249             // Last entry to unchecked
00250             defaultPatternEntry.setUncheckedLastEntry();
00251             mapPatterns.put(DEFAULT_PATTERN, defaultPatternEntry);
00252         }
00253 
00254         // For each pattern, qualify this pattern by all patterns
00255         PatternEntry patternEntry = null;
00256         Pattern otherPattern = null;
00257         String patternString = null;
00258 
00259         // Build list of patterns object
00260         List patterns = new ArrayList();
00261         for (Iterator it = mapPatterns.keySet().iterator(); it.hasNext();) {
00262             patternString = (String) it.next();
00263             patterns.add(new Pattern(patternString));
00264         }
00265 
00266         // Sort elements
00267         Collections.sort(patterns);
00268 
00269         Pattern pattern = null;
00270         for (Iterator it = mapPatterns.keySet().iterator(); it.hasNext();) {
00271             patternString = (String) it.next();
00272             pattern = new Pattern(patternString);
00273             patternEntry = (PatternEntry) mapPatterns.get(patternString);
00274 
00275             // Loop on all patterns
00276             for (Iterator itOther = patterns.iterator(); itOther.hasNext();) {
00277                 otherPattern = (Pattern) itOther.next();
00278 
00279                 if (pattern.isPathPrefix() && pattern.isMatching(otherPattern)) {
00280                     /* first case (path prefix)
00281                        If the pattern is a path prefix pattern, it must be
00282                        qualified by every path-prefix pattern in the
00283                        deployment descriptor matched by and different from
00284                        the pattern being qualified. The pattern must also be
00285                        qualified by every exact pattern appearing in the
00286                        deployment descriptor that is matched by the pattern being
00287                        qualified.
00288                     */
00289                     if (otherPattern.isPathPrefix() && !pattern.equals(otherPattern)) {
00290                         patternEntry.addQualifiedPattern(otherPattern);
00291                     } else if (otherPattern.isExactPattern()) {
00292                         patternEntry.addQualifiedPattern(otherPattern);
00293                     }
00294                 } else if (pattern.isExtensionPattern()) {
00295                     // Case two : Extension pattern
00296                     /*
00297                       If the pattern is an extension pattern, it must be
00298                       qualified by every path-prefix pattern appearing in
00299                       the deployment descriptor and every exact pattern in
00300                       the deployment descriptor that is matched by the
00301                       pattern being qualified.
00302                     */
00303                     if (otherPattern.isPathPrefix()  || (pattern.isMatching(otherPattern) && otherPattern.isExactPattern())) {
00304                         patternEntry.addQualifiedPattern(otherPattern);
00305                     }
00306                 } else if (pattern.isDefaultPattern()) {
00307                     // Case three : Default pattern
00308                     /*
00309                       If the pattern is the default pattern, "/", it must
00310                       be qualified by every other pattern except the default
00311                       pattern appearing in the deployment descriptor.
00312                     */
00313                     if (!otherPattern.isDefaultPattern()) {
00314                         patternEntry.addQualifiedPattern(otherPattern);
00315                     }
00316                     /*
00317                      } else if (pattern.isExactPattern()) {
00318                       // case 4 : Exact Pattern
00319                       // Nothing : must not contain any qualifying pattern
00320                       If the pattern is an exact pattern,
00321                       its qualified form must not contain any qualifying
00322                       patterns.
00323                     */
00324                 }
00325             }
00326         }
00327     }
00328 
00329 
00334     private void buildPermissions() {
00335 
00336         PatternEntry patternEntry = null;
00337         // For each pattern, build permissions (Exclude default pattern for now)
00338         for (Iterator it = mapPatterns.values().iterator(); it.hasNext();) {
00339             patternEntry = (PatternEntry) it.next();
00340             // No permissions if the pattern is irrelevant
00341             if (!patternEntry.isIrrelevant()) {
00342                 if (patternEntry.isUncheckedLastEntry()) {
00343                     addUncheckedPermissions(patternEntry.getUncheckedPermissions());
00344                 } else {
00345                     addExcludedPermissions(patternEntry.getExcludedPermissions());
00346                     addUncheckedPermissions(patternEntry.getUncheckedPermissions());
00347                     addRolePermissions(patternEntry.getRolesPermissionsMap());
00348                 }
00349             }
00350         }
00351         if (logger.isLoggable(BasicLevel.DEBUG)) {
00352             logger.log(BasicLevel.DEBUG, "Excluded permissions = " + excludedPermissions);
00353             logger.log(BasicLevel.DEBUG, "Unchecked permissions = " + uncheckedPermissions);
00354             logger.log(BasicLevel.DEBUG, "Roles Permissions = ");
00355 
00356             String roleName = null;
00357             for (Iterator it = permissionsByRole.keySet().iterator(); it.hasNext();) {
00358                 roleName = (String) it.next();
00359                 logger.log(BasicLevel.DEBUG, "Permissions for role " + roleName + " are "
00360                            + permissionsByRole.get(roleName));
00361             }
00362         }
00363 
00364     }
00365 
00366 
00372     private void addExcludedPermissions(PermissionCollection permissions) {
00373         if (permissions == null) {
00374             return;
00375         }
00376 
00377         for (Enumeration e = permissions.elements(); e.hasMoreElements();) {
00378             excludedPermissions.add((Permission) e.nextElement());
00379         }
00380     }
00381 
00387     private void addUncheckedPermissions(PermissionCollection permissions) {
00388         if (permissions == null) {
00389             return;
00390         }
00391 
00392         for (Enumeration e = permissions.elements(); e.hasMoreElements();) {
00393             uncheckedPermissions.add((Permission) e.nextElement());
00394         }
00395     }
00396 
00401     private void addRolePermissions(Map rolePermissionsMap) {
00402         if (rolePermissionsMap == null) {
00403             return;
00404         }
00405 
00406         // For each role, build permissions on actions found on the role.
00407         String roleName = null;
00408         PermissionCollection permissions = null;
00409         PermissionCollection existingRolePermissions = null;
00410         for (Iterator it = rolePermissionsMap.keySet().iterator(); it.hasNext();) {
00411             roleName = (String) it.next();
00412             permissions = (PermissionCollection) rolePermissionsMap.get(roleName);
00413             if (permissions != null) {
00414                 existingRolePermissions = (PermissionCollection) permissionsByRole.get(roleName);
00415                 if (existingRolePermissions == null) {
00416                     existingRolePermissions = new Permissions();
00417                     permissionsByRole.put(roleName, existingRolePermissions);
00418                 }
00419                 for (Enumeration e = permissions.elements(); e.hasMoreElements();) {
00420                     existingRolePermissions.add((Permission) e.nextElement());
00421                 }
00422             }
00423         }
00424     }
00425 
00426 
00431     public PermissionCollection getExcludedPermissions() {
00432         return excludedPermissions;
00433     }
00434 
00435 
00440     public PermissionCollection getUncheckedPermissions() {
00441         return uncheckedPermissions;
00442     }
00443 
00444 
00449     public Map getPermissionsByRole() {
00450         return permissionsByRole;
00451     }
00452 
00453 }
00454 
00455 
00456 
00457 
00458
Generated on Tue Feb 15 15:05:58 2005 for JOnAS by  doxygen 1.3.9.1