Package org.w3c.jigsaw.acl

Source Code of org.w3c.jigsaw.acl.AclRealm

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
// AclRealm.java
// $Id: AclRealm.java,v 1.11 2007/02/10 12:51:18 ylafon Exp $
// (c) COPYRIGHT MIT, INRIA and Keio, 1999.
// Please first read the full copyright statement in file COPYRIGHT.html

package org.w3c.jigsaw.acl;

import java.security.Principal;
import java.security.acl.AclEntry;
import java.security.acl.LastOwnerException;
import java.security.acl.NotOwnerException;
import java.security.acl.Permission;
import java.util.Enumeration;
import java.util.Vector;

import org.w3c.jigsaw.auth.AuthRealm;
import org.w3c.jigsaw.auth.AuthUser;
import org.w3c.jigsaw.auth.AuthFilter;
import org.w3c.jigsaw.auth.IPMatcher;
import org.w3c.jigsaw.auth.RealmsCatalog;
import org.w3c.jigsaw.http.Request;
import org.w3c.jigsaw.http.httpd;

import org.w3c.tools.resources.FramedResource;
import org.w3c.tools.resources.InvalidResourceException;
import org.w3c.tools.resources.ResourceReference;
import org.w3c.tools.resources.Attribute;
import org.w3c.tools.resources.AttributeRegistry;
import org.w3c.tools.resources.StringAttribute;
import org.w3c.tools.resources.StringArrayAttribute;

/**
* @version $Revision: 1.11 $
* @author  Beno�t Mah� (bmahe@w3.org)
*/
public class AclRealm extends JAcl {
    /**
     * Attribute index - The realm name for this ACL.
     */
    protected static int ATTR_REALM = -1;
    /**
     * Attribute index - The list of allowed users.
     */
    protected static int ATTR_ALLOWED_USERS = -1 ;
    /**
     * Attribute index - The methods protected by the filter.
     */
    protected static int ATTR_METHODS = -1 ;

    static {
  Attribute a   = null ;
  Class     c = null ;
  try {
      c = Class.forName("org.w3c.jigsaw.acl.AclRealm");
  } catch (Exception ex) {
      ex.printStackTrace() ;
      System.exit(1) ;
  }
  // The realm name (to be resolved by the RealmFactory).
  a = new StringAttribute("realm"
        , null
        , Attribute.EDITABLE|Attribute.MANDATORY);
  ATTR_REALM = AttributeRegistry.registerAttribute(c, a) ;
  // The list of allowed users
  a = new StringArrayAttribute("users"
             , null
             , Attribute.EDITABLE) ;
  ATTR_ALLOWED_USERS = AttributeRegistry.registerAttribute(c, a) ;
  // The protected methods
  a = new StringArrayAttribute("methods"
             , null
             , Attribute.EDITABLE) ;
  ATTR_METHODS = AttributeRegistry.registerAttribute(c, a) ;
    }

    /**
     * The IPMatcher to match IP templates to user records.
     */
    protected IPMatcher ipmatcher = null ;
    /**
     * The catalog of realms that make our scope.
     */
    protected RealmsCatalog catalog = null ;
    /**
     * Our associated realm.
     */
    protected ResourceReference rr_realm = null ;
    /**
     * The nam of the realm we cache in <code>realm</code>.
     */
    protected String loaded_realm = null ;

    protected Vector entries = null;

    /**
     * Get the list of methods that this filter protect
     * @return An array of String giving the name of the protected methods,
     *    or <strong>null</strong>, in wich case <em>all</em> methods are
     *    to be protected.
     */
    public String[] getMethods() {
  return (String[]) getValue(ATTR_METHODS, null) ;
    }

    /**
     * Get the realm of this filter.
     */
    public String getRealm() {
  return (String) getValue(ATTR_REALM, null) ;
    }

    /**
     * Get the list of allowed users.
     */
    public String[] getAllowedUsers() {
  return (String[]) getValue(ATTR_ALLOWED_USERS, null) ;
    }

    /**
     * Get a pointer to our realm, and initialize our ipmatcher.
     */
    protected synchronized void acquireRealm() {
  entries = new Vector(10);
  // Get our catalog:
  if ( catalog == null ) {
      httpd server = (httpd)
    ((FramedResource) getTargetResource()).getServer() ;
      catalog = server.getRealmsCatalog() ;
  }
  // Check that our realm name is valid:
  String name = getRealm() ;
  if ( name == null )
      return ;
  if ((rr_realm != null) && name.equals(loaded_realm))
      return ;
  // Load the realm and create the ipmtacher object
  rr_realm = catalog.loadRealm(name) ;
  if (rr_realm != null) {
      try {
    AuthRealm realm = (AuthRealm) rr_realm.lock();
    Enumeration e   = realm.enumerateUserNames() ;
    while (e.hasMoreElements()) {
        String   uname = (String) e.nextElement() ;
        ResourceReference rr_user = realm.loadUser(uname) ;
        try {
      AuthUser user  = (AuthUser) rr_user.lock();
      createEntry(user);
        } catch (InvalidResourceException ex) {
      System.out.println("Invalid user reference : "+uname);
        } finally {
      rr_user.unlock();
        }
    }
      } catch (InvalidResourceException ex) {

      } finally {
    rr_realm.unlock();
      }
  }
    }

    /**
     * Is this user allowed in the realm ?
     * @return A boolean <strong>true</strong> if access allowed.
     */
    protected boolean checkUser(AuthUser user) {
  String allowed_users[] = getAllowedUsers() ;
  // Check in the list of allowed users:
  if ( allowed_users != null ) {
      for (int i = 0 ; i < allowed_users.length ; i++) {
    if (allowed_users[i].equals(user.getName()))
        return true ;
      }
  } else {
      //all users allowed
      return true;
  }
  return false;
    }

    protected void createEntry(AuthUser user) {
  if (checkUser(user))
      entries.addElement(new AuthUserPrincipal(user, getName()));
    }

    protected boolean hasPrincipal(Principal p) {
  //test with equals...
  int idx = entries.indexOf(p);
  return (idx != -1);
    }

    public boolean addOwner(Principal caller, Principal owner)
  throws NotOwnerException
    {
  throw new NotOwnerException();
    }

    public boolean deleteOwner(Principal caller, Principal owner)
  throws NotOwnerException, LastOwnerException
    {
  throw new NotOwnerException();
    }

    public boolean isOwner(Principal owner) {
  return false;
    }

    public void setName(Principal caller, String name)
  throws NotOwnerException
    {
  throw new NotOwnerException();
    }

    public String getName() {
  return getRealm();
    }

    public boolean addEntry(Principal caller, AclEntry entry)
  throws NotOwnerException
    {
  throw new NotOwnerException();
    }

    public boolean removeEntry(Principal caller, AclEntry entry)
  throws NotOwnerException
    {
  throw new NotOwnerException();
    }

    public Enumeration getPermissions(Principal user) {
  return null;
    }

    public Enumeration entries() {
  return null;
    }

    public boolean checkPermission(Principal principal, Permission permission)
    {
  acquireRealm();
  String methods[] = getMethods();
  boolean methodprotected = false;
  if (methods != null) {
      for (int i = 0 ; i < methods.length ; i++) {
    if (permission.equals(methods[i]))
        methodprotected = true;
      }
  } else {
      methodprotected = true;
  }
  if (! methodprotected)
      return true;
  boolean granted = hasPrincipal(principal);
  if (granted) {
      // let's add the username there
      String username = principal.getName();
      if (username != null) {
    try {
        HTTPPrincipal htp = (HTTPPrincipal)principal;
        Request request = htp.getRequest();
        if (username != null) {
      request.setState(AuthFilter.STATE_AUTHUSER, username);
        }
    } catch (Exception ex) {
        // was not an HTTPPrincipal
    }
      }
  }
  return granted;
    }

    public String toString() {
  return getName();
    }

    /**
     * Initialize the Acl.
     */
    public void initialize(Object values[]) {
  super.initialize(values) ;
    }

}
TOP

Related Classes of org.w3c.jigsaw.acl.AclRealm

  • org.w3c.jigsaw.http.Request
  • org.w3c.jigsaw.http.httpd
  • java.util.Enumeration
  • org.w3c.tools.resources.ResourceReference
  • org.w3c.jigsaw.auth.AuthRealm
  • java.util.Vector
  • org.w3c.jigsaw.auth.AuthUser
  • java.security.acl.NotOwnerException
    • TOP
    Copyright © 2018 www.massapi.com. All rights reserved.
    All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.