trunk/src/modules-core/ac/java/src/org/apache/lenya/ac/impl/DefaultPolicy.java - lenya - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  *  contributor license agreements.  See the NOTICE file distributed with
  *  this work for additional information regarding copyright ownership.
  *  The ASF licenses this file to You under the Apache License, Version 2.0
  *  (the "License"); you may not use this file except in compliance with
  *  the License.  You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  *  Unless required by applicable law or agreed to in writing, software
  *  distributed under the License is distributed on an "AS IS" BASIS,
  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  *  See the License for the specific language governing permissions and
  *  limitations under the License.
  *
  */

 /* $Id$  */

 package org.apache.lenya.ac.impl;

 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Iterator;
 import java.util.LinkedHashSet;
 import java.util.List;
 import java.util.Set;

 import org.apache.lenya.ac.AccessControlException;
 import org.apache.lenya.ac.Accreditable;
 import org.apache.lenya.ac.Credential;
 import org.apache.lenya.ac.Identity;
 import org.apache.lenya.ac.ModifiablePolicy;
 import org.apache.lenya.ac.Policy;
 import org.apache.lenya.ac.Role;

 /**
  * A DefaultPolicy is the own policy of a certain URL (not merged).
  */
 public class DefaultPolicy implements ModifiablePolicy {

     private List credentials = new ArrayList();

     /**
      * Adds a credential to this policy.
      *
      * @param credential A credential.
      */
     public void addCredential(Credential credential) {
         assert credential != null;
         if (this.credentials.contains(credential)) {
             throw new IllegalArgumentException("The credential [" + credential
                     + "] is already contained!");
         } else {
             this.credentials.add(credential);
         }
     }

     /**
      * Adds a role to this policy for a certain accreditable and a certain role.
      *
      * @param accreditable An accreditable.
      * @param role A role.
      */
     public void addRole(Accreditable accreditable, Role role, String method) {
         assert accreditable != null;
         assert role != null;
         CredentialImpl cred = new CredentialImpl(accreditable, role);
         cred.setMethod(method);
         addCredential(cred);
     }

     /**
      * Removes a role from this policy for a certain accreditable and a certain
      * role.
      *
      * @param accreditable An accreditable.
      * @param role A role.
      * @throws AccessControlException if the accreditable-role pair is not
      *         contained.
      */
     public void removeRole(Accreditable accreditable, Role role) throws AccessControlException {
         assert accreditable != null;
         assert role != null;
         removeCredential(getCredential(accreditable, role));
     }

     /**
      * Returns the credentials of this policy in top-down order.
      *
      * @return An array of credentials.
      */
     public Credential[] getCredentials() {
         return (Credential[]) this.credentials.toArray(new Credential[this.credentials.size()]);
     }

     /**
      * Returns the credentials for a certain accreditable.
      *
      * @param accreditable An accreditable.
      * @param role
      * @return A credential.
      */
     public Credential getCredential(Accreditable accreditable, Role role) {
         Credential credential = null;
         for (Iterator i = this.credentials.iterator(); i.hasNext();) {
             Credential cred = (Credential) i.next();
             if (cred.getAccreditable().equals(accreditable) && cred.getRole().equals(role)) {
                 credential = cred;
             }
         }
         return credential;
     }

     private boolean isSSL;

     /**
      * @see org.apache.lenya.ac.Policy#isSSLProtected()
      */
     public boolean isSSLProtected() throws AccessControlException {
         return this.isSSL;
     }

     /**
      * Sets if this policy requires SSL protection.
      *
      * @param ssl A boolean value.
      */
     public void setSSL(boolean ssl) {
         this.isSSL = ssl;
     }

     /**
      * @see org.apache.lenya.ac.Policy#isEmpty()
      */
     public boolean isEmpty() throws AccessControlException {
         return getCredentials().length == 0;
     }

     /**
      * Removes a credential.
      *
      * @param credential The credential to remove.
      * @throws AccessControlException If the credential does not exist.
      */
     protected void removeCredential(Credential credential) throws AccessControlException {
         if (this.credentials.contains(credential)) {
             this.credentials.remove(credential);
         }
     }

     /**
      * Removes all roles for a certain accreditable.
      *
      * @param accreditable The accreditable to remove all roles for.
      * @throws AccessControlException If no credential exists for this
      *         accreditable.
      */
     public void removeRoles(Accreditable accreditable) throws AccessControlException {
         Credential[] credentials = getCredentials();
         for (int credIndex = 0; credIndex < credentials.length; credIndex++) {
             Credential credential = credentials[credIndex];
             if (credential.getAccreditable().equals(accreditable)) {
                 this.credentials.remove(credential);
             }
         }
     }

     public Credential[] getCredentials(Identity identity) throws AccessControlException {
         Accreditable[] accreditables = identity.getAccreditables();
         Credential[] credentials = getCredentials();
         Set returnCredential = new LinkedHashSet();
         for (int credIndex = 0; credIndex < credentials.length; credIndex++) {
             Credential credential = credentials[credIndex];
             for (int accrIndex = 0; accrIndex < accreditables.length; accrIndex++) {
                 Accreditable accreditable = accreditables[accrIndex];
                 if (credential.getAccreditable().equals(accreditable)) {
                     returnCredential.add(credential);
                 }
             }
         }
         return (Credential[]) returnCredential.toArray(new Credential[returnCredential.size()]);
     }

     public void moveRoleDown(Accreditable accreditable, Role role) throws AccessControlException {
         moveRole(accreditable, role, true);
     }

     private void moveRole(Accreditable accreditable, Role role, boolean down) {

         Credential cred = getCredential(accreditable, role);
         int position = this.credentials.indexOf(cred);

         if (!down && position > 0) {
             this.credentials.remove(cred);
             this.credentials.add(position - 1, cred);
         } else if (down && position < this.credentials.size() - 1) {
             this.credentials.remove(cred);
             this.credentials.add(position + 1, cred);
         }
     }

     public void moveRoleUp(Accreditable accreditable, Role role) throws AccessControlException {
         moveRole(accreditable, role, false);
     }

     public int check(Identity identity, Role role) throws AccessControlException {
         Credential[] credentials = getCredentials();
         for (int i = credentials.length - 1; i >= 0; i--) {
             if (matches(identity, credentials[i].getAccreditable())
                     && credentials[i].getRole().equals(role)) {
                 if (credentials[i].getMethod().equals(CredentialImpl.GRANT)) {
                     return Policy.RESULT_GRANTED;
                 } else {
                     return Policy.RESULT_DENIED;
                 }
             }
         }
         return Policy.RESULT_NOT_MATCHED;
     }

     protected boolean matches(Identity identity, Accreditable accreditable) {
         Accreditable[] accrs = identity.getAccreditables();
         return Arrays.asList(accrs).contains(accreditable);
     }

 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*
	*/

	/* $Id$ */

	package org.apache.lenya.ac.impl;

	import java.util.ArrayList;
	import java.util.Arrays;
	import java.util.Iterator;
	import java.util.LinkedHashSet;
	import java.util.List;
	import java.util.Set;

	import org.apache.lenya.ac.AccessControlException;
	import org.apache.lenya.ac.Accreditable;
	import org.apache.lenya.ac.Credential;
	import org.apache.lenya.ac.Identity;
	import org.apache.lenya.ac.ModifiablePolicy;
	import org.apache.lenya.ac.Policy;
	import org.apache.lenya.ac.Role;

	/**
	* A DefaultPolicy is the own policy of a certain URL (not merged).
	*/
	public class DefaultPolicy implements ModifiablePolicy {

	private List credentials = new ArrayList();

	/**
	* Adds a credential to this policy.
	*
	* @param credential A credential.
	*/
	public void addCredential(Credential credential) {
	assert credential != null;
	if (this.credentials.contains(credential)) {
	throw new IllegalArgumentException("The credential [" + credential
	+ "] is already contained!");
	} else {
	this.credentials.add(credential);
	}
	}

	/**
	* Adds a role to this policy for a certain accreditable and a certain role.
	*
	* @param accreditable An accreditable.
	* @param role A role.
	*/
	public void addRole(Accreditable accreditable, Role role, String method) {
	assert accreditable != null;
	assert role != null;
	CredentialImpl cred = new CredentialImpl(accreditable, role);
	cred.setMethod(method);
	addCredential(cred);
	}

	/**
	* Removes a role from this policy for a certain accreditable and a certain
	* role.
	*
	* @param accreditable An accreditable.
	* @param role A role.
	* @throws AccessControlException if the accreditable-role pair is not
	* contained.
	*/
	public void removeRole(Accreditable accreditable, Role role) throws AccessControlException {
	assert accreditable != null;
	assert role != null;
	removeCredential(getCredential(accreditable, role));
	}

	/**
	* Returns the credentials of this policy in top-down order.
	*
	* @return An array of credentials.
	*/
	public Credential[] getCredentials() {
	return (Credential[]) this.credentials.toArray(new Credential[this.credentials.size()]);
	}

	/**
	* Returns the credentials for a certain accreditable.
	*
	* @param accreditable An accreditable.
	* @param role
	* @return A credential.
	*/
	public Credential getCredential(Accreditable accreditable, Role role) {
	Credential credential = null;
	for (Iterator i = this.credentials.iterator(); i.hasNext();) {
	Credential cred = (Credential) i.next();
	if (cred.getAccreditable().equals(accreditable) && cred.getRole().equals(role)) {
	credential = cred;
	}
	}
	return credential;
	}

	private boolean isSSL;

	/**
	* @see org.apache.lenya.ac.Policy#isSSLProtected()
	*/
	public boolean isSSLProtected() throws AccessControlException {
	return this.isSSL;
	}

	/**
	* Sets if this policy requires SSL protection.
	*
	* @param ssl A boolean value.
	*/
	public void setSSL(boolean ssl) {
	this.isSSL = ssl;
	}

	/**
	* @see org.apache.lenya.ac.Policy#isEmpty()
	*/
	public boolean isEmpty() throws AccessControlException {
	return getCredentials().length == 0;
	}

	/**
	* Removes a credential.
	*
	* @param credential The credential to remove.
	* @throws AccessControlException If the credential does not exist.
	*/
	protected void removeCredential(Credential credential) throws AccessControlException {
	if (this.credentials.contains(credential)) {
	this.credentials.remove(credential);
	}
	}

	/**
	* Removes all roles for a certain accreditable.
	*
	* @param accreditable The accreditable to remove all roles for.
	* @throws AccessControlException If no credential exists for this
	* accreditable.
	*/
	public void removeRoles(Accreditable accreditable) throws AccessControlException {
	Credential[] credentials = getCredentials();
	for (int credIndex = 0; credIndex < credentials.length; credIndex++) {
	Credential credential = credentials[credIndex];
	if (credential.getAccreditable().equals(accreditable)) {
	this.credentials.remove(credential);
	}
	}
	}

	public Credential[] getCredentials(Identity identity) throws AccessControlException {
	Accreditable[] accreditables = identity.getAccreditables();
	Credential[] credentials = getCredentials();
	Set returnCredential = new LinkedHashSet();
	for (int credIndex = 0; credIndex < credentials.length; credIndex++) {
	Credential credential = credentials[credIndex];
	for (int accrIndex = 0; accrIndex < accreditables.length; accrIndex++) {
	Accreditable accreditable = accreditables[accrIndex];
	if (credential.getAccreditable().equals(accreditable)) {
	returnCredential.add(credential);
	}
	}
	}
	return (Credential[]) returnCredential.toArray(new Credential[returnCredential.size()]);
	}

	public void moveRoleDown(Accreditable accreditable, Role role) throws AccessControlException {
	moveRole(accreditable, role, true);
	}

	private void moveRole(Accreditable accreditable, Role role, boolean down) {

	Credential cred = getCredential(accreditable, role);
	int position = this.credentials.indexOf(cred);

	if (!down && position > 0) {
	this.credentials.remove(cred);
	this.credentials.add(position - 1, cred);
	} else if (down && position < this.credentials.size() - 1) {
	this.credentials.remove(cred);
	this.credentials.add(position + 1, cred);
	}
	}

	public void moveRoleUp(Accreditable accreditable, Role role) throws AccessControlException {
	moveRole(accreditable, role, false);
	}

	public int check(Identity identity, Role role) throws AccessControlException {
	Credential[] credentials = getCredentials();
	for (int i = credentials.length - 1; i >= 0; i--) {
	if (matches(identity, credentials[i].getAccreditable())
	&& credentials[i].getRole().equals(role)) {
	if (credentials[i].getMethod().equals(CredentialImpl.GRANT)) {
	return Policy.RESULT_GRANTED;
	} else {
	return Policy.RESULT_DENIED;
	}
	}
	}
	return Policy.RESULT_NOT_MATCHED;
	}

	protected boolean matches(Identity identity, Accreditable accreditable) {
	Accreditable[] accrs = identity.getAccreditables();
	return Arrays.asList(accrs).contains(accreditable);
	}

	}