Blame - src/java/org/eclipse/jetty/util/security/Constraint.java - fp2-dev/platform/external/jetty

blob: 779b409c472829d256fca6b96c10f00ce8a91b36 [file] [log] [blame]

Jake Slack	03928ae	2014-05-13 18:41:56 -0700	[diff] [blame]	1	//
				2	// ========================================================================
				3	// Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd.
				4	// ------------------------------------------------------------------------
				5	// All rights reserved. This program and the accompanying materials
				6	// are made available under the terms of the Eclipse Public License v1.0
				7	// and Apache License v2.0 which accompanies this distribution.
				8	//
				9	// The Eclipse Public License is available at
				10	// http://www.eclipse.org/legal/epl-v10.html
				11	//
				12	// The Apache License v2.0 is available at
				13	// http://www.opensource.org/licenses/apache2.0.php
				14	//
				15	// You may elect to redistribute this code under either of these licenses.
				16	// ========================================================================
				17	//
				18
				19	package org.eclipse.jetty.util.security;
				20
				21	import java.io.Serializable;
				22	import java.util.Arrays;
				23
				24	/* ------------------------------------------------------------ */
				25	/**
				26	* Describe an auth and/or data constraint.
				27	*
				28	*
				29	*/
				30	public class Constraint implements Cloneable, Serializable
				31	{
				32	/* ------------------------------------------------------------ */
				33	public final static String __BASIC_AUTH = "BASIC";
				34
				35	public final static String __FORM_AUTH = "FORM";
				36
				37	public final static String __DIGEST_AUTH = "DIGEST";
				38
				39	public final static String __CERT_AUTH = "CLIENT_CERT";
				40
				41	public final static String __CERT_AUTH2 = "CLIENT-CERT";
				42
				43	public final static String __SPNEGO_AUTH = "SPNEGO";
				44
				45	public final static String __NEGOTIATE_AUTH = "NEGOTIATE";
				46
				47	public static boolean validateMethod (String method)
				48	{
				49	if (method == null)
				50	return false;
				51	method = method.trim();
				52	return (method.equals(__FORM_AUTH)
				53	\|\| method.equals(__BASIC_AUTH)
				54	\|\| method.equals (__DIGEST_AUTH)
				55	\|\| method.equals (__CERT_AUTH)
				56	\|\| method.equals(__CERT_AUTH2)
				57	\|\| method.equals(__SPNEGO_AUTH)
				58	\|\| method.equals(__NEGOTIATE_AUTH));
				59	}
				60
				61	/* ------------------------------------------------------------ */
				62	public final static int DC_UNSET = -1, DC_NONE = 0, DC_INTEGRAL = 1, DC_CONFIDENTIAL = 2, DC_FORBIDDEN = 3;
				63
				64	/* ------------------------------------------------------------ */
				65	public final static String NONE = "NONE";
				66
				67	public final static String ANY_ROLE = "*";
				68
				69	/* ------------------------------------------------------------ */
				70	private String _name;
				71
				72	private String[] _roles;
				73
				74	private int _dataConstraint = DC_UNSET;
				75
				76	private boolean _anyRole = false;
				77
				78	private boolean _authenticate = false;
				79
				80	/* ------------------------------------------------------------ */
				81	/**
				82	* Constructor.
				83	*/
				84	public Constraint()
				85	{
				86	}
				87
				88	/* ------------------------------------------------------------ */
				89	/**
				90	* Conveniance Constructor.
				91	*
				92	* @param name
				93	* @param role
				94	*/
				95	public Constraint(String name, String role)
				96	{
				97	setName(name);
				98	setRoles(new String[] { role });
				99	}
				100
				101	/* ------------------------------------------------------------ */
				102	@Override
				103	public Object clone() throws CloneNotSupportedException
				104	{
				105	return super.clone();
				106	}
				107
				108	/* ------------------------------------------------------------ */
				109	/**
				110	* @param name
				111	*/
				112	public void setName(String name)
				113	{
				114	_name = name;
				115	}
				116
				117	/* ------------------------------------------------------------ */
				118	public void setRoles(String[] roles)
				119	{
				120	_roles = roles;
				121	_anyRole = false;
				122	if (roles != null)
				123	for (int i = roles.length; !_anyRole && i-- > 0;)
				124	_anyRole \|= ANY_ROLE.equals(roles[i]);
				125	}
				126
				127	/* ------------------------------------------------------------ */
				128	/**
				129	* @return True if any user role is permitted.
				130	*/
				131	public boolean isAnyRole()
				132	{
				133	return _anyRole;
				134	}
				135
				136	/* ------------------------------------------------------------ */
				137	/**
				138	* @return List of roles for this constraint.
				139	*/
				140	public String[] getRoles()
				141	{
				142	return _roles;
				143	}
				144
				145	/* ------------------------------------------------------------ */
				146	/**
				147	* @param role
				148	* @return True if the constraint contains the role.
				149	*/
				150	public boolean hasRole(String role)
				151	{
				152	if (_anyRole) return true;
				153	if (_roles != null) for (int i = _roles.length; i-- > 0;)
				154	if (role.equals(_roles[i])) return true;
				155	return false;
				156	}
				157
				158	/* ------------------------------------------------------------ */
				159	/**
				160	* @param authenticate True if users must be authenticated
				161	*/
				162	public void setAuthenticate(boolean authenticate)
				163	{
				164	_authenticate = authenticate;
				165	}
				166
				167	/* ------------------------------------------------------------ */
				168	/**
				169	* @return True if the constraint requires request authentication
				170	*/
				171	public boolean getAuthenticate()
				172	{
				173	return _authenticate;
				174	}
				175
				176	/* ------------------------------------------------------------ */
				177	/**
				178	* @return True if authentication required but no roles set
				179	*/
				180	public boolean isForbidden()
				181	{
				182	return _authenticate && !_anyRole && (_roles == null \|\| _roles.length == 0);
				183	}
				184
				185	/* ------------------------------------------------------------ */
				186	/**
				187	* @param c Data constrain indicator: 0=DC+NONE, 1=DC_INTEGRAL &
				188	* 2=DC_CONFIDENTIAL
				189	*/
				190	public void setDataConstraint(int c)
				191	{
				192	if (c < 0 \|\| c > DC_CONFIDENTIAL) throw new IllegalArgumentException("Constraint out of range");
				193	_dataConstraint = c;
				194	}
				195
				196	/* ------------------------------------------------------------ */
				197	/**
				198	* @return Data constrain indicator: 0=DC+NONE, 1=DC_INTEGRAL &
				199	* 2=DC_CONFIDENTIAL
				200	*/
				201	public int getDataConstraint()
				202	{
				203	return _dataConstraint;
				204	}
				205
				206	/* ------------------------------------------------------------ */
				207	/**
				208	* @return True if a data constraint has been set.
				209	*/
				210	public boolean hasDataConstraint()
				211	{
				212	return _dataConstraint >= DC_NONE;
				213	}
				214
				215	/* ------------------------------------------------------------ */
				216	@Override
				217	public String toString()
				218	{
				219	return "SC{" + _name
				220	+ ","
				221	+ (_anyRole ? "*" : (_roles == null ? "-" : Arrays.asList(_roles).toString()))
				222	+ ","
				223	+ (_dataConstraint == DC_UNSET ? "DC_UNSET}" : (_dataConstraint == DC_NONE ? "NONE}" : (_dataConstraint == DC_INTEGRAL ? "INTEGRAL}" : "CONFIDENTIAL}")));
				224	}
				225
				226	}