Jake Slack | 03928ae | 2014-05-13 18:41:56 -0700 | [diff] [blame] | 1 | // |
| 2 | // ======================================================================== |
| 3 | // Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd. |
| 4 | // ------------------------------------------------------------------------ |
| 5 | // All rights reserved. This program and the accompanying materials |
| 6 | // are made available under the terms of the Eclipse Public License v1.0 |
| 7 | // and Apache License v2.0 which accompanies this distribution. |
| 8 | // |
| 9 | // The Eclipse Public License is available at |
| 10 | // http://www.eclipse.org/legal/epl-v10.html |
| 11 | // |
| 12 | // The Apache License v2.0 is available at |
| 13 | // http://www.opensource.org/licenses/apache2.0.php |
| 14 | // |
| 15 | // You may elect to redistribute this code under either of these licenses. |
| 16 | // ======================================================================== |
| 17 | // |
| 18 | |
| 19 | package org.eclipse.jetty.util.security; |
| 20 | |
| 21 | import java.io.Serializable; |
| 22 | import java.util.Arrays; |
| 23 | |
| 24 | /* ------------------------------------------------------------ */ |
| 25 | /** |
| 26 | * Describe an auth and/or data constraint. |
| 27 | * |
| 28 | * |
| 29 | */ |
| 30 | public class Constraint implements Cloneable, Serializable |
| 31 | { |
| 32 | /* ------------------------------------------------------------ */ |
| 33 | public final static String __BASIC_AUTH = "BASIC"; |
| 34 | |
| 35 | public final static String __FORM_AUTH = "FORM"; |
| 36 | |
| 37 | public final static String __DIGEST_AUTH = "DIGEST"; |
| 38 | |
| 39 | public final static String __CERT_AUTH = "CLIENT_CERT"; |
| 40 | |
| 41 | public final static String __CERT_AUTH2 = "CLIENT-CERT"; |
| 42 | |
| 43 | public final static String __SPNEGO_AUTH = "SPNEGO"; |
| 44 | |
| 45 | public final static String __NEGOTIATE_AUTH = "NEGOTIATE"; |
| 46 | |
| 47 | public static boolean validateMethod (String method) |
| 48 | { |
| 49 | if (method == null) |
| 50 | return false; |
| 51 | method = method.trim(); |
| 52 | return (method.equals(__FORM_AUTH) |
| 53 | || method.equals(__BASIC_AUTH) |
| 54 | || method.equals (__DIGEST_AUTH) |
| 55 | || method.equals (__CERT_AUTH) |
| 56 | || method.equals(__CERT_AUTH2) |
| 57 | || method.equals(__SPNEGO_AUTH) |
| 58 | || method.equals(__NEGOTIATE_AUTH)); |
| 59 | } |
| 60 | |
| 61 | /* ------------------------------------------------------------ */ |
| 62 | public final static int DC_UNSET = -1, DC_NONE = 0, DC_INTEGRAL = 1, DC_CONFIDENTIAL = 2, DC_FORBIDDEN = 3; |
| 63 | |
| 64 | /* ------------------------------------------------------------ */ |
| 65 | public final static String NONE = "NONE"; |
| 66 | |
| 67 | public final static String ANY_ROLE = "*"; |
| 68 | |
| 69 | /* ------------------------------------------------------------ */ |
| 70 | private String _name; |
| 71 | |
| 72 | private String[] _roles; |
| 73 | |
| 74 | private int _dataConstraint = DC_UNSET; |
| 75 | |
| 76 | private boolean _anyRole = false; |
| 77 | |
| 78 | private boolean _authenticate = false; |
| 79 | |
| 80 | /* ------------------------------------------------------------ */ |
| 81 | /** |
| 82 | * Constructor. |
| 83 | */ |
| 84 | public Constraint() |
| 85 | { |
| 86 | } |
| 87 | |
| 88 | /* ------------------------------------------------------------ */ |
| 89 | /** |
| 90 | * Conveniance Constructor. |
| 91 | * |
| 92 | * @param name |
| 93 | * @param role |
| 94 | */ |
| 95 | public Constraint(String name, String role) |
| 96 | { |
| 97 | setName(name); |
| 98 | setRoles(new String[] { role }); |
| 99 | } |
| 100 | |
| 101 | /* ------------------------------------------------------------ */ |
| 102 | @Override |
| 103 | public Object clone() throws CloneNotSupportedException |
| 104 | { |
| 105 | return super.clone(); |
| 106 | } |
| 107 | |
| 108 | /* ------------------------------------------------------------ */ |
| 109 | /** |
| 110 | * @param name |
| 111 | */ |
| 112 | public void setName(String name) |
| 113 | { |
| 114 | _name = name; |
| 115 | } |
| 116 | |
| 117 | /* ------------------------------------------------------------ */ |
| 118 | public void setRoles(String[] roles) |
| 119 | { |
| 120 | _roles = roles; |
| 121 | _anyRole = false; |
| 122 | if (roles != null) |
| 123 | for (int i = roles.length; !_anyRole && i-- > 0;) |
| 124 | _anyRole |= ANY_ROLE.equals(roles[i]); |
| 125 | } |
| 126 | |
| 127 | /* ------------------------------------------------------------ */ |
| 128 | /** |
| 129 | * @return True if any user role is permitted. |
| 130 | */ |
| 131 | public boolean isAnyRole() |
| 132 | { |
| 133 | return _anyRole; |
| 134 | } |
| 135 | |
| 136 | /* ------------------------------------------------------------ */ |
| 137 | /** |
| 138 | * @return List of roles for this constraint. |
| 139 | */ |
| 140 | public String[] getRoles() |
| 141 | { |
| 142 | return _roles; |
| 143 | } |
| 144 | |
| 145 | /* ------------------------------------------------------------ */ |
| 146 | /** |
| 147 | * @param role |
| 148 | * @return True if the constraint contains the role. |
| 149 | */ |
| 150 | public boolean hasRole(String role) |
| 151 | { |
| 152 | if (_anyRole) return true; |
| 153 | if (_roles != null) for (int i = _roles.length; i-- > 0;) |
| 154 | if (role.equals(_roles[i])) return true; |
| 155 | return false; |
| 156 | } |
| 157 | |
| 158 | /* ------------------------------------------------------------ */ |
| 159 | /** |
| 160 | * @param authenticate True if users must be authenticated |
| 161 | */ |
| 162 | public void setAuthenticate(boolean authenticate) |
| 163 | { |
| 164 | _authenticate = authenticate; |
| 165 | } |
| 166 | |
| 167 | /* ------------------------------------------------------------ */ |
| 168 | /** |
| 169 | * @return True if the constraint requires request authentication |
| 170 | */ |
| 171 | public boolean getAuthenticate() |
| 172 | { |
| 173 | return _authenticate; |
| 174 | } |
| 175 | |
| 176 | /* ------------------------------------------------------------ */ |
| 177 | /** |
| 178 | * @return True if authentication required but no roles set |
| 179 | */ |
| 180 | public boolean isForbidden() |
| 181 | { |
| 182 | return _authenticate && !_anyRole && (_roles == null || _roles.length == 0); |
| 183 | } |
| 184 | |
| 185 | /* ------------------------------------------------------------ */ |
| 186 | /** |
| 187 | * @param c Data constrain indicator: 0=DC+NONE, 1=DC_INTEGRAL & |
| 188 | * 2=DC_CONFIDENTIAL |
| 189 | */ |
| 190 | public void setDataConstraint(int c) |
| 191 | { |
| 192 | if (c < 0 || c > DC_CONFIDENTIAL) throw new IllegalArgumentException("Constraint out of range"); |
| 193 | _dataConstraint = c; |
| 194 | } |
| 195 | |
| 196 | /* ------------------------------------------------------------ */ |
| 197 | /** |
| 198 | * @return Data constrain indicator: 0=DC+NONE, 1=DC_INTEGRAL & |
| 199 | * 2=DC_CONFIDENTIAL |
| 200 | */ |
| 201 | public int getDataConstraint() |
| 202 | { |
| 203 | return _dataConstraint; |
| 204 | } |
| 205 | |
| 206 | /* ------------------------------------------------------------ */ |
| 207 | /** |
| 208 | * @return True if a data constraint has been set. |
| 209 | */ |
| 210 | public boolean hasDataConstraint() |
| 211 | { |
| 212 | return _dataConstraint >= DC_NONE; |
| 213 | } |
| 214 | |
| 215 | /* ------------------------------------------------------------ */ |
| 216 | @Override |
| 217 | public String toString() |
| 218 | { |
| 219 | return "SC{" + _name |
| 220 | + "," |
| 221 | + (_anyRole ? "*" : (_roles == null ? "-" : Arrays.asList(_roles).toString())) |
| 222 | + "," |
| 223 | + (_dataConstraint == DC_UNSET ? "DC_UNSET}" : (_dataConstraint == DC_NONE ? "NONE}" : (_dataConstraint == DC_INTEGRAL ? "INTEGRAL}" : "CONFIDENTIAL}"))); |
| 224 | } |
| 225 | |
| 226 | } |