J. Duke | 319a3b9 | 2007-12-01 00:00:00 +0000 | [diff] [blame^] | 1 | /* |
| 2 | * Copyright 1997-2007 Sun Microsystems, Inc. All Rights Reserved. |
| 3 | * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
| 4 | * |
| 5 | * This code is free software; you can redistribute it and/or modify it |
| 6 | * under the terms of the GNU General Public License version 2 only, as |
| 7 | * published by the Free Software Foundation. Sun designates this |
| 8 | * particular file as subject to the "Classpath" exception as provided |
| 9 | * by Sun in the LICENSE file that accompanied this code. |
| 10 | * |
| 11 | * This code is distributed in the hope that it will be useful, but WITHOUT |
| 12 | * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
| 13 | * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
| 14 | * version 2 for more details (a copy is included in the LICENSE file that |
| 15 | * accompanied this code). |
| 16 | * |
| 17 | * You should have received a copy of the GNU General Public License version |
| 18 | * 2 along with this work; if not, write to the Free Software Foundation, |
| 19 | * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
| 20 | * |
| 21 | * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara, |
| 22 | * CA 95054 USA or visit www.sun.com if you need additional information or |
| 23 | * have any questions. |
| 24 | */ |
| 25 | |
| 26 | |
| 27 | package com.sun.jmx.snmp.IPAcl; |
| 28 | |
| 29 | |
| 30 | |
| 31 | import java.security.Principal; |
| 32 | import java.security.acl.Acl; |
| 33 | import java.security.acl.AclEntry; |
| 34 | import java.security.acl.NotOwnerException; |
| 35 | |
| 36 | import java.io.Serializable; |
| 37 | import java.security.acl.Permission; |
| 38 | import java.util.Vector; |
| 39 | import java.util.Enumeration; |
| 40 | |
| 41 | |
| 42 | /** |
| 43 | * Represent an Access Control List (ACL) which is used to guard access to http adaptor. |
| 44 | * <P> |
| 45 | * It is a data structure with multiple ACL entries. Each ACL entry, of interface type |
| 46 | * AclEntry, contains a set of permissions and a set of communities associated with a |
| 47 | * particular principal. (A principal represents an entity such as a host or a group of host). |
| 48 | * Additionally, each ACL entry is specified as being either positive or negative. |
| 49 | * If positive, the permissions are to be granted to the associated principal. |
| 50 | * If negative, the permissions are to be denied. |
| 51 | * |
| 52 | * @see java.security.acl.Acl |
| 53 | */ |
| 54 | |
| 55 | class AclImpl extends OwnerImpl implements Acl, Serializable { |
| 56 | private static final long serialVersionUID = -2250957591085270029L; |
| 57 | |
| 58 | private Vector<AclEntry> entryList = null; |
| 59 | private String aclName = null; |
| 60 | |
| 61 | /** |
| 62 | * Constructs the ACL with a specified owner |
| 63 | * |
| 64 | * @param owner owner of the ACL. |
| 65 | * @param name name of this ACL. |
| 66 | */ |
| 67 | public AclImpl (PrincipalImpl owner, String name) { |
| 68 | super(owner); |
| 69 | entryList = new Vector<AclEntry>(); |
| 70 | aclName = name; |
| 71 | } |
| 72 | |
| 73 | /** |
| 74 | * Sets the name of this ACL. |
| 75 | * |
| 76 | * @param caller the principal invoking this method. It must be an owner |
| 77 | * of this ACL. |
| 78 | * @param name the name to be given to this ACL. |
| 79 | * |
| 80 | * @exception NotOwnerException if the caller principal is not an owner |
| 81 | * of this ACL. |
| 82 | * @see java.security.Principal |
| 83 | */ |
| 84 | public void setName(Principal caller, String name) |
| 85 | throws NotOwnerException { |
| 86 | if (!isOwner(caller)) |
| 87 | throw new NotOwnerException(); |
| 88 | aclName = name; |
| 89 | } |
| 90 | |
| 91 | /** |
| 92 | * Returns the name of this ACL. |
| 93 | * |
| 94 | * @return the name of this ACL. |
| 95 | */ |
| 96 | public String getName(){ |
| 97 | return aclName; |
| 98 | } |
| 99 | |
| 100 | /** |
| 101 | * Adds an ACL entry to this ACL. An entry associates a principal (e.g., an individual or a group) |
| 102 | * with a set of permissions. Each principal can have at most one positive ACL entry |
| 103 | * (specifying permissions to be granted to the principal) and one negative ACL entry |
| 104 | * (specifying permissions to be denied). If there is already an ACL entry |
| 105 | * of the same type (negative or positive) already in the ACL, false is returned. |
| 106 | * |
| 107 | * @param caller the principal invoking this method. It must be an owner |
| 108 | * of this ACL. |
| 109 | * @param entry the ACL entry to be added to this ACL. |
| 110 | * @return true on success, false if an entry of the same type (positive |
| 111 | * or negative) for the same principal is already present in this ACL. |
| 112 | * @exception NotOwnerException if the caller principal is not an owner of |
| 113 | * this ACL. |
| 114 | * @see java.security.Principal |
| 115 | */ |
| 116 | public boolean addEntry(Principal caller, AclEntry entry) |
| 117 | throws NotOwnerException { |
| 118 | if (!isOwner(caller)) |
| 119 | throw new NotOwnerException(); |
| 120 | |
| 121 | if (entryList.contains(entry)) |
| 122 | return false; |
| 123 | /* |
| 124 | for (Enumeration e = entryList.elements();e.hasMoreElements();){ |
| 125 | AclEntry ent = (AclEntry) e.nextElement(); |
| 126 | if (ent.getPrincipal().equals(entry.getPrincipal())) |
| 127 | return false; |
| 128 | } |
| 129 | */ |
| 130 | |
| 131 | entryList.addElement(entry); |
| 132 | return true; |
| 133 | } |
| 134 | |
| 135 | /** |
| 136 | * Removes an ACL entry from this ACL. |
| 137 | * |
| 138 | * @param caller the principal invoking this method. It must be an owner |
| 139 | * of this ACL. |
| 140 | * @param entry the ACL entry to be removed from this ACL. |
| 141 | * @return true on success, false if the entry is not part of this ACL. |
| 142 | * @exception NotOwnerException if the caller principal is not an owner |
| 143 | * of this Acl. |
| 144 | * @see java.security.Principal |
| 145 | * @see java.security.acl.AclEntry |
| 146 | */ |
| 147 | public boolean removeEntry(Principal caller, AclEntry entry) |
| 148 | throws NotOwnerException { |
| 149 | if (!isOwner(caller)) |
| 150 | throw new NotOwnerException(); |
| 151 | |
| 152 | return (entryList.removeElement(entry)); |
| 153 | } |
| 154 | |
| 155 | /** |
| 156 | * Removes all ACL entries from this ACL. |
| 157 | * |
| 158 | * @param caller the principal invoking this method. It must be an owner |
| 159 | * of this ACL. |
| 160 | * @exception NotOwnerException if the caller principal is not an owner of |
| 161 | * this Acl. |
| 162 | * @see java.security.Principal |
| 163 | */ |
| 164 | public void removeAll(Principal caller) |
| 165 | throws NotOwnerException { |
| 166 | if (!isOwner(caller)) |
| 167 | throw new NotOwnerException(); |
| 168 | entryList.removeAllElements(); |
| 169 | } |
| 170 | |
| 171 | /** |
| 172 | * Returns an enumeration for the set of allowed permissions for |
| 173 | * the specified principal |
| 174 | * (representing an entity such as an individual or a group). |
| 175 | * This set of allowed permissions is calculated as follows: |
| 176 | * <UL> |
| 177 | * <LI>If there is no entry in this Access Control List for the specified |
| 178 | * principal, an empty permission set is returned.</LI> |
| 179 | * <LI>Otherwise, the principal's group permission sets are determined. |
| 180 | * (A principal can belong to one or more groups, where a group is a group |
| 181 | * of principals, represented by the Group interface.)</LI> |
| 182 | * </UL> |
| 183 | * @param user the principal whose permission set is to be returned. |
| 184 | * @return the permission set specifying the permissions the principal |
| 185 | * is allowed. |
| 186 | * @see java.security.Principal |
| 187 | */ |
| 188 | public Enumeration<Permission> getPermissions(Principal user){ |
| 189 | Vector<Permission> empty = new Vector<Permission>(); |
| 190 | for (Enumeration<AclEntry> e = entryList.elements();e.hasMoreElements();){ |
| 191 | AclEntry ent = e.nextElement(); |
| 192 | if (ent.getPrincipal().equals(user)) |
| 193 | return ent.permissions(); |
| 194 | } |
| 195 | return empty.elements(); |
| 196 | } |
| 197 | |
| 198 | /** |
| 199 | * Returns an enumeration of the entries in this ACL. Each element in the |
| 200 | * enumeration is of type AclEntry. |
| 201 | * |
| 202 | * @return an enumeration of the entries in this ACL. |
| 203 | */ |
| 204 | public Enumeration<AclEntry> entries(){ |
| 205 | return entryList.elements(); |
| 206 | } |
| 207 | |
| 208 | /** |
| 209 | * Checks whether or not the specified principal has the specified |
| 210 | * permission. |
| 211 | * If it does, true is returned, otherwise false is returned. |
| 212 | * More specifically, this method checks whether the passed permission |
| 213 | * is a member of the allowed permission set of the specified principal. |
| 214 | * The allowed permission set is determined by the same algorithm as is |
| 215 | * used by the getPermissions method. |
| 216 | * |
| 217 | * @param user the principal, assumed to be a valid authenticated Principal. |
| 218 | * @param perm the permission to be checked for. |
| 219 | * @return true if the principal has the specified permission, |
| 220 | * false otherwise. |
| 221 | * @see java.security.Principal |
| 222 | * @see java.security.Permission |
| 223 | */ |
| 224 | public boolean checkPermission(Principal user, |
| 225 | java.security.acl.Permission perm) { |
| 226 | for (Enumeration e = entryList.elements();e.hasMoreElements();){ |
| 227 | AclEntry ent = (AclEntry) e.nextElement(); |
| 228 | if (ent.getPrincipal().equals(user)) |
| 229 | if (ent.checkPermission(perm)) return true; |
| 230 | } |
| 231 | return false; |
| 232 | } |
| 233 | |
| 234 | /** |
| 235 | * Checks whether or not the specified principal has the specified |
| 236 | * permission. |
| 237 | * If it does, true is returned, otherwise false is returned. |
| 238 | * More specifically, this method checks whether the passed permission |
| 239 | * is a member of the allowed permission set of the specified principal. |
| 240 | * The allowed permission set is determined by the same algorithm as is |
| 241 | * used by the getPermissions method. |
| 242 | * |
| 243 | * @param user the principal, assumed to be a valid authenticated Principal. |
| 244 | * @param community the community name associated with the principal. |
| 245 | * @param perm the permission to be checked for. |
| 246 | * @return true if the principal has the specified permission, false |
| 247 | * otherwise. |
| 248 | * @see java.security.Principal |
| 249 | * @see java.security.Permission |
| 250 | */ |
| 251 | public boolean checkPermission(Principal user, String community, |
| 252 | java.security.acl.Permission perm) { |
| 253 | for (Enumeration e = entryList.elements();e.hasMoreElements();){ |
| 254 | AclEntryImpl ent = (AclEntryImpl) e.nextElement(); |
| 255 | if (ent.getPrincipal().equals(user)) |
| 256 | if (ent.checkPermission(perm) && ent.checkCommunity(community)) return true; |
| 257 | } |
| 258 | return false; |
| 259 | } |
| 260 | |
| 261 | /** |
| 262 | * Checks whether or not the specified community string is defined. |
| 263 | * |
| 264 | * @param community the community name associated with the principal. |
| 265 | * |
| 266 | * @return true if the specified community string is defined, false |
| 267 | * otherwise. |
| 268 | * @see java.security.Principal |
| 269 | * @see java.security.Permission |
| 270 | */ |
| 271 | public boolean checkCommunity(String community) { |
| 272 | for (Enumeration e = entryList.elements();e.hasMoreElements();){ |
| 273 | AclEntryImpl ent = (AclEntryImpl) e.nextElement(); |
| 274 | if (ent.checkCommunity(community)) return true; |
| 275 | } |
| 276 | return false; |
| 277 | } |
| 278 | |
| 279 | /** |
| 280 | * Returns a string representation of the ACL contents. |
| 281 | * |
| 282 | * @return a string representation of the ACL contents. |
| 283 | */ |
| 284 | public String toString(){ |
| 285 | return ("AclImpl: "+ getName()); |
| 286 | } |
| 287 | } |