View Javadoc

1   // ========================================================================
2   // Copyright (c) 2008-2009 Mort Bay Consulting Pty. Ltd.
3   // ------------------------------------------------------------------------
4   // All rights reserved. This program and the accompanying materials
5   // are made available under the terms of the Eclipse Public License v1.0
6   // and Apache License v2.0 which accompanies this distribution.
7   // The Eclipse Public License is available at 
8   // http://www.eclipse.org/legal/epl-v10.html
9   // The Apache License v2.0 is available at
10  // http://www.opensource.org/licenses/apache2.0.php
11  // You may elect to redistribute this code under either of these licenses. 
12  // ========================================================================
13  
14  package org.eclipse.jetty.http.security;
15  
16  import java.io.Serializable;
17  import java.util.Arrays;
18  
19  /* ------------------------------------------------------------ */
20  /**
21   * Describe an auth and/or data constraint.
22   * 
23   * 
24   */
25  public class Constraint implements Cloneable, Serializable
26  {
27      /* ------------------------------------------------------------ */
28      public final static String __BASIC_AUTH = "BASIC";
29  
30      public final static String __FORM_AUTH = "FORM";
31  
32      public final static String __DIGEST_AUTH = "DIGEST";
33  
34      public final static String __CERT_AUTH = "CLIENT_CERT";
35  
36      public final static String __CERT_AUTH2 = "CLIENT-CERT";
37      
38      public final static String __SPNEGO_AUTH = "SPNEGO";
39      
40      public static boolean validateMethod (String method)
41      {
42          if (method == null)
43              return false;
44          method = method.trim();
45          return (method.equals(__FORM_AUTH) 
46                  || method.equals(__BASIC_AUTH) 
47                  || method.equals (__DIGEST_AUTH) 
48                  || method.equals (__CERT_AUTH) 
49                  || method.equals(__CERT_AUTH2)
50                  || method.equals(__SPNEGO_AUTH));
51      }
52  
53      /* ------------------------------------------------------------ */
54      public final static int DC_UNSET = -1, DC_NONE = 0, DC_INTEGRAL = 1, DC_CONFIDENTIAL = 2, DC_FORBIDDEN = 3;
55  
56      /* ------------------------------------------------------------ */
57      public final static String NONE = "NONE";
58  
59      public final static String ANY_ROLE = "*";
60  
61      /* ------------------------------------------------------------ */
62      private String _name;
63  
64      private String[] _roles;
65  
66      private int _dataConstraint = DC_UNSET;
67  
68      private boolean _anyRole = false;
69  
70      private boolean _authenticate = false;
71  
72      /* ------------------------------------------------------------ */
73      /**
74       * Constructor.
75       */
76      public Constraint()
77      {
78      }
79  
80      /* ------------------------------------------------------------ */
81      /**
82       * Conveniance Constructor.
83       * 
84       * @param name
85       * @param role
86       */
87      public Constraint(String name, String role)
88      {
89          setName(name);
90          setRoles(new String[] { role });
91      }
92  
93      /* ------------------------------------------------------------ */
94      @Override
95      public Object clone() throws CloneNotSupportedException
96      {
97          return super.clone();
98      }
99  
100     /* ------------------------------------------------------------ */
101     /**
102      * @param name
103      */
104     public void setName(String name)
105     {
106         _name = name;
107     }
108 
109     /* ------------------------------------------------------------ */
110     public void setRoles(String[] roles)
111     {
112         _roles = roles;
113         _anyRole = false;
114         if (roles != null) 
115             for (int i = roles.length; !_anyRole && i-- > 0;)
116                 _anyRole |= ANY_ROLE.equals(roles[i]);
117     }
118 
119     /* ------------------------------------------------------------ */
120     /**
121      * @return True if any user role is permitted.
122      */
123     public boolean isAnyRole()
124     {
125         return _anyRole;
126     }
127 
128     /* ------------------------------------------------------------ */
129     /**
130      * @return List of roles for this constraint.
131      */
132     public String[] getRoles()
133     {
134         return _roles;
135     }
136 
137     /* ------------------------------------------------------------ */
138     /**
139      * @param role
140      * @return True if the constraint contains the role.
141      */
142     public boolean hasRole(String role)
143     {
144         if (_anyRole) return true;
145         if (_roles != null) for (int i = _roles.length; i-- > 0;)
146             if (role.equals(_roles[i])) return true;
147         return false;
148     }
149 
150     /* ------------------------------------------------------------ */
151     /**
152      * @param authenticate True if users must be authenticated
153      */
154     public void setAuthenticate(boolean authenticate)
155     {
156         _authenticate = authenticate;
157     }
158 
159     /* ------------------------------------------------------------ */
160     /**
161      * @return True if the constraint requires request authentication
162      */
163     public boolean getAuthenticate()
164     {
165         return _authenticate;
166     }
167 
168     /* ------------------------------------------------------------ */
169     /**
170      * @return True if authentication required but no roles set
171      */
172     public boolean isForbidden()
173     {
174         return _authenticate && !_anyRole && (_roles == null || _roles.length == 0);
175     }
176 
177     /* ------------------------------------------------------------ */
178     /**
179      * @param c Data constrain indicator: 0=DC+NONE, 1=DC_INTEGRAL &
180      *                2=DC_CONFIDENTIAL
181      */
182     public void setDataConstraint(int c)
183     {
184         if (c < 0 || c > DC_CONFIDENTIAL) throw new IllegalArgumentException("Constraint out of range");
185         _dataConstraint = c;
186     }
187 
188     /* ------------------------------------------------------------ */
189     /**
190      * @return Data constrain indicator: 0=DC+NONE, 1=DC_INTEGRAL &
191      *         2=DC_CONFIDENTIAL
192      */
193     public int getDataConstraint()
194     {
195         return _dataConstraint;
196     }
197 
198     /* ------------------------------------------------------------ */
199     /**
200      * @return True if a data constraint has been set.
201      */
202     public boolean hasDataConstraint()
203     {
204         return _dataConstraint >= DC_NONE;
205     }
206 
207     /* ------------------------------------------------------------ */
208     @Override
209     public String toString()
210     {
211         return "SC{" + _name
212                + ","
213                + (_anyRole ? "*" : (_roles == null ? "-" : Arrays.asList(_roles).toString()))
214                + ","
215                + (_dataConstraint == DC_UNSET ? "DC_UNSET}" : (_dataConstraint == DC_NONE ? "NONE}" : (_dataConstraint == DC_INTEGRAL ? "INTEGRAL}" : "CONFIDENTIAL}")));
216     }
217 
218 }