View Javadoc

1   //
2   //  ========================================================================
3   //  Copyright (c) 1995-2013 Mort Bay Consulting Pty. Ltd.
4   //  ------------------------------------------------------------------------
5   //  All rights reserved. This program and the accompanying materials
6   //  are made available under the terms of the Eclipse Public License v1.0
7   //  and Apache License v2.0 which accompanies this distribution.
8   //
9   //      The Eclipse Public License is available at
10  //      http://www.eclipse.org/legal/epl-v10.html
11  //
12  //      The Apache License v2.0 is available at
13  //      http://www.opensource.org/licenses/apache2.0.php
14  //
15  //  You may elect to redistribute this code under either of these licenses.
16  //  ========================================================================
17  //
18  
19  package org.eclipse.jetty.util.security;
20  
21  import java.io.Serializable;
22  import java.util.Arrays;
23  
24  /* ------------------------------------------------------------ */
25  /**
26   * Describe an auth and/or data constraint.
27   * 
28   * 
29   */
30  public class Constraint implements Cloneable, Serializable
31  {
32      /* ------------------------------------------------------------ */
33      public final static String __BASIC_AUTH = "BASIC";
34  
35      public final static String __FORM_AUTH = "FORM";
36  
37      public final static String __DIGEST_AUTH = "DIGEST";
38  
39      public final static String __CERT_AUTH = "CLIENT_CERT";
40  
41      public final static String __CERT_AUTH2 = "CLIENT-CERT";
42      
43      public final static String __SPNEGO_AUTH = "SPNEGO";
44      
45      public final static String __NEGOTIATE_AUTH = "NEGOTIATE";
46      
47      public static boolean validateMethod (String method)
48      {
49          if (method == null)
50              return false;
51          method = method.trim();
52          return (method.equals(__FORM_AUTH) 
53                  || method.equals(__BASIC_AUTH) 
54                  || method.equals (__DIGEST_AUTH) 
55                  || method.equals (__CERT_AUTH) 
56                  || method.equals(__CERT_AUTH2)
57                  || method.equals(__SPNEGO_AUTH)
58                  || method.equals(__NEGOTIATE_AUTH));
59      }
60  
61      /* ------------------------------------------------------------ */
62      public final static int DC_UNSET = -1, DC_NONE = 0, DC_INTEGRAL = 1, DC_CONFIDENTIAL = 2, DC_FORBIDDEN = 3;
63  
64      /* ------------------------------------------------------------ */
65      public final static String NONE = "NONE";
66  
67      public final static String ANY_ROLE = "*";
68  
69      /* ------------------------------------------------------------ */
70      private String _name;
71  
72      private String[] _roles;
73  
74      private int _dataConstraint = DC_UNSET;
75  
76      private boolean _anyRole = false;
77  
78      private boolean _authenticate = false;
79  
80      /* ------------------------------------------------------------ */
81      /**
82       * Constructor.
83       */
84      public Constraint()
85      {
86      }
87  
88      /* ------------------------------------------------------------ */
89      /**
90       * Conveniance Constructor.
91       * 
92       * @param name
93       * @param role
94       */
95      public Constraint(String name, String role)
96      {
97          setName(name);
98          setRoles(new String[] { role });
99      }
100 
101     /* ------------------------------------------------------------ */
102     @Override
103     public Object clone() throws CloneNotSupportedException
104     {
105         return super.clone();
106     }
107 
108     /* ------------------------------------------------------------ */
109     /**
110      * @param name
111      */
112     public void setName(String name)
113     {
114         _name = name;
115     }
116 
117     /* ------------------------------------------------------------ */
118     public void setRoles(String[] roles)
119     {
120         _roles = roles;
121         _anyRole = false;
122         if (roles != null) 
123             for (int i = roles.length; !_anyRole && i-- > 0;)
124                 _anyRole |= ANY_ROLE.equals(roles[i]);
125     }
126 
127     /* ------------------------------------------------------------ */
128     /**
129      * @return True if any user role is permitted.
130      */
131     public boolean isAnyRole()
132     {
133         return _anyRole;
134     }
135 
136     /* ------------------------------------------------------------ */
137     /**
138      * @return List of roles for this constraint.
139      */
140     public String[] getRoles()
141     {
142         return _roles;
143     }
144 
145     /* ------------------------------------------------------------ */
146     /**
147      * @param role
148      * @return True if the constraint contains the role.
149      */
150     public boolean hasRole(String role)
151     {
152         if (_anyRole) return true;
153         if (_roles != null) for (int i = _roles.length; i-- > 0;)
154             if (role.equals(_roles[i])) return true;
155         return false;
156     }
157 
158     /* ------------------------------------------------------------ */
159     /**
160      * @param authenticate True if users must be authenticated
161      */
162     public void setAuthenticate(boolean authenticate)
163     {
164         _authenticate = authenticate;
165     }
166 
167     /* ------------------------------------------------------------ */
168     /**
169      * @return True if the constraint requires request authentication
170      */
171     public boolean getAuthenticate()
172     {
173         return _authenticate;
174     }
175 
176     /* ------------------------------------------------------------ */
177     /**
178      * @return True if authentication required but no roles set
179      */
180     public boolean isForbidden()
181     {
182         return _authenticate && !_anyRole && (_roles == null || _roles.length == 0);
183     }
184 
185     /* ------------------------------------------------------------ */
186     /**
187      * @param c Data constrain indicator: 0=DC+NONE, 1=DC_INTEGRAL &
188      *                2=DC_CONFIDENTIAL
189      */
190     public void setDataConstraint(int c)
191     {
192         if (c < 0 || c > DC_CONFIDENTIAL) throw new IllegalArgumentException("Constraint out of range");
193         _dataConstraint = c;
194     }
195 
196     /* ------------------------------------------------------------ */
197     /**
198      * @return Data constrain indicator: 0=DC+NONE, 1=DC_INTEGRAL &
199      *         2=DC_CONFIDENTIAL
200      */
201     public int getDataConstraint()
202     {
203         return _dataConstraint;
204     }
205 
206     /* ------------------------------------------------------------ */
207     /**
208      * @return True if a data constraint has been set.
209      */
210     public boolean hasDataConstraint()
211     {
212         return _dataConstraint >= DC_NONE;
213     }
214 
215     /* ------------------------------------------------------------ */
216     @Override
217     public String toString()
218     {
219         return "SC{" + _name
220                + ","
221                + (_anyRole ? "*" : (_roles == null ? "-" : Arrays.asList(_roles).toString()))
222                + ","
223                + (_dataConstraint == DC_UNSET ? "DC_UNSET}" : (_dataConstraint == DC_NONE ? "NONE}" : (_dataConstraint == DC_INTEGRAL ? "INTEGRAL}" : "CONFIDENTIAL}")));
224     }
225 
226 }