1 //
2 // ========================================================================
3 // Copyright (c) 1995-2016 Mort Bay Consulting Pty. Ltd.
4 // ------------------------------------------------------------------------
5 // All rights reserved. This program and the accompanying materials
6 // are made available under the terms of the Eclipse Public License v1.0
7 // and Apache License v2.0 which accompanies this distribution.
8 //
9 // The Eclipse Public License is available at
10 // http://www.eclipse.org/legal/epl-v10.html
11 //
12 // The Apache License v2.0 is available at
13 // http://www.opensource.org/licenses/apache2.0.php
14 //
15 // You may elect to redistribute this code under either of these licenses.
16 // ========================================================================
17 //
18
19 package org.eclipse.jetty.util.security;
20
21 import java.io.Serializable;
22 import java.util.Arrays;
23
24 /**
25 * Constraint
26 *
27 * Describe an auth and/or data constraint.
28 */
29 public class Constraint implements Cloneable, Serializable
30 {
31 /* ------------------------------------------------------------ */
32 public final static String __BASIC_AUTH = "BASIC";
33
34 public final static String __FORM_AUTH = "FORM";
35
36 public final static String __DIGEST_AUTH = "DIGEST";
37
38 public final static String __CERT_AUTH = "CLIENT_CERT";
39
40 public final static String __CERT_AUTH2 = "CLIENT-CERT";
41
42 public final static String __SPNEGO_AUTH = "SPNEGO";
43
44 public final static String __NEGOTIATE_AUTH = "NEGOTIATE";
45
46 public static boolean validateMethod (String method)
47 {
48 if (method == null)
49 return false;
50 method = method.trim();
51 return (method.equals(__FORM_AUTH)
52 || method.equals(__BASIC_AUTH)
53 || method.equals (__DIGEST_AUTH)
54 || method.equals (__CERT_AUTH)
55 || method.equals(__CERT_AUTH2)
56 || method.equals(__SPNEGO_AUTH)
57 || method.equals(__NEGOTIATE_AUTH));
58 }
59
60 /* ------------------------------------------------------------ */
61 public final static int DC_UNSET = -1, DC_NONE = 0, DC_INTEGRAL = 1, DC_CONFIDENTIAL = 2, DC_FORBIDDEN = 3;
62
63 /* ------------------------------------------------------------ */
64 public final static String NONE = "NONE";
65
66 public final static String ANY_ROLE = "*";
67
68 public final static String ANY_AUTH = "**"; //Servlet Spec 3.1 pg 140
69
70 /* ------------------------------------------------------------ */
71 private String _name;
72
73 private String[] _roles;
74
75 private int _dataConstraint = DC_UNSET;
76
77 private boolean _anyRole = false;
78
79 private boolean _anyAuth = false;
80
81 private boolean _authenticate = false;
82
83 /* ------------------------------------------------------------ */
84 /**
85 * Constructor.
86 */
87 public Constraint()
88 {
89 }
90
91 /* ------------------------------------------------------------ */
92 /**
93 * Convenience Constructor.
94 *
95 * @param name the name
96 * @param role the role
97 */
98 public Constraint(String name, String role)
99 {
100 setName(name);
101 setRoles(new String[] { role });
102 }
103
104 /* ------------------------------------------------------------ */
105 @Override
106 public Object clone() throws CloneNotSupportedException
107 {
108 return super.clone();
109 }
110
111 /* ------------------------------------------------------------ */
112 /**
113 * @param name the name
114 */
115 public void setName(String name)
116 {
117 _name = name;
118 }
119
120 /* ------------------------------------------------------------ */
121 public String getName()
122 {
123 return _name;
124 }
125
126 /* ------------------------------------------------------------ */
127 public void setRoles(String[] roles)
128 {
129 _roles = roles;
130 _anyRole = false;
131 _anyAuth = false;
132 if (roles != null)
133 {
134 for (int i = roles.length; i-- > 0;)
135 {
136 _anyRole |= ANY_ROLE.equals(roles[i]);
137 _anyAuth |= ANY_AUTH.equals(roles[i]);
138 }
139 }
140 }
141
142 /* ------------------------------------------------------------ */
143 /**
144 * @return True if any user role is permitted.
145 */
146 public boolean isAnyRole()
147 {
148 return _anyRole;
149 }
150
151
152 /* ------------------------------------------------------------ */
153 /** Servlet Spec 3.1, pg 140
154 * @return True if any authenticated user is permitted (ie a role "**" was specified in the constraint).
155 */
156 public boolean isAnyAuth()
157 {
158 return _anyAuth;
159 }
160
161 /* ------------------------------------------------------------ */
162 /**
163 * @return List of roles for this constraint.
164 */
165 public String[] getRoles()
166 {
167 return _roles;
168 }
169
170 /* ------------------------------------------------------------ */
171 /**
172 * @param role the role
173 * @return True if the constraint contains the role.
174 */
175 public boolean hasRole(String role)
176 {
177 if (_anyRole) return true;
178 if (_roles != null) for (int i = _roles.length; i-- > 0;)
179 if (role.equals(_roles[i])) return true;
180 return false;
181 }
182
183 /* ------------------------------------------------------------ */
184 /**
185 * @param authenticate True if users must be authenticated
186 */
187 public void setAuthenticate(boolean authenticate)
188 {
189 _authenticate = authenticate;
190 }
191
192 /* ------------------------------------------------------------ */
193 /**
194 * @return True if the constraint requires request authentication
195 */
196 public boolean getAuthenticate()
197 {
198 return _authenticate;
199 }
200
201 /* ------------------------------------------------------------ */
202 /**
203 * @return True if authentication required but no roles set
204 */
205 public boolean isForbidden()
206 {
207 return _authenticate && !_anyRole && (_roles == null || _roles.length == 0);
208 }
209
210 /* ------------------------------------------------------------ */
211 /**
212 * @param c Data constrain indicator: 0=DC+NONE, 1=DC_INTEGRAL &
213 * 2=DC_CONFIDENTIAL
214 */
215 public void setDataConstraint(int c)
216 {
217 if (c < 0 || c > DC_CONFIDENTIAL) throw new IllegalArgumentException("Constraint out of range");
218 _dataConstraint = c;
219 }
220
221 /* ------------------------------------------------------------ */
222 /**
223 * @return Data constrain indicator: 0=DC+NONE, 1=DC_INTEGRAL &
224 * 2=DC_CONFIDENTIAL
225 */
226 public int getDataConstraint()
227 {
228 return _dataConstraint;
229 }
230
231 /* ------------------------------------------------------------ */
232 /**
233 * @return True if a data constraint has been set.
234 */
235 public boolean hasDataConstraint()
236 {
237 return _dataConstraint >= DC_NONE;
238 }
239
240 /* ------------------------------------------------------------ */
241 @Override
242 public String toString()
243 {
244 return "SC{" + _name
245 + ","
246 + (_anyRole ? "*" : (_roles == null ? "-" : Arrays.asList(_roles).toString()))
247 + ","
248 + (_dataConstraint == DC_UNSET ? "DC_UNSET}" : (_dataConstraint == DC_NONE ? "NONE}" : (_dataConstraint == DC_INTEGRAL ? "INTEGRAL}" : "CONFIDENTIAL}")));
249 }
250
251 }