1 // ========================================================================
2 // Copyright (c) 2008-2009 Mort Bay Consulting Pty. Ltd.
3 // ------------------------------------------------------------------------
4 // All rights reserved. This program and the accompanying materials
5 // are made available under the terms of the Eclipse Public License v1.0
6 // and Apache License v2.0 which accompanies this distribution.
7 // The Eclipse Public License is available at
8 // http://www.eclipse.org/legal/epl-v10.html
9 // The Apache License v2.0 is available at
10 // http://www.opensource.org/licenses/apache2.0.php
11 // You may elect to redistribute this code under either of these licenses.
12 // ========================================================================
13
14 package org.eclipse.jetty.http.security;
15
16 import java.io.Serializable;
17
18 /* ------------------------------------------------------------ */
19 /**
20 * Describe an auth and/or data constraint.
21 *
22 *
23 */
24 public class Constraint implements Cloneable, Serializable
25 {
26 /* ------------------------------------------------------------ */
27 public final static String __BASIC_AUTH = "BASIC";
28
29 public final static String __FORM_AUTH = "FORM";
30
31 public final static String __DIGEST_AUTH = "DIGEST";
32
33 public final static String __CERT_AUTH = "CLIENT_CERT";
34
35 public final static String __CERT_AUTH2 = "CLIENT-CERT";
36
37 public static boolean validateMethod (String method)
38 {
39 if (method == null)
40 return false;
41 method = method.trim();
42 if (method.equals(__FORM_AUTH)
43 || method.equals(__BASIC_AUTH)
44 || method.equals (__DIGEST_AUTH)
45 || method.equals (__CERT_AUTH)
46 || method.equals(__CERT_AUTH2))
47 return true;
48 return false;
49 }
50
51 /* ------------------------------------------------------------ */
52 public final static int DC_UNSET = -1, DC_NONE = 0, DC_INTEGRAL = 1, DC_CONFIDENTIAL = 2, DC_FORBIDDEN = 3;
53
54 /* ------------------------------------------------------------ */
55 public final static String NONE = "NONE";
56
57 public final static String ANY_ROLE = "*";
58
59 /* ------------------------------------------------------------ */
60 private String _name;
61
62 private String[] _roles;
63
64 private int _dataConstraint = DC_UNSET;
65
66 private boolean _anyRole = false;
67
68 private boolean _authenticate = false;
69
70 /* ------------------------------------------------------------ */
71 /**
72 * Constructor.
73 */
74 public Constraint()
75 {
76 }
77
78 /* ------------------------------------------------------------ */
79 /**
80 * Conveniance Constructor.
81 *
82 * @param name
83 * @param role
84 */
85 public Constraint(String name, String role)
86 {
87 setName(name);
88 setRoles(new String[] { role });
89 }
90
91 /* ------------------------------------------------------------ */
92 public Object clone() throws CloneNotSupportedException
93 {
94 return super.clone();
95 }
96
97 /* ------------------------------------------------------------ */
98 /**
99 * @param name
100 */
101 public void setName(String name)
102 {
103 _name = name;
104 }
105
106 /* ------------------------------------------------------------ */
107 public void setRoles(String[] roles)
108 {
109 _roles = roles;
110 _anyRole = false;
111 if (roles != null)
112 for (int i = roles.length; !_anyRole && i-- > 0;)
113 _anyRole |= ANY_ROLE.equals(roles[i]);
114 }
115
116 /* ------------------------------------------------------------ */
117 /**
118 * @return True if any user role is permitted.
119 */
120 public boolean isAnyRole()
121 {
122 return _anyRole;
123 }
124
125 /* ------------------------------------------------------------ */
126 /**
127 * @return List of roles for this constraint.
128 */
129 public String[] getRoles()
130 {
131 return _roles;
132 }
133
134 /* ------------------------------------------------------------ */
135 /**
136 * @param role
137 * @return True if the constraint contains the role.
138 */
139 public boolean hasRole(String role)
140 {
141 if (_anyRole) return true;
142 if (_roles != null) for (int i = _roles.length; i-- > 0;)
143 if (role.equals(_roles[i])) return true;
144 return false;
145 }
146
147 /* ------------------------------------------------------------ */
148 /**
149 * @param authenticate True if users must be authenticated
150 */
151 public void setAuthenticate(boolean authenticate)
152 {
153 _authenticate = authenticate;
154 }
155
156 /* ------------------------------------------------------------ */
157 /**
158 * @return True if the constraint requires request authentication
159 */
160 public boolean getAuthenticate()
161 {
162 return _authenticate;
163 }
164
165 /* ------------------------------------------------------------ */
166 /**
167 * @return True if authentication required but no roles set
168 */
169 public boolean isForbidden()
170 {
171 return _authenticate && !_anyRole && (_roles == null || _roles.length == 0);
172 }
173
174 /* ------------------------------------------------------------ */
175 /**
176 * @param c Data constrain indicator: 0=DC+NONE, 1=DC_INTEGRAL &
177 * 2=DC_CONFIDENTIAL
178 */
179 public void setDataConstraint(int c)
180 {
181 if (c < 0 || c > DC_CONFIDENTIAL) throw new IllegalArgumentException("Constraint out of range");
182 _dataConstraint = c;
183 }
184
185 /* ------------------------------------------------------------ */
186 /**
187 * @return Data constrain indicator: 0=DC+NONE, 1=DC_INTEGRAL &
188 * 2=DC_CONFIDENTIAL
189 */
190 public int getDataConstraint()
191 {
192 return _dataConstraint;
193 }
194
195 /* ------------------------------------------------------------ */
196 /**
197 * @return True if a data constraint has been set.
198 */
199 public boolean hasDataConstraint()
200 {
201 return _dataConstraint >= DC_NONE;
202 }
203
204 /* ------------------------------------------------------------ */
205 public String toString()
206 {
207 return "SC{" + _name
208 + ","
209 + (_anyRole ? "*" : (_roles == null ? "-" : _roles.toString()))
210 + ","
211 + (_dataConstraint == DC_UNSET ? "DC_UNSET}" : (_dataConstraint == DC_NONE ? "NONE}" : (_dataConstraint == DC_INTEGRAL ? "INTEGRAL}" : "CONFIDENTIAL}")));
212 }
213
214 }