1 // ========================================================================
2 // Copyright (c) 2008-2009 Mort Bay Consulting Pty. Ltd.
3 // ------------------------------------------------------------------------
4 // All rights reserved. This program and the accompanying materials
5 // are made available under the terms of the Eclipse Public License v1.0
6 // and Apache License v2.0 which accompanies this distribution.
7 // The Eclipse Public License is available at
8 // http://www.eclipse.org/legal/epl-v10.html
9 // The Apache License v2.0 is available at
10 // http://www.opensource.org/licenses/apache2.0.php
11 // You may elect to redistribute this code under either of these licenses.
12 // ========================================================================
13
14 package org.eclipse.jetty.http.security;
15
16 import java.io.Serializable;
17
18 /* ------------------------------------------------------------ */
19 /**
20 * Describe an auth and/or data constraint.
21 *
22 *
23 */
24 public class Constraint implements Cloneable, Serializable
25 {
26 /* ------------------------------------------------------------ */
27 public final static String __BASIC_AUTH = "BASIC";
28
29 public final static String __FORM_AUTH = "FORM";
30
31 public final static String __DIGEST_AUTH = "DIGEST";
32
33 public final static String __CERT_AUTH = "CLIENT_CERT";
34
35 public final static String __CERT_AUTH2 = "CLIENT-CERT";
36
37 public static boolean validateMethod (String method)
38 {
39 if (method == null)
40 return false;
41 method = method.trim();
42 return (method.equals(__FORM_AUTH)
43 || method.equals(__BASIC_AUTH)
44 || method.equals (__DIGEST_AUTH)
45 || method.equals (__CERT_AUTH)
46 || method.equals(__CERT_AUTH2));
47 }
48
49 /* ------------------------------------------------------------ */
50 public final static int DC_UNSET = -1, DC_NONE = 0, DC_INTEGRAL = 1, DC_CONFIDENTIAL = 2, DC_FORBIDDEN = 3;
51
52 /* ------------------------------------------------------------ */
53 public final static String NONE = "NONE";
54
55 public final static String ANY_ROLE = "*";
56
57 /* ------------------------------------------------------------ */
58 private String _name;
59
60 private String[] _roles;
61
62 private int _dataConstraint = DC_UNSET;
63
64 private boolean _anyRole = false;
65
66 private boolean _authenticate = false;
67
68 /* ------------------------------------------------------------ */
69 /**
70 * Constructor.
71 */
72 public Constraint()
73 {
74 }
75
76 /* ------------------------------------------------------------ */
77 /**
78 * Conveniance Constructor.
79 *
80 * @param name
81 * @param role
82 */
83 public Constraint(String name, String role)
84 {
85 setName(name);
86 setRoles(new String[] { role });
87 }
88
89 /* ------------------------------------------------------------ */
90 public Object clone() throws CloneNotSupportedException
91 {
92 return super.clone();
93 }
94
95 /* ------------------------------------------------------------ */
96 /**
97 * @param name
98 */
99 public void setName(String name)
100 {
101 _name = name;
102 }
103
104 /* ------------------------------------------------------------ */
105 public void setRoles(String[] roles)
106 {
107 _roles = roles;
108 _anyRole = false;
109 if (roles != null)
110 for (int i = roles.length; !_anyRole && i-- > 0;)
111 _anyRole |= ANY_ROLE.equals(roles[i]);
112 }
113
114 /* ------------------------------------------------------------ */
115 /**
116 * @return True if any user role is permitted.
117 */
118 public boolean isAnyRole()
119 {
120 return _anyRole;
121 }
122
123 /* ------------------------------------------------------------ */
124 /**
125 * @return List of roles for this constraint.
126 */
127 public String[] getRoles()
128 {
129 return _roles;
130 }
131
132 /* ------------------------------------------------------------ */
133 /**
134 * @param role
135 * @return True if the constraint contains the role.
136 */
137 public boolean hasRole(String role)
138 {
139 if (_anyRole) return true;
140 if (_roles != null) for (int i = _roles.length; i-- > 0;)
141 if (role.equals(_roles[i])) return true;
142 return false;
143 }
144
145 /* ------------------------------------------------------------ */
146 /**
147 * @param authenticate True if users must be authenticated
148 */
149 public void setAuthenticate(boolean authenticate)
150 {
151 _authenticate = authenticate;
152 }
153
154 /* ------------------------------------------------------------ */
155 /**
156 * @return True if the constraint requires request authentication
157 */
158 public boolean getAuthenticate()
159 {
160 return _authenticate;
161 }
162
163 /* ------------------------------------------------------------ */
164 /**
165 * @return True if authentication required but no roles set
166 */
167 public boolean isForbidden()
168 {
169 return _authenticate && !_anyRole && (_roles == null || _roles.length == 0);
170 }
171
172 /* ------------------------------------------------------------ */
173 /**
174 * @param c Data constrain indicator: 0=DC+NONE, 1=DC_INTEGRAL &
175 * 2=DC_CONFIDENTIAL
176 */
177 public void setDataConstraint(int c)
178 {
179 if (c < 0 || c > DC_CONFIDENTIAL) throw new IllegalArgumentException("Constraint out of range");
180 _dataConstraint = c;
181 }
182
183 /* ------------------------------------------------------------ */
184 /**
185 * @return Data constrain indicator: 0=DC+NONE, 1=DC_INTEGRAL &
186 * 2=DC_CONFIDENTIAL
187 */
188 public int getDataConstraint()
189 {
190 return _dataConstraint;
191 }
192
193 /* ------------------------------------------------------------ */
194 /**
195 * @return True if a data constraint has been set.
196 */
197 public boolean hasDataConstraint()
198 {
199 return _dataConstraint >= DC_NONE;
200 }
201
202 /* ------------------------------------------------------------ */
203 public String toString()
204 {
205 return "SC{" + _name
206 + ","
207 + (_anyRole ? "*" : (_roles == null ? "-" : _roles.toString()))
208 + ","
209 + (_dataConstraint == DC_UNSET ? "DC_UNSET}" : (_dataConstraint == DC_NONE ? "NONE}" : (_dataConstraint == DC_INTEGRAL ? "INTEGRAL}" : "CONFIDENTIAL}")));
210 }
211
212 }