View Javadoc

1   // ========================================================================
2   // Copyright (c) 2008-2009 Mort Bay Consulting Pty. Ltd.
3   // ------------------------------------------------------------------------
4   // All rights reserved. This program and the accompanying materials
5   // are made available under the terms of the Eclipse Public License v1.0
6   // and Apache License v2.0 which accompanies this distribution.
7   // The Eclipse Public License is available at 
8   // http://www.eclipse.org/legal/epl-v10.html
9   // The Apache License v2.0 is available at
10  // http://www.opensource.org/licenses/apache2.0.php
11  // You may elect to redistribute this code under either of these licenses. 
12  // ========================================================================
13  
14  package org.eclipse.jetty.http.security;
15  
16  import java.io.Serializable;
17  
18  /* ------------------------------------------------------------ */
19  /**
20   * Describe an auth and/or data constraint.
21   * 
22   * 
23   */
24  public class Constraint implements Cloneable, Serializable
25  {
26      /* ------------------------------------------------------------ */
27      public final static String __BASIC_AUTH = "BASIC";
28  
29      public final static String __FORM_AUTH = "FORM";
30  
31      public final static String __DIGEST_AUTH = "DIGEST";
32  
33      public final static String __CERT_AUTH = "CLIENT_CERT";
34  
35      public final static String __CERT_AUTH2 = "CLIENT-CERT";
36      
37      public final static String __SPNEGO_AUTH = "SPNEGO";
38      
39      public static boolean validateMethod (String method)
40      {
41          if (method == null)
42              return false;
43          method = method.trim();
44          return (method.equals(__FORM_AUTH) 
45                  || method.equals(__BASIC_AUTH) 
46                  || method.equals (__DIGEST_AUTH) 
47                  || method.equals (__CERT_AUTH) 
48                  || method.equals(__CERT_AUTH2)
49                  || method.equals(__SPNEGO_AUTH));
50      }
51  
52      /* ------------------------------------------------------------ */
53      public final static int DC_UNSET = -1, DC_NONE = 0, DC_INTEGRAL = 1, DC_CONFIDENTIAL = 2, DC_FORBIDDEN = 3;
54  
55      /* ------------------------------------------------------------ */
56      public final static String NONE = "NONE";
57  
58      public final static String ANY_ROLE = "*";
59  
60      /* ------------------------------------------------------------ */
61      private String _name;
62  
63      private String[] _roles;
64  
65      private int _dataConstraint = DC_UNSET;
66  
67      private boolean _anyRole = false;
68  
69      private boolean _authenticate = false;
70  
71      /* ------------------------------------------------------------ */
72      /**
73       * Constructor.
74       */
75      public Constraint()
76      {
77      }
78  
79      /* ------------------------------------------------------------ */
80      /**
81       * Conveniance Constructor.
82       * 
83       * @param name
84       * @param role
85       */
86      public Constraint(String name, String role)
87      {
88          setName(name);
89          setRoles(new String[] { role });
90      }
91  
92      /* ------------------------------------------------------------ */
93      @Override
94      public Object clone() throws CloneNotSupportedException
95      {
96          return super.clone();
97      }
98  
99      /* ------------------------------------------------------------ */
100     /**
101      * @param name
102      */
103     public void setName(String name)
104     {
105         _name = name;
106     }
107 
108     /* ------------------------------------------------------------ */
109     public void setRoles(String[] roles)
110     {
111         _roles = roles;
112         _anyRole = false;
113         if (roles != null) 
114             for (int i = roles.length; !_anyRole && i-- > 0;)
115                 _anyRole |= ANY_ROLE.equals(roles[i]);
116     }
117 
118     /* ------------------------------------------------------------ */
119     /**
120      * @return True if any user role is permitted.
121      */
122     public boolean isAnyRole()
123     {
124         return _anyRole;
125     }
126 
127     /* ------------------------------------------------------------ */
128     /**
129      * @return List of roles for this constraint.
130      */
131     public String[] getRoles()
132     {
133         return _roles;
134     }
135 
136     /* ------------------------------------------------------------ */
137     /**
138      * @param role
139      * @return True if the constraint contains the role.
140      */
141     public boolean hasRole(String role)
142     {
143         if (_anyRole) return true;
144         if (_roles != null) for (int i = _roles.length; i-- > 0;)
145             if (role.equals(_roles[i])) return true;
146         return false;
147     }
148 
149     /* ------------------------------------------------------------ */
150     /**
151      * @param authenticate True if users must be authenticated
152      */
153     public void setAuthenticate(boolean authenticate)
154     {
155         _authenticate = authenticate;
156     }
157 
158     /* ------------------------------------------------------------ */
159     /**
160      * @return True if the constraint requires request authentication
161      */
162     public boolean getAuthenticate()
163     {
164         return _authenticate;
165     }
166 
167     /* ------------------------------------------------------------ */
168     /**
169      * @return True if authentication required but no roles set
170      */
171     public boolean isForbidden()
172     {
173         return _authenticate && !_anyRole && (_roles == null || _roles.length == 0);
174     }
175 
176     /* ------------------------------------------------------------ */
177     /**
178      * @param c Data constrain indicator: 0=DC+NONE, 1=DC_INTEGRAL &
179      *                2=DC_CONFIDENTIAL
180      */
181     public void setDataConstraint(int c)
182     {
183         if (c < 0 || c > DC_CONFIDENTIAL) throw new IllegalArgumentException("Constraint out of range");
184         _dataConstraint = c;
185     }
186 
187     /* ------------------------------------------------------------ */
188     /**
189      * @return Data constrain indicator: 0=DC+NONE, 1=DC_INTEGRAL &
190      *         2=DC_CONFIDENTIAL
191      */
192     public int getDataConstraint()
193     {
194         return _dataConstraint;
195     }
196 
197     /* ------------------------------------------------------------ */
198     /**
199      * @return True if a data constraint has been set.
200      */
201     public boolean hasDataConstraint()
202     {
203         return _dataConstraint >= DC_NONE;
204     }
205 
206     /* ------------------------------------------------------------ */
207     @Override
208     public String toString()
209     {
210         return "SC{" + _name
211                + ","
212                + (_anyRole ? "*" : (_roles == null ? "-" : _roles.toString()))
213                + ","
214                + (_dataConstraint == DC_UNSET ? "DC_UNSET}" : (_dataConstraint == DC_NONE ? "NONE}" : (_dataConstraint == DC_INTEGRAL ? "INTEGRAL}" : "CONFIDENTIAL}")));
215     }
216 
217 }