View Javadoc

1   //
2   //  ========================================================================
3   //  Copyright (c) 1995-2013 Mort Bay Consulting Pty. Ltd.
4   //  ------------------------------------------------------------------------
5   //  All rights reserved. This program and the accompanying materials
6   //  are made available under the terms of the Eclipse Public License v1.0
7   //  and Apache License v2.0 which accompanies this distribution.
8   //
9   //      The Eclipse Public License is available at
10  //      http://www.eclipse.org/legal/epl-v10.html
11  //
12  //      The Apache License v2.0 is available at
13  //      http://www.opensource.org/licenses/apache2.0.php
14  //
15  //  You may elect to redistribute this code under either of these licenses.
16  //  ========================================================================
17  //
18  
19  package org.eclipse.jetty.util.security;
20  
21  import java.io.Serializable;
22  import java.util.Arrays;
23  
24  /* ------------------------------------------------------------ */
25  /**
26   * Constraint
27   * 
28   * Describe an auth and/or data constraint.
29   * 
30   * 
31   */
32  public class Constraint implements Cloneable, Serializable
33  {
34      /* ------------------------------------------------------------ */
35      public final static String __BASIC_AUTH = "BASIC";
36  
37      public final static String __FORM_AUTH = "FORM";
38  
39      public final static String __DIGEST_AUTH = "DIGEST";
40  
41      public final static String __CERT_AUTH = "CLIENT_CERT";
42  
43      public final static String __CERT_AUTH2 = "CLIENT-CERT";
44      
45      public final static String __SPNEGO_AUTH = "SPNEGO";
46      
47      public final static String __NEGOTIATE_AUTH = "NEGOTIATE";
48      
49      public static boolean validateMethod (String method)
50      {
51          if (method == null)
52              return false;
53          method = method.trim();
54          return (method.equals(__FORM_AUTH) 
55                  || method.equals(__BASIC_AUTH) 
56                  || method.equals (__DIGEST_AUTH) 
57                  || method.equals (__CERT_AUTH) 
58                  || method.equals(__CERT_AUTH2)
59                  || method.equals(__SPNEGO_AUTH)
60                  || method.equals(__NEGOTIATE_AUTH));
61      }
62  
63      /* ------------------------------------------------------------ */
64      public final static int DC_UNSET = -1, DC_NONE = 0, DC_INTEGRAL = 1, DC_CONFIDENTIAL = 2, DC_FORBIDDEN = 3;
65  
66      /* ------------------------------------------------------------ */
67      public final static String NONE = "NONE";
68  
69      public final static String ANY_ROLE = "*";
70      
71      public final static String ANY_AUTH = "**"; //Servlet Spec 3.1 pg 140
72  
73      /* ------------------------------------------------------------ */
74      private String _name;
75  
76      private String[] _roles;
77  
78      private int _dataConstraint = DC_UNSET;
79  
80      private boolean _anyRole = false;
81      
82      private boolean _anyAuth = false;
83  
84      private boolean _authenticate = false;
85  
86      /* ------------------------------------------------------------ */
87      /**
88       * Constructor.
89       */
90      public Constraint()
91      {
92      }
93  
94      /* ------------------------------------------------------------ */
95      /**
96       * Conveniance Constructor.
97       * 
98       * @param name
99       * @param role
100      */
101     public Constraint(String name, String role)
102     {
103         setName(name);
104         setRoles(new String[] { role });
105     }
106 
107     /* ------------------------------------------------------------ */
108     @Override
109     public Object clone() throws CloneNotSupportedException
110     {
111         return super.clone();
112     }
113 
114     /* ------------------------------------------------------------ */
115     /**
116      * @param name
117      */
118     public void setName(String name)
119     {
120         _name = name;
121     }
122 
123     /* ------------------------------------------------------------ */
124     public void setRoles(String[] roles)
125     {
126         _roles = roles;
127         _anyRole = false;
128         _anyAuth = false;
129         if (roles != null) 
130         {
131             for (int i = roles.length; i-- > 0;)
132             {
133                 _anyRole |= ANY_ROLE.equals(roles[i]);
134                 _anyAuth |= ANY_AUTH.equals(roles[i]);
135             }
136         }
137     }
138 
139     /* ------------------------------------------------------------ */
140     /**
141      * @return True if any user role is permitted.
142      */
143     public boolean isAnyRole()
144     {
145         return _anyRole;
146     }
147     
148     
149     /* ------------------------------------------------------------ */
150     /** Servlet Spec 3.1, pg 140
151      * @return True if any authenticated user is permitted (ie a role "**" was specified in the constraint).
152      */
153     public boolean isAnyAuth()
154     {
155         return _anyAuth;
156     }
157 
158     /* ------------------------------------------------------------ */
159     /**
160      * @return List of roles for this constraint.
161      */
162     public String[] getRoles()
163     {
164         return _roles;
165     }
166 
167     /* ------------------------------------------------------------ */
168     /**
169      * @param role
170      * @return True if the constraint contains the role.
171      */
172     public boolean hasRole(String role)
173     {
174         if (_anyRole) return true;
175         if (_roles != null) for (int i = _roles.length; i-- > 0;)
176             if (role.equals(_roles[i])) return true;
177         return false;
178     }
179 
180     /* ------------------------------------------------------------ */
181     /**
182      * @param authenticate True if users must be authenticated
183      */
184     public void setAuthenticate(boolean authenticate)
185     {
186         _authenticate = authenticate;
187     }
188 
189     /* ------------------------------------------------------------ */
190     /**
191      * @return True if the constraint requires request authentication
192      */
193     public boolean getAuthenticate()
194     {
195         return _authenticate;
196     }
197 
198     /* ------------------------------------------------------------ */
199     /**
200      * @return True if authentication required but no roles set
201      */
202     public boolean isForbidden()
203     {
204         return _authenticate && !_anyRole && (_roles == null || _roles.length == 0);
205     }
206 
207     /* ------------------------------------------------------------ */
208     /**
209      * @param c Data constrain indicator: 0=DC+NONE, 1=DC_INTEGRAL &
210      *                2=DC_CONFIDENTIAL
211      */
212     public void setDataConstraint(int c)
213     {
214         if (c < 0 || c > DC_CONFIDENTIAL) throw new IllegalArgumentException("Constraint out of range");
215         _dataConstraint = c;
216     }
217 
218     /* ------------------------------------------------------------ */
219     /**
220      * @return Data constrain indicator: 0=DC+NONE, 1=DC_INTEGRAL &
221      *         2=DC_CONFIDENTIAL
222      */
223     public int getDataConstraint()
224     {
225         return _dataConstraint;
226     }
227 
228     /* ------------------------------------------------------------ */
229     /**
230      * @return True if a data constraint has been set.
231      */
232     public boolean hasDataConstraint()
233     {
234         return _dataConstraint >= DC_NONE;
235     }
236 
237     /* ------------------------------------------------------------ */
238     @Override
239     public String toString()
240     {
241         return "SC{" + _name
242                + ","
243                + (_anyRole ? "*" : (_roles == null ? "-" : Arrays.asList(_roles).toString()))
244                + ","
245                + (_dataConstraint == DC_UNSET ? "DC_UNSET}" : (_dataConstraint == DC_NONE ? "NONE}" : (_dataConstraint == DC_INTEGRAL ? "INTEGRAL}" : "CONFIDENTIAL}")));
246     }
247 
248 }