1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19 package org.eclipse.jetty.util.security;
20
21 import java.io.Serializable;
22 import java.util.Arrays;
23
24
25
26
27
28
29
30
31
32 public class Constraint implements Cloneable, Serializable
33 {
34
35 public final static String __BASIC_AUTH = "BASIC";
36
37 public final static String __FORM_AUTH = "FORM";
38
39 public final static String __DIGEST_AUTH = "DIGEST";
40
41 public final static String __CERT_AUTH = "CLIENT_CERT";
42
43 public final static String __CERT_AUTH2 = "CLIENT-CERT";
44
45 public final static String __SPNEGO_AUTH = "SPNEGO";
46
47 public final static String __NEGOTIATE_AUTH = "NEGOTIATE";
48
49 public static boolean validateMethod (String method)
50 {
51 if (method == null)
52 return false;
53 method = method.trim();
54 return (method.equals(__FORM_AUTH)
55 || method.equals(__BASIC_AUTH)
56 || method.equals (__DIGEST_AUTH)
57 || method.equals (__CERT_AUTH)
58 || method.equals(__CERT_AUTH2)
59 || method.equals(__SPNEGO_AUTH)
60 || method.equals(__NEGOTIATE_AUTH));
61 }
62
63
64 public final static int DC_UNSET = -1, DC_NONE = 0, DC_INTEGRAL = 1, DC_CONFIDENTIAL = 2, DC_FORBIDDEN = 3;
65
66
67 public final static String NONE = "NONE";
68
69 public final static String ANY_ROLE = "*";
70
71 public final static String ANY_AUTH = "**";
72
73
74 private String _name;
75
76 private String[] _roles;
77
78 private int _dataConstraint = DC_UNSET;
79
80 private boolean _anyRole = false;
81
82 private boolean _anyAuth = false;
83
84 private boolean _authenticate = false;
85
86
87
88
89
90 public Constraint()
91 {
92 }
93
94
95
96
97
98
99
100
101 public Constraint(String name, String role)
102 {
103 setName(name);
104 setRoles(new String[] { role });
105 }
106
107
108 @Override
109 public Object clone() throws CloneNotSupportedException
110 {
111 return super.clone();
112 }
113
114
115
116
117
118 public void setName(String name)
119 {
120 _name = name;
121 }
122
123
124 public String getName()
125 {
126 return _name;
127 }
128
129
130 public void setRoles(String[] roles)
131 {
132 _roles = roles;
133 _anyRole = false;
134 _anyAuth = false;
135 if (roles != null)
136 {
137 for (int i = roles.length; i-- > 0;)
138 {
139 _anyRole |= ANY_ROLE.equals(roles[i]);
140 _anyAuth |= ANY_AUTH.equals(roles[i]);
141 }
142 }
143 }
144
145
146
147
148
149 public boolean isAnyRole()
150 {
151 return _anyRole;
152 }
153
154
155
156
157
158
159 public boolean isAnyAuth()
160 {
161 return _anyAuth;
162 }
163
164
165
166
167
168 public String[] getRoles()
169 {
170 return _roles;
171 }
172
173
174
175
176
177
178 public boolean hasRole(String role)
179 {
180 if (_anyRole) return true;
181 if (_roles != null) for (int i = _roles.length; i-- > 0;)
182 if (role.equals(_roles[i])) return true;
183 return false;
184 }
185
186
187
188
189
190 public void setAuthenticate(boolean authenticate)
191 {
192 _authenticate = authenticate;
193 }
194
195
196
197
198
199 public boolean getAuthenticate()
200 {
201 return _authenticate;
202 }
203
204
205
206
207
208 public boolean isForbidden()
209 {
210 return _authenticate && !_anyRole && (_roles == null || _roles.length == 0);
211 }
212
213
214
215
216
217
218 public void setDataConstraint(int c)
219 {
220 if (c < 0 || c > DC_CONFIDENTIAL) throw new IllegalArgumentException("Constraint out of range");
221 _dataConstraint = c;
222 }
223
224
225
226
227
228
229 public int getDataConstraint()
230 {
231 return _dataConstraint;
232 }
233
234
235
236
237
238 public boolean hasDataConstraint()
239 {
240 return _dataConstraint >= DC_NONE;
241 }
242
243
244 @Override
245 public String toString()
246 {
247 return "SC{" + _name
248 + ","
249 + (_anyRole ? "*" : (_roles == null ? "-" : Arrays.asList(_roles).toString()))
250 + ","
251 + (_dataConstraint == DC_UNSET ? "DC_UNSET}" : (_dataConstraint == DC_NONE ? "NONE}" : (_dataConstraint == DC_INTEGRAL ? "INTEGRAL}" : "CONFIDENTIAL}")));
252 }
253
254 }