1 //
2 // ========================================================================
3 // Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd.
4 // ------------------------------------------------------------------------
5 // All rights reserved. This program and the accompanying materials
6 // are made available under the terms of the Eclipse Public License v1.0
7 // and Apache License v2.0 which accompanies this distribution.
8 //
9 // The Eclipse Public License is available at
10 // http://www.eclipse.org/legal/epl-v10.html
11 //
12 // The Apache License v2.0 is available at
13 // http://www.opensource.org/licenses/apache2.0.php
14 //
15 // You may elect to redistribute this code under either of these licenses.
16 // ========================================================================
17 //
18
19 package org.eclipse.jetty.util.security;
20
21 import java.io.Serializable;
22 import java.util.Arrays;
23
24 /* ------------------------------------------------------------ */
25 /**
26 * Constraint
27 *
28 * Describe an auth and/or data constraint.
29 *
30 *
31 */
32 public class Constraint implements Cloneable, Serializable
33 {
34 /* ------------------------------------------------------------ */
35 public final static String __BASIC_AUTH = "BASIC";
36
37 public final static String __FORM_AUTH = "FORM";
38
39 public final static String __DIGEST_AUTH = "DIGEST";
40
41 public final static String __CERT_AUTH = "CLIENT_CERT";
42
43 public final static String __CERT_AUTH2 = "CLIENT-CERT";
44
45 public final static String __SPNEGO_AUTH = "SPNEGO";
46
47 public final static String __NEGOTIATE_AUTH = "NEGOTIATE";
48
49 public static boolean validateMethod (String method)
50 {
51 if (method == null)
52 return false;
53 method = method.trim();
54 return (method.equals(__FORM_AUTH)
55 || method.equals(__BASIC_AUTH)
56 || method.equals (__DIGEST_AUTH)
57 || method.equals (__CERT_AUTH)
58 || method.equals(__CERT_AUTH2)
59 || method.equals(__SPNEGO_AUTH)
60 || method.equals(__NEGOTIATE_AUTH));
61 }
62
63 /* ------------------------------------------------------------ */
64 public final static int DC_UNSET = -1, DC_NONE = 0, DC_INTEGRAL = 1, DC_CONFIDENTIAL = 2, DC_FORBIDDEN = 3;
65
66 /* ------------------------------------------------------------ */
67 public final static String NONE = "NONE";
68
69 public final static String ANY_ROLE = "*";
70
71 public final static String ANY_AUTH = "**"; //Servlet Spec 3.1 pg 140
72
73 /* ------------------------------------------------------------ */
74 private String _name;
75
76 private String[] _roles;
77
78 private int _dataConstraint = DC_UNSET;
79
80 private boolean _anyRole = false;
81
82 private boolean _anyAuth = false;
83
84 private boolean _authenticate = false;
85
86 /* ------------------------------------------------------------ */
87 /**
88 * Constructor.
89 */
90 public Constraint()
91 {
92 }
93
94 /* ------------------------------------------------------------ */
95 /**
96 * Conveniance Constructor.
97 *
98 * @param name
99 * @param role
100 */
101 public Constraint(String name, String role)
102 {
103 setName(name);
104 setRoles(new String[] { role });
105 }
106
107 /* ------------------------------------------------------------ */
108 @Override
109 public Object clone() throws CloneNotSupportedException
110 {
111 return super.clone();
112 }
113
114 /* ------------------------------------------------------------ */
115 /**
116 * @param name
117 */
118 public void setName(String name)
119 {
120 _name = name;
121 }
122
123 /* ------------------------------------------------------------ */
124 public String getName()
125 {
126 return _name;
127 }
128
129 /* ------------------------------------------------------------ */
130 public void setRoles(String[] roles)
131 {
132 _roles = roles;
133 _anyRole = false;
134 _anyAuth = false;
135 if (roles != null)
136 {
137 for (int i = roles.length; i-- > 0;)
138 {
139 _anyRole |= ANY_ROLE.equals(roles[i]);
140 _anyAuth |= ANY_AUTH.equals(roles[i]);
141 }
142 }
143 }
144
145 /* ------------------------------------------------------------ */
146 /**
147 * @return True if any user role is permitted.
148 */
149 public boolean isAnyRole()
150 {
151 return _anyRole;
152 }
153
154
155 /* ------------------------------------------------------------ */
156 /** Servlet Spec 3.1, pg 140
157 * @return True if any authenticated user is permitted (ie a role "**" was specified in the constraint).
158 */
159 public boolean isAnyAuth()
160 {
161 return _anyAuth;
162 }
163
164 /* ------------------------------------------------------------ */
165 /**
166 * @return List of roles for this constraint.
167 */
168 public String[] getRoles()
169 {
170 return _roles;
171 }
172
173 /* ------------------------------------------------------------ */
174 /**
175 * @param role
176 * @return True if the constraint contains the role.
177 */
178 public boolean hasRole(String role)
179 {
180 if (_anyRole) return true;
181 if (_roles != null) for (int i = _roles.length; i-- > 0;)
182 if (role.equals(_roles[i])) return true;
183 return false;
184 }
185
186 /* ------------------------------------------------------------ */
187 /**
188 * @param authenticate True if users must be authenticated
189 */
190 public void setAuthenticate(boolean authenticate)
191 {
192 _authenticate = authenticate;
193 }
194
195 /* ------------------------------------------------------------ */
196 /**
197 * @return True if the constraint requires request authentication
198 */
199 public boolean getAuthenticate()
200 {
201 return _authenticate;
202 }
203
204 /* ------------------------------------------------------------ */
205 /**
206 * @return True if authentication required but no roles set
207 */
208 public boolean isForbidden()
209 {
210 return _authenticate && !_anyRole && (_roles == null || _roles.length == 0);
211 }
212
213 /* ------------------------------------------------------------ */
214 /**
215 * @param c Data constrain indicator: 0=DC+NONE, 1=DC_INTEGRAL &
216 * 2=DC_CONFIDENTIAL
217 */
218 public void setDataConstraint(int c)
219 {
220 if (c < 0 || c > DC_CONFIDENTIAL) throw new IllegalArgumentException("Constraint out of range");
221 _dataConstraint = c;
222 }
223
224 /* ------------------------------------------------------------ */
225 /**
226 * @return Data constrain indicator: 0=DC+NONE, 1=DC_INTEGRAL &
227 * 2=DC_CONFIDENTIAL
228 */
229 public int getDataConstraint()
230 {
231 return _dataConstraint;
232 }
233
234 /* ------------------------------------------------------------ */
235 /**
236 * @return True if a data constraint has been set.
237 */
238 public boolean hasDataConstraint()
239 {
240 return _dataConstraint >= DC_NONE;
241 }
242
243 /* ------------------------------------------------------------ */
244 @Override
245 public String toString()
246 {
247 return "SC{" + _name
248 + ","
249 + (_anyRole ? "*" : (_roles == null ? "-" : Arrays.asList(_roles).toString()))
250 + ","
251 + (_dataConstraint == DC_UNSET ? "DC_UNSET}" : (_dataConstraint == DC_NONE ? "NONE}" : (_dataConstraint == DC_INTEGRAL ? "INTEGRAL}" : "CONFIDENTIAL}")));
252 }
253
254 }