All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.apache.jackrabbit.webdav.security.Privilege Maven / Gradle / Ivy

There is a newer version: 2024.11.18751.20241128T090041Z-241100
Show newest version
/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.jackrabbit.webdav.security;

import org.apache.jackrabbit.webdav.DavException;
import org.apache.jackrabbit.webdav.DavServletResponse;
import org.apache.jackrabbit.webdav.xml.DomUtil;
import org.apache.jackrabbit.webdav.xml.Namespace;
import org.apache.jackrabbit.webdav.xml.XmlSerializable;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

import java.util.HashMap;
import java.util.Map;

/**
 * Privilege
 */
public class Privilege implements XmlSerializable {

    public static final String XML_PRIVILEGE = "privilege";

    /**
     * Map for registered privileges
     */
    private static final Map REGISTERED_PRIVILEGES = new HashMap();

    //-------------------------------------< Privileges defined by RFC 3744 >---
    /**
     * The read privilege controls methods that return information about the
     * state of the resource, including the resource's properties. Affected
     * methods include GET and PROPFIND and OPTIONS.
     *
     * @see RFC 3744 Section 3.1. DAV:read Privilege
     */
    public static final Privilege PRIVILEGE_READ = getPrivilege("read", SecurityConstants.NAMESPACE);
    /**
     * The write privilege controls methods that lock a resource or modify the
     * content, dead properties, or (in the case of a collection) membership of
     * the resource, such as PUT and PROPPATCH.
     *
     * @see RFC 3744 Section 3.2. DAV:write Privilege
     */
    public static final Privilege PRIVILEGE_WRITE = getPrivilege("write", SecurityConstants.NAMESPACE);
    /**
     * The DAV:write-properties privilege controls methods that modify the dead
     * properties of the resource, such as PROPPATCH. Whether this privilege may
     * be used to control access to any live properties is determined by the
     * implementation.
     *
     * @see RFC 3744 Section 3.3. DAV:write-properties Privilege
     */
    public static final Privilege PRIVILEGE_WRITE_PROPERTIES = getPrivilege("write-properties", SecurityConstants.NAMESPACE);
    /**
     * The DAV:write-content privilege controls methods that modify the content
     * of an existing resource, such as PUT.
     *
     * @see RFC 3744 Section 3.4. DAV:write-content Privilege
     */
    public static final Privilege PRIVILEGE_WRITE_CONTENT = getPrivilege("write-content", SecurityConstants.NAMESPACE);
    /**
     * The DAV:unlock privilege controls the use of the UNLOCK method by a
     * principal other than the lock owner (the principal that created a lock
     * can always perform an UNLOCK).
     *
     * @see RFC 3744 Section 3.5. DAV:unlock Privilege
     */
    public static final Privilege PRIVILEGE_UNLOCK = getPrivilege("unlock", SecurityConstants.NAMESPACE);
    /**
     * The DAV:read-acl privilege controls the use of PROPFIND to retrieve the
     * DAV:acl property of the resource.
     *
     * @see RFC 3744 Section 3.6. DAV:read-acl Privilege
     */
    public static final Privilege PRIVILEGE_READ_ACL = getPrivilege("read-acl", SecurityConstants.NAMESPACE);
    /**
     * The DAV:read-current-user-privilege-set privilege controls the use of
     * PROPFIND to retrieve the DAV:current-user-privilege-set property of the
     * resource.
     *
     * @see RFC 3744 Section 3.7. DAV:"read-current-user-privilege-set Privilege
     */
    public static final Privilege PRIVILEGE_READ_CURRENT_USER_PRIVILEGE_SET = getPrivilege("read-current-user-privilege-set", SecurityConstants.NAMESPACE);
    /**
     * The DAV:write-acl privilege controls use of the ACL method to modify the
     * DAV:acl property of the resource.
     *
     * @see RFC 3744 Section 3.8. DAV:write-acl Privilege
     */
    public static final Privilege PRIVILEGE_WRITE_ACL = getPrivilege("write-acl", SecurityConstants.NAMESPACE);
    /**
     * The DAV:bind privilege allows a method to add a new member URL to the
     * specified collection (for example via PUT or MKCOL). It is ignored for
     * resources that are not collections.
     *
     * @see RFC 3744 Section 3.9. DAV:bind Privilege
     */
    public static final Privilege PRIVILEGE_BIND = getPrivilege("bind", SecurityConstants.NAMESPACE);
    /**
     * The DAV:unbind privilege allows a method to remove a member URL from the
     * specified collection (for example via DELETE or MOVE). It is ignored for
     * resources that are not collections.
     *
     * @see RFC 3744 Section 3.10. DAV:unbind Privilege
     */
    public static final Privilege PRIVILEGE_UNBIND = getPrivilege("unbind", SecurityConstants.NAMESPACE);
    /**
     * DAV:all is an aggregate privilege that contains the entire set of
     * privileges that can be applied to the resource.
     *
     * @see RFC 3744 Section 3.11. DAV:all Privilege
     */
    public static final Privilege PRIVILEGE_ALL = getPrivilege("all", SecurityConstants.NAMESPACE);

    private final String privilege;
    private final Namespace namespace;

    /**
     * Private constructor
     *
     * @param privilege
     * @param namespace
     */
    private Privilege(String privilege, Namespace namespace) {
        this.privilege = privilege;
        this.namespace = namespace;
    }

    /**
     * @return The local name of this Privilege.
     */
    public String getName() {
        return privilege;
    }

    /**
     * @return The namespace of this Privilege.
     */
    public Namespace getNamespace() {
        return namespace;
    }

    /**
     * @see XmlSerializable#toXml(Document)
     */
    public Element toXml(Document document) {
        Element privEl =  DomUtil.createElement(document, XML_PRIVILEGE, SecurityConstants.NAMESPACE);
        DomUtil.addChildElement(privEl, privilege, namespace);
        return privEl;
    }

    /**
     * Factory method to create/retrieve a Privilege.
     *
     * @param privilege
     * @param namespace
     * @return
     */
    public static Privilege getPrivilege(String privilege, Namespace namespace) {
        if (privilege == null) {
            throw new IllegalArgumentException("'null' is not a valid privilege.");
        }
        if (namespace == null) {
            namespace = Namespace.EMPTY_NAMESPACE;
        }
        String key = "{" + namespace.getURI() + "}" + privilege;
        if (REGISTERED_PRIVILEGES.containsKey(key)) {
            return REGISTERED_PRIVILEGES.get(key);
        } else {
            Privilege p = new Privilege(privilege, namespace);
            REGISTERED_PRIVILEGES.put(key, p);
            return p;
        }
    }

    /**
     * Factory method to create/retrieve a Privilege from the given
     * DAV:privilege element.
     *
     * @param privilege
     * @return
     */
    public static Privilege getPrivilege(Element privilege) throws DavException {
        if (!DomUtil.matches(privilege, XML_PRIVILEGE, SecurityConstants.NAMESPACE)) {
            throw new DavException(DavServletResponse.SC_BAD_REQUEST, "DAV:privilege element expected.");
        }
        Element el = DomUtil.getFirstChildElement(privilege);
        return getPrivilege(el.getLocalName(), DomUtil.getNamespace(el));
    }
}




© 2015 - 2024 Weber Informatics LLC | Privacy Policy