All Downloads are FREE. Search and download functionalities are using the official Maven repository.

javolution.context.SecurityContext Maven / Gradle / Ivy

Go to download

Only the Java Core part of Javolution library, with slight modifications for use in MSFTBX.

There is a newer version: 6.11.8
Show newest version
/*
 * Javolution - Java(TM) Solution for Real-Time and Embedded Systems
 * Copyright (C) 2007 - Javolution (http://javolution.org/)
 * All rights reserved.
 * 
 * Permission to use, copy, modify, and distribute this software is
 * freely granted, provided that this notice is preserved.
 */
package javolution.context;

import javolution.osgi.internal.OSGiServices;

/**
 * 
 A high-level security context integrated with OSGi.

 *     
 * 
 When granting/revoking permission the order is important. 
 *     For example, the following code revokes all configurable permissions 
 *     except for setting the concurrency level.
 * [code]
 * SecurityContext ctx = SecurityContext.enter(); 
 * try {
 *     ctx.revoke(Configurable.RECONFIGURE_PERMISSION);
 *     ctx.grant(ConcurrentContext.CONCURRENCY.getReconfigurePermission());
 *     ...
 *     ConcurrentContext.CONCURRENCY.reconfigure(0); // Ok (permission specifically granted).
 *     ...
 *  } finally {
 *     ctx.exit(); // Back to previous security settings. 
 *  }[/code]

 * 
 * @author  Jean-Marie Dautelle
 * @version 6.0, July 21, 2013
 */
public abstract class SecurityContext extends AbstractContext {

    /**
     * A permission associated to a specific class/action/instance. 
     * There are three levels of permission possible, at 
     * the class/category level, at the action level and at the instance level.
     * Any permission granted/revoked at the higher level is explicitly 
     * granted/revoked at the lower level. The order in which the permission 
     * are granted/revoked is important. For example, it is possible to grant 
     * a permission at the class level, then to revoke it at the action or 
     * instance level. In which case, for that class the permission is granted 
     * for all actions/instances except for those actions/instances for which the 
     * permission has been explicitly revoked.
     */
    public static class Permission {

        /**
         * Holds the global permission for anything.
         */
        public static final Permission ALL = new Permission(
                null);

        private final Class category;

        private final String action;

        private final T instance;

        /**
         * Creates a security permission for all actions of the specified category.
         */
        public Permission(Class category) {
            this(category, null, null);
        }

        /**
         * Creates a security permission for the specified action of the 
         * specified category.
         */
        public Permission(Class category, String action) {
            this(category, action, null);
        }

        /**
         * Creates a security permission for the specified instance and the 
         * specified action of the specified category.
         */
        public Permission(Class category, String action, T instance) {
            this.category = category;
            this.action = action;
            this.instance = instance;
        }

        /**
         * Returns the permission category or null for all categories.
         */
        public Class getCategory() {
            return category;
        }

        /**
         * Returns the permission action or null for all actions.
         */
        public String getAction() {
            return action;
        }

        /**
         * Returns the permission instance or null for all instances.
         */
        public T getInstance() {
            return instance;
        }

        /**
         * Checks if the specified permission is automatically granted/revoked 
         * by 'this' permission being granted/revoked.
         * 
         * @param that the permission to check.
         * @return true if this permission being granted/revoked 
         *         implies that the specified permission is granted/revoked;
         *         false otherwise.
         */
        public boolean implies(Permission that) {
            if (category == null)
                return true;
            if (!category.isAssignableFrom(that.category))
                return false;
            if (action == null)
                return true;
            if (!action.equals(that.action))
                return false;
            if (instance == null)
                return true;
            if (!instance.equals(that.instance))
                return false;
            return true;
        }

        @Override
        public String toString() {
            if (category == null)
                return "All permissions";
            if (action == null)
                return "Permission for any action on " + category.getName();
            if (instance == null)
                return "Permission for " + action + " on " + category.getName();
            return "Permission for " + action + " on instance " + instance
                    + " of " + category.getName();
        }

        @Override
        public boolean equals(Object obj) {
            if (obj == this)
                return true;
            if (!(obj instanceof Permission))
                return false;
            Permission that = (Permission) obj;
            if ((category == null) && (that.category != null))
                return false;
            if ((category != null) && (!category.equals(that.category)))
                return false;
            if ((action == null) && (that.action != null))
                return false;
            if ((action != null) && (!action.equals(that.action)))
                return false;
            if ((instance == null) && (that.instance != null))
                return false;
            if ((instance != null) && (!instance.equals(that.instance)))
                return false;
            return false;
        }

        @Override
        public int hashCode() {
            return (category != null ? category.hashCode() : 0)
                    + (action != null ? action.hashCode() : 0)
                    + (instance != null ? instance.hashCode() : 0);
        }
    }

    /**
     * Default constructor.
     */
    protected SecurityContext() {}

    /**
     * Enters and returns a new security context instance.
     * 
     * @return the new security context implementation entered. 
     */
    public static SecurityContext enter() {
        return (SecurityContext) currentSecurityContext().enterInner();
    }

    /**
     * Checks if the specified permission is granted. 
     *
     * @param permission the permission to check.
     * @throws SecurityException if the specified permission is not granted.
     */
    public static void check(Permission permission) {
        if (!currentSecurityContext().isGranted(permission))
            throw new SecurityException(permission + " is not granted.");
    }

    /**
     * Indicates if the specified permission is granted.
     *
     * @param permission the permission to check.
     */
    public abstract boolean isGranted(Permission permission);

    /**
     * Grants the specified permission.
     * 
     * @param permission the permission to grant.
     * @param certificate  the certificate used to grant that permission or 
     *        null if none.
     * @throws SecurityException if the specified permission cannot be granted.
     */
    public abstract void grant(Permission permission, Object certificate);

    /**
     * Revokes the specified permission.
     * 
     * @param permission the permission to grant.
     * @param certificate  the certificate used to grant that permission or 
     *        null if none.
     * @throws SecurityException if the specified permission cannot be revoked.
     */
    public abstract void revoke(Permission permission, Object certificate);

    /**
     * Grants the specified permission (convenience method).
     * 
     * @param permission the permission to grant.
     * @throws SecurityException if the specified permission cannot be granted.
     */
    public final void grant(Permission permission) {
        grant(permission, null);
    }

    /**
     * Revokes the specified permission (convenience method).
     * 
     * @param permission the permission to grant.
     * @throws SecurityException if the specified permission cannot be revoked.
     */
    public final void revoke(Permission permission) {
        revoke(permission, null);
    }

    /**
     * Returns the current security context. 
     */
    private static SecurityContext currentSecurityContext() {
        SecurityContext ctx = current(SecurityContext.class);
        if (ctx != null)
            return ctx;
        return OSGiServices.getSecurityContext();
    }
}
    

    

    

            

    

            



    
    






    
© 2015 - 2024 Weber Informatics LLC | Privacy Policy