org.eclipse.jetty.util.security.Constraint Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of ehcache Show documentation
Show all versions of ehcache Show documentation
Ehcache is an open source, standards-based cache used to boost performance,
offload the database and simplify scalability. Ehcache is robust, proven and full-featured and
this has made it the most widely-used Java-based cache.
//
// ========================================================================
// Copyright (c) 1995-2018 Mort Bay Consulting Pty. Ltd.
// ------------------------------------------------------------------------
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0
// and Apache License v2.0 which accompanies this distribution.
//
// The Eclipse Public License is available at
// http://www.eclipse.org/legal/epl-v10.html
//
// The Apache License v2.0 is available at
// http://www.opensource.org/licenses/apache2.0.php
//
// You may elect to redistribute this code under either of these licenses.
// ========================================================================
//
package org.eclipse.jetty.util.security;
import java.io.Serializable;
import java.util.Arrays;
/**
* Constraint
*
* Describe an auth and/or data constraint.
*/
public class Constraint implements Cloneable, Serializable
{
/* ------------------------------------------------------------ */
public final static String __BASIC_AUTH = "BASIC";
public final static String __FORM_AUTH = "FORM";
public final static String __DIGEST_AUTH = "DIGEST";
public final static String __CERT_AUTH = "CLIENT_CERT";
public final static String __CERT_AUTH2 = "CLIENT-CERT";
public final static String __SPNEGO_AUTH = "SPNEGO";
public final static String __NEGOTIATE_AUTH = "NEGOTIATE";
public static boolean validateMethod (String method)
{
if (method == null)
return false;
method = method.trim();
return (method.equals(__FORM_AUTH)
|| method.equals(__BASIC_AUTH)
|| method.equals (__DIGEST_AUTH)
|| method.equals (__CERT_AUTH)
|| method.equals(__CERT_AUTH2)
|| method.equals(__SPNEGO_AUTH)
|| method.equals(__NEGOTIATE_AUTH));
}
/* ------------------------------------------------------------ */
public final static int DC_UNSET = -1, DC_NONE = 0, DC_INTEGRAL = 1, DC_CONFIDENTIAL = 2, DC_FORBIDDEN = 3;
/* ------------------------------------------------------------ */
public final static String NONE = "NONE";
public final static String ANY_ROLE = "*";
public final static String ANY_AUTH = "**"; //Servlet Spec 3.1 pg 140
/* ------------------------------------------------------------ */
private String _name;
private String[] _roles;
private int _dataConstraint = DC_UNSET;
private boolean _anyRole = false;
private boolean _anyAuth = false;
private boolean _authenticate = false;
/* ------------------------------------------------------------ */
/**
* Constructor.
*/
public Constraint()
{
}
/* ------------------------------------------------------------ */
/**
* Convenience Constructor.
*
* @param name the name
* @param role the role
*/
public Constraint(String name, String role)
{
setName(name);
setRoles(new String[] { role });
}
/* ------------------------------------------------------------ */
@Override
public Object clone() throws CloneNotSupportedException
{
return super.clone();
}
/* ------------------------------------------------------------ */
/**
* @param name the name
*/
public void setName(String name)
{
_name = name;
}
/* ------------------------------------------------------------ */
public String getName()
{
return _name;
}
/* ------------------------------------------------------------ */
public void setRoles(String[] roles)
{
_roles = roles;
_anyRole = false;
_anyAuth = false;
if (roles != null)
{
for (int i = roles.length; i-- > 0;)
{
_anyRole |= ANY_ROLE.equals(roles[i]);
_anyAuth |= ANY_AUTH.equals(roles[i]);
}
}
}
/* ------------------------------------------------------------ */
/**
* @return True if any user role is permitted.
*/
public boolean isAnyRole()
{
return _anyRole;
}
/* ------------------------------------------------------------ */
/** Servlet Spec 3.1, pg 140
* @return True if any authenticated user is permitted (ie a role "**" was specified in the constraint).
*/
public boolean isAnyAuth()
{
return _anyAuth;
}
/* ------------------------------------------------------------ */
/**
* @return List of roles for this constraint.
*/
public String[] getRoles()
{
return _roles;
}
/* ------------------------------------------------------------ */
/**
* @param role the role
* @return True if the constraint contains the role.
*/
public boolean hasRole(String role)
{
if (_anyRole) return true;
if (_roles != null) for (int i = _roles.length; i-- > 0;)
if (role.equals(_roles[i])) return true;
return false;
}
/* ------------------------------------------------------------ */
/**
* @param authenticate True if users must be authenticated
*/
public void setAuthenticate(boolean authenticate)
{
_authenticate = authenticate;
}
/* ------------------------------------------------------------ */
/**
* @return True if the constraint requires request authentication
*/
public boolean getAuthenticate()
{
return _authenticate;
}
/* ------------------------------------------------------------ */
/**
* @return True if authentication required but no roles set
*/
public boolean isForbidden()
{
return _authenticate && !_anyRole && (_roles == null || _roles.length == 0);
}
/* ------------------------------------------------------------ */
/**
* @param c Data constrain indicator: 0=DC+NONE, 1=DC_INTEGRAL &
* 2=DC_CONFIDENTIAL
*/
public void setDataConstraint(int c)
{
if (c < 0 || c > DC_CONFIDENTIAL) throw new IllegalArgumentException("Constraint out of range");
_dataConstraint = c;
}
/* ------------------------------------------------------------ */
/**
* @return Data constrain indicator: 0=DC+NONE, 1=DC_INTEGRAL &
* 2=DC_CONFIDENTIAL
*/
public int getDataConstraint()
{
return _dataConstraint;
}
/* ------------------------------------------------------------ */
/**
* @return True if a data constraint has been set.
*/
public boolean hasDataConstraint()
{
return _dataConstraint >= DC_NONE;
}
/* ------------------------------------------------------------ */
@Override
public String toString()
{
return "SC{" + _name
+ ","
+ (_anyRole ? "*" : (_roles == null ? "-" : Arrays.asList(_roles).toString()))
+ ","
+ (_dataConstraint == DC_UNSET ? "DC_UNSET}" : (_dataConstraint == DC_NONE ? "NONE}" : (_dataConstraint == DC_INTEGRAL ? "INTEGRAL}" : "CONFIDENTIAL}")));
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy