de.tsl2.nano.serviceaccess.aas.principal.APermission Maven / Gradle / Ivy

Go to download

Show more of this group Show more artifacts with this name
Show all versions of tsl2.nano.serviceaccess Show documentation

TSL2 JEE Service Access (Generic Services for Entity Access, JEE File-System-Connector, Generic Featuring, Job-Scheduling, BeanContainer, Batch, Comfortable Bean Query Definitions, JAAS, Authentification, Authorization, )

The newest version!

/*
 * Copyright © 2002-2008 Thomas Schneider
 * Alle Rechte vorbehalten.
 * Weiterverbreitung, Benutzung, Vervielfältigung oder Offenlegung,
 * auch auszugsweise, nur mit Genehmigung.
 */
package de.tsl2.nano.serviceaccess.aas.principal;

import java.security.BasicPermission;
import java.security.Permission;
import java.util.Arrays;
import java.util.List;
import java.util.Set;

import javax.security.auth.Subject;

import org.simpleframework.xml.Attribute;

import de.tsl2.nano.core.cls.PrivateAccessor;


/**
 * permission for actions e.g. of type {@linkplain de.tsl2.nano.action.IAction}.
 * 
 * @author TS
 * 
 */
public class APermission extends BasicPermission {

    private static final long serialVersionUID = 1L;

    @Attribute(name="actions")
    String actions;
    
    public APermission(@Attribute(name="name0") String name) {
        super(name);
    }

    public APermission(@Attribute(name="name0") String name, @Attribute(name="actions") String actions) {
        super(name, actions);
        //actions will be ignored by super class
        this.actions = actions;
    }

    @Attribute(name="name0")
    public String getName0() {
        return new PrivateAccessor(this).call("getName", String.class);
    }
    
    @Override
    public void checkGuard(Object object) throws SecurityException {
        super.checkGuard(object);
        
        if (object instanceof Subject) {
            Subject subject = (Subject) object;
            Set roles = subject.getPrincipals(Role.class);
            for (Role role : roles) {
                Set permissions = role.getPermissions();
                for (BasicPermission p : permissions) {
                    if (p.implies(this)) {
                        return;
                    }
                }
            }
        } else {
            //TODO: are there other use cases?
        }
        throw new SecurityException("Object '" + object + "' has no permission to access " + this);
    }
    
    /**
     * hasAccess
     * @param subject
     * @return
     */
    public boolean hasAccess(Subject subject) {
        try {
            checkGuard(subject);
            return true;
        } catch (SecurityException e) {
            return false;
        }
    }
    
    @Override
    public boolean implies(Permission p) {
        boolean result = super.implies(p);
        if (!result) {
            return result;
        }
        
        BasicPermission bp = (BasicPermission) p;
        if (actions == null || actions.equals("*")) {
            return true;
        }
        if (bp.getActions() == null || bp.getActions().equals("*")) {
            return true;
        }
        List s = Arrays.asList(actions.split(","));
        List sbp = Arrays.asList(bp.getActions().split(","));
        return s.containsAll(sbp);
        
    }
    
    @Override
    public String getActions() {
        return actions;
    }
}