All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.osgi.service.dmt.security.DmtPrincipalPermission Maven / Gradle / Ivy

/*
 * Copyright (c) OSGi Alliance (2004, 2013). All Rights Reserved.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.osgi.service.dmt.security;

import java.security.Permission;
import java.security.PermissionCollection;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Iterator;

/**
 * Indicates the callers authority to create DMT sessions on behalf of a remote
 * management server. Only protocol adapters communicating with management
 * servers should be granted this permission.
 * 

* {@code DmtPrincipalPermission} has a target string which controls the name of * the principal on whose behalf the protocol adapter can act. A wildcard is * allowed at the end of the target string, to allow using any principal name * with the given prefix. The "*" target means the adapter can create * a session in the name of any principal. * * @author $Id: f58885e938ced170c689e746d5326e01c5fa8079 $ */ public class DmtPrincipalPermission extends Permission { private static final long serialVersionUID = 6388752177325038332L; // specifies whether the target string had a wildcard at the end private final boolean isPrefix; // the target string without the wildcard (if there was one) private final String principal; /** * Creates a new {@code DmtPrincipalPermission} object with its name set to * the target string. Name must be non-null and non-empty. * * @param target the name of the principal, can end with {@code *} to match * any principal with the given prefix * @throws NullPointerException if {@code name} is {@code null} * @throws IllegalArgumentException if {@code name} is empty */ public DmtPrincipalPermission(String target) { super(target); if (target == null) throw new NullPointerException("'target' parameter must not be null."); if (target.equals("")) throw new IllegalArgumentException("'target' parameter must not be empty."); isPrefix = target.endsWith("*"); if (isPrefix) principal = target.substring(0, target.length() - 1); else principal = target; } /** * Creates a new {@code DmtPrincipalPermission} object using the 'canonical' * two argument constructor. In this version this class does not define any * actions, the second argument of this constructor must be "*" so that this * class can later be extended in a backward compatible way. * * @param target the name of the principal, can end with {@code *} to match * any principal with the given prefix * @param actions no actions defined, must be "*" for forward compatibility * @throws NullPointerException if {@code name} or {@code actions} is * {@code null} * @throws IllegalArgumentException if {@code name} is empty or * {@code actions} is not "*" */ public DmtPrincipalPermission(String target, String actions) { this(target); if (actions == null) throw new NullPointerException("'actions' parameter must not be null."); if (!actions.equals("*")) throw new IllegalArgumentException("'actions' parameter must be \"*\"."); } /** * Checks whether the given object is equal to this DmtPrincipalPermission * instance. Two DmtPrincipalPermission instances are equal if they have the * same target string. * * @param obj the object to compare to this DmtPrincipalPermission instance * @return {@code true} if the parameter represents the same permissions as * this instance */ public boolean equals(Object obj) { if (obj == this) return true; if (!(obj instanceof DmtPrincipalPermission)) return false; DmtPrincipalPermission other = (DmtPrincipalPermission) obj; return isPrefix == other.isPrefix && principal.equals(other.principal); } /** * Returns the action list (always {@code *} in the current version). * * @return the action string "*" */ public String getActions() { return "*"; } /** * Returns the hash code for this permission object. If two * DmtPrincipalPermission objects are equal according to the * {@link #equals(Object)} method, then calling this method on each of the * two DmtPrincipalPermission objects must produce the same integer result. * * @return hash code for this permission object */ public int hashCode() { return new Boolean(isPrefix).hashCode() ^ principal.hashCode(); } /** * Checks if this DmtPrincipalPermission object implies the specified * permission. Another DmtPrincipalPermission instance is implied by this * permission either if the target strings are identical, or if this target * can be made identical to the other target by replacing a trailing * "*" with any string. * * @param p the permission to check for implication * @return true if this DmtPrincipalPermission instance implies the * specified permission */ public boolean implies(Permission p) { if (!(p instanceof DmtPrincipalPermission)) return false; DmtPrincipalPermission other = (DmtPrincipalPermission) p; return impliesPrincipal(other); } /** * Returns a new PermissionCollection object for storing * DmtPrincipalPermission objects. * * @return the new PermissionCollection */ public PermissionCollection newPermissionCollection() { return new DmtPrincipalPermissionCollection(); } /* * Returns true if the principal parameter of the given * DmtPrincipalPermission is implied by the principal of this permission, * i.e. this principal is a prefix of the other principal but ends with a *, * or the two principal strings are equal. */ boolean impliesPrincipal(DmtPrincipalPermission p) { return isPrefix ? p.principal.startsWith(principal) : !p.isPrefix && p.principal.equals(principal); } } /** * Represents a homogeneous collection of DmtPrincipalPermission objects. */ final class DmtPrincipalPermissionCollection extends PermissionCollection { private static final long serialVersionUID = -6692103535775802684L; private ArrayList perms; /** * Create an empty DmtPrincipalPermissionCollection object. */ public DmtPrincipalPermissionCollection() { perms = new ArrayList(); } /** * Adds a permission to the DmtPrincipalPermissionCollection. * * @param permission the Permission object to add * @exception IllegalArgumentException if the permission is not a * DmtPrincipalPermission * @exception SecurityException if this DmtPrincipalPermissionCollection * object has been marked readonly */ public void add(Permission permission) { if (!(permission instanceof DmtPrincipalPermission)) throw new IllegalArgumentException("Cannot add permission, invalid permission type: " + permission); if (isReadOnly()) throw new SecurityException("Cannot add permission, collection is marked read-only."); // only add new permission if it is not already implied by the // permissions in the collection if (!implies(permission)) { // remove all permissions that are implied by the new one Iterator i = perms.iterator(); while (i.hasNext()) if (permission.implies((DmtPrincipalPermission) i.next())) i.remove(); // no need to synchronize because all adds are done sequentially // before any implies() calls perms.add(permission); } } /** * Check whether this set of permissions implies the permission specified in * the parameter. * * @param permission the Permission object to compare * @return true if the parameter permission is a proper subset of the * permissions in the collection, false otherwise */ public boolean implies(Permission permission) { if (!(permission instanceof DmtPrincipalPermission)) return false; DmtPrincipalPermission other = (DmtPrincipalPermission) permission; Iterator i = perms.iterator(); while (i.hasNext()) if (((DmtPrincipalPermission) i.next()).impliesPrincipal(other)) return true; return false; } /** * Returns an enumeration of all the DmtPrincipalPermission objects in the * container. The returned value cannot be {@code null}. * * @return an enumeration of all the DmtPrincipalPermission objects */ public Enumeration elements() { // Convert Iterator into Enumeration return Collections.enumeration(perms); } }





© 2015 - 2025 Weber Informatics LLC | Privacy Policy