Home » apache-tomcat-6.0.26-src » org.apache » catalina » deploy » [javadoc | source]

    1   /*
    2    * Licensed to the Apache Software Foundation (ASF) under one or more
    3    * contributor license agreements.  See the NOTICE file distributed with
    4    * this work for additional information regarding copyright ownership.
    5    * The ASF licenses this file to You under the Apache License, Version 2.0
    6    * (the "License"); you may not use this file except in compliance with
    7    * the License.  You may obtain a copy of the License at
    8    * 
    9    *      http://www.apache.org/licenses/LICENSE-2.0
   10    * 
   11    * Unless required by applicable law or agreed to in writing, software
   12    * distributed under the License is distributed on an "AS IS" BASIS,
   13    * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   14    * See the License for the specific language governing permissions and
   15    * limitations under the License.
   16    */
   17   
   18   
   19   package org.apache.catalina.deploy;
   20   
   21   import java.io.Serializable;
   22   
   23   
   24   /**
   25    * Representation of a security constraint element for a web application,
   26    * as represented in a <code>&lt;security-constraint&gt;</code> element in the
   27    * deployment descriptor.
   28    * <p>
   29    * <b>WARNING</b>:  It is assumed that instances of this class will be created
   30    * and modified only within the context of a single thread, before the instance
   31    * is made visible to the remainder of the application.  After that, only read
   32    * access is expected.  Therefore, none of the read and write access within
   33    * this class is synchronized.
   34    *
   35    * @author Craig R. McClanahan
   36    * @version $Revision: 467222 $ $Date: 2006-10-24 05:17:11 +0200 (Tue, 24 Oct 2006) $
   37    */
   38   
   39   public class SecurityConstraint implements Serializable {
   40   
   41   
   42       // ----------------------------------------------------------- Constructors
   43   
   44   
   45       /**
   46        * Construct a new security constraint instance with default values.
   47        */
   48       public SecurityConstraint() {
   49   
   50           super();
   51   
   52       }
   53   
   54   
   55       // ----------------------------------------------------- Instance Variables
   56   
   57   
   58       /**
   59        * Was the "all roles" wildcard included in the authorization constraints
   60        * for this security constraint?
   61        */
   62       private boolean allRoles = false;
   63   
   64   
   65       /**
   66        * Was an authorization constraint included in this security constraint?
   67        * This is necessary to distinguish the case where an auth-constraint with
   68        * no roles (signifying no direct access at all) was requested, versus
   69        * a lack of auth-constraint which implies no access control checking.
   70        */
   71       private boolean authConstraint = false;
   72   
   73   
   74       /**
   75        * The set of roles permitted to access resources protected by this
   76        * security constraint.
   77        */
   78       private String authRoles[] = new String[0];
   79   
   80   
   81       /**
   82        * The set of web resource collections protected by this security
   83        * constraint.
   84        */
   85       private SecurityCollection collections[] = new SecurityCollection[0];
   86   
   87   
   88       /**
   89        * The display name of this security constraint.
   90        */
   91       private String displayName = null;
   92   
   93   
   94       /**
   95        * The user data constraint for this security constraint.  Must be NONE,
   96        * INTEGRAL, or CONFIDENTIAL.
   97        */
   98       private String userConstraint = "NONE";
   99   
  100   
  101       // ------------------------------------------------------------- Properties
  102   
  103   
  104       /**
  105        * Was the "all roles" wildcard included in this authentication
  106        * constraint?
  107        */
  108       public boolean getAllRoles() {
  109   
  110           return (this.allRoles);
  111   
  112       }
  113   
  114   
  115       /**
  116        * Return the authorization constraint present flag for this security
  117        * constraint.
  118        */
  119       public boolean getAuthConstraint() {
  120   
  121           return (this.authConstraint);
  122   
  123       }
  124   
  125   
  126       /**
  127        * Set the authorization constraint present flag for this security
  128        * constraint.
  129        */
  130       public void setAuthConstraint(boolean authConstraint) {
  131   
  132           this.authConstraint = authConstraint;
  133   
  134       }
  135   
  136   
  137       /**
  138        * Return the display name of this security constraint.
  139        */
  140       public String getDisplayName() {
  141   
  142           return (this.displayName);
  143   
  144       }
  145   
  146   
  147       /**
  148        * Set the display name of this security constraint.
  149        */
  150       public void setDisplayName(String displayName) {
  151   
  152           this.displayName = displayName;
  153   
  154       }
  155   
  156   
  157       /**
  158        * Return the user data constraint for this security constraint.
  159        */
  160       public String getUserConstraint() {
  161   
  162           return (userConstraint);
  163   
  164       }
  165   
  166   
  167       /**
  168        * Set the user data constraint for this security constraint.
  169        *
  170        * @param userConstraint The new user data constraint
  171        */
  172       public void setUserConstraint(String userConstraint) {
  173   
  174           if (userConstraint != null)
  175               this.userConstraint = userConstraint;
  176   
  177       }
  178   
  179   
  180       // --------------------------------------------------------- Public Methods
  181   
  182   
  183       /**
  184        * Add an authorization role, which is a role name that will be
  185        * permitted access to the resources protected by this security constraint.
  186        *
  187        * @param authRole Role name to be added
  188        */
  189       public void addAuthRole(String authRole) {
  190   
  191           if (authRole == null)
  192               return;
  193           if ("*".equals(authRole)) {
  194               allRoles = true;
  195               return;
  196           }
  197           String results[] = new String[authRoles.length + 1];
  198           for (int i = 0; i < authRoles.length; i++)
  199               results[i] = authRoles[i];
  200           results[authRoles.length] = authRole;
  201           authRoles = results;
  202           authConstraint = true;
  203   
  204       }
  205   
  206   
  207       /**
  208        * Add a new web resource collection to those protected by this
  209        * security constraint.
  210        *
  211        * @param collection The new web resource collection
  212        */
  213       public void addCollection(SecurityCollection collection) {
  214   
  215           if (collection == null)
  216               return;
  217           SecurityCollection results[] =
  218               new SecurityCollection[collections.length + 1];
  219           for (int i = 0; i < collections.length; i++)
  220               results[i] = collections[i];
  221           results[collections.length] = collection;
  222           collections = results;
  223   
  224       }
  225   
  226   
  227       /**
  228        * Return <code>true</code> if the specified role is permitted access to
  229        * the resources protected by this security constraint.
  230        *
  231        * @param role Role name to be checked
  232        */
  233       public boolean findAuthRole(String role) {
  234   
  235           if (role == null)
  236               return (false);
  237           for (int i = 0; i < authRoles.length; i++) {
  238               if (role.equals(authRoles[i]))
  239                   return (true);
  240           }
  241           return (false);
  242   
  243       }
  244   
  245   
  246       /**
  247        * Return the set of roles that are permitted access to the resources
  248        * protected by this security constraint.  If none have been defined,
  249        * a zero-length array is returned (which implies that all authenticated
  250        * users are permitted access).
  251        */
  252       public String[] findAuthRoles() {
  253   
  254           return (authRoles);
  255   
  256       }
  257   
  258   
  259       /**
  260        * Return the web resource collection for the specified name, if any;
  261        * otherwise, return <code>null</code>.
  262        *
  263        * @param name Web resource collection name to return
  264        */
  265       public SecurityCollection findCollection(String name) {
  266   
  267           if (name == null)
  268               return (null);
  269           for (int i = 0; i < collections.length; i++) {
  270               if (name.equals(collections[i].getName()))
  271                   return (collections[i]);
  272           }
  273           return (null);
  274   
  275       }
  276   
  277   
  278       /**
  279        * Return all of the web resource collections protected by this
  280        * security constraint.  If there are none, a zero-length array is
  281        * returned.
  282        */
  283       public SecurityCollection[] findCollections() {
  284   
  285           return (collections);
  286   
  287       }
  288   
  289   
  290       /**
  291        * Return <code>true</code> if the specified context-relative URI (and
  292        * associated HTTP method) are protected by this security constraint.
  293        *
  294        * @param uri Context-relative URI to check
  295        * @param method Request method being used
  296        */
  297       public boolean included(String uri, String method) {
  298   
  299           // We cannot match without a valid request method
  300           if (method == null)
  301               return (false);
  302   
  303           // Check all of the collections included in this constraint
  304           for (int i = 0; i < collections.length; i++) {
  305               if (!collections[i].findMethod(method))
  306                   continue;
  307               String patterns[] = collections[i].findPatterns();
  308               for (int j = 0; j < patterns.length; j++) {
  309                   if (matchPattern(uri, patterns[j]))
  310                       return (true);
  311               }
  312           }
  313   
  314           // No collection included in this constraint matches this request
  315           return (false);
  316   
  317       }
  318   
  319   
  320       /**
  321        * Remove the specified role from the set of roles permitted to access
  322        * the resources protected by this security constraint.
  323        *
  324        * @param authRole Role name to be removed
  325        */
  326       public void removeAuthRole(String authRole) {
  327   
  328           if (authRole == null)
  329               return;
  330           int n = -1;
  331           for (int i = 0; i < authRoles.length; i++) {
  332               if (authRoles[i].equals(authRole)) {
  333                   n = i;
  334                   break;
  335               }
  336           }
  337           if (n >= 0) {
  338               int j = 0;
  339               String results[] = new String[authRoles.length - 1];
  340               for (int i = 0; i < authRoles.length; i++) {
  341                   if (i != n)
  342                       results[j++] = authRoles[i];
  343               }
  344               authRoles = results;
  345           }
  346   
  347       }
  348   
  349   
  350       /**
  351        * Remove the specified web resource collection from those protected by
  352        * this security constraint.
  353        *
  354        * @param collection Web resource collection to be removed
  355        */
  356       public void removeCollection(SecurityCollection collection) {
  357   
  358           if (collection == null)
  359               return;
  360           int n = -1;
  361           for (int i = 0; i < collections.length; i++) {
  362               if (collections[i].equals(collection)) {
  363                   n = i;
  364                   break;
  365               }
  366           }
  367           if (n >= 0) {
  368               int j = 0;
  369               SecurityCollection results[] =
  370                   new SecurityCollection[collections.length - 1];
  371               for (int i = 0; i < collections.length; i++) {
  372                   if (i != n)
  373                       results[j++] = collections[i];
  374               }
  375               collections = results;
  376           }
  377   
  378       }
  379   
  380   
  381       /**
  382        * Return a String representation of this security constraint.
  383        */
  384       public String toString() {
  385   
  386           StringBuffer sb = new StringBuffer("SecurityConstraint[");
  387           for (int i = 0; i < collections.length; i++) {
  388               if (i > 0)
  389                   sb.append(", ");
  390               sb.append(collections[i].getName());
  391           }
  392           sb.append("]");
  393           return (sb.toString());
  394   
  395       }
  396   
  397   
  398       // -------------------------------------------------------- Private Methods
  399   
  400   
  401       /**
  402        * Does the specified request path match the specified URL pattern?
  403        * This method follows the same rules (in the same order) as those used
  404        * for mapping requests to servlets.
  405        *
  406        * @param path Context-relative request path to be checked
  407        *  (must start with '/')
  408        * @param pattern URL pattern to be compared against
  409        */
  410       private boolean matchPattern(String path, String pattern) {
  411   
  412           // Normalize the argument strings
  413           if ((path == null) || (path.length() == 0))
  414               path = "/";
  415           if ((pattern == null) || (pattern.length() == 0))
  416               pattern = "/";
  417   
  418           // Check for exact match
  419           if (path.equals(pattern))
  420               return (true);
  421   
  422           // Check for path prefix matching
  423           if (pattern.startsWith("/") && pattern.endsWith("/*")) {
  424               pattern = pattern.substring(0, pattern.length() - 2);
  425               if (pattern.length() == 0)
  426                   return (true);  // "/*" is the same as "/"
  427               if (path.endsWith("/"))
  428                   path = path.substring(0, path.length() - 1);
  429               while (true) {
  430                   if (pattern.equals(path))
  431                       return (true);
  432                   int slash = path.lastIndexOf('/');
  433                   if (slash <= 0)
  434                       break;
  435                   path = path.substring(0, slash);
  436               }
  437               return (false);
  438           }
  439   
  440           // Check for suffix matching
  441           if (pattern.startsWith("*.")) {
  442               int slash = path.lastIndexOf('/');
  443               int period = path.lastIndexOf('.');
  444               if ((slash >= 0) && (period > slash) &&
  445                   path.endsWith(pattern.substring(1))) {
  446                   return (true);
  447               }
  448               return (false);
  449           }
  450   
  451           // Check for universal mapping
  452           if (pattern.equals("/"))
  453               return (true);
  454   
  455           return (false);
  456   
  457       }
  458   
  459   
  460   }

Home » apache-tomcat-6.0.26-src » org.apache » catalina » deploy » [javadoc | source]