1 // ======================================================================== 2 // Copyright 200-2004 Mort Bay Consulting Pty. Ltd. 3 // ------------------------------------------------------------------------ 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // Unless required by applicable law or agreed to in writing, software 9 // distributed under the License is distributed on an "AS IS" BASIS, 10 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 // See the License for the specific language governing permissions and 12 // limitations under the License. 13 // ======================================================================== 14 15 package org.mortbay.jetty.security; 16 17 import java.io.Serializable; 18 import java.util.Arrays; 19 20 21 /* ------------------------------------------------------------ */ 22 /** Describe an auth and/or data constraint. 23 * 24 * @author Greg Wilkins (gregw) 25 */ 26 public class Constraint implements Cloneable, Serializable 27 { 28 /* ------------------------------------------------------------ */ 29 public final static String __BASIC_AUTH= "BASIC"; 30 public final static String __FORM_AUTH= "FORM"; 31 public final static String __DIGEST_AUTH= "DIGEST"; 32 public final static String __CERT_AUTH= "CLIENT_CERT"; 33 public final static String __CERT_AUTH2= "CLIENT-CERT"; 34 35 /* ------------------------------------------------------------ */ 36 public final static int DC_UNSET= -1, DC_NONE= 0, DC_INTEGRAL= 1, DC_CONFIDENTIAL= 2; 37 38 /* ------------------------------------------------------------ */ 39 public final static String NONE= "NONE"; 40 public final static String ANY_ROLE= "*"; 41 42 /* ------------------------------------------------------------ */ 43 private String _name; 44 private String[] _roles; 45 private int _dataConstraint= DC_UNSET; 46 private boolean _anyRole= false; 47 private boolean _authenticate= false; 48 49 /* ------------------------------------------------------------ */ 50 /** Constructor. 51 */ 52 public Constraint() 53 {} 54 55 /* ------------------------------------------------------------ */ 56 /** Conveniance Constructor. 57 * @param name 58 * @param role 59 */ 60 public Constraint(String name, String role) 61 { 62 setName(name); 63 setRoles(new String[]{role}); 64 } 65 66 /* ------------------------------------------------------------ */ 67 public Object clone() throws CloneNotSupportedException 68 { 69 return super.clone(); 70 } 71 72 /* ------------------------------------------------------------ */ 73 /** 74 * @param name 75 */ 76 public void setName(String name) 77 { 78 _name= name; 79 } 80 81 /* ------------------------------------------------------------ */ 82 public void setRoles(String[] roles) 83 { 84 _roles=roles; 85 _anyRole=false; 86 if (roles!=null) 87 for (int i=roles.length;!_anyRole&& i-->0;) 88 _anyRole=ANY_ROLE.equals(roles[i]); 89 } 90 91 /* ------------------------------------------------------------ */ 92 /** 93 * @return True if any user role is permitted. 94 */ 95 public boolean isAnyRole() 96 { 97 return _anyRole; 98 } 99 100 /* ------------------------------------------------------------ */ 101 /** 102 * @return List of roles for this constraint. 103 */ 104 public String[] getRoles() 105 { 106 return _roles; 107 } 108 109 /* ------------------------------------------------------------ */ 110 /** 111 * @param role 112 * @return True if the constraint contains the role. 113 */ 114 public boolean hasRole(String role) 115 { 116 if (_anyRole) 117 return true; 118 if (_roles!=null) 119 for (int i=_roles.length;i-->0;) 120 if (role.equals(_roles[i])) 121 return true; 122 return false; 123 } 124 125 /* ------------------------------------------------------------ */ 126 /** 127 * @param authenticate True if users must be authenticated 128 */ 129 public void setAuthenticate(boolean authenticate) 130 { 131 _authenticate= authenticate; 132 } 133 134 /* ------------------------------------------------------------ */ 135 /** 136 * @return True if the constraint requires request authentication 137 */ 138 public boolean getAuthenticate() 139 { 140 return _authenticate; 141 } 142 143 /* ------------------------------------------------------------ */ 144 /** 145 * @return True if authentication required but no roles set 146 */ 147 public boolean isForbidden() 148 { 149 return _authenticate && !_anyRole && (_roles==null || _roles.length == 0); 150 } 151 152 /* ------------------------------------------------------------ */ 153 /** 154 * @param c Data constrain indicator: 0=DC+NONE, 1=DC_INTEGRAL & 2=DC_CONFIDENTIAL 155 */ 156 public void setDataConstraint(int c) 157 { 158 if (c < 0 || c > DC_CONFIDENTIAL) 159 throw new IllegalArgumentException("Constraint out of range"); 160 _dataConstraint= c; 161 } 162 163 /* ------------------------------------------------------------ */ 164 /** 165 * @return Data constrain indicator: 0=DC+NONE, 1=DC_INTEGRAL & 2=DC_CONFIDENTIAL 166 */ 167 public int getDataConstraint() 168 { 169 return _dataConstraint; 170 } 171 172 /* ------------------------------------------------------------ */ 173 /** 174 * @return True if a data constraint has been set. 175 */ 176 public boolean hasDataConstraint() 177 { 178 return _dataConstraint >= DC_NONE; 179 } 180 181 /* ------------------------------------------------------------ */ 182 public String toString() 183 { 184 return "SC{" 185 + _name 186 + "," 187 + (_anyRole ? "*" : (_roles == null ? "-" : Arrays.asList(_roles).toString())) 188 + "," 189 + (_dataConstraint == DC_UNSET ? "DC_UNSET}": 190 (_dataConstraint == DC_NONE 191 ? "NONE}" 192 : (_dataConstraint == DC_INTEGRAL ? "INTEGRAL}" : "CONFIDENTIAL}"))); 193 } 194 195 196 }