1 // ========================================================================
2 // Copyright 200-2004 Mort Bay Consulting Pty. Ltd.
3 // ------------------------------------------------------------------------
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 // http://www.apache.org/licenses/LICENSE-2.0
8 // Unless required by applicable law or agreed to in writing, software
9 // distributed under the License is distributed on an "AS IS" BASIS,
10 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 // See the License for the specific language governing permissions and
12 // limitations under the License.
13 // ========================================================================
14
15 package org.mortbay.jetty.security;
16
17 import java.io.Serializable;
18 import java.util.Arrays;
19
20
21 /* ------------------------------------------------------------ */
22 /** Describe an auth and/or data constraint.
23 *
24 * @author Greg Wilkins (gregw)
25 */
26 public class Constraint implements Cloneable, Serializable
27 {
28 /* ------------------------------------------------------------ */
29 public final static String __BASIC_AUTH= "BASIC";
30 public final static String __FORM_AUTH= "FORM";
31 public final static String __DIGEST_AUTH= "DIGEST";
32 public final static String __CERT_AUTH= "CLIENT_CERT";
33 public final static String __CERT_AUTH2= "CLIENT-CERT";
34
35 /* ------------------------------------------------------------ */
36 public final static int DC_UNSET= -1, DC_NONE= 0, DC_INTEGRAL= 1, DC_CONFIDENTIAL= 2;
37
38 /* ------------------------------------------------------------ */
39 public final static String NONE= "NONE";
40 public final static String ANY_ROLE= "*";
41
42 /* ------------------------------------------------------------ */
43 private String _name;
44 private String[] _roles;
45 private int _dataConstraint= DC_UNSET;
46 private boolean _anyRole= false;
47 private boolean _authenticate= false;
48
49 /* ------------------------------------------------------------ */
50 /** Constructor.
51 */
52 public Constraint()
53 {}
54
55 /* ------------------------------------------------------------ */
56 /** Conveniance Constructor.
57 * @param name
58 * @param role
59 */
60 public Constraint(String name, String role)
61 {
62 setName(name);
63 setRoles(new String[]{role});
64 }
65
66 /* ------------------------------------------------------------ */
67 public Object clone() throws CloneNotSupportedException
68 {
69 return super.clone();
70 }
71
72 /* ------------------------------------------------------------ */
73 /**
74 * @param name
75 */
76 public void setName(String name)
77 {
78 _name= name;
79 }
80
81 /* ------------------------------------------------------------ */
82 public void setRoles(String[] roles)
83 {
84 _roles=roles;
85 _anyRole=false;
86 if (roles!=null)
87 for (int i=roles.length;!_anyRole&& i-->0;)
88 _anyRole=ANY_ROLE.equals(roles[i]);
89 }
90
91 /* ------------------------------------------------------------ */
92 /**
93 * @return True if any user role is permitted.
94 */
95 public boolean isAnyRole()
96 {
97 return _anyRole;
98 }
99
100 /* ------------------------------------------------------------ */
101 /**
102 * @return List of roles for this constraint.
103 */
104 public String[] getRoles()
105 {
106 return _roles;
107 }
108
109 /* ------------------------------------------------------------ */
110 /**
111 * @param role
112 * @return True if the constraint contains the role.
113 */
114 public boolean hasRole(String role)
115 {
116 if (_anyRole)
117 return true;
118 if (_roles!=null)
119 for (int i=_roles.length;i-->0;)
120 if (role.equals(_roles[i]))
121 return true;
122 return false;
123 }
124
125 /* ------------------------------------------------------------ */
126 /**
127 * @param authenticate True if users must be authenticated
128 */
129 public void setAuthenticate(boolean authenticate)
130 {
131 _authenticate= authenticate;
132 }
133
134 /* ------------------------------------------------------------ */
135 /**
136 * @return True if the constraint requires request authentication
137 */
138 public boolean getAuthenticate()
139 {
140 return _authenticate;
141 }
142
143 /* ------------------------------------------------------------ */
144 /**
145 * @return True if authentication required but no roles set
146 */
147 public boolean isForbidden()
148 {
149 return _authenticate && !_anyRole && (_roles==null || _roles.length == 0);
150 }
151
152 /* ------------------------------------------------------------ */
153 /**
154 * @param c Data constrain indicator: 0=DC+NONE, 1=DC_INTEGRAL & 2=DC_CONFIDENTIAL
155 */
156 public void setDataConstraint(int c)
157 {
158 if (c < 0 || c > DC_CONFIDENTIAL)
159 throw new IllegalArgumentException("Constraint out of range");
160 _dataConstraint= c;
161 }
162
163 /* ------------------------------------------------------------ */
164 /**
165 * @return Data constrain indicator: 0=DC+NONE, 1=DC_INTEGRAL & 2=DC_CONFIDENTIAL
166 */
167 public int getDataConstraint()
168 {
169 return _dataConstraint;
170 }
171
172 /* ------------------------------------------------------------ */
173 /**
174 * @return True if a data constraint has been set.
175 */
176 public boolean hasDataConstraint()
177 {
178 return _dataConstraint >= DC_NONE;
179 }
180
181 /* ------------------------------------------------------------ */
182 public String toString()
183 {
184 return "SC{"
185 + _name
186 + ","
187 + (_anyRole ? "*" : (_roles == null ? "-" : Arrays.asList(_roles).toString()))
188 + ","
189 + (_dataConstraint == DC_UNSET ? "DC_UNSET}":
190 (_dataConstraint == DC_NONE
191 ? "NONE}"
192 : (_dataConstraint == DC_INTEGRAL ? "INTEGRAL}" : "CONFIDENTIAL}")));
193 }
194
195
196 }