1 // ======================================================================== 2 // Copyright 200-2004 Mort Bay Consulting Pty. Ltd. 3 // ------------------------------------------------------------------------ 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // Unless required by applicable law or agreed to in writing, software 9 // distributed under the License is distributed on an "AS IS" BASIS, 10 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 // See the License for the specific language governing permissions and 12 // limitations under the License. 13 // ======================================================================== 14 15 package org.mortbay.jetty.security; 16 17 import java.io.Serializable; 18 19 20 /* ------------------------------------------------------------ */ 21 /** Describe an auth and/or data constraint. 22 * 23 * @author Greg Wilkins (gregw) 24 */ 25 public class Constraint implements Cloneable, Serializable 26 { 27 /* ------------------------------------------------------------ */ 28 public final static String __BASIC_AUTH= "BASIC"; 29 public final static String __FORM_AUTH= "FORM"; 30 public final static String __DIGEST_AUTH= "DIGEST"; 31 public final static String __CERT_AUTH= "CLIENT_CERT"; 32 public final static String __CERT_AUTH2= "CLIENT-CERT"; 33 34 /* ------------------------------------------------------------ */ 35 public final static int DC_UNSET= -1, DC_NONE= 0, DC_INTEGRAL= 1, DC_CONFIDENTIAL= 2; 36 37 /* ------------------------------------------------------------ */ 38 public final static String NONE= "NONE"; 39 public final static String ANY_ROLE= "*"; 40 41 /* ------------------------------------------------------------ */ 42 private String _name; 43 private String[] _roles; 44 private int _dataConstraint= DC_UNSET; 45 private boolean _anyRole= false; 46 private boolean _authenticate= false; 47 48 /* ------------------------------------------------------------ */ 49 /** Constructor. 50 */ 51 public Constraint() 52 {} 53 54 /* ------------------------------------------------------------ */ 55 /** Conveniance Constructor. 56 * @param name 57 * @param role 58 */ 59 public Constraint(String name, String role) 60 { 61 setName(name); 62 setRoles(new String[]{role}); 63 } 64 65 /* ------------------------------------------------------------ */ 66 public Object clone() throws CloneNotSupportedException 67 { 68 return super.clone(); 69 } 70 71 /* ------------------------------------------------------------ */ 72 /** 73 * @param name 74 */ 75 public void setName(String name) 76 { 77 _name= name; 78 } 79 80 /* ------------------------------------------------------------ */ 81 public void setRoles(String[] roles) 82 { 83 _roles=roles; 84 _anyRole=false; 85 if (roles!=null) 86 for (int i=roles.length;!_anyRole&& i-->0;) 87 _anyRole=ANY_ROLE.equals(roles[i]); 88 } 89 90 /* ------------------------------------------------------------ */ 91 /** 92 * @return True if any user role is permitted. 93 */ 94 public boolean isAnyRole() 95 { 96 return _anyRole; 97 } 98 99 /* ------------------------------------------------------------ */ 100 /** 101 * @return List of roles for this constraint. 102 */ 103 public String[] getRoles() 104 { 105 return _roles; 106 } 107 108 /* ------------------------------------------------------------ */ 109 /** 110 * @param role 111 * @return True if the constraint contains the role. 112 */ 113 public boolean hasRole(String role) 114 { 115 if (_anyRole) 116 return true; 117 if (_roles!=null) 118 for (int i=_roles.length;i-->0;) 119 if (role.equals(_roles[i])) 120 return true; 121 return false; 122 } 123 124 /* ------------------------------------------------------------ */ 125 /** 126 * @param authenticate True if users must be authenticated 127 */ 128 public void setAuthenticate(boolean authenticate) 129 { 130 _authenticate= authenticate; 131 } 132 133 /* ------------------------------------------------------------ */ 134 /** 135 * @return True if the constraint requires request authentication 136 */ 137 public boolean getAuthenticate() 138 { 139 return _authenticate; 140 } 141 142 /* ------------------------------------------------------------ */ 143 /** 144 * @return True if authentication required but no roles set 145 */ 146 public boolean isForbidden() 147 { 148 return _authenticate && !_anyRole && (_roles==null || _roles.length == 0); 149 } 150 151 /* ------------------------------------------------------------ */ 152 /** 153 * @param c Data constrain indicator: 0=DC+NONE, 1=DC_INTEGRAL & 2=DC_CONFIDENTIAL 154 */ 155 public void setDataConstraint(int c) 156 { 157 if (c < 0 || c > DC_CONFIDENTIAL) 158 throw new IllegalArgumentException("Constraint out of range"); 159 _dataConstraint= c; 160 } 161 162 /* ------------------------------------------------------------ */ 163 /** 164 * @return Data constrain indicator: 0=DC+NONE, 1=DC_INTEGRAL & 2=DC_CONFIDENTIAL 165 */ 166 public int getDataConstraint() 167 { 168 return _dataConstraint; 169 } 170 171 /* ------------------------------------------------------------ */ 172 /** 173 * @return True if a data constraint has been set. 174 */ 175 public boolean hasDataConstraint() 176 { 177 return _dataConstraint >= DC_NONE; 178 } 179 180 /* ------------------------------------------------------------ */ 181 public String toString() 182 { 183 return "SC{" 184 + _name 185 + "," 186 + (_anyRole ? "*" : (_roles == null ? "-" : _roles.toString())) 187 + "," 188 + (_dataConstraint == DC_UNSET ? "DC_UNSET}": 189 (_dataConstraint == DC_NONE 190 ? "NONE}" 191 : (_dataConstraint == DC_INTEGRAL ? "INTEGRAL}" : "CONFIDENTIAL}"))); 192 } 193 194 195 }