001: /**
002: * JOnAS: Java(TM) Open Application Server
003: * Copyright (C) 2004 Bull S.A.
004: * Contact: jonas-team@objectweb.org
005: *
006: * This library is free software; you can redistribute it and/or
007: * modify it under the terms of the GNU Lesser General Public
008: * License as published by the Free Software Foundation; either
009: * version 2.1 of the License, or any later version.
010: *
011: * This library is distributed in the hope that it will be useful,
012: * but WITHOUT ANY WARRANTY; without even the implied warranty of
013: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
014: * Lesser General Public License for more details.
015: *
016: * You should have received a copy of the GNU Lesser General Public
017: * License along with this library; if not, write to the Free Software
018: * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
019: * USA
020: *
021: * Initial developer: Florent BENOIT
022: * --------------------------------------------------------------------------
023: * $Id: JPolicyConfiguration.java 5100 2004-07-08 13:45:47Z benoitf $
024: * --------------------------------------------------------------------------
025: */package org.objectweb.jonas_lib.security.jacc;
026:
027: import java.security.Permission;
028: import java.security.PermissionCollection;
029: import java.security.Permissions;
030: import java.security.Principal;
031: import java.security.SecurityPermission;
032: import java.util.Enumeration;
033: import java.util.HashMap;
034: import java.util.Map;
035:
036: import javax.security.jacc.PolicyConfiguration;
037: import javax.security.jacc.PolicyContextException;
038:
039: import org.objectweb.util.monolog.api.BasicLevel;
040: import org.objectweb.util.monolog.api.Logger;
041:
042: import org.objectweb.jonas_lib.I18n;
043:
044: import org.objectweb.common.TraceCore;
045:
046: /**
047: * Defines the PolicyConfiguration implementation class of JACC
048: * @author Florent Benoit
049: */
050: public class JPolicyConfiguration implements PolicyConfiguration {
051:
052: /**
053: * Number of states
054: */
055: private static final int NB_STATES = 3;
056:
057: /**
058: * Open state for the Policy Context Life Cycle
059: * Section 3.1.1.1
060: */
061: private static final int OPEN = 0;
062:
063: /**
064: * inService state for the Policy Context Life Cycle
065: * Section 3.1.1.1
066: */
067: private static final int IN_SERVICE = 1;
068:
069: /**
070: * Deleted state for the Policy Context Life Cycle
071: * Section 3.1.1.1
072: */
073: private static final int DELETED = 2;
074:
075: /**
076: * I18n
077: */
078: private static I18n i18n = I18n
079: .getInstance(JPolicyConfiguration.class);
080:
081: /**
082: * String representation of the states
083: */
084: private static String[] states = null;
085:
086: /**
087: * Current state
088: */
089: private int state;
090:
091: /**
092: * ContextID string which differentiate all instances
093: */
094: private String contextID = null;
095:
096: /**
097: * Logger
098: */
099: private static Logger logger = null;
100:
101: /**
102: * Excluded permissions
103: */
104: private PermissionCollection excludedPermissions = null;
105:
106: /**
107: * Unchecked permissions
108: */
109: private PermissionCollection uncheckedPermissions = null;
110:
111: /**
112: * Role permissions
113: */
114: private Map rolePermissions = null;
115:
116: /**
117: * Constructor of a new PolicyConfiguration object
118: * @param contextID Identifier of this PolicyConfiguration object
119: */
120: public JPolicyConfiguration(String contextID) {
121: this .contextID = contextID;
122:
123: // init logger
124: logger = TraceCore.sec;
125:
126: // init string representation
127: if (states == null) {
128: // 3 states
129: states = new String[NB_STATES];
130: states[OPEN] = i18n
131: .getMessage("JPolicyConfiguration.openState");
132: states[IN_SERVICE] = i18n
133: .getMessage("JPolicyConfiguration.inServiceState");
134: states[DELETED] = i18n
135: .getMessage("JPolicyConfiguration.deletedState");
136: }
137:
138: // initial state is open
139: resetState();
140:
141: // init permissions
142: excludedPermissions = new Permissions();
143: uncheckedPermissions = new Permissions();
144: rolePermissions = new HashMap();
145: }
146:
147: /**
148: * Used to add a single excluded policy statement to this PolicyConfiguration.
149: * @param permission the permission to be added to the excluded policy statements.
150: * @throws SecurityException if called by an AccessControlContext that has
151: * not been granted the "setPolicy" SecurityPermission.
152: * @throws UnsupportedOperationException if the state of the policy context whose
153: * interface is this PolicyConfiguration Object is "deleted" or "inService"
154: * when this method is called.
155: * @throws PolicyContextException if the implementation throws a checked exception
156: * that has not been accounted for by the addToExcludedPolicy method
157: * signature. The exception thrown by the implementation class will be
158: * encapsulated (during construction) in the thrown PolicyContextException.
159: */
160: public void addToExcludedPolicy(Permission permission)
161: throws PolicyContextException, SecurityException,
162: UnsupportedOperationException {
163:
164: if (logger.isLoggable(BasicLevel.DEBUG)) {
165: logger.log(BasicLevel.DEBUG, "Adding permission '"
166: + permission + "' as excluded policy.");
167: }
168:
169: // Section 3.3 - Check permissions
170: checkSetPolicy();
171:
172: // Open state required
173: checkCurrentStateIsInState(OPEN);
174:
175: // Add permission
176: if (permission != null) {
177: excludedPermissions.add(permission);
178: }
179:
180: }
181:
182: /**
183: * Used to add excluded policy statements to this PolicyConfiguration.
184: * @param permissions the collection of permissions to be added to the
185: * excluded policy statements. The collection may be either
186: * a homogenous or heterogenous collection.
187: * @throws SecurityException if called by an AccessControlContext that
188: * has not been granted the "setPolicy" SecurityPermission.
189: * @throws UnsupportedOperationException if the state of the policy
190: * context whose interface is this PolicyConfiguration Object
191: * is "deleted" or "inService" when this method is called.
192: * @throws PolicyContextException if the implementation throws a
193: * checked exception that has not been accounted for by
194: * the addToExcludedPolicy method signature. The exception
195: * thrown by the implementation class will be encapsulated
196: * (during construction) in the thrown PolicyContextException.
197: */
198: public void addToExcludedPolicy(PermissionCollection permissions)
199: throws PolicyContextException, SecurityException,
200: UnsupportedOperationException {
201:
202: if (logger.isLoggable(BasicLevel.DEBUG)) {
203: logger.log(BasicLevel.DEBUG, "Adding permissions '"
204: + permissions + "' as excluded policy.");
205: }
206:
207: // Section 3.3 - Check permissions
208: checkSetPolicy();
209:
210: // Open state required
211: checkCurrentStateIsInState(OPEN);
212:
213: // Add permissions
214: if (permissions != null) {
215: for (Enumeration e = permissions.elements(); e
216: .hasMoreElements();) {
217: excludedPermissions.add((Permission) e.nextElement());
218: }
219: }
220:
221: }
222:
223: /**
224: * Used to add a single permission to a named role in this PolicyConfiguration.
225: * @param roleName the name of the Role to which the permission is to be added.
226: * @param permission the permission to be added to the role.
227: * @throws SecurityException if called by an AccessControlContext that has not
228: * been granted the "setPolicy" SecurityPermission.
229: * @throws UnsupportedOperationException if the state of the policy context
230: * whose interface is this PolicyConfiguration Object is "deleted"
231: * or "inService" when this method is called.
232: * @throws PolicyContextException - if the implementation throws a checked exception
233: * that has not been accounted for by the addToRole method signature.
234: * The exception thrown by the implementation class will be encapsulated
235: * (during construction) in the thrown PolicyContextException.
236: */
237: public void addToRole(String roleName, Permission permission)
238: throws PolicyContextException, SecurityException,
239: UnsupportedOperationException {
240:
241: if (logger.isLoggable(BasicLevel.DEBUG)) {
242: logger.log(BasicLevel.DEBUG, "Adding permission '"
243: + permission + "' to role '" + roleName + "'.");
244: }
245:
246: // Section 3.3 - Check permissions
247: checkSetPolicy();
248:
249: // Open state required
250: checkCurrentStateIsInState(OPEN);
251:
252: // Fail if roleName is null
253: if (roleName == null) {
254: throw new PolicyContextException(i18n
255: .getMessage("JPolicyConfiguration.addToRole"));
256: }
257:
258: // Break if permission is null
259: if (permission == null) {
260: return;
261: }
262: PermissionCollection permissionsOfRole = (PermissionCollection) rolePermissions
263: .get(roleName);
264:
265: //create permission object if no previous permission for the given role
266: if (permissionsOfRole == null) {
267: permissionsOfRole = new Permissions();
268: }
269: permissionsOfRole.add(permission);
270:
271: // add to the list
272: rolePermissions.put(roleName, permissionsOfRole);
273:
274: }
275:
276: /**
277: * Used to add permissions to a named role in this PolicyConfiguration.
278: * @param roleName the name of the Role to which the permissions are to be added.
279: * @param permissions the collection of permissions to be added to the role.
280: * The collection may be either a homogenous or heterogenous collection.
281: * @throws SecurityException if called by an AccessControlContext that has
282: * not been granted the "setPolicy" SecurityPermission.
283: * @throws UnsupportedOperationException if the state of the policy context whose
284: * interface is this PolicyConfiguration Object is "deleted" or
285: * inService" when this method is called.
286: * @throws PolicyContextException - if the implementation throws a checked exception
287: * that has not been accounted for by the addToRole method signature.
288: * The exception thrown by the implementation class will be encapsulated
289: * (during construction) in the thrown PolicyContextException.
290: */
291: public void addToRole(String roleName,
292: PermissionCollection permissions)
293: throws PolicyContextException, SecurityException,
294: UnsupportedOperationException {
295:
296: if (logger.isLoggable(BasicLevel.DEBUG)) {
297: logger.log(BasicLevel.DEBUG, "Adding permissions '"
298: + permissions + "' to role '" + roleName + "'.");
299: }
300:
301: // Section 3.3 - Check permissions
302: checkSetPolicy();
303:
304: // Open state required
305: checkCurrentStateIsInState(OPEN);
306:
307: // Fail if roleName is null
308: if (roleName == null) {
309: throw new PolicyContextException(i18n
310: .getMessage("JPolicyConfiguration.addToRole"));
311: }
312:
313: // Break if permission is null
314: if (permissions == null) {
315: return;
316: }
317: PermissionCollection permissionsOfRole = (PermissionCollection) rolePermissions
318: .get(roleName);
319:
320: //create permission object if no previous permission for the given role
321: if (permissionsOfRole == null) {
322: permissionsOfRole = new Permissions();
323: }
324:
325: for (Enumeration e = permissions.elements(); e
326: .hasMoreElements();) {
327: permissionsOfRole.add((Permission) e.nextElement());
328: }
329:
330: // add to the list
331: rolePermissions.put(roleName, permissionsOfRole);
332:
333: }
334:
335: /**
336: * Used to add a single unchecked policy statement to this PolicyConfiguration.
337: * @param permission the permission to be added to the unchecked policy statements.
338: * @throws SecurityException if called by an AccessControlContext that has not
339: * been granted the "setPolicy" SecurityPermission.
340: * @throws UnsupportedOperationException if the state of the policy context whose
341: * interface is this PolicyConfiguration Object is "deleted" or
342: * "inService" when this method is called.
343: * @throws PolicyContextException if the implementation throws a checked exception
344: * that has not been accounted for by the addToUncheckedPolicy method
345: * signature. The exception thrown by the implementation class will be
346: * encapsulated (during construction) in the thrown PolicyContextException.
347: */
348: public void addToUncheckedPolicy(Permission permission)
349: throws PolicyContextException, SecurityException,
350: UnsupportedOperationException {
351:
352: if (logger.isLoggable(BasicLevel.DEBUG)) {
353: logger.log(BasicLevel.DEBUG, "Adding permission '"
354: + permission + "' as unchecked policy.");
355: }
356:
357: // Section 3.3 - Check permissions
358: checkSetPolicy();
359:
360: // Open state required
361: checkCurrentStateIsInState(OPEN);
362:
363: // Add permission
364: if (permission != null) {
365: uncheckedPermissions.add(permission);
366: }
367:
368: }
369:
370: /**
371: * Used to add unchecked policy statements to this PolicyConfiguration.
372: * @param permissions the collection of permissions to be added as
373: * unchecked policy statements. The collection may be either a
374: * homogenous or heterogenous collection.
375: * @throws SecurityException if called by an AccessControlContext that
376: * has not been granted the "setPolicy" SecurityPermission.
377: * @throws UnsupportedOperationException if the state of the policy
378: * context whose interface is this PolicyConfiguration Object
379: * is "deleted" or "inService" when this method is called.
380: * @throws PolicyContextException if the implementation throws a checked
381: * exception that has not been accounted for by the
382: * addToUncheckedPolicy method signature. The exception thrown by
383: * the implementation class will be encapsulated (during construction)
384: * in the thrown PolicyContextException.
385: */
386: public void addToUncheckedPolicy(PermissionCollection permissions)
387: throws PolicyContextException, SecurityException,
388: UnsupportedOperationException {
389:
390: if (logger.isLoggable(BasicLevel.DEBUG)) {
391: logger.log(BasicLevel.DEBUG, "Adding permissions '"
392: + permissions + "' as unchecked policy.");
393: }
394:
395: // Section 3.3 - Check permissions
396: checkSetPolicy();
397:
398: // Open state required
399: checkCurrentStateIsInState(OPEN);
400:
401: // Add permissions
402: if (permissions != null) {
403: for (Enumeration e = permissions.elements(); e
404: .hasMoreElements();) {
405: uncheckedPermissions.add((Permission) e.nextElement());
406: }
407: }
408:
409: }
410:
411: /**
412: * This method is used to set to "inService" the state of the policy
413: * context whose interface is this PolicyConfiguration Object.
414: * Only those policy contexts whose state is "inService" will be included
415: * in the policy contexts processed by the Policy.refresh method. A policy
416: * context whose state is "inService" may be returned to the "open" state
417: * by calling the getPolicyConfiguration method of the PolicyConfiguration
418: * factory with the policy context identifier of the policy context.
419: * When the state of a policy context is "inService", calling any method
420: * other than commit, delete, getContextID, or inService on its
421: * PolicyConfiguration Object will cause an UnsupportedOperationException
422: * to be thrown.
423: * @throws SecurityException if called by an AccessControlContext that has
424: * not been granted the "setPolicy" SecurityPermission.
425: * @throws UnsupportedOperationException if the state of the policy context
426: * whose interface is this PolicyConfiguration Object is "deleted"
427: * when this method is called.
428: * @throws PolicyContextException if the implementation throws a checked
429: * exception that has not been accounted for by the commit method
430: * signature. The exception thrown by the implementation class
431: * will be encapsulated (during construction) in the thrown
432: * PolicyContextException.
433: */
434: public void commit() throws PolicyContextException,
435: SecurityException, UnsupportedOperationException {
436:
437: // Section 3.3 - Check permissions
438: checkSetPolicy();
439:
440: // Deleted state refused
441: checkCurrentStateNotInState(DELETED);
442:
443: // Now state is in service
444: state = IN_SERVICE;
445:
446: // add the configuration of this object
447: JPolicyConfigurationKeeper.addConfiguration(this );
448: }
449:
450: /**
451: * Causes all policy statements to be deleted from this PolicyConfiguration
452: * and sets its internal state such that calling any method, other than delete,
453: * getContextID, or inService on the PolicyConfiguration will be rejected and
454: * cause an UnsupportedOperationException to be thrown.
455: * This operation has no affect on any linked PolicyConfigurations other than
456: * removing any links involving the deleted PolicyConfiguration.
457: * @throws SecurityException if called by an AccessControlContext that has
458: * not been granted the "setPolicy" SecurityPermission.
459: * @throws PolicyContextException if the implementation throws a checked
460: * exception that has not been accounted for by the delete method
461: * signature. The exception thrown by the implementation class will
462: * be encapsulated (during construction) in the thrown
463: * PolicyContextException.
464: */
465: public void delete() throws PolicyContextException,
466: SecurityException {
467:
468: // Section 3.3 - Check permissions
469: checkSetPolicy();
470:
471: // all policy statements are deleted
472: excludedPermissions = new Permissions();
473: uncheckedPermissions = new Permissions();
474: rolePermissions = new HashMap();
475:
476: // change state to DELETED
477: state = DELETED;
478:
479: // remove the configuration of this object
480: JPolicyConfigurationKeeper.removeConfiguration(this );
481:
482: }
483:
484: /**
485: * This method returns this object's policy context identifier.
486: * @return this object's policy context identifier.
487: * @throws SecurityException if called by an AccessControlContext
488: * that has not been granted the "setPolicy" SecurityPermission.
489: * @throws PolicyContextException if the implementation throws a checked
490: * exception that has not been accounted for by the getContextID
491: * method signature. The exception thrown by the implementation
492: * class will be encapsulated (during construction) in the
493: * thrown PolicyContextException.
494: */
495: public String getContextID() throws PolicyContextException,
496: SecurityException {
497:
498: // Section 3.3 - Check permissions
499: checkSetPolicy();
500:
501: return contextID;
502: }
503:
504: /**
505: * This method is used to determine if the policy context whose interface
506: * is this PolicyConfiguration Object is in the "inService" state.
507: * @return true if the state of the associated policy context is
508: * "inService"; false otherwise.
509: * @throws SecurityException if called by an AccessControlContext that
510: * has not been granted the "setPolicy" SecurityPermission.
511: * @throws PolicyContextException if the implementation throws a checked
512: * exception that has not been accounted for by the inService
513: * method signature. The exception thrown by the implementation
514: * class will be encapsulated (during construction) in the thrown
515: * PolicyContextException.
516: */
517: public boolean inService() throws PolicyContextException,
518: SecurityException {
519:
520: // Section 3.3 - Check permissions
521: checkSetPolicy();
522:
523: return (state == IN_SERVICE);
524: }
525:
526: /**
527: * Creates a relationship between this configuration and another such that
528: * they share the same principal-to-role mappings.
529: * PolicyConfigurations are linked to apply a common principal-to-role
530: * mapping to multiple seperately manageable PolicyConfigurations,
531: * as is required when an application is composed of multiple modules.
532: * Note that the policy statements which comprise a role, or comprise
533: * the excluded or unchecked policy collections in a PolicyConfiguration
534: * are unaffected by the configuration being linked to another.
535: * @param link a reference to a different PolicyConfiguration than this
536: * PolicyConfiguration. The relationship formed by this method is
537: * symetric, transitive and idempotent. If the argument
538: * PolicyConfiguration does not have a different Policy context
539: * identifier than this PolicyConfiguration no relationship is
540: * formed, and an exception, as described below, is thrown.
541: * @throws SecurityException if called by an AccessControlContext that
542: * has not been granted the "setPolicy" SecurityPermission.
543: * @throws UnsupportedOperationException if the state of the policy context
544: * whose interface is this PolicyConfiguration Object is "deleted"
545: * or "inService" when this method is called.
546: * @throws IllegalArgumentException if called with an argument
547: * PolicyConfiguration whose Policy context is equivalent
548: * to that of this PolicyConfiguration.
549: * @throws PolicyContextException if the implementation throws a checked
550: * exception that has not been accounted for by the linkConfiguration
551: * method signature. The exception thrown by the implementation
552: * class will be encapsulated (during construction) in the
553: * thrown PolicyContextException.
554:
555: */
556: public void linkConfiguration(PolicyConfiguration link)
557: throws IllegalArgumentException, PolicyContextException,
558: SecurityException, UnsupportedOperationException {
559:
560: // Section 3.3 - Check permissions
561: checkSetPolicy();
562:
563: // Open state required
564: checkCurrentStateIsInState(OPEN);
565:
566: // Equivalent to this PolicyConfiguration object ?
567: if (this .equals(link)) {
568: throw new IllegalArgumentException(
569: i18n
570: .getMessage(
571: "JPolicyConfiguration.linkConfiguration.equivalent",
572: this , link));
573: }
574:
575: //TODO : link objects together.
576:
577: }
578:
579: /**
580: * Used to remove any excluded policy statements from this PolicyConfiguration.
581: * @throws SecurityException if called by an AccessControlContext that
582: * has not been granted the "setPolicy" SecurityPermission.
583: * @throws UnsupportedOperationException if the state of the policy context
584: * whose interface is this PolicyConfiguration Object is "deleted"
585: * or "inService" when this method is called.
586: * @throws PolicyContextException if the implementation throws a checked
587: * exception that has not been accounted for by the
588: * removeExcludedPolicy method signature. The exception thrown
589: * by the implementation class will be encapsulated
590: * (during construction) in the thrown PolicyContextException.
591: */
592: public void removeExcludedPolicy() throws PolicyContextException,
593: SecurityException, UnsupportedOperationException {
594:
595: // Section 3.3 - Check permissions
596: checkSetPolicy();
597:
598: // Open state required
599: checkCurrentStateIsInState(OPEN);
600:
601: // reinit
602: excludedPermissions = new Permissions();
603: }
604:
605: /**
606: * Used to remove a role and all its permissions from this PolicyConfiguration.
607: * @param roleName the name of the Role to remove from this PolicyConfiguration.
608: * @throws SecurityException if called by an AccessControlContext that has not
609: * been granted the "setPolicy" SecurityPermission.
610: * @throws UnsupportedOperationException if the state of the policy context whose
611: * interface is this PolicyConfiguration Object is "deleted" or "inService"
612: * when this method is called.
613: * @throws PolicyContextException if the implementation throws a checked exception
614: * that has not been accounted for by the removeRole method signature.
615: * The exception thrown by the implementation class will be encapsulated
616: * (during construction) in the thrown PolicyContextException.
617: */
618: public void removeRole(String roleName)
619: throws PolicyContextException, SecurityException,
620: UnsupportedOperationException {
621:
622: // Section 3.3 - Check permissions
623: checkSetPolicy();
624:
625: // Open state required
626: checkCurrentStateIsInState(OPEN);
627:
628: // Remove role permissions
629: rolePermissions.remove(roleName);
630: }
631:
632: /**
633: * Used to remove any unchecked policy statements from this PolicyConfiguration.
634: * @throws SecurityException if called by an AccessControlContext that has not
635: * been granted the "setPolicy" SecurityPermission.
636: * @throws UnsupportedOperationException if the state of the policy context
637: * whose interface is this PolicyConfiguration Object is "deleted" or
638: * "inService" when this method is called.
639: * @throws PolicyContextException if the implementation throws a checked
640: * exception that has not been accounted for by the removeUncheckedPolicy
641: * method signature. The exception thrown by the implementation
642: * class will be encapsulated (during construction) in the thrown
643: * PolicyContextException.
644: */
645: public void removeUncheckedPolicy() throws PolicyContextException,
646: SecurityException, UnsupportedOperationException {
647:
648: // Section 3.3 - Check permissions
649: checkSetPolicy();
650:
651: // Open state required
652: checkCurrentStateIsInState(OPEN);
653:
654: // Remove unckecked policy
655: uncheckedPermissions = new Permissions();
656: }
657:
658: /**
659: * Check if the current state is not the given state
660: * Authorized states are described in javadoc of PolicyConfiguration class
661: * @param s given state
662: * @throws UnsupportedOperationException if the state is not the given state
663: */
664: private void checkCurrentStateNotInState(int s)
665: throws UnsupportedOperationException {
666: if (this .state == s) {
667: String err = i18n
668: .getMessage(
669: "JPolicyConfiguration.checkCurrentStateNotInState.notValidState",
670: states[s], states[state]);
671: throw new UnsupportedOperationException(err);
672: }
673: }
674:
675: /**
676: * Check if the current state is in the given state
677: * Authorized states are described in javadoc of PolicyConfiguration class
678: * @param s given state
679: * @throws UnsupportedOperationException if the state is not in a valid state
680: */
681: private void checkCurrentStateIsInState(int s)
682: throws UnsupportedOperationException {
683: if (this .state != s) {
684: String err = i18n
685: .getMessage(
686: "JPolicyConfiguration.checkCurrentStateNotInState.notValidState",
687: states[state], states[s]);
688: throw new UnsupportedOperationException(err);
689: }
690: }
691:
692: /**
693: * Method which check setPolicy access
694: * Section 3.3 : all public methods must throw a SecurityException
695: * when called by an AccessControlContext that has
696: * not been granted the "setPolicy" SecurityPermission
697: * @throws SecurityException when called by an AccessControlContext that
698: * has not been granted the "setPolicy" SecurityPermission.
699: */
700: private void checkSetPolicy() throws SecurityException {
701: SecurityManager securityManager = System.getSecurityManager();
702: if (securityManager != null) {
703: securityManager.checkPermission(new SecurityPermission(
704: "setPolicy"));
705: }
706: }
707:
708: /**
709: * Indicates whether some other object is "equal to" this one.
710: * @param obj the reference object with which to compare.
711: * @return true if this object is the same as the obj argument;
712: * false otherwise.
713: */
714: public boolean equals(Object obj) {
715: if (!(obj instanceof PolicyConfiguration)) {
716: if (logger.isLoggable(BasicLevel.ERROR)) {
717: logger
718: .log(
719: BasicLevel.ERROR,
720: i18n
721: .getMessage("JPolicyConfiguration.equals.notInstanceOf"));
722: }
723: return false;
724: } else {
725: try {
726: return (this .contextID == ((PolicyConfiguration) obj)
727: .getContextID());
728: } catch (PolicyContextException pce) {
729: if (logger.isLoggable(BasicLevel.ERROR)) {
730: logger.log(BasicLevel.ERROR, i18n.getMessage(
731: "JPolicyConfiguration.equals.canNotCheck",
732: pce.getMessage()));
733: }
734: return false;
735: }
736: }
737: }
738:
739: /**
740: * Gets a hash code value for the object.
741: * @return a hash code value for this object.
742: */
743: public int hashCode() {
744: return contextID.hashCode();
745: }
746:
747: /**
748: * Reset to OPEN state (Used by PolicyConfigurationFactory)
749: */
750: protected void resetState() {
751: this .state = OPEN;
752: }
753:
754: /**
755: * Gets the excluded permission
756: * @return the excluded permission
757: */
758: public PermissionCollection getExcludedPermissions() {
759: // Works only if state is in service
760: if (state != IN_SERVICE) {
761: return new Permissions();
762: } else {
763: return excludedPermissions;
764: }
765: }
766:
767: /**
768: * Gets the excluded permission
769: * @return the excluded permission
770: */
771: public PermissionCollection getUncheckedPermissions() {
772: // Works only if state is in service
773: if (state != IN_SERVICE) {
774: return new Permissions();
775: } else {
776: return uncheckedPermissions;
777: }
778: }
779:
780: /**
781: * Gets the permissions for a given principal
782: * @param principal given principal
783: * @return the permissions for a given principal
784: */
785: public PermissionCollection getPermissionsForPrincipal(
786: Principal principal) {
787:
788: if (logger.isLoggable(BasicLevel.DEBUG)) {
789: logger.log(BasicLevel.DEBUG, "principal = " + principal);
790: }
791:
792: // Works only if state is in service and if principal is not null
793: if (principal == null || state != IN_SERVICE) {
794: return new Permissions();
795: }
796:
797: PermissionCollection permissionsOfRole = (PermissionCollection) rolePermissions
798: .get(principal.getName());
799:
800: if (logger.isLoggable(BasicLevel.DEBUG)) {
801: logger.log(BasicLevel.DEBUG, "Permissions found = "
802: + permissionsOfRole);
803: }
804:
805: //create permission object if no previous permission for the given role
806: if (permissionsOfRole == null) {
807: permissionsOfRole = new Permissions();
808: }
809:
810: return permissionsOfRole;
811: }
812:
813: }
|