001: /**
002: * EasyBeans
003: * Copyright (C) 2006 Bull S.A.S.
004: * Contact: easybeans@ow2.org
005: *
006: * This library is free software; you can redistribute it and/or
007: * modify it under the terms of the GNU Lesser General Public
008: * License as published by the Free Software Foundation; either
009: * version 2.1 of the License, or any later version.
010: *
011: * This library is distributed in the hope that it will be useful,
012: * but WITHOUT ANY WARRANTY; without even the implied warranty of
013: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
014: * Lesser General Public License for more details.
015: *
016: * You should have received a copy of the GNU Lesser General Public
017: * License along with this library; if not, write to the Free Software
018: * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
019: * USA
020: *
021: * --------------------------------------------------------------------------
022: * $Id: JPolicyConfiguration.java 1970 2007-10-16 11:49:25Z benoitf $
023: * --------------------------------------------------------------------------
024: */package org.ow2.easybeans.security.jacc.provider;
025:
026: import java.security.Permission;
027: import java.security.PermissionCollection;
028: import java.security.Permissions;
029: import java.security.Principal;
030: import java.security.SecurityPermission;
031: import java.util.Enumeration;
032: import java.util.HashMap;
033: import java.util.Map;
034:
035: import javax.security.jacc.PolicyConfiguration;
036: import javax.security.jacc.PolicyContextException;
037:
038: import org.ow2.util.log.Log;
039: import org.ow2.util.log.LogFactory;
040:
041: /**
042: * Defines the PolicyConfiguration implementation class of JACC.
043: * @author Florent Benoit
044: */
045: public class JPolicyConfiguration implements PolicyConfiguration {
046:
047: /**
048: * Available states.
049: */
050: private enum State {
051: /**
052: * Open state for the Policy Context Life Cycle Section 3.1.1.1.
053: */
054: OPEN,
055:
056: /**
057: * inService state for the Policy Context Life Cycle Section 3.1.1.1.
058: */
059: IN_SERVICE,
060:
061: /**
062: * Deleted state for the Policy Context Life Cycle Section 3.1.1.1.
063: */
064: DELETED
065: }
066:
067: /**
068: * Current state.
069: */
070: private State state;
071:
072: /**
073: * ContextID string which differentiate all instances.
074: */
075: private String contextID = null;
076:
077: /**
078: * Logger.
079: */
080: private static Log logger = LogFactory
081: .getLog(JPolicyConfiguration.class);
082:
083: /**
084: * Excluded permissions.
085: */
086: private PermissionCollection excludedPermissions = null;
087:
088: /**
089: * Unchecked permissions.
090: */
091: private PermissionCollection uncheckedPermissions = null;
092:
093: /**
094: * Role permissions.
095: */
096: private Map<String, PermissionCollection> rolePermissions = null;
097:
098: /**
099: * Constructor of a new PolicyConfiguration object.
100: * @param contextID Identifier of this PolicyConfiguration object
101: */
102: public JPolicyConfiguration(final String contextID) {
103: this .contextID = contextID;
104:
105: // initial state is open
106: resetState();
107:
108: // init permissions
109: excludedPermissions = new Permissions();
110: uncheckedPermissions = new Permissions();
111: rolePermissions = new HashMap<String, PermissionCollection>();
112: }
113:
114: /**
115: * Used to add a single excluded policy statement to this
116: * PolicyConfiguration.
117: * @param permission the permission to be added to the excluded policy
118: * statements.
119: * @throws SecurityException if called by an AccessControlContext that has
120: * not been granted the "setPolicy" SecurityPermission.
121: * @throws UnsupportedOperationException if the state of the policy context
122: * whose interface is this PolicyConfiguration Object is "deleted"
123: * or "inService" when this method is called.
124: * @throws PolicyContextException if the implementation throws a checked
125: * exception that has not been accounted for by the
126: * addToExcludedPolicy method signature. The exception thrown by the
127: * implementation class will be encapsulated (during construction)
128: * in the thrown PolicyContextException.
129: */
130: public void addToExcludedPolicy(final Permission permission)
131: throws PolicyContextException, SecurityException,
132: UnsupportedOperationException {
133:
134: logger.debug("Adding permission ''{0}'' as excluded policy.",
135: permission);
136:
137: // Section 3.3 - Check permissions
138: checkSetPolicy();
139:
140: // Open state required
141: checkCurrentStateIsInState(State.OPEN);
142:
143: // Add permission
144: if (permission != null) {
145: excludedPermissions.add(permission);
146: }
147:
148: }
149:
150: /**
151: * Used to add excluded policy statements to this PolicyConfiguration.
152: * @param permissions the collection of permissions to be added to the
153: * excluded policy statements. The collection may be either a
154: * homogenous or heterogenous collection.
155: * @throws SecurityException if called by an AccessControlContext that has
156: * not been granted the "setPolicy" SecurityPermission.
157: * @throws UnsupportedOperationException if the state of the policy context
158: * whose interface is this PolicyConfiguration Object is "deleted"
159: * or "inService" when this method is called.
160: * @throws PolicyContextException if the implementation throws a checked
161: * exception that has not been accounted for by the
162: * addToExcludedPolicy method signature. The exception thrown by the
163: * implementation class will be encapsulated (during construction)
164: * in the thrown PolicyContextException.
165: */
166: public void addToExcludedPolicy(
167: final PermissionCollection permissions)
168: throws PolicyContextException, SecurityException,
169: UnsupportedOperationException {
170:
171: logger.debug("Adding permissions ''{0}'' as excluded policy.",
172: permissions);
173:
174: // Section 3.3 - Check permissions
175: checkSetPolicy();
176:
177: // Open state required
178: checkCurrentStateIsInState(State.OPEN);
179:
180: // Add permissions
181: if (permissions != null) {
182: for (Enumeration e = permissions.elements(); e
183: .hasMoreElements();) {
184: excludedPermissions.add((Permission) e.nextElement());
185: }
186: }
187:
188: }
189:
190: /**
191: * Used to add a single permission to a named role in this
192: * PolicyConfiguration.
193: * @param roleName the name of the Role to which the permission is to be
194: * added.
195: * @param permission the permission to be added to the role.
196: * @throws SecurityException if called by an AccessControlContext that has
197: * not been granted the "setPolicy" SecurityPermission.
198: * @throws UnsupportedOperationException if the state of the policy context
199: * whose interface is this PolicyConfiguration Object is "deleted"
200: * or "inService" when this method is called.
201: * @throws PolicyContextException - if the implementation throws a checked
202: * exception that has not been accounted for by the addToRole method
203: * signature. The exception thrown by the implementation class will
204: * be encapsulated (during construction) in the thrown
205: * PolicyContextException.
206: */
207: public void addToRole(final String roleName,
208: final Permission permission) throws PolicyContextException,
209: SecurityException, UnsupportedOperationException {
210:
211: logger.debug("Adding permission ''{0}'' to role ''{1}''.",
212: permission, roleName);
213:
214: // Section 3.3 - Check permissions
215: checkSetPolicy();
216:
217: // Open state required
218: checkCurrentStateIsInState(State.OPEN);
219:
220: // Fail if roleName is null
221: if (roleName == null) {
222: throw new PolicyContextException(logger.getI18n()
223: .getMessage("JPolicyConfiguration.addToRole"));
224: }
225:
226: // Break if permission is null
227: if (permission == null) {
228: return;
229: }
230: PermissionCollection permissionsOfRole = rolePermissions
231: .get(roleName);
232:
233: // create permission object if no previous permission for the given role
234: if (permissionsOfRole == null) {
235: permissionsOfRole = new Permissions();
236: }
237: permissionsOfRole.add(permission);
238:
239: // add to the list
240: rolePermissions.put(roleName, permissionsOfRole);
241:
242: }
243:
244: /**
245: * Used to add permissions to a named role in this PolicyConfiguration.
246: * @param roleName the name of the Role to which the permissions are to be
247: * added.
248: * @param permissions the collection of permissions to be added to the role.
249: * The collection may be either a homogenous or heterogenous
250: * collection.
251: * @throws SecurityException if called by an AccessControlContext that has
252: * not been granted the "setPolicy" SecurityPermission.
253: * @throws UnsupportedOperationException if the state of the policy context
254: * whose interface is this PolicyConfiguration Object is "deleted"
255: * or inService" when this method is called.
256: * @throws PolicyContextException - if the implementation throws a checked
257: * exception that has not been accounted for by the addToRole method
258: * signature. The exception thrown by the implementation class will
259: * be encapsulated (during construction) in the thrown
260: * PolicyContextException.
261: */
262: public void addToRole(final String roleName,
263: final PermissionCollection permissions)
264: throws PolicyContextException, SecurityException,
265: UnsupportedOperationException {
266:
267: logger.debug("Adding permissions ''{0}'' to role ''{1}''.",
268: permissions, roleName);
269:
270: // Section 3.3 - Check permissions
271: checkSetPolicy();
272:
273: // Open state required
274: checkCurrentStateIsInState(State.OPEN);
275:
276: // Fail if roleName is null
277: if (roleName == null) {
278: throw new PolicyContextException(logger.getI18n()
279: .getMessage("JPolicyConfiguration.addToRole"));
280: }
281:
282: // Break if permission is null
283: if (permissions == null) {
284: return;
285: }
286: PermissionCollection permissionsOfRole = rolePermissions
287: .get(roleName);
288:
289: // create permission object if no previous permission for the given role
290: if (permissionsOfRole == null) {
291: permissionsOfRole = new Permissions();
292: }
293:
294: for (Enumeration e = permissions.elements(); e
295: .hasMoreElements();) {
296: permissionsOfRole.add((Permission) e.nextElement());
297: }
298:
299: // add to the list
300: rolePermissions.put(roleName, permissionsOfRole);
301:
302: }
303:
304: /**
305: * Used to add a single unchecked policy statement to this
306: * PolicyConfiguration.
307: * @param permission the permission to be added to the unchecked policy
308: * statements.
309: * @throws SecurityException if called by an AccessControlContext that has
310: * not been granted the "setPolicy" SecurityPermission.
311: * @throws UnsupportedOperationException if the state of the policy context
312: * whose interface is this PolicyConfiguration Object is "deleted"
313: * or "inService" when this method is called.
314: * @throws PolicyContextException if the implementation throws a checked
315: * exception that has not been accounted for by the
316: * addToUncheckedPolicy method signature. The exception thrown by
317: * the implementation class will be encapsulated (during
318: * construction) in the thrown PolicyContextException.
319: */
320: public void addToUncheckedPolicy(final Permission permission)
321: throws PolicyContextException, SecurityException,
322: UnsupportedOperationException {
323:
324: logger.debug("Adding permission ''{0}'' as unchecked policy.",
325: permission);
326:
327: // Section 3.3 - Check permissions
328: checkSetPolicy();
329:
330: // Open state required
331: checkCurrentStateIsInState(State.OPEN);
332:
333: // Add permission
334: if (permission != null) {
335: uncheckedPermissions.add(permission);
336: }
337:
338: }
339:
340: /**
341: * Used to add unchecked policy statements to this PolicyConfiguration.
342: * @param permissions the collection of permissions to be added as unchecked
343: * policy statements. The collection may be either a homogenous or
344: * heterogenous collection.
345: * @throws SecurityException if called by an AccessControlContext that has
346: * not been granted the "setPolicy" SecurityPermission.
347: * @throws UnsupportedOperationException if the state of the policy context
348: * whose interface is this PolicyConfiguration Object is "deleted"
349: * or "inService" when this method is called.
350: * @throws PolicyContextException if the implementation throws a checked
351: * exception that has not been accounted for by the
352: * addToUncheckedPolicy method signature. The exception thrown by
353: * the implementation class will be encapsulated (during
354: * construction) in the thrown PolicyContextException.
355: */
356: public void addToUncheckedPolicy(
357: final PermissionCollection permissions)
358: throws PolicyContextException, SecurityException,
359: UnsupportedOperationException {
360:
361: logger.debug("Adding permissions ''{0}'' as unchecked policy.",
362: permissions);
363:
364: // Section 3.3 - Check permissions
365: checkSetPolicy();
366:
367: // Open state required
368: checkCurrentStateIsInState(State.OPEN);
369:
370: // Add permissions
371: if (permissions != null) {
372: for (Enumeration e = permissions.elements(); e
373: .hasMoreElements();) {
374: uncheckedPermissions.add((Permission) e.nextElement());
375: }
376: }
377:
378: }
379:
380: /**
381: * This method is used to set to "inService" the state of the policy context
382: * whose interface is this PolicyConfiguration Object. Only those policy
383: * contexts whose state is "inService" will be included in the policy
384: * contexts processed by the Policy.refresh method. A policy context whose
385: * state is "inService" may be returned to the "open" state by calling the
386: * getPolicyConfiguration method of the PolicyConfiguration factory with the
387: * policy context identifier of the policy context. When the state of a
388: * policy context is "inService", calling any method other than commit,
389: * delete, getContextID, or inService on its PolicyConfiguration Object will
390: * cause an UnsupportedOperationException to be thrown.
391: * @throws SecurityException if called by an AccessControlContext that has
392: * not been granted the "setPolicy" SecurityPermission.
393: * @throws UnsupportedOperationException if the state of the policy context
394: * whose interface is this PolicyConfiguration Object is "deleted"
395: * when this method is called.
396: * @throws PolicyContextException if the implementation throws a checked
397: * exception that has not been accounted for by the commit method
398: * signature. The exception thrown by the implementation class will
399: * be encapsulated (during construction) in the thrown
400: * PolicyContextException.
401: */
402: public void commit() throws PolicyContextException,
403: SecurityException, UnsupportedOperationException {
404:
405: // Section 3.3 - Check permissions
406: checkSetPolicy();
407:
408: // Deleted state refused
409: checkCurrentStateNotInState(State.DELETED);
410:
411: // Now state is in service
412: state = State.IN_SERVICE;
413:
414: // add the configuration of this object
415: JPolicyConfigurationKeeper.addConfiguration(this );
416: }
417:
418: /**
419: * Causes all policy statements to be deleted from this PolicyConfiguration
420: * and sets its internal state such that calling any method, other than
421: * delete, getContextID, or inService on the PolicyConfiguration will be
422: * rejected and cause an UnsupportedOperationException to be thrown. This
423: * operation has no affect on any linked PolicyConfigurations other than
424: * removing any links involving the deleted PolicyConfiguration.
425: * @throws SecurityException if called by an AccessControlContext that has
426: * not been granted the "setPolicy" SecurityPermission.
427: * @throws PolicyContextException if the implementation throws a checked
428: * exception that has not been accounted for by the delete method
429: * signature. The exception thrown by the implementation class will
430: * be encapsulated (during construction) in the thrown
431: * PolicyContextException.
432: */
433: public void delete() throws PolicyContextException,
434: SecurityException {
435:
436: // Section 3.3 - Check permissions
437: checkSetPolicy();
438:
439: // all policy statements are deleted
440: excludedPermissions = new Permissions();
441: uncheckedPermissions = new Permissions();
442: rolePermissions = new HashMap<String, PermissionCollection>();
443:
444: // change state to DELETED
445: state = State.DELETED;
446:
447: // remove the configuration of this object
448: JPolicyConfigurationKeeper.removeConfiguration(this );
449:
450: }
451:
452: /**
453: * This method returns this object's policy context identifier.
454: * @return this object's policy context identifier.
455: * @throws SecurityException if called by an AccessControlContext that has
456: * not been granted the "setPolicy" SecurityPermission.
457: * @throws PolicyContextException if the implementation throws a checked
458: * exception that has not been accounted for by the getContextID
459: * method signature. The exception thrown by the implementation
460: * class will be encapsulated (during construction) in the thrown
461: * PolicyContextException.
462: */
463: public String getContextID() throws PolicyContextException,
464: SecurityException {
465:
466: // Section 3.3 - Check permissions
467: checkSetPolicy();
468:
469: return contextID;
470: }
471:
472: /**
473: * This method is used to determine if the policy context whose interface is
474: * this PolicyConfiguration Object is in the "inService" state.
475: * @return true if the state of the associated policy context is
476: * "inService"; false otherwise.
477: * @throws SecurityException if called by an AccessControlContext that has
478: * not been granted the "setPolicy" SecurityPermission.
479: * @throws PolicyContextException if the implementation throws a checked
480: * exception that has not been accounted for by the inService method
481: * signature. The exception thrown by the implementation class will
482: * be encapsulated (during construction) in the thrown
483: * PolicyContextException.
484: */
485: public boolean inService() throws PolicyContextException,
486: SecurityException {
487:
488: // Section 3.3 - Check permissions
489: checkSetPolicy();
490:
491: return (state == State.IN_SERVICE);
492: }
493:
494: /**
495: * Creates a relationship between this configuration and another such that
496: * they share the same principal-to-role mappings. PolicyConfigurations are
497: * linked to apply a common principal-to-role mapping to multiple seperately
498: * manageable PolicyConfigurations, as is required when an application is
499: * composed of multiple modules. Note that the policy statements which
500: * comprise a role, or comprise the excluded or unchecked policy collections
501: * in a PolicyConfiguration are unaffected by the configuration being linked
502: * to another.
503: * @param link a reference to a different PolicyConfiguration than this
504: * PolicyConfiguration. The relationship formed by this method is
505: * symetric, transitive and idempotent. If the argument
506: * PolicyConfiguration does not have a different Policy context
507: * identifier than this PolicyConfiguration no relationship is
508: * formed, and an exception, as described below, is thrown.
509: * @throws SecurityException if called by an AccessControlContext that has
510: * not been granted the "setPolicy" SecurityPermission.
511: * @throws UnsupportedOperationException if the state of the policy context
512: * whose interface is this PolicyConfiguration Object is "deleted"
513: * or "inService" when this method is called.
514: * @throws IllegalArgumentException if called with an argument
515: * PolicyConfiguration whose Policy context is equivalent to that of
516: * this PolicyConfiguration.
517: * @throws PolicyContextException if the implementation throws a checked
518: * exception that has not been accounted for by the
519: * linkConfiguration method signature. The exception thrown by the
520: * implementation class will be encapsulated (during construction)
521: * in the thrown PolicyContextException.
522: */
523: public void linkConfiguration(final PolicyConfiguration link)
524: throws IllegalArgumentException, PolicyContextException,
525: SecurityException, UnsupportedOperationException {
526:
527: // Section 3.3 - Check permissions
528: checkSetPolicy();
529:
530: // Open state required
531: checkCurrentStateIsInState(State.OPEN);
532:
533: // Equivalent to this PolicyConfiguration object ?
534: if (this .equals(link)) {
535: throw new IllegalArgumentException(
536: logger
537: .getI18n()
538: .getMessage(
539: "JPolicyConfiguration.linkConfiguration.equivalent",
540: this , link));
541: }
542:
543: // TODO : link objects together.
544:
545: }
546:
547: /**
548: * Used to remove any excluded policy statements from this
549: * PolicyConfiguration.
550: * @throws SecurityException if called by an AccessControlContext that has
551: * not been granted the "setPolicy" SecurityPermission.
552: * @throws UnsupportedOperationException if the state of the policy context
553: * whose interface is this PolicyConfiguration Object is "deleted"
554: * or "inService" when this method is called.
555: * @throws PolicyContextException if the implementation throws a checked
556: * exception that has not been accounted for by the
557: * removeExcludedPolicy method signature. The exception thrown by
558: * the implementation class will be encapsulated (during
559: * construction) in the thrown PolicyContextException.
560: */
561: public void removeExcludedPolicy() throws PolicyContextException,
562: SecurityException, UnsupportedOperationException {
563:
564: // Section 3.3 - Check permissions
565: checkSetPolicy();
566:
567: // Open state required
568: checkCurrentStateIsInState(State.OPEN);
569:
570: // reinit
571: excludedPermissions = new Permissions();
572: }
573:
574: /**
575: * Used to remove a role and all its permissions from this
576: * PolicyConfiguration.
577: * @param roleName the name of the Role to remove from this
578: * PolicyConfiguration.
579: * @throws SecurityException if called by an AccessControlContext that has
580: * not been granted the "setPolicy" SecurityPermission.
581: * @throws UnsupportedOperationException if the state of the policy context
582: * whose interface is this PolicyConfiguration Object is "deleted"
583: * or "inService" when this method is called.
584: * @throws PolicyContextException if the implementation throws a checked
585: * exception that has not been accounted for by the removeRole
586: * method signature. The exception thrown by the implementation
587: * class will be encapsulated (during construction) in the thrown
588: * PolicyContextException.
589: */
590: public void removeRole(final String roleName)
591: throws PolicyContextException, SecurityException,
592: UnsupportedOperationException {
593:
594: // Section 3.3 - Check permissions
595: checkSetPolicy();
596:
597: // Open state required
598: checkCurrentStateIsInState(State.OPEN);
599:
600: // Remove role permissions
601: rolePermissions.remove(roleName);
602: }
603:
604: /**
605: * Used to remove any unchecked policy statements from this
606: * PolicyConfiguration.
607: * @throws SecurityException if called by an AccessControlContext that has
608: * not been granted the "setPolicy" SecurityPermission.
609: * @throws UnsupportedOperationException if the state of the policy context
610: * whose interface is this PolicyConfiguration Object is "deleted"
611: * or "inService" when this method is called.
612: * @throws PolicyContextException if the implementation throws a checked
613: * exception that has not been accounted for by the
614: * removeUncheckedPolicy method signature. The exception thrown by
615: * the implementation class will be encapsulated (during
616: * construction) in the thrown PolicyContextException.
617: */
618: public void removeUncheckedPolicy() throws PolicyContextException,
619: SecurityException, UnsupportedOperationException {
620:
621: // Section 3.3 - Check permissions
622: checkSetPolicy();
623:
624: // Open state required
625: checkCurrentStateIsInState(State.OPEN);
626:
627: // Remove unckecked policy
628: uncheckedPermissions = new Permissions();
629: }
630:
631: /**
632: * Check if the current state is not the given state. Authorized states are
633: * described in javadoc of PolicyConfiguration class
634: * @param s given state
635: * @throws UnsupportedOperationException if the state is not the given state
636: */
637: private void checkCurrentStateNotInState(final State s)
638: throws UnsupportedOperationException {
639: if (this .state == s) {
640: String err = logger
641: .getI18n()
642: .getMessage(
643: "JPolicyConfiguration.checkCurrentStateNotInState.notValidState",
644: s, state);
645: throw new UnsupportedOperationException(err);
646: }
647: }
648:
649: /**
650: * Check if the current state is in the given state. Authorized states are
651: * described in javadoc of PolicyConfiguration class
652: * @param s given state
653: * @throws UnsupportedOperationException if the state is not in a valid
654: * state
655: */
656: private void checkCurrentStateIsInState(final State s)
657: throws UnsupportedOperationException {
658: if (this .state != s) {
659: String err = logger
660: .getI18n()
661: .getMessage(
662: "JPolicyConfiguration.checkCurrentStateNotInState.notValidState",
663: state, s);
664: throw new UnsupportedOperationException(err);
665: }
666: }
667:
668: /**
669: * Method which check setPolicy access. Section 3.3 : all public methods
670: * must throw a SecurityException when called by an AccessControlContext
671: * that has not been granted the "setPolicy" SecurityPermission
672: * @throws SecurityException when called by an AccessControlContext that has
673: * not been granted the "setPolicy" SecurityPermission.
674: */
675: private void checkSetPolicy() throws SecurityException {
676: SecurityManager securityManager = System.getSecurityManager();
677: if (securityManager != null) {
678: securityManager.checkPermission(new SecurityPermission(
679: "setPolicy"));
680: }
681: }
682:
683: /**
684: * Indicates whether some other object is "equal to" this one.
685: * @param obj the reference object with which to compare.
686: * @return true if this object is the same as the obj argument; false
687: * otherwise.
688: */
689: @Override
690: public boolean equals(final Object obj) {
691: if (!(obj instanceof PolicyConfiguration)) {
692: logger.error("JPolicyConfiguration.equals.notInstanceOf");
693: return false;
694: }
695: // Compare
696: try {
697: return (this .contextID.equals(((PolicyConfiguration) obj)
698: .getContextID()));
699: } catch (PolicyContextException pce) {
700: logger
701: .error("JPolicyConfiguration.equals.canNotCheck",
702: pce);
703: return false;
704: }
705:
706: }
707:
708: /**
709: * Gets a hash code value for the object.
710: * @return a hash code value for this object.
711: */
712: @Override
713: public int hashCode() {
714: return contextID.hashCode();
715: }
716:
717: /**
718: * Reset to OPEN state (Used by PolicyConfigurationFactory).
719: */
720: protected void resetState() {
721: this .state = State.OPEN;
722: }
723:
724: /**
725: * Gets the excluded permission.
726: * @return the excluded permission
727: */
728: public PermissionCollection getExcludedPermissions() {
729: // Works only if state is in service
730: if (state != State.IN_SERVICE) {
731: return new Permissions();
732: }
733: return excludedPermissions;
734: }
735:
736: /**
737: * Gets the excluded permission.
738: * @return the excluded permission
739: */
740: public PermissionCollection getUncheckedPermissions() {
741: // Works only if state is in service
742: if (state != State.IN_SERVICE) {
743: return new Permissions();
744: }
745: return uncheckedPermissions;
746: }
747:
748: /**
749: * Gets the permissions for a given principal.
750: * @param principal given principal
751: * @return the permissions for a given principal
752: */
753: public PermissionCollection getPermissionsForPrincipal(
754: final Principal principal) {
755:
756: logger.debug("principal = ''{0}''", principal);
757:
758: // Works only if state is in service and if principal is not null
759: if (principal == null || state != State.IN_SERVICE) {
760: return new Permissions();
761: }
762:
763: PermissionCollection permissionsOfRole = rolePermissions
764: .get(principal.getName());
765:
766: logger.debug("Permissions found = ''{0}''", permissionsOfRole);
767:
768: // create empty permission object if no previous permission for the
769: // given role
770: if (permissionsOfRole == null) {
771: permissionsOfRole = new Permissions();
772: }
773:
774: return permissionsOfRole;
775: }
776:
777: }
|