diff options
Diffstat (limited to 'base/server/cmscore/src')
-rw-r--r-- | base/server/cmscore/src/com/netscape/cmscore/realm/ACL.java | 193 | ||||
-rw-r--r-- | base/server/cmscore/src/com/netscape/cmscore/realm/ACLEntry.java | 243 |
2 files changed, 0 insertions, 436 deletions
diff --git a/base/server/cmscore/src/com/netscape/cmscore/realm/ACL.java b/base/server/cmscore/src/com/netscape/cmscore/realm/ACL.java deleted file mode 100644 index 13fcdac44..000000000 --- a/base/server/cmscore/src/com/netscape/cmscore/realm/ACL.java +++ /dev/null @@ -1,193 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cmscore.realm; - -import java.util.Enumeration; -import java.util.Vector; - -/** - * A class represents an access control list (ACL). An ACL - * is associated with an protected resources. The policy - * enforcer can verify the ACLs with the current - * context to see if the corresponding resource is accessible. - * <P> - * An <code>ACL</code> may contain one or more <code>ACLEntry</code>. However, in case of multiple <code>ACLEntry</code> - * , a subject must pass ALL of the <code>ACLEntry</code> evaluation for permission to be granted - * <P> - * - * @version $Revision$, $Date$ - */ -public class ACL { - - /** - * - */ - - protected Vector<ACLEntry> entries = new Vector<ACLEntry>(); // ACL entries - protected Vector<String> rights = null; // possible rights entries - protected String resourceACLs = null; // exact resourceACLs string on ldap server - protected String name = null; // resource name - protected String description = null; // resource description - - /** - * Class constructor. - */ - public ACL() { - } - - /** - * Class constructor. - * Constructs an access control list associated - * with a resource name - * - * @param name resource name - * @param rights applicable rights defined for this resource - * @param resourceACLs the entire ACL specification. For example: - * "certServer.log.configuration:read,modify: - * allow (read,modify) - * group=\"Administrators\": - * Allow administrators to read and modify log - * configuration" - */ - public ACL(String name, Vector<String> rights, String resourceACLs) { - setName(name); - if (rights != null) { - this.rights = rights; - } else { - this.rights = new Vector<String>(); - } - this.resourceACLs = resourceACLs; - - } - - /** - * Sets the name of the resource governed by this - * access control. - * - * @param name name of the resource - */ - public void setName(String name) { - this.name = name; - } - - /** - * Retrieves the name of the resource governed by - * this access control. - * - * @return name of the resource - */ - public String getName() { - return name; - } - - /** - * Retrieves the exact string of the resourceACLs - * - * @return resource's acl - */ - public String getResourceACLs() { - return resourceACLs; - } - - /** - * Sets the description of the resource governed by this - * access control. - * - * @param description Description of the protected resource - */ - public void setDescription(String description) { - this.description = description; - } - - /** - * Retrieves the description of the resource governed by - * this access control. - * - * @return Description of the protected resource - */ - public String getDescription() { - return description; - } - - /** - * Adds an ACL entry to this list. - * - * @param entry the <code>ACLEntry</code> to be added to this resource - */ - public void addEntry(ACLEntry entry) { - entries.addElement(entry); - } - - /** - * Returns ACL entries. - * - * @return enumeration for the <code>ACLEntry</code> vector - */ - public Enumeration<ACLEntry> entries() { - return entries.elements(); - } - - /** - * Returns the string reprsentation. - * - * @return the string representation of the ACL entries in the - * following format: - * <resource name>[<ACLEntry1>,<ACLEntry 2>,...<ACLEntry N>] - */ - public String toString() { - StringBuilder entries = new StringBuilder(); - Enumeration<ACLEntry> e = entries(); - - for (; e.hasMoreElements();) { - ACLEntry entry = e.nextElement(); - - entries.append(entry); - if (e.hasMoreElements()) - entries.append(","); - } - return getName() + "[" + entries + "]"; - } - - /** - * Adds an rights entry to this list. - * - * @param right The right to be added for this ACL - */ - public void addRight(String right) { - rights.addElement(right); - } - - /** - * Tells if the permission is one of the defined "rights" - * - * @param permission permission to be checked - * @return true if it's one of the "rights"; false otherwise - */ - public boolean checkRight(String permission) { - return (rights.contains(permission)); - } - - /** - * Returns rights entries. - * - * @return enumeration of rights defined for this ACL - */ - public Enumeration<String> rights() { - return rights.elements(); - } -} diff --git a/base/server/cmscore/src/com/netscape/cmscore/realm/ACLEntry.java b/base/server/cmscore/src/com/netscape/cmscore/realm/ACLEntry.java deleted file mode 100644 index 1e13ad682..000000000 --- a/base/server/cmscore/src/com/netscape/cmscore/realm/ACLEntry.java +++ /dev/null @@ -1,243 +0,0 @@ -// --- BEGIN COPYRIGHT BLOCK --- -// This program is free software; you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation; version 2 of the License. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License along -// with this program; if not, write to the Free Software Foundation, Inc., -// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -// -// (C) 2007 Red Hat, Inc. -// All rights reserved. -// --- END COPYRIGHT BLOCK --- -package com.netscape.cmscore.realm; - -import java.util.Enumeration; -import java.util.Hashtable; -import java.util.StringTokenizer; - -/** - * A class represents an ACI entry of an access control list. - * <P> - * - * @version $Revision$, $Date$ - */ -public class ACLEntry { - /** - * - */ - protected Hashtable<String, String> mPerms = new Hashtable<String, String>(); - protected String expressions = null; - protected boolean negative = false; - protected String ACLEntryString = null; - - /** - * Class Constructor - */ - public ACLEntry() { - } - - /** - * Checks if this ACL entry is set to negative. - * - * @return true if this ACL entry expression is for "deny"; - * false if this ACL entry expression is for "allow" - */ - public boolean isNegative() { - return negative; - } - - /** - * Sets this ACL entry negative. This ACL entry expression is for "deny". - */ - public void setNegative() { - negative = true; - } - - /** - * Sets the ACL entry string - * - * @param s string in the following format: - * - * <PRE> - * allow|deny (right[,right...]) attribute_expression - * </PRE> - */ - public void setACLEntryString(String s) { - ACLEntryString = s; - } - - /** - * Gets the ACL Entry String - * - * @return ACL Entry string in the following format: - * - * <PRE> - * allow|deny (right[,right...]) attribute_expression - * </PRE> - */ - public String getACLEntryString() { - return ACLEntryString; - } - - /** - * Adds permission to this entry. Permission must be one of the - * "rights" defined for each protected resource in its ACL - * - * @param acl the acl instance that this aclEntry is associated with - * @param permission one of the "rights" defined for each - * protected resource in its ACL - */ - public void addPermission(ACL acl, String permission) { - if (acl.checkRight(permission) == true) { - mPerms.put(permission, permission); - } else { - // not a valid right...log it later - } - } - - /** - * Returns a list of permissions associated with - * this entry. - * - * @return a list of permissions for this ACL entry - */ - public Enumeration<String> permissions() { - return mPerms.elements(); - } - - /** - * Sets the expression associated with this entry. - * - * @param expressions the evaluator expressions. For example, - * group="Administrators" - */ - public void setAttributeExpressions(String expressions) { - this.expressions = expressions; - } - - /** - * Retrieves the expression associated with this entry. - * - * @return the evaluator expressions. For example, - * group="Administrators" - */ - public String getAttributeExpressions() { - return expressions; - } - - /** - * Checks to see if this <code>ACLEntry</code> contains a - * particular permission - * - * @param permission one of the "rights" defined for each - * protected resource in its ACL - * @return true if permission contained in the permission list - * for this <code>ACLEntry</code>; false otherwise. - */ - public boolean containPermission(String permission) { - return (mPerms.get(permission) != null); - } - - /** - * Checks if this entry has the given permission. - * - * @param permission one of the "rights" defined for each - * protected resource in its ACL - * @return true if the permission is allowed; false if the - * permission is denied. If a permission is not - * recognized by this ACL, it is considered denied - */ - public boolean checkPermission(String permission) { - // default - if we dont know about the requested permission, - // don't grant permission - if (mPerms.get(permission) == null) - return false; - if (isNegative()) { - return false; - } else { - return true; - } - } - - /** - * Parse string in the following format: - * - * <PRE> - * allow|deny (right[,right...]) attribute_expression - * </PRE> - * - * into an instance of the <code>ACLEntry</code> class - * - * @param acl the acl instance associated with this aclentry - * @param aclEntryString aclEntryString in the specified format - * @return an instance of the <code>ACLEntry</code> class - */ - public static ACLEntry parseACLEntry(ACL acl, String aclEntryString) { - if (aclEntryString == null) { - return null; - } - - String te = aclEntryString.trim(); - - // locate first space - int i = te.indexOf(' '); - // prefix should be "allowed" or "deny" - String prefix = te.substring(0, i); - String suffix = te.substring(i + 1).trim(); - ACLEntry entry = new ACLEntry(); - - if (prefix.equals("allow")) { - // do nothing - } else if (prefix.equals("deny")) { - entry.setNegative(); - } else { - return null; - } - // locate the second space - i = suffix.indexOf(' '); - // this prefix should be rights list, delimited by "," - prefix = suffix.substring(1, i - 1); - // the suffix is the rest, which is the "expressions" - suffix = suffix.substring(i + 1).trim(); - - StringTokenizer st = new StringTokenizer(prefix, ","); - - for (; st.hasMoreTokens();) { - entry.addPermission(acl, st.nextToken()); - } - entry.setAttributeExpressions(suffix); - return entry; - } - - /** - * Returns the string representation of this ACLEntry - * - * @return string representation of this ACLEntry - */ - public String toString() { - StringBuffer entry = new StringBuffer(); - - if (isNegative()) { - entry.append("deny ("); - } else { - entry.append("allow ("); - } - Enumeration<String> e = permissions(); - - for (; e.hasMoreElements();) { - String p = e.nextElement(); - - entry.append(p); - if (e.hasMoreElements()) - entry.append(","); - } - entry.append(") " + getAttributeExpressions()); - return entry.toString(); - } -} |