1 // ========================================================================
2 // Copyright 200-2004 Mort Bay Consulting Pty. Ltd.
3 // ------------------------------------------------------------------------
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 // http://www.apache.org/licenses/LICENSE-2.0
8 // Unless required by applicable law or agreed to in writing, software
9 // distributed under the License is distributed on an "AS IS" BASIS,
10 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
11 // See the License for the specific language governing permissions and
12 // limitations under the License.
13 // ========================================================================
14
15 package org.mortbay.jetty.security;
16
17 import java.io.Serializable;
18
19
20 /* ------------------------------------------------------------ */
21 /** Describe an auth and/or data constraint.
22 *
23 * @author Greg Wilkins (gregw)
24 */
25 public class Constraint implements Cloneable, Serializable
26 {
27 /* ------------------------------------------------------------ */
28 public final static String __BASIC_AUTH= "BASIC";
29 public final static String __FORM_AUTH= "FORM";
30 public final static String __DIGEST_AUTH= "DIGEST";
31 public final static String __CERT_AUTH= "CLIENT_CERT";
32 public final static String __CERT_AUTH2= "CLIENT-CERT";
33
34 /* ------------------------------------------------------------ */
35 public final static int DC_UNSET= -1, DC_NONE= 0, DC_INTEGRAL= 1, DC_CONFIDENTIAL= 2;
36
37 /* ------------------------------------------------------------ */
38 public final static String NONE= "NONE";
39 public final static String ANY_ROLE= "*";
40
41 /* ------------------------------------------------------------ */
42 private String _name;
43 private String[] _roles;
44 private int _dataConstraint= DC_UNSET;
45 private boolean _anyRole= false;
46 private boolean _authenticate= false;
47
48 /* ------------------------------------------------------------ */
49 /** Constructor.
50 */
51 public Constraint()
52 {}
53
54 /* ------------------------------------------------------------ */
55 /** Conveniance Constructor.
56 * @param name
57 * @param role
58 */
59 public Constraint(String name, String role)
60 {
61 setName(name);
62 setRoles(new String[]{role});
63 }
64
65 /* ------------------------------------------------------------ */
66 public Object clone() throws CloneNotSupportedException
67 {
68 return super.clone();
69 }
70
71 /* ------------------------------------------------------------ */
72 /**
73 * @param name
74 */
75 public void setName(String name)
76 {
77 _name= name;
78 }
79
80 /* ------------------------------------------------------------ */
81 public void setRoles(String[] roles)
82 {
83 _roles=roles;
84 _anyRole=false;
85 if (roles!=null)
86 for (int i=roles.length;!_anyRole&& i-->0;)
87 _anyRole=ANY_ROLE.equals(roles[i]);
88 }
89
90 /* ------------------------------------------------------------ */
91 /**
92 * @return True if any user role is permitted.
93 */
94 public boolean isAnyRole()
95 {
96 return _anyRole;
97 }
98
99 /* ------------------------------------------------------------ */
100 /**
101 * @return List of roles for this constraint.
102 */
103 public String[] getRoles()
104 {
105 return _roles;
106 }
107
108 /* ------------------------------------------------------------ */
109 /**
110 * @param role
111 * @return True if the constraint contains the role.
112 */
113 public boolean hasRole(String role)
114 {
115 if (_anyRole)
116 return true;
117 if (_roles!=null)
118 for (int i=_roles.length;i-->0;)
119 if (role.equals(_roles[i]))
120 return true;
121 return false;
122 }
123
124 /* ------------------------------------------------------------ */
125 /**
126 * @param authenticate True if users must be authenticated
127 */
128 public void setAuthenticate(boolean authenticate)
129 {
130 _authenticate= authenticate;
131 }
132
133 /* ------------------------------------------------------------ */
134 /**
135 * @return True if the constraint requires request authentication
136 */
137 public boolean getAuthenticate()
138 {
139 return _authenticate;
140 }
141
142 /* ------------------------------------------------------------ */
143 /**
144 * @return True if authentication required but no roles set
145 */
146 public boolean isForbidden()
147 {
148 return _authenticate && !_anyRole && (_roles==null || _roles.length == 0);
149 }
150
151 /* ------------------------------------------------------------ */
152 /**
153 * @param c Data constrain indicator: 0=DC+NONE, 1=DC_INTEGRAL & 2=DC_CONFIDENTIAL
154 */
155 public void setDataConstraint(int c)
156 {
157 if (c < 0 || c > DC_CONFIDENTIAL)
158 throw new IllegalArgumentException("Constraint out of range");
159 _dataConstraint= c;
160 }
161
162 /* ------------------------------------------------------------ */
163 /**
164 * @return Data constrain indicator: 0=DC+NONE, 1=DC_INTEGRAL & 2=DC_CONFIDENTIAL
165 */
166 public int getDataConstraint()
167 {
168 return _dataConstraint;
169 }
170
171 /* ------------------------------------------------------------ */
172 /**
173 * @return True if a data constraint has been set.
174 */
175 public boolean hasDataConstraint()
176 {
177 return _dataConstraint >= DC_NONE;
178 }
179
180 /* ------------------------------------------------------------ */
181 public String toString()
182 {
183 return "SC{"
184 + _name
185 + ","
186 + (_anyRole ? "*" : (_roles == null ? "-" : _roles.toString()))
187 + ","
188 + (_dataConstraint == DC_UNSET ? "DC_UNSET}":
189 (_dataConstraint == DC_NONE
190 ? "NONE}"
191 : (_dataConstraint == DC_INTEGRAL ? "INTEGRAL}" : "CONFIDENTIAL}")));
192 }
193
194
195 }