View Javadoc
1   /*
2    * Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
3    * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4    *
5    * This code is free software; you can redistribute it and/or modify it
6    * under the terms of the GNU General Public License version 2 only, as
7    * published by the Free Software Foundation.  Oracle designates this
8    * particular file as subject to the "Classpath" exception as provided
9    * by Oracle in the LICENSE file that accompanied this code.
10   *
11   * This code is distributed in the hope that it will be useful, but WITHOUT
12   * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13   * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
14   * version 2 for more details (a copy is included in the LICENSE file that
15   * accompanied this code).
16   *
17   * You should have received a copy of the GNU General Public License version
18   * 2 along with this work; if not, write to the Free Software Foundation,
19   * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20   *
21   * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22   * or visit www.oracle.com if you need additional information or have any
23   * questions.
24   */
25  
26  
27  package com.sun.jmx.snmp.IPAcl;
28  
29  
30  
31  import java.security.Principal;
32  import java.security.acl.Acl;
33  import java.security.acl.AclEntry;
34  import java.security.acl.NotOwnerException;
35  
36  import java.io.Serializable;
37  import java.security.acl.Permission;
38  import java.util.Vector;
39  import java.util.Enumeration;
40  
41  
42  /**
43   * Represent an Access Control List (ACL) which is used to guard access to http adaptor.
44   * <P>
45   * It is a data structure with multiple ACL entries. Each ACL entry, of interface type
46   * AclEntry, contains a set of permissions and a set of communities associated with a
47   * particular principal. (A principal represents an entity such as a host or a group of host).
48   * Additionally, each ACL entry is specified as being either positive or negative.
49   * If positive, the permissions are to be granted to the associated principal.
50   * If negative, the permissions are to be denied.
51   *
52   * @see java.security.acl.Acl
53   */
54  
55  class AclImpl extends OwnerImpl implements Acl, Serializable {
56    private static final long serialVersionUID = -2250957591085270029L;
57  
58    private Vector<AclEntry> entryList = null;
59    private String aclName = null;
60  
61    /**
62     * Constructs the ACL with a specified owner
63     *
64     * @param owner owner of the ACL.
65     * @param name  name of this ACL.
66     */
67    public AclImpl (PrincipalImpl owner, String name) {
68          super(owner);
69          entryList = new Vector<>();
70          aclName = name;
71    }
72  
73    /**
74     * Sets the name of this ACL.
75     *
76     * @param caller the principal invoking this method. It must be an owner
77     *        of this ACL.
78     * @param name the name to be given to this ACL.
79     *
80     * @exception NotOwnerException if the caller principal is not an owner
81     *            of this ACL.
82     * @see java.security.Principal
83     */
84    @Override
85    public void setName(Principal caller, String name)
86          throws NotOwnerException {
87            if (!isOwner(caller))
88                  throw new NotOwnerException();
89            aclName = name;
90    }
91  
92    /**
93     * Returns the name of this ACL.
94     *
95     * @return the name of this ACL.
96     */
97    @Override
98    public String getName(){
99          return aclName;
100   }
101 
102   /**
103    * Adds an ACL entry to this ACL. An entry associates a principal (e.g., an individual or a group)
104    * with a set of permissions. Each principal can have at most one positive ACL entry
105    * (specifying permissions to be granted to the principal) and one negative ACL entry
106    * (specifying permissions to be denied). If there is already an ACL entry
107    * of the same type (negative or positive) already in the ACL, false is returned.
108    *
109    * @param caller the principal invoking this method. It must be an owner
110    *        of this ACL.
111    * @param entry the ACL entry to be added to this ACL.
112    * @return true on success, false if an entry of the same type (positive
113    *       or negative) for the same principal is already present in this ACL.
114    * @exception NotOwnerException if the caller principal is not an owner of
115    *       this ACL.
116    * @see java.security.Principal
117    */
118   @Override
119   public boolean addEntry(Principal caller, AclEntry entry)
120         throws NotOwnerException {
121           if (!isOwner(caller))
122                 throw new NotOwnerException();
123 
124           if (entryList.contains(entry))
125                 return false;
126           /*
127                  for (Enumeration e = entryList.elements();e.hasMoreElements();){
128                  AclEntry ent = (AclEntry) e.nextElement();
129                  if (ent.getPrincipal().equals(entry.getPrincipal()))
130                  return false;
131                  }
132                  */
133 
134           entryList.addElement(entry);
135           return true;
136   }
137 
138   /**
139    * Removes an ACL entry from this ACL.
140    *
141    * @param caller the principal invoking this method. It must be an owner
142    *        of this ACL.
143    * @param entry the ACL entry to be removed from this ACL.
144    * @return true on success, false if the entry is not part of this ACL.
145    * @exception NotOwnerException if the caller principal is not an owner
146    *   of this Acl.
147    * @see java.security.Principal
148    * @see java.security.acl.AclEntry
149    */
150   @Override
151   public boolean removeEntry(Principal caller, AclEntry entry)
152         throws NotOwnerException {
153           if (!isOwner(caller))
154                 throw new NotOwnerException();
155 
156           return (entryList.removeElement(entry));
157   }
158 
159   /**
160    * Removes all ACL entries from this ACL.
161    *
162    * @param caller the principal invoking this method. It must be an owner
163    *        of this ACL.
164    * @exception NotOwnerException if the caller principal is not an owner of
165    *        this Acl.
166    * @see java.security.Principal
167    */
168   public void removeAll(Principal caller)
169         throws NotOwnerException {
170           if (!isOwner(caller))
171                 throw new NotOwnerException();
172         entryList.removeAllElements();
173   }
174 
175   /**
176    * Returns an enumeration for the set of allowed permissions for
177    * the specified principal
178    * (representing an entity such as an individual or a group).
179    * This set of allowed permissions is calculated as follows:
180    * <UL>
181    * <LI>If there is no entry in this Access Control List for the specified
182    * principal, an empty permission set is returned.</LI>
183    * <LI>Otherwise, the principal's group permission sets are determined.
184    * (A principal can belong to one or more groups, where a group is a group
185    * of principals, represented by the Group interface.)</LI>
186    * </UL>
187    * @param user the principal whose permission set is to be returned.
188    * @return the permission set specifying the permissions the principal
189    *     is allowed.
190    * @see java.security.Principal
191    */
192   @Override
193   public Enumeration<Permission> getPermissions(Principal user){
194         Vector<Permission> empty = new Vector<>();
195         for (Enumeration<AclEntry> e = entryList.elements();e.hasMoreElements();){
196           AclEntry ent = e.nextElement();
197           if (ent.getPrincipal().equals(user))
198                 return ent.permissions();
199         }
200         return empty.elements();
201   }
202 
203   /**
204    * Returns an enumeration of the entries in this ACL. Each element in the
205    * enumeration is of type AclEntry.
206    *
207    * @return an enumeration of the entries in this ACL.
208    */
209   @Override
210   public Enumeration<AclEntry> entries(){
211         return entryList.elements();
212   }
213 
214   /**
215    * Checks whether or not the specified principal has the specified
216    * permission.
217    * If it does, true is returned, otherwise false is returned.
218    * More specifically, this method checks whether the passed permission
219    * is a member of the allowed permission set of the specified principal.
220    * The allowed permission set is determined by the same algorithm as is
221    * used by the getPermissions method.
222    *
223    * @param user the principal, assumed to be a valid authenticated Principal.
224    * @param perm the permission to be checked for.
225    * @return true if the principal has the specified permission,
226    *         false otherwise.
227    * @see java.security.Principal
228    * @see java.security.Permission
229    */
230   @Override
231   public boolean checkPermission(Principal user,
232                                  java.security.acl.Permission perm) {
233         for (Enumeration<AclEntry> e = entryList.elements();e.hasMoreElements();){
234           AclEntry ent = e.nextElement();
235           if (ent.getPrincipal().equals(user))
236                 if (ent.checkPermission(perm)) return true;
237         }
238         return false;
239   }
240 
241   /**
242    * Checks whether or not the specified principal has the specified
243    * permission.
244    * If it does, true is returned, otherwise false is returned.
245    * More specifically, this method checks whether the passed permission
246    * is a member of the allowed permission set of the specified principal.
247    * The allowed permission set is determined by the same algorithm as is
248    * used by the getPermissions method.
249    *
250    * @param user the principal, assumed to be a valid authenticated Principal.
251    * @param community the community name associated with the principal.
252    * @param perm the permission to be checked for.
253    * @return true if the principal has the specified permission, false
254    *        otherwise.
255    * @see java.security.Principal
256    * @see java.security.Permission
257    */
258   public boolean checkPermission(Principal user, String community,
259                                  java.security.acl.Permission perm) {
260         for (Enumeration<AclEntry> e = entryList.elements();e.hasMoreElements();){
261           AclEntryImpl ent = (AclEntryImpl) e.nextElement();
262           if (ent.getPrincipal().equals(user))
263                 if (ent.checkPermission(perm) && ent.checkCommunity(community)) return true;
264         }
265         return false;
266   }
267 
268   /**
269    * Checks whether or not the specified community string is defined.
270    *
271    * @param community the community name associated with the principal.
272    *
273    * @return true if the specified community string is defined, false
274    *      otherwise.
275    * @see java.security.Principal
276    * @see java.security.Permission
277    */
278   public boolean checkCommunity(String community) {
279         for (Enumeration<AclEntry> e = entryList.elements();e.hasMoreElements();){
280           AclEntryImpl ent = (AclEntryImpl) e.nextElement();
281           if (ent.checkCommunity(community)) return true;
282         }
283         return false;
284   }
285 
286   /**
287    * Returns a string representation of the ACL contents.
288    *
289    * @return a string representation of the ACL contents.
290    */
291   @Override
292   public String toString(){
293         return ("AclImpl: "+ getName());
294   }
295 }