1 //
2 //  ========================================================================
3 //  Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd.
4 //  ------------------------------------------------------------------------
5 //  All rights reserved. This program and the accompanying materials
6 //  are made available under the terms of the Eclipse Public License v1.0
7 //  and Apache License v2.0 which accompanies this distribution.
8 //
9 //      The Eclipse Public License is available at
10 //      http://www.eclipse.org/legal/epl-v10.html
11 //
12 //      The Apache License v2.0 is available at
13 //      http://www.opensource.org/licenses/apache2.0.php
14 //
15 //  You may elect to redistribute this code under either of these licenses.
16 //  ========================================================================
17 //
18 
19 package org.eclipse.jetty.util.security;
20 
21 import java.io.Serializable;
22 import java.util.Arrays;
23 
24 /* ------------------------------------------------------------ */
25 /**
26  * Describe an auth and/or data constraint.
27  *
28  *
29  */
30 public class Constraint implements Cloneable, Serializable
31 {
32     /* ------------------------------------------------------------ */
33     public final static String __BASIC_AUTH = "BASIC";
34 
35     public final static String __FORM_AUTH = "FORM";
36 
37     public final static String __DIGEST_AUTH = "DIGEST";
38 
39     public final static String __CERT_AUTH = "CLIENT_CERT";
40 
41     public final static String __CERT_AUTH2 = "CLIENT-CERT";
42 
43     public final static String __SPNEGO_AUTH = "SPNEGO";
44 
45     public final static String __NEGOTIATE_AUTH = "NEGOTIATE";
46 
validateMethod(String method)47     public static boolean validateMethod (String method)
48     {
49         if (method == null)
50             return false;
51         method = method.trim();
52         return (method.equals(__FORM_AUTH)
53                 || method.equals(__BASIC_AUTH)
54                 || method.equals (__DIGEST_AUTH)
55                 || method.equals (__CERT_AUTH)
56                 || method.equals(__CERT_AUTH2)
57                 || method.equals(__SPNEGO_AUTH)
58                 || method.equals(__NEGOTIATE_AUTH));
59     }
60 
61     /* ------------------------------------------------------------ */
62     public final static int DC_UNSET = -1, DC_NONE = 0, DC_INTEGRAL = 1, DC_CONFIDENTIAL = 2, DC_FORBIDDEN = 3;
63 
64     /* ------------------------------------------------------------ */
65     public final static String NONE = "NONE";
66 
67     public final static String ANY_ROLE = "*";
68 
69     /* ------------------------------------------------------------ */
70     private String _name;
71 
72     private String[] _roles;
73 
74     private int _dataConstraint = DC_UNSET;
75 
76     private boolean _anyRole = false;
77 
78     private boolean _authenticate = false;
79 
80     /* ------------------------------------------------------------ */
81     /**
82      * Constructor.
83      */
Constraint()84     public Constraint()
85     {
86     }
87 
88     /* ------------------------------------------------------------ */
89     /**
90      * Conveniance Constructor.
91      *
92      * @param name
93      * @param role
94      */
Constraint(String name, String role)95     public Constraint(String name, String role)
96     {
97         setName(name);
98         setRoles(new String[] { role });
99     }
100 
101     /* ------------------------------------------------------------ */
102     @Override
clone()103     public Object clone() throws CloneNotSupportedException
104     {
105         return super.clone();
106     }
107 
108     /* ------------------------------------------------------------ */
109     /**
110      * @param name
111      */
setName(String name)112     public void setName(String name)
113     {
114         _name = name;
115     }
116 
117     /* ------------------------------------------------------------ */
setRoles(String[] roles)118     public void setRoles(String[] roles)
119     {
120         _roles = roles;
121         _anyRole = false;
122         if (roles != null)
123             for (int i = roles.length; !_anyRole && i-- > 0;)
124                 _anyRole |= ANY_ROLE.equals(roles[i]);
125     }
126 
127     /* ------------------------------------------------------------ */
128     /**
129      * @return True if any user role is permitted.
130      */
isAnyRole()131     public boolean isAnyRole()
132     {
133         return _anyRole;
134     }
135 
136     /* ------------------------------------------------------------ */
137     /**
138      * @return List of roles for this constraint.
139      */
getRoles()140     public String[] getRoles()
141     {
142         return _roles;
143     }
144 
145     /* ------------------------------------------------------------ */
146     /**
147      * @param role
148      * @return True if the constraint contains the role.
149      */
hasRole(String role)150     public boolean hasRole(String role)
151     {
152         if (_anyRole) return true;
153         if (_roles != null) for (int i = _roles.length; i-- > 0;)
154             if (role.equals(_roles[i])) return true;
155         return false;
156     }
157 
158     /* ------------------------------------------------------------ */
159     /**
160      * @param authenticate True if users must be authenticated
161      */
setAuthenticate(boolean authenticate)162     public void setAuthenticate(boolean authenticate)
163     {
164         _authenticate = authenticate;
165     }
166 
167     /* ------------------------------------------------------------ */
168     /**
169      * @return True if the constraint requires request authentication
170      */
getAuthenticate()171     public boolean getAuthenticate()
172     {
173         return _authenticate;
174     }
175 
176     /* ------------------------------------------------------------ */
177     /**
178      * @return True if authentication required but no roles set
179      */
isForbidden()180     public boolean isForbidden()
181     {
182         return _authenticate && !_anyRole && (_roles == null || _roles.length == 0);
183     }
184 
185     /* ------------------------------------------------------------ */
186     /**
187      * @param c Data constrain indicator: 0=DC+NONE, 1=DC_INTEGRAL &
188      *                2=DC_CONFIDENTIAL
189      */
setDataConstraint(int c)190     public void setDataConstraint(int c)
191     {
192         if (c < 0 || c > DC_CONFIDENTIAL) throw new IllegalArgumentException("Constraint out of range");
193         _dataConstraint = c;
194     }
195 
196     /* ------------------------------------------------------------ */
197     /**
198      * @return Data constrain indicator: 0=DC+NONE, 1=DC_INTEGRAL &
199      *         2=DC_CONFIDENTIAL
200      */
getDataConstraint()201     public int getDataConstraint()
202     {
203         return _dataConstraint;
204     }
205 
206     /* ------------------------------------------------------------ */
207     /**
208      * @return True if a data constraint has been set.
209      */
hasDataConstraint()210     public boolean hasDataConstraint()
211     {
212         return _dataConstraint >= DC_NONE;
213     }
214 
215     /* ------------------------------------------------------------ */
216     @Override
toString()217     public String toString()
218     {
219         return "SC{" + _name
220                + ","
221                + (_anyRole ? "*" : (_roles == null ? "-" : Arrays.asList(_roles).toString()))
222                + ","
223                + (_dataConstraint == DC_UNSET ? "DC_UNSET}" : (_dataConstraint == DC_NONE ? "NONE}" : (_dataConstraint == DC_INTEGRAL ? "INTEGRAL}" : "CONFIDENTIAL}")));
224     }
225 
226 }
227