8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Copyright (c) 2008 Sun Microsystems Inc. All Rights Reserved
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The contents of this file are subject to the terms
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of the Common Development and Distribution License
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * (the License). You may not use this file except in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * compliance with the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * You can obtain a copy of the License at
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * See the License for the specific language governing
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * permission and limitations under the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * When distributing Covered Code, include this CDDL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Header Notice in each file and include the License file
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If applicable, add the following below the CDDL Header,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * with the fields enclosed by brackets [] replaced by
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * your own identifying information:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * $Id: FilterModeValueValidator.java,v 1.3 2008/07/03 09:39:14 veiming Exp $
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.sm.ServiceAttributeValidator;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Validates Filter Mode property value in Agent Properties. e.g.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>com.sun.identity.agents.config.filter.mode</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The values in set of properties can be application specific:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * -for example [somecontextroot]=J2EE_POLICY or one of other valid values
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * from NONE, SSO_ONLY, URL_POLICY, J2EE_POLICY, ALL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Can also have *one* global value:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * -where value has no brackets or context root key and is just a value
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * NONE, SSO_ONLY, URL_POLICY, J2EE_POLICY, ALL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * -also allow a global value format: "=ALL" or none etc, which includes an
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * equal sign since in property file style an entry like
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * com.sun.someprop=ALL would have a value "=ALL"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Does not allow []=ALL or none etc.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Does not allow the characters "[" or "]" inside the brackets since this is
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * not a likely valid character in a context root name and it helps us avoid
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the user error of a typo and we use bracket as a special character in parsing.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Ultimately this regular expression could be stricter since the key inside
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of brackets is a context root of a web app [somecontextroot] and context
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * root values only allow certain value, but since agent code and
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * other places dont validate for this strictness, this validator should be
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * close to as loose as rest of code for consistency.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Overall set of values:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * -Empty set is not allowed since user must specify something.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * -Set can only have *one* global value value of NONE, SSO_ONLY, URL_POLICY,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * J2EE_POLICY, ALL so java code checks for repeats.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * -Duplicates: The validation logic does not check for duplicates in terms of
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * the whole value ie [somecontextroot]=ALL being included twice. Since a set
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * is used to hold the values, and Set add method only adds the specified
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * element to this set if it is not already present so it will not contain any
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * duplicates. So no check necessary. The UI may allow a user to enter
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * duplicates but ultimately they are ignored and not stored as part of
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * agents config.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Duplicates are exact duplicates, since set does not distinguish between
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * letter case of a key, so "Key" is a different key from "key". We dont check
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * for duplicates such as this type of possible case.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * However, we do check for exact duplicate context root name within whole
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * values, so if user inputs [mycontextroot]=ALL and [mycontextroot]=NONE then
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * both values will be in the set, and this code will detect that
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * "mycontextroot" is a duplicate so set will be considered invalid.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterpublic class FilterModeValueValidator implements ServiceAttributeValidator {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String globalRegularExpression =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "(\\s*=?\\s*(NONE|SSO_ONLY|URL_POLICY|J2EE_POLICY|ALL)\\s*)";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String appSpecificRegularExpression =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "(\\s*\\[\\s*[\\S&&[^\\[]&&[^\\]]]+\\s*\\]\\s*=\\s*(NONE|SSO_ONLY|URL_POLICY|J2EE_POLICY|ALL)\\s*)";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final String regularExpression =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster "(" + appSpecificRegularExpression + "|" + globalRegularExpression + ")";
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster private static final Pattern pattern = Pattern.compile(regularExpression);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Returns <code>true</code> if values are of filter mode type.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @param values the set of values to be validated
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @return <code>true</code> if values are of filter mode type.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean valid = true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster boolean globalFound = false; //can only have zero or one global value
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster for (Iterator i = values.iterator(); (i.hasNext() && valid);) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster //now test for duplicate global value
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster Matcher globalMatcher = globalPattern.matcher(str);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster //if value matches global and previously found one too
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster valid = false; //more than one global value so invalid