policy/jaas/ISPermission.java

a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington/*
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Copyright (c) 2006 Sun Microsystems Inc. All Rights Reserved
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * The contents of this file are subject to the terms
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of the Common Development and Distribution License
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * (the License). You may not use this file except in
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * compliance with the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * You can obtain a copy of the License at
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * https://opensso.dev.java.net/public/CDDLv1.0.html or
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * opensso/legal/CDDLv1.0.txt
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * See the License for the specific language governing
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * permission and limitations under the License.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * When distributing Covered Code, include this CDDL
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Header Notice in each file and include the License file
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * at opensso/legal/CDDLv1.0.txt.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * If applicable, add the following below the CDDL Header,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * with the fields enclosed by brackets [] replaced by
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * your own identifying information:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * "Portions Copyrighted [year] [name of copyright owner]"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * $Id: ISPermission.java,v 1.5 2008/08/19 19:09:17 veiming Exp $
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington * Portions Copyrighted 2015 ForgeRock AS.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterpackage com.sun.identity.policy.jaas;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.sso.SSOToken;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.sso.SSOTokenManager;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.iplanet.sso.SSOException;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.authentication.service.SSOTokenPrincipal;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.policy.client.PolicyEvaluator;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.policy.client.PolicyEvaluatorFactory;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport com.sun.identity.shared.debug.Debug;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport java.security.Permission;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport java.security.CodeSource;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport java.security.ProtectionDomain;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport java.security.PermissionCollection;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport javax.security.auth.Subject;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport java.security.Principal;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport java.util.Set;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport java.util.HashSet;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport java.util.StringTokenizer;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport java.util.Map;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterimport java.util.Collections;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster/**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * This class provides the support for JAAS Authorization service
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * Its a new JAAS <code>Permission</code> which extends the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * {@link java.security.Permission} class. This is the only
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * API which gets used by an application/container to evaluate policy against
8d3140b524c0e28c0a49dc7c7d481123ef3cfe11Chris Lee * the OpenAM Policy framework. This class provides implementations
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * of all the required abstract methods of <code>java.security.Permission</code>
8d3140b524c0e28c0a49dc7c7d481123ef3cfe11Chris Lee * , in a way that the policy evaluation is made against the OpenAM
8d3140b524c0e28c0a49dc7c7d481123ef3cfe11Chris Lee * Policy service.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <p>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * For example, one would use this class as follows to evaluate policy
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * permissions:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <pre>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * ISPermission perm = new ISPermission("iPlanetAMWebAgentService",
8d3140b524c0e28c0a49dc7c7d481123ef3cfe11Chris Lee *                  "http://www.example.com:80","GET");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * AccessController.checkPermission(perm);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * </pre>
8d3140b524c0e28c0a49dc7c7d481123ef3cfe11Chris Lee * If OpenAM has the policy service
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <code>iPlanetAMWebAgentService</code> which has a <code>Rule</code> defined
8d3140b524c0e28c0a49dc7c7d481123ef3cfe11Chris Lee * for resource <code>http://www.example.com:80</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * with action "GET" with allow privilege, this call will return quietly, if
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * such a policy is not found then access is denied and Exception thrown
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * accordingly. Also <code>ISPermission</code> co-exists with the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * permissions specified in the JDK policy store ( by default file <code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * sun.security.provider.PolicyFile</code> or defined on the command line
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * using the -D option.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <p>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @see java.security.Permission
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @see javax.security.auth.Subject
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @see java.security.ProtectionDomain
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * <p>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster * @supported.all.api
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Fosterpublic class ISPermission extends Permission {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    private Subject subject;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    private CodeSource codesource;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    private ProtectionDomain protectionDomain;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    private String serviceName;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    private String resourceName;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    private String actions;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    private Set actionSet;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    private Map envParams = Collections.synchronizedMap(Collections.EMPTY_MAP);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    private PolicyEvaluatorFactory policyEvalFactory;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    static Debug debug = Debug.getInstance("amPolicy");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Constructs an <code>ISPermission</code> instance, with the specified
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * <code>ProtectionDomain</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @param pd <code>ProtectionDomain</code> for which this
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *        <code>ISPermission</code> is being created.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    protected ISPermission(ProtectionDomain pd) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        super("ISPermission");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        if (debug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            debug.message("ISPermission(protectionDomain) constructor "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                + "called ");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        this.protectionDomain = pd;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Constructs an <code>ISPermission</code> instance, with the specified
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * <code>Subject</code> and the <code>CodeSource</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @param subject <code>Subject</code> for which this
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *        <code>ISPermission</code> is being created.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @param codesource <code>CodeSource</code> for which this permission is
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *        being created.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public ISPermission(Subject subject,CodeSource codesource) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        super("ISPermission");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        if (debug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            debug.message("ISPermission(subject,codesource) constructor "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                + "called ");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        this.subject = subject;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        this.codesource = codesource;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Constructs an <code>ISPermission</code> instance, with the specified
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * <code>CodeSource</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @param codesource <code>CodeSource</code> for which this permission is
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *        being created.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public ISPermission(CodeSource codesource) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        super("ISPermission");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        if (debug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            debug.message("ISPermission(codesource) constructor "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                + "called ");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        this.codesource = codesource;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Constructs an <code>ISPermission</code> instance, with the specified
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * service name, resource name and action name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @param serviceName name of service for which this
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *        <code>ISPermission</code> is being created. This name needs to be
8d3140b524c0e28c0a49dc7c7d481123ef3cfe11Chris Lee     *        one of the loaded services in the OpenAM's policy
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *        engine. example: <code>iPlanetAMWegAgentService</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @param resourceName name of the resource for which this
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *        <code>ISPermission</code> is being defined.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @param actions name of the action that needs to be checked for. It
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *        may be a <code>String</code> like "GET", "POST" in case of
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *        service name <code>iPlanetAMWebAgentService</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public ISPermission(String serviceName,String resourceName, String
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        actions)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        super("ISPermission");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        this.serviceName = serviceName;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        this.resourceName = resourceName;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        this.actions = actions;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        debug.message("ISPermission:: Constructor called");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Constructs an <code>ISPermission</code> instance, with the specified
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * service name, resource name and action name.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @param serviceName name of service for which this
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *        <code>ISPermission</code> is being created. This name needs to be
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *        one of the loaded policy services in the OpenSSO.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *        example:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *        <code>iPlanetAMWegAgentService</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @param resourceName name of the resource for which this
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *        <code>ISPermission</code> is being defined.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @param actions name of the action that needs to be checked for. It
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *        may be a <code>String</code> like "GET", "POST" in case of
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *        service name <code>iPlanetAMWebAgentService</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @param envParams a <code>java.util.Map</code> of environment parameters
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *        which are used by the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *        <code>com.sun.identity.policy.client.PolicyEvaluator</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *        to evaluate the <code>com.sun.identity.policy.Conditions</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *        associated with the policy. This is a Map of attribute-value pairs
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *        representing the environment under which the policy needs to be
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *        evaluated.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public ISPermission(String serviceName,String resourceName,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        String actions, Map envParams)
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        super("ISPermission");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        this.serviceName = serviceName;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        this.resourceName = resourceName;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        this.actions = actions;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        this.envParams = envParams;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        debug.message("ISPermission:: Constructor called");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * returns the name of the service associated with this <code>ISPermission
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * </code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @return <code>String</code> representing the name of the service for this
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *         permission.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public String getServiceName() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        debug.message("ISPermission: getServiceName called");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        return serviceName;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * returns the name of the resource associated with this <code>ISPermission
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * </code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @return  <code>String</code> representing the name of the resource for
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *          this permission.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public String getResourceName() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        debug.message("ISPermission: getResourceName called");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        return resourceName;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * returns environment parameters and their values associated with this
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * <code>ISPermission</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @return  <code>Map</code> representing the environment parameters of
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *          this permission. The <code>Map</code> consists of attribute
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *          value pairs.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public Map getEnvParams() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        return envParams;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * returns a comma separated list of actions associated with this
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * <code>ISPermission</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @return  a comma separated <code>String</code> representing the name
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *          of the action for this object. For example for:
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *          <pre>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *          ISPermission isp = new ISPermission("iPlanetAMWebAgentService,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *              "http://www.sun.com:80", "GET, POST");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *          getActions() would return "GET,POST"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *          </pre>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public String getActions() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        debug.message("ISPermission: getActions called");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        if (debug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            debug.message("returning actions:"+actions);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        return actions;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Returns true if two comma separated strings are equal.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @param actions1 actions string.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @param actions2 actions string.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @return true if two comma separated strings are equal.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    private boolean actionEquals(String actions1, String actions2) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            Set actionSet1 = Collections.synchronizedSet(new HashSet());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            Set actionSet2 = Collections.synchronizedSet(new HashSet());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        if (actions1 != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster               StringTokenizer st = new StringTokenizer(actions1,",");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            while (st.hasMoreTokens()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                String action = (String)st.nextToken().trim();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                actionSet1.add(action);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        if (actions2 != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster               StringTokenizer st = new StringTokenizer(actions2,",");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            while (st.hasMoreTokens()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                String action = (String)st.nextToken().trim();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                actionSet2.add(action);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        return actionSet1.equals(actionSet2);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Returns a <code>Set</code> of actions for this Permission.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @param actions comma separated actions string.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @return set of actions in this permsision.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    private Set actionsInSet(String actions) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        if (actionSet == null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                actionSet = Collections.synchronizedSet(new HashSet());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            return actionSet;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        if (actions != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster               StringTokenizer st = new StringTokenizer(actions,",");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            while (st.hasMoreTokens()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                String action = (String)st.nextToken();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                actionSet.add(action);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        return actionSet;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * returns the <code>Subject</code>associated with this <code>ISPermission
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * </code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @return  <code>javax.security.auth.Subject</code> representing the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *          subject of this permission.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public Subject getSubject() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        debug.message("ISPermission:: getSubject called ");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        return subject;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * returns the <code>CodeSource</code>associated with this
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * <code>ISPermission</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @return <code>java.security.CodeSource</code> representing the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *         <code>codesource</code> of this permission.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public CodeSource getCodeSource() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        debug.message("ISPermission:: getCodeSource called ");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        return codesource;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * returns the <code>ProtectionDomain</code>associated with this
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * <code>ISPermission</code>.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @return <code>java.security.ProtectionDomain</code> representing the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *         <code>protectionDomain</code> of this permission.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public ProtectionDomain getProtectionDomain() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        debug.message("ISPermission:: getProtectionDomain called ");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        return protectionDomain;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Returns true if two <code>ISPermission</code> objects for equality.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @param obj <code>ISPermission</code> object.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @return true if subject, <code>codesource</code>, service name, resource
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *         name actions and environment parameters of both objects are
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *         equal.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public boolean equals(Object obj){
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        boolean result = true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        debug.message("ISPermission:: equals(Object) called ");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        if (obj == this) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            if (debug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                debug.message("ISPermission::equals::this " +result);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            return true;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        if (obj instanceof ISPermission) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            ISPermission perm = (ISPermission) obj;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            Subject subject = perm.getSubject();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            if (subject != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                result = subject.equals(this.subject);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                if (this.subject != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    result = false; // subject is null, while this.subject is
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                    // not null.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            if (debug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                debug.message("ISPermission::subject equals:"+result);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            if (result) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                CodeSource codesource = perm.getCodeSource();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                if (codesource != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    result = codesource.equals(this.codesource);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    if (debug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                          debug.message("ISPermission::codesource equals:"+
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                            codesource.equals(this.codesource));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    if (this.codesource != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        result = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            if (result) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                ProtectionDomain protectionDomain = perm.getProtectionDomain();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                if (protectionDomain != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    result = protectionDomain.equals(this.protectionDomain);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    if (debug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                          debug.message("ISPermission::protectionDomain equals:"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                            + protectionDomain.equals(this.protectionDomain));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    if (this.protectionDomain != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        result = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            if (result) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                String serviceName = perm.getServiceName();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                if (serviceName != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    result = serviceName.equals(this.serviceName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    if (debug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                          debug.message("ISPermission::servicename equals:"+
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                            serviceName.equals(this.serviceName));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    if (this.serviceName != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        result = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            if (result) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                String resourceName = perm.getResourceName();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster               if (resourceName != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                   result = resourceName.equals(this.resourceName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    if (debug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                          debug.message("ISPermission::resourceName equals:"+
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                            resourceName.equals(this.resourceName));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    if (this.resourceName != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        result = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            if (result) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                String actions = perm.getActions();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                if (actions != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    result = actionEquals(actions,this.actions);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    if (debug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                          debug.message("ISPermission::Actions equals:"+
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                            actionEquals(actions,this.actions));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    if (this.actions != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        result = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            if (result) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                Map envParams = perm.getEnvParams();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                if (envParams != null  && !envParams.isEmpty())  {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    result = envParams.equals(this.envParams);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    if (debug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        debug.message("ISPermission::equals::envMap"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                            + envParams.equals(this.envParams));
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    if (this.envParams != null && !this.envParams.isEmpty()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        result = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        if (debug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            debug.message("ISPermission::equals::returning " +result);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        return result;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Returns the hash code value for this Permission object.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * <P>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * The required <code>hashCode</code> behavior for Permission Objects is
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * the following: <p>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * <ul>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * <li>Whenever it is invoked on the same Permission object more than
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *     once during an execution of a Java application, the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *     <code>hashCode</code> method
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *     must consistently return the same integer. This integer need not
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *     remain consistent from one execution of an application to another
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *     execution of the same application. <p>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * <li>If two Permission objects are equal according to the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *     <code>equals</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *     method, then calling the <code>hashCode</code> method on each of the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *     two Permission objects must produce the same integer result.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * </ul>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @return a hash code value for this object.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public int hashCode() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        int hash = 0;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        if (subject != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            hash = hash + this.subject.hashCode();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        if (codesource != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            hash = hash + this.codesource.hashCode();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        if (protectionDomain != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            hash = hash + this.protectionDomain.hashCode();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        if (serviceName != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            hash = hash + this.serviceName.hashCode();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        if (resourceName != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            hash = hash + this.resourceName.hashCode();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        if (actions != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            Set actionSet = actionsInSet(actions);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            hash = hash + actionSet.hashCode();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        if (envParams != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            hash = hash + this.envParams.hashCode();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        if (debug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            debug.message("ISPermission::hashCode::"+hash);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        return hash;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Checks if the specified permission's actions are "implied by"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * this object's actions.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * <P>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * The <code>implies</code> method is used by the
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * <code>AccessController</code> to determine whether or not a requested
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * permission is implied by another permission that is known to be valid
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * in the current execution context.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @param perm the permission to check against.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @return true if the specified permission is implied by this object,
8d3140b524c0e28c0a49dc7c7d481123ef3cfe11Chris Lee     *         false if not. The check is made against the OpenAM's
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *         policy service to determine this evaluation.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public boolean implies(Permission perm) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        debug.message("ISPermission: implies called");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        boolean allowed = false;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        if (perm instanceof ISPermission) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            debug.message("ISPermission:passed perm is of type ISPermission");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            if (protectionDomain != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                debug.message("ISPermission:implies:protectionDomain not null");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                if (debug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    debug.message("ISPermission::implies: protectionDomain:"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    +protectionDomain.toString());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                final String serviceName =((ISPermission)perm).getServiceName();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                final String resourceName =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    ((ISPermission)perm).getResourceName();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                final String actions = ((ISPermission)perm).getActions();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                final Map envParams = ((ISPermission)perm).getEnvParams();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                if (debug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    debug.message("ISPermission: resourceName="
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        +resourceName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    debug.message("ISPermission: serviceName="
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        +serviceName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    debug.message("ISPermission: actions="+actions);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                SSOTokenPrincipal tokenPrincipal = null;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                try {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    Principal[] principals = protectionDomain.getPrincipals();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    // principals should have only one entry
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    Principal principal = (Principal)principals[0];
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    if (principal.getName().equals("com.sun.identity."
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        +"authentication.service.SSOTokenPrincipal")) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        if (debug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                            debug.message("ISPermission::implies:principals:"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                +principal.toString());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        tokenPrincipal = (SSOTokenPrincipal) principal;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    if (tokenPrincipal == null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        if (debug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                            debug.error("ISPermission::implies:"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                + " Principal is null");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        SSOTokenManager ssomgr = SSOTokenManager.getInstance();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        final SSOToken token =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                            ssomgr.createSSOToken(tokenPrincipal.getName());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        /* TODO currently ISPermission uses remote policy
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        client API so if this class gets used from server side
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        , will always make remote call, need to make changes
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        in this code to to make a local/remote call accordingly.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                            if (policyEvalFactory == null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                             policyEvalFactory =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                PolicyEvaluatorFactory.getInstance();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                            }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                            PolicyEvaluator policyEvaluator =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        policyEvalFactory.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                            getPolicyEvaluator(serviceName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        if (debug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                            debug.message("ISPermission::implies::created "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                + "PolicyEvaluator for "+serviceName);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        if (actions != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                   StringTokenizer st =
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                new StringTokenizer(actions,",");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                while (st.hasMoreTokens()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                String action = (String)st.nextToken();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                allowed  =  policyEvaluator.isAllowed(token,
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                    resourceName , action ,envParams);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                    if (!allowed) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                    break; // the final result is not allowwed
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                if (debug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                    debug.message("ISPermission::result for "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                        + action+" is :"+allowed);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                            }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                            if (debug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                debug.message("ISPermission::result for "
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                    + actions+" is :"+allowed);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                            }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                            if (debug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                                debug.message("ISPermission:: actions is null");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                            }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                } catch (SSOException ssoe ) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    if (debug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        debug.error("ISPermission::SSOException:"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                            +ssoe.getMessage());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        ssoe.printStackTrace();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                } catch (Exception  e ) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    if (debug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        debug.error("ISPermission::Exception:"
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                            +e.getMessage());
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                        e.printStackTrace();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            } else {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                debug.message("ISPermission:: subject was null");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        if (debug.messageEnabled()) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            debug.message("ISPermission: allowed::"+allowed);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        return allowed;
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Returns a <code>java.security.PermissionCollection</code> to store this
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * kind of Permission.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     *
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @return an instance of <code>ISPermissionCollection</code>
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public PermissionCollection newPermissionCollection() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        debug.message("ISPermission:: newISPermissionCollection() called");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        return new ISPermissionCollection();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    /**
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * Returns a string describing this Permission.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     * @return <code>String</code> containing information about this Permission.
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster     */
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    public String toString() {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        StringBuffer str = new StringBuffer(200);
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        str = str.append("(").append(getClass().getName()).append("\n");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        String actions = getActions();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        if (subject != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            str = str.append(subject.toString()).append("\n");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        if (codesource != null) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            str = str.append(codesource.toString()).append("\n");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        if ((serviceName != null) && (serviceName.length() != 0)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            str = str.append("serviceName=").append(serviceName).append("\n");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        if ((resourceName != null) && (resourceName.length() != 0)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            str = str.append("resourceName=").append(resourceName).append("\n");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        if ((actions != null) && (actions.length() != 0)) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            str = str.append("actions=").append(actions).append("\n");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        if ((envParams != null) && !(envParams.isEmpty())) {
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster            str = str.append("envParams=").append(envParams.values())
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster                     .append("\n");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        str.append(")");
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster        return str.toString();
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster    }
8af80418ba1ec431c8027fa9668e5678658d3611Allan Foster}