Source for javax.security.auth.kerberos.ServicePermission

   1: /* ServicePermission.java -- kerberos service permission
   2:    Copyright (C) 2006 Free Software Foundation, Inc.
   3: 
   4: This file is part of GNU Classpath.
   5: 
   6: GNU Classpath is free software; you can redistribute it and/or modify
   7: it under the terms of the GNU General Public License as published by
   8: the Free Software Foundation; either version 2, or (at your option)
   9: any later version.
  10: 
  11: GNU Classpath is distributed in the hope that it will be useful, but
  12: WITHOUT ANY WARRANTY; without even the implied warranty of
  13: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14: General Public License for more details.
  15: 
  16: You should have received a copy of the GNU General Public License
  17: along with GNU Classpath; see the file COPYING.  If not, write to the
  18: Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
  19: 02110-1301 USA.
  20: 
  21: Linking this library statically or dynamically with other modules is
  22: making a combined work based on this library.  Thus, the terms and
  23: conditions of the GNU General Public License cover the whole
  24: combination.
  25: 
  26: As a special exception, the copyright holders of this library give you
  27: permission to link this library with independent modules to produce an
  28: executable, regardless of the license terms of these independent
  29: modules, and to copy and distribute the resulting executable under
  30: terms of your choice, provided that you also meet, for each linked
  31: independent module, the terms and conditions of the license of that
  32: module.  An independent module is a module which is not derived from
  33: or based on this library.  If you modify this library, you may extend
  34: this exception to your version of the library, but you are not
  35: obligated to do so.  If you do not wish to do so, delete this
  36: exception statement from your version. */
  37: 
  38: 
  39: package javax.security.auth.kerberos;
  40: 
  41: import java.security.Permission;
  42: import java.security.PermissionCollection;
  43: import java.util.Enumeration;
  44: import java.util.StringTokenizer;
  45: import java.util.Vector;
  46: 
  47: /**
  48:  * This represents permission to access to a Kerberos service principal.
  49:  * See the Kerberos authentication RFC for more information:
  50:  * <a href="http://www.ietf.org/rfc/rfc1510.txt">RFC 1510</a>.
  51:  *
  52:  * @since 1.4
  53:  */
  54: public final class ServicePermission
  55:     extends Permission
  56: {
  57:   // FIXME: Enable this when serialization works.
  58:   // private static final long serialVersionUID = -1227585031618624935L;
  59: 
  60:   private static final int INITIATE = 1;
  61:   private static final int ACCEPT = 2;
  62: 
  63:   private int flags;
  64: 
  65:   /**
  66:    * Create a new service permission with the indicated name and actions.
  67:    *
  68:    * The name is the name of the kerberos principal for the service.
  69:    *
  70:    * The actions are a comma-separated list of strings.  The recognized
  71:    * actions are "initiate" and "accept".  The "initiate" action means
  72:    * that the holder of the permission can access the service.  The
  73:    * "accept" action means that the holder of the permission can operate
  74:    * as this service.
  75:    *
  76:    * @param name the prinicpal's name
  77:    * @param action the allowed actions
  78:    */
  79:   public ServicePermission(String name, String action)
  80:   {
  81:     super(name);
  82:     parseActions(action);
  83:   }
  84: 
  85:   public boolean implies(Permission perm)
  86:   {
  87:     if (! (perm instanceof ServicePermission))
  88:       return false;
  89:     ServicePermission sp = (ServicePermission) perm;
  90:     if ((flags & sp.flags) != sp.flags)
  91:       return false;
  92:     return getName().equals(sp.getName());
  93:   }
  94: 
  95:   public boolean equals(Object obj)
  96:   {
  97:     if (! (obj instanceof ServicePermission))
  98:       return false;
  99:     ServicePermission sp = (ServicePermission) obj;
 100:     return flags == sp.flags && getName().equals(sp.getName());
 101:   }
 102: 
 103:   public int hashCode()
 104:   {
 105:     return getName().hashCode() + flags;
 106:   }
 107: 
 108:   /**
 109:    * Return a string representing the actions.
 110:    */
 111:   public String getActions()
 112:   {
 113:     if (flags == (INITIATE | ACCEPT))
 114:       return "initiate,accept";
 115:     if (flags == INITIATE)
 116:       return "initiate";
 117:     if (flags == ACCEPT)
 118:       return "accept";
 119:     return "";
 120:   }
 121: 
 122:   public PermissionCollection newPermissionCollection()
 123:   {
 124:     return new PermissionCollection()
 125:     {
 126:       private Vector permissions = new Vector();
 127: 
 128:       public void add(Permission perm)
 129:       {
 130:         if (isReadOnly())
 131:           throw new SecurityException("readonly");
 132:         if (! (perm instanceof ServicePermission))
 133:           throw new IllegalArgumentException("can only add DelegationPermissions");
 134:         permissions.add(perm);
 135:       }
 136: 
 137:       public boolean implies(Permission perm)
 138:       {
 139:         if (! (perm instanceof ServicePermission))
 140:           return false;
 141:         Enumeration e = elements();
 142:         while (e.hasMoreElements())
 143:           {
 144:             ServicePermission sp = (ServicePermission) e.nextElement();
 145:             if (sp.implies(perm))
 146:               return true;
 147:           }
 148:         return false;
 149:       }
 150: 
 151:       public Enumeration elements()
 152:       {
 153:         return permissions.elements();
 154:       }
 155:     };
 156:   }
 157: 
 158:   private void parseActions(String actions)
 159:   {
 160:     StringTokenizer tok = new StringTokenizer(actions, ",");
 161:     while (tok.hasMoreTokens())
 162:       {
 163:         String token = tok.nextToken();
 164:         if ("accept".equals(token))
 165:           flags |= ACCEPT;
 166:         else if ("initiate".equals(token))
 167:           flags |= INITIATE;
 168:         else
 169:           throw new IllegalArgumentException("unrecognized token: " + token);
 170:       }
 171:   }
 172: }