Frames | No Frames |
1: /* ServicePermission.java -- kerberos service permission 2: Copyright (C) 2006 Free Software Foundation, Inc. 3: 4: This file is part of GNU Classpath. 5: 6: GNU Classpath is free software; you can redistribute it and/or modify 7: it under the terms of the GNU General Public License as published by 8: the Free Software Foundation; either version 2, or (at your option) 9: any later version. 10: 11: GNU Classpath is distributed in the hope that it will be useful, but 12: WITHOUT ANY WARRANTY; without even the implied warranty of 13: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14: General Public License for more details. 15: 16: You should have received a copy of the GNU General Public License 17: along with GNU Classpath; see the file COPYING. If not, write to the 18: Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 19: 02110-1301 USA. 20: 21: Linking this library statically or dynamically with other modules is 22: making a combined work based on this library. Thus, the terms and 23: conditions of the GNU General Public License cover the whole 24: combination. 25: 26: As a special exception, the copyright holders of this library give you 27: permission to link this library with independent modules to produce an 28: executable, regardless of the license terms of these independent 29: modules, and to copy and distribute the resulting executable under 30: terms of your choice, provided that you also meet, for each linked 31: independent module, the terms and conditions of the license of that 32: module. An independent module is a module which is not derived from 33: or based on this library. If you modify this library, you may extend 34: this exception to your version of the library, but you are not 35: obligated to do so. If you do not wish to do so, delete this 36: exception statement from your version. */ 37: 38: 39: package javax.security.auth.kerberos; 40: 41: import java.security.Permission; 42: import java.security.PermissionCollection; 43: import java.util.Enumeration; 44: import java.util.StringTokenizer; 45: import java.util.Vector; 46: 47: /** 48: * This represents permission to access to a Kerberos service principal. 49: * See the Kerberos authentication RFC for more information: 50: * <a href="http://www.ietf.org/rfc/rfc1510.txt">RFC 1510</a>. 51: * 52: * @since 1.4 53: */ 54: public final class ServicePermission 55: extends Permission 56: { 57: // FIXME: Enable this when serialization works. 58: // private static final long serialVersionUID = -1227585031618624935L; 59: 60: private static final int INITIATE = 1; 61: private static final int ACCEPT = 2; 62: 63: private int flags; 64: 65: /** 66: * Create a new service permission with the indicated name and actions. 67: * 68: * The name is the name of the kerberos principal for the service. 69: * 70: * The actions are a comma-separated list of strings. The recognized 71: * actions are "initiate" and "accept". The "initiate" action means 72: * that the holder of the permission can access the service. The 73: * "accept" action means that the holder of the permission can operate 74: * as this service. 75: * 76: * @param name the prinicpal's name 77: * @param action the allowed actions 78: */ 79: public ServicePermission(String name, String action) 80: { 81: super(name); 82: parseActions(action); 83: } 84: 85: public boolean implies(Permission perm) 86: { 87: if (! (perm instanceof ServicePermission)) 88: return false; 89: ServicePermission sp = (ServicePermission) perm; 90: if ((flags & sp.flags) != sp.flags) 91: return false; 92: return getName().equals(sp.getName()); 93: } 94: 95: public boolean equals(Object obj) 96: { 97: if (! (obj instanceof ServicePermission)) 98: return false; 99: ServicePermission sp = (ServicePermission) obj; 100: return flags == sp.flags && getName().equals(sp.getName()); 101: } 102: 103: public int hashCode() 104: { 105: return getName().hashCode() + flags; 106: } 107: 108: /** 109: * Return a string representing the actions. 110: */ 111: public String getActions() 112: { 113: if (flags == (INITIATE | ACCEPT)) 114: return "initiate,accept"; 115: if (flags == INITIATE) 116: return "initiate"; 117: if (flags == ACCEPT) 118: return "accept"; 119: return ""; 120: } 121: 122: public PermissionCollection newPermissionCollection() 123: { 124: return new PermissionCollection() 125: { 126: private Vector permissions = new Vector(); 127: 128: public void add(Permission perm) 129: { 130: if (isReadOnly()) 131: throw new SecurityException("readonly"); 132: if (! (perm instanceof ServicePermission)) 133: throw new IllegalArgumentException("can only add DelegationPermissions"); 134: permissions.add(perm); 135: } 136: 137: public boolean implies(Permission perm) 138: { 139: if (! (perm instanceof ServicePermission)) 140: return false; 141: Enumeration e = elements(); 142: while (e.hasMoreElements()) 143: { 144: ServicePermission sp = (ServicePermission) e.nextElement(); 145: if (sp.implies(perm)) 146: return true; 147: } 148: return false; 149: } 150: 151: public Enumeration elements() 152: { 153: return permissions.elements(); 154: } 155: }; 156: } 157: 158: private void parseActions(String actions) 159: { 160: StringTokenizer tok = new StringTokenizer(actions, ","); 161: while (tok.hasMoreTokens()) 162: { 163: String token = tok.nextToken(); 164: if ("accept".equals(token)) 165: flags |= ACCEPT; 166: else if ("initiate".equals(token)) 167: flags |= INITIATE; 168: else 169: throw new IllegalArgumentException("unrecognized token: " + token); 170: } 171: } 172: }