FragmentPermission xref

View Javadoc

1   /* 
2    * Licensed to the Apache Software Foundation (ASF) under one or more
3    * contributor license agreements.  See the NOTICE file distributed with
4    * this work for additional information regarding copyright ownership.
5    * The ASF licenses this file to You under the Apache License, Version 2.0
6    * (the "License"); you may not use this file except in compliance with
7    * the License.  You may obtain a copy of the License at
8   *
9   *     http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  */
17  package org.apache.jetspeed.security;
18  
19  import java.security.Permission;
20  
21  /***
22   * <p>Fragment permission.</p>
23   * <p>This code was partially inspired from articles from:</p>
24   * <ul>
25   * <li><a href="http://www-106.ibm.com/developerworks/library/j-jaas/">
26   * Extend JAAS for class instance-level authorization.</a></li>
27   * <li>The FilePermission implementation from the JDK in order to support recursive permissions & wild card</li>
28   * </ul>
29   * <p/>
30   * This class represents access to a fragment within a
31   * content document.  A FragmentPermission consists
32   * of a path, fragment name, or a simple fragment name
33   * pattern and a set of actions valid for that pathname.
34   * <p/>
35   * Here are some examples of valid fragment permissions names:
36   * <li>"/folder/page.psml/app::portlet" matches fragments
37   * within a page for a specified portlet contained in a app<li>
38   * <li>"security::*" matches fragments for portlets from the security app<li>
39   * <li>"&lt;&lt;ALL FRAGMENTS&gt;&gt;" matches <b>any</b> fragment<li>
40   * <p/>
41   *
42   * @author <a href="mailto:rwatler@apache.org">Randy Watler</a>
43   */
44  public class FragmentPermission extends PortalResourcePermission
45  {
46      /***
47       * <p>Constructor for FragmentPermission.</p>
48       *
49       * @param name    The fragment name.
50       * @param actions The actions on the fragment.
51       */
52      public FragmentPermission(String name, String actions)
53      {
54          super(name, actions);
55      }
56  
57      /***
58       * <p>Constructor for FragmentPermission.</p>
59       *
60       * @param name The fragment name.
61       * @param mask The mask of actions on the fragment.
62       */
63      public FragmentPermission(String name, int mask)
64      {
65          super(name, mask);
66      }
67  
68      public boolean implies(Permission permission)
69      {
70          // The permission must be an instance
71          // of the FragmentPermission.
72          if (!(permission instanceof FragmentPermission))
73          {
74              return false;
75          }
76          FragmentPermission fragmentPerm = (FragmentPermission) permission;
77  
78          // Test fragment permission name matches
79          String ruleName = getName();
80          if (!ruleName.equals("<<ALL FRAGMENTS>>"))
81          {
82              String testName = fragmentPerm.getName();
83  
84              // match wildcarded portlet names
85              int testNamesSeparator = testName.lastIndexOf("::");
86              if (ruleName.endsWith("::" + FolderPermission.WILD_CHAR_STR) && (testNamesSeparator > 0))
87              {
88                  ruleName = ruleName.substring(0, ruleName.length() - 3);
89                  testName = testName.substring(0, testNamesSeparator);
90              }
91  
92              // trim path components from test name if rule
93              // is not prefixed with the path
94              if (!ruleName.startsWith(FolderPermission.FOLDER_SEPARATOR_STR) &&
95                      testName.startsWith(FolderPermission.FOLDER_SEPARATOR_STR))
96              {
97                  int testPathIndex = testName.lastIndexOf(FolderPermission.FOLDER_SEPARATOR);
98                  testName = testName.substring(testPathIndex + 1);
99              }
100 
101             // remaining name parts must match
102             if (!ruleName.equals(testName))
103             {
104                 return false;
105             }
106         }
107 
108         // The action bits in FragmentPerm (permission)
109         // must be set in the current mask permission.
110         return (mask & fragmentPerm.mask) == fragmentPerm.mask;
111 
112     }
113 
114     /***
115      * @see java.security.Permission#equals(Object)
116      */
117     public boolean equals(Object object)
118     {
119         if (!(object instanceof FragmentPermission))
120             return false;
121 
122         FragmentPermission p = (FragmentPermission) object;
123         return ((p.mask == mask) && (p.getName().equals(getName())));
124     }
125 
126 }