| Classes in this File | Line Coverage | Branch Coverage | Complexity | ||||
| WildcardPermission |
|
| 3.272727272727273;3.273 |
| 1 | /* | |
| 2 | * Licensed to the Apache Software Foundation (ASF) under one | |
| 3 | * or more contributor license agreements. See the NOTICE file | |
| 4 | * distributed with this work for additional information | |
| 5 | * regarding copyright ownership. The ASF licenses this file | |
| 6 | * to you under the Apache License, Version 2.0 (the | |
| 7 | * "License"); you may not use this file except in compliance | |
| 8 | * with the License. You may obtain a copy of the License at | |
| 9 | * | |
| 10 | * http://www.apache.org/licenses/LICENSE-2.0 | |
| 11 | * | |
| 12 | * Unless required by applicable law or agreed to in writing, | |
| 13 | * software distributed under the License is distributed on an | |
| 14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |
| 15 | * KIND, either express or implied. See the License for the | |
| 16 | * specific language governing permissions and limitations | |
| 17 | * under the License. | |
| 18 | */ | |
| 19 | package org.apache.shiro.authz.permission; | |
| 20 | ||
| 21 | import org.apache.shiro.authz.Permission; | |
| 22 | import org.apache.shiro.util.CollectionUtils; | |
| 23 | import org.apache.shiro.util.StringUtils; | |
| 24 | ||
| 25 | import java.io.Serializable; | |
| 26 | import java.util.ArrayList; | |
| 27 | import java.util.LinkedHashSet; | |
| 28 | import java.util.List; | |
| 29 | import java.util.Set; | |
| 30 | ||
| 31 | /** | |
| 32 | * A <code>WildcardPermission</code> is a very flexible permission construct supporting multiple levels of | |
| 33 | * permission matching. However, most people will probably follow some standard conventions as explained below. | |
| 34 | * <p/> | |
| 35 | * <h3>Simple Usage</h3> | |
| 36 | * <p/> | |
| 37 | * In the simplest form, <code>WildcardPermission</code> can be used as a simple permission string. You could grant a | |
| 38 | * user an "editNewsletter" permission and then check to see if the user has the editNewsletter | |
| 39 | * permission by calling | |
| 40 | * <p/> | |
| 41 | * <code>subject.isPermitted("editNewsletter")</code> | |
| 42 | * <p/> | |
| 43 | * This is (mostly) equivalent to | |
| 44 | * <p/> | |
| 45 | * <code>subject.isPermitted( new WildcardPermission("editNewsletter") )</code> | |
| 46 | * <p/> | |
| 47 | * but more on that later. | |
| 48 | * <p/> | |
| 49 | * The simple permission string may work for simple applications, but it requires you to have permissions like | |
| 50 | * <code>"viewNewsletter"</code>, <code>"deleteNewsletter"</code>, | |
| 51 | * <code>"createNewsletter"</code>, etc. You can also grant a user <code>"*"</code> permissions | |
| 52 | * using the wildcard character (giving this class its name), which means they have <em>all</em> permissions. But | |
| 53 | * using this approach there's no way to just say a user has "all newsletter permissions". | |
| 54 | * <p/> | |
| 55 | * For this reason, <code>WildcardPermission</code> supports multiple <em>levels</em> of permissioning. | |
| 56 | * <p/> | |
| 57 | * <h3>Multiple Levels</h3> | |
| 58 | * <p/> | |
| 59 | * WildcardPermission</code> also supports the concept of multiple <em>levels</em>. For example, you could | |
| 60 | * restructure the previous simple example by granting a user the permission <code>"newsletter:edit"</code>. | |
| 61 | * The colon in this example is a special character used by the <code>WildcardPermission</code> that delimits the | |
| 62 | * next token in the permission. | |
| 63 | * <p/> | |
| 64 | * In this example, the first token is the <em>domain</em> that is being operated on | |
| 65 | * and the second token is the <em>action</em> being performed. Each level can contain multiple values. So you | |
| 66 | * could simply grant a user the permission <code>"newsletter:view,edit,create"</code> which gives them | |
| 67 | * access to perform <code>view</code>, <code>edit</code>, and <code>create</code> actions in the <code>newsletter</code> | |
| 68 | * <em>domain</em>. Then you could check to see if the user has the <code>"newsletter:create"</code> | |
| 69 | * permission by calling | |
| 70 | * <p/> | |
| 71 | * <code>subject.isPermitted("newsletter:create")</code> | |
| 72 | * <p/> | |
| 73 | * (which would return true). | |
| 74 | * <p/> | |
| 75 | * In addition to granting multiple permissions via a single string, you can grant all permission for a particular | |
| 76 | * level. So if you wanted to grant a user all actions in the <code>newsletter</code> domain, you could simply give | |
| 77 | * them <code>"newsletter:*"</code>. Now, any permission check for <code>"newsletter:XXX"</code> | |
| 78 | * will return <code>true</code>. It is also possible to use the wildcard token at the domain level (or both): so you | |
| 79 | * could grant a user the <code>"view"</code> action across all domains <code>"*:view"</code>. | |
| 80 | * <p/> | |
| 81 | * <h3>Instance-level Access Control</h3> | |
| 82 | * <p/> | |
| 83 | * Another common usage of the <code>WildcardPermission</code> is to model instance-level Access Control Lists. | |
| 84 | * In this scenario you use three tokens - the first is the <em>domain</em>, the second is the <em>action</em>, and | |
| 85 | * the third is the <em>instance</em> you are acting on. | |
| 86 | * <p/> | |
| 87 | * So for example you could grant a user <code>"newsletter:edit:12,13,18"</code>. In this example, assume | |
| 88 | * that the third token is the system's ID of the newsletter. That would allow the user to edit newsletters | |
| 89 | * <code>12</code>, <code>13</code>, and <code>18</code>. This is an extremely powerful way to express permissions, | |
| 90 | * since you can now say things like <code>"newsletter:*:13"</code> (grant a user all actions for newsletter | |
| 91 | * <code>13</code>), <code>"newsletter:view,create,edit:*"</code> (allow the user to | |
| 92 | * <code>view</code>, <code>create</code>, or <code>edit</code> <em>any</em> newsletter), or | |
| 93 | * <code>"newsletter:*:*</code> (allow the user to perform <em>any</em> action on <em>any</em> newsletter). | |
| 94 | * <p/> | |
| 95 | * To perform checks against these instance-level permissions, the application should include the instance ID in the | |
| 96 | * permission check like so: | |
| 97 | * <p/> | |
| 98 | * <code>subject.isPermitted( "newsletter:edit:13" )</code> | |
| 99 | * <p/> | |
| 100 | * There is no limit to the number of tokens that can be used, so it is up to your imagination in terms of ways that | |
| 101 | * this could be used in your application. However, the Shiro team likes to standardize some common usages shown | |
| 102 | * above to help people get started and provide consistency in the Shiro community. | |
| 103 | * | |
| 104 | * @since 0.9 | |
| 105 | */ | |
| 106 | public class WildcardPermission implements Permission, Serializable { | |
| 107 | ||
| 108 | //TODO - JavaDoc methods | |
| 109 | ||
| 110 | /*-------------------------------------------- | |
| 111 | | C O N S T A N T S | | |
| 112 | ============================================*/ | |
| 113 | protected static final String WILDCARD_TOKEN = "*"; | |
| 114 | protected static final String PART_DIVIDER_TOKEN = ":"; | |
| 115 | protected static final String SUBPART_DIVIDER_TOKEN = ","; | |
| 116 | protected static final boolean DEFAULT_CASE_SENSITIVE = false; | |
| 117 | ||
| 118 | /*-------------------------------------------- | |
| 119 | | I N S T A N C E V A R I A B L E S | | |
| 120 | ============================================*/ | |
| 121 | private List<Set<String>> parts; | |
| 122 | ||
| 123 | /*-------------------------------------------- | |
| 124 | | C O N S T R U C T O R S | | |
| 125 | ============================================*/ | |
| 126 | /** | |
| 127 | * Default no-arg constructor for subclasses only - end-user developers instantiating Permission instances must | |
| 128 | * provide a wildcard string at a minimum, since Permission instances are immutable once instantiated. | |
| 129 | * <p/> | |
| 130 | * Note that the WildcardPermission class is very robust and typically subclasses are not necessary unless you | |
| 131 | * wish to create type-safe Permission objects that would be used in your application, such as perhaps a | |
| 132 | * {@code UserPermission}, {@code SystemPermission}, {@code PrinterPermission}, etc. If you want such type-safe | |
| 133 | * permission usage, consider subclassing the {@link DomainPermission DomainPermission} class for your needs. | |
| 134 | */ | |
| 135 | 5 | protected WildcardPermission() { |
| 136 | 5 | } |
| 137 | ||
| 138 | public WildcardPermission(String wildcardString) { | |
| 139 | 104 | this(wildcardString, DEFAULT_CASE_SENSITIVE); |
| 140 | 100 | } |
| 141 | ||
| 142 | 110 | public WildcardPermission(String wildcardString, boolean caseSensitive) { |
| 143 | 110 | setParts(wildcardString, caseSensitive); |
| 144 | 106 | } |
| 145 | ||
| 146 | protected void setParts(String wildcardString) { | |
| 147 | 5 | setParts(wildcardString, DEFAULT_CASE_SENSITIVE); |
| 148 | 5 | } |
| 149 | ||
| 150 | protected void setParts(String wildcardString, boolean caseSensitive) { | |
| 151 | 115 | wildcardString = StringUtils.clean(wildcardString); |
| 152 | ||
| 153 | 115 | if (wildcardString == null || wildcardString.isEmpty()) { |
| 154 | 3 | throw new IllegalArgumentException("Wildcard string cannot be null or empty. Make sure permission strings are properly formatted."); |
| 155 | } | |
| 156 | ||
| 157 | 112 | List<String> parts = CollectionUtils.asList(wildcardString.split(PART_DIVIDER_TOKEN)); |
| 158 | ||
| 159 | 112 | this.parts = new ArrayList<Set<String>>(); |
| 160 | 112 | for (String part : parts) { |
| 161 | 198 | Set<String> subparts = CollectionUtils.asSet(part.split(SUBPART_DIVIDER_TOKEN)); |
| 162 | 198 | if (!caseSensitive) { |
| 163 | 198 | subparts = lowercase(subparts); |
| 164 | } | |
| 165 | 198 | if (subparts.isEmpty()) { |
| 166 | 1 | throw new IllegalArgumentException("Wildcard string cannot contain parts with only dividers. Make sure permission strings are properly formatted."); |
| 167 | } | |
| 168 | 197 | this.parts.add(subparts); |
| 169 | 197 | } |
| 170 | ||
| 171 | 111 | if (this.parts.isEmpty()) { |
| 172 | 0 | throw new IllegalArgumentException("Wildcard string cannot contain only dividers. Make sure permission strings are properly formatted."); |
| 173 | } | |
| 174 | 111 | } |
| 175 | ||
| 176 | private Set<String> lowercase(Set<String> subparts) { | |
| 177 | 198 | Set<String> lowerCasedSubparts = new LinkedHashSet<String>(subparts.size()); |
| 178 | 198 | for (String subpart : subparts) { |
| 179 | 231 | lowerCasedSubparts.add(subpart.toLowerCase()); |
| 180 | 231 | } |
| 181 | 198 | return lowerCasedSubparts; |
| 182 | } | |
| 183 | ||
| 184 | /*-------------------------------------------- | |
| 185 | | A C C E S S O R S / M O D I F I E R S | | |
| 186 | ============================================*/ | |
| 187 | protected List<Set<String>> getParts() { | |
| 188 | 460 | return this.parts; |
| 189 | } | |
| 190 | ||
| 191 | /*-------------------------------------------- | |
| 192 | | M E T H O D S | | |
| 193 | ============================================*/ | |
| 194 | ||
| 195 | public boolean implies(Permission p) { | |
| 196 | // By default only supports comparisons with other WildcardPermissions | |
| 197 | 81 | if (!(p instanceof WildcardPermission)) { |
| 198 | 0 | return false; |
| 199 | } | |
| 200 | ||
| 201 | 81 | WildcardPermission wp = (WildcardPermission) p; |
| 202 | ||
| 203 | 81 | List<Set<String>> otherParts = wp.getParts(); |
| 204 | ||
| 205 | 81 | int i = 0; |
| 206 | 81 | for (Set<String> otherPart : otherParts) { |
| 207 | // If this permission has less parts than the other permission, everything after the number of parts contained | |
| 208 | // in this permission is automatically implied, so return true | |
| 209 | 152 | if (getParts().size() - 1 < i) { |
| 210 | 11 | return true; |
| 211 | } else { | |
| 212 | 141 | Set<String> part = getParts().get(i); |
| 213 | 141 | if (!part.contains(WILDCARD_TOKEN) && !part.containsAll(otherPart)) { |
| 214 | 21 | return false; |
| 215 | } | |
| 216 | 120 | i++; |
| 217 | } | |
| 218 | 120 | } |
| 219 | ||
| 220 | // If this permission has more parts than the other parts, only imply it if all of the other parts are wildcards | |
| 221 | 77 | for (; i < getParts().size(); i++) { |
| 222 | 18 | Set<String> part = getParts().get(i); |
| 223 | 18 | if (!part.contains(WILDCARD_TOKEN)) { |
| 224 | 4 | return false; |
| 225 | } | |
| 226 | } | |
| 227 | ||
| 228 | 45 | return true; |
| 229 | } | |
| 230 | ||
| 231 | public String toString() { | |
| 232 | 4 | StringBuilder buffer = new StringBuilder(); |
| 233 | 4 | for (Set<String> part : parts) { |
| 234 | 4 | if (buffer.length() > 0) { |
| 235 | 0 | buffer.append(":"); |
| 236 | } | |
| 237 | 4 | buffer.append(part); |
| 238 | 4 | } |
| 239 | 4 | return buffer.toString(); |
| 240 | } | |
| 241 | ||
| 242 | public boolean equals(Object o) { | |
| 243 | 0 | if (o instanceof WildcardPermission) { |
| 244 | 0 | WildcardPermission wp = (WildcardPermission) o; |
| 245 | 0 | return parts.equals(wp.parts); |
| 246 | } | |
| 247 | 0 | return false; |
| 248 | } | |
| 249 | ||
| 250 | public int hashCode() { | |
| 251 | 129 | return parts.hashCode(); |
| 252 | } | |
| 253 | ||
| 254 | } |