/** * <p> * newSecurityConstraint * </p> * * @see org.apache.jetspeed.om.common.SecuredResource#newSecurityConstraint() * @return security constraint */ public SecurityConstraint newSecurityConstraint() { return new SecurityConstraintImpl(); }
/** * Check expression constraint against action and principals. Note that * expression constraints without permissions, denials, are treated as * simply negative grants: they do not necessarily imply the expression * check will fail as they do when specified or referenced as security * constraints proper. * * @param action check action * @param userPrincipals check user principals * @param rolePrincipals check role principals * @param groupPrincipals check group principals * @param constraint check constraint * @return flag indicating permission grant */ private boolean checkExpressionConstraint(String action, List<String> userPrincipals, List<String> rolePrincipals, List<String> groupPrincipals, SecurityConstraintImpl constraint) { if (constraint.getPermissions() != null) { // permitted if action matches permissions and user/role/group match principals return (constraint.actionMatch(action) && constraint.principalsMatch(userPrincipals, rolePrincipals, groupPrincipals, true)); } else { // permissions not specified: not permitted if any principal matched return !constraint.principalsMatch(userPrincipals, rolePrincipals, groupPrincipals, false); } } }
/** * getGroupsAsString * * @return groups CSV list */ public String getGroupsAsString() { // get from groups list if not immediately available if ((groups == null) && (groupsList != null) && !groupsList.isEmpty()) { groups = formatCSVList(groupsList); } return groups; }
public SecurityConstraint set(int index, SecurityConstraint element) { // implement for modifiable AbstractList: // verify constraint SecurityConstraintImpl newConstraint = validateConstraintForAdd(element); // set in underlying ordered list SecurityConstraintImpl constraint = constraints.accessConstraints().set(index, newConstraint); // set apply order in new element newConstraint.setApplyOrder(constraint.getApplyOrder()); // clear all cached security constraints constraints.clearAllSecurityConstraints(); // return constraint return constraint; }
/** * setUsersAsString * * @param users users CSV list */ public void setUsersAsString(String users) { // set and propagate to users list setting this.users = users; usersList = parseCSVList(users); }
/** * <p> * principalsMatch * </p> * <p> * Test user/role/group names against principal names. * </p> * * @param userPrincipals * @param rolePrincipals * @param groupPrincipals * @param allowDefault * @return match result */ public boolean principalsMatch(List<String> userPrincipals, List<String> rolePrincipals, List<String> groupPrincipals, boolean allowDefault) { // test match using users, roles, and groups list members // since these are the master representation in this impl return ((allowDefault && (usersList == null) && (rolesList == null) && (groupsList == null)) || ((usersList != null) && (userPrincipals != null) && (containsAny(usersList, userPrincipals) || usersList.contains(WILD_CHAR))) || ((rolesList != null) && (rolePrincipals != null) && (containsAny(rolesList, rolePrincipals) || rolesList.contains(WILD_CHAR))) || ((groupsList != null) && (groupPrincipals != null) && (containsAny(groupsList, groupPrincipals) || groupsList.contains(WILD_CHAR)))); }
constraint.setApplyOrder(constraints.accessConstraints().get(index-1).getApplyOrder() + 1); constraint.setApplyOrder(0); if (nextConstraint.getApplyOrder() <= constraint.getApplyOrder()) nextConstraint.setApplyOrder(constraint.getApplyOrder() + 1); constraint = nextConstraint;
/** * setRolesAsString * * @param roles roles CSV list */ public void setRolesAsString(String roles) { // set and propagate to roles list setting this.roles = roles; rolesList = parseCSVList(roles); }
if (constraint.getPermissions() != null) if (constraint.actionMatch(action) && constraint.principalsMatch(userPrincipals, rolePrincipals, groupPrincipals, true)) if (constraint.principalsMatch(userPrincipals, rolePrincipals, groupPrincipals, false))
/** * setPermissionsAsString * * @param permissions permissions CSV list */ public void setPermissionsAsString(String permissions) { // set and propagate to permissions list setting this.permissions = permissions; permissionsList = parseCSVList(permissions); }
/** * getUsersAsString * * @return users CSV list */ public String getUsersAsString() { // get from users list if not immediately available if ((users == null) && (usersList != null) && !usersList.isEmpty()) { users = formatCSVList(usersList); } return users; }
public SecurityConstraint newSecurityConstraint() { // return constraints specific security constraint instance if ((constraints != null) && (constraints.getSecurityConstraintClass() != null)) { try { return (SecurityConstraintImpl)constraints.getSecurityConstraintClass().newInstance(); } catch (InstantiationException ie) { throw new ClassCastException("Unable to create security constraint instance: " + constraints.getSecurityConstraintClass().getName() + ", (" + ie + ")."); } catch (IllegalAccessException iae) { throw new ClassCastException("Unable to create security constraint instance: " + constraints.getSecurityConstraintClass().getName() + ", (" + iae + ")."); } } // return universal security constraint instance return new SecurityConstraintImpl(); }
if (constraint.getPermissions() != null) if (constraint.actionMatch(action) && constraint.principalsMatch(userPrincipals, rolePrincipals, groupPrincipals, true)) if (constraint.principalsMatch(userPrincipals, rolePrincipals, groupPrincipals, false))
/** * setGroupsAsString * * @param groups groups CSV list */ public void setGroupsAsString(String groups) { // set and propagate to groups list setting this.groups = groups; groupsList = parseCSVList(groups); }
/** * getRolesAsString * * @return roles CSV list */ public String getRolesAsString() { // get from roles list if not immediately available if ((roles == null) && (rolesList != null) && !rolesList.isEmpty()) { roles = formatCSVList(rolesList); } return roles; }
if (constraint.getPermissions() != null) if (constraint.actionMatch(action) && constraint.principalsMatch(userPrincipals, rolePrincipals, groupPrincipals, true)) if (constraint.principalsMatch(userPrincipals, rolePrincipals, groupPrincipals, false))
public static boolean checkConstraint(SecurityConstraintsDef def, String actions) throws DocumentException List<String> viewActionList = SecurityConstraintImpl.parseCSVList(actions); List<String> otherActionsList = null; if (viewActionList.size() == 1)
/** * getPermissionsAsString * * @return permissions CSV list */ public String getPermissionsAsString() { // get from permissions list if not immediately available if ((permissions == null) && (permissionsList != null) && !permissionsList.isEmpty()) { permissions = formatCSVList(permissionsList); } return permissions; }
List<String> viewActionList = SecurityConstraintImpl.parseCSVList(actions); List<String> otherActionsList = null; if (viewActionList.size() == 1)
List<String> viewActionList = SecurityConstraintImpl.parseCSVList(actions); List<String> otherActionsList = null; if (viewActionList.size() == 1)