001 /*
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements. See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License. You may obtain a copy of the License at
008 *
009 * http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017 package org.apache.servicemix.jbi.security.acl.impl;
018
019 import java.security.Principal;
020 import java.util.HashSet;
021 import java.util.List;
022 import java.util.Set;
023 import java.util.regex.Pattern;
024
025 import javax.jbi.servicedesc.ServiceEndpoint;
026 import javax.xml.namespace.QName;
027
028 import org.apache.servicemix.jbi.security.acl.AuthorizationMap;
029
030
031 /**
032 *
033 * @author gnodet
034 * @org.apache.xbean.XBean element="authorizationMap"
035 */
036 public class DefaultAuthorizationMap implements AuthorizationMap {
037
038 private AuthorizationEntry defaultEntry;
039 private List<AuthorizationEntry> authorizationEntries;
040
041 public DefaultAuthorizationMap() {
042 }
043
044 public DefaultAuthorizationMap(List<AuthorizationEntry> authorizationEntries) {
045 this.authorizationEntries = authorizationEntries;
046 }
047
048 /**
049 * @return the authorizationEntries
050 */
051 public List<AuthorizationEntry> getAuthorizationEntries() {
052 return authorizationEntries;
053 }
054
055 /**
056 * @param authorizationEntries the authorizationEntries to set
057 * @org.apache.xbean.ElementType class="org.apache.servicemix.jbi.security.AuthorizationEntry"
058 */
059 public void setAuthorizationEntries(List<AuthorizationEntry> authorizationEntries) {
060 this.authorizationEntries = authorizationEntries;
061 }
062
063 /**
064 * @return the defaultEntry
065 */
066 public AuthorizationEntry getDefaultEntry() {
067 return defaultEntry;
068 }
069
070 /**
071 * @param defaultEntry the defaultEntry to set
072 */
073 public void setDefaultEntry(AuthorizationEntry defaultEntry) {
074 this.defaultEntry = defaultEntry;
075 }
076
077 public Set<Principal> getAcls(ServiceEndpoint endpoint, QName operation) {
078 Set<Principal> acls = new HashSet<Principal>();
079 if (defaultEntry != null) {
080 acls.addAll(defaultEntry.getAcls());
081 }
082 for (AuthorizationEntry entry : authorizationEntries) {
083 if (match(entry, endpoint, operation)) {
084 if (AuthorizationEntry.TYPE_ADD.equalsIgnoreCase(entry.getType())) {
085 acls.addAll(entry.getAcls());
086 } else if (AuthorizationEntry.TYPE_SET.equalsIgnoreCase(entry.getType())) {
087 acls.clear();
088 acls.addAll(entry.getAcls());
089 } else if (AuthorizationEntry.TYPE_REM.equalsIgnoreCase(entry.getType())) {
090 acls.removeAll(entry.getAcls());
091 }
092 }
093 }
094 return acls;
095 }
096
097 protected boolean match(AuthorizationEntry entry, ServiceEndpoint endpoint, QName operation) {
098 return match(entry.getService(), endpoint.getServiceName())
099 && match(entry.getEndpoint(), endpoint.getEndpointName())
100 && (entry.getOperation() == null || operation == null || match(entry.getOperation(), operation));
101 }
102
103 private boolean match(QName acl, QName target) {
104 return match(acl.getNamespaceURI(), target.getNamespaceURI())
105 && match(acl.getLocalPart(), target.getLocalPart());
106 }
107
108 private boolean match(String acl, String target) {
109 return acl == null
110 || acl.equals("*")
111 || Pattern.matches(acl, target);
112 }
113
114 }