diff options
Diffstat (limited to 'libjava/classpath/javax/security/auth/kerberos/ServicePermission.java')
| -rw-r--r-- | libjava/classpath/javax/security/auth/kerberos/ServicePermission.java | 172 |
1 files changed, 172 insertions, 0 deletions
diff --git a/libjava/classpath/javax/security/auth/kerberos/ServicePermission.java b/libjava/classpath/javax/security/auth/kerberos/ServicePermission.java new file mode 100644 index 000000000..4412ea459 --- /dev/null +++ b/libjava/classpath/javax/security/auth/kerberos/ServicePermission.java @@ -0,0 +1,172 @@ +/* ServicePermission.java -- kerberos service permission + Copyright (C) 2006 Free Software Foundation, Inc. + +This file is part of GNU Classpath. + +GNU Classpath is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation; either version 2, or (at your option) +any later version. + +GNU Classpath is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License +along with GNU Classpath; see the file COPYING. If not, write to the +Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA +02110-1301 USA. + +Linking this library statically or dynamically with other modules is +making a combined work based on this library. Thus, the terms and +conditions of the GNU General Public License cover the whole +combination. + +As a special exception, the copyright holders of this library give you +permission to link this library with independent modules to produce an +executable, regardless of the license terms of these independent +modules, and to copy and distribute the resulting executable under +terms of your choice, provided that you also meet, for each linked +independent module, the terms and conditions of the license of that +module. An independent module is a module which is not derived from +or based on this library. If you modify this library, you may extend +this exception to your version of the library, but you are not +obligated to do so. If you do not wish to do so, delete this +exception statement from your version. */ + + +package javax.security.auth.kerberos; + +import java.security.Permission; +import java.security.PermissionCollection; +import java.util.Enumeration; +import java.util.StringTokenizer; +import java.util.Vector; + +/** + * This represents permission to access to a Kerberos service principal. + * See the Kerberos authentication RFC for more information: + * <a href="http://www.ietf.org/rfc/rfc1510.txt">RFC 1510</a>. + * + * @since 1.4 + */ +public final class ServicePermission + extends Permission +{ + // FIXME: Enable this when serialization works. + // private static final long serialVersionUID = -1227585031618624935L; + + private static final int INITIATE = 1; + private static final int ACCEPT = 2; + + private int flags; + + /** + * Create a new service permission with the indicated name and actions. + * + * The name is the name of the kerberos principal for the service. + * + * The actions are a comma-separated list of strings. The recognized + * actions are "initiate" and "accept". The "initiate" action means + * that the holder of the permission can access the service. The + * "accept" action means that the holder of the permission can operate + * as this service. + * + * @param name the prinicpal's name + * @param action the allowed actions + */ + public ServicePermission(String name, String action) + { + super(name); + parseActions(action); + } + + public boolean implies(Permission perm) + { + if (! (perm instanceof ServicePermission)) + return false; + ServicePermission sp = (ServicePermission) perm; + if ((flags & sp.flags) != sp.flags) + return false; + return getName().equals(sp.getName()); + } + + public boolean equals(Object obj) + { + if (! (obj instanceof ServicePermission)) + return false; + ServicePermission sp = (ServicePermission) obj; + return flags == sp.flags && getName().equals(sp.getName()); + } + + public int hashCode() + { + return getName().hashCode() + flags; + } + + /** + * Return a string representing the actions. + */ + public String getActions() + { + if (flags == (INITIATE | ACCEPT)) + return "initiate,accept"; + if (flags == INITIATE) + return "initiate"; + if (flags == ACCEPT) + return "accept"; + return ""; + } + + public PermissionCollection newPermissionCollection() + { + return new PermissionCollection() + { + private Vector permissions = new Vector(); + + public void add(Permission perm) + { + if (isReadOnly()) + throw new SecurityException("readonly"); + if (! (perm instanceof ServicePermission)) + throw new IllegalArgumentException("can only add DelegationPermissions"); + permissions.add(perm); + } + + public boolean implies(Permission perm) + { + if (! (perm instanceof ServicePermission)) + return false; + Enumeration e = elements(); + while (e.hasMoreElements()) + { + ServicePermission sp = (ServicePermission) e.nextElement(); + if (sp.implies(perm)) + return true; + } + return false; + } + + public Enumeration elements() + { + return permissions.elements(); + } + }; + } + + private void parseActions(String actions) + { + StringTokenizer tok = new StringTokenizer(actions, ","); + while (tok.hasMoreTokens()) + { + String token = tok.nextToken(); + if ("accept".equals(token)) + flags |= ACCEPT; + else if ("initiate".equals(token)) + flags |= INITIATE; + else + throw new IllegalArgumentException("unrecognized token: " + token); + } + } +} |