2 // ========================================================================
3 // Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd.
4 // ------------------------------------------------------------------------
5 // All rights reserved. This program and the accompanying materials
6 // are made available under the terms of the Eclipse Public License v1.0
7 // and Apache License v2.0 which accompanies this distribution.
9 // The Eclipse Public License is available at
10 // http://www.eclipse.org/legal/epl-v10.html
12 // The Apache License v2.0 is available at
13 // http://www.opensource.org/licenses/apache2.0.php
15 // You may elect to redistribute this code under either of these licenses.
16 // ========================================================================
19 package org.eclipse.jetty.util.security;
21 import java.io.Serializable;
22 import java.util.Arrays;
24 /* ------------------------------------------------------------ */
28 * Describe an auth and/or data constraint.
32 public class Constraint implements Cloneable, Serializable
34 /* ------------------------------------------------------------ */
35 public final static String __BASIC_AUTH = "BASIC";
37 public final static String __FORM_AUTH = "FORM";
39 public final static String __DIGEST_AUTH = "DIGEST";
41 public final static String __CERT_AUTH = "CLIENT_CERT";
43 public final static String __CERT_AUTH2 = "CLIENT-CERT";
45 public final static String __SPNEGO_AUTH = "SPNEGO";
47 public final static String __NEGOTIATE_AUTH = "NEGOTIATE";
49 public static boolean validateMethod (String method)
53 method = method.trim();
54 return (method.equals(__FORM_AUTH)
55 || method.equals(__BASIC_AUTH)
56 || method.equals (__DIGEST_AUTH)
57 || method.equals (__CERT_AUTH)
58 || method.equals(__CERT_AUTH2)
59 || method.equals(__SPNEGO_AUTH)
60 || method.equals(__NEGOTIATE_AUTH));
63 /* ------------------------------------------------------------ */
64 public final static int DC_UNSET = -1, DC_NONE = 0, DC_INTEGRAL = 1, DC_CONFIDENTIAL = 2, DC_FORBIDDEN = 3;
66 /* ------------------------------------------------------------ */
67 public final static String NONE = "NONE";
69 public final static String ANY_ROLE = "*";
71 public final static String ANY_AUTH = "**"; //Servlet Spec 3.1 pg 140
73 /* ------------------------------------------------------------ */
76 private String[] _roles;
78 private int _dataConstraint = DC_UNSET;
80 private boolean _anyRole = false;
82 private boolean _anyAuth = false;
84 private boolean _authenticate = false;
86 /* ------------------------------------------------------------ */
94 /* ------------------------------------------------------------ */
96 * Conveniance Constructor.
101 public Constraint(String name, String role)
104 setRoles(new String[] { role });
107 /* ------------------------------------------------------------ */
109 public Object clone() throws CloneNotSupportedException
111 return super.clone();
114 /* ------------------------------------------------------------ */
118 public void setName(String name)
123 /* ------------------------------------------------------------ */
124 public String getName()
129 /* ------------------------------------------------------------ */
130 public void setRoles(String[] roles)
137 for (int i = roles.length; i-- > 0;)
139 _anyRole |= ANY_ROLE.equals(roles[i]);
140 _anyAuth |= ANY_AUTH.equals(roles[i]);
145 /* ------------------------------------------------------------ */
147 * @return True if any user role is permitted.
149 public boolean isAnyRole()
155 /* ------------------------------------------------------------ */
156 /** Servlet Spec 3.1, pg 140
157 * @return True if any authenticated user is permitted (ie a role "**" was specified in the constraint).
159 public boolean isAnyAuth()
164 /* ------------------------------------------------------------ */
166 * @return List of roles for this constraint.
168 public String[] getRoles()
173 /* ------------------------------------------------------------ */
176 * @return True if the constraint contains the role.
178 public boolean hasRole(String role)
180 if (_anyRole) return true;
181 if (_roles != null) for (int i = _roles.length; i-- > 0;)
182 if (role.equals(_roles[i])) return true;
186 /* ------------------------------------------------------------ */
188 * @param authenticate True if users must be authenticated
190 public void setAuthenticate(boolean authenticate)
192 _authenticate = authenticate;
195 /* ------------------------------------------------------------ */
197 * @return True if the constraint requires request authentication
199 public boolean getAuthenticate()
201 return _authenticate;
204 /* ------------------------------------------------------------ */
206 * @return True if authentication required but no roles set
208 public boolean isForbidden()
210 return _authenticate && !_anyRole && (_roles == null || _roles.length == 0);
213 /* ------------------------------------------------------------ */
215 * @param c Data constrain indicator: 0=DC+NONE, 1=DC_INTEGRAL &
218 public void setDataConstraint(int c)
220 if (c < 0 || c > DC_CONFIDENTIAL) throw new IllegalArgumentException("Constraint out of range");
224 /* ------------------------------------------------------------ */
226 * @return Data constrain indicator: 0=DC+NONE, 1=DC_INTEGRAL &
229 public int getDataConstraint()
231 return _dataConstraint;
234 /* ------------------------------------------------------------ */
236 * @return True if a data constraint has been set.
238 public boolean hasDataConstraint()
240 return _dataConstraint >= DC_NONE;
243 /* ------------------------------------------------------------ */
245 public String toString()
249 + (_anyRole ? "*" : (_roles == null ? "-" : Arrays.asList(_roles).toString()))
251 + (_dataConstraint == DC_UNSET ? "DC_UNSET}" : (_dataConstraint == DC_NONE ? "NONE}" : (_dataConstraint == DC_INTEGRAL ? "INTEGRAL}" : "CONFIDENTIAL}")));