rolebasedcredentials.java

一个完整的XACML工程,学习XACML技术的好例子!

/*
* Copyright (c) 2000-2005, University of Salford
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without 
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this 
* list of conditions and the following disclaimer.
* 
* Redistributions in binary form must reproduce the above copyright notice, 
* this list of conditions and the following disclaimer in the documentation 
* and/or other materials provided with the distribution. 
*
* Neither the name of the University of Salford nor the names of its 
* contributors may be used to endorse or promote products derived from this 
* software without specific prior written permission. 
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
* POSSIBILITY OF SUCH DAMAGE.
*/

package issrg.pba.rbac;

import issrg.pba.Credentials;

/**
 * This is the implementation of a credential for a role based scheme. It
 * implements the Role interface.
 *
 * @author E Ball
 * @author D Chadwick
 * @author A Otenko
 * @version 0.2
 */

public class RoleBasedCredentials extends SubsetCredentials implements Role {
  protected String roleType;
  private Object roleValue;

  /**
  * Utility method to help build Role Based Credentials out of two strings.
  *
  * @param roleType - the role type 
  * @param roleValue - the value of the role 
  *
  * @return RoleBasedCredentials object, representing the role of the given 
  *   type and value
  */
  public static RoleBasedCredentials newCredentials(String roleType, String roleValue) {
    return new RoleBasedCredentials(roleType, roleValue);
  }

  protected RoleBasedCredentials(){}

  /**
   * This constructor builds the object by specifying the Role type and value.
   *
   * @param roleType is the String name of the Role type, as specified in the
   *    Policy XML
   * @param roleValue is the object representing the value of the Role
   *
   * @throws IllegalArgumentException if the parameters to the constructor are
   *    semantically incorrect
   */
  public RoleBasedCredentials(String roleType, Object roleValue) {
    if (roleType==null){
      throw new IllegalArgumentException("roleType cannot be null");
    }
    this.roleType=roleType;
    this.roleValue=roleValue;
  }

  /**
   * This method returns the type of the role.
   *
   * @return String name of the type
   */
  public String getRoleType(){
    return roleType;
  }

  /**
   * This method returns the value of the role.
   *
   * @return the object representing the value of the Role
   */
  public Object getRoleValue(){
    return roleValue;
  }

  /**
   * This method creates a copy of the RoleBasedCredential
   *
   * @return a new RoleBasedCredential with the same properties as the original
   *    object
   */
  public Object clone(){
    /**
     * TODO: make sure the roleValue is copied in such a way that it cannot be
     * amended
     */
    return new RoleBasedCredentials(roleType, roleValue);
  }

  /**
   * This method implements comparison of a credential to this object.
   *
   * <p>This is a basic Credential, which is unaware of any Role Hierarchy.
   * Therefore, this method is the same as equals.
   *
   * @param c is the credential to compare to
   *
   * @return true if c is contained within this object; false otherwise
   */
  public boolean contains(Credentials c){
    if (!(c instanceof RoleBasedCredentials)){
      return super.contains(c);   // that method knows how to handle the situation
    }
    RoleBasedCredentials rbc = (RoleBasedCredentials)c;

    return roleType.intern()==rbc.getRoleType().intern() &&
          (roleValue==null || roleValue.equals(rbc.getRoleValue()));
  }

  public String toString(){
    Object roleValue = getRoleValue();

    return "role "+roleType+": "+(roleValue==null?"null":roleValue.toString());
  }

  /**
   * This method retrieves all the Role Values of a particular type the user 
   * has got.
   *
   * <p>Example:
   * <code><p>Vector roleValues = RoleBasedCredentials.getRoleValues(subject.exportCreds(), "whatEverRoleTypeYouWant");</code>
   *
   * @param creds is the set of credentials to look though
   * @param type is a case-sensitive string name of the required role type, or 
   *   null, if roles of all types should be returned
   *
   * @return a vector of values of the role type the caller passed; if is empty, 
   *    there were no
   *    roles of this type
   */
  public static java.util.Vector getRoleValues(Credentials creds, String type){
    java.util.Vector result = new java.util.Vector();

    if (creds!=null){

      if (creds instanceof issrg.pba.rbac.SetOfSubsetsCredentials){
        java.util.Vector v = ((issrg.pba.rbac.SetOfSubsetsCredentials)creds).getValue();

        for (int i=v.size(); i-->0;){
          result.addAll(getRoleValues((Credentials)(v.get(i)), type));
        }
      }else{
        if (creds instanceof RoleBasedCredentials){
          if (type==null || type.equals(((RoleBasedCredentials)creds).getRoleType())){
            result.add(((RoleBasedCredentials)creds).getRoleValue());
          }
        }else if (creds instanceof ExpirableCredentials){
          result.addAll(getRoleValues(((ExpirableCredentials)creds).expirable, type));
        }
      }
    }

    return result;
  }
}