mmerunit.java

一个完整的XACML工程,学习XACML技术的好例子!

/*
* Copyright (c) 2006, University of Kent
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without 
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this 
* list of conditions and the following disclaimer.
* 
* Redistributions in binary form must reproduce the above copyright notice, 
* this list of conditions and the following disclaimer in the documentation 
* and/or other materials provided with the distribution. 
*
* 1. Neither the name of the University of Kent nor the names of its 
* contributors may be used to endorse or promote products derived from this 
* software without specific prior written permission. 
*
* 2. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS  
* IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
* THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 
* PURPOSE ARE DISCLAIMED. 
*
* 3. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
* POSSIBILITY OF SUCH DAMAGE.
*
* 4. YOU AGREE THAT THE EXCLUSIONS IN PARAGRAPHS 2 AND 3 ABOVE ARE REASONABLE
* IN THE CIRCUMSTANCES.  IN PARTICULAR, YOU ACKNOWLEDGE (1) THAT THIS
* SOFTWARE HAS BEEN MADE AVAILABLE TO YOU FREE OF CHARGE, (2) THAT THIS
* SOFTWARE IS NOT "PRODUCT" QUALITY, BUT HAS BEEN PRODUCED BY A RESEARCH
* GROUP WHO DESIRE TO MAKE THIS SOFTWARE FREELY AVAILABLE TO PEOPLE WHO WISH
* TO USE IT, AND (3) THAT BECAUSE THIS SOFTWARE IS NOT OF "PRODUCT" QUALITY
* IT IS INEVITABLE THAT THERE WILL BE BUGS AND ERRORS, AND POSSIBLY MORE
* SERIOUS FAULTS, IN THIS SOFTWARE.
*
* 5. This license is governed, except to the extent that local laws
* necessarily apply, by the laws of England and Wales.
*/
package issrg.pba.rbac.policies;

import issrg.pba.rbac.*;
import java.util.Map;
import java.util.Hashtable;
import java.util.Vector;


/**
 * This is the class representing a MMER unit. A MMER policy may contains several MMER units. 
 *
 * @author W. Xu
 * @version 0.1
 */
  public class MMERUnit {

    /**
     * This constructor creates the MMERUnit object. 
     *
     * @params forbiddenCardinality is the forbidden cardinality of this MMER unit.  
     * @params mmer is a vector of MMER i.e. RoleBasedCredentials, mutually exclusive roles. 
     * 
     */
      public MMERUnit(int forbiddenCardinality, java.util.Vector mmer) {
          this.forbiddenCardinality = forbiddenCardinality;
          this.mmer = mmer; 
      }

      public int forbiddenCardinality;
      int matchCount = 0;
      java.util.Vector mmer;  // this is a vector of RoleBasedCredentials, mutually exclusive roles 
      java.util.Vector mmerBackup;  // this is a clone of the above mmer 

     /**
      * This method returns the current match count of MMER, 
      * i.e. how many MMER have been matched by the user roles in this MMER Unit. 
      */
      public int getMatchCount(){
          return matchCount;
      }

     /**
      * This method starts a new matching between user roles and this MMER unit.  
      */
      public void startMatch(){
          mmerBackup = (java.util.Vector) mmer.clone();
          matchCount = 0;
      }

    /**
     * This method compare mmer with the input vector V -- an array of user roles, 
     * to determine if any of user roles match mmer roles. Once matched, remove the user role
     * from the mmer role set. Once the matched number reaches forbinddenCardinality, then
     * return true.  

     * return true if the input user roles vector matches any of the MMER roles in this MMER unit AND the forbeddenCardinality
     * is reached; otherwise return false.  
     */
      public boolean MMERMatches(Vector V){
          if (V==null) return false;

loop:     for (int i = mmerBackup.size()-1; i>=0 ; --i ) {
              RoleBasedCredentials r = (RoleBasedCredentials) mmerBackup.get(i); 
              for (int j = V.size()-1; j>= 0 ; --j ) {
                  issrg.pba.Credentials pc =
                       ((ExpirableCredentials)(V.get(j))).getExpirable(); 
                  if(r.contains(pc)) {
                      //they are equal, so ignore it from mmer 
                      mmerBackup.remove(i);                      
                      V.remove(j);
                      ++ matchCount; 
                      if (matchCount >= forbiddenCardinality) {
                          //System.out.println("mmer rule broken " );
                          return true;  
                      }
                      continue loop;
                  } 
              }
          }

          return false; 
      }

     /**
      * This method is to output all the role information in the MMER unit as a String. This is for testing purposes. 
      */
      public String toString(){
		// testing code here
		  int size = mmer.size();
		  StringBuffer result = new StringBuffer();
		  for (int i = 0; i< size ; i++ ) {
 			    RoleBasedCredentials  tr = (RoleBasedCredentials ) mmer.get(i);
				result.append( tr.getRoleType() + tr.getRoleValue() );  
		  }
		  
		  return result.toString();
	  }  

  }