permistarget.java

一个完整的XACML工程,学习XACML技术的好例子!

/*
* Copyright (c) 2000-2005, University of Salford
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without 
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this 
* list of conditions and the following disclaimer.
* 
* Redistributions in binary form must reproduce the above copyright notice, 
* this list of conditions and the following disclaimer in the documentation 
* and/or other materials provided with the distribution. 
*
* Neither the name of the University of Salford nor the names of its 
* contributors may be used to endorse or promote products derived from this 
* software without specific prior written permission. 
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
* POSSIBILITY OF SUCH DAMAGE.
*/

package issrg.pba.rbac;

import issrg.pba.rbac.LDAPDNPrincipal;
import issrg.utils.repository.Entry;

/**
 * The Permis version of the Target that uses LDAP DNs or URLs. The object also 
 * knows
 * what object class it is of, and therefore can be used for performing the
 * target domain match.
 *
 * @author A Otenko
 * @author E Ball
 * @author D W Chadwick
 * @version 0.2
 */

public class PermisTarget implements issrg.pba.Target,
				issrg.pba.rbac.policies.LDAPEntry{
  private LDAPDNPrincipal DN=null;
  private String [] OCS;// the ObjectClasses

  private Entry upi=null;

  protected PermisTarget(){}

  /**
   * This constructor builds a Target based on a distinguished name and a set
   * of object classes.
   *
   * @param Name a string describing the LDAP distinguished name of the target
   * @param ObjectClasses an array of strings that are the various LDAP
   *    objectclasses that the Target has. These can be represented as user
   *    friendly strings e.g. printer or as an OID string e.g. 1.2.3.4.5.6
   *    If the array is null, the Target is of any class (isObjectClass always
   *    returns true)
   */
  public PermisTarget(String Name,String [] ObjectClasses)
        throws issrg.utils.RFC2253ParsingException {
    OCS=ObjectClasses;
    DN=new LDAPDNPrincipal(Name);
  }

  /**
   * This constructor builds a Target based on its URL. There must be a 
   * URLHandler registered that can create Entry from the URLs.
   *
   * @param url is the URL of the Target.
   *
   * @see CustomisePERMIS#addURLHandler(String), URLHandler#addProtocol(URLHandler)
   */
  public PermisTarget(String url) throws BadURLException {
    upi=URLHandler.getEntryByURL(url);
    if (upi==null) throw new BadURLException("No URL handler has been found for "+url);
  }

  /**
   * This method returns the LDAP DN of the target as a string e.g. "ou=ISI,
   * o=salford, c=gb"
   *
   * @return the string representation of the LDAP DN, or the URL (depending
   *   on the constructor used)
   */
  public String getName(){
    return DN==null?upi.getEntryName().getName():getDN().getName();
  }

  /**
   * This method returns the distinguished name of the target.
   *
   * @return the LDAPDNPrincipal representing the X500 name; can be null,
   *    if the Target is indetified by a URL
   */
  public LDAPDNPrincipal getDN(){
    return DN;
  }

  /**
   * Does the same as getDN(), if the Target has been initialised with LDAP DN;
   * otherwise, returns the Entry for the URL.
   */
  public java.security.Principal getEntryName(){
    return DN==null?upi.getEntryName(): getDN();
  }

  /**
   * This checks to see if this target is of the indicated ObjectClass
   *
   * @param Class the ObjectClass to be tested against
   *
   * @return true if the target is of the specified object class
   */
  public boolean isObjectClass(String Class){
    if (OCS==null) return true;

    for(int i=0; i<OCS.length; i++){
      if (OCS[i].intern()==Class.intern()) return true;
    }
    return false;
  }

  /**
   * This method returns Target ADI. Targets return LDAPEntry for PermisRBAC
   * objects as their ADI.
   *
   * @return the reference to the LDAPEntry object that describes the LDAP Entry
   *    of the target, or returns an Entry corresponding to the URL
   */
  public Object getTargetADI(){
    return DN==null?upi: this;
  }
}