product.java

一个完整的XACML工程,学习XACML技术的好例子!

/*
* Copyright (c) 2000-2005, University of Salford
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without 
* modification, are permitted provided that the following conditions are met:
*
* Redistributions of source code must retain the above copyright notice, this 
* list of conditions and the following disclaimer.
* 
* Redistributions in binary form must reproduce the above copyright notice, 
* this list of conditions and the following disclaimer in the documentation 
* and/or other materials provided with the distribution. 
*
* Neither the name of the University of Salford nor the names of its 
* contributors may be used to endorse or promote products derived from this 
* software without specific prior written permission. 
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
* POSSIBILITY OF SUCH DAMAGE.
*/

package issrg.pba.credentials;

/**
 * This is the class that represents an inseparable collection of properties: a product.
 *
 * @see Property
 */

public class Product extends DefaultCredentialBehaviour {

  protected Credential [] product;

  protected Product() {}

  public Product (Credential [] product){
    this.product = normalise(product);
  }

  public boolean contains(Property p){
    Property [] p1=(p instanceof Product)?((Product)p).product : new Property[]{p};

    return contains(product, p1);
  }

  public boolean partOf(Property p){
    return contains(new Property[]{p}, product);
  }

  private static boolean contains(Property [] p1, Property [] p2){
    if (p2==null){
      return true;
    }
    if (p1==null){
      return false;
    }

    boolean [] r = new boolean[p2.length];

    // assuming p1 and p2 are normalised; i.e. sorted in descending order
    // this will match the greater values first
    // e.g., 1, 3 with 4, 2  will be normalised into 3, 1 and 4, 2
    // so 4 will match 3, and 2 will match 1. otherwise 4 would match 1
    // and 2 would not match 3, and fail.
p1_loop:
    for (int i=0; i<p1.length; i++){
      for(int j=0; j<p2.length; j++){
        if (!r[j] && p1[i].contains(p2[j])){
          r[j]=true;
          continue p1_loop;
        }
      }

      // one of the components in p1 does not contain a component in p2
      return false;
    }
    // there is a component in p2 array for each component in p1 array,
    // that the p1 component contains. p2 array may happen to be longer (granting a more specific privilege)

    return true;   // if each of the components in p2 has been matched, then all of them are contained
  }


  public Credential intersect(Credential c){
    Credential [] p1=(c instanceof Product)? ((Product)c).product : new Credential[]{c};

    boolean [] r=new boolean[p1.length];
    java.util.Vector result=new java.util.Vector();

    for (int i=0; i<product.length; i++){
      Credential b=null;
      for (int j=0; j<p1.length; j++){
        if (!r[j] && (b=product[i].intersect(p1[j]))!=null){
          r[j]=true;    // flag that we have used this credential already
          break;
        }
      }

      if (b==null){
        b=product[i];   // no credential of the same type found.
                        // if there would be a credential of the same type, the least of them would
                        // be returned
      }

      result.add(b);
    }

    for (int j=0; j<p1.length; j++){
      if (!r[j]){
        result.add(p1[j]);    // add also all those credentials that did not have a matching credential in product[]
              // that is, add all credentials to make the privilege less
      }
    }

    p1=new Credential[result.size()];
    System.arraycopy(result.toArray(), 0, p1, 0, p1.length);

    return new Product(p1);
  }

  /**
   * This method should be used only at construction time for updating the actual chain of credentials.
   * In fact, it is a multiplication of two credentials.
   *
   * <p>This method does not check if it already contains this credential or not. You can always do
   * that yourself.
   *
   * @param c is the credential to link to the chain
   */
  protected void link(Credential c){
    Credential [] p1=new Credential[product.length+1];
    p1[0]=c;
    System.arraycopy(product, 0, p1, 1, product.length);

    product=normalise(p1);
  }

  private static Credential [] normalise(Credential [] product){
    Credential [] p1 = new Credential[product.length];
    System.arraycopy(product, 0, p1, 0, p1.length);

    // now rearranging the values in descending order (greater values first)
    for (int i=p1.length-1; i-->0;){
      Credential c = p1[i];

      int j;
      for (j=i; j<p1.length-1; j++){
        if (c.contains(p1[j+1])){ // if c>p1[j], then c must be placed right behind the p1[j]
          break;
        }else{
          p1[j]=p1[j+1];      // freeing the cell
        }
      }

      p1[j]=c;        // cell found
    }

    return p1;
  }

  public String toString(){
    if (product==null){
      return null;
    }

    StringBuffer sb = new StringBuffer("p[");

    for (int i=0; i<product.length; i++){
      if (i>0){
        sb.append(" : ");
      }

      sb.append(product[i]==null ? "null" : product[i].toString());
    }

     return sb.append("]").toString();
  }
}