📄 simpleaclaccessservice.java
字号:
/* * Copyright (c) 2003 Sun Microsystems, Inc. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The end-user documentation included with the redistribution, * if any, must include the following acknowledgment: * "This product includes software developed by the * Sun Microsystems, Inc. for Project JXTA." * Alternately, this acknowledgment may appear in the software itself, * if and wherever such third-party acknowledgments normally appear. * * 4. The names "Sun", "Sun Microsystems, Inc.", "JXTA" and "Project JXTA" * must not be used to endorse or promote products derived from this * software without prior written permission. For written * permission, please contact Project JXTA at http://www.jxta.org. * * 5. Products derived from this software may not be called "JXTA", * nor may "JXTA" appear in their name, without prior written * permission of Sun. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL SUN MICROSYSTEMS OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * ==================================================================== * * This software consists of voluntary contributions made by many * individuals on behalf of Project JXTA. For more * information on Project JXTA, please see * <http://www.jxta.org/>. * * This license is based on the BSD license adopted by the Apache Foundation. * * $Id: SimpleACLAccessService.java,v 1.6 2006/06/02 18:35:44 bondolo Exp $ */package net.jxta.impl.access.simpleACL;import java.net.URI;import java.util.Enumeration;import java.util.HashMap;import java.util.HashSet;import java.util.Map;import java.util.Set;import java.util.StringTokenizer;import java.net.URISyntaxException;import org.apache.log4j.Logger;import org.apache.log4j.Level;import net.jxta.access.AccessService;import net.jxta.credential.Credential;import net.jxta.credential.PrivilegedOperation;import net.jxta.document.Advertisement;import net.jxta.document.Attributable;import net.jxta.document.Attribute;import net.jxta.document.Element;import net.jxta.document.MimeMediaType;import net.jxta.document.StructuredDocument;import net.jxta.document.StructuredDocumentFactory;import net.jxta.document.StructuredDocumentUtils;import net.jxta.document.TextElement;import net.jxta.exception.PeerGroupException;import net.jxta.exception.JxtaError;import net.jxta.id.ID;import net.jxta.id.IDFactory;import net.jxta.peergroup.PeerGroup;import net.jxta.platform.ModuleSpecID;import net.jxta.protocol.ModuleImplAdvertisement;import net.jxta.protocol.PeerGroupAdvertisement;import net.jxta.service.Service;/** * Implements the {@link net.jxta.access.AccessService} using a simple ACL * scheme. * * <p/>The ACL table is read from the group advertisement. Each * <code>perm</code> entry of the Access Service parameters in the group adv is * assumed to be a permission in the following format: * * <p/><pre> * <operation> ":" ( <identity> )* ( "," <identity> )* * </pre> * * <p/>A sample ACL table extracted from a PeerGroupAdvertisement: * * <p/><pre> * ... * <Svc> * <MCID>urn:jxta:uuid-DEADBEEFDEAFBABAFEEDBABE0000001005</MCID> * <Parm> * <perm>&lt;&lt;DEFAULT>>:nobody,permit</perm> * <perm>everyone:&lt;&lt;ALL>></perm> * <perm>permit:nobody,permit,allow</perm> * <perm>deny:notpermit,notallow</perm> * </Parm> * </Svc> * ... * </pre> * * <p/>If <code><<ALL>></code> is provided as an identity then the * operation is permitted for all valid credentials. * * <p/>if <code><<DEFAULT>></code> is provided as an operation then the * provided identities will be allowed for all operations which are not * recognized. * * <p/><strong>This implementation makes <em>no effort</em> to ensure that the * permission table has not been altered. It is <em>not appropriate</em> for use * in security sensitive deployments unless the integrity of the group * advertisement is ensured.</strong> * * @see net.jxta.access.AccessService **/public class SimpleACLAccessService implements AccessService { /** * log4J Logger **/ private final static Logger LOG = Logger.getLogger( SimpleACLAccessService.class.getName() ); /** * Well known access specification identifier: the simple ACL access service **/ public static final ModuleSpecID simpleACLAccessSpecID = (ModuleSpecID) ID.create( URI.create( "urn:jxta:uuid-DeadBeefDeafBabaFeedBabe000000100206" ) ); /** * Operation for the Always Access Service. **/ private static class SimpleACLOperation implements PrivilegedOperation { SimpleACLAccessService source; String op; Credential offerer; protected SimpleACLOperation( SimpleACLAccessService source, String op, Credential offerer ) { this.source = source; this.op = op; this.offerer = offerer; } protected SimpleACLOperation( SimpleACLAccessService source, Element root ) { this.source = source; initialize( root ); } /** * {@inheritDoc} **/ public ID getPeerGroupID() { return source.getPeerGroup().getPeerGroupID(); } /** * {@inheritDoc} **/ public ID getPeerID() { return null; } /** * {@inheritDoc} * * <p/>AlwaysOperation are always valid. **/ public boolean isExpired() { return false; } /** * {@inheritDoc} * * <p/>AlwaysOperation are always valid. **/ public boolean isValid() { return true; } /** * {@inheritDoc} **/ public String getSubject() { return op; } /** * {@inheritDoc} **/ public Service getSourceService() { return source; } /** * {@inheritDoc} **/ public StructuredDocument getDocument(MimeMediaType as) throws Exception { StructuredDocument doc = StructuredDocumentFactory.newStructuredDocument( as, "jxta:Cred" ); if( doc instanceof Attributable ) { ((Attributable)doc).addAttribute( "xmlns:jxta", "http://jxta.org" ); ((Attributable)doc).addAttribute( "xml:space", "preserve" ); ((Attributable)doc).addAttribute( "type", "jxta:SimpleACLOp" ); } Element e = doc.createElement( "PeerGroupID", getPeerGroupID().toString() ); doc.appendChild( e ); e = doc.createElement( "Operation", op ); doc.appendChild( e ); StructuredDocumentUtils.copyElements( doc, doc, offerer.getDocument( as ), "Offerer" ); return doc; } /** * {@inheritDoc} **/ public Credential getOfferer() { return offerer; } /** * Process an individual element from the document. * * @param elem the element to be processed. * @return true if the element was recognized, otherwise false. **/ protected boolean handleElement( TextElement elem ) { if( elem.getName().equals("PeerGroupID")) { try { URI gID = new URI( elem.getTextValue().trim() ); ID pgid = IDFactory.fromURI( gID ); if( !pgid.equals( getPeerGroupID() ) ) { throw new IllegalArgumentException( "Operation is from a different group. " + pgid + " != " + getPeerGroupID() ); } } catch ( URISyntaxException badID ) {⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -