simpleaclaccessservice.java

JXTA&#8482 is a set of open, generalized peer-to-peer (P2P) protocols that allow any networked devi

                        throw new IllegalArgumentException(
                                "Operation is from a different group. " + pgid + " != " + getPeerGroupID());
                    }
                } catch (URISyntaxException badID) {
                    throw new IllegalArgumentException("Unusable ID in advertisement: " + elem.getTextValue());
                } catch (ClassCastException badID) {
                    throw new IllegalArgumentException("Id is not a group id: " + elem.getTextValue());
                }
                return true;
            }
            
            if (elem.getName().equals("Operation")) {
                op = elem.getTextValue();
                return true;
            }
            
            if (elem.getName().equals("Offerer")) {
                try {
                    offerer = source.getPeerGroup().getMembershipService().makeCredential(elem);
                } catch (Throwable failed) {
                    throw new IllegalArgumentException("Offerer credential could not be constructed" + failed);
                }
                return true;
            }
            
            // element was not handled
            return false;
        }
        
        /**
         *  Initialize from a portion of a structured document.
         **/
        protected void initialize(Element root) {
            
            if (!TextElement.class.isInstance(root)) {
                throw new IllegalArgumentException(getClass().getName() + " only supports TextElement");
            }
            
            TextElement doc = (TextElement) root;
            
            String typedoctype = "";

            if (root instanceof Attributable) {
                Attribute itsType = ((Attributable) root).getAttribute("type");

                if (null != itsType) {
                    typedoctype = itsType.getValue();
                }
            }
            
            String doctype = doc.getName();
            
            if (!doctype.equals("jxta:SimpleACLOp") && !typedoctype.equals("jxta:SimpleACLOp")) {
                throw new IllegalArgumentException(
                        "Could not construct : " + getClass().getName() + "from doc containing a " + doc.getName());
            }
            
            Enumeration elements = doc.getChildren();
            
            while (elements.hasMoreElements()) {
                TextElement elem = (TextElement) elements.nextElement();

                if (!handleElement(elem)) {
                    if (Logging.SHOW_WARNING && LOG.isLoggable(Level.WARNING)) {
                        LOG.warning("Unhandled element \'" + elem.getName() + "\' in " + doc.getName());
                    }
                }
            }
            
            // sanity check time!
            
            if (null == op) {
                throw new IllegalArgumentException("operation was never initialized.");
            }
            
            if (null == offerer) {
                throw new IllegalArgumentException("offerer was never initialized.");
            }
        }
    }
    
    /**
     *  The peer group we are working for.
     **/
    PeerGroup group;
    
    /**
     *  Implementation advertisement for this instance.
     **/
    ModuleImplAdvertisement implAdvertisement;
    
    /**
     *  The ACLs we are supporting.
     **/
    private final Map<String, Set<String>> ACLs = new HashMap<String, Set<String>>();
    
    /**
     *  The default constructor
     **/
    public SimpleACLAccessService() {}      
    
    /**
     * {@inheritDoc}
     **/
    public void init(PeerGroup group, ID assignedID, Advertisement implAdv) throws PeerGroupException {
        this.group = group;
        implAdvertisement = (ModuleImplAdvertisement) implAdv;
        
        if (Logging.SHOW_CONFIG && LOG.isLoggable(Level.CONFIG)) {
            StringBuilder configInfo = new StringBuilder("Configuring Access Service : " + assignedID);

            configInfo.append("\n\tImplementation:");
            configInfo.append("\n\t\tImpl Description: " + implAdvertisement.getDescription());
            configInfo.append("\n\t\tImpl URI : " + implAdvertisement.getUri());
            configInfo.append("\n\t\tImpl Code : " + implAdvertisement.getCode());
            configInfo.append("\n\tGroup Params:");
            configInfo.append("\n\t\tGroup: " + group.getPeerGroupName());
            configInfo.append("\n\t\tGroup ID: " + group.getPeerGroupID());
            configInfo.append("\n\t\tPeer ID: " + group.getPeerID());
            LOG.config(configInfo.toString());
        }
        
        PeerGroupAdvertisement configAdv = group.getPeerGroupAdvertisement();
        
        TextElement myParam = (TextElement) configAdv.getServiceParam(assignedID);
        
        if (null == myParam) {
            throw new PeerGroupException("parameters for group access controls missing.");
        }
        
        Enumeration allACLS = myParam.getChildren();
        
        while (allACLS.hasMoreElements()) {
            TextElement anACL = (TextElement) allACLS.nextElement();
            
            if (!anACL.getName().equals("perm")) {
                continue;
            }
            
            String etcPasswd = anACL.getTextValue();
            
            int nextDelim = etcPasswd.indexOf(':');

            if (-1 == nextDelim) {
                continue;
            }
            
            String operation = etcPasswd.substring(0, nextDelim).trim();
            
            if ("<<DEFAULT>>".equals(operation)) {
                operation = null;
            }
            
            String identities = etcPasswd.substring(nextDelim + 1);
            Set allowed = new HashSet();
            
            StringTokenizer eachIdentity = new StringTokenizer(identities, ",");
            
            while (eachIdentity.hasMoreTokens()) {
                String anIdentity = eachIdentity.nextToken().trim();
                
                if ("<<ALL>>".equals(anIdentity)) {
                    anIdentity = null;
                }
                
                allowed.add(anIdentity);
            }
            
            if (Logging.SHOW_FINE && LOG.isLoggable(Level.FINE)) {
                LOG.fine(
                        "Adding operation  : \'" + ((null == operation) ? "<<DEFAULT>>" : operation) + "\' with " + allowed.size()
                        + " identities.");
            }
            
            ACLs.put(operation, allowed);
        }
    }
    
    /**
     * {@inheritDoc}
     **/
    public int startApp(String[] args) {
        return 0;
    }
    
    /**
     * {@inheritDoc}
     **/
    public void stopApp() {}
    
    /**
     * {@inheritDoc}
     **/
    public ModuleImplAdvertisement getImplAdvertisement() {
        return implAdvertisement;
    }
    
    /**
     * {@inheritDoc}
     **/
    public SimpleACLAccessService getInterface() {
        return this;
    }
    
    /**
     * {@inheritDoc}
     **/
    public AccessResult doAccessCheck(PrivilegedOperation op, Credential cred) {
        if ((null != cred) && !cred.isValid()) {
            return AccessResult.DISALLOWED;
        }
        
        if ((null != op) && !op.isValid()) {
            return AccessResult.DISALLOWED;
        }
        
        Set<String> allowed = ACLs.get((null != op) ? op.getSubject() : null);
        
        // do we know this operation?
        if (null == allowed) {
            // try the default permission
            allowed = ACLs.get(null);
            
            if (null == allowed) {
                return AccessResult.DISALLOWED;
            }
        }
        
        String credSubject = (null != cred) ? cred.getSubject().toString() : null;
        
        return (allowed.contains(credSubject) || allowed.contains(null)) ? AccessResult.PERMITTED : AccessResult.DISALLOWED;
    }
    
    /**
     * {@inheritDoc}
     **/
    public PrivilegedOperation newPrivilegedOperation(Object subject, Credential offerer) {
        if (!(subject instanceof String)) {
            throw new IllegalArgumentException(getClass().getName() + " only supports String subjects.");
        }
        
        if (!offerer.isValid()) {
            throw new IllegalArgumentException("offerer is not a valid credential");
        }
        
        return new SimpleACLOperation(this, (String) subject, offerer);
    }
    
    /**
     * {@inheritDoc}
     **/
    public PrivilegedOperation newPrivilegedOperation(Element source) {
        return new SimpleACLOperation(this, source);
    }
    
    /**
     * {@inheritDoc}
     **/
    PeerGroup getPeerGroup() {
        return group;
    }
}