📄 grouppermission.java
字号:
/* JSPWiki - a JSP-based WikiWiki clone. Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */package com.ecyrd.jspwiki.auth.permissions;import java.io.Serializable;import java.security.AccessControlContext;import java.security.AccessController;import java.security.DomainCombiner;import java.security.Permission;import java.security.Principal;import java.util.Arrays;import java.util.Set;import javax.security.auth.Subject;import javax.security.auth.SubjectDomainCombiner;import com.ecyrd.jspwiki.auth.GroupPrincipal;/** * <p> * Permission to perform an operation on a group in a given wiki. Permission * actions include: <code>view</code>, <code>edit</code>, <code>delete</code>. * </p> * <p> * The target of a permission is a single group or collection in a given wiki. * The syntax for the target is the wiki name, followed by a colon (:) and the * name of the group. “All wikis” can be specified using a wildcard (*). Group * collections may also be specified using a wildcard. For groups, the wildcard * may be a prefix, suffix, or all by itself. Examples of targets include: * </p> * <blockquote><code>*:*<br/> * *:TestPlanners<br/> * *:*Planners<br/> * *:Test*<br/> * mywiki:TestPlanners<br/> * mywiki:*Planners<br/> * mywiki:Test*</code> * </blockquote> * <p> * For a given target, certain permissions imply others: * </p> * <ul> * <li><code>edit</code> implies <code>view</code></li> * <li><code>delete</code> implies <code>edit</code> and * <code>view</code></li> * </ul> * <P>Targets that do not include a wiki prefix <em>never </em> imply others.</p> * <p> * GroupPermission accepts a special target called * <code><groupmember></code> that means “all groups that a user is a * member of.” When included in a policy file <code>grant</code> block, it * functions like a wildcard. Thus, this block: * * <pre> * grant signedBy "jspwiki", * principal com.ecyrd.jspwiki.auth.authorize.Role "Authenticated" { * permission com.ecyrd.jspwiki.auth.permissions.GroupPermission "*:<groupmember>", "edit"; * </pre> * * means, “allow Authenticated users to edit any groups they are members of.” * The wildcard target (*) does <em>not</em> imply <code><groupmember></code>; it * must be granted explicitly. * @author Andrew Jaquith * @since 2.4.17 */public final class GroupPermission extends Permission implements Serializable{ /** Special target token that denotes all groups that a Subject's Principals are members of. */ public static final String MEMBER_TOKEN = "<groupmember>"; private static final long serialVersionUID = 1L; /** Action for deleting a group or collection of groups. */ public static final String DELETE_ACTION = "delete"; /** Action for editing a group or collection of groups. */ public static final String EDIT_ACTION = "edit"; /** Action for viewing a group or collection of groups. */ public static final String VIEW_ACTION = "view"; protected static final int DELETE_MASK = 0x4; protected static final int EDIT_MASK = 0x2; protected static final int VIEW_MASK = 0x1; /** Convenience constant that denotes <code>GroupPermission( "*:*, "delete" )</code>. */ public static final GroupPermission DELETE = new GroupPermission( DELETE_ACTION ); /** Convenience constant that denotes <code>GroupPermission( "*:*, "edit" )</code>. */ public static final GroupPermission EDIT = new GroupPermission( EDIT_ACTION ); /** Convenience constant that denotes <code>GroupPermission( "*:*, "view" )</code>. */ public static final GroupPermission VIEW = new GroupPermission( VIEW_ACTION ); private static final String ACTION_SEPARATOR = ","; private static final String WILDCARD = "*"; private static final String WIKI_SEPARATOR = ":"; private final String m_actionString; private final int m_mask; private final String m_group; private final String m_wiki; /** For serialization purposes */ protected GroupPermission() { this(""); } /** * Private convenience constructor that creates a new GroupPermission for * all wikis and groups (*:*) and set of actions. * @param actions */ private GroupPermission( String actions ) { this( WILDCARD + WIKI_SEPARATOR + WILDCARD, actions ); } /** * Creates a new GroupPermission for a specified group and set of actions. * Group should include a prepended wiki name followed by a colon (:). If * the wiki name is not supplied or starts with a colon, the group refers to * all wikis. * @param group the wiki group * @param actions the allowed actions for this group */ public GroupPermission( String group, String actions ) { super( group ); // Parse wiki and group (which may include wiki name and group) // Strip out attachment separator; it is irrelevant. String[] pathParams = group.split( WIKI_SEPARATOR ); String groupName; if ( pathParams.length >= 2 ) { m_wiki = pathParams[0].length() > 0 ? pathParams[0] : null; groupName = pathParams[1]; } else { m_wiki = WILDCARD; groupName = pathParams[0]; } m_group = groupName; // Parse actions String[] groupActions = actions.toLowerCase().split( ACTION_SEPARATOR ); Arrays.sort( groupActions, String.CASE_INSENSITIVE_ORDER ); m_mask = createMask( actions ); StringBuffer buffer = new StringBuffer(); for( int i = 0; i < groupActions.length; i++ ) { buffer.append( groupActions[i] ); if ( i < ( groupActions.length - 1 ) ) { buffer.append( ACTION_SEPARATOR ); } } m_actionString = buffer.toString(); } /** * Two PagePermission objects are considered equal if their actions (after * normalization), wiki and target are equal. * @param obj the object to compare * @return the result of the comparison * @see java.lang.Object#equals(java.lang.Object) */ public final boolean equals( Object obj ) { if ( !( obj instanceof GroupPermission ) ) { return false; } GroupPermission p = (GroupPermission) obj; return p.m_mask == m_mask && p.m_group.equals( m_group ) && p.m_wiki != null && p.m_wiki.equals( m_wiki ); } /** * Returns the actions for this permission: “view”, “edit”, or “delete”. The * actions will always be sorted in alphabetic order, and will always appear * in lower case. * @return the actions * @see java.security.Permission#getActions() */ public final String getActions() { return m_actionString; } /** * Returns the name of the wiki group represented by this permission. * @return the page name */ public final String getGroup() { return m_group; } /** * Returns the name of the wiki containing the group represented by this * permission; may return the wildcard string. * @return the wiki */ public final String getWiki() { return m_wiki; } /** * Returns the hash code for this GroupPermission. * @return the hash code * @see java.lang.Object#hashCode() */ public final int hashCode() { // If the wiki has not been set, uses a dummy value for the hashcode // calculation. This may occur if the page given does not refer // to any particular wiki String wiki = m_wiki != null ? m_wiki : "dummy_value"; return m_mask + ( ( 13 * m_actionString.hashCode() ) * 23 * wiki.hashCode() ); } /**⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -