001/** 002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. 003 * 004 * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved 005 * 006 * The contents of this file are subject to the terms 007 * of the Common Development and Distribution License 008 * (the License). You may not use this file except in 009 * compliance with the License. 010 * 011 * You can obtain a copy of the License at 012 * https://opensso.dev.java.net/public/CDDLv1.0.html or 013 * opensso/legal/CDDLv1.0.txt 014 * See the License for the specific language governing 015 * permission and limitations under the License. 016 * 017 * When distributing Covered Code, include this CDDL 018 * Header Notice in each file and include the License file 019 * at opensso/legal/CDDLv1.0.txt. 020 * If applicable, add the following below the CDDL Header, 021 * with the fields enclosed by brackets [] replaced by 022 * your own identifying information: 023 * "Portions Copyrighted [year] [name of copyright owner]" 024 * 025 * $Id: ISSecurityPermission.java,v 1.4 2008/08/19 19:14:56 veiming Exp $ 026 * 027 */ 028 029package com.sun.identity.security; 030 031import java.security.Permission; 032import java.util.HashSet; 033import java.util.Iterator; 034import java.util.Random; 035import java.util.Set; 036import java.util.StringTokenizer; 037 038/** 039 * This class <code>ISSecurityPermission</code> is used to protect the Access 040 * Manager resources which should be accessed only by trusted application. The 041 * resources this Permission is used to protect are: OpenSSO 042 * administrator DN and password, and access to the encryption and decryption 043 * methods used to encrypt all passwords in OpenSSO services. The 044 * supported permissions is <code>"access"</code> and supported actions are 045 * <code>"adminpassword"</code> and <code>"crypt"</code>. So in the Java 046 * security policy file which will define the security options to grant this 047 * permission to code bases, it should be done as below: 048 * 049 * <pre> 050 * grant codeBase "file:{directory where jars are located}/-" { 051 * com.sun.identity.security.ISSecurityPermission "access", 052 * "adminpassword,crypt"; }; 053 *</pre> 054 * 055 * Note: The property <code>com.sun.identity.security.checkcaller</code> 056 * should be set to true in <code>AMConfig.properties</code> file to enable the 057 * Java security permissions check. 058 * 059 * @supported.all.api 060 */ 061public class ISSecurityPermission extends Permission { 062 private static Random rnd = new Random(); 063 064 private String perm; 065 066 private Set actions = new HashSet(); 067 068 private int hashCode; 069 070 /** 071 * Constructs <code>ISSecurityPermission</code> object. 072 * 073 * @param access 074 * Has to be string "access" 075 * @param action 076 * Can be <code>adminpassword</code> or <code>crypt</code>. 077 */ 078 public ISSecurityPermission(String access, String action) { 079 super(access); 080 perm = access; 081 this.actions = convertActionStringToSet(action); 082 hashCode = rnd.nextInt(); 083 } 084 085 /** 086 * Constructs <code>ISSecurityPermission</code> object. This constructor 087 * sets the action to <code>"adminpassword"</code> by default. 088 * 089 * @param access 090 * Has to be string "access" 091 */ 092 public ISSecurityPermission(String access) { 093 super(access); 094 perm = access; 095 actions = convertActionStringToSet("adminpassword"); 096 hashCode = rnd.nextInt(); 097 } 098 099 /** 100 * This method checks to see if this instance of 101 * <code>ISSecurityPermission</code> implies the Permission being passed 102 * as the argument. For more information on this, see the Javadocs of 103 * <code>java.security.Permission</code> 104 * 105 * @param p 106 * Instance of 107 * <code>com.sun.identity.security.ISSecurityPermission</code> 108 * @return true if this instance of <code>ISSecurityPermission</code> 109 * implies the actions of the argument p. False otherwise 110 * <code>java.security.Permission</code> 111 */ 112 public boolean implies(Permission p) { 113 if (!(p instanceof ISSecurityPermission)) { 114 return false; 115 } 116 Set pActions = convertActionStringToSet(p.getActions()); 117 // Action "crypt" is implied by the action "adminpassword" 118 if (actions.contains("adminpassword") 119 && (pActions.contains("adminpassword") || pActions 120 .contains("crypt"))) { 121 return true; 122 } else { 123 if (pActions.contains("crypt") && actions.contains("crypt")) { 124 return true; 125 } 126 } 127 return false; 128 } 129 130 /** 131 * Returns hash code for this object. 132 * 133 * @see java.security.Permission#hashCode() 134 * @return hash code representing this object 135 */ 136 public int hashCode() { 137 return hashCode; 138 } 139 140 /** 141 * Returns true if this object is equals to <code>o</code>. 142 * 143 * @param o 144 * object fro comparison. 145 * @return true if both object are similar. 146 */ 147 public boolean equals(Object o) { 148 if (o instanceof ISSecurityPermission) { 149 ISSecurityPermission p = (ISSecurityPermission) o; 150 if (p.hashCode() == hashCode) { 151 return true; 152 } 153 } 154 return false; 155 } 156 157 /** 158 * @see java.security.Permission#getActions() 159 * @return String representation of actions supported by 160 * <code>ISSecurityPermission</code> 161 */ 162 public String getActions() { 163 return convertSetToActionString(actions); 164 } 165 166 private Set convertActionStringToSet(String ac) { 167 StringTokenizer tzer = new StringTokenizer(ac, ","); 168 Set res = new HashSet(); 169 while (tzer.hasMoreTokens()) { 170 String tmp = tzer.nextToken(); 171 res.add(tmp); 172 } 173 return res; 174 } 175 176 private String convertSetToActionString(Set a) { 177 StringBuffer sb = new StringBuffer(); 178 Iterator it = a.iterator(); 179 while (it.hasNext()) { 180 String t = (String) it.next(); 181 sb.append(t).append(","); 182 } 183 String s = sb.toString(); 184 int lastComma = s.lastIndexOf(","); 185 return s.substring(0, lastComma); 186 } 187}