001/**
002 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
003 *
004 * Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
005 *
006 * The contents of this file are subject to the terms
007 * of the Common Development and Distribution License
008 * (the License). You may not use this file except in
009 * compliance with the License.
010 *
011 * You can obtain a copy of the License at
012 * https://opensso.dev.java.net/public/CDDLv1.0.html or
013 * opensso/legal/CDDLv1.0.txt
014 * See the License for the specific language governing
015 * permission and limitations under the License.
016 *
017 * When distributing Covered Code, include this CDDL
018 * Header Notice in each file and include the License file
019 * at opensso/legal/CDDLv1.0.txt.
020 * If applicable, add the following below the CDDL Header,
021 * with the fields enclosed by brackets [] replaced by
022 * your own identifying information:
023 * "Portions Copyrighted [year] [name of copyright owner]"
024 *
025 * $Id: ISSecurityPermission.java,v 1.4 2008/08/19 19:14:56 veiming Exp $
026 *
027 */
028
029package com.sun.identity.security;
030
031import java.security.Permission;
032import java.util.HashSet;
033import java.util.Iterator;
034import java.util.Random;
035import java.util.Set;
036import java.util.StringTokenizer;
037
038/**
039 * This class <code>ISSecurityPermission</code> is used to protect the Access
040 * Manager resources which should be accessed only by trusted application. The
041 * resources this Permission is used to protect are: OpenSSO
042 * administrator DN and password, and access to the encryption and decryption
043 * methods used to encrypt all passwords in OpenSSO services. The
044 * supported permissions is <code>"access"</code> and supported actions are
045 * <code>"adminpassword"</code> and <code>"crypt"</code>. So in the Java
046 * security policy file which will define the security options to grant this
047 * permission to code bases, it should be done as below:
048 * 
049 * <pre>
050 * grant codeBase "file:{directory where jars are located}/-" {
051 * com.sun.identity.security.ISSecurityPermission "access",
052 * "adminpassword,crypt"; };
053 *</pre>
054 * 
055 * Note: The property <code>com.sun.identity.security.checkcaller</code>
056 * should be set to true in <code>AMConfig.properties</code> file to enable the
057 * Java security permissions check.
058 *
059 * @supported.all.api
060 */
061public class ISSecurityPermission extends Permission {
062    private static Random rnd = new Random();
063
064    private String perm;
065
066    private Set actions = new HashSet();
067
068    private int hashCode;
069
070    /**
071     * Constructs <code>ISSecurityPermission</code> object.
072     * 
073     * @param access
074     *            Has to be string "access"
075     * @param action
076     *            Can be <code>adminpassword</code> or <code>crypt</code>.
077     */
078    public ISSecurityPermission(String access, String action) {
079        super(access);
080        perm = access;
081        this.actions = convertActionStringToSet(action);
082        hashCode = rnd.nextInt();
083    }
084
085    /**
086     * Constructs <code>ISSecurityPermission</code> object. This constructor
087     * sets the action to <code>"adminpassword"</code> by default.
088     * 
089     * @param access
090     *            Has to be string "access"
091     */
092    public ISSecurityPermission(String access) {
093        super(access);
094        perm = access;
095        actions = convertActionStringToSet("adminpassword");
096        hashCode = rnd.nextInt();
097    }
098
099    /**
100     * This method checks to see if this instance of
101     * <code>ISSecurityPermission</code> implies the Permission being passed
102     * as the argument. For more information on this, see the Javadocs of
103     * <code>java.security.Permission</code>
104     * 
105     * @param p
106     *            Instance of
107     *            <code>com.sun.identity.security.ISSecurityPermission</code>
108     * @return true if this instance of <code>ISSecurityPermission</code>
109     *         implies the actions of the argument p. False otherwise
110     *         <code>java.security.Permission</code>
111     */
112    public boolean implies(Permission p) {
113        if (!(p instanceof ISSecurityPermission)) {
114            return false;
115        }
116        Set pActions = convertActionStringToSet(p.getActions());
117        // Action "crypt" is implied by the action "adminpassword"
118        if (actions.contains("adminpassword")
119                && (pActions.contains("adminpassword") || pActions
120                        .contains("crypt"))) {
121            return true;
122        } else {
123            if (pActions.contains("crypt") && actions.contains("crypt")) {
124                return true;
125            }
126        }
127        return false;
128    }
129
130    /**
131     * Returns hash code for this object.
132     * 
133     * @see java.security.Permission#hashCode()
134     * @return hash code representing this object
135     */
136    public int hashCode() {
137        return hashCode;
138    }
139
140    /**
141     * Returns true if this object is equals to <code>o</code>.
142     * 
143     * @param o
144     *            object fro comparison.
145     * @return true if both object are similar.
146     */
147    public boolean equals(Object o) {
148        if (o instanceof ISSecurityPermission) {
149            ISSecurityPermission p = (ISSecurityPermission) o;
150            if (p.hashCode() == hashCode) {
151                return true;
152            }
153        }
154        return false;
155    }
156
157    /**
158     * @see java.security.Permission#getActions()
159     * @return String representation of actions supported by
160     *         <code>ISSecurityPermission</code>
161     */
162    public String getActions() {
163        return convertSetToActionString(actions);
164    }
165
166    private Set convertActionStringToSet(String ac) {
167        StringTokenizer tzer = new StringTokenizer(ac, ",");
168        Set res = new HashSet();
169        while (tzer.hasMoreTokens()) {
170            String tmp = tzer.nextToken();
171            res.add(tmp);
172        }
173        return res;
174    }
175
176    private String convertSetToActionString(Set a) {
177        StringBuffer sb = new StringBuffer();
178        Iterator it = a.iterator();
179        while (it.hasNext()) {
180            String t = (String) it.next();
181            sb.append(t).append(",");
182        }
183        String s = sb.toString();
184        int lastComma = s.lastIndexOf(",");
185        return s.substring(0, lastComma);
186    }
187}




























































Copyright © 2010-2017, ForgeRock All Rights Reserved.