1 /*
2 jGuard is a security framework based on top of jaas (java authentication and authorization security).
3 it is written for web applications, to resolve simply, access control problems.
4 version $Name$
5 http://sourceforge.net/projects/jguard/
6
7 Copyright (C) 2004 Charles GAY
8
9 This library is free software; you can redistribute it and/or
10 modify it under the terms of the GNU Lesser General Public
11 License as published by the Free Software Foundation; either
12 version 2.1 of the License, or (at your option) any later version.
13
14 This library is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 Lesser General Public License for more details.
18
19 You should have received a copy of the GNU Lesser General Public
20 License along with this library; if not, write to the Free Software
21 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
22
23
24 jGuard project home page:
25 http://sourceforge.net/projects/jguard/
26
27 */
28 package net.sf.jguard.core.authorization.permissions;
29
30 import java.security.CodeSource;
31 import java.security.Permission;
32 import java.security.PermissionCollection;
33 import java.security.ProtectionDomain;
34 import java.security.cert.Certificate;
35 import java.util.Enumeration;
36 import org.slf4j.Logger;
37 import org.slf4j.LoggerFactory;
38
39 /**
40 * Audit permissions checks.
41 * @author <a href="mailto:diabolo512@users.sourceforge.net">Charles Gay</a>
42 * @since 1.1*/
43 public class AuditPermissionCollection extends PermissionCollection{
44
45 private PermissionCollection pm;
46 private ProtectionDomain pDomain;
47 private CodeSource cs;
48 private static Logger logger = LoggerFactory.getLogger(AuditPermissionCollection.class.getName());
49 private boolean protectionDomainMode;
50
51 /**
52 * constructor used to track permissions check against user identified by a {@link ProtectionDomain}.
53 * @param permissionCollection
54 * @param protectionDomain
55 */
56 public AuditPermissionCollection(PermissionCollection permissionCollection,ProtectionDomain protectionDomain){
57 this.pm = permissionCollection;
58 this.pDomain = protectionDomain;
59 protectionDomainMode = true;
60 }
61
62 /**
63 * constructor used to track permissions check against jars identified by a {@link CodeSource}.
64 * @param permissionCollection
65 * @param codeSource
66 */
67 public AuditPermissionCollection(PermissionCollection permissionCollection,CodeSource codeSource){
68 this.pm = permissionCollection;
69 this.cs = codeSource;
70 protectionDomainMode = false;
71 }
72 public void add(Permission permission) {
73 pm.add(permission);
74 }
75
76 public boolean implies(Permission permission) {
77 boolean result = pm.implies(permission);
78 if(protectionDomainMode){
79 //we audit user permissions check
80 //logger.log(SecurityLevel.JGUARD_SECURITY, "permission check result={1}", new Object[]{Boolean.valueOf(result).toString()});
81 //Subject subject = ProtectionDomainUtils.getSubject(pDomain);
82 logPermissionCollection(pm);
83 logger.debug(" ProtectionDomain permission check "+permission.toString()+" result="+Boolean.valueOf(result));
84 }else if (cs!=null){
85 //we audit code permissions check
86 Certificate[] certs = cs.getCertificates();
87 //URL locationl = cs.getLocation();
88 //CodeSigner[] codeSigners = cs.getCodeSigners(); //only in JDK 5 and higher
89 logger.debug(" CodeSource permission check "+permission.toString()+" result="+Boolean.valueOf(result));
90 }
91 return result;
92
93 }
94
95 public Enumeration elements() {
96 return pm.elements();
97 }
98
99 private void logPermissionCollection(PermissionCollection pm){
100 Enumeration enumPerm = pm.elements();
101 while(enumPerm.hasMoreElements()){
102 Permission perm =(Permission)enumPerm.nextElement();
103 logger.debug("@@ user has got "+perm.getClass().getName()+" name="+perm.getName()+" actions="+perm.getActions()+" @@");
104 }
105 }
106
107 }