JGuardPolicy xref

View Javadoc

1   /*
2    jGuard is a security framework based on top of jaas (java authentication and authorization security).
3    it is written for web applications, to resolve simply, access control problems.
4    version $Name$
5    http://sourceforge.net/projects/jguard/
6   
7    Copyright (C) 2004  Charles GAY
8   
9    This library is free software; you can redistribute it and/or
10   modify it under the terms of the GNU Lesser General Public
11   License as published by the Free Software Foundation; either
12   version 2.1 of the License, or (at your option) any later version.
13  
14   This library is distributed in the hope that it will be useful,
15   but WITHOUT ANY WARRANTY; without even the implied warranty of
16   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
17   Lesser General Public License for more details.
18  
19   You should have received a copy of the GNU Lesser General Public
20   License along with this library; if not, write to the Free Software
21   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
22  
23  
24   jGuard project home page:
25   http://sourceforge.net/projects/jguard/
26  
27   */
28  package net.sf.jguard.core.authorization.policy;
29  
30  import java.io.File;
31  import java.io.FileInputStream;
32  import java.io.FileNotFoundException;
33  import java.io.IOException;
34  import java.security.CodeSource;
35  import java.security.Permission;
36  import java.security.PermissionCollection;
37  import java.security.Permissions;
38  import java.security.Policy;
39  import java.security.ProtectionDomain;
40  import java.util.Enumeration;
41  import java.util.Properties;
42  
43  import net.sf.jguard.core.authorization.manager.PermissionProvider;
44  import net.sf.jguard.core.authorization.permissions.AuditPermissionCollection;
45  import org.slf4j.Logger;
46  import org.slf4j.LoggerFactory;
47  
48  
49  /**
50   * JGuard Policy abstract implementation.
51   * @see net.sf.jguard.core.authorization.policy.AbstractMultipleAppPolicy
52   * @see net.sf.jguard.core.authorization.policy.MultipleAppPolicy
53   * @see net.sf.jguard.ext.authorization.policy.classic.SingleAppPolicy
54   * @author <a href="mailto:diabolo512@users.sourceforge.net">Charles Gay</a>
55   * @author <a href="mailto:vberetti@users.sourceforge.net">Vincent Beretti</a>
56   */
57  public abstract class JGuardPolicy extends java.security.Policy {
58  
59  	private static final String LIB = "lib";
60  	private static final String SECURITY = "security";
61  	private static final String J_GUARD_POLICY = "jGuard.policy";
62  	private static final String JGUARD_POLICY_LOCATION = File.separator + JGuardPolicy.LIB + File.separator + JGuardPolicy.SECURITY + File.separator + JGuardPolicy.J_GUARD_POLICY;
63  	private static final String DEFAULT_POLICY = "defaultPolicy";
64  	private static final String JAVA_HOME = "java.home";
65  	//old Policy instance replaced by JGuardPolicy
66  	protected static Policy defaultPolicy;
67  	//old Policy instance Class replaced by JGuardPolicy
68  	private static Class policyClass;
69  	private static Logger logger = LoggerFactory.getLogger(JGuardPolicy.class.getName());
70  	protected final static String version = "1.1.0 beta 5";
71  	
72  	
73  	/**
74  	 * default constructor.
75  	 */
76  	public JGuardPolicy(){
77  		super();
78  	}
79  	
80  	/**
81  	 * load the default Policy implementation class.
82  	 */
83  	protected void loadDefaultPolicy() {
84  		//the securityManager is not set
85  		if (System.getSecurityManager() == null) {
86  			String javaHome = System.getProperty(JGuardPolicy.JAVA_HOME);
87  			Properties props = new Properties();
88  			String defPolicy = null;
89  
90  			try {
91  				props.load(new FileInputStream(new File(javaHome + JGuardPolicy.JGUARD_POLICY_LOCATION)));
92  				defPolicy = props.getProperty(JGuardPolicy.DEFAULT_POLICY);
93  			} catch (FileNotFoundException e) {
94  				logger.info( "loadDefaultPolicy() -  jGuard.policy is not found " + e.getMessage());
95  			} catch (IOException e) {
96  				logger.info( "loadDefaultPolicy() -  jGuard.policy is not reachable " + e.getMessage());
97  			}
98  
99  			try {
100 
101 				if(defPolicy==null){
102 					logger.info("loadDefaultPolicy() -  'defaultPolicy' field in the jGuard.Policy file is not defined ");
103 					logger.info("loadDefaultPolicy() -  jGuard try to discover the default one ");
104 					// we search the default policy class
105 					policyClass = PolicyHelper.findDefaultPolicy();
106 				} else {
107 					// we use the defined default policy class
108 					policyClass = Class.forName(defPolicy);
109 				}
110 			} catch (ClassNotFoundException e1) {
111 				logger.info( "loadDefaultPolicy() - the default policy class cannot be found " + e1.getMessage());
112 			}
113 
114 			//the securityManager is set
115 		}else{
116 			policyClass = PolicyHelper.findDefaultPolicy();
117 		}
118 
119 		try {
120 			defaultPolicy = (Policy)policyClass.newInstance();
121 		} catch (InstantiationException e2) {
122 			logger.info("loadDefaultPolicy() - the default policy class cannot be instantiated"
123 					+ e2.getMessage());
124 		} catch (IllegalAccessException e2) {
125 			logger.info("loadDefaultPolicy() - the default policy class cannot be accessed "
126 					+ e2.getMessage());
127 		}
128 	}
129 
130 	/**
131 	 * JGuard Policy act as a wrapper for this method.
132 	 * it delegates to default's Policy implementation defined in Jguard.policy file, this method.
133 	 * @see java.security.Policy#getPermissions(java.security.CodeSource)
134 	 * @param codesource
135 	 * @return all the permissions own by the CodeSource
136 	 */
137 	public PermissionCollection getPermissions(CodeSource codesource) {
138 		PermissionCollection permColl = defaultPolicy.getPermissions(codesource);
139 		return new AuditPermissionCollection(permColl, codesource);
140 	}
141 
142 	public abstract PermissionCollection getPermissions(ProtectionDomain protectionDomain);
143 
144 	public abstract void refresh();
145 
146 	protected PermissionCollection getPermissions(ProtectionDomain protectionDomain, PermissionProvider permissionProvider) {
147 		PermissionCollection pc = null;
148 		if(System.getSecurityManager()!=null){
149 	        pc = defaultPolicy.getPermissions(protectionDomain);
150 	    }
151 	
152 	    //if this protection domain is protected by jGuard
153 		if(permissionProvider!=null){
154 			//retrieve permissions from roles owned by the user which are active
155 			//and resolve regexp in permissions
156 	    	PermissionCollection pc2= permissionProvider.getPermissions(protectionDomain);
157 	    	
158 	        //the SecurityManager is set,we merge the default permissionCollection and the permissionCollection returned by jGuard
159 	        if(System.getSecurityManager()!=null){
160 	            Enumeration enumeration = pc2.elements();
161 	            while(enumeration.hasMoreElements()){
162 	        	    pc.add((Permission)enumeration.nextElement());
163 	            }
164 	        }else{
165 	            //there is no SecurityManager set
166 	            //we return only the permissionCollection obtained by jGuard
167 	            pc = pc2;
168 	        }
169 	    }
170 	
171 	    return pc;
172 	}
173 
174 	public abstract  void addAlwaysGrantedPermissions(ClassLoader cl,Permissions alwaysGrantedPermissions);
175 		
176 	
177 }