View Javadoc

1   /*
2   jGuard is a security framework based on top of jaas (java authentication and authorization security).
3   it is written for web applications, to resolve simply, access control problems.
4   version $Name:  $
5   http://sourceforge.net/projects/jguard/
6   
7   Copyright (C) 2004  Charles GAY
8   
9   This library is free software; you can redistribute it and/or
10  modify it under the terms of the GNU Lesser General Public
11  License as published by the Free Software Foundation; either
12  version 2.1 of the License, or (at your option) any later version.
13  
14  This library is distributed in the hope that it will be useful,
15  but WITHOUT ANY WARRANTY; without even the implied warranty of
16  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
17  Lesser General Public License for more details.
18  
19  You should have received a copy of the GNU Lesser General Public
20  License along with this library; if not, write to the Free Software
21  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
22  
23  
24  jGuard project home page:
25  http://sourceforge.net/projects/jguard/
26  
27  */
28  package net.sf.jguard.core.authorization.policy;
29  
30  import java.security.AccessControlContext;
31  import java.security.AccessControlException;
32  import java.security.AccessController;
33  import java.security.Permission;
34  import java.security.PermissionCollection;
35  import java.security.Policy;
36  import java.security.ProtectionDomain;
37  import java.util.Set;
38  
39  import javax.security.auth.Subject;
40  
41  
42  /**
43   * {@link AccessController} clone used to check permission against an isolated Policy
44   * not tight to the system Policy. 
45   * @author <a href="mailto:diabolo512@users.sourceforge.net">Charles Gay</a>
46   * @see java.security.AccessController
47   * @since 1.0
48   */
49  public class LocalAccessController {
50  	
51  	private Policy policy;
52  	
53  	public LocalAccessController(Policy policy){
54  		this.policy = policy;
55  	}
56  	
57  	
58  	/**
59  	 * controls that the provided Subject has got the permission requested
60  	 * against the Policy.
61  	 * @param permission to check
62       * @throws AccessControlException when access is denied
63  	 */
64  	public void checkPermission(Permission permission)throws AccessControlException{
65  		AccessControlContext acc = AccessController.getContext();
66      
67  		Subject subject = Subject.getSubject(acc);
68  		if(acc==null){
69  			//system code is always allowed
70  			return;
71  		}
72  		if(subject==null){
73  			//like this class is used in 'local' mode,
74  			//the security is not tight with the jvm security
75  			//we don't make restrictions when this code can be 
76  			//avoided easily 
77  			// to have a more deep security, use the 'jvm' mode
78  			return;
79  		}
80  		if(permission == null){
81  			throw new NullPointerException(" permission provided is null ");
82  		}
83  		
84  		Set principals = subject.getPrincipals();
85  		ProtectionDomain domain = ProtectionDomainUtils.getEmptyProtectionDomain(principals);
86  		PermissionCollection permColl = policy.getPermissions(domain);
87  		if (!permColl.implies(permission)) {
88  			StringBuffer sb = new StringBuffer(" permission ");
89  			throw new AccessControlException(sb.append(permission.toString()).append(" is not granted ").toString(),permission);
90  		}
91  	}
92  	
93  	public Policy getPolicy(){
94  		return policy;
95  	}
96  	
97  }