Source code

001/**
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements.  See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License.  You may obtain a copy of the License at
008 *
009 *      http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017package org.apache.activemq.security;
018
019import org.apache.activemq.filter.DestinationMapEntry;
020
021import java.util.Collections;
022import java.util.HashSet;
023import java.util.Set;
024import java.util.StringTokenizer;
025
026/**
027 * Represents an entry in a {@link DefaultAuthorizationMap} for assigning
028 * different operations (read, write, admin) of user roles to a specific
029 * destination or a hierarchical wildcard area of destinations.
030 */
031@SuppressWarnings("rawtypes")
032public class AuthorizationEntry extends DestinationMapEntry {
033
034    private Set<Object> readACLs = emptySet();
035    private Set<Object> writeACLs = emptySet();
036    private Set<Object> adminACLs = emptySet();
037
038    protected String adminRoles;
039    protected String readRoles;
040    protected String writeRoles;
041
042    private String groupClass;
043
044    public String getGroupClass() {
045        return groupClass;
046    }
047
048    private Set<Object> emptySet() {
049        return Collections.emptySet();
050    }
051
052    public void setGroupClass(String groupClass) {
053        this.groupClass = groupClass;
054    }
055
056    public Set<Object> getAdminACLs() {
057        return adminACLs;
058    }
059
060    public void setAdminACLs(Set<Object> adminACLs) {
061        this.adminACLs = adminACLs;
062    }
063
064    public Set<Object> getReadACLs() {
065        return readACLs;
066    }
067
068    public void setReadACLs(Set<Object> readACLs) {
069        this.readACLs = readACLs;
070    }
071
072    public Set<Object> getWriteACLs() {
073        return writeACLs;
074    }
075
076    public void setWriteACLs(Set<Object> writeACLs) {
077        this.writeACLs = writeACLs;
078    }
079
080    // helper methods for easier configuration in Spring
081    // ACLs are already set in the afterPropertiesSet method to ensure that
082    // groupClass is set first before
083    // calling parceACLs() on any of the roles. We still need to add the call to
084    // parceACLs inside the helper
085    // methods for instances where we configure security programatically without
086    // using xbean
087    // -------------------------------------------------------------------------
088    public void setAdmin(String roles) throws Exception {
089        adminRoles = roles;
090        setAdminACLs(parseACLs(adminRoles));
091    }
092
093    public void setRead(String roles) throws Exception {
094        readRoles = roles;
095        setReadACLs(parseACLs(readRoles));
096    }
097
098    public void setWrite(String roles) throws Exception {
099        writeRoles = roles;
100        setWriteACLs(parseACLs(writeRoles));
101    }
102
103    protected Set<Object> parseACLs(String roles) throws Exception {
104        Set<Object> answer = new HashSet<Object>();
105        StringTokenizer iter = new StringTokenizer(roles, ",");
106        while (iter.hasMoreTokens()) {
107            String name = iter.nextToken().trim();
108            String groupClass = (this.groupClass != null ? this.groupClass : DefaultAuthorizationMap.DEFAULT_GROUP_CLASS);
109            answer.add(DefaultAuthorizationMap.createGroupPrincipal(name, groupClass));
110        }
111        return answer;
112    }
113
114    @Override
115    public boolean equals(Object o) {
116        if (this == o) return true;
117        if (!(o instanceof AuthorizationEntry)) return false;
118
119        AuthorizationEntry that = (AuthorizationEntry) o;
120
121        if (adminACLs != null ? !adminACLs.equals(that.adminACLs) : that.adminACLs != null) return false;
122        if (adminRoles != null ? !adminRoles.equals(that.adminRoles) : that.adminRoles != null) return false;
123        if (groupClass != null ? !groupClass.equals(that.groupClass) : that.groupClass != null) return false;
124        if (readACLs != null ? !readACLs.equals(that.readACLs) : that.readACLs != null) return false;
125        if (readRoles != null ? !readRoles.equals(that.readRoles) : that.readRoles != null) return false;
126        if (writeACLs != null ? !writeACLs.equals(that.writeACLs) : that.writeACLs != null) return false;
127        if (writeRoles != null ? !writeRoles.equals(that.writeRoles) : that.writeRoles != null) return false;
128
129        return true;
130    }
131
132    @Override
133    public int hashCode() {
134        int result = readACLs != null ? readACLs.hashCode() : 0;
135        result = 31 * result + (writeACLs != null ? writeACLs.hashCode() : 0);
136        result = 31 * result + (adminACLs != null ? adminACLs.hashCode() : 0);
137        result = 31 * result + (adminRoles != null ? adminRoles.hashCode() : 0);
138        result = 31 * result + (readRoles != null ? readRoles.hashCode() : 0);
139        result = 31 * result + (writeRoles != null ? writeRoles.hashCode() : 0);
140        result = 31 * result + (groupClass != null ? groupClass.hashCode() : 0);
141        return result;
142    }
143}