/**
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.activemq.security;
import org.apache.activemq.filter.DestinationMapEntry;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import java.util.StringTokenizer;
/**
* Represents an entry in a {@link DefaultAuthorizationMap} for assigning
* different operations (read, write, admin) of user roles to a specific
* destination or a hierarchical wildcard area of destinations.
*/
@SuppressWarnings("rawtypes")
public class AuthorizationEntry extends DestinationMapEntry {
private Set<Object> readACLs = emptySet();
private Set<Object> writeACLs = emptySet();
private Set<Object> adminACLs = emptySet();
protected String adminRoles;
protected String readRoles;
protected String writeRoles;
private String groupClass;
public String getGroupClass() {
return groupClass;
}
@SuppressWarnings("unchecked")
private Set<Object> emptySet() {
return Collections.EMPTY_SET;
}
public void setGroupClass(String groupClass) {
this.groupClass = groupClass;
}
public Set<Object> getAdminACLs() {
return adminACLs;
}
public void setAdminACLs(Set<Object> adminACLs) {
this.adminACLs = adminACLs;
}
public Set<Object> getReadACLs() {
return readACLs;
}
public void setReadACLs(Set<Object> readACLs) {
this.readACLs = readACLs;
}
public Set<Object> getWriteACLs() {
return writeACLs;
}
public void setWriteACLs(Set<Object> writeACLs) {
this.writeACLs = writeACLs;
}
// helper methods for easier configuration in Spring
// ACLs are already set in the afterPropertiesSet method to ensure that
// groupClass is set first before
// calling parceACLs() on any of the roles. We still need to add the call to
// parceACLs inside the helper
// methods for instances where we configure security programatically without
// using xbean
// -------------------------------------------------------------------------
public void setAdmin(String roles) throws Exception {
adminRoles = roles;
setAdminACLs(parseACLs(adminRoles));
}
public void setRead(String roles) throws Exception {
readRoles = roles;
setReadACLs(parseACLs(readRoles));
}
public void setWrite(String roles) throws Exception {
writeRoles = roles;
setWriteACLs(parseACLs(writeRoles));
}
protected Set<Object> parseACLs(String roles) throws Exception {
Set<Object> answer = new HashSet<Object>();
StringTokenizer iter = new StringTokenizer(roles, ",");
while (iter.hasMoreTokens()) {
String name = iter.nextToken().trim();
String groupClass = (this.groupClass != null ? this.groupClass : DefaultAuthorizationMap.DEFAULT_GROUP_CLASS);
answer.add(DefaultAuthorizationMap.createGroupPrincipal(name, groupClass));
}
return answer;
}
@Override
public boolean equals(Object o) {
if (this == o) return true;
if (!(o instanceof AuthorizationEntry)) return false;
AuthorizationEntry that = (AuthorizationEntry) o;
if (adminACLs != null ? !adminACLs.equals(that.adminACLs) : that.adminACLs != null) return false;
if (adminRoles != null ? !adminRoles.equals(that.adminRoles) : that.adminRoles != null) return false;
if (groupClass != null ? !groupClass.equals(that.groupClass) : that.groupClass != null) return false;
if (readACLs != null ? !readACLs.equals(that.readACLs) : that.readACLs != null) return false;
if (readRoles != null ? !readRoles.equals(that.readRoles) : that.readRoles != null) return false;
if (writeACLs != null ? !writeACLs.equals(that.writeACLs) : that.writeACLs != null) return false;
if (writeRoles != null ? !writeRoles.equals(that.writeRoles) : that.writeRoles != null) return false;
return true;
}
@Override
public int hashCode() {
int result = readACLs != null ? readACLs.hashCode() : 0;
result = 31 * result + (writeACLs != null ? writeACLs.hashCode() : 0);
result = 31 * result + (adminACLs != null ? adminACLs.hashCode() : 0);
result = 31 * result + (adminRoles != null ? adminRoles.hashCode() : 0);
result = 31 * result + (readRoles != null ? readRoles.hashCode() : 0);
result = 31 * result + (writeRoles != null ? writeRoles.hashCode() : 0);
result = 31 * result + (groupClass != null ? groupClass.hashCode() : 0);
return result;
}
}