CombinationManagementPermission.java example

Explorer
wildfly-core-master
/*
 * JBoss, Home of Professional Open Source.
 * Copyright 2013, Red Hat, Inc., and individual contributors
 * as indicated by the @author tags. See the copyright.txt file in the
 * distribution for a full listing of individual contributors.
 *
 * This is free software; you can redistribute it and/or modify it
 * under the terms of the GNU Lesser General Public License as
 * published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * This software is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this software; if not, write to the Free
 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
 */

package org.jboss.as.controller.access.permission;

import java.security.Permission;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.TreeSet;

import org.jboss.as.controller.logging.ControllerLogger;
import org.jboss.as.controller.access.Action;
import org.jboss.as.controller.access.CombinationPolicy;

/**
 * A {@link ManagementPermission} that combines multiple underlying permissions according
 * to a {@link org.jboss.as.controller.access.CombinationPolicy}.
 *
 * @author Brian Stansberry (c) 2013 Red Hat Inc.
 */
public class CombinationManagementPermission extends ManagementPermission {

    private final CombinationPolicy combinationPolicy;
    private final Map<String, ManagementPermission> underlyingPermissions = new HashMap<String, ManagementPermission>();

    public CombinationManagementPermission(CombinationPolicy combinationPolicy, Action.ActionEffect actionEffect) {
        super("CombinationManagementPermission", actionEffect);
        this.combinationPolicy = combinationPolicy;
    }

    /**
     * Adds a permission.
     * <p>
     * This method should not be called after the instance has been made visible to another thread
     * than the one that constructed it.
     * </p>
     * @param permissionName name of the permission to add. Cannot be {@code null}
     * @param underlyingPermission the permission. Cannot be {@code null}
     */
    public void addUnderlyingPermission(String permissionName, ManagementPermission underlyingPermission) {
        assert underlyingPermission.getActionEffect() == getActionEffect() : "incompatible ActionEffect";
        if (combinationPolicy == CombinationPolicy.REJECTING && underlyingPermissions.size() > 0) {
            throw ControllerLogger.ROOT_LOGGER.illegalMultipleRoles();
        }
        underlyingPermissions.put(permissionName, underlyingPermission);
    }

    @Override
    public String getActions() {
        Set<Action.ActionEffect> effects = new TreeSet<Action.ActionEffect>();
        for (ManagementPermission permission : underlyingPermissions.values()) {
            effects.add(permission.getActionEffect());
        }
        boolean first = true;
        StringBuilder sb = new StringBuilder();
        for (Action.ActionEffect effect : effects) {
            if (!first) {
                sb.append(',');
            } else {
                first = false;
            }
            sb.append(effect.toString());
        }
        return sb.toString();
    }

    @Override
    public boolean implies(Permission permission) {
        if (combinationPolicy == CombinationPolicy.PERMISSIVE) {
            for (ManagementPermission underlying : underlyingPermissions.values()) {
                if (underlying.implies(permission)) {
                    return true;
                }
            }
            if (ControllerLogger.ACCESS_LOGGER.isTraceEnabled()) {
                ControllerLogger.ACCESS_LOGGER.tracef("None of the underlying permissions %s imply %s", underlyingPermissions.keySet(), permission);
            }
            return false;
        } else {
            for (Map.Entry<String, ManagementPermission> underlying : underlyingPermissions.entrySet()) {
                if (!underlying.getValue().implies(permission)) {
                    ControllerLogger.ACCESS_LOGGER.tracef("Underlying permission %s does not imply %s", underlying.getKey(), permission);
                    return false;
                }
            }
            return true;

        }
    }

    @Override
    public boolean equals(Object o) {
        if (this == o) return true;
        if (o == null || getClass() != o.getClass()) return false;

        CombinationManagementPermission that = (CombinationManagementPermission) o;

        // TODO I believe that actionEffect should be taken into account here (and in hashCode)

        return combinationPolicy == that.combinationPolicy && underlyingPermissions.equals(that.underlyingPermissions);

    }

    @Override
    public int hashCode() {
        int result = combinationPolicy.hashCode();
        result = 31 * result + underlyingPermissions.hashCode();
        return result;
    }
}