|
1 /* |
|
2 * Copyright (c) 2008 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: |
|
15 * |
|
16 */ |
|
17 |
|
18 package com.nokia.mj.impl.security.midp.authorization; |
|
19 |
|
20 import java.util.Vector; |
|
21 import java.util.Hashtable; |
|
22 import java.security.Permission; |
|
23 import com.nokia.mj.impl.utils.Uid; |
|
24 import com.nokia.mj.impl.utils.Tokenizer; |
|
25 import com.nokia.mj.impl.utils.exception.InvalidAttributeException; |
|
26 import com.nokia.mj.impl.utils.InstallerDetailedErrorMessage; |
|
27 import com.nokia.mj.impl.utils.InstallerErrorMessage; |
|
28 import com.nokia.mj.impl.utils.OtaStatusCode; |
|
29 import com.nokia.mj.impl.security.midp.common.PermissionAttribute; |
|
30 import com.nokia.mj.impl.security.midp.common.PolicyBasedPermission; |
|
31 import com.nokia.mj.impl.security.midp.common.PolicyBasedPermissionImpl; |
|
32 import com.nokia.mj.impl.security.midp.common.UserSecuritySettings; |
|
33 import com.nokia.mj.impl.security.common.PermissionBase; |
|
34 import com.nokia.mj.impl.security.midp.storage.*; |
|
35 import com.nokia.mj.impl.storage.StorageSession; |
|
36 import com.nokia.mj.impl.security.utils.Logger; |
|
37 |
|
38 |
|
39 /** |
|
40 * Permission resolver: it resolves a list of permissions against another list |
|
41 * of permissions, returning the list of permissions which resolved the |
|
42 * permissions. Resolving means callint the implies method of Permission |
|
43 * objects |
|
44 */ |
|
45 public final class PermissionResolver |
|
46 { |
|
47 /* |
|
48 * Cache for Permission objects |
|
49 */ |
|
50 // Add synchronization for access to these hashtables |
|
51 private static Hashtable policyPermissionInstances = new Hashtable(); |
|
52 private static Hashtable grantedPermissionInstances = new Hashtable(); |
|
53 |
|
54 public static Vector resolvePermissions( |
|
55 Uid msUID, |
|
56 PermissionAttribute[] requestedPermissions, |
|
57 PolicyBasedPermission[] policyPermissions) |
|
58 { |
|
59 if (requestedPermissions == null) |
|
60 { |
|
61 return null; |
|
62 } |
|
63 |
|
64 Vector resolvedPermissions = new Vector(); |
|
65 for (int i=0; i<requestedPermissions.length; i++) |
|
66 { |
|
67 if (requestedPermissions[i].isLegacyAttribute()) |
|
68 { |
|
69 Vector legacyPermissions = resolveLegacyPermission(requestedPermissions[i], |
|
70 policyPermissions); |
|
71 // add legacyPermissions into resolved permissions |
|
72 // Is it possible to provide the vector to resolveLegacyPermission method which will fill it? |
|
73 if (legacyPermissions != null && legacyPermissions.size() > 0) |
|
74 { |
|
75 for (int j=0; j<legacyPermissions.size(); j++) |
|
76 { |
|
77 resolvedPermissions.addElement( |
|
78 legacyPermissions.elementAt(j)); |
|
79 } |
|
80 } |
|
81 else if (requestedPermissions[i].getImportance() |
|
82 == PermissionAttribute.MANDATORY_PERMISSION) |
|
83 { |
|
84 Logger.logError("Permission " + requestedPermissions[i].getName() + " not supported"); |
|
85 throw new InvalidAttributeException( |
|
86 InstallerErrorMessage.INST_CORRUPT_PKG, |
|
87 null, /* no params for short msg */ |
|
88 InstallerDetailedErrorMessage.ATTR_UNSUPPORTED, |
|
89 new String[] {requestedPermissions[i].getAttributeName()}, |
|
90 OtaStatusCode.APPLICATION_AUTHORIZATION_FAILURE); |
|
91 } |
|
92 continue; |
|
93 } |
|
94 try |
|
95 { |
|
96 Permission p = (Permission)ClassInstantiator.newInstance( |
|
97 requestedPermissions[i].getName(), |
|
98 requestedPermissions[i].getTarget(), |
|
99 requestedPermissions[i].getActionList()); |
|
100 Vector resolvedPermissionSet = resolvePermission( |
|
101 msUID, p, policyPermissions); |
|
102 if (resolvedPermissionSet != null) |
|
103 { |
|
104 if (identicalSettings(resolvedPermissionSet)) |
|
105 { |
|
106 PolicyBasedPermission rPerm = (PolicyBasedPermission) |
|
107 resolvedPermissionSet.elementAt(0); |
|
108 if (rPerm.getUserSecuritySettings() == null) |
|
109 { |
|
110 resolvedPermissions.addElement( |
|
111 new PolicyBasedPermissionImpl( |
|
112 requestedPermissions[i].getName(), |
|
113 requestedPermissions[i].getTarget(), |
|
114 requestedPermissions[i].getActionList(), |
|
115 rPerm.getType())); |
|
116 } |
|
117 else |
|
118 { |
|
119 resolvedPermissions.addElement( |
|
120 new PolicyBasedPermissionImpl( |
|
121 requestedPermissions[i].getName(), |
|
122 requestedPermissions[i].getTarget(), |
|
123 requestedPermissions[i].getActionList(), |
|
124 rPerm.getUserSecuritySettings())); |
|
125 } |
|
126 } |
|
127 else |
|
128 { |
|
129 for (int j=0; j<resolvedPermissionSet.size(); j++) |
|
130 { |
|
131 resolvedPermissions.addElement( |
|
132 resolvedPermissionSet.elementAt(j)); |
|
133 } |
|
134 } |
|
135 } |
|
136 else |
|
137 { |
|
138 // the permission was not resovled |
|
139 if (requestedPermissions[i].getImportance() |
|
140 == PermissionAttribute.MANDATORY_PERMISSION) |
|
141 { |
|
142 Logger.logError("Permission " + requestedPermissions[i].getName() + " not supported"); |
|
143 throw new InvalidAttributeException( |
|
144 InstallerErrorMessage.INST_CORRUPT_PKG, |
|
145 null, /* no params for short msg */ |
|
146 InstallerDetailedErrorMessage.ATTR_UNSUPPORTED, |
|
147 new String[] {requestedPermissions[i].getAttributeName()}, |
|
148 OtaStatusCode.APPLICATION_AUTHORIZATION_FAILURE); |
|
149 } |
|
150 } |
|
151 } |
|
152 catch (InstantiationException e) |
|
153 { |
|
154 if (requestedPermissions[i].getImportance() |
|
155 == PermissionAttribute.MANDATORY_PERMISSION) |
|
156 { |
|
157 Logger.logError("Permission " + requestedPermissions[i].getName() + " not supported"); |
|
158 throw new InvalidAttributeException( |
|
159 InstallerErrorMessage.INST_CORRUPT_PKG, |
|
160 null, /* no params for short msg */ |
|
161 InstallerDetailedErrorMessage.ATTR_UNSUPPORTED, |
|
162 new String[] {requestedPermissions[i].getAttributeName()}, |
|
163 OtaStatusCode.APPLICATION_AUTHORIZATION_FAILURE); |
|
164 } |
|
165 // ignore, since the permission was optional |
|
166 } |
|
167 } |
|
168 if (resolvedPermissions.size() == 0) |
|
169 { |
|
170 return null; |
|
171 } |
|
172 return resolvedPermissions; |
|
173 } |
|
174 |
|
175 public static Vector resolvePermission( |
|
176 StorageSession aStorageSession, |
|
177 Uid msUID, |
|
178 Permission requestedPermission) |
|
179 { |
|
180 return resolvePermission(requestedPermission, |
|
181 getGrantedPermissionInstances(aStorageSession, msUID)); |
|
182 } |
|
183 |
|
184 /** |
|
185 * Indication that certain settings have changed. This is implemented |
|
186 * so that the new settings are updated into the cache |
|
187 */ |
|
188 // Add synchronization |
|
189 static void settingsChanged(Uid msUID, UserSecuritySettings newSettings) |
|
190 { |
|
191 Vector oldPermissionInstancesAndSettings = |
|
192 (Vector)grantedPermissionInstances.remove(msUID); |
|
193 if (oldPermissionInstancesAndSettings != null) |
|
194 { |
|
195 Vector newPermissionInstancesAndSettings = new Vector(); |
|
196 for (int i=0; i < oldPermissionInstancesAndSettings.size(); i++) |
|
197 { |
|
198 PermisionInstanceAndSettings p = (PermisionInstanceAndSettings) |
|
199 oldPermissionInstancesAndSettings.elementAt(i); |
|
200 if (p.getSettings() != null && p.getSettings().getName() |
|
201 .equals(newSettings.getName())) |
|
202 { |
|
203 // add new settings |
|
204 newPermissionInstancesAndSettings.addElement( |
|
205 new PermisionInstanceAndSettings( |
|
206 p.getPermissionInstance(), newSettings)); |
|
207 } |
|
208 else |
|
209 { |
|
210 // keep the old settings |
|
211 newPermissionInstancesAndSettings.addElement(p); |
|
212 } |
|
213 } |
|
214 grantedPermissionInstances.put(msUID, |
|
215 newPermissionInstancesAndSettings); |
|
216 } |
|
217 } |
|
218 |
|
219 private static Vector resolvePermission( |
|
220 Permission requestedPermission, |
|
221 Vector permissionInstances) |
|
222 { |
|
223 if (permissionInstances == null |
|
224 || requestedPermission == null) |
|
225 { |
|
226 return null; |
|
227 } |
|
228 Vector resolvedPermissions = new Vector(); |
|
229 // stage 1: try the simple permissions (simple permission = permission with single action) |
|
230 for (int i=0; i<permissionInstances.size(); i++) |
|
231 { |
|
232 PermisionInstanceAndSettings p = |
|
233 (PermisionInstanceAndSettings)permissionInstances |
|
234 .elementAt(i); |
|
235 Object policyPermission = p.getPermissionInstance(); |
|
236 if (policyPermission.getClass().isInstance(requestedPermission) |
|
237 && ((Permission)policyPermission).implies(requestedPermission)) |
|
238 { |
|
239 resolvedPermissions.addElement( |
|
240 getResolvedPermission( |
|
241 requestedPermission, |
|
242 policyPermission, |
|
243 p.getSettings(), |
|
244 requestedPermission.getClass().getName(), |
|
245 requestedPermission.getName(), |
|
246 requestedPermission.getActions())); |
|
247 return resolvedPermissions; |
|
248 } |
|
249 } |
|
250 // stage 2: try the requested complex permissions (complex permission = permission with multiple actions) |
|
251 String[] actions = Tokenizer.split(requestedPermission.getActions(), |
|
252 ","); |
|
253 if (actions != null && actions.length > 0) |
|
254 { |
|
255 for (int i=0; i<actions.length; i++) |
|
256 { |
|
257 boolean permissionResolved = false; |
|
258 try |
|
259 { |
|
260 Permission p1 = (Permission)ClassInstantiator.newInstance( |
|
261 requestedPermission.getClass().getName(), |
|
262 requestedPermission.getName(), actions[i]); |
|
263 for (int j=0; j<permissionInstances.size(); j++) |
|
264 { |
|
265 PermisionInstanceAndSettings p = |
|
266 (PermisionInstanceAndSettings)permissionInstances |
|
267 .elementAt(j); |
|
268 Object policyPermission = p.getPermissionInstance(); |
|
269 if (policyPermission.getClass().isInstance(p1) |
|
270 && ((Permission)policyPermission).implies(p1)) |
|
271 { |
|
272 permissionResolved = true; |
|
273 // add the permission to the result only of not found among the existing ones |
|
274 PolicyBasedPermissionImpl permission1 = |
|
275 getResolvedPermission(requestedPermission, |
|
276 policyPermission, |
|
277 p.getSettings(), |
|
278 requestedPermission.getClass().getName(), |
|
279 requestedPermission.getName(), |
|
280 actions[i]); |
|
281 if (permission1.getActionList() == null |
|
282 || permission1.getActionList().length() == 0) |
|
283 { |
|
284 resolvedPermissions.addElement(permission1); |
|
285 continue; |
|
286 } |
|
287 UserSecuritySettings settings1 = permission1.getUserSecuritySettings(); |
|
288 boolean found = false; |
|
289 for (int k=0; k<resolvedPermissions.size(); k++) |
|
290 { |
|
291 PolicyBasedPermissionImpl permission2 = |
|
292 (PolicyBasedPermissionImpl)(resolvedPermissions.elementAt(k)); |
|
293 if (permission2.getActionList() != null |
|
294 && permission2.getActionList().length() > 0) |
|
295 { |
|
296 UserSecuritySettings settings2 = |
|
297 permission2.getUserSecuritySettings(); |
|
298 // group resolve permissions by name and settings |
|
299 if (permission1.getClass().getName().equals(permission2.getClass().getName()) |
|
300 && ((permission1.getName() != null && permission2.getName() != null |
|
301 && permission1.getName().equals(permission2.getName())) |
|
302 || (permission1.getName() == null && permission2.getName() == null)) |
|
303 && ((settings1 != null && settings2 != null && settings1.equals(settings2)) |
|
304 || (settings1 == null && settings2 == null))) |
|
305 { |
|
306 // replace element at position k with another one having |
|
307 // the combined actions |
|
308 resolvedPermissions.setElementAt(getResolvedPermission( |
|
309 permission1.getPromptDetails(), |
|
310 p.getSettings(), |
|
311 requestedPermission.getClass().getName(), |
|
312 requestedPermission.getName(), |
|
313 permission2.getActionList() + "," + permission1.getActionList()), |
|
314 k); |
|
315 found = true; |
|
316 break; |
|
317 } |
|
318 } |
|
319 } |
|
320 if (!found) |
|
321 { |
|
322 resolvedPermissions.addElement(permission1); |
|
323 } |
|
324 break; |
|
325 } |
|
326 } |
|
327 } |
|
328 catch (InstantiationException e) |
|
329 { |
|
330 // ignore it |
|
331 } |
|
332 if (!permissionResolved) |
|
333 { |
|
334 resolvedPermissions.removeAllElements(); |
|
335 break; |
|
336 } |
|
337 } |
|
338 if (resolvedPermissions.size() > 0) |
|
339 { |
|
340 return resolvedPermissions; |
|
341 } |
|
342 } |
|
343 // stage 3: try the granted complex permissions (complex permission = permission with multiple actions) |
|
344 // - step 1: group permissions having same name, target and settings |
|
345 // into a list of complex permissions (= permissions with |
|
346 // same name, target and settings but with the composite |
|
347 // action (comma separated list of individual actions) |
|
348 // - step 2: try to resolve the requested permission against the |
|
349 // list of complet permissions |
|
350 Vector tmp = new Vector(); |
|
351 for (int i=0; i<permissionInstances.size(); i++) |
|
352 { |
|
353 tmp.addElement(permissionInstances.elementAt(i)); |
|
354 } |
|
355 while (tmp.size() > 0) |
|
356 { |
|
357 PermisionInstanceAndSettings instance1 = |
|
358 (PermisionInstanceAndSettings)tmp.elementAt(0); |
|
359 tmp.removeElementAt(0); |
|
360 Permission permission1 = (Permission)instance1.getPermissionInstance(); |
|
361 UserSecuritySettings settings1 = instance1.getSettings(); |
|
362 String compositeAction = ""; |
|
363 // put the individual actions into a vector so that the composite |
|
364 // action is made only by unique actions (duplicates are discarded) |
|
365 Vector uniqueActions = new Vector(); |
|
366 int i=0; |
|
367 while (i<tmp.size()) |
|
368 { |
|
369 PermisionInstanceAndSettings instance2 = |
|
370 (PermisionInstanceAndSettings)tmp.elementAt(i); |
|
371 Permission permission2 = (Permission)instance2.getPermissionInstance(); |
|
372 UserSecuritySettings settings2 = instance2.getSettings(); |
|
373 if (permission1.getClass().getName().equals(permission2.getClass().getName()) |
|
374 && ((permission1.getName() != null && permission2.getName() != null |
|
375 && permission1.getName().equals(permission2.getName())) |
|
376 || (permission1.getName() == null && permission2.getName() == null)) |
|
377 && ((settings1 != null && settings2 != null && settings1.equals(settings2)) |
|
378 || (settings1 == null && settings2 == null))) |
|
379 { |
|
380 tmp.removeElementAt(i); |
|
381 if (permission1.getActions() != null && permission1.getActions().length() > 0) |
|
382 { |
|
383 if (!uniqueActions.contains(permission1.getActions())) |
|
384 { |
|
385 if (compositeAction.length() > 0) |
|
386 { |
|
387 compositeAction += ","; |
|
388 } |
|
389 compositeAction += permission1.getActions(); |
|
390 uniqueActions.addElement(permission1.getActions()); |
|
391 } |
|
392 } |
|
393 if (permission2.getActions() != null && permission2.getActions().length() > 0) |
|
394 { |
|
395 if (!uniqueActions.contains(permission2.getActions())) |
|
396 { |
|
397 if (compositeAction.length() > 0) |
|
398 { |
|
399 compositeAction += ","; |
|
400 } |
|
401 compositeAction += permission2.getActions(); |
|
402 uniqueActions.addElement(permission2.getActions()); |
|
403 } |
|
404 } |
|
405 } |
|
406 else |
|
407 { |
|
408 i++; |
|
409 } |
|
410 } |
|
411 if (compositeAction.length() > 0 && compositeAction.indexOf(',') != -1) |
|
412 { |
|
413 try |
|
414 { |
|
415 Permission perm = (Permission)ClassInstantiator.newInstance( |
|
416 permission1.getClass().getName(), |
|
417 permission1.getName(), |
|
418 compositeAction); |
|
419 if (perm.getClass().isInstance(requestedPermission) |
|
420 && perm.implies(requestedPermission)) |
|
421 { |
|
422 resolvedPermissions.addElement( |
|
423 getResolvedPermission( |
|
424 requestedPermission, |
|
425 permission1, |
|
426 settings1, |
|
427 requestedPermission.getClass().getName(), |
|
428 requestedPermission.getName(), |
|
429 requestedPermission.getActions())); |
|
430 return resolvedPermissions; |
|
431 } |
|
432 } |
|
433 catch (InstantiationException ex) {} |
|
434 } |
|
435 } |
|
436 if (resolvedPermissions.size() == 0) |
|
437 { |
|
438 return null; |
|
439 } |
|
440 return resolvedPermissions; |
|
441 } |
|
442 |
|
443 private static Vector resolvePermission( |
|
444 Uid msUID, |
|
445 Permission requestedPermission, |
|
446 PolicyBasedPermission[] policyPermissions) |
|
447 { |
|
448 Vector permissionInstances = getPolicyPermissionInstances( |
|
449 msUID, policyPermissions); |
|
450 return resolvePermission(requestedPermission, permissionInstances); |
|
451 } |
|
452 |
|
453 private static PolicyBasedPermissionImpl getResolvedPermission( |
|
454 PermissionBase securityPromptDetails, |
|
455 UserSecuritySettings userSettings, |
|
456 String permissionName, |
|
457 String targetName, |
|
458 String actionList) |
|
459 { |
|
460 PermissionBase securityPromptDetails2 = securityPromptDetails; |
|
461 if (securityPromptDetails != null |
|
462 && (!PermissionBase.matchActions(securityPromptDetails.getActions(),actionList) |
|
463 || !PermissionBase.matchActions(actionList, securityPromptDetails.getActions()))) |
|
464 { |
|
465 // the new instance is created only if the actions are different |
|
466 try |
|
467 { |
|
468 securityPromptDetails2 = (PermissionBase)ClassInstantiator |
|
469 .newInstance(securityPromptDetails.getClass().getName(), |
|
470 securityPromptDetails.getName(), |
|
471 actionList); |
|
472 } |
|
473 catch (InstantiationException e2) |
|
474 { |
|
475 // ignore it (no details) |
|
476 } |
|
477 } |
|
478 return new PolicyBasedPermissionImpl( |
|
479 permissionName, |
|
480 targetName, |
|
481 actionList, |
|
482 userSettings, |
|
483 securityPromptDetails2); |
|
484 } |
|
485 |
|
486 private static PolicyBasedPermissionImpl getResolvedPermission( |
|
487 Permission requestedPermission, |
|
488 Object policyPermission, |
|
489 UserSecuritySettings userSettings, |
|
490 String permissionName, |
|
491 String targetName, |
|
492 String actionList) |
|
493 { |
|
494 PermissionBase securityPromptDetails = null; |
|
495 if (requestedPermission instanceof PermissionBase) |
|
496 { |
|
497 securityPromptDetails = (PermissionBase)requestedPermission; |
|
498 } |
|
499 else if (policyPermission instanceof PermissionBase) |
|
500 { |
|
501 try |
|
502 { |
|
503 securityPromptDetails = (PermissionBase)ClassInstantiator |
|
504 .newInstance(policyPermission.getClass().getName(), |
|
505 requestedPermission.getName(), |
|
506 requestedPermission.getActions()); |
|
507 } |
|
508 catch (InstantiationException e2) |
|
509 { |
|
510 // ignore it (no details) |
|
511 } |
|
512 } |
|
513 return new PolicyBasedPermissionImpl( |
|
514 permissionName, |
|
515 targetName, |
|
516 actionList, |
|
517 userSettings, |
|
518 securityPromptDetails); |
|
519 } |
|
520 |
|
521 private static Vector getPolicyPermissionInstances(Uid msUID, PolicyBasedPermission[] policyPermissions) |
|
522 { |
|
523 // try retrieving the policy permissions from cache |
|
524 Vector policyPermissionInstancesAndSettings = |
|
525 (Vector)policyPermissionInstances.get(msUID); |
|
526 if (policyPermissionInstancesAndSettings != null) |
|
527 { |
|
528 return policyPermissionInstancesAndSettings; |
|
529 } |
|
530 |
|
531 // if the policy permissions are not in cache, then build it |
|
532 // from policy permissions |
|
533 policyPermissionInstancesAndSettings = new Vector(); |
|
534 if (policyPermissions == null) |
|
535 { |
|
536 return null; |
|
537 } |
|
538 for (int i=0; i<policyPermissions.length; i++) |
|
539 { |
|
540 try |
|
541 { |
|
542 Object p = ClassInstantiator.newInstance( |
|
543 policyPermissions[i].getName(), |
|
544 policyPermissions[i].getTarget(), |
|
545 policyPermissions[i].getActionList()); |
|
546 policyPermissionInstancesAndSettings.addElement( |
|
547 new PermisionInstanceAndSettings(p, |
|
548 policyPermissions[i].getUserSecuritySettings())); |
|
549 } |
|
550 catch (InstantiationException e) |
|
551 { |
|
552 // This should not be leaked outside |
|
553 Logger.logError("getPolicyPermissionInstances failed: " + e.toString()); |
|
554 } |
|
555 } |
|
556 policyPermissionInstances.put(msUID, |
|
557 policyPermissionInstancesAndSettings); |
|
558 return policyPermissionInstancesAndSettings; |
|
559 } |
|
560 |
|
561 private static Vector getGrantedPermissionInstances(StorageSession aStorageSession, Uid msUID) |
|
562 { |
|
563 // try retrieving the policy permissions from cache |
|
564 Vector grantedPermissionInstancesAndSettings = |
|
565 (Vector)grantedPermissionInstances.get(msUID); |
|
566 if (grantedPermissionInstancesAndSettings != null) |
|
567 { |
|
568 return grantedPermissionInstancesAndSettings; |
|
569 } |
|
570 |
|
571 // if the granted permissions are not in cache, then retrieve them |
|
572 // from storage |
|
573 grantedPermissionInstancesAndSettings = new Vector(); |
|
574 SecurityStorage storage = new SecurityStorage(aStorageSession); |
|
575 Vector grantedPermissions = |
|
576 storage.readGrantedPermissions(msUID); |
|
577 if (grantedPermissions == null) |
|
578 { |
|
579 return null; |
|
580 } |
|
581 for (int i=0; i<grantedPermissions.size(); i++) |
|
582 { |
|
583 try |
|
584 { |
|
585 PolicyBasedPermission grantedPermission = |
|
586 (PolicyBasedPermission)grantedPermissions.elementAt(i); |
|
587 Object p = ClassInstantiator.newInstance( |
|
588 grantedPermission.getName(), |
|
589 grantedPermission.getTarget(), |
|
590 grantedPermission.getActionList()); |
|
591 grantedPermissionInstancesAndSettings.addElement( |
|
592 new PermisionInstanceAndSettings(p, |
|
593 grantedPermission.getUserSecuritySettings())); |
|
594 } |
|
595 catch (InstantiationException e) |
|
596 { |
|
597 // This should not be leaked outside |
|
598 } |
|
599 } |
|
600 grantedPermissionInstances.put(msUID, |
|
601 grantedPermissionInstancesAndSettings); |
|
602 return grantedPermissionInstancesAndSettings; |
|
603 } |
|
604 |
|
605 private static boolean identicalSettings( |
|
606 Vector permissions) |
|
607 { |
|
608 UserSecuritySettings settings = ((PolicyBasedPermission)permissions |
|
609 .elementAt(0)).getUserSecuritySettings(); |
|
610 for (int i=1; i<permissions.size(); i++) |
|
611 { |
|
612 PolicyBasedPermission p = (PolicyBasedPermission)permissions |
|
613 .elementAt(i); |
|
614 if ((settings == null |
|
615 && p.getUserSecuritySettings() != null) |
|
616 || !settings.equals(p.getUserSecuritySettings())) |
|
617 { |
|
618 return false; |
|
619 } |
|
620 } |
|
621 return true; |
|
622 } |
|
623 |
|
624 // if requested permission is a legacy one, then handle the wildcards: |
|
625 // - if the name is null -> grant all the permissions from the policy |
|
626 // - if name is not null -> then grant the permissions from policy with the same name |
|
627 // - if target is null -> take the target from the policy permission, otherwise take the target of the requested permission |
|
628 // - if actionList is null -> take the actionList from the policy permission, otherwise take the actionList of the requested |
|
629 // permission if it matches the actionList from the policy |
|
630 private static Vector resolveLegacyPermission(PermissionAttribute legacyPermission, PolicyBasedPermission[] policyPermissions) |
|
631 { |
|
632 if (policyPermissions == null) |
|
633 { |
|
634 return null; |
|
635 } |
|
636 |
|
637 Vector resolvedPermissions = new Vector(); |
|
638 if (legacyPermission.getName() == null) |
|
639 { |
|
640 if (policyPermissions == null) |
|
641 { |
|
642 return null; |
|
643 } |
|
644 resolvedPermissions = new Vector(); |
|
645 for (int i=0; i<policyPermissions.length; i++) |
|
646 { |
|
647 resolvedPermissions.addElement( |
|
648 new PolicyBasedPermissionImpl( |
|
649 policyPermissions[i].getName(), |
|
650 policyPermissions[i].getTarget(), |
|
651 policyPermissions[i].getActionList(), |
|
652 policyPermissions[i].getUserSecuritySettings())); |
|
653 } |
|
654 } |
|
655 else |
|
656 { |
|
657 // return permissions from policy with same name |
|
658 for (int i=0; i<policyPermissions.length; i++) |
|
659 { |
|
660 if (legacyPermission.getName().equals( |
|
661 policyPermissions[i].getName())) |
|
662 { |
|
663 // choose the target: if the target does not include wildcards, |
|
664 // then there must be an exact match between the requested |
|
665 // permission and the policy permission |
|
666 String target = legacyPermission.getTarget(); |
|
667 if (target != null |
|
668 && target.indexOf("*") == -1 |
|
669 && !target.equals(policyPermissions[i].getTarget())) |
|
670 { |
|
671 continue; |
|
672 } |
|
673 // choose the action |
|
674 String actionList = legacyPermission.getActionList(); |
|
675 if (actionList == null) |
|
676 { |
|
677 resolvedPermissions.addElement( |
|
678 new PolicyBasedPermissionImpl( |
|
679 policyPermissions[i].getName(), |
|
680 policyPermissions[i].getTarget(), |
|
681 policyPermissions[i].getActionList(), |
|
682 policyPermissions[i].getUserSecuritySettings())); |
|
683 } |
|
684 else |
|
685 { |
|
686 if (PermissionBase.matchActions(actionList, |
|
687 policyPermissions[i].getActionList())) |
|
688 { |
|
689 resolvedPermissions.addElement( |
|
690 new PolicyBasedPermissionImpl( |
|
691 policyPermissions[i].getName(), |
|
692 policyPermissions[i].getTarget(), |
|
693 actionList, |
|
694 policyPermissions[i].getUserSecuritySettings())); |
|
695 } |
|
696 } |
|
697 } |
|
698 } |
|
699 } |
|
700 return resolvedPermissions; |
|
701 } |
|
702 |
|
703 private static class PermisionInstanceAndSettings |
|
704 { |
|
705 private Object permissionObject; |
|
706 private UserSecuritySettings settings; |
|
707 |
|
708 public PermisionInstanceAndSettings(Object permissionObject, UserSecuritySettings settings) |
|
709 { |
|
710 this.permissionObject = permissionObject; |
|
711 this.settings = settings; |
|
712 } |
|
713 |
|
714 public Object getPermissionInstance() |
|
715 { |
|
716 return permissionObject; |
|
717 } |
|
718 |
|
719 public UserSecuritySettings getSettings() |
|
720 { |
|
721 return settings; |
|
722 } |
|
723 } |
|
724 } |