001 /* 002 * CDDL HEADER START 003 * 004 * The contents of this file are subject to the terms of the 005 * Common Development and Distribution License, Version 1.0 only 006 * (the "License"). You may not use this file except in compliance 007 * with the License. 008 * 009 * You can obtain a copy of the license at 010 * trunk/opends/resource/legal-notices/OpenDS.LICENSE 011 * or https://OpenDS.dev.java.net/OpenDS.LICENSE. 012 * See the License for the specific language governing permissions 013 * and limitations under the License. 014 * 015 * When distributing Covered Code, include this CDDL HEADER in each 016 * file and include the License file at 017 * trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable, 018 * add the following below this CDDL HEADER, with the fields enclosed 019 * by brackets "[]" replaced with your own identifying information: 020 * Portions Copyright [yyyy] [name of copyright owner] 021 * 022 * CDDL HEADER END 023 * 024 * 025 * Copyright 2008 Sun Microsystems, Inc. 026 */ 027 028 package org.opends.server.authorization.dseecompat; 029 import org.opends.messages.Message; 030 031 import static org.opends.messages.AccessControlMessages.*; 032 import static org.opends.server.authorization.dseecompat.Aci.*; 033 import java.util.regex.Pattern; 034 035 /** 036 * A class representing the permissions of an bind rule. The permissions 037 * of an ACI look like deny(search, write). 038 */ 039 public class Permission { 040 041 /* 042 * The access type (allow,deny) corresponding to the ACI permission value. 043 */ 044 private EnumAccessType accessType = null; 045 046 /* 047 * The rights (search, add, delete, ...) corresponding to the ACI rights 048 * value. 049 */ 050 private int rights; 051 052 /* 053 * Regular expression token representing the separator. 054 */ 055 private static final String separatorToken = ","; 056 057 /* 058 * Regular expression used to match the ACI rights string. 059 */ 060 private static final String rightsRegex = ZERO_OR_MORE_WHITESPACE + 061 WORD_GROUP + ZERO_OR_MORE_WHITESPACE + 062 "(," + ZERO_OR_MORE_WHITESPACE + WORD_GROUP + 063 ZERO_OR_MORE_WHITESPACE + ")*"; 064 065 /** 066 * Constructor creating a class representing a permission part of an bind 067 * rule. 068 * @param accessType A string representing access type. 069 * @param rights A string representing the rights. 070 * @throws AciException If the access type string or rights string 071 * is invalid. 072 */ 073 private Permission(String accessType, String rights) 074 throws AciException { 075 if ((this.accessType = 076 EnumAccessType.decode(accessType)) == null){ 077 Message message = 078 WARN_ACI_SYNTAX_INVALID_ACCESS_TYPE_VERSION.get(accessType); 079 throw new AciException(message); 080 } 081 if (!Pattern.matches(rightsRegex, rights)){ 082 Message message = WARN_ACI_SYNTAX_INVALID_RIGHTS_SYNTAX.get(rights); 083 throw new AciException(message); 084 } 085 else { 086 Pattern separatorPattern = Pattern.compile(separatorToken); 087 String[] rightsStr = 088 separatorPattern.split(rights.replaceAll("\\s", "")); 089 for (String r : rightsStr) { 090 EnumRight right = EnumRight.decode(r); 091 if (right != null) 092 this.rights|= EnumRight.getMask(right); 093 else { 094 Message message = 095 WARN_ACI_SYNTAX_INVALID_RIGHTS_KEYWORD.get(rights); 096 throw new AciException(message); 097 } 098 } 099 } 100 } 101 102 /** 103 * Decode an string representation of bind rule permission into a Permission 104 * class. 105 * @param accessType A string representing the access type. 106 * @param rights A string representing the rights. 107 * @return A Permission class representing the permissions of the bind 108 * rule. 109 * @throws AciException If the accesstype or rights strings are invalid. 110 */ 111 public static 112 Permission decode (String accessType, String rights) 113 throws AciException { 114 return new Permission(accessType, rights); 115 } 116 117 /** 118 * Checks if a given access type enumeration is equal to this classes 119 * access type. 120 * @param accessType An enumeration representing an access type. 121 * @return True if the access types are equal. 122 */ 123 public boolean hasAccessType(EnumAccessType accessType) { 124 return this.accessType == accessType; 125 } 126 127 /** 128 * Checks if the permission's rights has the specified rights. 129 * @param rights The rights to check for. 130 * @return True if the permission's rights has the specified rights. 131 */ 132 public boolean hasRights(int rights) { 133 return (this.rights & rights) != 0; 134 } 135 }