001/** 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017package org.apache.activemq.security; 018 019import org.apache.activemq.filter.DestinationMapEntry; 020 021import java.util.Collections; 022import java.util.HashSet; 023import java.util.Set; 024import java.util.StringTokenizer; 025 026/** 027 * Represents an entry in a {@link DefaultAuthorizationMap} for assigning 028 * different operations (read, write, admin) of user roles to a specific 029 * destination or a hierarchical wildcard area of destinations. 030 */ 031@SuppressWarnings("rawtypes") 032public class AuthorizationEntry extends DestinationMapEntry { 033 034 private Set<Object> readACLs = emptySet(); 035 private Set<Object> writeACLs = emptySet(); 036 private Set<Object> adminACLs = emptySet(); 037 038 protected String adminRoles; 039 protected String readRoles; 040 protected String writeRoles; 041 042 private String groupClass; 043 044 public String getGroupClass() { 045 return groupClass; 046 } 047 048 @SuppressWarnings("unchecked") 049 private Set<Object> emptySet() { 050 return Collections.EMPTY_SET; 051 } 052 053 public void setGroupClass(String groupClass) { 054 this.groupClass = groupClass; 055 } 056 057 public Set<Object> getAdminACLs() { 058 return adminACLs; 059 } 060 061 public void setAdminACLs(Set<Object> adminACLs) { 062 this.adminACLs = adminACLs; 063 } 064 065 public Set<Object> getReadACLs() { 066 return readACLs; 067 } 068 069 public void setReadACLs(Set<Object> readACLs) { 070 this.readACLs = readACLs; 071 } 072 073 public Set<Object> getWriteACLs() { 074 return writeACLs; 075 } 076 077 public void setWriteACLs(Set<Object> writeACLs) { 078 this.writeACLs = writeACLs; 079 } 080 081 // helper methods for easier configuration in Spring 082 // ACLs are already set in the afterPropertiesSet method to ensure that 083 // groupClass is set first before 084 // calling parceACLs() on any of the roles. We still need to add the call to 085 // parceACLs inside the helper 086 // methods for instances where we configure security programatically without 087 // using xbean 088 // ------------------------------------------------------------------------- 089 public void setAdmin(String roles) throws Exception { 090 adminRoles = roles; 091 setAdminACLs(parseACLs(adminRoles)); 092 } 093 094 public void setRead(String roles) throws Exception { 095 readRoles = roles; 096 setReadACLs(parseACLs(readRoles)); 097 } 098 099 public void setWrite(String roles) throws Exception { 100 writeRoles = roles; 101 setWriteACLs(parseACLs(writeRoles)); 102 } 103 104 protected Set<Object> parseACLs(String roles) throws Exception { 105 Set<Object> answer = new HashSet<Object>(); 106 StringTokenizer iter = new StringTokenizer(roles, ","); 107 while (iter.hasMoreTokens()) { 108 String name = iter.nextToken().trim(); 109 String groupClass = (this.groupClass != null ? this.groupClass : DefaultAuthorizationMap.DEFAULT_GROUP_CLASS); 110 answer.add(DefaultAuthorizationMap.createGroupPrincipal(name, groupClass)); 111 } 112 return answer; 113 } 114 115 @Override 116 public boolean equals(Object o) { 117 if (this == o) return true; 118 if (!(o instanceof AuthorizationEntry)) return false; 119 120 AuthorizationEntry that = (AuthorizationEntry) o; 121 122 if (adminACLs != null ? !adminACLs.equals(that.adminACLs) : that.adminACLs != null) return false; 123 if (adminRoles != null ? !adminRoles.equals(that.adminRoles) : that.adminRoles != null) return false; 124 if (groupClass != null ? !groupClass.equals(that.groupClass) : that.groupClass != null) return false; 125 if (readACLs != null ? !readACLs.equals(that.readACLs) : that.readACLs != null) return false; 126 if (readRoles != null ? !readRoles.equals(that.readRoles) : that.readRoles != null) return false; 127 if (writeACLs != null ? !writeACLs.equals(that.writeACLs) : that.writeACLs != null) return false; 128 if (writeRoles != null ? !writeRoles.equals(that.writeRoles) : that.writeRoles != null) return false; 129 130 return true; 131 } 132 133 @Override 134 public int hashCode() { 135 int result = readACLs != null ? readACLs.hashCode() : 0; 136 result = 31 * result + (writeACLs != null ? writeACLs.hashCode() : 0); 137 result = 31 * result + (adminACLs != null ? adminACLs.hashCode() : 0); 138 result = 31 * result + (adminRoles != null ? adminRoles.hashCode() : 0); 139 result = 31 * result + (readRoles != null ? readRoles.hashCode() : 0); 140 result = 31 * result + (writeRoles != null ? writeRoles.hashCode() : 0); 141 result = 31 * result + (groupClass != null ? groupClass.hashCode() : 0); 142 return result; 143 } 144}