001 /** 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017 package org.apache.activemq.security; 018 019 import java.util.HashSet; 020 import java.util.Iterator; 021 import java.util.List; 022 import java.util.Set; 023 024 import org.apache.activemq.command.ActiveMQDestination; 025 import org.apache.activemq.filter.DestinationMap; 026 import org.apache.activemq.filter.DestinationMapEntry; 027 028 /** 029 * Represents a destination based configuration of policies so that individual 030 * destinations or wildcard hierarchies of destinations can be configured using 031 * different policies. Each entry in the map represents the authorization ACLs 032 * for each operation. 033 * 034 * @org.apache.xbean.XBean element="authorizationMap" 035 * 036 */ 037 public class DefaultAuthorizationMap extends DestinationMap implements AuthorizationMap { 038 039 private AuthorizationEntry defaultEntry; 040 041 private TempDestinationAuthorizationEntry tempDestinationAuthorizationEntry; 042 043 public DefaultAuthorizationMap() { 044 } 045 046 @SuppressWarnings("rawtypes") 047 public DefaultAuthorizationMap(List<DestinationMapEntry> authorizationEntries) { 048 setAuthorizationEntries(authorizationEntries); 049 050 } 051 052 public void setTempDestinationAuthorizationEntry(TempDestinationAuthorizationEntry tempDestinationAuthorizationEntry) { 053 this.tempDestinationAuthorizationEntry = tempDestinationAuthorizationEntry; 054 } 055 056 public TempDestinationAuthorizationEntry getTempDestinationAuthorizationEntry() { 057 return this.tempDestinationAuthorizationEntry; 058 } 059 060 public Set<Object> getTempDestinationAdminACLs() { 061 if (tempDestinationAuthorizationEntry != null) { 062 return tempDestinationAuthorizationEntry.getAdminACLs(); 063 } else { 064 return null; 065 } 066 } 067 068 public Set<Object> getTempDestinationReadACLs() { 069 if (tempDestinationAuthorizationEntry != null) { 070 return tempDestinationAuthorizationEntry.getReadACLs(); 071 } else { 072 return null; 073 } 074 } 075 076 public Set<Object> getTempDestinationWriteACLs() { 077 if (tempDestinationAuthorizationEntry != null) { 078 return tempDestinationAuthorizationEntry.getWriteACLs(); 079 } else { 080 return null; 081 } 082 } 083 084 public Set<Object> getAdminACLs(ActiveMQDestination destination) { 085 Set<AuthorizationEntry> entries = getAllEntries(destination); 086 Set<Object> answer = new HashSet<Object>(); 087 // now lets go through each entry adding individual 088 for (Iterator<AuthorizationEntry> iter = entries.iterator(); iter.hasNext();) { 089 AuthorizationEntry entry = iter.next(); 090 answer.addAll(entry.getAdminACLs()); 091 } 092 return answer; 093 } 094 095 public Set<Object> getReadACLs(ActiveMQDestination destination) { 096 Set<AuthorizationEntry> entries = getAllEntries(destination); 097 Set<Object> answer = new HashSet<Object>(); 098 099 // now lets go through each entry adding individual 100 for (Iterator<AuthorizationEntry> iter = entries.iterator(); iter.hasNext();) { 101 AuthorizationEntry entry = iter.next(); 102 answer.addAll(entry.getReadACLs()); 103 } 104 return answer; 105 } 106 107 public Set<Object> getWriteACLs(ActiveMQDestination destination) { 108 Set<AuthorizationEntry> entries = getAllEntries(destination); 109 Set<Object> answer = new HashSet<Object>(); 110 111 // now lets go through each entry adding individual 112 for (Iterator<AuthorizationEntry> iter = entries.iterator(); iter.hasNext();) { 113 AuthorizationEntry entry = iter.next(); 114 answer.addAll(entry.getWriteACLs()); 115 } 116 return answer; 117 } 118 119 public AuthorizationEntry getEntryFor(ActiveMQDestination destination) { 120 AuthorizationEntry answer = (AuthorizationEntry)chooseValue(destination); 121 if (answer == null) { 122 answer = getDefaultEntry(); 123 } 124 return answer; 125 } 126 127 128 /** 129 * Looks up the value(s) matching the given Destination key. For simple 130 * destinations this is typically a List of one single value, for wildcards 131 * or composite destinations this will typically be a Union of matching 132 * values. 133 * 134 * @param key the destination to lookup 135 * @return a Union of matching values or an empty list if there are no 136 * matching values. 137 */ 138 @Override 139 @SuppressWarnings({ "rawtypes", "unchecked" }) 140 public synchronized Set get(ActiveMQDestination key) { 141 if (key.isComposite()) { 142 ActiveMQDestination[] destinations = key.getCompositeDestinations(); 143 Set answer = null; 144 for (int i = 0; i < destinations.length; i++) { 145 ActiveMQDestination childDestination = destinations[i]; 146 answer = union(answer, get(childDestination)); 147 if (answer == null || answer.isEmpty()) { 148 break; 149 } 150 } 151 return answer; 152 } 153 return findWildcardMatches(key); 154 } 155 156 157 /** 158 * Sets the individual entries on the authorization map 159 * 160 * @org.apache.xbean.ElementType class="org.apache.activemq.security.AuthorizationEntry" 161 */ 162 @SuppressWarnings("rawtypes") 163 public void setAuthorizationEntries(List<DestinationMapEntry> entries) { 164 super.setEntries(entries); 165 } 166 167 public AuthorizationEntry getDefaultEntry() { 168 return defaultEntry; 169 } 170 171 public void setDefaultEntry(AuthorizationEntry defaultEntry) { 172 this.defaultEntry = defaultEntry; 173 } 174 175 @SuppressWarnings("rawtypes") 176 protected Class<? extends DestinationMapEntry> getEntryClass() { 177 return AuthorizationEntry.class; 178 } 179 180 @SuppressWarnings("unchecked") 181 protected Set<AuthorizationEntry> getAllEntries(ActiveMQDestination destination) { 182 Set<AuthorizationEntry> entries = get(destination); 183 if (defaultEntry != null) { 184 entries.add(defaultEntry); 185 } 186 return entries; 187 } 188 189 }