001    /**
002     * Licensed to the Apache Software Foundation (ASF) under one or more
003     * contributor license agreements.  See the NOTICE file distributed with
004     * this work for additional information regarding copyright ownership.
005     * The ASF licenses this file to You under the Apache License, Version 2.0
006     * (the "License"); you may not use this file except in compliance with
007     * the License.  You may obtain a copy of the License at
008     *
009     *      http://www.apache.org/licenses/LICENSE-2.0
010     *
011     * Unless required by applicable law or agreed to in writing, software
012     * distributed under the License is distributed on an "AS IS" BASIS,
013     * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014     * See the License for the specific language governing permissions and
015     * limitations under the License.
016     */
017    package org.apache.activemq.security;
018    
019    import java.util.HashSet;
020    import java.util.Iterator;
021    import java.util.List;
022    import java.util.Set;
023    
024    import org.apache.activemq.command.ActiveMQDestination;
025    import org.apache.activemq.filter.DestinationMap;
026    import org.apache.activemq.filter.DestinationMapEntry;
027    
028    /**
029     * Represents a destination based configuration of policies so that individual
030     * destinations or wildcard hierarchies of destinations can be configured using
031     * different policies. Each entry in the map represents the authorization ACLs
032     * for each operation.
033     *
034     * @org.apache.xbean.XBean element="authorizationMap"
035     *
036     */
037    public class DefaultAuthorizationMap extends DestinationMap implements AuthorizationMap {
038    
039        private AuthorizationEntry defaultEntry;
040    
041        private TempDestinationAuthorizationEntry tempDestinationAuthorizationEntry;
042    
043        public DefaultAuthorizationMap() {
044        }
045    
046        @SuppressWarnings("rawtypes")
047        public DefaultAuthorizationMap(List<DestinationMapEntry> authorizationEntries) {
048            setAuthorizationEntries(authorizationEntries);
049    
050        }
051    
052        public void setTempDestinationAuthorizationEntry(TempDestinationAuthorizationEntry tempDestinationAuthorizationEntry) {
053            this.tempDestinationAuthorizationEntry = tempDestinationAuthorizationEntry;
054        }
055    
056        public TempDestinationAuthorizationEntry getTempDestinationAuthorizationEntry() {
057            return this.tempDestinationAuthorizationEntry;
058        }
059    
060        public Set<Object> getTempDestinationAdminACLs() {
061            if (tempDestinationAuthorizationEntry != null) {
062                return tempDestinationAuthorizationEntry.getAdminACLs();
063            } else {
064                return null;
065            }
066        }
067    
068        public Set<Object> getTempDestinationReadACLs() {
069            if (tempDestinationAuthorizationEntry != null) {
070                return tempDestinationAuthorizationEntry.getReadACLs();
071            } else {
072                return null;
073            }
074        }
075    
076        public Set<Object> getTempDestinationWriteACLs() {
077            if (tempDestinationAuthorizationEntry != null) {
078                return tempDestinationAuthorizationEntry.getWriteACLs();
079            } else {
080                return null;
081            }
082        }
083    
084        public Set<Object> getAdminACLs(ActiveMQDestination destination) {
085            Set<AuthorizationEntry> entries = getAllEntries(destination);
086            Set<Object> answer = new HashSet<Object>();
087            // now lets go through each entry adding individual
088            for (Iterator<AuthorizationEntry> iter = entries.iterator(); iter.hasNext();) {
089                AuthorizationEntry entry = iter.next();
090                answer.addAll(entry.getAdminACLs());
091            }
092            return answer;
093        }
094    
095        public Set<Object> getReadACLs(ActiveMQDestination destination) {
096            Set<AuthorizationEntry> entries = getAllEntries(destination);
097            Set<Object> answer = new HashSet<Object>();
098    
099            // now lets go through each entry adding individual
100            for (Iterator<AuthorizationEntry> iter = entries.iterator(); iter.hasNext();) {
101                AuthorizationEntry entry = iter.next();
102                answer.addAll(entry.getReadACLs());
103            }
104            return answer;
105        }
106    
107        public Set<Object> getWriteACLs(ActiveMQDestination destination) {
108            Set<AuthorizationEntry> entries = getAllEntries(destination);
109            Set<Object> answer = new HashSet<Object>();
110    
111            // now lets go through each entry adding individual
112            for (Iterator<AuthorizationEntry> iter = entries.iterator(); iter.hasNext();) {
113                AuthorizationEntry entry = iter.next();
114                answer.addAll(entry.getWriteACLs());
115            }
116            return answer;
117        }
118    
119        public AuthorizationEntry getEntryFor(ActiveMQDestination destination) {
120            AuthorizationEntry answer = (AuthorizationEntry)chooseValue(destination);
121            if (answer == null) {
122                answer = getDefaultEntry();
123            }
124            return answer;
125        }
126    
127    
128        /**
129         * Looks up the value(s) matching the given Destination key. For simple
130         * destinations this is typically a List of one single value, for wildcards
131         * or composite destinations this will typically be a Union of matching
132         * values.
133         *
134         * @param key the destination to lookup
135         * @return a Union of matching values or an empty list if there are no
136         *         matching values.
137         */
138        @Override
139        @SuppressWarnings({ "rawtypes", "unchecked" })
140        public synchronized Set get(ActiveMQDestination key) {
141            if (key.isComposite()) {
142                ActiveMQDestination[] destinations = key.getCompositeDestinations();
143                Set answer = null;
144                for (int i = 0; i < destinations.length; i++) {
145                    ActiveMQDestination childDestination = destinations[i];
146                    answer = union(answer, get(childDestination));
147                    if (answer == null  || answer.isEmpty()) {
148                        break;
149                    }
150                }
151                return answer;
152            }
153            return findWildcardMatches(key);
154        }
155    
156    
157        /**
158         * Sets the individual entries on the authorization map
159         *
160         * @org.apache.xbean.ElementType class="org.apache.activemq.security.AuthorizationEntry"
161         */
162        @SuppressWarnings("rawtypes")
163        public void setAuthorizationEntries(List<DestinationMapEntry> entries) {
164            super.setEntries(entries);
165        }
166    
167        public AuthorizationEntry getDefaultEntry() {
168            return defaultEntry;
169        }
170    
171        public void setDefaultEntry(AuthorizationEntry defaultEntry) {
172            this.defaultEntry = defaultEntry;
173        }
174    
175        @SuppressWarnings("rawtypes")
176        protected Class<? extends DestinationMapEntry> getEntryClass() {
177            return AuthorizationEntry.class;
178        }
179    
180        @SuppressWarnings("unchecked")
181        protected Set<AuthorizationEntry> getAllEntries(ActiveMQDestination destination) {
182            Set<AuthorizationEntry> entries = get(destination);
183            if (defaultEntry != null) {
184                entries.add(defaultEntry);
185            }
186            return entries;
187        }
188    
189    }