package javasec.samples.ch05;
import java.security.*;
import java.util.*;
public class XYZPayrollPermission extends Permission {
protected int mask;
static private int VIEW = 0x01;
static private int UPDATE = 0x02;
public XYZPayrollPermission(String name) {
// Our permission must always have an action, so we
// choose a default one here.
this(name, "view");
}
public XYZPayrollPermission(String name, String action) {
// Our superclass, however, does not support actions
// so we don't provide one to that.
super(name);
parse(action);
}
private void parse(String action) {
// Look in the action string for the words view and
// update, separated by white space or by a comma
StringTokenizer st = new StringTokenizer(action, ",\t ");
mask = 0;
while (st.hasMoreTokens()) {
String tok = st.nextToken();
if (tok.equals("view"))
mask |= VIEW;
else if (tok.equals("update"))
mask |= UPDATE;
else throw new IllegalArgumentException(
"Unknown action " + tok);
}
}
public boolean implies(Permission permission) {
if (!(permission instanceof XYZPayrollPermission))
return false;
XYZPayrollPermission p = (XYZPayrollPermission) permission;
String name = getName();
// The name must be either the wildcard *, which signifies
// all possible names, or the name must match our name
if (!name.equals("*") && !name.equals(p.getName()))
return false;
// Similarly, the requested actions must all match actions
// that we've been constructed with.
if ((mask & p.mask) != p.mask)
return false;
// Only if both the action and name match do we return true.
return true;
}
public boolean equals(Object o) {
if (!(o instanceof XYZPayrollPermission))
return false;
// For equality, we check the name and action mask.
// We must provide a method definition like this, since
// the security system expects us to do a deep check for
// equality rather than relying on object reference
// equality.
XYZPayrollPermission p = (XYZPayrollPermission) o;
return ((p.getName().equals(getName())) && (p.mask == mask));
}
public int hashCode() {
// We must always provide a hash code for permissions,
// because the hashes must match if the permissions compare
// as equals. The default implementation of this method
// wouldn't provide that.
return getName().hashCode() ^ mask;
}
public String getActions() {
// This method must return the same string, no matter how
// the action list was passed to the constructor.
if (mask == 0)
return "";
else if (mask == VIEW)
return "view";
else if (mask == UPDATE)
return "update";
else if (mask == (VIEW | UPDATE))
return "view, update";
else throw new IllegalArgumentException("Unknown mask");
}
public PermissionCollection newPermissionsCollection() {
// More about this in a later example.
return new XYZPayrollPermissionCollection();
}
public static void main(String[] args) {
XYZPayrollPermission p1 = new XYZPayrollPermission("sdo", "view");
XYZPayrollPermission p2 = new XYZPayrollPermission(args[0], args[1]);
System.out.println("P1 is " + p1);
System.out.println("P2 is " + p2);
System.out.println("P1 -> P2 is " + p1.implies(p2));
System.out.println("P2 -> P1 is " + p2.implies(p1));
}
}
|