001/**
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements.  See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License.  You may obtain a copy of the License at
008 *
009 *      http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017package org.apache.activemq.security;
018
019import java.util.HashSet;
020import java.util.Iterator;
021import java.util.List;
022import java.util.Set;
023
024import org.apache.activemq.command.ActiveMQDestination;
025import org.apache.activemq.filter.DestinationMap;
026import org.apache.activemq.filter.DestinationMapEntry;
027
028/**
029 * Represents a destination based configuration of policies so that individual
030 * destinations or wildcard hierarchies of destinations can be configured using
031 * different policies. Each entry in the map represents the authorization ACLs
032 * for each operation.
033 *
034 * @org.apache.xbean.XBean element="authorizationMap"
035 *
036 */
037public class DefaultAuthorizationMap extends DestinationMap implements AuthorizationMap {
038
039    private AuthorizationEntry defaultEntry;
040
041    private TempDestinationAuthorizationEntry tempDestinationAuthorizationEntry;
042
043    public DefaultAuthorizationMap() {
044    }
045
046    @SuppressWarnings("rawtypes")
047    public DefaultAuthorizationMap(List<DestinationMapEntry> authorizationEntries) {
048        setAuthorizationEntries(authorizationEntries);
049
050    }
051
052    public void setTempDestinationAuthorizationEntry(TempDestinationAuthorizationEntry tempDestinationAuthorizationEntry) {
053        this.tempDestinationAuthorizationEntry = tempDestinationAuthorizationEntry;
054    }
055
056    public TempDestinationAuthorizationEntry getTempDestinationAuthorizationEntry() {
057        return this.tempDestinationAuthorizationEntry;
058    }
059
060    public Set<Object> getTempDestinationAdminACLs() {
061        if (tempDestinationAuthorizationEntry != null) {
062            return tempDestinationAuthorizationEntry.getAdminACLs();
063        } else {
064            return null;
065        }
066    }
067
068    public Set<Object> getTempDestinationReadACLs() {
069        if (tempDestinationAuthorizationEntry != null) {
070            return tempDestinationAuthorizationEntry.getReadACLs();
071        } else {
072            return null;
073        }
074    }
075
076    public Set<Object> getTempDestinationWriteACLs() {
077        if (tempDestinationAuthorizationEntry != null) {
078            return tempDestinationAuthorizationEntry.getWriteACLs();
079        } else {
080            return null;
081        }
082    }
083
084    public Set<Object> getAdminACLs(ActiveMQDestination destination) {
085        Set<AuthorizationEntry> entries = getAllEntries(destination);
086        Set<Object> answer = new HashSet<Object>();
087        // now lets go through each entry adding individual
088        for (Iterator<AuthorizationEntry> iter = entries.iterator(); iter.hasNext();) {
089            AuthorizationEntry entry = iter.next();
090            answer.addAll(entry.getAdminACLs());
091        }
092        return answer;
093    }
094
095    public Set<Object> getReadACLs(ActiveMQDestination destination) {
096        Set<AuthorizationEntry> entries = getAllEntries(destination);
097        Set<Object> answer = new HashSet<Object>();
098
099        // now lets go through each entry adding individual
100        for (Iterator<AuthorizationEntry> iter = entries.iterator(); iter.hasNext();) {
101            AuthorizationEntry entry = iter.next();
102            answer.addAll(entry.getReadACLs());
103        }
104        return answer;
105    }
106
107    public Set<Object> getWriteACLs(ActiveMQDestination destination) {
108        Set<AuthorizationEntry> entries = getAllEntries(destination);
109        Set<Object> answer = new HashSet<Object>();
110
111        // now lets go through each entry adding individual
112        for (Iterator<AuthorizationEntry> iter = entries.iterator(); iter.hasNext();) {
113            AuthorizationEntry entry = iter.next();
114            answer.addAll(entry.getWriteACLs());
115        }
116        return answer;
117    }
118
119    public AuthorizationEntry getEntryFor(ActiveMQDestination destination) {
120        AuthorizationEntry answer = (AuthorizationEntry)chooseValue(destination);
121        if (answer == null) {
122            answer = getDefaultEntry();
123        }
124        return answer;
125    }
126
127
128    /**
129     * Looks up the value(s) matching the given Destination key. For simple
130     * destinations this is typically a List of one single value, for wildcards
131     * or composite destinations this will typically be a Union of matching
132     * values.
133     *
134     * @param key the destination to lookup
135     * @return a Union of matching values or an empty list if there are no
136     *         matching values.
137     */
138    @Override
139    @SuppressWarnings({ "rawtypes", "unchecked" })
140    public synchronized Set get(ActiveMQDestination key) {
141        if (key.isComposite()) {
142            ActiveMQDestination[] destinations = key.getCompositeDestinations();
143            Set answer = null;
144            for (int i = 0; i < destinations.length; i++) {
145                ActiveMQDestination childDestination = destinations[i];
146                answer = union(answer, get(childDestination));
147                if (answer == null  || answer.isEmpty()) {
148                    break;
149                }
150            }
151            return answer;
152        }
153        return findWildcardMatches(key);
154    }
155
156
157    /**
158     * Sets the individual entries on the authorization map
159     *
160     * @org.apache.xbean.ElementType class="org.apache.activemq.security.AuthorizationEntry"
161     */
162    @SuppressWarnings("rawtypes")
163    public void setAuthorizationEntries(List<DestinationMapEntry> entries) {
164        super.setEntries(entries);
165    }
166
167    public AuthorizationEntry getDefaultEntry() {
168        return defaultEntry;
169    }
170
171    public void setDefaultEntry(AuthorizationEntry defaultEntry) {
172        this.defaultEntry = defaultEntry;
173    }
174
175    @SuppressWarnings("rawtypes")
176    protected Class<? extends DestinationMapEntry> getEntryClass() {
177        return AuthorizationEntry.class;
178    }
179
180    @SuppressWarnings("unchecked")
181    protected Set<AuthorizationEntry> getAllEntries(ActiveMQDestination destination) {
182        Set<AuthorizationEntry> entries = get(destination);
183        if (defaultEntry != null) {
184            entries.add(defaultEntry);
185        }
186        return entries;
187    }
188
189}