Chinaunix首页 | 论坛 | 博客
  • 博客访问: 359392
  • 博文数量: 157
  • 博客积分: 3001
  • 博客等级: 中校
  • 技术积分: 1330
  • 用 户 组: 普通用户
  • 注册时间: 2008-11-06 13:47
文章分类

全部博文(157)

文章存档

2011年(1)

2010年(28)

2009年(124)

2008年(4)

我的朋友

分类: WINDOWS

2009-01-08 17:20:46

 
/*
 * $Header: /cvsroot/eclipse/org.eclipse.osgi/osgi/src/org/osgi/framework/AdminPermission.java,v 1.20 2005/08/16 13:49:27 hargrave Exp $
 *
 * Copyright (c) OSGi Alliance (2000, 2005). All Rights Reserved.
 * Copyright (c) 2005 IBM Corporation and others.
 *
 * This program and the accompanying materials are made available under the
 * terms of the Eclipse Public License v1.0 which accompanies this
 * distribution, and is available at .
 */
package org.osgi.framework;
import java.io.IOException;
import java.security.*;
import java.util.*;
import org.eclipse.osgi.framework.internal.core.AbstractBundle;
import org.eclipse.osgi.framework.internal.core.FilterImpl;
/**
 * Indicates the caller's authority to perform specific privileged
 * administrative operations on or to get sensitive information about a bundle.
 * The actions for this permission are:
 *
 *

 *  Action               Methods
 *  class                Bundle.loadClass
 *  execute              Bundle.start
 *                       Bundle.stop
 *                       StartLevel.setBundleStartLevel
 *  extensionLifecycle   BundleContext.installBundle for extension bundles
 *                       Bundle.update for extension bundles
 *                       Bundle.uninstall for extension bundles
 *  lifecycle            BundleContext.installBundle
 *                       Bundle.update
 *                       Bundle.uninstall
 *  listener             BundleContext.addBundleListener for SynchronousBundleListener
 *                       BundleContext.removeBundleListener for SynchronousBundleListener
 *  metadata             Bundle.getHeaders
 *                       Bundle.getLocation
 *  resolve              PackageAdmin.refreshPackages
 *                       PackageAdmin.resolveBundles
 *  resource             Bundle.getResource
 *                       Bundle.getResources
 *                       Bundle.getEntry
 *                       Bundle.getEntryPaths
 *                       Bundle.findEntries
 *                       Bundle resource/entry URL creation
 *  startlevel           StartLevel.setStartLevel
 *                       StartLevel.setInitialBundleStartLevel
 *

 *
 *


 * The special action "*" will represent all actions.
 *


 * The name of this permission is a filter expression. The filter gives access
 * to the following parameters:
 *


     *
  • signer - A Distinguished Name chain used to sign a bundle. Wildcards in
     * a DN are not matched according to the filter string rules, but according to
     * the rules defined for a DN chain.

  •  *
  • location - The location of a bundle.

  •  *
  • id - The bundle ID of the designated bundle.

  •  *
  • name - The symbolic name of a bundle.

  •  *

 *
 * @version $Revision: 1.20 $
 */
public final class AdminPermission extends BasicPermission {
 static final long serialVersionUID = 207051004521261705L;
 /**
  * The action string class (Value is "class").
  * @since 1.3
  */
 public final static String   CLASS    = "class";
 /**
  * The action string execute (Value is "execute").
  * @since 1.3
  */
 public final static String   EXECUTE    = "execute";
 /**
  * The action string extensionLifecycle (Value is
  * "extensionLifecycle").
  * @since 1.3
  */
 public final static String   EXTENSIONLIFECYCLE = "extensionLifecycle";
 /**
  * The action string lifecycle (Value is "lifecycle").
  * @since 1.3
  */
 public final static String   LIFECYCLE   = "lifecycle";
 /**
  * The action string listener (Value is "listener").
  * @since 1.3
  */
 public final static String   LISTENER   = "listener";
 /**
  * The action string metadata (Value is "metadata").
  * @since 1.3
  */
 public final static String   METADATA   = "metadata";
 /**
  * The action string resolve (Value is "resolve").
  * @since 1.3
  */
 public final static String   RESOLVE    = "resolve";
 /**
  * The action string resource (Value is "resource").
  * @since 1.3
  */
 public final static String   RESOURCE   = "resource";
 /**
  * The action string startlevel (Value is "startlevel").
  * @since 1.3
  */
 public final static String   STARTLEVEL   = "startlevel";
    private final static int ACTION_CLASS    = 0x00000001;
    private final static int ACTION_EXECUTE    = 0x00000002;
    private final static int ACTION_LIFECYCLE   = 0x00000004;
    private final static int ACTION_LISTENER   = 0x00000008;
    private final static int ACTION_METADATA   = 0x00000010;
    private final static int ACTION_RESOLVE    = 0x00000040;
    private final static int ACTION_RESOURCE   = 0x00000080;
    private final static int ACTION_STARTLEVEL   = 0x00000100;
 private final static int ACTION_EXTENSIONLIFECYCLE = 0x00000200;
    private final static int ACTION_ALL =
  ACTION_CLASS     |
  ACTION_EXECUTE     |
  ACTION_LIFECYCLE    |
  ACTION_LISTENER    |
     ACTION_METADATA    |
  ACTION_RESOLVE     |
  ACTION_RESOURCE    |
  ACTION_STARTLEVEL   |
  ACTION_EXTENSIONLIFECYCLE;
    private final static int ACTION_NONE = 0;
 
 /**
  * Indicates that this AdminPermission refers to all bundles
  * @serial
  */
 private boolean wildcard;
 
 /**
  * An x.500 distinguished name used to match a bundle's signature - only used if
  * wildcard is false and bundle = null
  * @serial
  */
 private String filter;
    /**
     * The actions in canonical form.
     *
     * @serial
     */
    private String actions = null;
    /**
     * The actions mask.
     */
 private transient int action_mask = ACTION_NONE;
 /**
  * The bundle governed by this AdminPermission - only used if
  * wildcard is false and filter == null
  */
 private transient Bundle bundle;
    /**
     * If this AdminPermission was constructed with a bundle, this dictionary holds
     * the properties of that bundle, used to match a filter in implies.
     * This is not initialized until necessary, and then cached in this object.
     */
    private transient Dictionary bundleProperties;
   
    /**
     * If this AdminPermission was constructed with a filter, this dictionary holds
     * a Filter matching object used to evaluate the filter in implies.
     * This is not initialized until necessary, and then cached in this object
     */
    private transient Filter filterImpl;
   
 /**
  * Creates a new AdminPermission object that matches all
  * bundles and has all actions. Equivalent to AdminPermission("*","*");
  */
 public AdminPermission() {
  this("*",AdminPermission.ACTION_ALL); //$NON-NLS-1$
 }
 /**
  * Create a new AdminPermission.
  *
  * This constructor must only be used to create a permission that is going
  * to be checked.
  *


  * Examples:
  *
  *


  * (signer=\*,o=ACME,c=US)  
  * (&(signer=\*,o=ACME,c=US)(name=com.acme.*)(location=*))
  * (id>=1)
  *

  *
  *


  * When a signer key is used within the filter expression the signer value
  * must escape the special filter chars ('*', '(', ')').
  *


  * Null arguments are equivalent to "*".
  *
  * @param filter A filter expression that can use signer, location, id, and
  *        name keys. A value of "*" or null matches
  *        all bundle.
  * @param actions class, execute,
  *        extensionLifecycle, lifecycle,
  *        listener, metadata,
  *        resolve, resource, or
  *        startlevel. A value of "*" or null
  *        indicates all actions
  */
 public AdminPermission(String filter, String actions) {
     //arguments will be null if called from a PermissionInfo defined with
     //no args
     this(
       (filter == null ? "*" : filter), //$NON-NLS-1$
    getMask((actions == null ? "*" : actions)) //$NON-NLS-1$
    );
 }

 /**
  * Creates a new AdminPermission object to be used by the
  * code that must check a Permission object.
  *
  * @param bundle A bundle
  * @param actions class, execute,
  *        extensionLifecycle, lifecycle,
  *        listener, metadata,
  *        resolve, resource,
  *        startlevel
  * @since 1.3
  */
 public AdminPermission(Bundle bundle, String actions) {
  super(createName(bundle));
     this.bundle = bundle;
     this.wildcard = false;
     this.filter = null;
     this.action_mask = getMask(actions);
 }
 /**
  * Create a permission name from a Bundle
  *
  * @param bundle Bundle to use to create permission name.
  * @return permission name.
  */
 private static String createName(Bundle bundle) {
  StringBuffer sb = new StringBuffer();
  sb.append("(id=");
  sb.append(bundle.getBundleId());
  sb.append(")");
  return sb.toString();
 }
 /**
  * Determines the equality of two AdminPermission objects.
  *
  * @param obj The object being compared for equality with this object.
  * @return true if obj is equivalent to this
  *         AdminPermission; false otherwise.
  */
 public boolean equals(Object obj) {
        if (obj == this) {
         return true;
        }
       
        if (!(obj instanceof AdminPermission))
        {
            return false;
        }
       
        AdminPermission a = (AdminPermission) obj;
        return (action_mask == a.action_mask) &&
          (wildcard == a.wildcard) &&
          (bundle == null ? a.bundle == null : (a.bundle == null ? false : bundle.getBundleId() == a.bundle.getBundleId())) &&
    (filter == null ? a.filter == null : filter.equals(a.filter));
 }
 /**
  * Returns the hash code value for this object.
  *
  * @return Hash code value for this object.
  */
 public int hashCode() {
  return getName().hashCode() ^ getActions().hashCode();
 }
 /**
  * Returns the canonical string representation of the
  * AdminPermission actions.
  *
  *


  * Always returns present AdminPermission actions in the
  * following order: class, execute,
  * extensionLifecycle, lifecycle,
  * listener, metadata, resolve,
  * resource, startlevel.
  *
  * @return Canonical string representation of the
  *         AdminPermission actions.
  */
 public String getActions() {
  if (actions == null) {
   StringBuffer sb = new StringBuffer();
   
   if ((action_mask & ACTION_CLASS) == ACTION_CLASS) {
    sb.append(CLASS);
    sb.append(',');
   }

   if ((action_mask & ACTION_EXECUTE) == ACTION_EXECUTE) {
    sb.append(EXECUTE);
    sb.append(',');
   }
   if ((action_mask & ACTION_EXTENSIONLIFECYCLE) == ACTION_EXTENSIONLIFECYCLE) {
    sb.append(EXTENSIONLIFECYCLE);
    sb.append(',');
   }
   if ((action_mask & ACTION_LIFECYCLE) == ACTION_LIFECYCLE) {
    sb.append(LIFECYCLE);
    sb.append(',');
   }
   if ((action_mask & ACTION_LISTENER) == ACTION_LISTENER) {
    sb.append(LISTENER);
    sb.append(',');
   }
   
   if ((action_mask & ACTION_METADATA) == ACTION_METADATA) {
    sb.append(METADATA);
    sb.append(',');
   }
   if ((action_mask & ACTION_RESOLVE) == ACTION_RESOLVE) {
    sb.append(RESOLVE);
    sb.append(',');
   }
   if ((action_mask & ACTION_RESOURCE) == ACTION_RESOURCE) {
    sb.append(RESOURCE);
    sb.append(',');
   }
   if ((action_mask & ACTION_STARTLEVEL) == ACTION_STARTLEVEL) {
    sb.append(STARTLEVEL);
    sb.append(',');
   }
   //remove trailing comma
   if (sb.length() > 0) {
    sb.setLength(sb.length()-1);
   }
   
   actions = sb.toString();
  }
  return actions;
 }
 /**
  * Determines if the specified permission is implied by this object. This
  * method throws an exception if the specified permission was not
  * constructed with a bundle.
  *
  *


  * This method returns true if the specified permission is an
  * AdminPermission AND
  *


      *
  • this object's filter matches the specified permission's bundle ID,
      * bundle symbolic name, bundle location and bundle signer distinguished
      * name chain OR

  •   *
  • this object's filter is "*"

  •   *

  * AND this object's actions include all of the specified permission's
  * actions.
  *


  * Special case: if the specified permission was constructed with "*"
  * filter, then this method returns true if this object's
  * filter is "*" and this object's actions include all of the specified
  * permission's actions
  *
  * @param p The permission to interrogate.
  *
  * @return true if the specified permission is implied by
  *         this object; false otherwise.
  * @throws RuntimeException if specified permission was not constructed with
  *         a bundle or "*"
  */
 public boolean implies(Permission p) {
     if (!(p instanceof AdminPermission))
      return false;
     AdminPermission target = (AdminPermission)p;
     //check actions first - much faster
     if ((action_mask & target.action_mask)!=target.action_mask)
      return false;
     //if passed in a filter, puke
     if (target.filter != null)
      throw new RuntimeException("Cannot imply a filter"); //$NON-NLS-1$
     //special case - only wildcard implies wildcard
     if (target.wildcard)
      return wildcard;

     //check our name
     if (filter != null) {
      //it's a filter
      Filter filterImpl = getFilterImpl();
   return filterImpl != null && filterImpl.match(target.getProperties());
     } else if (wildcard) {
      //it's "*"
      return true;
     } else {
      //it's a bundle id
      return bundle.equals(target.bundle);
     }
 }
 /**
  * Returns a new PermissionCollection object suitable for
  * storing AdminPermissions.
  *
  * @return A new PermissionCollection object.
  */
 public PermissionCollection newPermissionCollection() {
        return(new AdminPermissionCollection());
 }
    /**
     * Package private constructor used by AdminPermissionCollection.
     *
     * @param filter name filter
     * @param action_mask mask
     */
    AdminPermission(String filter, int action_mask) {
     super(filter);
     
     //name must be either * or a filter
     if (filter.equals("*")) { //$NON-NLS-1$
      this.wildcard = true;
      this.filter = null;
     } else {
   this.wildcard = false;
   this.filter = filter;
     }
     this.bundle = null;
     this.action_mask = action_mask;
    }
    /**
     * Parse action string into action mask.
     *
     * @param actions Action string.
     * @return action mask.
     */
    private static int getMask(String actions) {
   
     boolean seencomma = false;
     int mask = ACTION_NONE;
     if (actions == null) {
      return mask;
     }
     char[] a = actions.toCharArray();
     int i = a.length - 1;
     if (i < 0)
      return mask;
     while (i != -1) {
      char c;
      // skip whitespace
      while ((i!=-1) && ((c = a[i]) == ' ' ||
        c == '\r' ||
     c == '\n' ||
     c == '\f' ||
     c == '\t'))
       i--;
      // check for the known strings
      int matchlen;
      if (i >= 4 &&
     (a[i-4] == 'c' || a[i-4] == 'C') &&
     (a[i-3] == 'l' || a[i-3] == 'L') &&
     (a[i-2] == 'a' || a[i-2] == 'A') &&
     (a[i-1] == 's' || a[i-1] == 'S') &&
       (a[i] == 's' ||   a[i] == 'S'))
   {
    matchlen = 5;
    mask |= ACTION_CLASS;
 
      } else if (i >= 6 &&
     (a[i-6] == 'e' || a[i-6] == 'E') &&
     (a[i-5] == 'x' || a[i-5] == 'X') &&
     (a[i-4] == 'e' || a[i-4] == 'E') &&
     (a[i-3] == 'c' || a[i-3] == 'C') &&
     (a[i-2] == 'u' || a[i-2] == 'U') &&
     (a[i-1] == 't' || a[i-1] == 'T') &&
       (a[i] == 'e' ||   a[i] == 'E'))
   {
    matchlen = 7;
    mask |= ACTION_EXECUTE;
    
   } else if (i >= 17 &&
     (a[i-17] == 'e' || a[i-17] == 'E') &&
     (a[i-16] == 'x' || a[i-16] == 'X') &&
     (a[i-15] == 't' || a[i-15] == 'T') &&
     (a[i-14] == 'e' || a[i-14] == 'E') &&
     (a[i-13] == 'n' || a[i-13] == 'N') &&
     (a[i-12] == 's' || a[i-12] == 'S') &&
     (a[i-11] == 'i' || a[i-11] == 'I') &&
     (a[i-10] == 'o' || a[i-10] == 'O') &&
     (a[i-9] == 'n' || a[i-9] == 'N') &&
     (a[i-8] == 'l' || a[i-8] == 'L') &&
     (a[i-7] == 'i' || a[i-7] == 'I') &&
     (a[i-6] == 'f' || a[i-6] == 'F') &&
     (a[i-5] == 'e' || a[i-5] == 'E') &&
     (a[i-4] == 'c' || a[i-4] == 'C') &&
     (a[i-3] == 'y' || a[i-3] == 'Y') &&
     (a[i-2] == 'c' || a[i-2] == 'C') &&
     (a[i-1] == 'l' || a[i-1] == 'L') &&
       (a[i] == 'e' ||   a[i] == 'E'))
      {
       matchlen = 18;
       mask |= ACTION_EXTENSIONLIFECYCLE;
      } else if (i >= 8 &&
     (a[i-8] == 'l' || a[i-8] == 'L') &&
     (a[i-7] == 'i' || a[i-7] == 'I') &&
     (a[i-6] == 'f' || a[i-6] == 'F') &&
     (a[i-5] == 'e' || a[i-5] == 'E') &&
     (a[i-4] == 'c' || a[i-4] == 'C') &&
     (a[i-3] == 'y' || a[i-3] == 'Y') &&
     (a[i-2] == 'c' || a[i-2] == 'C') &&
     (a[i-1] == 'l' || a[i-1] == 'L') &&
       (a[i] == 'e' ||   a[i] == 'E'))
   {
    matchlen = 9;
    mask |= ACTION_LIFECYCLE;
    
   } else if (i >= 7 &&
     (a[i-7] == 'l' || a[i-7] == 'L') &&
     (a[i-6] == 'i' || a[i-6] == 'I') &&
     (a[i-5] == 's' || a[i-5] == 'S') &&
     (a[i-4] == 't' || a[i-4] == 'T') &&
     (a[i-3] == 'e' || a[i-3] == 'E') &&
     (a[i-2] == 'n' || a[i-2] == 'N') &&
     (a[i-1] == 'e' || a[i-1] == 'E') &&
       (a[i] == 'r' ||   a[i] == 'R'))
   {
    matchlen = 8;
    mask |= ACTION_LISTENER;
   
   } else if (i >= 7 &&
        (a[i-7] == 'm' || a[i-7] == 'M') &&
                 (a[i-6] == 'e' || a[i-6] == 'E') &&
                 (a[i-5] == 't' || a[i-5] == 'T') &&
                 (a[i-4] == 'a' || a[i-4] == 'A') &&
                 (a[i-3] == 'd' || a[i-3] == 'D') &&
                 (a[i-2] == 'a' || a[i-2] == 'A') &&
     (a[i-1] == 't' || a[i-1] == 'T') &&
       (a[i] == 'a' ||   a[i] == 'A'))
      {
       matchlen = 8;
       mask |= ACTION_METADATA;
      } else if (i >= 6 &&
     (a[i-6] == 'r' || a[i-6] == 'R') &&
     (a[i-5] == 'e' || a[i-5] == 'E') &&
     (a[i-4] == 's' || a[i-4] == 'S') &&
     (a[i-3] == 'o' || a[i-3] == 'O') &&
     (a[i-2] == 'l' || a[i-2] == 'L') &&
     (a[i-1] == 'v' || a[i-1] == 'V') &&
       (a[i] == 'e' ||   a[i] == 'E'))
      {
       matchlen = 7;
       mask |= ACTION_RESOLVE;
       
      } else if (i >= 7 &&
         (a[i-7] == 'r' || a[i-7] == 'R') &&
      (a[i-6] == 'e' || a[i-6] == 'E') &&
      (a[i-5] == 's' || a[i-5] == 'S') &&
      (a[i-4] == 'o' || a[i-4] == 'O') &&
      (a[i-3] == 'u' || a[i-3] == 'U') &&
      (a[i-2] == 'r' || a[i-2] == 'R') &&
      (a[i-1] == 'c' || a[i-1] == 'C') &&
        (a[i] == 'e' ||   a[i] == 'E'))
   {
       matchlen = 8;
       mask |= ACTION_RESOURCE;
      } else if (i >= 9 &&
     (a[i-9] == 's' || a[i-9] == 'S') &&
     (a[i-8] == 't' || a[i-8] == 'T') &&
     (a[i-7] == 'a' || a[i-7] == 'A') &&
     (a[i-6] == 'r' || a[i-6] == 'R') &&
     (a[i-5] == 't' || a[i-5] == 'T') &&
     (a[i-4] == 'l' || a[i-4] == 'L') &&
     (a[i-3] == 'e' || a[i-3] == 'E') &&
     (a[i-2] == 'v' || a[i-2] == 'V') &&
     (a[i-1] == 'e' || a[i-1] == 'E') &&
       (a[i] == 'l' ||   a[i] == 'L'))
      {
       matchlen = 10;
       mask |= ACTION_STARTLEVEL;
      } else if (i >= 0 &&
     (a[i] == '*'))
      {
       matchlen = 1;
       mask |= ACTION_ALL;
   } else {
    // parse error
    throw new IllegalArgumentException(
      "invalid permission: " + actions); //$NON-NLS-1$
        }
        // make sure we didn't just match the tail of a word
        // like "ackbarfstartlevel".  Also, skip to the comma.
        seencomma = false;
        while (i >= matchlen && !seencomma) {
         switch(a[i-matchlen]) {
          case ',':
           seencomma = true;
           /*FALLTHROUGH*/
          case ' ': case '\r': case '\n':
          case '\f': case '\t':
           break;
          default:
           throw new IllegalArgumentException(
             "invalid permission: " + actions); //$NON-NLS-1$
         }
         i--;
        }
        // point i at the location of the comma minus one (or -1).
        i -= matchlen;
    }
    if (seencomma) {
        throw new IllegalArgumentException("invalid permission: " + //$NON-NLS-1$
                        actions);
    }
    return mask;
    }
    
    /**
     * Called by <@link AdminPermission#implies(Permission)> on an AdminPermission
     * which was constructed with a Bundle.  This method loads a dictionary with the
     * filter-matchable properties of this bundle.  The dictionary is cached so this lookup
     * only happens once.
     *
     * This method should only be called on an AdminPermission which was constructed with a
     * bundle
     *
     * @return a dictionary of properties for this bundle
     */
    private Dictionary getProperties() {
     if (bundleProperties == null) {
      bundleProperties = new Hashtable();
      AccessController.doPrivileged(new PrivilegedAction() {
    public Object run() {
        //set Id
        bundleProperties.put("id",new Long(bundle.getBundleId())); //$NON-NLS-1$
        
        //set location
        bundleProperties.put("location",bundle.getLocation()); //$NON-NLS-1$
        
        //set name
        if (bundle.getSymbolicName() != null)
         bundleProperties.put("name",bundle.getSymbolicName()); //$NON-NLS-1$
        
        //set signers
        bundleProperties.put("signer",new SignerWrapper(bundle)); //$NON-NLS-1$
        
        return null;
    }
   });
     }       
     return bundleProperties;
    }
    private static class SignerWrapper extends Object {
     private Bundle bundle;
     private String pattern;
     public SignerWrapper(String pattern) {
      this.pattern = pattern;       
     }
     SignerWrapper(Bundle bundle) {
      this.bundle = bundle;
     }
     
  public boolean equals(Object o) {
   if (!(o instanceof SignerWrapper))
    return false;
   SignerWrapper other = (SignerWrapper) o;
   AbstractBundle matchBundle = (AbstractBundle) (bundle != null ? bundle : other.bundle);
   String matchPattern = bundle != null ? other.pattern : pattern;
   return matchBundle.getBundleData().matchDNChain(matchPattern);
  }
    }
   
    /**
     * Called by <@link AdminPermission#implies(Permission)> on an AdminPermission
     * which was constructed with a filter.  This method loads a FilterImpl with the
     * filter specification of this AdminPermission.  The filter is cached so this work
     * only happens once.
     *
     * This method should only be called on an AdminPermission which was constructed with a
     * filter
     *
     * @return a filterImpl for this bundle
     */
    private Filter getFilterImpl() {
     if (filterImpl == null) {
      try {
       int pos = filter.indexOf("signer"); //$NON-NLS-1$
       if (pos != -1){
       
        //there may be a signer attribute
        StringBuffer filterBuf = new StringBuffer(filter);
        int numAsteriskFound = 0; //use as offset to replace in buffer
        
        int walkbackPos; //temp pos
        //find occurences of (signer= and escape out *'s
        while (pos != -1) {
         //walk back and look for '(' to see if this is an attr
         walkbackPos = pos-1;
         
         //consume whitespace
         while(walkbackPos >= 0 && Character.isWhitespace(filter.charAt(walkbackPos))) {
          walkbackPos--;
         }
         if (walkbackPos <0) {
          //filter is invalid - FilterImpl will throw error
          break;
         }
         
         //check to see if we have unescaped '('
         if (filter.charAt(walkbackPos) != '(' || (walkbackPos > 0 && filter.charAt(walkbackPos-1) == '\\')) {
          //'(' was escaped or not there
          pos = filter.indexOf("signer",pos+6); //$NON-NLS-1$
          continue;
         }         
         pos+=6; //skip over 'signer'
         //found signer - consume whitespace before '='
         while (Character.isWhitespace(filter.charAt(pos))) {
          pos++;
         }
         //look for '='
         if (filter.charAt(pos) != '=') {
          //attr was signerx - keep looking
          pos = filter.indexOf("signer",pos); //$NON-NLS-1$
          continue;
         }
         pos++; //skip over '='
         
         //found signer value - escape '*'s
         while (!(filter.charAt(pos) == ')' && filter.charAt(pos-1) != '\\')) {
          if (filter.charAt(pos) == '*') {
           filterBuf.insert(pos+numAsteriskFound,'\\');
           numAsteriskFound++;
          }
          pos++;
         }
         //end of signer value - look for more?
         pos = filter.indexOf("signer",pos); //$NON-NLS-1$
        } //end while (pos != -1)
        filter = filterBuf.toString();
       } //end if (pos != -1)
       filterImpl = new FilterImpl(filter);
   } catch (InvalidSyntaxException e) {
    //we will return null
   }
     }       
     return filterImpl;
    }
 /**
  * Returns the current action mask.
  *


  * Used by the AdminPermissionCollection class.
  *
  * @return Current action mask.
  */
 int getMask() {
  return action_mask;
 }

 private synchronized void writeObject(java.io.ObjectOutputStream s) throws IOException {
  // Write out the actions. The superclass takes care of the name
  // call getActions to make sure actions field is initialized
  if (actions == null)
   getActions();
  if (filter == null && !wildcard)
   throw new UnsupportedOperationException("cannot serialize"); //$NON-NLS-1$
  s.defaultWriteObject();
 }
 /**
  * readObject is called to restore the state of this permission from a
  * stream.
  */
 private synchronized void readObject(java.io.ObjectInputStream s) throws IOException, ClassNotFoundException {
  // Read in the action, then initialize the rest
  s.defaultReadObject();
  action_mask = getMask(actions);
 }
}
/**
 * Stores a collection of AdminPermissions.
 */
final class AdminPermissionCollection extends PermissionCollection
{
 private static final long serialVersionUID = 3906372644575328048L;
 /**
     * Collection of permissions.
     *
     * @serial
     */
 private Hashtable permissions;
    /**
     * Create an empty AdminPermissions object.
     *
     */
    public AdminPermissionCollection()
    {
        permissions = new Hashtable();       
    }
    /**
     * Adds a permission to the AdminPermission objects. The key for
     * the hashtable is the name
     *
     * @param permission The AdminPermission object to add.
     *
     * @exception IllegalArgumentException If the permission is not an
     * AdminPermission instance.
     *
     * @exception SecurityException If this AdminPermissionCollection
     * object has been marked read-only.
     */
    public void add(Permission permission)
    {
        if (! (permission instanceof AdminPermission))
            throw new IllegalArgumentException("invalid permission: "+ //$NON-NLS-1$
                                               permission);
        if (isReadOnly())
            throw new SecurityException("attempt to add a Permission to a " + //$NON-NLS-1$
                                        "readonly AdminCollection"); //$NON-NLS-1$
        AdminPermission ap = (AdminPermission) permission;
     AdminPermission existing = (AdminPermission) permissions.get(ap.getName());
     if (existing != null){
      int oldMask = existing.getMask();
      int newMask = ap.getMask();
       
      if (oldMask != newMask) {
       permissions.put(existing.getName(),
         new AdminPermission(existing.getName(), oldMask | newMask));
      }
     } else {
      permissions.put(ap.getName(), ap);
     }
    }

    /**
     * Determines if the specified permissions implies the permissions
     * expressed in permission.
     *
     * @param permission The Permission object to compare with the AdminPermission
     *  objects in this collection.
     *
     * @return true if permission is implied by an
     * AdminPermission in this collection, false otherwise.
     */
    public boolean implies(Permission permission)
    {
        if (!(permission instanceof AdminPermission))
            return(false);
        AdminPermission target = (AdminPermission) permission;
       
        //just iterate one by one
        Iterator permItr = permissions.values().iterator();
       
        while(permItr.hasNext())
         if (((AdminPermission)permItr.next()).implies(target))
          return true;
        return false;
    }
 
    /**
     * Returns an enumeration of all AdminPermission objects in the
     * container.
     *
     * @return Enumeration of all AdminPermission objects.
     */
    public Enumeration elements()
    {
        return(Collections.enumeration(permissions.values()));
    }
}
阅读(961) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~