org.apache.karaf.management.tools

Class ACLConfigurationParser

java.lang.Object

org.apache.karaf.management.tools.ACLConfigurationParser

public class ACLConfigurationParser
extends Object

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	ACLConfigurationParser.Specificity

Constructor Summary

Constructors

Constructor and Description
ACLConfigurationParser()

Method Summary

Methods

Modifier and Type	Method and Description
static ACLConfigurationParser.Specificity	getRolesForInvocation(String methodName, Object[] params, String[] signature, Dictionary<String,Object> config, List<String> addToRoles) Returns the roles that can invoke the given operation.
static List<String>	parseRoles(String roleStr)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ACLConfigurationParser

public ACLConfigurationParser()

Method Detail

getRolesForInvocation

public static ACLConfigurationParser.Specificity getRolesForInvocation(String methodName,
                                                       Object[] params,
                                                       String[] signature,
                                                       Dictionary<String,Object> config,
                                                       List<String> addToRoles)

Returns the roles that can invoke the given operation. This is determined by matching the operation details against configuration provided.

The following configuration is supported. Keys are used to match an invocation against. The value can contain a comma-separated list of roles. Spaces are ignored for the role values. Note that comments are allowed in the value field after the hash # character:

     myMethod = role1, role2
     methodName(int)[/17/] = role1                    # regex match, assume it's surrounded by ^ and $
     methodName(int)[/[01]8/] = role2
     methodName(int)["19"] = role3                    # exact value match
     methodName(int) = role4                          # signature match
     methodName(java.lang.String, int) = role5        # signature match
     methodName =                                     # no roles can invoke this command
     method* = role6                                  # name prefix/wildcard match. The asterisk must appear at the end.
     
 

The following algorithm is used to find matching roles:

1. Find all regex and exact value matches. For all parameters these matches are found by calling toString() on the parameters passed in. If there are multiple matches in this category all the matching roles are collected. If any is found return these roles.
2. Find a signature match. If found return the associated roles.
3. Find a method name match. If found return the associated roles.
4. Find a method name prefix/wildcard match. If more than one prefix match, the roles associated with the longest prefix is used. So for example, if there are rules for get* and * only the roles associated with get* are returned.
5. If none of the above criteria match, this method returns null.

Parameters:

methodName - the method name to be invoked.

params - the parameters provided for the invocation. May be null for cases there the parameters are not yet known. In this case the roles that can potentially invoke the method are returned, although based on parameter values the actual invocation may still be denied.

signature - the signature of the method specified as an array of class name. For simple types, the simple type name is used (e.g. "int").

config - the configuration to check against.

addToRoles - the list of roles (which may be empty) if a matching configuration iteam has been found.

Returns:

the specificity

parseRoles

public static List<String> parseRoles(String roleStr)