001/** 002 * Licensed to the Apache Software Foundation (ASF) under one or more 003 * contributor license agreements. See the NOTICE file distributed with 004 * this work for additional information regarding copyright ownership. 005 * The ASF licenses this file to You under the Apache License, Version 2.0 006 * (the "License"); you may not use this file except in compliance with 007 * the License. You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017package org.apache.activemq.security; 018 019import org.apache.activemq.filter.DestinationMapEntry; 020 021import java.util.Collections; 022import java.util.HashSet; 023import java.util.Set; 024import java.util.StringTokenizer; 025 026/** 027 * Represents an entry in a {@link DefaultAuthorizationMap} for assigning 028 * different operations (read, write, admin) of user roles to a specific 029 * destination or a hierarchical wildcard area of destinations. 030 */ 031@SuppressWarnings("rawtypes") 032public class AuthorizationEntry extends DestinationMapEntry { 033 034 private Set<Object> readACLs = emptySet(); 035 private Set<Object> writeACLs = emptySet(); 036 private Set<Object> adminACLs = emptySet(); 037 038 protected String adminRoles; 039 protected String readRoles; 040 protected String writeRoles; 041 042 private String groupClass; 043 044 public String getGroupClass() { 045 return groupClass; 046 } 047 048 @SuppressWarnings("unchecked") 049 private Set<Object> emptySet() { 050 return Collections.EMPTY_SET; 051 } 052 053 public void setGroupClass(String groupClass) { 054 this.groupClass = groupClass; 055 } 056 057 public Set<Object> getAdminACLs() { 058 return adminACLs; 059 } 060 061 public void setAdminACLs(Set<Object> adminACLs) { 062 this.adminACLs = adminACLs; 063 } 064 065 public Set<Object> getReadACLs() { 066 return readACLs; 067 } 068 069 public void setReadACLs(Set<Object> readACLs) { 070 this.readACLs = readACLs; 071 } 072 073 public Set<Object> getWriteACLs() { 074 return writeACLs; 075 } 076 077 public void setWriteACLs(Set<Object> writeACLs) { 078 this.writeACLs = writeACLs; 079 } 080 081 // helper methods for easier configuration in Spring 082 // ACLs are already set in the afterPropertiesSet method to ensure that 083 // groupClass is set first before 084 // calling parceACLs() on any of the roles. We still need to add the call to 085 // parceACLs inside the helper 086 // methods for instances where we configure security programatically without 087 // using xbean 088 // ------------------------------------------------------------------------- 089 public void setAdmin(String roles) throws Exception { 090 adminRoles = roles; 091 setAdminACLs(parseACLs(adminRoles)); 092 } 093 094 public void setRead(String roles) throws Exception { 095 readRoles = roles; 096 setReadACLs(parseACLs(readRoles)); 097 } 098 099 public void setWrite(String roles) throws Exception { 100 writeRoles = roles; 101 setWriteACLs(parseACLs(writeRoles)); 102 } 103 104 protected Set<Object> parseACLs(String roles) throws Exception { 105 Set<Object> answer = new HashSet<Object>(); 106 StringTokenizer iter = new StringTokenizer(roles, ","); 107 while (iter.hasMoreTokens()) { 108 String name = iter.nextToken().trim(); 109 String groupClass = (this.groupClass != null ? this.groupClass : DefaultAuthorizationMap.DEFAULT_GROUP_CLASS); 110 answer.add(DefaultAuthorizationMap.createGroupPrincipal(name, groupClass)); 111 } 112 return answer; 113 } 114}