|
Added
Link Here
|
| 1 |
/* |
| 2 |
* Copyright (c) OSGi Alliance (2010, 2011). All Rights Reserved. |
| 3 |
* |
| 4 |
* Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 |
* you may not use this file except in compliance with the License. |
| 6 |
* You may obtain a copy of the License at |
| 7 |
* |
| 8 |
* http://www.apache.org/licenses/LICENSE-2.0 |
| 9 |
* |
| 10 |
* Unless required by applicable law or agreed to in writing, software |
| 11 |
* distributed under the License is distributed on an "AS IS" BASIS, |
| 12 |
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 |
* See the License for the specific language governing permissions and |
| 14 |
* limitations under the License. |
| 15 |
*/ |
| 16 |
package org.osgi.framework; |
| 17 |
|
| 18 |
import java.io.IOException; |
| 19 |
import java.io.NotSerializableException; |
| 20 |
import java.io.ObjectInputStream; |
| 21 |
import java.io.ObjectOutputStream; |
| 22 |
import java.io.ObjectStreamField; |
| 23 |
import java.security.AccessController; |
| 24 |
import java.security.BasicPermission; |
| 25 |
import java.security.Permission; |
| 26 |
import java.security.PermissionCollection; |
| 27 |
import java.security.PrivilegedAction; |
| 28 |
import java.util.ArrayList; |
| 29 |
import java.util.Collection; |
| 30 |
import java.util.Collections; |
| 31 |
import java.util.Enumeration; |
| 32 |
import java.util.HashMap; |
| 33 |
import java.util.List; |
| 34 |
import java.util.Map; |
| 35 |
|
| 36 |
/** |
| 37 |
* A bundle's authority to adapt an object to a type. |
| 38 |
* |
| 39 |
* <p> |
| 40 |
* {@code AdaptPermission} has one action: {@code adapt}. |
| 41 |
* |
| 42 |
* @ThreadSafe |
| 43 |
* @version $Id: bc4c5d392d2534a7744f6fc00f4665502f82033c $ |
| 44 |
*/ |
| 45 |
public class AdaptPermission extends BasicPermission { |
| 46 |
|
| 47 |
private static final long serialVersionUID = 1L; |
| 48 |
|
| 49 |
/** |
| 50 |
* The action string {@code initiate}. |
| 51 |
*/ |
| 52 |
public final static String ADAPT = "adapt"; |
| 53 |
|
| 54 |
private final static int ACTION_ADAPT = 0x00000001; |
| 55 |
private final static int ACTION_ALL = ACTION_ADAPT; |
| 56 |
final static int ACTION_NONE = 0; |
| 57 |
|
| 58 |
/** |
| 59 |
* The actions mask. |
| 60 |
*/ |
| 61 |
transient int action_mask; |
| 62 |
|
| 63 |
/** |
| 64 |
* The actions in canonical form. |
| 65 |
* |
| 66 |
* @serial |
| 67 |
*/ |
| 68 |
private volatile String actions = null; |
| 69 |
|
| 70 |
/** |
| 71 |
* The bundle used by this AdaptPermission. |
| 72 |
*/ |
| 73 |
transient final Bundle bundle; |
| 74 |
|
| 75 |
/** |
| 76 |
* This holds a Filter matching object used to evaluate the filter in |
| 77 |
* implies. |
| 78 |
*/ |
| 79 |
transient Filter filter; |
| 80 |
|
| 81 |
/** |
| 82 |
* This map holds the properties of the permission, used to match a filter |
| 83 |
* in implies. This is not initialized until necessary, and then cached in |
| 84 |
* this object. |
| 85 |
*/ |
| 86 |
private transient volatile Map<String, Object> properties; |
| 87 |
|
| 88 |
/** |
| 89 |
* Creates a new granted {@code AdaptPermission} object. |
| 90 |
* |
| 91 |
* This constructor must only be used to create a permission that is going |
| 92 |
* to be checked. |
| 93 |
* <p> |
| 94 |
* Examples: |
| 95 |
* |
| 96 |
* <pre> |
| 97 |
* (adaptClass=com.acme.*) |
| 98 |
* (&(signer=\*,o=ACME,c=US)(adaptClass=com.acme.*)) |
| 99 |
* (signer=\*,o=ACME,c=US) |
| 100 |
* </pre> |
| 101 |
* |
| 102 |
* <p> |
| 103 |
* When a signer key is used within the filter expression the signer value |
| 104 |
* must escape the special filter chars ('*', '(', ')'). |
| 105 |
* <p> |
| 106 |
* The name is specified as a filter expression. The filter gives access to |
| 107 |
* the following attributes: |
| 108 |
* <ul> |
| 109 |
* <li>signer - A Distinguished Name chain used to sign the exporting |
| 110 |
* bundle. Wildcards in a DN are not matched according to the filter string |
| 111 |
* rules, but according to the rules defined for a DN chain.</li> |
| 112 |
* <li>location - The location of the exporting bundle.</li> |
| 113 |
* <li>id - The bundle ID of the exporting bundle.</li> |
| 114 |
* <li>name - The symbolic name of the exporting bundle.</li> |
| 115 |
* <li>adaptClass - The name of the type to which an object can be adapted.</li> |
| 116 |
* </ul> |
| 117 |
* Filter attribute names are processed in a case sensitive manner. |
| 118 |
* |
| 119 |
* @param filter A filter expression. Filter attribute names are processed |
| 120 |
* in a case sensitive manner. A special value of {@code "*"} can be |
| 121 |
* used to match all adaptations. |
| 122 |
* @param actions {@code adapt}. |
| 123 |
* @throws IllegalArgumentException If the filter has an invalid syntax. |
| 124 |
*/ |
| 125 |
public AdaptPermission(String filter, String actions) { |
| 126 |
this(parseFilter(filter), parseActions(actions)); |
| 127 |
} |
| 128 |
|
| 129 |
/** |
| 130 |
* Creates a new requested {@code AdaptPermission} object to be used by the |
| 131 |
* code that must perform {@code checkPermission}. {@code AdaptPermission} |
| 132 |
* objects created with this constructor cannot be added to an |
| 133 |
* {@code AdaptPermission} permission collection. |
| 134 |
* |
| 135 |
* @param adaptClass The name of the type to which an object can be adapted. |
| 136 |
* @param adaptableBundle The bundle associated with the object being |
| 137 |
* adapted. |
| 138 |
* @param actions {@code adapt}. |
| 139 |
*/ |
| 140 |
public AdaptPermission(String adaptClass, Bundle adaptableBundle, |
| 141 |
String actions) { |
| 142 |
super(adaptClass); |
| 143 |
setTransients(null, parseActions(actions)); |
| 144 |
this.bundle = adaptableBundle; |
| 145 |
if (adaptClass == null) { |
| 146 |
throw new NullPointerException("adaptClass must not be null"); |
| 147 |
} |
| 148 |
if (adaptableBundle == null) { |
| 149 |
throw new NullPointerException("adaptableBundle must not be null"); |
| 150 |
} |
| 151 |
} |
| 152 |
|
| 153 |
/** |
| 154 |
* Package private constructor used by AdaptPermissionCollection. |
| 155 |
* |
| 156 |
* @param filter name filter |
| 157 |
* @param mask action mask |
| 158 |
*/ |
| 159 |
AdaptPermission(Filter filter, int mask) { |
| 160 |
super((filter == null) ? "*" : filter.toString()); |
| 161 |
setTransients(filter, mask); |
| 162 |
this.bundle = null; |
| 163 |
} |
| 164 |
|
| 165 |
/** |
| 166 |
* Called by constructors and when deserialized. |
| 167 |
* |
| 168 |
* @param filter Permission's filter or {@code null} for wildcard. |
| 169 |
* @param mask action mask |
| 170 |
*/ |
| 171 |
private void setTransients(Filter filter, int mask) { |
| 172 |
this.filter = filter; |
| 173 |
if ((mask == ACTION_NONE) || ((mask & ACTION_ALL) != mask)) { |
| 174 |
throw new IllegalArgumentException("invalid action string"); |
| 175 |
} |
| 176 |
this.action_mask = mask; |
| 177 |
} |
| 178 |
|
| 179 |
/** |
| 180 |
* Parse action string into action mask. |
| 181 |
* |
| 182 |
* @param actions Action string. |
| 183 |
* @return action mask. |
| 184 |
*/ |
| 185 |
private static int parseActions(String actions) { |
| 186 |
boolean seencomma = false; |
| 187 |
|
| 188 |
int mask = ACTION_NONE; |
| 189 |
|
| 190 |
if (actions == null) { |
| 191 |
return mask; |
| 192 |
} |
| 193 |
|
| 194 |
char[] a = actions.toCharArray(); |
| 195 |
|
| 196 |
int i = a.length - 1; |
| 197 |
if (i < 0) |
| 198 |
return mask; |
| 199 |
|
| 200 |
while (i != -1) { |
| 201 |
char c; |
| 202 |
|
| 203 |
// skip whitespace |
| 204 |
while ((i != -1) |
| 205 |
&& ((c = a[i]) == ' ' || c == '\r' || c == '\n' |
| 206 |
|| c == '\f' || c == '\t')) |
| 207 |
i--; |
| 208 |
|
| 209 |
// check for the known strings |
| 210 |
int matchlen; |
| 211 |
|
| 212 |
if (i >= 4 && (a[i - 4] == 'a' || a[i - 4] == 'A') |
| 213 |
&& (a[i - 3] == 'd' || a[i - 3] == 'D') |
| 214 |
&& (a[i - 2] == 'a' || a[i - 2] == 'A') |
| 215 |
&& (a[i - 1] == 'p' || a[i - 1] == 'P') |
| 216 |
&& (a[i] == 't' || a[i] == 'T')) { |
| 217 |
matchlen = 5; |
| 218 |
mask |= ACTION_ADAPT; |
| 219 |
|
| 220 |
} |
| 221 |
else { |
| 222 |
// parse error |
| 223 |
throw new IllegalArgumentException("invalid actions: " |
| 224 |
+ actions); |
| 225 |
} |
| 226 |
|
| 227 |
// make sure we didn't just match the tail of a word |
| 228 |
// like "ackbarfadapt". Also, skip to the comma. |
| 229 |
seencomma = false; |
| 230 |
while (i >= matchlen && !seencomma) { |
| 231 |
switch (a[i - matchlen]) { |
| 232 |
case ',' : |
| 233 |
seencomma = true; |
| 234 |
/* FALLTHROUGH */ |
| 235 |
case ' ' : |
| 236 |
case '\r' : |
| 237 |
case '\n' : |
| 238 |
case '\f' : |
| 239 |
case '\t' : |
| 240 |
break; |
| 241 |
default : |
| 242 |
throw new IllegalArgumentException( |
| 243 |
"invalid permission: " + actions); |
| 244 |
} |
| 245 |
i--; |
| 246 |
} |
| 247 |
|
| 248 |
// point i at the location of the comma minus one (or -1). |
| 249 |
i -= matchlen; |
| 250 |
} |
| 251 |
|
| 252 |
if (seencomma) { |
| 253 |
throw new IllegalArgumentException("invalid actions: " + actions); |
| 254 |
} |
| 255 |
|
| 256 |
return mask; |
| 257 |
} |
| 258 |
|
| 259 |
/** |
| 260 |
* Parse filter string into a Filter object. |
| 261 |
* |
| 262 |
* @param filterString The filter string to parse. |
| 263 |
* @return a Filter for this bundle. |
| 264 |
* @throws IllegalArgumentException If the filter syntax is invalid. |
| 265 |
*/ |
| 266 |
private static Filter parseFilter(String filterString) { |
| 267 |
filterString = filterString.trim(); |
| 268 |
if (filterString.equals("*")) { |
| 269 |
return null; |
| 270 |
} |
| 271 |
try { |
| 272 |
return FrameworkUtil.createFilter(filterString); |
| 273 |
} |
| 274 |
catch (InvalidSyntaxException e) { |
| 275 |
IllegalArgumentException iae = new IllegalArgumentException( |
| 276 |
"invalid filter"); |
| 277 |
iae.initCause(e); |
| 278 |
throw iae; |
| 279 |
} |
| 280 |
} |
| 281 |
|
| 282 |
/** |
| 283 |
* Determines if the specified permission is implied by this object. |
| 284 |
* |
| 285 |
* <p> |
| 286 |
* This method checks that the filter of the target is implied by the adapt |
| 287 |
* class name of this object. The list of {@code AdaptPermission} actions |
| 288 |
* must either match or allow for the list of the target object to imply the |
| 289 |
* target {@code AdaptPermission} action. |
| 290 |
* <p> |
| 291 |
* |
| 292 |
* @param p The requested permission. |
| 293 |
* @return {@code true} if the specified permission is implied by this |
| 294 |
* object; {@code false} otherwise. |
| 295 |
*/ |
| 296 |
public boolean implies(Permission p) { |
| 297 |
if (!(p instanceof AdaptPermission)) { |
| 298 |
return false; |
| 299 |
} |
| 300 |
AdaptPermission requested = (AdaptPermission) p; |
| 301 |
if (bundle != null) { |
| 302 |
return false; |
| 303 |
} |
| 304 |
// if requested permission has a filter, then it is an invalid argument |
| 305 |
if (requested.filter != null) { |
| 306 |
return false; |
| 307 |
} |
| 308 |
return implies0(requested, ACTION_NONE); |
| 309 |
} |
| 310 |
|
| 311 |
/** |
| 312 |
* Internal implies method. Used by the implies and the permission |
| 313 |
* collection implies methods. |
| 314 |
* |
| 315 |
* @param requested The requested AdaptPermission which has already be |
| 316 |
* validated as a proper argument. The requested AdaptPermission must |
| 317 |
* not have a filter expression. |
| 318 |
* @param effective The effective actions with which to start. |
| 319 |
* @return {@code true} if the specified permission is implied by this |
| 320 |
* object; {@code false} otherwise. |
| 321 |
*/ |
| 322 |
boolean implies0(AdaptPermission requested, int effective) { |
| 323 |
/* check actions first - much faster */ |
| 324 |
effective |= action_mask; |
| 325 |
final int desired = requested.action_mask; |
| 326 |
if ((effective & desired) != desired) { |
| 327 |
return false; |
| 328 |
} |
| 329 |
/* Get filter */ |
| 330 |
Filter f = filter; |
| 331 |
if (f == null) { |
| 332 |
// it's "*" |
| 333 |
return true; |
| 334 |
} |
| 335 |
return f.matches(requested.getProperties()); |
| 336 |
} |
| 337 |
|
| 338 |
/** |
| 339 |
* Returns the canonical string representation of the |
| 340 |
* {@code AdaptPermission} actions. |
| 341 |
* |
| 342 |
* <p> |
| 343 |
* Always returns present {@code AdaptPermission} actions in the following |
| 344 |
* order: {@code adapt}. |
| 345 |
* |
| 346 |
* @return Canonical string representation of the {@code AdaptPermission} |
| 347 |
* actions. |
| 348 |
*/ |
| 349 |
public String getActions() { |
| 350 |
String result = actions; |
| 351 |
if (result == null) { |
| 352 |
actions = result = ADAPT; |
| 353 |
} |
| 354 |
return result; |
| 355 |
} |
| 356 |
|
| 357 |
/** |
| 358 |
* Returns a new {@code PermissionCollection} object suitable for storing |
| 359 |
* {@code AdaptPermission} objects. |
| 360 |
* |
| 361 |
* @return A new {@code PermissionCollection} object. |
| 362 |
*/ |
| 363 |
public PermissionCollection newPermissionCollection() { |
| 364 |
return new AdaptPermissionCollection(); |
| 365 |
} |
| 366 |
|
| 367 |
/** |
| 368 |
* Determines the equality of two {@code AdaptPermission} objects. |
| 369 |
* |
| 370 |
* This method checks that specified permission has the same name and |
| 371 |
* {@code AdaptPermission} actions as this {@code AdaptPermission} object. |
| 372 |
* |
| 373 |
* @param obj The object to test for equality with this |
| 374 |
* {@code AdaptPermission} object. |
| 375 |
* @return {@code true} if {@code obj} is a {@code AdaptPermission}, and has |
| 376 |
* the same name and actions as this {@code AdaptPermission} object; |
| 377 |
* {@code false} otherwise. |
| 378 |
*/ |
| 379 |
public boolean equals(Object obj) { |
| 380 |
if (obj == this) { |
| 381 |
return true; |
| 382 |
} |
| 383 |
|
| 384 |
if (!(obj instanceof AdaptPermission)) { |
| 385 |
return false; |
| 386 |
} |
| 387 |
|
| 388 |
AdaptPermission cp = (AdaptPermission) obj; |
| 389 |
|
| 390 |
return (action_mask == cp.action_mask) |
| 391 |
&& getName().equals(cp.getName()) |
| 392 |
&& ((bundle == cp.bundle) || ((bundle != null) && bundle |
| 393 |
.equals(cp.bundle))); |
| 394 |
} |
| 395 |
|
| 396 |
/** |
| 397 |
* Returns the hash code value for this object. |
| 398 |
* |
| 399 |
* @return A hash code value for this object. |
| 400 |
*/ |
| 401 |
public int hashCode() { |
| 402 |
int h = 31 * 17 + getName().hashCode(); |
| 403 |
h = 31 * h + getActions().hashCode(); |
| 404 |
if (bundle != null) { |
| 405 |
h = 31 * h + bundle.hashCode(); |
| 406 |
} |
| 407 |
return h; |
| 408 |
} |
| 409 |
|
| 410 |
/** |
| 411 |
* WriteObject is called to save the state of this permission object to a |
| 412 |
* stream. The actions are serialized, and the superclass takes care of the |
| 413 |
* name. |
| 414 |
*/ |
| 415 |
private synchronized void writeObject(java.io.ObjectOutputStream s) |
| 416 |
throws IOException { |
| 417 |
if (bundle != null) { |
| 418 |
throw new NotSerializableException("cannot serialize"); |
| 419 |
} |
| 420 |
// Write out the actions. The superclass takes care of the name |
| 421 |
// call getActions to make sure actions field is initialized |
| 422 |
if (actions == null) |
| 423 |
getActions(); |
| 424 |
s.defaultWriteObject(); |
| 425 |
} |
| 426 |
|
| 427 |
/** |
| 428 |
* readObject is called to restore the state of this permission from a |
| 429 |
* stream. |
| 430 |
*/ |
| 431 |
private synchronized void readObject(java.io.ObjectInputStream s) |
| 432 |
throws IOException, ClassNotFoundException { |
| 433 |
// Read in the action, then initialize the rest |
| 434 |
s.defaultReadObject(); |
| 435 |
setTransients(parseFilter(getName()), parseActions(actions)); |
| 436 |
} |
| 437 |
|
| 438 |
/** |
| 439 |
* Called by {@code <@link AdaptPermission#implies(Permission)>}. This |
| 440 |
* method is only called on a requested permission which cannot have a |
| 441 |
* filter set. |
| 442 |
* |
| 443 |
* @return a map of properties for this permission. |
| 444 |
*/ |
| 445 |
private Map<String, Object> getProperties() { |
| 446 |
Map<String, Object> result = properties; |
| 447 |
if (result != null) { |
| 448 |
return result; |
| 449 |
} |
| 450 |
final Map<String, Object> map = new HashMap<String, Object>(5); |
| 451 |
map.put("adaptClass", getName()); |
| 452 |
if (bundle != null) { |
| 453 |
AccessController.doPrivileged(new PrivilegedAction<Object>() { |
| 454 |
public Object run() { |
| 455 |
map.put("id", new Long(bundle.getBundleId())); |
| 456 |
map.put("location", bundle.getLocation()); |
| 457 |
String name = bundle.getSymbolicName(); |
| 458 |
if (name != null) { |
| 459 |
map.put("name", name); |
| 460 |
} |
| 461 |
SignerProperty signer = new SignerProperty(bundle); |
| 462 |
if (signer.isBundleSigned()) { |
| 463 |
map.put("signer", signer); |
| 464 |
} |
| 465 |
return null; |
| 466 |
} |
| 467 |
}); |
| 468 |
} |
| 469 |
return properties = map; |
| 470 |
} |
| 471 |
} |
| 472 |
|
| 473 |
/** |
| 474 |
* Stores a set of {@code AdaptPermission} permissions. |
| 475 |
* |
| 476 |
* @see java.security.Permission |
| 477 |
* @see java.security.Permissions |
| 478 |
* @see java.security.PermissionCollection |
| 479 |
*/ |
| 480 |
|
| 481 |
final class AdaptPermissionCollection extends PermissionCollection { |
| 482 |
static final long serialVersionUID = -3350758995234427603L; |
| 483 |
/** |
| 484 |
* Collection of permissions. |
| 485 |
* |
| 486 |
* @serial |
| 487 |
* @GuardedBy this |
| 488 |
*/ |
| 489 |
private Map<String, AdaptPermission> permissions; |
| 490 |
|
| 491 |
/** |
| 492 |
* Boolean saying if "*" is in the collection. |
| 493 |
* |
| 494 |
* @serial |
| 495 |
* @GuardedBy this |
| 496 |
*/ |
| 497 |
private boolean all_allowed; |
| 498 |
|
| 499 |
/** |
| 500 |
* Create an empty AdaptPermissions object. |
| 501 |
*/ |
| 502 |
public AdaptPermissionCollection() { |
| 503 |
permissions = new HashMap<String, AdaptPermission>(); |
| 504 |
all_allowed = false; |
| 505 |
} |
| 506 |
|
| 507 |
/** |
| 508 |
* Adds a permission to this permission collection. |
| 509 |
* |
| 510 |
* @param permission The {@code AdaptPermission} object to add. |
| 511 |
* @throws IllegalArgumentException If the specified permission is not a |
| 512 |
* {@code AdaptPermission} instance or was constructed with a Bundle |
| 513 |
* object. |
| 514 |
* @throws SecurityException If this {@code AdaptPermissionCollection} |
| 515 |
* object has been marked read-only. |
| 516 |
*/ |
| 517 |
public void add(final Permission permission) { |
| 518 |
if (!(permission instanceof AdaptPermission)) { |
| 519 |
throw new IllegalArgumentException("invalid permission: " |
| 520 |
+ permission); |
| 521 |
} |
| 522 |
if (isReadOnly()) { |
| 523 |
throw new SecurityException("attempt to add a Permission to a " |
| 524 |
+ "readonly PermissionCollection"); |
| 525 |
} |
| 526 |
|
| 527 |
final AdaptPermission ap = (AdaptPermission) permission; |
| 528 |
if (ap.bundle != null) { |
| 529 |
throw new IllegalArgumentException("cannot add to collection: " |
| 530 |
+ ap); |
| 531 |
} |
| 532 |
|
| 533 |
final String name = ap.getName(); |
| 534 |
synchronized (this) { |
| 535 |
Map<String, AdaptPermission> pc = permissions; |
| 536 |
final AdaptPermission existing = pc.get(name); |
| 537 |
if (existing != null) { |
| 538 |
final int oldMask = existing.action_mask; |
| 539 |
final int newMask = ap.action_mask; |
| 540 |
if (oldMask != newMask) { |
| 541 |
pc.put(name, new AdaptPermission(existing.filter, oldMask |
| 542 |
| newMask)); |
| 543 |
|
| 544 |
} |
| 545 |
} |
| 546 |
else { |
| 547 |
pc.put(name, ap); |
| 548 |
} |
| 549 |
|
| 550 |
if (!all_allowed) { |
| 551 |
if (name.equals("*")) { |
| 552 |
all_allowed = true; |
| 553 |
} |
| 554 |
} |
| 555 |
} |
| 556 |
} |
| 557 |
|
| 558 |
/** |
| 559 |
* Determines if the specified permissions implies the permissions expressed |
| 560 |
* in {@code permission}. |
| 561 |
* |
| 562 |
* @param permission The Permission object to compare with this |
| 563 |
* {@code AdaptPermission} object. |
| 564 |
* @return {@code true} if {@code permission} is a proper subset of a |
| 565 |
* permission in the set; {@code false} otherwise. |
| 566 |
*/ |
| 567 |
public boolean implies(final Permission permission) { |
| 568 |
if (!(permission instanceof AdaptPermission)) { |
| 569 |
return false; |
| 570 |
} |
| 571 |
final AdaptPermission requested = (AdaptPermission) permission; |
| 572 |
/* if requested permission has a filter, then it is an invalid argument */ |
| 573 |
if (requested.filter != null) { |
| 574 |
return false; |
| 575 |
} |
| 576 |
|
| 577 |
int effective = AdaptPermission.ACTION_NONE; |
| 578 |
|
| 579 |
Collection<AdaptPermission> perms; |
| 580 |
synchronized (this) { |
| 581 |
Map<String, AdaptPermission> pc = permissions; |
| 582 |
/* short circuit if the "*" Permission was added */ |
| 583 |
if (all_allowed) { |
| 584 |
AdaptPermission ap = pc.get("*"); |
| 585 |
if (ap != null) { |
| 586 |
effective |= ap.action_mask; |
| 587 |
final int desired = requested.action_mask; |
| 588 |
if ((effective & desired) == desired) { |
| 589 |
return true; |
| 590 |
} |
| 591 |
} |
| 592 |
} |
| 593 |
perms = pc.values(); |
| 594 |
} |
| 595 |
/* iterate one by one over filteredPermissions */ |
| 596 |
for (AdaptPermission perm : perms) { |
| 597 |
if (perm.implies0(requested, effective)) { |
| 598 |
return true; |
| 599 |
} |
| 600 |
} |
| 601 |
return false; |
| 602 |
} |
| 603 |
|
| 604 |
/** |
| 605 |
* Returns an enumeration of all {@code AdaptPermission} objects in the |
| 606 |
* container. |
| 607 |
* |
| 608 |
* @return Enumeration of all {@code AdaptPermission} objects. |
| 609 |
*/ |
| 610 |
public synchronized Enumeration<Permission> elements() { |
| 611 |
List<Permission> all = new ArrayList<Permission>(permissions.values()); |
| 612 |
return Collections.enumeration(all); |
| 613 |
} |
| 614 |
|
| 615 |
/* serialization logic */ |
| 616 |
private static final ObjectStreamField[] serialPersistentFields = { |
| 617 |
new ObjectStreamField("permissions", HashMap.class), |
| 618 |
new ObjectStreamField("all_allowed", Boolean.TYPE) }; |
| 619 |
|
| 620 |
private synchronized void writeObject(ObjectOutputStream out) |
| 621 |
throws IOException { |
| 622 |
ObjectOutputStream.PutField pfields = out.putFields(); |
| 623 |
pfields.put("permissions", permissions); |
| 624 |
pfields.put("all_allowed", all_allowed); |
| 625 |
out.writeFields(); |
| 626 |
} |
| 627 |
|
| 628 |
private synchronized void readObject(java.io.ObjectInputStream in) |
| 629 |
throws IOException, ClassNotFoundException { |
| 630 |
ObjectInputStream.GetField gfields = in.readFields(); |
| 631 |
permissions = (HashMap<String, AdaptPermission>) gfields.get( |
| 632 |
"permissions", null); |
| 633 |
all_allowed = gfields.get("all_allowed", false); |
| 634 |
} |
| 635 |
} |