public ManagementPermission createScopedPermission(Constraint constraint, int constraintIndex) { Constraint[] altered; if (constraintIndex == constraints.length) { altered = new Constraint[constraintIndex + 1]; System.arraycopy(constraints, 0, altered, 0, constraints.length); } else { Constraint existing = constraints[constraintIndex]; if (constraint.replaces(existing)) { altered = new Constraint[constraints.length]; System.arraycopy(constraints, 0, altered, 0, constraints.length); } else { altered = new Constraint[constraintIndex + 1]; if (constraintIndex == 0) { System.arraycopy(constraints, 0, altered, 1, constraints.length); } else { System.arraycopy(constraints, 0, altered, 0, constraintIndex); System.arraycopy(constraints, constraintIndex, altered, constraintIndex + 1, constraints.length - constraintIndex); } } } altered[constraintIndex] = constraint; return new SimpleManagementPermission(getActionEffect(), altered); } }
@Override public boolean implies(Permission permission) { if (equals(permission)) { SimpleManagementPermission other = (SimpleManagementPermission) permission; // Validate constraints assert constraints.length == other.constraints.length : String.format("incompatible ManagementPermission; " + "differing constraint counts %d vs %d", constraints.length, other.constraints.length); Action.ActionEffect actionEffect = getActionEffect(); for (int i = 0; i < constraints.length; i++) { Constraint ours = constraints[i]; Constraint theirs = other.constraints[i]; assert ours.getClass() == theirs.getClass() : "incompatible constraints: ours = " + ours.getClass() + " -- theirs = " + theirs.getClass(); if (ours.violates(theirs, actionEffect)) { ControllerLogger.ACCESS_LOGGER.tracef("Constraints are violated for %s", actionEffect); return false; } } return true; } return false; }
while (monitorEnumeration.hasMoreElements()) { SimpleManagementPermission monitorPerm = (SimpleManagementPermission) monitorEnumeration.nextElement(); monitorPermissions.put(monitorPerm.getActionEffect(), monitorPerm); while (permissionEnumeration.hasMoreElements()) { SimpleManagementPermission basePerm = (SimpleManagementPermission) permissionEnumeration.nextElement(); Action.ActionEffect actionEffect = basePerm.getActionEffect(); CombinationManagementPermission combinedPermission = new CombinationManagementPermission(CombinationPolicy.PERMISSIVE, actionEffect); if (scopedPermissions == null) { scopedPermissions = new ManagementPermissionCollection(officialForm, CombinationManagementPermission.class); ManagementPermission scopedPerm = basePerm.createScopedPermission(scopingConstraint.getStandardConstraint(), constraintIndex); combinedPermission.addUnderlyingPermission(scopedBaseName, scopedPerm); if (monitorPerm != null) { combinedPermission.addUnderlyingPermission(scopedReadOnlyName, monitorPerm.createScopedPermission(scopingConstraint.getOutofScopeReadConstraint(), constraintIndex));
private synchronized Map<String, ManagementPermissionCollection> configureDefaultPermissions() { Map<String, ManagementPermissionCollection> result = new HashMap<String, ManagementPermissionCollection>(); for (StandardRole standardRole : StandardRole.values()) { String officialForm = getOfficialForm(standardRole); ManagementPermissionCollection rolePerms = new ManagementPermissionCollection(officialForm, SimpleManagementPermission.class); for (Action.ActionEffect actionEffect : Action.ActionEffect.values()) { if (standardRole.isActionEffectAllowed(actionEffect)) { Constraint[] constraints = new Constraint[constraintFactories.size()]; int i = 0; for (ConstraintFactory factory : this.constraintFactories) { constraints[i] = factory.getStandardUserConstraint(standardRole, actionEffect); i++; } rolePerms.add(new SimpleManagementPermission(actionEffect, constraints)); } } result.put(officialForm, rolePerms); } return result; }
@Override public boolean equals(Object o) { if (this == o) return true; if (o == null || getClass() != o.getClass()) return false; ManagementPermission that = (ManagementPermission) o; return getActionEffect() == that.getActionEffect(); }
while (monitorEnumeration.hasMoreElements()) { SimpleManagementPermission monitorPerm = (SimpleManagementPermission) monitorEnumeration.nextElement(); monitorPermissions.put(monitorPerm.getActionEffect(), monitorPerm); while (permissionEnumeration.hasMoreElements()) { SimpleManagementPermission basePerm = (SimpleManagementPermission) permissionEnumeration.nextElement(); Action.ActionEffect actionEffect = basePerm.getActionEffect(); CombinationManagementPermission combinedPermission = new CombinationManagementPermission(CombinationPolicy.PERMISSIVE, actionEffect); if (scopedPermissions == null) { scopedPermissions = new ManagementPermissionCollection(officialForm, CombinationManagementPermission.class); ManagementPermission scopedPerm = basePerm.createScopedPermission(scopingConstraint.getStandardConstraint(), constraintIndex); combinedPermission.addUnderlyingPermission(scopedBaseName, scopedPerm); if (monitorPerm != null) { combinedPermission.addUnderlyingPermission(scopedReadOnlyName, monitorPerm.createScopedPermission(scopingConstraint.getOutofScopeReadConstraint(), constraintIndex));
private synchronized Map<String, ManagementPermissionCollection> configureDefaultPermissions() { Map<String, ManagementPermissionCollection> result = new HashMap<String, ManagementPermissionCollection>(); for (StandardRole standardRole : StandardRole.values()) { String officialForm = getOfficialForm(standardRole); ManagementPermissionCollection rolePerms = new ManagementPermissionCollection(officialForm, SimpleManagementPermission.class); for (Action.ActionEffect actionEffect : Action.ActionEffect.values()) { if (standardRole.isActionEffectAllowed(actionEffect)) { Constraint[] constraints = new Constraint[constraintFactories.size()]; int i = 0; for (ConstraintFactory factory : this.constraintFactories) { constraints[i] = factory.getStandardUserConstraint(standardRole, actionEffect); i++; } rolePerms.add(new SimpleManagementPermission(actionEffect, constraints)); } } result.put(officialForm, rolePerms); } return result; }
@Override public boolean equals(Object o) { if (this == o) return true; if (o == null || getClass() != o.getClass()) return false; ManagementPermission that = (ManagementPermission) o; return getActionEffect() == that.getActionEffect(); }
@Override public boolean implies(Permission permission) { if (equals(permission)) { SimpleManagementPermission other = (SimpleManagementPermission) permission; // Validate constraints assert constraints.length == other.constraints.length : String.format("incompatible ManagementPermission; " + "differing constraint counts %d vs %d", constraints.length, other.constraints.length); Action.ActionEffect actionEffect = getActionEffect(); for (int i = 0; i < constraints.length; i++) { Constraint ours = constraints[i]; Constraint theirs = other.constraints[i]; assert ours.getClass() == theirs.getClass() : "incompatible constraints: ours = " + ours.getClass() + " -- theirs = " + theirs.getClass(); if (ours.violates(theirs, actionEffect)) { ControllerLogger.ACCESS_LOGGER.tracef("Constraints are violated for %s", actionEffect); return false; } } return true; } return false; }
public ManagementPermission createScopedPermission(Constraint constraint, int constraintIndex) { Constraint[] altered; if (constraintIndex == constraints.length) { altered = new Constraint[constraintIndex + 1]; System.arraycopy(constraints, 0, altered, 0, constraints.length); } else { Constraint existing = constraints[constraintIndex]; if (constraint.replaces(existing)) { altered = new Constraint[constraints.length]; System.arraycopy(constraints, 0, altered, 0, constraints.length); } else { altered = new Constraint[constraintIndex + 1]; if (constraintIndex == 0) { System.arraycopy(constraints, 0, altered, 1, constraints.length); } else { System.arraycopy(constraints, 0, altered, 0, constraintIndex); System.arraycopy(constraints, constraintIndex, altered, constraintIndex + 1, constraints.length - constraintIndex); } } } altered[constraintIndex] = constraint; return new SimpleManagementPermission(getActionEffect(), altered); } }
while (monitorEnumeration.hasMoreElements()) { SimpleManagementPermission monitorPerm = (SimpleManagementPermission) monitorEnumeration.nextElement(); monitorPermissions.put(monitorPerm.getActionEffect(), monitorPerm); while (permissionEnumeration.hasMoreElements()) { SimpleManagementPermission basePerm = (SimpleManagementPermission) permissionEnumeration.nextElement(); Action.ActionEffect actionEffect = basePerm.getActionEffect(); CombinationManagementPermission combinedPermission = new CombinationManagementPermission(CombinationPolicy.PERMISSIVE, actionEffect); if (scopedPermissions == null) { scopedPermissions = new ManagementPermissionCollection(officialForm, CombinationManagementPermission.class); ManagementPermission scopedPerm = basePerm.createScopedPermission(scopingConstraint.getStandardConstraint(), constraintIndex); combinedPermission.addUnderlyingPermission(scopedBaseName, scopedPerm); if (monitorPerm != null) { combinedPermission.addUnderlyingPermission(scopedReadOnlyName, monitorPerm.createScopedPermission(scopingConstraint.getOutofScopeReadConstraint(), constraintIndex));
private synchronized Map<String, ManagementPermissionCollection> configureDefaultPermissions() { Map<String, ManagementPermissionCollection> result = new HashMap<String, ManagementPermissionCollection>(); for (StandardRole standardRole : StandardRole.values()) { String officialForm = getOfficialForm(standardRole); ManagementPermissionCollection rolePerms = new ManagementPermissionCollection(officialForm, SimpleManagementPermission.class); for (Action.ActionEffect actionEffect : Action.ActionEffect.values()) { if (standardRole.isActionEffectAllowed(actionEffect)) { Constraint[] constraints = new Constraint[constraintFactories.size()]; int i = 0; for (ConstraintFactory factory : this.constraintFactories) { constraints[i] = factory.getStandardUserConstraint(standardRole, actionEffect); i++; } rolePerms.add(new SimpleManagementPermission(actionEffect, constraints)); } } result.put(officialForm, rolePerms); } return result; }
@Override public int hashCode() { return getActionEffect().hashCode(); }
@Override public boolean implies(Permission permission) { if (equals(permission)) { SimpleManagementPermission other = (SimpleManagementPermission) permission; // Validate constraints assert constraints.length == other.constraints.length : String.format("incompatible ManagementPermission; " + "differing constraint counts %d vs %d", constraints.length, other.constraints.length); Action.ActionEffect actionEffect = getActionEffect(); for (int i = 0; i < constraints.length; i++) { Constraint ours = constraints[i]; Constraint theirs = other.constraints[i]; assert ours.getClass() == theirs.getClass() : "incompatible constraints: ours = " + ours.getClass() + " -- theirs = " + theirs.getClass(); if (ours.violates(theirs, actionEffect)) { ControllerLogger.ACCESS_LOGGER.tracef("Constraints are violated for %s", actionEffect); return false; } } return true; } return false; }
public ManagementPermission createScopedPermission(Constraint constraint, int constraintIndex) { Constraint[] altered; if (constraintIndex == constraints.length) { altered = new Constraint[constraintIndex + 1]; System.arraycopy(constraints, 0, altered, 0, constraints.length); } else { Constraint existing = constraints[constraintIndex]; if (constraint.replaces(existing)) { altered = new Constraint[constraints.length]; System.arraycopy(constraints, 0, altered, 0, constraints.length); } else { altered = new Constraint[constraintIndex + 1]; if (constraintIndex == 0) { System.arraycopy(constraints, 0, altered, 1, constraints.length); } else { System.arraycopy(constraints, 0, altered, 0, constraintIndex); System.arraycopy(constraints, constraintIndex, altered, constraintIndex + 1, constraints.length - constraintIndex); } } } altered[constraintIndex] = constraint; return new SimpleManagementPermission(getActionEffect(), altered); } }
@Override public PermissionCollection getRequiredPermissions(Action action, TargetAttribute target) { PermsHolder currentPerms = configureRolePermissions(); ConstraintFactory[] currentFactories = currentPerms.constraintFactories; ManagementPermissionCollection result = new ManagementPermissionCollection(SimpleManagementPermission.class); for (Action.ActionEffect actionEffect : action.getActionEffects()) { Constraint[] constraints = new Constraint[currentFactories.length]; for (int i = 0; i < constraints.length; i++) { constraints[i] = currentFactories[i].getRequiredConstraint(actionEffect, action, target); } result.add(new SimpleManagementPermission(actionEffect, constraints)); } return result; }
@Override public boolean equals(Object o) { if (this == o) return true; if (o == null || getClass() != o.getClass()) return false; ManagementPermission that = (ManagementPermission) o; return getActionEffect() == that.getActionEffect(); }
@Override public PermissionCollection getRequiredPermissions(Action action, TargetResource target) { PermsHolder currentPerms = configureRolePermissions(); ConstraintFactory[] currentFactories = currentPerms.constraintFactories; ManagementPermissionCollection result = new ManagementPermissionCollection(SimpleManagementPermission.class); for (Action.ActionEffect actionEffect : action.getActionEffects()) { Constraint[] constraints = new Constraint[currentFactories.length]; for (int i = 0; i < constraints.length; i++) { constraints[i] = currentFactories[i].getRequiredConstraint(actionEffect, action, target); } result.add(new SimpleManagementPermission(actionEffect, constraints)); } return result; }
@Override public String getActions() { return getActionEffect().toString(); }
@Override public PermissionCollection getRequiredPermissions(JmxAction action, JmxTarget target) { PermsHolder currentPerms = configureRolePermissions(); ConstraintFactory[] currentFactories = currentPerms.constraintFactories; ManagementPermissionCollection result = new ManagementPermissionCollection(SimpleManagementPermission.class); for (Action.ActionEffect actionEffect : action.getActionEffects()) { Constraint[] constraints = new Constraint[currentFactories.length]; for (int i = 0; i < constraints.length; i++) { constraints[i] = currentFactories[i].getRequiredConstraint(actionEffect, action, target); } result.add(new SimpleManagementPermission(actionEffect, constraints)); } return result; }