001/**
002 * Licensed to the Apache Software Foundation (ASF) under one or more
003 * contributor license agreements.  See the NOTICE file distributed with
004 * this work for additional information regarding copyright ownership.
005 * The ASF licenses this file to You under the Apache License, Version 2.0
006 * (the "License"); you may not use this file except in compliance with
007 * the License.  You may obtain a copy of the License at
008 *
009 *      http://www.apache.org/licenses/LICENSE-2.0
010 *
011 * Unless required by applicable law or agreed to in writing, software
012 * distributed under the License is distributed on an "AS IS" BASIS,
013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014 * See the License for the specific language governing permissions and
015 * limitations under the License.
016 */
017package org.apache.activemq.security;
018
019import java.security.Principal;
020import java.util.Collections;
021import java.util.HashSet;
022import java.util.Iterator;
023import java.util.Set;
024import java.util.concurrent.ConcurrentHashMap;
025
026import org.apache.activemq.command.ActiveMQDestination;
027
028/**
029 * Used to cache up authorizations so that subsequent requests are faster.
030 *
031 *
032 */
033public abstract class SecurityContext {
034
035    public static final SecurityContext BROKER_SECURITY_CONTEXT = new SecurityContext("ActiveMQBroker") {
036        @Override
037        public boolean isBrokerContext() {
038            return true;
039        }
040
041        public Set<Principal> getPrincipals() {
042            return Collections.emptySet();
043        }
044    };
045
046    final String userName;
047
048    final ConcurrentHashMap<ActiveMQDestination, ActiveMQDestination> authorizedReadDests = new ConcurrentHashMap<ActiveMQDestination, ActiveMQDestination>();
049    final ConcurrentHashMap<ActiveMQDestination, ActiveMQDestination> authorizedWriteDests = new ConcurrentHashMap<ActiveMQDestination, ActiveMQDestination>();
050
051    public SecurityContext(String userName) {
052        this.userName = userName;
053    }
054
055    public boolean isInOneOf(Set<?> allowedPrincipals) {
056        Iterator<?> allowedIter = allowedPrincipals.iterator();
057        HashSet<?> userPrincipals = new HashSet<Object>(getPrincipals());
058        while (allowedIter.hasNext()) {
059            Iterator<?> userIter = userPrincipals.iterator();
060            Object allowedPrincipal = allowedIter.next();
061            while (userIter.hasNext()) {
062                if (allowedPrincipal.equals(userIter.next()))
063                    return true;
064            }
065        }
066        return false;
067    }
068
069    public abstract Set<Principal> getPrincipals();
070
071    public String getUserName() {
072        return userName;
073    }
074
075    public ConcurrentHashMap<ActiveMQDestination, ActiveMQDestination> getAuthorizedReadDests() {
076        return authorizedReadDests;
077    }
078
079    public ConcurrentHashMap<ActiveMQDestination, ActiveMQDestination> getAuthorizedWriteDests() {
080        return authorizedWriteDests;
081    }
082
083    public boolean isBrokerContext() {
084        return false;
085    }
086}