Clover Coverage Report
Coverage timestamp: Sun Mar 23 2008 08:24:39 GMT
29   221   16   3.22
18   65   0.83   9
9     2.67  
1    
 
 
  PermisCredentials       Line # 49 29 16 62.5% 0.625
 
  (1)
 
1    /*
2    * Copyright (c) 2000-2005, University of Salford
3    * All rights reserved.
4    *
5    * Redistribution and use in source and binary forms, with or without
6    * modification, are permitted provided that the following conditions are met:
7    *
8    * Redistributions of source code must retain the above copyright notice, this
9    * list of conditions and the following disclaimer.
10    *
11    * Redistributions in binary form must reproduce the above copyright notice,
12    * this list of conditions and the following disclaimer in the documentation
13    * and/or other materials provided with the distribution.
14    *
15    * Neither the name of the University of Salford nor the names of its
16    * contributors may be used to endorse or promote products derived from this
17    * software without specific prior written permission.
18    *
19    * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
20    * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21    * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22    * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
23    * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24    * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25    * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26    * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27    * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28    * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29    * POSSIBILITY OF SUCH DAMAGE.
30    */
31   
32    package issrg.pba.rbac;
33   
34    import issrg.pba.Credentials;
35   
36    /**
37    * This is the implementation of the credential for a role based scheme with a
38    * hierarchy. It combines a roleType and a roleValue. The roleType is a string,
39    * and will be the LDAP name of the AC attribute type. The roleValue will be a
40    * RoleHierarchyNode (containing the actual role value) and will be the
41    * attribute value.
42    *
43    * @author A. Otenko
44    * @author E. Ball
45    * @author D. Chadwick
46    * @version 0.2
47    */
48   
 
49    public class PermisCredentials extends RoleBasedCredentials {
50    /*
51    * TODO: there is ambiguity in joining "Any Value" PermisCredentials with other PermisCredentials
52    * in the way it is done at the moment by the SetOfSubsetsCredentials. the result will depend
53    * on the sequence of operands. this is due to ambiguity of the "Any Value": when
54    * delegating, it is the most superior (union with it always gives "Any value"); when
55    * making decision, it is the most inferior (any role value is greater than this one).
56    *
57    * currently there is no security breach, since i always do union _after_ intersecting
58    * credentials, and there is no problem with intersections (SetOfSubsets calls intersection
59    * on each credential in the set).
60    */
61   
62    private RoleHierarchyNode roleValue;
63   
 
64  0 toggle protected PermisCredentials(){}
65   
66    /**
67    * This is the constructor that builds the object by specifying its RoleType
68    * (the name, used in the Policy XML). This constructor should be used only
69    * for building
70    * the "ANY VALUE" role, which is used in the Policy, and can never be
71    * granted to a user.
72    *
73    * @param roleType is the type of the Role
74    */
 
75  38 toggle public PermisCredentials(String roleType) {
76    //System.out.println("\t\t*** BUILDING A PERMIS CREDENTIAL ***\n\t"+roleType+" = "+(roleValue==null? "null":roleValue.getValue())); //*******
77  38 this.roleType=roleType;
78    }
79   
80    /**
81    * This is the constructor that builds the object by specifying its
82    * RoleHierarchyNode
83    * (the node that is aware of the hierarchy structure). Note that
84    * RoleHierarchyNodes are constructed by XMLPolicyParser. The role based
85    * AuthTokenParsers should use the hierarchy defined by XMLPolicyParser,
86    * when constructing PermisCredentials; without this the PermisCredentials
87    * cannot discover hierarchical relationships between the roles.
88    *
89    * @param roleValue is the node, representing the value of the Role; cannot
90    * be null
91    */
 
92  2881 toggle public PermisCredentials(RoleHierarchyNode roleValue) {
93    //System.out.println("\t\t*** BUILDING A PERMIS CREDENTIAL ***\n\t"+roleType+" = "+(roleValue==null? "null":roleValue.getValue())); //*******
94  2881 if (roleValue!=null){
95  2711 this.roleType=roleValue.getRoleType();
96  2711 this.roleValue=roleValue;
97    }
98    }
99   
100    /**
101    * This method returns the role value as a String.
102    *
103    * @return the String representation of the Role value (Permis Roles have
104    * only string values), as specified in the Policy XML, or null, if
105    * any value is matched by this object
106    */
 
107  17529 toggle public String getRoleValueAsString(){
108  17529 return roleValue==null? null: (String)roleValue.getRoleValue();
109    }
110   
111    /**
112    * This method returns the attribute value of the Role. It is inherited from
113    * the RoleBasedCredential, and its use is limited, like that of
114    * <code>getRoleValueAsString</code>. In fact, it does the same.
115    *
116    * @return the String that is the value of the Role
117    *
118    * @see getRoleValueAsString()
119    */
 
120  17505 toggle public Object getRoleValue(){
121  17505 return getRoleValueAsString();
122    }
123   
124    /**
125    * This method returns the result of comparing these credentials to the given
126    * credentials.
127    *
128    * @param c is the credentials to compare to
129    *
130    * @return true if the given Credentials is castable to PermisCredentials, and
131    * the Role, allocated to this object is superior or equal to the Role of
132    * the given Credentials, as specified by the Role Hierarchy in the Policy
133    * XML
134    */
 
135  12003 toggle public boolean contains(issrg.pba.Credentials c){
136    // System.err.println("\t\t*** COMPARING A PERMIS CREDENTIAL ***\n\t"+"This role: " + this.toString()+" vs "+ "The required Role: " + c.toString()); //*******
137  12003 if (c instanceof PermisCredentials && c!=null){
138    /**
139    * TODO: add Validity verification here, or create ExpirablePermisCredential
140    */
141  12003 RoleHierarchyNode rv=((PermisCredentials)c).roleValue;
142  12003 boolean b;
143   
144  12003 if (roleValue==null || rv==null){ // the rule for comparing "ANY VALUE" role
145    // "ANY VALUE" matches any roleValue, if the role type is the same
146    // note that "ANY VALUE" credentials can be contained only in the sets of credentials
147    // connected to the policy rules. they can never be assigned to a user
148   
149  325 b=getRoleType()!=null &&
150    ((PermisCredentials)c).getRoleType()!=null &&
151    this.getRoleType().intern()==((PermisCredentials)c).getRoleType().intern() && // only if role types are the same
152    roleValue==null; // and the roleValue is "ANY VALUE" - any other value cannot contain "ANY VALUE" (e.g. if rv==null)
153    }else{
154  11678 b=roleValue!=null && roleValue.isSuperiorTo(rv);
155    }
156   
157    //System.out.println("\t"+b); //*******
158  12003 return b;
159    }
160   
161  0 return super.contains(c);
162    }
163   
164    /**
165    * This method overrides the inherited intersection method to optimise the
166    * intersection of two PermisCredentials, one of which is "ANY VALUE".
167    */
 
168  5030 toggle public Credentials intersection(Credentials what){
169   
170    //System.out.println("\t\t*** INTERSECTION ***"); //*************
171   
172  5030 Credentials c = null;
173   
174  5030 if (getRoleValue()==null && contains(what)){ // non-null intersection
175  0 c=what; // let the intersection be smaller (avoid returning "any value")
176  5030 }else if (what instanceof PermisCredentials &&
177    ((PermisCredentials)what).getRoleValue()==null &&
178    what.contains(this)){ // it will contain this if they are of the same type
179  91 c=this; // avoid returning "any value"
180    }else{
181  4939 c=super.intersection(what);
182    }
183    //System.out.println("\t"+toString()+" vs "+what.toString()+"="+c.toString()); //*************
184   
185  5030 return c;
186    }
187   
188   
189    /**
190    * This method overrides the inherited union method to optimise the
191    * union of two PermisCredentials, one of which is "ANY VALUE".
192    */
 
193  0 toggle public Credentials union(Credentials what){
194   
195    //System.out.println("\t\t*** UNION ***"); //*************
196   
197  0 Credentials c = null;
198   
199  0 if (getRoleValue()==null && contains(what)){ // let the union be not too big (avoid returning "any value")
200  0 c=this;
201  0 }else if (what instanceof PermisCredentials &&
202    ((PermisCredentials)what).getRoleValue()==null && what.contains(this)){
203  0 c=what;
204    }else{
205  0 c=super.union(what);
206    }
207    //System.out.println("\t"+toString()+" vs "+what.toString()+"="+c.toString()); //*************
208   
209  0 return c;
210    }
211   
212    /**
213    * This method creates a copy of the object.
214    *
215    * @return a PermisCredential object with the same properties as this object
216    */
 
217  0 toggle public Object clone(){
218  0 return roleValue==null? new PermisCredentials(roleType) : new PermisCredentials(roleValue);
219    }
220   
221    }