issrg.pba.rbac.policies
Class URLSubtree

java.lang.Object
  issrg.pba.rbac.policies.URLSubtree

All Implemented Interfaces:

Subtree

public class URLSubtree
extends java.lang.Object
implements Subtree

This Subtree implementation specifies a subtree of Entries identified by URL. It uses a issrg.utils.ParsedURL utility class to decompose the URL and identify the patterns in it, hence support for HTTP-like URLs.

The format of the URL is described in issrg.utils.ParsedURL. Note that the host name is either a valid DNS name, or an IP address, or "*"; the port can be a number specifying a single port, or a range of ports specified as number "-" number.

To match the URLSubtree, the Entry must:

• return a URLPrincipal as the result of getEntryName
• have a protocol that matches the one specified in the Subtree (case of the characters is ignored)
• either the Entry and the Subtree specification don't have the user name specified, or they should match (case sensitive)
• either the Entry and the Subtree specification don't have the password specified, or they should match (case sensitive)
• either the Entry has the same host name, as specified in the Subtree, or it must be one of the IP addresses of the host specified in the Subtree, or the Subtree host must be specified as "any host" wildcard - "*"
• either the Entry has the same port number as the Subtree (the default one is used, if it is not specified explicitly), or the Entry's port must match the range of ports specified in the Subtree, or the Subtree doesn't have any port specified
• the number of path components in the Entry must exceed the number of path components in the Subtree by at least the minimum specified in the Subtree (the paths are normalised prior to comparison, as explained below)
• the number of path components in the Entry may exceed the number of path components in the Subtree by no more than the maximum specified in the Subtree (the paths are normalised prior to comparison, as explained below)
• Entry must have path components matching all of the path components of the Subtree (case sensitive; the paths are normalised prior to comparison, as explained below)

During path normalisation all the "." and ".." (current directory and parent directory respectively) are dereferenced, as explained in issrg.utils.ParsedURL.

Field Summary

protected java.lang.String[]	altIP
static java.lang.String	ANY_HOST Wildcard used in the policy to specify any host - so any host will be matched as part of the URL subtree.
protected int	defaultPort
protected Subtree[]	exclude
static java.lang.String	LOCALHOST
protected int	max
protected int	maxPort
protected int	min
protected int	minPort
protected ParsedURL	pu

Constructor Summary

protected	URLSubtree()
	URLSubtree(java.lang.String url, int defaultPort, int min, int max, Subtree[] exclude) This constructor builds a URLSubtree, given a URL string (exceptions are outlined below), a default port, the min and max levels from the base directory.

Method Summary

java.lang.Object	clone()
boolean	contains(Entry e) This method tests whether Entry e is part of this Subtree.
java.lang.String	toString()

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

ANY_HOST

public static final java.lang.String ANY_HOST

Wildcard used in the policy to specify any host - so any host will be matched as part of the URL subtree.

See Also:

Constant Field Values

LOCALHOST

public static final java.lang.String LOCALHOST

See Also:

Constant Field Values

defaultPort

protected int defaultPort

min

protected int min

max

protected int max

minPort

protected int minPort

maxPort

protected int maxPort

pu

protected ParsedURL pu

exclude

protected Subtree[] exclude

altIP

protected java.lang.String[] altIP

Constructor Detail

URLSubtree

protected URLSubtree()

URLSubtree

public URLSubtree(java.lang.String url,
                  int defaultPort,
                  int min,
                  int max,
                  Subtree[] exclude)
           throws BadURLException

This constructor builds a URLSubtree, given a URL string (exceptions are outlined below), a default port, the min and max levels from the base directory.

The URL may contain a range of ports, not just one port. The range is specified as nn-mm, where nn is the starting port number, and mm - the ending port number. The subtree then matches any URLs with the port matching any of the numbers between nn and mm, inclusive.

If the URL has the host specified by DNS name, then its IP addresses will be looked up, so that the Entries will match the Subtree by either of the IP addresses, or by the DNS name. If the host is specified as a wildcard "*", Entries with any host will match.

Parameters:

url - is the URL string

defaultPort - is the default port to assume for Entries with URLs that do not specify any port

min - is the minimum number of levels below the base URL that the Entry URL should be in; if the Entry is above this level, it doesn't match this subtree

max - is the maximum number of levels below the base URL that the Entry URL should be in; if the Entry is below this level, it doesn't match this subtree

Throws:

BadURLException, - if the url string doesn't match the URL specification (except for the port range bit), or the port numbers are not valid integers

BadURLException

Method Detail

contains

public boolean contains(Entry e)

This method tests whether Entry e is part of this Subtree.

Specified by:

contains in interface Subtree

Parameters:

e - - the Entry to check

Returns:

true, if e's getEntryName returns a URLPrincipal (e.g. URLEntry) and that URLPrincipal matches the Subtree, as explained above; false otherwise

toString

public java.lang.String toString()

Overrides:

toString in class java.lang.Object

clone

public java.lang.Object clone()

Overrides:

clone in class java.lang.Object