package com.nailabs.abac.process; import java.util.*; import edu.stanford.peer.rbtm.credential.*; /** * Access control policy for credentials. The policy can be queried using the * requires method with a specific credential. */ public class ACPolicy implements java.io.Serializable { /** Implicitly allow access if there is no relevant policy */ public static final Role TRUE = null; /** Internal hash table for policy storage */ private HashMap accessControl = null; /** Default constructor with a non-resstrictive policy */ public ACPolicy() { accessControl = new HashMap(); } /** Accessor for all the access control policy keys */ public Vector getProtectedCredentials() { return new Vector(accessControl.keySet()); } /** * Useful for forward discovery. * @return a set of all roles which satisfy the AC policy requirements */ public Vector getRequiredRoles() { return new Vector(accessControl.values()); } /** Adds a single policy atom from String parameters. */ public void addACFact(String cred, String expr) throws CredentialParsingException { addACFact(new StaticCredential(cred), StaticCredential.getEntityExpression(expr)); } /** Adds a single policy atom. */ public void addACFact(Credential key, EntityExpression expr) { accessControl.put(key, expr); } /** Query the policy to determine the required role for a credential */ public EntityExpression requires(Credential resource) { return (EntityExpression)accessControl.get(resource); } /** Returns the underlying storage data structure in a printable format */ public String toString() { if(accessControl == null) return null; else return accessControl.toString(); } }