Google Git
Sign in
eclipse / gerrit / equinox / rt.equinox.framework / 726c842e6d22f2d5a41c007ec0157647ce85b950 / . / bundles / org.eclipse.osgi / security / src / org / eclipse / osgi / internal / provisional / service / security / AuthorizationEngine.java
blob: 4be1f7fae67e5992a5a7701697a9d2a7c2ed4255 [file] [log] [blame]
/*******************************************************************************
* Copyright (c) 2005, 2008 IBM Corporation and others.
* All rights reserved. This program and the accompanying materials
* are made available under the terms of the Eclipse Public License v1.0
* which accompanies this distribution, and is available at
* http://www.eclipse.org/legal/epl-v10.html
*
* Contributors:
* IBM Corporation - initial API and implementation
*******************************************************************************/
package org.eclipse.osgi.internal.provisional.service.security;
import org.eclipse.osgi.framework.eventmgr.*;
import org.eclipse.osgi.signedcontent.SignedContent;
import org.osgi.framework.BundleContext;
import org.osgi.util.tracker.ServiceTracker;
/**
* An authorization engine is used to grant authorization to {@link SignedContent}.
* For example, an engine could determine if <code>SignedContent</code> is authorized
* to enable code from a signed bundle.
* @since 3.4
*/
public abstract class AuthorizationEngine {
private EventManager manager = new EventManager();
private EventDispatcher dispatcher = new AuthEventDispatcher();
private final ServiceTracker listenerTracker;
public AuthorizationEngine(BundleContext context) {
listenerTracker = new ServiceTracker(context, AuthorizationListener.class.getName(), null);
listenerTracker.open();
}
/**
* Authorizes a <code>SignedContent</code> object. The engine determines if the
* signed content authorization should be granted. The context is the entity
* associated with the signed content. For example, signed content
* for a bundle will have a <code>Bundle</code> object as the context.
* @param content the signed content. The value may be <code>null</code>.
* @param context the context associated with the signed content. The value may be <code>null</code>.
*/
public final void authorize(SignedContent content, Object context) {
fireEvent(doAuthorize(content, context));
}
private void fireEvent(AuthorizationEvent event) {
if (event == null)
return;
Object[] services = listenerTracker.getServices();
if (services == null)
return;
CopyOnWriteIdentityMap listeners = new CopyOnWriteIdentityMap();
listeners.putAll(services);
ListenerQueue queue = new ListenerQueue(manager);
queue.queueListeners(listeners.entrySet(), dispatcher);
queue.dispatchEventSynchronous(0, event);
}
/**
* Authorizes a <code>SignedContent</code> object. The engine determines if the
* signed content authorization should be granted.
* @param content
* @param context the context associated with the signed content
* @return an authorization event which will be fired. A value of <code>null</code>
* may be returned; in this case no authorization event will be fired.
*/
protected abstract AuthorizationEvent doAuthorize(SignedContent content, Object context);
/**
* Return the current status of the Authorization system.
*
* @return A value of {@link AuthorizationStatus#OK} or {@link AuthorizationStatus#ERROR}
* @see AuthorizationStatus#OK
* @see AuthorizationStatus#ERROR
*/
abstract public int getStatus();
class AuthEventDispatcher implements EventDispatcher {
public void dispatchEvent(Object eventListener, Object listenerObject, int eventAction, Object eventObject) {
((AuthorizationListener) eventListener).authorizationEvent((AuthorizationEvent) eventObject);
}
}
}