Examples of InvocationConstraint

• net.jini.core.constraint.InvocationConstraint
  The marker interface used to identify constraints for method invocations. Constraints are immutable and should be serializable.

  An instance of this interface must implement {@link Object#equals Object.equals} to return true when passed a constraint that isequivalent in trust, content, and function, and to return false otherwise. That is, the equals method must be a sufficient substitute for {@link net.jini.security.proxytrust.TrustEquivalence#checkTrustEquivalence TrustEquivalence.checkTrustEquivalence}. @author Sun Microsystems, Inc. @since 2.0

Examples of net.jini.core.constraint.InvocationConstraint

  if (c instanceof ConstraintAlternatives) {
      Set alts = ((ConstraintAlternatives) c).elements();
      Class type = null;
      for (Iterator iter = alts.iterator(); iter.hasNext(); ) {
    InvocationConstraint alt= (InvocationConstraint) iter.next();
    if (type == null) {
        type = alt.getClass();
    } else if (type != alt.getClass()) {
        return false; // does not support heterogenous alternatives
    }
    if (isSupportableConstraint(alt))
        return true;
      }

Examples of net.jini.core.constraint.InvocationConstraint

     repeated here to support ConstraintAlternatives. */

  if (c instanceof ConstraintAlternatives) {
      Set elems = ((ConstraintAlternatives) c).elements();
      for (Iterator iter = elems.iterator(); iter.hasNext(); ) {
    InvocationConstraint elem =
        (InvocationConstraint) iter.next();
    if (isSatisfiable(config, elem))
        return true;
      }
      return false;

Examples of net.jini.core.constraint.InvocationConstraint

     */
    static boolean containsConstraint(
  Set constraints, InvocationConstraint candidate)
    {
  for (Iterator iter = constraints.iterator(); iter.hasNext(); ) {
      InvocationConstraint c = (InvocationConstraint) iter.next();
      if (c instanceof ConstraintAlternatives) {
    Set elems = ((ConstraintAlternatives) c).elements();
    return elems.contains(candidate);
      } else if (c.equals(candidate)) {
    return true;
      }
  }
  return false;
    }

Examples of net.jini.core.constraint.InvocationConstraint

  try {
      // check for unsupportable constraints
      for (Iterator iter = constraints.requirements().iterator();
     iter.hasNext(); )
      {
    InvocationConstraint c = (InvocationConstraint)iter.next();
    if (!KerberosUtil.isSupportableConstraint(c)) {
        throw new UnsupportedConstraintException(
      "A constraint unsupportable by this endpoint " +
      "has been required: " + c);
    }
      }

      if (getKey(serverSubject, serverPrincipal) == null) {
    throw new UnsupportedConstraintException(
        "Failed to find a valid Kerberos key " +
        "corresponding to serverPrincipal (" + serverPrincipal +
        ") in serverSubject.");
      }

      // now check whether the constraints are satisfiable

      // first find all client principal candidates in constraints
      HashSet cpCandidates = new HashSet();
      for (Iterator iter = constraints.requirements().iterator();
     iter.hasNext(); )
      {
    if (!KerberosUtil.collectCpCandidates(
        (InvocationConstraint) iter.next(), cpCandidates))
    {
        throw new UnsupportedConstraintException(
      "Client principal constraint related conflicts " +
      "found in the given set of constraints: " +
      constraints);
    }
      }

      if (cpCandidates.size() == 0) {
    /* no client principal constraints is required, anyone
       will pass */
    cpCandidates.add(new KerberosPrincipal("anyone"));
      }

      // look for a satisfiable config
      boolean doable = false;
      ConfigIter citer =
    new ConfigIter(cpCandidates, serverPrincipal, true);
    outer:
      while (citer.hasNext()) {
    Config config = citer.next();
    for (Iterator iter = constraints.requirements().iterator();
         iter.hasNext(); )
    {
        InvocationConstraint c =
      (InvocationConstraint) iter.next();
        if (!KerberosUtil.isSatisfiable(config, c))
      continue outer;
    }
    doable = true;

Examples of net.jini.core.constraint.InvocationConstraint

      // no cached result, has to do the whole analysis
      for (Iterator iter = constraints.requirements().iterator();
     iter.hasNext(); )
      {
    try {
        InvocationConstraint c =
      (InvocationConstraint) iter.next();
        if (!KerberosUtil.isSupportableConstraint(c)) {
      UnsupportedConstraintException e =
          new UnsupportedConstraintException(
        "A constraint unsupportable by this " +

Examples of net.jini.core.constraint.InvocationConstraint

              boolean required)
  throws UnsupportedConstraintException
    {
  Collection dist = new ArrayList();
  for (Iterator i = constraints.iterator(); i.hasNext(); ) {
      InvocationConstraint c = (InvocationConstraint) i.next();
      Object d = distill(c, request);
      if (d instanceof InvocationConstraint) {
    dist.add(d);
      } else if (required && d == UNSUPPORTED) {
    throw new UnsupportedConstraintException("unsupported: " + c);

Examples of net.jini.core.constraint.InvocationConstraint

      throws UnsupportedConstraintException
  {
      KerberosPrincipal principal = null;
      for (Iterator i = constraints.requirements().iterator(); i.hasNext(); )
      {
    InvocationConstraint c = (InvocationConstraint) i.next();
    if (c instanceof ServerMinPrincipal) {
        Set s = ((ServerMinPrincipal) c).elements();
        if (s.size() > 1) {
      throw new UnsupportedConstraintException(
          "multiple server principals");
        }
        Principal p = (Principal) s.iterator().next();
        if (!(p instanceof KerberosPrincipal)) {
      throw new UnsupportedConstraintException(
          "non-kerberos server principal");
        }
        if (principal == null) {
      principal = (KerberosPrincipal) p;
        } else if (!principal.equals(p)) {
      throw new UnsupportedConstraintException(
          "multiple server principals");
        }
    }
    // NYI: support ConstraintAlternatives with ServerMinPrincipals
      }
      if (principal != null) {
    return principal;
      }
      for (Iterator i = constraints.preferences().iterator(); i.hasNext(); )
      {
    InvocationConstraint c = (InvocationConstraint) i.next();
    if (c instanceof ServerMinPrincipal) {
        Set s = ((ServerMinPrincipal) c).elements();
        for (Iterator j = s.iterator(); j.hasNext(); ) {
      Principal p = (Principal) j.next();
      if (p instanceof KerberosPrincipal) {

Examples of net.jini.core.constraint.InvocationConstraint

         regardless whether the caller has the getSubject
         permission */
      for (Iterator iter = constraints.requirements().iterator();
     iter.hasNext(); )
      {
    InvocationConstraint c = (InvocationConstraint) iter.next();
    if (!KerberosUtil.isSupportableConstraint(c)) {
        errorCode = UNSUPPORTABLE_CONSTRAINT_REQUIRED;
        detailedExceptionMsg = "A constraint unsupportable by " +
      "this endpoint has been required: " + c;
        return;
    }
      }

      /* All Kerberos principals allowed by the constraints.  If
         the resulting set is empty, it means no client min/max
         principal constraints found in the constraints, instead
         of no principals allowed. */
      clientPrincipals = new HashSet();
      for (Iterator iter = constraints.requirements().iterator();
     iter.hasNext(); )
      {
    if (!KerberosUtil.collectCpCandidates(
        (InvocationConstraint) iter.next(),
        clientPrincipals))
    {
        errorCode = UNSUPPORTABLE_CONSTRAINT_REQUIRED;
        detailedExceptionMsg = "Client principal constraint " +
      "related conflicts found in the given set of " +
      "constraints: " + constraints;
        return;
    }
      }

      if (clientSubject == null) {
    errorCode = NULL_SUBJECT;
    detailedExceptionMsg = "JAAS login has not been done " +
        "properly, the subject associated with the current " +
        "AccessControlContext is null.";
    return;
      }

      this.clientSubject = clientSubject;
      this.constraints = constraints;

      subjectReadOnly = clientSubject.isReadOnly();
      subjectClientPrincipals = getClientPrincipals(clientSubject);

      if (subjectClientPrincipals.size() == 0) {
    errorCode = NO_CLIENT_PRINCIPAL;
    detailedExceptionMsg = "JAAS login has not been done " +
        "properly, the subject associated with the current " +
        "AccessControlContext contains no KerberosPrincipal.";
    return;
      }

      if (clientPrincipals.size() > 0) {
    clientPrincipals.retainAll(subjectClientPrincipals);
      } else {
    clientPrincipals = subjectClientPrincipals;
      }

      boolean canDeleg = false;
      if (KerberosUtil.containsConstraint(
    constraints.requirements(), Delegation.YES) ||
    KerberosUtil.containsConstraint(
        constraints.preferences(), Delegation.YES))
      {
    canDeleg = true;
      }

      // enumerate all possible configs and filter them by constraints
      ArrayList configArr = new ArrayList();
    outer:
      for (ConfigIter citer = new ConfigIter(
         clientPrincipals, serverPrincipal, canDeleg);
     citer.hasNext(); )
      {
    Config config = citer.next();
    for (Iterator jter = constraints.requirements().iterator();
         jter.hasNext(); )
    {
        InvocationConstraint c =
      (InvocationConstraint) jter.next();
        if (!KerberosUtil.isSatisfiable(config, c))
      continue outer;
    }
    configArr.add(config);
      }

      if (configArr.size() == 0) {
    errorCode = UNSATISFIABLE_CONSTRAINT_REQUIRED;
    detailedExceptionMsg = "Constraints unsatisfiable by this " +
        "endpoint with the current subject have been required: " +
        constraints + ", while the KerberosPrincipal set of " +
        "the subject is: " + subjectClientPrincipals;
    return;
      }

      configs = (Config[]) configArr.toArray(
    new Config[configArr.size()]);

      // reorder configs by the num of preferences a config can satisfy
      for (int i = 0; i < configs.length; i++) {
    for (Iterator iter = constraints.preferences().iterator();
         iter.hasNext(); )
          {
        InvocationConstraint c =
      (InvocationConstraint) iter.next();
        if (KerberosUtil.isSatisfiable(configs[i], c))
      configs[i].prefCount++;
    }
      }

Examples of net.jini.core.constraint.InvocationConstraint

    {
  InvocationConstraints unfulfilled =
      serverCapabilities.checkConstraints(constraints);
  for (Iterator i = unfulfilled.requirements().iterator(); i.hasNext();)
  {
      InvocationConstraint c = (InvocationConstraint) i.next();
      if (!(c instanceof Integrity)) {
    throw new UnsupportedConstraintException(
        "cannot satisfy unfulfilled constraint: " + c);
      }
      // REMIND: support ConstraintAlternatives containing Integrity?

Examples of net.jini.core.constraint.InvocationConstraint

      InvocationConstraints unfulfilled = request.checkConstraints(sc);
      for (Iterator i = unfulfilled.requirements().iterator();
     i.hasNext();)
      {
    InvocationConstraint c = (InvocationConstraint) i.next();
    if (!(c instanceof Integrity) ||
        (!integrity && c == Integrity.YES))
    {
        throw new UnsupportedConstraintException(
            "cannot satisfy unfulfilled constraint: " + c);