1 // ========================================================================
2 // Copyright (c) 2003-2009 Mort Bay Consulting Pty. Ltd.
3 // ------------------------------------------------------------------------
4 // All rights reserved. This program and the accompanying materials
5 // are made available under the terms of the Eclipse Public License v1.0
6 // and Apache License v2.0 which accompanies this distribution.
7 // The Eclipse Public License is available at
8 // http://www.eclipse.org/legal/epl-v10.html
9 // The Apache License v2.0 is available at
10 // http://www.opensource.org/licenses/apache2.0.php
11 // You may elect to redistribute this code under either of these licenses.
12 // ========================================================================
13
14 package org.eclipse.jetty.plus.jaas;
15
16 import java.security.Principal;
17 import java.security.acl.Group;
18 import java.util.Enumeration;
19
20
21 /* ---------------------------------------------------- */
22 /** StrictRoleCheckPolicy
23 * <p>Enforces that if a runAsRole is present, then the
24 * role to check must be the same as that runAsRole and
25 * the set of static roles is ignored.
26 *
27 *
28 *
29 * @org.apache.xbean.XBean description ="Check only topmost role in stack of roles for user"
30 */
31 public class StrictRoleCheckPolicy implements RoleCheckPolicy
32 {
33
34 public boolean checkRole (String roleName, Principal runAsRole, Group roles)
35 {
36 //check if this user has had any temporary role pushed onto
37 //them. If so, then only check if the user has that role.
38 if (runAsRole != null)
39 {
40 return (roleName.equals(runAsRole.getName()));
41 }
42 else
43 {
44 if (roles == null)
45 return false;
46 Enumeration rolesEnum = roles.members();
47 boolean found = false;
48 while (rolesEnum.hasMoreElements() && !found)
49 {
50 Principal p = (Principal)rolesEnum.nextElement();
51 found = roleName.equals(p.getName());
52 }
53 return found;
54 }
55
56 }
57
58 }