View Javadoc

1   //
2   //  ========================================================================
3   //  Copyright (c) 1995-2013 Mort Bay Consulting Pty. Ltd.
4   //  ------------------------------------------------------------------------
5   //  All rights reserved. This program and the accompanying materials
6   //  are made available under the terms of the Eclipse Public License v1.0
7   //  and Apache License v2.0 which accompanies this distribution.
8   //
9   //      The Eclipse Public License is available at
10  //      http://www.eclipse.org/legal/epl-v10.html
11  //
12  //      The Apache License v2.0 is available at
13  //      http://www.opensource.org/licenses/apache2.0.php
14  //
15  //  You may elect to redistribute this code under either of these licenses.
16  //  ========================================================================
17  //
18  
19  package org.eclipse.jetty.jaas;
20  
21  import java.security.Principal;
22  import java.security.acl.Group;
23  import java.util.Enumeration;
24  
25  
26  /* ---------------------------------------------------- */
27  /** StrictRoleCheckPolicy
28   * <p>Enforces that if a runAsRole is present, then the
29   * role to check must be the same as that runAsRole and
30   * the set of static roles is ignored.
31   * 
32   *
33   * 
34   * @org.apache.xbean.XBean description ="Check only topmost role in stack of roles for user"
35   */
36  public class StrictRoleCheckPolicy implements RoleCheckPolicy
37  {
38  
39      public boolean checkRole (String roleName, Principal runAsRole, Group roles)
40      {
41          //check if this user has had any temporary role pushed onto
42          //them. If so, then only check if the user has that role.
43          if (runAsRole != null)
44          {
45              return (roleName.equals(runAsRole.getName()));
46          }
47          else
48          {
49              if (roles == null)
50                  return false;
51              Enumeration<? extends Principal> rolesEnum = roles.members();
52              boolean found = false;
53              while (rolesEnum.hasMoreElements() && !found)
54              {
55                  Principal p = (Principal)rolesEnum.nextElement();
56                  found = roleName.equals(p.getName());
57              }
58              return found;
59          }
60          
61      }
62      
63  }