1 //
2 // ========================================================================
3 // Copyright (c) 1995-2016 Mort Bay Consulting Pty. Ltd.
4 // ------------------------------------------------------------------------
5 // All rights reserved. This program and the accompanying materials
6 // are made available under the terms of the Eclipse Public License v1.0
7 // and Apache License v2.0 which accompanies this distribution.
8 //
9 // The Eclipse Public License is available at
10 // http://www.eclipse.org/legal/epl-v10.html
11 //
12 // The Apache License v2.0 is available at
13 // http://www.opensource.org/licenses/apache2.0.php
14 //
15 // You may elect to redistribute this code under either of these licenses.
16 // ========================================================================
17 //
18
19 package org.eclipse.jetty.jaas;
20
21 import java.security.Principal;
22 import java.security.acl.Group;
23 import java.util.Enumeration;
24
25
26 /* ---------------------------------------------------- */
27 /** StrictRoleCheckPolicy
28 * <p>Enforces that if a runAsRole is present, then the
29 * role to check must be the same as that runAsRole and
30 * the set of static roles is ignored.
31 *
32 *
33 *
34 */
35 public class StrictRoleCheckPolicy implements RoleCheckPolicy
36 {
37
38 public boolean checkRole (String roleName, Principal runAsRole, Group roles)
39 {
40 //check if this user has had any temporary role pushed onto
41 //them. If so, then only check if the user has that role.
42 if (runAsRole != null)
43 {
44 return (roleName.equals(runAsRole.getName()));
45 }
46 else
47 {
48 if (roles == null)
49 return false;
50 Enumeration<? extends Principal> rolesEnum = roles.members();
51 boolean found = false;
52 while (rolesEnum.hasMoreElements() && !found)
53 {
54 Principal p = (Principal)rolesEnum.nextElement();
55 found = roleName.equals(p.getName());
56 }
57 return found;
58 }
59
60 }
61
62 }