1 // 2 // ======================================================================== 3 // Copyright (c) 1995-2016 Mort Bay Consulting Pty. Ltd. 4 // ------------------------------------------------------------------------ 5 // All rights reserved. This program and the accompanying materials 6 // are made available under the terms of the Eclipse Public License v1.0 7 // and Apache License v2.0 which accompanies this distribution. 8 // 9 // The Eclipse Public License is available at 10 // http://www.eclipse.org/legal/epl-v10.html 11 // 12 // The Apache License v2.0 is available at 13 // http://www.opensource.org/licenses/apache2.0.php 14 // 15 // You may elect to redistribute this code under either of these licenses. 16 // ======================================================================== 17 // 18 19 package org.eclipse.jetty.jaas; 20 21 import java.security.Principal; 22 import java.security.acl.Group; 23 import java.util.Enumeration; 24 25 26 /* ---------------------------------------------------- */ 27 /** StrictRoleCheckPolicy 28 * <p>Enforces that if a runAsRole is present, then the 29 * role to check must be the same as that runAsRole and 30 * the set of static roles is ignored. 31 * 32 * 33 * 34 */ 35 public class StrictRoleCheckPolicy implements RoleCheckPolicy 36 { 37 38 public boolean checkRole (String roleName, Principal runAsRole, Group roles) 39 { 40 //check if this user has had any temporary role pushed onto 41 //them. If so, then only check if the user has that role. 42 if (runAsRole != null) 43 { 44 return (roleName.equals(runAsRole.getName())); 45 } 46 else 47 { 48 if (roles == null) 49 return false; 50 Enumeration<? extends Principal> rolesEnum = roles.members(); 51 boolean found = false; 52 while (rolesEnum.hasMoreElements() && !found) 53 { 54 Principal p = (Principal)rolesEnum.nextElement(); 55 found = roleName.equals(p.getName()); 56 } 57 return found; 58 } 59 60 } 61 62 }