View Javadoc

1   //
2   //  ========================================================================
3   //  Copyright (c) 1995-2016 Mort Bay Consulting Pty. Ltd.
4   //  ------------------------------------------------------------------------
5   //  All rights reserved. This program and the accompanying materials
6   //  are made available under the terms of the Eclipse Public License v1.0
7   //  and Apache License v2.0 which accompanies this distribution.
8   //
9   //      The Eclipse Public License is available at
10  //      http://www.eclipse.org/legal/epl-v10.html
11  //
12  //      The Apache License v2.0 is available at
13  //      http://www.opensource.org/licenses/apache2.0.php
14  //
15  //  You may elect to redistribute this code under either of these licenses.
16  //  ========================================================================
17  //
18  
19  package org.eclipse.jetty.security;
20  
21  import java.io.Serializable;
22  import java.util.Set;
23  
24  import org.eclipse.jetty.server.Authentication.User;
25  import org.eclipse.jetty.server.UserIdentity;
26  import org.eclipse.jetty.server.UserIdentity.Scope;
27  
28  /**
29   * AbstractUserAuthentication
30   *
31   *
32   * Base class for representing an authenticated user.
33   */
34  public abstract class AbstractUserAuthentication implements User, Serializable
35  {
36      private static final long serialVersionUID = -6290411814232723403L;
37      protected String _method;
38      protected transient UserIdentity _userIdentity;
39      
40      
41      
42      public AbstractUserAuthentication(String method, UserIdentity userIdentity)
43      {
44          _method = method;
45          _userIdentity = userIdentity;
46      }
47      
48  
49      @Override
50      public String getAuthMethod()
51      {
52          return _method;
53      }
54  
55      @Override
56      public UserIdentity getUserIdentity()
57      {
58          return _userIdentity;
59      }
60  
61      @Override
62      public boolean isUserInRole(Scope scope, String role)
63      {
64          String roleToTest = null;
65          if (scope!=null && scope.getRoleRefMap()!=null)
66              roleToTest=scope.getRoleRefMap().get(role);
67          if (roleToTest==null)
68              roleToTest=role;
69          //Servlet Spec 3.1 pg 125 if testing special role **
70          if ("**".equals(roleToTest.trim()))
71          {
72              //if ** is NOT a declared role name, the we return true 
73              //as the user is authenticated. If ** HAS been declared as a
74              //role name, then we have to check if the user has that role
75              if (!declaredRolesContains("**"))
76                  return true;
77              else
78                  return _userIdentity.isUserInRole(role, scope);
79          }
80        
81          return _userIdentity.isUserInRole(role, scope);
82      }
83  
84      public boolean declaredRolesContains(String roleName)
85      {
86          SecurityHandler security=SecurityHandler.getCurrentSecurityHandler();
87          if (security==null)
88              return false;
89          
90          if (security instanceof ConstraintAware)
91          {
92              Set<String> declaredRoles = ((ConstraintAware)security).getRoles();
93              return (declaredRoles != null) && declaredRoles.contains(roleName);
94          }
95          
96          return false;
97      }
98  }