1 // ======================================================================== 2 // Copyright (c) 2003-2009 Mort Bay Consulting Pty. Ltd. 3 // ------------------------------------------------------------------------ 4 // All rights reserved. This program and the accompanying materials 5 // are made available under the terms of the Eclipse Public License v1.0 6 // and Apache License v2.0 which accompanies this distribution. 7 // The Eclipse Public License is available at 8 // http://www.eclipse.org/legal/epl-v10.html 9 // The Apache License v2.0 is available at 10 // http://www.opensource.org/licenses/apache2.0.php 11 // You may elect to redistribute this code under either of these licenses. 12 // ======================================================================== 13 14 package org.eclipse.jetty.plus.jaas; 15 16 import java.security.Principal; 17 import java.security.acl.Group; 18 import java.util.Enumeration; 19 20 21 /* ---------------------------------------------------- */ 22 /** StrictRoleCheckPolicy 23 * <p>Enforces that if a runAsRole is present, then the 24 * role to check must be the same as that runAsRole and 25 * the set of static roles is ignored. 26 * 27 * 28 * 29 * @org.apache.xbean.XBean description ="Check only topmost role in stack of roles for user" 30 */ 31 public class StrictRoleCheckPolicy implements RoleCheckPolicy 32 { 33 34 public boolean checkRole (String roleName, Principal runAsRole, Group roles) 35 { 36 //check if this user has had any temporary role pushed onto 37 //them. If so, then only check if the user has that role. 38 if (runAsRole != null) 39 { 40 return (roleName.equals(runAsRole.getName())); 41 } 42 else 43 { 44 if (roles == null) 45 return false; 46 Enumeration rolesEnum = roles.members(); 47 boolean found = false; 48 while (rolesEnum.hasMoreElements() && !found) 49 { 50 Principal p = (Principal)rolesEnum.nextElement(); 51 found = roleName.equals(p.getName()); 52 } 53 return found; 54 } 55 56 } 57 58 }