001: /*
002: * JOSSO: Java Open Single Sign-On
003: *
004: * Copyright 2004-2008, Atricore, Inc.
005: *
006: * This is free software; you can redistribute it and/or modify it
007: * under the terms of the GNU Lesser General Public License as
008: * published by the Free Software Foundation; either version 2.1 of
009: * the License, or (at your option) any later version.
010: *
011: * This software is distributed in the hope that it will be useful,
012: * but WITHOUT ANY WARRANTY; without even the implied warranty of
013: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
014: * Lesser General Public License for more details.
015: *
016: * You should have received a copy of the GNU Lesser General Public
017: * License along with this software; if not, write to the Free
018: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
019: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
020: */
021:
022: package org.josso.servlet.agent;
023:
024: import org.apache.commons.logging.Log;
025: import org.apache.commons.logging.LogFactory;
026: import org.josso.gateway.identity.SSORole;
027: import org.josso.gateway.identity.SSOUser;
028:
029: import javax.security.auth.Subject;
030: import javax.servlet.http.HttpServletRequest;
031: import java.security.Principal;
032: import java.util.HashMap;
033: import java.util.Iterator;
034: import java.util.Map;
035: import java.util.Set;
036:
037: /**
038: * JOSSO Security context, used only by the Generic Servlet Container Agent. Other agents will generate container specific
039: * security context instances.
040: *
041: * Date: Nov 28, 2007
042: * Time: 1:03:33 PM
043: *
044: * @author <a href="mailto:sgonzalez@josso.org">Sebastian Gonzalez Oyuela</a>
045: */
046: public class JOSSOSecurityContext {
047:
048: private static final Log logger = LogFactory
049: .getLog(JOSSOSecurityContext.class);
050:
051: /**
052: * Current authenticated subject.
053: */
054: private Subject subject;
055:
056: /**
057: * Principal representing current SSO user
058: */
059: private SSOUser ssoUser;
060:
061: /**
062: * Map of principals representing current user's roles
063: */
064: private Map roles;
065:
066: /**
067: * Creates a new security context for the given subject. The subject must contain at least one SSOUser principal instance.
068: */
069: public JOSSOSecurityContext(Subject subject) {
070:
071: Set principals = subject.getPrincipals();
072: roles = new HashMap();
073:
074: for (Iterator it = principals.iterator(); it.hasNext();) {
075:
076: Principal p = (Principal) it.next();
077: if (p instanceof SSOUser) {
078: if (ssoUser != null)
079: throw new IllegalArgumentException(
080: "Subject cannot contain multiple SSOUser instances");
081: this .ssoUser = (SSOUser) p;
082: } else if (p instanceof SSORole) {
083: SSORole r = (SSORole) p;
084: roles.put(r.getName(), r);
085: }
086:
087: }
088:
089: if (ssoUser == null)
090: throw new IllegalArgumentException(
091: "No SSOUser principal found in subject");
092:
093: }
094:
095: /**
096: * Provides current principal
097: */
098: public SSOUser getCurrentPrincipal() {
099: return ssoUser;
100: }
101:
102: /**
103: *
104: * @param role the role name
105: * @return true if the subject has a SSORole principal with the given name.
106: */
107: public boolean isUserInRole(String role) {
108: return roles.containsKey(role);
109: }
110:
111: /**
112: * Authenticated subject.
113: */
114: Subject getSubject() {
115: return subject;
116: }
117:
118: }
|