001: /*
002: * JBoss, Home of Professional Open Source.
003: * Copyright 2006, Red Hat Middleware LLC, and individual contributors
004: * as indicated by the @author tags. See the copyright.txt file in the
005: * distribution for a full listing of individual contributors.
006: *
007: * This is free software; you can redistribute it and/or modify it
008: * under the terms of the GNU Lesser General Public License as
009: * published by the Free Software Foundation; either version 2.1 of
010: * the License, or (at your option) any later version.
011: *
012: * This software is distributed in the hope that it will be useful,
013: * but WITHOUT ANY WARRANTY; without even the implied warranty of
014: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015: * Lesser General Public License for more details.
016: *
017: * You should have received a copy of the GNU Lesser General Public
018: * License along with this software; if not, write to the Free
019: * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
020: * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
021: */
022: package org.jboss.security;
023:
024: import java.security.Principal;
025: import java.util.HashSet;
026: import java.util.Iterator;
027: import java.util.Set;
028:
029: /**
030: * The RunAsIdentity is a Principal that associates the run-as principal
031: * with his run-as role(s).
032: *
033: * @author Thomas.Diesler@jboss.org
034: * @author Anil.Saldhana@jboss.org
035: * @version $Revision: 57203 $
036: */
037: public class RunAsIdentity extends SimplePrincipal implements Cloneable {
038: /** @since 4.0.2 */
039: private static final long serialVersionUID = -3236178735180485083L;
040:
041: /** The run-as role principals */
042: private HashSet runAsRoles = new HashSet();
043: private HashSet principalsSet;
044:
045: private static final String ANOYMOUS_PRINCIPAL = "anonymous";
046:
047: /**
048: * Construct an inmutable instance of a RunAsIdentity
049: */
050: public RunAsIdentity(String roleName, String principalName) {
051: // we don't support run-as credetials
052: super (principalName != null ? principalName
053: : ANOYMOUS_PRINCIPAL);
054:
055: if (roleName == null)
056: throw new IllegalArgumentException(
057: "The run-as identity must have at least one role");
058:
059: runAsRoles.add(new SimplePrincipal(roleName));
060: }
061:
062: /**
063: * Construct an inmutable instance of a RunAsIdentity
064: */
065: public RunAsIdentity(String roleName, String principalName,
066: Set extraRoleNames) {
067: this (roleName, principalName);
068:
069: // these come from the assembly-descriptor
070: if (extraRoleNames != null) {
071: Iterator it = extraRoleNames.iterator();
072: while (it.hasNext()) {
073: String extraRoleName = (String) it.next();
074: runAsRoles.add(new SimplePrincipal(extraRoleName));
075: }
076: }
077: }
078:
079: /**
080: Return a set with the configured run-as role
081: @return Set<Principal> for the run-as roles
082: */
083: public Set getRunAsRoles() {
084: return new HashSet(runAsRoles);
085: }
086:
087: /**
088: Return a set with the configured run-as principal and a Group("Roles")
089: with teh run-as roles
090:
091: @return Set<Principal> for the run-as principal and roles
092: */
093: public synchronized Set getPrincipalsSet() {
094: if (principalsSet == null) {
095: principalsSet = new HashSet();
096: principalsSet.add(this );
097: SimpleGroup roles = new SimpleGroup("Roles");
098: principalsSet.add(roles);
099: Iterator iter = runAsRoles.iterator();
100: while (iter.hasNext()) {
101: Principal role = (Principal) iter.next();
102: roles.addMember(role);
103: }
104: }
105: return principalsSet;
106: }
107:
108: public boolean doesUserHaveRole(Principal role) {
109: return runAsRoles.contains(role);
110: }
111:
112: /**
113: * True if the run-as principal has any of the method roles
114: */
115: public boolean doesUserHaveRole(Set methodRoles) {
116: Iterator it = methodRoles.iterator();
117: while (it.hasNext()) {
118: Principal role = (Principal) it.next();
119: if (doesUserHaveRole(role))
120: return true;
121: }
122: return false;
123: }
124:
125: /**
126: * Returns a string representation of the object.
127: * @return a string representation of the object.
128: */
129: public String toString() {
130: return "[roles=" + runAsRoles + ",principal=" + getName() + "]";
131: }
132:
133: public synchronized Object clone()
134: throws CloneNotSupportedException {
135: RunAsIdentity clone = (RunAsIdentity) super .clone();
136: if (clone != null) {
137: clone.principalsSet = (HashSet) this .principalsSet.clone();
138: clone.runAsRoles = (HashSet) this.runAsRoles.clone();
139: }
140: return clone;
141: }
142: }
|