01: /*
02: * Copyright (c) 1998-2008 Caucho Technology -- all rights reserved
03: *
04: * This file is part of Resin(R) Open Source
05: *
06: * Each copy or derived work must preserve the copyright notice and this
07: * notice unmodified.
08: *
09: * Resin Open Source is free software; you can redistribute it and/or modify
10: * it under the terms of the GNU General Public License as published by
11: * the Free Software Foundation; either version 2 of the License, or
12: * (at your option) any later version.
13: *
14: * Resin Open Source is distributed in the hope that it will be useful,
15: * but WITHOUT ANY WARRANTY; without even the implied warranty of
16: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE, or any warranty
17: * of NON-INFRINGEMENT. See the GNU General Public License for more
18: * details.
19: *
20: * You should have received a copy of the GNU General Public License
21: * along with Resin Open Source; if not, write to the
22: *
23: * Free Software Foundation, Inc.
24: * 59 Temple Place, Suite 330
25: * Boston, MA 02111-1307 USA
26: *
27: * @author Scott Ferguson
28: */
29:
30: package com.caucho.server.security;
31:
32: import com.caucho.util.CharBuffer;
33:
34: import javax.servlet.ServletContext;
35: import javax.servlet.ServletException;
36: import javax.servlet.http.HttpServletRequest;
37: import javax.servlet.http.HttpServletResponse;
38: import java.io.IOException;
39:
40: public class RoleConstraint extends AbstractConstraint {
41: private String[] _roles;
42:
43: public void addRoleName(String role) {
44: if (_roles == null)
45: _roles = new String[] { role };
46: else {
47: String[] newRoles = new String[_roles.length + 1];
48: System.arraycopy(_roles, 0, newRoles, 0, _roles.length);
49: newRoles[_roles.length] = role;
50: _roles = newRoles;
51: }
52: }
53:
54: /**
55: * Returns true if the constraint requires authentication.
56: */
57: public boolean needsAuthentication() {
58: return _roles != null && _roles.length > 0;
59: }
60:
61: /**
62: * Returns true if the user is authorized for the resource.
63: */
64: public boolean isAuthorized(HttpServletRequest request,
65: HttpServletResponse response, ServletContext application)
66: throws ServletException, IOException {
67: for (int i = 0; _roles != null && i < _roles.length; i++) {
68: if (_roles[i].equals("*"))
69: return true;
70: if (request.isUserInRole(_roles[i])) {
71: return true;
72: }
73: }
74:
75: response.sendError(HttpServletResponse.SC_FORBIDDEN, null);
76:
77: return false;
78: }
79:
80: public String toString() {
81: CharBuffer cb = new CharBuffer();
82:
83: cb.append("RoleConstraint[");
84: for (int i = 0; i < _roles.length; i++) {
85: if (i != 0)
86: cb.append(',');
87: cb.append(_roles[i]);
88: }
89: cb.append("]");
90:
91: return cb.close();
92: }
93: }
|