001: /*
002: * Copyright 2005-2007 the original author or authors.
003: *
004: * Licensed under the Apache License, Version 2.0 (the "License");
005: * you may not use this file except in compliance with the License.
006: * You may obtain a copy of the License at
007: *
008: * http://www.apache.org/licenses/LICENSE-2.0
009: *
010: * Unless required by applicable law or agreed to in writing, software
011: * distributed under the License is distributed on an "AS IS" BASIS,
012: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013: * See the License for the specific language governing permissions and
014: * limitations under the License.
015: */
016:
017: package org.acegisecurity.providers.portlet.populator;
018:
019: import java.util.ArrayList;
020: import java.util.Iterator;
021: import java.util.List;
022:
023: import javax.portlet.PortletRequest;
024:
025: import org.acegisecurity.Authentication;
026: import org.acegisecurity.AuthenticationException;
027: import org.acegisecurity.AuthenticationServiceException;
028: import org.acegisecurity.GrantedAuthority;
029: import org.acegisecurity.GrantedAuthorityImpl;
030: import org.acegisecurity.providers.portlet.PortletAuthenticationProvider;
031: import org.acegisecurity.providers.portlet.PortletAuthoritiesPopulator;
032: import org.acegisecurity.userdetails.User;
033: import org.acegisecurity.userdetails.UserDetails;
034:
035: /**
036: * Populates the portlet authorities via role information from the portlet container.
037: * Primarily it uses the <code>PortletRequest.isUserInRole(role)</code> method to
038: * check if the user is in a list of configured roles.
039: * <p>This bean has the following configurable properties:</p>
040: * <ul>
041: * <li><code>rolesToCheck</code> : A list of strings containing names of roles to check.
042: * These roles must also be properly declared in a <security-role-ref> element
043: * of the portlet descriptor in the portlet.xml file.</li>
044: * <li><code>rolePrefix</code> : The prefix to be added onto each role name that as it is
045: * added to the list of authorities. The default value is 'ROLE_'.</li>
046: * <li><code>userRole</code> : The role that all authenticated users will automatically be
047: * granted. The default value is 'ROLE_USER'.</li>
048: * </ul>
049: *
050: * @author John A. Lewis
051: * @since 2.0
052: * @version $Id$
053: */
054: public class ContainerPortletAuthoritiesPopulator implements
055: PortletAuthoritiesPopulator {
056:
057: //~ Static fields/initializers =====================================================================================
058:
059: private static final String defaultRolePrefix = "ROLE_";
060: private static final String defaultUserRole = "ROLE_USER";
061:
062: //~ Instance fields ================================================================================================
063:
064: private List rolesToCheck;
065: private String rolePrefix = defaultRolePrefix;
066: private String userRole = defaultUserRole;
067:
068: //~ Methods ========================================================================================================
069:
070: public UserDetails getUserDetails(Authentication authentication)
071: throws AuthenticationException {
072:
073: // get the username and password for the authentication
074: String username = PortletAuthenticationProvider
075: .getUsernameFromPrincipal(authentication.getPrincipal());
076: String password = authentication.getCredentials().toString();
077:
078: // see if we can load authorities from the portlet request
079: Object details = authentication.getDetails();
080: if (!(details instanceof PortletRequest)) {
081: throw new AuthenticationServiceException(
082: "expected getDetails() to return the PortletRequest object");
083: }
084: GrantedAuthority[] authorities = loadGrantedAuthorities((PortletRequest) details);
085:
086: // construct and return the new user
087: return new User(username, password, true, true, true, true,
088: authorities);
089: }
090:
091: private GrantedAuthority[] loadGrantedAuthorities(
092: PortletRequest request) {
093:
094: // start the list and add the standard user role
095: ArrayList authorities = new ArrayList();
096: authorities.add(new GrantedAuthorityImpl(getUserRole()));
097:
098: // iterate through the configured list of roles to check (if there is one)
099: if (this .rolesToCheck != null) {
100: for (Iterator i = this .rolesToCheck.iterator(); i.hasNext();) {
101: String role = (String) i.next();
102:
103: // if the request says the user has that role, then add it
104: if (request.isUserInRole(role)) {
105: authorities.add(new GrantedAuthorityImpl(
106: getRolePrefix() + role));
107: }
108:
109: }
110: }
111:
112: // return the array of GrantedAuthority objects
113: return (GrantedAuthority[]) authorities
114: .toArray(new GrantedAuthority[authorities.size()]);
115: }
116:
117: public List getRolesToCheck() {
118: return rolesToCheck;
119: }
120:
121: public void setRolesToCheck(List rolesToCheck) {
122: this .rolesToCheck = rolesToCheck;
123: }
124:
125: public String getRolePrefix() {
126: return rolePrefix;
127: }
128:
129: public void setRolePrefix(String rolePrefix) {
130: this .rolePrefix = rolePrefix;
131: }
132:
133: public String getUserRole() {
134: return userRole;
135: }
136:
137: public void setUserRole(String userRole) {
138: this.userRole = userRole;
139: }
140:
141: }
|