001: // ========================================================================
002: // $Id: JAASUserPrincipal.java 1001 2006-09-23 09:31:51Z janb $
003: // Copyright 2002-2004 Mort Bay Consulting Pty. Ltd.
004: // ------------------------------------------------------------------------
005: // Licensed under the Apache License, Version 2.0 (the "License");
006: // you may not use this file except in compliance with the License.
007: // You may obtain a copy of the License at
008: // http://www.apache.org/licenses/LICENSE-2.0
009: // Unless required by applicable law or agreed to in writing, software
010: // distributed under the License is distributed on an "AS IS" BASIS,
011: // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
012: // See the License for the specific language governing permissions and
013: // limitations under the License.
014: // ========================================================================
015:
016: package org.mortbay.jetty.plus.jaas;
017:
018: import java.security.Principal;
019: import java.security.acl.Group;
020: import java.util.Stack;
021:
022: import javax.security.auth.Subject;
023: import javax.security.auth.login.LoginContext;
024:
025: /* ---------------------------------------------------- */
026: /** JAASUserPrincipal
027: * <p>Implements the JAAS version of the
028: * org.mortbay.http.UserPrincipal interface.
029: *
030: * @version $Id: JAASUserPrincipal.java 1001 2006-09-23 09:31:51Z janb $
031: * @author Jan Bartel (janb)
032: */
033: public class JAASUserPrincipal implements Principal {
034:
035: /* ------------------------------------------------ */
036: /** RoleStack
037: * <P>
038: *
039: */
040: public static class RoleStack {
041: private static ThreadLocal local = new ThreadLocal();
042:
043: public static boolean empty() {
044: Stack s = (Stack) local.get();
045:
046: if (s == null)
047: return false;
048:
049: return s.empty();
050: }
051:
052: public static void push(JAASRole role) {
053: Stack s = (Stack) local.get();
054:
055: if (s == null) {
056: s = new Stack();
057: local.set(s);
058: }
059:
060: s.push(role);
061: }
062:
063: public static void pop() {
064: Stack s = (Stack) local.get();
065:
066: if ((s == null) || s.empty())
067: return;
068:
069: s.pop();
070: }
071:
072: public static JAASRole peek() {
073: Stack s = (Stack) local.get();
074:
075: if ((s == null) || (s.empty()))
076: return null;
077:
078: return (JAASRole) s.peek();
079: }
080:
081: public static void clear() {
082: Stack s = (Stack) local.get();
083:
084: if ((s == null) || (s.empty()))
085: return;
086:
087: s.clear();
088: }
089:
090: }
091:
092: private Subject subject = null;
093: private JAASUserRealm realm = null;
094: private static RoleStack runAsRoles = new RoleStack();
095: private RoleCheckPolicy roleCheckPolicy = null;
096: private String name = null;
097: private LoginContext loginContext = null;
098:
099: /* ------------------------------------------------ */
100: /** Constructor.
101: * @param name the name identifying the user
102: */
103: public JAASUserPrincipal(JAASUserRealm realm, String name) {
104: this .name = name;
105: this .realm = realm;
106: }
107:
108: public JAASUserRealm getRealm() {
109: return this .realm;
110: }
111:
112: /* ------------------------------------------------ */
113: /** Check if user is in role
114: * @param roleName role to check
115: * @return true or false accordint to the RoleCheckPolicy.
116: */
117: public boolean isUserInRole(String roleName) {
118: if (roleCheckPolicy == null)
119: roleCheckPolicy = new StrictRoleCheckPolicy();
120:
121: return roleCheckPolicy.checkRole(roleName, runAsRoles.peek(),
122: getRoles());
123: }
124:
125: /* ------------------------------------------------ */
126: /** Determine the roles that the LoginModule has set
127: * @return A {@link Group} of {@link Principal Principals} representing the roles this user holds
128: */
129: public Group getRoles() {
130: return getRealm().getRoles(this );
131: }
132:
133: /* ------------------------------------------------ */
134: /** Set the type of checking for isUserInRole
135: * @param policy
136: */
137: public void setRoleCheckPolicy(RoleCheckPolicy policy) {
138: roleCheckPolicy = policy;
139: }
140:
141: /* ------------------------------------------------ */
142: /** Temporarily associate a user with a role.
143: * @param roleName
144: */
145: public void pushRole(String roleName) {
146: runAsRoles.push(new JAASRole(roleName));
147: }
148:
149: /* ------------------------------------------------ */
150: /** Remove temporary association between user and role.
151: */
152: public void popRole() {
153: runAsRoles.pop();
154: }
155:
156: /* ------------------------------------------------ */
157: /** Clean out any pushed roles that haven't been popped
158: */
159: public void disassociate() {
160: runAsRoles.clear();
161: }
162:
163: /* ------------------------------------------------ */
164: /** Get the name identifying the user
165: */
166: public String getName() {
167: return name;
168: }
169:
170: /* ------------------------------------------------ */
171: /** Sets the JAAS subject for this user.
172: * The subject contains:
173: * <ul>
174: * <li> the user's credentials
175: * <li> Principal for the user's roles
176: * @param subject
177: */
178: protected void setSubject(Subject subject) {
179: this .subject = subject;
180: }
181:
182: /* ------------------------------------------------ */
183: /** Provide access to the current Subject
184: */
185: public Subject getSubject() {
186: return this .subject;
187: }
188:
189: protected void setLoginContext(LoginContext loginContext) {
190: this .loginContext = loginContext;
191: }
192:
193: protected LoginContext getLoginContext() {
194: return this .loginContext;
195: }
196:
197: public String toString() {
198: return getName();
199: }
200:
201: }
|