001: /*
002: * ====================================================================
003: * JAFFA - Java Application Framework For All
004: *
005: * Copyright (C) 2002 JAFFA Development Group
006: *
007: * This library is free software; you can redistribute it and/or
008: * modify it under the terms of the GNU Lesser General Public
009: * License as published by the Free Software Foundation; either
010: * version 2.1 of the License, or (at your option) any later version.
011: *
012: * This library is distributed in the hope that it will be useful,
013: * but WITHOUT ANY WARRANTY; without even the implied warranty of
014: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
015: * Lesser General Public License for more details.
016: *
017: * You should have received a copy of the GNU Lesser General Public
018: * License along with this library; if not, write to the Free Software
019: * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
020: *
021: * Redistribution and use of this software and associated documentation ("Software"),
022: * with or without modification, are permitted provided that the following conditions are met:
023: * 1. Redistributions of source code must retain copyright statements and notices.
024: * Redistributions must also contain a copy of this document.
025: * 2. Redistributions in binary form must reproduce the above copyright notice,
026: * this list of conditions and the following disclaimer in the documentation
027: * and/or other materials provided with the distribution.
028: * 3. The name "JAFFA" must not be used to endorse or promote products derived from
029: * this Software without prior written permission. For written permission,
030: * please contact mail to: jaffagroup@yahoo.com.
031: * 4. Products derived from this Software may not be called "JAFFA" nor may "JAFFA"
032: * appear in their names without prior written permission.
033: * 5. Due credit should be given to the JAFFA Project (http://jaffa.sourceforge.net).
034: *
035: * THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESSED OR IMPLIED
036: * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
037: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
038: * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
039: * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
040: * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
041: * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
042: * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
043: * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
044: * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
045: * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
046: * SUCH DAMAGE.
047: * ====================================================================
048: */
049:
050: /* Generated by Together */
051:
052: package org.jaffa.security;
053:
054: import javax.servlet.http.HttpServletRequest;
055: import javax.ejb.EJBContext;
056: import java.security.Principal;
057: import org.apache.log4j.Logger;
058:
059: /** This class encapsulates the two possible contexts of the web and ejb contain and provides a single interface
060: */
061: class SecurityContext {
062: /** Set up Logging for Log4J */
063: private static Logger log = Logger.getLogger(SecurityContext.class);
064:
065: /** Holds the web server context if running is a web container
066: */
067: private HttpServletRequest request = null;
068: /** Stores the EJB Context if running in a J2EE container
069: */
070: private EJBContext ejb = null;
071:
072: /** Create a SecurityContext based on a Servlet Request Context
073: * @param ctx The web server request context to use
074: */
075: SecurityContext(HttpServletRequest ctx) {
076: if (ctx == null) {
077: log
078: .error("Trying to create a Security Context with a null value");
079: throw new IllegalArgumentException("Context can't be null");
080: }
081:
082: request = ctx;
083: }
084:
085: /** Create a SecurityContext based on a EJB Context
086: * @param ctx The EJB Context to use
087: */
088: SecurityContext(EJBContext ctx) {
089: if (ctx == null) {
090: log
091: .error("Trying to create a Security Context with a null value");
092: throw new IllegalArgumentException("Context can't be null");
093: }
094: ejb = ctx;
095: }
096:
097: /** Get the Security Prinipal Object for the User Associated to
098: * this SecurityContext
099: * @return The security principal associated to the context
100: */
101: Principal getPrincipal() {
102: if (request != null)
103: return request.getUserPrincipal();
104: else if (ejb != null)
105: return ejb.getCallerPrincipal();
106: else
107: return null;
108: }
109:
110: /** Is the user related to this SecurityContext in the specified role
111: * @param name Name of the role to check
112: * @return true if in the role, false if not
113: */
114: boolean inRole(String name) {
115: if (request != null)
116: return request.isUserInRole(name);
117: else if (ejb != null)
118: return ejb.isCallerInRole(name);
119: else
120: return false;
121: }
122:
123: /** Is another SecurityContext the same as this one
124: * @param obj The other object to compare with
125: * @return true if supplied object is an exact match to this one
126: */
127: public boolean equals(Object obj) {
128: if (obj != null && (obj instanceof SecurityContext)) {
129: SecurityContext s = (SecurityContext) obj;
130: return (((request == null && s.request == null) || request
131: .equals(s.request)) && ((ejb == null && s.ejb == null) || ejb
132: .equals(s.ejb)));
133: }
134: return false;
135: }
136:
137: /** returns a string representation of the underlying context object
138: * @return The string is a representation of this object context
139: */
140: public String toString() {
141: if (request != null)
142: return "Request:" + request;
143: else if (ejb != null)
144: return "EJB:" + ejb;
145: else
146: return "empty";
147: }
148: }
|