1 // ======================================================================== 2 // $Id: StrictRoleCheckPolicy.java 1001 2006-09-23 09:31:51Z janb $ 3 // Copyright 2003-2004 Mort Bay Consulting Pty. Ltd. 4 // ------------------------------------------------------------------------ 5 // Licensed under the Apache License, Version 2.0 (the "License"); 6 // you may not use this file except in compliance with the License. 7 // You may obtain a copy of the License at 8 // http://www.apache.org/licenses/LICENSE-2.0 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 // ======================================================================== 15 16 package org.mortbay.jetty.plus.jaas; 17 18 import java.security.Principal; 19 import java.security.acl.Group; 20 import java.util.Enumeration; 21 22 23 /* ---------------------------------------------------- */ 24 /** StrictRoleCheckPolicy 25 * <p>Enforces that if a runAsRole is present, then the 26 * role to check must be the same as that runAsRole and 27 * the set of static roles is ignored. 28 * 29 * 30 * 31 * @org.apache.xbean.XBean description ="Check only topmost role in stack of roles for user" 32 */ 33 public class StrictRoleCheckPolicy implements RoleCheckPolicy 34 { 35 36 public boolean checkRole (String roleName, Principal runAsRole, Group roles) 37 { 38 //check if this user has had any temporary role pushed onto 39 //them. If so, then only check if the user has that role. 40 if (runAsRole != null) 41 { 42 return (roleName.equals(runAsRole.getName())); 43 } 44 else 45 { 46 if (roles == null) 47 return false; 48 Enumeration rolesEnum = roles.members(); 49 boolean found = false; 50 while (rolesEnum.hasMoreElements() && !found) 51 { 52 Principal p = (Principal)rolesEnum.nextElement(); 53 found = roleName.equals(p.getName()); 54 } 55 return found; 56 } 57 58 } 59 60 }