View Javadoc

1   // ========================================================================
2   // $Id: StrictRoleCheckPolicy.java 1001 2006-09-23 09:31:51Z janb $
3   // Copyright 2003-2004 Mort Bay Consulting Pty. Ltd.
4   // ------------------------------------------------------------------------
5   // Licensed under the Apache License, Version 2.0 (the "License");
6   // you may not use this file except in compliance with the License.
7   // You may obtain a copy of the License at 
8   // http://www.apache.org/licenses/LICENSE-2.0
9   // Unless required by applicable law or agreed to in writing, software
10  // distributed under the License is distributed on an "AS IS" BASIS,
11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  // See the License for the specific language governing permissions and
13  // limitations under the License.
14  // ========================================================================
15  
16  package org.mortbay.jetty.plus.jaas;
17  
18  import java.security.Principal;
19  import java.security.acl.Group;
20  import java.util.Enumeration;
21  
22  
23  /* ---------------------------------------------------- */
24  /** StrictRoleCheckPolicy
25   * <p>Enforces that if a runAsRole is present, then the
26   * role to check must be the same as that runAsRole and
27   * the set of static roles is ignored.
28   * 
29   *
30   * 
31   * @org.apache.xbean.XBean description ="Check only topmost role in stack of roles for user"
32   */
33  public class StrictRoleCheckPolicy implements RoleCheckPolicy
34  {
35  
36      public boolean checkRole (String roleName, Principal runAsRole, Group roles)
37      {
38          //check if this user has had any temporary role pushed onto
39          //them. If so, then only check if the user has that role.
40          if (runAsRole != null)
41          {
42              return (roleName.equals(runAsRole.getName()));
43          }
44          else
45          {
46              if (roles == null)
47                  return false;
48              Enumeration rolesEnum = roles.members();
49              boolean found = false;
50              while (rolesEnum.hasMoreElements() && !found)
51              {
52                  Principal p = (Principal)rolesEnum.nextElement();
53                  found = roleName.equals(p.getName());
54              }
55              return found;
56          }
57          
58      }
59      
60  }