View Javadoc

1   // ========================================================================
2   // $Id: JAASUserPrincipal.java 1001 2006-09-23 09:31:51Z janb $
3   // Copyright 2002-2004 Mort Bay Consulting Pty. Ltd.
4   // ------------------------------------------------------------------------
5   // Licensed under the Apache License, Version 2.0 (the "License");
6   // you may not use this file except in compliance with the License.
7   // You may obtain a copy of the License at 
8   // http://www.apache.org/licenses/LICENSE-2.0
9   // Unless required by applicable law or agreed to in writing, software
10  // distributed under the License is distributed on an "AS IS" BASIS,
11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  // See the License for the specific language governing permissions and
13  // limitations under the License.
14  // ========================================================================
15  
16  package org.mortbay.jetty.plus.jaas;
17  
18  import java.security.Principal;
19  import java.security.acl.Group;
20  import java.util.Stack;
21  
22  import javax.security.auth.Subject;
23  import javax.security.auth.login.LoginContext;
24  
25  
26  
27  /* ---------------------------------------------------- */
28  /** JAASUserPrincipal
29   * <p>Implements the JAAS version of the 
30   *  org.mortbay.http.UserPrincipal interface.
31   *
32   * @version $Id: JAASUserPrincipal.java 1001 2006-09-23 09:31:51Z janb $
33   * @author Jan Bartel (janb)
34   */
35  public class JAASUserPrincipal implements Principal 
36  {
37  
38      
39      /* ------------------------------------------------ */
40      /** RoleStack
41       * <P>
42       *
43       */
44      public static class RoleStack
45      {
46          private static ThreadLocal local = new ThreadLocal();
47          
48  
49          public static boolean empty ()
50          {
51              Stack s = (Stack)local.get();
52  
53              if (s == null)
54                  return false;
55  
56              return s.empty();
57          }
58          
59  
60  
61          public static void push (JAASRole role)
62          {
63              Stack s = (Stack)local.get();
64  
65              if (s == null)
66              {
67                  s = new Stack();
68                  local.set (s);
69              }
70  
71              s.push (role);
72          }
73  
74  
75          public static void pop ()
76          {
77              Stack s = (Stack)local.get();
78  
79              if ((s == null) || s.empty())
80                  return;
81  
82              s.pop();
83          }
84  
85          public static JAASRole peek ()
86          {
87              Stack s = (Stack)local.get();
88              
89              if ((s == null) || (s.empty()))
90                  return null;
91              
92              
93              return (JAASRole)s.peek();
94          }
95          
96          public static void clear ()
97          {
98              Stack s = (Stack)local.get();
99  
100             if ((s == null) || (s.empty()))
101                 return;
102 
103             s.clear();
104         }
105         
106     }
107 
108     private Subject subject = null;
109     private JAASUserRealm realm = null;
110     private static RoleStack runAsRoles = new RoleStack();
111     private RoleCheckPolicy roleCheckPolicy = null;
112     private String name = null;
113     private LoginContext loginContext = null;
114     
115 
116     
117     
118     
119     /* ------------------------------------------------ */
120     /** Constructor. 
121      * @param name the name identifying the user
122      */
123     public JAASUserPrincipal(JAASUserRealm realm, String name)
124     {
125         this.name = name;
126         this.realm = realm;
127     }
128     
129     
130     public JAASUserRealm getRealm()
131     {
132         return this.realm;
133     }
134 
135     /* ------------------------------------------------ */
136     /** Check if user is in role
137      * @param roleName role to check
138      * @return true or false accordint to the RoleCheckPolicy.
139      */
140     public boolean isUserInRole (String roleName)
141     {
142         if (roleCheckPolicy == null)
143             roleCheckPolicy = new StrictRoleCheckPolicy();
144         
145 
146         return roleCheckPolicy.checkRole (roleName,
147                                           runAsRoles.peek(),
148                                           getRoles());
149     }
150 
151     
152     /* ------------------------------------------------ */
153     /** Determine the roles that the LoginModule has set
154      * @return  A {@link Group} of {@link Principal Principals} representing the roles this user holds
155      */
156     public Group getRoles ()
157     {
158         return getRealm().getRoles(this);
159     }
160 
161     /* ------------------------------------------------ */
162     /** Set the type of checking for isUserInRole
163      * @param policy 
164      */
165     public void setRoleCheckPolicy (RoleCheckPolicy policy)
166     {
167         roleCheckPolicy = policy;
168     }
169     
170 
171     /* ------------------------------------------------ */
172     /** Temporarily associate a user with a role.
173      * @param roleName 
174      */
175     public void pushRole (String roleName)
176     {
177         runAsRoles.push (new JAASRole(roleName));
178     }
179 
180     
181     /* ------------------------------------------------ */
182     /** Remove temporary association between user and role.
183      */
184     public void popRole ()
185     {
186         runAsRoles.pop ();
187     }
188 
189 
190     /* ------------------------------------------------ */
191     /** Clean out any pushed roles that haven't been popped
192      */
193     public void disassociate ()
194     {
195         runAsRoles.clear();
196     }
197 
198 
199     /* ------------------------------------------------ */
200     /** Get the name identifying the user
201      */
202     public String getName ()
203     {
204         return name;
205     }
206     
207     
208     /* ------------------------------------------------ */
209     /** Sets the JAAS subject for this user.
210      *  The subject contains:
211      * <ul>
212      * <li> the user's credentials
213      * <li> Principal for the user's roles
214      * @param subject 
215      */
216     protected void setSubject (Subject subject)
217     {
218         this.subject = subject;
219     }
220     
221     /* ------------------------------------------------ */
222     /** Provide access to the current Subject
223      */
224     public Subject getSubject ()
225     {
226         return this.subject;
227     }
228     
229     protected void setLoginContext (LoginContext loginContext)
230     {
231         this.loginContext = loginContext;
232     }
233     
234     protected LoginContext getLoginContext ()
235     {
236         return this.loginContext;
237     }
238     
239     public String toString()
240     {
241         return getName();
242     }
243     
244 }