1 // ======================================================================== 2 // $Id: JAASUserPrincipal.java 1001 2006-09-23 09:31:51Z janb $ 3 // Copyright 2002-2004 Mort Bay Consulting Pty. Ltd. 4 // ------------------------------------------------------------------------ 5 // Licensed under the Apache License, Version 2.0 (the "License"); 6 // you may not use this file except in compliance with the License. 7 // You may obtain a copy of the License at 8 // http://www.apache.org/licenses/LICENSE-2.0 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 // ======================================================================== 15 16 package org.mortbay.jetty.plus.jaas; 17 18 import java.security.Principal; 19 import java.security.acl.Group; 20 import java.util.Stack; 21 22 import javax.security.auth.Subject; 23 import javax.security.auth.login.LoginContext; 24 25 26 27 /* ---------------------------------------------------- */ 28 /** JAASUserPrincipal 29 * <p>Implements the JAAS version of the 30 * org.mortbay.http.UserPrincipal interface. 31 * 32 * @version $Id: JAASUserPrincipal.java 1001 2006-09-23 09:31:51Z janb $ 33 * @author Jan Bartel (janb) 34 */ 35 public class JAASUserPrincipal implements Principal 36 { 37 38 39 /* ------------------------------------------------ */ 40 /** RoleStack 41 * <P> 42 * 43 */ 44 public static class RoleStack 45 { 46 private static ThreadLocal local = new ThreadLocal(); 47 48 empty()49 public static boolean empty () 50 { 51 Stack s = (Stack)local.get(); 52 53 if (s == null) 54 return false; 55 56 return s.empty(); 57 } 58 59 60 push(JAASRole role)61 public static void push (JAASRole role) 62 { 63 Stack s = (Stack)local.get(); 64 65 if (s == null) 66 { 67 s = new Stack(); 68 local.set (s); 69 } 70 71 s.push (role); 72 } 73 74 pop()75 public static void pop () 76 { 77 Stack s = (Stack)local.get(); 78 79 if ((s == null) || s.empty()) 80 return; 81 82 s.pop(); 83 } 84 peek()85 public static JAASRole peek () 86 { 87 Stack s = (Stack)local.get(); 88 89 if ((s == null) || (s.empty())) 90 return null; 91 92 93 return (JAASRole)s.peek(); 94 } 95 clear()96 public static void clear () 97 { 98 Stack s = (Stack)local.get(); 99 100 if ((s == null) || (s.empty())) 101 return; 102 103 s.clear(); 104 } 105 106 } 107 108 private Subject subject = null; 109 private JAASUserRealm realm = null; 110 private static RoleStack runAsRoles = new RoleStack(); 111 private RoleCheckPolicy roleCheckPolicy = null; 112 private String name = null; 113 private LoginContext loginContext = null; 114 115 116 117 118 119 /* ------------------------------------------------ */ 120 /** Constructor. 121 * @param name the name identifying the user 122 */ JAASUserPrincipal(JAASUserRealm realm, String name)123 public JAASUserPrincipal(JAASUserRealm realm, String name) 124 { 125 this.name = name; 126 this.realm = realm; 127 } 128 129 getRealm()130 public JAASUserRealm getRealm() 131 { 132 return this.realm; 133 } 134 135 /* ------------------------------------------------ */ 136 /** Check if user is in role 137 * @param roleName role to check 138 * @return true or false accordint to the RoleCheckPolicy. 139 */ isUserInRole(String roleName)140 public boolean isUserInRole (String roleName) 141 { 142 if (roleCheckPolicy == null) 143 roleCheckPolicy = new StrictRoleCheckPolicy(); 144 145 146 return roleCheckPolicy.checkRole (roleName, 147 runAsRoles.peek(), 148 getRoles()); 149 } 150 151 152 /* ------------------------------------------------ */ 153 /** Determine the roles that the LoginModule has set 154 * @return A {@link Group} of {@link Principal Principals} representing the roles this user holds 155 */ getRoles()156 public Group getRoles () 157 { 158 return getRealm().getRoles(this); 159 } 160 161 /* ------------------------------------------------ */ 162 /** Set the type of checking for isUserInRole 163 * @param policy 164 */ setRoleCheckPolicy(RoleCheckPolicy policy)165 public void setRoleCheckPolicy (RoleCheckPolicy policy) 166 { 167 roleCheckPolicy = policy; 168 } 169 170 171 /* ------------------------------------------------ */ 172 /** Temporarily associate a user with a role. 173 * @param roleName 174 */ pushRole(String roleName)175 public void pushRole (String roleName) 176 { 177 runAsRoles.push (new JAASRole(roleName)); 178 } 179 180 181 /* ------------------------------------------------ */ 182 /** Remove temporary association between user and role. 183 */ popRole()184 public void popRole () 185 { 186 runAsRoles.pop (); 187 } 188 189 190 /* ------------------------------------------------ */ 191 /** Clean out any pushed roles that haven't been popped 192 */ disassociate()193 public void disassociate () 194 { 195 runAsRoles.clear(); 196 } 197 198 199 /* ------------------------------------------------ */ 200 /** Get the name identifying the user 201 */ getName()202 public String getName () 203 { 204 return name; 205 } 206 207 208 /* ------------------------------------------------ */ 209 /** Sets the JAAS subject for this user. 210 * The subject contains: 211 * <ul> 212 * <li> the user's credentials 213 * <li> Principal for the user's roles 214 * @param subject 215 */ setSubject(Subject subject)216 protected void setSubject (Subject subject) 217 { 218 this.subject = subject; 219 } 220 221 /* ------------------------------------------------ */ 222 /** Provide access to the current Subject 223 */ getSubject()224 public Subject getSubject () 225 { 226 return this.subject; 227 } 228 setLoginContext(LoginContext loginContext)229 protected void setLoginContext (LoginContext loginContext) 230 { 231 this.loginContext = loginContext; 232 } 233 getLoginContext()234 protected LoginContext getLoginContext () 235 { 236 return this.loginContext; 237 } 238 toString()239 public String toString() 240 { 241 return getName(); 242 } 243 244 } 245