1 // ========================================================================
2 // $Id: JAASUserPrincipal.java 1001 2006-09-23 09:31:51Z janb $
3 // Copyright 2002-2004 Mort Bay Consulting Pty. Ltd.
4 // ------------------------------------------------------------------------
5 // Licensed under the Apache License, Version 2.0 (the "License");
6 // you may not use this file except in compliance with the License.
7 // You may obtain a copy of the License at
8 // http://www.apache.org/licenses/LICENSE-2.0
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 // ========================================================================
15
16 package org.mortbay.jetty.plus.jaas;
17
18 import java.security.Principal;
19 import java.security.acl.Group;
20 import java.util.Stack;
21
22 import javax.security.auth.Subject;
23 import javax.security.auth.login.LoginContext;
24
25
26
27 /* ---------------------------------------------------- */
28 /** JAASUserPrincipal
29 * <p>Implements the JAAS version of the
30 * org.mortbay.http.UserPrincipal interface.
31 *
32 * @version $Id: JAASUserPrincipal.java 1001 2006-09-23 09:31:51Z janb $
33 * @author Jan Bartel (janb)
34 */
35 public class JAASUserPrincipal implements Principal
36 {
37
38
39 /* ------------------------------------------------ */
40 /** RoleStack
41 * <P>
42 *
43 */
44 public static class RoleStack
45 {
46 private static ThreadLocal local = new ThreadLocal();
47
48
49 public static boolean empty ()
50 {
51 Stack s = (Stack)local.get();
52
53 if (s == null)
54 return false;
55
56 return s.empty();
57 }
58
59
60
61 public static void push (JAASRole role)
62 {
63 Stack s = (Stack)local.get();
64
65 if (s == null)
66 {
67 s = new Stack();
68 local.set (s);
69 }
70
71 s.push (role);
72 }
73
74
75 public static void pop ()
76 {
77 Stack s = (Stack)local.get();
78
79 if ((s == null) || s.empty())
80 return;
81
82 s.pop();
83 }
84
85 public static JAASRole peek ()
86 {
87 Stack s = (Stack)local.get();
88
89 if ((s == null) || (s.empty()))
90 return null;
91
92
93 return (JAASRole)s.peek();
94 }
95
96 public static void clear ()
97 {
98 Stack s = (Stack)local.get();
99
100 if ((s == null) || (s.empty()))
101 return;
102
103 s.clear();
104 }
105
106 }
107
108 private Subject subject = null;
109 private JAASUserRealm realm = null;
110 private static RoleStack runAsRoles = new RoleStack();
111 private RoleCheckPolicy roleCheckPolicy = null;
112 private String name = null;
113 private LoginContext loginContext = null;
114
115
116
117
118
119 /* ------------------------------------------------ */
120 /** Constructor.
121 * @param name the name identifying the user
122 */
123 public JAASUserPrincipal(JAASUserRealm realm, String name)
124 {
125 this.name = name;
126 this.realm = realm;
127 }
128
129
130 public JAASUserRealm getRealm()
131 {
132 return this.realm;
133 }
134
135 /* ------------------------------------------------ */
136 /** Check if user is in role
137 * @param roleName role to check
138 * @return true or false accordint to the RoleCheckPolicy.
139 */
140 public boolean isUserInRole (String roleName)
141 {
142 if (roleCheckPolicy == null)
143 roleCheckPolicy = new StrictRoleCheckPolicy();
144
145
146 return roleCheckPolicy.checkRole (roleName,
147 runAsRoles.peek(),
148 getRoles());
149 }
150
151
152 /* ------------------------------------------------ */
153 /** Determine the roles that the LoginModule has set
154 * @return A {@link Group} of {@link Principal Principals} representing the roles this user holds
155 */
156 public Group getRoles ()
157 {
158 return getRealm().getRoles(this);
159 }
160
161 /* ------------------------------------------------ */
162 /** Set the type of checking for isUserInRole
163 * @param policy
164 */
165 public void setRoleCheckPolicy (RoleCheckPolicy policy)
166 {
167 roleCheckPolicy = policy;
168 }
169
170
171 /* ------------------------------------------------ */
172 /** Temporarily associate a user with a role.
173 * @param roleName
174 */
175 public void pushRole (String roleName)
176 {
177 runAsRoles.push (new JAASRole(roleName));
178 }
179
180
181 /* ------------------------------------------------ */
182 /** Remove temporary association between user and role.
183 */
184 public void popRole ()
185 {
186 runAsRoles.pop ();
187 }
188
189
190 /* ------------------------------------------------ */
191 /** Clean out any pushed roles that haven't been popped
192 */
193 public void disassociate ()
194 {
195 runAsRoles.clear();
196 }
197
198
199 /* ------------------------------------------------ */
200 /** Get the name identifying the user
201 */
202 public String getName ()
203 {
204 return name;
205 }
206
207
208 /* ------------------------------------------------ */
209 /** Sets the JAAS subject for this user.
210 * The subject contains:
211 * <ul>
212 * <li> the user's credentials
213 * <li> Principal for the user's roles
214 * @param subject
215 */
216 protected void setSubject (Subject subject)
217 {
218 this.subject = subject;
219 }
220
221 /* ------------------------------------------------ */
222 /** Provide access to the current Subject
223 */
224 public Subject getSubject ()
225 {
226 return this.subject;
227 }
228
229 protected void setLoginContext (LoginContext loginContext)
230 {
231 this.loginContext = loginContext;
232 }
233
234 protected LoginContext getLoginContext ()
235 {
236 return this.loginContext;
237 }
238
239 public String toString()
240 {
241 return getName();
242 }
243
244 }