1 // ========================================================================
2 // $Id: StrictRoleCheckPolicy.java 1001 2006-09-23 09:31:51Z janb $
3 // Copyright 2003-2004 Mort Bay Consulting Pty. Ltd.
4 // ------------------------------------------------------------------------
5 // Licensed under the Apache License, Version 2.0 (the "License");
6 // you may not use this file except in compliance with the License.
7 // You may obtain a copy of the License at
8 // http://www.apache.org/licenses/LICENSE-2.0
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 // ========================================================================
15
16 package org.mortbay.jetty.plus.jaas;
17
18 import java.security.Principal;
19 import java.security.acl.Group;
20 import java.util.Enumeration;
21
22
23 /* ---------------------------------------------------- */
24 /** StrictRoleCheckPolicy
25 * <p>Enforces that if a runAsRole is present, then the
26 * role to check must be the same as that runAsRole and
27 * the set of static roles is ignored.
28 *
29 *
30 *
31 * @org.apache.xbean.XBean description ="Check only topmost role in stack of roles for user"
32 */
33 public class StrictRoleCheckPolicy implements RoleCheckPolicy
34 {
35
36 public boolean checkRole (String roleName, Principal runAsRole, Group roles)
37 {
38 //check if this user has had any temporary role pushed onto
39 //them. If so, then only check if the user has that role.
40 if (runAsRole != null)
41 {
42 return (roleName.equals(runAsRole.getName()));
43 }
44 else
45 {
46 if (roles == null)
47 return false;
48 Enumeration rolesEnum = roles.members();
49 boolean found = false;
50 while (rolesEnum.hasMoreElements() && !found)
51 {
52 Principal p = (Principal)rolesEnum.nextElement();
53 found = roleName.equals(p.getName());
54 }
55 return found;
56 }
57
58 }
59
60 }