blob: bc049fd57ed2198cb6699bac4776582a0e57b526 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
|
//
// ========================================================================
// Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd.
// ------------------------------------------------------------------------
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0
// and Apache License v2.0 which accompanies this distribution.
//
// The Eclipse Public License is available at
// http://www.eclipse.org/legal/epl-v10.html
//
// The Apache License v2.0 is available at
// http://www.opensource.org/licenses/apache2.0.php
//
// You may elect to redistribute this code under either of these licenses.
// ========================================================================
//
package org.eclipse.jetty.security;
import java.io.Serializable;
import java.util.Set;
import org.eclipse.jetty.server.Authentication.User;
import org.eclipse.jetty.server.UserIdentity;
import org.eclipse.jetty.server.UserIdentity.Scope;
/**
* AbstractUserAuthentication
*
*
* Base class for representing an authenticated user.
*/
public abstract class AbstractUserAuthentication implements User, Serializable
{
private static final long serialVersionUID = -6290411814232723403L;
protected String _method;
protected transient UserIdentity _userIdentity;
public AbstractUserAuthentication(String method, UserIdentity userIdentity)
{
_method = method;
_userIdentity = userIdentity;
}
@Override
public String getAuthMethod()
{
return _method;
}
@Override
public UserIdentity getUserIdentity()
{
return _userIdentity;
}
@Override
public boolean isUserInRole(Scope scope, String role)
{
String roleToTest = null;
if (scope!=null && scope.getRoleRefMap()!=null)
roleToTest=scope.getRoleRefMap().get(role);
if (roleToTest==null)
roleToTest=role;
//Servlet Spec 3.1 pg 125 if testing special role **
if ("**".equals(roleToTest.trim()))
{
//if ** is NOT a declared role name, the we return true
//as the user is authenticated. If ** HAS been declared as a
//role name, then we have to check if the user has that role
if (!declaredRolesContains("**"))
return true;
else
return _userIdentity.isUserInRole(role, scope);
}
return _userIdentity.isUserInRole(role, scope);
}
public boolean declaredRolesContains(String roleName)
{
SecurityHandler security=SecurityHandler.getCurrentSecurityHandler();
if (security==null)
return false;
if (security instanceof ConstraintAware)
{
Set<String> declaredRoles = ((ConstraintAware)security).getRoles();
return (declaredRoles != null) && declaredRoles.contains(roleName);
}
return false;
}
}
|
