diff options
Diffstat (limited to 'jetty-plus/src/main/java/org/eclipse/jetty/plus/jaas/StrictRoleCheckPolicy.java')
-rw-r--r-- | jetty-plus/src/main/java/org/eclipse/jetty/plus/jaas/StrictRoleCheckPolicy.java | 63 |
1 files changed, 63 insertions, 0 deletions
diff --git a/jetty-plus/src/main/java/org/eclipse/jetty/plus/jaas/StrictRoleCheckPolicy.java b/jetty-plus/src/main/java/org/eclipse/jetty/plus/jaas/StrictRoleCheckPolicy.java new file mode 100644 index 0000000000..9da82eedc2 --- /dev/null +++ b/jetty-plus/src/main/java/org/eclipse/jetty/plus/jaas/StrictRoleCheckPolicy.java @@ -0,0 +1,63 @@ +// +// ======================================================================== +// Copyright (c) 1995-2013 Mort Bay Consulting Pty. Ltd. +// ------------------------------------------------------------------------ +// All rights reserved. This program and the accompanying materials +// are made available under the terms of the Eclipse Public License v1.0 +// and Apache License v2.0 which accompanies this distribution. +// +// The Eclipse Public License is available at +// http://www.eclipse.org/legal/epl-v10.html +// +// The Apache License v2.0 is available at +// http://www.opensource.org/licenses/apache2.0.php +// +// You may elect to redistribute this code under either of these licenses. +// ======================================================================== +// + +package org.eclipse.jetty.plus.jaas; + +import java.security.Principal; +import java.security.acl.Group; +import java.util.Enumeration; + + +/* ---------------------------------------------------- */ +/** StrictRoleCheckPolicy + * <p>Enforces that if a runAsRole is present, then the + * role to check must be the same as that runAsRole and + * the set of static roles is ignored. + * + * + * + * @org.apache.xbean.XBean description ="Check only topmost role in stack of roles for user" + */ +public class StrictRoleCheckPolicy implements RoleCheckPolicy +{ + + public boolean checkRole (String roleName, Principal runAsRole, Group roles) + { + //check if this user has had any temporary role pushed onto + //them. If so, then only check if the user has that role. + if (runAsRole != null) + { + return (roleName.equals(runAsRole.getName())); + } + else + { + if (roles == null) + return false; + Enumeration<? extends Principal> rolesEnum = roles.members(); + boolean found = false; + while (rolesEnum.hasMoreElements() && !found) + { + Principal p = (Principal)rolesEnum.nextElement(); + found = roleName.equals(p.getName()); + } + return found; + } + + } + +} |