org.modeshape.web.jcr
Class ServletSecurityContext

java.lang.Object
  extended by org.modeshape.web.jcr.ServletSecurityContext
All Implemented Interfaces:
SecurityContext

@ThreadSafe
public class ServletSecurityContext
extends Object
implements SecurityContext

Servlet-based security context that assumes servlet-based authentication and provides authorization through the servlet role-checking mechanism.

This security context is really only valid for the life of the servlet request and should only be used to support longer-lasting session scopes with great care. *


Constructor Summary
ServletSecurityContext(HttpServletRequest request)
          Create a ServletSecurityContext with the supplied servlet information.
 
Method Summary
 String getUserName()
          Returns the authenticated user's name
 boolean hasRole(String roleName)
          Returns whether the authenticated user has the given role.
 void logout()
          Logs the user out of the authentication mechanism.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

ServletSecurityContext

public ServletSecurityContext(HttpServletRequest request)
Create a ServletSecurityContext with the supplied servlet information.

Parameters:
request - the servlet request; may not be null
Method Detail

getUserName

public final String getUserName()
Returns the authenticated user's name

Specified by:
getUserName in interface SecurityContext
Returns:
the authenticated user's name
See Also:
SecurityContext.getUserName()

hasRole

public final boolean hasRole(String roleName)
Returns whether the authenticated user has the given role.

Specified by:
hasRole in interface SecurityContext
Parameters:
roleName - the name of the role to check
Returns:
true if the user has the role and is logged in; false otherwise
See Also:
SecurityContext.hasRole(String)

logout

public void logout()
Logs the user out of the authentication mechanism.

For some authentication mechanisms, this will be implemented as a no-op.

Specified by:
logout in interface SecurityContext
See Also:
SecurityContext.logout()


Copyright © 2008-2010 JBoss, a division of Red Hat. All Rights Reserved.