1 /*
2 * ModeShape (http://www.modeshape.org)
3 * See the COPYRIGHT.txt file distributed with this work for information
4 * regarding copyright ownership. Some portions may be licensed
5 * to Red Hat, Inc. under one or more contributor license agreements.
6 * See the AUTHORS.txt file in the distribution for a full listing of
7 * individual contributors.
8 *
9 * ModeShape is free software. Unless otherwise indicated, all code in ModeShape
10 * is licensed to you under the terms of the GNU Lesser General Public License as
11 * published by the Free Software Foundation; either version 2.1 of
12 * the License, or (at your option) any later version.
13 *
14 * ModeShape is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 * Lesser General Public License for more details.
18 *
19 * You should have received a copy of the GNU Lesser General Public
20 * License along with this software; if not, write to the Free
21 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
22 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
23 */
24 package org.modeshape.web.jcr;
25
26 import javax.servlet.http.HttpServletRequest;
27 import org.modeshape.common.util.CheckArg;
28 import org.modeshape.jcr.api.SecurityContext;
29
30 /**
31 * Servlet-based {@link SecurityContext security context} that assumes servlet-based authentication and provides authorization
32 * through the {@link HttpServletRequest#isUserInRole(String) servlet role-checking mechanism}.
33 * <p>
34 * This security context is really only valid for the life of the {@link HttpServletRequest servlet request} and should
35 * only be used to support longer-lasting session scopes with great care. *
36 * </p>
37 */
38 public class ServletSecurityContext implements SecurityContext {
39
40 private final String userName;
41 private final HttpServletRequest request;
42
43 /**
44 * Create a {@link ServletSecurityContext} with the supplied {@link HttpServletRequest servlet information}.
45 *
46 * @param request the servlet request; may not be null
47 */
48 public ServletSecurityContext( HttpServletRequest request ) {
49 CheckArg.isNotNull(request, "request");
50 this.request = request;
51 this.userName = request.getUserPrincipal() != null ? request.getUserPrincipal().getName() : null;
52 }
53
54 /**
55 * {@inheritDoc SecurityContext#getUserName()}
56 *
57 * @see SecurityContext#getUserName()
58 */
59 public final String getUserName() {
60 return userName;
61 }
62
63 /**
64 * {@inheritDoc SecurityContext#hasRole(String)}
65 *
66 * @see SecurityContext#hasRole(String)
67 */
68 public final boolean hasRole( String roleName ) {
69 return request.isUserInRole(roleName);
70 }
71
72 /**
73 * {@inheritDoc SecurityContext#logout()}
74 *
75 * @see SecurityContext#logout()
76 */
77 public void logout() {
78 }
79
80 }