ServletSecurityContext xref

View Javadoc

1   /*
2    * ModeShape (http://www.modeshape.org)
3    * See the COPYRIGHT.txt file distributed with this work for information
4    * regarding copyright ownership.  Some portions may be licensed
5    * to Red Hat, Inc. under one or more contributor license agreements.
6    * See the AUTHORS.txt file in the distribution for a full listing of 
7    * individual contributors. 
8    *
9    * ModeShape is free software. Unless otherwise indicated, all code in ModeShape
10   * is licensed to you under the terms of the GNU Lesser General Public License as
11   * published by the Free Software Foundation; either version 2.1 of
12   * the License, or (at your option) any later version.
13   *
14   * ModeShape is distributed in the hope that it will be useful,
15   * but WITHOUT ANY WARRANTY; without even the implied warranty of
16   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17   * Lesser General Public License for more details.
18   *
19   * You should have received a copy of the GNU Lesser General Public
20   * License along with this software; if not, write to the Free
21   * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
22   * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
23   */
24  package org.modeshape.web.jcr;
25  
26  import javax.servlet.http.HttpServletRequest;
27  import org.modeshape.common.util.CheckArg;
28  import org.modeshape.jcr.api.SecurityContext;
29  
30  /**
31   * Servlet-based {@link SecurityContext security context} that assumes servlet-based authentication and provides authorization
32   * through the {@link HttpServletRequest#isUserInRole(String) servlet role-checking mechanism}.
33   * <p>
34   * This security context is really only valid for the life of the {@link HttpServletRequest servlet request} and should
35   * only be used to support longer-lasting session scopes with great care. * 
36   * </p>
37   */
38  public class ServletSecurityContext implements SecurityContext {
39  
40      private final String userName;
41      private final HttpServletRequest request;
42  
43      /**
44       * Create a {@link ServletSecurityContext} with the supplied {@link HttpServletRequest servlet information}.
45       * 
46       * @param request the servlet request; may not be null
47       */
48      public ServletSecurityContext( HttpServletRequest request ) {
49          CheckArg.isNotNull(request, "request");
50          this.request = request;
51          this.userName = request.getUserPrincipal() != null ? request.getUserPrincipal().getName() : null;
52      }
53  
54      /**
55       * {@inheritDoc SecurityContext#getUserName()}
56       * 
57       * @see SecurityContext#getUserName()
58       */
59      public final String getUserName() {
60          return userName;
61      }
62  
63      /**
64       * {@inheritDoc SecurityContext#hasRole(String)}
65       * 
66       * @see SecurityContext#hasRole(String)
67       */
68      public final boolean hasRole( String roleName ) {
69          return request.isUserInRole(roleName);
70      }
71  
72      /**
73       * {@inheritDoc SecurityContext#logout()}
74       * 
75       * @see SecurityContext#logout()
76       */
77      public void logout() {
78      }
79  
80  }