]> git.argeo.org Git - lgpl/argeo-commons.git/blob - cms/SystemRole.java
projects / lgpl / argeo-commons.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Prepare next development cycle
[lgpl/argeo-commons.git] / cms / SystemRole.java
1 package org.argeo.cms;
2
3 import java.util.Set;
4
5 import javax.security.auth.Subject;
6 import javax.xml.namespace.QName;
7
8 import org.argeo.api.cms.CmsConstants;
9 import org.argeo.cms.internal.auth.ImpliedByPrincipal;
10
11 /** A programmatic role. */
12 public interface SystemRole {
13 QName qName();
14
15 /** Whether this role is implied for this authenticated user. */
16 default boolean implied(Subject subject, String context) {
17 return implied(qName(), subject, context);
18 }
19
20 /** Whether this role is implied for this distinguished name. */
21 default boolean implied(String dn, String context) {
22 String roleContext = RoleNameUtils.getContext(dn);
23 QName roleName = RoleNameUtils.getLastRdnAsName(dn);
24 return roleContext.equalsIgnoreCase(context) && qName().equals(roleName);
25 }
26
27 /**
28 * Whether this role is implied for this authenticated subject. If context is
29 * <code>null</code>, it is not considered; this should be used to build user
30 * interfaces, but not to authorise.
31 */
32 static boolean implied(QName name, Subject subject, String context) {
33 Set<ImpliedByPrincipal> roles = subject.getPrincipals(ImpliedByPrincipal.class);
34 for (ImpliedByPrincipal role : roles) {
35 if (role.isSystemRole()) {
36 if (role.getRoleName().equals(name)) {
37 // !! if context is not specified, it is considered irrelevant
38 if (context == null)
39 return true;
40 if (role.getContext().equalsIgnoreCase(context)
41 || role.getContext().equals(CmsConstants.NODE_BASEDN))
42 return true;
43 }
44 }
45 }
46 return false;
47 }
48 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi