]> git.argeo.org Git - lgpl/argeo-commons.git/blob - auth/SystemRole.java
projects / lgpl / argeo-commons.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Prepare next development cycle
[lgpl/argeo-commons.git] / auth / SystemRole.java
1 package org.argeo.api.cms.auth;
2
3 import java.util.Set;
4
5 import javax.security.auth.Subject;
6 import javax.xml.namespace.QName;
7
8 import org.argeo.api.cms.CmsConstants;
9
10 /** A programmatic role. */
11 public interface SystemRole {
12 QName qName();
13
14 /** Whether this role is implied for this authenticated user. */
15 default boolean implied(Subject subject, String context) {
16 return implied(qName(), subject, context);
17 }
18
19 /** Whether this role is implied for this distinguished name. */
20 default boolean implied(String dn, String context) {
21 String roleContext = RoleNameUtils.getContext(dn);
22 QName roleName = RoleNameUtils.getLastRdnAsName(dn);
23 return roleContext.equalsIgnoreCase(context) && qName().equals(roleName);
24 }
25
26 /**
27 * Whether this role is implied for this authenticated subject. If context is
28 * <code>null</code>, it is not considered; this should be used to build user
29 * interfaces, but not to authorise.
30 */
31 static boolean implied(QName name, Subject subject, String context) {
32 Set<ImpliedByPrincipal> roles = subject.getPrincipals(ImpliedByPrincipal.class);
33 for (ImpliedByPrincipal role : roles) {
34 if (role.isSystemRole()) {
35 if (role.getRoleName().equals(name)) {
36 // !! if context is not specified, it is considered irrelevant
37 if (context == null)
38 return true;
39 if (role.getContext().equalsIgnoreCase(context)
40 || role.getContext().equals(CmsConstants.NODE_BASEDN))
41 return true;
42 }
43 }
44 }
45 return false;
46 }
47 }
Argeo Commons - Lightweight integration framework in pure Java/OSGi