]>
git.argeo.org Git - lgpl/argeo-commons.git/blob - auth/SystemRole.java
1 package org
.argeo
.api
.cms
.auth
;
5 import javax
.security
.auth
.Subject
;
6 import javax
.xml
.namespace
.QName
;
8 import org
.argeo
.api
.cms
.CmsConstants
;
10 /** A programmatic role. */
11 public interface SystemRole
{
14 /** Whether this role is implied for this authenticated user. */
15 default boolean implied(Subject subject
, String context
) {
16 return implied(qName(), subject
, context
);
19 /** Whether this role is implied for this distinguished name. */
20 default boolean implied(String dn
, String context
) {
21 String roleContext
= RoleNameUtils
.getContext(dn
);
22 QName roleName
= RoleNameUtils
.getLastRdnAsName(dn
);
23 return roleContext
.equalsIgnoreCase(context
) && qName().equals(roleName
);
27 * Whether this role is implied for this authenticated subject. If context is
28 * <code>null</code>, it is not considered; this should be used to build user
29 * interfaces, but not to authorise.
31 static boolean implied(QName name
, Subject subject
, String context
) {
32 Set
<ImpliedByPrincipal
> roles
= subject
.getPrincipals(ImpliedByPrincipal
.class);
33 for (ImpliedByPrincipal role
: roles
) {
34 if (role
.isSystemRole()) {
35 if (role
.getRoleName().equals(name
)) {
36 // !! if context is not specified, it is considered irrelevant
39 if (role
.getContext().equalsIgnoreCase(context
)
40 || role
.getContext().equals(CmsConstants
.NODE_BASEDN
))