org.argeo.cms/src/org/argeo/cms/auth/SystemRole.java

   1 package org.argeo.cms.auth;
   2
   3 import java.util.Set;
   4
   5 import javax.security.auth.Subject;
   6 import javax.xml.namespace.QName;
   7
   8 import org.argeo.api.cms.CmsConstants;
   9 import org.argeo.cms.internal.auth.ImpliedByPrincipal;
  10
  11 public interface SystemRole {
  12         QName getName();
  13
  14         default boolean implied(Subject subject, String context) {
  15                 return implied(getName(), subject, context);
  16         }
  17
  18         static boolean implied(QName name, Subject subject, String context) {
  19                 Set<ImpliedByPrincipal> roles = subject.getPrincipals(ImpliedByPrincipal.class);
  20                 for (ImpliedByPrincipal role : roles) {
  21                         if (role.isSystemRole()) {
  22                                 if (role.getRoleName().equals(name)) {
  23                                         // !! if context is not specified, it is considered irrelevant
  24                                         if (context == null)
  25                                                 return true;
  26                                         if (role.getContext().equalsIgnoreCase(context)
  27                                                         || role.getContext().equals(CmsConstants.NODE_BASEDN))
  28                                                 return true;
  29                                 }
  30                         }
  31                 }
  32                 return false;
  33
  34         }
  35 }