]>
git.argeo.org Git - lgpl/argeo-commons.git/blob - org.argeo.cms/src/org/argeo/cms/security/NodeSecurityUtils.java
1 package org
.argeo
.cms
.security
;
3 import java
.util
.Arrays
;
4 import java
.util
.Collections
;
7 import javax
.naming
.InvalidNameException
;
8 import javax
.naming
.ldap
.LdapName
;
10 import org
.argeo
.api
.cms
.CmsConstants
;
12 public class NodeSecurityUtils
{
13 public final static LdapName ROLE_ADMIN_NAME
, ROLE_DATA_ADMIN_NAME
, ROLE_ANONYMOUS_NAME
, ROLE_USER_NAME
,
15 public final static List
<LdapName
> RESERVED_ROLES
;
18 ROLE_ADMIN_NAME
= new LdapName(CmsConstants
.ROLE_ADMIN
);
19 ROLE_DATA_ADMIN_NAME
= new LdapName(CmsConstants
.ROLE_DATA_ADMIN
);
20 ROLE_USER_NAME
= new LdapName(CmsConstants
.ROLE_USER
);
21 ROLE_USER_ADMIN_NAME
= new LdapName(CmsConstants
.ROLE_USER_ADMIN
);
22 ROLE_ANONYMOUS_NAME
= new LdapName(CmsConstants
.ROLE_ANONYMOUS
);
23 RESERVED_ROLES
= Collections
.unmodifiableList(Arrays
.asList(
24 new LdapName
[] { ROLE_ADMIN_NAME
, ROLE_ANONYMOUS_NAME
, ROLE_USER_NAME
, ROLE_USER_ADMIN_NAME
}));
25 } catch (InvalidNameException e
) {
26 throw new Error("Cannot initialize login module class", e
);
30 public static void checkUserName(LdapName name
) throws IllegalArgumentException
{
31 if (RESERVED_ROLES
.contains(name
))
32 throw new IllegalArgumentException(name
+ " is a reserved name");
35 public static void checkImpliedPrincipalName(LdapName roleName
) throws IllegalArgumentException
{
36 // if (ROLE_USER_NAME.equals(roleName) || ROLE_ANONYMOUS_NAME.equals(roleName))
37 // throw new IllegalArgumentException(roleName + " cannot be listed as role");