package org.argeo.cms.internal.auth;
import java.security.Principal;
-import java.security.acl.Group;
-import java.util.Collections;
-import java.util.Enumeration;
import java.util.HashSet;
import java.util.Set;
-import javax.naming.InvalidNameException;
-import javax.naming.ldap.LdapName;
+import javax.xml.namespace.QName;
-import org.argeo.cms.CmsException;
+import org.argeo.cms.auth.RoleNameUtils;
import org.osgi.service.useradmin.Authorization;
/**
* A {@link Principal} which has been implied by an {@link Authorization}. If it
- * is empty it meeans this is an additional identity, otherwise it lists the
+ * is empty it means this is an additional identity, otherwise it lists the
* users (typically the logged in user but possibly empty
* {@link ImpliedByPrincipal}s) which have implied it. When an additional
- * identityx is removed, the related {@link ImpliedByPrincipal}s can thus be
+ * identity is removed, the related {@link ImpliedByPrincipal}s can thus be
* removed.
*/
-public final class ImpliedByPrincipal implements Group {
- private final LdapName name;
+public final class ImpliedByPrincipal implements Principal {
+ private final String name;
+ private final QName roleName;
+ private final boolean systemRole;
+ private final String context;
+
private Set<Principal> causes = new HashSet<Principal>();
public ImpliedByPrincipal(String name, Principal userPrincipal) {
- try {
- this.name = new LdapName(name);
- } catch (InvalidNameException e) {
- throw new CmsException("Badly formatted role name", e);
- }
- if (userPrincipal != null)
- causes.add(userPrincipal);
- }
-
- public ImpliedByPrincipal(LdapName name, Principal userPrincipal) {
this.name = name;
+ roleName = RoleNameUtils.getLastRdnAsName(name);
+ systemRole = RoleNameUtils.isSystemRole(roleName);
+ context = RoleNameUtils.getContext(name);
if (userPrincipal != null)
causes.add(userPrincipal);
}
- @Override
public String getName() {
- return name.toString();
+ return name;
}
- @Override
- public boolean addMember(Principal user) {
- throw new UnsupportedOperationException();
- }
+ /*
+ * OBJECT
+ */
- @Override
- public boolean removeMember(Principal user) {
- throw new UnsupportedOperationException();
+ public QName getRoleName() {
+ return roleName;
}
- @Override
- public boolean isMember(Principal member) {
- return causes.contains(member);
+ public String getContext() {
+ return context;
}
- @Override
- public Enumeration<? extends Principal> members() {
- return Collections.enumeration(causes);
+ public boolean isSystemRole() {
+ return systemRole;
}
@Override
@Override
public boolean equals(Object obj) {
- // if (this == obj)
- // return true;
if (obj instanceof ImpliedByPrincipal) {
ImpliedByPrincipal that = (ImpliedByPrincipal) obj;
// TODO check members too?
@Override
public String toString() {
- return name.toString() + ", implied by " + causes;
+ return name.toString();
}
}