--- /dev/null
+package org.argeo.api.cms.auth;
+
+import java.security.Principal;
+import java.util.HashSet;
+import java.util.Set;
+
+import javax.xml.namespace.QName;
+
+/**
+ * A {@link Principal} which has been implied by an authorisation. If it is
+ * empty it means this is an additional identity, otherwise it lists the users
+ * (typically the logged-in user but possibly empty {@link ImpliedByPrincipal}s)
+ * which have implied it. When an additional identity is removed, the related
+ * {@link ImpliedByPrincipal}s can thus be removed.
+ */
+public final class ImpliedByPrincipal implements Principal {
+ private final String name;
+ private final QName roleName;
+ private final boolean systemRole;
+ private final String context;
+
+ private Set<Principal> causes = new HashSet<Principal>();
+
+ public ImpliedByPrincipal(String name, Principal userPrincipal) {
+ this.name = name;
+ roleName = RoleNameUtils.getLastRdnAsName(name);
+ systemRole = RoleNameUtils.isSystemRole(roleName);
+ context = RoleNameUtils.getContext(name);
+ if (userPrincipal != null)
+ causes.add(userPrincipal);
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ /*
+ * OBJECT
+ */
+
+ public QName getRoleName() {
+ return roleName;
+ }
+
+ public String getContext() {
+ return context;
+ }
+
+ public boolean isSystemRole() {
+ return systemRole;
+ }
+
+ @Override
+ public int hashCode() {
+ return name.hashCode();
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (obj instanceof ImpliedByPrincipal) {
+ ImpliedByPrincipal that = (ImpliedByPrincipal) obj;
+ // TODO check members too?
+ return name.equals(that.name);
+ }
+ return false;
+ }
+
+ @Override
+ public String toString() {
+ return name.toString();
+ }
+}