001 /* 002 * JBoss DNA (http://www.jboss.org/dna) 003 * See the COPYRIGHT.txt file distributed with this work for information 004 * regarding copyright ownership. Some portions may be licensed 005 * to Red Hat, Inc. under one or more contributor license agreements. 006 * See the AUTHORS.txt file in the distribution for a full listing of 007 * individual contributors. 008 * 009 * JBoss DNA is free software. Unless otherwise indicated, all code in JBoss DNA 010 * is licensed to you under the terms of the GNU Lesser General Public License as 011 * published by the Free Software Foundation; either version 2.1 of 012 * the License, or (at your option) any later version. 013 * 014 * JBoss DNA is distributed in the hope that it will be useful, 015 * but WITHOUT ANY WARRANTY; without even the implied warranty of 016 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 017 * Lesser General Public License for more details. 018 * 019 * You should have received a copy of the GNU Lesser General Public 020 * License along with this software; if not, write to the Free 021 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 022 * 02110-1301 USA, or see the FSF site: http://www.fsf.org. 023 */ 024 package org.jboss.dna.web.jcr.rest; 025 026 import javax.servlet.http.HttpServletRequest; 027 import net.jcip.annotations.ThreadSafe; 028 import org.jboss.dna.common.util.CheckArg; 029 import org.jboss.dna.graph.SecurityContext; 030 031 /** 032 * Servlet-based {@link SecurityContext security context} that assumes servlet-based authentication and provides authorization 033 * through the {@link HttpServletRequest#isUserInRole(String) servlet role-checking mechanism}. 034 * <p> 035 * This security context is really only valid for the life of the {@link HttpServletRequest servlet request} and should 036 * only be used to support longer-lasting session scopes with great care. * 037 * </p> 038 */ 039 @ThreadSafe 040 public class ServletSecurityContext implements SecurityContext { 041 042 private final String userName; 043 private final HttpServletRequest request; 044 045 /** 046 * Create a {@link ServletSecurityContext} with the supplied {@link HttpServletRequest servlet information}. 047 * 048 * @param request the servlet request; may not be null 049 */ 050 public ServletSecurityContext( HttpServletRequest request ) { 051 CheckArg.isNotNull(request, "request"); 052 this.request = request; 053 this.userName = request.getUserPrincipal() != null ? request.getUserPrincipal().getName() : null; 054 } 055 056 /** 057 * {@inheritDoc SecurityContext#getUserName()} 058 * 059 * @see SecurityContext#getUserName() 060 */ 061 public final String getUserName() { 062 return userName; 063 } 064 065 /** 066 * {@inheritDoc SecurityContext#hasRole(String)} 067 * 068 * @see SecurityContext#hasRole(String) 069 */ 070 public final boolean hasRole( String roleName ) { 071 return request.isUserInRole(roleName); 072 } 073 074 /** 075 * {@inheritDoc SecurityContext#logout()} 076 * 077 * @see SecurityContext#logout() 078 */ 079 public void logout() { 080 } 081 082 }