001    /*
002     * JBoss DNA (http://www.jboss.org/dna)
003     * See the COPYRIGHT.txt file distributed with this work for information
004     * regarding copyright ownership.  Some portions may be licensed
005     * to Red Hat, Inc. under one or more contributor license agreements.
006     * See the AUTHORS.txt file in the distribution for a full listing of 
007     * individual contributors. 
008     *
009     * JBoss DNA is free software. Unless otherwise indicated, all code in JBoss DNA
010     * is licensed to you under the terms of the GNU Lesser General Public License as
011     * published by the Free Software Foundation; either version 2.1 of
012     * the License, or (at your option) any later version.
013     *
014     * JBoss DNA is distributed in the hope that it will be useful,
015     * but WITHOUT ANY WARRANTY; without even the implied warranty of
016     * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
017     * Lesser General Public License for more details.
018     *
019     * You should have received a copy of the GNU Lesser General Public
020     * License along with this software; if not, write to the Free
021     * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
022     * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
023     */
024    package org.jboss.dna.web.jcr.rest;
025    
026    import javax.servlet.http.HttpServletRequest;
027    import net.jcip.annotations.ThreadSafe;
028    import org.jboss.dna.common.util.CheckArg;
029    import org.jboss.dna.graph.SecurityContext;
030    
031    /**
032     * Servlet-based {@link SecurityContext security context} that assumes servlet-based authentication and provides authorization
033     * through the {@link HttpServletRequest#isUserInRole(String) servlet role-checking mechanism}.
034     * <p>
035     * This security context is really only valid for the life of the {@link HttpServletRequest servlet request} and should
036     * only be used to support longer-lasting session scopes with great care. * 
037     * </p>
038     */
039    @ThreadSafe
040    public class ServletSecurityContext implements SecurityContext {
041    
042        private final String userName;
043        private final HttpServletRequest request;
044    
045        /**
046         * Create a {@link ServletSecurityContext} with the supplied {@link HttpServletRequest servlet information}.
047         * 
048         * @param request the servlet request; may not be null
049         */
050        public ServletSecurityContext( HttpServletRequest request ) {
051            CheckArg.isNotNull(request, "request");
052            this.request = request;
053            this.userName = request.getUserPrincipal() != null ? request.getUserPrincipal().getName() : null;
054        }
055    
056        /**
057         * {@inheritDoc SecurityContext#getUserName()}
058         * 
059         * @see SecurityContext#getUserName()
060         */
061        public final String getUserName() {
062            return userName;
063        }
064    
065        /**
066         * {@inheritDoc SecurityContext#hasRole(String)}
067         * 
068         * @see SecurityContext#hasRole(String)
069         */
070        public final boolean hasRole( String roleName ) {
071            return request.isUserInRole(roleName);
072        }
073    
074        /**
075         * {@inheritDoc SecurityContext#logout()}
076         * 
077         * @see SecurityContext#logout()
078         */
079        public void logout() {
080        }
081    
082    }