View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one or more
3    * contributor license agreements.  See the NOTICE file distributed with
4    * this work for additional information regarding copyright ownership.
5    * The ASF licenses this file to You under the Apache License, Version 2.0
6    * (the "License"); you may not use this file except in compliance with
7    * the License.  You may obtain a copy of the License at
8    * 
9    *      http://www.apache.org/licenses/LICENSE-2.0
10   * 
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  package org.apache.jetspeed.layout.impl;
18  
19  import java.util.HashSet;
20  import java.util.Iterator;
21  import java.util.Set;
22  
23  import javax.security.auth.Subject;
24  
25  import org.apache.commons.logging.Log;
26  import org.apache.commons.logging.LogFactory;
27  import org.apache.jetspeed.layout.PortletActionSecurityBehavior;
28  import org.apache.jetspeed.page.PageManager;
29  import org.apache.jetspeed.request.RequestContext;
30  import org.apache.jetspeed.security.RolePrincipal;
31  import org.apache.jetspeed.security.SecurityHelper;
32  import org.apache.jetspeed.security.UserPrincipal;
33  import org.apache.jetspeed.security.impl.RolePrincipalImpl;
34  
35  /***
36   * Abstracted behavior of security checks when used with the
37   * profiling rule "user-rolecombo". This behavior merges 
38   * all roles into a single role combo.
39   *
40   * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
41   * @version $Id: $
42   */
43  public class PortletActionSecurityPathMergeBehavior
44      extends PortletActionSecurityPathBehavior
45      implements PortletActionSecurityBehavior
46  {
47      protected Log log = LogFactory.getLog(PortletActionSecurityPathMergeBehavior.class);    
48      protected PageManager pageManager;
49      
50      public PortletActionSecurityPathMergeBehavior(PageManager pageManager)
51      {
52          super(pageManager);
53      }
54  
55      public Subject getSubject(RequestContext context)
56      {
57          Subject currentSubject = context.getSubject();
58          Iterator roles = currentSubject.getPrincipals(RolePrincipalImpl.class).iterator();
59          StringBuffer combo = new StringBuffer();
60          int count = 0;
61          while (roles.hasNext())
62          {
63              RolePrincipal role = (RolePrincipal)roles.next();
64              if (count > 0)
65              {
66                  combo.append("-");
67              }
68              combo.append(role.getName());
69              count++;                        
70          }
71          Set principals = new HashSet();
72          principals.add(SecurityHelper.getBestPrincipal(currentSubject, UserPrincipal.class));
73          principals.add(new RolePrincipalImpl(combo.toString()));
74          Subject subject = 
75              new Subject(true, principals, new HashSet(), new HashSet());
76          return subject;
77      }
78      
79  }