PortletActionSecurityPathMergeBehavior xref

View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one or more
3    * contributor license agreements.  See the NOTICE file distributed with
4    * this work for additional information regarding copyright ownership.
5    * The ASF licenses this file to You under the Apache License, Version 2.0
6    * (the "License"); you may not use this file except in compliance with
7    * the License.  You may obtain a copy of the License at
8    * 
9    *      http://www.apache.org/licenses/LICENSE-2.0
10   * 
11   * Unless required by applicable law or agreed to in writing, software
12   * distributed under the License is distributed on an "AS IS" BASIS,
13   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14   * See the License for the specific language governing permissions and
15   * limitations under the License.
16   */
17  package org.apache.jetspeed.layout.impl;
18  
19  import java.util.HashSet;
20  import java.util.Iterator;
21  import java.util.Set;
22  
23  import javax.security.auth.Subject;
24  
25  import org.apache.commons.logging.Log;
26  import org.apache.commons.logging.LogFactory;
27  import org.apache.jetspeed.layout.PortletActionSecurityBehavior;
28  import org.apache.jetspeed.page.PageManager;
29  import org.apache.jetspeed.request.RequestContext;
30  import org.apache.jetspeed.security.RolePrincipal;
31  import org.apache.jetspeed.security.SecurityHelper;
32  import org.apache.jetspeed.security.UserPrincipal;
33  import org.apache.jetspeed.security.impl.RolePrincipalImpl;
34  
35  /***
36   * Abstracted behavior of security checks when used with the
37   * profiling rule "user-rolecombo". This behavior merges 
38   * all roles into a single role combo.
39   *
40   * @author <a href="mailto:taylor@apache.org">David Sean Taylor</a>
41   * @version $Id: $
42   */
43  public class PortletActionSecurityPathMergeBehavior
44      extends PortletActionSecurityPathBehavior
45      implements PortletActionSecurityBehavior
46  {
47      protected Log log = LogFactory.getLog(PortletActionSecurityPathMergeBehavior.class);
48      
49      public PortletActionSecurityPathMergeBehavior( PageManager pageManager )
50      {
51      	this( pageManager, Boolean.FALSE );
52      }
53      public PortletActionSecurityPathMergeBehavior( PageManager pageManager, Boolean enableCreateUserPagesFromRolesOnEdit )
54      {
55          super( pageManager, enableCreateUserPagesFromRolesOnEdit );
56      }
57  
58      public Subject getSubject(RequestContext context)
59      {
60          Subject currentSubject = context.getSubject();
61          Iterator roles = currentSubject.getPrincipals(RolePrincipalImpl.class).iterator();
62          StringBuffer combo = new StringBuffer();
63          int count = 0;
64          while (roles.hasNext())
65          {
66              RolePrincipal role = (RolePrincipal)roles.next();
67              if (count > 0)
68              {
69                  combo.append("-");
70              }
71              combo.append(role.getName());
72              count++;                        
73          }
74          Set principals = new HashSet();
75          principals.add(SecurityHelper.getBestPrincipal(currentSubject, UserPrincipal.class));
76          principals.add(new RolePrincipalImpl(combo.toString()));
77          Subject subject = 
78              new Subject(true, principals, new HashSet(), new HashSet());
79          return subject;
80      }
81      
82  }