001/* 002 * Licensed to DuraSpace under one or more contributor license agreements. 003 * See the NOTICE file distributed with this work for additional information 004 * regarding copyright ownership. 005 * 006 * DuraSpace licenses this file to you under the Apache License, 007 * Version 2.0 (the "License"); you may not use this file except in 008 * compliance with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018package org.fcrepo.auth.common; 019 020import static java.util.Collections.emptySet; 021 022import java.security.Principal; 023import java.util.HashSet; 024import java.util.Iterator; 025import java.util.Set; 026 027import javax.jcr.Credentials; 028import javax.servlet.http.HttpServletRequest; 029 030import org.modeshape.jcr.api.ServletCredentials; 031import org.slf4j.Logger; 032import org.slf4j.LoggerFactory; 033 034/** 035 * Adds principals based on roles that are configured within the container and 036 * through a PrincipalProvider bean in the project. 037 * 038 * @author Kevin S. Clarke 039 * @see PrincipalProvider 040 */ 041public class ContainerRolesPrincipalProvider implements PrincipalProvider { 042 043 private static final Logger LOGGER = LoggerFactory.getLogger(ContainerRolesPrincipalProvider.class); 044 045 protected static class ContainerRolesPrincipal implements Principal { 046 047 private final String name; 048 049 ContainerRolesPrincipal(final String name) { 050 this.name = name; 051 } 052 053 @Override 054 public String getName() { 055 return name; 056 } 057 058 @Override 059 public String toString() { 060 return name; 061 } 062 063 @Override 064 public boolean equals(final Object o) { 065 if (o instanceof ContainerRolesPrincipal) { 066 return ((ContainerRolesPrincipal) o).getName().equals(this.getName()); 067 } 068 069 return false; 070 } 071 072 @Override 073 public int hashCode() { 074 if (name == null) { 075 return 0; 076 } 077 078 return name.hashCode(); 079 } 080 081 } 082 083 private Set<String> roleNames; 084 085 /** 086 * Sets the role names which have been configured in the repo.xml file. 087 * 088 * @param roleNames The names of container roles that should be recognized 089 * as principals 090 */ 091 public void setRoleNames(final Set<String> roleNames) { 092 this.roleNames = roleNames; 093 } 094 095 /* 096 * (non-Javadoc) 097 * @see 098 * org.fcrepo.auth.PrincipalProvider#getPrincipals(javax.jcr.Credentials) 099 */ 100 @Override 101 public Set<Principal> getPrincipals(final Credentials credentials) { 102 LOGGER.debug("Checking for principals using {}", ContainerRolesPrincipalProvider.class.getSimpleName()); 103 104 if (!(credentials instanceof ServletCredentials)) { 105 LOGGER.debug("Credentials is not an instanceof ServletCredentials"); 106 107 return emptySet(); 108 } 109 110 final ServletCredentials servletCredentials = (ServletCredentials) credentials; 111 final HttpServletRequest request = servletCredentials.getRequest(); 112 113 if (request == null) { 114 LOGGER.debug("Servlet request from servletCredentials was null"); 115 116 return emptySet(); 117 } 118 119 if (roleNames == null) { 120 LOGGER.debug("Role names Set was never initialized"); 121 122 return emptySet(); 123 } 124 125 final Iterator<String> iterator = roleNames.iterator(); 126 final Set<Principal> principals = new HashSet<>(); 127 128 while (iterator.hasNext()) { 129 final String role = iterator.next().trim(); 130 131 if (request.isUserInRole(role)) { 132 LOGGER.debug("Adding container role as principal: {}", role); 133 134 principals.add(new ContainerRolesPrincipal(role)); 135 } 136 } 137 138 return principals; 139 } 140 141}