001/* 002 * Licensed to DuraSpace under one or more contributor license agreements. 003 * See the NOTICE file distributed with this work for additional information 004 * regarding copyright ownership. 005 * 006 * DuraSpace licenses this file to you under the Apache License, 007 * Version 2.0 (the "License"); you may not use this file except in 008 * compliance with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software 013 * distributed under the License is distributed on an "AS IS" BASIS, 014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 015 * See the License for the specific language governing permissions and 016 * limitations under the License. 017 */ 018package org.fcrepo.auth.common; 019 020import static java.util.Collections.emptySet; 021 022import javax.servlet.http.HttpServletRequest; 023 024import java.security.Principal; 025import java.util.HashSet; 026import java.util.Iterator; 027import java.util.Set; 028 029import org.slf4j.Logger; 030import org.slf4j.LoggerFactory; 031 032/** 033 * Adds principals based on roles that are configured within the container and 034 * through a PrincipalProvider bean in the project. 035 * 036 * @author Kevin S. Clarke 037 * @see PrincipalProvider 038 */ 039public class ContainerRolesPrincipalProvider extends AbstractPrincipalProvider { 040 041 private static final Logger LOGGER = LoggerFactory.getLogger(ContainerRolesPrincipalProvider.class); 042 043 /** 044 * @author Kevin S. Clarke 045 */ 046 public static class ContainerRolesPrincipal implements Principal { 047 048 private final String name; 049 050 /** 051 * @param name principal name 052 */ 053 public ContainerRolesPrincipal(final String name) { 054 this.name = name; 055 } 056 057 @Override 058 public String getName() { 059 return name; 060 } 061 062 @Override 063 public String toString() { 064 return name; 065 } 066 067 @Override 068 public boolean equals(final Object o) { 069 if (o instanceof ContainerRolesPrincipal) { 070 return ((ContainerRolesPrincipal) o).getName().equals(this.getName()); 071 } 072 073 return false; 074 } 075 076 @Override 077 public int hashCode() { 078 if (name == null) { 079 return 0; 080 } 081 082 return name.hashCode(); 083 } 084 085 } 086 087 private Set<String> roleNames; 088 089 /** 090 * Sets the role names which have been configured in the repo.xml file. 091 * 092 * @param roleNames The names of container roles that should be recognized 093 * as principals 094 */ 095 public void setRoleNames(final Set<String> roleNames) { 096 this.roleNames = roleNames; 097 } 098 099 /* 100 * (non-Javadoc) 101 * @see 102 * org.fcrepo.auth.PrincipalProvider#getPrincipals(javax.servlet.http.HttpServletRequest) 103 */ 104 @Override 105 public Set<Principal> getPrincipals(final HttpServletRequest request) { 106 LOGGER.debug("Checking for principals using {}", ContainerRolesPrincipalProvider.class.getSimpleName()); 107 108 if (request == null) { 109 LOGGER.debug("Servlet request was null"); 110 111 return emptySet(); 112 } 113 114 if (roleNames == null) { 115 LOGGER.debug("Role names Set was never initialized"); 116 117 return emptySet(); 118 } 119 120 final Iterator<String> iterator = roleNames.iterator(); 121 final Set<Principal> principals = new HashSet<>(); 122 123 while (iterator.hasNext()) { 124 final String role = iterator.next().trim(); 125 126 if (request.isUserInRole(role)) { 127 LOGGER.debug("Adding container role as principal: {}", role); 128 129 principals.add(new ContainerRolesPrincipal(role)); 130 } 131 } 132 133 return principals; 134 } 135 136}