Source code

001/*
002 * Licensed to DuraSpace under one or more contributor license agreements.
003 * See the NOTICE file distributed with this work for additional information
004 * regarding copyright ownership.
005 *
006 * DuraSpace licenses this file to you under the Apache License,
007 * Version 2.0 (the "License"); you may not use this file except in
008 * compliance with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.fcrepo.auth.common;
019
020import static org.slf4j.LoggerFactory.getLogger;
021
022import java.util.HashSet;
023import java.util.Set;
024
025import org.apache.http.auth.BasicUserPrincipal;
026import org.apache.shiro.authc.AuthenticationToken;
027import org.fcrepo.auth.common.ContainerRolesPrincipalProvider.ContainerRolesPrincipal;
028import org.slf4j.Logger;
029
030/**
031 * @author peichman
032 */
033public class ContainerAuthToken implements AuthenticationToken {
034
035    private static final Logger log = getLogger(ContainerAuthToken.class);
036
037    public static final String AUTHORIZED = "AUTHORIZED";
038
039    private final BasicUserPrincipal servletUser;
040
041    private final Set<ContainerRolesPrincipal> servletRoles;
042
043    /**
044     * @param servletUsername username returned from servlet container authentication
045     * @param servletRoleNames roles returned from servlet container authentication
046     */
047    public ContainerAuthToken(final String servletUsername, final Set<String> servletRoleNames) {
048        servletUser = new BasicUserPrincipal(servletUsername);
049        log.debug("Setting servlet username {}", servletUsername);
050        this.servletRoles = new HashSet<>();
051        for (String roleName : servletRoleNames) {
052            log.debug("Adding servlet role {} to {}", roleName, servletUsername);
053            this.servletRoles.add(new ContainerRolesPrincipal(roleName));
054        }
055    }
056
057    @Override
058    public Object getPrincipal() {
059        return servletUser;
060    }
061
062    /**
063     * This token represents a user who was already authenticated by the servlet container, so return a constant
064     * credentials string.
065     */
066    @Override
067    public Object getCredentials() {
068        return AUTHORIZED;
069    }
070
071    /**
072     * @return set of principals
073     */
074    public Set<ContainerRolesPrincipal> getRoles() {
075        return servletRoles;
076    }
077
078}