Source code

001/*
002 * Licensed to DuraSpace under one or more contributor license agreements.
003 * See the NOTICE file distributed with this work for additional information
004 * regarding copyright ownership.
005 *
006 * DuraSpace licenses this file to you under the Apache License,
007 * Version 2.0 (the "License"); you may not use this file except in
008 * compliance with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.fcrepo.auth.common;
019
020import org.apache.http.auth.BasicUserPrincipal;
021import org.apache.shiro.subject.PrincipalCollection;
022import org.apache.shiro.subject.Subject;
023import org.modeshape.jcr.security.SecurityContext;
024
025/**
026 * Security context that is simply a thin wrapper around a Shiro Subject.
027 * 
028 * @author peichman
029 */
030public class ShiroSecurityContext implements SecurityContext {
031
032    private Subject user;
033
034    private String userName;
035
036    /**
037     * Create a new security context using the given Shiro subject. That subject will typically be the value returned
038     * by a call to {@code SecurityUtils.getSubject()}.
039     *
040     * @param user subject to create the security context for
041     */
042    public ShiroSecurityContext(final Subject user) {
043        if (user != null) {
044            this.user = user;
045            final PrincipalCollection principals = user.getPrincipals();
046            if (principals != null) {
047                final BasicUserPrincipal userPrincipal = principals.oneByType(BasicUserPrincipal.class);
048                if (userPrincipal != null) {
049                    this.userName = userPrincipal.getName();
050                } else {
051                    this.userName = null;
052                }
053            }
054        }
055    }
056
057    @Override
058    public boolean isAnonymous() {
059        return !user.isAuthenticated();
060    }
061
062    @Override
063    public String getUserName() {
064        return userName;
065    }
066
067    @Override
068    public boolean hasRole(final String roleName) {
069        // Under this custom PEP regime, all users have modeshape read and write
070        // roles.
071        if ("read".equals(roleName)) {
072            return true;
073        } else if ("write".equals(roleName)) {
074            return true;
075        } else {
076            return "admin".equals(roleName);
077        }
078    }
079
080    @Override
081    public void logout() {
082        // this method intentionally does nothing
083    }
084
085}