001package org.apache.archiva.redback.rest.services.interceptors; 002 003/* 004 * Licensed to the Apache Software Foundation (ASF) under one 005 * or more contributor license agreements. See the NOTICE file 006 * distributed with this work for additional information 007 * regarding copyright ownership. The ASF licenses this file 008 * to you under the Apache License, Version 2.0 (the 009 * "License"); you may not use this file except in compliance 010 * with the License. You may obtain a copy of the License at 011 * 012 * http://www.apache.org/licenses/LICENSE-2.0 013 * 014 * Unless required by applicable law or agreed to in writing, 015 * software distributed under the License is distributed on an 016 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 017 * KIND, either express or implied. See the License for the 018 * specific language governing permissions and limitations 019 * under the License. 020 */ 021 022import org.apache.archiva.redback.system.SecuritySession; 023import org.apache.archiva.redback.users.User; 024 025import javax.ws.rs.core.UriInfo; 026import java.security.Principal; 027import java.util.Collection; 028import java.util.HashSet; 029import java.util.Set; 030 031/** 032 * Simple security context for JAX-RS to forward data from the Authentication filter to the service implementations 033 * 034 * @since 3.0 035 */ 036public class RedbackSecurityContext implements javax.ws.rs.core.SecurityContext 037{ 038 SecuritySession securitySession; 039 RedbackPrincipal principal; 040 User user; 041 String authenticationScheme = "Bearer"; 042 Set<String> roles; 043 boolean isSecure; 044 045 046 RedbackSecurityContext( UriInfo uriInfo, User user, SecuritySession securitySession) { 047 this.isSecure = uriInfo!=null && uriInfo.getAbsolutePath().toString().toLowerCase().startsWith("https"); 048 setPrincipal( user, securitySession); 049 } 050 051 @Override 052 public Principal getUserPrincipal( ) 053 { 054 return principal; 055 } 056 057 @Override 058 public boolean isUserInRole( String s ) 059 { 060 return roles == null ? false : roles.contains( s ); 061 } 062 063 @Override 064 public boolean isSecure( ) 065 { 066 return isSecure; 067 } 068 069 @Override 070 public String getAuthenticationScheme( ) 071 { 072 return authenticationScheme; 073 } 074 075 public SecuritySession getSecuritySession() { 076 return this.securitySession; 077 } 078 079 public void setPrincipal( User user, SecuritySession securitySession) 080 { 081 this.user = user; 082 this.principal = new RedbackPrincipal( user ); 083 this.securitySession = securitySession; 084 this.principal.setSecuritySession( securitySession ); 085 } 086 087 public void setSecuritySession( SecuritySession securitySession ) 088 { 089 this.securitySession = securitySession; 090 } 091 092 public void setRoles( Collection<String> roles) { 093 this.roles = new HashSet<>( roles ); 094 } 095 096 public User getUser( ) 097 { 098 return user; 099 } 100}