Source code

001package org.apache.archiva.redback.rest.services.interceptors;
002
003/*
004 * Licensed to the Apache Software Foundation (ASF) under one
005 * or more contributor license agreements.  See the NOTICE file
006 * distributed with this work for additional information
007 * regarding copyright ownership.  The ASF licenses this file
008 * to you under the Apache License, Version 2.0 (the
009 * "License"); you may not use this file except in compliance
010 * with the License.  You may obtain a copy of the License at
011 *
012 * http://www.apache.org/licenses/LICENSE-2.0
013 *
014 * Unless required by applicable law or agreed to in writing,
015 * software distributed under the License is distributed on an
016 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
017 * KIND, either express or implied.  See the License for the
018 * specific language governing permissions and limitations
019 * under the License.
020 */
021
022import org.apache.archiva.redback.system.SecuritySession;
023import org.apache.archiva.redback.users.User;
024
025import javax.ws.rs.core.UriInfo;
026import java.security.Principal;
027import java.util.Collection;
028import java.util.HashSet;
029import java.util.Set;
030
031/**
032 * Simple security context for JAX-RS to forward data from the Authentication filter to the service implementations
033 *
034 * @since 3.0
035 */
036public class RedbackSecurityContext implements javax.ws.rs.core.SecurityContext
037{
038    SecuritySession securitySession;
039    RedbackPrincipal principal;
040    User user;
041    String authenticationScheme = "Bearer";
042    Set<String> roles;
043    boolean isSecure;
044
045
046    RedbackSecurityContext( UriInfo uriInfo, User user, SecuritySession securitySession) {
047        this.isSecure = uriInfo!=null && uriInfo.getAbsolutePath().toString().toLowerCase().startsWith("https");
048        setPrincipal( user, securitySession);
049    }
050
051    @Override
052    public Principal getUserPrincipal( )
053    {
054        return principal;
055    }
056
057    @Override
058    public boolean isUserInRole( String s )
059    {
060        return roles == null ? false : roles.contains( s );
061    }
062
063    @Override
064    public boolean isSecure( )
065    {
066        return isSecure;
067    }
068
069    @Override
070    public String getAuthenticationScheme( )
071    {
072        return authenticationScheme;
073    }
074
075    public SecuritySession getSecuritySession() {
076        return this.securitySession;
077    }
078
079    public void setPrincipal( User user, SecuritySession securitySession)
080    {
081        this.user = user;
082        this.principal = new RedbackPrincipal( user );
083        this.securitySession = securitySession;
084        this.principal.setSecuritySession( securitySession );
085    }
086
087    public void setSecuritySession( SecuritySession securitySession )
088    {
089        this.securitySession = securitySession;
090    }
091
092    public void setRoles( Collection<String> roles) {
093        this.roles = new HashSet<>( roles );
094    }
095
096    public User getUser( )
097    {
098        return user;
099    }
100}