If ModeShape is being used within a web application, then it is probably desirable to reuse the security infrastructure of the application server. This can be accomplished by implementing the SecurityContext interface with an implementation that delegates to the HttpServletRequest. Then, for each request, create a SecurityContextCredentials instance around your SecurityContext, and use these credentials to obtain a JCR Session.
Here is an example of the SecurityContext implementation that uses the servlet request:
@Immutable
public class ServletSecurityContext implements SecurityContext {
private final String userName;
private final HttpServletRequest request;
/**
* Create a {@link ServletSecurityContext} with the supplied
* {@link HttpServletRequest servlet information}.
*
* @param request the servlet request; may not be null
*/
public ServletSecurityContext( HttpServletRequest request ) {
this.request = request;
this.userName = request.getUserPrincipal() != null ? request.getUserPrincipal().getName() : null;
}
/**
* Get the name of the authenticated user.
* @return the authenticated user's name
*/
public String getUserName() {
return userName;
}
/**
* Determine whether the authenticated user has the given role.
* @param roleName the name of the role to check
* @return true if the user has the role and is logged in; false otherwise
*/
boolean hasRole( String roleName ) {
request.isUserInRole(roleName);
}
/**
* Logs the user out of the authentication mechanism.
* For some authentication mechanisms, this will be implemented as a no-op.
*/
public void logout() {
}
}
@Immutable
public class ServletSecurityContext implements SecurityContext {
private final String userName;
private final HttpServletRequest request;
/**
* Create a {@link ServletSecurityContext} with the supplied
* {@link HttpServletRequest servlet information}.
*
* @param request the servlet request; may not be null
*/
public ServletSecurityContext( HttpServletRequest request ) {
this.request = request;
this.userName = request.getUserPrincipal() != null ? request.getUserPrincipal().getName() : null;
}
/**
* Get the name of the authenticated user.
* @return the authenticated user's name
*/
public String getUserName() {
return userName;
}
/**
* Determine whether the authenticated user has the given role.
* @param roleName the name of the role to check
* @return true if the user has the role and is logged in; false otherwise
*/
boolean hasRole( String roleName ) {
request.isUserInRole(roleName);
}
/**
* Logs the user out of the authentication mechanism.
* For some authentication mechanisms, this will be implemented as a no-op.
*/
public void logout() {
}
}
Copy to ClipboardCopied!Toggle word wrapToggle overflow
红帽全球峰会
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}