View Javadoc
1   package org.argeo.api.security;
2   
3   import java.util.Arrays;
4   import java.util.Collections;
5   import java.util.List;
6   
7   import javax.naming.InvalidNameException;
8   import javax.naming.ldap.LdapName;
9   
10  import org.argeo.api.NodeConstants;
11  
12  public class NodeSecurityUtils {
13  	public final static LdapName ROLE_ADMIN_NAME, ROLE_DATA_ADMIN_NAME, ROLE_ANONYMOUS_NAME, ROLE_USER_NAME,
14  			ROLE_USER_ADMIN_NAME;
15  	public final static List<LdapName> RESERVED_ROLES;
16  	static {
17  		try {
18  			ROLE_ADMIN_NAME = new LdapName(NodeConstants.ROLE_ADMIN);
19  			ROLE_DATA_ADMIN_NAME = new LdapName(NodeConstants.ROLE_DATA_ADMIN);
20  			ROLE_USER_NAME = new LdapName(NodeConstants.ROLE_USER);
21  			ROLE_USER_ADMIN_NAME = new LdapName(NodeConstants.ROLE_USER_ADMIN);
22  			ROLE_ANONYMOUS_NAME = new LdapName(NodeConstants.ROLE_ANONYMOUS);
23  			RESERVED_ROLES = Collections.unmodifiableList(Arrays.asList(
24  					new LdapName[] { ROLE_ADMIN_NAME, ROLE_ANONYMOUS_NAME, ROLE_USER_NAME, ROLE_USER_ADMIN_NAME }));
25  		} catch (InvalidNameException e) {
26  			throw new Error("Cannot initialize login module class", e);
27  		}
28  	}
29  
30  	public static void checkUserName(LdapName name) throws IllegalArgumentException {
31  		if (RESERVED_ROLES.contains(name))
32  			throw new IllegalArgumentException(name + " is a reserved name");
33  	}
34  
35  	public static void checkImpliedPrincipalName(LdapName roleName) throws IllegalArgumentException {
36  //		if (ROLE_USER_NAME.equals(roleName) || ROLE_ANONYMOUS_NAME.equals(roleName))
37  //			throw new IllegalArgumentException(roleName + " cannot be listed as role");
38  	}
39  
40  }