Newer
Older
* @param groupName
* @return
* @throws UserNotFoundException
* @throws AccessControlException
*/
public boolean isMember(String groupName)
throws UserNotFoundException, AccessControlException, IOException
{
Patrick Dowler
committed
return isMember(groupName, Role.MEMBER);
}
Patrick Dowler
committed
* @param groupName
* @param role
* @return
* @throws UserNotFoundException
* @throws AccessControlException
Patrick Dowler
committed
public boolean isMember(String groupName, Role role)
throws UserNotFoundException, AccessControlException, IOException
Patrick Dowler
committed
return isMember(getCurrentUserID(), groupName, role);
Patrick Dowler
committed
private boolean isMember(Principal userID, String groupName, Role role)
throws UserNotFoundException, AccessControlException, IOException
Patrick Dowler
committed
Group group = getMembership(groupName, role);
/**
* @param sslSocketFactory the sslSocketFactory to set
*/
public void setSSLSocketFactory(SSLSocketFactory sslSocketFactory)
{
Patrick Dowler
committed
if (mySocketFactory != null)
throw new IllegalStateException("Illegal use of GMSClient: "
+ "cannot set SSLSocketFactory after using one created from Subject");
Patrick Dowler
committed
private int subjectHashCode = 0;
private SSLSocketFactory getSSLSocketFactory()
{
Patrick Dowler
committed
AccessControlContext ac = AccessController.getContext();
Subject s = Subject.getSubject(ac);
Patrick Dowler
committed
// no real Subject: can only use the one from setSSLSocketFactory
if (s == null || s.getPrincipals().isEmpty())
{
return sslSocketFactory;
}
Patrick Dowler
committed
// lazy init
if (this.mySocketFactory == null)
{
log.debug("getSSLSocketFactory: " + s);
this.mySocketFactory = SSLUtil.getSocketFactory(s);
this.subjectHashCode = s.hashCode();
}
else
Patrick Dowler
committed
int c = s.hashCode();
if (c != subjectHashCode)
throw new IllegalStateException("Illegal use of "
Patrick Dowler
committed
+ this.getClass().getSimpleName()
+ ": subject change not supported for internal SSLSocketFactory");
Patrick Dowler
committed
return this.mySocketFactory;
protected void clearCache()
{
AccessControlContext acContext = AccessController.getContext();
Subject subject = Subject.getSubject(acContext);
if (subject != null)
{
Patrick Dowler
committed
subject.getPrivateCredentials().remove(new GroupMemberships());
Patrick Dowler
committed
protected GroupMemberships getGroupCache(Principal userID)
{
AccessControlContext acContext = AccessController.getContext();
Subject subject = Subject.getSubject(acContext);
// only consult cache if the userID is of the calling subject
if (userIsSubject(userID, subject))
Patrick Dowler
committed
Set<GroupMemberships> gset = subject.getPrivateCredentials(GroupMemberships.class);
if (gset == null || gset.isEmpty())
GroupMemberships mems = new GroupMemberships(serviceID.toString(), userID);
Patrick Dowler
committed
subject.getPrivateCredentials().add(mems);
return mems;
Patrick Dowler
committed
GroupMemberships mems = gset.iterator().next();
// check to ensure they have the same service URI
if (!serviceID.toString().equals(mems.getServiceURI()))
{
log.debug("Not using cache because of differing service URIs: " +
"[" + serviceID.toString() + "][" + mems.getServiceURI() + "]");
return null;
}
Patrick Dowler
committed
return mems;
Patrick Dowler
committed
return null; // no cache
}
Patrick Dowler
committed
protected Group getCachedGroup(Principal userID, String groupID, Role role)
{
List<Group> groups = getCachedGroups(userID, role, false);
if (groups == null)
return null; // no cache
for (Group g : groups)
{
if (g.getID().equals(groupID))
return g;
Patrick Dowler
committed
protected List<Group> getCachedGroups(Principal userID, Role role, boolean complete)
{
GroupMemberships mems = getGroupCache(userID);
if (mems == null)
return null; // no cache
Patrick Dowler
committed
Boolean cacheState = mems.isComplete(role);
Patrick Dowler
committed
if (!complete || Boolean.TRUE.equals(cacheState))
Patrick Dowler
committed
return mems.getMemberships(role);
Patrick Dowler
committed
// caller wanted complete and we don't have that
Patrick Dowler
committed
protected void addCachedGroup(Principal userID, Group group, Role role)
Patrick Dowler
committed
GroupMemberships mems = getGroupCache(userID);
if (mems == null)
return; // no cache
Patrick Dowler
committed
}
protected void setCachedGroups(Principal userID, List<Group> groups, Role role)
Patrick Dowler
committed
GroupMemberships mems = getGroupCache(userID);
if (mems == null)
return; // no cache
protected boolean userIsSubject(Principal userID, Subject subject)
{
if (userID == null || subject == null)
{
return false;
}
for (Principal subjectPrincipal : subject.getPrincipals())
Patrick Dowler
committed
if (AuthenticationUtil.equals(subjectPrincipal, userID))
protected RegistryClient getRegistryClient()
{
return new RegistryClient();
}