RoleCalculatorFactory.java

/*
 * The contents of this file are subject to the terms of the Common Development and
 * Distribution License (the License). You may not use this file except in compliance with the
 * License.
 *
 * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
 * specific language governing permission and limitations under the License.
 *
 * When distributing Covered Software, include this CDDL Header Notice in each file and include
 * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
 * Header, with the fields enclosed by brackets [] replaced by your own identifying
 * information: "Portions copyright [year] [name of copyright owner]".
 *
 * Copyright 2014-2015 ForgeRock AS.
 */

package org.forgerock.openidm.auth.modules;

import java.util.ArrayList;
import java.util.List;
import java.util.Map;

import org.forgerock.json.resource.ResourceResponse;

/**
 * Factory class for creating PropertyRoleCalculator instances.
 *
 * @since 3.0.0
 */
class RoleCalculatorFactory {

    /**
     * Creates a new RoleCalculator instance.
     *
     * @param defaultRoles The list of default roles.
     * @param userRoles The object attribute representing the role assignment.
     * @param groupMembership The object attribute representing the group membership.
     * @param roleMapping The mapping between OpenIDM roles and pass-through auth groups.
     * @param groupComparison The method of {@link MappingRoleCalculator.GroupComparison} to use.
     * @return A RoleCalculator instance.
     */
    RoleCalculator create(final List<String> defaultRoles, final String userRoles,
            final String groupMembership, final Map<String, List<String>> roleMapping,
            final MappingRoleCalculator.GroupComparison groupComparison) {

        // aggregate all role calculation per configuration
        return new RoleCalculator() {
            final List<RoleCalculator> calculators = new ArrayList<RoleCalculator>();

            {
                if (defaultRoles != null) {
                    // assign default roles
                    calculators.add(new DefaultRoleCalculator(defaultRoles));
                }

                if (userRoles != null) {
                    // use role-lookup from object property
                    calculators.add(new PropertyRoleCalculator(userRoles));
                }

                if (groupMembership != null && roleMapping != null && !roleMapping.isEmpty()) {
                    // use group membership and role-mapping role calculator
                    calculators.add(new MappingRoleCalculator(groupMembership, roleMapping, groupComparison));
                }
            }

            @Override
            public void calculateRoles(String principal, SecurityContextMapper securityContextMapper,
                    ResourceResponse resource) {
                // set roles
                for (RoleCalculator calculator : calculators) {
                    calculator.calculateRoles(principal, securityContextMapper, resource);
                }
            }
        };
    }

}