PrincipalGroupProviderGroupImpl.java

package io.oasp.module.security.common.base.accesscontrol;

import io.oasp.module.security.common.api.accesscontrol.PrincipalAccessControlProvider;

import java.security.Principal;
import java.security.acl.Group;
import java.util.Collection;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Set;

/**
 * This is an implementation of {@link PrincipalAccessControlProvider} based on {@link Group}. Due to the confusing API of
 * {@link Group} that mixes a {@link Principal} with permissions and permission groups it is not commonly used even
 * though it is available in the Java standard edition.
 *
 */
public class PrincipalGroupProviderGroupImpl implements PrincipalAccessControlProvider<Group> {

  /**
   * The constructor.
   */
  public PrincipalGroupProviderGroupImpl() {

    super();
  }

  @Override
  public Collection<String> getAccessControlIds(Group principal) {

    Set<String> groupSet = new HashSet<>();
    collectGroups(principal, groupSet);
    return groupSet;
  }

  /**
   * Called from {@link #getAccessControlIds(Group)} to recursively collect the groups.
   *
   * @param group is the {@link Group} to traverse.
   * @param groupSet is the {@link Set} where to add the principal names.
   */
  protected void collectGroups(Group group, Set<String> groupSet) {

    Enumeration<? extends Principal> members = group.members();
    while (members.hasMoreElements()) {
      Principal member = members.nextElement();
      String name = member.getName();
      boolean added = groupSet.add(name);
      if (added && (member instanceof Group)) {
        collectGroups((Group) member, groupSet);
      }
    }
  }
}