[New] Added UsernameFromCertificatePrivilege policy

src/main/java/ch/eitchnet/privilege/policy/UsernameFromCertificatePrivilege.java

@@ -0,0 +1,57 @@
+/*
+ * Copyright 2013 Robert von Burg <eitch@eitchnet.ch>
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package ch.eitchnet.privilege.policy;
+
+import java.text.MessageFormat;
+
+import ch.eitchnet.privilege.base.PrivilegeException;
+import ch.eitchnet.privilege.i18n.PrivilegeMessages;
+import ch.eitchnet.privilege.model.Certificate;
+import ch.eitchnet.privilege.model.IPrivilege;
+import ch.eitchnet.privilege.model.PrivilegeContext;
+import ch.eitchnet.privilege.model.Restrictable;
+
+/**
+ * TODO
+ * 
+ * @author Robert von Burg <eitch@eitchnet.ch>
+ */
+public class UsernameFromCertificatePrivilege implements PrivilegePolicy {
+
+	@Override
+	public void validateAction(PrivilegeContext ctx, IPrivilege privilege, Restrictable restrictable) {
+		PrivilegePolicyHelper.preValidate(privilege, restrictable);
+
+		// get the value on which the action is to be performed
+		Object object = restrictable.getPrivilegeValue();
+
+		// RoleAccessPrivilege policy expects the privilege value to be a role
+		if (!(object instanceof Certificate)) {
+			String msg = Restrictable.class.getName()
+					+ PrivilegeMessages.getString("Privilege.illegalArgument.noncertificate"); //$NON-NLS-1$
+			msg = MessageFormat.format(msg, restrictable.getClass().getSimpleName());
+			throw new PrivilegeException(msg);
+		}
+
+		// if everything is allowed, then no need to carry on
+		if (privilege.isAllAllowed())
+			return;
+
+		Certificate cert = (Certificate) object;
+		String privilegeValue = cert.getUsername();
+		PrivilegePolicyHelper.checkByAllowDenyValues(ctx, privilege, restrictable, privilegeValue);
+	}
+}

src/main/resources/PrivilegeMessages.properties

@@ -1,12 +1,13 @@
-Privilege.accessdenied.noprivilege=User {0} does not have Privilege {1} needed for Restrictable {2}
+Privilege.accessdenied.noprivilege=User {0} does not have the privilege {1} needed for Restrictable {2}
 Privilege.illegalArgument.nonstring=\ {0} has returned a non-string privilege value\!
 Privilege.illegalArgument.nonrole=\ {0} did not return a Role privilege value\!
+Privilege.illegalArgument.noncertificate=\ {0} did not return a Certificate privilege value\!
 Privilege.illegalArgument.nonuser=\ {0} did not return a User privilege value\!
 Privilege.illegalArgument.privilegeNameMismatch=The passed privilege has the name {0} but the restrictable is referencing privilege {1}
 Privilege.privilegeNameEmpty=The PrivilegeName for the Restrictable is null or empty: {0}
 Privilege.privilegeNull=Privilege may not be null\!
 Privilege.restrictableNull=Restrictable may not be null\!
 Privilege.noprivilege=No Privilege exists with name {0}
-Privilege.noprivilege.user=User {0} does not have a Privilege {0}
+Privilege.noprivilege.user=User {0} does not have the privilege {1}
 Privilege.roleAccessPrivilege.unknownPrivilege=Unhandled RoleAccessPrivilege {0}
 Privilege.userAccessPrivilege.unknownPrivilege=Unhandled UserAccessPrivilege {0}