001package org.gbif.api.model.common;
002
003import java.util.Objects;
004import javax.security.auth.Subject;
005
006/**
007 * Similar to {@link GbifUserPrincipal} but represents an application instead of a user.
008 * The appKey is used as the unique account name and is exposed as the principal name.
009 */
010public class AppPrincipal implements ExtendedPrincipal {
011
012  private final String appKey;
013  private final String appRole;
014
015  /**
016   * {@link AppPrincipal} constructor.
017   *
018   * @param appKey  mandatory, appKey of the application that is now authenticated.
019   * @param appRole optionally, the "role" of the app as {@link String}. Mostly to use jsr250 @RolesAllowed.
020   */
021  public AppPrincipal(String appKey, String appRole) {
022    Objects.requireNonNull(appKey, "appKey shall be provided");
023    this.appKey = appKey;
024    this.appRole = appRole;
025  }
026
027  @Override
028  public String getName() {
029    return appKey;
030  }
031
032  @Override
033  public boolean implies(Subject subject) {
034    return false;
035  }
036
037  @Override
038  public boolean hasRole(String role) {
039    return appRole != null && appRole.equalsIgnoreCase(role);
040  }
041}