GMSClient.java

     */
    public boolean isMember(Principal userID, String groupName)
        throws UserNotFoundException, AccessControlException, IOException
    {
        return isMember(userID, groupName, Role.MEMBER);
    }
    
    /**
     * Check if userID is a member (of type role) of groupName.
     * 
     * @param userID Identifies the user.
     * @param groupName Identifies the group.
     * @param role The type of membership.
     * @return True if the user is a member of the group
     * @throws UserNotFoundException If the user does not exist.
     * @throws AccessControlException If not allowed to peform the search.
     * @throws IllegalArgumentException If a parameter is null.
     * @throws IOException If an unknown error occured.
     */
    public boolean isMember(Principal userID, String groupName, Role role)
        throws UserNotFoundException, AccessControlException, IOException
    {
        Group group = getMembership(userID, groupName, role);
        return group != null;
    }

    /**
     * @param sslSocketFactory the sslSocketFactory to set
     */
    public void setSSLSocketFactory(SSLSocketFactory sslSocketFactory)
    {
        if (mySocketFactory != null)
            throw new IllegalStateException("Illegal use of GMSClient: "
                    + "cannot set SSLSocketFactory after using one created from Subject");
        this.sslSocketFactory = sslSocketFactory;
        clearCache();
    }
    
    private int subjectHashCode = 0;
    private SSLSocketFactory getSSLSocketFactory()
    {
        AccessControlContext ac = AccessController.getContext();
        Subject s = Subject.getSubject(ac);
        
        // no real Subject: can only use the one from setSSLSocketFactory
        if (s == null || s.getPrincipals().isEmpty())
        {
            return sslSocketFactory;
        }
        
        // lazy init
        if (this.mySocketFactory == null)
        {
            log.debug("getSSLSocketFactory: " + s);
            this.mySocketFactory = SSLUtil.getSocketFactory(s);
            this.subjectHashCode = s.hashCode();
        }
        else
        {
            int c = s.hashCode();
            if (c != subjectHashCode)
                throw new IllegalStateException("Illegal use of " 
                        + this.getClass().getSimpleName()
                        + ": subject change not supported for internal SSLSocketFactory");
        }
        return this.mySocketFactory;
    }
    
    protected void clearCache()
    {
        AccessControlContext acContext = AccessController.getContext();
        Subject subject = Subject.getSubject(acContext);
        
        if (subject != null)
        {
            log.debug("Clearing cache");
            subject.getPrivateCredentials().clear();
        }
    }

    protected List<Group> getCachedGroups(Principal userID, Role role)
    {
        AccessControlContext acContext = AccessController.getContext();
        Subject subject = Subject.getSubject(acContext);
        
        // only consult cache if the userID is of the calling subject
        if (userIsSubject(userID, subject))
        {
            Set groupCredentialSet = subject.getPrivateCredentials(GroupMemberships.class);
            if ((groupCredentialSet != null) && 
                (groupCredentialSet.size() == 1))
            {
                Iterator i = groupCredentialSet.iterator();
                GroupMemberships groupMemberships = ((GroupMemberships) i.next());
                return groupMemberships.memberships.get(role);
            }
        }
        return null;
    }

    protected void setCachedGroups(Principal userID, List<Group> groups, Role role)
    {
        AccessControlContext acContext = AccessController.getContext();
        Subject subject = Subject.getSubject(acContext);
        
        // only save to cache if the userID is of the calling subject
        if (userIsSubject(userID, subject))
        {
            log.debug("Caching groups for " + userID + ", role " + role);
            
            GroupMemberships groupCredentials = null;
            Set groupCredentialSet = subject.getPrivateCredentials(GroupMemberships.class);
            if ((groupCredentialSet != null) && 
                (groupCredentialSet.size() == 1))
            {
                Iterator i = groupCredentialSet.iterator();
                groupCredentials = ((GroupMemberships) i.next());
            }
            else
            {
                groupCredentials = new GroupMemberships();
                subject.getPrivateCredentials().add(groupCredentials);
            }
            
            groupCredentials.memberships.put(role,  groups);
        }
    }
    
    protected boolean userIsSubject(Principal userID, Subject subject)
    {
        if (userID == null || subject == null)
        {
            return false;
        }
        
        Set<Principal> subjectPrincipals = subject.getPrincipals();
        Iterator<Principal> i = subjectPrincipals.iterator();
        Principal next = null;
        while (i.hasNext())
        {
            next = i.next();
            if (next.equals(userID))
            {
                return true;
            }
        }
        return false;
    }

    /**
     * Class used to hold list of groups in which
     * a user is a member.
     */
    protected class GroupMemberships
    {
        Map<Role, List<Group>> memberships = new HashMap<Role, List<Group>>();

        protected GroupMemberships()
        {
        }

    }

}