Java tutorial
/* * Provided by CSTI Consulting * Following GNU LESSER GENERAL PUBLIC LICENSE * You may obtain more details at * * http://www.csticonsulting.com * Copyright (c) 2006-2011 Consultation CS-TI inc. * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ package com.salesmanager.central.util; import javax.servlet.http.HttpServletRequest; import org.apache.commons.lang.StringUtils; import org.apache.log4j.Logger; import com.salesmanager.central.profile.Context; import com.salesmanager.central.profile.ProfileConstants; import com.salesmanager.core.module.impl.application.logon.UserPrincipal; public class SecurityUtil { private static Logger log = Logger.getLogger(SecurityUtil.class); /** * Determines if a user has roles for seeing / modifying the appropriate resource * @param request * @param role * @return */ public static boolean isUserInRole(HttpServletRequest request, String role) { try { if (StringUtils.isBlank(role)) { return true; } UserPrincipal principal = (UserPrincipal) request.getSession().getAttribute("PRINCIPAL"); if (principal == null) { return false; } Context ctx = (Context) request.getSession().getAttribute(ProfileConstants.context); if (ctx.getMasterRole().equals("superuser")) { return true; } if (role.equals("superuser")) { if (ctx.getMasterRole().equals("superuser")) { return true; } } else { if (ctx.getMasterRole().equals("admin")) { return true; } } if (ctx.getMasterRole().equals("admin")) { return true; } return com.salesmanager.core.util.SecurityUtil.isUserInRole(request, role); } catch (Exception e) { log.error("Customer " + e); } return false; } }