Java tutorial
/* *Copyright 2016 Dominik Szalai (emptulik@gmail.com) * *Licensed under the Apache License, Version 2.0 (the "License"); *you may not use this file except in compliance with the License. *You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * *Unless required by applicable law or agreed to in writing, software *distributed under the License is distributed on an "AS IS" BASIS, *WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. *See the License for the specific language governing permissions and *limitations under the License. */ /* * Copyright 2016 Dominik Szalai (emptulik@gmail.com) * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package cz.muni.fi.editor.services.commons.impl; import cz.muni.fi.editor.api.dto.OrganizationDTO; import cz.muni.fi.editor.api.dto.UserDTO; import cz.muni.fi.editor.api.support.MemberAuthority; import cz.muni.fi.editor.database.dao.OrganizationDAO; import cz.muni.fi.editor.database.domain.user.User; import cz.muni.fi.editor.services.commons.security.SecurityService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.stereotype.Component; import org.springframework.transaction.annotation.Transactional; import java.util.List; import java.util.stream.Collectors; /** * Created by Dominik Szalai - emptulik at gmail.com on 29.8.2016. */ @Component public class SecurityServiceImpl implements SecurityService { @Autowired private OrganizationDAO organizationDAO; private static final GrantedAuthority ADMIN = new MemberAuthority(1L); @Override public UserDTO getPrincipal() { return (UserDTO) SecurityContextHolder.getContext().getAuthentication().getPrincipal(); } @Override public boolean isAdmin() { if (SecurityContextHolder.getContext().getAuthentication() != null) { if (SecurityContextHolder.getContext().getAuthentication().getPrincipal() != null) { UserDTO u = getPrincipal(); return u.getAuthorities().contains(ADMIN); } } return false; } // todo rework this only fixes currently logged users, not all of them. @Override @Transactional(readOnly = true) public void refresh(Long userID) { if (SecurityContextHolder.getContext().getAuthentication() != null && SecurityContextHolder.getContext().getAuthentication().getPrincipal() != null) { Authentication current = SecurityContextHolder.getContext().getAuthentication(); UserDTO principal = (UserDTO) current.getPrincipal(); if (principal.getId().equals(userID)) { User dao = new User(); dao.setId(principal.getId()); List<OrganizationDTO> member = organizationDAO.getOrganizationForUser(dao, true).stream().map(o -> { OrganizationDTO dto = new OrganizationDTO(); dto.setId(o.getId()); return dto; }).collect(Collectors.toList()); List<OrganizationDTO> owner = organizationDAO.ownedBy(dao).stream().map(o -> { OrganizationDTO dto = new OrganizationDTO(); dto.setId(o.getId()); return dto; }).collect(Collectors.toList()); principal.init(owner, member); SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken( principal, current.getCredentials(), principal.getAuthorities())); } } } }