Java tutorial
/* * To change this license header, choose License Headers in Project Properties. * To change this template file, choose Tools | Templates * and open the template in the editor. */ package cz.swi2.mendeluis.app.web.security; import cz.swi2.mendeluis.dataaccesslayer.domain.User; import cz.swi2.mendeluis.dataaccesslayer.domain.UserPortlet; import cz.swi2.mendeluis.dataaccesslayer.repository.UserPortletRepository; import cz.swi2.mendeluis.dataaccesslayer.repository.UserRepository; import cz.swi2.mendeluis.dto.UserDTO; import cz.swi2.mendeluis.dto.UserPortletDTO; import cz.swi2.mendeluis.facade.IUserFacade; import cz.swi2.mendeluis.facade.IUserPortletFacade; import cz.swi2.mendeluis.service.UserService; import cz.swi2.mendeluis.service.facade.UserFacade; import cz.swi2.mendeluis.service.facade.UserPortletFacade; import java.io.Serializable; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.access.PermissionEvaluator; import org.springframework.security.core.Authentication; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.stereotype.Component; /** * A custom permission evaluator for elegant Domain Object Security. * Used at methods in web controllers. * * @author ivopisarovic */ @Component public class CustomPermissionsEvaluator implements PermissionEvaluator { final Logger logger = LoggerFactory.getLogger(CustomPermissionsEvaluator.class); @Autowired private UserPortletRepository userPortletRepository; @Autowired private IUserPortletFacade userPortletFacade; @Autowired private UserService userService; @Autowired private IUserFacade userFacade; /** * Checks the current logged in user's permission to the given object. * @param authentication * @param targetDomainObject * @param permission * @return True if the user has right to access the object. */ @Override public boolean hasPermission(Authentication authentication, Object targetDomainObject, Object permission) { boolean hasPermission = false; if (targetDomainObject != null && targetDomainObject instanceof UserPortlet) { UserPortlet member = (UserPortlet) targetDomainObject; UserDetails userDetails = (UserDetails) authentication.getPrincipal(); User user = userService.getUserByUsername(userDetails.getUsername()); User user2 = member.getUser(); hasPermission = (user.getId() == user2.getId()); logger.info("Checking username {} has permission to access member {} - {}", userDetails.getUsername(), targetDomainObject, hasPermission); } return hasPermission; } /** * Checks the current logged in user's permission to the object with the given id. * @param authentication * @param targetId * @param targetType * @param permission * @return True if the user has right to access the object. */ @Override public boolean hasPermission(Authentication authentication, Serializable targetId, String targetType, Object permission) { boolean hasPermission = false; if (targetId != null && "UserPortlet".equals(targetType)) { UserPortletDTO up = userPortletFacade.getUserPortletWithId((int) targetId); if (up != null) { UserDetails userDetails = (UserDetails) authentication.getPrincipal(); UserDTO user = userFacade.getUserByUsername(userDetails.getUsername()); UserDTO user2 = up.getUser(); hasPermission = (user.getId() == user2.getId()); logger.info("Checking username {} has permission to access member {} - {}", userDetails.getUsername(), up, hasPermission); } } return hasPermission; } }