psiprobe.tools.SecurityUtils.java Source code

Java tutorial

Introduction

Here is the source code for psiprobe.tools.SecurityUtils.java

Source

/**
 * Licensed under the GPL License. You may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *   http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
 *
 * THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
 * WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR
 * PURPOSE.
 */
package psiprobe.tools;

import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;

import java.util.Collection;

import javax.servlet.ServletContext;
import javax.servlet.http.HttpServletRequest;

/**
 * The Class SecurityUtils.
 *
 * @author Vlad Ilyushchenko
 * @author Mark Lewis
 */
public class SecurityUtils {

    /**
     * Prevent Instantiation of security utils.
     */
    private SecurityUtils() {
        // Prevent Instantiation
    }

    /**
     * Checks for attribute value role.
     *
     * @param servletContext the servlet context
     * @param request the request
     * @return true, if successful
     */
    public static boolean hasAttributeValueRole(ServletContext servletContext, HttpServletRequest request) {

        String[] privilegedRoles = getPrivilegedRoles(servletContext).split(",");
        for (String privilegedRole : privilegedRoles) {
            if (userHasRole(privilegedRole)) {
                return true;
            }
        }
        return false;
    }

    /**
     * User has role.
     *
     * @param privilegedRole the privileged role
     * @return true, if successful
     */
    private static boolean userHasRole(String privilegedRole) {
        Collection<? extends GrantedAuthority> authorities = SecurityContextHolder.getContext().getAuthentication()
                .getAuthorities();

        boolean result = false;
        for (GrantedAuthority authority : authorities) {
            if (privilegedRole.equals(authority.getAuthority())) {
                result = true;
                break;
            }
        }
        return result;
    }

    /**
     * User has role.
     *
     * @param privilegedRole the privileged role
     * @param request the request
     * @return true, if successful
     */
    @SuppressWarnings("unused")
    private static boolean userHasRole(String privilegedRole, HttpServletRequest request) {
        return request.isUserInRole(privilegedRole);
    }

    /**
     * Gets the privileged roles.
     *
     * @param servletContext the servlet context
     * @return the privileged roles
     */
    private static String getPrivilegedRoles(ServletContext servletContext) {
        return servletContext.getInitParameter("attribute.value.roles");
    }

}