List of usage examples for org.apache.shiro.mgt SecurityManager isPermitted
boolean isPermitted(PrincipalCollection principals, String permission);
From source file:au.org.theark.core.security.ArkPermissionHelper.java
License:Open Source License
/** * Determines if current user has Search permissions * //from ww w. j a v a2s. c o m * @param securityManager * @param currentUser * @return true if READ permission allowed */ public static boolean hasSearchPermission(SecurityManager securityManager, Subject currentUser) { boolean flag = false; if (securityManager.isPermitted(currentUser.getPrincipals(), PermissionConstants.READ)) { flag = true; } else { flag = false; } return flag; }
From source file:au.org.theark.core.security.ArkPermissionHelper.java
License:Open Source License
/** * Determines if current user has Save permissions * /*from w w w. j a va 2 s . c o m*/ * @param securityManager * @param currentUser * @return true if CREATE or UPDATE permission allowed */ public static boolean hasSavePermission(SecurityManager securityManager, Subject currentUser) { boolean flag = false; if (securityManager.isPermitted(currentUser.getPrincipals(), PermissionConstants.CREATE) || securityManager.isPermitted(currentUser.getPrincipals(), PermissionConstants.UPDATE)) { flag = true; } else { flag = false; } return flag; }
From source file:au.org.theark.core.security.ArkPermissionHelper.java
License:Open Source License
/** * Determines if current user has Edit permissions * /*from w w w . ja v a 2s. c o m*/ * @param securityManager * @param currentUser * @return true if UPDATE permission allowed */ public static boolean hasEditPermission(SecurityManager securityManager, Subject currentUser) { boolean flag = false; if (securityManager.isPermitted(currentUser.getPrincipals(), PermissionConstants.UPDATE)) { flag = true; } else { flag = false; } return flag; }
From source file:au.org.theark.core.security.ArkPermissionHelper.java
License:Open Source License
/** * Determines if current user has Delete permissions * /*w w w . j a va 2 s .com*/ * @param securityManager * @param currentUser * @return true if DELETE permission allowed */ public static boolean hasDeletePermission(SecurityManager securityManager, Subject currentUser) { boolean flag = false; if (securityManager.isPermitted(currentUser.getPrincipals(), PermissionConstants.DELETE)) { flag = true; } else { flag = false; } return flag; }
From source file:au.org.theark.core.security.ArkPermissionHelper.java
License:Open Source License
/** * Determines if current user has CREATE permissions * /* w w w. ja v a2 s . co m*/ * @param securityManager * @param currentUser * @return true if CREATE permission allowed */ public static boolean hasNewPermission(SecurityManager securityManager, Subject currentUser) { boolean flag = false; if (securityManager.isPermitted(currentUser.getPrincipals(), PermissionConstants.CREATE)) { flag = true; } else { flag = false; } return flag; }
From source file:au.org.theark.core.web.component.AbstractContainerPanel.java
License:Open Source License
protected boolean isActionPermitted() { boolean flag = false; SecurityManager securityManager = ThreadContext.getSecurityManager(); Subject currentUser = SecurityUtils.getSubject(); if (securityManager.isPermitted(currentUser.getPrincipals(), PermissionConstants.READ)) { flag = true;//from w w w.j ava 2 s.c om } else { flag = false; } return flag; }
From source file:au.org.theark.core.web.form.AbstractModalDetailForm.java
License:Open Source License
protected void disableModalDetailForm(Long sessionId, String errorMessage, ArkCrudContainerVO arkCrudContainerVo) { SecurityManager securityManager = ThreadContext.getSecurityManager(); Subject currentUser = SecurityUtils.getSubject(); if (!securityManager.isPermitted(currentUser.getPrincipals(), PermissionConstants.CREATE) && !securityManager.isPermitted(currentUser.getPrincipals(), PermissionConstants.UPDATE) && !securityManager.isPermitted(currentUser.getPrincipals(), PermissionConstants.READ) && !securityManager.isPermitted(currentUser.getPrincipals(), PermissionConstants.DELETE)) { arkCrudContainerVo.getDetailPanelContainer().setEnabled(false); this.error( "You do not have the required security privileges to work with this function. Please see your Administrator."); } else {/* w w w.j av a 2 s .c om*/ if (sessionId == null) { arkCrudContainerVo.getDetailPanelContainer().setEnabled(false); this.error(errorMessage); } else { arkCrudContainerVo.getDetailPanelContainer().setEnabled(true); } } }
From source file:au.org.theark.core.web.form.AbstractWizardForm.java
License:Open Source License
protected boolean isActionPermitted(String actionType) { boolean flag = false; SecurityManager securityManager = ThreadContext.getSecurityManager(); Subject currentUser = SecurityUtils.getSubject(); if (actionType.equalsIgnoreCase(Constants.SAVE)) { if (securityManager.isPermitted(currentUser.getPrincipals(), PermissionConstants.UPDATE) || securityManager.isPermitted(currentUser.getPrincipals(), PermissionConstants.CREATE)) { flag = true;/*from w ww. j ava 2 s. co m*/ } else { flag = false; } } else if (actionType.equalsIgnoreCase(Constants.EDIT)) { if (securityManager.isPermitted(currentUser.getPrincipals(), PermissionConstants.UPDATE)) { flag = true; } else { flag = false; } } else if (actionType.equalsIgnoreCase(Constants.DELETE)) { if (securityManager.isPermitted(currentUser.getPrincipals(), PermissionConstants.DELETE)) { flag = true; } else { flag = false; } } return flag; }
From source file:au.org.theark.security.CustomAuthorizationStrategy.java
License:Open Source License
private SecurityConstraint checkInvalidInstantiation(Annotation[] annotationList, ShiroAction action) { for (Annotation annotation : annotationList) { if (annotation instanceof SecurityConstraint) { SecurityConstraint constraint = (SecurityConstraint) annotation; //ACTION if (constraint.action() == action) { System.out.println("Constraints match"); //The component in context has this action annotated. //Check if the current user has the rights/access by checking the subjects SecurityManager securityManager = ThreadContext.getSecurityManager(); Subject subject = SecurityUtils.getSubject();//The subject in session maintained by Shiro Security Manager //CONSTRAINT //Checks if the subject has one of the below constraints, if the subject does not then return the constraint that //is violated switch (constraint.constraint()) { case HasRole: { //Check if the Shiro Security Manager if the user has role if (!securityManager.hasRole(subject.getPrincipals(), constraint.value())) { System.out.println("Subject does not have role: " + constraint.value()); return constraint; }/*from www .j av a 2s.c om*/ break; } case HasPermission: { if (!securityManager.isPermitted(subject.getPrincipals(), constraint.value())) { System.out.println("Subject does not have Permission"); return constraint; } break; } case IsAuthenticated: { if (!subject.isAuthenticated()) { System.out.println("Subject is Not Authenticated"); return constraint; } break; } case LoggedIn: { if (subject.getPrincipal() == null) { System.out.println("Subject is not LoggedIn"); return constraint; } break; } } } else { System.out.println("Actions do not match "); } } } return null; }
From source file:au.org.theark.study.model.dao.LdapUserDao.java
License:Open Source License
/** * Use when you want to return ALL users from LDAP. Applies for a Super User and Study Admin only. The criteria is supplied in the userVO * /*from w ww. ja v a2 s . c om*/ * @param userCriteriaVO * @return * @throws InvalidNameException */ public List<ArkUserVO> searchAllUsers(ArkUserVO userCriteriaVO) throws ArkSystemException { SecurityManager securityManager = ThreadContext.getSecurityManager(); Subject currentUser = SecurityUtils.getSubject(); List<ArkUserVO> userList = new ArrayList<ArkUserVO>(); try { List<ArkUserRole> adminUserNameList = arkAuthorisationService.getArkSuperAdministratorList(); if (securityManager.isPermitted(currentUser.getPrincipals(), PermissionConstants.CREATE) && securityManager.isPermitted(currentUser.getPrincipals(), PermissionConstants.UPDATE) && securityManager.isPermitted(currentUser.getPrincipals(), PermissionConstants.READ)) { log.debug("getBaseDn() " + ldapDataContextSource.getBasePeopleDn());// ou=arkUsers or whatever is configured in the context file. LdapName ldapName; try { AndFilter andFilter = new AndFilter(); andFilter.and(new EqualsFilter("objectClass", "person")); ldapName = new LdapName(ldapDataContextSource.getBasePeopleDn()); // if userId was specified /* User ID */ if (StringUtils.hasText(userCriteriaVO.getUserName())) { ldapName.add(new Rdn(Constants.CN, userCriteriaVO.getUserName())); andFilter.and(new WhitespaceWildcardsFilter(Constants.CN, userCriteriaVO.getUserName())); } /* Given Name */ if (StringUtils.hasText(userCriteriaVO.getFirstName())) { ldapName.add(new Rdn(Constants.GIVEN_NAME, userCriteriaVO.getFirstName())); andFilter.and( new WhitespaceWildcardsFilter(Constants.GIVEN_NAME, userCriteriaVO.getFirstName())); } /* Surname Name */ if (StringUtils.hasText(userCriteriaVO.getLastName())) { ldapName.add(new Rdn(Constants.LAST_NAME, userCriteriaVO.getLastName())); andFilter.and( new WhitespaceWildcardsFilter(Constants.LAST_NAME, userCriteriaVO.getLastName())); } /* Email */ if (StringUtils.hasText(userCriteriaVO.getEmail())) { ldapName.add(new Rdn(Constants.EMAIL, userCriteriaVO.getEmail())); andFilter.and(new WhitespaceWildcardsFilter(Constants.EMAIL, userCriteriaVO.getEmail())); } for (ArkUserRole superAdmin : adminUserNameList) { ldapName.add(new Rdn(Constants.CN, superAdmin.getArkUser().getLdapUserName())); Filter filter = new NotFilter( new EqualsFilter(Constants.CN, superAdmin.getArkUser().getLdapUserName())); andFilter.and(filter); } /* Status is not defined as yet in the schema */ userList = ldapDataContextSource.getLdapTemplate().search( ldapDataContextSource.getBasePeopleDn(), andFilter.encode(), new PersonContextMapper()); log.debug("Size of list " + userList.size()); } catch (InvalidNameException ine) { log.error("Exception occured in searchAllUsers " + ine); throw new ArkSystemException("A system errror occured"); } } } catch (EntityNotFoundException e) { log.error("Exception occured in searchAllUsers " + e); throw new ArkSystemException("A system errror occured. "); } return userList; }