List of usage examples for org.springframework.security.access.expression ExpressionUtils evaluateAsBoolean
public static boolean evaluateAsBoolean(Expression expr, EvaluationContext ctx)
From source file:grails.plugin.springsecurity.web.access.expression.WebExpressionVoter.java
public int vote(Authentication authentication, FilterInvocation fi, Collection<ConfigAttribute> attributes) { Assert.notNull(authentication, "authentication cannot be null"); Assert.notNull(fi, "object cannot be null"); Assert.notNull(attributes, "attributes cannot be null"); WebExpressionConfigAttribute weca = findConfigAttribute(attributes); if (weca == null) { return ACCESS_ABSTAIN; }//from w w w . j a v a 2 s.c o m EvaluationContext ctx = expressionHandler.createEvaluationContext(authentication, fi); return ExpressionUtils.evaluateAsBoolean(weca.getAuthorizeExpression(), ctx) ? ACCESS_GRANTED : ACCESS_DENIED; }
From source file:org.codehaus.groovy.grails.plugins.springsecurity.WebExpressionVoter.java
/** * {@inheritDoc}// ww w . j a v a 2 s. c o m * @see org.springframework.security.access.AccessDecisionVoter#vote( * org.springframework.security.core.Authentication, java.lang.Object, java.util.Collection) */ public int vote(final Authentication authentication, final Object object, final Collection<ConfigAttribute> attributes) { Assert.notNull(authentication, "authentication cannot be null"); Assert.notNull(object, "object cannot be null"); Assert.notNull(attributes, "attributes cannot be null"); WebExpressionConfigAttribute weca = findConfigAttribute(attributes); if (weca == null) { return ACCESS_ABSTAIN; } FilterInvocation fi = (FilterInvocation) object; EvaluationContext ctx = _expressionHandler.createEvaluationContext(authentication, fi); return ExpressionUtils.evaluateAsBoolean(weca.getAuthorizeExpression(), ctx) ? ACCESS_GRANTED : ACCESS_DENIED; }
From source file:br.com.suricattus.surispring.spring.security.util.SecurityUtil.java
/** * Method that checks if the user has the given access expression. * //from ww w.j a v a 2 s. c om * @see Spring Security Expression-Based Access Control * @param access * @return */ @SuppressWarnings({ "rawtypes", "unchecked" }) public static boolean isAuthorized(String access) { Map<String, SecurityExpressionHandler> expressionHandlres = ApplicationContextUtil.getContext() .getBeansOfType(SecurityExpressionHandler.class); SecurityExpressionHandler handler = (SecurityExpressionHandler) expressionHandlres.values().toArray()[0]; Expression accessExpression = handler.getExpressionParser().parseExpression(access); FilterInvocation f = new FilterInvocation(FacesUtils.getRequest(), FacesUtils.getResponse(), new FilterChain() { public void doFilter(ServletRequest request, ServletResponse response) throws IOException, ServletException { throw new UnsupportedOperationException(); } }); return ExpressionUtils.evaluateAsBoolean(accessExpression, handler.createEvaluationContext(SecurityContextHolder.getContext().getAuthentication(), f)); }
From source file:org.jasig.portlet.blackboardvcportlet.security.SecurityExpressionEvaluatorImpl.java
@Override public boolean authorize(String expression, Map<String, Object> variables) { Expression accessExpression = expressionHandler.getExpressionParser().parseExpression(expression); final Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); final EvaluationContext evaluationContext = expressionHandler.createEvaluationContext(authentication, variables);// w w w. j ava 2s. c o m return ExpressionUtils.evaluateAsBoolean(accessExpression, evaluationContext); }
From source file:it.scoppelletti.programmerpower.web.view.AuthorizeComponent.java
/** * Emette l’apertura del tag e verifica se deve essere emesso il * contenuto del tag stesso./* w ww . ja v a 2s . c o m*/ * * @param writer Flusso di scrittura. * @return Esito della verifica. */ @Override public boolean start(Writer writer) { Authentication currentUser; FilterInvocation filter; Expression accessExpr; DefaultWebSecurityExpressionHandler exprHandler; if (Strings.isNullOrEmpty(myAccess)) { throw new PropertyNotSetException(toString(), "access"); } currentUser = SecurityContextHolder.getContext().getAuthentication(); if (currentUser == null) { throw new ObjectNotFoundException(Authentication.class.getName()); } exprHandler = getExpressionHandler(); accessExpr = exprHandler.getExpressionParser().parseExpression(myAccess); filter = new FilterInvocation(ServletActionContext.getRequest(), ServletActionContext.getResponse(), new AuthorizeComponent.DummyChain()); if (ExpressionUtils.evaluateAsBoolean(accessExpr, exprHandler.createEvaluationContext(currentUser, filter))) { return true; } return false; }
From source file:org.icescrum.core.security.MethodScrumExpressionHandler.java
@SuppressWarnings("unchecked") public Object filter(Object filterTarget, Expression filterExpression, EvaluationContext ctx) { MethodScrumExpressionRoot rootObject = (MethodScrumExpressionRoot) ctx.getRootObject().getValue(); List retainList;/*from w ww .j a va2 s.c om*/ if (logger.isDebugEnabled()) { logger.debug("Filtering with expression: " + filterExpression.getExpressionString()); } if (filterTarget instanceof Collection) { Collection collection = (Collection) filterTarget; retainList = new ArrayList(collection.size()); if (logger.isDebugEnabled()) { logger.debug("Filtering collection with " + collection.size() + " elements"); } for (Object filterObject : (Collection) filterTarget) { rootObject.setFilterObject(filterObject); if (ExpressionUtils.evaluateAsBoolean(filterExpression, ctx)) { retainList.add(filterObject); } } if (logger.isDebugEnabled()) { logger.debug("Retaining elements: " + retainList); } collection.clear(); collection.addAll(retainList); return filterTarget; } if (filterTarget.getClass().isArray()) { Object[] array = (Object[]) filterTarget; retainList = new ArrayList(array.length); if (logger.isDebugEnabled()) { logger.debug("Filtering collection with " + array.length + " elements"); } for (int i = 0; i < array.length; i++) { rootObject.setFilterObject(array[i]); if (ExpressionUtils.evaluateAsBoolean(filterExpression, ctx)) { retainList.add(array[i]); } } if (logger.isDebugEnabled()) { logger.debug("Retaining elements: " + retainList); } Object[] filtered = (Object[]) Array.newInstance(filterTarget.getClass().getComponentType(), retainList.size()); for (int i = 0; i < retainList.size(); i++) { filtered[i] = retainList.get(i); } return filtered; } throw new IllegalArgumentException( "Filter target must be a collection or array type, but was " + filterTarget); }
From source file:org.vaadin.addons.springsecurityviewprovider.SpringSecurityViewProvider.java
@SuppressWarnings("unchecked") public final static ViewProvider createViewProvider(final Authentication authentication, Boolean enableCaching) {//from w w w . j a v a2 s . c o m final SpringSecurityViewProvider springViewProvider = new SpringSecurityViewProvider(); springViewProvider.enableCaching = enableCaching; try { final ApplicationContext applicationContext = springViewProvider.applicationContext; // Retrieve the default SecurityExpressionHandler final MethodSecurityExpressionHandler securityExpressionHandler = applicationContext .getBean(DefaultMethodSecurityExpressionHandler.class); // The method that is protected in the end final Method getViewMethod = SpringSecurityViewProvider.class.getMethod("getView", String.class); // A parser to evaluate parse the permissions. final SpelExpressionParser parser = new SpelExpressionParser(); // Although beans can be retrieved by annotation they must be retrieved by name // to avoid instanciating them for (String beanName : applicationContext.getBeanDefinitionNames()) { final Class<?> beanClass = applicationContext.getType(beanName); // only work with Views that are described by our specialed Description if (beanClass.isAnnotationPresent(ViewDescription.class) && View.class.isAssignableFrom(beanClass)) { final ViewDescription viewDescription = beanClass.getAnnotation(ViewDescription.class); // requires no special permissions and can be immediatly added if (StringUtils.isBlank(viewDescription.requiredPermissions())) { springViewProvider.views.put(viewDescription.name(), (Class<? extends View>) beanClass); } // requires permissions else { // this is actually borrowed from the code in org.springframework.security.access.prepost.PreAuthorize final EvaluationContext evaluationContext = securityExpressionHandler .createEvaluationContext(authentication, new SimpleMethodInvocation( springViewProvider, getViewMethod, viewDescription.name())); // only add the view to my provider if the permissions evaluate to true if (ExpressionUtils.evaluateAsBoolean( parser.parseExpression(viewDescription.requiredPermissions()), evaluationContext)) springViewProvider.views.put(viewDescription.name(), (Class<? extends View>) beanClass); } } } } catch (NoSuchMethodException | SecurityException e) { // Won't happen } return springViewProvider; }
From source file:org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler.java
/** * Filters the {@code filterTarget} object (which must be either a collection, array, * or stream), by evaluating the supplied expression. * <p>//from w w w . j av a 2s . co m * If a {@code Collection} is used, the original instance will be modified to contain * the elements for which the permission expression evaluates to {@code true}. For an * array, a new array instance will be returned. */ @SuppressWarnings("unchecked") public Object filter(Object filterTarget, Expression filterExpression, EvaluationContext ctx) { MethodSecurityExpressionOperations rootObject = (MethodSecurityExpressionOperations) ctx.getRootObject() .getValue(); final boolean debug = logger.isDebugEnabled(); List retainList; if (debug) { logger.debug("Filtering with expression: " + filterExpression.getExpressionString()); } if (filterTarget instanceof Collection) { Collection collection = (Collection) filterTarget; retainList = new ArrayList(collection.size()); if (debug) { logger.debug("Filtering collection with " + collection.size() + " elements"); } if (permissionCacheOptimizer != null) { permissionCacheOptimizer.cachePermissionsFor(rootObject.getAuthentication(), collection); } for (Object filterObject : (Collection) filterTarget) { rootObject.setFilterObject(filterObject); if (ExpressionUtils.evaluateAsBoolean(filterExpression, ctx)) { retainList.add(filterObject); } } if (debug) { logger.debug("Retaining elements: " + retainList); } collection.clear(); collection.addAll(retainList); return filterTarget; } if (filterTarget.getClass().isArray()) { Object[] array = (Object[]) filterTarget; retainList = new ArrayList(array.length); if (debug) { logger.debug("Filtering array with " + array.length + " elements"); } if (permissionCacheOptimizer != null) { permissionCacheOptimizer.cachePermissionsFor(rootObject.getAuthentication(), Arrays.asList(array)); } for (Object o : array) { rootObject.setFilterObject(o); if (ExpressionUtils.evaluateAsBoolean(filterExpression, ctx)) { retainList.add(o); } } if (debug) { logger.debug("Retaining elements: " + retainList); } Object[] filtered = (Object[]) Array.newInstance(filterTarget.getClass().getComponentType(), retainList.size()); for (int i = 0; i < retainList.size(); i++) { filtered[i] = retainList.get(i); } return filtered; } if (filterTarget instanceof Stream) { final Stream<?> original = (Stream<?>) filterTarget; return original.filter(filterObject -> { rootObject.setFilterObject(filterObject); return ExpressionUtils.evaluateAsBoolean(filterExpression, ctx); }).onClose(original::close); } throw new IllegalArgumentException( "Filter target must be a collection, array, or stream type, but was " + filterTarget); }
From source file:org.springframework.security.access.expression.method.ExpressionBasedPostInvocationAdvice.java
public Object after(Authentication authentication, MethodInvocation mi, PostInvocationAttribute postAttr, Object returnedObject) throws AccessDeniedException { PostInvocationExpressionAttribute pia = (PostInvocationExpressionAttribute) postAttr; EvaluationContext ctx = expressionHandler.createEvaluationContext(authentication, mi); Expression postFilter = pia.getFilterExpression(); Expression postAuthorize = pia.getAuthorizeExpression(); if (postFilter != null) { if (logger.isDebugEnabled()) { logger.debug("Applying PostFilter expression " + postFilter); }/*from w w w .j a v a2 s . c o m*/ if (returnedObject != null) { returnedObject = expressionHandler.filter(returnedObject, postFilter, ctx); } else { if (logger.isDebugEnabled()) { logger.debug("Return object is null, filtering will be skipped"); } } } expressionHandler.setReturnObject(returnedObject, ctx); if (postAuthorize != null && !ExpressionUtils.evaluateAsBoolean(postAuthorize, ctx)) { if (logger.isDebugEnabled()) { logger.debug("PostAuthorize expression rejected access"); } throw new AccessDeniedException("Access is denied"); } return returnedObject; }