Example usage for org.springframework.security.access.hierarchicalroles RoleHierarchy getReachableGrantedAuthorities

List of usage examples for org.springframework.security.access.hierarchicalroles RoleHierarchy getReachableGrantedAuthorities

  1. HOME
  2. Java
  3. org.springframework
  4. org.springframework.security.access.hierarchicalroles.*
  5. RoleHierarchy
  6. getReachableGrantedAuthorities

Introduction

In this page you can find the example usage for org.springframework.security.access.hierarchicalroles RoleHierarchy getReachableGrantedAuthorities.

Prototype

public Collection<? extends GrantedAuthority> getReachableGrantedAuthorities(
        Collection<? extends GrantedAuthority> authorities);

Source Link

Document

Returns an array of all reachable authorities.

Usage

From source file:org.opendatakit.common.security.server.SecurityServiceUtil.java

static void setAuthenticationListsForSpecialUser(UserSecurityInfo userInfo, GrantedAuthorityName specialGroup,
        CallingContext cc) throws DatastoreFailureException {
    RoleHierarchy hierarchy = (RoleHierarchy) cc.getBean("hierarchicalRoleRelationships");
    Set<GrantedAuthority> badGrants = new TreeSet<GrantedAuthority>();
    // The assigned groups are the specialGroup that this user defines
    // (i.e., anonymous or daemon) plus all directly-assigned assignable
    // permissions.
    TreeSet<GrantedAuthorityName> groups = new TreeSet<GrantedAuthorityName>();
    TreeSet<GrantedAuthorityName> authorities = new TreeSet<GrantedAuthorityName>();
    groups.add(specialGroup);/*from  w  w  w. j  av a2s  .  com*/
    GrantedAuthority specialAuth = new SimpleGrantedAuthority(specialGroup.name());
    try {
        Set<GrantedAuthority> auths = GrantedAuthorityHierarchyTable
                .getSubordinateGrantedAuthorities(specialAuth, cc);
        for (GrantedAuthority auth : auths) {
            GrantedAuthorityName name = mapName(auth, badGrants);
            if (name != null) {
                groups.add(name);
            }
        }
    } catch (ODKDatastoreException e) {
        e.printStackTrace();
        throw new DatastoreFailureException("Unable to retrieve granted authorities of " + specialGroup.name());
    }

    Collection<? extends GrantedAuthority> auths = hierarchy
            .getReachableGrantedAuthorities(Collections.singletonList(specialAuth));
    for (GrantedAuthority auth : auths) {
        GrantedAuthorityName name = mapName(auth, badGrants);
        if (name != null && !GrantedAuthorityName.permissionsCanBeAssigned(auth.getAuthority())) {
            authorities.add(name);
        }
    }
    userInfo.setAssignedUserGroups(groups);
    userInfo.setGrantedAuthorities(authorities);
    try {
        removeBadGrantedAuthorities(badGrants, cc);
    } catch (ODKDatastoreException e) {
        e.printStackTrace();
    }
}

From source file:org.opendatakit.common.security.server.SecurityServiceUtil.java

/**
 * Get the complete set of granted authorities (ROLE and RUN_AS grants) this user possesses.
 * //www.  j  a  va 2 s.  c o m
 * @param cc
 * @return
 * @throws ODKDatastoreException
 */
public static TreeSet<GrantedAuthorityName> getCurrentUserSecurityInfo(CallingContext cc)
        throws ODKDatastoreException {
    User user = cc.getCurrentUser();
    TreeSet<GrantedAuthorityName> authorities = new TreeSet<GrantedAuthorityName>();
    if (user.isAnonymous()) {
        RoleHierarchy hierarchy = (RoleHierarchy) cc.getBean("hierarchicalRoleRelationships");
        Set<GrantedAuthority> badGrants = new TreeSet<GrantedAuthority>();
        // The assigned groups are the specialGroup that this user defines
        // (i.e., anonymous or daemon) plus all directly-assigned assignable
        // permissions.
        GrantedAuthority specialAuth = new SimpleGrantedAuthority(
                GrantedAuthorityName.USER_IS_ANONYMOUS.name());

        Collection<? extends GrantedAuthority> auths = hierarchy
                .getReachableGrantedAuthorities(Collections.singletonList(specialAuth));
        for (GrantedAuthority auth : auths) {
            GrantedAuthorityName name = mapName(auth, badGrants);
            if (name != null && !GrantedAuthorityName.permissionsCanBeAssigned(auth.getAuthority())) {
                authorities.add(name);
            }
        }
        removeBadGrantedAuthorities(badGrants, cc);
    } else {
        RegisteredUsersTable t;
        t = RegisteredUsersTable.getUserByUri(user.getUriUser(), cc.getDatastore(), user);

        Datastore ds = cc.getDatastore();
        RoleHierarchy hierarchy = (RoleHierarchy) cc.getBean("hierarchicalRoleRelationships");
        Set<GrantedAuthority> grants = UserGrantedAuthority.getGrantedAuthorities(user.getUriUser(), ds, user);
        Set<GrantedAuthority> badGrants = new TreeSet<GrantedAuthority>();
        TreeSet<GrantedAuthorityName> groups = new TreeSet<GrantedAuthorityName>();
        for (GrantedAuthority grant : grants) {
            GrantedAuthorityName name = mapName(grant, badGrants);
            if (name != null) {
                if (GrantedAuthorityName.permissionsCanBeAssigned(grant.getAuthority())) {
                    groups.add(name);
                } else {
                    authorities.add(name);
                }
            }
        }
        Collection<? extends GrantedAuthority> auths = hierarchy.getReachableGrantedAuthorities(grants);
        for (GrantedAuthority auth : auths) {
            GrantedAuthorityName name = mapName(auth, badGrants);
            if (name != null && !GrantedAuthorityName.permissionsCanBeAssigned(auth.getAuthority())) {
                authorities.add(name);
            }
        }
        removeBadGrantedAuthorities(badGrants, cc);
    }
    return authorities;
}