List of usage examples for org.springframework.security.access.hierarchicalroles RoleHierarchy getReachableGrantedAuthorities
public Collection<? extends GrantedAuthority> getReachableGrantedAuthorities( Collection<? extends GrantedAuthority> authorities);
From source file:org.opendatakit.common.security.server.SecurityServiceUtil.java
static void setAuthenticationListsForSpecialUser(UserSecurityInfo userInfo, GrantedAuthorityName specialGroup, CallingContext cc) throws DatastoreFailureException { RoleHierarchy hierarchy = (RoleHierarchy) cc.getBean("hierarchicalRoleRelationships"); Set<GrantedAuthority> badGrants = new TreeSet<GrantedAuthority>(); // The assigned groups are the specialGroup that this user defines // (i.e., anonymous or daemon) plus all directly-assigned assignable // permissions. TreeSet<GrantedAuthorityName> groups = new TreeSet<GrantedAuthorityName>(); TreeSet<GrantedAuthorityName> authorities = new TreeSet<GrantedAuthorityName>(); groups.add(specialGroup);/*from w w w. j av a2s . com*/ GrantedAuthority specialAuth = new SimpleGrantedAuthority(specialGroup.name()); try { Set<GrantedAuthority> auths = GrantedAuthorityHierarchyTable .getSubordinateGrantedAuthorities(specialAuth, cc); for (GrantedAuthority auth : auths) { GrantedAuthorityName name = mapName(auth, badGrants); if (name != null) { groups.add(name); } } } catch (ODKDatastoreException e) { e.printStackTrace(); throw new DatastoreFailureException("Unable to retrieve granted authorities of " + specialGroup.name()); } Collection<? extends GrantedAuthority> auths = hierarchy .getReachableGrantedAuthorities(Collections.singletonList(specialAuth)); for (GrantedAuthority auth : auths) { GrantedAuthorityName name = mapName(auth, badGrants); if (name != null && !GrantedAuthorityName.permissionsCanBeAssigned(auth.getAuthority())) { authorities.add(name); } } userInfo.setAssignedUserGroups(groups); userInfo.setGrantedAuthorities(authorities); try { removeBadGrantedAuthorities(badGrants, cc); } catch (ODKDatastoreException e) { e.printStackTrace(); } }
From source file:org.opendatakit.common.security.server.SecurityServiceUtil.java
/** * Get the complete set of granted authorities (ROLE and RUN_AS grants) this user possesses. * //www. j a va 2 s. c o m * @param cc * @return * @throws ODKDatastoreException */ public static TreeSet<GrantedAuthorityName> getCurrentUserSecurityInfo(CallingContext cc) throws ODKDatastoreException { User user = cc.getCurrentUser(); TreeSet<GrantedAuthorityName> authorities = new TreeSet<GrantedAuthorityName>(); if (user.isAnonymous()) { RoleHierarchy hierarchy = (RoleHierarchy) cc.getBean("hierarchicalRoleRelationships"); Set<GrantedAuthority> badGrants = new TreeSet<GrantedAuthority>(); // The assigned groups are the specialGroup that this user defines // (i.e., anonymous or daemon) plus all directly-assigned assignable // permissions. GrantedAuthority specialAuth = new SimpleGrantedAuthority( GrantedAuthorityName.USER_IS_ANONYMOUS.name()); Collection<? extends GrantedAuthority> auths = hierarchy .getReachableGrantedAuthorities(Collections.singletonList(specialAuth)); for (GrantedAuthority auth : auths) { GrantedAuthorityName name = mapName(auth, badGrants); if (name != null && !GrantedAuthorityName.permissionsCanBeAssigned(auth.getAuthority())) { authorities.add(name); } } removeBadGrantedAuthorities(badGrants, cc); } else { RegisteredUsersTable t; t = RegisteredUsersTable.getUserByUri(user.getUriUser(), cc.getDatastore(), user); Datastore ds = cc.getDatastore(); RoleHierarchy hierarchy = (RoleHierarchy) cc.getBean("hierarchicalRoleRelationships"); Set<GrantedAuthority> grants = UserGrantedAuthority.getGrantedAuthorities(user.getUriUser(), ds, user); Set<GrantedAuthority> badGrants = new TreeSet<GrantedAuthority>(); TreeSet<GrantedAuthorityName> groups = new TreeSet<GrantedAuthorityName>(); for (GrantedAuthority grant : grants) { GrantedAuthorityName name = mapName(grant, badGrants); if (name != null) { if (GrantedAuthorityName.permissionsCanBeAssigned(grant.getAuthority())) { groups.add(name); } else { authorities.add(name); } } } Collection<? extends GrantedAuthority> auths = hierarchy.getReachableGrantedAuthorities(grants); for (GrantedAuthority auth : auths) { GrantedAuthorityName name = mapName(auth, badGrants); if (name != null && !GrantedAuthorityName.permissionsCanBeAssigned(auth.getAuthority())) { authorities.add(name); } } removeBadGrantedAuthorities(badGrants, cc); } return authorities; }